X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/86042401144b293807e8d31a29734fa806658ef4..1d46a749ef2b64dadf9c34ef4f3757ef64350a24:/l2tpns.c diff --git a/l2tpns.c b/l2tpns.c index ec2bd17..ecae249 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.143 2005/10/11 07:06:56 bodea Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.155 2006/01/19 20:55:03 bodea Exp $"; #include #include @@ -96,9 +96,9 @@ uint32_t eth_tx = 0; static uint32_t ip_pool_size = 1; // Size of the pool of addresses used for dynamic address allocation. time_t time_now = 0; // Current time in seconds since epoch. static char time_now_string[64] = {0}; // Current time as a string. -int time_changed = 0; // time_now changed +static int time_changed = 0; // time_now changed char main_quit = 0; // True if we're in the process of exiting. -char main_reload = 0; // Re-load pending +static char main_reload = 0; // Re-load pending linked_list *loaded_plugins; linked_list *plugins[MAX_PLUGIN_TYPES]; @@ -162,6 +162,7 @@ static char *plugin_functions[] = { "plugin_control", "plugin_radius_response", "plugin_radius_reset", + "plugin_radius_account", "plugin_become_master", "plugin_new_session_master", }; @@ -553,6 +554,13 @@ static void inittun(void) LOG(0, 0, 0, "Error setting tun queue length: %s\n", strerror(errno)); exit(1); } + /* set MTU to modem MRU */ + ifr.ifr_mtu = MRU; + if (ioctl(ifrfd, SIOCSIFMTU, (void *) &ifr) < 0) + { + LOG(0, 0, 0, "Error setting tun MTU: %s\n", strerror(errno)); + exit(1); + } ifr.ifr_flags = IFF_UP; if (ioctl(ifrfd, SIOCSIFFLAGS, (void *) &ifr) < 0) { @@ -932,18 +940,14 @@ void tunnelsend(uint8_t * buf, uint16_t l, tunnelidt t) if (!t) { - static int backtrace_count = 0; LOG(0, 0, t, "tunnelsend called with 0 as tunnel id\n"); STAT(tunnel_tx_errors); - log_backtrace(backtrace_count, 5) return; } if (!tunnel[t].ip) { - static int backtrace_count = 0; LOG(1, 0, t, "Error sending data out tunnel: no remote endpoint (tunnel not set up)\n"); - log_backtrace(backtrace_count, 5) STAT(tunnel_tx_errors); return; } @@ -1042,7 +1046,7 @@ void adjust_tcp_mss(sessionidt s, tunnelidt t, uint8_t *buf, int len, uint8_t *t sum = orig + (~MSS & 0xffff); sum += ntohs(*(uint16_t *) (tcp + 16)); sum = (sum & 0xffff) + (sum >> 16); - *(uint16_t *) (tcp + 16) = htons(sum); + *(uint16_t *) (tcp + 16) = htons(sum + (sum >> 16)); } // process outgoing (to tunnel) IP @@ -1169,7 +1173,8 @@ static void processipout(uint8_t *buf, int len) master_throttle_packet(sp->tbf_out, data, size); return; } - else if (sp->walled_garden && !config->cluster_iam_master) + + if (sp->walled_garden && !config->cluster_iam_master) { // We are walled-gardening this master_garden_packet(s, data, size); @@ -1681,6 +1686,7 @@ void sendipcp(sessionidt s, tunnelidt t) my_address; // send my IP tunnelsend(buf, 10 + (q - buf), t); // send it + restart_timer(s, ipcp); } void sendipv6cp(sessionidt s, tunnelidt t) @@ -1706,6 +1712,7 @@ void sendipv6cp(sessionidt s, tunnelidt t) q[13] = 1; tunnelsend(buf, 14 + (q - buf), t); // send it + restart_timer(s, ipv6cp); } static void sessionclear(sessionidt s) @@ -2326,9 +2333,9 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) if (*p == 5 && p[1] == 6) // Magic-Number amagic = ntohl(*(uint32_t *) (p + 2)); else if (*p == 7) // Protocol-Field-Compression - aflags |= SESSIONPFC; + aflags |= SESSION_PFC; else if (*p == 8) // Address-and-Control-Field-Compression - aflags |= SESSIONACFC; + aflags |= SESSION_ACFC; p += p[1]; } } @@ -2455,20 +2462,17 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) case 12: // ICCN if (amagic == 0) amagic = time_now; session[s].magic = amagic; // set magic number - session[s].l2tp_flags = aflags; // set flags received - session[s].mru = PPPMTU; // default + session[s].flags = aflags; // set flags received + session[s].mru = PPPoE_MRU; // default controlnull(t); // ack // start LCP - sess_local[s].lcp.restart = time_now + config->ppp_restart_time; - sess_local[s].lcp.conf_sent = 1; - sess_local[s].lcp.nak_sent = 0; sess_local[s].lcp_authtype = config->radius_authprefer; sess_local[s].ppp_mru = MRU; - session[s].ppp.lcp = RequestSent; sendlcp(s, t); - + change_state(s, lcp, RequestSent); break; + case 14: // CDN controlnull(t); // ack sessionshutdown(s, "Closed (Received CDN).", 0, 0); @@ -2607,29 +2611,9 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) } else if (session[s].ppp.lcp == Opened) { - uint8_t buf[MAXETHER]; - uint8_t *q; - int mru = session[s].mru; - if (mru > sizeof(buf)) mru = sizeof(buf); - - l += 6; - if (l > mru) l = mru; - - q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPLCP); - if (!q) return; - - *q = ProtocolRej; - *(q + 1) = ++sess_local[s].lcp_ident; - *(uint16_t *)(q + 2) = htons(l); - *(uint16_t *)(q + 4) = htons(proto); - memcpy(q + 6, p, l - 6); - - if (proto == PPPIPV6CP) - LOG(3, s, t, "LCP: send ProtocolRej (IPV6CP: not configured)\n"); - else - LOG(2, s, t, "LCP: sent ProtocolRej (0x%04X: unsupported)\n", proto); - - tunnelsend(buf, l + (q - buf), t); + session[s].last_packet = time_now; + if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; } + protoreject(s, t, p, l, proto); } else { @@ -2816,8 +2800,6 @@ static void regular_cleanups(double period) if (sess_local[s].lcp.conf_sent < config->ppp_max_configure) { LOG(3, s, session[s].tunnel, "No ACK for LCP ConfigReq... resending\n"); - sess_local[s].lcp.restart = time_now + config->ppp_restart_time; - sess_local[s].lcp.conf_sent++; sendlcp(s, session[s].tunnel); change_state(s, lcp, next_state); } @@ -2847,8 +2829,6 @@ static void regular_cleanups(double period) if (sess_local[s].ipcp.conf_sent < config->ppp_max_configure) { LOG(3, s, session[s].tunnel, "No ACK for IPCP ConfigReq... resending\n"); - sess_local[s].ipcp.restart = time_now + config->ppp_restart_time; - sess_local[s].ipcp.conf_sent++; sendipcp(s, session[s].tunnel); change_state(s, ipcp, next_state); } @@ -2878,8 +2858,6 @@ static void regular_cleanups(double period) if (sess_local[s].ipv6cp.conf_sent < config->ppp_max_configure) { LOG(3, s, session[s].tunnel, "No ACK for IPV6CP ConfigReq... resending\n"); - sess_local[s].ipv6cp.restart = time_now + config->ppp_restart_time; - sess_local[s].ipv6cp.conf_sent++; sendipv6cp(s, session[s].tunnel); change_state(s, ipv6cp, next_state); } @@ -2906,8 +2884,6 @@ static void regular_cleanups(double period) if (sess_local[s].ccp.conf_sent < config->ppp_max_configure) { LOG(3, s, session[s].tunnel, "No ACK for CCP ConfigReq... resending\n"); - sess_local[s].ccp.restart = time_now + config->ppp_restart_time; - sess_local[s].ccp.conf_sent++; sendccp(s, session[s].tunnel); change_state(s, ccp, next_state); } @@ -2931,7 +2907,8 @@ static void regular_cleanups(double period) } // No data in ECHO_TIMEOUT seconds, send LCP ECHO - if (session[s].ppp.phase >= Establish && (time_now - session[s].last_packet >= ECHO_TIMEOUT)) + if (session[s].ppp.phase >= Establish && (time_now - session[s].last_packet >= ECHO_TIMEOUT) && + (time_now - sess_local[s].last_echo >= ECHO_TIMEOUT)) { uint8_t b[MAXETHER]; @@ -2941,11 +2918,12 @@ static void regular_cleanups(double period) *q = EchoReq; *(uint8_t *)(q + 1) = (time_now % 255); // ID *(uint16_t *)(q + 2) = htons(8); // Length - *(uint32_t *)(q + 4) = 0; // Magic Number (not supported) + *(uint32_t *)(q + 4) = session[s].ppp.lcp == Opened ? htonl(session[s].magic) : 0; // Magic Number LOG(4, s, session[s].tunnel, "No data in %d seconds, sending LCP ECHO\n", (int)(time_now - session[s].last_packet)); tunnelsend(b, 24, session[s].tunnel); // send it + sess_local[s].last_echo = time_now; s_actions++; } @@ -3971,7 +3949,7 @@ static void initippool() else { // It's a single ip address - add_to_ip_pool(inet_addr(pool), 0); + add_to_ip_pool(ntohl(inet_addr(pool)), 0); } } fclose(f); @@ -4317,12 +4295,15 @@ static void update_config() #define L2TP_HDRS (20+8+6+4) // L2TP data encaptulation: ip + udp + l2tp (data) + ppp (inc hdlc) #define TCP_HDRS (20+20) // TCP encapsulation: ip + tcp - if (config->l2tp_mtu <= 0) config->l2tp_mtu = PPPMTU; + if (config->l2tp_mtu <= 0) config->l2tp_mtu = 1500; // ethernet default else if (config->l2tp_mtu < MINMTU) config->l2tp_mtu = MINMTU; else if (config->l2tp_mtu > MAXMTU) config->l2tp_mtu = MAXMTU; // reset MRU/MSS globals MRU = config->l2tp_mtu - L2TP_HDRS; + if (MRU > PPPoE_MRU) + MRU = PPPoE_MRU; + MSS = MRU - TCP_HDRS; // Update radius @@ -5356,7 +5337,9 @@ int ip_filter(uint8_t *buf, int len, uint8_t filter) if (frag_offset) { - if (!rule->frag || rule->action == FILTER_ACTION_DENY) + // layer 4 deny rules are skipped + if (rule->action == FILTER_ACTION_DENY && + (rule->src_ports.op || rule->dst_ports.op || rule->tcp_flag_op)) continue; } else