X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/97ad99cc23c5f0007de461afb200fd83c3d20481..2a8ea53c2f077ca20ab32d7e04697cfba92fa58f:/ppp.c?ds=sidebyside diff --git a/ppp.c b/ppp.c index 074e00f..4de5ba7 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.42 2005/01/25 04:19:06 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.47 2005/04/27 13:53:17 bodea Exp $"; #include #include @@ -28,8 +28,8 @@ static void initccp(tunnelidt t, sessionidt s); // Process PAP messages void processpap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) { - char user[129]; - char pass[129]; + char user[MAXUSER]; + char pass[MAXPASS]; uint16_t hl; CSTAT(processpap); @@ -39,6 +39,7 @@ void processpap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) { LOG(1, s, t, "Short PAP %u bytes\n", l); STAT(tunnel_rx_errors); + sessionshutdown(s, "Short PAP packet.", 3, 0); return ; } @@ -46,6 +47,7 @@ void processpap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) { LOG(1, s, t, "Length mismatch PAP %u/%u\n", hl, l); STAT(tunnel_rx_errors); + sessionshutdown(s, "PAP length mismatch.", 3, 0); return ; } l = hl; @@ -54,19 +56,25 @@ void processpap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) { LOG(1, s, t, "Unexpected PAP code %d\n", *p); STAT(tunnel_rx_errors); + sessionshutdown(s, "Unexpected PAP code.", 3, 0); return ; } { uint8_t *b = p; b += 4; + user[0] = pass[0] = 0; if (*b && *b < sizeof(user)) + { memcpy(user, b + 1, *b); - user[*b] = 0; - b += 1 + *b; - if (*b && *b < sizeof(pass)) - memcpy(pass, b + 1, *b); - pass[*b] = 0; + user[*b] = 0; + b += 1 + *b; + if (*b && *b < sizeof(pass)) + { + memcpy(pass, b + 1, *b); + pass[*b] = 0; + } + } LOG(3, s, t, "PAP login %s/%s\n", user, pass); } if (session[s].ip || !session[s].radius) @@ -97,6 +105,7 @@ void processpap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) } LOG(3, s, t, "Fallback response to PAP (%s)\n", (session[s].ip) ? "ACK" : "NAK"); tunnelsend(b, 5 + (p - b), t); // send it + sessionshutdown(s, "PAP authentication failed.", 3, 0); } else { @@ -483,11 +492,11 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP); if (!q) return; tunnelsend(b, l + (q - b), t); // send it - sessionshutdown(s, "Remote end closed connection."); + sessionshutdown(s, "Remote end closed connection.", 3, 0); } else if (*p == TerminateAck) { - sessionshutdown(s, "Connection closed."); + sessionshutdown(s, "Connection closed.", 3, 0); } else if (*p == ProtocolRej) { @@ -852,15 +861,19 @@ void processipin(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) // Add on the tun header p -= 4; - *(uint32_t *) p = htonl(0x00000800); + *(uint32_t *) p = htonl(PKTIP); l += 4; - if (session[s].tbf_in && !config->cluster_iam_master) { // Are we throttled and a slave? - master_throttle_packet(session[s].tbf_in, p, l); // Pass it to the master for handling. + // Are we throttled and a slave? + if (session[s].tbf_in && !config->cluster_iam_master) { + // Pass it to the master for handling. + master_throttle_packet(session[s].tbf_in, p, l); return; } - if (session[s].tbf_in && config->cluster_iam_master) { // Are we throttled and a master?? actually handle the throttled packets. + // Are we throttled and a master?? + if (session[s].tbf_in && config->cluster_iam_master) { + // Actually handle the throttled packets. tbf_queue_packet(session[s].tbf_in, p, l); return; } @@ -936,7 +949,7 @@ void processipv6in(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) // Add on the tun header p -= 4; - *(uint32_t *)p = htonl(PKTIPV6); + *(uint32_t *) p = htonl(PKTIPV6); l += 4; // Are we throttled and a slave? @@ -946,9 +959,9 @@ void processipv6in(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) return; } - // Are we throttled and a master?? actually handle the throttled - // packets. + // Are we throttled and a master?? if (session[s].tbf_in && config->cluster_iam_master) { + // Actually handle the throttled packets. tbf_queue_packet(session[s].tbf_in, p, l); return; } @@ -957,14 +970,16 @@ void processipv6in(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) if (tun_write(p, l) < 0) { STAT(tun_tx_errors); - LOG(0, s, t, "Error writing %d bytes to TUN device: %s" " (tunfd=%d, p=%p)\n", + LOG(0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n", l, strerror(errno), tunfd, p); + + return; } if (session[s].snoop_ip && session[s].snoop_port) { // Snooping this session - snoop_send_packet(p, l, session[s].snoop_ip, session[s].snoop_port); + snoop_send_packet(p + 4, l - 4, session[s].snoop_ip, session[s].snoop_port); } session[s].cin += l - 4; @@ -1065,12 +1080,13 @@ void processccp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) tunnelsend(b, l + (q - b), t); // send it } -// send a CHAP PP packet +// send a CHAP challenge void sendchap(tunnelidt t, sessionidt s) { uint8_t b[MAXCONTROL]; uint16_t r = session[s].radius; uint8_t *q; + uint8_t *l; CSTAT(sendchap); @@ -1094,7 +1110,7 @@ void sendchap(tunnelidt t, sessionidt s) radius[r].retry = backoff(radius[r].try++); if (radius[r].try > 5) { - sessionshutdown(s, "Timeout CHAP"); + sessionshutdown(s, "CHAP timeout.", 3, 0); STAT(tunnel_tx_errors); return ; } @@ -1103,7 +1119,7 @@ void sendchap(tunnelidt t, sessionidt s) *q = 1; // challenge q[1] = radius[r].id; // ID - q[4] = 16; // length + q[4] = 16; // value size (size of challenge) memcpy(q + 5, radius[r].auth, 16); // challenge strcpy(q + 21, hostname); // our name *(uint16_t *) (q + 2) = htons(strlen(hostname) + 21); // length