search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
sync
[bitrig.git] / usr.sbin / npppd / npppd / ppp.c
blob18c86b53601e639ddcdeeb925b7f09d98959825e
1 /* $OpenBSD: ppp.c,v 1.18 2013/02/13 22:10:38 yasuoka Exp $ */
2
3 /*-
4 * Copyright (c) 2009 Internet Initiative Japan Inc.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28 /* $Id: ppp.c,v 1.18 2013/02/13 22:10:38 yasuoka Exp $ */
29 /**@file
30 * This file provides PPP(Point-to-Point Protocol, RFC 1661) and
31 * {@link :: _npppd_ppp PPP instance} related functions.
32 */
33 #include <sys/types.h>
34 #include <sys/socket.h>
35 #include <sys/param.h>
36 #include <netinet/in.h>
37 #include <net/if_dl.h>
38 #include <arpa/inet.h>
39 #include <stdlib.h>
40 #include <netdb.h>
41 #include <stdio.h>
42 #include <stdarg.h>
43 #include <strings.h>
44 #include <unistd.h>
45 #include <errno.h>
46 #include <syslog.h>
47 #include <sys/time.h>
48 #include <time.h>
49 #include <event.h>
50
51 #include "slist.h"
52
53 #include "npppd.h"
54 #include "time_utils.h"
55 #include "ppp.h"
56 #include "psm-opt.h"
57 #ifdef USE_NPPPD_RADIUS
58 #include <radius+.h>
59 #include "npppd_radius.h"
60 #endif
61
62 #include "debugutil.h"
63
64 #ifdef PPP_DEBUG
65 #define PPP_DBG(x) ppp_log x
66 #define PPP_ASSERT(cond) \
67 if (!(cond)) { \
68 fprintf(stderr, \
69 "\nASSERT(" #cond ") failed on %s() at %s:%d.\n"\
70 , __func__, __FILE__, __LINE__); \
71 abort(); \
72 }
73 #else
74 #define PPP_ASSERT(cond)
75 #define PPP_DBG(x)
76 #endif
77
78 #include "debugutil.h"
79
80 static u_int ppp_seq = 0;
81
82 static void ppp_stop0 (npppd_ppp *);
83 static int ppp_recv_packet (npppd_ppp *, unsigned char *, int, int);
84 static const char *ppp_peer_auth_string (npppd_ppp *);
85 static void ppp_idle_timeout (int, short, void *);
86 #ifdef USE_NPPPD_PIPEX
87 static void ppp_on_network_pipex(npppd_ppp *);
88 #endif
89 static uint32_t ppp_proto_bit(int);
90
91 #define AUTH_IS_PAP(ppp) ((ppp)->peer_auth == PPP_AUTH_PAP)
92 #define AUTH_IS_CHAP(ppp) ((ppp)->peer_auth == PPP_AUTH_CHAP_MD5 ||\
93 (ppp)->peer_auth == PPP_AUTH_CHAP_MS || \
94 (ppp)->peer_auth == PPP_AUTH_CHAP_MS_V2)
95 #define AUTH_IS_EAP(ppp) ((ppp)->peer_auth == PPP_AUTH_EAP)
96
97 /*
98 * About termination procedures:
99 * ppp_lcp_finished LCP is terminated
100 * Terminate-Request by the peer.
101 * Terminate-Request by ourself. (From ppp_stop())
102 * ppp_phy_downed Down the datalink/physical.
103 *
104 * On both cases, ppp_stop0 and ppp_down_others are called.
105 */
106 /** Create a npppd_ppp instance */
107 npppd_ppp *
108 ppp_create()
109 {
110 npppd_ppp *_this;
111
112 if ((_this = malloc(sizeof(npppd_ppp))) == NULL) {
113 log_printf(LOG_ERR, "malloc() failed in %s(): %m", __func__ );
114 return NULL;
115 }
116 memset(_this, 0, sizeof(npppd_ppp));
117
118 _this->snp.snp_family = AF_INET;
119 _this->snp.snp_len = sizeof(_this->snp);
120 _this->snp.snp_type = SNP_PPP;
121 _this->snp.snp_data_ptr = _this;
122
123 return _this;
124 }
125
126 /**
127 * Initialize the npppd_ppp instance
128 * Set npppd_ppp#mru and npppd_ppp#phy_label before call this function.
129 */
130 int
131 ppp_init(npppd *pppd, npppd_ppp *_this)
132 {
133 struct tunnconf *conf;
134
135 PPP_ASSERT(_this != NULL);
136 PPP_ASSERT(strlen(_this->phy_label) > 0);
137
138 _this->id = -1;
139 _this->ifidx = -1;
140 _this->has_acf = 1;
141 _this->recv_packet = ppp_recv_packet;
142 _this->id = ppp_seq++;
143 _this->pppd = pppd;
144
145 lcp_init(&_this->lcp, _this);
146
147 conf = ppp_get_tunnconf(_this);
148 _this->mru = conf->mru;
149
150 if (_this->outpacket_buf == NULL) {
151 _this->outpacket_buf = malloc(_this->mru + 64);
152 if (_this->outpacket_buf == NULL){
153 log_printf(LOG_ERR, "malloc() failed in %s(): %m",
154 __func__);
155 return -1;
156 }
157 }
158 _this->adjust_mss = (conf->tcp_mss_adjust)? 1 : 0;
159
160 #ifdef USE_NPPPD_PIPEX
161 _this->use_pipex = (conf->pipex)? 1 : 0;
162 #endif
163 /* load the logging configuration */
164 _this->ingress_filter = (conf->ingress_filter)? 1 : 0;
165
166 #ifdef USE_NPPPD_MPPE
167 mppe_init(&_this->mppe, _this);
168 #endif
169 ccp_init(&_this->ccp, _this);
170 ipcp_init(&_this->ipcp, _this);
171 pap_init(&_this->pap, _this);
172 chap_init(&_this->chap, _this);
173
174 /* load the idle timer configuration */
175 _this->timeout_sec = conf->idle_timeout;
176
177 if (!evtimer_initialized(&_this->idle_event))
178 evtimer_set(&_this->idle_event, ppp_idle_timeout, _this);
179
180 if (conf->lcp_keepalive) {
181 _this->lcp.echo_interval = conf->lcp_keepalive_interval;
182 _this->lcp.echo_retry_interval =
183 conf->lcp_keepalive_retry_interval;
184 _this->lcp.echo_max_retries = conf->lcp_keepalive_max_retries;
185 } else {
186 _this->lcp.echo_interval = 0;
187 _this->lcp.echo_retry_interval = 0;
188 _this->lcp.echo_max_retries = 0;
189 }
190 _this->log_dump_in = (conf->debug_dump_pktin == 0)? 0 : 1;
191 _this->log_dump_out = (conf->debug_dump_pktout == 0)? 0 : 1;
192
193 return 0;
194 }
195
196 static void
197 ppp_set_tunnel_label(npppd_ppp *_this, char *buf, int lbuf)
198 {
199 int flag, af;
200 char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
201
202 hbuf[0] = 0;
203 sbuf[0] = 0;
204 af = ((struct sockaddr *)&_this->phy_info)->sa_family;
205 if (af < AF_MAX) {
206 flag = NI_NUMERICHOST;
207 if (af == AF_INET || af == AF_INET6)
208 flag |= NI_NUMERICSERV;
209 if (getnameinfo((struct sockaddr *)&_this->phy_info,
210 ((struct sockaddr *)&_this->phy_info)->sa_len, hbuf,
211 sizeof(hbuf), sbuf, sizeof(sbuf), flag) != 0) {
212 ppp_log(_this, LOG_ERR, "getnameinfo() failed at %s",
213 __func__);
214 strlcpy(hbuf, "0.0.0.0", sizeof(hbuf));
215 strlcpy(sbuf, "0", sizeof(sbuf));
216 }
217 if (af == AF_INET || af == AF_INET6)
218 snprintf(buf, lbuf, "%s:%s", hbuf, sbuf);
219 else
220 snprintf(buf, lbuf, "%s", hbuf);
221 } else if (af == NPPPD_AF_PHONE_NUMBER) {
222 strlcpy(buf,
223 ((npppd_phone_number *)&_this->phy_info)->pn_number, lbuf);
224 }
225 }
226 /**
227 * Start the npppd_ppp.
228 * Set npppd_ppp#phy_context, npppd_ppp#send_packet, npppd_ppp#phy_close and
229 * npppd_ppp#phy_info before call this function.
230 */
231 void
232 ppp_start(npppd_ppp *_this)
233 {
234 char label[512];
235
236 PPP_ASSERT(_this != NULL);
237 PPP_ASSERT(_this->recv_packet != NULL);
238 PPP_ASSERT(_this->send_packet != NULL);
239 PPP_ASSERT(_this->phy_close != NULL);
240
241 _this->start_time = time(NULL);
242 _this->start_monotime = get_monosec();
243 /* log the lower layer information */
244 ppp_set_tunnel_label(_this, label, sizeof(label));
245 ppp_log(_this, LOG_INFO, "logtype=Started tunnel=%s(%s)",
246 _this->phy_label, label);
247
248 lcp_lowerup(&_this->lcp);
249 }
250
251 /** Prepare "dialin proxy". Return 0 if "dialin proxy" is not available. */
252 int
253 ppp_dialin_proxy_prepare(npppd_ppp *_this, dialin_proxy_info *dpi)
254 {
255 int renego_force, renego;
256 struct tunnconf *conf;
257
258 conf = ppp_get_tunnconf(_this);
259
260 renego = conf->proto.l2tp.lcp_renegotiation;
261 renego_force = conf->proto.l2tp.force_lcp_renegotiation;
262
263 if (renego_force)
264 renego = 1;
265
266 if (lcp_dialin_proxy(&_this->lcp, dpi, renego, renego_force) != 0) {
267 ppp_log(_this, LOG_ERR,
268 "Failed to dialin-proxy, proxied lcp is broken.");
269 return 1;
270 }
271
272 return 0;
273 }
274
275 static void
276 ppp_down_others(npppd_ppp *_this)
277 {
278 fsm_lowerdown(&_this->ccp.fsm);
279 fsm_lowerdown(&_this->ipcp.fsm);
280
281 npppd_release_ip(_this->pppd, _this);
282 if (AUTH_IS_PAP(_this))
283 pap_stop(&_this->pap);
284 if (AUTH_IS_CHAP(_this))
285 chap_stop(&_this->chap);
286 #ifdef USE_NPPPD_EAP_RADIUS
287 if (AUTH_IS_EAP(_this))
288 eap_stop(&_this->eap);
289 #endif
290 evtimer_del(&_this->idle_event);
291 }
292
293 /**
294 * Stop the PPP and destroy the npppd_ppp instance
295 * @param reason Reason of stopping the PPP. Specify NULL if there is
296 * no special reason. This reason will be used as a
297 * reason field of LCP Terminate-Request message and
298 * notified to the peer.
299 */
300 void
301 ppp_stop(npppd_ppp *_this, const char *reason)
302 {
303
304 PPP_ASSERT(_this != NULL);
305
306 #ifdef USE_NPPPD_RADIUS
307 ppp_set_radius_terminate_cause(_this,
308 RADIUS_TERMNATE_CAUSE_ADMIN_RESET);
309 #endif
310 ppp_set_disconnect_cause(_this, PPP_DISCON_NORMAL, 0, 2 /* by local */,
311 NULL);
312
313 ppp_down_others(_this);
314 fsm_close(&_this->lcp.fsm, reason);
315 }
316
317 /**
318 * Set disconnect cause
319 * @param code disconnect code in {@link ::npppd_ppp_disconnect_code}.
320 * @param proto control protocol number. see RFC3145.
321 * @param direction disconnect direction. see RFC 3145
322 */
323 void
324 ppp_set_disconnect_cause(npppd_ppp *_this, npppd_ppp_disconnect_code code,
325 int proto, int direction, const char *message)
326 {
327 if (_this->disconnect_code == PPP_DISCON_NO_INFORMATION) {
328 _this->disconnect_code = code;
329 _this->disconnect_proto = proto;
330 _this->disconnect_direction = direction;
331 _this->disconnect_message = message;
332 }
333 }
334
335 /** Set RADIUS Acct-Terminate-Cause code */
336 void
337 ppp_set_radius_terminate_cause(npppd_ppp *_this, int cause)
338 {
339 if (_this->terminate_cause == 0)
340 _this->terminate_cause = cause;
341 }
342
343 static void
344 ppp_stop0(npppd_ppp *_this)
345 {
346 char mppe_str[BUFSIZ];
347 char label[512];
348
349 #ifdef USE_NPPPD_RADIUS
350 ppp_set_radius_terminate_cause(_this, RADIUS_TERMNATE_CAUSE_NAS_ERROR);
351 #endif
352 ppp_set_disconnect_cause(_this, PPP_DISCON_NORMAL, 0, 1 /* by local */,
353 NULL);
354
355 _this->end_monotime = get_monosec();
356
357 if (_this->phy_close != NULL)
358 _this->phy_close(_this);
359 _this->phy_close = NULL;
360
361 /*
362 * NAT/Blackhole detection for PPTP(GRE)
363 */
364 if (_this->lcp.dialin_proxy != 0 &&
365 _this->lcp.dialin_proxy_lcp_renegotiation == 0) {
366 /* No LCP packets on dialin proxy without LCP renegotiation */
367 } else if (_this->lcp.recv_ress == 0) { /* No responses */
368 if (_this->lcp.recv_reqs == 0) /* No requests */
369 ppp_log(_this, LOG_WARNING, "no PPP frames from the "
370 "peer. router/NAT issue? (may have filtered out)");
371 else
372 ppp_log(_this, LOG_WARNING, "my PPP frames may not "
373 "have arrived at the peer. router/NAT issue? (may "
374 "be the only-first-person problem)");
375 }
376 #ifdef USE_NPPPD_PIPEX
377 if (npppd_ppp_pipex_disable(_this->pppd, _this) != 0)
378 ppp_log(_this, LOG_ERR,
379 "npppd_ppp_pipex_disable() failed: %m");
380 #endif
381
382 ppp_set_tunnel_label(_this, label, sizeof(label));
383 #ifdef USE_NPPPD_MPPE
384 if (_this->mppe_started) {
385 snprintf(mppe_str, sizeof(mppe_str),
386 "mppe=yes mppe_in=%dbits,%s mppe_out=%dbits,%s",
387 _this->mppe.recv.keybits,
388 (_this->mppe.recv.stateless)? "stateless" : "stateful",
389 _this->mppe.send.keybits,
390 (_this->mppe.send.stateless)? "stateless" : "stateful");
391 } else
392 #endif
393 snprintf(mppe_str, sizeof(mppe_str), "mppe=no");
394 ppp_log(_this, LOG_NOTICE,
395 "logtype=TUNNELUSAGE user=\"%s\" duration=%ldsec layer2=%s "
396 "layer2from=%s auth=%s data_in=%llubytes,%upackets "
397 "data_out=%llubytes,%upackets error_in=%u error_out=%u %s "
398 "iface=%s",
399 _this->username[0]? _this->username : "<unknown>",
400 (long)(_this->end_monotime - _this->start_monotime),
401 _this->phy_label, label,
402 _this->username[0]? ppp_peer_auth_string(_this) : "none",
403 (unsigned long long)_this->ibytes, _this->ipackets,
404 (unsigned long long)_this->obytes, _this->opackets,
405 _this->ierrors, _this->oerrors, mppe_str,
406 npppd_ppp_get_iface_name(_this->pppd, _this));
407
408 #ifdef USE_NPPPD_RADIUS
409 npppd_ppp_radius_acct_stop(_this->pppd, _this);
410 #endif
411 npppd_ppp_unbind_iface(_this->pppd, _this);
412 #ifdef USE_NPPPD_MPPE
413 mppe_fini(&_this->mppe);
414 #endif
415 evtimer_del(&_this->idle_event);
416
417 npppd_release_ip(_this->pppd, _this);
418 ppp_destroy(_this);
419 }
420
421 /**
422 * Destroy the npppd_ppp instance. Don't use this function after calling
423 * the ppp_start, please use ppp_stop() instead.
424 */
425 void
426 ppp_destroy(void *ctx)
427 {
428 npppd_ppp *_this = ctx;
429
430 if (_this->proxy_authen_resp != NULL)
431 free(_this->proxy_authen_resp);
432
433 /*
434 * Down/stop the protocols again to make sure they are stopped
435 * even if ppp_stop is done. They might be change their state
436 * by receiving packets from the peer.
437 */
438 fsm_lowerdown(&_this->ccp.fsm);
439 fsm_lowerdown(&_this->ipcp.fsm);
440 pap_stop(&_this->pap);
441 chap_stop(&_this->chap);
442
443 if (_this->outpacket_buf != NULL)
444 free(_this->outpacket_buf);
445
446 free(_this);
447 }
448
449 /************************************************************************
450 * Protocol events
451 ************************************************************************/
452 static const char *
453 ppp_peer_auth_string(npppd_ppp *_this)
454 {
455 switch(_this->peer_auth) {
456 case PPP_AUTH_PAP: return "PAP";
457 case PPP_AUTH_CHAP_MD5: return "MD5-CHAP";
458 case PPP_AUTH_CHAP_MS: return "MS-CHAP";
459 case PPP_AUTH_CHAP_MS_V2: return "MS-CHAP-V2";
460 case PPP_AUTH_EAP: return "EAP";
461 default: return "ERROR";
462 }
463 }
464
465 /** called when the lcp is up */
466 void
467 ppp_lcp_up(npppd_ppp *_this)
468 {
469 #ifdef USE_NPPPD_MPPE
470 if (MPPE_IS_REQUIRED(_this) && !MPPE_MUST_NEGO(_this)) {
471 ppp_log(_this, LOG_ERR, "MPPE is required, auth protocol must "
472 "be MS-CHAP-V2 or EAP");
473 ppp_stop(_this, "Encryption required");
474 return;
475 }
476 #endif
477 /*
478 * Use our MRU value even if the peer insists on larger value.
479 * We set the peer_mtu here, the value will be used as the MTU of the
480 * routing entry. So we will not receive packets larger than the MTU.
481 */
482 if (_this->peer_mru > _this->mru)
483 _this->peer_mru = _this->mru;
484
485 if (_this->peer_auth != 0 && _this->auth_runonce == 0) {
486 if (AUTH_IS_PAP(_this)) {
487 pap_start(&_this->pap);
488 _this->auth_runonce = 1;
489 return;
490 }
491 if (AUTH_IS_CHAP(_this)) {
492 chap_start(&_this->chap);
493 _this->auth_runonce = 1;
494 return;
495 }
496 #ifdef USE_NPPPD_EAP_RADIUS
497 if (AUTH_IS_EAP(_this)) {
498 eap_init(&_this->eap, _this);
499 eap_start(&_this->eap);
500 return;
501 }
502 #endif
503 }
504 if (_this->peer_auth == 0)
505 ppp_auth_ok(_this);
506 }
507
508 /**
509 * This function will be called the LCP is terminated.
510 * (On entering STOPPED or CLOSED state)
511 */
512 void
513 ppp_lcp_finished(npppd_ppp *_this)
514 {
515 PPP_ASSERT(_this != NULL);
516
517 ppp_down_others(_this);
518
519 fsm_lowerdown(&_this->lcp.fsm);
520 ppp_stop0(_this);
521 }
522
523 /**
524 * This function will be called by the physical layer when it is down.
525 * <p>
526 * Use this function only on such conditions that the physical layer cannot
527 * input or output PPP frames. Use {@link ::ppp_stop()} instead if we can
528 * disconnect PPP gently.</p>
529 */
530 void
531 ppp_phy_downed(npppd_ppp *_this)
532 {
533 PPP_ASSERT(_this != NULL);
534
535 ppp_down_others(_this);
536 fsm_lowerdown(&_this->lcp.fsm);
537 fsm_close(&_this->lcp.fsm, NULL);
538
539 #ifdef USE_NPPPD_RADIUS
540 ppp_set_radius_terminate_cause(_this,
541 RADIUS_TERMNATE_CAUSE_LOST_CARRIER);
542 #endif
543 ppp_stop0(_this);
544 }
545
546 static const char *
547 proto_name(uint16_t proto)
548 {
549 switch (proto) {
550 case PPP_PROTO_IP: return "ip";
551 case PPP_PROTO_LCP: return "lcp";
552 case PPP_PROTO_PAP: return "pap";
553 case PPP_PROTO_CHAP: return "chap";
554 case PPP_PROTO_EAP: return "eap";
555 case PPP_PROTO_MPPE: return "mppe";
556 case PPP_PROTO_NCP | NCP_CCP: return "ccp";
557 case PPP_PROTO_NCP | NCP_IPCP: return "ipcp";
558 /* following protocols are just for logging */
559 case PPP_PROTO_NCP | NCP_IPV6CP: return "ipv6cp";
560 case PPP_PROTO_ACSP: return "acsp";
561 }
562 return "unknown";
563 }
564
565 /** This function is called on authentication succeed */
566 void
567 ppp_auth_ok(npppd_ppp *_this)
568 {
569 if (npppd_ppp_bind_iface(_this->pppd, _this) != 0) {
570 ppp_log(_this, LOG_WARNING, "No interface binding.");
571 ppp_stop(_this, NULL);
572
573 return;
574 }
575 if (_this->realm != NULL) {
576 npppd_ppp_get_username_for_auth(_this->pppd, _this,
577 _this->username, _this->username);
578 if (!npppd_check_calling_number(_this->pppd, _this)) {
579 ppp_log(_this, LOG_ALERT,
580 "logtype=TUNNELDENY user=\"%s\" "
581 "reason=\"Calling number check is failed\"",
582 _this->username);
583 /* XXX */
584 ppp_stop(_this, NULL);
585 return;
586 }
587 }
588 if (_this->peer_auth != 0) {
589 /* Limit the number of connections per the user */
590 if (!npppd_check_user_max_session(_this->pppd, _this)) {
591 ppp_log(_this, LOG_WARNING,
592 "user %s exceeds user-max-session limit",
593 _this->username);
594 ppp_stop(_this, NULL);
595
596 return;
597 }
598 PPP_ASSERT(_this->realm != NULL);
599 }
600
601 if (!npppd_ppp_iface_is_ready(_this->pppd, _this)) {
602 ppp_log(_this, LOG_WARNING,
603 "interface '%s' is not ready.",
604 npppd_ppp_get_iface_name(_this->pppd, _this));
605 ppp_stop(_this, NULL);
606
607 return;
608 }
609 if (_this->proxy_authen_resp != NULL) {
610 free(_this->proxy_authen_resp);
611 _this->proxy_authen_resp = NULL;
612 }
613
614 fsm_lowerup(&_this->ipcp.fsm);
615 fsm_open(&_this->ipcp.fsm);
616 #ifdef USE_NPPPD_MPPE
617 if (MPPE_MUST_NEGO(_this)) {
618 fsm_lowerup(&_this->ccp.fsm);
619 fsm_open(&_this->ccp.fsm);
620 }
621 #endif
622
623 return;
624 }
625
626 /** timer event handler for idle timer */
627 static void
628 ppp_idle_timeout(int fd, short evtype, void *context)
629 {
630 npppd_ppp *_this;
631
632 _this = context;
633
634 ppp_log(_this, LOG_NOTICE, "Idle timeout(%d sec)", _this->timeout_sec);
635 #ifdef USE_NPPPD_RADIUS
636 ppp_set_radius_terminate_cause(_this,
637 RADIUS_TERMNATE_CAUSE_IDLE_TIMEOUT);
638 #endif
639 ppp_stop(_this, NULL);
640 }
641
642 /** reset the idle-timer. Call this function when the PPP is not idle. */
643 void
644 ppp_reset_idle_timeout(npppd_ppp *_this)
645 {
646 struct timeval tv;
647
648 evtimer_del(&_this->idle_event);
649 if (_this->timeout_sec > 0) {
650 tv.tv_usec = 0;
651 tv.tv_sec = _this->timeout_sec;
652
653 evtimer_add(&_this->idle_event, &tv);
654 }
655 }
656
657 /** This function is called when IPCP is opened */
658 void
659 ppp_ipcp_opened(npppd_ppp *_this)
660 {
661 time_t curr_time;
662
663 curr_time = get_monosec();
664
665 npppd_set_ip_enabled(_this->pppd, _this, 1);
666 if (_this->logged_acct_start == 0) {
667 char label[512], ipstr[64];
668
669 ppp_set_tunnel_label(_this, label, sizeof(label));
670
671 strlcpy(ipstr, " ip=", sizeof(ipstr));
672 strlcat(ipstr, inet_ntoa(_this->ppp_framed_ip_address),
673 sizeof(ipstr));
674 if (_this->ppp_framed_ip_netmask.s_addr != 0xffffffffL) {
675 strlcat(ipstr, ":", sizeof(ipstr));
676 strlcat(ipstr, inet_ntoa(_this->ppp_framed_ip_netmask),
677 sizeof(ipstr));
678 }
679
680 ppp_log(_this, LOG_NOTICE,
681 "logtype=TUNNELSTART user=\"%s\" duration=%lusec layer2=%s "
682 "layer2from=%s auth=%s %s iface=%s%s",
683 _this->username[0]? _this->username : "<unknown>",
684 (long)(curr_time - _this->start_monotime),
685 _this->phy_label, label,
686 _this->username[0]? ppp_peer_auth_string(_this) : "none",
687 ipstr, npppd_ppp_get_iface_name(_this->pppd, _this),
688 (_this->lcp.dialin_proxy != 0)? " dialin_proxy=yes" : ""
689 );
690 #ifdef USE_NPPPD_RADIUS
691 npppd_ppp_radius_acct_start(_this->pppd, _this);
692 #endif
693
694 _this->logged_acct_start = 1;
695 ppp_reset_idle_timeout(_this);
696 }
697 #ifdef USE_NPPPD_PIPEX
698 ppp_on_network_pipex(_this);
699 #endif
700 }
701
702 /** This function is called when CCP is opened */
703 void
704 ppp_ccp_opened(npppd_ppp *_this)
705 {
706 #ifdef USE_NPPPD_MPPE
707 if (_this->ccp.mppe_rej == 0) {
708 if (_this->mppe_started == 0) {
709 mppe_start(&_this->mppe);
710 }
711 } else {
712 ppp_log(_this, LOG_INFO, "mppe is rejected by peer");
713 if (_this->mppe.required)
714 ppp_stop(_this, "MPPE is requred");
715 }
716 #endif
717 #ifdef USE_NPPPD_PIPEX
718 ppp_on_network_pipex(_this);
719 #endif
720 }
721
722 void
723 ppp_ccp_stopped(npppd_ppp *_this)
724 {
725 #ifdef USE_NPPPD_MPPE
726 if (_this->mppe.required) {
727 ppp_stop(_this, NULL);
728 return;
729 }
730 #endif
731 #ifdef USE_NPPPD_PIPEX
732 ppp_on_network_pipex(_this);
733 #endif
734 }
735
736 /************************************************************************
737 * Network I/O related functions
738 ************************************************************************/
739 /**
740 * Receive the PPP packet.
741 * @param flags Indicate information of received packet by bit flags.
742 * {@link ::PPP_IO_FLAGS_MPPE_ENCRYPTED} and
743 * {@link ::PPP_IO_FLAGS_DELAYED} may be used.
744 * @return return 0 on success. return 1 on failure.
745 */
746 static int
747 ppp_recv_packet(npppd_ppp *_this, unsigned char *pkt, int lpkt, int flags)
748 {
749 u_char *inp, *inp_proto;
750 uint16_t proto;
751
752 PPP_ASSERT(_this != NULL);
753
754 inp = pkt;
755
756 if (lpkt < 4) {
757 ppp_log(_this, LOG_DEBUG, "%s(): Rcvd short header.", __func__);
758 return 0;
759 }
760
761
762 if (_this->has_acf == 0) {
763 /* nothing to do */
764 } else if (inp[0] == PPP_ALLSTATIONS && inp[1] == PPP_UI) {
765 inp += 2;
766 } else {
767 /*
768 * Address and Control Field Compression
769 */
770 if (!psm_opt_is_accepted(&_this->lcp, acfc) &&
771 _this->logged_no_address == 0) {
772 /*
773 * On packet loss condition, we may receive ACFC'ed
774 * packets before our LCP is opened because the peer's
775 * LCP is opened already.
776 */
777 ppp_log(_this, LOG_INFO,
778 "%s: Rcvd broken frame. ACFC is not accepted, "
779 "but received ppp frame that has no address.",
780 __func__);
781 /*
782 * Log this once because it may be noisy.
783 * For example, Yahama RTX-1000 refuses to use ACFC
784 * but it send PPP frames without the address field.
785 */
786 _this->logged_no_address = 1;
787 }
788 }
789 inp_proto = inp;
790 if ((inp[0] & 0x01) != 0) {
791 /*
792 * Protocol Field Compression
793 */
794 if (!psm_opt_is_accepted(&_this->lcp, pfc)) {
795 ppp_log(_this, LOG_INFO,
796 "%s: Rcvd broken frame. No protocol field: "
797 "%02x %02x", __func__, inp[0], inp[1]);
798 return 1;
799 }
800 GETCHAR(proto, inp);
801 } else {
802 GETSHORT(proto, inp);
803 }
804
805 /*
806 * if the PPP frame is reordered, drop it
807 * unless proto is reorder-tolerant
808 */
809 if (flags & PPP_IO_FLAGS_DELAYED && proto != PPP_PROTO_IP)
810 return 1;
811
812 if (_this->log_dump_in != 0 && debug_get_debugfp() != NULL) {
813 struct tunnconf *conf = ppp_get_tunnconf(_this);
814 if ((ppp_proto_bit(proto) & conf->debug_dump_pktin) != 0) {
815 ppp_log(_this, LOG_DEBUG,
816 "PPP input dump proto=%s(%d/%04x)",
817 proto_name(proto), proto, proto);
818 show_hd(debug_get_debugfp(), pkt, lpkt);
819 }
820 }
821 #ifdef USE_NPPPD_PIPEX
822 if (_this->pipex_enabled != 0 &&
823 _this->tunnel_type == NPPPD_TUNNEL_PPPOE) {
824 switch (proto) {
825 case PPP_PROTO_IP:
826 return 2; /* handled by PIPEX */
827 case PPP_PROTO_NCP | NCP_CCP:
828 if (lpkt - (inp - pkt) < 4)
829 break; /* error but do it on fsm.c */
830 if (*inp == 0x0e || /* Reset-Request */
831 *inp == 0x0f /* Reset-Ack */) {
832 return 2; /* handled by PIPEX */
833 }
834 /* FALLTHROUGH */
835 default:
836 break;
837 }
838 }
839 #endif /* USE_NPPPD_PIPEX */
840
841 switch (proto) {
842 #ifdef USE_NPPPD_MPPE
843 case PPP_PROTO_IP:
844 /* Checks for MPPE */
845 if ((flags & PPP_IO_FLAGS_MPPE_ENCRYPTED) == 0) {
846 if (MPPE_IS_REQUIRED(_this)) {
847 /* MPPE is required but naked ip */
848
849 if (_this->logged_naked_ip == 0) {
850 ppp_log(_this, LOG_INFO,
851 "mppe is required but received "
852 "naked IP.");
853 /* log this once */
854 _this->logged_naked_ip = 1;
855 }
856 /*
857 * Windows sends naked IP packets in condition
858 * such that MPPE is not opened and IPCP is
859 * opened(*1). This occurs at a high
860 * probability when the CCP establishment is
861 * delayed because of packet loss etc. If we
862 * call ppp_stop() here, Windows on the packet
863 * loss condition etc cannot not connect us.
864 * So we don't call ppp_stop() here.
865 * (*1) At least Microsof Windows 2000
866 * Professional SP4 does.
867 */
868 /*ppp_stop(_this, "Encryption is required.");*/
869
870 return 1;
871 }
872 if (MPPE_RECV_READY(_this)) {
873 /* MPPE is opened but naked ip packet */
874 ppp_log(_this, LOG_WARNING,
875 "mppe is available but received naked IP.");
876 }
877 }
878 /* else input from MPPE */
879 break;
880 case PPP_PROTO_MPPE:
881 #ifdef USE_NPPPD_MPPE
882 if (!MPPE_RECV_READY(_this)) {
883 #else
884 {
885 #endif
886 ppp_log(_this, LOG_ERR,
887 "mppe packet is received but mppe is stopped.");
888 return 1;
889 }
890 break;
891 #endif
892 }
893
894 switch (proto) {
895 case PPP_PROTO_IP:
896 npppd_network_output(_this->pppd, _this, AF_INET, inp,
897 lpkt - (inp - pkt));
898 goto handled;
899 case PPP_PROTO_LCP:
900 fsm_input(&_this->lcp.fsm, inp, lpkt - (inp - pkt));
901 goto handled;
902 case PPP_PROTO_PAP:
903 pap_input(&_this->pap, inp, lpkt - (inp - pkt));
904 goto handled;
905 case PPP_PROTO_CHAP:
906 chap_input(&_this->chap, inp, lpkt - (inp - pkt));
907 goto handled;
908 #ifdef USE_NPPPD_EAP_RADIUS
909 case PPP_PROTO_EAP:
910 eap_input(&_this->eap, inp, lpkt - (inp - pkt));
911 goto handled;
912 #endif
913 #ifdef USE_NPPPD_MPPE
914 case PPP_PROTO_MPPE:
915 #ifdef USE_NPPPD_PIPEX
916 if (_this->pipex_enabled != 0)
917 return -1; /* silent discard */
918 #endif /* USE_NPPPD_PIPEX */
919 mppe_input(&_this->mppe, inp, lpkt - (inp - pkt));
920 goto handled;
921 #endif
922 default:
923 if ((proto & 0xff00) == PPP_PROTO_NCP) {
924 switch (proto & 0xff) {
925 case NCP_CCP: /* Compression */
926 #ifdef USE_NPPPD_MPPE
927 if (MPPE_MUST_NEGO(_this)) {
928 fsm_input(&_this->ccp.fsm, inp,
929 lpkt - (inp - pkt));
930 goto handled;
931 }
932 /* protocol-reject if MPPE is not necessary */
933 #endif
934 break;
935 case NCP_IPCP: /* IPCP */
936 fsm_input(&_this->ipcp.fsm, inp,
937 lpkt - (inp - pkt));
938 goto handled;
939 }
940 }
941 }
942 /* Protocol reject. Log it with protocol number */
943 ppp_log(_this, LOG_INFO, "unhandled protocol %s, %d(%04x)",
944 proto_name(proto), proto, proto);
945
946 if ((flags & PPP_IO_FLAGS_MPPE_ENCRYPTED) != 0) {
947 /*
948 * Don't return a protocol-reject for the packet was encrypted,
949 * because lcp protocol-reject is not encrypted by mppe.
950 */
951 } else {
952 /*
953 * as RFC1661: Rejected-Information MUST be truncated to
954 * comply with the peer's established MRU.
955 */
956 lcp_send_protrej(&_this->lcp, inp_proto,
957 MIN(lpkt - (inp_proto - pkt), NPPPD_MIN_MRU - 32));
958 }
959
960 return 1;
961 handled:
962
963 return 0;
964 }
965
966 /** This function is called to output PPP packets */
967 void
968 ppp_output(npppd_ppp *_this, uint16_t proto, u_char code, u_char id,
969 u_char *datap, int ldata)
970 {
971 u_char *outp;
972 int outlen, hlen, is_lcp = 0;
973
974 outp = _this->outpacket_buf;
975
976 /* No header compressions for LCP */
977 is_lcp = (proto == PPP_PROTO_LCP)? 1 : 0;
978
979 if (_this->has_acf == 0 ||
980 (!is_lcp && psm_peer_opt_is_accepted(&_this->lcp, acfc))) {
981 /*
982 * Don't add ACF(Address and Control Field) if ACF is not
983 * needed on this link or ACFC is negotiated.
984 */
985 } else {
986 PUTCHAR(PPP_ALLSTATIONS, outp);
987 PUTCHAR(PPP_UI, outp);
988 }
989 if (!is_lcp && proto <= 0xff &&
990 psm_peer_opt_is_accepted(&_this->lcp, pfc)) {
991 /*
992 * Protocol Field Compression
993 */
994 PUTCHAR(proto, outp);
995 } else {
996 PUTSHORT(proto, outp);
997 }
998 hlen = outp - _this->outpacket_buf;
999
1000 if (_this->mru > 0) {
1001 if (MRU_PKTLEN(_this->mru, proto) < ldata) {
1002 PPP_DBG((_this, LOG_ERR, "packet too large %d. mru=%d",
1003 ldata , _this->mru));
1004 _this->oerrors++;
1005 PPP_ASSERT("NOT REACHED HERE" == NULL);
1006 return;
1007 }
1008 }
1009
1010 if (code != 0) {
1011 outlen = ldata + HEADERLEN;
1012
1013 PUTCHAR(code, outp);
1014 PUTCHAR(id, outp);
1015 PUTSHORT(outlen, outp);
1016 } else {
1017 outlen = ldata;
1018 }
1019
1020 if (outp != datap && ldata > 0)
1021 memmove(outp, datap, ldata);
1022
1023 if (_this->log_dump_out != 0 && debug_get_debugfp() != NULL) {
1024 struct tunnconf *conf = ppp_get_tunnconf(_this);
1025 if ((ppp_proto_bit(proto) & conf->debug_dump_pktout) != 0) {
1026 ppp_log(_this, LOG_DEBUG,
1027 "PPP output dump proto=%s(%d/%04x)",
1028 proto_name(proto), proto, proto);
1029 show_hd(debug_get_debugfp(),
1030 _this->outpacket_buf, outlen + hlen);
1031 }
1032 }
1033 _this->send_packet(_this, _this->outpacket_buf, outlen + hlen, 0);
1034 }
1035
1036 /**
1037 * Return the buffer space for PPP output. The returned pointer will be
1038 * adjusted for header compression. The length of the space is larger than
1039 * {@link npppd_ppp#mru}.
1040 */
1041 u_char *
1042 ppp_packetbuf(npppd_ppp *_this, int proto)
1043 {
1044 int save;
1045
1046 save = 0;
1047 if (proto != PPP_PROTO_LCP) {
1048 if (psm_peer_opt_is_accepted(&_this->lcp, acfc))
1049 save += 2;
1050 if (proto <= 0xff && psm_peer_opt_is_accepted(&_this->lcp, pfc))
1051 save += 1;
1052 }
1053 return _this->outpacket_buf + (PPP_HDRLEN - save);
1054 }
1055
1056 /** Record log that begins the label based this instance. */
1057 int
1058 ppp_log(npppd_ppp *_this, int prio, const char *fmt, ...)
1059 {
1060 int status;
1061 char logbuf[BUFSIZ];
1062 va_list ap;
1063
1064 PPP_ASSERT(_this != NULL);
1065
1066 va_start(ap, fmt);
1067 snprintf(logbuf, sizeof(logbuf), "ppp id=%u layer=base %s",
1068 _this->id, fmt);
1069 status = vlog_printf(prio, logbuf, ap);
1070 va_end(ap);
1071
1072 return status;
1073 }
1074
1075 #ifdef USE_NPPPD_RADIUS
1076 #define UCHAR_BUFSIZ 255
1077 /**
1078 * Process the Framed-IP-Address attribute and the Framed-IP-Netmask
1079 * attribute of given RADIUS packet.
1080 */
1081 void
1082 ppp_process_radius_framed_ip(npppd_ppp *_this, RADIUS_PACKET *pkt)
1083 {
1084 struct in_addr ip4;
1085
1086 if (radius_get_ipv4_attr(pkt, RADIUS_TYPE_FRAMED_IP_ADDRESS, &ip4)
1087 == 0)
1088 _this->realm_framed_ip_address = ip4;
1089
1090 _this->realm_framed_ip_netmask.s_addr = 0xffffffffL;
1091 if (radius_get_ipv4_attr(pkt, RADIUS_TYPE_FRAMED_IP_NETMASK, &ip4)
1092 == 0)
1093 _this->realm_framed_ip_netmask = ip4;
1094 }
1095
1096 /**
1097 * Set RADIUS attributes for RADIUS authentication request.
1098 * Return 0 on success.
1099 */
1100 int
1101 ppp_set_radius_attrs_for_authreq(npppd_ppp *_this,
1102 radius_req_setting *rad_setting, RADIUS_PACKET *radpkt)
1103 {
1104 /* RFC 2865 "5.4 NAS-IP-Address" or RFC3162 "2.1. NAS-IPv6-Address" */
1105 if (radius_prepare_nas_address(rad_setting, radpkt) != 0)
1106 goto fail;
1107
1108 /* RFC 2865 "5.6. Service-Type" */
1109 if (radius_put_uint32_attr(radpkt, RADIUS_TYPE_SERVICE_TYPE,
1110 RADIUS_SERVICE_TYPE_FRAMED) != 0)
1111 goto fail;
1112
1113 /* RFC 2865 "5.7. Framed-Protocol" */
1114 if (radius_put_uint32_attr(radpkt, RADIUS_TYPE_FRAMED_PROTOCOL,
1115 RADIUS_FRAMED_PROTOCOL_PPP) != 0)
1116 goto fail;
1117
1118 if (_this->calling_number[0] != '\0') {
1119 if (radius_put_string_attr(radpkt,
1120 RADIUS_TYPE_CALLING_STATION_ID, _this->calling_number) != 0)
1121 return 1;
1122 }
1123 return 0;
1124 fail:
1125 return 1;
1126 }
1127 #endif
1128
1129 #ifdef USE_NPPPD_PIPEX
1130 /** The callback function on network is available for pipex */
1131 static void
1132 ppp_on_network_pipex(npppd_ppp *_this)
1133 {
1134 if (_this->use_pipex == 0)
1135 return;
1136 if (_this->tunnel_type != NPPPD_TUNNEL_PPTP &&
1137 _this->tunnel_type != NPPPD_TUNNEL_PPPOE &&
1138 _this->tunnel_type != NPPPD_TUNNEL_L2TP)
1139 return;
1140
1141 if (_this->pipex_started != 0)
1142 return; /* already started */
1143
1144 if (_this->assigned_ip4_enabled != 0 &&
1145 (!MPPE_MUST_NEGO(_this) || _this->ccp.fsm.state == OPENED ||
1146 _this->ccp.fsm.state == STOPPED)) {
1147 /* IPCP is opened and MPPE is not required or MPPE is opened */
1148 if (npppd_ppp_pipex_enable(_this->pppd, _this) != 0)
1149 ppp_log(_this, LOG_WARNING, "failed enable pipex: %m");
1150 ppp_log(_this, LOG_NOTICE, "Using pipex=%s",
1151 (_this->pipex_enabled != 0)? "yes" : "no");
1152 _this->pipex_started = 1;
1153 }
1154 /* else wait CCP or IPCP */
1155 }
1156 #endif
1157
1158 static uint32_t
1159 ppp_proto_bit(int proto)
1160 {
1161 switch (proto) {
1162 case PPP_PROTO_IP: return NPPPD_PROTO_BIT_IP;
1163 case PPP_PROTO_LCP: return NPPPD_PROTO_BIT_LCP;
1164 case PPP_PROTO_PAP: return NPPPD_PROTO_BIT_PAP;
1165 case PPP_PROTO_CHAP: return NPPPD_PROTO_BIT_CHAP;
1166 case PPP_PROTO_EAP: return NPPPD_PROTO_BIT_EAP;
1167 case PPP_PROTO_MPPE: return NPPPD_PROTO_BIT_MPPE;
1168 case PPP_PROTO_NCP | NCP_CCP: return NPPPD_PROTO_BIT_CCP;
1169 case PPP_PROTO_NCP | NCP_IPCP: return NPPPD_PROTO_BIT_IPCP;
1170 }
1171 return 0;
1172 }
1173
1174 struct tunnconf tunnconf_default_l2tp = {
1175 .mru = 1360,
1176 .tcp_mss_adjust = false,
1177 .pipex = true,
1178 .ingress_filter = false,
1179 .lcp_keepalive = false,
1180 .lcp_keepalive_interval = DEFAULT_LCP_ECHO_INTERVAL,
1181 .lcp_keepalive_retry_interval = DEFAULT_LCP_ECHO_RETRY_INTERVAL,
1182 .lcp_keepalive_max_retries = DEFAULT_LCP_ECHO_MAX_RETRIES,
1183 .auth_methods = NPPPD_AUTH_METHODS_CHAP | NPPPD_AUTH_METHODS_MSCHAPV2,
1184 .mppe_yesno = true,
1185 .mppe_required = false,
1186 .mppe_keylen = NPPPD_MPPE_40BIT | NPPPD_MPPE_56BIT | NPPPD_MPPE_128BIT,
1187 .mppe_keystate = NPPPD_MPPE_STATELESS | NPPPD_MPPE_STATEFUL,
1188 .callnum_check = 0,
1189 .proto = {
1190 .l2tp = {
1191 .hostname = NULL,
1192 .vendor_name = NULL,
1193 .address = {
1194 .ss_family = AF_INET,
1195 .ss_len = sizeof(struct sockaddr_in)
1196 },
1197 /* .hello_interval, */
1198 /* .hello_timeout, */
1199 .data_use_seq = true,
1200 .require_ipsec = false,
1201 /* .accept_dialin, */
1202 .lcp_renegotiation = true,
1203 .force_lcp_renegotiation = false,
1204 /* .ctrl_in_pktdump, */
1205 /* .ctrl_out_pktdump, */
1206 /* .data_in_pktdump, */
1207 /* .data_out_pktdump, */
1208 }
1209 }
1210 };
1211 struct tunnconf tunnconf_default_pptp = {
1212 .mru = 1400,
1213 .tcp_mss_adjust = false,
1214 .pipex = true,
1215 .ingress_filter = false,
1216 .lcp_keepalive = true,
1217 .lcp_keepalive_interval = DEFAULT_LCP_ECHO_INTERVAL,
1218 .lcp_keepalive_retry_interval = DEFAULT_LCP_ECHO_RETRY_INTERVAL,
1219 .lcp_keepalive_max_retries = DEFAULT_LCP_ECHO_MAX_RETRIES,
1220 .auth_methods = NPPPD_AUTH_METHODS_CHAP | NPPPD_AUTH_METHODS_MSCHAPV2,
1221 .mppe_yesno = true,
1222 .mppe_required = true,
1223 .mppe_keylen = NPPPD_MPPE_40BIT | NPPPD_MPPE_56BIT | NPPPD_MPPE_128BIT,
1224 .mppe_keystate = NPPPD_MPPE_STATELESS | NPPPD_MPPE_STATEFUL,
1225 .callnum_check = 0,
1226 .proto = {
1227 .pptp = {
1228 .hostname = NULL,
1229 .vendor_name = NULL,
1230 .address = {
1231 .ss_family = AF_INET,
1232 .ss_len = sizeof(struct sockaddr_in)
1233 },
1234 /* .echo_interval, */
1235 /* .echo_timeout, */
1236 }
1237 }
1238 };
1239 struct tunnconf tunnconf_default_pppoe = {
1240 .mru = 1492,
1241 .tcp_mss_adjust = false,
1242 .pipex = true,
1243 .ingress_filter = false,
1244 .lcp_keepalive = true,
1245 .lcp_keepalive_interval = DEFAULT_LCP_ECHO_INTERVAL,
1246 .lcp_keepalive_retry_interval = DEFAULT_LCP_ECHO_RETRY_INTERVAL,
1247 .lcp_keepalive_max_retries = DEFAULT_LCP_ECHO_MAX_RETRIES,
1248 .auth_methods = NPPPD_AUTH_METHODS_CHAP | NPPPD_AUTH_METHODS_MSCHAPV2,
1249 .mppe_yesno = true,
1250 .mppe_required = false,
1251 .mppe_keylen = NPPPD_MPPE_40BIT | NPPPD_MPPE_56BIT | NPPPD_MPPE_128BIT,
1252 .mppe_keystate = NPPPD_MPPE_STATELESS | NPPPD_MPPE_STATEFUL,
1253 .callnum_check = 0,
1254 .proto = {
1255 .pppoe = {
1256 /* .service_name */
1257 .accept_any_service = true,
1258 /* .ac_name */
1259 /* .desc_in_pktdump */
1260 /* .desc_out_pktdump */
1261 /* .session_in_pktdump */
1262 /* .session_out_pktdump */
1263 }
1264 }
1265 };
1266
1267 struct tunnconf *
1268 ppp_get_tunnconf(npppd_ppp *_this)
1269 {
1270 struct tunnconf *conf;
1271
1272 conf = npppd_get_tunnconf(_this->pppd, _this->phy_label);
1273 if (conf != NULL)
1274 return conf;
1275
1276 switch (_this->tunnel_type) {
1277 case NPPPD_TUNNEL_L2TP:
1278 return &tunnconf_default_l2tp;
1279 break;
1280 case NPPPD_TUNNEL_PPTP:
1281 return &tunnconf_default_pptp;
1282 break;
1283 case NPPPD_TUNNEL_PPPOE:
1284 return &tunnconf_default_pppoe;
1285 break;
1286 }
1287
1288 return NULL;
1289 }