// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
// vim: sw=8 ts=8
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.60 2004/11/29 02:17:17 bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.62 2004/12/05 23:45:04 bodea Exp $";
#include <arpa/inet.h>
#include <assert.h>
case 39: // seq required - we control it as an LNS anyway...
break;
case 36: // Random Vector
- LOG(4, s, t, " Random Vector received. Enabled AVP Hiding.\n");
+ LOG(4, s, t, " Random Vector received. Enabled AVP Hiding.\n");
memset(session[s].random_vector, 0, sizeof(session[s].random_vector));
memcpy(session[s].random_vector, b, n);
session[s].random_vector_length = n;
return;
}
- if (session[s].die)
- {
- LOG(3, s, t, "Session %d is closing. Don't process PPP packets\n", s);
-// I'm pretty sure this isn't right -- mo.
-// return; // closing session, PPP not processed
- }
if (prot == PPPPAP)
{
session[s].last_packet = time_now;
}
else if (prot == PPPIP)
{
+ if (session[s].die)
+ {
+ LOG(4, s, t, "Session %d is closing. Don't process PPP packets\n", s);
+ return; // closing session, PPP not processed
+ }
+
session[s].last_packet = time_now;
if (session[s].walled_garden && !config->cluster_iam_master)
{
master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
return;
}
+
processipin(t, s, p, l);
}
else
// We stop waiting for radius after BUSY_WAIT_TIME 1/10th seconds
if (abs(TIME - start_busy_wait) > BUSY_WAIT_TIME)
{
- LOG(1, 0, 0, "Giving up waiting for RADIUS to be empty. Shutting down anyway.\n");
+ LOG(1, 0, 0, "Giving up waiting for RADIUS to be empty. Shutting down anyway.\n");
return 0;
}
clockt next_cluster_ping = 0; // send initial ping immediately
time_t next_clean = time_now + config->cleanup_interval;
- LOG(4, 0, 0, "Beginning of main loop. udpfd=%d, tunfd=%d, cluster_sockfd=%d, controlfd=%d\n",
+ LOG(4, 0, 0, "Beginning of main loop. udpfd=%d, tunfd=%d, cluster_sockfd=%d, controlfd=%d\n",
udpfd, tunfd, cluster_sockfd, controlfd);
FD_ZERO(&readset);
{
if ((ret = sched_setscheduler(0, SCHED_FIFO, ¶ms)) == 0)
{
- LOG(1, 0, 0, "Using FIFO scheduler. Say goodbye to any other processes running\n");
+ LOG(1, 0, 0, "Using FIFO scheduler. Say goodbye to any other processes running\n");
}
else
{
assign_ip_address(s);
if (!session[s].ip)
{
- LOG(0, s, t, " No IP allocated. The IP address pool is FULL!\n");
+ LOG(0, s, t, " No IP allocated. The IP address pool is FULL!\n");
sessionshutdown(s, "No IP addresses available");
return 0;
}
- LOG(3, s, t, " No IP allocated. Assigned %s from pool\n",
+ LOG(3, s, t, " No IP allocated. Assigned %s from pool\n",
fmtaddr(htonl(session[s].ip), 0));
}
if (len < 20) // up to end of destination address
return 0;
- if (*buf >> 4) // IPv4
+ if ((*buf >> 4) != 4) // IPv4
return 0;
-
- frag_offset = ntohs(*(u16 *) (buf + 0)) & 0x1fff;
+ frag_offset = ntohs(*(u16 *) (buf + 6)) & 0x1fff;
proto = buf[9];
src_ip = *(u32 *) (buf + 12);
dst_ip = *(u32 *) (buf + 16);
if (frag_offset == 0 && (proto == IPPROTO_TCP || proto == IPPROTO_UDP))
{
- int l = buf[0] & 0xf;
+ int l = (buf[0] & 0xf) * 4; // length of IP header
if (len < l + 4) // ports
return 0;
dst_port = ntohs(*(u16 *) (buf + l + 2));
if (proto == IPPROTO_TCP)
{
- if (len < l + 15) // flags
+ if (len < l + 14) // flags
return 0;
- flags = buf[l + 14] & 0x3f;
+ flags = buf[l + 13] & 0x3f;
}
}
for (rule = ip_filters[filter].rules; rule->action; rule++)
{
- if (proto && proto != rule->proto)
+ if (rule->proto != IPPROTO_IP && proto != rule->proto)
continue;
if (rule->src_wild != INADDR_BROADCAST &&