projects / l2tpns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge from Master
[l2tpns.git] / ppp.c
1 // L2TPNS PPP Stuff
2
3 #include <stdio.h>
4 #include <string.h>
5 #include <unistd.h>
6 #include <errno.h>
7 #include <stdlib.h>
8 #include <linux/rtnetlink.h>
9 #include <netinet/ip6.h>
10
11 #include "dhcp6.h"
12 #include "l2tpns.h"
13 #include "constants.h"
14 #include "plugin.h"
15 #include "util.h"
16 #include "tbf.h"
17 #include "cluster.h"
18
19 #include "l2tplac.h"
20 #include "pppoe.h"
21
22 extern tunnelt *tunnel;
23 extern bundlet *bundle;
24 extern fragmentationt *frag;
25 extern sessiont *session;
26 extern radiust *radius;
27 extern int tunfd;
28 extern char hostname[];
29 extern uint32_t eth_tx;
30 extern time_t time_now;
31 extern uint64_t time_now_ms;
32 extern configt *config;
33
34 static int add_lcp_auth(uint8_t *b, int size, int authtype);
35 static bundleidt new_bundle(void);
36 static int epdiscmp(epdist, epdist);
37 static void setepdis(epdist *, epdist);
38 static void ipcp_open(sessionidt s, tunnelidt t);
39
40 static int first_session_in_bundle(sessionidt s)
41 {
42 bundleidt i;
43 for (i = 1; i < MAXBUNDLE; i++)
44 if (bundle[i].state != BUNDLEFREE)
45 if (epdiscmp(session[s].epdis,bundle[i].epdis) && !strcmp(session[s].user, bundle[i].user))
46 return 0;
47 return 1;
48 }
49
50 // Process PAP messages
51 void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
52 {
53 char user[MAXUSER];
54 char pass[MAXPASS];
55 uint16_t hl;
56 uint16_t r;
57
58 CSTAT(processpap);
59
60 LOG_HEX(5, "PAP", p, l);
61 if (l < 4)
62 {
63 LOG(1, s, t, "Short PAP %u bytes\n", l);
64 STAT(tunnel_rx_errors);
65 sessionshutdown(s, "Short PAP packet.", CDN_ADMIN_DISC, TERM_USER_ERROR);
66 return;
67 }
68
69 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
70 {
71 LOG(1, s, t, "Length mismatch PAP %u/%u\n", hl, l);
72 STAT(tunnel_rx_errors);
73 sessionshutdown(s, "PAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR);
74 return;
75 }
76 l = hl;
77
78 if (*p != 1)
79 {
80 LOG(1, s, t, "Unexpected PAP code %d\n", *p);
81 STAT(tunnel_rx_errors);
82 sessionshutdown(s, "Unexpected PAP code.", CDN_ADMIN_DISC, TERM_USER_ERROR);
83 return;
84 }
85
86 if (session[s].ppp.phase != Authenticate)
87 {
88 LOG(2, s, t, "PAP ignored in %s phase\n", ppp_phase(session[s].ppp.phase));
89 return;
90 }
91
92 {
93 uint8_t *b = p;
94 b += 4;
95 user[0] = pass[0] = 0;
96 if (*b && *b < sizeof(user))
97 {
98 memcpy(user, b + 1, *b);
99 user[*b] = 0;
100 b += 1 + *b;
101 if (*b && *b < sizeof(pass))
102 {
103 memcpy(pass, b + 1, *b);
104 pass[*b] = 0;
105 }
106 }
107 LOG(3, s, t, "PAP login %s/%s\n", user, pass);
108 }
109
110 if ((!config->disable_lac_func) && lac_conf_forwardtoremotelns(s, user))
111 {
112 // Creating a tunnel/session has been started
113 return;
114 }
115
116 if (session[s].ip || !(r = radiusnew(s)))
117 {
118 // respond now, either no RADIUS available or already authenticated
119 uint8_t b[MAXETHER];
120 uint8_t id = p[1];
121 uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPPAP, 0, 0, 0);
122 if (!p) return;
123
124 if (session[s].ip)
125 *p = 2; // ACK
126 else
127 *p = 3; // cant authorise
128 p[1] = id;
129 *(uint16_t *) (p + 2) = htons(5); // length
130 p[4] = 0; // no message
131 tunnelsend(b, 5 + (p - b), t); // send it
132
133 if (session[s].ip)
134 {
135 LOG(3, s, t, "Already an IP allocated: %s (%d)\n",
136 fmtaddr(htonl(session[s].ip), 0), session[s].ip_pool_index);
137 }
138 else
139 {
140 LOG(1, s, t, "No RADIUS session available to authenticate session...\n");
141 sessionshutdown(s, "No free RADIUS sessions.", CDN_UNAVAILABLE, TERM_SERVICE_UNAVAILABLE);
142 }
143 }
144 else
145 {
146 // Run PRE_AUTH plugins
147 struct param_pre_auth packet = { &tunnel[t], &session[s], strdup(user), strdup(pass), PPPPAP, 1 };
148 run_plugins(PLUGIN_PRE_AUTH, &packet);
149 if (!packet.continue_auth)
150 {
151 LOG(3, s, t, "A plugin rejected PRE_AUTH\n");
152 if (packet.username) free(packet.username);
153 if (packet.password) free(packet.password);
154 return;
155 }
156
157 strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
158 strncpy(radius[r].pass, packet.password, sizeof(radius[r].pass) - 1);
159
160 free(packet.username);
161 free(packet.password);
162
163 radius[r].id = p[1];
164 LOG(3, s, t, "Sending login for %s/%s to RADIUS\n", user, pass);
165 if ((session[s].mrru) && (!first_session_in_bundle(s)))
166 radiussend(r, RADIUSJUSTAUTH);
167 else
168 radiussend(r, RADIUSAUTH);
169 }
170 }
171
172 // Process CHAP messages
173 void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
174 {
175 uint16_t r;
176 uint16_t hl;
177
178 CSTAT(processchap);
179
180 LOG_HEX(5, "CHAP", p, l);
181
182 if (l < 4)
183 {
184 LOG(1, s, t, "Short CHAP %u bytes\n", l);
185 STAT(tunnel_rx_errors);
186 sessionshutdown(s, "Short CHAP packet.", CDN_ADMIN_DISC, TERM_USER_ERROR);
187 return;
188 }
189
190 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
191 {
192 LOG(1, s, t, "Length mismatch CHAP %u/%u\n", hl, l);
193 STAT(tunnel_rx_errors);
194 sessionshutdown(s, "CHAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR);
195 return;
196 }
197 l = hl;
198
199 if (*p != 2)
200 {
201 LOG(1, s, t, "Unexpected CHAP response code %d\n", *p);
202 STAT(tunnel_rx_errors);
203 sessionshutdown(s, "CHAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR);
204 return;
205 }
206
207 if (session[s].ppp.phase != Authenticate)
208 {
209 LOG(2, s, t, "CHAP ignored in %s phase\n", ppp_phase(session[s].ppp.phase));
210 return;
211 }
212
213 r = sess_local[s].radius;
214 if (!r)
215 {
216 LOG(3, s, t, "Unexpected CHAP message\n");
217
218 // Some modems (Netgear DM602, possibly others) persist in using CHAP even
219 // after ACKing our ConfigReq for PAP.
220 if (sess_local[s].lcp_authtype == AUTHPAP && config->radius_authtypes & AUTHCHAP)
221 {
222 sess_local[s].lcp_authtype = AUTHCHAP;
223 sendchap(s, t);
224 }
225 return;
226 }
227
228 if (p[1] != radius[r].id)
229 {
230 LOG(1, s, t, "Wrong CHAP response ID %d (should be %d) (%d)\n", p[1], radius[r].id, r);
231 STAT(tunnel_rx_errors);
232 sessionshutdown(s, "Unexpected CHAP response ID.", CDN_ADMIN_DISC, TERM_USER_ERROR);
233 return;
234 }
235
236 if (l < 5 || p[4] != 16)
237 {
238 LOG(1, s, t, "Bad CHAP response length %d\n", l < 5 ? -1 : p[4]);
239 STAT(tunnel_rx_errors);
240 sessionshutdown(s, "Bad CHAP response length.", CDN_ADMIN_DISC, TERM_USER_ERROR);
241 return;
242 }
243
244 l -= 5;
245 p += 5;
246 if (l < 16 || l - 16 >= sizeof(session[s].user))
247 {
248 LOG(1, s, t, "CHAP user too long %d\n", l - 16);
249 STAT(tunnel_rx_errors);
250 sessionshutdown(s, "CHAP username too long.", CDN_ADMIN_DISC, TERM_USER_ERROR);
251 return;
252 }
253
254 // Run PRE_AUTH plugins
255 {
256 struct param_pre_auth packet = { &tunnel[t], &session[s], NULL, NULL, PPPCHAP, 1 };
257
258 packet.password = calloc(17, 1);
259 memcpy(packet.password, p, 16);
260
261 p += 16;
262 l -= 16;
263
264 packet.username = calloc(l + 1, 1);
265 memcpy(packet.username, p, l);
266
267 if ((!config->disable_lac_func) && lac_conf_forwardtoremotelns(s, packet.username))
268 {
269 free(packet.username);
270 free(packet.password);
271 // Creating a tunnel/session has been started
272 return;
273 }
274
275 run_plugins(PLUGIN_PRE_AUTH, &packet);
276 if (!packet.continue_auth)
277 {
278 LOG(3, s, t, "A plugin rejected PRE_AUTH\n");
279 if (packet.username) free(packet.username);
280 if (packet.password) free(packet.password);
281 return;
282 }
283
284 strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
285 memcpy(radius[r].pass, packet.password, 16);
286
287 free(packet.username);
288 free(packet.password);
289 }
290
291 radius[r].chap = 1;
292 LOG(3, s, t, "CHAP login %s\n", session[s].user);
293 if ((session[s].mrru) && (!first_session_in_bundle(s)))
294 radiussend(r, RADIUSJUSTAUTH);
295 else
296 radiussend(r, RADIUSAUTH);
297 }
298
299 static void dumplcp(uint8_t *p, int l)
300 {
301 int x = l - 4;
302 uint8_t *o = (p + 4);
303
304 LOG_HEX(5, "PPP LCP Packet", p, l);
305 LOG(4, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p, ppp_code((int)*p), ntohs( ((uint16_t *) p)[1]) );
306 LOG(4, 0, 0, "Length: %d\n", l);
307 if (*p != ConfigReq && *p != ConfigRej && *p != ConfigAck)
308 return;
309
310 while (x > 2)
311 {
312 int type = o[0];
313 int length = o[1];
314 if (length < 2)
315 {
316 LOG(4, 0, 0, " Option length is %d...\n", length);
317 break;
318 }
319 if (type == 0)
320 {
321 LOG(4, 0, 0, " Option type is 0...\n");
322 x -= length;
323 o += length;
324 continue;
325 }
326 switch (type)
327 {
328 case 1: // Maximum-Receive-Unit
329 if (length == 4)
330 LOG(4, 0, 0, " %s %d\n", ppp_lcp_option(type), ntohs(*(uint16_t *)(o + 2)));
331 else
332 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type), length);
333 break;
334 case 2: // Async-Control-Character-Map
335 if (length == 6)
336 {
337 uint32_t asyncmap = ntohl(*(uint32_t *)(o + 2));
338 LOG(4, 0, 0, " %s %x\n", ppp_lcp_option(type), asyncmap);
339 }
340 else
341 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type), length);
342 break;
343 case 3: // Authentication-Protocol
344 if (length == 4)
345 {
346 int proto = ntohs(*(uint16_t *)(o + 2));
347 LOG(4, 0, 0, " %s 0x%x (%s)\n", ppp_lcp_option(type), proto,
348 proto == PPPPAP ? "PAP" : "UNSUPPORTED");
349 }
350 else if (length == 5)
351 {
352 int proto = ntohs(*(uint16_t *)(o + 2));
353 int algo = *(o + 4);
354 LOG(4, 0, 0, " %s 0x%x 0x%x (%s)\n", ppp_lcp_option(type), proto, algo,
355 (proto == PPPCHAP && algo == 5) ? "CHAP MD5" : "UNSUPPORTED");
356 }
357 else
358 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type), length);
359 break;
360 case 4: // Quality-Protocol
361 {
362 uint32_t qp = ntohl(*(uint32_t *)(o + 2));
363 LOG(4, 0, 0, " %s %x\n", ppp_lcp_option(type), qp);
364 }
365 break;
366 case 5: // Magic-Number
367 if (length == 6)
368 {
369 uint32_t magicno = ntohl(*(uint32_t *)(o + 2));
370 LOG(4, 0, 0, " %s %x\n", ppp_lcp_option(type), magicno);
371 }
372 else
373 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type), length);
374 break;
375 case 7: // Protocol-Field-Compression
376 case 8: // Address-And-Control-Field-Compression
377 LOG(4, 0, 0, " %s\n", ppp_lcp_option(type));
378 break;
379 default:
380 LOG(2, 0, 0, " Unknown PPP LCP Option type %d\n", type);
381 break;
382 }
383 x -= length;
384 o += length;
385 }
386 }
387
388 void lcp_open(sessionidt s, tunnelidt t)
389 {
390 // transition to Authentication or Network phase:
391 session[s].ppp.phase = sess_local[s].lcp_authtype ? Authenticate : Network;
392
393 LOG(3, s, t, "LCP: Opened, phase %s\n", ppp_phase(session[s].ppp.phase));
394
395 // LCP now Opened
396 change_state(s, lcp, Opened);
397
398 if (session[s].ppp.phase == Authenticate)
399 {
400 if (sess_local[s].lcp_authtype == AUTHCHAP)
401 sendchap(s, t);
402 }
403 else
404 {
405 if(session[s].bundle == 0 || bundle[session[s].bundle].num_of_links == 1)
406 {
407 // This-Layer-Up
408 sendipcp(s, t);
409 change_state(s, ipcp, RequestSent);
410 // move to passive state for IPv6 (if configured), CCP
411 if (config->ipv6_prefix.s6_addr[0])
412 change_state(s, ipv6cp, Stopped);
413 else
414 change_state(s, ipv6cp, Closed);
415
416 change_state(s, ccp, Stopped);
417 }
418 else
419 {
420 sessionidt first_ses = bundle[session[s].bundle].members[0];
421 LOG(3, s, t, "MPPP: Skipping IPCP negotiation for session:%d, first session of bundle is:%d\n",s,first_ses);
422 ipcp_open(s, t);
423 }
424 }
425 }
426
427 void lcp_restart(sessionidt s)
428 {
429 session[s].ppp.phase = Establish;
430 // This-Layer-Down
431 change_state(s, ipcp, Dead);
432 change_state(s, ipv6cp, Dead);
433 change_state(s, ccp, Dead);
434 }
435
436 static uint8_t *ppp_conf_rej(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype,
437 uint8_t **response, uint8_t *queued, uint8_t *packet, uint8_t *option)
438 {
439 if (!*response || **response != ConfigRej)
440 {
441 queued = *response = makeppp(buf, blen, packet, 2, s, session[s].tunnel, mtype, 0, 0, 0);
442 if (!queued)
443 return 0;
444
445 *queued = ConfigRej;
446 queued += 4;
447 }
448
449 if ((queued - buf + option[1]) > blen)
450 {
451 LOG(2, s, session[s].tunnel, "PPP overflow for ConfigRej (proto %u, option %u).\n", mtype, *option);
452 return 0;
453 }
454
455 memcpy(queued, option, option[1]);
456 return queued + option[1];
457 }
458
459 static uint8_t *ppp_conf_nak(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype,
460 uint8_t **response, uint8_t *queued, uint8_t *packet, uint8_t *option,
461 uint8_t *value, size_t vlen)
462 {
463 int *nak_sent;
464 switch (mtype)
465 {
466 case PPPLCP: nak_sent = &sess_local[s].lcp.nak_sent; break;
467 case PPPIPCP: nak_sent = &sess_local[s].ipcp.nak_sent; break;
468 case PPPIPV6CP: nak_sent = &sess_local[s].ipv6cp.nak_sent; break;
469 default: return 0; // ?
470 }
471
472 if (*response && **response != ConfigNak)
473 {
474 if (*nak_sent < config->ppp_max_failure) // reject queued
475 return queued;
476
477 return ppp_conf_rej(s, buf, blen, mtype, response, 0, packet, option);
478 }
479
480 if (!*response)
481 {
482 if (*nak_sent >= config->ppp_max_failure)
483 return ppp_conf_rej(s, buf, blen, mtype, response, 0, packet, option);
484
485 queued = *response = makeppp(buf, blen, packet, 2, s, session[s].tunnel, mtype, 0, 0, 0);
486 if (!queued)
487 return 0;
488
489 (*nak_sent)++;
490 *queued = ConfigNak;
491 queued += 4;
492 }
493
494 if ((queued - buf + vlen + 2) > blen)
495 {
496 LOG(2, s, session[s].tunnel, "PPP overflow for ConfigNak (proto %u, option %u).\n", mtype, *option);
497 return 0;
498 }
499
500 *queued++ = *option;
501 *queued++ = vlen + 2;
502 memcpy(queued, value, vlen);
503 return queued + vlen;
504 }
505
506 static void ppp_code_rej(sessionidt s, tunnelidt t, uint16_t proto,
507 char *pname, uint8_t *p, uint16_t l, uint8_t *buf, size_t size)
508 {
509 uint8_t *q;
510 int mru = session[s].mru;
511 if (mru < MINMTU) mru = MINMTU;
512 if (mru > size) mru = size;
513
514 l += 4;
515 if (l > mru) l = mru;
516
517 q = makeppp(buf, size, 0, 0, s, t, proto, 0, 0, 0);
518 if (!q) return;
519
520 *q = CodeRej;
521 *(q + 1) = ++sess_local[s].lcp_ident;
522 *(uint16_t *)(q + 2) = htons(l);
523 memcpy(q + 4, p, l - 4);
524
525 LOG(2, s, t, "Unexpected %s code %s\n", pname, ppp_code(*p));
526 LOG(3, s, t, "%s: send %s\n", pname, ppp_code(*q));
527 if (config->debug > 3) dumplcp(q, l);
528
529 tunnelsend(buf, l + (q - buf), t);
530 }
531
532 // Process LCP messages
533 void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
534 {
535 uint8_t b[MAXETHER];
536 uint8_t *q = NULL;
537 uint16_t hl;
538
539 CSTAT(processlcp);
540
541 LOG_HEX(5, "LCP", p, l);
542 if (l < 4)
543 {
544 LOG(1, s, t, "Short LCP %d bytes\n", l);
545 STAT(tunnel_rx_errors);
546 return ;
547 }
548
549 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
550 {
551 LOG(1, s, t, "Length mismatch LCP %u/%u\n", hl, l);
552 STAT(tunnel_rx_errors);
553 return ;
554 }
555 l = hl;
556
557 if (session[s].die) // going down...
558 return;
559
560 LOG(((*p == EchoReq || *p == EchoReply) ? 4 : 3), s, t,
561 "LCP: recv %s\n", ppp_code(*p));
562
563 if (config->debug > 3) dumplcp(p, l);
564
565 if (*p == ConfigAck)
566 {
567 int x = l - 4;
568 uint8_t *o = (p + 4);
569 int authtype = 0;
570
571 while (x > 2)
572 {
573 int type = o[0];
574 int length = o[1];
575
576 if (length == 0 || type == 0 || x < length) break;
577 switch (type)
578 {
579 case 3: // Authentication-Protocol
580 {
581 int proto = ntohs(*(uint16_t *)(o + 2));
582 if (proto == PPPPAP)
583 authtype = AUTHPAP;
584 else if (proto == PPPCHAP && *(o + 4) == 5)
585 authtype = AUTHCHAP;
586 }
587
588 break;
589 }
590 x -= length;
591 o += length;
592 }
593
594 if (!session[s].ip && authtype)
595 sess_local[s].lcp_authtype = authtype;
596
597 switch (session[s].ppp.lcp)
598 {
599 case RequestSent:
600 initialise_restart_count(s, lcp);
601 change_state(s, lcp, AckReceived);
602 break;
603
604 case AckReceived:
605 case Opened:
606 LOG(2, s, t, "LCP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.lcp));
607 if (session[s].ppp.lcp == Opened)
608 lcp_restart(s);
609
610 sendlcp(s, t);
611 change_state(s, lcp, RequestSent);
612 break;
613
614 case AckSent:
615 lcp_open(s, t);
616 break;
617
618 default:
619 LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
620 }
621 }
622 else if (*p == ConfigReq)
623 {
624 int x = l - 4;
625 uint8_t *o = (p + 4);
626 uint8_t *response = 0;
627 static uint8_t asyncmap[4] = { 0, 0, 0, 0 }; // all zero
628 static uint8_t authproto[5];
629 int changed = 0;
630
631 while (x > 2)
632 {
633 int type = o[0];
634 int length = o[1];
635
636 if (length == 0 || type == 0 || x < length) break;
637 switch (type)
638 {
639 case 1: // Maximum-Receive-Unit
640 {
641 uint16_t mru = ntohs(*(uint16_t *)(o + 2));
642 if (mru >= MINMTU)
643 {
644 session[s].mru = mru;
645 changed++;
646 break;
647 }
648
649 LOG(3, s, t, " Remote requesting MRU of %u. Rejecting.\n", mru);
650 mru = htons(MRU);
651 q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, (uint8_t *) &mru, sizeof(mru));
652 }
653 break;
654
655 case 2: // Async-Control-Character-Map
656 if (!ntohl(*(uint32_t *)(o + 2))) // all bits zero is OK
657 break;
658
659 LOG(3, s, t, " Remote requesting asyncmap. Rejecting.\n");
660 q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, asyncmap, sizeof(asyncmap));
661 break;
662
663 case 3: // Authentication-Protocol
664 {
665 int proto = ntohs(*(uint16_t *)(o + 2));
666 char proto_name[] = "0x0000";
667 int alen;
668
669 if (proto == PPPPAP)
670 {
671 if (config->radius_authtypes & AUTHPAP)
672 {
673 sess_local[s].lcp_authtype = AUTHPAP;
674 break;
675 }
676
677 strcpy(proto_name, "PAP");
678 }
679 else if (proto == PPPCHAP)
680 {
681 if (config->radius_authtypes & AUTHCHAP
682 && *(o + 4) == 5) // MD5
683 {
684 sess_local[s].lcp_authtype = AUTHCHAP;
685 break;
686 }
687
688 strcpy(proto_name, "CHAP");
689 }
690 else
691 sprintf(proto_name, "%#4.4x", proto);
692
693 LOG(3, s, t, " Remote requesting %s authentication. Rejecting.\n", proto_name);
694
695 alen = add_lcp_auth(authproto, sizeof(authproto), config->radius_authprefer);
696 if (alen < 2) break; // paranoia
697
698 q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2);
699 if (q && *response == ConfigNak &&
700 config->radius_authtypes != config->radius_authprefer)
701 {
702 // alternate type
703 alen = add_lcp_auth(authproto, sizeof(authproto), config->radius_authtypes & ~config->radius_authprefer);
704 if (alen < 2) break;
705 q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2);
706 }
707
708 break;
709 }
710 break;
711
712 case 4: // Quality-Protocol
713 case 5: // Magic-Number
714 case 7: // Protocol-Field-Compression
715 case 8: // Address-And-Control-Field-Compression
716 break;
717
718 case 17: // Multilink Max-Receive-Reconstructed-Unit
719 {
720 uint16_t mrru = ntohs(*(uint16_t *)(o + 2));
721 session[s].mrru = mrru;
722 changed++;
723 LOG(3, s, t, " Received PPP LCP option MRRU: %d\n",mrru);
724 }
725 break;
726
727 case 18: // Multilink Short Sequence Number Header Format
728 {
729 session[s].mssf = 1;
730 changed++;
731 LOG(3, s, t, " Received PPP LCP option MSSN format\n");
732 }
733 break;
734
735 case 19: // Multilink Endpoint Discriminator
736 {
737 uint8_t epdis_class = o[2];
738 int addr;
739
740 session[s].epdis.addr_class = epdis_class;
741 session[s].epdis.length = length - 3;
742 if (session[s].epdis.length > 20)
743 {
744 LOG(1, s, t, "Error: received EndDis Address Length more than 20: %d\n", session[s].epdis.length);
745 session[s].epdis.length = 20;
746 }
747
748 for (addr = 0; addr < session[s].epdis.length; addr++)
749 session[s].epdis.address[addr] = o[3+addr];
750
751 changed++;
752
753 switch (epdis_class)
754 {
755 case LOCALADDR:
756 LOG(3, s, t, " Received PPP LCP option Multilink EndDis Local Address Class: %d\n",epdis_class);
757 break;
758 case IPADDR:
759 LOG(3, s, t, " Received PPP LCP option Multilink EndDis IP Address Class: %d\n",epdis_class);
760 break;
761 case IEEEMACADDR:
762 LOG(3, s, t, " Received PPP LCP option Multilink EndDis IEEE MAC Address Class: %d\n",epdis_class);
763 break;
764 case PPPMAGIC:
765 LOG(3, s, t, " Received PPP LCP option Multilink EndDis PPP Magic No Class: %d\n",epdis_class);
766 break;
767 case PSNDN:
768 LOG(3, s, t, " Received PPP LCP option Multilink EndDis PSND No Class: %d\n",epdis_class);
769 break;
770 default:
771 LOG(3, s, t, " Received PPP LCP option Multilink EndDis NULL Class %d\n",epdis_class);
772 }
773 }
774 break;
775
776 default: // Reject any unknown options
777 LOG(3, s, t, " Rejecting unknown PPP LCP option %d\n", type);
778 q = ppp_conf_rej(s, b, sizeof(b), PPPLCP, &response, q, p, o);
779 }
780 x -= length;
781 o += length;
782 }
783
784 if (changed)
785 cluster_send_session(s);
786
787 if (response)
788 {
789 l = q - response; // LCP packet length
790 *((uint16_t *) (response + 2)) = htons(l); // update header
791 }
792 else
793 {
794 // Send packet back as ConfigAck
795 response = makeppp(b, sizeof(b), p, l, s, t, PPPLCP, 0, 0, 0);
796 if (!response) return;
797 *response = ConfigAck;
798 }
799
800 switch (session[s].ppp.lcp)
801 {
802 case Closed:
803 response = makeppp(b, sizeof(b), p, 2, s, t, PPPLCP, 0, 0, 0);
804 if (!response) return;
805 *response = TerminateAck;
806 *((uint16_t *) (response + 2)) = htons(l = 4);
807 break;
808
809 case Stopped:
810 initialise_restart_count(s, lcp);
811 sendlcp(s, t);
812 if (*response == ConfigAck)
813 change_state(s, lcp, AckSent);
814 else
815 change_state(s, lcp, RequestSent);
816
817 break;
818
819 case RequestSent:
820 if (*response == ConfigAck)
821 change_state(s, lcp, AckSent);
822
823 break;
824
825 case AckReceived:
826 if (*response == ConfigAck)
827 lcp_open(s, t);
828
829 break;
830
831 case Opened:
832 lcp_restart(s);
833 sendlcp(s, t);
834 /* fallthrough */
835
836 case AckSent:
837 if (*response == ConfigAck)
838 change_state(s, lcp, AckSent);
839 else
840 change_state(s, lcp, RequestSent);
841
842 break;
843
844 case Closing:
845 sessionshutdown(s, "LCP: ConfigReq in state Closing. This should not happen. Killing session.", CDN_ADMIN_DISC, TERM_LOST_SERVICE);
846 break;
847
848 default:
849 LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
850 return;
851 }
852
853 LOG(3, s, t, "LCP: send %s\n", ppp_code(*response));
854 if (config->debug > 3) dumplcp(response, l);
855
856 tunnelsend(b, l + (response - b), t);
857 }
858 else if (*p == ConfigNak || *p == ConfigRej)
859 {
860 int x = l - 4;
861 uint8_t *o = (p + 4);
862 int authtype = -1;
863
864 while (x > 2)
865 {
866 int type = o[0];
867 int length = o[1];
868
869 if (length == 0 || type == 0 || x < length) break;
870 switch (type)
871 {
872 case 1: // Maximum-Receive-Unit
873 if (*p == ConfigNak)
874 {
875 if (length < 4) break;
876 sess_local[s].ppp_mru = ntohs(*(uint16_t *)(o + 2));
877 LOG(3, s, t, " Remote requested MRU of %u\n", sess_local[s].ppp_mru);
878 }
879 else
880 {
881 sess_local[s].ppp_mru = 0;
882 LOG(3, s, t, " Remote rejected MRU negotiation\n");
883 }
884
885 break;
886
887 case 3: // Authentication-Protocol
888 if (authtype > 0)
889 break;
890
891 if (*p == ConfigNak)
892 {
893 int proto;
894
895 if (length < 4) break;
896 proto = ntohs(*(uint16_t *)(o + 2));
897
898 if (proto == PPPPAP)
899 {
900 authtype = config->radius_authtypes & AUTHPAP;
901 LOG(3, s, t, " Remote requested PAP authentication...%sing\n",
902 authtype ? "accept" : "reject");
903 }
904 else if (proto == PPPCHAP && length > 4 && *(o + 4) == 5)
905 {
906 authtype = config->radius_authtypes & AUTHCHAP;
907 LOG(3, s, t, " Remote requested CHAP authentication...%sing\n",
908 authtype ? "accept" : "reject");
909 }
910 else
911 {
912 LOG(3, s, t, " Rejecting unsupported authentication %#4x\n",
913 proto);
914 }
915 }
916 else
917 {
918 LOG(2, s, t, "LCP: remote rejected auth negotiation\n");
919 authtype = 0; // shutdown
920 }
921
922 break;
923
924 case 5: // Magic-Number
925 session[s].magic = 0;
926 if (*p == ConfigNak)
927 {
928 if (length < 6) break;
929 session[s].magic = ntohl(*(uint32_t *)(o + 2));
930 }
931
932 if (session[s].magic)
933 LOG(3, s, t, " Remote requested magic-no %x\n", session[s].magic);
934 else
935 LOG(3, s, t, " Remote rejected magic-no\n");
936
937 cluster_send_session(s);
938 break;
939
940 case 17: // Multilink Max-Receive-Reconstructed-Unit
941 {
942 if (*p == ConfigNak)
943 {
944 sess_local[s].mp_mrru = ntohs(*(uint16_t *)(o + 2));
945 LOG(3, s, t, " Remote requested MRRU of %u\n", sess_local[s].mp_mrru);
946 }
947 else
948 {
949 sess_local[s].mp_mrru = 0;
950 LOG(3, s, t, " Remote rejected MRRU negotiation\n");
951 }
952 }
953 break;
954
955 case 18: // Multilink Short Sequence Number Header Format
956 {
957 if (*p == ConfigNak)
958 {
959 sess_local[s].mp_mssf = 0;
960 LOG(3, s, t, " Remote requested Naked mssf\n");
961 }
962 else
963 {
964 sess_local[s].mp_mssf = 0;
965 LOG(3, s, t, " Remote rejected mssf\n");
966 }
967 }
968 break;
969
970 case 19: // Multilink Endpoint Discriminator
971 {
972 if (*p == ConfigNak)
973 {
974 LOG(2, s, t, " Remote should not configNak Endpoint Dis!\n");
975 }
976 else
977 {
978 sess_local[s].mp_epdis = 0;
979 LOG(3, s, t, " Remote rejected Endpoint Discriminator\n");
980 }
981 }
982 break;
983
984 default:
985 LOG(2, s, t, "LCP: remote sent %s for type %u?\n", ppp_code(*p), type);
986 sessionshutdown(s, "Unable to negotiate LCP.", CDN_ADMIN_DISC, TERM_USER_ERROR);
987 return;
988 }
989 x -= length;
990 o += length;
991 }
992
993 if (!authtype)
994 {
995 sessionshutdown(s, "Unsupported authentication.", CDN_ADMIN_DISC, TERM_USER_ERROR);
996 return;
997 }
998
999 if (authtype > 0)
1000 sess_local[s].lcp_authtype = authtype;
1001
1002 switch (session[s].ppp.lcp)
1003 {
1004 case Closed:
1005 case Stopped:
1006 {
1007 uint8_t *response = makeppp(b, sizeof(b), p, 2, s, t, PPPLCP, 0, 0, 0);
1008 if (!response) return;
1009 *response = TerminateAck;
1010 *((uint16_t *) (response + 2)) = htons(l = 4);
1011
1012 LOG(3, s, t, "LCP: send %s\n", ppp_code(*response));
1013 if (config->debug > 3) dumplcp(response, l);
1014
1015 tunnelsend(b, l + (response - b), t);
1016 }
1017 break;
1018
1019 case RequestSent:
1020 case AckSent:
1021 initialise_restart_count(s, lcp);
1022 sendlcp(s, t);
1023 break;
1024
1025 case AckReceived:
1026 LOG(2, s, t, "LCP: ConfigNak in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.lcp));
1027 sendlcp(s, t);
1028 break;
1029
1030 case Opened:
1031 lcp_restart(s);
1032 sendlcp(s, t);
1033 break;
1034
1035 default:
1036 LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
1037 return;
1038 }
1039 }
1040 else if (*p == TerminateReq)
1041 {
1042 switch (session[s].ppp.lcp)
1043 {
1044 case Closed:
1045 case Stopped:
1046 case Closing:
1047 case Stopping:
1048 case RequestSent:
1049 case AckReceived:
1050 case AckSent:
1051 break;
1052
1053 case Opened:
1054 lcp_restart(s);
1055 zero_restart_count(s, lcp);
1056 change_state(s, lcp, Closing);
1057 break;
1058
1059 default:
1060 LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
1061 return;
1062 }
1063
1064 *p = TerminateAck; // send ack
1065 q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP, 0, 0, 0);
1066 if (!q) return;
1067
1068 LOG(3, s, t, "LCP: send %s\n", ppp_code(*q));
1069 if (config->debug > 3) dumplcp(q, l);
1070
1071 tunnelsend(b, l + (q - b), t); // send it
1072 }
1073 else if (*p == ProtocolRej)
1074 {
1075 uint16_t proto = 0;
1076
1077 if (l > 4)
1078 {
1079 proto = *(p+4);
1080 if (l > 5 && !(proto & 1))
1081 {
1082 proto <<= 8;
1083 proto |= *(p+5);
1084 }
1085 }
1086
1087 if (proto == PPPIPV6CP)
1088 {
1089 LOG(3, s, t, "IPv6 rejected\n");
1090 change_state(s, ipv6cp, Closed);
1091 }
1092 else
1093 {
1094 LOG(3, s, t, "LCP protocol reject: 0x%04X\n", proto);
1095 }
1096 }
1097 else if (*p == EchoReq)
1098 {
1099 *p = EchoReply; // reply
1100 *(uint32_t *) (p + 4) = htonl(session[s].magic); // our magic number
1101 q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP, 0, 0, 0);
1102 if (!q) return;
1103
1104 LOG(4, s, t, "LCP: send %s\n", ppp_code(*q));
1105 if (config->debug > 3) dumplcp(q, l);
1106
1107 tunnelsend(b, l + (q - b), t); // send it
1108 }
1109 else if (*p == EchoReply)
1110 {
1111 // Ignore it, last_packet time is set earlier than this.
1112 }
1113 else if (*p != CodeRej)
1114 {
1115 ppp_code_rej(s, t, PPPLCP, "LCP", p, l, b, sizeof(b));
1116 }
1117 }
1118
1119 int join_bundle(sessionidt s)
1120 {
1121 // Search for a bundle to join
1122 bundleidt i;
1123 bundleidt b;
1124 for (i = 1; i < MAXBUNDLE; i++)
1125 {
1126 if (bundle[i].state != BUNDLEFREE)
1127 {
1128 if (epdiscmp(session[s].epdis,bundle[i].epdis) && !strcmp(session[s].user, bundle[i].user))
1129 {
1130 sessionidt first_ses = bundle[i].members[0];
1131 if (bundle[i].mssf != session[s].mssf)
1132 {
1133 // uniformity of sequence number format must be insured
1134 LOG(3, s, session[s].tunnel, "MPPP: unable to bundle session %d in bundle %d cause of different mssf\n", s, i);
1135 return -1;
1136 }
1137 session[s].bundle = i;
1138 session[s].ip = session[first_ses].ip;
1139 session[s].dns1 = session[first_ses].dns1;
1140 session[s].dns2 = session[first_ses].dns2;
1141 session[s].timeout = session[first_ses].timeout;
1142
1143 if(session[s].epdis.length > 0)
1144 setepdis(&bundle[i].epdis, session[s].epdis);
1145
1146 strcpy(bundle[i].user, session[s].user);
1147 bundle[i].members[bundle[i].num_of_links] = s;
1148 bundle[i].num_of_links++;
1149 LOG(3, s, session[s].tunnel, "MPPP: Bundling additional line in bundle (%d), lines:%d\n",i,bundle[i].num_of_links);
1150 return i;
1151 }
1152 }
1153 }
1154
1155 // No previously created bundle was found for this session, so create a new one
1156 if (!(b = new_bundle())) return 0;
1157
1158 session[s].bundle = b;
1159 bundle[b].mrru = session[s].mrru;
1160 bundle[b].mssf = session[s].mssf;
1161 // FIXME !!! to enable l2tpns reading mssf frames receiver_max_seq, sender_max_seq must be introduce
1162 // now session[s].mssf flag indecates that the receiver wish to receive frames in mssf, so max_seq (i.e. recv_max_seq) = 1<<24
1163 /*
1164 if (bundle[b].mssf)
1165 bundle[b].max_seq = 1 << 12;
1166 else */
1167 bundle[b].max_seq = 1 << 24;
1168 if(session[s].epdis.length > 0)
1169 setepdis(&bundle[b].epdis, session[s].epdis);
1170
1171 strcpy(bundle[b].user, session[s].user);
1172 bundle[b].members[0] = s;
1173 bundle[b].timeout = session[s].timeout;
1174 LOG(3, s, session[s].tunnel, "MPPP: Created a new bundle (%d)\n", b);
1175 return b;
1176 }
1177
1178 static int epdiscmp(epdist ep1, epdist ep2)
1179 {
1180 int ad;
1181 if (ep1.length != ep2.length)
1182 return 0;
1183
1184 if (ep1.addr_class != ep2.addr_class)
1185 return 0;
1186
1187 for (ad = 0; ad < ep1.length; ad++)
1188 if (ep1.address[ad] != ep2.address[ad])
1189 return 0;
1190
1191 return 1;
1192 }
1193
1194 static void setepdis(epdist *ep1, epdist ep2)
1195 {
1196 int ad;
1197 ep1->length = ep2.length;
1198 ep1->addr_class = ep2.addr_class;
1199 for (ad = 0; ad < ep2.length; ad++)
1200 ep1->address[ad] = ep2.address[ad];
1201 }
1202
1203 static bundleidt new_bundle()
1204 {
1205 bundleidt i;
1206 for (i = 1; i < MAXBUNDLE; i++)
1207 {
1208 if (bundle[i].state == BUNDLEFREE)
1209 {
1210 LOG(4, 0, 0, "MPPP: Assigning bundle ID %d\n", i);
1211 bundle[i].num_of_links = 1;
1212 bundle[i].last_check = time_now; // Initialize last_check value
1213 bundle[i].state = BUNDLEOPEN;
1214 bundle[i].current_ses = -1; // This is to enforce the first session 0 to be used at first
1215 memset(&frag[i], 0, sizeof(fragmentationt));
1216 if (i > config->cluster_highest_bundleid)
1217 config->cluster_highest_bundleid = i;
1218 return i;
1219 }
1220 }
1221 LOG(0, 0, 0, "MPPP: Can't find a free bundle! There shouldn't be this many in use!\n");
1222 return 0;
1223 }
1224
1225 static void ipcp_open(sessionidt s, tunnelidt t)
1226 {
1227 LOG(3, s, t, "IPCP: Opened, session is now active\n");
1228
1229 change_state(s, ipcp, Opened);
1230
1231 if (!(session[s].walled_garden || session[s].flags & SESSION_STARTED))
1232 {
1233 uint16_t r = radiusnew(s);
1234 if (r)
1235 {
1236 radiussend(r, RADIUSSTART); // send radius start
1237
1238 // don't send further Start records if IPCP is restarted
1239 session[s].flags |= SESSION_STARTED;
1240 cluster_send_session(s);
1241 }
1242 }
1243
1244 // start IPv6 if configured and still in passive state
1245 if (session[s].ppp.ipv6cp == Stopped)
1246 {
1247 sendipv6cp(s, t);
1248 change_state(s, ipv6cp, RequestSent);
1249 }
1250 }
1251
1252 // Process IPCP messages
1253 void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
1254 {
1255 uint8_t b[MAXETHER];
1256 uint8_t *q = 0;
1257 uint16_t hl;
1258
1259 CSTAT(processipcp);
1260
1261 LOG_HEX(5, "IPCP", p, l);
1262 if (l < 4)
1263 {
1264 LOG(1, s, t, "Short IPCP %d bytes\n", l);
1265 STAT(tunnel_rx_errors);
1266 return ;
1267 }
1268
1269 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
1270 {
1271 LOG(1, s, t, "Length mismatch IPCP %u/%u\n", hl, l);
1272 STAT(tunnel_rx_errors);
1273 return ;
1274 }
1275 l = hl;
1276
1277 if (session[s].ppp.phase < Network)
1278 {
1279 LOG(2, s, t, "IPCP %s ignored in %s phase\n", ppp_code(*p), ppp_phase(session[s].ppp.phase));
1280 return;
1281 }
1282
1283 LOG(3, s, t, "IPCP: recv %s\n", ppp_code(*p));
1284
1285 if (*p == ConfigAck)
1286 {
1287 switch (session[s].ppp.ipcp)
1288 {
1289 case RequestSent:
1290 initialise_restart_count(s, ipcp);
1291 change_state(s, ipcp, AckReceived);
1292 break;
1293
1294 case AckReceived:
1295 case Opened:
1296 LOG(2, s, t, "IPCP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.ipcp));
1297 sendipcp(s, t);
1298 change_state(s, ipcp, RequestSent);
1299 break;
1300
1301 case AckSent:
1302 ipcp_open(s, t);
1303 break;
1304
1305 default:
1306 LOG(2, s, t, "IPCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipcp));
1307 }
1308 }
1309 else if (*p == ConfigReq)
1310 {
1311 uint8_t *response = 0;
1312 uint8_t *o = p + 4;
1313 int length = l - 4;
1314 int gotip = 0;
1315 in_addr_t addr;
1316
1317 while (length > 2)
1318 {
1319 if (!o[1] || o[1] > length) return;
1320
1321 switch (*o)
1322 {
1323 case 3: // ip address
1324 gotip++; // seen address
1325 if (o[1] != 6) return;
1326
1327 addr = htonl(session[s].ip);
1328 if (memcmp(o + 2, &addr, (sizeof addr)))
1329 {
1330 uint8_t *oq = q;
1331 q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
1332 if (!q || (q != oq && *response == ConfigRej))
1333 {
1334 sessionshutdown(s, "Can't negotiate IPCP.", CDN_ADMIN_DISC, TERM_USER_ERROR);
1335 return;
1336 }
1337 }
1338
1339 break;
1340
1341 case 129: // primary DNS
1342 if (o[1] != 6) return;
1343
1344 addr = htonl(session[s].dns1);
1345 if (memcmp(o + 2, &addr, (sizeof addr)))
1346 {
1347 q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
1348 if (!q) return;
1349 }
1350
1351 break;
1352
1353 case 131: // secondary DNS
1354 if (o[1] != 6) return;
1355
1356 addr = htonl(session[s].dns2);
1357 if (memcmp(o + 2, &addr, sizeof(addr)))
1358 {
1359 q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
1360 if (!q) return;
1361 }
1362
1363 break;
1364
1365 default:
1366 LOG(2, s, t, " Rejecting PPP IPCP Option type %d\n", *o);
1367 q = ppp_conf_rej(s, b, sizeof(b), PPPIPCP, &response, q, p, o);
1368 if (!q) return;
1369 }
1370
1371 length -= o[1];
1372 o += o[1];
1373 }
1374
1375 if (response)
1376 {
1377 l = q - response; // IPCP packet length
1378 *((uint16_t *) (response + 2)) = htons(l); // update header
1379 }
1380 else if (gotip)
1381 {
1382 // Send packet back as ConfigAck
1383 response = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP, 0, 0, 0);
1384 if (!response) return;
1385 *response = ConfigAck;
1386 }
1387 else
1388 {
1389 LOG(1, s, t, "No IP in IPCP request\n");
1390 STAT(tunnel_rx_errors);
1391 return;
1392 }
1393
1394 switch (session[s].ppp.ipcp)
1395 {
1396 case Closed:
1397 response = makeppp(b, sizeof(b), p, 2, s, t, PPPIPCP, 0, 0, 0);
1398 if (!response) return;
1399 *response = TerminateAck;
1400 *((uint16_t *) (response + 2)) = htons(l = 4);
1401 break;
1402
1403 case Stopped:
1404 initialise_restart_count(s, ipcp);
1405 sendipcp(s, t);
1406 if (*response == ConfigAck)
1407 change_state(s, ipcp, AckSent);
1408 else
1409 change_state(s, ipcp, RequestSent);
1410
1411 break;
1412
1413 case RequestSent:
1414 if (*response == ConfigAck)
1415 change_state(s, ipcp, AckSent);
1416
1417 break;
1418
1419 case AckReceived:
1420 if (*response == ConfigAck)
1421 ipcp_open(s, t);
1422
1423 break;
1424
1425 case Opened:
1426 initialise_restart_count(s, ipcp);
1427 sendipcp(s, t);
1428 /* fallthrough */
1429
1430 case AckSent:
1431 if (*response == ConfigAck)
1432 change_state(s, ipcp, AckSent);
1433 else
1434 change_state(s, ipcp, RequestSent);
1435
1436 break;
1437
1438 default:
1439 LOG(2, s, t, "IPCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipcp));
1440 return;
1441 }
1442
1443 LOG(3, s, t, "IPCP: send %s\n", ppp_code(*response));
1444 tunnelsend(b, l + (response - b), t);
1445 }
1446 else if (*p == TerminateReq)
1447 {
1448 switch (session[s].ppp.ipcp)
1449 {
1450 case Closed:
1451 case Stopped:
1452 case Closing:
1453 case Stopping:
1454 case RequestSent:
1455 case AckReceived:
1456 case AckSent:
1457 break;
1458
1459 case Opened:
1460 zero_restart_count(s, ipcp);
1461 change_state(s, ipcp, Closing);
1462 break;
1463
1464 default:
1465 LOG(2, s, t, "IPCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipcp));
1466 return;
1467 }
1468
1469 *p = TerminateAck; // send ack
1470 q = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP, 0, 0, 0);
1471 if (!q) return;
1472
1473 LOG(3, s, t, "IPCP: send %s\n", ppp_code(*q));
1474 tunnelsend(b, l + (q - b), t); // send it
1475 }
1476 else if (*p != CodeRej)
1477 {
1478 ppp_code_rej(s, t, PPPIPCP, "IPCP", p, l, b, sizeof(b));
1479 }
1480 }
1481
1482 static void ipv6cp_open(sessionidt s, tunnelidt t)
1483 {
1484 int i;
1485 LOG(3, s, t, "IPV6CP: Opened\n");
1486
1487 change_state(s, ipv6cp, Opened);
1488 for (i = 0; i < MAXROUTE6 && session[s].route6[i].ipv6prefixlen; i++)
1489 {
1490 route6set(s, session[s].route6[i].ipv6route, session[s].route6[i].ipv6prefixlen, 1);
1491 }
1492
1493 if (session[s].ipv6address.s6_addr[0])
1494 {
1495 // Check if included in prefix
1496 if (sessionbyipv6(session[s].ipv6address) != s)
1497 route6set(s, session[s].ipv6address, 128, 1);
1498 }
1499
1500 // Send an initial RA (TODO: Should we send these regularly?)
1501 send_ipv6_ra(s, t, NULL);
1502 }
1503
1504 // Process IPV6CP messages
1505 void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
1506 {
1507 uint8_t b[MAXETHER];
1508 uint8_t *q = 0;
1509 uint16_t hl;
1510
1511 CSTAT(processipv6cp);
1512
1513 LOG_HEX(5, "IPV6CP", p, l);
1514 if (l < 4)
1515 {
1516 LOG(1, s, t, "Short IPV6CP %d bytes\n", l);
1517 STAT(tunnel_rx_errors);
1518 return ;
1519 }
1520
1521 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
1522 {
1523 LOG(1, s, t, "Length mismatch IPV6CP %u/%u\n", hl, l);
1524 STAT(tunnel_rx_errors);
1525 return ;
1526 }
1527 l = hl;
1528
1529 if (session[s].ppp.phase < Network)
1530 {
1531 LOG(2, s, t, "IPV6CP %s ignored in %s phase\n", ppp_code(*p), ppp_phase(session[s].ppp.phase));
1532 return;
1533 }
1534
1535 LOG(3, s, t, "IPV6CP: recv %s\n", ppp_code(*p));
1536
1537 if (!session[s].ip)
1538 {
1539 LOG(3, s, t, "IPV6CP: no IPv4 address (IPCP in state %s)\n", ppp_state(session[s].ppp.ipcp));
1540 return; // need IPCP to complete...
1541 }
1542
1543 if (*p == ConfigAck)
1544 {
1545 switch (session[s].ppp.ipv6cp)
1546 {
1547 case RequestSent:
1548 initialise_restart_count(s, ipv6cp);
1549 change_state(s, ipv6cp, AckReceived);
1550 break;
1551
1552 case AckReceived:
1553 case Opened:
1554 LOG(2, s, t, "IPV6CP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.ipv6cp));
1555 sendipv6cp(s, t);
1556 change_state(s, ipv6cp, RequestSent);
1557 break;
1558
1559 case AckSent:
1560 ipv6cp_open(s, t);
1561 break;
1562
1563 default:
1564 LOG(2, s, t, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipv6cp));
1565 }
1566 }
1567 else if (*p == ConfigReq)
1568 {
1569 uint8_t *response = 0;
1570 uint8_t *o = p + 4;
1571 int length = l - 4;
1572 int gotip = 0;
1573 uint32_t ident[2];
1574
1575 while (length > 2)
1576 {
1577 if (!o[1] || o[1] > length) return;
1578
1579 switch (*o)
1580 {
1581 case 1: // interface identifier
1582 gotip++; // seen address
1583 if (o[1] != 10) return;
1584
1585 if (session[s].ipv6address.s6_addr[0])
1586 {
1587 // LSB 64bits of assigned IPv6 address to user (see radius attribut Framed-IPv6-Address)
1588 memcpy(&ident[0], &session[s].ipv6address.s6_addr[8], 8);
1589 }
1590 else
1591 {
1592 ident[0] = htonl(session[s].ip);
1593 ident[1] = 0;
1594 }
1595
1596 if (memcmp(o + 2, ident, sizeof(ident)))
1597 {
1598 q = ppp_conf_nak(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o, (uint8_t *)ident, sizeof(ident));
1599 if (!q) return;
1600 }
1601
1602 break;
1603
1604 default:
1605 LOG(2, s, t, " Rejecting PPP IPV6CP Option type %d\n", *o);
1606 q = ppp_conf_rej(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o);
1607 if (!q) return;
1608 }
1609
1610 length -= o[1];
1611 o += o[1];
1612 }
1613
1614 if (response)
1615 {
1616 l = q - response; // IPV6CP packet length
1617 *((uint16_t *) (response + 2)) = htons(l); // update header
1618 }
1619 else if (gotip)
1620 {
1621 // Send packet back as ConfigAck
1622 response = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP, 0, 0, 0);
1623 if (!response) return;
1624 *response = ConfigAck;
1625 }
1626 else
1627 {
1628 LOG(1, s, t, "No interface identifier in IPV6CP request\n");
1629 STAT(tunnel_rx_errors);
1630 return;
1631 }
1632
1633 switch (session[s].ppp.ipv6cp)
1634 {
1635 case Closed:
1636 response = makeppp(b, sizeof(b), p, 2, s, t, PPPIPV6CP, 0, 0, 0);
1637 if (!response) return;
1638 *response = TerminateAck;
1639 *((uint16_t *) (response + 2)) = htons(l = 4);
1640 break;
1641
1642 case Stopped:
1643 initialise_restart_count(s, ipv6cp);
1644 sendipv6cp(s, t);
1645 if (*response == ConfigAck)
1646 change_state(s, ipv6cp, AckSent);
1647 else
1648 change_state(s, ipv6cp, RequestSent);
1649
1650 break;
1651
1652 case RequestSent:
1653 if (*response == ConfigAck)
1654 change_state(s, ipv6cp, AckSent);
1655
1656 break;
1657
1658 case AckReceived:
1659 if (*response == ConfigAck)
1660 ipv6cp_open(s, t);
1661
1662 break;
1663
1664 case Opened:
1665 initialise_restart_count(s, ipv6cp);
1666 sendipv6cp(s, t);
1667 /* fallthrough */
1668
1669 case AckSent:
1670 if (*response == ConfigAck)
1671 change_state(s, ipv6cp, AckSent);
1672 else
1673 change_state(s, ipv6cp, RequestSent);
1674
1675 break;
1676
1677 default:
1678 LOG(2, s, t, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipv6cp));
1679 return;
1680 }
1681
1682 LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*response));
1683 tunnelsend(b, l + (response - b), t);
1684 }
1685 else if (*p == TerminateReq)
1686 {
1687 switch (session[s].ppp.ipv6cp)
1688 {
1689 case Closed:
1690 case Stopped:
1691 case Closing:
1692 case Stopping:
1693 case RequestSent:
1694 case AckReceived:
1695 case AckSent:
1696 break;
1697
1698 case Opened:
1699 zero_restart_count(s, ipv6cp);
1700 change_state(s, ipv6cp, Closing);
1701 break;
1702
1703 default:
1704 LOG(2, s, t, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipv6cp));
1705 return;
1706 }
1707
1708 *p = TerminateAck; // send ack
1709 q = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP, 0, 0, 0);
1710 if (!q) return;
1711
1712 LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*q));
1713 tunnelsend(b, l + (q - b), t); // send it
1714 }
1715 else if (*p != CodeRej)
1716 {
1717 ppp_code_rej(s, t, PPPIPV6CP, "IPV6CP", p, l, b, sizeof(b));
1718 }
1719 }
1720
1721 static void update_sessions_in_stat(sessionidt s, uint16_t l)
1722 {
1723 bundleidt b = session[s].bundle;
1724 if (!b)
1725 {
1726 increment_counter(&session[s].cin, &session[s].cin_wrap, l);
1727 session[s].cin_delta += l;
1728 session[s].pin++;
1729
1730 sess_local[s].cin += l;
1731 sess_local[s].pin++;
1732 }
1733 else
1734 {
1735 int i = frag[b].re_frame_begin_index;
1736 int end = frag[b].re_frame_end_index;
1737 for (;;)
1738 {
1739 l = frag[b].fragment[i].length;
1740 s = frag[b].fragment[i].sid;
1741 increment_counter(&session[s].cin, &session[s].cin_wrap, l);
1742 session[s].cin_delta += l;
1743 session[s].pin++;
1744
1745 sess_local[s].cin += l;
1746 sess_local[s].pin++;
1747 if (i == end)
1748 return;
1749 i = (i + 1) & MAXFRAGNUM_MASK;
1750 }
1751 }
1752 }
1753
1754 // process IP packet received
1755 //
1756 // This MUST be called with at least 4 byte behind 'p'.
1757 // (i.e. this routine writes to p[-4]).
1758 void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
1759 {
1760 in_addr_t ip, ip_dst;
1761
1762 CSTAT(processipin);
1763
1764 LOG_HEX(5, "IP", p, l);
1765
1766 if (l < 20)
1767 {
1768 LOG(1, s, t, "IP packet too short %d\n", l);
1769 STAT(tunnel_rx_errors);
1770 return ;
1771 }
1772
1773 ip = ntohl(*(uint32_t *)(p + 12));
1774 ip_dst = *(uint32_t *)(p + 16);
1775
1776 if (l > MAXETHER)
1777 {
1778 LOG(1, s, t, "IP packet too long %d\n", l);
1779 STAT(tunnel_rx_errors);
1780 return ;
1781 }
1782
1783 if (session[s].ppp.phase != Network || session[s].ppp.ipcp != Opened)
1784 return;
1785
1786 if (!session[s].bundle || bundle[session[s].bundle].num_of_links < 2) // FIXME:
1787 {
1788 // no spoof (do sessionbyip to handled statically routed subnets)
1789 if (!config->disable_no_spoof && ip != session[s].ip && sessionbyip(htonl(ip)) != s)
1790 {
1791 LOG(4, s, t, "Dropping packet with spoofed IP %s\n", fmtaddr(htonl(ip), 0));
1792 return;
1793 }
1794 }
1795
1796 // run access-list if any
1797 if (session[s].filter_in && !ip_filter(p, l, session[s].filter_in - 1))
1798 return;
1799
1800 // adjust MSS on SYN and SYN,ACK packets with options
1801 if ((ntohs(*(uint16_t *) (p + 6)) & 0x1fff) == 0 && p[9] == IPPROTO_TCP) // first tcp fragment
1802 {
1803 int ihl = (p[0] & 0xf) * 4; // length of IP header
1804 if (l >= ihl + 20 && (p[ihl + 13] & TCP_FLAG_SYN) && ((p[ihl + 12] >> 4) > 5))
1805 adjust_tcp_mss(s, t, p, l, p + ihl);
1806 }
1807
1808 // Add on the tun header
1809 p -= 4;
1810 *(uint32_t *) p = htonl(PKTIP);
1811 l += 4;
1812
1813 if (session[s].tbf_in)
1814 {
1815 if (!config->no_throttle_local_IP || !sessionbyip(ip_dst))
1816 {
1817 // Are we throttling this session?
1818 if (config->cluster_iam_master)
1819 tbf_queue_packet(session[s].tbf_in, p, l);
1820 else
1821 master_throttle_packet(session[s].tbf_in, p, l);
1822 return;
1823 }
1824 }
1825
1826 // send to ethernet
1827 if (tun_write(p, l) < 0)
1828 {
1829 STAT(tun_tx_errors);
1830 LOG(0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
1831 l, strerror(errno), tunfd, p);
1832
1833 return;
1834 }
1835
1836 p += 4;
1837 l -= 4;
1838
1839 if (session[s].snoop_ip && session[s].snoop_port)
1840 {
1841 // Snooping this session
1842 snoop_send_packet(p, l, session[s].snoop_ip, session[s].snoop_port);
1843 }
1844
1845 update_sessions_in_stat(s, l);
1846
1847 eth_tx += l;
1848
1849 STAT(tun_tx_packets);
1850 INC_STAT(tun_tx_bytes, l);
1851 }
1852
1853 // process Multilink PPP packet received
1854 void processmpin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
1855 {
1856 bundleidt b = session[s].bundle;
1857 bundlet * this_bundle = &bundle[b];
1858 uint32_t maskSeq, max_seq;
1859 int frag_offset;
1860 uint16_t frag_index, frag_index_next, frag_index_prev;
1861 fragmentationt *this_fragmentation = &frag[b];
1862 uint8_t begin_frame = (*p & MP_BEGIN);
1863 uint8_t end_frame = (*p & MP_END);
1864 uint32_t seq_num, seq_num_next, seq_num_prev;
1865 uint32_t i;
1866 uint8_t flags = *p;
1867 uint16_t begin_index, end_index;
1868
1869 // Perform length checking
1870 if(l > MAXFRAGLEN)
1871 {
1872 LOG(2, s, t, "MPPP: discarding fragment larger than MAXFRAGLEN\n");
1873 return;
1874 }
1875
1876 if(!b)
1877 {
1878 LOG(2, s, t, "MPPP: Invalid bundle id: 0\n");
1879 return;
1880 }
1881 // FIXME !! session[s].mssf means that the receiver wants to receive frames in mssf not means the receiver will send frames in mssf
1882 /* if(session[s].mssf)
1883 {
1884 // Get 12 bit for seq number
1885 seq_num = ntohs((*(uint16_t *) p) & 0xFF0F);
1886 p += 2;
1887 l -= 2;
1888 // After this point the pointer should be advanced 2 bytes
1889 LOG(3, s, t, "MPPP: 12 bits, sequence number: %d\n",seq_num);
1890 }
1891 else */
1892 {
1893 // Get 24 bit for seq number
1894 seq_num = ntohl((*(uint32_t *) p) & 0xFFFFFF00);
1895 p += 4;
1896 l -= 4;
1897 // After this point the pointer should be advanced 4 bytes
1898 LOG(4, s, t, "MPPP: 24 bits sequence number:%d\n",seq_num);
1899 }
1900
1901 max_seq = this_bundle->max_seq;
1902 maskSeq = max_seq - 1;
1903
1904 /*
1905 * Expand sequence number to 32 bits, making it as close
1906 * as possible to this_fragmentation->M.
1907 */
1908 seq_num |= this_fragmentation->M & ~maskSeq;
1909 if ((int)(this_fragmentation->M - seq_num) > (int)(maskSeq >> 1))
1910 {
1911 seq_num += maskSeq + 1;
1912 }
1913 else if ((int)(seq_num - this_fragmentation->M) > (int)(maskSeq >> 1))
1914 {
1915 seq_num -= maskSeq + 1; /* should never happen */
1916 }
1917
1918 // calculate this fragment's offset from the begin seq in the bundle
1919 frag_offset = (int) (seq_num - this_fragmentation->start_seq);
1920
1921 sess_local[s].last_seq = seq_num;
1922
1923 // calculate the jitter average
1924 uint32_t ljitter = time_now_ms - sess_local[s].prev_time;
1925 if (ljitter > 0)
1926 {
1927 sess_local[s].jitteravg = (sess_local[s].jitteravg + ljitter)>>1;
1928 sess_local[s].prev_time = time_now_ms;
1929 }
1930
1931 uint32_t Mmin;
1932
1933 if (seq_num < this_fragmentation->M)
1934 {
1935 Mmin = seq_num;
1936 this_fragmentation->M = seq_num;
1937 }
1938 else
1939 {
1940 Mmin = sess_local[(this_bundle->members[0])].last_seq;
1941 for (i = 1; i < this_bundle->num_of_links; i++)
1942 {
1943 uint32_t s_seq = sess_local[(this_bundle->members[i])].last_seq;
1944 if (s_seq < Mmin)
1945 Mmin = s_seq;
1946 }
1947 this_fragmentation->M = Mmin;
1948 }
1949
1950 // calculate M offset of the M seq in the bundle
1951 int M_offset = (int) (Mmin - this_fragmentation->start_seq);
1952
1953 if (M_offset >= MAXFRAGNUM)
1954 {
1955 // There have a long break of the link !!!!!!!!
1956 // M_offset is bigger that the fragmentation buffer size
1957 LOG(3, s, t, "MPPP: M_offset out of range, min:%d, begin_seq:%d\n", Mmin, this_fragmentation->start_seq);
1958
1959 // Calculate the new start index, the previous frag are lost
1960 begin_index = (M_offset + this_fragmentation->start_index) & MAXFRAGNUM_MASK;
1961
1962 // Set new Start sequence
1963 this_fragmentation->start_index = begin_index;
1964 this_fragmentation->start_seq = Mmin;
1965 M_offset = 0;
1966 // recalculate the fragment offset from the new begin seq in the bundle
1967 frag_offset = (int) (seq_num - Mmin);
1968 }
1969
1970 // discard this fragment if the packet comes before the start sequence
1971 if (frag_offset < 0)
1972 {
1973 // this packet comes before the next
1974 LOG(3, s, t, "MPPP: (COMES BEFORE) the next, seq:%d, begin_seq:%d, size_frag:%d, flags:%02X is LOST\n", seq_num, this_fragmentation->start_seq, l, flags);
1975 return;
1976 }
1977
1978 // discard if frag_offset is bigger that the fragmentation buffer size
1979 if (frag_offset >= MAXFRAGNUM)
1980 {
1981 // frag_offset is bigger that the fragmentation buffer size
1982 LOG(3, s, t, "MPPP: Index out of range, seq:%d, begin_seq:%d\n", seq_num, this_fragmentation->start_seq);
1983 return;
1984 }
1985
1986 //caculate received fragment's index in the fragment array
1987 frag_index = (frag_offset + this_fragmentation->start_index) & MAXFRAGNUM_MASK;
1988
1989 // insert the frame in it's place
1990 fragmentt *this_frag = &this_fragmentation->fragment[frag_index];
1991
1992 if (this_frag->length > 0)
1993 // This fragment is lost, It was around the buffer and it was never completed the packet.
1994 LOG(3, this_frag->sid, this_frag->tid, "MPPP: (INSERT) seq_num:%d frag_index:%d flags:%02X is LOST\n",
1995 this_frag->seq, frag_index, this_frag->flags);
1996
1997 this_frag->length = l;
1998 this_frag->sid = s;
1999 this_frag->tid = t;
2000 this_frag->flags = flags;
2001 this_frag->seq = seq_num;
2002 this_frag->jitteravg = sess_local[s].jitteravg;
2003 memcpy(this_frag->data, p, l);
2004
2005 LOG(4, s, t, "MPPP: seq_num:%d frag_index:%d INSERTED flags: %02X\n", seq_num, frag_index, flags);
2006
2007 //next frag index
2008 frag_index_next = (frag_index + 1) & MAXFRAGNUM_MASK;
2009 //previous frag index
2010 frag_index_prev = (frag_index - 1) & MAXFRAGNUM_MASK;
2011 // next seq
2012 seq_num_next = seq_num + 1;
2013 // previous seq
2014 seq_num_prev = seq_num - 1;
2015
2016 // Clean the buffer and log the lost fragments
2017 if ((frag_index_next != this_fragmentation->start_index) && this_fragmentation->fragment[frag_index_next].length)
2018 {
2019 // check if the next frag is a lost fragment
2020 if (this_fragmentation->fragment[frag_index_next].seq != seq_num_next)
2021 {
2022 // This fragment is lost, It was around the buffer and it was never completed the packet.
2023 LOG(3, this_fragmentation->fragment[frag_index_next].sid, this_fragmentation->fragment[frag_index_next].tid,
2024 "MPPP: (NEXT) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2025 this_fragmentation->fragment[frag_index_next].seq, frag_index_next,
2026 this_fragmentation->fragment[frag_index_next].flags);
2027 // this frag is lost
2028 this_fragmentation->fragment[frag_index_next].length = 0;
2029 this_fragmentation->fragment[frag_index_next].flags = 0;
2030
2031 if (begin_frame && (!end_frame)) return; // assembling frame failed
2032 }
2033 }
2034
2035 // Clean the buffer and log the lost fragments
2036 if ((frag_index != this_fragmentation->start_index) && this_fragmentation->fragment[frag_index_prev].length)
2037 {
2038 // check if the next frag is a lost fragment
2039 if (this_fragmentation->fragment[frag_index_prev].seq != seq_num_prev)
2040 {
2041 // This fragment is lost, It was around the buffer and it was never completed the packet.
2042 LOG(3, this_fragmentation->fragment[frag_index_prev].sid, this_fragmentation->fragment[frag_index_prev].tid,
2043 "MPPP: (PREV) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2044 this_fragmentation->fragment[frag_index_prev].seq, frag_index_prev,
2045 this_fragmentation->fragment[frag_index_prev].flags);
2046
2047 this_fragmentation->fragment[frag_index_prev].length = 0;
2048 this_fragmentation->fragment[frag_index_prev].flags = 0;
2049
2050 if (end_frame && (!begin_frame)) return; // assembling frame failed
2051 }
2052 }
2053
2054 find_frame:
2055 begin_index = this_fragmentation->start_index;
2056 uint32_t b_seq = this_fragmentation->start_seq;
2057 // Try to find a Begin sequence from the start_seq sequence to M sequence
2058 while (b_seq < Mmin)
2059 {
2060 if (this_fragmentation->fragment[begin_index].length)
2061 {
2062 if (b_seq == this_fragmentation->fragment[begin_index].seq)
2063 {
2064 if (this_fragmentation->fragment[begin_index].flags & MP_BEGIN)
2065 {
2066 int isfoundE = 0;
2067 // Adjust the new start sequence and start index
2068 this_fragmentation->start_index = begin_index;
2069 this_fragmentation->start_seq = b_seq;
2070 // Begin Sequence found, now try to found the End Sequence to complete the frame
2071 end_index = begin_index;
2072 while (b_seq < Mmin)
2073 {
2074 if (this_fragmentation->fragment[end_index].length)
2075 {
2076 if (b_seq == this_fragmentation->fragment[end_index].seq)
2077 {
2078 if (this_fragmentation->fragment[end_index].flags & MP_END)
2079 {
2080 // The End sequence was found and the frame is complete
2081 isfoundE = 1;
2082 break;
2083 }
2084 }
2085 else
2086 {
2087 // This fragment is lost, it was never completed the packet.
2088 LOG(3, this_fragmentation->fragment[end_index].sid, this_fragmentation->fragment[end_index].tid,
2089 "MPPP: (FIND END) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2090 this_fragmentation->fragment[end_index].seq, begin_index,
2091 this_fragmentation->fragment[end_index].flags);
2092 // this frag is lost
2093 this_fragmentation->fragment[end_index].length = 0;
2094 this_fragmentation->fragment[end_index].flags = 0;
2095 // This frame is not complete find the next Begin
2096 break;
2097 }
2098 }
2099 else
2100 {
2101 // This frame is not complete find the next Begin if exist
2102 break;
2103 }
2104 end_index = (end_index +1) & MAXFRAGNUM_MASK;
2105 b_seq++;
2106 }
2107
2108 if (isfoundE)
2109 // The End sequence was found and the frame is complete
2110 break;
2111 else
2112 // find the next Begin
2113 begin_index = end_index;
2114 }
2115 }
2116 else
2117 {
2118 // This fragment is lost, it was never completed the packet.
2119 LOG(3, this_fragmentation->fragment[begin_index].sid, this_fragmentation->fragment[begin_index].tid,
2120 "MPPP: (FIND BEGIN) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2121 this_fragmentation->fragment[begin_index].seq, begin_index,
2122 this_fragmentation->fragment[begin_index].flags);
2123 // this frag is lost
2124 this_fragmentation->fragment[begin_index].length = 0;
2125 this_fragmentation->fragment[begin_index].flags = 0;
2126 }
2127 }
2128 begin_index = (begin_index +1) & MAXFRAGNUM_MASK;
2129 b_seq++;
2130 }
2131
2132 assembling_frame:
2133 // try to assemble the frame that has the received fragment as a member
2134 // get the beginning of this frame
2135 begin_index = end_index = this_fragmentation->start_index;
2136 if (this_fragmentation->fragment[begin_index].length)
2137 {
2138 if (!(this_fragmentation->fragment[begin_index].flags & MP_BEGIN))
2139 {
2140 LOG(3, this_fragmentation->fragment[begin_index].sid, this_fragmentation->fragment[begin_index].tid,
2141 "MPPP: (NOT BEGIN) seq_num:%d frag_index:%d flags:%02X\n",
2142 this_fragmentation->fragment[begin_index].seq, begin_index,
2143 this_fragmentation->fragment[begin_index].flags);
2144 // should occur only after an "M_Offset out of range"
2145 // The start sequence must be a begin sequence
2146 this_fragmentation->start_index = (begin_index +1) & MAXFRAGNUM_MASK;
2147 this_fragmentation->start_seq++;
2148 return; // assembling frame failed
2149 }
2150 }
2151 else
2152 return; // assembling frame failed
2153
2154 // get the end of his frame
2155 while (this_fragmentation->fragment[end_index].length)
2156 {
2157 if (this_fragmentation->fragment[end_index].flags & MP_END)
2158 break;
2159
2160 end_index = (end_index +1) & MAXFRAGNUM_MASK;
2161
2162 if (end_index == this_fragmentation->start_index)
2163 return; // assembling frame failed
2164 }
2165
2166 // return if a lost fragment is found
2167 if (!(this_fragmentation->fragment[end_index].length))
2168 return; // assembling frame failed
2169
2170 // assemble the packet
2171 //assemble frame, process it, reset fragmentation
2172 uint16_t cur_len = 4; // This is set to 4 to leave 4 bytes for function processipin
2173
2174 LOG(4, s, t, "MPPP: processing fragments from %d to %d\n", begin_index, end_index);
2175 // Push to the receive buffer
2176
2177 for (i = begin_index;; i = (i + 1) & MAXFRAGNUM_MASK)
2178 {
2179 this_frag = &this_fragmentation->fragment[i];
2180 if(cur_len + this_frag->length > MAXETHER)
2181 {
2182 LOG(2, s, t, "MPPP: discarding reassembled frames larger than MAXETHER\n");
2183 break;
2184 }
2185
2186 memcpy(this_fragmentation->reassembled_frame+cur_len, this_frag->data, this_frag->length);
2187 LOG(5, s, t, "MPPP: processing frame at %d, with len %d\n", i, this_frag->length);
2188
2189 cur_len += this_frag->length;
2190 if (i == end_index)
2191 {
2192 this_fragmentation->re_frame_len = cur_len;
2193 this_fragmentation->re_frame_begin_index = begin_index;
2194 this_fragmentation->re_frame_end_index = end_index;
2195 // Process the resassembled frame
2196 LOG(5, s, t, "MPPP: Process the reassembled frame, len=%d\n",cur_len);
2197 processmpframe(s, t, this_fragmentation->reassembled_frame, this_fragmentation->re_frame_len, 1);
2198 break;
2199 }
2200 }
2201
2202 // Set reassembled frame length to zero after processing it
2203 this_fragmentation->re_frame_len = 0;
2204 for (i = begin_index;; i = (i + 1) & MAXFRAGNUM_MASK)
2205 {
2206 this_fragmentation->fragment[i].length = 0; // Indicates that this fragment has been consumed
2207 this_fragmentation->fragment[i].flags = 0;
2208 if (i == end_index)
2209 break;
2210 }
2211
2212 // Set the new start_index and start_seq
2213 this_fragmentation->start_index = (end_index + 1) & MAXFRAGNUM_MASK;
2214 this_fragmentation->start_seq = this_fragmentation->fragment[end_index].seq + 1;
2215 LOG(4, s, t, "MPPP after assembling: start index is = %d, start seq=%d\n", this_fragmentation->start_index, this_fragmentation->start_seq);
2216
2217 begin_index = this_fragmentation->start_index;
2218 if ((this_fragmentation->fragment[begin_index].length) &&
2219 (this_fragmentation->fragment[begin_index].seq != this_fragmentation->start_seq))
2220 {
2221 LOG(3, this_fragmentation->fragment[begin_index].sid, this_fragmentation->fragment[begin_index].tid,
2222 "MPPP: (START) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2223 this_fragmentation->fragment[begin_index].seq, begin_index,
2224 this_fragmentation->fragment[begin_index].flags);
2225 this_fragmentation->fragment[begin_index].length = 0;
2226 this_fragmentation->fragment[begin_index].flags = 0;
2227 }
2228
2229 if (this_fragmentation->start_seq <= Mmin)
2230 // It's possible to find other complete frame or lost frame.
2231 goto find_frame;
2232 else if ((this_fragmentation->fragment[begin_index].length) &&
2233 (this_fragmentation->fragment[begin_index].flags & MP_BEGIN))
2234 // may be that the next frame is completed
2235 goto assembling_frame;
2236
2237 return;
2238 }
2239
2240 // process IPv6 packet received
2241 //
2242 // This MUST be called with at least 4 byte behind 'p'.
2243 // (i.e. this routine writes to p[-4]).
2244 void processipv6in(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
2245 {
2246 struct in6_addr ip;
2247 in_addr_t ipv4;
2248
2249 CSTAT(processipv6in);
2250
2251 LOG_HEX(5, "IPv6", p, l);
2252
2253 ip = *(struct in6_addr *) (p + 8);
2254 ipv4 = ntohl(*(uint32_t *)(p + 16));
2255
2256 if (l > MAXETHER)
2257 {
2258 LOG(1, s, t, "IP packet too long %d\n", l);
2259 STAT(tunnel_rx_errors);
2260 return ;
2261 }
2262
2263 if (session[s].ppp.phase != Network || session[s].ppp.ipv6cp != Opened)
2264 return;
2265
2266 // no spoof
2267 if (session[s].ipv6address.s6_addr[0])
2268 {
2269 if ((sessionbyipv6new(ip) != s) &&
2270 (ip.s6_addr[0] != 0xFE || ip.s6_addr[1] != 0x80 || ip.s6_addr16[1] != 0 || ip.s6_addr16[2] != 0 || ip.s6_addr16[3] != 0))
2271 {
2272 char str[INET6_ADDRSTRLEN];
2273 LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
2274 inet_ntop(AF_INET6, &ip, str, INET6_ADDRSTRLEN));
2275 return;
2276 }
2277 }
2278 else if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s)
2279 {
2280 char str[INET6_ADDRSTRLEN];
2281 LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
2282 inet_ntop(AF_INET6, &ip, str, INET6_ADDRSTRLEN));
2283 return;
2284 }
2285
2286 // Check if it's a Router Solicition message.
2287 if (*(p + 6) == 58 && *(p + 7) == 255 && *(p + 24) == 0xFF && *(p + 25) == 2 &&
2288 *(uint32_t *)(p + 26) == 0 && *(uint32_t *)(p + 30) == 0 &&
2289 *(uint32_t *)(p + 34) == 0 &&
2290 *(p + 38) == 0 && *(p + 39) == 2 && *(p + 40) == 133) {
2291 LOG(3, s, t, "Got IPv6 RS\n");
2292 send_ipv6_ra(s, t, &ip);
2293 return;
2294 }
2295
2296 // Check if DhcpV6, IP dst: FF02::1:2, Src Port 0x0222 (546), Dst Port 0x0223 (547)
2297 if (*(p + 6) == 17 && *(p + 24) == 0xFF && *(p + 25) == 2 &&
2298 *(uint32_t *)(p + 26) == 0 && *(uint32_t *)(p + 30) == 0 &&
2299 *(uint16_t *)(p + 34) == 0 && *(p + 36) == 0 && *(p + 37) == 1 && *(p + 38) == 0 && *(p + 39) == 2 &&
2300 *(p + 40) == 2 && *(p + 41) == 0x22 && *(p + 42) == 2 && *(p + 43) == 0x23)
2301 {
2302 dhcpv6_process(s, t, p, l);
2303 return;
2304 }
2305
2306 // Add on the tun header
2307 p -= 4;
2308 *(uint32_t *) p = htonl(PKTIPV6);
2309 l += 4;
2310
2311 // Are we throttled and a slave?
2312 if (session[s].tbf_in && !config->cluster_iam_master) {
2313 // Pass it to the master for handling.
2314 master_throttle_packet(session[s].tbf_in, p, l);
2315 return;
2316 }
2317
2318 // Are we throttled and a master??
2319 if (session[s].tbf_in && config->cluster_iam_master) {
2320 // Actually handle the throttled packets.
2321 tbf_queue_packet(session[s].tbf_in, p, l);
2322 return;
2323 }
2324
2325 // send to ethernet
2326 if (tun_write(p, l) < 0)
2327 {
2328 STAT(tun_tx_errors);
2329 LOG(0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
2330 l, strerror(errno), tunfd, p);
2331
2332 return;
2333 }
2334
2335 p += 4;
2336 l -= 4;
2337
2338 if (session[s].snoop_ip && session[s].snoop_port)
2339 {
2340 // Snooping this session
2341 snoop_send_packet(p, l, session[s].snoop_ip, session[s].snoop_port);
2342 }
2343
2344 update_sessions_in_stat(s, l);
2345
2346 eth_tx += l;
2347
2348 STAT(tun_tx_packets);
2349 INC_STAT(tun_tx_bytes, l);
2350 }
2351
2352 //
2353 // Helper routine for the TBF filters.
2354 // Used to send queued data in from the user.
2355 //
2356 void send_ipin(sessionidt s, uint8_t *buf, int len)
2357 {
2358 LOG_HEX(5, "IP in throttled", buf, len);
2359
2360 if (write(tunfd, buf, len) < 0)
2361 {
2362 STAT(tun_tx_errors);
2363 LOG(0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
2364 len, strerror(errno), tunfd, buf);
2365
2366 return;
2367 }
2368
2369 buf += 4;
2370 len -= 4;
2371
2372 if (session[s].snoop_ip && session[s].snoop_port)
2373 {
2374 // Snooping this session
2375 snoop_send_packet(buf, len, session[s].snoop_ip, session[s].snoop_port);
2376 }
2377
2378 // Increment packet counters
2379 increment_counter(&session[s].cin, &session[s].cin_wrap, len);
2380 session[s].cin_delta += len;
2381 session[s].pin++;
2382
2383 sess_local[s].cin += len;
2384 sess_local[s].pin++;
2385
2386 eth_tx += len;
2387
2388 STAT(tun_tx_packets);
2389 INC_STAT(tun_tx_bytes, len - 4);
2390 }
2391
2392
2393 // Process CCP messages
2394 void processccp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
2395 {
2396 uint8_t b[MAXETHER];
2397 uint8_t *q;
2398
2399 CSTAT(processccp);
2400
2401 LOG_HEX(5, "CCP", p, l);
2402
2403 if (session[s].ppp.phase < Network)
2404 {
2405 LOG(2, s, t, "CCP %s ignored in %s phase\n", ppp_code(*p), ppp_phase(session[s].ppp.phase));
2406 return;
2407 }
2408
2409 if (l < 1)
2410 {
2411 LOG(1, s, t, "Short CCP packet\n");
2412 STAT(tunnel_rx_errors);
2413 }
2414
2415 LOG(4, s, t, "CCP: recv %s\n", ppp_code(*p));
2416 if (*p == ConfigAck)
2417 {
2418 switch (session[s].ppp.ccp)
2419 {
2420 case RequestSent:
2421 initialise_restart_count(s, ccp);
2422 change_state(s, ccp, AckReceived);
2423 break;
2424
2425 case AckReceived:
2426 case Opened:
2427 LOG(2, s, t, "CCP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.ccp));
2428 sendccp(s, t);
2429 change_state(s, ccp, RequestSent);
2430 break;
2431
2432 case AckSent:
2433 LOG(3, s, t, "CCP: Opened\n");
2434 change_state(s, ccp, Opened);
2435 break;
2436
2437 default:
2438 LOG(2, s, t, "CCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ccp));
2439 }
2440 }
2441 else if (*p == ConfigReq)
2442 {
2443 if (l < 6) // accept no compression
2444 *p = ConfigAck;
2445 else // compression requested--reject
2446 *p = ConfigRej;
2447
2448 q = makeppp(b, sizeof(b), p, l, s, t, PPPCCP, 0, 0, 0);
2449 if (!q) return;
2450
2451 switch (session[s].ppp.ccp)
2452 {
2453 case Closed:
2454 q = makeppp(b, sizeof(b), p, 2, s, t, PPPCCP, 0, 0, 0);
2455 if (!q) return;
2456 *q = TerminateAck;
2457 *((uint16_t *) (q + 2)) = htons(l = 4);
2458 break;
2459
2460 case Stopped:
2461 initialise_restart_count(s, ccp);
2462 sendccp(s, t);
2463 if (*q == ConfigAck)
2464 change_state(s, ccp, AckSent);
2465 else
2466 change_state(s, ccp, RequestSent);
2467
2468 break;
2469
2470 case RequestSent:
2471 if (*q == ConfigAck)
2472 change_state(s, ccp, AckSent);
2473
2474 break;
2475
2476 case AckReceived:
2477 if (*q == ConfigAck)
2478 change_state(s, ccp, Opened);
2479
2480 break;
2481
2482 case Opened:
2483 initialise_restart_count(s, ccp);
2484 sendccp(s, t);
2485 /* fallthrough */
2486
2487 case AckSent:
2488 if (*q == ConfigAck)
2489 change_state(s, ccp, AckSent);
2490 else
2491 change_state(s, ccp, RequestSent);
2492
2493 break;
2494
2495 default:
2496 LOG(2, s, t, "CCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ccp));
2497 return;
2498 }
2499
2500 LOG(4, s, t, "CCP: send %s\n", ppp_code(*q));
2501 tunnelsend(b, l + (q - b), t);
2502 }
2503 else if (*p == TerminateReq)
2504 {
2505 *p = TerminateAck;
2506 q = makeppp(b, sizeof(b), p, l, s, t, PPPCCP, 0, 0, 0);
2507 if (!q) return;
2508 LOG(3, s, t, "CCP: send %s\n", ppp_code(*q));
2509 tunnelsend(b, l + (q - b), t);
2510 change_state(s, ccp, Stopped);
2511 }
2512 else if (*p != CodeRej)
2513 {
2514 ppp_code_rej(s, t, PPPCCP, "CCP", p, l, b, sizeof(b));
2515 }
2516 }
2517
2518 // send a CHAP challenge
2519 void sendchap(sessionidt s, tunnelidt t)
2520 {
2521 uint8_t b[MAXETHER];
2522 uint16_t r;
2523 uint8_t *q;
2524
2525 CSTAT(sendchap);
2526
2527 r = radiusnew(s);
2528 if (!r)
2529 {
2530 LOG(1, s, t, "No RADIUS to send challenge\n");
2531 STAT(tunnel_tx_errors);
2532 return;
2533 }
2534
2535 LOG(1, s, t, "Send CHAP challenge\n");
2536
2537 radius[r].chap = 1; // CHAP not PAP
2538 radius[r].id++;
2539 if (radius[r].state != RADIUSCHAP)
2540 radius[r].try = 0;
2541
2542 radius[r].state = RADIUSCHAP;
2543 radius[r].retry = backoff(radius[r].try++);
2544 if (radius[r].try > 5)
2545 {
2546 sessionshutdown(s, "CHAP timeout.", CDN_ADMIN_DISC, TERM_REAUTHENTICATION_FAILURE);
2547 STAT(tunnel_tx_errors);
2548 return ;
2549 }
2550 q = makeppp(b, sizeof(b), 0, 0, s, t, PPPCHAP, 0, 0, 0);
2551 if (!q) return;
2552
2553 *q = 1; // challenge
2554 q[1] = radius[r].id; // ID
2555 q[4] = 16; // value size (size of challenge)
2556 memcpy(q + 5, radius[r].auth, 16); // challenge
2557 strcpy((char *) q + 21, config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname); // our name
2558 *(uint16_t *) (q + 2) = htons(strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21); // length
2559 tunnelsend(b, strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21 + (q - b), t); // send it
2560 }
2561
2562 // fill in a L2TP message with a PPP frame,
2563 // returns start of PPP frame
2564 uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, sessionidt s, tunnelidt t, uint16_t mtype, uint8_t prio, bundleidt bid, uint8_t mp_bits)
2565 {
2566 uint16_t hdr = 0x0002; // L2TP with no options
2567 uint16_t type = mtype;
2568 uint8_t *start = b;
2569
2570 if (t == TUNNEL_ID_PPPOE)
2571 {
2572 return pppoe_makeppp(b, size, p, l, s, t, mtype, prio, bid, mp_bits);
2573 }
2574
2575 if (size < 16) // Need more space than this!!
2576 {
2577 LOG(0, s, t, "makeppp buffer too small for L2TP header (size=%d)\n", size);
2578 return NULL;
2579 }
2580
2581 if (prio) hdr |= 0x0100; // set priority bit
2582
2583 *(uint16_t *) (b + 0) = htons(hdr);
2584 *(uint16_t *) (b + 2) = htons(tunnel[t].far); // tunnel
2585 *(uint16_t *) (b + 4) = htons(session[s].far); // session
2586 b += 6;
2587
2588 // Check whether this session is part of multilink
2589 if (bid)
2590 {
2591 if (bundle[bid].num_of_links > 1)
2592 type = PPPMP; // Change PPP message type to the PPPMP
2593 else
2594 bid = 0;
2595 }
2596
2597 if (type == PPPLCP || !(session[s].flags & SESSION_ACFC))
2598 {
2599 *(uint16_t *) b = htons(0xFF03); // HDLC header
2600 b += 2;
2601 }
2602
2603 if (type < 0x100 && session[s].flags & SESSION_PFC)
2604 {
2605 *b++ = type;
2606 }
2607 else
2608 {
2609 *(uint16_t *) b = htons(type);
2610 b += 2;
2611 }
2612
2613 if (bid)
2614 {
2615 // Set the sequence number and (B)egin (E)nd flags
2616 if (session[s].mssf)
2617 {
2618 // Set the multilink bits
2619 uint16_t bits_send = mp_bits;
2620 *(uint16_t *) b = htons((bundle[bid].seq_num_t & 0x0FFF)|bits_send);
2621 b += 2;
2622 }
2623 else
2624 {
2625 *(uint32_t *) b = htonl(bundle[bid].seq_num_t);
2626 // Set the multilink bits
2627 *b = mp_bits;
2628 b += 4;
2629 }
2630
2631 bundle[bid].seq_num_t++;
2632
2633 // Add the message type if this fragment has the begin bit set
2634 if (mp_bits & MP_BEGIN)
2635 {
2636 //*b++ = mtype; // The next two lines are instead of this
2637 *(uint16_t *) b = htons(mtype); // Message type
2638 b += 2;
2639 }
2640 }
2641
2642 if ((b - start) + l > size)
2643 {
2644 LOG(2, s, t, "makeppp would overflow buffer (size=%d, header+payload=%td)\n", size, (b - start) + l);
2645 return NULL;
2646 }
2647
2648 // Copy the payload
2649 if (p && l)
2650 memcpy(b, p, l);
2651
2652 return b;
2653 }
2654
2655 // fill in a L2TP message with a PPP frame,
2656 // returns start of PPP frame
2657 //(note: THIS ROUTINE CAN WRITES TO p[-28]).
2658 uint8_t *opt_makeppp(uint8_t *p, int l, sessionidt s, tunnelidt t, uint16_t mtype, uint8_t prio, bundleidt bid, uint8_t mp_bits)
2659 {
2660 uint16_t hdr = 0x0002; // L2TP with no options
2661 uint16_t type = mtype;
2662 uint8_t *b = p;
2663
2664 if (t == TUNNEL_ID_PPPOE)
2665 {
2666 return opt_pppoe_makeppp(p, l, s, t, mtype, prio, bid, mp_bits);
2667 }
2668
2669 // Check whether this session is part of multilink
2670 if (bid)
2671 {
2672 if (bundle[bid].num_of_links > 1)
2673 type = PPPMP; // Change PPP message type to the PPPMP
2674 else
2675 bid = 0;
2676 }
2677
2678 if (bid)
2679 {
2680 // Add the message type if this fragment has the begin bit set
2681 if (mp_bits & MP_BEGIN)
2682 {
2683 b -= 2;
2684 *(uint16_t *) b = htons(mtype); // Message type
2685 }
2686
2687 // Set the sequence number and (B)egin (E)nd flags
2688 if (session[s].mssf)
2689 {
2690 // Set the multilink bits
2691 uint16_t bits_send = mp_bits;
2692 b -= 2;
2693 *(uint16_t *) b = htons((bundle[bid].seq_num_t & 0x0FFF)|bits_send);
2694 }
2695 else
2696 {
2697 b -= 4;
2698 *(uint32_t *) b = htonl(bundle[bid].seq_num_t);
2699 // Set the multilink bits
2700 *b = mp_bits;
2701 }
2702
2703 bundle[bid].seq_num_t++;
2704 }
2705
2706 if (type < 0x100 && session[s].flags & SESSION_PFC)
2707 {
2708 b--;
2709 *b = type;
2710 }
2711 else
2712 {
2713 b -= 2;
2714 *(uint16_t *) b = htons(type);
2715 }
2716
2717 if (type == PPPLCP || !(session[s].flags & SESSION_ACFC))
2718 {
2719 b -= 2;
2720 *(uint16_t *) b = htons(0xFF03); // HDLC header
2721 }
2722
2723 if (prio) hdr |= 0x0100; // set priority bit
2724 b -= 2;
2725 *(uint16_t *) b = htons(session[s].far); // session
2726 b -= 2;
2727 *(uint16_t *) b = htons(tunnel[t].far); // tunnel
2728 b -= 2;
2729 *(uint16_t *) b = htons(hdr);
2730
2731 return b;
2732 }
2733
2734 static int add_lcp_auth(uint8_t *b, int size, int authtype)
2735 {
2736 int len = 0;
2737 if ((authtype == AUTHCHAP && size < 5) || size < 4)
2738 return 0;
2739
2740 *b++ = 3; // Authentication-Protocol
2741 if (authtype == AUTHCHAP)
2742 {
2743 len = *b++ = 5; // length
2744 *(uint16_t *) b = htons(PPPCHAP); b += 2;
2745 *b++ = 5; // MD5
2746 }
2747 else if (authtype == AUTHPAP)
2748 {
2749 len = *b++ = 4; // length
2750 *(uint16_t *) b = htons(PPPPAP); b += 2;
2751 }
2752 else
2753 {
2754 LOG(0, 0, 0, "add_lcp_auth called with unsupported auth type %d\n", authtype);
2755 }
2756
2757 return len;
2758 }
2759
2760 // Send LCP ConfigReq for MRU, authentication type and magic no
2761 void sendlcp(sessionidt s, tunnelidt t)
2762 {
2763 uint8_t b[500], *q, *l;
2764 int authtype = sess_local[s].lcp_authtype;
2765
2766 if (!(q = makeppp(b, sizeof(b), NULL, 0, s, t, PPPLCP, 0, 0, 0)))
2767 return;
2768
2769 LOG(3, s, t, "LCP: send ConfigReq%s%s%s including MP options\n",
2770 authtype ? " (" : "",
2771 authtype ? (authtype == AUTHCHAP ? "CHAP" : "PAP") : "",
2772 authtype ? ")" : "");
2773
2774 l = q;
2775 *l++ = ConfigReq;
2776 *l++ = ++sess_local[s].lcp_ident; // ID
2777
2778 l += 2; //Save space for length
2779
2780 if (sess_local[s].ppp_mru)
2781 {
2782 *l++ = 1; *l++ = 4; // Maximum-Receive-Unit (length 4)
2783 *(uint16_t *) l = htons(sess_local[s].ppp_mru); l += 2;
2784 }
2785
2786 if (authtype)
2787 l += add_lcp_auth(l, sizeof(b) - (l - b), authtype);
2788
2789 if (session[s].magic)
2790 {
2791 *l++ = 5; *l++ = 6; // Magic-Number (length 6)
2792 *(uint32_t *) l = htonl(session[s].magic);
2793 l += 4;
2794 }
2795
2796 if (sess_local[s].mp_mrru)
2797 {
2798 *l++ = 17; *l++ = 4; // Multilink Max-Receive-Reconstructed-Unit (length 4)
2799 *(uint16_t *) l = htons(sess_local[s].mp_mrru); l += 2;
2800 }
2801
2802 if (sess_local[s].mp_epdis)
2803 {
2804 *l++ = 19; *l++ = 7; // Multilink Endpoint Discriminator (length 7)
2805 *l++ = IPADDR; // Endpoint Discriminator class
2806 *(uint32_t *) l = htonl(sess_local[s].mp_epdis);
2807 l += 4;
2808 }
2809
2810 *(uint16_t *)(q + 2) = htons(l - q); // Length
2811
2812 LOG_HEX(5, "PPPLCP", q, l - q);
2813 if (config->debug > 3) dumplcp(q, l - q);
2814
2815 tunnelsend(b, (l - b), t);
2816 restart_timer(s, lcp);
2817 }
2818
2819 // Send CCP request for no compression
2820 void sendccp(sessionidt s, tunnelidt t)
2821 {
2822 uint8_t b[500], *q;
2823
2824 if (!(q = makeppp(b, sizeof(b), NULL, 0, s, t, PPPCCP, 0, 0, 0)))
2825 return;
2826
2827 LOG(3, s, t, "CCP: send ConfigReq (no compression)\n");
2828
2829 *q = ConfigReq;
2830 *(q + 1) = ++sess_local[s].lcp_ident; // ID
2831 *(uint16_t *)(q + 2) = htons(4); // Length
2832
2833 LOG_HEX(5, "PPPCCP", q, 4);
2834 tunnelsend(b, (q - b) + 4 , t);
2835 restart_timer(s, ccp);
2836 }
2837
2838 // Reject unknown/unconfigured protocols
2839 void protoreject(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l, uint16_t proto)
2840 {
2841
2842 uint8_t buf[MAXETHER];
2843 uint8_t *q;
2844 int mru = session[s].mru;
2845 if (mru < MINMTU) mru = MINMTU;
2846 if (mru > sizeof(buf)) mru = sizeof(buf);
2847
2848 l += 6;
2849 if (l > mru) l = mru;
2850
2851 q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPLCP, 0, 0, 0);
2852 if (!q) return;
2853
2854 *q = ProtocolRej;
2855 *(q + 1) = ++sess_local[s].lcp_ident;
2856 *(uint16_t *)(q + 2) = htons(l);
2857 *(uint16_t *)(q + 4) = htons(proto);
2858 memcpy(q + 6, p, l - 6);
2859
2860 if (proto == PPPIPV6CP)
2861 LOG(3, s, t, "LCP: send ProtocolRej (IPV6CP: not configured)\n");
2862 else
2863 LOG(2, s, t, "LCP: sent ProtocolRej (0x%04X: unsupported)\n", proto);
2864
2865 tunnelsend(buf, l + (q - buf), t);
2866 }
for cloning use: "git clone git://git.sameswireless.fr/l2tpns.git" ; For add to your sources.list: "deb http://package.sameswifi.fr/ jessie main"