X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/df35f4d66fd01268fe4456994368b76a541acec4..ba1c3362c6dc0d65eb3d06368c47b75aa135456b:/ppp.c?ds=inline diff --git a/ppp.c b/ppp.c index 5c4e51b..0259ab7 100644 --- a/ppp.c +++ b/ppp.c @@ -5,9 +5,10 @@ #include #include #include -#include #include +#include +#include "dhcp6.h" #include "l2tpns.h" #include "constants.h" #include "plugin.h" @@ -15,9 +16,7 @@ #include "tbf.h" #include "cluster.h" -#ifdef LAC #include "l2tplac.h" -#endif #include "pppoe.h" extern tunnelt *tunnel; @@ -108,13 +107,11 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) LOG(3, s, t, "PAP login %s/%s\n", user, pass); } -#ifdef LAC if ((!config->disable_lac_func) && lac_conf_forwardtoremotelns(s, user)) { // Creating a tunnel/session has been started return; } -#endif if (session[s].ip || !(r = radiusnew(s))) { @@ -267,7 +264,6 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) packet.username = calloc(l + 1, 1); memcpy(packet.username, p, l); -#ifdef LAC if ((!config->disable_lac_func) && lac_conf_forwardtoremotelns(s, packet.username)) { free(packet.username); @@ -275,7 +271,6 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) // Creating a tunnel/session has been started return; } -#endif run_plugins(PLUGIN_PRE_AUTH, &packet); if (!packet.continue_auth) @@ -1492,6 +1487,13 @@ static void ipv6cp_open(sessionidt s, tunnelidt t) if (session[s].ipv6prefixlen) route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 1); + if (session[s].ipv6address.s6_addr[0]) + { + // Check if included in prefix + if (sessionbyipv6(session[s].ipv6address) != s) + route6set(s, session[s].ipv6address, 128, 1); + } + // Send an initial RA (TODO: Should we send these regularly?) send_ipv6_ra(s, t, NULL); } @@ -1744,7 +1746,7 @@ static void update_sessions_in_stat(sessionidt s, uint16_t l) // (i.e. this routine writes to p[-4]). void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { - in_addr_t ip; + in_addr_t ip, ip_dst; CSTAT(processipin); @@ -1758,6 +1760,7 @@ void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) } ip = ntohl(*(uint32_t *)(p + 12)); + ip_dst = *(uint32_t *)(p + 16); if (l > MAXETHER) { @@ -1798,12 +1801,15 @@ void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) if (session[s].tbf_in) { - // Are we throttling this session? - if (config->cluster_iam_master) - tbf_queue_packet(session[s].tbf_in, p, l); - else - master_throttle_packet(session[s].tbf_in, p, l); - return; + if (!config->no_throttle_local_IP || !sessionbyip(ip_dst)) + { + // Are we throttling this session? + if (config->cluster_iam_master) + tbf_queue_packet(session[s].tbf_in, p, l); + else + master_throttle_packet(session[s].tbf_in, p, l); + return; + } } // send to ethernet @@ -2247,7 +2253,7 @@ void processipv6in(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) return; // no spoof - if (ipv4 != session[s].ip && memcmp(&config->ipv6_prefix, &ip, 8) && sessionbyipv6(ip) != s) + if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s) { char str[INET6_ADDRSTRLEN]; LOG(5, s, t, "Dropping packet with spoofed IP %s\n", @@ -2265,6 +2271,16 @@ void processipv6in(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) return; } + // Check if DhcpV6, IP dst: FF02::1:2, Src Port 0x0222 (546), Dst Port 0x0223 (547) + if (*(p + 6) == 17 && *(p + 24) == 0xFF && *(p + 25) == 2 && + *(uint32_t *)(p + 26) == 0 && *(uint32_t *)(p + 30) == 0 && + *(uint16_t *)(p + 34) == 0 && *(p + 36) == 0 && *(p + 37) == 1 && *(p + 38) == 0 && *(p + 39) == 2 && + *(p + 40) == 2 && *(p + 41) == 0x22 && *(p + 42) == 2 && *(p + 43) == 0x23) + { + dhcpv6_process(s, t, p, l); + return; + } + // Add on the tun header p -= 4; *(uint32_t *) p = htonl(PKTIPV6); @@ -2516,9 +2532,9 @@ void sendchap(sessionidt s, tunnelidt t) q[1] = radius[r].id; // ID q[4] = 16; // value size (size of challenge) memcpy(q + 5, radius[r].auth, 16); // challenge - strcpy((char *) q + 21, hostname); // our name - *(uint16_t *) (q + 2) = htons(strlen(hostname) + 21); // length - tunnelsend(b, strlen(hostname) + 21 + (q - b), t); // send it + strcpy((char *) q + 21, config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname); // our name + *(uint16_t *) (q + 2) = htons(strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21); // length + tunnelsend(b, strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21 + (q - b), t); // send it } // fill in a L2TP message with a PPP frame,