X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/4944040cdb14713ea8ae3522299137393e5dc2c9..b089008c0575e64aaf6fc15baaca0c02951f0a82:/ppp.c diff --git a/ppp.c b/ppp.c index 0f87c97..3fae559 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.86 2005/11/17 05:24:17 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.98 2006/04/13 11:14:35 bodea Exp $"; #include #include @@ -40,7 +40,7 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Short PAP %u bytes\n", l); STAT(tunnel_rx_errors); - sessionshutdown(s, "Short PAP packet.", 3, 0); + sessionshutdown(s, "Short PAP packet.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -48,7 +48,7 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Length mismatch PAP %u/%u\n", hl, l); STAT(tunnel_rx_errors); - sessionshutdown(s, "PAP length mismatch.", 3, 0); + sessionshutdown(s, "PAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } l = hl; @@ -57,7 +57,7 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Unexpected PAP code %d\n", *p); STAT(tunnel_rx_errors); - sessionshutdown(s, "Unexpected PAP code.", 3, 0); + sessionshutdown(s, "Unexpected PAP code.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -110,7 +110,7 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) else { LOG(1, s, t, "No RADIUS session available to authenticate session...\n"); - sessionshutdown(s, "No free RADIUS sessions.", 4, 0); + sessionshutdown(s, "No free RADIUS sessions.", CDN_UNAVAILABLE, TERM_SERVICE_UNAVAILABLE); } } else @@ -152,7 +152,7 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Short CHAP %u bytes\n", l); STAT(tunnel_rx_errors); - sessionshutdown(s, "Short CHAP packet.", 3, 0); + sessionshutdown(s, "Short CHAP packet.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -160,7 +160,7 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Length mismatch CHAP %u/%u\n", hl, l); STAT(tunnel_rx_errors); - sessionshutdown(s, "CHAP length mismatch.", 3, 0); + sessionshutdown(s, "CHAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } l = hl; @@ -169,7 +169,7 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Unexpected CHAP response code %d\n", *p); STAT(tunnel_rx_errors); - sessionshutdown(s, "CHAP length mismatch.", 3, 0); + sessionshutdown(s, "CHAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -190,7 +190,7 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Wrong CHAP response ID %d (should be %d) (%d)\n", p[1], radius[r].id, r); STAT(tunnel_rx_errors); - sessionshutdown(s, "Unexpected CHAP response ID.", 3, 0); + sessionshutdown(s, "Unexpected CHAP response ID.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -198,7 +198,7 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Bad CHAP response length %d\n", l < 5 ? -1 : p[4]); STAT(tunnel_rx_errors); - sessionshutdown(s, "Bad CHAP response length.", 3, 0); + sessionshutdown(s, "Bad CHAP response length.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -208,7 +208,7 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "CHAP user too long %d\n", l - 16); STAT(tunnel_rx_errors); - sessionshutdown(s, "CHAP username too long.", 3, 0); + sessionshutdown(s, "CHAP username too long.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -449,6 +449,7 @@ static void ppp_code_rej(sessionidt s, tunnelidt t, uint16_t proto, { uint8_t *q; int mru = session[s].mru; + if (mru < MINMTU) mru = MINMTU; if (mru > size) mru = size; l += 4; @@ -474,7 +475,6 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { uint8_t b[MAXETHER]; uint8_t *q = NULL; - uint32_t magicno = 0; uint16_t hl; CSTAT(processlcp); @@ -498,7 +498,9 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) if (session[s].die) // going down... return; - LOG(*p == EchoReq ? 4 : 3, s, t, "LCP: recv %s\n", ppp_code(*p)); + LOG((*p == EchoReq || *p == EchoReply) ? 4 : 3, s, t, + "LCP: recv %s\n", ppp_code(*p)); + if (config->debug > 3) dumplcp(p, l); if (*p == ConfigAck) @@ -577,9 +579,10 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) case 1: // Maximum-Receive-Unit { uint16_t mru = ntohs(*(uint16_t *)(o + 2)); - if (mru >= 576) + if (mru >= MINMTU) { session[s].mru = mru; + cluster_send_session(s); break; } @@ -646,11 +649,8 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) } break; - case 5: // Magic-Number - magicno = ntohl(*(uint32_t *)(o + 2)); - break; - case 4: // Quality-Protocol + case 5: // Magic-Number case 7: // Protocol-Field-Compression case 8: // Address-And-Control-Field-Compression break; @@ -747,6 +747,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) case 1: // Maximum-Receive-Unit if (*p == ConfigNak) { + if (length < 4) break; sess_local[s].ppp_mru = ntohs(*(uint16_t *)(o + 2)); LOG(3, s, t, " Remote requested MRU of %u\n", sess_local[s].ppp_mru); } @@ -764,14 +765,18 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) if (*p == ConfigNak) { - int proto = ntohs(*(uint16_t *)(o + 2)); + int proto; + + if (length < 4) break; + proto = ntohs(*(uint16_t *)(o + 2)); + if (proto == PPPPAP) { authtype = config->radius_authtypes & AUTHPAP; LOG(3, s, t, " Remote requested PAP authentication...%sing\n", authtype ? "accept" : "reject"); } - else if (proto == PPPCHAP && *(o + 4) == 5) + else if (proto == PPPCHAP && length > 4 && *(o + 4) == 5) { authtype = config->radius_authtypes & AUTHCHAP; LOG(3, s, t, " Remote requested CHAP authentication...%sing\n", @@ -791,9 +796,26 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) break; + case 5: // Magic-Number + session[s].magic = 0; + if (*p == ConfigNak) + { + if (length < 6) break; + session[s].magic = ntohl(*(uint32_t *)(o + 2)); + } + + if (session[s].magic) + LOG(3, s, t, " Remote requested magic-no %x\n", session[s].magic); + else + LOG(3, s, t, " Remote rejected magic-no\n"); + + cluster_send_session(s); + break; + default: LOG(2, s, t, "LCP: remote sent %s for type %u?\n", ppp_code(*p), type); - break; + sessionshutdown(s, "Unable to negotiate LCP.", CDN_ADMIN_DISC, TERM_USER_ERROR); + return; } x -= length; o += length; @@ -801,7 +823,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) if (!authtype) { - sessionshutdown(s, "Unsupported authentication.", 3, 0); + sessionshutdown(s, "Unsupported authentication.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -856,11 +878,11 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) if (config->debug > 3) dumplcp(q, l); tunnelsend(b, l + (q - b), t); // send it - sessionshutdown(s, "Remote end closed connection.", 3, 0); + sessionshutdown(s, "Remote end closed connection.", CDN_ADMIN_DISC, TERM_USER_REQUEST); } else if (*p == TerminateAck) { - sessionshutdown(s, "Connection closed.", 3, 0); + sessionshutdown(s, "Connection closed.", CDN_ADMIN_DISC, TERM_NAS_REQUEST); } else if (*p == ProtocolRej) { @@ -945,7 +967,7 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) CSTAT(processipcp); LOG_HEX(5, "IPCP", p, l); - if (l < 5) + if (l < 4) { LOG(1, s, t, "Short IPCP %d bytes\n", l); STAT(tunnel_rx_errors); @@ -1002,11 +1024,13 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) while (length > 2) { + if (!o[1] || o[1] > length) return; + switch (*o) { case 3: // ip address gotip++; // seen address - if (o[1] != 6 || o[1] > length) return; + if (o[1] != 6) return; addr = htonl(session[s].ip); if (memcmp(o + 2, &addr, (sizeof addr))) @@ -1015,7 +1039,7 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); if (!q || (q != oq && *response == ConfigRej)) { - sessionshutdown(s, "Can't negotiate IPCP.", 3, 0); + sessionshutdown(s, "Can't negotiate IPCP.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } } @@ -1023,7 +1047,7 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) break; case 129: // primary DNS - if (o[1] != 6 || o[1] > length) return; + if (o[1] != 6) return; addr = htonl(session[s].dns1); if (memcmp(o + 2, &addr, (sizeof addr))) @@ -1035,9 +1059,9 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) break; case 131: // secondary DNS - if (o[1] != 6 || o[1] > length) return; + if (o[1] != 6) return; - addr = htonl(session[s].dns1); + addr = htonl(session[s].dns2); if (memcmp(o + 2, &addr, sizeof(addr))) { q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); @@ -1227,11 +1251,13 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) while (length > 2) { + if (!o[1] || o[1] > length) return; + switch (*o) { case 1: // interface identifier gotip++; // seen address - if (o[1] != 10 || o[1] > length) return; + if (o[1] != 10) return; *(uint32_t *) ident = htonl(session[s].ip); *(uint32_t *) (ident + 4) = 0; @@ -1731,7 +1757,7 @@ void sendchap(sessionidt s, tunnelidt t) radius[r].retry = backoff(radius[r].try++); if (radius[r].try > 5) { - sessionshutdown(s, "CHAP timeout.", 3, 0); + sessionshutdown(s, "CHAP timeout.", CDN_ADMIN_DISC, TERM_REAUTHENTICATION_FAILURE); STAT(tunnel_tx_errors); return ; } @@ -1748,15 +1774,12 @@ void sendchap(sessionidt s, tunnelidt t) } // fill in a L2TP message with a PPP frame, -// copies existing PPP message and changes magic number if seen // returns start of PPP frame uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, sessionidt s, tunnelidt t, uint16_t mtype) { if (size < 12) // Need more space than this!! { - static int backtrace_count = 0; LOG(0, s, t, "makeppp buffer too small for L2TP header (size=%d)\n", size); - log_backtrace(backtrace_count, 5) return NULL; } @@ -1779,9 +1802,7 @@ uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, sessionidt s, tunnelid if (l + 12 > size) { - static int backtrace_count = 0; LOG(2, s, t, "makeppp would overflow buffer (size=%d, header+payload=%d)\n", size, l + 12); - log_backtrace(backtrace_count, 5) return NULL; } @@ -1817,7 +1838,7 @@ static int add_lcp_auth(uint8_t *b, int size, int authtype) return len; } -// Send initial LCP ConfigReq for MRU, authentication type and magic no +// Send LCP ConfigReq for MRU, authentication type and magic no void sendlcp(sessionidt s, tunnelidt t) { uint8_t b[500], *q, *l; @@ -1846,9 +1867,12 @@ void sendlcp(sessionidt s, tunnelidt t) if (authtype) l += add_lcp_auth(l, sizeof(b) - (l - b), authtype); - *l++ = 5; *l++ = 6; // Magic-Number (length 6) - *(uint32_t *) l = htonl(session[s].magic); - l += 4; + if (session[s].magic) + { + *l++ = 5; *l++ = 6; // Magic-Number (length 6) + *(uint32_t *) l = htonl(session[s].magic); + l += 4; + } *(uint16_t *)(q + 2) = htons(l - q); // Length @@ -1877,3 +1901,33 @@ void sendccp(sessionidt s, tunnelidt t) tunnelsend(b, (q - b) + 4 , t); restart_timer(s, ccp); } + +// Reject unknown/unconfigured protocols +void protoreject(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l, uint16_t proto) +{ + + uint8_t buf[MAXETHER]; + uint8_t *q; + int mru = session[s].mru; + if (mru < MINMTU) mru = MINMTU; + if (mru > sizeof(buf)) mru = sizeof(buf); + + l += 6; + if (l > mru) l = mru; + + q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPLCP); + if (!q) return; + + *q = ProtocolRej; + *(q + 1) = ++sess_local[s].lcp_ident; + *(uint16_t *)(q + 2) = htons(l); + *(uint16_t *)(q + 4) = htons(proto); + memcpy(q + 6, p, l - 6); + + if (proto == PPPIPV6CP) + LOG(3, s, t, "LCP: send ProtocolRej (IPV6CP: not configured)\n"); + else + LOG(2, s, t, "LCP: sent ProtocolRej (0x%04X: unsupported)\n", proto); + + tunnelsend(buf, l + (q - buf), t); +}