From 59706a53940c8d2a17f36f30d4d54b6042dfe229 Mon Sep 17 00:00:00 2001 From: bodea Date: Tue, 13 Sep 2005 14:23:07 +0000 Subject: [PATCH 1/1] fix code-reject/protocol-reject --- Changes | 4 +- l2tpns.c | 45 ++++++++++++++---- l2tpns.h | 8 +++- l2tpns.spec | 2 +- ppp.c | 135 +++++++++++++++++++--------------------------------- 5 files changed, 94 insertions(+), 100 deletions(-) diff --git a/Changes b/Changes index b2f76d7..bcdfb4e 100644 --- a/Changes +++ b/Changes @@ -1,5 +1,7 @@ -* Mon Sep 12 2005 Brendan O'Dea 2.1.6 +* Wed Sep 14 2005 Brendan O'Dea 2.1.6 - Any traffic on a tunnel resets lastrec, not just control messages. +- Use a unique identifier for LCP. +- Fix Code-Reject/Protocol-Reject. * Sat Sep 3 2005 Brendan O'Dea 2.1.5 - Avoid Code-Reject loop. diff --git a/l2tpns.c b/l2tpns.c index 3a7d851..5a9f8cd 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.129 2005/09/12 05:16:42 bodea Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.130 2005/09/13 14:23:07 bodea Exp $"; #include #include @@ -2483,7 +2483,7 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; } processipcp(s, t, p, l); } - else if (prot == PPPIPV6CP) + else if (prot == PPPIPV6CP && config->ipv6_prefix.s6_addr[0]) { session[s].last_packet = time_now; if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; } @@ -2512,13 +2512,8 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) processipin(s, t, p, l); } - else if (prot == PPPIPV6) + else if (prot == PPPIPV6 && config->ipv6_prefix.s6_addr[0]) { - if (!config->ipv6_prefix.s6_addr[0]) - { - LOG(1, s, t, "IPv6 not configured; yet received IPv6 packet. Ignoring.\n"); - return; - } if (session[s].die) { LOG(4, s, t, "Session %d is closing. Don't process PPP packets\n", s); @@ -2534,10 +2529,40 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) processipv6in(s, t, p, l); } + else if (session[s].ppp.lcp == Opened) + { + uint8_t + uint8_t *q; + int mru = session[s].mru; + + if (!mru) mru = MAXMRU; + if (mru > size) mru = size; + + l += 6; + if (l > mru) l = mru; + + q = makeppp(buf, size, 0, 0, s, t, proto); + if (!q) return; + + *q = CodeRej; + *(q + 1) = ++sess_local[s].lcp_ident; + *(uint16_t *)(q + 2) = l; + *(uint16_t *)(q + 4) = htons(proto); + memcpy(q + 6, p, l - 6); + + if (prot == PPPIPV6CP) + LOG(3, s, t, "LCP: send ProtocolRej (IPV6CP: not configured)\n"); + else + LOG(2, s, t, "LCP: sent ProtocolRej (0x%04X: unsupported)\n", prot); + + if (config->debug > 3) dumplcp(q, l); + + tunnelsend(buf, l + (q - buf), t); + } else { - STAT(tunnel_rx_errors); - LOG(1, s, t, "Unknown PPP protocol %04X\n", prot); + LOG(2, s, t, "Unknown PPP protocol 0x%04X received in LCP %s state\n", + prot, ppp_state(session[s].ppp.lcp)); } } } diff --git a/l2tpns.h b/l2tpns.h index 1b0e7de..2f63803 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -1,5 +1,5 @@ // L2TPNS Global Stuff -// $Id: l2tpns.h,v 1.88 2005/09/12 05:16:42 bodea Exp $ +// $Id: l2tpns.h,v 1.89 2005/09/13 14:23:07 bodea Exp $ #ifndef __L2TPNS_H__ #define __L2TPNS_H__ @@ -31,7 +31,8 @@ #define T_FREE (0) // A tunnel ID that won't ever be used. Mark session as free. #define MAXCONTROL 1000 // max length control message we ever send... -#define MAXETHER (1500+18) // max packet we try sending to tun +#define MAXMRU 1500 // max MRU as defined by RFC1661 +#define MAXETHER (MAXMRU+18) // max packet we try sending to tun #define MAXTEL 96 // telephone number #define MAXUSER 128 // username #define MAXPASS 128 // password @@ -286,6 +287,9 @@ typedef struct int nak_sent; } lcp, ipcp, ipv6cp, ccp; + // identifier for Protocol-Reject, Code-Reject + uint8_t lcp_ident; + // authentication to use int lcp_authtype; diff --git a/l2tpns.spec b/l2tpns.spec index 59eab4d..f6d74e2 100644 --- a/l2tpns.spec +++ b/l2tpns.spec @@ -43,5 +43,5 @@ rm -rf %{buildroot} %attr(644,root,root) /usr/share/man/man[58]/* %changelog -* Mon Sep 12 2005 Brendan O'Dea 2.1.6-1 +* Wed Sep 14 2005 Brendan O'Dea 2.1.6-1 - 2.1.6 release, see /usr/share/doc/l2tpns-2.1.6/Changes diff --git a/ppp.c b/ppp.c index a03c101..62e16e8 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.79 2005/08/31 12:41:09 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.80 2005/09/13 14:23:07 bodea Exp $"; #include #include @@ -300,7 +300,7 @@ static void dumplcp(uint8_t *p, int l) else if (length == 5) { int proto = ntohs(*(uint16_t *)(o + 2)); - int algo = *(uint8_t *)(o + 4); + int algo = *(o + 4); LOG(4, 0, 0, " %s 0x%x 0x%x (%s)\n", ppp_lcp_option(type), proto, algo, (proto == PPPCHAP && algo == 5) ? "CHAP MD5" : "UNSUPPORTED"); } @@ -374,7 +374,7 @@ static void lcp_restart(sessionidt s) change_state(s, ccp, Dead); } -static uint8_t *ppp_rej(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, +static uint8_t *ppp_conf_rej(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, uint8_t **response, uint8_t *queued, uint8_t *packet, uint8_t *option) { if (!*response || **response != ConfigRej) @@ -397,7 +397,7 @@ static uint8_t *ppp_rej(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, return queued + option[1]; } -static uint8_t *ppp_nak(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, +static uint8_t *ppp_conf_nak(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, uint8_t **response, uint8_t *queued, uint8_t *packet, uint8_t *option, uint8_t *value, size_t vlen) { @@ -415,13 +415,13 @@ static uint8_t *ppp_nak(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, if (*nak_sent < config->ppp_max_failure) // reject queued return queued; - return ppp_rej(s, buf, blen, mtype, response, 0, packet, option); + return ppp_conf_rej(s, buf, blen, mtype, response, 0, packet, option); } if (!*response) { if (*nak_sent >= config->ppp_max_failure) - return ppp_rej(s, buf, blen, mtype, response, 0, packet, option); + return ppp_conf_rej(s, buf, blen, mtype, response, 0, packet, option); queued = *response = makeppp(buf, blen, packet, 2, s, session[s].tunnel, mtype); if (!queued) @@ -444,6 +444,33 @@ static uint8_t *ppp_nak(sessionidt s, uint8_t *buf, size_t blen, uint16_t mtype, return queued + vlen; } +static void ppp_code_rej(sessionidt s, tunnelidt t, uint16_t proto, + char *pname, uint8_t *p, uint16_t l, uint8_t *buf, size_t size) +{ + uint8_t *q; + int mru = session[s].mru; + + if (!mru) mru = MAXMRU; + if (mru > size) mru = size; + + l += 4; + if (l > mru) l = mru; + + q = makeppp(buf, size, 0, 0, s, t, proto); + if (!q) return; + + *q = CodeRej; + *(q + 1) = ++sess_local[s].lcp_ident; + *(uint16_t *)(q + 2) = l; + memcpy(q + 4, p, l - 4); + + LOG(2, s, t, "Unexpected %s code %s\n", pname, ppp_code(*p)); + LOG(3, s, t, "%s: send %s\n", pname, ppp_code(*q)); + if (config->debug > 3) dumplcp(q, l); + + tunnelsend(buf, l + (q - buf), t); +} + // Process LCP messages void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) { @@ -558,7 +585,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) break; LOG(3, s, t, " Remote requesting asyncmap. Rejecting.\n"); - q = ppp_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, asyncmap, sizeof(asyncmap)); + q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, asyncmap, sizeof(asyncmap)); break; case 3: // Authentication-Protocol @@ -596,14 +623,14 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) alen = add_lcp_auth(authproto, sizeof(authproto), config->radius_authprefer); if (alen < 2) break; // paranoia - q = ppp_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2); + q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2); if (q && *response == ConfigNak && config->radius_authtypes != config->radius_authprefer) { // alternate type alen = add_lcp_auth(authproto, sizeof(authproto), config->radius_authtypes & ~config->radius_authprefer); if (alen < 2) break; - q = ppp_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2); + q = ppp_conf_nak(s, b, sizeof(b), PPPLCP, &response, q, p, o, authproto + 2, alen - 2); } break; @@ -621,7 +648,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) default: // Reject any unknown options LOG(3, s, t, " Rejecting unknown PPP LCP option %d\n", type); - q = ppp_rej(s, b, sizeof(b), PPPLCP, &response, q, p, o); + q = ppp_conf_rej(s, b, sizeof(b), PPPLCP, &response, q, p, o); } x -= length; o += length; @@ -868,22 +895,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) } else if (*p != CodeRej) { - int code = *p; - int mru = session[s].mru; - if (!mru) - mru = DEFAULT_MRU; - - if (l > mru) l = mru; - - *p = CodeRej; - q = makeppp(b, sizeof(b), p, l, s, t, PPPLCP); - if (!q) return; - - LOG(2, s, t, "Unexpected LCP code %s\n", ppp_code(code)); - LOG(3, s, t, "LCP: send %s\n", ppp_code(*q)); - if (config->debug > 3) dumplcp(q, l); - - tunnelsend(b, l + (q - b), t); + ppp_code_rej(s, t, PPPLCP, "LCP", p, l, b, sizeof(b)); } } @@ -985,7 +997,7 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) if (memcmp(o + 2, &addr, (sizeof addr))) { uint8_t *oq = q; - q = ppp_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); + q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); if (!q || (q != oq && *response == ConfigRej)) { sessionshutdown(s, "Can't negotiate IPCP.", 3, 0); @@ -1001,7 +1013,7 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) addr = htonl(session[s].dns1); if (memcmp(o + 2, &addr, (sizeof addr))) { - q = ppp_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); + q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); if (!q) return; } @@ -1013,7 +1025,7 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) addr = htonl(session[s].dns1); if (memcmp(o + 2, &addr, sizeof(addr))) { - q = ppp_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); + q = ppp_conf_nak(s, b, sizeof(b), PPPIPCP, &response, q, p, o, (uint8_t *) &addr, sizeof(addr)); if (!q) return; } @@ -1021,7 +1033,7 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) default: LOG(2, s, t, " Rejecting PPP IPCP Option type %d\n", *o); - q = ppp_rej(s, b, sizeof(b), PPPIPCP, &response, q, p, o); + q = ppp_conf_rej(s, b, sizeof(b), PPPIPCP, &response, q, p, o); if (!q) return; } @@ -1111,20 +1123,7 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) } else if (*p != CodeRej) { - int code = *p; - int mru = session[s].mru; - if (!mru) - mru = DEFAULT_MRU; - - if (l > mru) l = mru; - - *p = CodeRej; - q = makeppp(b, sizeof(b), p, l, s, t, PPPIPCP); - if (!q) return; - - LOG(2, s, t, "Unexpected IPCP code %s\n", ppp_code(code)); - LOG(3, s, t, "IPCP: send %s\n", ppp_code(*q)); - tunnelsend(b, l + (q - b), t); + ppp_code_rej(s, t, PPPIPCP, "IPCP", p, l, b, sizeof(b)); } } @@ -1173,16 +1172,6 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) LOG(3, s, t, "IPV6CP: recv %s\n", ppp_code(*p)); - if (!config->ipv6_prefix.s6_addr[0]) - { - LOG(2, s, t, "IPV6CP: %s rejected (not configured)\n", ppp_code(*p)); - *p = ProtocolRej; - q = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP); - if (!q) return; - tunnelsend(b, l + (q - b), t); - return; - } - if (!session[s].ip) { LOG(3, s, t, "IPV6CP: no IPv4 address (IPCP in state %s)\n", ppp_state(session[s].ppp.ipcp)); @@ -1234,7 +1223,7 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) if (memcmp(o + 2, ident, sizeof(ident))) { - q = ppp_nak(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o, ident, sizeof(ident)); + q = ppp_conf_nak(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o, ident, sizeof(ident)); if (!q) return; } @@ -1242,7 +1231,7 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) default: LOG(2, s, t, " Rejecting PPP IPV6CP Option type %d\n", *o); - q = ppp_rej(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o); + q = ppp_conf_rej(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o); if (!q) return; } @@ -1332,20 +1321,7 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) } else if (*p != CodeRej) { - int code = *p; - int mru = session[s].mru; - if (!mru) - mru = DEFAULT_MRU; - - if (l > mru) l = mru; - - *p = CodeRej; - q = makeppp(b, sizeof(b), p, l, s, t, PPPIPV6CP); - if (!q) return; - - LOG(2, s, t, "Unexpected IPV6CP code %s\n", ppp_code(code)); - LOG(3, s, t, "IPV6CP: send %s\n", ppp_code(*q)); - tunnelsend(b, l + (q - b), t); + ppp_code_rej(s, t, PPPIPV6CP, "IPV6CP", p, l, b, sizeof(b)); } } @@ -1693,20 +1669,7 @@ void processccp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) } else if (*p != CodeRej) { - int code = *p; - int mru = session[s].mru; - if (!mru) - mru = DEFAULT_MRU; - - if (l > mru) l = mru; - - *p = CodeRej; - q = makeppp(b, sizeof(b), p, l, s, t, PPPCCP); - if (!q) return; - - LOG(2, s, t, "Unexpected CCP code %s\n", ppp_code(code)); - LOG(3, s, t, "CCP: send %s\n", ppp_code(*q)); - tunnelsend(b, l + (q - b), t); + ppp_code_rej(s, t, PPPCCP, "CCP", p, l, b, sizeof(b)); } } @@ -1840,7 +1803,7 @@ void sendlcp(sessionidt s, tunnelidt t) l = q; *l++ = ConfigReq; - *l++ = (time_now % 255) + 1; // ID + *l++ = ++sess_local[s].lcp_ident; // ID l += 2; //Save space for length @@ -1876,7 +1839,7 @@ void sendccp(sessionidt s, tunnelidt t) LOG(3, s, t, "CCP: send ConfigReq (no compression)\n"); *q = ConfigReq; - *(uint8_t *)(q + 1) = (time_now % 255) + 1; // ID + *(q + 1) = ++sess_local[s].lcp_ident; // ID *(uint16_t *)(q + 2) = htons(4); // Length LOG_HEX(5, "PPPCCP", q, 4); -- 2.20.1