X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/f5354e17542c0c11b00e2c8fb48a989ba5e47bcf..HEAD:/ppp.c

diff --git a/ppp.c b/ppp.c
index a8a355d..87ec0e8 100644
--- a/ppp.c
+++ b/ppp.c
@@ -5,6 +5,8 @@
 #include <unistd.h>
 #include <errno.h>
 #include <stdlib.h>
+#include <netinet/ip6.h>
+#include "dhcp6.h"
 #include "l2tpns.h"
 #include "constants.h"
 #include "plugin.h"
@@ -12,9 +14,7 @@
 #include "tbf.h"
 #include "cluster.h"
 
-#ifdef LAC
 #include "l2tplac.h"
-#endif
 #include "pppoe.h"
 
 extern tunnelt *tunnel;
@@ -105,13 +105,11 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 		LOG(3, s, t, "PAP login %s/%s\n", user, pass);
 	}
 
-#ifdef LAC
 	if ((!config->disable_lac_func) && lac_conf_forwardtoremotelns(s, user))
 	{
 		// Creating a tunnel/session has been started
 		return;
 	}
-#endif
 
 	if (session[s].ip || !(r = radiusnew(s)))
 	{
@@ -264,7 +262,6 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 		packet.username = calloc(l + 1, 1);
 		memcpy(packet.username, p, l);
 
-#ifdef LAC
 		if ((!config->disable_lac_func) && lac_conf_forwardtoremotelns(s, packet.username))
 		{
 			free(packet.username);
@@ -272,7 +269,6 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 			// Creating a tunnel/session has been started
 			return;
 		}
-#endif
 
 		run_plugins(PLUGIN_PRE_AUTH, &packet);
 		if (!packet.continue_auth)
@@ -1107,6 +1103,9 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 		if (config->debug > 3) dumplcp(q, l);
 
 		tunnelsend(b, l + (q - b), t); // send it
+
+		if (session[s].ppp.phase == Network && session[s].ppp.ipv6cp == Opened)
+			send_ipv6_ra(s, t, NULL); // send a RA
 	}
 	else if (*p == EchoReply)
 	{
@@ -1483,11 +1482,21 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
 static void ipv6cp_open(sessionidt s, tunnelidt t)
 {
+	int i;
 	LOG(3, s, t, "IPV6CP: Opened\n");
 
 	change_state(s, ipv6cp, Opened);
-	if (session[s].ipv6prefixlen)
-		route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 1);
+	for (i = 0; i < MAXROUTE6 && session[s].route6[i].ipv6prefixlen; i++)
+	{
+		route6set(s, session[s].route6[i].ipv6route, session[s].route6[i].ipv6prefixlen, 1);
+	}
+
+	if (session[s].ipv6address.s6_addr[0])
+	{
+		// Check if included in prefix
+		if (sessionbyipv6(session[s].ipv6address) != s)
+			route6set(s, session[s].ipv6address, 128, 1);
+	}
 
 	// Send an initial RA (TODO: Should we send these regularly?)
 	send_ipv6_ra(s, t, NULL);
@@ -1574,8 +1583,16 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 				gotip++; // seen address
 				if (o[1] != 10) return;
 
-				ident[0] = htonl(session[s].ip);
-				ident[1] = 0;
+				if (session[s].ipv6address.s6_addr[0])
+				{
+					// LSB 64bits of assigned IPv6 address to user (see radius attribut Framed-IPv6-Address)
+					memcpy(&ident[0], &session[s].ipv6address.s6_addr[8], 8);
+				}
+				else
+				{
+					ident[0] = htonl(session[s].ip);
+					ident[1] = 0;
+				}
 
 				if (memcmp(o + 2, ident, sizeof(ident)))
 				{
@@ -1741,7 +1758,7 @@ static void update_sessions_in_stat(sessionidt s, uint16_t l)
 // (i.e. this routine writes to p[-4]).
 void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 {
-	in_addr_t ip;
+	in_addr_t ip, ip_dst;
 
 	CSTAT(processipin);
 
@@ -1755,6 +1772,7 @@ void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 	}
 
 	ip = ntohl(*(uint32_t *)(p + 12));
+	ip_dst = *(uint32_t *)(p + 16);
 
 	if (l > MAXETHER)
 	{
@@ -1769,7 +1787,7 @@ void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 	if (!session[s].bundle || bundle[session[s].bundle].num_of_links < 2) // FIXME: 
 	{
 		// no spoof (do sessionbyip to handled statically routed subnets)
-		if (ip != session[s].ip && sessionbyip(htonl(ip)) != s)
+		if (!config->disable_no_spoof && ip != session[s].ip && sessionbyip(htonl(ip)) != s)
 		{
 			LOG(4, s, t, "Dropping packet with spoofed IP %s\n", fmtaddr(htonl(ip), 0));
 			return;
@@ -1795,12 +1813,15 @@ void processipin(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
 	if (session[s].tbf_in)
 	{
-		// Are we throttling this session?
-		if (config->cluster_iam_master)
-			tbf_queue_packet(session[s].tbf_in, p, l);
-		else
-			master_throttle_packet(session[s].tbf_in, p, l);
-		return;
+		if (!config->no_throttle_local_IP || !sessionbyip(ip_dst))
+		{
+			// Are we throttling this session?
+			if (config->cluster_iam_master)
+				tbf_queue_packet(session[s].tbf_in, p, l);
+			else
+				master_throttle_packet(session[s].tbf_in, p, l);
+			return;
+		}
 	}
 
 	// send to ethernet
@@ -2244,7 +2265,18 @@ void processipv6in(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 		return;
 
 	// no spoof
-	if (ipv4 != session[s].ip && memcmp(&config->ipv6_prefix, &ip, 8) && sessionbyipv6(ip) != s)
+	if (session[s].ipv6address.s6_addr[0])
+	{
+		if ((sessionbyipv6new(ip) != s) &&
+			(ip.s6_addr[0] != 0xFE || ip.s6_addr[1] != 0x80 || ip.s6_addr16[1] != 0 || ip.s6_addr16[2] != 0 || ip.s6_addr16[3] != 0))
+		{
+			char str[INET6_ADDRSTRLEN];
+			LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
+					inet_ntop(AF_INET6, &ip, str, INET6_ADDRSTRLEN));
+			return;
+		}
+	}
+	else if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s)
 	{
 		char str[INET6_ADDRSTRLEN];
 		LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
@@ -2262,6 +2294,16 @@ void processipv6in(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 		return;
 	}
 
+	// Check if DhcpV6, IP dst: FF02::1:2, Src Port 0x0222 (546), Dst Port 0x0223 (547)
+	if (*(p + 6) == 17 && *(p + 24) == 0xFF && *(p + 25) == 2 &&
+			*(uint32_t *)(p + 26) == 0 && *(uint32_t *)(p + 30) == 0 &&
+			*(uint16_t *)(p + 34) == 0 && *(p + 36) == 0 && *(p + 37) == 1 && *(p + 38) == 0 && *(p + 39) == 2 &&
+			*(p + 40) == 2 && *(p + 41) == 0x22 && *(p + 42) == 2 && *(p + 43) == 0x23)
+	{
+		dhcpv6_process(s, t, p, l);
+		return;
+	}
+
 	// Add on the tun header
 	p -= 4;
 	*(uint32_t *) p = htonl(PKTIPV6);
@@ -2513,9 +2555,9 @@ void sendchap(sessionidt s, tunnelidt t)
 	q[1] = radius[r].id;			// ID
 	q[4] = 16;				// value size (size of challenge)
 	memcpy(q + 5, radius[r].auth, 16);	// challenge
-	strcpy((char *) q + 21, hostname);	// our name
-	*(uint16_t *) (q + 2) = htons(strlen(hostname) + 21); // length
-	tunnelsend(b, strlen(hostname) + 21 + (q - b), t); // send it
+	strcpy((char *) q + 21, config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname);	// our name
+	*(uint16_t *) (q + 2) = htons(strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21); // length
+	tunnelsend(b, strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21 + (q - b), t); // send it
 }
 
 // fill in a L2TP message with a PPP frame,