bf995445686d9e20f9e0648bd433c59541111507
3 char const *cvs_id_ppp
= "$Id: ppp.c,v 1.66 2005/08/10 08:04:26 bodea Exp $";
11 #include "constants.h"
17 extern tunnelt
*tunnel
;
18 extern sessiont
*session
;
19 extern radiust
*radius
;
21 extern char hostname
[];
22 extern uint32_t eth_tx
;
23 extern time_t time_now
;
24 extern configt
*config
;
26 static int add_lcp_auth(uint8_t *b
, int size
, int authtype
);
28 // Process PAP messages
29 void processpap(tunnelidt t
, sessionidt s
, uint8_t *p
, uint16_t l
)
38 LOG_HEX(5, "PAP", p
, l
);
41 LOG(1, s
, t
, "Short PAP %u bytes\n", l
);
42 STAT(tunnel_rx_errors
);
43 sessionshutdown(s
, "Short PAP packet.", 3, 0);
47 if ((hl
= ntohs(*(uint16_t *) (p
+ 2))) > l
)
49 LOG(1, s
, t
, "Length mismatch PAP %u/%u\n", hl
, l
);
50 STAT(tunnel_rx_errors
);
51 sessionshutdown(s
, "PAP length mismatch.", 3, 0);
58 LOG(1, s
, t
, "Unexpected PAP code %d\n", *p
);
59 STAT(tunnel_rx_errors
);
60 sessionshutdown(s
, "Unexpected PAP code.", 3, 0);
64 if (session
[s
].ppp
.phase
!= Authenticate
)
66 LOG(2, s
, t
, "PAP ignored in %s phase\n", ppp_phase(session
[s
].ppp
.phase
));
73 user
[0] = pass
[0] = 0;
74 if (*b
&& *b
< sizeof(user
))
76 memcpy(user
, b
+ 1, *b
);
79 if (*b
&& *b
< sizeof(pass
))
81 memcpy(pass
, b
+ 1, *b
);
85 LOG(3, s
, t
, "PAP login %s/%s\n", user
, pass
);
89 if (session
[s
].ip
|| !r
)
91 // respond now, either no RADIUS available or already authenticated
92 uint8_t b
[MAXCONTROL
];
94 uint8_t *p
= makeppp(b
, sizeof(b
), 0, 0, t
, s
, PPPPAP
);
100 *p
= 3; // cant authorise
102 *(uint16_t *) (p
+ 2) = htons(5); // length
103 p
[4] = 0; // no message
104 tunnelsend(b
, 5 + (p
- b
), t
); // send it
108 LOG(3, s
, t
, "Already an IP allocated: %s (%d)\n",
109 fmtaddr(htonl(session
[s
].ip
), 0), session
[s
].ip_pool_index
);
113 LOG(1, s
, t
, "No RADIUS session available to authenticate session...\n");
114 sessionshutdown(s
, "No free RADIUS sessions.", 4, 0);
119 // Run PRE_AUTH plugins
120 struct param_pre_auth packet
= { &tunnel
[t
], &session
[s
], strdup(user
), strdup(pass
), PPPPAP
, 1 };
121 run_plugins(PLUGIN_PRE_AUTH
, &packet
);
122 if (!packet
.continue_auth
)
124 LOG(3, s
, t
, "A plugin rejected PRE_AUTH\n");
125 if (packet
.username
) free(packet
.username
);
126 if (packet
.password
) free(packet
.password
);
130 strncpy(session
[s
].user
, packet
.username
, sizeof(session
[s
].user
) - 1);
131 strncpy(radius
[r
].pass
, packet
.password
, sizeof(radius
[r
].pass
) - 1);
133 free(packet
.username
);
134 free(packet
.password
);
137 LOG(3, s
, t
, "Sending login for %s/%s to RADIUS\n", user
, pass
);
138 radiussend(r
, RADIUSAUTH
);
142 // Process CHAP messages
143 void processchap(tunnelidt t
, sessionidt s
, uint8_t *p
, uint16_t l
)
150 LOG_HEX(5, "CHAP", p
, l
);
151 r
= sess_local
[s
].radius
;
154 LOG(1, s
, t
, "Unexpected CHAP message\n");
155 STAT(tunnel_rx_errors
);
161 LOG(1, s
, t
, "Short CHAP %u bytes\n", l
);
162 STAT(tunnel_rx_errors
);
163 sessionshutdown(s
, "Short CHAP packet.", 3, 0);
167 if ((hl
= ntohs(*(uint16_t *) (p
+ 2))) > l
)
169 LOG(1, s
, t
, "Length mismatch CHAP %u/%u\n", hl
, l
);
170 STAT(tunnel_rx_errors
);
171 sessionshutdown(s
, "CHAP length mismatch.", 3, 0);
178 LOG(1, s
, t
, "Unexpected CHAP response code %d\n", *p
);
179 STAT(tunnel_rx_errors
);
180 sessionshutdown(s
, "CHAP length mismatch.", 3, 0);
184 if (session
[s
].ppp
.phase
!= Authenticate
)
186 LOG(2, s
, t
, "CHAP ignored in %s phase\n", ppp_phase(session
[s
].ppp
.phase
));
190 if (p
[1] != radius
[r
].id
)
192 LOG(1, s
, t
, "Wrong CHAP response ID %d (should be %d) (%d)\n", p
[1], radius
[r
].id
, r
);
193 STAT(tunnel_rx_errors
);
194 sessionshutdown(s
, "Unexpected CHAP response ID.", 3, 0);
198 if (l
< 5 || p
[4] != 16)
200 LOG(1, s
, t
, "Bad CHAP response length %d\n", l
< 5 ? -1 : p
[4]);
201 STAT(tunnel_rx_errors
);
202 sessionshutdown(s
, "Bad CHAP response length.", 3, 0);
208 if (l
< 16 || l
- 16 >= sizeof(session
[s
].user
))
210 LOG(1, s
, t
, "CHAP user too long %d\n", l
- 16);
211 STAT(tunnel_rx_errors
);
212 sessionshutdown(s
, "CHAP username too long.", 3, 0);
216 // Run PRE_AUTH plugins
218 struct param_pre_auth packet
= { &tunnel
[t
], &session
[s
], NULL
, NULL
, PPPCHAP
, 1 };
220 packet
.password
= calloc(17, 1);
221 memcpy(packet
.password
, p
, 16);
226 packet
.username
= calloc(l
+ 1, 1);
227 memcpy(packet
.username
, p
, l
);
229 run_plugins(PLUGIN_PRE_AUTH
, &packet
);
230 if (!packet
.continue_auth
)
232 LOG(3, s
, t
, "A plugin rejected PRE_AUTH\n");
233 if (packet
.username
) free(packet
.username
);
234 if (packet
.password
) free(packet
.password
);
238 strncpy(session
[s
].user
, packet
.username
, sizeof(session
[s
].user
) - 1);
239 memcpy(radius
[r
].pass
, packet
.password
, 16);
241 free(packet
.username
);
242 free(packet
.password
);
246 LOG(3, s
, t
, "CHAP login %s\n", session
[s
].user
);
247 radiussend(r
, RADIUSAUTH
);
250 static void dumplcp(uint8_t *p
, int l
)
253 uint8_t *o
= (p
+ 4);
255 LOG_HEX(5, "PPP LCP Packet", p
, l
);
256 LOG(4, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p
, ppp_code((int)*p
), ntohs( ((uint16_t *) p
)[1]) );
257 LOG(4, 0, 0, "Length: %d\n", l
);
258 if (*p
!= ConfigReq
&& *p
!= ConfigRej
&& *p
!= ConfigAck
)
267 LOG(4, 0, 0, " Option length is %d...\n", length
);
272 LOG(4, 0, 0, " Option type is 0...\n");
279 case 1: // Maximum-Receive-Unit
281 LOG(4, 0, 0, " %s %d\n", ppp_lcp_option(type
), ntohs(*(uint16_t *)(o
+ 2)));
283 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type
), length
);
285 case 2: // Async-Control-Character-Map
288 uint32_t asyncmap
= ntohl(*(uint32_t *)(o
+ 2));
289 LOG(4, 0, 0, " %s %x\n", ppp_lcp_option(type
), asyncmap
);
292 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type
), length
);
294 case 3: // Authentication-Protocol
297 int proto
= ntohs(*(uint16_t *)(o
+ 2));
298 LOG(4, 0, 0, " %s 0x%x (%s)\n", ppp_lcp_option(type
), proto
,
299 proto
== PPPPAP
? "PAP" : "UNSUPPORTED");
301 else if (length
== 5)
303 int proto
= ntohs(*(uint16_t *)(o
+ 2));
304 int algo
= *(uint8_t *)(o
+ 4);
305 LOG(4, 0, 0, " %s 0x%x 0x%x (%s)\n", ppp_lcp_option(type
), proto
, algo
,
306 (proto
== PPPCHAP
&& algo
== 5) ? "CHAP MD5" : "UNSUPPORTED");
309 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type
), length
);
311 case 4: // Quality-Protocol
313 uint32_t qp
= ntohl(*(uint32_t *)(o
+ 2));
314 LOG(4, 0, 0, " %s %x\n", ppp_lcp_option(type
), qp
);
317 case 5: // Magic-Number
320 uint32_t magicno
= ntohl(*(uint32_t *)(o
+ 2));
321 LOG(4, 0, 0, " %s %x\n", ppp_lcp_option(type
), magicno
);
324 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type
), length
);
326 case 7: // Protocol-Field-Compression
327 case 8: // Address-And-Control-Field-Compression
328 LOG(4, 0, 0, " %s\n", ppp_lcp_option(type
));
331 LOG(2, 0, 0, " Unknown PPP LCP Option type %d\n", type
);
339 void lcp_open(tunnelidt t
, sessionidt s
)
341 // transition to Authentication or Network phase:
342 session
[s
].ppp
.phase
= sess_local
[s
].lcp_authtype
? Authenticate
: Network
;
345 change_state(s
, lcp
, Opened
);
347 if (session
[s
].ppp
.phase
== Authenticate
)
349 if (sess_local
[s
].lcp_authtype
== AUTHCHAP
)
356 change_state(s
, ipcp
, RequestSent
);
357 // move to passive state for IPv6 (if configured), CCP
358 if (config
->ipv6_prefix
.s6_addr
[0])
359 change_state(s
, ipv6cp
, Stopped
);
361 change_state(s
, ipv6cp
, Closed
);
363 change_state(s
, ccp
, Stopped
);
367 static void lcp_restart(sessionidt s
)
369 session
[s
].ppp
.phase
= Establish
;
371 change_state(s
, ipcp
, Dead
);
372 change_state(s
, ipv6cp
, Dead
);
373 change_state(s
, ccp
, Dead
);
376 static uint8_t *ppp_rej(sessionidt s
, uint8_t *buf
, size_t blen
, uint16_t mtype
,
377 uint8_t **response
, uint8_t *queued
, uint8_t *packet
, uint8_t *option
)
379 if (!*response
|| **response
!= ConfigRej
)
381 queued
= *response
= makeppp(buf
, blen
, packet
, 2, session
[s
].tunnel
, s
, mtype
);
389 if ((queued
- buf
+ option
[1]) > blen
)
391 LOG(2, s
, session
[s
].tunnel
, "PPP overflow for ConfigRej (proto %u, option %u).\n", mtype
, *option
);
395 memcpy(queued
, option
, option
[1]);
396 return queued
+ option
[1];
399 static uint8_t *ppp_nak(sessionidt s
, uint8_t *buf
, size_t blen
, uint16_t mtype
,
400 uint8_t **response
, uint8_t *queued
, uint8_t *packet
, uint8_t *option
,
401 uint8_t *value
, size_t vlen
)
406 case PPPLCP
: nak_sent
= &sess_local
[s
].lcp
.nak_sent
; break;
407 case PPPIPCP
: nak_sent
= &sess_local
[s
].ipcp
.nak_sent
; break;
408 case PPPIPV6CP
: nak_sent
= &sess_local
[s
].ipv6cp
.nak_sent
; break;
409 default: return 0; // ?
412 if (*response
&& **response
!= ConfigNak
)
414 if (*nak_sent
< config
->ppp_max_failure
) // reject queued
417 return ppp_rej(s
, buf
, blen
, mtype
, response
, 0, packet
, option
);
422 if (*nak_sent
>= config
->ppp_max_failure
)
423 return ppp_rej(s
, buf
, blen
, mtype
, response
, 0, packet
, option
);
425 queued
= *response
= makeppp(buf
, blen
, packet
, 2, session
[s
].tunnel
, s
, mtype
);
434 if ((queued
- buf
+ vlen
+ 2) > blen
)
436 LOG(2, s
, session
[s
].tunnel
, "PPP overflow for ConfigNak (proto %u, option %u).\n", mtype
, *option
);
441 *queued
++ = vlen
+ 2;
442 memcpy(queued
, value
, vlen
);
443 return queued
+ vlen
;
446 // Process LCP messages
447 void processlcp(tunnelidt t
, sessionidt s
, uint8_t *p
, uint16_t l
)
449 uint8_t b
[MAXCONTROL
];
451 uint32_t magicno
= 0;
456 LOG_HEX(5, "LCP", p
, l
);
459 LOG(1, s
, t
, "Short LCP %d bytes\n", l
);
460 STAT(tunnel_rx_errors
);
464 if ((hl
= ntohs(*(uint16_t *) (p
+ 2))) > l
)
466 LOG(1, s
, t
, "Length mismatch LCP %u/%u\n", hl
, l
);
467 STAT(tunnel_rx_errors
);
472 if (session
[s
].die
) // going down...
478 uint8_t *o
= (p
+ 4);
481 LOG(3, s
, t
, "LCP: ConfigAck (%d bytes)...\n", l
);
482 if (config
->debug
> 3) dumplcp(p
, l
);
489 if (length
== 0 || type
== 0 || x
< length
) break;
492 case 3: // Authentication-Protocol
494 int proto
= ntohs(*(uint16_t *)(o
+ 2));
497 else if (proto
== PPPCHAP
&& *(o
+ 4) == 5)
507 if (!session
[s
].ip
&& authtype
)
508 sess_local
[s
].lcp_authtype
= authtype
;
510 switch (session
[s
].ppp
.lcp
)
513 initialise_restart_count(s
, lcp
);
514 change_state(s
, lcp
, AckReceived
);
519 LOG(2, s
, t
, "LCP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session
[s
].ppp
.lcp
));
520 if (session
[s
].ppp
.lcp
== Opened
)
523 sendlcp(s
, t
, sess_local
[s
].lcp_authtype
);
524 change_state(s
, lcp
, RequestSent
);
532 LOG(2, s
, t
, "LCP: ignoring %s in state %s\n", ppp_code(*p
), ppp_state(session
[s
].ppp
.lcp
));
535 else if (*p
== ConfigReq
)
538 uint8_t *o
= (p
+ 4);
539 uint8_t *response
= 0;
540 static uint8_t asyncmap
[4] = { 0, 0, 0, 0 }; // all zero
541 static uint8_t authproto
[5];
543 LOG(3, s
, t
, "LCP: ConfigReq (%d bytes)...\n", l
);
544 if (config
->debug
> 3) dumplcp(p
, l
);
551 if (length
== 0 || type
== 0 || x
< length
) break;
554 case 1: // Maximum-Receive-Unit
555 session
[s
].mru
= ntohs(*(uint16_t *)(o
+ 2));
558 case 2: // Async-Control-Character-Map
559 if (!ntohl(*(uint32_t *)(o
+ 2))) // all bits zero is OK
562 LOG(2, s
, t
, " Remote requesting asyncmap. Rejecting.\n");
563 q
= ppp_nak(s
, b
, sizeof(b
), PPPLCP
, &response
, q
, p
, o
, asyncmap
, sizeof(asyncmap
));
566 case 3: // Authentication-Protocol
568 int proto
= ntohs(*(uint16_t *)(o
+ 2));
569 char proto_name
[] = "0x0000";
574 if (config
->radius_authtypes
& AUTHPAP
)
576 sess_local
[s
].lcp_authtype
= AUTHPAP
;
580 strcpy(proto_name
, "PAP");
582 else if (proto
== PPPCHAP
)
584 if (config
->radius_authtypes
& AUTHCHAP
585 && *(o
+ 4) == 5) // MD5
587 sess_local
[s
].lcp_authtype
= AUTHCHAP
;
591 strcpy(proto_name
, "CHAP");
594 sprintf(proto_name
, "%#4.4x", proto
);
596 LOG(2, s
, t
, " Remote requesting %s authentication. Rejecting.\n", proto_name
);
598 alen
= add_lcp_auth(authproto
, sizeof(authproto
), config
->radius_authprefer
);
599 if (alen
< 2) break; // paranoia
601 q
= ppp_nak(s
, b
, sizeof(b
), PPPLCP
, &response
, q
, p
, o
, authproto
+ 2, alen
- 2);
602 if (q
&& *response
== ConfigNak
&&
603 config
->radius_authtypes
!= config
->radius_authprefer
)
606 alen
= add_lcp_auth(authproto
, sizeof(authproto
), config
->radius_authtypes
& ~config
->radius_authprefer
);
608 q
= ppp_nak(s
, b
, sizeof(b
), PPPLCP
, &response
, q
, p
, o
, authproto
+ 2, alen
- 2);
615 case 5: // Magic-Number
616 magicno
= ntohl(*(uint32_t *)(o
+ 2));
619 case 4: // Quality-Protocol
620 case 7: // Protocol-Field-Compression
621 case 8: // Address-And-Control-Field-Compression
624 default: // Reject any unknown options
625 LOG(2, s
, t
, " Rejecting PPP LCP Option type %d\n", type
);
626 q
= ppp_rej(s
, b
, sizeof(b
), PPPLCP
, &response
, q
, p
, o
);
634 l
= q
- response
; // LCP packet length
635 *((uint16_t *) (response
+ 2)) = htons(l
); // update header
639 // Send packet back as ConfigAck
640 response
= makeppp(b
, sizeof(b
), p
, l
, t
, s
, PPPLCP
);
641 if (!response
) return;
642 *response
= ConfigAck
;
645 switch (session
[s
].ppp
.lcp
)
648 response
= makeppp(b
, sizeof(b
), p
, 2, t
, s
, PPPLCP
);
649 if (!response
) return;
650 *response
= TerminateAck
;
651 *((uint16_t *) (response
+ 2)) = htons(l
= 4);
655 initialise_restart_count(s
, lcp
);
656 sendlcp(s
, t
, sess_local
[s
].lcp_authtype
);
657 if (*response
== ConfigAck
)
658 change_state(s
, lcp
, AckSent
);
660 change_state(s
, lcp
, RequestSent
);
665 if (*response
== ConfigAck
)
666 change_state(s
, lcp
, AckSent
);
671 if (*response
== ConfigAck
)
678 sendlcp(s
, t
, sess_local
[s
].lcp_authtype
);
682 if (*response
== ConfigAck
)
683 change_state(s
, lcp
, AckSent
);
685 change_state(s
, lcp
, RequestSent
);
690 LOG(2, s
, t
, "LCP: ignoring %s in state %s\n", ppp_code(*p
), ppp_state(session
[s
].ppp
.lcp
));
694 LOG(3, s
, t
, "LCP: Sending %s\n", ppp_code(*response
));
695 tunnelsend(b
, l
+ (response
- b
), t
);
697 else if (*p
== ConfigNak
)
700 uint8_t *o
= (p
+ 4);
703 LOG(3, s
, t
, "LCP: ConfigNak (%d bytes)...\n", l
);
704 if (config
->debug
> 3) dumplcp(p
, l
);
711 if (length
== 0 || type
== 0 || x
< length
) break;
714 case 1: // Maximum-Receive-Unit
715 session
[s
].mru
= ntohs(*(uint16_t *)(o
+ 2));
716 LOG(3, s
, t
, " Remote requested MRU of %u\n", session
[s
].mru
);
719 case 3: // Authentication-Protocol
724 int proto
= ntohs(*(uint16_t *)(o
+ 2));
727 authtype
= config
->radius_authtypes
& AUTHPAP
;
728 LOG(3, s
, t
, " Remote requested PAP authentication...%sing\n",
729 authtype
? "accept" : "reject");
731 else if (proto
== PPPCHAP
&& *(o
+ 4) == 5)
733 authtype
= config
->radius_authtypes
& AUTHCHAP
;
734 LOG(3, s
, t
, " Remote requested CHAP authentication...%sing\n",
735 authtype
? "accept" : "reject");
739 LOG(3, s
, t
, " Rejecting unsupported authentication %#4x\n",
747 LOG(2, s
, t
, " Remote NAKed LCP type %u?\n", type
);
756 sessionshutdown(s
, "Unsupported authentication.", 3, 0);
761 sess_local
[s
].lcp_authtype
= authtype
;
763 switch (session
[s
].ppp
.lcp
)
768 uint8_t *response
= makeppp(b
, sizeof(b
), p
, 2, t
, s
, PPPLCP
);
769 if (!response
) return;
770 *response
= TerminateAck
;
771 *((uint16_t *) (response
+ 2)) = htons(l
= 4);
772 tunnelsend(b
, l
+ (response
- b
), t
);
778 initialise_restart_count(s
, lcp
);
779 sendlcp(s
, t
, sess_local
[s
].lcp_authtype
);
783 LOG(2, s
, t
, "LCP: ConfigNak in state %s? Sending ConfigReq\n", ppp_state(session
[s
].ppp
.lcp
));
784 sendlcp(s
, t
, sess_local
[s
].lcp_authtype
);
789 sendlcp(s
, t
, sess_local
[s
].lcp_authtype
);
793 LOG(2, s
, t
, "LCP: ignoring %s in state %s\n", ppp_code(*p
), ppp_state(session
[s
].ppp
.lcp
));
797 else if (*p
== TerminateReq
)
799 LOG(3, s
, t
, "LCP: Received TerminateReq. Sending TerminateAck\n");
800 *p
= TerminateAck
; // close
801 q
= makeppp(b
, sizeof(b
), p
, l
, t
, s
, PPPLCP
);
803 tunnelsend(b
, l
+ (q
- b
), t
); // send it
804 sessionshutdown(s
, "Remote end closed connection.", 3, 0);
806 else if (*p
== TerminateAck
)
808 sessionshutdown(s
, "Connection closed.", 3, 0);
810 else if (*p
== ProtocolRej
)
812 if (*(uint16_t *) (p
+4) == htons(PPPIPV6CP
))
814 LOG(3, s
, t
, "IPv6 rejected\n");
815 change_state(s
, ipv6cp
, Closed
);
819 LOG(1, s
, t
, "Unexpected LCP protocol reject 0x%X\n",
820 ntohs(*(uint16_t *) (p
+4)));
821 STAT(tunnel_rx_errors
);
824 else if (*p
== EchoReq
)
826 LOG(5, s
, t
, "LCP: Received EchoReq. Sending EchoReply\n");
827 *p
= EchoReply
; // reply
828 *(uint32_t *) (p
+ 4) = htonl(session
[s
].magic
); // our magic number
829 q
= makeppp(b
, sizeof(b
), p
, l
, t
, s
, PPPLCP
);
831 tunnelsend(b
, l
+ (q
- b
), t
); // send it
833 else if (*p
== EchoReply
)
835 // Ignore it, last_packet time is set earlier than this.
840 int mru
= session
[s
].mru
;
844 if (l
> mru
) l
= mru
;
847 q
= makeppp(b
, sizeof(b
), p
, l
, t
, s
, PPPLCP
);
850 LOG(3, s
, t
, "Unexpected LCP code %s\n", ppp_code(code
));
851 tunnelsend(b
, l
+ (q
- b
), t
);
855 static void ipcp_open(tunnelidt t
, sessionidt s
)
857 LOG(3, s
, t
, "IPCP Acked, session is now active\n");
859 change_state(s
, ipcp
, Opened
);
861 if (!session
[s
].walled_garden
)
863 uint16_t r
= radiusnew(s
);
865 radiussend(r
, RADIUSSTART
); // send radius start
868 // start IPv6 if configured and still in passive state
869 if (session
[s
].ppp
.ipv6cp
== Stopped
)
872 change_state(s
, ipv6cp
, RequestSent
);
876 // Process IPCP messages
877 void processipcp(tunnelidt t
, sessionidt s
, uint8_t *p
, uint16_t l
)
879 uint8_t b
[MAXCONTROL
];
885 LOG_HEX(5, "IPCP", p
, l
);
888 LOG(1, s
, t
, "Short IPCP %d bytes\n", l
);
889 STAT(tunnel_rx_errors
);
893 if ((hl
= ntohs(*(uint16_t *) (p
+ 2))) > l
)
895 LOG(1, s
, t
, "Length mismatch IPCP %u/%u\n", hl
, l
);
896 STAT(tunnel_rx_errors
);
901 if (session
[s
].ppp
.phase
< Network
)
903 LOG(2, s
, t
, "IPCP %s ignored in %s phase\n", ppp_code(*p
), ppp_phase(session
[s
].ppp
.phase
));
909 switch (session
[s
].ppp
.ipcp
)
912 initialise_restart_count(s
, ipcp
);
913 change_state(s
, ipcp
, AckReceived
);
918 LOG(2, s
, t
, "IPCP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session
[s
].ppp
.ipcp
));
920 change_state(s
, ipcp
, RequestSent
);
928 LOG(2, s
, t
, "IPCP: ignoring %s in state %s\n", ppp_code(*p
), ppp_state(session
[s
].ppp
.ipcp
));
931 else if (*p
== ConfigReq
)
933 uint8_t *response
= 0;
939 LOG(3, s
, t
, "IPCP ConfigReq received\n");
945 case 3: // ip address
946 gotip
++; // seen address
947 if (o
[1] != 6 || o
[1] > length
) return;
949 addr
= htonl(session
[s
].ip
);
950 if (memcmp(o
+ 2, &addr
, (sizeof addr
)))
952 q
= ppp_nak(s
, b
, sizeof(b
), PPPIPCP
, &response
, q
, p
, o
, (uint8_t *) &addr
, sizeof(addr
));
953 if (!q
|| *response
== ConfigRej
)
955 sessionshutdown(s
, "Can't negotiate IPCP.", 3, 0);
962 case 129: // primary DNS
963 if (o
[1] != 6 || o
[1] > length
) return;
965 addr
= htonl(session
[s
].dns1
);
966 if (memcmp(o
+ 2, &addr
, (sizeof addr
)))
968 q
= ppp_nak(s
, b
, sizeof(b
), PPPIPCP
, &response
, q
, p
, o
, (uint8_t *) &addr
, sizeof(addr
));
974 case 131: // secondary DNS
975 if (o
[1] != 6 || o
[1] > length
) return;
977 addr
= htonl(session
[s
].dns1
);
978 if (memcmp(o
+ 2, &addr
, sizeof(addr
)))
980 q
= ppp_nak(s
, b
, sizeof(b
), PPPIPCP
, &response
, q
, p
, o
, (uint8_t *) &addr
, sizeof(addr
));
987 LOG(2, s
, t
, " Rejecting PPP IPCP Option type %d\n", *o
);
988 q
= ppp_rej(s
, b
, sizeof(b
), PPPIPCP
, &response
, q
, p
, o
);
998 l
= q
- response
; // IPCP packet length
999 *((uint16_t *) (response
+ 2)) = htons(l
); // update header
1003 // Send packet back as ConfigAck
1004 response
= makeppp(b
, sizeof(b
), p
, l
, t
, s
, PPPIPCP
);
1005 if (!response
) return;
1006 *response
= ConfigAck
;
1010 LOG(1, s
, t
, "No IP in IPCP request\n");
1011 STAT(tunnel_rx_errors
);
1015 switch (session
[s
].ppp
.ipcp
)
1018 response
= makeppp(b
, sizeof(b
), p
, 2, t
, s
, PPPIPCP
);
1019 if (!response
) return;
1020 *response
= TerminateAck
;
1021 *((uint16_t *) (response
+ 2)) = htons(l
= 4);
1025 initialise_restart_count(s
, ipcp
);
1027 if (*response
== ConfigAck
)
1028 change_state(s
, ipcp
, AckSent
);
1030 change_state(s
, ipcp
, RequestSent
);
1035 if (*response
== ConfigAck
)
1036 change_state(s
, ipcp
, AckSent
);
1041 if (*response
== ConfigAck
)
1047 initialise_restart_count(s
, ipcp
);
1052 if (*response
== ConfigAck
)
1053 change_state(s
, ipcp
, AckSent
);
1055 change_state(s
, ipcp
, RequestSent
);
1060 LOG(2, s
, t
, "IPCP: ignoring %s in state %s\n", ppp_code(*p
), ppp_state(session
[s
].ppp
.ipcp
));
1064 LOG(3, s
, t
, "IPCP: Sending %s\n", ppp_code(*response
));
1065 tunnelsend(b
, l
+ (response
- b
), t
);
1067 else if (*p
== TerminateReq
)
1069 LOG(3, s
, t
, "IPCP: Received TerminateReq. Sending TerminateAck\n");
1071 q
= makeppp(b
, sizeof(b
), p
, l
, t
, s
, PPPIPCP
);
1073 tunnelsend(b
, l
+ (q
- b
), t
);
1074 change_state(s
, ipcp
, Stopped
);
1079 int mru
= session
[s
].mru
;
1083 if (l
> mru
) l
= mru
;
1086 q
= makeppp(b
, sizeof(b
), p
, l
, t
, s
, PPPIPCP
);
1089 LOG(3, s
, t
, "Unexpected IPCP code %s\n", ppp_code(code
));
1090 tunnelsend(b
, l
+ (q
- b
), t
);
1094 static void ipv6cp_open(tunnelidt t
, sessionidt s
)
1096 LOG(3, s
, t
, "IPV6CP Acked\n");
1098 change_state(s
, ipv6cp
, Opened
);
1099 if (session
[s
].ipv6prefixlen
)
1100 route6set(s
, session
[s
].ipv6route
, session
[s
].ipv6prefixlen
, 1);
1102 // Send an initial RA (TODO: Should we send these regularly?)
1103 send_ipv6_ra(t
, s
, NULL
);
1106 // Process IPV6CP messages
1107 void processipv6cp(tunnelidt t
, sessionidt s
, uint8_t *p
, uint16_t l
)
1109 uint8_t b
[MAXCONTROL
];
1113 CSTAT(processipv6cp
);
1115 LOG_HEX(5, "IPV6CP", p
, l
);
1118 LOG(1, s
, t
, "Short IPV6CP %d bytes\n", l
);
1119 STAT(tunnel_rx_errors
);
1123 if ((hl
= ntohs(*(uint16_t *) (p
+ 2))) > l
)
1125 LOG(1, s
, t
, "Length mismatch IPV6CP %u/%u\n", hl
, l
);
1126 STAT(tunnel_rx_errors
);
1131 if (session
[s
].ppp
.phase
< Network
)
1133 LOG(2, s
, t
, "IPV6CP %s ignored in %s phase\n", ppp_code(*p
), ppp_phase(session
[s
].ppp
.phase
));
1137 if (!config
->ipv6_prefix
.s6_addr
[0])
1139 LOG(2, s
, t
, "IPV6CP %s rejected (not configured)\n", ppp_code(*p
));
1141 q
= makeppp(b
, sizeof(b
), p
, l
, t
, s
, PPPIPV6CP
);
1143 tunnelsend(b
, l
+ (q
- b
), t
);
1149 LOG(3, s
, t
, "IPV6CP: no IPv4 address (IPCP in state %s)\n", ppp_state(session
[s
].ppp
.ipcp
));
1150 return; // need IPCP to complete...
1153 if (*p
== ConfigAck
)
1155 switch (session
[s
].ppp
.ipv6cp
)
1158 initialise_restart_count(s
, ipv6cp
);
1159 change_state(s
, ipv6cp
, AckReceived
);
1164 LOG(2, s
, t
, "IPV6CP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session
[s
].ppp
.ipv6cp
));
1166 change_state(s
, ipv6cp
, RequestSent
);
1174 LOG(2, s
, t
, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p
), ppp_state(session
[s
].ppp
.ipv6cp
));
1177 else if (*p
== ConfigReq
)
1179 uint8_t *response
= 0;
1185 LOG(3, s
, t
, "IPV6CP ConfigReq received\n");
1191 case 1: // interface identifier
1192 gotip
++; // seen address
1193 if (o
[1] != 10 || o
[1] > length
) return;
1195 *(uint32_t *) ident
= htonl(session
[s
].ip
);
1196 *(uint32_t *) (ident
+ 4) = 0;
1198 if (memcmp(o
+ 2, ident
, sizeof(ident
)))
1200 q
= ppp_nak(s
, b
, sizeof(b
), PPPIPV6CP
, &response
, q
, p
, o
, ident
, sizeof(ident
));
1207 LOG(2, s
, t
, " Rejecting PPP IPV6CP Option type %d\n", *o
);
1208 q
= ppp_rej(s
, b
, sizeof(b
), PPPIPV6CP
, &response
, q
, p
, o
);
1218 l
= q
- response
; // IPV6CP packet length
1219 *((uint16_t *) (response
+ 2)) = htons(l
); // update header
1223 // Send packet back as ConfigAck
1224 response
= makeppp(b
, sizeof(b
), p
, l
, t
, s
, PPPIPV6CP
);
1225 if (!response
) return;
1226 *response
= ConfigAck
;
1230 LOG(1, s
, t
, "No interface identifier in IPV6CP request\n");
1231 STAT(tunnel_rx_errors
);
1235 switch (session
[s
].ppp
.ipv6cp
)
1238 response
= makeppp(b
, sizeof(b
), p
, 2, t
, s
, PPPIPV6CP
);
1239 if (!response
) return;
1240 *response
= TerminateAck
;
1241 *((uint16_t *) (response
+ 2)) = htons(l
= 4);
1245 initialise_restart_count(s
, ipv6cp
);
1247 if (*response
== ConfigAck
)
1248 change_state(s
, ipv6cp
, AckSent
);
1250 change_state(s
, ipv6cp
, RequestSent
);
1255 if (*response
== ConfigAck
)
1256 change_state(s
, ipv6cp
, AckSent
);
1261 if (*response
== ConfigAck
)
1267 initialise_restart_count(s
, ipv6cp
);
1272 if (*response
== ConfigAck
)
1273 change_state(s
, ipv6cp
, AckSent
);
1275 change_state(s
, ipv6cp
, RequestSent
);
1280 LOG(2, s
, t
, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p
), ppp_state(session
[s
].ppp
.ipv6cp
));
1284 LOG(3, s
, t
, "IPV6CP: Sending %s\n", ppp_code(*response
));
1285 tunnelsend(b
, l
+ (response
- b
), t
);
1287 else if (*p
== TerminateReq
)
1289 LOG(3, s
, t
, "IPV6CP: Received TerminateReq. Sending TerminateAck\n");
1291 q
= makeppp(b
, sizeof(b
), p
, l
, t
, s
, PPPIPV6CP
);
1293 tunnelsend(b
, l
+ (q
- b
), t
);
1294 change_state(s
, ipv6cp
, Stopped
);
1299 int mru
= session
[s
].mru
;
1303 if (l
> mru
) l
= mru
;
1306 q
= makeppp(b
, sizeof(b
), p
, l
, t
, s
, PPPIPV6CP
);
1309 LOG(3, s
, t
, "Unexpected IPV6CP code %s\n", ppp_code(code
));
1310 tunnelsend(b
, l
+ (q
- b
), t
);
1314 // process IP packet received
1316 // This MUST be called with at least 4 byte behind 'p'.
1317 // (i.e. this routine writes to p[-4]).
1318 void processipin(tunnelidt t
, sessionidt s
, uint8_t *p
, uint16_t l
)
1324 LOG_HEX(5, "IP", p
, l
);
1326 ip
= ntohl(*(uint32_t *)(p
+ 12));
1330 LOG(1, s
, t
, "IP packet too long %d\n", l
);
1331 STAT(tunnel_rx_errors
);
1335 if (session
[s
].ppp
.phase
!= Network
|| session
[s
].ppp
.ipcp
!= Opened
)
1338 // no spoof (do sessionbyip to handled statically routed subnets)
1339 if (ip
!= session
[s
].ip
&& sessionbyip(htonl(ip
)) != s
)
1341 LOG(5, s
, t
, "Dropping packet with spoofed IP %s\n", fmtaddr(htonl(ip
), 0));
1345 // run access-list if any
1346 if (session
[s
].filter_in
&& !ip_filter(p
, l
, session
[s
].filter_in
- 1))
1349 // Add on the tun header
1351 *(uint32_t *) p
= htonl(PKTIP
);
1354 // Are we throttled and a slave?
1355 if (session
[s
].tbf_in
&& !config
->cluster_iam_master
) {
1356 // Pass it to the master for handling.
1357 master_throttle_packet(session
[s
].tbf_in
, p
, l
);
1361 // Are we throttled and a master??
1362 if (session
[s
].tbf_in
&& config
->cluster_iam_master
) {
1363 // Actually handle the throttled packets.
1364 tbf_queue_packet(session
[s
].tbf_in
, p
, l
);
1369 if (tun_write(p
, l
) < 0)
1371 STAT(tun_tx_errors
);
1372 LOG(0, s
, t
, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
1373 l
, strerror(errno
), tunfd
, p
);
1381 if (session
[s
].snoop_ip
&& session
[s
].snoop_port
)
1383 // Snooping this session
1384 snoop_send_packet(p
, l
, session
[s
].snoop_ip
, session
[s
].snoop_port
);
1387 increment_counter(&session
[s
].cin
, &session
[s
].cin_wrap
, l
);
1388 session
[s
].cin_delta
+= l
;
1391 sess_local
[s
].cin
+= l
;
1392 sess_local
[s
].pin
++;
1396 STAT(tun_tx_packets
);
1397 INC_STAT(tun_tx_bytes
, l
);
1400 // process IPv6 packet received
1402 // This MUST be called with at least 4 byte behind 'p'.
1403 // (i.e. this routine writes to p[-4]).
1404 void processipv6in(tunnelidt t
, sessionidt s
, uint8_t *p
, uint16_t l
)
1409 CSTAT(processipv6in
);
1411 LOG_HEX(5, "IPv6", p
, l
);
1413 ip
= *(struct in6_addr
*) (p
+ 8);
1414 ipv4
= ntohl(*(uint32_t *)(p
+ 16));
1418 LOG(1, s
, t
, "IP packet too long %d\n", l
);
1419 STAT(tunnel_rx_errors
);
1423 if (session
[s
].ppp
.phase
!= Network
|| session
[s
].ppp
.ipv6cp
!= Opened
)
1427 if (ipv4
!= session
[s
].ip
&& memcmp(&config
->ipv6_prefix
, &ip
, 8) && sessionbyipv6(ip
) != s
)
1429 char str
[INET6_ADDRSTRLEN
];
1430 LOG(5, s
, t
, "Dropping packet with spoofed IP %s\n",
1431 inet_ntop(AF_INET6
, &ip
, str
, INET6_ADDRSTRLEN
));
1435 // Check if it's a Router Solicition message.
1436 if (*(p
+ 6) == 58 && *(p
+ 7) == 255 && *(p
+ 24) == 0xFF && *(p
+ 25) == 2 &&
1437 *(uint32_t *)(p
+ 26) == 0 && *(uint32_t *)(p
+ 30) == 0 &&
1438 *(uint32_t *)(p
+ 34) == 0 &&
1439 *(p
+ 38) == 0 && *(p
+ 39) == 2 && *(p
+ 40) == 133) {
1440 LOG(3, s
, t
, "Got IPv6 RS\n");
1441 send_ipv6_ra(t
, s
, &ip
);
1445 // Add on the tun header
1447 *(uint32_t *) p
= htonl(PKTIPV6
);
1450 // Are we throttled and a slave?
1451 if (session
[s
].tbf_in
&& !config
->cluster_iam_master
) {
1452 // Pass it to the master for handling.
1453 master_throttle_packet(session
[s
].tbf_in
, p
, l
);
1457 // Are we throttled and a master??
1458 if (session
[s
].tbf_in
&& config
->cluster_iam_master
) {
1459 // Actually handle the throttled packets.
1460 tbf_queue_packet(session
[s
].tbf_in
, p
, l
);
1465 if (tun_write(p
, l
) < 0)
1467 STAT(tun_tx_errors
);
1468 LOG(0, s
, t
, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
1469 l
, strerror(errno
), tunfd
, p
);
1477 if (session
[s
].snoop_ip
&& session
[s
].snoop_port
)
1479 // Snooping this session
1480 snoop_send_packet(p
, l
, session
[s
].snoop_ip
, session
[s
].snoop_port
);
1483 increment_counter(&session
[s
].cin
, &session
[s
].cin_wrap
, l
);
1484 session
[s
].cin_delta
+= l
;
1487 sess_local
[s
].cin
+= l
;
1488 sess_local
[s
].pin
++;
1492 STAT(tun_tx_packets
);
1493 INC_STAT(tun_tx_bytes
, l
);
1497 // Helper routine for the TBF filters.
1498 // Used to send queued data in from the user.
1500 void send_ipin(sessionidt s
, uint8_t *buf
, int len
)
1502 LOG_HEX(5, "IP in throttled", buf
, len
);
1504 if (write(tunfd
, buf
, len
) < 0)
1506 STAT(tun_tx_errors
);
1507 LOG(0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
1508 len
, strerror(errno
), tunfd
, buf
);
1516 if (session
[s
].snoop_ip
&& session
[s
].snoop_port
)
1518 // Snooping this session
1519 snoop_send_packet(buf
, len
, session
[s
].snoop_ip
, session
[s
].snoop_port
);
1522 // Increment packet counters
1523 increment_counter(&session
[s
].cin
, &session
[s
].cin_wrap
, len
);
1524 session
[s
].cin_delta
+= len
;
1527 sess_local
[s
].cin
+= len
;
1528 sess_local
[s
].pin
++;
1532 STAT(tun_tx_packets
);
1533 INC_STAT(tun_tx_bytes
, len
- 4);
1537 // Process CCP messages
1538 void processccp(tunnelidt t
, sessionidt s
, uint8_t *p
, uint16_t l
)
1540 uint8_t b
[MAXCONTROL
];
1545 LOG_HEX(5, "CCP", p
, l
);
1547 if (session
[s
].ppp
.phase
< Network
)
1549 LOG(2, s
, t
, "CCP %s ignored in %s phase\n", ppp_code(*p
), ppp_phase(session
[s
].ppp
.phase
));
1555 LOG(1, s
, t
, "Short CCP packet\n");
1556 STAT(tunnel_rx_errors
);
1559 if (*p
== ConfigAck
)
1561 switch (session
[s
].ppp
.ccp
)
1564 initialise_restart_count(s
, ccp
);
1565 change_state(s
, ccp
, AckReceived
);
1570 LOG(2, s
, t
, "CCP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session
[s
].ppp
.ccp
));
1572 change_state(s
, ccp
, RequestSent
);
1576 LOG(3, s
, t
, "CCP Acked\n");
1577 change_state(s
, ccp
, Opened
);
1581 LOG(2, s
, t
, "CCP: ignoring %s in state %s\n", ppp_code(*p
), ppp_state(session
[s
].ppp
.ccp
));
1584 else if (*p
== ConfigReq
)
1586 if (l
< 6) // accept no compression
1588 else // compression requested--reject
1591 q
= makeppp(b
, sizeof(b
), p
, l
, t
, s
, PPPCCP
);
1594 switch (session
[s
].ppp
.ccp
)
1597 q
= makeppp(b
, sizeof(b
), p
, 2, t
, s
, PPPCCP
);
1600 *((uint16_t *) (q
+ 2)) = htons(l
= 4);
1604 initialise_restart_count(s
, ccp
);
1606 if (*q
== ConfigAck
)
1607 change_state(s
, ccp
, AckSent
);
1609 change_state(s
, ccp
, RequestSent
);
1614 if (*q
== ConfigAck
)
1615 change_state(s
, ccp
, AckSent
);
1620 if (*q
== ConfigAck
)
1621 change_state(s
, ccp
, Opened
);
1626 initialise_restart_count(s
, ccp
);
1631 if (*q
== ConfigAck
)
1632 change_state(s
, ccp
, AckSent
);
1634 change_state(s
, ccp
, RequestSent
);
1639 LOG(2, s
, t
, "CCP: ignoring %s in state %s\n", ppp_code(*p
), ppp_state(session
[s
].ppp
.ccp
));
1643 LOG(3, s
, t
, "CCP: Sending %s\n", ppp_code(*q
));
1644 tunnelsend(b
, l
+ (q
- b
), t
);
1646 else if (*p
== TerminateReq
)
1648 LOG(3, s
, t
, "CCP: Received TerminateReq. Sending TerminateAck\n");
1650 q
= makeppp(b
, sizeof(b
), p
, l
, t
, s
, PPPCCP
);
1652 tunnelsend(b
, l
+ (q
- b
), t
);
1653 change_state(s
, ccp
, Stopped
);
1658 int mru
= session
[s
].mru
;
1662 if (l
> mru
) l
= mru
;
1665 q
= makeppp(b
, sizeof(b
), p
, l
, t
, s
, PPPCCP
);
1668 LOG(3, s
, t
, "Unexpected CCP code %s\n", ppp_code(code
));
1669 tunnelsend(b
, l
+ (q
- b
), t
);
1673 // send a CHAP challenge
1674 void sendchap(tunnelidt t
, sessionidt s
)
1676 uint8_t b
[MAXCONTROL
];
1685 LOG(1, s
, t
, "No RADIUS to send challenge\n");
1686 STAT(tunnel_tx_errors
);
1690 LOG(1, s
, t
, "Send CHAP challenge\n");
1692 radius
[r
].chap
= 1; // CHAP not PAP
1694 if (radius
[r
].state
!= RADIUSCHAP
)
1697 radius
[r
].state
= RADIUSCHAP
;
1698 radius
[r
].retry
= backoff(radius
[r
].try++);
1699 if (radius
[r
].try > 5)
1701 sessionshutdown(s
, "CHAP timeout.", 3, 0);
1702 STAT(tunnel_tx_errors
);
1705 q
= makeppp(b
, sizeof(b
), 0, 0, t
, s
, PPPCHAP
);
1708 *q
= 1; // challenge
1709 q
[1] = radius
[r
].id
; // ID
1710 q
[4] = 16; // value size (size of challenge)
1711 memcpy(q
+ 5, radius
[r
].auth
, 16); // challenge
1712 strcpy((char *) q
+ 21, hostname
); // our name
1713 *(uint16_t *) (q
+ 2) = htons(strlen(hostname
) + 21); // length
1714 tunnelsend(b
, strlen(hostname
) + 21 + (q
- b
), t
); // send it
1717 // fill in a L2TP message with a PPP frame,
1718 // copies existing PPP message and changes magic number if seen
1719 // returns start of PPP frame
1720 uint8_t *makeppp(uint8_t *b
, int size
, uint8_t *p
, int l
, tunnelidt t
, sessionidt s
, uint16_t mtype
)
1722 if (size
< 12) // Need more space than this!!
1724 static int backtrace_count
= 0;
1725 LOG(0, s
, t
, "makeppp buffer too small for L2TP header (size=%d)\n", size
);
1726 log_backtrace(backtrace_count
, 5)
1730 *(uint16_t *) (b
+ 0) = htons(0x0002); // L2TP with no options
1731 *(uint16_t *) (b
+ 2) = htons(tunnel
[t
].far
); // tunnel
1732 *(uint16_t *) (b
+ 4) = htons(session
[s
].far
); // session
1734 if (mtype
== PPPLCP
|| !(session
[s
].l2tp_flags
& SESSIONACFC
))
1736 *(uint16_t *) b
= htons(0xFF03); // HDLC header
1739 if (mtype
< 0x100 && session
[s
].l2tp_flags
& SESSIONPFC
)
1743 *(uint16_t *) b
= htons(mtype
);
1749 static int backtrace_count
= 0;
1750 LOG(2, s
, t
, "makeppp would overflow buffer (size=%d, header+payload=%d)\n", size
, l
+ 12);
1751 log_backtrace(backtrace_count
, 5)
1761 static int add_lcp_auth(uint8_t *b
, int size
, int authtype
)
1764 if ((authtype
== AUTHCHAP
&& size
< 5) || size
< 4)
1767 *b
++ = 3; // Authentication-Protocol
1768 if (authtype
== AUTHCHAP
)
1770 len
= *b
++ = 5; // length
1771 *(uint16_t *) b
= htons(PPPCHAP
); b
+= 2;
1774 else if (authtype
== AUTHPAP
)
1776 len
= *b
++ = 4; // length
1777 *(uint16_t *) b
= htons(PPPPAP
); b
+= 2;
1781 LOG(0, 0, 0, "add_lcp_auth called with unsupported auth type %d\n", authtype
);
1787 // Send initial LCP ConfigReq for MRU, authentication type and magic no
1788 void sendlcp(tunnelidt t
, sessionidt s
, int authtype
)
1790 uint8_t b
[500], *q
, *l
;
1792 if (!(q
= makeppp(b
, sizeof(b
), NULL
, 0, t
, s
, PPPLCP
)))
1795 LOG(4, s
, t
, "Sending LCP ConfigReq%s%s\n",
1796 authtype
? " for " : "",
1797 authtype
? (authtype
== AUTHCHAP
? "CHAP" : "PAP") : "");
1799 if (!session
[s
].mru
)
1800 session
[s
].mru
= DEFAULT_MRU
;
1804 *l
++ = (time_now
% 255) + 1; // ID
1806 l
+= 2; //Save space for length
1808 *l
++ = 1; *l
++ = 4; // Maximum-Receive-Unit (length 4)
1809 *(uint16_t *) l
= htons(session
[s
].mru
); l
+= 2;
1812 l
+= add_lcp_auth(l
, sizeof(b
) - (l
- b
), authtype
);
1814 *l
++ = 5; *l
++ = 6; // Magic-Number (length 6)
1815 *(uint32_t *) l
= htonl(session
[s
].magic
);
1818 *(uint16_t *)(q
+ 2) = htons(l
- q
); // Length
1820 LOG_HEX(5, "PPPLCP", q
, l
- q
);
1821 tunnelsend(b
, (l
- b
), t
);
1824 // Send CCP request for no compression
1825 void sendccp(tunnelidt t
, sessionidt s
)
1829 if (!(q
= makeppp(b
, sizeof(b
), NULL
, 0, t
, s
, PPPCCP
)))
1832 LOG(4, s
, t
, "Sending CCP ConfigReq for no compression\n");
1834 *(uint8_t *)(q
+ 1) = (time_now
% 255) + 1; // ID
1835 *(uint16_t *)(q
+ 2) = htons(4); // Length
1837 LOG_HEX(5, "PPPCCP", q
, 4);
1838 tunnelsend(b
, (q
- b
) + 4 , t
);