+ if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
+ {
+ LOG(1, s, t, "Length mismatch IPCP %u/%u\n", hl, l);
+ STAT(tunnel_rx_errors);
+ return ;
+ }
+ l = hl;
+
+ if (session[s].ppp.phase < Network)
+ {
+ LOG(2, s, t, "IPCP %s ignored in %s phase\n", ppp_code(*p), ppp_phase(session[s].ppp.phase));
+ return;
+ }
+
+ LOG(3, s, t, "IPCP: recv %s\n", ppp_code(*p));
+
+ if (*p == ConfigAck)
+ {
+ switch (session[s].ppp.ipcp)
+ {
+ case RequestSent:
+ initialise_restart_count(s, ipcp);
+ change_state(s, ipcp, AckReceived);
+ break;
+
+ case AckReceived:
+ case Opened:
+ LOG(2, s, t, "IPCP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.ipcp));
+ sendipcp(s, t);
+ change_state(s, ipcp, RequestSent);
+ break;
+
+ case AckSent:
+ ipcp_open(s, t);
+ break;
+
+ default:
+ LOG(2, s, t, "IPCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipcp));
+ }
+ }
+ else if (*p == ConfigReq)
+ {
+ uint8_t *response = 0;
+ uint8_t *o = p + 4;
+ int length = l - 4;
+ int gotip = 0;
+ in_addr_t addr;
+
+ while (length > 2)
+ {
+ if (!o[1] || o[1] > length) return;
+
+ switch (*o)
+ {
+ case 3: // ip address
+ gotip++; // seen address
+ if (o[1] != 6) return;
+
+ addr = htonl(session[s].ip);
+ if (memcmp(o + 2, &addr, (sizeof addr)))
+ {
+ uint8_t *oq = q;
+ q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
+ if (!q || (q != oq && *response == ConfigRej))
+ {
+ sessionshutdown(s, "Can't negotiate IPCP.", CDN_ADMIN_DISC, TERM_USER_ERROR);
+ return;
+ }
+ }
+
+ break;
+
+ case 129: // primary DNS
+ if (o[1] != 6) return;
+
+ addr = htonl(session[s].dns1);
+ if (memcmp(o + 2, &addr, (sizeof addr)))
+ {
+ q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
+ if (!q) return;
+ }
+
+ break;
+
+ case 131: // secondary DNS
+ if (o[1] != 6) return;
+
+ addr = htonl(session[s].dns2);
+ if (memcmp(o + 2, &addr, sizeof(addr)))
+ {
+ q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
+ if (!q) return;
+ }
+
+ break;
+
+ default:
+ LOG(2, s, t, " Rejecting PPP IPCP Option type %d\n", *o);
+ q = ppp_conf_rej(s, b, sizeof(b), PPPIPCP, &response, q, p, o);
+ if (!q) return;
+ }
+
+ length -= o[1];
+ o += o[1];
+ }
+
+ if (response)
+ {
+ l = q - response; // IPCP packet length
+ *((uint16_t *) (response + 2)) = htons(l); // update header
+ }
+ else if (gotip)
+ {
+ // Send packet back as ConfigAck
+ response = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP, 0, 0, 0);
+ if (!response) return;
+ *response = ConfigAck;
+ }
+ else
+ {
+ LOG(1, s, t, "No IP in IPCP request\n");
+ STAT(tunnel_rx_errors);
+ return;
+ }
+
+ switch (session[s].ppp.ipcp)
+ {
+ case Closed:
+ response = makeppp(b, sizeof(b), p, 2, s, t, PPPIPCP, 0, 0, 0);
+ if (!response) return;
+ *response = TerminateAck;
+ *((uint16_t *) (response + 2)) = htons(l = 4);
+ break;
+
+ case Stopped:
+ initialise_restart_count(s, ipcp);
+ sendipcp(s, t);
+ if (*response == ConfigAck)
+ change_state(s, ipcp, AckSent);
+ else
+ change_state(s, ipcp, RequestSent);
+
+ break;
+
+ case RequestSent:
+ if (*response == ConfigAck)
+ change_state(s, ipcp, AckSent);
+
+ break;
+
+ case AckReceived:
+ if (*response == ConfigAck)
+ ipcp_open(s, t);
+
+ break;
+
+ case Opened:
+ initialise_restart_count(s, ipcp);
+ sendipcp(s, t);
+ /* fallthrough */
+
+ case AckSent:
+ if (*response == ConfigAck)
+ change_state(s, ipcp, AckSent);
+ else
+ change_state(s, ipcp, RequestSent);
+
+ break;
+
+ default:
+ LOG(2, s, t, "IPCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipcp));
+ return;
+ }
+
+ LOG(3, s, t, "IPCP: send %s\n", ppp_code(*response));
+ tunnelsend(b, l + (response - b), t);
+ }
+ else if (*p == TerminateReq)
+ {
+ switch (session[s].ppp.ipcp)
+ {
+ case Closed:
+ case Stopped:
+ case Closing:
+ case Stopping:
+ case RequestSent:
+ case AckReceived:
+ case AckSent:
+ break;
+
+ case Opened:
+ zero_restart_count(s, ipcp);
+ change_state(s, ipcp, Closing);
+ break;
+
+ default:
+ LOG(2, s, t, "IPCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipcp));
+ return;
+ }
+
+ *p = TerminateAck; // send ack
+ q = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP, 0, 0, 0);
+ if (!q) return;
+
+ LOG(3, s, t, "IPCP: send %s\n", ppp_code(*q));
+ tunnelsend(b, l + (q - b), t); // send it
+ }
+ else if (*p != CodeRej)
+ {
+ ppp_code_rej(s, t, PPPIPCP, "IPCP", p, l, b, sizeof(b));
+ }
+}
+
+static void ipv6cp_open(sessionidt s, tunnelidt t)
+{
+ LOG(3, s, t, "IPV6CP: Opened\n");
+
+ change_state(s, ipv6cp, Opened);
+ if (session[s].ipv6prefixlen)
+ route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 1);
+
+ // Send an initial RA (TODO: Should we send these regularly?)
+ send_ipv6_ra(s, t, NULL);
+}
+
+// Process IPV6CP messages
+void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
+{
+ uint8_t b[MAXETHER];
+ uint8_t *q = 0;
+ uint16_t hl;
+
+ CSTAT(processipv6cp);
+
+ LOG_HEX(5, "IPV6CP", p, l);
+ if (l < 4)
+ {
+ LOG(1, s, t, "Short IPV6CP %d bytes\n", l);
+ STAT(tunnel_rx_errors);
+ return ;
+ }
+
+ if ((hl = ntohs(*(uint16_t *) (p + 2))) > l)
+ {
+ LOG(1, s, t, "Length mismatch IPV6CP %u/%u\n", hl, l);
+ STAT(tunnel_rx_errors);
+ return ;
+ }
+ l = hl;
+
+ if (session[s].ppp.phase < Network)
+ {
+ LOG(2, s, t, "IPV6CP %s ignored in %s phase\n", ppp_code(*p), ppp_phase(session[s].ppp.phase));
+ return;
+ }
+
+ LOG(3, s, t, "IPV6CP: recv %s\n", ppp_code(*p));
+
+ if (!session[s].ip)
+ {
+ LOG(3, s, t, "IPV6CP: no IPv4 address (IPCP in state %s)\n", ppp_state(session[s].ppp.ipcp));
+ return; // need IPCP to complete...
+ }
+
+ if (*p == ConfigAck)
+ {
+ switch (session[s].ppp.ipv6cp)
+ {
+ case RequestSent:
+ initialise_restart_count(s, ipv6cp);
+ change_state(s, ipv6cp, AckReceived);
+ break;
+
+ case AckReceived:
+ case Opened:
+ LOG(2, s, t, "IPV6CP: ConfigAck in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.ipv6cp));
+ sendipv6cp(s, t);
+ change_state(s, ipv6cp, RequestSent);
+ break;
+
+ case AckSent:
+ ipv6cp_open(s, t);
+ break;
+
+ default:
+ LOG(2, s, t, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipv6cp));
+ }
+ }
+ else if (*p == ConfigReq)
+ {
+ uint8_t *response = 0;
+ uint8_t *o = p + 4;
+ int length = l - 4;
+ int gotip = 0;
+ uint8_t ident[8];
+
+ while (length > 2)
+ {
+ if (!o[1] || o[1] > length) return;
+
+ switch (*o)
+ {
+ case 1: // interface identifier
+ gotip++; // seen address
+ if (o[1] != 10) return;
+
+ *(uint32_t *) ident = htonl(session[s].ip);
+ *(uint32_t *) (ident + 4) = 0;
+
+ if (memcmp(o + 2, ident, sizeof(ident)))
+ {
+ q = ppp_conf_nak(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o, ident, sizeof(ident));
+ if (!q) return;
+ }
+
+ break;
+
+ default:
+ LOG(2, s, t, " Rejecting PPP IPV6CP Option type %d\n", *o);
+ q = ppp_conf_rej(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o);
+ if (!q) return;
+ }
+
+ length -= o[1];
+ o += o[1];
+ }
+
+ if (response)
+ {
+ l = q - response; // IPV6CP packet length
+ *((uint16_t *) (response + 2)) = htons(l); // update header
+ }
+ else if (gotip)
+ {
+ // Send packet back as ConfigAck
+ response = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP, 0, 0, 0);
+ if (!response) return;
+ *response = ConfigAck;
+ }
+ else
+ {
+ LOG(1, s, t, "No interface identifier in IPV6CP request\n");
+ STAT(tunnel_rx_errors);
+ return;
+ }
+
+ switch (session[s].ppp.ipv6cp)
+ {
+ case Closed:
+ response = makeppp(b, sizeof(b), p, 2, s, t, PPPIPV6CP, 0, 0, 0);
+ if (!response) return;
+ *response = TerminateAck;
+ *((uint16_t *) (response + 2)) = htons(l = 4);
+ break;
+
+ case Stopped:
+ initialise_restart_count(s, ipv6cp);
+ sendipv6cp(s, t);
+ if (*response == ConfigAck)
+ change_state(s, ipv6cp, AckSent);
+ else
+ change_state(s, ipv6cp, RequestSent);
+
+ break;
+
+ case RequestSent:
+ if (*response == ConfigAck)
+ change_state(s, ipv6cp, AckSent);
+
+ break;
+
+ case AckReceived:
+ if (*response == ConfigAck)
+ ipv6cp_open(s, t);
+
+ break;
+
+ case Opened:
+ initialise_restart_count(s, ipv6cp);
+ sendipv6cp(s, t);
+ /* fallthrough */
+
+ case AckSent:
+ if (*response == ConfigAck)
+ change_state(s, ipv6cp, AckSent);
+ else
+ change_state(s, ipv6cp, RequestSent);
+
+ break;
+
+ default:
+ LOG(2, s, t, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipv6cp));
+ return;
+ }
+
+ LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*response));
+ tunnelsend(b, l + (response - b), t);
+ }
+ else if (*p == TerminateReq)
+ {
+ switch (session[s].ppp.ipv6cp)
+ {
+ case Closed:
+ case Stopped:
+ case Closing:
+ case Stopping:
+ case RequestSent:
+ case AckReceived:
+ case AckSent:
+ break;
+
+ case Opened:
+ zero_restart_count(s, ipv6cp);
+ change_state(s, ipv6cp, Closing);
+ break;
+
+ default:
+ LOG(2, s, t, "IPV6CP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.ipv6cp));
+ return;
+ }
+
+ *p = TerminateAck; // send ack
+ q = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP, 0, 0, 0);
+ if (!q) return;
+
+ LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*q));
+ tunnelsend(b, l + (q - b), t); // send it
+ }
+ else if (*p != CodeRej)
+ {
+ ppp_code_rej(s, t, PPPIPV6CP, "IPV6CP", p, l, b, sizeof(b));
+ }
+}
+
+// process IP packet received
+//
+// This MUST be called with at least 4 byte behind 'p'.
+// (i.e. this routine writes to p[-4]).
+void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
+{
+ in_addr_t ip;
+
+ CSTAT(processipin);
+
+ LOG_HEX(5, "IP", p, l);
+
+ if (l < 20)
+ {
+ LOG(1, s, t, "IP packet too short %d\n", l);
+ STAT(tunnel_rx_errors);
+ return ;
+ }
+
+ ip = ntohl(*(uint32_t *)(p + 12));
+
+ if (l > MAXETHER)