X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/7af010b1915cd0f6bb480c9725b89463c225cdc6..b089008c0575e64aaf6fc15baaca0c02951f0a82:/ppp.c diff --git a/ppp.c b/ppp.c index c28a1d6..3fae559 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.69 2005/08/11 05:50:49 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.98 2006/04/13 11:14:35 bodea Exp $"; #include #include @@ -40,7 +40,7 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Short PAP %u bytes\n", l); STAT(tunnel_rx_errors); - sessionshutdown(s, "Short PAP packet.", 3, 0); + sessionshutdown(s, "Short PAP packet.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -48,7 +48,7 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Length mismatch PAP %u/%u\n", hl, l); STAT(tunnel_rx_errors); - sessionshutdown(s, "PAP length mismatch.", 3, 0); + sessionshutdown(s, "PAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } l = hl; @@ -57,7 +57,7 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Unexpected PAP code %d\n", *p); STAT(tunnel_rx_errors); - sessionshutdown(s, "Unexpected PAP code.", 3, 0); + sessionshutdown(s, "Unexpected PAP code.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -85,11 +85,10 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) LOG(3, s, t, "PAP login %s/%s\n", user, pass); } - r = radiusnew(s); - if (session[s].ip || !r) + if (session[s].ip || !(r = radiusnew(s))) { // respond now, either no RADIUS available or already authenticated - uint8_t b[MAXCONTROL]; + uint8_t b[MAXETHER]; uint8_t id = p[1]; uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPPAP); if (!p) return; @@ -111,7 +110,7 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) else { LOG(1, s, t, "No RADIUS session available to authenticate session...\n"); - sessionshutdown(s, "No free RADIUS sessions.", 4, 0); + sessionshutdown(s, "No free RADIUS sessions.", CDN_UNAVAILABLE, TERM_SERVICE_UNAVAILABLE); } } else @@ -148,19 +147,12 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) CSTAT(processchap); LOG_HEX(5, "CHAP", p, l); - r = sess_local[s].radius; - if (!r) - { - LOG(1, s, t, "Unexpected CHAP message\n"); - STAT(tunnel_rx_errors); - return; - } if (l < 4) { LOG(1, s, t, "Short CHAP %u bytes\n", l); STAT(tunnel_rx_errors); - sessionshutdown(s, "Short CHAP packet.", 3, 0); + sessionshutdown(s, "Short CHAP packet.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -168,7 +160,7 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Length mismatch CHAP %u/%u\n", hl, l); STAT(tunnel_rx_errors); - sessionshutdown(s, "CHAP length mismatch.", 3, 0); + sessionshutdown(s, "CHAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } l = hl; @@ -177,7 +169,14 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Unexpected CHAP response code %d\n", *p); STAT(tunnel_rx_errors); - sessionshutdown(s, "CHAP length mismatch.", 3, 0); + sessionshutdown(s, "CHAP length mismatch.", CDN_ADMIN_DISC, TERM_USER_ERROR); + return; + } + + r = sess_local[s].radius; + if (!r) + { + LOG(3, s, t, "Unexpected CHAP message\n"); return; } @@ -191,7 +190,7 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Wrong CHAP response ID %d (should be %d) (%d)\n", p[1], radius[r].id, r); STAT(tunnel_rx_errors); - sessionshutdown(s, "Unexpected CHAP response ID.", 3, 0); + sessionshutdown(s, "Unexpected CHAP response ID.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -199,7 +198,7 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "Bad CHAP response length %d\n", l < 5 ? -1 : p[4]); STAT(tunnel_rx_errors); - sessionshutdown(s, "Bad CHAP response length.", 3, 0); + sessionshutdown(s, "Bad CHAP response length.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -209,7 +208,7 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { LOG(1, s, t, "CHAP user too long %d\n", l - 16); STAT(tunnel_rx_errors); - sessionshutdown(s, "CHAP username too long.", 3, 0); + sessionshutdown(s, "CHAP username too long.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -301,7 +300,7 @@ static void dumplcp(uint8_t *p, int l) else if (length == 5) { int proto = ntohs(*(uint16_t *)(o + 2)); - int algo = *(uint8_t *)(o + 4); + int algo = *(o + 4); LOG(4, 0, 0, " %s 0x%x 0x%x (%s)\n", ppp_lcp_option(type), proto, algo, (proto == PPPCHAP && algo == 5) ? "CHAP MD5" : "UNSUPPORTED"); } @@ -341,6 +340,8 @@ void lcp_open(sessionidt s, tunnelidt t) // transition to Authentication or Network phase: session[s].ppp.phase = sess_local[s].lcp_authtype ? Authenticate : Network; + LOG(3, s, t, "LCP: Opened, phase %s\n", ppp_phase(session[s].ppp.phase)); + // LCP now Opened change_state(s, lcp, Opened); @@ -373,7 +374,7 @@ static void lcp_restart(sessionidt s) change_state(s, ccp, Dead); } -static uint8_t *ppp_rej(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, +static uint8_t *ppp_conf_rej(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, uint8_t **response, uint8_t *queued, uint8_t *packet, uint8_t *option) { if (!*response || **response != ConfigRej) @@ -396,7 +397,7 @@ static uint8_t *ppp_rej(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, return queued + option[1]; } -static uint8_t *ppp_nak(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, +static uint8_t *ppp_conf_nak(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, uint8_t **response, uint8_t *queued, uint8_t *packet, uint8_t *option, uint8_t *value, size_t vlen) { @@ -414,19 +415,19 @@ static uint8_t *ppp_nak(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, if (*nak_sent < config->ppp_max_failure) // reject queued return queued; - return ppp_rej(s, buf, blen, mtype, response, 0, packet, option); + return ppp_conf_rej(s, buf, blen, mtype, response, 0, packet, option); } if (!*response) { if (*nak_sent >= config->ppp_max_failure) - return ppp_rej(s, buf, blen, mtype, response, 0, packet, option); + return ppp_conf_rej(s, buf, blen, mtype, response, 0, packet, option); queued = *response = makeppp(buf, blen, packet, 2, s, session[s].tunnel, mtype); if (!queued) return 0; - *nak_sent++; + (*nak_sent)++; *queued = ConfigNak; queued += 4; } @@ -443,12 +444,37 @@ static uint8_t *ppp_nak(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, return queued + vlen; } +static void ppp_code_rej(sessionidt s, tunnelidt t, uint16_t proto, + char *pname, uint8_t *p, uint16_t l, uint8_t *buf, size_t size) +{ + uint8_t *q; + int mru = session[s].mru; + if (mru < MINMTU) mru = MINMTU; + if (mru > size) mru = size; + + l += 4; + if (l > mru) l = mru; + + q = makeppp(buf, size, 0, 0, s, t, proto); + if (!q) return; + + *q = CodeRej; + *(q + 1) = ++sess_local[s].lcp_ident; + *(uint16_t *)(q + 2) = htons(l); + memcpy(q + 4, p, l - 4); + + LOG(2, s, t, "Unexpected %s code %s\n", pname, ppp_code(*p)); + LOG(3, s, t, "%s: send %s\n", pname, ppp_code(*q)); + if (config->debug > 3) dumplcp(q, l); + + tunnelsend(buf, l + (q - buf), t); +} + // Process LCP messages void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { - uint8_t b[MAXCONTROL]; + uint8_t b[MAXETHER]; uint8_t *q = NULL; - uint32_t magicno = 0; uint16_t hl; CSTAT(processlcp); @@ -472,7 +498,9 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) if (session[s].die) // going down... return; - LOG(*p == EchoReq ? 4 : 3, s, t, "LCP: recv %s\n", ppp_code(*p)); + LOG((*p == EchoReq || *p == EchoReply) ? 4 : 3, s, t, + "LCP: recv %s\n", ppp_code(*p)); + if (config->debug > 3) dumplcp(p, l); if (*p == ConfigAck) @@ -520,7 +548,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) if (session[s].ppp.lcp == Opened) lcp_restart(s); - sendlcp(s, t, sess_local[s].lcp_authtype); + sendlcp(s, t); change_state(s, lcp, RequestSent); break; @@ -549,7 +577,19 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) switch (type) { case 1: // Maximum-Receive-Unit - session[s].mru = ntohs(*(uint16_t *)(o + 2)); + { + uint16_t mru = ntohs(*(uint16_t *)(o + 2)); + if (mru >= MINMTU) + { + session[s].mru = mru; + cluster_send_session(s); + break; + } + + LOG(3, s, t, " Remote requesting MRU of %u. Rejecting.\n", mru); + mru = htons(MRU); + q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, (uint8_t *) &mru, sizeof(mru)); + } break; case 2: // Async-Control-Character-Map @@ -557,7 +597,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) break; LOG(3, s, t, " Remote requesting asyncmap. Rejecting.\n"); - q = ppp_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, asyncmap, sizeof(asyncmap)); + q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, asyncmap, sizeof(asyncmap)); break; case 3: // Authentication-Protocol @@ -595,32 +635,29 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) alen = add_lcp_auth(authproto, sizeof(authproto), config->radius_authprefer); if (alen < 2) break; // paranoia - q = ppp_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2); + q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2); if (q && *response == ConfigNak && config->radius_authtypes != config->radius_authprefer) { // alternate type alen = add_lcp_auth(authproto, sizeof(authproto), config->radius_authtypes & ~config->radius_authprefer); if (alen < 2) break; - q = ppp_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2); + q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2); } break; } break; - case 5: // Magic-Number - magicno = ntohl(*(uint32_t *)(o + 2)); - break; - case 4: // Quality-Protocol + case 5: // Magic-Number case 7: // Protocol-Field-Compression case 8: // Address-And-Control-Field-Compression break; default: // Reject any unknown options LOG(3, s, t, " Rejecting unknown PPP LCP option %d\n", type); - q = ppp_rej(s, b, sizeof(b), PPPLCP, &response, q, p, o); + q = ppp_conf_rej(s, b, sizeof(b), PPPLCP, &response, q, p, o); } x -= length; o += length; @@ -650,7 +687,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) case Stopped: initialise_restart_count(s, lcp); - sendlcp(s, t, sess_local[s].lcp_authtype); + sendlcp(s, t); if (*response == ConfigAck) change_state(s, lcp, AckSent); else @@ -672,7 +709,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) case Opened: lcp_restart(s); - sendlcp(s, t, sess_local[s].lcp_authtype); + sendlcp(s, t); /* fallthrough */ case AckSent: @@ -693,7 +730,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) tunnelsend(b, l + (response - b), t); } - else if (*p == ConfigNak) + else if (*p == ConfigNak || *p == ConfigRej) { int x = l - 4; uint8_t *o = (p + 4); @@ -708,23 +745,38 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) switch (type) { case 1: // Maximum-Receive-Unit - session[s].mru = ntohs(*(uint16_t *)(o + 2)); - LOG(3, s, t, " Remote requested MRU of %u\n", session[s].mru); + if (*p == ConfigNak) + { + if (length < 4) break; + sess_local[s].ppp_mru = ntohs(*(uint16_t *)(o + 2)); + LOG(3, s, t, " Remote requested MRU of %u\n", sess_local[s].ppp_mru); + } + else + { + sess_local[s].ppp_mru = 0; + LOG(3, s, t, " Remote rejected MRU negotiation\n"); + } + break; case 3: // Authentication-Protocol if (authtype > 0) break; + if (*p == ConfigNak) { - int proto = ntohs(*(uint16_t *)(o + 2)); + int proto; + + if (length < 4) break; + proto = ntohs(*(uint16_t *)(o + 2)); + if (proto == PPPPAP) { authtype = config->radius_authtypes & AUTHPAP; LOG(3, s, t, " Remote requested PAP authentication...%sing\n", authtype ? "accept" : "reject"); } - else if (proto == PPPCHAP && *(o + 4) == 5) + else if (proto == PPPCHAP && length > 4 && *(o + 4) == 5) { authtype = config->radius_authtypes & AUTHCHAP; LOG(3, s, t, " Remote requested CHAP authentication...%sing\n", @@ -736,12 +788,34 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) proto); } } + else + { + LOG(2, s, t, "LCP: remote rejected auth negotiation\n"); + authtype = 0; // shutdown + } break; - default: - LOG(2, s, t, " Remote NAKed LCP type %u?\n", type); + case 5: // Magic-Number + session[s].magic = 0; + if (*p == ConfigNak) + { + if (length < 6) break; + session[s].magic = ntohl(*(uint32_t *)(o + 2)); + } + + if (session[s].magic) + LOG(3, s, t, " Remote requested magic-no %x\n", session[s].magic); + else + LOG(3, s, t, " Remote rejected magic-no\n"); + + cluster_send_session(s); break; + + default: + LOG(2, s, t, "LCP: remote sent %s for type %u?\n", ppp_code(*p), type); + sessionshutdown(s, "Unable to negotiate LCP.", CDN_ADMIN_DISC, TERM_USER_ERROR); + return; } x -= length; o += length; @@ -749,7 +823,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) if (!authtype) { - sessionshutdown(s, "Unsupported authentication.", 3, 0); + sessionshutdown(s, "Unsupported authentication.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } @@ -765,6 +839,10 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) if (!response) return; *response = TerminateAck; *((uint16_t *) (response + 2)) = htons(l = 4); + + LOG(3, s, t, "LCP: send %s\n", ppp_code(*response)); + if (config->debug > 3) dumplcp(response, l); + tunnelsend(b, l + (response - b), t); } break; @@ -772,17 +850,17 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) case RequestSent: case AckSent: initialise_restart_count(s, lcp); - sendlcp(s, t, sess_local[s].lcp_authtype); + sendlcp(s, t); break; case AckReceived: LOG(2, s, t, "LCP: ConfigNak in state %s? Sending ConfigReq\n", ppp_state(session[s].ppp.lcp)); - sendlcp(s, t, sess_local[s].lcp_authtype); + sendlcp(s, t); break; case Opened: lcp_restart(s); - sendlcp(s, t, sess_local[s].lcp_authtype); + sendlcp(s, t); break; default: @@ -795,25 +873,39 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) *p = TerminateAck; // close q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP); if (!q) return; + + LOG(3, s, t, "LCP: send %s\n", ppp_code(*q)); + if (config->debug > 3) dumplcp(q, l); + tunnelsend(b, l + (q - b), t); // send it - sessionshutdown(s, "Remote end closed connection.", 3, 0); + sessionshutdown(s, "Remote end closed connection.", CDN_ADMIN_DISC, TERM_USER_REQUEST); } else if (*p == TerminateAck) { - sessionshutdown(s, "Connection closed.", 3, 0); + sessionshutdown(s, "Connection closed.", CDN_ADMIN_DISC, TERM_NAS_REQUEST); } else if (*p == ProtocolRej) { - if (*(uint16_t *) (p+4) == htons(PPPIPV6CP)) + uint16_t proto = 0; + + if (l > 4) + { + proto = *(p+4); + if (l > 5 && !(proto & 1)) + { + proto <<= 8; + proto |= *(p+5); + } + } + + if (proto == PPPIPV6CP) { LOG(3, s, t, "IPv6 rejected\n"); change_state(s, ipv6cp, Closed); } else { - LOG(1, s, t, "Unexpected LCP protocol reject 0x%X\n", - ntohs(*(uint16_t *) (p+4))); - STAT(tunnel_rx_errors); + LOG(3, s, t, "LCP protocol reject: 0x%04X\n", proto); } } else if (*p == EchoReq) @@ -822,27 +914,19 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) *(uint32_t *) (p + 4) = htonl(session[s].magic); // our magic number q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP); if (!q) return; + + LOG(4, s, t, "LCP: send %s\n", ppp_code(*q)); + if (config->debug > 3) dumplcp(q, l); + tunnelsend(b, l + (q - b), t); // send it } else if (*p == EchoReply) { // Ignore it, last_packet time is set earlier than this. } - else + else if (*p != CodeRej) { - int code = *p; - int mru = session[s].mru; - if (!mru) - mru = DEFAULT_MRU; - - if (l > mru) l = mru; - - *p = CodeRej; - q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP); - if (!q) return; - - LOG(3, s, t, "Unexpected LCP code %s\n", ppp_code(code)); - tunnelsend(b, l + (q - b), t); + ppp_code_rej(s, t, PPPLCP, "LCP", p, l, b, sizeof(b)); } } @@ -852,11 +936,17 @@ static void ipcp_open(sessionidt s, tunnelidt t) change_state(s, ipcp, Opened); - if (!session[s].walled_garden) + if (!(session[s].walled_garden || session[s].flags & SESSION_STARTED)) { uint16_t r = radiusnew(s); if (r) + { radiussend(r, RADIUSSTART); // send radius start + + // don't send further Start records if IPCP is restarted + session[s].flags |= SESSION_STARTED; + cluster_send_session(s); + } } // start IPv6 if configured and still in passive state @@ -870,14 +960,14 @@ static void ipcp_open(sessionidt s, tunnelidt t) // Process IPCP messages void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { - uint8_t b[MAXCONTROL]; + uint8_t b[MAXETHER]; uint8_t *q = 0; uint16_t hl; CSTAT(processipcp); LOG_HEX(5, "IPCP", p, l); - if (l < 5) + if (l < 4) { LOG(1, s, t, "Short IPCP %d bytes\n", l); STAT(tunnel_rx_errors); @@ -898,6 +988,8 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) return; } + LOG(3, s, t, "IPCP: recv %s\n", ppp_code(*p)); + if (*p == ConfigAck) { switch (session[s].ppp.ipcp) @@ -930,23 +1022,24 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) int gotip = 0; in_addr_t addr; - LOG(3, s, t, "IPCP: ConfigReq received\n"); - while (length > 2) { + if (!o[1] || o[1] > length) return; + switch (*o) { case 3: // ip address gotip++; // seen address - if (o[1] != 6 || o[1] > length) return; + if (o[1] != 6) return; addr = htonl(session[s].ip); if (memcmp(o + 2, &addr, (sizeof addr))) { - q = ppp_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); - if (!q || *response == ConfigRej) + uint8_t *oq = q; + q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); + if (!q || (q != oq && *response == ConfigRej)) { - sessionshutdown(s, "Can't negotiate IPCP.", 3, 0); + sessionshutdown(s, "Can't negotiate IPCP.", CDN_ADMIN_DISC, TERM_USER_ERROR); return; } } @@ -954,24 +1047,24 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) break; case 129: // primary DNS - if (o[1] != 6 || o[1] > length) return; + if (o[1] != 6) return; addr = htonl(session[s].dns1); if (memcmp(o + 2, &addr, (sizeof addr))) { - q = ppp_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); + q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); if (!q) return; } break; case 131: // secondary DNS - if (o[1] != 6 || o[1] > length) return; + if (o[1] != 6) return; - addr = htonl(session[s].dns1); + addr = htonl(session[s].dns2); if (memcmp(o + 2, &addr, sizeof(addr))) { - q = ppp_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); + q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); if (!q) return; } @@ -979,7 +1072,7 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) default: LOG(2, s, t, " Rejecting PPP IPCP Option type %d\n", *o); - q = ppp_rej(s, b, sizeof(b), PPPIPCP, &response, q, p, o); + q = ppp_conf_rej(s, b, sizeof(b), PPPIPCP, &response, q, p, o); if (!q) return; } @@ -1055,33 +1148,21 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) return; } - LOG(3, s, t, "IPCP: Sending %s\n", ppp_code(*response)); + LOG(3, s, t, "IPCP: send %s\n", ppp_code(*response)); tunnelsend(b, l + (response - b), t); } else if (*p == TerminateReq) { - LOG(3, s, t, "IPCP: Received TerminateReq. Sending TerminateAck\n"); *p = TerminateAck; q = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP); if (!q) return; + LOG(3, s, t, "IPCP: send %s\n", ppp_code(*q)); tunnelsend(b, l + (q - b), t); change_state(s, ipcp, Stopped); } - else + else if (*p != CodeRej) { - int code = *p; - int mru = session[s].mru; - if (!mru) - mru = DEFAULT_MRU; - - if (l > mru) l = mru; - - *p = CodeRej; - q = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP); - if (!q) return; - - LOG(3, s, t, "Unexpected IPCP code %s\n", ppp_code(code)); - tunnelsend(b, l + (q - b), t); + ppp_code_rej(s, t, PPPIPCP, "IPCP", p, l, b, sizeof(b)); } } @@ -1100,7 +1181,7 @@ static void ipv6cp_open(sessionidt s, tunnelidt t) // Process IPV6CP messages void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { - uint8_t b[MAXCONTROL]; + uint8_t b[MAXETHER]; uint8_t *q = 0; uint16_t hl; @@ -1128,15 +1209,7 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) return; } - if (!config->ipv6_prefix.s6_addr[0]) - { - LOG(2, s, t, "IPV6CP: %s rejected (not configured)\n", ppp_code(*p)); - *p = ProtocolRej; - q = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP); - if (!q) return; - tunnelsend(b, l + (q - b), t); - return; - } + LOG(3, s, t, "IPV6CP: recv %s\n", ppp_code(*p)); if (!session[s].ip) { @@ -1176,22 +1249,22 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) int gotip = 0; uint8_t ident[8]; - LOG(3, s, t, "IPV6CP: ConfigReq received\n"); - while (length > 2) { + if (!o[1] || o[1] > length) return; + switch (*o) { case 1: // interface identifier gotip++; // seen address - if (o[1] != 10 || o[1] > length) return; + if (o[1] != 10) return; *(uint32_t *) ident = htonl(session[s].ip); *(uint32_t *) (ident + 4) = 0; if (memcmp(o + 2, ident, sizeof(ident))) { - q = ppp_nak(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o, ident, sizeof(ident)); + q = ppp_conf_nak(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o, ident, sizeof(ident)); if (!q) return; } @@ -1199,7 +1272,7 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) default: LOG(2, s, t, " Rejecting PPP IPV6CP Option type %d\n", *o); - q = ppp_rej(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o); + q = ppp_conf_rej(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o); if (!q) return; } @@ -1275,33 +1348,21 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) return; } - LOG(3, s, t, "IPV6CP: Sending %s\n", ppp_code(*response)); + LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*response)); tunnelsend(b, l + (response - b), t); } else if (*p == TerminateReq) { - LOG(3, s, t, "IPV6CP: Received TerminateReq. Sending TerminateAck\n"); *p = TerminateAck; q = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP); if (!q) return; + LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*q)); tunnelsend(b, l + (q - b), t); change_state(s, ipv6cp, Stopped); } - else + else if (*p != CodeRej) { - int code = *p; - int mru = session[s].mru; - if (!mru) - mru = DEFAULT_MRU; - - if (l > mru) l = mru; - - *p = CodeRej; - q = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP); - if (!q) return; - - LOG(3, s, t, "Unexpected IPV6CP code %s\n", ppp_code(code)); - tunnelsend(b, l + (q - b), t); + ppp_code_rej(s, t, PPPIPV6CP, "IPV6CP", p, l, b, sizeof(b)); } } @@ -1317,6 +1378,13 @@ void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) LOG_HEX(5, "IP", p, l); + if (l < 20) + { + LOG(1, s, t, "IP packet too short %d\n", l); + STAT(tunnel_rx_errors); + return ; + } + ip = ntohl(*(uint32_t *)(p + 12)); if (l > MAXETHER) @@ -1340,6 +1408,14 @@ void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) if (session[s].filter_in && !ip_filter(p, l, session[s].filter_in - 1)) return; + // adjust MSS on SYN and SYN,ACK packets with options + if ((ntohs(*(uint16_t *) (p + 6)) & 0x1fff) == 0 && p[9] == IPPROTO_TCP) // first tcp fragment + { + int ihl = (p[0] & 0xf) * 4; // length of IP header + if (l >= ihl + 20 && (p[ihl + 13] & TCP_FLAG_SYN) && ((p[ihl + 12] >> 4) > 5)) + adjust_tcp_mss(s, t, p, l, p + ihl); + } + // Add on the tun header p -= 4; *(uint32_t *) p = htonl(PKTIP); @@ -1531,7 +1607,7 @@ void send_ipin(sessionidt s, uint8_t *buf, int len) // Process CCP messages void processccp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { - uint8_t b[MAXCONTROL]; + uint8_t b[MAXETHER]; uint8_t *q; CSTAT(processccp); @@ -1550,6 +1626,7 @@ void processccp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) STAT(tunnel_rx_errors); } + LOG(3, s, t, "CCP: recv %s\n", ppp_code(*p)); if (*p == ConfigAck) { switch (session[s].ppp.ccp) @@ -1634,40 +1711,28 @@ void processccp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) return; } - LOG(3, s, t, "CCP: Sending %s\n", ppp_code(*q)); + LOG(3, s, t, "CCP: send %s\n", ppp_code(*q)); tunnelsend(b, l + (q - b), t); } else if (*p == TerminateReq) { - LOG(3, s, t, "CCP: Received TerminateReq. Sending TerminateAck\n"); *p = TerminateAck; q = makeppp(b, sizeof(b), p, l, s, t, PPPCCP); if (!q) return; + LOG(3, s, t, "CCP: send %s\n", ppp_code(*q)); tunnelsend(b, l + (q - b), t); change_state(s, ccp, Stopped); } - else + else if (*p != CodeRej) { - int code = *p; - int mru = session[s].mru; - if (!mru) - mru = DEFAULT_MRU; - - if (l > mru) l = mru; - - *p = CodeRej; - q = makeppp(b, sizeof(b), p, l, s, t, PPPCCP); - if (!q) return; - - LOG(3, s, t, "Unexpected CCP code %s\n", ppp_code(code)); - tunnelsend(b, l + (q - b), t); + ppp_code_rej(s, t, PPPCCP, "CCP", p, l, b, sizeof(b)); } } // send a CHAP challenge void sendchap(sessionidt s, tunnelidt t) { - uint8_t b[MAXCONTROL]; + uint8_t b[MAXETHER]; uint16_t r; uint8_t *q; @@ -1692,7 +1757,7 @@ void sendchap(sessionidt s, tunnelidt t) radius[r].retry = backoff(radius[r].try++); if (radius[r].try > 5) { - sessionshutdown(s, "CHAP timeout.", 3, 0); + sessionshutdown(s, "CHAP timeout.", CDN_ADMIN_DISC, TERM_REAUTHENTICATION_FAILURE); STAT(tunnel_tx_errors); return ; } @@ -1709,15 +1774,12 @@ void sendchap(sessionidt s, tunnelidt t) } // fill in a L2TP message with a PPP frame, -// copies existing PPP message and changes magic number if seen // returns start of PPP frame uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, sessionidt s, tunnelidt t, uint16_t mtype) { if (size < 12) // Need more space than this!! { - static int backtrace_count = 0; LOG(0, s, t, "makeppp buffer too small for L2TP header (size=%d)\n", size); - log_backtrace(backtrace_count, 5) return NULL; } @@ -1725,12 +1787,12 @@ uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, sessionidt s, tunnelid *(uint16_t *) (b + 2) = htons(tunnel[t].far); // tunnel *(uint16_t *) (b + 4) = htons(session[s].far); // session b += 6; - if (mtype == PPPLCP || !(session[s].l2tp_flags & SESSIONACFC)) + if (mtype == PPPLCP || !(session[s].flags & SESSION_ACFC)) { *(uint16_t *) b = htons(0xFF03); // HDLC header b += 2; } - if (mtype < 0x100 && session[s].l2tp_flags & SESSIONPFC) + if (mtype < 0x100 && session[s].flags & SESSION_PFC) *b++ = mtype; else { @@ -1740,9 +1802,7 @@ uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, sessionidt s, tunnelid if (l + 12 > size) { - static int backtrace_count = 0; LOG(2, s, t, "makeppp would overflow buffer (size=%d, header+payload=%d)\n", size, l + 12); - log_backtrace(backtrace_count, 5) return NULL; } @@ -1778,10 +1838,11 @@ static int add_lcp_auth(uint8_t *b, int size, int authtype) return len; } -// Send initial LCP ConfigReq for MRU, authentication type and magic no -void sendlcp(sessionidt s, tunnelidt t, int authtype) +// Send LCP ConfigReq for MRU, authentication type and magic no +void sendlcp(sessionidt s, tunnelidt t) { uint8_t b[500], *q, *l; + int authtype = sess_local[s].lcp_authtype; if (!(q = makeppp(b, sizeof(b), NULL, 0, s, t, PPPLCP))) return; @@ -1791,24 +1852,27 @@ void sendlcp(sessionidt s, tunnelidt t, int authtype) authtype ? (authtype == AUTHCHAP ? "CHAP" : "PAP") : "", authtype ? ")" : ""); - if (!session[s].mru) - session[s].mru = DEFAULT_MRU; - l = q; *l++ = ConfigReq; - *l++ = (time_now % 255) + 1; // ID + *l++ = ++sess_local[s].lcp_ident; // ID l += 2; //Save space for length - *l++ = 1; *l++ = 4; // Maximum-Receive-Unit (length 4) - *(uint16_t *) l = htons(session[s].mru); l += 2; + if (sess_local[s].ppp_mru) + { + *l++ = 1; *l++ = 4; // Maximum-Receive-Unit (length 4) + *(uint16_t *) l = htons(sess_local[s].ppp_mru); l += 2; + } if (authtype) l += add_lcp_auth(l, sizeof(b) - (l - b), authtype); - *l++ = 5; *l++ = 6; // Magic-Number (length 6) - *(uint32_t *) l = htonl(session[s].magic); - l += 4; + if (session[s].magic) + { + *l++ = 5; *l++ = 6; // Magic-Number (length 6) + *(uint32_t *) l = htonl(session[s].magic); + l += 4; + } *(uint16_t *)(q + 2) = htons(l - q); // Length @@ -1816,6 +1880,7 @@ void sendlcp(sessionidt s, tunnelidt t, int authtype) if (config->debug > 3) dumplcp(q, l - q); tunnelsend(b, (l - b), t); + restart_timer(s, lcp); } // Send CCP request for no compression @@ -1826,11 +1891,43 @@ void sendccp(sessionidt s, tunnelidt t) if (!(q = makeppp(b, sizeof(b), NULL, 0, s, t, PPPCCP))) return; - LOG(4, s, t, "Sending CCP ConfigReq for no compression\n"); + LOG(3, s, t, "CCP: send ConfigReq (no compression)\n"); + *q = ConfigReq; - *(uint8_t *)(q + 1) = (time_now % 255) + 1; // ID + *(q + 1) = ++sess_local[s].lcp_ident; // ID *(uint16_t *)(q + 2) = htons(4); // Length LOG_HEX(5, "PPPCCP", q, 4); tunnelsend(b, (q - b) + 4 , t); + restart_timer(s, ccp); +} + +// Reject unknown/unconfigured protocols +void protoreject(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l, uint16_t proto) +{ + + uint8_t buf[MAXETHER]; + uint8_t *q; + int mru = session[s].mru; + if (mru < MINMTU) mru = MINMTU; + if (mru > sizeof(buf)) mru = sizeof(buf); + + l += 6; + if (l > mru) l = mru; + + q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPLCP); + if (!q) return; + + *q = ProtocolRej; + *(q + 1) = ++sess_local[s].lcp_ident; + *(uint16_t *)(q + 2) = htons(l); + *(uint16_t *)(q + 4) = htons(proto); + memcpy(q + 6, p, l - 6); + + if (proto == PPPIPV6CP) + LOG(3, s, t, "LCP: send ProtocolRej (IPV6CP: not configured)\n"); + else + LOG(2, s, t, "LCP: sent ProtocolRej (0x%04X: unsupported)\n", proto); + + tunnelsend(buf, l + (q - buf), t); }