X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/59c8969854a8dee33006af0eca98fa5135492801..75ba8921cf932ef11ccac40e5f7bf9627f9697e0:/ppp.c?ds=inline diff --git a/ppp.c b/ppp.c index adeca58..a03c101 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.67 2005/08/10 08:59:23 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.79 2005/08/31 12:41:09 bodea Exp $"; #include #include @@ -26,7 +26,7 @@ extern configt *config; static int add_lcp_auth(uint8_t *b, int size, int authtype); // Process PAP messages -void processpap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) +void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { char user[MAXUSER]; char pass[MAXPASS]; @@ -85,13 +85,12 @@ void processpap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) LOG(3, s, t, "PAP login %s/%s\n", user, pass); } - r = radiusnew(s); - if (session[s].ip || !r) + if (session[s].ip || !(r = radiusnew(s))) { // respond now, either no RADIUS available or already authenticated - uint8_t b[MAXCONTROL]; + uint8_t b[MAXETHER]; uint8_t id = p[1]; - uint8_t *p = makeppp(b, sizeof(b), 0, 0, t, s, PPPPAP); + uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPPAP); if (!p) return; if (session[s].ip) @@ -140,7 +139,7 @@ void processpap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) } // Process CHAP messages -void processchap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) +void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { uint16_t r; uint16_t hl; @@ -148,13 +147,6 @@ void processchap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) CSTAT(processchap); LOG_HEX(5, "CHAP", p, l); - r = sess_local[s].radius; - if (!r) - { - LOG(1, s, t, "Unexpected CHAP message\n"); - STAT(tunnel_rx_errors); - return; - } if (l < 4) { @@ -181,6 +173,13 @@ void processchap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) return; } + r = sess_local[s].radius; + if (!r) + { + LOG(3, s, t, "Unexpected CHAP message\n"); + return; + } + if (session[s].ppp.phase != Authenticate) { LOG(2, s, t, "CHAP ignored in %s phase\n", ppp_phase(session[s].ppp.phase)); @@ -336,23 +335,25 @@ static void dumplcp(uint8_t *p, int l) } } -void lcp_open(tunnelidt t, sessionidt s) +void lcp_open(sessionidt s, tunnelidt t) { // transition to Authentication or Network phase: session[s].ppp.phase = sess_local[s].lcp_authtype ? Authenticate : Network; + LOG(3, s, t, "LCP: Opened, phase %s\n", ppp_phase(session[s].ppp.phase)); + // LCP now Opened change_state(s, lcp, Opened); if (session[s].ppp.phase == Authenticate) { if (sess_local[s].lcp_authtype == AUTHCHAP) - sendchap(t, s); + sendchap(s, t); } else { // This-Layer-Up - sendipcp(t, s); + sendipcp(s, t); change_state(s, ipcp, RequestSent); // move to passive state for IPv6 (if configured), CCP if (config->ipv6_prefix.s6_addr[0]) @@ -378,7 +379,7 @@ static uint8_t *ppp_rej(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, { if (!*response || **response != ConfigRej) { - queued = *response = makeppp(buf, blen, packet, 2, session[s].tunnel, s, mtype); + queued = *response = makeppp(buf, blen, packet, 2, s, session[s].tunnel, mtype); if (!queued) return 0; @@ -422,11 +423,11 @@ static uint8_t *ppp_nak(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, if (*nak_sent >= config->ppp_max_failure) return ppp_rej(s, buf, blen, mtype, response, 0, packet, option); - queued = *response = makeppp(buf, blen, packet, 2, session[s].tunnel, s, mtype); + queued = *response = makeppp(buf, blen, packet, 2, s, session[s].tunnel, mtype); if (!queued) return 0; - *nak_sent++; + (*nak_sent)++; *queued = ConfigNak; queued += 4; } @@ -444,9 +445,9 @@ static uint8_t *ppp_nak(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, } // Process LCP messages -void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) +void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { - uint8_t b[MAXCONTROL]; + uint8_t b[MAXETHER]; uint8_t *q = NULL; uint32_t magicno = 0; uint16_t hl; @@ -472,15 +473,15 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) if (session[s].die) // going down... return; + LOG(*p == EchoReq ? 4 : 3, s, t, "LCP: recv %s\n", ppp_code(*p)); + if (config->debug > 3) dumplcp(p, l); + if (*p == ConfigAck) { int x = l - 4; uint8_t *o = (p + 4); int authtype = 0; - LOG(3, s, t, "LCP: ConfigAck (%d bytes)...\n", l); - if (config->debug > 3) dumplcp(p, l); - while (x > 2) { int type = o[0]; @@ -520,12 +521,12 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) if (session[s].ppp.lcp == Opened) lcp_restart(s); - sendlcp(s, t, sess_local[s].lcp_authtype); + sendlcp(s, t); change_state(s, lcp, RequestSent); break; case AckSent: - lcp_open(t, s); + lcp_open(s, t); break; default: @@ -540,9 +541,6 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) static uint8_t asyncmap[4] = { 0, 0, 0, 0 }; // all zero static uint8_t authproto[5]; - LOG(3, s, t, "LCP: ConfigReq (%d bytes)...\n", l); - if (config->debug > 3) dumplcp(p, l); - while (x > 2) { int type = o[0]; @@ -559,7 +557,7 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) if (!ntohl(*(uint32_t *)(o + 2))) // all bits zero is OK break; - LOG(2, s, t, " Remote requesting asyncmap. Rejecting.\n"); + LOG(3, s, t, " Remote requesting asyncmap. Rejecting.\n"); q = ppp_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, asyncmap, sizeof(asyncmap)); break; @@ -593,7 +591,7 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) else sprintf(proto_name, "%#4.4x", proto); - LOG(2, s, t, " Remote requesting %s authentication. Rejecting.\n", proto_name); + LOG(3, s, t, " Remote requesting %s authentication. Rejecting.\n", proto_name); alen = add_lcp_auth(authproto, sizeof(authproto), config->radius_authprefer); if (alen < 2) break; // paranoia @@ -622,7 +620,7 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) break; default: // Reject any unknown options - LOG(2, s, t, " Rejecting PPP LCP Option type %d\n", type); + LOG(3, s, t, " Rejecting unknown PPP LCP option %d\n", type); q = ppp_rej(s, b, sizeof(b), PPPLCP, &response, q, p, o); } x -= length; @@ -637,7 +635,7 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) else { // Send packet back as ConfigAck - response = makeppp(b, sizeof(b), p, l, t, s, PPPLCP); + response = makeppp(b, sizeof(b), p, l, s, t, PPPLCP); if (!response) return; *response = ConfigAck; } @@ -645,7 +643,7 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) switch (session[s].ppp.lcp) { case Closed: - response = makeppp(b, sizeof(b), p, 2, t, s, PPPLCP); + response = makeppp(b, sizeof(b), p, 2, s, t, PPPLCP); if (!response) return; *response = TerminateAck; *((uint16_t *) (response + 2)) = htons(l = 4); @@ -653,7 +651,7 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) case Stopped: initialise_restart_count(s, lcp); - sendlcp(s, t, sess_local[s].lcp_authtype); + sendlcp(s, t); if (*response == ConfigAck) change_state(s, lcp, AckSent); else @@ -669,13 +667,13 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) case AckReceived: if (*response == ConfigAck) - lcp_open(t, s); + lcp_open(s, t); break; case Opened: lcp_restart(s); - sendlcp(s, t, sess_local[s].lcp_authtype); + sendlcp(s, t); /* fallthrough */ case AckSent: @@ -691,18 +689,17 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) return; } - LOG(3, s, t, "LCP: Sending %s\n", ppp_code(*response)); + LOG(3, s, t, "LCP: send %s\n", ppp_code(*response)); + if (config->debug > 3) dumplcp(response, l); + tunnelsend(b, l + (response - b), t); } - else if (*p == ConfigNak) + else if (*p == ConfigNak || *p == ConfigRej) { int x = l - 4; uint8_t *o = (p + 4); int authtype = -1; - LOG(3, s, t, "LCP: ConfigNak (%d bytes)...\n", l); - if (config->debug > 3) dumplcp(p, l); - while (x > 2) { int type = o[0]; @@ -712,14 +709,24 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) switch (type) { case 1: // Maximum-Receive-Unit - session[s].mru = ntohs(*(uint16_t *)(o + 2)); - LOG(3, s, t, " Remote requested MRU of %u\n", session[s].mru); + if (*p == ConfigNak) + { + session[s].mru = ntohs(*(uint16_t *)(o + 2)); + LOG(3, s, t, " Remote requested MRU of %u\n", session[s].mru); + } + else + { + session[s].mru = 0; + LOG(3, s, t, " Remote rejected MRU negotiation\n"); + } + break; case 3: // Authentication-Protocol if (authtype > 0) break; + if (*p == ConfigNak) { int proto = ntohs(*(uint16_t *)(o + 2)); if (proto == PPPPAP) @@ -740,11 +747,16 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) proto); } } + else + { + LOG(2, s, t, "LCP: remote rejected auth negotiation\n"); + authtype = 0; // shutdown + } break; default: - LOG(2, s, t, " Remote NAKed LCP type %u?\n", type); + LOG(2, s, t, "LCP: remote sent %s for type %u?\n", ppp_code(*p), type); break; } x -= length; @@ -765,10 +777,14 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) case Closed: case Stopped: { - uint8_t *response = makeppp(b, sizeof(b), p, 2, t, s, PPPLCP); + uint8_t *response = makeppp(b, sizeof(b), p, 2, s, t, PPPLCP); if (!response) return; *response = TerminateAck; *((uint16_t *) (response + 2)) = htons(l = 4); + + LOG(3, s, t, "LCP: send %s\n", ppp_code(*response)); + if (config->debug > 3) dumplcp(response, l); + tunnelsend(b, l + (response - b), t); } break; @@ -776,17 +792,17 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) case RequestSent: case AckSent: initialise_restart_count(s, lcp); - sendlcp(s, t, sess_local[s].lcp_authtype); + sendlcp(s, t); break; case AckReceived: LOG(2, s, t, "LCP: ConfigNak in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.lcp)); - sendlcp(s, t, sess_local[s].lcp_authtype); + sendlcp(s, t); break; case Opened: lcp_restart(s); - sendlcp(s, t, sess_local[s].lcp_authtype); + sendlcp(s, t); break; default: @@ -796,10 +812,13 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) } else if (*p == TerminateReq) { - LOG(3, s, t, "LCP: Received TerminateReq. Sending TerminateAck\n"); *p = TerminateAck; // close - q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP); + q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP); if (!q) return; + + LOG(3, s, t, "LCP: send %s\n", ppp_code(*q)); + if (config->debug > 3) dumplcp(q, l); + tunnelsend(b, l + (q - b), t); // send it sessionshutdown(s, "Remote end closed connection.", 3, 0); } @@ -809,32 +828,45 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) } else if (*p == ProtocolRej) { - if (*(uint16_t *) (p+4) == htons(PPPIPV6CP)) + uint16_t proto = 0; + + if (l > 4) + { + proto = *(p+4); + if (l > 5 && !(proto & 1)) + { + proto <<= 8; + proto |= *(p+5); + } + } + + if (proto == PPPIPV6CP) { LOG(3, s, t, "IPv6 rejected\n"); change_state(s, ipv6cp, Closed); } else { - LOG(1, s, t, "Unexpected LCP protocol reject 0x%X\n", - ntohs(*(uint16_t *) (p+4))); - STAT(tunnel_rx_errors); + LOG(3, s, t, "LCP protocol reject: 0x%04X\n", proto); } } else if (*p == EchoReq) { - LOG(5, s, t, "LCP: Received EchoReq. Sending EchoReply\n"); *p = EchoReply; // reply *(uint32_t *) (p + 4) = htonl(session[s].magic); // our magic number - q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP); + q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP); if (!q) return; + + LOG(4, s, t, "LCP: send %s\n", ppp_code(*q)); + if (config->debug > 3) dumplcp(q, l); + tunnelsend(b, l + (q - b), t); // send it } else if (*p == EchoReply) { // Ignore it, last_packet time is set earlier than this. } - else + else if (*p != CodeRej) { int code = *p; int mru = session[s].mru; @@ -844,15 +876,18 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) if (l > mru) l = mru; *p = CodeRej; - q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP); + q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP); if (!q) return; - LOG(3, s, t, "Unexpected LCP code %s\n", ppp_code(code)); + LOG(2, s, t, "Unexpected LCP code %s\n", ppp_code(code)); + LOG(3, s, t, "LCP: send %s\n", ppp_code(*q)); + if (config->debug > 3) dumplcp(q, l); + tunnelsend(b, l + (q - b), t); } } -static void ipcp_open(tunnelidt t, sessionidt s) +static void ipcp_open(sessionidt s, tunnelidt t) { LOG(3, s, t, "IPCP: Opened, session is now active\n"); @@ -868,15 +903,15 @@ static void ipcp_open(tunnelidt t, sessionidt s) // start IPv6 if configured and still in passive state if (session[s].ppp.ipv6cp == Stopped) { - sendipv6cp(t, s); + sendipv6cp(s, t); change_state(s, ipv6cp, RequestSent); } } // Process IPCP messages -void processipcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) +void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { - uint8_t b[MAXCONTROL]; + uint8_t b[MAXETHER]; uint8_t *q = 0; uint16_t hl; @@ -904,6 +939,8 @@ void processipcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) return; } + LOG(3, s, t, "IPCP: recv %s\n", ppp_code(*p)); + if (*p == ConfigAck) { switch (session[s].ppp.ipcp) @@ -921,7 +958,7 @@ void processipcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) break; case AckSent: - ipcp_open(t, s); + ipcp_open(s, t); break; default: @@ -936,8 +973,6 @@ void processipcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) int gotip = 0; in_addr_t addr; - LOG(3, s, t, "IPCP: ConfigReq received\n"); - while (length > 2) { switch (*o) @@ -949,8 +984,9 @@ void processipcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) addr = htonl(session[s].ip); if (memcmp(o + 2, &addr, (sizeof addr))) { + uint8_t *oq = q; q = ppp_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); - if (!q || *response == ConfigRej) + if (!q || (q != oq && *response == ConfigRej)) { sessionshutdown(s, "Can't negotiate IPCP.", 3, 0); return; @@ -1001,7 +1037,7 @@ void processipcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) else if (gotip) { // Send packet back as ConfigAck - response = makeppp(b, sizeof(b), p, l, t, s, PPPIPCP); + response = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP); if (!response) return; *response = ConfigAck; } @@ -1015,7 +1051,7 @@ void processipcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) switch (session[s].ppp.ipcp) { case Closed: - response = makeppp(b, sizeof(b), p, 2, t, s, PPPIPCP); + response = makeppp(b, sizeof(b), p, 2, s, t, PPPIPCP); if (!response) return; *response = TerminateAck; *((uint16_t *) (response + 2)) = htons(l = 4); @@ -1039,7 +1075,7 @@ void processipcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) case AckReceived: if (*response == ConfigAck) - ipcp_open(t, s); + ipcp_open(s, t); break; @@ -1061,19 +1097,19 @@ void processipcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) return; } - LOG(3, s, t, "IPCP: Sending %s\n", ppp_code(*response)); + LOG(3, s, t, "IPCP: send %s\n", ppp_code(*response)); tunnelsend(b, l + (response - b), t); } else if (*p == TerminateReq) { - LOG(3, s, t, "IPCP: Received TerminateReq. Sending TerminateAck\n"); *p = TerminateAck; - q = makeppp(b, sizeof(b), p, l, t, s, PPPIPCP); + q = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP); if (!q) return; + LOG(3, s, t, "IPCP: send %s\n", ppp_code(*q)); tunnelsend(b, l + (q - b), t); change_state(s, ipcp, Stopped); } - else + else if (*p != CodeRej) { int code = *p; int mru = session[s].mru; @@ -1083,15 +1119,16 @@ void processipcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) if (l > mru) l = mru; *p = CodeRej; - q = makeppp(b, sizeof(b), p, l, t, s, PPPIPCP); + q = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP); if (!q) return; - LOG(3, s, t, "Unexpected IPCP code %s\n", ppp_code(code)); + LOG(2, s, t, "Unexpected IPCP code %s\n", ppp_code(code)); + LOG(3, s, t, "IPCP: send %s\n", ppp_code(*q)); tunnelsend(b, l + (q - b), t); } } -static void ipv6cp_open(tunnelidt t, sessionidt s) +static void ipv6cp_open(sessionidt s, tunnelidt t) { LOG(3, s, t, "IPV6CP: Opened\n"); @@ -1100,13 +1137,13 @@ static void ipv6cp_open(tunnelidt t, sessionidt s) route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 1); // Send an initial RA (TODO: Should we send these regularly?) - send_ipv6_ra(t, s, NULL); + send_ipv6_ra(s, t, NULL); } // Process IPV6CP messages -void processipv6cp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) +void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { - uint8_t b[MAXCONTROL]; + uint8_t b[MAXETHER]; uint8_t *q = 0; uint16_t hl; @@ -1134,11 +1171,13 @@ void processipv6cp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) return; } + LOG(3, s, t, "IPV6CP: recv %s\n", ppp_code(*p)); + if (!config->ipv6_prefix.s6_addr[0]) { LOG(2, s, t, "IPV6CP: %s rejected (not configured)\n", ppp_code(*p)); *p = ProtocolRej; - q = makeppp(b, sizeof(b), p, l, t, s, PPPIPV6CP); + q = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP); if (!q) return; tunnelsend(b, l + (q - b), t); return; @@ -1167,7 +1206,7 @@ void processipv6cp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) break; case AckSent: - ipv6cp_open(t, s); + ipv6cp_open(s, t); break; default: @@ -1182,8 +1221,6 @@ void processipv6cp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) int gotip = 0; uint8_t ident[8]; - LOG(3, s, t, "IPV6CP: ConfigReq received\n"); - while (length > 2) { switch (*o) @@ -1221,7 +1258,7 @@ void processipv6cp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) else if (gotip) { // Send packet back as ConfigAck - response = makeppp(b, sizeof(b), p, l, t, s, PPPIPV6CP); + response = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP); if (!response) return; *response = ConfigAck; } @@ -1235,7 +1272,7 @@ void processipv6cp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) switch (session[s].ppp.ipv6cp) { case Closed: - response = makeppp(b, sizeof(b), p, 2, t, s, PPPIPV6CP); + response = makeppp(b, sizeof(b), p, 2, s, t, PPPIPV6CP); if (!response) return; *response = TerminateAck; *((uint16_t *) (response + 2)) = htons(l = 4); @@ -1259,7 +1296,7 @@ void processipv6cp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) case AckReceived: if (*response == ConfigAck) - ipv6cp_open(t, s); + ipv6cp_open(s, t); break; @@ -1281,19 +1318,19 @@ void processipv6cp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) return; } - LOG(3, s, t, "IPV6CP: Sending %s\n", ppp_code(*response)); + LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*response)); tunnelsend(b, l + (response - b), t); } else if (*p == TerminateReq) { - LOG(3, s, t, "IPV6CP: Received TerminateReq. Sending TerminateAck\n"); *p = TerminateAck; - q = makeppp(b, sizeof(b), p, l, t, s, PPPIPV6CP); + q = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP); if (!q) return; + LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*q)); tunnelsend(b, l + (q - b), t); change_state(s, ipv6cp, Stopped); } - else + else if (*p != CodeRej) { int code = *p; int mru = session[s].mru; @@ -1303,10 +1340,11 @@ void processipv6cp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) if (l > mru) l = mru; *p = CodeRej; - q = makeppp(b, sizeof(b), p, l, t, s, PPPIPV6CP); + q = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP); if (!q) return; - LOG(3, s, t, "Unexpected IPV6CP code %s\n", ppp_code(code)); + LOG(2, s, t, "Unexpected IPV6CP code %s\n", ppp_code(code)); + LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*q)); tunnelsend(b, l + (q - b), t); } } @@ -1315,7 +1353,7 @@ void processipv6cp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) // // This MUST be called with at least 4 byte behind 'p'. // (i.e. this routine writes to p[-4]). -void processipin(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) +void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { in_addr_t ip; @@ -1401,7 +1439,7 @@ void processipin(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) // // This MUST be called with at least 4 byte behind 'p'. // (i.e. this routine writes to p[-4]). -void processipv6in(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) +void processipv6in(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { struct in6_addr ip; in_addr_t ipv4; @@ -1438,7 +1476,7 @@ void processipv6in(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) *(uint32_t *)(p + 34) == 0 && *(p + 38) == 0 && *(p + 39) == 2 && *(p + 40) == 133) { LOG(3, s, t, "Got IPv6 RS\n"); - send_ipv6_ra(t, s, &ip); + send_ipv6_ra(s, t, &ip); return; } @@ -1535,9 +1573,9 @@ void send_ipin(sessionidt s, uint8_t *buf, int len) // Process CCP messages -void processccp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) +void processccp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { - uint8_t b[MAXCONTROL]; + uint8_t b[MAXETHER]; uint8_t *q; CSTAT(processccp); @@ -1556,6 +1594,7 @@ void processccp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) STAT(tunnel_rx_errors); } + LOG(3, s, t, "CCP: recv %s\n", ppp_code(*p)); if (*p == ConfigAck) { switch (session[s].ppp.ccp) @@ -1588,13 +1627,13 @@ void processccp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) else // compression requested--reject *p = ConfigRej; - q = makeppp(b, sizeof(b), p, l, t, s, PPPCCP); + q = makeppp(b, sizeof(b), p, l, s, t, PPPCCP); if (!q) return; switch (session[s].ppp.ccp) { case Closed: - q = makeppp(b, sizeof(b), p, 2, t, s, PPPCCP); + q = makeppp(b, sizeof(b), p, 2, s, t, PPPCCP); if (!q) return; *q = TerminateAck; *((uint16_t *) (q + 2)) = htons(l = 4); @@ -1640,19 +1679,19 @@ void processccp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) return; } - LOG(3, s, t, "CCP: Sending %s\n", ppp_code(*q)); + LOG(3, s, t, "CCP: send %s\n", ppp_code(*q)); tunnelsend(b, l + (q - b), t); } else if (*p == TerminateReq) { - LOG(3, s, t, "CCP: Received TerminateReq. Sending TerminateAck\n"); *p = TerminateAck; - q = makeppp(b, sizeof(b), p, l, t, s, PPPCCP); + q = makeppp(b, sizeof(b), p, l, s, t, PPPCCP); if (!q) return; + LOG(3, s, t, "CCP: send %s\n", ppp_code(*q)); tunnelsend(b, l + (q - b), t); change_state(s, ccp, Stopped); } - else + else if (*p != CodeRej) { int code = *p; int mru = session[s].mru; @@ -1662,18 +1701,19 @@ void processccp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) if (l > mru) l = mru; *p = CodeRej; - q = makeppp(b, sizeof(b), p, l, t, s, PPPCCP); + q = makeppp(b, sizeof(b), p, l, s, t, PPPCCP); if (!q) return; - LOG(3, s, t, "Unexpected CCP code %s\n", ppp_code(code)); + LOG(2, s, t, "Unexpected CCP code %s\n", ppp_code(code)); + LOG(3, s, t, "CCP: send %s\n", ppp_code(*q)); tunnelsend(b, l + (q - b), t); } } // send a CHAP challenge -void sendchap(tunnelidt t, sessionidt s) +void sendchap(sessionidt s, tunnelidt t) { - uint8_t b[MAXCONTROL]; + uint8_t b[MAXETHER]; uint16_t r; uint8_t *q; @@ -1702,7 +1742,7 @@ void sendchap(tunnelidt t, sessionidt s) STAT(tunnel_tx_errors); return ; } - q = makeppp(b, sizeof(b), 0, 0, t, s, PPPCHAP); + q = makeppp(b, sizeof(b), 0, 0, s, t, PPPCHAP); if (!q) return; *q = 1; // challenge @@ -1717,7 +1757,7 @@ void sendchap(tunnelidt t, sessionidt s) // fill in a L2TP message with a PPP frame, // copies existing PPP message and changes magic number if seen // returns start of PPP frame -uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, tunnelidt t, sessionidt s, uint16_t mtype) +uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, sessionidt s, tunnelidt t, uint16_t mtype) { if (size < 12) // Need more space than this!! { @@ -1785,19 +1825,18 @@ static int add_lcp_auth(uint8_t *b, int size, int authtype) } // Send initial LCP ConfigReq for MRU, authentication type and magic no -void sendlcp(tunnelidt t, sessionidt s, int authtype) +void sendlcp(sessionidt s, tunnelidt t) { uint8_t b[500], *q, *l; + int authtype = sess_local[s].lcp_authtype; - if (!(q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP))) + if (!(q = makeppp(b, sizeof(b), NULL, 0, s, t, PPPLCP))) return; - LOG(4, s, t, "Sending LCP ConfigReq%s%s\n", - authtype ? " for " : "", - authtype ? (authtype == AUTHCHAP ? "CHAP" : "PAP") : ""); - - if (!session[s].mru) - session[s].mru = DEFAULT_MRU; + LOG(3, s, t, "LCP: send ConfigReq%s%s%s\n", + authtype ? " (" : "", + authtype ? (authtype == AUTHCHAP ? "CHAP" : "PAP") : "", + authtype ? ")" : ""); l = q; *l++ = ConfigReq; @@ -1805,8 +1844,11 @@ void sendlcp(tunnelidt t, sessionidt s, int authtype) l += 2; //Save space for length - *l++ = 1; *l++ = 4; // Maximum-Receive-Unit (length 4) - *(uint16_t *) l = htons(session[s].mru); l += 2; + if (session[s].mru) + { + *l++ = 1; *l++ = 4; // Maximum-Receive-Unit (length 4) + *(uint16_t *) l = htons(session[s].mru); l += 2; + } if (authtype) l += add_lcp_auth(l, sizeof(b) - (l - b), authtype); @@ -1818,18 +1860,21 @@ void sendlcp(tunnelidt t, sessionidt s, int authtype) *(uint16_t *)(q + 2) = htons(l - q); // Length LOG_HEX(5, "PPPLCP", q, l - q); + if (config->debug > 3) dumplcp(q, l - q); + tunnelsend(b, (l - b), t); } // Send CCP request for no compression -void sendccp(tunnelidt t, sessionidt s) +void sendccp(sessionidt s, tunnelidt t) { uint8_t b[500], *q; - if (!(q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPCCP))) + if (!(q = makeppp(b, sizeof(b), NULL, 0, s, t, PPPCCP))) return; - LOG(4, s, t, "Sending CCP ConfigReq for no compression\n"); + LOG(3, s, t, "CCP: send ConfigReq (no compression)\n"); + *q = ConfigReq; *(uint8_t *)(q + 1) = (time_now % 255) + 1; // ID *(uint16_t *)(q + 2) = htons(4); // Length