X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/6c71960bcfef9db4433f7eacd34aededc43d73b4..be9795fce9aea325f222f6ae70580f2e1524fc54:/ppp.c

diff --git a/ppp.c b/ppp.c
index 0b63596..3584fe4 100644
--- a/ppp.c
+++ b/ppp.c
@@ -1,6 +1,6 @@
 // L2TPNS PPP Stuff
 
-char const *cvs_id_ppp = "$Id: ppp.c,v 1.86 2005-11-17 05:24:17 bodea Exp $";
+char const *cvs_id_ppp = "$Id: ppp.c,v 1.97 2006-03-27 03:01:08 bodea Exp $";
 
 #include <stdio.h>
 #include <string.h>
@@ -449,6 +449,7 @@ static void ppp_code_rej(sessionidt s, tunnelidt t, uint16_t proto,
 {
 	uint8_t *q;
 	int mru = session[s].mru;
+	if (mru < MINMTU) mru = MINMTU;
 	if (mru > size) mru = size;
 
 	l += 4;
@@ -474,7 +475,6 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 {
 	uint8_t b[MAXETHER];
 	uint8_t *q = NULL;
-	uint32_t magicno = 0;
 	uint16_t hl;
 
 	CSTAT(processlcp);
@@ -498,7 +498,9 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 	if (session[s].die) // going down...
 		return;
 
-	LOG(*p == EchoReq ? 4 : 3, s, t, "LCP: recv %s\n", ppp_code(*p));
+	LOG((*p == EchoReq || *p == EchoReply) ? 4 : 3, s, t,
+		"LCP: recv %s\n", ppp_code(*p));
+
 	if (config->debug > 3) dumplcp(p, l);
 
 	if (*p == ConfigAck)
@@ -577,9 +579,10 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 				case 1: // Maximum-Receive-Unit
 					{
 						uint16_t mru = ntohs(*(uint16_t *)(o + 2));
-						if (mru >= 576)
+						if (mru >= MINMTU)
 						{
 							session[s].mru = mru;
+							cluster_send_session(s);
 							break;
 						}
 
@@ -646,11 +649,8 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 					}
 					break;
 
-				case 5: // Magic-Number
-					magicno = ntohl(*(uint32_t *)(o + 2));
-					break;
-
 				case 4: // Quality-Protocol
+				case 5: // Magic-Number
 				case 7: // Protocol-Field-Compression
 				case 8: // Address-And-Control-Field-Compression
 					break;
@@ -747,6 +747,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 				case 1: // Maximum-Receive-Unit
 					if (*p == ConfigNak)
 					{
+						if (length < 4) break;
 						sess_local[s].ppp_mru = ntohs(*(uint16_t *)(o + 2));
 						LOG(3, s, t, "    Remote requested MRU of %u\n", sess_local[s].ppp_mru);
 					}
@@ -764,14 +765,18 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
 					if (*p == ConfigNak)
 					{
-						int proto = ntohs(*(uint16_t *)(o + 2));
+						int proto;
+
+						if (length < 4) break;
+						proto = ntohs(*(uint16_t *)(o + 2));
+
 						if (proto == PPPPAP)
 						{
 							authtype = config->radius_authtypes & AUTHPAP;
 							LOG(3, s, t, "    Remote requested PAP authentication...%sing\n",
 								authtype ? "accept" : "reject");
 						}
-						else if (proto == PPPCHAP && *(o + 4) == 5)
+						else if (proto == PPPCHAP && length > 4 && *(o + 4) == 5)
 						{
 							authtype = config->radius_authtypes & AUTHCHAP;
 							LOG(3, s, t, "    Remote requested CHAP authentication...%sing\n",
@@ -791,9 +796,26 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
 					break;
 
+				case 5: // Magic-Number
+					session[s].magic = 0;
+					if (*p == ConfigNak)
+					{
+						if (length < 6) break;
+						session[s].magic = ntohl(*(uint32_t *)(o + 2));
+					}
+
+					if (session[s].magic)
+						LOG(3, s, t, "    Remote requested magic-no %x\n", session[s].magic);
+					else
+						LOG(3, s, t, "    Remote rejected magic-no\n");
+
+					cluster_send_session(s);
+					break;
+
 				default:
 				    	LOG(2, s, t, "LCP: remote sent %s for type %u?\n", ppp_code(*p), type);
-					break;
+					sessionshutdown(s, "Unable to negotiate LCP.", 3, 0);
+					return;
 			}
 			x -= length;
 			o += length;
@@ -945,7 +967,7 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 	CSTAT(processipcp);
 
 	LOG_HEX(5, "IPCP", p, l);
-	if (l < 5)
+	if (l < 4)
 	{
 		LOG(1, s, t, "Short IPCP %d bytes\n", l);
 		STAT(tunnel_rx_errors);
@@ -1002,11 +1024,13 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
 		while (length > 2)
 		{
+			if (!o[1] || o[1] > length) return;
+
 			switch (*o)
 			{
 			case 3: // ip address
 				gotip++; // seen address
-				if (o[1] != 6 || o[1] > length) return;
+				if (o[1] != 6) return;
 
 				addr = htonl(session[s].ip);
 				if (memcmp(o + 2, &addr, (sizeof addr)))
@@ -1023,7 +1047,7 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 				break;
 
 			case 129: // primary DNS
-				if (o[1] != 6 || o[1] > length) return;
+				if (o[1] != 6) return;
 
 				addr = htonl(session[s].dns1);
 				if (memcmp(o + 2, &addr, (sizeof addr)))
@@ -1035,9 +1059,9 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 				break;
 
 			case 131: // secondary DNS
-				if (o[1] != 6 || o[1] > length) return;
+				if (o[1] != 6) return;
 
-				addr = htonl(session[s].dns1);
+				addr = htonl(session[s].dns2);
 				if (memcmp(o + 2, &addr, sizeof(addr)))
 				{
 					q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr));
@@ -1227,11 +1251,13 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
 		while (length > 2)
 		{
+			if (!o[1] || o[1] > length) return;
+
 			switch (*o)
 			{
 			case 1: // interface identifier
 				gotip++; // seen address
-				if (o[1] != 10 || o[1] > length) return;
+				if (o[1] != 10) return;
 
 				*(uint32_t *) ident = htonl(session[s].ip);
 				*(uint32_t *) (ident + 4) = 0;
@@ -1748,15 +1774,12 @@ void sendchap(sessionidt s, tunnelidt t)
 }
 
 // fill in a L2TP message with a PPP frame,
-// copies existing PPP message and changes magic number if seen
 // returns start of PPP frame
 uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, sessionidt s, tunnelidt t, uint16_t mtype)
 {
 	if (size < 12) // Need more space than this!!
 	{
-		static int backtrace_count = 0;
 		LOG(0, s, t, "makeppp buffer too small for L2TP header (size=%d)\n", size);
-		log_backtrace(backtrace_count, 5)
 		return NULL;
 	}
 
@@ -1779,9 +1802,7 @@ uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, sessionidt s, tunnelid
 
 	if (l + 12 > size)
 	{
-		static int backtrace_count = 0;
 		LOG(2, s, t, "makeppp would overflow buffer (size=%d, header+payload=%d)\n", size, l + 12);
-		log_backtrace(backtrace_count, 5)
 		return NULL;
 	}
 
@@ -1817,7 +1838,7 @@ static int add_lcp_auth(uint8_t *b, int size, int authtype)
 	return len;
 }
 
-// Send initial LCP ConfigReq for MRU, authentication type and magic no
+// Send LCP ConfigReq for MRU, authentication type and magic no
 void sendlcp(sessionidt s, tunnelidt t)
 {
 	uint8_t b[500], *q, *l;
@@ -1846,9 +1867,12 @@ void sendlcp(sessionidt s, tunnelidt t)
 	if (authtype)
 		l += add_lcp_auth(l, sizeof(b) - (l - b), authtype);
 
-	*l++ = 5; *l++ = 6; // Magic-Number (length 6)
-	*(uint32_t *) l = htonl(session[s].magic);
-	l += 4;
+	if (session[s].magic)
+	{
+		*l++ = 5; *l++ = 6; // Magic-Number (length 6)
+		*(uint32_t *) l = htonl(session[s].magic);
+		l += 4;
+	}
 
 	*(uint16_t *)(q + 2) = htons(l - q); // Length
 
@@ -1877,3 +1901,33 @@ void sendccp(sessionidt s, tunnelidt t)
 	tunnelsend(b, (q - b) + 4 , t);
 	restart_timer(s, ccp);
 }
+
+// Reject unknown/unconfigured protocols
+void protoreject(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l, uint16_t proto)
+{
+
+	uint8_t buf[MAXETHER];
+	uint8_t *q;
+	int mru = session[s].mru;
+	if (mru < MINMTU) mru = MINMTU;
+	if (mru > sizeof(buf)) mru = sizeof(buf);
+
+	l += 6;
+	if (l > mru) l = mru;
+
+	q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPLCP);
+	if (!q) return;
+
+	*q = ProtocolRej;
+	*(q + 1) = ++sess_local[s].lcp_ident;
+	*(uint16_t *)(q + 2) = htons(l);
+	*(uint16_t *)(q + 4) = htons(proto);
+	memcpy(q + 6, p, l - 6);
+
+	if (proto == PPPIPV6CP)
+		LOG(3, s, t, "LCP: send ProtocolRej (IPV6CP: not configured)\n");
+	else
+		LOG(2, s, t, "LCP: sent ProtocolRej (0x%04X: unsupported)\n", proto);
+
+	tunnelsend(buf, l + (q - buf), t);
+}