projects / l2tpns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
add a callback to allow plugins to fetch values from the running config
[l2tpns.git] / ppp.c
1 // L2TPNS PPP Stuff
2
3 char const *cvs_id_ppp = "$Id: ppp.c,v 1.25 2004/11/09 05:49:08 bodea Exp $";
4
5 #include <stdio.h>
6 #include <string.h>
7 #include <unistd.h>
8 #include <errno.h>
9 #include <stdlib.h>
10 #include "l2tpns.h"
11 #include "constants.h"
12 #include "plugin.h"
13 #include "util.h"
14 #include "tbf.h"
15 #include "cluster.h"
16
17 extern tunnelt *tunnel;
18 extern sessiont *session;
19 extern radiust *radius;
20 extern int tunfd;
21 extern char hostname[];
22 extern u32 eth_tx;
23 extern time_t time_now;
24 extern struct configt *config;
25
26 void sendccp(tunnelidt t, sessionidt s);
27
28 // Process PAP messages
29 void processpap(tunnelidt t, sessionidt s, u8 *p, u16 l)
30 {
31 char user[129];
32 char pass[129];
33 u16 hl;
34
35 CSTAT(call_processpap);
36
37 LOG_HEX(5, "PAP", p, l);
38 if (l < 4)
39 {
40 LOG(1, 0, s, t, "Short PAP %u bytes\n", l);
41 STAT(tunnel_rx_errors);
42 return ;
43 }
44
45 if ((hl = ntohs(*(u16 *) (p + 2))) > l)
46 {
47 LOG(1, 0, s, t, "Length mismatch PAP %u/%u\n", hl, l);
48 STAT(tunnel_rx_errors);
49 return ;
50 }
51 l = hl;
52
53 if (*p != 1)
54 {
55 LOG(1, 0, s, t, "Unexpected PAP code %d\n", *p);
56 STAT(tunnel_rx_errors);
57 return ;
58 }
59
60 {
61 u8 *b = p;
62 b += 4;
63 if (*b && *b < sizeof(user))
64 memcpy(user, b + 1, *b);
65 user[*b] = 0;
66 b += 1 + *b;
67 if (*b && *b < sizeof(pass))
68 memcpy(pass, b + 1, *b);
69 pass[*b] = 0;
70 LOG(3, 0, s, t, "PAP login %s/%s\n", user, pass);
71 }
72 if (session[s].ip || !session[s].radius)
73 {
74 // respond now, either no RADIUS available or already authenticated
75 u8 b[MAXCONTROL];
76 u8 id = p[1];
77 u8 *p = makeppp(b, sizeof(b), 0, 0, t, s, PPPPAP);
78 if (!p) { // Failed to make ppp header!
79 LOG(1,0,0,0, "Failed to make PPP header in process pap!\n");
80 return;
81 }
82 if (session[s].ip)
83 *p = 2; // ACK
84 else
85 *p = 3; // cant authorise
86 p[1] = id;
87 *(u16 *) (p + 2) = htons(5); // length
88 p[4] = 0; // no message
89 if (session[s].ip)
90 {
91 LOG(3, session[s].ip, s, t, "Already an IP allocated: %s (%d)\n", inet_toa(htonl(session[s].ip)), session[s].ip_pool_index);
92 session[s].flags &= ~SF_IPCP_ACKED;
93 }
94 else
95 {
96 LOG(1, 0, s, t, "No radius session available to authenticate session...\n");
97 }
98 LOG(3, 0, s, t, "Fallback response to PAP (%s)\n", (session[s].ip) ? "ACK" : "NAK");
99 tunnelsend(b, 5 + (p - b), t); // send it
100 }
101 else
102 {
103 // set up RADIUS request
104 u16 r = session[s].radius;
105
106 // Run PRE_AUTH plugins
107 struct param_pre_auth packet = { &tunnel[t], &session[s], strdup(user), strdup(pass), PPPPAP, 1 };
108 run_plugins(PLUGIN_PRE_AUTH, &packet);
109 if (!packet.continue_auth)
110 {
111 LOG(3, 0, s, t, "A plugin rejected PRE_AUTH\n");
112 if (packet.username) free(packet.username);
113 if (packet.password) free(packet.password);
114 return;
115 }
116
117 strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
118 strncpy(radius[r].pass, packet.password, sizeof(radius[r].pass) - 1);
119
120 free(packet.username);
121 free(packet.password);
122
123 radius[r].id = p[1];
124 LOG(3, 0, s, t, "Sending login for %s/%s to radius\n", user, pass);
125 radiussend(r, RADIUSAUTH);
126 }
127 }
128
129 // Process CHAP messages
130 void processchap(tunnelidt t, sessionidt s, u8 *p, u16 l)
131 {
132 u16 r;
133 u16 hl;
134
135 CSTAT(call_processchap);
136
137 LOG_HEX(5, "CHAP", p, l);
138 r = session[s].radius;
139 if (!r)
140 {
141 LOG(1, 0, s, t, "Unexpected CHAP message\n");
142
143 // FIXME: Need to drop the session here.
144
145 STAT(tunnel_rx_errors);
146 return;
147 }
148
149 if (l < 4)
150 {
151 LOG(1, 0, s, t, "Short CHAP %u bytes\n", l);
152 STAT(tunnel_rx_errors);
153 return ;
154 }
155
156 if ((hl = ntohs(*(u16 *) (p + 2))) > l)
157 {
158 LOG(1, 0, s, t, "Length mismatch CHAP %u/%u\n", hl, l);
159 STAT(tunnel_rx_errors);
160 return ;
161 }
162 l = hl;
163
164 if (*p != 2)
165 {
166 LOG(1, 0, s, t, "Unexpected CHAP response code %d\n", *p);
167 STAT(tunnel_rx_errors);
168 return;
169 }
170 if (p[1] != radius[r].id)
171 {
172 LOG(1, 0, s, t, "Wrong CHAP response ID %d (should be %d) (%d)\n", p[1], radius[r].id, r);
173 STAT(tunnel_rx_errors);
174 return ;
175 }
176
177 if (l < 5 || p[4] != 16)
178 {
179 LOG(1, 0, s, t, "Bad CHAP response length %d\n", l < 5 ? -1 : p[4]);
180 STAT(tunnel_rx_errors);
181 return ;
182 }
183
184 l -= 5;
185 p += 5;
186 if (l < 16 || l - 16 >= sizeof(session[s].user))
187 {
188 LOG(1, 0, s, t, "CHAP user too long %d\n", l - 16);
189 STAT(tunnel_rx_errors);
190 return ;
191 }
192
193 // Run PRE_AUTH plugins
194 {
195 struct param_pre_auth packet = { &tunnel[t], &session[s], NULL, NULL, PPPCHAP, 1 };
196
197 packet.password = calloc(17, 1);
198 memcpy(packet.password, p, 16);
199
200 p += 16;
201 l -= 16;
202
203 packet.username = calloc(l + 1, 1);
204 memcpy(packet.username, p, l);
205
206 run_plugins(PLUGIN_PRE_AUTH, &packet);
207 if (!packet.continue_auth)
208 {
209 LOG(3, 0, s, t, "A plugin rejected PRE_AUTH\n");
210 if (packet.username) free(packet.username);
211 if (packet.password) free(packet.password);
212 return;
213 }
214
215 strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
216 memcpy(radius[r].pass, packet.password, 16);
217
218 free(packet.username);
219 free(packet.password);
220 }
221
222 radius[r].chap = 1;
223 LOG(3, 0, s, t, "CHAP login %s\n", session[s].user);
224 radiussend(r, RADIUSAUTH);
225 }
226
227 char *ppp_lcp_types[] = {
228 NULL,
229 "ConfigReq",
230 "ConfigAck",
231 "ConfigNak",
232 "ConfigRej",
233 "TerminateReq",
234 "TerminateAck",
235 "CodeRej",
236 "ProtocolRej",
237 "EchoReq",
238 "EchoReply",
239 "DiscardRequest",
240 "IdentRequest",
241 };
242
243 void dumplcp(u8 *p, int l)
244 {
245 int x = l - 4;
246 u8 *o = (p + 4);
247
248 LOG_HEX(5, "PPP LCP Packet", p, l);
249 LOG(4, 0, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p, ppp_lcp_types[(int)*p], ntohs( ((u16 *) p)[1]) );
250 LOG(4, 0, 0, 0, "Length: %d\n", l);
251 if (*p != ConfigReq && *p != ConfigRej && *p != ConfigAck)
252 return;
253
254 while (x > 2)
255 {
256 int type = o[0];
257 int length = o[1];
258 if (length < 2)
259 {
260 LOG(4, 0, 0, 0, " Option length is %d...\n", length);
261 break;
262 }
263 if (type == 0)
264 {
265 LOG(4, 0, 0, 0, " Option type is 0...\n");
266 x -= length;
267 o += length;
268 continue;
269 }
270 switch (type)
271 {
272 case 1: // Maximum-Receive-Unit
273 if (length == 4)
274 LOG(4, 0, 0, 0, " %s %d\n", lcp_types[type], ntohs(*(u16 *)(o + 2)));
275 else
276 LOG(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length);
277 break;
278 case 2: // Async-Control-Character-Map
279 if (length == 6)
280 {
281 u32 asyncmap = ntohl(*(u32 *)(o + 2));
282 LOG(4, 0, 0, 0, " %s %x\n", lcp_types[type], asyncmap);
283 }
284 else
285 LOG(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length);
286 break;
287 case 3: // Authentication-Protocol
288 if (length == 4)
289 {
290 int proto = ntohs(*(u16 *)(o + 2));
291 LOG(4, 0, 0, 0, " %s 0x%x (%s)\n", lcp_types[type], proto,
292 proto == PPPCHAP ? "CHAP" :
293 proto == PPPPAP ? "PAP" : "UNKNOWN");
294 }
295 else
296 LOG(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length);
297 break;
298 case 4: // Quality-Protocol
299 {
300 u32 qp = ntohl(*(u32 *)(o + 2));
301 LOG(4, 0, 0, 0, " %s %x\n", lcp_types[type], qp);
302 }
303 break;
304 case 5: // Magic-Number
305 if (length == 6)
306 {
307 u32 magicno = ntohl(*(u32 *)(o + 2));
308 LOG(4, 0, 0, 0, " %s %x\n", lcp_types[type], magicno);
309 }
310 else
311 LOG(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length);
312 break;
313 case 7: // Protocol-Field-Compression
314 case 8: // Address-And-Control-Field-Compression
315 LOG(4, 0, 0, 0, " %s\n", lcp_types[type]);
316 break;
317 default:
318 LOG(2, 0, 0, 0, " Unknown PPP LCP Option type %d\n", type);
319 break;
320 }
321 x -= length;
322 o += length;
323 }
324 }
325
326 // Process LCP messages
327 void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l)
328 {
329 u8 b[MAXCONTROL];
330 u8 *q = NULL;
331 u32 magicno = 0;
332 u16 hl;
333
334 CSTAT(call_processlcp);
335
336 LOG_HEX(5, "LCP", p, l);
337 if (l < 4)
338 {
339 LOG(1, session[s].ip, s, t, "Short LCP %d bytes\n", l);
340 STAT(tunnel_rx_errors);
341 return ;
342 }
343
344 if ((hl = ntohs(*(u16 *) (p + 2))) > l)
345 {
346 LOG(1, 0, s, t, "Length mismatch LCP %u/%u\n", hl, l);
347 STAT(tunnel_rx_errors);
348 return ;
349 }
350 l = hl;
351
352 if (*p == ConfigAck)
353 {
354 LOG(3, session[s].ip, s, t, "LCP: Discarding ConfigAck\n");
355 session[s].flags |= SF_LCP_ACKED;
356 }
357 else if (*p == ConfigReq)
358 {
359 int x = l - 4;
360 u8 *o = (p + 4);
361 u8 response = 0;
362
363 LOG(3, session[s].ip, s, t, "LCP: ConfigReq (%d bytes)...\n", l);
364 if (config->debug > 3) dumplcp(p, l);
365
366 while (x > 2)
367 {
368 int type = o[0];
369 int length = o[1];
370 if (length == 0 || type == 0 || x < length) break;
371 switch (type)
372 {
373 case 1: // Maximum-Receive-Unit
374 session[s].mru = ntohs(*(u16 *)(o + 2));
375 break;
376
377 case 2: // Async-Control-Character-Map
378 if (!ntohl(*(u32 *)(o + 2))) // all bits zero is OK
379 break;
380
381 if (response && response != ConfigNak) // rej already queued
382 break;
383
384 LOG(2, session[s].ip, s, t, " Remote requesting asyncmap. Rejecting.\n");
385 if (!response)
386 {
387 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
388 if (!q)
389 {
390 LOG(2, session[s].ip, s, t, " Failed to send packet.\n");
391 break;
392 }
393 response = *q++ = ConfigNak;
394 }
395 *q++ = type;
396 *q++ = 6;
397 memset(q, 0, 4); // asyncmap 0
398 q += 4;
399 break;
400
401 case 3: // Authentication-Protocol
402 {
403 int proto = ntohs(*(u16 *)(o + 2));
404 char proto_name[] = "0x0000";
405 if (proto == PPPPAP)
406 break;
407
408 if (response && response != ConfigNak) // rej already queued
409 break;
410
411 if (proto == PPPCHAP)
412 strcpy(proto_name, "CHAP");
413 else
414 sprintf(proto_name, "%#4.4x", proto);
415
416 LOG(2, session[s].ip, s, t, " Remote requesting %s authentication. Rejecting.\n", proto_name);
417
418 if (!response)
419 {
420 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
421 if (!q)
422 {
423 LOG(2, session[s].ip, s, t, " Failed to send packet.\n");
424 break;
425 }
426 response = *q++ = ConfigNak;
427 }
428 memcpy(q, o, length);
429 *(u16 *)(q += 2) = htons(PPPPAP); // NAK -> Use PAP instead
430 q += length;
431 }
432 break;
433
434 case 5: // Magic-Number
435 magicno = ntohl(*(u32 *)(o + 2));
436 break;
437
438 case 4: // Quality-Protocol
439 case 7: // Protocol-Field-Compression
440 case 8: // Address-And-Control-Field-Compression
441 break;
442
443 default: // Reject any unknown options
444 LOG(2, session[s].ip, s, t, " Rejecting PPP LCP Option type %d\n", type);
445 if (!response || response != ConfigRej) // drop nak in favour of rej
446 {
447 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
448 if (!q)
449 {
450 LOG(2, session[s].ip, s, t, " Failed to send packet.\n");
451 break;
452 }
453 response = *q++ = ConfigRej;
454 }
455
456 memcpy(q, o, length);
457 q += length;
458 }
459 x -= length;
460 o += length;
461 }
462
463 if (!response)
464 {
465 // Send back a ConfigAck
466 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
467 if (!q)
468 {
469 LOG(3, session[s].ip, s, t, " failed to create packet.\n");
470 return;
471 }
472 response = *q = ConfigAck;
473 }
474
475 LOG(3, session[s].ip, s, t, "Sending %s\n", ppp_lcp_types[response]);
476 tunnelsend(b, l + (q - b), t);
477
478 if (!(session[s].flags & SF_LCP_ACKED))
479 initlcp(t, s);
480 }
481 else if (*p == ConfigNak)
482 {
483 LOG(1, session[s].ip, s, t, "Remote end sent a ConfigNak. Ignoring\n");
484 if (config->debug > 3) dumplcp(p, l);
485 return ;
486 }
487 else if (*p == TerminateReq)
488 {
489 *p = TerminateAck; // close
490 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
491 if (!q)
492 {
493 LOG(3, session[s].ip, s, t, "Failed to create PPP packet in processlcp.\n");
494 return;
495 }
496 LOG(3, session[s].ip, s, t, "LCP: Received TerminateReq. Sending TerminateAck\n");
497 sessionshutdown(s, "Remote end closed connection.");
498 tunnelsend(b, l + (q - b), t); // send it
499 }
500 else if (*p == TerminateAck)
501 {
502 sessionshutdown(s, "Connection closed.");
503 }
504 else if (*p == EchoReq)
505 {
506 *p = EchoReply; // reply
507 *(u32 *) (p + 4) = htonl(session[s].magic); // our magic number
508 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
509 if (!q)
510 {
511 LOG(3, session[s].ip, s, t, " failed to send EchoReply.\n");
512 return;
513 }
514 LOG(5, session[s].ip, s, t, "LCP: Received EchoReq. Sending EchoReply\n");
515 tunnelsend(b, l + (q - b), t); // send it
516 }
517 else if (*p == EchoReply)
518 {
519 // Ignore it, last_packet time is set earlier than this.
520 }
521 else if (*p == IdentRequest)
522 {
523 *p = CodeRej;
524 if (l > MAXCONTROL)
525 {
526 LOG(1, 0, s, t, "Truncated Ident Packet (length=%d) to 1400 bytes\n", l);
527 l = 1400;
528 }
529 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
530 if (!q)
531 {
532 LOG(3, session[s].ip, s, t, "Failed to create IdentRej.\n");
533 return;
534 }
535 LOG_HEX(5, "LCPIdentRej", q, l + 4);
536 tunnelsend(b, 12 + 4 + l, t);
537 }
538 else
539 {
540 LOG(1, session[s].ip, s, t, "Unexpected LCP code %d\n", *p);
541 STAT(tunnel_rx_errors);
542 return ;
543 }
544 }
545
546 // Process IPCP messages
547 void processipcp(tunnelidt t, sessionidt s, u8 *p, u16 l)
548 {
549 u16 hl;
550
551 CSTAT(call_processipcp);
552
553 LOG_HEX(5, "IPCP", p, l);
554 if (l < 5)
555 {
556 LOG(1, 0, s, t, "Short IPCP %d bytes\n", l);
557 STAT(tunnel_rx_errors);
558 return ;
559 }
560
561 if ((hl = ntohs(*(u16 *) (p + 2))) > l)
562 {
563 LOG(1, 0, s, t, "Length mismatch IPCP %u/%u\n", hl, l);
564 STAT(tunnel_rx_errors);
565 return ;
566 }
567 l = hl;
568
569 if (*p == ConfigAck)
570 {
571 // happy with our IPCP
572 u16 r = session[s].radius;
573 if ((!r || radius[r].state == RADIUSIPCP) && !session[s].walled_garden)
574 {
575 if (!r)
576 r = radiusnew(s);
577 if (r)
578 radiussend(r, RADIUSSTART); // send radius start, having got IPCP at last
579 }
580 session[s].flags |= SF_IPCP_ACKED;
581
582 LOG(3, session[s].ip, s, t, "IPCP Acked, session is now active\n");
583 return;
584 }
585 if (*p != ConfigReq)
586 {
587 LOG(1, 0, s, t, "Unexpected IPCP code %d\n", *p);
588 STAT(tunnel_rx_errors);
589 return ;
590 }
591 LOG(4, session[s].ip, s, t, "IPCP ConfigReq received\n");
592
593 if (!session[s].ip)
594 {
595 LOG(3, 0, s, t, "Waiting on radius reply\n");
596 return; // have to wait on RADIUS reply
597 }
598 // form a config reply quoting the IP in the session
599 {
600 u8 b[MAXCONTROL];
601 u8 *i,
602 *q;
603
604 q = p + 4;
605 i = p + l;
606 while (q < i && q[1])
607 {
608 if (*q != 0x81 && *q != 0x83 && *q != 3)
609 break;
610 q += q[1];
611 }
612 if (q < i)
613 {
614 // reject
615 u16 n = 4;
616 i = p + l;
617 if (!(q = makeppp(b, sizeof(b), p, l, t, s, PPPIPCP)))
618 {
619 LOG(2, 0, s, t, "Failed to send IPCP ConfigRej\n");
620 return;
621 }
622 *q = ConfigRej;
623 p += 4;
624 while (p < i && p[1])
625 {
626 if (*p != 0x81 && *p != 0x83 && *p != 3)
627 {
628 LOG(2, 0, s, t, "IPCP reject %d\n", *p);
629 memcpy(q + n, p, p[1]);
630 n += p[1];
631 }
632 p += p[1];
633 }
634 *(u16 *) (q + 2) = htons(n);
635 LOG(4, session[s].ip, s, t, "Sending ConfigRej\n");
636 tunnelsend(b, n + (q - b), t); // send it
637 }
638 else
639 {
640 LOG(4, session[s].ip, s, t, "Sending ConfigAck\n");
641 *p = ConfigAck;
642 if ((i = findppp(p, 0x81))) // Primary DNS address
643 {
644 if (*(u32 *) (i + 2) != htonl(session[s].dns1))
645 {
646 *(u32 *) (i + 2) = htonl(session[s].dns1);
647 *p = ConfigNak;
648 LOG(5, session[s].ip, s, t, " DNS1 = %s\n", inet_toa(session[s].dns1));
649 }
650 }
651 if ((i = findppp(p, 0x83))) // Secondary DNS address (TBA, is it)
652 {
653 if (*(u32 *) (i + 2) != htonl(session[s].dns2))
654 {
655 *(u32 *) (i + 2) = htonl(session[s].dns2);
656 *p = ConfigNak;
657 LOG(5, session[s].ip, s, t, " DNS2 = %s\n", inet_toa(session[s].dns2));
658 }
659 }
660 i = findppp(p, 3); // IP address
661 if (!i || i[1] != 6)
662 {
663 LOG(1, 0, s, t, "No IP in IPCP request\n");
664 STAT(tunnel_rx_errors);
665 return ;
666 }
667 if (*(u32 *) (i + 2) != htonl(session[s].ip))
668 {
669 *(u32 *) (i + 2) = htonl(session[s].ip);
670 *p = ConfigNak;
671 LOG(4, session[s].ip, s, t, " No, a ConfigNak, client is requesting IP - sending %s\n",
672 inet_toa(htonl(session[s].ip)));
673 }
674 if (!(q = makeppp(b, sizeof(b), p, l, t, s, PPPIPCP)))
675 {
676 LOG(2, 0, s, t, " Failed to send IPCP packet.\n");
677 return;
678 }
679 tunnelsend(b, l + (q - b), t); // send it
680 }
681 }
682 }
683
684 // process IP packet received
685 //
686 // This MUST be called with at least 4 byte behind 'p'.
687 // (i.e. this routine writes to p[-4]).
688 void processipin(tunnelidt t, sessionidt s, u8 *p, u16 l)
689 {
690 ipt ip;
691
692 CSTAT(call_processipin);
693
694 LOG_HEX(5, "IP", p, l);
695
696 ip = ntohl(*(u32 *)(p + 12));
697
698 if (l > MAXETHER)
699 {
700 LOG(1, ip, s, t, "IP packet too long %d\n", l);
701 STAT(tunnel_rx_errors);
702 return ;
703 }
704
705 // no spoof (do sessionbyip to handled statically routed subnets)
706 if (ip != session[s].ip && sessionbyip(htonl(ip)) != s)
707 {
708 LOG(5, ip, s, t, "Dropping packet with spoofed IP %s\n", inet_toa(htonl(ip)));
709 return;
710 }
711
712 // Add on the tun header
713 p -= 4;
714 *(u32 *)p = htonl(0x00000800);
715 l += 4;
716
717 if (session[s].tbf_in && !config->cluster_iam_master) { // Are we throttled and a slave?
718 master_throttle_packet(session[s].tbf_in, p, l); // Pass it to the master for handling.
719 return;
720 }
721
722 if (session[s].tbf_in && config->cluster_iam_master) { // Are we throttled and a master?? actually handle the throttled packets.
723 tbf_queue_packet(session[s].tbf_in, p, l);
724 return;
725 }
726
727 // send to ethernet
728 if (tun_write(p, l) < 0)
729 {
730 STAT(tun_tx_errors);
731 LOG(0, 0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
732 l, strerror(errno), tunfd, p);
733
734 return;
735 }
736
737 if (session[s].snoop_ip && session[s].snoop_port)
738 {
739 // Snooping this session
740 snoop_send_packet(p + 4, l - 4, session[s].snoop_ip, session[s].snoop_port);
741 }
742
743 session[s].cin += l - 4;
744 session[s].total_cin += l - 4;
745 sess_count[s].cin += l - 4;
746
747 session[s].pin++;
748 eth_tx += l - 4;
749
750 STAT(tun_tx_packets);
751 INC_STAT(tun_tx_bytes, l - 4);
752 }
753
754 //
755 // Helper routine for the TBF filters.
756 // Used to send queued data in from the user.
757 //
758 void send_ipin(sessionidt s, u8 *buf, int len)
759 {
760 LOG_HEX(5, "IP in throttled", buf, len);
761
762 if (write(tunfd, buf, len) < 0)
763 {
764 STAT(tun_tx_errors);
765 LOG(0, 0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
766 len, strerror(errno), tunfd, buf);
767
768 return;
769 }
770
771 if (session[s].snoop_ip && session[s].snoop_port)
772 {
773 // Snooping this session
774 snoop_send_packet(buf + 4, len - 4, session[s].snoop_ip, session[s].snoop_port);
775 }
776
777 // Increment packet counters
778 session[s].cin += len - 4;
779 session[s].total_cin += len - 4;
780 sess_count[s].cin += len - 4;
781
782 session[s].pin++;
783 eth_tx += len - 4;
784
785 STAT(tun_tx_packets);
786 INC_STAT(tun_tx_bytes, len - 4);
787 }
788
789
790 // Process CCP messages
791 void processccp(tunnelidt t, sessionidt s, u8 *p, u16 l)
792 {
793
794 CSTAT(call_processccp);
795
796 LOG_HEX(5, "CCP", p, l);
797 if (l < 2 || (*p != ConfigReq && *p != TerminateReq))
798 {
799 LOG(1, 0, s, t, "Unexpected CCP request code %d\n", *p);
800 STAT(tunnel_rx_errors);
801 return ;
802 }
803 // reject
804 {
805 u8 b[MAXCONTROL];
806 u8 *q;
807 if (*p == ConfigReq)
808 {
809 if (l < 6)
810 {
811 *p = ConfigAck; // accept no compression
812 }
813 else
814 {
815 *p = ConfigRej; // reject
816 sendccp(t, s);
817 }
818 }
819 else
820 *p = TerminateAck; // close
821 if (!(q = makeppp(b, sizeof(b), p, l, t, s, PPPCCP)))
822 {
823 LOG(1,0,0,0, "Failed to send CCP packet.\n");
824 return;
825 }
826 tunnelsend(b, l + (q - b), t); // send it
827 }
828 }
829
830 // send a CHAP PP packet
831 void sendchap(tunnelidt t, sessionidt s)
832 {
833 u8 b[MAXCONTROL];
834 u16 r = session[s].radius;
835 u8 *q;
836
837 CSTAT(call_sendchap);
838
839 if (!r)
840 {
841 LOG(1, 0, s, t, "No RADIUS to send challenge\n");
842 STAT(tunnel_tx_errors);
843 return ;
844 }
845 LOG(1, 0, s, t, "Send CHAP challenge\n");
846 {
847 // new challenge
848 int n;
849 for (n = 0; n < 15; n++)
850 radius[r].auth[n] = rand();
851 }
852 radius[r].chap = 1; // CHAP not PAP
853 radius[r].id++;
854 if (radius[r].state != RADIUSCHAP)
855 radius[r].try = 0;
856 radius[r].state = RADIUSCHAP;
857 radius[r].retry = backoff(radius[r].try++);
858 if (radius[r].try > 5)
859 {
860 sessionshutdown(s, "Timeout CHAP");
861 STAT(tunnel_tx_errors);
862 return ;
863 }
864 q = makeppp(b, sizeof(b), 0, 0, t, s, PPPCHAP);
865 if (!q)
866 {
867 LOG(1, 0, s, t, "failed to send CHAP challenge.\n");
868 return;
869 }
870 *q = 1; // challenge
871 q[1] = radius[r].id; // ID
872 q[4] = 16; // length
873 memcpy(q + 5, radius[r].auth, 16); // challenge
874 strcpy(q + 21, hostname); // our name
875 *(u16 *) (q + 2) = htons(strlen(hostname) + 21); // length
876 tunnelsend(b, strlen(hostname) + 21 + (q - b), t); // send it
877 }
878
879 // fill in a L2TP message with a PPP frame,
880 // copies existing PPP message and changes magic number if seen
881 // returns start of PPP frame
882 u8 *makeppp(u8 *b, int size, u8 *p, int l, tunnelidt t, sessionidt s, u16 mtype)
883 {
884 if (size < 12)
885 return NULL; // Need more space than this!!
886
887 *(u16 *) (b + 0) = htons(0x0002); // L2TP with no options
888 *(u16 *) (b + 2) = htons(tunnel[t].far); // tunnel
889 *(u16 *) (b + 4) = htons(session[s].far); // session
890 b += 6;
891 if (mtype == PPPLCP || !(session[s].l2tp_flags & SESSIONACFC))
892 {
893 *(u16 *) b = htons(0xFF03); // HDLC header
894 b += 2;
895 }
896 if (mtype < 0x100 && session[s].l2tp_flags & SESSIONPFC)
897 *b++ = mtype;
898 else
899 {
900 *(u16 *) b = htons(mtype);
901 b += 2;
902 }
903
904 if (l + 12 > size) {
905 LOG(3,0,0,0, "Would have overflowed the buffer in makeppp: size %d, len %d.\n", size, l);
906 return NULL; // Run out of room to hold the packet!
907 }
908 if (p && l)
909 memcpy(b, p, l);
910 return b;
911 }
912
913 // find a PPP option, returns point to option, or 0 if not found
914 u8 *findppp(u8 *b, u8 mtype)
915 {
916 u16 l = ntohs(*(u16 *) (b + 2));
917 if (l < 4)
918 return 0;
919 b += 4;
920 l -= 4;
921 while (l)
922 {
923 if (l < b[1] || !b[1])
924 return 0; // faulty
925 if (*b == mtype)
926 return b;
927 l -= b[1];
928 b += b[1];
929 }
930 return 0;
931 }
932
933 // Send initial LCP ConfigReq
934 void initlcp(tunnelidt t, sessionidt s)
935 {
936 char b[500] = {0}, *q;
937
938 q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP);
939 if (!q)
940 {
941 LOG(1, 0, s, t, "Failed to send LCP ConfigReq.\n");
942 return;
943 }
944 LOG(4, 0, s, t, "Sending LCP ConfigReq for PAP\n");
945 *q = ConfigReq;
946 *(u8 *)(q + 1) = (time_now % 255) + 1; // ID
947 *(u16 *)(q + 2) = htons(14); // Length
948 *(u8 *)(q + 4) = 5;
949 *(u8 *)(q + 5) = 6;
950 *(u32 *)(q + 6) = htonl(session[s].magic);
951 *(u8 *)(q + 10) = 3;
952 *(u8 *)(q + 11) = 4;
953 *(u16 *)(q + 12) = htons(PPPPAP); // PAP
954 tunnelsend(b, 12 + 14, t);
955 }
956
957 // Send CCP reply
958 void sendccp(tunnelidt t, sessionidt s)
959 {
960 char *q, b[500] = {0};
961
962 q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPCCP);
963 *q = ConfigReq;
964 *(u8 *)(q + 1) = (time_now % 255) + 1; // ID
965 *(u16 *)(q + 2) = htons(4); // Length
966 LOG_HEX(5, "PPPCCP", q, 4);
967 tunnelsend(b, (q - b) + 4 , t);
968 }
969
for cloning use: "git clone git://git.sameswireless.fr/l2tpns.git" ; For add to your sources.list: "deb http://package.sameswifi.fr/ jessie main"