+ while (x > 2)
+ {
+ int type = o[0];
+ int length = o[1];
+
+ if (length == 0 || type == 0 || x < length) break;
+ switch (type)
+ {
+ case 1: // Maximum-Receive-Unit
+ {
+ uint16_t mru = ntohs(*(uint16_t *)(o + 2));
+ if (mru >= MINMTU)
+ {
+ session[s].mru = mru;
+ cluster_send_session(s);
+ break;
+ }
+
+ LOG(3, s, t, " Remote requesting MRU of %u. Rejecting.\n", mru);
+ mru = htons(MRU);
+ q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, (uint8_t *) &mru, sizeof(mru));
+ }
+ break;
+
+ case 2: // Async-Control-Character-Map
+ if (!ntohl(*(uint32_t *)(o + 2))) // all bits zero is OK
+ break;
+
+ LOG(3, s, t, " Remote requesting asyncmap. Rejecting.\n");
+ q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, asyncmap, sizeof(asyncmap));
+ break;
+
+ case 3: // Authentication-Protocol
+ {
+ int proto = ntohs(*(uint16_t *)(o + 2));
+ char proto_name[] = "0x0000";
+ int alen;
+
+ if (proto == PPPPAP)
+ {
+ if (config->radius_authtypes & AUTHPAP)
+ {
+ sess_local[s].lcp_authtype = AUTHPAP;
+ break;
+ }
+
+ strcpy(proto_name, "PAP");
+ }
+ else if (proto == PPPCHAP)
+ {
+ if (config->radius_authtypes & AUTHCHAP
+ && *(o + 4) == 5) // MD5
+ {
+ sess_local[s].lcp_authtype = AUTHCHAP;
+ break;
+ }
+
+ strcpy(proto_name, "CHAP");
+ }
+ else
+ sprintf(proto_name, "%#4.4x", proto);
+
+ LOG(3, s, t, " Remote requesting %s authentication. Rejecting.\n", proto_name);
+
+ alen = add_lcp_auth(authproto, sizeof(authproto), config->radius_authprefer);
+ if (alen < 2) break; // paranoia
+
+ q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2);
+ if (q && *response == ConfigNak &&
+ config->radius_authtypes != config->radius_authprefer)
+ {
+ // alternate type
+ alen = add_lcp_auth(authproto, sizeof(authproto), config->radius_authtypes & ~config->radius_authprefer);
+ if (alen < 2) break;
+ q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2);
+ }
+
+ break;
+ }
+ break;
+
+ case 4: // Quality-Protocol
+ case 5: // Magic-Number
+ case 7: // Protocol-Field-Compression
+ case 8: // Address-And-Control-Field-Compression
+ break;
+
+ default: // Reject any unknown options
+ LOG(3, s, t, " Rejecting unknown PPP LCP option %d\n", type);
+ q = ppp_conf_rej(s, b, sizeof(b), PPPLCP, &response, q, p, o);
+ }
+ x -= length;
+ o += length;
+ }
+
+ if (response)
+ {
+ l = q - response; // LCP packet length
+ *((uint16_t *) (response + 2)) = htons(l); // update header
+ }
+ else
+ {
+ // Send packet back as ConfigAck
+ response = makeppp(b, sizeof(b), p, l, s, t, PPPLCP);
+ if (!response) return;
+ *response = ConfigAck;
+ }
+
+ switch (session[s].ppp.lcp)
+ {
+ case Closed:
+ response = makeppp(b, sizeof(b), p, 2, s, t, PPPLCP);
+ if (!response) return;
+ *response = TerminateAck;
+ *((uint16_t *) (response + 2)) = htons(l = 4);
+ break;
+
+ case Stopped:
+ initialise_restart_count(s, lcp);
+ sendlcp(s, t);
+ if (*response == ConfigAck)
+ change_state(s, lcp, AckSent);
+ else
+ change_state(s, lcp, RequestSent);
+
+ break;
+
+ case RequestSent:
+ if (*response == ConfigAck)
+ change_state(s, lcp, AckSent);
+
+ break;
+
+ case AckReceived:
+ if (*response == ConfigAck)
+ lcp_open(s, t);
+
+ break;
+
+ case Opened:
+ lcp_restart(s);
+ sendlcp(s, t);
+ /* fallthrough */
+
+ case AckSent:
+ if (*response == ConfigAck)
+ change_state(s, lcp, AckSent);
+ else
+ change_state(s, lcp, RequestSent);
+
+ break;
+
+ default:
+ LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
+ return;
+ }
+
+ LOG(3, s, t, "LCP: send %s\n", ppp_code(*response));
+ if (config->debug > 3) dumplcp(response, l);
+
+ tunnelsend(b, l + (response - b), t);
+ }
+ else if (*p == ConfigNak || *p == ConfigRej)
+ {
+ int x = l - 4;
+ uint8_t *o = (p + 4);
+ int authtype = -1;
+
+ while (x > 2)
+ {
+ int type = o[0];
+ int length = o[1];
+
+ if (length == 0 || type == 0 || x < length) break;
+ switch (type)
+ {
+ case 1: // Maximum-Receive-Unit
+ if (*p == ConfigNak)
+ {
+ if (length < 4) break;
+ sess_local[s].ppp_mru = ntohs(*(uint16_t *)(o + 2));
+ LOG(3, s, t, " Remote requested MRU of %u\n", sess_local[s].ppp_mru);
+ }
+ else
+ {
+ sess_local[s].ppp_mru = 0;
+ LOG(3, s, t, " Remote rejected MRU negotiation\n");
+ }
+
+ break;
+
+ case 3: // Authentication-Protocol
+ if (authtype > 0)
+ break;
+
+ if (*p == ConfigNak)
+ {
+ int proto;
+
+ if (length < 4) break;
+ proto = ntohs(*(uint16_t *)(o + 2));
+
+ if (proto == PPPPAP)
+ {
+ authtype = config->radius_authtypes & AUTHPAP;
+ LOG(3, s, t, " Remote requested PAP authentication...%sing\n",
+ authtype ? "accept" : "reject");
+ }
+ else if (proto == PPPCHAP && length > 4 && *(o + 4) == 5)
+ {
+ authtype = config->radius_authtypes & AUTHCHAP;
+ LOG(3, s, t, " Remote requested CHAP authentication...%sing\n",
+ authtype ? "accept" : "reject");
+ }
+ else
+ {
+ LOG(3, s, t, " Rejecting unsupported authentication %#4x\n",
+ proto);
+ }
+ }
+ else
+ {
+ LOG(2, s, t, "LCP: remote rejected auth negotiation\n");
+ authtype = 0; // shutdown
+ }
+
+ break;
+
+ case 5: // Magic-Number
+ session[s].magic = 0;
+ if (*p == ConfigNak)
+ {
+ if (length < 6) break;
+ session[s].magic = ntohl(*(uint32_t *)(o + 2));
+ }
+
+ if (session[s].magic)
+ LOG(3, s, t, " Remote requested magic-no %x\n", session[s].magic);
+ else
+ LOG(3, s, t, " Remote rejected magic-no\n");
+
+ cluster_send_session(s);
+ break;
+
+ default:
+ LOG(2, s, t, "LCP: remote sent %s for type %u?\n", ppp_code(*p), type);
+ sessionshutdown(s, "Unable to negotiate LCP.", CDN_ADMIN_DISC, TERM_USER_ERROR);
+ return;
+ }
+ x -= length;
+ o += length;
+ }
+
+ if (!authtype)
+ {
+ sessionshutdown(s, "Unsupported authentication.", CDN_ADMIN_DISC, TERM_USER_ERROR);
+ return;
+ }
+
+ if (authtype > 0)
+ sess_local[s].lcp_authtype = authtype;
+
+ switch (session[s].ppp.lcp)
+ {
+ case Closed:
+ case Stopped:
+ {
+ uint8_t *response = makeppp(b, sizeof(b), p, 2, s, t, PPPLCP);
+ if (!response) return;
+ *response = TerminateAck;
+ *((uint16_t *) (response + 2)) = htons(l = 4);
+
+ LOG(3, s, t, "LCP: send %s\n", ppp_code(*response));
+ if (config->debug > 3) dumplcp(response, l);
+
+ tunnelsend(b, l + (response - b), t);
+ }
+ break;
+
+ case RequestSent:
+ case AckSent:
+ initialise_restart_count(s, lcp);
+ sendlcp(s, t);
+ break;
+
+ case AckReceived:
+ LOG(2, s, t, "LCP: ConfigNak in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.lcp));
+ sendlcp(s, t);
+ break;
+
+ case Opened:
+ lcp_restart(s);
+ sendlcp(s, t);
+ break;
+
+ default:
+ LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
+ return;
+ }
+ }
+ else if (*p == TerminateReq)
+ {
+ *p = TerminateAck; // close
+ q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP);
+ if (!q) return;
+
+ LOG(3, s, t, "LCP: send %s\n", ppp_code(*q));
+ if (config->debug > 3) dumplcp(q, l);
+
+ tunnelsend(b, l + (q - b), t); // send it
+ sessionshutdown(s, "Remote end closed connection.", CDN_ADMIN_DISC, TERM_USER_REQUEST);
+ }
+ else if (*p == TerminateAck)
+ {
+ sessionshutdown(s, "Connection closed.", CDN_ADMIN_DISC, TERM_NAS_REQUEST);
+ }
+ else if (*p == ProtocolRej)
+ {
+ uint16_t proto = 0;
+
+ if (l > 4)
+ {
+ proto = *(p+4);
+ if (l > 5 && !(proto & 1))
+ {
+ proto <<= 8;
+ proto |= *(p+5);
+ }
+ }
+
+ if (proto == PPPIPV6CP)
+ {
+ LOG(3, s, t, "IPv6 rejected\n");
+ change_state(s, ipv6cp, Closed);
+ }
+ else
+ {
+ LOG(3, s, t, "LCP protocol reject: 0x%04X\n", proto);
+ }
+ }
+ else if (*p == EchoReq)
+ {
+ *p = EchoReply; // reply
+ *(uint32_t *) (p + 4) = htonl(session[s].magic); // our magic number
+ q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP);
+ if (!q) return;
+
+ LOG(4, s, t, "LCP: send %s\n", ppp_code(*q));
+ if (config->debug > 3) dumplcp(q, l);
+
+ tunnelsend(b, l + (q - b), t); // send it
+ }
+ else if (*p == EchoReply)
+ {
+ // Ignore it, last_packet time is set earlier than this.
+ }
+ else if (*p != CodeRej)
+ {
+ ppp_code_rej(s, t, PPPLCP, "LCP", p, l, b, sizeof(b));
+ }
+}
+
+static void ipcp_open(sessionidt s, tunnelidt t)
+{
+ LOG(3, s, t, "IPCP: Opened, session is now active\n");
+
+ change_state(s, ipcp, Opened);
+
+ if (!(session[s].walled_garden || session[s].flags & SESSION_STARTED))
+ {
+ uint16_t r = radiusnew(s);
+ if (r)
+ {
+ radiussend(r, RADIUSSTART); // send radius start
+
+ // don't send further Start records if IPCP is restarted
+ session[s].flags |= SESSION_STARTED;
+ cluster_send_session(s);
+ }
+ }
+
+ // start IPv6 if configured and still in passive state
+ if (session[s].ppp.ipv6cp == Stopped)
+ {
+ sendipv6cp(s, t);
+ change_state(s, ipv6cp, RequestSent);
+ }
+}
+
+// Process IPCP messages
+void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
+{
+ uint8_t b[MAXETHER];
+ uint8_t *q = 0;
+ uint16_t hl;
+
+ CSTAT(processipcp);
+
+ LOG_HEX(5, "IPCP", p, l);
+ if (l < 4)
+ {
+ LOG(1, s, t, "Short IPCP %d bytes\n", l);
+ STAT(tunnel_rx_errors);
+ return ;
+ }
+
+ if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
+ {
+ LOG(1, s, t, "Length mismatch IPCP %u/%u\n", hl, l);
+ STAT(tunnel_rx_errors);
+ return ;
+ }
+ l = hl;
+
+ if (session[s].ppp.phase < Network)
+ {
+ LOG(2, s, t, "IPCP %s ignored in %s phase\n", ppp_code(*p), ppp_phase(session[s].ppp.phase));
+ return;
+ }
+
+ LOG(3, s, t, "IPCP: recv %s\n", ppp_code(*p));
+
+ if (*p == ConfigAck)
+ {
+ switch (session[s].ppp.ipcp)
+ {
+ case RequestSent:
+ initialise_restart_count(s, ipcp);
+ change_state(s, ipcp, AckReceived);
+ break;
+
+ case AckReceived:
+ case Opened:
+ LOG(2, s, t, "IPCP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.ipcp));
+ sendipcp(s, t);
+ change_state(s, ipcp, RequestSent);
+ break;
+
+ case AckSent:
+ ipcp_open(s, t);
+ break;
+
+ default:
+ LOG(2, s, t, "IPCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipcp));
+ }
+ }
+ else if (*p == ConfigReq)
+ {
+ uint8_t *response = 0;
+ uint8_t *o = p + 4;
+ int length = l - 4;
+ int gotip = 0;
+ in_addr_t addr;
+
+ while (length > 2)
+ {
+ if (!o[1] || o[1] > length) return;
+
+ switch (*o)
+ {
+ case 3: // ip address
+ gotip++; // seen address
+ if (o[1] != 6) return;
+
+ addr = htonl(session[s].ip);
+ if (memcmp(o + 2, &addr, (sizeof addr)))
+ {
+ uint8_t *oq = q;
+ q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
+ if (!q || (q != oq && *response == ConfigRej))
+ {
+ sessionshutdown(s, "Can't negotiate IPCP.", CDN_ADMIN_DISC, TERM_USER_ERROR);
+ return;
+ }
+ }
+
+ break;
+
+ case 129: // primary DNS
+ if (o[1] != 6) return;
+
+ addr = htonl(session[s].dns1);
+ if (memcmp(o + 2, &addr, (sizeof addr)))
+ {
+ q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
+ if (!q) return;
+ }
+
+ break;
+
+ case 131: // secondary DNS
+ if (o[1] != 6) return;
+
+ addr = htonl(session[s].dns2);
+ if (memcmp(o + 2, &addr, sizeof(addr)))
+ {
+ q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
+ if (!q) return;
+ }
+
+ break;
+
+ default:
+ LOG(2, s, t, " Rejecting PPP IPCP Option type %d\n", *o);
+ q = ppp_conf_rej(s, b, sizeof(b), PPPIPCP, &response, q, p, o);
+ if (!q) return;
+ }
+
+ length -= o[1];
+ o += o[1];
+ }
+
+ if (response)
+ {
+ l = q - response; // IPCP packet length
+ *((uint16_t *) (response + 2)) = htons(l); // update header
+ }
+ else if (gotip)
+ {
+ // Send packet back as ConfigAck
+ response = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP);
+ if (!response) return;
+ *response = ConfigAck;
+ }
+ else
+ {
+ LOG(1, s, t, "No IP in IPCP request\n");
+ STAT(tunnel_rx_errors);
+ return;
+ }
+
+ switch (session[s].ppp.ipcp)
+ {
+ case Closed:
+ response = makeppp(b, sizeof(b), p, 2, s, t, PPPIPCP);
+ if (!response) return;
+ *response = TerminateAck;
+ *((uint16_t *) (response + 2)) = htons(l = 4);
+ break;
+
+ case Stopped:
+ initialise_restart_count(s, ipcp);
+ sendipcp(s, t);
+ if (*response == ConfigAck)
+ change_state(s, ipcp, AckSent);
+ else
+ change_state(s, ipcp, RequestSent);
+
+ break;
+
+ case RequestSent:
+ if (*response == ConfigAck)
+ change_state(s, ipcp, AckSent);
+
+ break;
+
+ case AckReceived:
+ if (*response == ConfigAck)
+ ipcp_open(s, t);
+
+ break;
+
+ case Opened:
+ initialise_restart_count(s, ipcp);
+ sendipcp(s, t);
+ /* fallthrough */
+
+ case AckSent:
+ if (*response == ConfigAck)
+ change_state(s, ipcp, AckSent);
+ else
+ change_state(s, ipcp, RequestSent);
+
+ break;
+
+ default:
+ LOG(2, s, t, "IPCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipcp));
+ return;
+ }
+
+ LOG(3, s, t, "IPCP: send %s\n", ppp_code(*response));
+ tunnelsend(b, l + (response - b), t);
+ }
+ else if (*p == TerminateReq)
+ {
+ *p = TerminateAck;
+ q = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP);
+ if (!q) return;
+ LOG(3, s, t, "IPCP: send %s\n", ppp_code(*q));
+ tunnelsend(b, l + (q - b), t);
+ change_state(s, ipcp, Stopped);
+ }
+ else if (*p != CodeRej)
+ {
+ ppp_code_rej(s, t, PPPIPCP, "IPCP", p, l, b, sizeof(b));
+ }
+}
+
+static void ipv6cp_open(sessionidt s, tunnelidt t)
+{
+ LOG(3, s, t, "IPV6CP: Opened\n");
+
+ change_state(s, ipv6cp, Opened);
+ if (session[s].ipv6prefixlen)
+ route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 1);
+
+ // Send an initial RA (TODO: Should we send these regularly?)
+ send_ipv6_ra(s, t, NULL);
+}
+
+// Process IPV6CP messages
+void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
+{
+ uint8_t b[MAXETHER];
+ uint8_t *q = 0;
+ uint16_t hl;
+
+ CSTAT(processipv6cp);
+
+ LOG_HEX(5, "IPV6CP", p, l);
+ if (l < 4)
+ {
+ LOG(1, s, t, "Short IPV6CP %d bytes\n", l);
+ STAT(tunnel_rx_errors);
+ return ;
+ }
+
+ if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
+ {
+ LOG(1, s, t, "Length mismatch IPV6CP %u/%u\n", hl, l);
+ STAT(tunnel_rx_errors);
+ return ;
+ }
+ l = hl;
+
+ if (session[s].ppp.phase < Network)
+ {
+ LOG(2, s, t, "IPV6CP %s ignored in %s phase\n", ppp_code(*p), ppp_phase(session[s].ppp.phase));
+ return;
+ }
+
+ LOG(3, s, t, "IPV6CP: recv %s\n", ppp_code(*p));
+
+ if (!session[s].ip)
+ {
+ LOG(3, s, t, "IPV6CP: no IPv4 address (IPCP in state %s)\n", ppp_state(session[s].ppp.ipcp));
+ return; // need IPCP to complete...
+ }
+
+ if (*p == ConfigAck)
+ {
+ switch (session[s].ppp.ipv6cp)
+ {
+ case RequestSent:
+ initialise_restart_count(s, ipv6cp);
+ change_state(s, ipv6cp, AckReceived);
+ break;
+
+ case AckReceived:
+ case Opened:
+ LOG(2, s, t, "IPV6CP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.ipv6cp));
+ sendipv6cp(s, t);
+ change_state(s, ipv6cp, RequestSent);
+ break;
+
+ case AckSent:
+ ipv6cp_open(s, t);
+ break;
+
+ default:
+ LOG(2, s, t, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipv6cp));
+ }
+ }
+ else if (*p == ConfigReq)
+ {
+ uint8_t *response = 0;
+ uint8_t *o = p + 4;
+ int length = l - 4;
+ int gotip = 0;
+ uint8_t ident[8];
+
+ while (length > 2)
+ {
+ if (!o[1] || o[1] > length) return;
+
+ switch (*o)
+ {
+ case 1: // interface identifier
+ gotip++; // seen address
+ if (o[1] != 10) return;
+
+ *(uint32_t *) ident = htonl(session[s].ip);
+ *(uint32_t *) (ident + 4) = 0;
+
+ if (memcmp(o + 2, ident, sizeof(ident)))
+ {
+ q = ppp_conf_nak(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o, ident, sizeof(ident));
+ if (!q) return;
+ }
+
+ break;
+
+ default:
+ LOG(2, s, t, " Rejecting PPP IPV6CP Option type %d\n", *o);
+ q = ppp_conf_rej(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o);
+ if (!q) return;
+ }
+
+ length -= o[1];
+ o += o[1];
+ }
+
+ if (response)
+ {
+ l = q - response; // IPV6CP packet length
+ *((uint16_t *) (response + 2)) = htons(l); // update header
+ }
+ else if (gotip)
+ {
+ // Send packet back as ConfigAck
+ response = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP);
+ if (!response) return;
+ *response = ConfigAck;
+ }
+ else
+ {
+ LOG(1, s, t, "No interface identifier in IPV6CP request\n");
+ STAT(tunnel_rx_errors);
+ return;
+ }
+
+ switch (session[s].ppp.ipv6cp)
+ {
+ case Closed:
+ response = makeppp(b, sizeof(b), p, 2, s, t, PPPIPV6CP);
+ if (!response) return;
+ *response = TerminateAck;
+ *((uint16_t *) (response + 2)) = htons(l = 4);
+ break;
+
+ case Stopped:
+ initialise_restart_count(s, ipv6cp);
+ sendipv6cp(s, t);
+ if (*response == ConfigAck)
+ change_state(s, ipv6cp, AckSent);
+ else
+ change_state(s, ipv6cp, RequestSent);
+
+ break;
+
+ case RequestSent:
+ if (*response == ConfigAck)
+ change_state(s, ipv6cp, AckSent);
+
+ break;
+
+ case AckReceived:
+ if (*response == ConfigAck)
+ ipv6cp_open(s, t);
+
+ break;
+
+ case Opened:
+ initialise_restart_count(s, ipv6cp);
+ sendipv6cp(s, t);
+ /* fallthrough */
+
+ case AckSent:
+ if (*response == ConfigAck)
+ change_state(s, ipv6cp, AckSent);
+ else
+ change_state(s, ipv6cp, RequestSent);
+
+ break;
+
+ default:
+ LOG(2, s, t, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipv6cp));
+ return;
+ }
+
+ LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*response));
+ tunnelsend(b, l + (response - b), t);
+ }
+ else if (*p == TerminateReq)
+ {
+ *p = TerminateAck;
+ q = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP);
+ if (!q) return;
+ LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*q));
+ tunnelsend(b, l + (q - b), t);
+ change_state(s, ipv6cp, Stopped);
+ }
+ else if (*p != CodeRej)
+ {
+ ppp_code_rej(s, t, PPPIPV6CP, "IPV6CP", p, l, b, sizeof(b));
+ }
+}
+
+// process IP packet received
+//
+// This MUST be called with at least 4 byte behind 'p'.
+// (i.e. this routine writes to p[-4]).
+void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
+{
+ in_addr_t ip;
+
+ CSTAT(processipin);
+
+ LOG_HEX(5, "IP", p, l);
+
+ if (l < 20)
+ {
+ LOG(1, s, t, "IP packet too short %d\n", l);
+ STAT(tunnel_rx_errors);
+ return ;
+ }
+
+ ip = ntohl(*(uint32_t *)(p + 12));
+
+ if (l > MAXETHER)
+ {
+ LOG(1, s, t, "IP packet too long %d\n", l);
+ STAT(tunnel_rx_errors);
+ return ;
+ }
+
+ if (session[s].ppp.phase != Network || session[s].ppp.ipcp != Opened)
+ return;
+
+ // no spoof (do sessionbyip to handled statically routed subnets)
+ if (ip != session[s].ip && sessionbyip(htonl(ip)) != s)
+ {
+ LOG(5, s, t, "Dropping packet with spoofed IP %s\n", fmtaddr(htonl(ip), 0));
+ return;
+ }
+
+ // run access-list if any
+ if (session[s].filter_in && !ip_filter(p, l, session[s].filter_in - 1))
+ return;
+
+ // adjust MSS on SYN and SYN,ACK packets with options
+ if ((ntohs(*(uint16_t *) (p + 6)) & 0x1fff) == 0 && p[9] == IPPROTO_TCP) // first tcp fragment
+ {
+ int ihl = (p[0] & 0xf) * 4; // length of IP header
+ if (l >= ihl + 20 && (p[ihl + 13] & TCP_FLAG_SYN) && ((p[ihl + 12] >> 4) > 5))
+ adjust_tcp_mss(s, t, p, l, p + ihl);
+ }
+
+ // Add on the tun header
+ p -= 4;
+ *(uint32_t *) p = htonl(PKTIP);
+ l += 4;
+
+ // Are we throttled and a slave?
+ if (session[s].tbf_in && !config->cluster_iam_master) {
+ // Pass it to the master for handling.
+ master_throttle_packet(session[s].tbf_in, p, l);
+ return;
+ }
+
+ // Are we throttled and a master??
+ if (session[s].tbf_in && config->cluster_iam_master) {
+ // Actually handle the throttled packets.
+ tbf_queue_packet(session[s].tbf_in, p, l);
+ return;
+ }
+
+ // send to ethernet
+ if (tun_write(p, l) < 0)
+ {
+ STAT(tun_tx_errors);
+ LOG(0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
+ l, strerror(errno), tunfd, p);
+
+ return;
+ }
+
+ p += 4;
+ l -= 4;
+
+ if (session[s].snoop_ip && session[s].snoop_port)
+ {
+ // Snooping this session
+ snoop_send_packet(p, l, session[s].snoop_ip, session[s].snoop_port);
+ }
+
+ increment_counter(&session[s].cin, &session[s].cin_wrap, l);
+ session[s].cin_delta += l;
+ session[s].pin++;
+
+ sess_local[s].cin += l;
+ sess_local[s].pin++;
+
+ eth_tx += l;
+
+ STAT(tun_tx_packets);
+ INC_STAT(tun_tx_bytes, l);
+}
+
+// process IPv6 packet received
+//
+// This MUST be called with at least 4 byte behind 'p'.
+// (i.e. this routine writes to p[-4]).
+void processipv6in(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
+{
+ struct in6_addr ip;
+ in_addr_t ipv4;
+
+ CSTAT(processipv6in);
+
+ LOG_HEX(5, "IPv6", p, l);
+
+ ip = *(struct in6_addr *) (p + 8);
+ ipv4 = ntohl(*(uint32_t *)(p + 16));
+
+ if (l > MAXETHER)
+ {
+ LOG(1, s, t, "IP packet too long %d\n", l);
+ STAT(tunnel_rx_errors);
+ return ;
+ }
+
+ if (session[s].ppp.phase != Network || session[s].ppp.ipv6cp != Opened)
+ return;
+
+ // no spoof
+ if (ipv4 != session[s].ip && memcmp(&config->ipv6_prefix, &ip, 8) && sessionbyipv6(ip) != s)
+ {
+ char str[INET6_ADDRSTRLEN];
+ LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
+ inet_ntop(AF_INET6, &ip, str, INET6_ADDRSTRLEN));
+ return;
+ }
+
+ // Check if it's a Router Solicition message.
+ if (*(p + 6) == 58 && *(p + 7) == 255 && *(p + 24) == 0xFF && *(p + 25) == 2 &&
+ *(uint32_t *)(p + 26) == 0 && *(uint32_t *)(p + 30) == 0 &&
+ *(uint32_t *)(p + 34) == 0 &&
+ *(p + 38) == 0 && *(p + 39) == 2 && *(p + 40) == 133) {
+ LOG(3, s, t, "Got IPv6 RS\n");
+ send_ipv6_ra(s, t, &ip);
+ return;
+ }
+
+ // Add on the tun header
+ p -= 4;
+ *(uint32_t *) p = htonl(PKTIPV6);
+ l += 4;
+
+ // Are we throttled and a slave?
+ if (session[s].tbf_in && !config->cluster_iam_master) {
+ // Pass it to the master for handling.
+ master_throttle_packet(session[s].tbf_in, p, l);
+ return;
+ }
+
+ // Are we throttled and a master??
+ if (session[s].tbf_in && config->cluster_iam_master) {
+ // Actually handle the throttled packets.
+ tbf_queue_packet(session[s].tbf_in, p, l);
+ return;
+ }
+
+ // send to ethernet
+ if (tun_write(p, l) < 0)
+ {
+ STAT(tun_tx_errors);
+ LOG(0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
+ l, strerror(errno), tunfd, p);
+
+ return;
+ }
+
+ p += 4;
+ l -= 4;
+
+ if (session[s].snoop_ip && session[s].snoop_port)
+ {
+ // Snooping this session
+ snoop_send_packet(p, l, session[s].snoop_ip, session[s].snoop_port);
+ }
+
+ increment_counter(&session[s].cin, &session[s].cin_wrap, l);
+ session[s].cin_delta += l;
+ session[s].pin++;
+
+ sess_local[s].cin += l;
+ sess_local[s].pin++;
+
+ eth_tx += l;
+
+ STAT(tun_tx_packets);
+ INC_STAT(tun_tx_bytes, l);
+}
+
+//
+// Helper routine for the TBF filters.
+// Used to send queued data in from the user.
+//
+void send_ipin(sessionidt s, uint8_t *buf, int len)
+{
+ LOG_HEX(5, "IP in throttled", buf, len);
+
+ if (write(tunfd, buf, len) < 0)
+ {
+ STAT(tun_tx_errors);
+ LOG(0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
+ len, strerror(errno), tunfd, buf);
+
+ return;
+ }
+
+ buf += 4;
+ len -= 4;
+
+ if (session[s].snoop_ip && session[s].snoop_port)
+ {
+ // Snooping this session
+ snoop_send_packet(buf, len, session[s].snoop_ip, session[s].snoop_port);
+ }
+
+ // Increment packet counters
+ increment_counter(&session[s].cin, &session[s].cin_wrap, len);
+ session[s].cin_delta += len;
+ session[s].pin++;
+
+ sess_local[s].cin += len;
+ sess_local[s].pin++;
+
+ eth_tx += len;
+
+ STAT(tun_tx_packets);
+ INC_STAT(tun_tx_bytes, len - 4);
+}
+
+
+// Process CCP messages
+void processccp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
+{
+ uint8_t b[MAXETHER];
+ uint8_t *q;
+
+ CSTAT(processccp);
+
+ LOG_HEX(5, "CCP", p, l);
+
+ if (session[s].ppp.phase < Network)
+ {
+ LOG(2, s, t, "CCP %s ignored in %s phase\n", ppp_code(*p), ppp_phase(session[s].ppp.phase));
+ return;
+ }
+
+ if (l < 1)
+ {
+ LOG(1, s, t, "Short CCP packet\n");
+ STAT(tunnel_rx_errors);
+ }
+
+ LOG(3, s, t, "CCP: recv %s\n", ppp_code(*p));
+ if (*p == ConfigAck)
+ {
+ switch (session[s].ppp.ccp)
projects / l2tpns.git / blobdiff