projects / l2tpns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge from Master
[l2tpns.git] / ppp.c
1 // L2TPNS PPP Stuff
2
3 #include <stdio.h>
4 #include <string.h>
5 #include <unistd.h>
6 #include <errno.h>
7 #include <stdlib.h>
8 #include <linux/rtnetlink.h>
9 #include <netinet/ip6.h>
10
11 #include "dhcp6.h"
12 #include "l2tpns.h"
13 #include "constants.h"
14 #include "plugin.h"
15 #include "util.h"
16 #include "tbf.h"
17 #include "cluster.h"
18
19 #include "l2tplac.h"
20 #include "pppoe.h"
21
22 extern tunnelt *tunnel;
23 extern bundlet *bundle;
24 extern fragmentationt *frag;
25 extern sessiont *session;
26 extern radiust *radius;
27 extern int tunfd;
28 extern char hostname[];
29 extern uint32_t eth_tx;
30 extern time_t time_now;
31 extern uint64_t time_now_ms;
32 extern configt *config;
33
34 static int add_lcp_auth(uint8_t *b, int size, int authtype);
35 static bundleidt new_bundle(void);
36 static int epdiscmp(epdist, epdist);
37 static void setepdis(epdist *, epdist);
38 static void ipcp_open(sessionidt s, tunnelidt t);
39
40 static int first_session_in_bundle(sessionidt s)
41 {
42 bundleidt i;
43 for (i = 1; i < MAXBUNDLE; i++)
44 if (bundle[i].state != BUNDLEFREE)
45 if (epdiscmp(session[s].epdis,bundle[i].epdis) && !strcmp(session[s].user, bundle[i].user))
46 return 0;
47 return 1;
48 }
49
50 // Process PAP messages
51 void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
52 {
53 char user[MAXUSER];
54 char pass[MAXPASS];
55 uint16_t hl;
56 uint16_t r;
57
58 CSTAT(processpap);
59
60 LOG_HEX(5, "PAP", p, l);
61 if (l < 4)
62 {
63 LOG(1, s, t, "Short PAP %u bytes\n", l);
64 STAT(tunnel_rx_errors);
65 sessionshutdown(s, "Short PAP packet.", CDN_ADMIN_DISC, TERM_USER_ERROR);
66 return;
67 }
68
69 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
70 {
71 LOG(1, s, t, "Length mismatch PAP %u/%u\n", hl, l);
72 STAT(tunnel_rx_errors);
73 sessionshutdown(s, "PAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR);
74 return;
75 }
76 l = hl;
77
78 if (*p != 1)
79 {
80 LOG(1, s, t, "Unexpected PAP code %d\n", *p);
81 STAT(tunnel_rx_errors);
82 sessionshutdown(s, "Unexpected PAP code.", CDN_ADMIN_DISC, TERM_USER_ERROR);
83 return;
84 }
85
86 if (session[s].ppp.phase != Authenticate)
87 {
88 LOG(2, s, t, "PAP ignored in %s phase\n", ppp_phase(session[s].ppp.phase));
89 return;
90 }
91
92 {
93 uint8_t *b = p;
94 b += 4;
95 user[0] = pass[0] = 0;
96 if (*b && *b < sizeof(user))
97 {
98 memcpy(user, b + 1, *b);
99 user[*b] = 0;
100 b += 1 + *b;
101 if (*b && *b < sizeof(pass))
102 {
103 memcpy(pass, b + 1, *b);
104 pass[*b] = 0;
105 }
106 }
107 LOG(3, s, t, "PAP login %s/%s\n", user, pass);
108 }
109
110 if ((!config->disable_lac_func) && lac_conf_forwardtoremotelns(s, user))
111 {
112 // Creating a tunnel/session has been started
113 return;
114 }
115
116 if (session[s].ip || !(r = radiusnew(s)))
117 {
118 // respond now, either no RADIUS available or already authenticated
119 uint8_t b[MAXETHER];
120 uint8_t id = p[1];
121 uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPPAP, 0, 0, 0);
122 if (!p) return;
123
124 if (session[s].ip)
125 *p = 2; // ACK
126 else
127 *p = 3; // cant authorise
128 p[1] = id;
129 *(uint16_t *) (p + 2) = htons(5); // length
130 p[4] = 0; // no message
131 tunnelsend(b, 5 + (p - b), t); // send it
132
133 if (session[s].ip)
134 {
135 LOG(3, s, t, "Already an IP allocated: %s (%d)\n",
136 fmtaddr(htonl(session[s].ip), 0), session[s].ip_pool_index);
137 }
138 else
139 {
140 LOG(1, s, t, "No RADIUS session available to authenticate session...\n");
141 sessionshutdown(s, "No free RADIUS sessions.", CDN_UNAVAILABLE, TERM_SERVICE_UNAVAILABLE);
142 }
143 }
144 else
145 {
146 // Run PRE_AUTH plugins
147 struct param_pre_auth packet = { &tunnel[t], &session[s], strdup(user), strdup(pass), PPPPAP, 1 };
148 run_plugins(PLUGIN_PRE_AUTH, &packet);
149 if (!packet.continue_auth)
150 {
151 LOG(3, s, t, "A plugin rejected PRE_AUTH\n");
152 if (packet.username) free(packet.username);
153 if (packet.password) free(packet.password);
154 return;
155 }
156
157 strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
158 strncpy(radius[r].pass, packet.password, sizeof(radius[r].pass) - 1);
159
160 free(packet.username);
161 free(packet.password);
162
163 radius[r].id = p[1];
164 LOG(3, s, t, "Sending login for %s/%s to RADIUS\n", user, pass);
165 if ((session[s].mrru) && (!first_session_in_bundle(s)))
166 radiussend(r, RADIUSJUSTAUTH);
167 else
168 radiussend(r, RADIUSAUTH);
169 }
170 }
171
172 // Process CHAP messages
173 void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
174 {
175 uint16_t r;
176 uint16_t hl;
177
178 CSTAT(processchap);
179
180 LOG_HEX(5, "CHAP", p, l);
181
182 if (l < 4)
183 {
184 LOG(1, s, t, "Short CHAP %u bytes\n", l);
185 STAT(tunnel_rx_errors);
186 sessionshutdown(s, "Short CHAP packet.", CDN_ADMIN_DISC, TERM_USER_ERROR);
187 return;
188 }
189
190 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
191 {
192 LOG(1, s, t, "Length mismatch CHAP %u/%u\n", hl, l);
193 STAT(tunnel_rx_errors);
194 sessionshutdown(s, "CHAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR);
195 return;
196 }
197 l = hl;
198
199 if (*p != 2)
200 {
201 LOG(1, s, t, "Unexpected CHAP response code %d\n", *p);
202 STAT(tunnel_rx_errors);
203 sessionshutdown(s, "CHAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR);
204 return;
205 }
206
207 if (session[s].ppp.phase != Authenticate)
208 {
209 LOG(2, s, t, "CHAP ignored in %s phase\n", ppp_phase(session[s].ppp.phase));
210 return;
211 }
212
213 r = sess_local[s].radius;
214 if (!r)
215 {
216 LOG(3, s, t, "Unexpected CHAP message\n");
217
218 // Some modems (Netgear DM602, possibly others) persist in using CHAP even
219 // after ACKing our ConfigReq for PAP.
220 if (sess_local[s].lcp_authtype == AUTHPAP && config->radius_authtypes & AUTHCHAP)
221 {
222 sess_local[s].lcp_authtype = AUTHCHAP;
223 sendchap(s, t);
224 }
225 return;
226 }
227
228 if (p[1] != radius[r].id)
229 {
230 LOG(1, s, t, "Wrong CHAP response ID %d (should be %d) (%d)\n", p[1], radius[r].id, r);
231 STAT(tunnel_rx_errors);
232 sessionshutdown(s, "Unexpected CHAP response ID.", CDN_ADMIN_DISC, TERM_USER_ERROR);
233 return;
234 }
235
236 if (l < 5 || p[4] != 16)
237 {
238 LOG(1, s, t, "Bad CHAP response length %d\n", l < 5 ? -1 : p[4]);
239 STAT(tunnel_rx_errors);
240 sessionshutdown(s, "Bad CHAP response length.", CDN_ADMIN_DISC, TERM_USER_ERROR);
241 return;
242 }
243
244 l -= 5;
245 p += 5;
246 if (l < 16 || l - 16 >= sizeof(session[s].user))
247 {
248 LOG(1, s, t, "CHAP user too long %d\n", l - 16);
249 STAT(tunnel_rx_errors);
250 sessionshutdown(s, "CHAP username too long.", CDN_ADMIN_DISC, TERM_USER_ERROR);
251 return;
252 }
253
254 // Run PRE_AUTH plugins
255 {
256 struct param_pre_auth packet = { &tunnel[t], &session[s], NULL, NULL, PPPCHAP, 1 };
257
258 packet.password = calloc(17, 1);
259 memcpy(packet.password, p, 16);
260
261 p += 16;
262 l -= 16;
263
264 packet.username = calloc(l + 1, 1);
265 memcpy(packet.username, p, l);
266
267 if ((!config->disable_lac_func) && lac_conf_forwardtoremotelns(s, packet.username))
268 {
269 free(packet.username);
270 free(packet.password);
271 // Creating a tunnel/session has been started
272 return;
273 }
274
275 run_plugins(PLUGIN_PRE_AUTH, &packet);
276 if (!packet.continue_auth)
277 {
278 LOG(3, s, t, "A plugin rejected PRE_AUTH\n");
279 if (packet.username) free(packet.username);
280 if (packet.password) free(packet.password);
281 return;
282 }
283
284 strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
285 memcpy(radius[r].pass, packet.password, 16);
286
287 free(packet.username);
288 free(packet.password);
289 }
290
291 radius[r].chap = 1;
292 LOG(3, s, t, "CHAP login %s\n", session[s].user);
293 if ((session[s].mrru) && (!first_session_in_bundle(s)))
294 radiussend(r, RADIUSJUSTAUTH);
295 else
296 radiussend(r, RADIUSAUTH);
297 }
298
299 static void dumplcp(uint8_t *p, int l)
300 {
301 int x = l - 4;
302 uint8_t *o = (p + 4);
303
304 LOG_HEX(5, "PPP LCP Packet", p, l);
305 LOG(4, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p, ppp_code((int)*p), ntohs( ((uint16_t *) p)[1]) );
306 LOG(4, 0, 0, "Length: %d\n", l);
307 if (*p != ConfigReq && *p != ConfigRej && *p != ConfigAck)
308 return;
309
310 while (x > 2)
311 {
312 int type = o[0];
313 int length = o[1];
314 if (length < 2)
315 {
316 LOG(4, 0, 0, " Option length is %d...\n", length);
317 break;
318 }
319 if (type == 0)
320 {
321 LOG(4, 0, 0, " Option type is 0...\n");
322 x -= length;
323 o += length;
324 continue;
325 }
326 switch (type)
327 {
328 case 1: // Maximum-Receive-Unit
329 if (length == 4)
330 LOG(4, 0, 0, " %s %d\n", ppp_lcp_option(type), ntohs(*(uint16_t *)(o + 2)));
331 else
332 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type), length);
333 break;
334 case 2: // Async-Control-Character-Map
335 if (length == 6)
336 {
337 uint32_t asyncmap = ntohl(*(uint32_t *)(o + 2));
338 LOG(4, 0, 0, " %s %x\n", ppp_lcp_option(type), asyncmap);
339 }
340 else
341 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type), length);
342 break;
343 case 3: // Authentication-Protocol
344 if (length == 4)
345 {
346 int proto = ntohs(*(uint16_t *)(o + 2));
347 LOG(4, 0, 0, " %s 0x%x (%s)\n", ppp_lcp_option(type), proto,
348 proto == PPPPAP ? "PAP" : "UNSUPPORTED");
349 }
350 else if (length == 5)
351 {
352 int proto = ntohs(*(uint16_t *)(o + 2));
353 int algo = *(o + 4);
354 LOG(4, 0, 0, " %s 0x%x 0x%x (%s)\n", ppp_lcp_option(type), proto, algo,
355 (proto == PPPCHAP && algo == 5) ? "CHAP MD5" : "UNSUPPORTED");
356 }
357 else
358 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type), length);
359 break;
360 case 4: // Quality-Protocol
361 {
362 uint32_t qp = ntohl(*(uint32_t *)(o + 2));
363 LOG(4, 0, 0, " %s %x\n", ppp_lcp_option(type), qp);
364 }
365 break;
366 case 5: // Magic-Number
367 if (length == 6)
368 {
369 uint32_t magicno = ntohl(*(uint32_t *)(o + 2));
370 LOG(4, 0, 0, " %s %x\n", ppp_lcp_option(type), magicno);
371 }
372 else
373 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type), length);
374 break;
375 case 7: // Protocol-Field-Compression
376 case 8: // Address-And-Control-Field-Compression
377 LOG(4, 0, 0, " %s\n", ppp_lcp_option(type));
378 break;
379 default:
380 LOG(2, 0, 0, " Unknown PPP LCP Option type %d\n", type);
381 break;
382 }
383 x -= length;
384 o += length;
385 }
386 }
387
388 void lcp_open(sessionidt s, tunnelidt t)
389 {
390 // transition to Authentication or Network phase:
391 session[s].ppp.phase = sess_local[s].lcp_authtype ? Authenticate : Network;
392
393 LOG(3, s, t, "LCP: Opened, phase %s\n", ppp_phase(session[s].ppp.phase));
394
395 // LCP now Opened
396 change_state(s, lcp, Opened);
397
398 if (session[s].ppp.phase == Authenticate)
399 {
400 if (sess_local[s].lcp_authtype == AUTHCHAP)
401 sendchap(s, t);
402 }
403 else
404 {
405 if(session[s].bundle == 0 || bundle[session[s].bundle].num_of_links == 1)
406 {
407 // This-Layer-Up
408 sendipcp(s, t);
409 change_state(s, ipcp, RequestSent);
410 // move to passive state for IPv6 (if configured), CCP
411 if (config->ipv6_prefix.s6_addr[0])
412 change_state(s, ipv6cp, Stopped);
413 else
414 change_state(s, ipv6cp, Closed);
415
416 change_state(s, ccp, Stopped);
417 }
418 else
419 {
420 sessionidt first_ses = bundle[session[s].bundle].members[0];
421 LOG(3, s, t, "MPPP: Skipping IPCP negotiation for session:%d, first session of bundle is:%d\n",s,first_ses);
422 ipcp_open(s, t);
423 }
424 }
425 }
426
427 void lcp_restart(sessionidt s)
428 {
429 session[s].ppp.phase = Establish;
430 // This-Layer-Down
431 change_state(s, ipcp, Dead);
432 change_state(s, ipv6cp, Dead);
433 change_state(s, ccp, Dead);
434 }
435
436 static uint8_t *ppp_conf_rej(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype,
437 uint8_t **response, uint8_t *queued, uint8_t *packet, uint8_t *option)
438 {
439 if (!*response || **response != ConfigRej)
440 {
441 queued = *response = makeppp(buf, blen, packet, 2, s, session[s].tunnel, mtype, 0, 0, 0);
442 if (!queued)
443 return 0;
444
445 *queued = ConfigRej;
446 queued += 4;
447 }
448
449 if ((queued - buf + option[1]) > blen)
450 {
451 LOG(2, s, session[s].tunnel, "PPP overflow for ConfigRej (proto %u, option %u).\n", mtype, *option);
452 return 0;
453 }
454
455 memcpy(queued, option, option[1]);
456 return queued + option[1];
457 }
458
459 static uint8_t *ppp_conf_nak(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype,
460 uint8_t **response, uint8_t *queued, uint8_t *packet, uint8_t *option,
461 uint8_t *value, size_t vlen)
462 {
463 int *nak_sent;
464 switch (mtype)
465 {
466 case PPPLCP: nak_sent = &sess_local[s].lcp.nak_sent; break;
467 case PPPIPCP: nak_sent = &sess_local[s].ipcp.nak_sent; break;
468 case PPPIPV6CP: nak_sent = &sess_local[s].ipv6cp.nak_sent; break;
469 default: return 0; // ?
470 }
471
472 if (*response && **response != ConfigNak)
473 {
474 if (*nak_sent < config->ppp_max_failure) // reject queued
475 return queued;
476
477 return ppp_conf_rej(s, buf, blen, mtype, response, 0, packet, option);
478 }
479
480 if (!*response)
481 {
482 if (*nak_sent >= config->ppp_max_failure)
483 return ppp_conf_rej(s, buf, blen, mtype, response, 0, packet, option);
484
485 queued = *response = makeppp(buf, blen, packet, 2, s, session[s].tunnel, mtype, 0, 0, 0);
486 if (!queued)
487 return 0;
488
489 (*nak_sent)++;
490 *queued = ConfigNak;
491 queued += 4;
492 }
493
494 if ((queued - buf + vlen + 2) > blen)
495 {
496 LOG(2, s, session[s].tunnel, "PPP overflow for ConfigNak (proto %u, option %u).\n", mtype, *option);
497 return 0;
498 }
499
500 *queued++ = *option;
501 *queued++ = vlen + 2;
502 memcpy(queued, value, vlen);
503 return queued + vlen;
504 }
505
506 static void ppp_code_rej(sessionidt s, tunnelidt t, uint16_t proto,
507 char *pname, uint8_t *p, uint16_t l, uint8_t *buf, size_t size)
508 {
509 uint8_t *q;
510 int mru = session[s].mru;
511 if (mru < MINMTU) mru = MINMTU;
512 if (mru > size) mru = size;
513
514 l += 4;
515 if (l > mru) l = mru;
516
517 q = makeppp(buf, size, 0, 0, s, t, proto, 0, 0, 0);
518 if (!q) return;
519
520 *q = CodeRej;
521 *(q + 1) = ++sess_local[s].lcp_ident;
522 *(uint16_t *)(q + 2) = htons(l);
523 memcpy(q + 4, p, l - 4);
524
525 LOG(2, s, t, "Unexpected %s code %s\n", pname, ppp_code(*p));
526 LOG(3, s, t, "%s: send %s\n", pname, ppp_code(*q));
527 if (config->debug > 3) dumplcp(q, l);
528
529 tunnelsend(buf, l + (q - buf), t);
530 }
531
532 // Process LCP messages
533 void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
534 {
535 uint8_t b[MAXETHER];
536 uint8_t *q = NULL;
537 uint16_t hl;
538
539 CSTAT(processlcp);
540
541 LOG_HEX(5, "LCP", p, l);
542 if (l < 4)
543 {
544 LOG(1, s, t, "Short LCP %d bytes\n", l);
545 STAT(tunnel_rx_errors);
546 return ;
547 }
548
549 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
550 {
551 LOG(1, s, t, "Length mismatch LCP %u/%u\n", hl, l);
552 STAT(tunnel_rx_errors);
553 return ;
554 }
555 l = hl;
556
557 if (session[s].die) // going down...
558 return;
559
560 LOG(((*p == EchoReq || *p == EchoReply) ? 4 : 3), s, t,
561 "LCP: recv %s\n", ppp_code(*p));
562
563 if (config->debug > 3) dumplcp(p, l);
564
565 if (*p == ConfigAck)
566 {
567 int x = l - 4;
568 uint8_t *o = (p + 4);
569 int authtype = 0;
570
571 while (x > 2)
572 {
573 int type = o[0];
574 int length = o[1];
575
576 if (length == 0 || type == 0 || x < length) break;
577 switch (type)
578 {
579 case 3: // Authentication-Protocol
580 {
581 int proto = ntohs(*(uint16_t *)(o + 2));
582 if (proto == PPPPAP)
583 authtype = AUTHPAP;
584 else if (proto == PPPCHAP && *(o + 4) == 5)
585 authtype = AUTHCHAP;
586 }
587
588 break;
589 }
590 x -= length;
591 o += length;
592 }
593
594 if (!session[s].ip && authtype)
595 sess_local[s].lcp_authtype = authtype;
596
597 switch (session[s].ppp.lcp)
598 {
599 case RequestSent:
600 initialise_restart_count(s, lcp);
601 change_state(s, lcp, AckReceived);
602 break;
603
604 case AckReceived:
605 case Opened:
606 LOG(2, s, t, "LCP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.lcp));
607 if (session[s].ppp.lcp == Opened)
608 lcp_restart(s);
609
610 sendlcp(s, t);
611 change_state(s, lcp, RequestSent);
612 break;
613
614 case AckSent:
615 lcp_open(s, t);
616 break;
617
618 default:
619 LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
620 }
621 }
622 else if (*p == ConfigReq)
623 {
624 int x = l - 4;
625 uint8_t *o = (p + 4);
626 uint8_t *response = 0;
627 static uint8_t asyncmap[4] = { 0, 0, 0, 0 }; // all zero
628 static uint8_t authproto[5];
629 int changed = 0;
630
631 while (x > 2)
632 {
633 int type = o[0];
634 int length = o[1];
635
636 if (length == 0 || type == 0 || x < length) break;
637 switch (type)
638 {
639 case 1: // Maximum-Receive-Unit
640 {
641 uint16_t mru = ntohs(*(uint16_t *)(o + 2));
642 if (mru >= MINMTU)
643 {
644 session[s].mru = mru;
645 changed++;
646 break;
647 }
648
649 LOG(3, s, t, " Remote requesting MRU of %u. Rejecting.\n", mru);
650 mru = htons(MRU);
651 q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, (uint8_t *) &mru, sizeof(mru));
652 }
653 break;
654
655 case 2: // Async-Control-Character-Map
656 if (!ntohl(*(uint32_t *)(o + 2))) // all bits zero is OK
657 break;
658
659 LOG(3, s, t, " Remote requesting asyncmap. Rejecting.\n");
660 q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, asyncmap, sizeof(asyncmap));
661 break;
662
663 case 3: // Authentication-Protocol
664 {
665 int proto = ntohs(*(uint16_t *)(o + 2));
666 char proto_name[] = "0x0000";
667 int alen;
668
669 if (proto == PPPPAP)
670 {
671 if (config->radius_authtypes & AUTHPAP)
672 {
673 sess_local[s].lcp_authtype = AUTHPAP;
674 break;
675 }
676
677 strcpy(proto_name, "PAP");
678 }
679 else if (proto == PPPCHAP)
680 {
681 if (config->radius_authtypes & AUTHCHAP
682 && *(o + 4) == 5) // MD5
683 {
684 sess_local[s].lcp_authtype = AUTHCHAP;
685 break;
686 }
687
688 strcpy(proto_name, "CHAP");
689 }
690 else
691 sprintf(proto_name, "%#4.4x", proto);
692
693 LOG(3, s, t, " Remote requesting %s authentication. Rejecting.\n", proto_name);
694
695 alen = add_lcp_auth(authproto, sizeof(authproto), config->radius_authprefer);
696 if (alen < 2) break; // paranoia
697
698 q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2);
699 if (q && *response == ConfigNak &&
700 config->radius_authtypes != config->radius_authprefer)
701 {
702 // alternate type
703 alen = add_lcp_auth(authproto, sizeof(authproto), config->radius_authtypes & ~config->radius_authprefer);
704 if (alen < 2) break;
705 q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2);
706 }
707
708 break;
709 }
710 break;
711
712 case 4: // Quality-Protocol
713 case 5: // Magic-Number
714 case 7: // Protocol-Field-Compression
715 case 8: // Address-And-Control-Field-Compression
716 break;
717
718 case 17: // Multilink Max-Receive-Reconstructed-Unit
719 {
720 uint16_t mrru = ntohs(*(uint16_t *)(o + 2));
721 session[s].mrru = mrru;
722 changed++;
723 LOG(3, s, t, " Received PPP LCP option MRRU: %d\n",mrru);
724 }
725 break;
726
727 case 18: // Multilink Short Sequence Number Header Format
728 {
729 session[s].mssf = 1;
730 changed++;
731 LOG(3, s, t, " Received PPP LCP option MSSN format\n");
732 }
733 break;
734
735 case 19: // Multilink Endpoint Discriminator
736 {
737 uint8_t epdis_class = o[2];
738 int addr;
739
740 session[s].epdis.addr_class = epdis_class;
741 session[s].epdis.length = length - 3;
742 if (session[s].epdis.length > 20)
743 {
744 LOG(1, s, t, "Error: received EndDis Address Length more than 20: %d\n", session[s].epdis.length);
745 session[s].epdis.length = 20;
746 }
747
748 for (addr = 0; addr < session[s].epdis.length; addr++)
749 session[s].epdis.address[addr] = o[3+addr];
750
751 changed++;
752
753 switch (epdis_class)
754 {
755 case LOCALADDR:
756 LOG(3, s, t, " Received PPP LCP option Multilink EndDis Local Address Class: %d\n",epdis_class);
757 break;
758 case IPADDR:
759 LOG(3, s, t, " Received PPP LCP option Multilink EndDis IP Address Class: %d\n",epdis_class);
760 break;
761 case IEEEMACADDR:
762 LOG(3, s, t, " Received PPP LCP option Multilink EndDis IEEE MAC Address Class: %d\n",epdis_class);
763 break;
764 case PPPMAGIC:
765 LOG(3, s, t, " Received PPP LCP option Multilink EndDis PPP Magic No Class: %d\n",epdis_class);
766 break;
767 case PSNDN:
768 LOG(3, s, t, " Received PPP LCP option Multilink EndDis PSND No Class: %d\n",epdis_class);
769 break;
770 default:
771 LOG(3, s, t, " Received PPP LCP option Multilink EndDis NULL Class %d\n",epdis_class);
772 }
773 }
774 break;
775
776 default: // Reject any unknown options
777 LOG(3, s, t, " Rejecting unknown PPP LCP option %d\n", type);
778 q = ppp_conf_rej(s, b, sizeof(b), PPPLCP, &response, q, p, o);
779 }
780 x -= length;
781 o += length;
782 }
783
784 if (changed)
785 cluster_send_session(s);
786
787 if (response)
788 {
789 l = q - response; // LCP packet length
790 *((uint16_t *) (response + 2)) = htons(l); // update header
791 }
792 else
793 {
794 // Send packet back as ConfigAck
795 response = makeppp(b, sizeof(b), p, l, s, t, PPPLCP, 0, 0, 0);
796 if (!response) return;
797 *response = ConfigAck;
798 }
799
800 switch (session[s].ppp.lcp)
801 {
802 case Closed:
803 response = makeppp(b, sizeof(b), p, 2, s, t, PPPLCP, 0, 0, 0);
804 if (!response) return;
805 *response = TerminateAck;
806 *((uint16_t *) (response + 2)) = htons(l = 4);
807 break;
808
809 case Stopped:
810 initialise_restart_count(s, lcp);
811 sendlcp(s, t);
812 if (*response == ConfigAck)
813 change_state(s, lcp, AckSent);
814 else
815 change_state(s, lcp, RequestSent);
816
817 break;
818
819 case RequestSent:
820 if (*response == ConfigAck)
821 change_state(s, lcp, AckSent);
822
823 break;
824
825 case AckReceived:
826 if (*response == ConfigAck)
827 lcp_open(s, t);
828
829 break;
830
831 case Opened:
832 lcp_restart(s);
833 sendlcp(s, t);
834 /* fallthrough */
835
836 case AckSent:
837 if (*response == ConfigAck)
838 change_state(s, lcp, AckSent);
839 else
840 change_state(s, lcp, RequestSent);
841
842 break;
843
844 case Closing:
845 sessionshutdown(s, "LCP: ConfigReq in state Closing. This should not happen. Killing session.", CDN_ADMIN_DISC, TERM_LOST_SERVICE);
846 break;
847
848 default:
849 LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
850 return;
851 }
852
853 LOG(3, s, t, "LCP: send %s\n", ppp_code(*response));
854 if (config->debug > 3) dumplcp(response, l);
855
856 tunnelsend(b, l + (response - b), t);
857 }
858 else if (*p == ConfigNak || *p == ConfigRej)
859 {
860 int x = l - 4;
861 uint8_t *o = (p + 4);
862 int authtype = -1;
863
864 while (x > 2)
865 {
866 int type = o[0];
867 int length = o[1];
868
869 if (length == 0 || type == 0 || x < length) break;
870 switch (type)
871 {
872 case 1: // Maximum-Receive-Unit
873 if (*p == ConfigNak)
874 {
875 if (length < 4) break;
876 sess_local[s].ppp_mru = ntohs(*(uint16_t *)(o + 2));
877 LOG(3, s, t, " Remote requested MRU of %u\n", sess_local[s].ppp_mru);
878 }
879 else
880 {
881 sess_local[s].ppp_mru = 0;
882 LOG(3, s, t, " Remote rejected MRU negotiation\n");
883 }
884
885 break;
886
887 case 3: // Authentication-Protocol
888 if (authtype > 0)
889 break;
890
891 if (*p == ConfigNak)
892 {
893 int proto;
894
895 if (length < 4) break;
896 proto = ntohs(*(uint16_t *)(o + 2));
897
898 if (proto == PPPPAP)
899 {
900 authtype = config->radius_authtypes & AUTHPAP;
901 LOG(3, s, t, " Remote requested PAP authentication...%sing\n",
902 authtype ? "accept" : "reject");
903 }
904 else if (proto == PPPCHAP && length > 4 && *(o + 4) == 5)
905 {
906 authtype = config->radius_authtypes & AUTHCHAP;
907 LOG(3, s, t, " Remote requested CHAP authentication...%sing\n",
908 authtype ? "accept" : "reject");
909 }
910 else
911 {
912 LOG(3, s, t, " Rejecting unsupported authentication %#4x\n",
913 proto);
914 }
915 }
916 else
917 {
918 LOG(2, s, t, "LCP: remote rejected auth negotiation\n");
919 authtype = 0; // shutdown
920 }
921
922 break;
923
924 case 5: // Magic-Number
925 session[s].magic = 0;
926 if (*p == ConfigNak)
927 {
928 if (length < 6) break;
929 session[s].magic = ntohl(*(uint32_t *)(o + 2));
930 }
931
932 if (session[s].magic)
933 LOG(3, s, t, " Remote requested magic-no %x\n", session[s].magic);
934 else
935 LOG(3, s, t, " Remote rejected magic-no\n");
936
937 cluster_send_session(s);
938 break;
939
940 case 17: // Multilink Max-Receive-Reconstructed-Unit
941 {
942 if (*p == ConfigNak)
943 {
944 sess_local[s].mp_mrru = ntohs(*(uint16_t *)(o + 2));
945 LOG(3, s, t, " Remote requested MRRU of %u\n", sess_local[s].mp_mrru);
946 }
947 else
948 {
949 sess_local[s].mp_mrru = 0;
950 LOG(3, s, t, " Remote rejected MRRU negotiation\n");
951 }
952 }
953 break;
954
955 case 18: // Multilink Short Sequence Number Header Format
956 {
957 if (*p == ConfigNak)
958 {
959 sess_local[s].mp_mssf = 0;
960 LOG(3, s, t, " Remote requested Naked mssf\n");
961 }
962 else
963 {
964 sess_local[s].mp_mssf = 0;
965 LOG(3, s, t, " Remote rejected mssf\n");
966 }
967 }
968 break;
969
970 case 19: // Multilink Endpoint Discriminator
971 {
972 if (*p == ConfigNak)
973 {
974 LOG(2, s, t, " Remote should not configNak Endpoint Dis!\n");
975 }
976 else
977 {
978 sess_local[s].mp_epdis = 0;
979 LOG(3, s, t, " Remote rejected Endpoint Discriminator\n");
980 }
981 }
982 break;
983
984 default:
985 LOG(2, s, t, "LCP: remote sent %s for type %u?\n", ppp_code(*p), type);
986 sessionshutdown(s, "Unable to negotiate LCP.", CDN_ADMIN_DISC, TERM_USER_ERROR);
987 return;
988 }
989 x -= length;
990 o += length;
991 }
992
993 if (!authtype)
994 {
995 sessionshutdown(s, "Unsupported authentication.", CDN_ADMIN_DISC, TERM_USER_ERROR);
996 return;
997 }
998
999 if (authtype > 0)
1000 sess_local[s].lcp_authtype = authtype;
1001
1002 switch (session[s].ppp.lcp)
1003 {
1004 case Closed:
1005 case Stopped:
1006 {
1007 uint8_t *response = makeppp(b, sizeof(b), p, 2, s, t, PPPLCP, 0, 0, 0);
1008 if (!response) return;
1009 *response = TerminateAck;
1010 *((uint16_t *) (response + 2)) = htons(l = 4);
1011
1012 LOG(3, s, t, "LCP: send %s\n", ppp_code(*response));
1013 if (config->debug > 3) dumplcp(response, l);
1014
1015 tunnelsend(b, l + (response - b), t);
1016 }
1017 break;
1018
1019 case RequestSent:
1020 case AckSent:
1021 initialise_restart_count(s, lcp);
1022 sendlcp(s, t);
1023 break;
1024
1025 case AckReceived:
1026 LOG(2, s, t, "LCP: ConfigNak in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.lcp));
1027 sendlcp(s, t);
1028 break;
1029
1030 case Opened:
1031 lcp_restart(s);
1032 sendlcp(s, t);
1033 break;
1034
1035 default:
1036 LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
1037 return;
1038 }
1039 }
1040 else if (*p == TerminateReq)
1041 {
1042 switch (session[s].ppp.lcp)
1043 {
1044 case Closed:
1045 case Stopped:
1046 case Closing:
1047 case Stopping:
1048 case RequestSent:
1049 case AckReceived:
1050 case AckSent:
1051 break;
1052
1053 case Opened:
1054 lcp_restart(s);
1055 zero_restart_count(s, lcp);
1056 change_state(s, lcp, Closing);
1057 break;
1058
1059 default:
1060 LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
1061 return;
1062 }
1063
1064 *p = TerminateAck; // send ack
1065 q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP, 0, 0, 0);
1066 if (!q) return;
1067
1068 LOG(3, s, t, "LCP: send %s\n", ppp_code(*q));
1069 if (config->debug > 3) dumplcp(q, l);
1070
1071 tunnelsend(b, l + (q - b), t); // send it
1072 }
1073 else if (*p == ProtocolRej)
1074 {
1075 uint16_t proto = 0;
1076
1077 if (l > 4)
1078 {
1079 proto = *(p+4);
1080 if (l > 5 && !(proto & 1))
1081 {
1082 proto <<= 8;
1083 proto |= *(p+5);
1084 }
1085 }
1086
1087 if (proto == PPPIPV6CP)
1088 {
1089 LOG(3, s, t, "IPv6 rejected\n");
1090 change_state(s, ipv6cp, Closed);
1091 }
1092 else
1093 {
1094 LOG(3, s, t, "LCP protocol reject: 0x%04X\n", proto);
1095 }
1096 }
1097 else if (*p == EchoReq)
1098 {
1099 *p = EchoReply; // reply
1100 *(uint32_t *) (p + 4) = htonl(session[s].magic); // our magic number
1101 q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP, 0, 0, 0);
1102 if (!q) return;
1103
1104 LOG(4, s, t, "LCP: send %s\n", ppp_code(*q));
1105 if (config->debug > 3) dumplcp(q, l);
1106
1107 tunnelsend(b, l + (q - b), t); // send it
1108 }
1109 else if (*p == EchoReply)
1110 {
1111 // Ignore it, last_packet time is set earlier than this.
1112 }
1113 else if (*p != CodeRej)
1114 {
1115 ppp_code_rej(s, t, PPPLCP, "LCP", p, l, b, sizeof(b));
1116 }
1117 }
1118
1119 int join_bundle(sessionidt s)
1120 {
1121 // Search for a bundle to join
1122 bundleidt i;
1123 bundleidt b;
1124 for (i = 1; i < MAXBUNDLE; i++)
1125 {
1126 if (bundle[i].state != BUNDLEFREE)
1127 {
1128 if (epdiscmp(session[s].epdis,bundle[i].epdis) && !strcmp(session[s].user, bundle[i].user))
1129 {
1130 sessionidt first_ses = bundle[i].members[0];
1131 if (bundle[i].mssf != session[s].mssf)
1132 {
1133 // uniformity of sequence number format must be insured
1134 LOG(3, s, session[s].tunnel, "MPPP: unable to bundle session %d in bundle %d cause of different mssf\n", s, i);
1135 return -1;
1136 }
1137 session[s].bundle = i;
1138 session[s].ip = session[first_ses].ip;
1139 session[s].dns1 = session[first_ses].dns1;
1140 session[s].dns2 = session[first_ses].dns2;
1141 session[s].timeout = session[first_ses].timeout;
1142
1143 if(session[s].epdis.length > 0)
1144 setepdis(&bundle[i].epdis, session[s].epdis);
1145
1146 strcpy(bundle[i].user, session[s].user);
1147 bundle[i].members[bundle[i].num_of_links] = s;
1148 bundle[i].num_of_links++;
1149 LOG(3, s, session[s].tunnel, "MPPP: Bundling additional line in bundle (%d), lines:%d\n",i,bundle[i].num_of_links);
1150 return i;
1151 }
1152 }
1153 }
1154
1155 // No previously created bundle was found for this session, so create a new one
1156 if (!(b = new_bundle())) return 0;
1157
1158 session[s].bundle = b;
1159 bundle[b].mrru = session[s].mrru;
1160 bundle[b].mssf = session[s].mssf;
1161 // FIXME !!! to enable l2tpns reading mssf frames receiver_max_seq, sender_max_seq must be introduce
1162 // now session[s].mssf flag indecates that the receiver wish to receive frames in mssf, so max_seq (i.e. recv_max_seq) = 1<<24
1163 /*
1164 if (bundle[b].mssf)
1165 bundle[b].max_seq = 1 << 12;
1166 else */
1167 bundle[b].max_seq = 1 << 24;
1168 if(session[s].epdis.length > 0)
1169 setepdis(&bundle[b].epdis, session[s].epdis);
1170
1171 strcpy(bundle[b].user, session[s].user);
1172 bundle[b].members[0] = s;
1173 bundle[b].timeout = session[s].timeout;
1174 LOG(3, s, session[s].tunnel, "MPPP: Created a new bundle (%d)\n", b);
1175 return b;
1176 }
1177
1178 static int epdiscmp(epdist ep1, epdist ep2)
1179 {
1180 int ad;
1181 if (ep1.length != ep2.length)
1182 return 0;
1183
1184 if (ep1.addr_class != ep2.addr_class)
1185 return 0;
1186
1187 for (ad = 0; ad < ep1.length; ad++)
1188 if (ep1.address[ad] != ep2.address[ad])
1189 return 0;
1190
1191 return 1;
1192 }
1193
1194 static void setepdis(epdist *ep1, epdist ep2)
1195 {
1196 int ad;
1197 ep1->length = ep2.length;
1198 ep1->addr_class = ep2.addr_class;
1199 for (ad = 0; ad < ep2.length; ad++)
1200 ep1->address[ad] = ep2.address[ad];
1201 }
1202
1203 static bundleidt new_bundle()
1204 {
1205 bundleidt i;
1206 for (i = 1; i < MAXBUNDLE; i++)
1207 {
1208 if (bundle[i].state == BUNDLEFREE)
1209 {
1210 LOG(4, 0, 0, "MPPP: Assigning bundle ID %d\n", i);
1211 bundle[i].num_of_links = 1;
1212 bundle[i].last_check = time_now; // Initialize last_check value
1213 bundle[i].state = BUNDLEOPEN;
1214 bundle[i].current_ses = -1; // This is to enforce the first session 0 to be used at first
1215 memset(&frag[i], 0, sizeof(fragmentationt));
1216 if (i > config->cluster_highest_bundleid)
1217 config->cluster_highest_bundleid = i;
1218 return i;
1219 }
1220 }
1221 LOG(0, 0, 0, "MPPP: Can't find a free bundle! There shouldn't be this many in use!\n");
1222 return 0;
1223 }
1224
1225 static void ipcp_open(sessionidt s, tunnelidt t)
1226 {
1227 LOG(3, s, t, "IPCP: Opened, session is now active\n");
1228
1229 change_state(s, ipcp, Opened);
1230
1231 if (!(session[s].walled_garden || session[s].flags & SESSION_STARTED))
1232 {
1233 uint16_t r = radiusnew(s);
1234 if (r)
1235 {
1236 radiussend(r, RADIUSSTART); // send radius start
1237
1238 // don't send further Start records if IPCP is restarted
1239 session[s].flags |= SESSION_STARTED;
1240 cluster_send_session(s);
1241 }
1242 }
1243
1244 // start IPv6 if configured and still in passive state
1245 if (session[s].ppp.ipv6cp == Stopped)
1246 {
1247 sendipv6cp(s, t);
1248 change_state(s, ipv6cp, RequestSent);
1249 }
1250 }
1251
1252 // Process IPCP messages
1253 void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
1254 {
1255 uint8_t b[MAXETHER];
1256 uint8_t *q = 0;
1257 uint16_t hl;
1258
1259 CSTAT(processipcp);
1260
1261 LOG_HEX(5, "IPCP", p, l);
1262 if (l < 4)
1263 {
1264 LOG(1, s, t, "Short IPCP %d bytes\n", l);
1265 STAT(tunnel_rx_errors);
1266 return ;
1267 }
1268
1269 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
1270 {
1271 LOG(1, s, t, "Length mismatch IPCP %u/%u\n", hl, l);
1272 STAT(tunnel_rx_errors);
1273 return ;
1274 }
1275 l = hl;
1276
1277 if (session[s].ppp.phase < Network)
1278 {
1279 LOG(2, s, t, "IPCP %s ignored in %s phase\n", ppp_code(*p), ppp_phase(session[s].ppp.phase));
1280 return;
1281 }
1282
1283 LOG(3, s, t, "IPCP: recv %s\n", ppp_code(*p));
1284
1285 if (*p == ConfigAck)
1286 {
1287 switch (session[s].ppp.ipcp)
1288 {
1289 case RequestSent:
1290 initialise_restart_count(s, ipcp);
1291 change_state(s, ipcp, AckReceived);
1292 break;
1293
1294 case AckReceived:
1295 case Opened:
1296 LOG(2, s, t, "IPCP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.ipcp));
1297 sendipcp(s, t);
1298 change_state(s, ipcp, RequestSent);
1299 break;
1300
1301 case AckSent:
1302 ipcp_open(s, t);
1303 break;
1304
1305 default:
1306 LOG(2, s, t, "IPCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipcp));
1307 }
1308 }
1309 else if (*p == ConfigReq)
1310 {
1311 uint8_t *response = 0;
1312 uint8_t *o = p + 4;
1313 int length = l - 4;
1314 int gotip = 0;
1315 in_addr_t addr;
1316
1317 while (length > 2)
1318 {
1319 if (!o[1] || o[1] > length) return;
1320
1321 switch (*o)
1322 {
1323 case 3: // ip address
1324 gotip++; // seen address
1325 if (o[1] != 6) return;
1326
1327 addr = htonl(session[s].ip);
1328 if (memcmp(o + 2, &addr, (sizeof addr)))
1329 {
1330 uint8_t *oq = q;
1331 q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
1332 if (!q || (q != oq && *response == ConfigRej))
1333 {
1334 sessionshutdown(s, "Can't negotiate IPCP.", CDN_ADMIN_DISC, TERM_USER_ERROR);
1335 return;
1336 }
1337 }
1338
1339 break;
1340
1341 case 129: // primary DNS
1342 if (o[1] != 6) return;
1343
1344 addr = htonl(session[s].dns1);
1345 if (memcmp(o + 2, &addr, (sizeof addr)))
1346 {
1347 q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
1348 if (!q) return;
1349 }
1350
1351 break;
1352
1353 case 131: // secondary DNS
1354 if (o[1] != 6) return;
1355
1356 addr = htonl(session[s].dns2);
1357 if (memcmp(o + 2, &addr, sizeof(addr)))
1358 {
1359 q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
1360 if (!q) return;
1361 }
1362
1363 break;
1364
1365 default:
1366 LOG(2, s, t, " Rejecting PPP IPCP Option type %d\n", *o);
1367 q = ppp_conf_rej(s, b, sizeof(b), PPPIPCP, &response, q, p, o);
1368 if (!q) return;
1369 }
1370
1371 length -= o[1];
1372 o += o[1];
1373 }
1374
1375 if (response)
1376 {
1377 l = q - response; // IPCP packet length
1378 *((uint16_t *) (response + 2)) = htons(l); // update header
1379 }
1380 else if (gotip)
1381 {
1382 // Send packet back as ConfigAck
1383 response = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP, 0, 0, 0);
1384 if (!response) return;
1385 *response = ConfigAck;
1386 }
1387 else
1388 {
1389 LOG(1, s, t, "No IP in IPCP request\n");
1390 STAT(tunnel_rx_errors);
1391 return;
1392 }
1393
1394 switch (session[s].ppp.ipcp)
1395 {
1396 case Closed:
1397 response = makeppp(b, sizeof(b), p, 2, s, t, PPPIPCP, 0, 0, 0);
1398 if (!response) return;
1399 *response = TerminateAck;
1400 *((uint16_t *) (response + 2)) = htons(l = 4);
1401 break;
1402
1403 case Stopped:
1404 initialise_restart_count(s, ipcp);
1405 sendipcp(s, t);
1406 if (*response == ConfigAck)
1407 change_state(s, ipcp, AckSent);
1408 else
1409 change_state(s, ipcp, RequestSent);
1410
1411 break;
1412
1413 case RequestSent:
1414 if (*response == ConfigAck)
1415 change_state(s, ipcp, AckSent);
1416
1417 break;
1418
1419 case AckReceived:
1420 if (*response == ConfigAck)
1421 ipcp_open(s, t);
1422
1423 break;
1424
1425 case Opened:
1426 initialise_restart_count(s, ipcp);
1427 sendipcp(s, t);
1428 /* fallthrough */
1429
1430 case AckSent:
1431 if (*response == ConfigAck)
1432 change_state(s, ipcp, AckSent);
1433 else
1434 change_state(s, ipcp, RequestSent);
1435
1436 break;
1437
1438 default:
1439 LOG(2, s, t, "IPCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipcp));
1440 return;
1441 }
1442
1443 LOG(3, s, t, "IPCP: send %s\n", ppp_code(*response));
1444 tunnelsend(b, l + (response - b), t);
1445 }
1446 else if (*p == TerminateReq)
1447 {
1448 switch (session[s].ppp.ipcp)
1449 {
1450 case Closed:
1451 case Stopped:
1452 case Closing:
1453 case Stopping:
1454 case RequestSent:
1455 case AckReceived:
1456 case AckSent:
1457 break;
1458
1459 case Opened:
1460 zero_restart_count(s, ipcp);
1461 change_state(s, ipcp, Closing);
1462 break;
1463
1464 default:
1465 LOG(2, s, t, "IPCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipcp));
1466 return;
1467 }
1468
1469 *p = TerminateAck; // send ack
1470 q = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP, 0, 0, 0);
1471 if (!q) return;
1472
1473 LOG(3, s, t, "IPCP: send %s\n", ppp_code(*q));
1474 tunnelsend(b, l + (q - b), t); // send it
1475 }
1476 else if (*p != CodeRej)
1477 {
1478 ppp_code_rej(s, t, PPPIPCP, "IPCP", p, l, b, sizeof(b));
1479 }
1480 }
1481
1482 static void ipv6cp_open(sessionidt s, tunnelidt t)
1483 {
1484 LOG(3, s, t, "IPV6CP: Opened\n");
1485
1486 change_state(s, ipv6cp, Opened);
1487 if (session[s].ipv6prefixlen)
1488 route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 1);
1489
1490 if (session[s].ipv6address.s6_addr[0])
1491 {
1492 // Check if included in prefix
1493 if (sessionbyipv6(session[s].ipv6address) != s)
1494 route6set(s, session[s].ipv6address, 128, 1);
1495 }
1496
1497 // Send an initial RA (TODO: Should we send these regularly?)
1498 send_ipv6_ra(s, t, NULL);
1499 }
1500
1501 // Process IPV6CP messages
1502 void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
1503 {
1504 uint8_t b[MAXETHER];
1505 uint8_t *q = 0;
1506 uint16_t hl;
1507
1508 CSTAT(processipv6cp);
1509
1510 LOG_HEX(5, "IPV6CP", p, l);
1511 if (l < 4)
1512 {
1513 LOG(1, s, t, "Short IPV6CP %d bytes\n", l);
1514 STAT(tunnel_rx_errors);
1515 return ;
1516 }
1517
1518 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
1519 {
1520 LOG(1, s, t, "Length mismatch IPV6CP %u/%u\n", hl, l);
1521 STAT(tunnel_rx_errors);
1522 return ;
1523 }
1524 l = hl;
1525
1526 if (session[s].ppp.phase < Network)
1527 {
1528 LOG(2, s, t, "IPV6CP %s ignored in %s phase\n", ppp_code(*p), ppp_phase(session[s].ppp.phase));
1529 return;
1530 }
1531
1532 LOG(3, s, t, "IPV6CP: recv %s\n", ppp_code(*p));
1533
1534 if (!session[s].ip)
1535 {
1536 LOG(3, s, t, "IPV6CP: no IPv4 address (IPCP in state %s)\n", ppp_state(session[s].ppp.ipcp));
1537 return; // need IPCP to complete...
1538 }
1539
1540 if (*p == ConfigAck)
1541 {
1542 switch (session[s].ppp.ipv6cp)
1543 {
1544 case RequestSent:
1545 initialise_restart_count(s, ipv6cp);
1546 change_state(s, ipv6cp, AckReceived);
1547 break;
1548
1549 case AckReceived:
1550 case Opened:
1551 LOG(2, s, t, "IPV6CP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.ipv6cp));
1552 sendipv6cp(s, t);
1553 change_state(s, ipv6cp, RequestSent);
1554 break;
1555
1556 case AckSent:
1557 ipv6cp_open(s, t);
1558 break;
1559
1560 default:
1561 LOG(2, s, t, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipv6cp));
1562 }
1563 }
1564 else if (*p == ConfigReq)
1565 {
1566 uint8_t *response = 0;
1567 uint8_t *o = p + 4;
1568 int length = l - 4;
1569 int gotip = 0;
1570 uint32_t ident[2];
1571
1572 while (length > 2)
1573 {
1574 if (!o[1] || o[1] > length) return;
1575
1576 switch (*o)
1577 {
1578 case 1: // interface identifier
1579 gotip++; // seen address
1580 if (o[1] != 10) return;
1581
1582 ident[0] = htonl(session[s].ip);
1583 ident[1] = 0;
1584
1585 if (memcmp(o + 2, ident, sizeof(ident)))
1586 {
1587 q = ppp_conf_nak(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o, (uint8_t *)ident, sizeof(ident));
1588 if (!q) return;
1589 }
1590
1591 break;
1592
1593 default:
1594 LOG(2, s, t, " Rejecting PPP IPV6CP Option type %d\n", *o);
1595 q = ppp_conf_rej(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o);
1596 if (!q) return;
1597 }
1598
1599 length -= o[1];
1600 o += o[1];
1601 }
1602
1603 if (response)
1604 {
1605 l = q - response; // IPV6CP packet length
1606 *((uint16_t *) (response + 2)) = htons(l); // update header
1607 }
1608 else if (gotip)
1609 {
1610 // Send packet back as ConfigAck
1611 response = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP, 0, 0, 0);
1612 if (!response) return;
1613 *response = ConfigAck;
1614 }
1615 else
1616 {
1617 LOG(1, s, t, "No interface identifier in IPV6CP request\n");
1618 STAT(tunnel_rx_errors);
1619 return;
1620 }
1621
1622 switch (session[s].ppp.ipv6cp)
1623 {
1624 case Closed:
1625 response = makeppp(b, sizeof(b), p, 2, s, t, PPPIPV6CP, 0, 0, 0);
1626 if (!response) return;
1627 *response = TerminateAck;
1628 *((uint16_t *) (response + 2)) = htons(l = 4);
1629 break;
1630
1631 case Stopped:
1632 initialise_restart_count(s, ipv6cp);
1633 sendipv6cp(s, t);
1634 if (*response == ConfigAck)
1635 change_state(s, ipv6cp, AckSent);
1636 else
1637 change_state(s, ipv6cp, RequestSent);
1638
1639 break;
1640
1641 case RequestSent:
1642 if (*response == ConfigAck)
1643 change_state(s, ipv6cp, AckSent);
1644
1645 break;
1646
1647 case AckReceived:
1648 if (*response == ConfigAck)
1649 ipv6cp_open(s, t);
1650
1651 break;
1652
1653 case Opened:
1654 initialise_restart_count(s, ipv6cp);
1655 sendipv6cp(s, t);
1656 /* fallthrough */
1657
1658 case AckSent:
1659 if (*response == ConfigAck)
1660 change_state(s, ipv6cp, AckSent);
1661 else
1662 change_state(s, ipv6cp, RequestSent);
1663
1664 break;
1665
1666 default:
1667 LOG(2, s, t, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipv6cp));
1668 return;
1669 }
1670
1671 LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*response));
1672 tunnelsend(b, l + (response - b), t);
1673 }
1674 else if (*p == TerminateReq)
1675 {
1676 switch (session[s].ppp.ipv6cp)
1677 {
1678 case Closed:
1679 case Stopped:
1680 case Closing:
1681 case Stopping:
1682 case RequestSent:
1683 case AckReceived:
1684 case AckSent:
1685 break;
1686
1687 case Opened:
1688 zero_restart_count(s, ipv6cp);
1689 change_state(s, ipv6cp, Closing);
1690 break;
1691
1692 default:
1693 LOG(2, s, t, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipv6cp));
1694 return;
1695 }
1696
1697 *p = TerminateAck; // send ack
1698 q = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP, 0, 0, 0);
1699 if (!q) return;
1700
1701 LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*q));
1702 tunnelsend(b, l + (q - b), t); // send it
1703 }
1704 else if (*p != CodeRej)
1705 {
1706 ppp_code_rej(s, t, PPPIPV6CP, "IPV6CP", p, l, b, sizeof(b));
1707 }
1708 }
1709
1710 static void update_sessions_in_stat(sessionidt s, uint16_t l)
1711 {
1712 bundleidt b = session[s].bundle;
1713 if (!b)
1714 {
1715 increment_counter(&session[s].cin, &session[s].cin_wrap, l);
1716 session[s].cin_delta += l;
1717 session[s].pin++;
1718
1719 sess_local[s].cin += l;
1720 sess_local[s].pin++;
1721 }
1722 else
1723 {
1724 int i = frag[b].re_frame_begin_index;
1725 int end = frag[b].re_frame_end_index;
1726 for (;;)
1727 {
1728 l = frag[b].fragment[i].length;
1729 s = frag[b].fragment[i].sid;
1730 increment_counter(&session[s].cin, &session[s].cin_wrap, l);
1731 session[s].cin_delta += l;
1732 session[s].pin++;
1733
1734 sess_local[s].cin += l;
1735 sess_local[s].pin++;
1736 if (i == end)
1737 return;
1738 i = (i + 1) & MAXFRAGNUM_MASK;
1739 }
1740 }
1741 }
1742
1743 // process IP packet received
1744 //
1745 // This MUST be called with at least 4 byte behind 'p'.
1746 // (i.e. this routine writes to p[-4]).
1747 void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
1748 {
1749 in_addr_t ip, ip_dst;
1750
1751 CSTAT(processipin);
1752
1753 LOG_HEX(5, "IP", p, l);
1754
1755 if (l < 20)
1756 {
1757 LOG(1, s, t, "IP packet too short %d\n", l);
1758 STAT(tunnel_rx_errors);
1759 return ;
1760 }
1761
1762 ip = ntohl(*(uint32_t *)(p + 12));
1763 ip_dst = *(uint32_t *)(p + 16);
1764
1765 if (l > MAXETHER)
1766 {
1767 LOG(1, s, t, "IP packet too long %d\n", l);
1768 STAT(tunnel_rx_errors);
1769 return ;
1770 }
1771
1772 if (session[s].ppp.phase != Network || session[s].ppp.ipcp != Opened)
1773 return;
1774
1775 if (!session[s].bundle || bundle[session[s].bundle].num_of_links < 2) // FIXME:
1776 {
1777 // no spoof (do sessionbyip to handled statically routed subnets)
1778 if (!config->disable_no_spoof && ip != session[s].ip && sessionbyip(htonl(ip)) != s)
1779 {
1780 LOG(4, s, t, "Dropping packet with spoofed IP %s\n", fmtaddr(htonl(ip), 0));
1781 return;
1782 }
1783 }
1784
1785 // run access-list if any
1786 if (session[s].filter_in && !ip_filter(p, l, session[s].filter_in - 1))
1787 return;
1788
1789 // adjust MSS on SYN and SYN,ACK packets with options
1790 if ((ntohs(*(uint16_t *) (p + 6)) & 0x1fff) == 0 && p[9] == IPPROTO_TCP) // first tcp fragment
1791 {
1792 int ihl = (p[0] & 0xf) * 4; // length of IP header
1793 if (l >= ihl + 20 && (p[ihl + 13] & TCP_FLAG_SYN) && ((p[ihl + 12] >> 4) > 5))
1794 adjust_tcp_mss(s, t, p, l, p + ihl);
1795 }
1796
1797 // Add on the tun header
1798 p -= 4;
1799 *(uint32_t *) p = htonl(PKTIP);
1800 l += 4;
1801
1802 if (session[s].tbf_in)
1803 {
1804 if (!config->no_throttle_local_IP || !sessionbyip(ip_dst))
1805 {
1806 // Are we throttling this session?
1807 if (config->cluster_iam_master)
1808 tbf_queue_packet(session[s].tbf_in, p, l);
1809 else
1810 master_throttle_packet(session[s].tbf_in, p, l);
1811 return;
1812 }
1813 }
1814
1815 // send to ethernet
1816 if (tun_write(p, l) < 0)
1817 {
1818 STAT(tun_tx_errors);
1819 LOG(0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
1820 l, strerror(errno), tunfd, p);
1821
1822 return;
1823 }
1824
1825 p += 4;
1826 l -= 4;
1827
1828 if (session[s].snoop_ip && session[s].snoop_port)
1829 {
1830 // Snooping this session
1831 snoop_send_packet(p, l, session[s].snoop_ip, session[s].snoop_port);
1832 }
1833
1834 update_sessions_in_stat(s, l);
1835
1836 eth_tx += l;
1837
1838 STAT(tun_tx_packets);
1839 INC_STAT(tun_tx_bytes, l);
1840 }
1841
1842 // process Multilink PPP packet received
1843 void processmpin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
1844 {
1845 bundleidt b = session[s].bundle;
1846 bundlet * this_bundle = &bundle[b];
1847 uint32_t maskSeq, max_seq;
1848 int frag_offset;
1849 uint16_t frag_index, frag_index_next, frag_index_prev;
1850 fragmentationt *this_fragmentation = &frag[b];
1851 uint8_t begin_frame = (*p & MP_BEGIN);
1852 uint8_t end_frame = (*p & MP_END);
1853 uint32_t seq_num, seq_num_next, seq_num_prev;
1854 uint32_t i;
1855 uint8_t flags = *p;
1856 uint16_t begin_index, end_index;
1857
1858 // Perform length checking
1859 if(l > MAXFRAGLEN)
1860 {
1861 LOG(2, s, t, "MPPP: discarding fragment larger than MAXFRAGLEN\n");
1862 return;
1863 }
1864
1865 if(!b)
1866 {
1867 LOG(2, s, t, "MPPP: Invalid bundle id: 0\n");
1868 return;
1869 }
1870 // FIXME !! session[s].mssf means that the receiver wants to receive frames in mssf not means the receiver will send frames in mssf
1871 /* if(session[s].mssf)
1872 {
1873 // Get 12 bit for seq number
1874 seq_num = ntohs((*(uint16_t *) p) & 0xFF0F);
1875 p += 2;
1876 l -= 2;
1877 // After this point the pointer should be advanced 2 bytes
1878 LOG(3, s, t, "MPPP: 12 bits, sequence number: %d\n",seq_num);
1879 }
1880 else */
1881 {
1882 // Get 24 bit for seq number
1883 seq_num = ntohl((*(uint32_t *) p) & 0xFFFFFF00);
1884 p += 4;
1885 l -= 4;
1886 // After this point the pointer should be advanced 4 bytes
1887 LOG(4, s, t, "MPPP: 24 bits sequence number:%d\n",seq_num);
1888 }
1889
1890 max_seq = this_bundle->max_seq;
1891 maskSeq = max_seq - 1;
1892
1893 /*
1894 * Expand sequence number to 32 bits, making it as close
1895 * as possible to this_fragmentation->M.
1896 */
1897 seq_num |= this_fragmentation->M & ~maskSeq;
1898 if ((int)(this_fragmentation->M - seq_num) > (int)(maskSeq >> 1))
1899 {
1900 seq_num += maskSeq + 1;
1901 }
1902 else if ((int)(seq_num - this_fragmentation->M) > (int)(maskSeq >> 1))
1903 {
1904 seq_num -= maskSeq + 1; /* should never happen */
1905 }
1906
1907 // calculate this fragment's offset from the begin seq in the bundle
1908 frag_offset = (int) (seq_num - this_fragmentation->start_seq);
1909
1910 sess_local[s].last_seq = seq_num;
1911
1912 // calculate the jitter average
1913 uint32_t ljitter = time_now_ms - sess_local[s].prev_time;
1914 if (ljitter > 0)
1915 {
1916 sess_local[s].jitteravg = (sess_local[s].jitteravg + ljitter)>>1;
1917 sess_local[s].prev_time = time_now_ms;
1918 }
1919
1920 uint32_t Mmin;
1921
1922 if (seq_num < this_fragmentation->M)
1923 {
1924 Mmin = seq_num;
1925 this_fragmentation->M = seq_num;
1926 }
1927 else
1928 {
1929 Mmin = sess_local[(this_bundle->members[0])].last_seq;
1930 for (i = 1; i < this_bundle->num_of_links; i++)
1931 {
1932 uint32_t s_seq = sess_local[(this_bundle->members[i])].last_seq;
1933 if (s_seq < Mmin)
1934 Mmin = s_seq;
1935 }
1936 this_fragmentation->M = Mmin;
1937 }
1938
1939 // calculate M offset of the M seq in the bundle
1940 int M_offset = (int) (Mmin - this_fragmentation->start_seq);
1941
1942 if (M_offset >= MAXFRAGNUM)
1943 {
1944 // There have a long break of the link !!!!!!!!
1945 // M_offset is bigger that the fragmentation buffer size
1946 LOG(3, s, t, "MPPP: M_offset out of range, min:%d, begin_seq:%d\n", Mmin, this_fragmentation->start_seq);
1947
1948 // Calculate the new start index, the previous frag are lost
1949 begin_index = (M_offset + this_fragmentation->start_index) & MAXFRAGNUM_MASK;
1950
1951 // Set new Start sequence
1952 this_fragmentation->start_index = begin_index;
1953 this_fragmentation->start_seq = Mmin;
1954 M_offset = 0;
1955 // recalculate the fragment offset from the new begin seq in the bundle
1956 frag_offset = (int) (seq_num - Mmin);
1957 }
1958
1959 // discard this fragment if the packet comes before the start sequence
1960 if (frag_offset < 0)
1961 {
1962 // this packet comes before the next
1963 LOG(3, s, t, "MPPP: (COMES BEFORE) the next, seq:%d, begin_seq:%d, size_frag:%d, flags:%02X is LOST\n", seq_num, this_fragmentation->start_seq, l, flags);
1964 return;
1965 }
1966
1967 // discard if frag_offset is bigger that the fragmentation buffer size
1968 if (frag_offset >= MAXFRAGNUM)
1969 {
1970 // frag_offset is bigger that the fragmentation buffer size
1971 LOG(3, s, t, "MPPP: Index out of range, seq:%d, begin_seq:%d\n", seq_num, this_fragmentation->start_seq);
1972 return;
1973 }
1974
1975 //caculate received fragment's index in the fragment array
1976 frag_index = (frag_offset + this_fragmentation->start_index) & MAXFRAGNUM_MASK;
1977
1978 // insert the frame in it's place
1979 fragmentt *this_frag = &this_fragmentation->fragment[frag_index];
1980
1981 if (this_frag->length > 0)
1982 // This fragment is lost, It was around the buffer and it was never completed the packet.
1983 LOG(3, this_frag->sid, this_frag->tid, "MPPP: (INSERT) seq_num:%d frag_index:%d flags:%02X is LOST\n",
1984 this_frag->seq, frag_index, this_frag->flags);
1985
1986 this_frag->length = l;
1987 this_frag->sid = s;
1988 this_frag->tid = t;
1989 this_frag->flags = flags;
1990 this_frag->seq = seq_num;
1991 this_frag->jitteravg = sess_local[s].jitteravg;
1992 memcpy(this_frag->data, p, l);
1993
1994 LOG(4, s, t, "MPPP: seq_num:%d frag_index:%d INSERTED flags: %02X\n", seq_num, frag_index, flags);
1995
1996 //next frag index
1997 frag_index_next = (frag_index + 1) & MAXFRAGNUM_MASK;
1998 //previous frag index
1999 frag_index_prev = (frag_index - 1) & MAXFRAGNUM_MASK;
2000 // next seq
2001 seq_num_next = seq_num + 1;
2002 // previous seq
2003 seq_num_prev = seq_num - 1;
2004
2005 // Clean the buffer and log the lost fragments
2006 if ((frag_index_next != this_fragmentation->start_index) && this_fragmentation->fragment[frag_index_next].length)
2007 {
2008 // check if the next frag is a lost fragment
2009 if (this_fragmentation->fragment[frag_index_next].seq != seq_num_next)
2010 {
2011 // This fragment is lost, It was around the buffer and it was never completed the packet.
2012 LOG(3, this_fragmentation->fragment[frag_index_next].sid, this_fragmentation->fragment[frag_index_next].tid,
2013 "MPPP: (NEXT) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2014 this_fragmentation->fragment[frag_index_next].seq, frag_index_next,
2015 this_fragmentation->fragment[frag_index_next].flags);
2016 // this frag is lost
2017 this_fragmentation->fragment[frag_index_next].length = 0;
2018 this_fragmentation->fragment[frag_index_next].flags = 0;
2019
2020 if (begin_frame && (!end_frame)) return; // assembling frame failed
2021 }
2022 }
2023
2024 // Clean the buffer and log the lost fragments
2025 if ((frag_index != this_fragmentation->start_index) && this_fragmentation->fragment[frag_index_prev].length)
2026 {
2027 // check if the next frag is a lost fragment
2028 if (this_fragmentation->fragment[frag_index_prev].seq != seq_num_prev)
2029 {
2030 // This fragment is lost, It was around the buffer and it was never completed the packet.
2031 LOG(3, this_fragmentation->fragment[frag_index_prev].sid, this_fragmentation->fragment[frag_index_prev].tid,
2032 "MPPP: (PREV) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2033 this_fragmentation->fragment[frag_index_prev].seq, frag_index_prev,
2034 this_fragmentation->fragment[frag_index_prev].flags);
2035
2036 this_fragmentation->fragment[frag_index_prev].length = 0;
2037 this_fragmentation->fragment[frag_index_prev].flags = 0;
2038
2039 if (end_frame && (!begin_frame)) return; // assembling frame failed
2040 }
2041 }
2042
2043 find_frame:
2044 begin_index = this_fragmentation->start_index;
2045 uint32_t b_seq = this_fragmentation->start_seq;
2046 // Try to find a Begin sequence from the start_seq sequence to M sequence
2047 while (b_seq < Mmin)
2048 {
2049 if (this_fragmentation->fragment[begin_index].length)
2050 {
2051 if (b_seq == this_fragmentation->fragment[begin_index].seq)
2052 {
2053 if (this_fragmentation->fragment[begin_index].flags & MP_BEGIN)
2054 {
2055 int isfoundE = 0;
2056 // Adjust the new start sequence and start index
2057 this_fragmentation->start_index = begin_index;
2058 this_fragmentation->start_seq = b_seq;
2059 // Begin Sequence found, now try to found the End Sequence to complete the frame
2060 end_index = begin_index;
2061 while (b_seq < Mmin)
2062 {
2063 if (this_fragmentation->fragment[end_index].length)
2064 {
2065 if (b_seq == this_fragmentation->fragment[end_index].seq)
2066 {
2067 if (this_fragmentation->fragment[end_index].flags & MP_END)
2068 {
2069 // The End sequence was found and the frame is complete
2070 isfoundE = 1;
2071 break;
2072 }
2073 }
2074 else
2075 {
2076 // This fragment is lost, it was never completed the packet.
2077 LOG(3, this_fragmentation->fragment[end_index].sid, this_fragmentation->fragment[end_index].tid,
2078 "MPPP: (FIND END) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2079 this_fragmentation->fragment[end_index].seq, begin_index,
2080 this_fragmentation->fragment[end_index].flags);
2081 // this frag is lost
2082 this_fragmentation->fragment[end_index].length = 0;
2083 this_fragmentation->fragment[end_index].flags = 0;
2084 // This frame is not complete find the next Begin
2085 break;
2086 }
2087 }
2088 else
2089 {
2090 // This frame is not complete find the next Begin if exist
2091 break;
2092 }
2093 end_index = (end_index +1) & MAXFRAGNUM_MASK;
2094 b_seq++;
2095 }
2096
2097 if (isfoundE)
2098 // The End sequence was found and the frame is complete
2099 break;
2100 else
2101 // find the next Begin
2102 begin_index = end_index;
2103 }
2104 }
2105 else
2106 {
2107 // This fragment is lost, it was never completed the packet.
2108 LOG(3, this_fragmentation->fragment[begin_index].sid, this_fragmentation->fragment[begin_index].tid,
2109 "MPPP: (FIND BEGIN) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2110 this_fragmentation->fragment[begin_index].seq, begin_index,
2111 this_fragmentation->fragment[begin_index].flags);
2112 // this frag is lost
2113 this_fragmentation->fragment[begin_index].length = 0;
2114 this_fragmentation->fragment[begin_index].flags = 0;
2115 }
2116 }
2117 begin_index = (begin_index +1) & MAXFRAGNUM_MASK;
2118 b_seq++;
2119 }
2120
2121 assembling_frame:
2122 // try to assemble the frame that has the received fragment as a member
2123 // get the beginning of this frame
2124 begin_index = end_index = this_fragmentation->start_index;
2125 if (this_fragmentation->fragment[begin_index].length)
2126 {
2127 if (!(this_fragmentation->fragment[begin_index].flags & MP_BEGIN))
2128 {
2129 LOG(3, this_fragmentation->fragment[begin_index].sid, this_fragmentation->fragment[begin_index].tid,
2130 "MPPP: (NOT BEGIN) seq_num:%d frag_index:%d flags:%02X\n",
2131 this_fragmentation->fragment[begin_index].seq, begin_index,
2132 this_fragmentation->fragment[begin_index].flags);
2133 // should occur only after an "M_Offset out of range"
2134 // The start sequence must be a begin sequence
2135 this_fragmentation->start_index = (begin_index +1) & MAXFRAGNUM_MASK;
2136 this_fragmentation->start_seq++;
2137 return; // assembling frame failed
2138 }
2139 }
2140 else
2141 return; // assembling frame failed
2142
2143 // get the end of his frame
2144 while (this_fragmentation->fragment[end_index].length)
2145 {
2146 if (this_fragmentation->fragment[end_index].flags & MP_END)
2147 break;
2148
2149 end_index = (end_index +1) & MAXFRAGNUM_MASK;
2150
2151 if (end_index == this_fragmentation->start_index)
2152 return; // assembling frame failed
2153 }
2154
2155 // return if a lost fragment is found
2156 if (!(this_fragmentation->fragment[end_index].length))
2157 return; // assembling frame failed
2158
2159 // assemble the packet
2160 //assemble frame, process it, reset fragmentation
2161 uint16_t cur_len = 4; // This is set to 4 to leave 4 bytes for function processipin
2162
2163 LOG(4, s, t, "MPPP: processing fragments from %d to %d\n", begin_index, end_index);
2164 // Push to the receive buffer
2165
2166 for (i = begin_index;; i = (i + 1) & MAXFRAGNUM_MASK)
2167 {
2168 this_frag = &this_fragmentation->fragment[i];
2169 if(cur_len + this_frag->length > MAXETHER)
2170 {
2171 LOG(2, s, t, "MPPP: discarding reassembled frames larger than MAXETHER\n");
2172 break;
2173 }
2174
2175 memcpy(this_fragmentation->reassembled_frame+cur_len, this_frag->data, this_frag->length);
2176 LOG(5, s, t, "MPPP: processing frame at %d, with len %d\n", i, this_frag->length);
2177
2178 cur_len += this_frag->length;
2179 if (i == end_index)
2180 {
2181 this_fragmentation->re_frame_len = cur_len;
2182 this_fragmentation->re_frame_begin_index = begin_index;
2183 this_fragmentation->re_frame_end_index = end_index;
2184 // Process the resassembled frame
2185 LOG(5, s, t, "MPPP: Process the reassembled frame, len=%d\n",cur_len);
2186 processmpframe(s, t, this_fragmentation->reassembled_frame, this_fragmentation->re_frame_len, 1);
2187 break;
2188 }
2189 }
2190
2191 // Set reassembled frame length to zero after processing it
2192 this_fragmentation->re_frame_len = 0;
2193 for (i = begin_index;; i = (i + 1) & MAXFRAGNUM_MASK)
2194 {
2195 this_fragmentation->fragment[i].length = 0; // Indicates that this fragment has been consumed
2196 this_fragmentation->fragment[i].flags = 0;
2197 if (i == end_index)
2198 break;
2199 }
2200
2201 // Set the new start_index and start_seq
2202 this_fragmentation->start_index = (end_index + 1) & MAXFRAGNUM_MASK;
2203 this_fragmentation->start_seq = this_fragmentation->fragment[end_index].seq + 1;
2204 LOG(4, s, t, "MPPP after assembling: start index is = %d, start seq=%d\n", this_fragmentation->start_index, this_fragmentation->start_seq);
2205
2206 begin_index = this_fragmentation->start_index;
2207 if ((this_fragmentation->fragment[begin_index].length) &&
2208 (this_fragmentation->fragment[begin_index].seq != this_fragmentation->start_seq))
2209 {
2210 LOG(3, this_fragmentation->fragment[begin_index].sid, this_fragmentation->fragment[begin_index].tid,
2211 "MPPP: (START) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2212 this_fragmentation->fragment[begin_index].seq, begin_index,
2213 this_fragmentation->fragment[begin_index].flags);
2214 this_fragmentation->fragment[begin_index].length = 0;
2215 this_fragmentation->fragment[begin_index].flags = 0;
2216 }
2217
2218 if (this_fragmentation->start_seq <= Mmin)
2219 // It's possible to find other complete frame or lost frame.
2220 goto find_frame;
2221 else if ((this_fragmentation->fragment[begin_index].length) &&
2222 (this_fragmentation->fragment[begin_index].flags & MP_BEGIN))
2223 // may be that the next frame is completed
2224 goto assembling_frame;
2225
2226 return;
2227 }
2228
2229 // process IPv6 packet received
2230 //
2231 // This MUST be called with at least 4 byte behind 'p'.
2232 // (i.e. this routine writes to p[-4]).
2233 void processipv6in(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
2234 {
2235 struct in6_addr ip;
2236 in_addr_t ipv4;
2237
2238 CSTAT(processipv6in);
2239
2240 LOG_HEX(5, "IPv6", p, l);
2241
2242 ip = *(struct in6_addr *) (p + 8);
2243 ipv4 = ntohl(*(uint32_t *)(p + 16));
2244
2245 if (l > MAXETHER)
2246 {
2247 LOG(1, s, t, "IP packet too long %d\n", l);
2248 STAT(tunnel_rx_errors);
2249 return ;
2250 }
2251
2252 if (session[s].ppp.phase != Network || session[s].ppp.ipv6cp != Opened)
2253 return;
2254
2255 // no spoof
2256 if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s)
2257 {
2258 char str[INET6_ADDRSTRLEN];
2259 LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
2260 inet_ntop(AF_INET6, &ip, str, INET6_ADDRSTRLEN));
2261 return;
2262 }
2263
2264 // Check if it's a Router Solicition message.
2265 if (*(p + 6) == 58 && *(p + 7) == 255 && *(p + 24) == 0xFF && *(p + 25) == 2 &&
2266 *(uint32_t *)(p + 26) == 0 && *(uint32_t *)(p + 30) == 0 &&
2267 *(uint32_t *)(p + 34) == 0 &&
2268 *(p + 38) == 0 && *(p + 39) == 2 && *(p + 40) == 133) {
2269 LOG(3, s, t, "Got IPv6 RS\n");
2270 send_ipv6_ra(s, t, &ip);
2271 return;
2272 }
2273
2274 // Check if DhcpV6, IP dst: FF02::1:2, Src Port 0x0222 (546), Dst Port 0x0223 (547)
2275 if (*(p + 6) == 17 && *(p + 24) == 0xFF && *(p + 25) == 2 &&
2276 *(uint32_t *)(p + 26) == 0 && *(uint32_t *)(p + 30) == 0 &&
2277 *(uint16_t *)(p + 34) == 0 && *(p + 36) == 0 && *(p + 37) == 1 && *(p + 38) == 0 && *(p + 39) == 2 &&
2278 *(p + 40) == 2 && *(p + 41) == 0x22 && *(p + 42) == 2 && *(p + 43) == 0x23)
2279 {
2280 dhcpv6_process(s, t, p, l);
2281 return;
2282 }
2283
2284 // Add on the tun header
2285 p -= 4;
2286 *(uint32_t *) p = htonl(PKTIPV6);
2287 l += 4;
2288
2289 // Are we throttled and a slave?
2290 if (session[s].tbf_in && !config->cluster_iam_master) {
2291 // Pass it to the master for handling.
2292 master_throttle_packet(session[s].tbf_in, p, l);
2293 return;
2294 }
2295
2296 // Are we throttled and a master??
2297 if (session[s].tbf_in && config->cluster_iam_master) {
2298 // Actually handle the throttled packets.
2299 tbf_queue_packet(session[s].tbf_in, p, l);
2300 return;
2301 }
2302
2303 // send to ethernet
2304 if (tun_write(p, l) < 0)
2305 {
2306 STAT(tun_tx_errors);
2307 LOG(0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
2308 l, strerror(errno), tunfd, p);
2309
2310 return;
2311 }
2312
2313 p += 4;
2314 l -= 4;
2315
2316 if (session[s].snoop_ip && session[s].snoop_port)
2317 {
2318 // Snooping this session
2319 snoop_send_packet(p, l, session[s].snoop_ip, session[s].snoop_port);
2320 }
2321
2322 update_sessions_in_stat(s, l);
2323
2324 eth_tx += l;
2325
2326 STAT(tun_tx_packets);
2327 INC_STAT(tun_tx_bytes, l);
2328 }
2329
2330 //
2331 // Helper routine for the TBF filters.
2332 // Used to send queued data in from the user.
2333 //
2334 void send_ipin(sessionidt s, uint8_t *buf, int len)
2335 {
2336 LOG_HEX(5, "IP in throttled", buf, len);
2337
2338 if (write(tunfd, buf, len) < 0)
2339 {
2340 STAT(tun_tx_errors);
2341 LOG(0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
2342 len, strerror(errno), tunfd, buf);
2343
2344 return;
2345 }
2346
2347 buf += 4;
2348 len -= 4;
2349
2350 if (session[s].snoop_ip && session[s].snoop_port)
2351 {
2352 // Snooping this session
2353 snoop_send_packet(buf, len, session[s].snoop_ip, session[s].snoop_port);
2354 }
2355
2356 // Increment packet counters
2357 increment_counter(&session[s].cin, &session[s].cin_wrap, len);
2358 session[s].cin_delta += len;
2359 session[s].pin++;
2360
2361 sess_local[s].cin += len;
2362 sess_local[s].pin++;
2363
2364 eth_tx += len;
2365
2366 STAT(tun_tx_packets);
2367 INC_STAT(tun_tx_bytes, len - 4);
2368 }
2369
2370
2371 // Process CCP messages
2372 void processccp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
2373 {
2374 uint8_t b[MAXETHER];
2375 uint8_t *q;
2376
2377 CSTAT(processccp);
2378
2379 LOG_HEX(5, "CCP", p, l);
2380
2381 if (session[s].ppp.phase < Network)
2382 {
2383 LOG(2, s, t, "CCP %s ignored in %s phase\n", ppp_code(*p), ppp_phase(session[s].ppp.phase));
2384 return;
2385 }
2386
2387 if (l < 1)
2388 {
2389 LOG(1, s, t, "Short CCP packet\n");
2390 STAT(tunnel_rx_errors);
2391 }
2392
2393 LOG(4, s, t, "CCP: recv %s\n", ppp_code(*p));
2394 if (*p == ConfigAck)
2395 {
2396 switch (session[s].ppp.ccp)
2397 {
2398 case RequestSent:
2399 initialise_restart_count(s, ccp);
2400 change_state(s, ccp, AckReceived);
2401 break;
2402
2403 case AckReceived:
2404 case Opened:
2405 LOG(2, s, t, "CCP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.ccp));
2406 sendccp(s, t);
2407 change_state(s, ccp, RequestSent);
2408 break;
2409
2410 case AckSent:
2411 LOG(3, s, t, "CCP: Opened\n");
2412 change_state(s, ccp, Opened);
2413 break;
2414
2415 default:
2416 LOG(2, s, t, "CCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ccp));
2417 }
2418 }
2419 else if (*p == ConfigReq)
2420 {
2421 if (l < 6) // accept no compression
2422 *p = ConfigAck;
2423 else // compression requested--reject
2424 *p = ConfigRej;
2425
2426 q = makeppp(b, sizeof(b), p, l, s, t, PPPCCP, 0, 0, 0);
2427 if (!q) return;
2428
2429 switch (session[s].ppp.ccp)
2430 {
2431 case Closed:
2432 q = makeppp(b, sizeof(b), p, 2, s, t, PPPCCP, 0, 0, 0);
2433 if (!q) return;
2434 *q = TerminateAck;
2435 *((uint16_t *) (q + 2)) = htons(l = 4);
2436 break;
2437
2438 case Stopped:
2439 initialise_restart_count(s, ccp);
2440 sendccp(s, t);
2441 if (*q == ConfigAck)
2442 change_state(s, ccp, AckSent);
2443 else
2444 change_state(s, ccp, RequestSent);
2445
2446 break;
2447
2448 case RequestSent:
2449 if (*q == ConfigAck)
2450 change_state(s, ccp, AckSent);
2451
2452 break;
2453
2454 case AckReceived:
2455 if (*q == ConfigAck)
2456 change_state(s, ccp, Opened);
2457
2458 break;
2459
2460 case Opened:
2461 initialise_restart_count(s, ccp);
2462 sendccp(s, t);
2463 /* fallthrough */
2464
2465 case AckSent:
2466 if (*q == ConfigAck)
2467 change_state(s, ccp, AckSent);
2468 else
2469 change_state(s, ccp, RequestSent);
2470
2471 break;
2472
2473 default:
2474 LOG(2, s, t, "CCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ccp));
2475 return;
2476 }
2477
2478 LOG(4, s, t, "CCP: send %s\n", ppp_code(*q));
2479 tunnelsend(b, l + (q - b), t);
2480 }
2481 else if (*p == TerminateReq)
2482 {
2483 *p = TerminateAck;
2484 q = makeppp(b, sizeof(b), p, l, s, t, PPPCCP, 0, 0, 0);
2485 if (!q) return;
2486 LOG(3, s, t, "CCP: send %s\n", ppp_code(*q));
2487 tunnelsend(b, l + (q - b), t);
2488 change_state(s, ccp, Stopped);
2489 }
2490 else if (*p != CodeRej)
2491 {
2492 ppp_code_rej(s, t, PPPCCP, "CCP", p, l, b, sizeof(b));
2493 }
2494 }
2495
2496 // send a CHAP challenge
2497 void sendchap(sessionidt s, tunnelidt t)
2498 {
2499 uint8_t b[MAXETHER];
2500 uint16_t r;
2501 uint8_t *q;
2502
2503 CSTAT(sendchap);
2504
2505 r = radiusnew(s);
2506 if (!r)
2507 {
2508 LOG(1, s, t, "No RADIUS to send challenge\n");
2509 STAT(tunnel_tx_errors);
2510 return;
2511 }
2512
2513 LOG(1, s, t, "Send CHAP challenge\n");
2514
2515 radius[r].chap = 1; // CHAP not PAP
2516 radius[r].id++;
2517 if (radius[r].state != RADIUSCHAP)
2518 radius[r].try = 0;
2519
2520 radius[r].state = RADIUSCHAP;
2521 radius[r].retry = backoff(radius[r].try++);
2522 if (radius[r].try > 5)
2523 {
2524 sessionshutdown(s, "CHAP timeout.", CDN_ADMIN_DISC, TERM_REAUTHENTICATION_FAILURE);
2525 STAT(tunnel_tx_errors);
2526 return ;
2527 }
2528 q = makeppp(b, sizeof(b), 0, 0, s, t, PPPCHAP, 0, 0, 0);
2529 if (!q) return;
2530
2531 *q = 1; // challenge
2532 q[1] = radius[r].id; // ID
2533 q[4] = 16; // value size (size of challenge)
2534 memcpy(q + 5, radius[r].auth, 16); // challenge
2535 strcpy((char *) q + 21, config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname); // our name
2536 *(uint16_t *) (q + 2) = htons(strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21); // length
2537 tunnelsend(b, strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21 + (q - b), t); // send it
2538 }
2539
2540 // fill in a L2TP message with a PPP frame,
2541 // returns start of PPP frame
2542 uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, sessionidt s, tunnelidt t, uint16_t mtype, uint8_t prio, bundleidt bid, uint8_t mp_bits)
2543 {
2544 uint16_t hdr = 0x0002; // L2TP with no options
2545 uint16_t type = mtype;
2546 uint8_t *start = b;
2547
2548 if (t == TUNNEL_ID_PPPOE)
2549 {
2550 return pppoe_makeppp(b, size, p, l, s, t, mtype, prio, bid, mp_bits);
2551 }
2552
2553 if (size < 16) // Need more space than this!!
2554 {
2555 LOG(0, s, t, "makeppp buffer too small for L2TP header (size=%d)\n", size);
2556 return NULL;
2557 }
2558
2559 if (prio) hdr |= 0x0100; // set priority bit
2560
2561 *(uint16_t *) (b + 0) = htons(hdr);
2562 *(uint16_t *) (b + 2) = htons(tunnel[t].far); // tunnel
2563 *(uint16_t *) (b + 4) = htons(session[s].far); // session
2564 b += 6;
2565
2566 // Check whether this session is part of multilink
2567 if (bid)
2568 {
2569 if (bundle[bid].num_of_links > 1)
2570 type = PPPMP; // Change PPP message type to the PPPMP
2571 else
2572 bid = 0;
2573 }
2574
2575 if (type == PPPLCP || !(session[s].flags & SESSION_ACFC))
2576 {
2577 *(uint16_t *) b = htons(0xFF03); // HDLC header
2578 b += 2;
2579 }
2580
2581 if (type < 0x100 && session[s].flags & SESSION_PFC)
2582 {
2583 *b++ = type;
2584 }
2585 else
2586 {
2587 *(uint16_t *) b = htons(type);
2588 b += 2;
2589 }
2590
2591 if (bid)
2592 {
2593 // Set the sequence number and (B)egin (E)nd flags
2594 if (session[s].mssf)
2595 {
2596 // Set the multilink bits
2597 uint16_t bits_send = mp_bits;
2598 *(uint16_t *) b = htons((bundle[bid].seq_num_t & 0x0FFF)|bits_send);
2599 b += 2;
2600 }
2601 else
2602 {
2603 *(uint32_t *) b = htonl(bundle[bid].seq_num_t);
2604 // Set the multilink bits
2605 *b = mp_bits;
2606 b += 4;
2607 }
2608
2609 bundle[bid].seq_num_t++;
2610
2611 // Add the message type if this fragment has the begin bit set
2612 if (mp_bits & MP_BEGIN)
2613 {
2614 //*b++ = mtype; // The next two lines are instead of this
2615 *(uint16_t *) b = htons(mtype); // Message type
2616 b += 2;
2617 }
2618 }
2619
2620 if ((b - start) + l > size)
2621 {
2622 LOG(2, s, t, "makeppp would overflow buffer (size=%d, header+payload=%td)\n", size, (b - start) + l);
2623 return NULL;
2624 }
2625
2626 // Copy the payload
2627 if (p && l)
2628 memcpy(b, p, l);
2629
2630 return b;
2631 }
2632
2633 // fill in a L2TP message with a PPP frame,
2634 // returns start of PPP frame
2635 //(note: THIS ROUTINE CAN WRITES TO p[-28]).
2636 uint8_t *opt_makeppp(uint8_t *p, int l, sessionidt s, tunnelidt t, uint16_t mtype, uint8_t prio, bundleidt bid, uint8_t mp_bits)
2637 {
2638 uint16_t hdr = 0x0002; // L2TP with no options
2639 uint16_t type = mtype;
2640 uint8_t *b = p;
2641
2642 if (t == TUNNEL_ID_PPPOE)
2643 {
2644 return opt_pppoe_makeppp(p, l, s, t, mtype, prio, bid, mp_bits);
2645 }
2646
2647 // Check whether this session is part of multilink
2648 if (bid)
2649 {
2650 if (bundle[bid].num_of_links > 1)
2651 type = PPPMP; // Change PPP message type to the PPPMP
2652 else
2653 bid = 0;
2654 }
2655
2656 if (bid)
2657 {
2658 // Add the message type if this fragment has the begin bit set
2659 if (mp_bits & MP_BEGIN)
2660 {
2661 b -= 2;
2662 *(uint16_t *) b = htons(mtype); // Message type
2663 }
2664
2665 // Set the sequence number and (B)egin (E)nd flags
2666 if (session[s].mssf)
2667 {
2668 // Set the multilink bits
2669 uint16_t bits_send = mp_bits;
2670 b -= 2;
2671 *(uint16_t *) b = htons((bundle[bid].seq_num_t & 0x0FFF)|bits_send);
2672 }
2673 else
2674 {
2675 b -= 4;
2676 *(uint32_t *) b = htonl(bundle[bid].seq_num_t);
2677 // Set the multilink bits
2678 *b = mp_bits;
2679 }
2680
2681 bundle[bid].seq_num_t++;
2682 }
2683
2684 if (type < 0x100 && session[s].flags & SESSION_PFC)
2685 {
2686 b--;
2687 *b = type;
2688 }
2689 else
2690 {
2691 b -= 2;
2692 *(uint16_t *) b = htons(type);
2693 }
2694
2695 if (type == PPPLCP || !(session[s].flags & SESSION_ACFC))
2696 {
2697 b -= 2;
2698 *(uint16_t *) b = htons(0xFF03); // HDLC header
2699 }
2700
2701 if (prio) hdr |= 0x0100; // set priority bit
2702 b -= 2;
2703 *(uint16_t *) b = htons(session[s].far); // session
2704 b -= 2;
2705 *(uint16_t *) b = htons(tunnel[t].far); // tunnel
2706 b -= 2;
2707 *(uint16_t *) b = htons(hdr);
2708
2709 return b;
2710 }
2711
2712 static int add_lcp_auth(uint8_t *b, int size, int authtype)
2713 {
2714 int len = 0;
2715 if ((authtype == AUTHCHAP && size < 5) || size < 4)
2716 return 0;
2717
2718 *b++ = 3; // Authentication-Protocol
2719 if (authtype == AUTHCHAP)
2720 {
2721 len = *b++ = 5; // length
2722 *(uint16_t *) b = htons(PPPCHAP); b += 2;
2723 *b++ = 5; // MD5
2724 }
2725 else if (authtype == AUTHPAP)
2726 {
2727 len = *b++ = 4; // length
2728 *(uint16_t *) b = htons(PPPPAP); b += 2;
2729 }
2730 else
2731 {
2732 LOG(0, 0, 0, "add_lcp_auth called with unsupported auth type %d\n", authtype);
2733 }
2734
2735 return len;
2736 }
2737
2738 // Send LCP ConfigReq for MRU, authentication type and magic no
2739 void sendlcp(sessionidt s, tunnelidt t)
2740 {
2741 uint8_t b[500], *q, *l;
2742 int authtype = sess_local[s].lcp_authtype;
2743
2744 if (!(q = makeppp(b, sizeof(b), NULL, 0, s, t, PPPLCP, 0, 0, 0)))
2745 return;
2746
2747 LOG(3, s, t, "LCP: send ConfigReq%s%s%s including MP options\n",
2748 authtype ? " (" : "",
2749 authtype ? (authtype == AUTHCHAP ? "CHAP" : "PAP") : "",
2750 authtype ? ")" : "");
2751
2752 l = q;
2753 *l++ = ConfigReq;
2754 *l++ = ++sess_local[s].lcp_ident; // ID
2755
2756 l += 2; //Save space for length
2757
2758 if (sess_local[s].ppp_mru)
2759 {
2760 *l++ = 1; *l++ = 4; // Maximum-Receive-Unit (length 4)
2761 *(uint16_t *) l = htons(sess_local[s].ppp_mru); l += 2;
2762 }
2763
2764 if (authtype)
2765 l += add_lcp_auth(l, sizeof(b) - (l - b), authtype);
2766
2767 if (session[s].magic)
2768 {
2769 *l++ = 5; *l++ = 6; // Magic-Number (length 6)
2770 *(uint32_t *) l = htonl(session[s].magic);
2771 l += 4;
2772 }
2773
2774 if (sess_local[s].mp_mrru)
2775 {
2776 *l++ = 17; *l++ = 4; // Multilink Max-Receive-Reconstructed-Unit (length 4)
2777 *(uint16_t *) l = htons(sess_local[s].mp_mrru); l += 2;
2778 }
2779
2780 if (sess_local[s].mp_epdis)
2781 {
2782 *l++ = 19; *l++ = 7; // Multilink Endpoint Discriminator (length 7)
2783 *l++ = IPADDR; // Endpoint Discriminator class
2784 *(uint32_t *) l = htonl(sess_local[s].mp_epdis);
2785 l += 4;
2786 }
2787
2788 *(uint16_t *)(q + 2) = htons(l - q); // Length
2789
2790 LOG_HEX(5, "PPPLCP", q, l - q);
2791 if (config->debug > 3) dumplcp(q, l - q);
2792
2793 tunnelsend(b, (l - b), t);
2794 restart_timer(s, lcp);
2795 }
2796
2797 // Send CCP request for no compression
2798 void sendccp(sessionidt s, tunnelidt t)
2799 {
2800 uint8_t b[500], *q;
2801
2802 if (!(q = makeppp(b, sizeof(b), NULL, 0, s, t, PPPCCP, 0, 0, 0)))
2803 return;
2804
2805 LOG(3, s, t, "CCP: send ConfigReq (no compression)\n");
2806
2807 *q = ConfigReq;
2808 *(q + 1) = ++sess_local[s].lcp_ident; // ID
2809 *(uint16_t *)(q + 2) = htons(4); // Length
2810
2811 LOG_HEX(5, "PPPCCP", q, 4);
2812 tunnelsend(b, (q - b) + 4 , t);
2813 restart_timer(s, ccp);
2814 }
2815
2816 // Reject unknown/unconfigured protocols
2817 void protoreject(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l, uint16_t proto)
2818 {
2819
2820 uint8_t buf[MAXETHER];
2821 uint8_t *q;
2822 int mru = session[s].mru;
2823 if (mru < MINMTU) mru = MINMTU;
2824 if (mru > sizeof(buf)) mru = sizeof(buf);
2825
2826 l += 6;
2827 if (l > mru) l = mru;
2828
2829 q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPLCP, 0, 0, 0);
2830 if (!q) return;
2831
2832 *q = ProtocolRej;
2833 *(q + 1) = ++sess_local[s].lcp_ident;
2834 *(uint16_t *)(q + 2) = htons(l);
2835 *(uint16_t *)(q + 4) = htons(proto);
2836 memcpy(q + 6, p, l - 6);
2837
2838 if (proto == PPPIPV6CP)
2839 LOG(3, s, t, "LCP: send ProtocolRej (IPV6CP: not configured)\n");
2840 else
2841 LOG(2, s, t, "LCP: sent ProtocolRej (0x%04X: unsupported)\n", proto);
2842
2843 tunnelsend(buf, l + (q - buf), t);
2844 }
for cloning use: "git clone git://git.sameswireless.fr/l2tpns.git" ; For add to your sources.list: "deb http://package.sameswifi.fr/ jessie main"