projects
/
l2tpns.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
more DoS prevention: add packet_limit option to apply a hard limit to downstream...
[l2tpns.git]
/
ppp.c
diff --git
a/ppp.c
b/ppp.c
index
3a108bf
..
98d36aa
100644
(file)
--- a/
ppp.c
+++ b/
ppp.c
@@
-1,6
+1,6
@@
// L2TPNS PPP Stuff
// L2TPNS PPP Stuff
-char const *cvs_id_ppp = "$Id: ppp.c,v 1.
39 2004-12-16 08:49:53
bodea Exp $";
+char const *cvs_id_ppp = "$Id: ppp.c,v 1.
40 2005-01-05 13:50:30
bodea Exp $";
#include <stdio.h>
#include <string.h>
#include <stdio.h>
#include <string.h>
@@
-32,7
+32,7
@@
void processpap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l)
char pass[129];
uint16_t hl;
char pass[129];
uint16_t hl;
- CSTAT(
call_
processpap);
+ CSTAT(processpap);
LOG_HEX(5, "PAP", p, l);
if (l < 4)
LOG_HEX(5, "PAP", p, l);
if (l < 4)
@@
-132,7
+132,7
@@
void processchap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l)
uint16_t r;
uint16_t hl;
uint16_t r;
uint16_t hl;
- CSTAT(
call_
processchap);
+ CSTAT(processchap);
LOG_HEX(5, "CHAP", p, l);
r = session[s].radius;
LOG_HEX(5, "CHAP", p, l);
r = session[s].radius;
@@
-224,29
+224,13
@@
void processchap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l)
radiussend(r, RADIUSAUTH);
}
radiussend(r, RADIUSAUTH);
}
-static char *ppp_lcp_types[] = {
- NULL,
- "ConfigReq",
- "ConfigAck",
- "ConfigNak",
- "ConfigRej",
- "TerminateReq",
- "TerminateAck",
- "CodeRej",
- "ProtocolRej",
- "EchoReq",
- "EchoReply",
- "DiscardRequest",
- "IdentRequest",
-};
-
static void dumplcp(uint8_t *p, int l)
{
int x = l - 4;
uint8_t *o = (p + 4);
LOG_HEX(5, "PPP LCP Packet", p, l);
static void dumplcp(uint8_t *p, int l)
{
int x = l - 4;
uint8_t *o = (p + 4);
LOG_HEX(5, "PPP LCP Packet", p, l);
- LOG(4, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p, ppp_lcp_type
s[(int)*p]
, ntohs( ((uint16_t *) p)[1]) );
+ LOG(4, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p, ppp_lcp_type
((int)*p)
, ntohs( ((uint16_t *) p)[1]) );
LOG(4, 0, 0, "Length: %d\n", l);
if (*p != ConfigReq && *p != ConfigRej && *p != ConfigAck)
return;
LOG(4, 0, 0, "Length: %d\n", l);
if (*p != ConfigReq && *p != ConfigRej && *p != ConfigAck)
return;
@@
-271,48
+255,48
@@
static void dumplcp(uint8_t *p, int l)
{
case 1: // Maximum-Receive-Unit
if (length == 4)
{
case 1: // Maximum-Receive-Unit
if (length == 4)
- LOG(4, 0, 0, " %s %d\n", lcp_type
s[type]
, ntohs(*(uint16_t *)(o + 2)));
+ LOG(4, 0, 0, " %s %d\n", lcp_type
(type)
, ntohs(*(uint16_t *)(o + 2)));
else
else
- LOG(4, 0, 0, " %s odd length %d\n", lcp_type
s[type]
, length);
+ LOG(4, 0, 0, " %s odd length %d\n", lcp_type
(type)
, length);
break;
case 2: // Async-Control-Character-Map
if (length == 6)
{
uint32_t asyncmap = ntohl(*(uint32_t *)(o + 2));
break;
case 2: // Async-Control-Character-Map
if (length == 6)
{
uint32_t asyncmap = ntohl(*(uint32_t *)(o + 2));
- LOG(4, 0, 0, " %s %x\n", lcp_type
s[type]
, asyncmap);
+ LOG(4, 0, 0, " %s %x\n", lcp_type
(type)
, asyncmap);
}
else
}
else
- LOG(4, 0, 0, " %s odd length %d\n", lcp_type
s[type]
, length);
+ LOG(4, 0, 0, " %s odd length %d\n", lcp_type
(type)
, length);
break;
case 3: // Authentication-Protocol
if (length == 4)
{
int proto = ntohs(*(uint16_t *)(o + 2));
break;
case 3: // Authentication-Protocol
if (length == 4)
{
int proto = ntohs(*(uint16_t *)(o + 2));
- LOG(4, 0, 0, " %s 0x%x (%s)\n", lcp_type
s[type]
, proto,
+ LOG(4, 0, 0, " %s 0x%x (%s)\n", lcp_type
(type)
, proto,
proto == PPPCHAP ? "CHAP" :
proto == PPPPAP ? "PAP" : "UNKNOWN");
}
else
proto == PPPCHAP ? "CHAP" :
proto == PPPPAP ? "PAP" : "UNKNOWN");
}
else
- LOG(4, 0, 0, " %s odd length %d\n", lcp_type
s[type]
, length);
+ LOG(4, 0, 0, " %s odd length %d\n", lcp_type
(type)
, length);
break;
case 4: // Quality-Protocol
{
uint32_t qp = ntohl(*(uint32_t *)(o + 2));
break;
case 4: // Quality-Protocol
{
uint32_t qp = ntohl(*(uint32_t *)(o + 2));
- LOG(4, 0, 0, " %s %x\n", lcp_type
s[type]
, qp);
+ LOG(4, 0, 0, " %s %x\n", lcp_type
(type)
, qp);
}
break;
case 5: // Magic-Number
if (length == 6)
{
uint32_t magicno = ntohl(*(uint32_t *)(o + 2));
}
break;
case 5: // Magic-Number
if (length == 6)
{
uint32_t magicno = ntohl(*(uint32_t *)(o + 2));
- LOG(4, 0, 0, " %s %x\n", lcp_type
s[type]
, magicno);
+ LOG(4, 0, 0, " %s %x\n", lcp_type
(type)
, magicno);
}
else
}
else
- LOG(4, 0, 0, " %s odd length %d\n", lcp_type
s[type]
, length);
+ LOG(4, 0, 0, " %s odd length %d\n", lcp_type
(type)
, length);
break;
case 7: // Protocol-Field-Compression
case 8: // Address-And-Control-Field-Compression
break;
case 7: // Protocol-Field-Compression
case 8: // Address-And-Control-Field-Compression
- LOG(4, 0, 0, " %s\n", lcp_type
s[type]
);
+ LOG(4, 0, 0, " %s\n", lcp_type
(type)
);
break;
default:
LOG(2, 0, 0, " Unknown PPP LCP Option type %d\n", type);
break;
default:
LOG(2, 0, 0, " Unknown PPP LCP Option type %d\n", type);
@@
-331,7
+315,7
@@
void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l)
uint32_t magicno = 0;
uint16_t hl;
uint32_t magicno = 0;
uint16_t hl;
- CSTAT(
call_
processlcp);
+ CSTAT(processlcp);
LOG_HEX(5, "LCP", p, l);
if (l < 4)
LOG_HEX(5, "LCP", p, l);
if (l < 4)
@@
-483,7
+467,7
@@
void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l)
*q = ConfigAck;
}
*q = ConfigAck;
}
- LOG(3, s, t, "Sending %s\n", ppp_lcp_type
s[*response]
);
+ LOG(3, s, t, "Sending %s\n", ppp_lcp_type
(*response)
);
tunnelsend(b, l + (q - b), t);
if (!(session[s].flags & SF_LCP_ACKED))
tunnelsend(b, l + (q - b), t);
if (!(session[s].flags & SF_LCP_ACKED))
@@
-567,7
+551,7
@@
void processipcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l)
{
uint16_t hl;
{
uint16_t hl;
- CSTAT(
call_
processipcp);
+ CSTAT(processipcp);
LOG_HEX(5, "IPCP", p, l);
if (l < 5)
LOG_HEX(5, "IPCP", p, l);
if (l < 5)
@@
-709,7
+693,7
@@
void processipin(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l)
{
in_addr_t ip;
{
in_addr_t ip;
- CSTAT(
call_
processipin);
+ CSTAT(processipin);
LOG_HEX(5, "IP", p, l);
LOG_HEX(5, "IP", p, l);
@@
-817,7
+801,7
@@
void processccp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l)
uint8_t b[MAXCONTROL];
uint8_t *q;
uint8_t b[MAXCONTROL];
uint8_t *q;
- CSTAT(
call_
processccp);
+ CSTAT(processccp);
LOG_HEX(5, "CCP", p, l);
switch (l > 1 ? *p : 0)
LOG_HEX(5, "CCP", p, l);
switch (l > 1 ? *p : 0)
@@
-869,25
+853,24
@@
void sendchap(tunnelidt t, sessionidt s)
uint16_t r = session[s].radius;
uint8_t *q;
uint16_t r = session[s].radius;
uint8_t *q;
- CSTAT(
call_
sendchap);
+ CSTAT(sendchap);
if (!r)
{
LOG(1, s, t, "No RADIUS to send challenge\n");
STAT(tunnel_tx_errors);
if (!r)
{
LOG(1, s, t, "No RADIUS to send challenge\n");
STAT(tunnel_tx_errors);
- return
;
+ return;
}
}
+
LOG(1, s, t, "Send CHAP challenge\n");
LOG(1, s, t, "Send CHAP challenge\n");
- {
- // new challenge
- int n;
- for (n = 0; n < 15; n++)
- radius[r].auth[n] = rand();
- }
+
+ // new challenge
+ random_data(radius[r].auth, sizeof(radius[r].auth));
radius[r].chap = 1; // CHAP not PAP
radius[r].id++;
if (radius[r].state != RADIUSCHAP)
radius[r].try = 0;
radius[r].chap = 1; // CHAP not PAP
radius[r].id++;
if (radius[r].state != RADIUSCHAP)
radius[r].try = 0;
+
radius[r].state = RADIUSCHAP;
radius[r].retry = backoff(radius[r].try++);
if (radius[r].try > 5)
radius[r].state = RADIUSCHAP;
radius[r].retry = backoff(radius[r].try++);
if (radius[r].try > 5)