From 98b15d3dd0353c15f477bd472bc7bfd4aa57a83c Mon Sep 17 00:00:00 2001 From: bodea Date: Sat, 7 May 2005 11:57:53 +0000 Subject: [PATCH 1/1] configure MRU in initlcp --- l2tpns.c | 21 +++++++++++++-------- l2tpns.h | 3 ++- ppp.c | 51 ++++++++++++++++++++++++++++++--------------------- 3 files changed, 45 insertions(+), 30 deletions(-) diff --git a/l2tpns.c b/l2tpns.c index ae7d2e4..38ac5b6 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.97 2005/05/07 08:53:23 bodea Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.98 2005/05/07 11:57:53 bodea Exp $"; #include #include @@ -1801,12 +1801,11 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) uint16_t message = 0xFFFF; // message type uint8_t fatal = 0; uint8_t mandatory = 0; - uint8_t chap = 0; // if CHAP being used + uint8_t authtype = 0; // proxy auth type uint16_t asession = 0; // assigned session uint32_t amagic = 0; // magic number uint8_t aflags = 0; // flags from last LCF uint16_t version = 0x0100; // protocol version (we handle 0.0 as well and send that back just in case) - int requestchap = 0; // do we request PAP instead of original CHAP request? char called[MAXTEL] = ""; // called number char calling[MAXTEL] = ""; // calling number @@ -2187,7 +2186,11 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) { uint16_t atype = ntohs(*(uint16_t *)b); LOG(4, s, t, " Proxy Auth Type %d (%s)\n", atype, auth_type(atype)); - requestchap = (atype == 2); + if (atype = 2) + authtype = AUTHCHAP; + else if (atype == 3) + authtype = AUTHPAP; + break; } case 30: // Proxy Authentication Name @@ -2224,8 +2227,10 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) { if (*p == 5 && p[1] == 6) // Magic-Number amagic = ntohl(*(uint32_t *) (p + 2)); - else if (*p == 3 && p[1] == 5 && *(uint16_t *) (p + 2) == htons(PPPCHAP) && p[4] == 5) // Authentication-Protocol - chap = 1; + else if (*p == 3 && p[1] == 4 && *(uint16_t *) (p + 2) == htons(PPPPAP)) // Authentication-Protocol (PAP) + authtype = AUTHPAP; + else if (*p == 3 && p[1] == 5 && *(uint16_t *) (p + 2) == htons(PPPCHAP) && p[4] == 5) // Authentication-Protocol (CHAP) + authtype = AUTHCHAP; else if (*p == 7) // Protocol-Field-Compression aflags |= SESSIONPFC; else if (*p == 8) // Address-and-Control-Field-Compression @@ -2350,8 +2355,8 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) session[s].l2tp_flags = aflags; // set flags received LOG(3, s, t, "Magic %X Flags %X\n", amagic, aflags); controlnull(t); // ack - // In CHAP state, request PAP instead - if (requestchap) + // proxy authentication type is not supported + if (authtype && !(config->radius_authtypes & authtype)) initlcp(t, s); break; case 14: // CDN diff --git a/l2tpns.h b/l2tpns.h index c42b6b7..bb22e41 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -1,5 +1,5 @@ // L2TPNS Global Stuff -// $Id: l2tpns.h,v 1.65 2005/05/05 10:02:08 bodea Exp $ +// $Id: l2tpns.h,v 1.66 2005/05/07 11:57:53 bodea Exp $ #ifndef __L2TPNS_H__ #define __L2TPNS_H__ @@ -43,6 +43,7 @@ #define ECHO_TIMEOUT 60 // Time between last packet sent and LCP ECHO generation #define IDLE_TIMEOUT 240 // Time between last packet sent and LCP ECHO generation #define BUSY_WAIT_TIME 3000 // 5 minutes in 1/10th seconds to wait for radius to cleanup on shutdown +#define DEFAULT_MRU 1458 // maximum packet size to avoid fragmentation when LNS ethernet MTU is 1500 // Constants #ifndef ETCDIR diff --git a/ppp.c b/ppp.c index 90a5b81..715ed2c 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.50 2005/05/07 08:53:23 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.51 2005/05/07 11:57:53 bodea Exp $"; #include #include @@ -1195,39 +1195,48 @@ uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, tunnelidt t, sessionid return b; } -// Send initial LCP ConfigReq for PAP, set magic no. +// Send initial LCP ConfigReq for preferred authentication type, set magic no and MRU void initlcp(tunnelidt t, sessionidt s) { - char b[500], *q; - int size; + char b[500], *q, *l; if (!(q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP))) return; - LOG(4, s, t, "Sending LCP ConfigReq for PAP\n"); - *q = ConfigReq; - *(uint8_t *)(q + 1) = (time_now % 255) + 1; // ID - *(uint16_t *)(q + 2) = htons(14); // Length - *(uint8_t *)(q + 4) = 5; - *(uint8_t *)(q + 5) = 6; - *(uint32_t *)(q + 6) = htonl(session[s].magic); - *(uint8_t *)(q + 10) = 3; + LOG(4, s, t, "Sending LCP ConfigReq for %s\n", + config->radius_authprefer == AUTHCHAP ? "CHAP" : "PAP"); + + if (!session[s].mru) + session[s].mru = DEFAULT_MRU; + + l = q; + *l++ = ConfigReq; + *l++ = (time_now % 255) + 1; // ID + + *l++ = 1; *l++ = 4; // Maximum-Receive-Unit (length 4) + *(uint16_t *) l = htons(session[s].mru); l += 2; + + *l++ = 3; // Authentication-Protocol if (config->radius_authprefer == AUTHCHAP) { - *(uint8_t *)(q + 11) = 5; - *(uint16_t *)(q + 12) = htons(PPPCHAP); - *(uint8_t *)(q + 14) = 5; // MD5 - size = 15; + *l++ = 5; // length + *(uint16_t *) l = htons(PPPCHAP); l += 2; + *l++ = 5; // MD5 } else { - *(uint8_t *)(q + 11) = 4; - *(uint16_t *)(q + 12) = htons(PPPPAP); - size = 14; + *l++ = 4; // length + *(uint16_t *) l = htons(PPPPAP); l += 2; } - LOG_HEX(5, "PPPLCP", q, size); - tunnelsend(b, (q - b) + size, t); + *l++ = 5; *l++ = 6; // Magic-Number (length 6) + *(uint32_t *) l = htonl(session[s].magic); + l += 4; + + *(uint16_t *)(q + 2) = htons(l - q); // Length + + LOG_HEX(5, "PPPLCP", q, l - q); + tunnelsend(b, (l - b), t); } // Send CCP request for no compression -- 2.20.1