Update version
[l2tpns.git] / ppp.c
diff --git a/ppp.c b/ppp.c
index a8a355d..87ec0e8 100644 (file)
--- a/ppp.c
+++ b/ppp.c
@@ -5,6 +5,8 @@
 #include <unistd.h>
 #include <errno.h>
 #include <stdlib.h>
+#include <netinet/ip6.h>
+#include "dhcp6.h"
 #include "l2tpns.h"
 #include "constants.h"
 #include "plugin.h"
@@ -12,9 +14,7 @@
 #include "tbf.h"
 #include "cluster.h"
 
-#ifdef LAC
 #include "l2tplac.h"
-#endif
 #include "pppoe.h"
 
 extern tunnelt *tunnel;
@@ -105,13 +105,11 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                LOG(3, s, t, "PAP login %s/%s\n", user, pass);
        }
 
-#ifdef LAC
        if ((!config->disable_lac_func) && lac_conf_forwardtoremotelns(s, user))
        {
                // Creating a tunnel/session has been started
                return;
        }
-#endif
 
        if (session[s].ip || !(r = radiusnew(s)))
        {
@@ -264,7 +262,6 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                packet.username = calloc(l + 1, 1);
                memcpy(packet.username, p, l);
 
-#ifdef LAC
                if ((!config->disable_lac_func) && lac_conf_forwardtoremotelns(s, packet.username))
                {
                        free(packet.username);
@@ -272,7 +269,6 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                        // Creating a tunnel/session has been started
                        return;
                }
-#endif
 
                run_plugins(PLUGIN_PRE_AUTH, &packet);
                if (!packet.continue_auth)
@@ -1107,6 +1103,9 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                if (config->debug > 3) dumplcp(q, l);
 
                tunnelsend(b, l + (q - b), t); // send it
+
+               if (session[s].ppp.phase == Network && session[s].ppp.ipv6cp == Opened)
+                       send_ipv6_ra(s, t, NULL); // send a RA
        }
        else if (*p == EchoReply)
        {
@@ -1483,11 +1482,21 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
 static void ipv6cp_open(sessionidt s, tunnelidt t)
 {
+       int i;
        LOG(3, s, t, "IPV6CP: Opened\n");
 
        change_state(s, ipv6cp, Opened);
-       if (session[s].ipv6prefixlen)
-               route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 1);
+       for (i = 0; i < MAXROUTE6 && session[s].route6[i].ipv6prefixlen; i++)
+       {
+               route6set(s, session[s].route6[i].ipv6route, session[s].route6[i].ipv6prefixlen, 1);
+       }
+
+       if (session[s].ipv6address.s6_addr[0])
+       {
+               // Check if included in prefix
+               if (sessionbyipv6(session[s].ipv6address) != s)
+                       route6set(s, session[s].ipv6address, 128, 1);
+       }
 
        // Send an initial RA (TODO: Should we send these regularly?)
        send_ipv6_ra(s, t, NULL);
@@ -1574,8 +1583,16 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                                gotip++; // seen address
                                if (o[1] != 10) return;
 
-                               ident[0] = htonl(session[s].ip);
-                               ident[1] = 0;
+                               if (session[s].ipv6address.s6_addr[0])
+                               {
+                                       // LSB 64bits of assigned IPv6 address to user (see radius attribut Framed-IPv6-Address)
+                                       memcpy(&ident[0], &session[s].ipv6address.s6_addr[8], 8);
+                               }
+                               else
+                               {
+                                       ident[0] = htonl(session[s].ip);
+                                       ident[1] = 0;
+                               }
 
                                if (memcmp(o + 2, ident, sizeof(ident)))
                                {
@@ -1741,7 +1758,7 @@ static void update_sessions_in_stat(sessionidt s, uint16_t l)
 // (i.e. this routine writes to p[-4]).
 void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 {
-       in_addr_t ip;
+       in_addr_t ip, ip_dst;
 
        CSTAT(processipin);
 
@@ -1755,6 +1772,7 @@ void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
        }
 
        ip = ntohl(*(uint32_t *)(p + 12));
+       ip_dst = *(uint32_t *)(p + 16);
 
        if (l > MAXETHER)
        {
@@ -1769,7 +1787,7 @@ void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
        if (!session[s].bundle || bundle[session[s].bundle].num_of_links < 2) // FIXME: 
        {
                // no spoof (do sessionbyip to handled statically routed subnets)
-               if (ip != session[s].ip && sessionbyip(htonl(ip)) != s)
+               if (!config->disable_no_spoof && ip != session[s].ip && sessionbyip(htonl(ip)) != s)
                {
                        LOG(4, s, t, "Dropping packet with spoofed IP %s\n", fmtaddr(htonl(ip), 0));
                        return;
@@ -1795,12 +1813,15 @@ void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
        if (session[s].tbf_in)
        {
-               // Are we throttling this session?
-               if (config->cluster_iam_master)
-                       tbf_queue_packet(session[s].tbf_in, p, l);
-               else
-                       master_throttle_packet(session[s].tbf_in, p, l);
-               return;
+               if (!config->no_throttle_local_IP || !sessionbyip(ip_dst))
+               {
+                       // Are we throttling this session?
+                       if (config->cluster_iam_master)
+                               tbf_queue_packet(session[s].tbf_in, p, l);
+                       else
+                               master_throttle_packet(session[s].tbf_in, p, l);
+                       return;
+               }
        }
 
        // send to ethernet
@@ -2244,7 +2265,18 @@ void processipv6in(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                return;
 
        // no spoof
-       if (ipv4 != session[s].ip && memcmp(&config->ipv6_prefix, &ip, 8) && sessionbyipv6(ip) != s)
+       if (session[s].ipv6address.s6_addr[0])
+       {
+               if ((sessionbyipv6new(ip) != s) &&
+                       (ip.s6_addr[0] != 0xFE || ip.s6_addr[1] != 0x80 || ip.s6_addr16[1] != 0 || ip.s6_addr16[2] != 0 || ip.s6_addr16[3] != 0))
+               {
+                       char str[INET6_ADDRSTRLEN];
+                       LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
+                                       inet_ntop(AF_INET6, &ip, str, INET6_ADDRSTRLEN));
+                       return;
+               }
+       }
+       else if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s)
        {
                char str[INET6_ADDRSTRLEN];
                LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
@@ -2262,6 +2294,16 @@ void processipv6in(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                return;
        }
 
+       // Check if DhcpV6, IP dst: FF02::1:2, Src Port 0x0222 (546), Dst Port 0x0223 (547)
+       if (*(p + 6) == 17 && *(p + 24) == 0xFF && *(p + 25) == 2 &&
+                       *(uint32_t *)(p + 26) == 0 && *(uint32_t *)(p + 30) == 0 &&
+                       *(uint16_t *)(p + 34) == 0 && *(p + 36) == 0 && *(p + 37) == 1 && *(p + 38) == 0 && *(p + 39) == 2 &&
+                       *(p + 40) == 2 && *(p + 41) == 0x22 && *(p + 42) == 2 && *(p + 43) == 0x23)
+       {
+               dhcpv6_process(s, t, p, l);
+               return;
+       }
+
        // Add on the tun header
        p -= 4;
        *(uint32_t *) p = htonl(PKTIPV6);
@@ -2513,9 +2555,9 @@ void sendchap(sessionidt s, tunnelidt t)
        q[1] = radius[r].id;                    // ID
        q[4] = 16;                              // value size (size of challenge)
        memcpy(q + 5, radius[r].auth, 16);      // challenge
-       strcpy((char *) q + 21, hostname);      // our name
-       *(uint16_t *) (q + 2) = htons(strlen(hostname) + 21); // length
-       tunnelsend(b, strlen(hostname) + 21 + (q - b), t); // send it
+       strcpy((char *) q + 21, config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname); // our name
+       *(uint16_t *) (q + 2) = htons(strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21); // length
+       tunnelsend(b, strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21 + (q - b), t); // send it
 }
 
 // fill in a L2TP message with a PPP frame,