Update changelog
[l2tpns.git] / ppp.c
1 // L2TPNS PPP Stuff
2
3 #include <stdio.h>
4 #include <string.h>
5 #include <unistd.h>
6 #include <errno.h>
7 #include <stdlib.h>
8 #include <linux/rtnetlink.h>
9 #include <netinet/ip6.h>
10
11 #include "dhcp6.h"
12 #include "l2tpns.h"
13 #include "constants.h"
14 #include "plugin.h"
15 #include "util.h"
16 #include "tbf.h"
17 #include "cluster.h"
18
19 #include "l2tplac.h"
20 #include "pppoe.h"
21
22 extern tunnelt *tunnel;
23 extern bundlet *bundle;
24 extern fragmentationt *frag;
25 extern sessiont *session;
26 extern radiust *radius;
27 extern int tunfd;
28 extern char hostname[];
29 extern uint32_t eth_tx;
30 extern time_t time_now;
31 extern uint64_t time_now_ms;
32 extern configt *config;
33
34 static int add_lcp_auth(uint8_t *b, int size, int authtype);
35 static bundleidt new_bundle(void);
36 static int epdiscmp(epdist, epdist);
37 static void setepdis(epdist *, epdist);
38 static void ipcp_open(sessionidt s, tunnelidt t);
39
40 static int first_session_in_bundle(sessionidt s)
41 {
42 bundleidt i;
43 for (i = 1; i < MAXBUNDLE; i++)
44 if (bundle[i].state != BUNDLEFREE)
45 if (epdiscmp(session[s].epdis,bundle[i].epdis) && !strcmp(session[s].user, bundle[i].user))
46 return 0;
47 return 1;
48 }
49
50 // Process PAP messages
51 void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
52 {
53 char user[MAXUSER];
54 char pass[MAXPASS];
55 uint16_t hl;
56 uint16_t r;
57
58 CSTAT(processpap);
59
60 LOG_HEX(5, "PAP", p, l);
61 if (l < 4)
62 {
63 LOG(1, s, t, "Short PAP %u bytes\n", l);
64 STAT(tunnel_rx_errors);
65 sessionshutdown(s, "Short PAP packet.", CDN_ADMIN_DISC, TERM_USER_ERROR);
66 return;
67 }
68
69 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
70 {
71 LOG(1, s, t, "Length mismatch PAP %u/%u\n", hl, l);
72 STAT(tunnel_rx_errors);
73 sessionshutdown(s, "PAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR);
74 return;
75 }
76 l = hl;
77
78 if (*p != 1)
79 {
80 LOG(1, s, t, "Unexpected PAP code %d\n", *p);
81 STAT(tunnel_rx_errors);
82 sessionshutdown(s, "Unexpected PAP code.", CDN_ADMIN_DISC, TERM_USER_ERROR);
83 return;
84 }
85
86 if (session[s].ppp.phase != Authenticate)
87 {
88 LOG(2, s, t, "PAP ignored in %s phase\n", ppp_phase(session[s].ppp.phase));
89 return;
90 }
91
92 {
93 uint8_t *b = p;
94 b += 4;
95 user[0] = pass[0] = 0;
96 if (*b && *b < sizeof(user))
97 {
98 memcpy(user, b + 1, *b);
99 user[*b] = 0;
100 b += 1 + *b;
101 if (*b && *b < sizeof(pass))
102 {
103 memcpy(pass, b + 1, *b);
104 pass[*b] = 0;
105 }
106 }
107 LOG(3, s, t, "PAP login %s/%s\n", user, pass);
108 }
109
110 if ((!config->disable_lac_func) && lac_conf_forwardtoremotelns(s, user))
111 {
112 // Creating a tunnel/session has been started
113 return;
114 }
115
116 if (session[s].ip || !(r = radiusnew(s)))
117 {
118 // respond now, either no RADIUS available or already authenticated
119 uint8_t b[MAXETHER];
120 uint8_t id = p[1];
121 uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPPAP, 0, 0, 0);
122 if (!p) return;
123
124 if (session[s].ip)
125 *p = 2; // ACK
126 else
127 *p = 3; // cant authorise
128 p[1] = id;
129 *(uint16_t *) (p + 2) = htons(5); // length
130 p[4] = 0; // no message
131 tunnelsend(b, 5 + (p - b), t); // send it
132
133 if (session[s].ip)
134 {
135 LOG(3, s, t, "Already an IP allocated: %s (%d)\n",
136 fmtaddr(htonl(session[s].ip), 0), session[s].ip_pool_index);
137 }
138 else
139 {
140 LOG(1, s, t, "No RADIUS session available to authenticate session...\n");
141 sessionshutdown(s, "No free RADIUS sessions.", CDN_UNAVAILABLE, TERM_SERVICE_UNAVAILABLE);
142 }
143 }
144 else
145 {
146 // Run PRE_AUTH plugins
147 struct param_pre_auth packet = { &tunnel[t], &session[s], strdup(user), strdup(pass), PPPPAP, 1 };
148 run_plugins(PLUGIN_PRE_AUTH, &packet);
149 if (!packet.continue_auth)
150 {
151 LOG(3, s, t, "A plugin rejected PRE_AUTH\n");
152 if (packet.username) free(packet.username);
153 if (packet.password) free(packet.password);
154 return;
155 }
156
157 strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
158 strncpy(radius[r].pass, packet.password, sizeof(radius[r].pass) - 1);
159
160 free(packet.username);
161 free(packet.password);
162
163 radius[r].id = p[1];
164 LOG(3, s, t, "Sending login for %s/%s to RADIUS\n", user, pass);
165 if ((session[s].mrru) && (!first_session_in_bundle(s)))
166 radiussend(r, RADIUSJUSTAUTH);
167 else
168 radiussend(r, RADIUSAUTH);
169 }
170 }
171
172 // Process CHAP messages
173 void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
174 {
175 uint16_t r;
176 uint16_t hl;
177
178 CSTAT(processchap);
179
180 LOG_HEX(5, "CHAP", p, l);
181
182 if (l < 4)
183 {
184 LOG(1, s, t, "Short CHAP %u bytes\n", l);
185 STAT(tunnel_rx_errors);
186 sessionshutdown(s, "Short CHAP packet.", CDN_ADMIN_DISC, TERM_USER_ERROR);
187 return;
188 }
189
190 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
191 {
192 LOG(1, s, t, "Length mismatch CHAP %u/%u\n", hl, l);
193 STAT(tunnel_rx_errors);
194 sessionshutdown(s, "CHAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR);
195 return;
196 }
197 l = hl;
198
199 if (*p != 2)
200 {
201 LOG(1, s, t, "Unexpected CHAP response code %d\n", *p);
202 STAT(tunnel_rx_errors);
203 sessionshutdown(s, "CHAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR);
204 return;
205 }
206
207 if (session[s].ppp.phase != Authenticate)
208 {
209 LOG(2, s, t, "CHAP ignored in %s phase\n", ppp_phase(session[s].ppp.phase));
210 return;
211 }
212
213 r = sess_local[s].radius;
214 if (!r)
215 {
216 LOG(3, s, t, "Unexpected CHAP message\n");
217
218 // Some modems (Netgear DM602, possibly others) persist in using CHAP even
219 // after ACKing our ConfigReq for PAP.
220 if (sess_local[s].lcp_authtype == AUTHPAP && config->radius_authtypes & AUTHCHAP)
221 {
222 sess_local[s].lcp_authtype = AUTHCHAP;
223 sendchap(s, t);
224 }
225 return;
226 }
227
228 if (p[1] != radius[r].id)
229 {
230 LOG(1, s, t, "Wrong CHAP response ID %d (should be %d) (%d)\n", p[1], radius[r].id, r);
231 STAT(tunnel_rx_errors);
232 sessionshutdown(s, "Unexpected CHAP response ID.", CDN_ADMIN_DISC, TERM_USER_ERROR);
233 return;
234 }
235
236 if (l < 5 || p[4] != 16)
237 {
238 LOG(1, s, t, "Bad CHAP response length %d\n", l < 5 ? -1 : p[4]);
239 STAT(tunnel_rx_errors);
240 sessionshutdown(s, "Bad CHAP response length.", CDN_ADMIN_DISC, TERM_USER_ERROR);
241 return;
242 }
243
244 l -= 5;
245 p += 5;
246 if (l < 16 || l - 16 >= sizeof(session[s].user))
247 {
248 LOG(1, s, t, "CHAP user too long %d\n", l - 16);
249 STAT(tunnel_rx_errors);
250 sessionshutdown(s, "CHAP username too long.", CDN_ADMIN_DISC, TERM_USER_ERROR);
251 return;
252 }
253
254 // Run PRE_AUTH plugins
255 {
256 struct param_pre_auth packet = { &tunnel[t], &session[s], NULL, NULL, PPPCHAP, 1 };
257
258 packet.password = calloc(17, 1);
259 memcpy(packet.password, p, 16);
260
261 p += 16;
262 l -= 16;
263
264 packet.username = calloc(l + 1, 1);
265 memcpy(packet.username, p, l);
266
267 if ((!config->disable_lac_func) && lac_conf_forwardtoremotelns(s, packet.username))
268 {
269 free(packet.username);
270 free(packet.password);
271 // Creating a tunnel/session has been started
272 return;
273 }
274
275 run_plugins(PLUGIN_PRE_AUTH, &packet);
276 if (!packet.continue_auth)
277 {
278 LOG(3, s, t, "A plugin rejected PRE_AUTH\n");
279 if (packet.username) free(packet.username);
280 if (packet.password) free(packet.password);
281 return;
282 }
283
284 strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
285 memcpy(radius[r].pass, packet.password, 16);
286
287 free(packet.username);
288 free(packet.password);
289 }
290
291 radius[r].chap = 1;
292 LOG(3, s, t, "CHAP login %s\n", session[s].user);
293 if ((session[s].mrru) && (!first_session_in_bundle(s)))
294 radiussend(r, RADIUSJUSTAUTH);
295 else
296 radiussend(r, RADIUSAUTH);
297 }
298
299 static void dumplcp(uint8_t *p, int l)
300 {
301 int x = l - 4;
302 uint8_t *o = (p + 4);
303
304 LOG_HEX(5, "PPP LCP Packet", p, l);
305 LOG(4, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p, ppp_code((int)*p), ntohs( ((uint16_t *) p)[1]) );
306 LOG(4, 0, 0, "Length: %d\n", l);
307 if (*p != ConfigReq && *p != ConfigRej && *p != ConfigAck)
308 return;
309
310 while (x > 2)
311 {
312 int type = o[0];
313 int length = o[1];
314 if (length < 2)
315 {
316 LOG(4, 0, 0, " Option length is %d...\n", length);
317 break;
318 }
319 if (type == 0)
320 {
321 LOG(4, 0, 0, " Option type is 0...\n");
322 x -= length;
323 o += length;
324 continue;
325 }
326 switch (type)
327 {
328 case 1: // Maximum-Receive-Unit
329 if (length == 4)
330 LOG(4, 0, 0, " %s %d\n", ppp_lcp_option(type), ntohs(*(uint16_t *)(o + 2)));
331 else
332 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type), length);
333 break;
334 case 2: // Async-Control-Character-Map
335 if (length == 6)
336 {
337 uint32_t asyncmap = ntohl(*(uint32_t *)(o + 2));
338 LOG(4, 0, 0, " %s %x\n", ppp_lcp_option(type), asyncmap);
339 }
340 else
341 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type), length);
342 break;
343 case 3: // Authentication-Protocol
344 if (length == 4)
345 {
346 int proto = ntohs(*(uint16_t *)(o + 2));
347 LOG(4, 0, 0, " %s 0x%x (%s)\n", ppp_lcp_option(type), proto,
348 proto == PPPPAP ? "PAP" : "UNSUPPORTED");
349 }
350 else if (length == 5)
351 {
352 int proto = ntohs(*(uint16_t *)(o + 2));
353 int algo = *(o + 4);
354 LOG(4, 0, 0, " %s 0x%x 0x%x (%s)\n", ppp_lcp_option(type), proto, algo,
355 (proto == PPPCHAP && algo == 5) ? "CHAP MD5" : "UNSUPPORTED");
356 }
357 else
358 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type), length);
359 break;
360 case 4: // Quality-Protocol
361 {
362 uint32_t qp = ntohl(*(uint32_t *)(o + 2));
363 LOG(4, 0, 0, " %s %x\n", ppp_lcp_option(type), qp);
364 }
365 break;
366 case 5: // Magic-Number
367 if (length == 6)
368 {
369 uint32_t magicno = ntohl(*(uint32_t *)(o + 2));
370 LOG(4, 0, 0, " %s %x\n", ppp_lcp_option(type), magicno);
371 }
372 else
373 LOG(4, 0, 0, " %s odd length %d\n", ppp_lcp_option(type), length);
374 break;
375 case 7: // Protocol-Field-Compression
376 case 8: // Address-And-Control-Field-Compression
377 LOG(4, 0, 0, " %s\n", ppp_lcp_option(type));
378 break;
379 default:
380 LOG(2, 0, 0, " Unknown PPP LCP Option type %d\n", type);
381 break;
382 }
383 x -= length;
384 o += length;
385 }
386 }
387
388 void lcp_open(sessionidt s, tunnelidt t)
389 {
390 // transition to Authentication or Network phase:
391 session[s].ppp.phase = sess_local[s].lcp_authtype ? Authenticate : Network;
392
393 LOG(3, s, t, "LCP: Opened, phase %s\n", ppp_phase(session[s].ppp.phase));
394
395 // LCP now Opened
396 change_state(s, lcp, Opened);
397
398 if (session[s].ppp.phase == Authenticate)
399 {
400 if (sess_local[s].lcp_authtype == AUTHCHAP)
401 sendchap(s, t);
402 }
403 else
404 {
405 if(session[s].bundle == 0 || bundle[session[s].bundle].num_of_links == 1)
406 {
407 // This-Layer-Up
408 sendipcp(s, t);
409 change_state(s, ipcp, RequestSent);
410 // move to passive state for IPv6 (if configured), CCP
411 if (config->ipv6_prefix.s6_addr[0])
412 change_state(s, ipv6cp, Stopped);
413 else
414 change_state(s, ipv6cp, Closed);
415
416 change_state(s, ccp, Stopped);
417 }
418 else
419 {
420 sessionidt first_ses = bundle[session[s].bundle].members[0];
421 LOG(3, s, t, "MPPP: Skipping IPCP negotiation for session:%d, first session of bundle is:%d\n",s,first_ses);
422 ipcp_open(s, t);
423 }
424 }
425 }
426
427 void lcp_restart(sessionidt s)
428 {
429 session[s].ppp.phase = Establish;
430 // This-Layer-Down
431 change_state(s, ipcp, Dead);
432 change_state(s, ipv6cp, Dead);
433 change_state(s, ccp, Dead);
434 }
435
436 static uint8_t *ppp_conf_rej(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype,
437 uint8_t **response, uint8_t *queued, uint8_t *packet, uint8_t *option)
438 {
439 if (!*response || **response != ConfigRej)
440 {
441 queued = *response = makeppp(buf, blen, packet, 2, s, session[s].tunnel, mtype, 0, 0, 0);
442 if (!queued)
443 return 0;
444
445 *queued = ConfigRej;
446 queued += 4;
447 }
448
449 if ((queued - buf + option[1]) > blen)
450 {
451 LOG(2, s, session[s].tunnel, "PPP overflow for ConfigRej (proto %u, option %u).\n", mtype, *option);
452 return 0;
453 }
454
455 memcpy(queued, option, option[1]);
456 return queued + option[1];
457 }
458
459 static uint8_t *ppp_conf_nak(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype,
460 uint8_t **response, uint8_t *queued, uint8_t *packet, uint8_t *option,
461 uint8_t *value, size_t vlen)
462 {
463 int *nak_sent;
464 switch (mtype)
465 {
466 case PPPLCP: nak_sent = &sess_local[s].lcp.nak_sent; break;
467 case PPPIPCP: nak_sent = &sess_local[s].ipcp.nak_sent; break;
468 case PPPIPV6CP: nak_sent = &sess_local[s].ipv6cp.nak_sent; break;
469 default: return 0; // ?
470 }
471
472 if (*response && **response != ConfigNak)
473 {
474 if (*nak_sent < config->ppp_max_failure) // reject queued
475 return queued;
476
477 return ppp_conf_rej(s, buf, blen, mtype, response, 0, packet, option);
478 }
479
480 if (!*response)
481 {
482 if (*nak_sent >= config->ppp_max_failure)
483 return ppp_conf_rej(s, buf, blen, mtype, response, 0, packet, option);
484
485 queued = *response = makeppp(buf, blen, packet, 2, s, session[s].tunnel, mtype, 0, 0, 0);
486 if (!queued)
487 return 0;
488
489 (*nak_sent)++;
490 *queued = ConfigNak;
491 queued += 4;
492 }
493
494 if ((queued - buf + vlen + 2) > blen)
495 {
496 LOG(2, s, session[s].tunnel, "PPP overflow for ConfigNak (proto %u, option %u).\n", mtype, *option);
497 return 0;
498 }
499
500 *queued++ = *option;
501 *queued++ = vlen + 2;
502 memcpy(queued, value, vlen);
503 return queued + vlen;
504 }
505
506 static void ppp_code_rej(sessionidt s, tunnelidt t, uint16_t proto,
507 char *pname, uint8_t *p, uint16_t l, uint8_t *buf, size_t size)
508 {
509 uint8_t *q;
510 int mru = session[s].mru;
511 if (mru < MINMTU) mru = MINMTU;
512 if (mru > size) mru = size;
513
514 l += 4;
515 if (l > mru) l = mru;
516
517 q = makeppp(buf, size, 0, 0, s, t, proto, 0, 0, 0);
518 if (!q) return;
519
520 *q = CodeRej;
521 *(q + 1) = ++sess_local[s].lcp_ident;
522 *(uint16_t *)(q + 2) = htons(l);
523 memcpy(q + 4, p, l - 4);
524
525 LOG(2, s, t, "Unexpected %s code %s\n", pname, ppp_code(*p));
526 LOG(3, s, t, "%s: send %s\n", pname, ppp_code(*q));
527 if (config->debug > 3) dumplcp(q, l);
528
529 tunnelsend(buf, l + (q - buf), t);
530 }
531
532 // Process LCP messages
533 void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
534 {
535 uint8_t b[MAXETHER];
536 uint8_t *q = NULL;
537 uint16_t hl;
538
539 CSTAT(processlcp);
540
541 LOG_HEX(5, "LCP", p, l);
542 if (l < 4)
543 {
544 LOG(1, s, t, "Short LCP %d bytes\n", l);
545 STAT(tunnel_rx_errors);
546 return ;
547 }
548
549 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
550 {
551 LOG(1, s, t, "Length mismatch LCP %u/%u\n", hl, l);
552 STAT(tunnel_rx_errors);
553 return ;
554 }
555 l = hl;
556
557 if (session[s].die) // going down...
558 return;
559
560 LOG(((*p == EchoReq || *p == EchoReply) ? 4 : 3), s, t,
561 "LCP: recv %s\n", ppp_code(*p));
562
563 if (config->debug > 3) dumplcp(p, l);
564
565 if (*p == ConfigAck)
566 {
567 int x = l - 4;
568 uint8_t *o = (p + 4);
569 int authtype = 0;
570
571 while (x > 2)
572 {
573 int type = o[0];
574 int length = o[1];
575
576 if (length == 0 || type == 0 || x < length) break;
577 switch (type)
578 {
579 case 3: // Authentication-Protocol
580 {
581 int proto = ntohs(*(uint16_t *)(o + 2));
582 if (proto == PPPPAP)
583 authtype = AUTHPAP;
584 else if (proto == PPPCHAP && *(o + 4) == 5)
585 authtype = AUTHCHAP;
586 }
587
588 break;
589 }
590 x -= length;
591 o += length;
592 }
593
594 if (!session[s].ip && authtype)
595 sess_local[s].lcp_authtype = authtype;
596
597 switch (session[s].ppp.lcp)
598 {
599 case RequestSent:
600 initialise_restart_count(s, lcp);
601 change_state(s, lcp, AckReceived);
602 break;
603
604 case AckReceived:
605 case Opened:
606 LOG(2, s, t, "LCP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.lcp));
607 if (session[s].ppp.lcp == Opened)
608 lcp_restart(s);
609
610 sendlcp(s, t);
611 change_state(s, lcp, RequestSent);
612 break;
613
614 case AckSent:
615 lcp_open(s, t);
616 break;
617
618 default:
619 LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
620 }
621 }
622 else if (*p == ConfigReq)
623 {
624 int x = l - 4;
625 uint8_t *o = (p + 4);
626 uint8_t *response = 0;
627 static uint8_t asyncmap[4] = { 0, 0, 0, 0 }; // all zero
628 static uint8_t authproto[5];
629 int changed = 0;
630
631 while (x > 2)
632 {
633 int type = o[0];
634 int length = o[1];
635
636 if (length == 0 || type == 0 || x < length) break;
637 switch (type)
638 {
639 case 1: // Maximum-Receive-Unit
640 {
641 uint16_t mru = ntohs(*(uint16_t *)(o + 2));
642 if (mru >= MINMTU)
643 {
644 session[s].mru = mru;
645 changed++;
646 break;
647 }
648
649 LOG(3, s, t, " Remote requesting MRU of %u. Rejecting.\n", mru);
650 mru = htons(MRU);
651 q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, (uint8_t *) &mru, sizeof(mru));
652 }
653 break;
654
655 case 2: // Async-Control-Character-Map
656 if (!ntohl(*(uint32_t *)(o + 2))) // all bits zero is OK
657 break;
658
659 LOG(3, s, t, " Remote requesting asyncmap. Rejecting.\n");
660 q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, asyncmap, sizeof(asyncmap));
661 break;
662
663 case 3: // Authentication-Protocol
664 {
665 int proto = ntohs(*(uint16_t *)(o + 2));
666 char proto_name[] = "0x0000";
667 int alen;
668
669 if (proto == PPPPAP)
670 {
671 if (config->radius_authtypes & AUTHPAP)
672 {
673 sess_local[s].lcp_authtype = AUTHPAP;
674 break;
675 }
676
677 strcpy(proto_name, "PAP");
678 }
679 else if (proto == PPPCHAP)
680 {
681 if (config->radius_authtypes & AUTHCHAP
682 && *(o + 4) == 5) // MD5
683 {
684 sess_local[s].lcp_authtype = AUTHCHAP;
685 break;
686 }
687
688 strcpy(proto_name, "CHAP");
689 }
690 else
691 sprintf(proto_name, "%#4.4x", proto);
692
693 LOG(3, s, t, " Remote requesting %s authentication. Rejecting.\n", proto_name);
694
695 alen = add_lcp_auth(authproto, sizeof(authproto), config->radius_authprefer);
696 if (alen < 2) break; // paranoia
697
698 q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2);
699 if (q && *response == ConfigNak &&
700 config->radius_authtypes != config->radius_authprefer)
701 {
702 // alternate type
703 alen = add_lcp_auth(authproto, sizeof(authproto), config->radius_authtypes & ~config->radius_authprefer);
704 if (alen < 2) break;
705 q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2);
706 }
707
708 break;
709 }
710 break;
711
712 case 4: // Quality-Protocol
713 case 5: // Magic-Number
714 case 7: // Protocol-Field-Compression
715 case 8: // Address-And-Control-Field-Compression
716 break;
717
718 case 17: // Multilink Max-Receive-Reconstructed-Unit
719 {
720 uint16_t mrru = ntohs(*(uint16_t *)(o + 2));
721 session[s].mrru = mrru;
722 changed++;
723 LOG(3, s, t, " Received PPP LCP option MRRU: %d\n",mrru);
724 }
725 break;
726
727 case 18: // Multilink Short Sequence Number Header Format
728 {
729 session[s].mssf = 1;
730 changed++;
731 LOG(3, s, t, " Received PPP LCP option MSSN format\n");
732 }
733 break;
734
735 case 19: // Multilink Endpoint Discriminator
736 {
737 uint8_t epdis_class = o[2];
738 int addr;
739
740 session[s].epdis.addr_class = epdis_class;
741 session[s].epdis.length = length - 3;
742 if (session[s].epdis.length > 20)
743 {
744 LOG(1, s, t, "Error: received EndDis Address Length more than 20: %d\n", session[s].epdis.length);
745 session[s].epdis.length = 20;
746 }
747
748 for (addr = 0; addr < session[s].epdis.length; addr++)
749 session[s].epdis.address[addr] = o[3+addr];
750
751 changed++;
752
753 switch (epdis_class)
754 {
755 case LOCALADDR:
756 LOG(3, s, t, " Received PPP LCP option Multilink EndDis Local Address Class: %d\n",epdis_class);
757 break;
758 case IPADDR:
759 LOG(3, s, t, " Received PPP LCP option Multilink EndDis IP Address Class: %d\n",epdis_class);
760 break;
761 case IEEEMACADDR:
762 LOG(3, s, t, " Received PPP LCP option Multilink EndDis IEEE MAC Address Class: %d\n",epdis_class);
763 break;
764 case PPPMAGIC:
765 LOG(3, s, t, " Received PPP LCP option Multilink EndDis PPP Magic No Class: %d\n",epdis_class);
766 break;
767 case PSNDN:
768 LOG(3, s, t, " Received PPP LCP option Multilink EndDis PSND No Class: %d\n",epdis_class);
769 break;
770 default:
771 LOG(3, s, t, " Received PPP LCP option Multilink EndDis NULL Class %d\n",epdis_class);
772 }
773 }
774 break;
775
776 default: // Reject any unknown options
777 LOG(3, s, t, " Rejecting unknown PPP LCP option %d\n", type);
778 q = ppp_conf_rej(s, b, sizeof(b), PPPLCP, &response, q, p, o);
779 }
780 x -= length;
781 o += length;
782 }
783
784 if (changed)
785 cluster_send_session(s);
786
787 if (response)
788 {
789 l = q - response; // LCP packet length
790 *((uint16_t *) (response + 2)) = htons(l); // update header
791 }
792 else
793 {
794 // Send packet back as ConfigAck
795 response = makeppp(b, sizeof(b), p, l, s, t, PPPLCP, 0, 0, 0);
796 if (!response) return;
797 *response = ConfigAck;
798 }
799
800 switch (session[s].ppp.lcp)
801 {
802 case Closed:
803 response = makeppp(b, sizeof(b), p, 2, s, t, PPPLCP, 0, 0, 0);
804 if (!response) return;
805 *response = TerminateAck;
806 *((uint16_t *) (response + 2)) = htons(l = 4);
807 break;
808
809 case Stopped:
810 initialise_restart_count(s, lcp);
811 sendlcp(s, t);
812 if (*response == ConfigAck)
813 change_state(s, lcp, AckSent);
814 else
815 change_state(s, lcp, RequestSent);
816
817 break;
818
819 case RequestSent:
820 if (*response == ConfigAck)
821 change_state(s, lcp, AckSent);
822
823 break;
824
825 case AckReceived:
826 if (*response == ConfigAck)
827 lcp_open(s, t);
828
829 break;
830
831 case Opened:
832 lcp_restart(s);
833 sendlcp(s, t);
834 /* fallthrough */
835
836 case AckSent:
837 if (*response == ConfigAck)
838 change_state(s, lcp, AckSent);
839 else
840 change_state(s, lcp, RequestSent);
841
842 break;
843
844 case Closing:
845 sessionshutdown(s, "LCP: ConfigReq in state Closing. This should not happen. Killing session.", CDN_ADMIN_DISC, TERM_LOST_SERVICE);
846 break;
847
848 default:
849 LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
850 return;
851 }
852
853 LOG(3, s, t, "LCP: send %s\n", ppp_code(*response));
854 if (config->debug > 3) dumplcp(response, l);
855
856 tunnelsend(b, l + (response - b), t);
857 }
858 else if (*p == ConfigNak || *p == ConfigRej)
859 {
860 int x = l - 4;
861 uint8_t *o = (p + 4);
862 int authtype = -1;
863
864 while (x > 2)
865 {
866 int type = o[0];
867 int length = o[1];
868
869 if (length == 0 || type == 0 || x < length) break;
870 switch (type)
871 {
872 case 1: // Maximum-Receive-Unit
873 if (*p == ConfigNak)
874 {
875 if (length < 4) break;
876 sess_local[s].ppp_mru = ntohs(*(uint16_t *)(o + 2));
877 LOG(3, s, t, " Remote requested MRU of %u\n", sess_local[s].ppp_mru);
878 }
879 else
880 {
881 sess_local[s].ppp_mru = 0;
882 LOG(3, s, t, " Remote rejected MRU negotiation\n");
883 }
884
885 break;
886
887 case 3: // Authentication-Protocol
888 if (authtype > 0)
889 break;
890
891 if (*p == ConfigNak)
892 {
893 int proto;
894
895 if (length < 4) break;
896 proto = ntohs(*(uint16_t *)(o + 2));
897
898 if (proto == PPPPAP)
899 {
900 authtype = config->radius_authtypes & AUTHPAP;
901 LOG(3, s, t, " Remote requested PAP authentication...%sing\n",
902 authtype ? "accept" : "reject");
903 }
904 else if (proto == PPPCHAP && length > 4 && *(o + 4) == 5)
905 {
906 authtype = config->radius_authtypes & AUTHCHAP;
907 LOG(3, s, t, " Remote requested CHAP authentication...%sing\n",
908 authtype ? "accept" : "reject");
909 }
910 else
911 {
912 LOG(3, s, t, " Rejecting unsupported authentication %#4x\n",
913 proto);
914 }
915 }
916 else
917 {
918 LOG(2, s, t, "LCP: remote rejected auth negotiation\n");
919 authtype = 0; // shutdown
920 }
921
922 break;
923
924 case 5: // Magic-Number
925 session[s].magic = 0;
926 if (*p == ConfigNak)
927 {
928 if (length < 6) break;
929 session[s].magic = ntohl(*(uint32_t *)(o + 2));
930 }
931
932 if (session[s].magic)
933 LOG(3, s, t, " Remote requested magic-no %x\n", session[s].magic);
934 else
935 LOG(3, s, t, " Remote rejected magic-no\n");
936
937 cluster_send_session(s);
938 break;
939
940 case 17: // Multilink Max-Receive-Reconstructed-Unit
941 {
942 if (*p == ConfigNak)
943 {
944 sess_local[s].mp_mrru = ntohs(*(uint16_t *)(o + 2));
945 LOG(3, s, t, " Remote requested MRRU of %u\n", sess_local[s].mp_mrru);
946 }
947 else
948 {
949 sess_local[s].mp_mrru = 0;
950 LOG(3, s, t, " Remote rejected MRRU negotiation\n");
951 }
952 }
953 break;
954
955 case 18: // Multilink Short Sequence Number Header Format
956 {
957 if (*p == ConfigNak)
958 {
959 sess_local[s].mp_mssf = 0;
960 LOG(3, s, t, " Remote requested Naked mssf\n");
961 }
962 else
963 {
964 sess_local[s].mp_mssf = 0;
965 LOG(3, s, t, " Remote rejected mssf\n");
966 }
967 }
968 break;
969
970 case 19: // Multilink Endpoint Discriminator
971 {
972 if (*p == ConfigNak)
973 {
974 LOG(2, s, t, " Remote should not configNak Endpoint Dis!\n");
975 }
976 else
977 {
978 sess_local[s].mp_epdis = 0;
979 LOG(3, s, t, " Remote rejected Endpoint Discriminator\n");
980 }
981 }
982 break;
983
984 default:
985 LOG(2, s, t, "LCP: remote sent %s for type %u?\n", ppp_code(*p), type);
986 sessionshutdown(s, "Unable to negotiate LCP.", CDN_ADMIN_DISC, TERM_USER_ERROR);
987 return;
988 }
989 x -= length;
990 o += length;
991 }
992
993 if (!authtype)
994 {
995 sessionshutdown(s, "Unsupported authentication.", CDN_ADMIN_DISC, TERM_USER_ERROR);
996 return;
997 }
998
999 if (authtype > 0)
1000 sess_local[s].lcp_authtype = authtype;
1001
1002 switch (session[s].ppp.lcp)
1003 {
1004 case Closed:
1005 case Stopped:
1006 {
1007 uint8_t *response = makeppp(b, sizeof(b), p, 2, s, t, PPPLCP, 0, 0, 0);
1008 if (!response) return;
1009 *response = TerminateAck;
1010 *((uint16_t *) (response + 2)) = htons(l = 4);
1011
1012 LOG(3, s, t, "LCP: send %s\n", ppp_code(*response));
1013 if (config->debug > 3) dumplcp(response, l);
1014
1015 tunnelsend(b, l + (response - b), t);
1016 }
1017 break;
1018
1019 case RequestSent:
1020 case AckSent:
1021 initialise_restart_count(s, lcp);
1022 sendlcp(s, t);
1023 break;
1024
1025 case AckReceived:
1026 LOG(2, s, t, "LCP: ConfigNak in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.lcp));
1027 sendlcp(s, t);
1028 break;
1029
1030 case Opened:
1031 lcp_restart(s);
1032 sendlcp(s, t);
1033 break;
1034
1035 default:
1036 LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
1037 return;
1038 }
1039 }
1040 else if (*p == TerminateReq)
1041 {
1042 switch (session[s].ppp.lcp)
1043 {
1044 case Closed:
1045 case Stopped:
1046 case Closing:
1047 case Stopping:
1048 case RequestSent:
1049 case AckReceived:
1050 case AckSent:
1051 break;
1052
1053 case Opened:
1054 lcp_restart(s);
1055 zero_restart_count(s, lcp);
1056 change_state(s, lcp, Closing);
1057 break;
1058
1059 default:
1060 LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
1061 return;
1062 }
1063
1064 *p = TerminateAck; // send ack
1065 q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP, 0, 0, 0);
1066 if (!q) return;
1067
1068 LOG(3, s, t, "LCP: send %s\n", ppp_code(*q));
1069 if (config->debug > 3) dumplcp(q, l);
1070
1071 tunnelsend(b, l + (q - b), t); // send it
1072 }
1073 else if (*p == ProtocolRej)
1074 {
1075 uint16_t proto = 0;
1076
1077 if (l > 4)
1078 {
1079 proto = *(p+4);
1080 if (l > 5 && !(proto & 1))
1081 {
1082 proto <<= 8;
1083 proto |= *(p+5);
1084 }
1085 }
1086
1087 if (proto == PPPIPV6CP)
1088 {
1089 LOG(3, s, t, "IPv6 rejected\n");
1090 change_state(s, ipv6cp, Closed);
1091 }
1092 else
1093 {
1094 LOG(3, s, t, "LCP protocol reject: 0x%04X\n", proto);
1095 }
1096 }
1097 else if (*p == EchoReq)
1098 {
1099 *p = EchoReply; // reply
1100 *(uint32_t *) (p + 4) = htonl(session[s].magic); // our magic number
1101 q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP, 0, 0, 0);
1102 if (!q) return;
1103
1104 LOG(4, s, t, "LCP: send %s\n", ppp_code(*q));
1105 if (config->debug > 3) dumplcp(q, l);
1106
1107 tunnelsend(b, l + (q - b), t); // send it
1108 }
1109 else if (*p == EchoReply)
1110 {
1111 // Ignore it, last_packet time is set earlier than this.
1112 }
1113 else if (*p != CodeRej)
1114 {
1115 ppp_code_rej(s, t, PPPLCP, "LCP", p, l, b, sizeof(b));
1116 }
1117 }
1118
1119 int join_bundle(sessionidt s)
1120 {
1121 // Search for a bundle to join
1122 bundleidt i;
1123 bundleidt b;
1124 for (i = 1; i < MAXBUNDLE; i++)
1125 {
1126 if (bundle[i].state != BUNDLEFREE)
1127 {
1128 if (epdiscmp(session[s].epdis,bundle[i].epdis) && !strcmp(session[s].user, bundle[i].user))
1129 {
1130 sessionidt first_ses = bundle[i].members[0];
1131 if (bundle[i].mssf != session[s].mssf)
1132 {
1133 // uniformity of sequence number format must be insured
1134 LOG(3, s, session[s].tunnel, "MPPP: unable to bundle session %d in bundle %d cause of different mssf\n", s, i);
1135 return -1;
1136 }
1137 session[s].bundle = i;
1138 session[s].ip = session[first_ses].ip;
1139 session[s].dns1 = session[first_ses].dns1;
1140 session[s].dns2 = session[first_ses].dns2;
1141 session[s].timeout = session[first_ses].timeout;
1142
1143 if(session[s].epdis.length > 0)
1144 setepdis(&bundle[i].epdis, session[s].epdis);
1145
1146 strcpy(bundle[i].user, session[s].user);
1147 bundle[i].members[bundle[i].num_of_links] = s;
1148 bundle[i].num_of_links++;
1149 LOG(3, s, session[s].tunnel, "MPPP: Bundling additional line in bundle (%d), lines:%d\n",i,bundle[i].num_of_links);
1150 return i;
1151 }
1152 }
1153 }
1154
1155 // No previously created bundle was found for this session, so create a new one
1156 if (!(b = new_bundle())) return 0;
1157
1158 session[s].bundle = b;
1159 bundle[b].mrru = session[s].mrru;
1160 bundle[b].mssf = session[s].mssf;
1161 // FIXME !!! to enable l2tpns reading mssf frames receiver_max_seq, sender_max_seq must be introduce
1162 // now session[s].mssf flag indecates that the receiver wish to receive frames in mssf, so max_seq (i.e. recv_max_seq) = 1<<24
1163 /*
1164 if (bundle[b].mssf)
1165 bundle[b].max_seq = 1 << 12;
1166 else */
1167 bundle[b].max_seq = 1 << 24;
1168 if(session[s].epdis.length > 0)
1169 setepdis(&bundle[b].epdis, session[s].epdis);
1170
1171 strcpy(bundle[b].user, session[s].user);
1172 bundle[b].members[0] = s;
1173 bundle[b].timeout = session[s].timeout;
1174 LOG(3, s, session[s].tunnel, "MPPP: Created a new bundle (%d)\n", b);
1175 return b;
1176 }
1177
1178 static int epdiscmp(epdist ep1, epdist ep2)
1179 {
1180 int ad;
1181 if (ep1.length != ep2.length)
1182 return 0;
1183
1184 if (ep1.addr_class != ep2.addr_class)
1185 return 0;
1186
1187 for (ad = 0; ad < ep1.length; ad++)
1188 if (ep1.address[ad] != ep2.address[ad])
1189 return 0;
1190
1191 return 1;
1192 }
1193
1194 static void setepdis(epdist *ep1, epdist ep2)
1195 {
1196 int ad;
1197 ep1->length = ep2.length;
1198 ep1->addr_class = ep2.addr_class;
1199 for (ad = 0; ad < ep2.length; ad++)
1200 ep1->address[ad] = ep2.address[ad];
1201 }
1202
1203 static bundleidt new_bundle()
1204 {
1205 bundleidt i;
1206 for (i = 1; i < MAXBUNDLE; i++)
1207 {
1208 if (bundle[i].state == BUNDLEFREE)
1209 {
1210 LOG(4, 0, 0, "MPPP: Assigning bundle ID %d\n", i);
1211 bundle[i].num_of_links = 1;
1212 bundle[i].last_check = time_now; // Initialize last_check value
1213 bundle[i].state = BUNDLEOPEN;
1214 bundle[i].current_ses = -1; // This is to enforce the first session 0 to be used at first
1215 memset(&frag[i], 0, sizeof(fragmentationt));
1216 if (i > config->cluster_highest_bundleid)
1217 config->cluster_highest_bundleid = i;
1218 return i;
1219 }
1220 }
1221 LOG(0, 0, 0, "MPPP: Can't find a free bundle! There shouldn't be this many in use!\n");
1222 return 0;
1223 }
1224
1225 static void ipcp_open(sessionidt s, tunnelidt t)
1226 {
1227 LOG(3, s, t, "IPCP: Opened, session is now active\n");
1228
1229 change_state(s, ipcp, Opened);
1230
1231 if (!(session[s].walled_garden || session[s].flags & SESSION_STARTED))
1232 {
1233 uint16_t r = radiusnew(s);
1234 if (r)
1235 {
1236 radiussend(r, RADIUSSTART); // send radius start
1237
1238 // don't send further Start records if IPCP is restarted
1239 session[s].flags |= SESSION_STARTED;
1240 cluster_send_session(s);
1241 }
1242 }
1243
1244 // start IPv6 if configured and still in passive state
1245 if (session[s].ppp.ipv6cp == Stopped)
1246 {
1247 sendipv6cp(s, t);
1248 change_state(s, ipv6cp, RequestSent);
1249 }
1250 }
1251
1252 // Process IPCP messages
1253 void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
1254 {
1255 uint8_t b[MAXETHER];
1256 uint8_t *q = 0;
1257 uint16_t hl;
1258
1259 CSTAT(processipcp);
1260
1261 LOG_HEX(5, "IPCP", p, l);
1262 if (l < 4)
1263 {
1264 LOG(1, s, t, "Short IPCP %d bytes\n", l);
1265 STAT(tunnel_rx_errors);
1266 return ;
1267 }
1268
1269 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
1270 {
1271 LOG(1, s, t, "Length mismatch IPCP %u/%u\n", hl, l);
1272 STAT(tunnel_rx_errors);
1273 return ;
1274 }
1275 l = hl;
1276
1277 if (session[s].ppp.phase < Network)
1278 {
1279 LOG(2, s, t, "IPCP %s ignored in %s phase\n", ppp_code(*p), ppp_phase(session[s].ppp.phase));
1280 return;
1281 }
1282
1283 LOG(3, s, t, "IPCP: recv %s\n", ppp_code(*p));
1284
1285 if (*p == ConfigAck)
1286 {
1287 switch (session[s].ppp.ipcp)
1288 {
1289 case RequestSent:
1290 initialise_restart_count(s, ipcp);
1291 change_state(s, ipcp, AckReceived);
1292 break;
1293
1294 case AckReceived:
1295 case Opened:
1296 LOG(2, s, t, "IPCP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.ipcp));
1297 sendipcp(s, t);
1298 change_state(s, ipcp, RequestSent);
1299 break;
1300
1301 case AckSent:
1302 ipcp_open(s, t);
1303 break;
1304
1305 default:
1306 LOG(2, s, t, "IPCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipcp));
1307 }
1308 }
1309 else if (*p == ConfigReq)
1310 {
1311 uint8_t *response = 0;
1312 uint8_t *o = p + 4;
1313 int length = l - 4;
1314 int gotip = 0;
1315 in_addr_t addr;
1316
1317 while (length > 2)
1318 {
1319 if (!o[1] || o[1] > length) return;
1320
1321 switch (*o)
1322 {
1323 case 3: // ip address
1324 gotip++; // seen address
1325 if (o[1] != 6) return;
1326
1327 addr = htonl(session[s].ip);
1328 if (memcmp(o + 2, &addr, (sizeof addr)))
1329 {
1330 uint8_t *oq = q;
1331 q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
1332 if (!q || (q != oq && *response == ConfigRej))
1333 {
1334 sessionshutdown(s, "Can't negotiate IPCP.", CDN_ADMIN_DISC, TERM_USER_ERROR);
1335 return;
1336 }
1337 }
1338
1339 break;
1340
1341 case 129: // primary DNS
1342 if (o[1] != 6) return;
1343
1344 addr = htonl(session[s].dns1);
1345 if (memcmp(o + 2, &addr, (sizeof addr)))
1346 {
1347 q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
1348 if (!q) return;
1349 }
1350
1351 break;
1352
1353 case 131: // secondary DNS
1354 if (o[1] != 6) return;
1355
1356 addr = htonl(session[s].dns2);
1357 if (memcmp(o + 2, &addr, sizeof(addr)))
1358 {
1359 q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
1360 if (!q) return;
1361 }
1362
1363 break;
1364
1365 default:
1366 LOG(2, s, t, " Rejecting PPP IPCP Option type %d\n", *o);
1367 q = ppp_conf_rej(s, b, sizeof(b), PPPIPCP, &response, q, p, o);
1368 if (!q) return;
1369 }
1370
1371 length -= o[1];
1372 o += o[1];
1373 }
1374
1375 if (response)
1376 {
1377 l = q - response; // IPCP packet length
1378 *((uint16_t *) (response + 2)) = htons(l); // update header
1379 }
1380 else if (gotip)
1381 {
1382 // Send packet back as ConfigAck
1383 response = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP, 0, 0, 0);
1384 if (!response) return;
1385 *response = ConfigAck;
1386 }
1387 else
1388 {
1389 LOG(1, s, t, "No IP in IPCP request\n");
1390 STAT(tunnel_rx_errors);
1391 return;
1392 }
1393
1394 switch (session[s].ppp.ipcp)
1395 {
1396 case Closed:
1397 response = makeppp(b, sizeof(b), p, 2, s, t, PPPIPCP, 0, 0, 0);
1398 if (!response) return;
1399 *response = TerminateAck;
1400 *((uint16_t *) (response + 2)) = htons(l = 4);
1401 break;
1402
1403 case Stopped:
1404 initialise_restart_count(s, ipcp);
1405 sendipcp(s, t);
1406 if (*response == ConfigAck)
1407 change_state(s, ipcp, AckSent);
1408 else
1409 change_state(s, ipcp, RequestSent);
1410
1411 break;
1412
1413 case RequestSent:
1414 if (*response == ConfigAck)
1415 change_state(s, ipcp, AckSent);
1416
1417 break;
1418
1419 case AckReceived:
1420 if (*response == ConfigAck)
1421 ipcp_open(s, t);
1422
1423 break;
1424
1425 case Opened:
1426 initialise_restart_count(s, ipcp);
1427 sendipcp(s, t);
1428 /* fallthrough */
1429
1430 case AckSent:
1431 if (*response == ConfigAck)
1432 change_state(s, ipcp, AckSent);
1433 else
1434 change_state(s, ipcp, RequestSent);
1435
1436 break;
1437
1438 default:
1439 LOG(2, s, t, "IPCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipcp));
1440 return;
1441 }
1442
1443 LOG(3, s, t, "IPCP: send %s\n", ppp_code(*response));
1444 tunnelsend(b, l + (response - b), t);
1445 }
1446 else if (*p == TerminateReq)
1447 {
1448 switch (session[s].ppp.ipcp)
1449 {
1450 case Closed:
1451 case Stopped:
1452 case Closing:
1453 case Stopping:
1454 case RequestSent:
1455 case AckReceived:
1456 case AckSent:
1457 break;
1458
1459 case Opened:
1460 zero_restart_count(s, ipcp);
1461 change_state(s, ipcp, Closing);
1462 break;
1463
1464 default:
1465 LOG(2, s, t, "IPCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipcp));
1466 return;
1467 }
1468
1469 *p = TerminateAck; // send ack
1470 q = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP, 0, 0, 0);
1471 if (!q) return;
1472
1473 LOG(3, s, t, "IPCP: send %s\n", ppp_code(*q));
1474 tunnelsend(b, l + (q - b), t); // send it
1475 }
1476 else if (*p != CodeRej)
1477 {
1478 ppp_code_rej(s, t, PPPIPCP, "IPCP", p, l, b, sizeof(b));
1479 }
1480 }
1481
1482 static void ipv6cp_open(sessionidt s, tunnelidt t)
1483 {
1484 int i;
1485 groupidt g;
1486 LOG(3, s, t, "IPV6CP: Opened\n");
1487
1488 change_state(s, ipv6cp, Opened);
1489 for (i = 0; i < MAXROUTE6 && session[s].route6[i].ipv6prefixlen; i++)
1490 {
1491 route6set(s, session[s].route6[i].ipv6route, session[s].route6[i].ipv6prefixlen, 1);
1492 }
1493
1494 if (session[s].ipv6address.s6_addr[0])
1495 {
1496 // Check if included in prefix
1497 if (sessionbyipv6(session[s].ipv6address) != s)
1498 route6set(s, session[s].ipv6address, 128, 1);
1499 }
1500
1501 if ((g = grp_groupbysession(s)))
1502 {
1503 grp_setgrouproute6(g, 1);
1504 cluster_send_groupe(g);
1505 }
1506
1507 // Send an initial RA (TODO: Should we send these regularly?)
1508 send_ipv6_ra(s, t, NULL);
1509 }
1510
1511 // Process IPV6CP messages
1512 void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
1513 {
1514 uint8_t b[MAXETHER];
1515 uint8_t *q = 0;
1516 uint16_t hl;
1517
1518 CSTAT(processipv6cp);
1519
1520 LOG_HEX(5, "IPV6CP", p, l);
1521 if (l < 4)
1522 {
1523 LOG(1, s, t, "Short IPV6CP %d bytes\n", l);
1524 STAT(tunnel_rx_errors);
1525 return ;
1526 }
1527
1528 if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
1529 {
1530 LOG(1, s, t, "Length mismatch IPV6CP %u/%u\n", hl, l);
1531 STAT(tunnel_rx_errors);
1532 return ;
1533 }
1534 l = hl;
1535
1536 if (session[s].ppp.phase < Network)
1537 {
1538 LOG(2, s, t, "IPV6CP %s ignored in %s phase\n", ppp_code(*p), ppp_phase(session[s].ppp.phase));
1539 return;
1540 }
1541
1542 LOG(3, s, t, "IPV6CP: recv %s\n", ppp_code(*p));
1543
1544 if (!session[s].ip)
1545 {
1546 LOG(3, s, t, "IPV6CP: no IPv4 address (IPCP in state %s)\n", ppp_state(session[s].ppp.ipcp));
1547 return; // need IPCP to complete...
1548 }
1549
1550 if (*p == ConfigAck)
1551 {
1552 switch (session[s].ppp.ipv6cp)
1553 {
1554 case RequestSent:
1555 initialise_restart_count(s, ipv6cp);
1556 change_state(s, ipv6cp, AckReceived);
1557 break;
1558
1559 case AckReceived:
1560 case Opened:
1561 LOG(2, s, t, "IPV6CP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.ipv6cp));
1562 sendipv6cp(s, t);
1563 change_state(s, ipv6cp, RequestSent);
1564 break;
1565
1566 case AckSent:
1567 ipv6cp_open(s, t);
1568 break;
1569
1570 default:
1571 LOG(2, s, t, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipv6cp));
1572 }
1573 }
1574 else if (*p == ConfigReq)
1575 {
1576 uint8_t *response = 0;
1577 uint8_t *o = p + 4;
1578 int length = l - 4;
1579 int gotip = 0;
1580 uint32_t ident[2];
1581
1582 while (length > 2)
1583 {
1584 if (!o[1] || o[1] > length) return;
1585
1586 switch (*o)
1587 {
1588 case 1: // interface identifier
1589 gotip++; // seen address
1590 if (o[1] != 10) return;
1591
1592 if (session[s].ipv6address.s6_addr[0])
1593 {
1594 // LSB 64bits of assigned IPv6 address to user (see radius attribut Framed-IPv6-Address)
1595 memcpy(&ident[0], &session[s].ipv6address.s6_addr[8], 8);
1596 }
1597 else
1598 {
1599 ident[0] = htonl(session[s].ip);
1600 ident[1] = 0;
1601 }
1602
1603 if (memcmp(o + 2, ident, sizeof(ident)))
1604 {
1605 q = ppp_conf_nak(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o, (uint8_t *)ident, sizeof(ident));
1606 if (!q) return;
1607 }
1608
1609 break;
1610
1611 default:
1612 LOG(2, s, t, " Rejecting PPP IPV6CP Option type %d\n", *o);
1613 q = ppp_conf_rej(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o);
1614 if (!q) return;
1615 }
1616
1617 length -= o[1];
1618 o += o[1];
1619 }
1620
1621 if (response)
1622 {
1623 l = q - response; // IPV6CP packet length
1624 *((uint16_t *) (response + 2)) = htons(l); // update header
1625 }
1626 else if (gotip)
1627 {
1628 // Send packet back as ConfigAck
1629 response = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP, 0, 0, 0);
1630 if (!response) return;
1631 *response = ConfigAck;
1632 }
1633 else
1634 {
1635 LOG(1, s, t, "No interface identifier in IPV6CP request\n");
1636 STAT(tunnel_rx_errors);
1637 return;
1638 }
1639
1640 switch (session[s].ppp.ipv6cp)
1641 {
1642 case Closed:
1643 response = makeppp(b, sizeof(b), p, 2, s, t, PPPIPV6CP, 0, 0, 0);
1644 if (!response) return;
1645 *response = TerminateAck;
1646 *((uint16_t *) (response + 2)) = htons(l = 4);
1647 break;
1648
1649 case Stopped:
1650 initialise_restart_count(s, ipv6cp);
1651 sendipv6cp(s, t);
1652 if (*response == ConfigAck)
1653 change_state(s, ipv6cp, AckSent);
1654 else
1655 change_state(s, ipv6cp, RequestSent);
1656
1657 break;
1658
1659 case RequestSent:
1660 if (*response == ConfigAck)
1661 change_state(s, ipv6cp, AckSent);
1662
1663 break;
1664
1665 case AckReceived:
1666 if (*response == ConfigAck)
1667 ipv6cp_open(s, t);
1668
1669 break;
1670
1671 case Opened:
1672 initialise_restart_count(s, ipv6cp);
1673 sendipv6cp(s, t);
1674 /* fallthrough */
1675
1676 case AckSent:
1677 if (*response == ConfigAck)
1678 change_state(s, ipv6cp, AckSent);
1679 else
1680 change_state(s, ipv6cp, RequestSent);
1681
1682 break;
1683
1684 default:
1685 LOG(2, s, t, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipv6cp));
1686 return;
1687 }
1688
1689 LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*response));
1690 tunnelsend(b, l + (response - b), t);
1691 }
1692 else if (*p == TerminateReq)
1693 {
1694 switch (session[s].ppp.ipv6cp)
1695 {
1696 case Closed:
1697 case Stopped:
1698 case Closing:
1699 case Stopping:
1700 case RequestSent:
1701 case AckReceived:
1702 case AckSent:
1703 break;
1704
1705 case Opened:
1706 zero_restart_count(s, ipv6cp);
1707 change_state(s, ipv6cp, Closing);
1708 break;
1709
1710 default:
1711 LOG(2, s, t, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipv6cp));
1712 return;
1713 }
1714
1715 *p = TerminateAck; // send ack
1716 q = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP, 0, 0, 0);
1717 if (!q) return;
1718
1719 LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*q));
1720 tunnelsend(b, l + (q - b), t); // send it
1721 }
1722 else if (*p != CodeRej)
1723 {
1724 ppp_code_rej(s, t, PPPIPV6CP, "IPV6CP", p, l, b, sizeof(b));
1725 }
1726 }
1727
1728 static void update_sessions_in_stat(sessionidt s, uint16_t l)
1729 {
1730 bundleidt b = session[s].bundle;
1731 if (!b)
1732 {
1733 increment_counter(&session[s].cin, &session[s].cin_wrap, l);
1734 session[s].cin_delta += l;
1735 session[s].pin++;
1736
1737 sess_local[s].cin += l;
1738 sess_local[s].pin++;
1739 }
1740 else
1741 {
1742 int i = frag[b].re_frame_begin_index;
1743 int end = frag[b].re_frame_end_index;
1744 for (;;)
1745 {
1746 l = frag[b].fragment[i].length;
1747 s = frag[b].fragment[i].sid;
1748 increment_counter(&session[s].cin, &session[s].cin_wrap, l);
1749 session[s].cin_delta += l;
1750 session[s].pin++;
1751
1752 sess_local[s].cin += l;
1753 sess_local[s].pin++;
1754 if (i == end)
1755 return;
1756 i = (i + 1) & MAXFRAGNUM_MASK;
1757 }
1758 }
1759 }
1760
1761 // process IP packet received
1762 //
1763 // This MUST be called with at least 4 byte behind 'p'.
1764 // (i.e. this routine writes to p[-4]).
1765 void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
1766 {
1767 in_addr_t ip, ip_dst;
1768
1769 CSTAT(processipin);
1770
1771 LOG_HEX(5, "IP", p, l);
1772
1773 if (l < 20)
1774 {
1775 LOG(1, s, t, "IP packet too short %d\n", l);
1776 STAT(tunnel_rx_errors);
1777 return ;
1778 }
1779
1780 ip = ntohl(*(uint32_t *)(p + 12));
1781 ip_dst = *(uint32_t *)(p + 16);
1782
1783 if (l > MAXETHER)
1784 {
1785 LOG(1, s, t, "IP packet too long %d\n", l);
1786 STAT(tunnel_rx_errors);
1787 return ;
1788 }
1789
1790 if (session[s].ppp.phase != Network || session[s].ppp.ipcp != Opened)
1791 return;
1792
1793 if (!session[s].bundle || bundle[session[s].bundle].num_of_links < 2) // FIXME:
1794 {
1795 // no spoof (do sessionbyip to handled statically routed subnets)
1796 if (!config->disable_no_spoof && ip != session[s].ip && sessionbyip(htonl(ip)) != s)
1797 {
1798 LOG(4, s, t, "Dropping packet with spoofed IP %s\n", fmtaddr(htonl(ip), 0));
1799 return;
1800 }
1801 }
1802
1803 // run access-list if any
1804 if (session[s].filter_in && !ip_filter(p, l, session[s].filter_in - 1))
1805 return;
1806
1807 // adjust MSS on SYN and SYN,ACK packets with options
1808 if ((ntohs(*(uint16_t *) (p + 6)) & 0x1fff) == 0 && p[9] == IPPROTO_TCP) // first tcp fragment
1809 {
1810 int ihl = (p[0] & 0xf) * 4; // length of IP header
1811 if (l >= ihl + 20 && (p[ihl + 13] & TCP_FLAG_SYN) && ((p[ihl + 12] >> 4) > 5))
1812 adjust_tcp_mss(s, t, p, l, p + ihl);
1813 }
1814
1815 // Add on the tun header
1816 p -= 4;
1817 *(uint32_t *) p = htonl(PKTIP);
1818 l += 4;
1819
1820 if (session[s].tbf_in)
1821 {
1822 if (!config->no_throttle_local_IP || !sessionbyip(ip_dst))
1823 {
1824 // Are we throttling this session?
1825 if (config->cluster_iam_master)
1826 tbf_queue_packet(session[s].tbf_in, p, l);
1827 else
1828 master_throttle_packet(session[s].tbf_in, p, l);
1829 return;
1830 }
1831 }
1832
1833 // send to ethernet
1834 if (tun_write(p, l) < 0)
1835 {
1836 STAT(tun_tx_errors);
1837 LOG(0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
1838 l, strerror(errno), tunfd, p);
1839
1840 return;
1841 }
1842
1843 p += 4;
1844 l -= 4;
1845
1846 if (session[s].snoop_ip && session[s].snoop_port)
1847 {
1848 // Snooping this session
1849 snoop_send_packet(p, l, session[s].snoop_ip, session[s].snoop_port);
1850 }
1851
1852 update_sessions_in_stat(s, l);
1853
1854 eth_tx += l;
1855
1856 STAT(tun_tx_packets);
1857 INC_STAT(tun_tx_bytes, l);
1858 }
1859
1860 // process Multilink PPP packet received
1861 void processmpin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
1862 {
1863 bundleidt b = session[s].bundle;
1864 bundlet * this_bundle = &bundle[b];
1865 uint32_t maskSeq, max_seq;
1866 int frag_offset;
1867 uint16_t frag_index, frag_index_next, frag_index_prev;
1868 fragmentationt *this_fragmentation = &frag[b];
1869 uint8_t begin_frame = (*p & MP_BEGIN);
1870 uint8_t end_frame = (*p & MP_END);
1871 uint32_t seq_num, seq_num_next, seq_num_prev;
1872 uint32_t i;
1873 uint8_t flags = *p;
1874 uint16_t begin_index, end_index;
1875
1876 // Perform length checking
1877 if(l > MAXFRAGLEN)
1878 {
1879 LOG(2, s, t, "MPPP: discarding fragment larger than MAXFRAGLEN\n");
1880 return;
1881 }
1882
1883 if(!b)
1884 {
1885 LOG(2, s, t, "MPPP: Invalid bundle id: 0\n");
1886 return;
1887 }
1888 // FIXME !! session[s].mssf means that the receiver wants to receive frames in mssf not means the receiver will send frames in mssf
1889 /* if(session[s].mssf)
1890 {
1891 // Get 12 bit for seq number
1892 seq_num = ntohs((*(uint16_t *) p) & 0xFF0F);
1893 p += 2;
1894 l -= 2;
1895 // After this point the pointer should be advanced 2 bytes
1896 LOG(3, s, t, "MPPP: 12 bits, sequence number: %d\n",seq_num);
1897 }
1898 else */
1899 {
1900 // Get 24 bit for seq number
1901 seq_num = ntohl((*(uint32_t *) p) & 0xFFFFFF00);
1902 p += 4;
1903 l -= 4;
1904 // After this point the pointer should be advanced 4 bytes
1905 LOG(4, s, t, "MPPP: 24 bits sequence number:%d\n",seq_num);
1906 }
1907
1908 max_seq = this_bundle->max_seq;
1909 maskSeq = max_seq - 1;
1910
1911 /*
1912 * Expand sequence number to 32 bits, making it as close
1913 * as possible to this_fragmentation->M.
1914 */
1915 seq_num |= this_fragmentation->M & ~maskSeq;
1916 if ((int)(this_fragmentation->M - seq_num) > (int)(maskSeq >> 1))
1917 {
1918 seq_num += maskSeq + 1;
1919 }
1920 else if ((int)(seq_num - this_fragmentation->M) > (int)(maskSeq >> 1))
1921 {
1922 seq_num -= maskSeq + 1; /* should never happen */
1923 }
1924
1925 // calculate this fragment's offset from the begin seq in the bundle
1926 frag_offset = (int) (seq_num - this_fragmentation->start_seq);
1927
1928 sess_local[s].last_seq = seq_num;
1929
1930 // calculate the jitter average
1931 uint32_t ljitter = time_now_ms - sess_local[s].prev_time;
1932 if (ljitter > 0)
1933 {
1934 sess_local[s].jitteravg = (sess_local[s].jitteravg + ljitter)>>1;
1935 sess_local[s].prev_time = time_now_ms;
1936 }
1937
1938 uint32_t Mmin;
1939
1940 if (seq_num < this_fragmentation->M)
1941 {
1942 Mmin = seq_num;
1943 this_fragmentation->M = seq_num;
1944 }
1945 else
1946 {
1947 Mmin = sess_local[(this_bundle->members[0])].last_seq;
1948 for (i = 1; i < this_bundle->num_of_links; i++)
1949 {
1950 uint32_t s_seq = sess_local[(this_bundle->members[i])].last_seq;
1951 if (s_seq < Mmin)
1952 Mmin = s_seq;
1953 }
1954 this_fragmentation->M = Mmin;
1955 }
1956
1957 // calculate M offset of the M seq in the bundle
1958 int M_offset = (int) (Mmin - this_fragmentation->start_seq);
1959
1960 if (M_offset >= MAXFRAGNUM)
1961 {
1962 // There have a long break of the link !!!!!!!!
1963 // M_offset is bigger that the fragmentation buffer size
1964 LOG(3, s, t, "MPPP: M_offset out of range, min:%d, begin_seq:%d\n", Mmin, this_fragmentation->start_seq);
1965
1966 // Calculate the new start index, the previous frag are lost
1967 begin_index = (M_offset + this_fragmentation->start_index) & MAXFRAGNUM_MASK;
1968
1969 // Set new Start sequence
1970 this_fragmentation->start_index = begin_index;
1971 this_fragmentation->start_seq = Mmin;
1972 M_offset = 0;
1973 // recalculate the fragment offset from the new begin seq in the bundle
1974 frag_offset = (int) (seq_num - Mmin);
1975 }
1976
1977 // discard this fragment if the packet comes before the start sequence
1978 if (frag_offset < 0)
1979 {
1980 // this packet comes before the next
1981 LOG(3, s, t, "MPPP: (COMES BEFORE) the next, seq:%d, begin_seq:%d, size_frag:%d, flags:%02X is LOST\n", seq_num, this_fragmentation->start_seq, l, flags);
1982 return;
1983 }
1984
1985 // discard if frag_offset is bigger that the fragmentation buffer size
1986 if (frag_offset >= MAXFRAGNUM)
1987 {
1988 // frag_offset is bigger that the fragmentation buffer size
1989 LOG(3, s, t, "MPPP: Index out of range, seq:%d, begin_seq:%d\n", seq_num, this_fragmentation->start_seq);
1990 return;
1991 }
1992
1993 //caculate received fragment's index in the fragment array
1994 frag_index = (frag_offset + this_fragmentation->start_index) & MAXFRAGNUM_MASK;
1995
1996 // insert the frame in it's place
1997 fragmentt *this_frag = &this_fragmentation->fragment[frag_index];
1998
1999 if (this_frag->length > 0)
2000 // This fragment is lost, It was around the buffer and it was never completed the packet.
2001 LOG(3, this_frag->sid, this_frag->tid, "MPPP: (INSERT) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2002 this_frag->seq, frag_index, this_frag->flags);
2003
2004 this_frag->length = l;
2005 this_frag->sid = s;
2006 this_frag->tid = t;
2007 this_frag->flags = flags;
2008 this_frag->seq = seq_num;
2009 this_frag->jitteravg = sess_local[s].jitteravg;
2010 memcpy(this_frag->data, p, l);
2011
2012 LOG(4, s, t, "MPPP: seq_num:%d frag_index:%d INSERTED flags: %02X\n", seq_num, frag_index, flags);
2013
2014 //next frag index
2015 frag_index_next = (frag_index + 1) & MAXFRAGNUM_MASK;
2016 //previous frag index
2017 frag_index_prev = (frag_index - 1) & MAXFRAGNUM_MASK;
2018 // next seq
2019 seq_num_next = seq_num + 1;
2020 // previous seq
2021 seq_num_prev = seq_num - 1;
2022
2023 // Clean the buffer and log the lost fragments
2024 if ((frag_index_next != this_fragmentation->start_index) && this_fragmentation->fragment[frag_index_next].length)
2025 {
2026 // check if the next frag is a lost fragment
2027 if (this_fragmentation->fragment[frag_index_next].seq != seq_num_next)
2028 {
2029 // This fragment is lost, It was around the buffer and it was never completed the packet.
2030 LOG(3, this_fragmentation->fragment[frag_index_next].sid, this_fragmentation->fragment[frag_index_next].tid,
2031 "MPPP: (NEXT) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2032 this_fragmentation->fragment[frag_index_next].seq, frag_index_next,
2033 this_fragmentation->fragment[frag_index_next].flags);
2034 // this frag is lost
2035 this_fragmentation->fragment[frag_index_next].length = 0;
2036 this_fragmentation->fragment[frag_index_next].flags = 0;
2037
2038 if (begin_frame && (!end_frame)) return; // assembling frame failed
2039 }
2040 }
2041
2042 // Clean the buffer and log the lost fragments
2043 if ((frag_index != this_fragmentation->start_index) && this_fragmentation->fragment[frag_index_prev].length)
2044 {
2045 // check if the next frag is a lost fragment
2046 if (this_fragmentation->fragment[frag_index_prev].seq != seq_num_prev)
2047 {
2048 // This fragment is lost, It was around the buffer and it was never completed the packet.
2049 LOG(3, this_fragmentation->fragment[frag_index_prev].sid, this_fragmentation->fragment[frag_index_prev].tid,
2050 "MPPP: (PREV) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2051 this_fragmentation->fragment[frag_index_prev].seq, frag_index_prev,
2052 this_fragmentation->fragment[frag_index_prev].flags);
2053
2054 this_fragmentation->fragment[frag_index_prev].length = 0;
2055 this_fragmentation->fragment[frag_index_prev].flags = 0;
2056
2057 if (end_frame && (!begin_frame)) return; // assembling frame failed
2058 }
2059 }
2060
2061 find_frame:
2062 begin_index = this_fragmentation->start_index;
2063 uint32_t b_seq = this_fragmentation->start_seq;
2064 // Try to find a Begin sequence from the start_seq sequence to M sequence
2065 while (b_seq < Mmin)
2066 {
2067 if (this_fragmentation->fragment[begin_index].length)
2068 {
2069 if (b_seq == this_fragmentation->fragment[begin_index].seq)
2070 {
2071 if (this_fragmentation->fragment[begin_index].flags & MP_BEGIN)
2072 {
2073 int isfoundE = 0;
2074 // Adjust the new start sequence and start index
2075 this_fragmentation->start_index = begin_index;
2076 this_fragmentation->start_seq = b_seq;
2077 // Begin Sequence found, now try to found the End Sequence to complete the frame
2078 end_index = begin_index;
2079 while (b_seq < Mmin)
2080 {
2081 if (this_fragmentation->fragment[end_index].length)
2082 {
2083 if (b_seq == this_fragmentation->fragment[end_index].seq)
2084 {
2085 if (this_fragmentation->fragment[end_index].flags & MP_END)
2086 {
2087 // The End sequence was found and the frame is complete
2088 isfoundE = 1;
2089 break;
2090 }
2091 }
2092 else
2093 {
2094 // This fragment is lost, it was never completed the packet.
2095 LOG(3, this_fragmentation->fragment[end_index].sid, this_fragmentation->fragment[end_index].tid,
2096 "MPPP: (FIND END) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2097 this_fragmentation->fragment[end_index].seq, begin_index,
2098 this_fragmentation->fragment[end_index].flags);
2099 // this frag is lost
2100 this_fragmentation->fragment[end_index].length = 0;
2101 this_fragmentation->fragment[end_index].flags = 0;
2102 // This frame is not complete find the next Begin
2103 break;
2104 }
2105 }
2106 else
2107 {
2108 // This frame is not complete find the next Begin if exist
2109 break;
2110 }
2111 end_index = (end_index +1) & MAXFRAGNUM_MASK;
2112 b_seq++;
2113 }
2114
2115 if (isfoundE)
2116 // The End sequence was found and the frame is complete
2117 break;
2118 else
2119 // find the next Begin
2120 begin_index = end_index;
2121 }
2122 }
2123 else
2124 {
2125 // This fragment is lost, it was never completed the packet.
2126 LOG(3, this_fragmentation->fragment[begin_index].sid, this_fragmentation->fragment[begin_index].tid,
2127 "MPPP: (FIND BEGIN) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2128 this_fragmentation->fragment[begin_index].seq, begin_index,
2129 this_fragmentation->fragment[begin_index].flags);
2130 // this frag is lost
2131 this_fragmentation->fragment[begin_index].length = 0;
2132 this_fragmentation->fragment[begin_index].flags = 0;
2133 }
2134 }
2135 begin_index = (begin_index +1) & MAXFRAGNUM_MASK;
2136 b_seq++;
2137 }
2138
2139 assembling_frame:
2140 // try to assemble the frame that has the received fragment as a member
2141 // get the beginning of this frame
2142 begin_index = end_index = this_fragmentation->start_index;
2143 if (this_fragmentation->fragment[begin_index].length)
2144 {
2145 if (!(this_fragmentation->fragment[begin_index].flags & MP_BEGIN))
2146 {
2147 LOG(3, this_fragmentation->fragment[begin_index].sid, this_fragmentation->fragment[begin_index].tid,
2148 "MPPP: (NOT BEGIN) seq_num:%d frag_index:%d flags:%02X\n",
2149 this_fragmentation->fragment[begin_index].seq, begin_index,
2150 this_fragmentation->fragment[begin_index].flags);
2151 // should occur only after an "M_Offset out of range"
2152 // The start sequence must be a begin sequence
2153 this_fragmentation->start_index = (begin_index +1) & MAXFRAGNUM_MASK;
2154 this_fragmentation->start_seq++;
2155 return; // assembling frame failed
2156 }
2157 }
2158 else
2159 return; // assembling frame failed
2160
2161 // get the end of his frame
2162 while (this_fragmentation->fragment[end_index].length)
2163 {
2164 if (this_fragmentation->fragment[end_index].flags & MP_END)
2165 break;
2166
2167 end_index = (end_index +1) & MAXFRAGNUM_MASK;
2168
2169 if (end_index == this_fragmentation->start_index)
2170 return; // assembling frame failed
2171 }
2172
2173 // return if a lost fragment is found
2174 if (!(this_fragmentation->fragment[end_index].length))
2175 return; // assembling frame failed
2176
2177 // assemble the packet
2178 //assemble frame, process it, reset fragmentation
2179 uint16_t cur_len = 4; // This is set to 4 to leave 4 bytes for function processipin
2180
2181 LOG(4, s, t, "MPPP: processing fragments from %d to %d\n", begin_index, end_index);
2182 // Push to the receive buffer
2183
2184 for (i = begin_index;; i = (i + 1) & MAXFRAGNUM_MASK)
2185 {
2186 this_frag = &this_fragmentation->fragment[i];
2187 if(cur_len + this_frag->length > MAXETHER)
2188 {
2189 LOG(2, s, t, "MPPP: discarding reassembled frames larger than MAXETHER\n");
2190 break;
2191 }
2192
2193 memcpy(this_fragmentation->reassembled_frame+cur_len, this_frag->data, this_frag->length);
2194 LOG(5, s, t, "MPPP: processing frame at %d, with len %d\n", i, this_frag->length);
2195
2196 cur_len += this_frag->length;
2197 if (i == end_index)
2198 {
2199 this_fragmentation->re_frame_len = cur_len;
2200 this_fragmentation->re_frame_begin_index = begin_index;
2201 this_fragmentation->re_frame_end_index = end_index;
2202 // Process the resassembled frame
2203 LOG(5, s, t, "MPPP: Process the reassembled frame, len=%d\n",cur_len);
2204 processmpframe(s, t, this_fragmentation->reassembled_frame, this_fragmentation->re_frame_len, 1);
2205 break;
2206 }
2207 }
2208
2209 // Set reassembled frame length to zero after processing it
2210 this_fragmentation->re_frame_len = 0;
2211 for (i = begin_index;; i = (i + 1) & MAXFRAGNUM_MASK)
2212 {
2213 this_fragmentation->fragment[i].length = 0; // Indicates that this fragment has been consumed
2214 this_fragmentation->fragment[i].flags = 0;
2215 if (i == end_index)
2216 break;
2217 }
2218
2219 // Set the new start_index and start_seq
2220 this_fragmentation->start_index = (end_index + 1) & MAXFRAGNUM_MASK;
2221 this_fragmentation->start_seq = this_fragmentation->fragment[end_index].seq + 1;
2222 LOG(4, s, t, "MPPP after assembling: start index is = %d, start seq=%d\n", this_fragmentation->start_index, this_fragmentation->start_seq);
2223
2224 begin_index = this_fragmentation->start_index;
2225 if ((this_fragmentation->fragment[begin_index].length) &&
2226 (this_fragmentation->fragment[begin_index].seq != this_fragmentation->start_seq))
2227 {
2228 LOG(3, this_fragmentation->fragment[begin_index].sid, this_fragmentation->fragment[begin_index].tid,
2229 "MPPP: (START) seq_num:%d frag_index:%d flags:%02X is LOST\n",
2230 this_fragmentation->fragment[begin_index].seq, begin_index,
2231 this_fragmentation->fragment[begin_index].flags);
2232 this_fragmentation->fragment[begin_index].length = 0;
2233 this_fragmentation->fragment[begin_index].flags = 0;
2234 }
2235
2236 if (this_fragmentation->start_seq <= Mmin)
2237 // It's possible to find other complete frame or lost frame.
2238 goto find_frame;
2239 else if ((this_fragmentation->fragment[begin_index].length) &&
2240 (this_fragmentation->fragment[begin_index].flags & MP_BEGIN))
2241 // may be that the next frame is completed
2242 goto assembling_frame;
2243
2244 return;
2245 }
2246
2247 // process IPv6 packet received
2248 //
2249 // This MUST be called with at least 4 byte behind 'p'.
2250 // (i.e. this routine writes to p[-4]).
2251 void processipv6in(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
2252 {
2253 struct in6_addr ip;
2254 in_addr_t ipv4;
2255
2256 CSTAT(processipv6in);
2257
2258 LOG_HEX(5, "IPv6", p, l);
2259
2260 ip = *(struct in6_addr *) (p + 8);
2261 ipv4 = ntohl(*(uint32_t *)(p + 16));
2262
2263 if (l > MAXETHER)
2264 {
2265 LOG(1, s, t, "IP packet too long %d\n", l);
2266 STAT(tunnel_rx_errors);
2267 return ;
2268 }
2269
2270 if (session[s].ppp.phase != Network || session[s].ppp.ipv6cp != Opened)
2271 return;
2272
2273 // no spoof
2274 if (session[s].ipv6address.s6_addr[0])
2275 {
2276 if ((sessionbyipv6new(ip) != s) &&
2277 (ip.s6_addr[0] != 0xFE || ip.s6_addr[1] != 0x80 || ip.s6_addr16[1] != 0 || ip.s6_addr16[2] != 0 || ip.s6_addr16[3] != 0) &&
2278 (!grp_groupbyipv6(ip)))
2279 {
2280 char str[INET6_ADDRSTRLEN];
2281 LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
2282 inet_ntop(AF_INET6, &ip, str, INET6_ADDRSTRLEN));
2283 return;
2284 }
2285 }
2286 else if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s)
2287 {
2288 char str[INET6_ADDRSTRLEN];
2289 LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
2290 inet_ntop(AF_INET6, &ip, str, INET6_ADDRSTRLEN));
2291 return;
2292 }
2293
2294 // Check if it's a Router Solicition message.
2295 if (*(p + 6) == 58 && *(p + 7) == 255 && *(p + 24) == 0xFF && *(p + 25) == 2 &&
2296 *(uint32_t *)(p + 26) == 0 && *(uint32_t *)(p + 30) == 0 &&
2297 *(uint32_t *)(p + 34) == 0 &&
2298 *(p + 38) == 0 && *(p + 39) == 2 && *(p + 40) == 133) {
2299 LOG(3, s, t, "Got IPv6 RS\n");
2300 send_ipv6_ra(s, t, &ip);
2301 return;
2302 }
2303
2304 // Check if DhcpV6, IP dst: FF02::1:2, Src Port 0x0222 (546), Dst Port 0x0223 (547)
2305 if (*(p + 6) == 17 && *(p + 24) == 0xFF && *(p + 25) == 2 &&
2306 *(uint32_t *)(p + 26) == 0 && *(uint32_t *)(p + 30) == 0 &&
2307 *(uint16_t *)(p + 34) == 0 && *(p + 36) == 0 && *(p + 37) == 1 && *(p + 38) == 0 && *(p + 39) == 2 &&
2308 *(p + 40) == 2 && *(p + 41) == 0x22 && *(p + 42) == 2 && *(p + 43) == 0x23)
2309 {
2310 dhcpv6_process(s, t, p, l);
2311 return;
2312 }
2313
2314 // Add on the tun header
2315 p -= 4;
2316 *(uint32_t *) p = htonl(PKTIPV6);
2317 l += 4;
2318
2319 // Are we throttled and a slave?
2320 if (session[s].tbf_in && !config->cluster_iam_master) {
2321 // Pass it to the master for handling.
2322 master_throttle_packet(session[s].tbf_in, p, l);
2323 return;
2324 }
2325
2326 // Are we throttled and a master??
2327 if (session[s].tbf_in && config->cluster_iam_master) {
2328 // Actually handle the throttled packets.
2329 tbf_queue_packet(session[s].tbf_in, p, l);
2330 return;
2331 }
2332
2333 // send to ethernet
2334 if (tun_write(p, l) < 0)
2335 {
2336 STAT(tun_tx_errors);
2337 LOG(0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
2338 l, strerror(errno), tunfd, p);
2339
2340 return;
2341 }
2342
2343 p += 4;
2344 l -= 4;
2345
2346 if (session[s].snoop_ip && session[s].snoop_port)
2347 {
2348 // Snooping this session
2349 snoop_send_packet(p, l, session[s].snoop_ip, session[s].snoop_port);
2350 }
2351
2352 update_sessions_in_stat(s, l);
2353
2354 eth_tx += l;
2355
2356 STAT(tun_tx_packets);
2357 INC_STAT(tun_tx_bytes, l);
2358 }
2359
2360 //
2361 // Helper routine for the TBF filters.
2362 // Used to send queued data in from the user.
2363 //
2364 void send_ipin(sessionidt s, uint8_t *buf, int len)
2365 {
2366 LOG_HEX(5, "IP in throttled", buf, len);
2367
2368 if (write(tunfd, buf, len) < 0)
2369 {
2370 STAT(tun_tx_errors);
2371 LOG(0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
2372 len, strerror(errno), tunfd, buf);
2373
2374 return;
2375 }
2376
2377 buf += 4;
2378 len -= 4;
2379
2380 if (session[s].snoop_ip && session[s].snoop_port)
2381 {
2382 // Snooping this session
2383 snoop_send_packet(buf, len, session[s].snoop_ip, session[s].snoop_port);
2384 }
2385
2386 // Increment packet counters
2387 increment_counter(&session[s].cin, &session[s].cin_wrap, len);
2388 session[s].cin_delta += len;
2389 session[s].pin++;
2390
2391 sess_local[s].cin += len;
2392 sess_local[s].pin++;
2393
2394 eth_tx += len;
2395
2396 STAT(tun_tx_packets);
2397 INC_STAT(tun_tx_bytes, len - 4);
2398 }
2399
2400
2401 // Process CCP messages
2402 void processccp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
2403 {
2404 uint8_t b[MAXETHER];
2405 uint8_t *q;
2406
2407 CSTAT(processccp);
2408
2409 LOG_HEX(5, "CCP", p, l);
2410
2411 if (session[s].ppp.phase < Network)
2412 {
2413 LOG(2, s, t, "CCP %s ignored in %s phase\n", ppp_code(*p), ppp_phase(session[s].ppp.phase));
2414 return;
2415 }
2416
2417 if (l < 1)
2418 {
2419 LOG(1, s, t, "Short CCP packet\n");
2420 STAT(tunnel_rx_errors);
2421 }
2422
2423 LOG(4, s, t, "CCP: recv %s\n", ppp_code(*p));
2424 if (*p == ConfigAck)
2425 {
2426 switch (session[s].ppp.ccp)
2427 {
2428 case RequestSent:
2429 initialise_restart_count(s, ccp);
2430 change_state(s, ccp, AckReceived);
2431 break;
2432
2433 case AckReceived:
2434 case Opened:
2435 LOG(2, s, t, "CCP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.ccp));
2436 sendccp(s, t);
2437 change_state(s, ccp, RequestSent);
2438 break;
2439
2440 case AckSent:
2441 LOG(3, s, t, "CCP: Opened\n");
2442 change_state(s, ccp, Opened);
2443 break;
2444
2445 default:
2446 LOG(2, s, t, "CCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ccp));
2447 }
2448 }
2449 else if (*p == ConfigReq)
2450 {
2451 if (l < 6) // accept no compression
2452 *p = ConfigAck;
2453 else // compression requested--reject
2454 *p = ConfigRej;
2455
2456 q = makeppp(b, sizeof(b), p, l, s, t, PPPCCP, 0, 0, 0);
2457 if (!q) return;
2458
2459 switch (session[s].ppp.ccp)
2460 {
2461 case Closed:
2462 q = makeppp(b, sizeof(b), p, 2, s, t, PPPCCP, 0, 0, 0);
2463 if (!q) return;
2464 *q = TerminateAck;
2465 *((uint16_t *) (q + 2)) = htons(l = 4);
2466 break;
2467
2468 case Stopped:
2469 initialise_restart_count(s, ccp);
2470 sendccp(s, t);
2471 if (*q == ConfigAck)
2472 change_state(s, ccp, AckSent);
2473 else
2474 change_state(s, ccp, RequestSent);
2475
2476 break;
2477
2478 case RequestSent:
2479 if (*q == ConfigAck)
2480 change_state(s, ccp, AckSent);
2481
2482 break;
2483
2484 case AckReceived:
2485 if (*q == ConfigAck)
2486 change_state(s, ccp, Opened);
2487
2488 break;
2489
2490 case Opened:
2491 initialise_restart_count(s, ccp);
2492 sendccp(s, t);
2493 /* fallthrough */
2494
2495 case AckSent:
2496 if (*q == ConfigAck)
2497 change_state(s, ccp, AckSent);
2498 else
2499 change_state(s, ccp, RequestSent);
2500
2501 break;
2502
2503 default:
2504 LOG(2, s, t, "CCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ccp));
2505 return;
2506 }
2507
2508 LOG(4, s, t, "CCP: send %s\n", ppp_code(*q));
2509 tunnelsend(b, l + (q - b), t);
2510 }
2511 else if (*p == TerminateReq)
2512 {
2513 *p = TerminateAck;
2514 q = makeppp(b, sizeof(b), p, l, s, t, PPPCCP, 0, 0, 0);
2515 if (!q) return;
2516 LOG(3, s, t, "CCP: send %s\n", ppp_code(*q));
2517 tunnelsend(b, l + (q - b), t);
2518 change_state(s, ccp, Stopped);
2519 }
2520 else if (*p != CodeRej)
2521 {
2522 ppp_code_rej(s, t, PPPCCP, "CCP", p, l, b, sizeof(b));
2523 }
2524 }
2525
2526 // send a CHAP challenge
2527 void sendchap(sessionidt s, tunnelidt t)
2528 {
2529 uint8_t b[MAXETHER];
2530 uint16_t r;
2531 uint8_t *q;
2532
2533 CSTAT(sendchap);
2534
2535 r = radiusnew(s);
2536 if (!r)
2537 {
2538 LOG(1, s, t, "No RADIUS to send challenge\n");
2539 STAT(tunnel_tx_errors);
2540 return;
2541 }
2542
2543 LOG(1, s, t, "Send CHAP challenge\n");
2544
2545 radius[r].chap = 1; // CHAP not PAP
2546 radius[r].id++;
2547 if (radius[r].state != RADIUSCHAP)
2548 radius[r].try = 0;
2549
2550 radius[r].state = RADIUSCHAP;
2551 radius[r].retry = backoff(radius[r].try++);
2552 if (radius[r].try > 5)
2553 {
2554 sessionshutdown(s, "CHAP timeout.", CDN_ADMIN_DISC, TERM_REAUTHENTICATION_FAILURE);
2555 STAT(tunnel_tx_errors);
2556 return ;
2557 }
2558 q = makeppp(b, sizeof(b), 0, 0, s, t, PPPCHAP, 0, 0, 0);
2559 if (!q) return;
2560
2561 *q = 1; // challenge
2562 q[1] = radius[r].id; // ID
2563 q[4] = 16; // value size (size of challenge)
2564 memcpy(q + 5, radius[r].auth, 16); // challenge
2565 strcpy((char *) q + 21, config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname); // our name
2566 *(uint16_t *) (q + 2) = htons(strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21); // length
2567 tunnelsend(b, strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21 + (q - b), t); // send it
2568 }
2569
2570 // fill in a L2TP message with a PPP frame,
2571 // returns start of PPP frame
2572 uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, sessionidt s, tunnelidt t, uint16_t mtype, uint8_t prio, bundleidt bid, uint8_t mp_bits)
2573 {
2574 uint16_t hdr = 0x0002; // L2TP with no options
2575 uint16_t type = mtype;
2576 uint8_t *start = b;
2577
2578 if (t == TUNNEL_ID_PPPOE)
2579 {
2580 return pppoe_makeppp(b, size, p, l, s, t, mtype, prio, bid, mp_bits);
2581 }
2582
2583 if (size < 16) // Need more space than this!!
2584 {
2585 LOG(0, s, t, "makeppp buffer too small for L2TP header (size=%d)\n", size);
2586 return NULL;
2587 }
2588
2589 if (prio) hdr |= 0x0100; // set priority bit
2590
2591 *(uint16_t *) (b + 0) = htons(hdr);
2592 *(uint16_t *) (b + 2) = htons(tunnel[t].far); // tunnel
2593 *(uint16_t *) (b + 4) = htons(session[s].far); // session
2594 b += 6;
2595
2596 // Check whether this session is part of multilink
2597 if (bid)
2598 {
2599 if (bundle[bid].num_of_links > 1)
2600 type = PPPMP; // Change PPP message type to the PPPMP
2601 else
2602 bid = 0;
2603 }
2604
2605 if (type == PPPLCP || !(session[s].flags & SESSION_ACFC))
2606 {
2607 *(uint16_t *) b = htons(0xFF03); // HDLC header
2608 b += 2;
2609 }
2610
2611 if (type < 0x100 && session[s].flags & SESSION_PFC)
2612 {
2613 *b++ = type;
2614 }
2615 else
2616 {
2617 *(uint16_t *) b = htons(type);
2618 b += 2;
2619 }
2620
2621 if (bid)
2622 {
2623 // Set the sequence number and (B)egin (E)nd flags
2624 if (session[s].mssf)
2625 {
2626 // Set the multilink bits
2627 uint16_t bits_send = mp_bits;
2628 *(uint16_t *) b = htons((bundle[bid].seq_num_t & 0x0FFF)|bits_send);
2629 b += 2;
2630 }
2631 else
2632 {
2633 *(uint32_t *) b = htonl(bundle[bid].seq_num_t);
2634 // Set the multilink bits
2635 *b = mp_bits;
2636 b += 4;
2637 }
2638
2639 bundle[bid].seq_num_t++;
2640
2641 // Add the message type if this fragment has the begin bit set
2642 if (mp_bits & MP_BEGIN)
2643 {
2644 //*b++ = mtype; // The next two lines are instead of this
2645 *(uint16_t *) b = htons(mtype); // Message type
2646 b += 2;
2647 }
2648 }
2649
2650 if ((b - start) + l > size)
2651 {
2652 LOG(2, s, t, "makeppp would overflow buffer (size=%d, header+payload=%td)\n", size, (b - start) + l);
2653 return NULL;
2654 }
2655
2656 // Copy the payload
2657 if (p && l)
2658 memcpy(b, p, l);
2659
2660 return b;
2661 }
2662
2663 // fill in a L2TP message with a PPP frame,
2664 // returns start of PPP frame
2665 //(note: THIS ROUTINE CAN WRITES TO p[-28]).
2666 uint8_t *opt_makeppp(uint8_t *p, int l, sessionidt s, tunnelidt t, uint16_t mtype, uint8_t prio, bundleidt bid, uint8_t mp_bits)
2667 {
2668 uint16_t hdr = 0x0002; // L2TP with no options
2669 uint16_t type = mtype;
2670 uint8_t *b = p;
2671
2672 if (t == TUNNEL_ID_PPPOE)
2673 {
2674 return opt_pppoe_makeppp(p, l, s, t, mtype, prio, bid, mp_bits);
2675 }
2676
2677 // Check whether this session is part of multilink
2678 if (bid)
2679 {
2680 if (bundle[bid].num_of_links > 1)
2681 type = PPPMP; // Change PPP message type to the PPPMP
2682 else
2683 bid = 0;
2684 }
2685
2686 if (bid)
2687 {
2688 // Add the message type if this fragment has the begin bit set
2689 if (mp_bits & MP_BEGIN)
2690 {
2691 b -= 2;
2692 *(uint16_t *) b = htons(mtype); // Message type
2693 }
2694
2695 // Set the sequence number and (B)egin (E)nd flags
2696 if (session[s].mssf)
2697 {
2698 // Set the multilink bits
2699 uint16_t bits_send = mp_bits;
2700 b -= 2;
2701 *(uint16_t *) b = htons((bundle[bid].seq_num_t & 0x0FFF)|bits_send);
2702 }
2703 else
2704 {
2705 b -= 4;
2706 *(uint32_t *) b = htonl(bundle[bid].seq_num_t);
2707 // Set the multilink bits
2708 *b = mp_bits;
2709 }
2710
2711 bundle[bid].seq_num_t++;
2712 }
2713
2714 if (type < 0x100 && session[s].flags & SESSION_PFC)
2715 {
2716 b--;
2717 *b = type;
2718 }
2719 else
2720 {
2721 b -= 2;
2722 *(uint16_t *) b = htons(type);
2723 }
2724
2725 if (type == PPPLCP || !(session[s].flags & SESSION_ACFC))
2726 {
2727 b -= 2;
2728 *(uint16_t *) b = htons(0xFF03); // HDLC header
2729 }
2730
2731 if (prio) hdr |= 0x0100; // set priority bit
2732 b -= 2;
2733 *(uint16_t *) b = htons(session[s].far); // session
2734 b -= 2;
2735 *(uint16_t *) b = htons(tunnel[t].far); // tunnel
2736 b -= 2;
2737 *(uint16_t *) b = htons(hdr);
2738
2739 return b;
2740 }
2741
2742 static int add_lcp_auth(uint8_t *b, int size, int authtype)
2743 {
2744 int len = 0;
2745 if ((authtype == AUTHCHAP && size < 5) || size < 4)
2746 return 0;
2747
2748 *b++ = 3; // Authentication-Protocol
2749 if (authtype == AUTHCHAP)
2750 {
2751 len = *b++ = 5; // length
2752 *(uint16_t *) b = htons(PPPCHAP); b += 2;
2753 *b++ = 5; // MD5
2754 }
2755 else if (authtype == AUTHPAP)
2756 {
2757 len = *b++ = 4; // length
2758 *(uint16_t *) b = htons(PPPPAP); b += 2;
2759 }
2760 else
2761 {
2762 LOG(0, 0, 0, "add_lcp_auth called with unsupported auth type %d\n", authtype);
2763 }
2764
2765 return len;
2766 }
2767
2768 // Send LCP ConfigReq for MRU, authentication type and magic no
2769 void sendlcp(sessionidt s, tunnelidt t)
2770 {
2771 uint8_t b[500], *q, *l;
2772 int authtype = sess_local[s].lcp_authtype;
2773
2774 if (!(q = makeppp(b, sizeof(b), NULL, 0, s, t, PPPLCP, 0, 0, 0)))
2775 return;
2776
2777 LOG(3, s, t, "LCP: send ConfigReq%s%s%s including MP options\n",
2778 authtype ? " (" : "",
2779 authtype ? (authtype == AUTHCHAP ? "CHAP" : "PAP") : "",
2780 authtype ? ")" : "");
2781
2782 l = q;
2783 *l++ = ConfigReq;
2784 *l++ = ++sess_local[s].lcp_ident; // ID
2785
2786 l += 2; //Save space for length
2787
2788 if (sess_local[s].ppp_mru)
2789 {
2790 *l++ = 1; *l++ = 4; // Maximum-Receive-Unit (length 4)
2791 *(uint16_t *) l = htons(sess_local[s].ppp_mru); l += 2;
2792 }
2793
2794 if (authtype)
2795 l += add_lcp_auth(l, sizeof(b) - (l - b), authtype);
2796
2797 if (session[s].magic)
2798 {
2799 *l++ = 5; *l++ = 6; // Magic-Number (length 6)
2800 *(uint32_t *) l = htonl(session[s].magic);
2801 l += 4;
2802 }
2803
2804 if (sess_local[s].mp_mrru)
2805 {
2806 *l++ = 17; *l++ = 4; // Multilink Max-Receive-Reconstructed-Unit (length 4)
2807 *(uint16_t *) l = htons(sess_local[s].mp_mrru); l += 2;
2808 }
2809
2810 if (sess_local[s].mp_epdis)
2811 {
2812 *l++ = 19; *l++ = 7; // Multilink Endpoint Discriminator (length 7)
2813 *l++ = IPADDR; // Endpoint Discriminator class
2814 *(uint32_t *) l = htonl(sess_local[s].mp_epdis);
2815 l += 4;
2816 }
2817
2818 *(uint16_t *)(q + 2) = htons(l - q); // Length
2819
2820 LOG_HEX(5, "PPPLCP", q, l - q);
2821 if (config->debug > 3) dumplcp(q, l - q);
2822
2823 tunnelsend(b, (l - b), t);
2824 restart_timer(s, lcp);
2825 }
2826
2827 // Send CCP request for no compression
2828 void sendccp(sessionidt s, tunnelidt t)
2829 {
2830 uint8_t b[500], *q;
2831
2832 if (!(q = makeppp(b, sizeof(b), NULL, 0, s, t, PPPCCP, 0, 0, 0)))
2833 return;
2834
2835 LOG(3, s, t, "CCP: send ConfigReq (no compression)\n");
2836
2837 *q = ConfigReq;
2838 *(q + 1) = ++sess_local[s].lcp_ident; // ID
2839 *(uint16_t *)(q + 2) = htons(4); // Length
2840
2841 LOG_HEX(5, "PPPCCP", q, 4);
2842 tunnelsend(b, (q - b) + 4 , t);
2843 restart_timer(s, ccp);
2844 }
2845
2846 // Reject unknown/unconfigured protocols
2847 void protoreject(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l, uint16_t proto)
2848 {
2849
2850 uint8_t buf[MAXETHER];
2851 uint8_t *q;
2852 int mru = session[s].mru;
2853 if (mru < MINMTU) mru = MINMTU;
2854 if (mru > sizeof(buf)) mru = sizeof(buf);
2855
2856 l += 6;
2857 if (l > mru) l = mru;
2858
2859 q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPLCP, 0, 0, 0);
2860 if (!q) return;
2861
2862 *q = ProtocolRej;
2863 *(q + 1) = ++sess_local[s].lcp_ident;
2864 *(uint16_t *)(q + 2) = htons(l);
2865 *(uint16_t *)(q + 4) = htons(proto);
2866 memcpy(q + 6, p, l - 6);
2867
2868 if (proto == PPPIPV6CP)
2869 LOG(3, s, t, "LCP: send ProtocolRej (IPV6CP: not configured)\n");
2870 else
2871 LOG(2, s, t, "LCP: sent ProtocolRej (0x%04X: unsupported)\n", proto);
2872
2873 tunnelsend(buf, l + (q - buf), t);
2874 }