1 /* $OpenBSD: ppp.c,v 1.18 2013/02/13 22:10:38 yasuoka Exp $ */
4 * Copyright (c) 2009 Internet Initiative Japan Inc.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 /* $Id: ppp.c,v 1.18 2013/02/13 22:10:38 yasuoka Exp $ */
30 * This file provides PPP(Point-to-Point Protocol, RFC 1661) and
31 * {@link :: _npppd_ppp PPP instance} related functions.
33 #include <sys/types.h>
34 #include <sys/socket.h>
35 #include <sys/param.h>
36 #include <netinet/in.h>
37 #include <net/if_dl.h>
38 #include <arpa/inet.h>
54 #include "time_utils.h"
57 #ifdef USE_NPPPD_RADIUS
59 #include "npppd_radius.h"
62 #include "debugutil.h"
65 #define PPP_DBG(x) ppp_log x
66 #define PPP_ASSERT(cond) \
69 "\nASSERT(" #cond ") failed on %s() at %s:%d.\n"\
70 , __func__, __FILE__, __LINE__); \
74 #define PPP_ASSERT(cond)
78 #include "debugutil.h"
80 static u_int ppp_seq
= 0;
82 static void ppp_stop0 (npppd_ppp
*);
83 static int ppp_recv_packet (npppd_ppp
*, unsigned char *, int, int);
84 static const char *ppp_peer_auth_string (npppd_ppp
*);
85 static void ppp_idle_timeout (int, short, void *);
86 #ifdef USE_NPPPD_PIPEX
87 static void ppp_on_network_pipex(npppd_ppp
*);
89 static uint32_t ppp_proto_bit(int);
91 #define AUTH_IS_PAP(ppp) ((ppp)->peer_auth == PPP_AUTH_PAP)
92 #define AUTH_IS_CHAP(ppp) ((ppp)->peer_auth == PPP_AUTH_CHAP_MD5 ||\
93 (ppp)->peer_auth == PPP_AUTH_CHAP_MS || \
94 (ppp)->peer_auth == PPP_AUTH_CHAP_MS_V2)
95 #define AUTH_IS_EAP(ppp) ((ppp)->peer_auth == PPP_AUTH_EAP)
98 * About termination procedures:
99 * ppp_lcp_finished LCP is terminated
100 * Terminate-Request by the peer.
101 * Terminate-Request by ourself. (From ppp_stop())
102 * ppp_phy_downed Down the datalink/physical.
104 * On both cases, ppp_stop0 and ppp_down_others are called.
106 /** Create a npppd_ppp instance */
112 if ((_this
= malloc(sizeof(npppd_ppp
))) == NULL
) {
113 log_printf(LOG_ERR
, "malloc() failed in %s(): %m", __func__
);
116 memset(_this
, 0, sizeof(npppd_ppp
));
118 _this
->snp
.snp_family
= AF_INET
;
119 _this
->snp
.snp_len
= sizeof(_this
->snp
);
120 _this
->snp
.snp_type
= SNP_PPP
;
121 _this
->snp
.snp_data_ptr
= _this
;
127 * Initialize the npppd_ppp instance
128 * Set npppd_ppp#mru and npppd_ppp#phy_label before call this function.
131 ppp_init(npppd
*pppd
, npppd_ppp
*_this
)
133 struct tunnconf
*conf
;
135 PPP_ASSERT(_this
!= NULL
);
136 PPP_ASSERT(strlen(_this
->phy_label
) > 0);
141 _this
->recv_packet
= ppp_recv_packet
;
142 _this
->id
= ppp_seq
++;
145 lcp_init(&_this
->lcp
, _this
);
147 conf
= ppp_get_tunnconf(_this
);
148 _this
->mru
= conf
->mru
;
150 if (_this
->outpacket_buf
== NULL
) {
151 _this
->outpacket_buf
= malloc(_this
->mru
+ 64);
152 if (_this
->outpacket_buf
== NULL
){
153 log_printf(LOG_ERR
, "malloc() failed in %s(): %m",
158 _this
->adjust_mss
= (conf
->tcp_mss_adjust
)? 1 : 0;
160 #ifdef USE_NPPPD_PIPEX
161 _this
->use_pipex
= (conf
->pipex
)? 1 : 0;
163 /* load the logging configuration */
164 _this
->ingress_filter
= (conf
->ingress_filter
)? 1 : 0;
166 #ifdef USE_NPPPD_MPPE
167 mppe_init(&_this
->mppe
, _this
);
169 ccp_init(&_this
->ccp
, _this
);
170 ipcp_init(&_this
->ipcp
, _this
);
171 pap_init(&_this
->pap
, _this
);
172 chap_init(&_this
->chap
, _this
);
174 /* load the idle timer configuration */
175 _this
->timeout_sec
= conf
->idle_timeout
;
177 if (!evtimer_initialized(&_this
->idle_event
))
178 evtimer_set(&_this
->idle_event
, ppp_idle_timeout
, _this
);
180 if (conf
->lcp_keepalive
) {
181 _this
->lcp
.echo_interval
= conf
->lcp_keepalive_interval
;
182 _this
->lcp
.echo_retry_interval
=
183 conf
->lcp_keepalive_retry_interval
;
184 _this
->lcp
.echo_max_retries
= conf
->lcp_keepalive_max_retries
;
186 _this
->lcp
.echo_interval
= 0;
187 _this
->lcp
.echo_retry_interval
= 0;
188 _this
->lcp
.echo_max_retries
= 0;
190 _this
->log_dump_in
= (conf
->debug_dump_pktin
== 0)? 0 : 1;
191 _this
->log_dump_out
= (conf
->debug_dump_pktout
== 0)? 0 : 1;
197 ppp_set_tunnel_label(npppd_ppp
*_this
, char *buf
, int lbuf
)
200 char hbuf
[NI_MAXHOST
], sbuf
[NI_MAXSERV
];
204 af
= ((struct sockaddr
*)&_this
->phy_info
)->sa_family
;
206 flag
= NI_NUMERICHOST
;
207 if (af
== AF_INET
|| af
== AF_INET6
)
208 flag
|= NI_NUMERICSERV
;
209 if (getnameinfo((struct sockaddr
*)&_this
->phy_info
,
210 ((struct sockaddr
*)&_this
->phy_info
)->sa_len
, hbuf
,
211 sizeof(hbuf
), sbuf
, sizeof(sbuf
), flag
) != 0) {
212 ppp_log(_this
, LOG_ERR
, "getnameinfo() failed at %s",
214 strlcpy(hbuf
, "0.0.0.0", sizeof(hbuf
));
215 strlcpy(sbuf
, "0", sizeof(sbuf
));
217 if (af
== AF_INET
|| af
== AF_INET6
)
218 snprintf(buf
, lbuf
, "%s:%s", hbuf
, sbuf
);
220 snprintf(buf
, lbuf
, "%s", hbuf
);
221 } else if (af
== NPPPD_AF_PHONE_NUMBER
) {
223 ((npppd_phone_number
*)&_this
->phy_info
)->pn_number
, lbuf
);
227 * Start the npppd_ppp.
228 * Set npppd_ppp#phy_context, npppd_ppp#send_packet, npppd_ppp#phy_close and
229 * npppd_ppp#phy_info before call this function.
232 ppp_start(npppd_ppp
*_this
)
236 PPP_ASSERT(_this
!= NULL
);
237 PPP_ASSERT(_this
->recv_packet
!= NULL
);
238 PPP_ASSERT(_this
->send_packet
!= NULL
);
239 PPP_ASSERT(_this
->phy_close
!= NULL
);
241 _this
->start_time
= time(NULL
);
242 _this
->start_monotime
= get_monosec();
243 /* log the lower layer information */
244 ppp_set_tunnel_label(_this
, label
, sizeof(label
));
245 ppp_log(_this
, LOG_INFO
, "logtype=Started tunnel=%s(%s)",
246 _this
->phy_label
, label
);
248 lcp_lowerup(&_this
->lcp
);
251 /** Prepare "dialin proxy". Return 0 if "dialin proxy" is not available. */
253 ppp_dialin_proxy_prepare(npppd_ppp
*_this
, dialin_proxy_info
*dpi
)
255 int renego_force
, renego
;
256 struct tunnconf
*conf
;
258 conf
= ppp_get_tunnconf(_this
);
260 renego
= conf
->proto
.l2tp
.lcp_renegotiation
;
261 renego_force
= conf
->proto
.l2tp
.force_lcp_renegotiation
;
266 if (lcp_dialin_proxy(&_this
->lcp
, dpi
, renego
, renego_force
) != 0) {
267 ppp_log(_this
, LOG_ERR
,
268 "Failed to dialin-proxy, proxied lcp is broken.");
276 ppp_down_others(npppd_ppp
*_this
)
278 fsm_lowerdown(&_this
->ccp
.fsm
);
279 fsm_lowerdown(&_this
->ipcp
.fsm
);
281 npppd_release_ip(_this
->pppd
, _this
);
282 if (AUTH_IS_PAP(_this
))
283 pap_stop(&_this
->pap
);
284 if (AUTH_IS_CHAP(_this
))
285 chap_stop(&_this
->chap
);
286 #ifdef USE_NPPPD_EAP_RADIUS
287 if (AUTH_IS_EAP(_this
))
288 eap_stop(&_this
->eap
);
290 evtimer_del(&_this
->idle_event
);
294 * Stop the PPP and destroy the npppd_ppp instance
295 * @param reason Reason of stopping the PPP. Specify NULL if there is
296 * no special reason. This reason will be used as a
297 * reason field of LCP Terminate-Request message and
298 * notified to the peer.
301 ppp_stop(npppd_ppp
*_this
, const char *reason
)
304 PPP_ASSERT(_this
!= NULL
);
306 #ifdef USE_NPPPD_RADIUS
307 ppp_set_radius_terminate_cause(_this
,
308 RADIUS_TERMNATE_CAUSE_ADMIN_RESET
);
310 ppp_set_disconnect_cause(_this
, PPP_DISCON_NORMAL
, 0, 2 /* by local */,
313 ppp_down_others(_this
);
314 fsm_close(&_this
->lcp
.fsm
, reason
);
318 * Set disconnect cause
319 * @param code disconnect code in {@link ::npppd_ppp_disconnect_code}.
320 * @param proto control protocol number. see RFC3145.
321 * @param direction disconnect direction. see RFC 3145
324 ppp_set_disconnect_cause(npppd_ppp
*_this
, npppd_ppp_disconnect_code code
,
325 int proto
, int direction
, const char *message
)
327 if (_this
->disconnect_code
== PPP_DISCON_NO_INFORMATION
) {
328 _this
->disconnect_code
= code
;
329 _this
->disconnect_proto
= proto
;
330 _this
->disconnect_direction
= direction
;
331 _this
->disconnect_message
= message
;
335 /** Set RADIUS Acct-Terminate-Cause code */
337 ppp_set_radius_terminate_cause(npppd_ppp
*_this
, int cause
)
339 if (_this
->terminate_cause
== 0)
340 _this
->terminate_cause
= cause
;
344 ppp_stop0(npppd_ppp
*_this
)
346 char mppe_str
[BUFSIZ
];
349 #ifdef USE_NPPPD_RADIUS
350 ppp_set_radius_terminate_cause(_this
, RADIUS_TERMNATE_CAUSE_NAS_ERROR
);
352 ppp_set_disconnect_cause(_this
, PPP_DISCON_NORMAL
, 0, 1 /* by local */,
355 _this
->end_monotime
= get_monosec();
357 if (_this
->phy_close
!= NULL
)
358 _this
->phy_close(_this
);
359 _this
->phy_close
= NULL
;
362 * NAT/Blackhole detection for PPTP(GRE)
364 if (_this
->lcp
.dialin_proxy
!= 0 &&
365 _this
->lcp
.dialin_proxy_lcp_renegotiation
== 0) {
366 /* No LCP packets on dialin proxy without LCP renegotiation */
367 } else if (_this
->lcp
.recv_ress
== 0) { /* No responses */
368 if (_this
->lcp
.recv_reqs
== 0) /* No requests */
369 ppp_log(_this
, LOG_WARNING
, "no PPP frames from the "
370 "peer. router/NAT issue? (may have filtered out)");
372 ppp_log(_this
, LOG_WARNING
, "my PPP frames may not "
373 "have arrived at the peer. router/NAT issue? (may "
374 "be the only-first-person problem)");
376 #ifdef USE_NPPPD_PIPEX
377 if (npppd_ppp_pipex_disable(_this
->pppd
, _this
) != 0)
378 ppp_log(_this
, LOG_ERR
,
379 "npppd_ppp_pipex_disable() failed: %m");
382 ppp_set_tunnel_label(_this
, label
, sizeof(label
));
383 #ifdef USE_NPPPD_MPPE
384 if (_this
->mppe_started
) {
385 snprintf(mppe_str
, sizeof(mppe_str
),
386 "mppe=yes mppe_in=%dbits,%s mppe_out=%dbits,%s",
387 _this
->mppe
.recv
.keybits
,
388 (_this
->mppe
.recv
.stateless
)? "stateless" : "stateful",
389 _this
->mppe
.send
.keybits
,
390 (_this
->mppe
.send
.stateless
)? "stateless" : "stateful");
393 snprintf(mppe_str
, sizeof(mppe_str
), "mppe=no");
394 ppp_log(_this
, LOG_NOTICE
,
395 "logtype=TUNNELUSAGE user=\"%s\" duration=%ldsec layer2=%s "
396 "layer2from=%s auth=%s data_in=%llubytes,%upackets "
397 "data_out=%llubytes,%upackets error_in=%u error_out=%u %s "
399 _this
->username
[0]? _this
->username
: "<unknown>",
400 (long)(_this
->end_monotime
- _this
->start_monotime
),
401 _this
->phy_label
, label
,
402 _this
->username
[0]? ppp_peer_auth_string(_this
) : "none",
403 (unsigned long long)_this
->ibytes
, _this
->ipackets
,
404 (unsigned long long)_this
->obytes
, _this
->opackets
,
405 _this
->ierrors
, _this
->oerrors
, mppe_str
,
406 npppd_ppp_get_iface_name(_this
->pppd
, _this
));
408 #ifdef USE_NPPPD_RADIUS
409 npppd_ppp_radius_acct_stop(_this
->pppd
, _this
);
411 npppd_ppp_unbind_iface(_this
->pppd
, _this
);
412 #ifdef USE_NPPPD_MPPE
413 mppe_fini(&_this
->mppe
);
415 evtimer_del(&_this
->idle_event
);
417 npppd_release_ip(_this
->pppd
, _this
);
422 * Destroy the npppd_ppp instance. Don't use this function after calling
423 * the ppp_start, please use ppp_stop() instead.
426 ppp_destroy(void *ctx
)
428 npppd_ppp
*_this
= ctx
;
430 if (_this
->proxy_authen_resp
!= NULL
)
431 free(_this
->proxy_authen_resp
);
434 * Down/stop the protocols again to make sure they are stopped
435 * even if ppp_stop is done. They might be change their state
436 * by receiving packets from the peer.
438 fsm_lowerdown(&_this
->ccp
.fsm
);
439 fsm_lowerdown(&_this
->ipcp
.fsm
);
440 pap_stop(&_this
->pap
);
441 chap_stop(&_this
->chap
);
443 if (_this
->outpacket_buf
!= NULL
)
444 free(_this
->outpacket_buf
);
449 /************************************************************************
451 ************************************************************************/
453 ppp_peer_auth_string(npppd_ppp
*_this
)
455 switch(_this
->peer_auth
) {
456 case PPP_AUTH_PAP
: return "PAP";
457 case PPP_AUTH_CHAP_MD5
: return "MD5-CHAP";
458 case PPP_AUTH_CHAP_MS
: return "MS-CHAP";
459 case PPP_AUTH_CHAP_MS_V2
: return "MS-CHAP-V2";
460 case PPP_AUTH_EAP
: return "EAP";
461 default: return "ERROR";
465 /** called when the lcp is up */
467 ppp_lcp_up(npppd_ppp
*_this
)
469 #ifdef USE_NPPPD_MPPE
470 if (MPPE_IS_REQUIRED(_this
) && !MPPE_MUST_NEGO(_this
)) {
471 ppp_log(_this
, LOG_ERR
, "MPPE is required, auth protocol must "
472 "be MS-CHAP-V2 or EAP");
473 ppp_stop(_this
, "Encryption required");
478 * Use our MRU value even if the peer insists on larger value.
479 * We set the peer_mtu here, the value will be used as the MTU of the
480 * routing entry. So we will not receive packets larger than the MTU.
482 if (_this
->peer_mru
> _this
->mru
)
483 _this
->peer_mru
= _this
->mru
;
485 if (_this
->peer_auth
!= 0 && _this
->auth_runonce
== 0) {
486 if (AUTH_IS_PAP(_this
)) {
487 pap_start(&_this
->pap
);
488 _this
->auth_runonce
= 1;
491 if (AUTH_IS_CHAP(_this
)) {
492 chap_start(&_this
->chap
);
493 _this
->auth_runonce
= 1;
496 #ifdef USE_NPPPD_EAP_RADIUS
497 if (AUTH_IS_EAP(_this
)) {
498 eap_init(&_this
->eap
, _this
);
499 eap_start(&_this
->eap
);
504 if (_this
->peer_auth
== 0)
509 * This function will be called the LCP is terminated.
510 * (On entering STOPPED or CLOSED state)
513 ppp_lcp_finished(npppd_ppp
*_this
)
515 PPP_ASSERT(_this
!= NULL
);
517 ppp_down_others(_this
);
519 fsm_lowerdown(&_this
->lcp
.fsm
);
524 * This function will be called by the physical layer when it is down.
526 * Use this function only on such conditions that the physical layer cannot
527 * input or output PPP frames. Use {@link ::ppp_stop()} instead if we can
528 * disconnect PPP gently.</p>
531 ppp_phy_downed(npppd_ppp
*_this
)
533 PPP_ASSERT(_this
!= NULL
);
535 ppp_down_others(_this
);
536 fsm_lowerdown(&_this
->lcp
.fsm
);
537 fsm_close(&_this
->lcp
.fsm
, NULL
);
539 #ifdef USE_NPPPD_RADIUS
540 ppp_set_radius_terminate_cause(_this
,
541 RADIUS_TERMNATE_CAUSE_LOST_CARRIER
);
547 proto_name(uint16_t proto
)
550 case PPP_PROTO_IP
: return "ip";
551 case PPP_PROTO_LCP
: return "lcp";
552 case PPP_PROTO_PAP
: return "pap";
553 case PPP_PROTO_CHAP
: return "chap";
554 case PPP_PROTO_EAP
: return "eap";
555 case PPP_PROTO_MPPE
: return "mppe";
556 case PPP_PROTO_NCP
| NCP_CCP
: return "ccp";
557 case PPP_PROTO_NCP
| NCP_IPCP
: return "ipcp";
558 /* following protocols are just for logging */
559 case PPP_PROTO_NCP
| NCP_IPV6CP
: return "ipv6cp";
560 case PPP_PROTO_ACSP
: return "acsp";
565 /** This function is called on authentication succeed */
567 ppp_auth_ok(npppd_ppp
*_this
)
569 if (npppd_ppp_bind_iface(_this
->pppd
, _this
) != 0) {
570 ppp_log(_this
, LOG_WARNING
, "No interface binding.");
571 ppp_stop(_this
, NULL
);
575 if (_this
->realm
!= NULL
) {
576 npppd_ppp_get_username_for_auth(_this
->pppd
, _this
,
577 _this
->username
, _this
->username
);
578 if (!npppd_check_calling_number(_this
->pppd
, _this
)) {
579 ppp_log(_this
, LOG_ALERT
,
580 "logtype=TUNNELDENY user=\"%s\" "
581 "reason=\"Calling number check is failed\"",
584 ppp_stop(_this
, NULL
);
588 if (_this
->peer_auth
!= 0) {
589 /* Limit the number of connections per the user */
590 if (!npppd_check_user_max_session(_this
->pppd
, _this
)) {
591 ppp_log(_this
, LOG_WARNING
,
592 "user %s exceeds user-max-session limit",
594 ppp_stop(_this
, NULL
);
598 PPP_ASSERT(_this
->realm
!= NULL
);
601 if (!npppd_ppp_iface_is_ready(_this
->pppd
, _this
)) {
602 ppp_log(_this
, LOG_WARNING
,
603 "interface '%s' is not ready.",
604 npppd_ppp_get_iface_name(_this
->pppd
, _this
));
605 ppp_stop(_this
, NULL
);
609 if (_this
->proxy_authen_resp
!= NULL
) {
610 free(_this
->proxy_authen_resp
);
611 _this
->proxy_authen_resp
= NULL
;
614 fsm_lowerup(&_this
->ipcp
.fsm
);
615 fsm_open(&_this
->ipcp
.fsm
);
616 #ifdef USE_NPPPD_MPPE
617 if (MPPE_MUST_NEGO(_this
)) {
618 fsm_lowerup(&_this
->ccp
.fsm
);
619 fsm_open(&_this
->ccp
.fsm
);
626 /** timer event handler for idle timer */
628 ppp_idle_timeout(int fd
, short evtype
, void *context
)
634 ppp_log(_this
, LOG_NOTICE
, "Idle timeout(%d sec)", _this
->timeout_sec
);
635 #ifdef USE_NPPPD_RADIUS
636 ppp_set_radius_terminate_cause(_this
,
637 RADIUS_TERMNATE_CAUSE_IDLE_TIMEOUT
);
639 ppp_stop(_this
, NULL
);
642 /** reset the idle-timer. Call this function when the PPP is not idle. */
644 ppp_reset_idle_timeout(npppd_ppp
*_this
)
648 evtimer_del(&_this
->idle_event
);
649 if (_this
->timeout_sec
> 0) {
651 tv
.tv_sec
= _this
->timeout_sec
;
653 evtimer_add(&_this
->idle_event
, &tv
);
657 /** This function is called when IPCP is opened */
659 ppp_ipcp_opened(npppd_ppp
*_this
)
663 curr_time
= get_monosec();
665 npppd_set_ip_enabled(_this
->pppd
, _this
, 1);
666 if (_this
->logged_acct_start
== 0) {
667 char label
[512], ipstr
[64];
669 ppp_set_tunnel_label(_this
, label
, sizeof(label
));
671 strlcpy(ipstr
, " ip=", sizeof(ipstr
));
672 strlcat(ipstr
, inet_ntoa(_this
->ppp_framed_ip_address
),
674 if (_this
->ppp_framed_ip_netmask
.s_addr
!= 0xffffffffL
) {
675 strlcat(ipstr
, ":", sizeof(ipstr
));
676 strlcat(ipstr
, inet_ntoa(_this
->ppp_framed_ip_netmask
),
680 ppp_log(_this
, LOG_NOTICE
,
681 "logtype=TUNNELSTART user=\"%s\" duration=%lusec layer2=%s "
682 "layer2from=%s auth=%s %s iface=%s%s",
683 _this
->username
[0]? _this
->username
: "<unknown>",
684 (long)(curr_time
- _this
->start_monotime
),
685 _this
->phy_label
, label
,
686 _this
->username
[0]? ppp_peer_auth_string(_this
) : "none",
687 ipstr
, npppd_ppp_get_iface_name(_this
->pppd
, _this
),
688 (_this
->lcp
.dialin_proxy
!= 0)? " dialin_proxy=yes" : ""
690 #ifdef USE_NPPPD_RADIUS
691 npppd_ppp_radius_acct_start(_this
->pppd
, _this
);
694 _this
->logged_acct_start
= 1;
695 ppp_reset_idle_timeout(_this
);
697 #ifdef USE_NPPPD_PIPEX
698 ppp_on_network_pipex(_this
);
702 /** This function is called when CCP is opened */
704 ppp_ccp_opened(npppd_ppp
*_this
)
706 #ifdef USE_NPPPD_MPPE
707 if (_this
->ccp
.mppe_rej
== 0) {
708 if (_this
->mppe_started
== 0) {
709 mppe_start(&_this
->mppe
);
712 ppp_log(_this
, LOG_INFO
, "mppe is rejected by peer");
713 if (_this
->mppe
.required
)
714 ppp_stop(_this
, "MPPE is requred");
717 #ifdef USE_NPPPD_PIPEX
718 ppp_on_network_pipex(_this
);
723 ppp_ccp_stopped(npppd_ppp
*_this
)
725 #ifdef USE_NPPPD_MPPE
726 if (_this
->mppe
.required
) {
727 ppp_stop(_this
, NULL
);
731 #ifdef USE_NPPPD_PIPEX
732 ppp_on_network_pipex(_this
);
736 /************************************************************************
737 * Network I/O related functions
738 ************************************************************************/
740 * Receive the PPP packet.
741 * @param flags Indicate information of received packet by bit flags.
742 * {@link ::PPP_IO_FLAGS_MPPE_ENCRYPTED} and
743 * {@link ::PPP_IO_FLAGS_DELAYED} may be used.
744 * @return return 0 on success. return 1 on failure.
747 ppp_recv_packet(npppd_ppp
*_this
, unsigned char *pkt
, int lpkt
, int flags
)
749 u_char
*inp
, *inp_proto
;
752 PPP_ASSERT(_this
!= NULL
);
757 ppp_log(_this
, LOG_DEBUG
, "%s(): Rcvd short header.", __func__
);
762 if (_this
->has_acf
== 0) {
764 } else if (inp
[0] == PPP_ALLSTATIONS
&& inp
[1] == PPP_UI
) {
768 * Address and Control Field Compression
770 if (!psm_opt_is_accepted(&_this
->lcp
, acfc
) &&
771 _this
->logged_no_address
== 0) {
773 * On packet loss condition, we may receive ACFC'ed
774 * packets before our LCP is opened because the peer's
775 * LCP is opened already.
777 ppp_log(_this
, LOG_INFO
,
778 "%s: Rcvd broken frame. ACFC is not accepted, "
779 "but received ppp frame that has no address.",
782 * Log this once because it may be noisy.
783 * For example, Yahama RTX-1000 refuses to use ACFC
784 * but it send PPP frames without the address field.
786 _this
->logged_no_address
= 1;
790 if ((inp
[0] & 0x01) != 0) {
792 * Protocol Field Compression
794 if (!psm_opt_is_accepted(&_this
->lcp
, pfc
)) {
795 ppp_log(_this
, LOG_INFO
,
796 "%s: Rcvd broken frame. No protocol field: "
797 "%02x %02x", __func__
, inp
[0], inp
[1]);
802 GETSHORT(proto
, inp
);
806 * if the PPP frame is reordered, drop it
807 * unless proto is reorder-tolerant
809 if (flags
& PPP_IO_FLAGS_DELAYED
&& proto
!= PPP_PROTO_IP
)
812 if (_this
->log_dump_in
!= 0 && debug_get_debugfp() != NULL
) {
813 struct tunnconf
*conf
= ppp_get_tunnconf(_this
);
814 if ((ppp_proto_bit(proto
) & conf
->debug_dump_pktin
) != 0) {
815 ppp_log(_this
, LOG_DEBUG
,
816 "PPP input dump proto=%s(%d/%04x)",
817 proto_name(proto
), proto
, proto
);
818 show_hd(debug_get_debugfp(), pkt
, lpkt
);
821 #ifdef USE_NPPPD_PIPEX
822 if (_this
->pipex_enabled
!= 0 &&
823 _this
->tunnel_type
== NPPPD_TUNNEL_PPPOE
) {
826 return 2; /* handled by PIPEX */
827 case PPP_PROTO_NCP
| NCP_CCP
:
828 if (lpkt
- (inp
- pkt
) < 4)
829 break; /* error but do it on fsm.c */
830 if (*inp
== 0x0e || /* Reset-Request */
831 *inp
== 0x0f /* Reset-Ack */) {
832 return 2; /* handled by PIPEX */
839 #endif /* USE_NPPPD_PIPEX */
842 #ifdef USE_NPPPD_MPPE
844 /* Checks for MPPE */
845 if ((flags
& PPP_IO_FLAGS_MPPE_ENCRYPTED
) == 0) {
846 if (MPPE_IS_REQUIRED(_this
)) {
847 /* MPPE is required but naked ip */
849 if (_this
->logged_naked_ip
== 0) {
850 ppp_log(_this
, LOG_INFO
,
851 "mppe is required but received "
854 _this
->logged_naked_ip
= 1;
857 * Windows sends naked IP packets in condition
858 * such that MPPE is not opened and IPCP is
859 * opened(*1). This occurs at a high
860 * probability when the CCP establishment is
861 * delayed because of packet loss etc. If we
862 * call ppp_stop() here, Windows on the packet
863 * loss condition etc cannot not connect us.
864 * So we don't call ppp_stop() here.
865 * (*1) At least Microsof Windows 2000
866 * Professional SP4 does.
868 /*ppp_stop(_this, "Encryption is required.");*/
872 if (MPPE_RECV_READY(_this
)) {
873 /* MPPE is opened but naked ip packet */
874 ppp_log(_this
, LOG_WARNING
,
875 "mppe is available but received naked IP.");
878 /* else input from MPPE */
881 #ifdef USE_NPPPD_MPPE
882 if (!MPPE_RECV_READY(_this
)) {
886 ppp_log(_this
, LOG_ERR
,
887 "mppe packet is received but mppe is stopped.");
896 npppd_network_output(_this
->pppd
, _this
, AF_INET
, inp
,
900 fsm_input(&_this
->lcp
.fsm
, inp
, lpkt
- (inp
- pkt
));
903 pap_input(&_this
->pap
, inp
, lpkt
- (inp
- pkt
));
906 chap_input(&_this
->chap
, inp
, lpkt
- (inp
- pkt
));
908 #ifdef USE_NPPPD_EAP_RADIUS
910 eap_input(&_this
->eap
, inp
, lpkt
- (inp
- pkt
));
913 #ifdef USE_NPPPD_MPPE
915 #ifdef USE_NPPPD_PIPEX
916 if (_this
->pipex_enabled
!= 0)
917 return -1; /* silent discard */
918 #endif /* USE_NPPPD_PIPEX */
919 mppe_input(&_this
->mppe
, inp
, lpkt
- (inp
- pkt
));
923 if ((proto
& 0xff00) == PPP_PROTO_NCP
) {
924 switch (proto
& 0xff) {
925 case NCP_CCP
: /* Compression */
926 #ifdef USE_NPPPD_MPPE
927 if (MPPE_MUST_NEGO(_this
)) {
928 fsm_input(&_this
->ccp
.fsm
, inp
,
932 /* protocol-reject if MPPE is not necessary */
935 case NCP_IPCP
: /* IPCP */
936 fsm_input(&_this
->ipcp
.fsm
, inp
,
942 /* Protocol reject. Log it with protocol number */
943 ppp_log(_this
, LOG_INFO
, "unhandled protocol %s, %d(%04x)",
944 proto_name(proto
), proto
, proto
);
946 if ((flags
& PPP_IO_FLAGS_MPPE_ENCRYPTED
) != 0) {
948 * Don't return a protocol-reject for the packet was encrypted,
949 * because lcp protocol-reject is not encrypted by mppe.
953 * as RFC1661: Rejected-Information MUST be truncated to
954 * comply with the peer's established MRU.
956 lcp_send_protrej(&_this
->lcp
, inp_proto
,
957 MIN(lpkt
- (inp_proto
- pkt
), NPPPD_MIN_MRU
- 32));
966 /** This function is called to output PPP packets */
968 ppp_output(npppd_ppp
*_this
, uint16_t proto
, u_char code
, u_char id
,
969 u_char
*datap
, int ldata
)
972 int outlen
, hlen
, is_lcp
= 0;
974 outp
= _this
->outpacket_buf
;
976 /* No header compressions for LCP */
977 is_lcp
= (proto
== PPP_PROTO_LCP
)? 1 : 0;
979 if (_this
->has_acf
== 0 ||
980 (!is_lcp
&& psm_peer_opt_is_accepted(&_this
->lcp
, acfc
))) {
982 * Don't add ACF(Address and Control Field) if ACF is not
983 * needed on this link or ACFC is negotiated.
986 PUTCHAR(PPP_ALLSTATIONS
, outp
);
987 PUTCHAR(PPP_UI
, outp
);
989 if (!is_lcp
&& proto
<= 0xff &&
990 psm_peer_opt_is_accepted(&_this
->lcp
, pfc
)) {
992 * Protocol Field Compression
994 PUTCHAR(proto
, outp
);
996 PUTSHORT(proto
, outp
);
998 hlen
= outp
- _this
->outpacket_buf
;
1000 if (_this
->mru
> 0) {
1001 if (MRU_PKTLEN(_this
->mru
, proto
) < ldata
) {
1002 PPP_DBG((_this
, LOG_ERR
, "packet too large %d. mru=%d",
1003 ldata
, _this
->mru
));
1005 PPP_ASSERT("NOT REACHED HERE" == NULL
);
1011 outlen
= ldata
+ HEADERLEN
;
1013 PUTCHAR(code
, outp
);
1015 PUTSHORT(outlen
, outp
);
1020 if (outp
!= datap
&& ldata
> 0)
1021 memmove(outp
, datap
, ldata
);
1023 if (_this
->log_dump_out
!= 0 && debug_get_debugfp() != NULL
) {
1024 struct tunnconf
*conf
= ppp_get_tunnconf(_this
);
1025 if ((ppp_proto_bit(proto
) & conf
->debug_dump_pktout
) != 0) {
1026 ppp_log(_this
, LOG_DEBUG
,
1027 "PPP output dump proto=%s(%d/%04x)",
1028 proto_name(proto
), proto
, proto
);
1029 show_hd(debug_get_debugfp(),
1030 _this
->outpacket_buf
, outlen
+ hlen
);
1033 _this
->send_packet(_this
, _this
->outpacket_buf
, outlen
+ hlen
, 0);
1037 * Return the buffer space for PPP output. The returned pointer will be
1038 * adjusted for header compression. The length of the space is larger than
1039 * {@link npppd_ppp#mru}.
1042 ppp_packetbuf(npppd_ppp
*_this
, int proto
)
1047 if (proto
!= PPP_PROTO_LCP
) {
1048 if (psm_peer_opt_is_accepted(&_this
->lcp
, acfc
))
1050 if (proto
<= 0xff && psm_peer_opt_is_accepted(&_this
->lcp
, pfc
))
1053 return _this
->outpacket_buf
+ (PPP_HDRLEN
- save
);
1056 /** Record log that begins the label based this instance. */
1058 ppp_log(npppd_ppp
*_this
, int prio
, const char *fmt
, ...)
1061 char logbuf
[BUFSIZ
];
1064 PPP_ASSERT(_this
!= NULL
);
1067 snprintf(logbuf
, sizeof(logbuf
), "ppp id=%u layer=base %s",
1069 status
= vlog_printf(prio
, logbuf
, ap
);
1075 #ifdef USE_NPPPD_RADIUS
1076 #define UCHAR_BUFSIZ 255
1078 * Process the Framed-IP-Address attribute and the Framed-IP-Netmask
1079 * attribute of given RADIUS packet.
1082 ppp_process_radius_framed_ip(npppd_ppp
*_this
, RADIUS_PACKET
*pkt
)
1086 if (radius_get_ipv4_attr(pkt
, RADIUS_TYPE_FRAMED_IP_ADDRESS
, &ip4
)
1088 _this
->realm_framed_ip_address
= ip4
;
1090 _this
->realm_framed_ip_netmask
.s_addr
= 0xffffffffL
;
1091 if (radius_get_ipv4_attr(pkt
, RADIUS_TYPE_FRAMED_IP_NETMASK
, &ip4
)
1093 _this
->realm_framed_ip_netmask
= ip4
;
1097 * Set RADIUS attributes for RADIUS authentication request.
1098 * Return 0 on success.
1101 ppp_set_radius_attrs_for_authreq(npppd_ppp
*_this
,
1102 radius_req_setting
*rad_setting
, RADIUS_PACKET
*radpkt
)
1104 /* RFC 2865 "5.4 NAS-IP-Address" or RFC3162 "2.1. NAS-IPv6-Address" */
1105 if (radius_prepare_nas_address(rad_setting
, radpkt
) != 0)
1108 /* RFC 2865 "5.6. Service-Type" */
1109 if (radius_put_uint32_attr(radpkt
, RADIUS_TYPE_SERVICE_TYPE
,
1110 RADIUS_SERVICE_TYPE_FRAMED
) != 0)
1113 /* RFC 2865 "5.7. Framed-Protocol" */
1114 if (radius_put_uint32_attr(radpkt
, RADIUS_TYPE_FRAMED_PROTOCOL
,
1115 RADIUS_FRAMED_PROTOCOL_PPP
) != 0)
1118 if (_this
->calling_number
[0] != '\0') {
1119 if (radius_put_string_attr(radpkt
,
1120 RADIUS_TYPE_CALLING_STATION_ID
, _this
->calling_number
) != 0)
1129 #ifdef USE_NPPPD_PIPEX
1130 /** The callback function on network is available for pipex */
1132 ppp_on_network_pipex(npppd_ppp
*_this
)
1134 if (_this
->use_pipex
== 0)
1136 if (_this
->tunnel_type
!= NPPPD_TUNNEL_PPTP
&&
1137 _this
->tunnel_type
!= NPPPD_TUNNEL_PPPOE
&&
1138 _this
->tunnel_type
!= NPPPD_TUNNEL_L2TP
)
1141 if (_this
->pipex_started
!= 0)
1142 return; /* already started */
1144 if (_this
->assigned_ip4_enabled
!= 0 &&
1145 (!MPPE_MUST_NEGO(_this
) || _this
->ccp
.fsm
.state
== OPENED
||
1146 _this
->ccp
.fsm
.state
== STOPPED
)) {
1147 /* IPCP is opened and MPPE is not required or MPPE is opened */
1148 if (npppd_ppp_pipex_enable(_this
->pppd
, _this
) != 0)
1149 ppp_log(_this
, LOG_WARNING
, "failed enable pipex: %m");
1150 ppp_log(_this
, LOG_NOTICE
, "Using pipex=%s",
1151 (_this
->pipex_enabled
!= 0)? "yes" : "no");
1152 _this
->pipex_started
= 1;
1154 /* else wait CCP or IPCP */
1159 ppp_proto_bit(int proto
)
1162 case PPP_PROTO_IP
: return NPPPD_PROTO_BIT_IP
;
1163 case PPP_PROTO_LCP
: return NPPPD_PROTO_BIT_LCP
;
1164 case PPP_PROTO_PAP
: return NPPPD_PROTO_BIT_PAP
;
1165 case PPP_PROTO_CHAP
: return NPPPD_PROTO_BIT_CHAP
;
1166 case PPP_PROTO_EAP
: return NPPPD_PROTO_BIT_EAP
;
1167 case PPP_PROTO_MPPE
: return NPPPD_PROTO_BIT_MPPE
;
1168 case PPP_PROTO_NCP
| NCP_CCP
: return NPPPD_PROTO_BIT_CCP
;
1169 case PPP_PROTO_NCP
| NCP_IPCP
: return NPPPD_PROTO_BIT_IPCP
;
1174 struct tunnconf tunnconf_default_l2tp
= {
1176 .tcp_mss_adjust
= false,
1178 .ingress_filter
= false,
1179 .lcp_keepalive
= false,
1180 .lcp_keepalive_interval
= DEFAULT_LCP_ECHO_INTERVAL
,
1181 .lcp_keepalive_retry_interval
= DEFAULT_LCP_ECHO_RETRY_INTERVAL
,
1182 .lcp_keepalive_max_retries
= DEFAULT_LCP_ECHO_MAX_RETRIES
,
1183 .auth_methods
= NPPPD_AUTH_METHODS_CHAP
| NPPPD_AUTH_METHODS_MSCHAPV2
,
1185 .mppe_required
= false,
1186 .mppe_keylen
= NPPPD_MPPE_40BIT
| NPPPD_MPPE_56BIT
| NPPPD_MPPE_128BIT
,
1187 .mppe_keystate
= NPPPD_MPPE_STATELESS
| NPPPD_MPPE_STATEFUL
,
1192 .vendor_name
= NULL
,
1194 .ss_family
= AF_INET
,
1195 .ss_len
= sizeof(struct sockaddr_in
)
1197 /* .hello_interval, */
1198 /* .hello_timeout, */
1199 .data_use_seq
= true,
1200 .require_ipsec
= false,
1201 /* .accept_dialin, */
1202 .lcp_renegotiation
= true,
1203 .force_lcp_renegotiation
= false,
1204 /* .ctrl_in_pktdump, */
1205 /* .ctrl_out_pktdump, */
1206 /* .data_in_pktdump, */
1207 /* .data_out_pktdump, */
1211 struct tunnconf tunnconf_default_pptp
= {
1213 .tcp_mss_adjust
= false,
1215 .ingress_filter
= false,
1216 .lcp_keepalive
= true,
1217 .lcp_keepalive_interval
= DEFAULT_LCP_ECHO_INTERVAL
,
1218 .lcp_keepalive_retry_interval
= DEFAULT_LCP_ECHO_RETRY_INTERVAL
,
1219 .lcp_keepalive_max_retries
= DEFAULT_LCP_ECHO_MAX_RETRIES
,
1220 .auth_methods
= NPPPD_AUTH_METHODS_CHAP
| NPPPD_AUTH_METHODS_MSCHAPV2
,
1222 .mppe_required
= true,
1223 .mppe_keylen
= NPPPD_MPPE_40BIT
| NPPPD_MPPE_56BIT
| NPPPD_MPPE_128BIT
,
1224 .mppe_keystate
= NPPPD_MPPE_STATELESS
| NPPPD_MPPE_STATEFUL
,
1229 .vendor_name
= NULL
,
1231 .ss_family
= AF_INET
,
1232 .ss_len
= sizeof(struct sockaddr_in
)
1234 /* .echo_interval, */
1235 /* .echo_timeout, */
1239 struct tunnconf tunnconf_default_pppoe
= {
1241 .tcp_mss_adjust
= false,
1243 .ingress_filter
= false,
1244 .lcp_keepalive
= true,
1245 .lcp_keepalive_interval
= DEFAULT_LCP_ECHO_INTERVAL
,
1246 .lcp_keepalive_retry_interval
= DEFAULT_LCP_ECHO_RETRY_INTERVAL
,
1247 .lcp_keepalive_max_retries
= DEFAULT_LCP_ECHO_MAX_RETRIES
,
1248 .auth_methods
= NPPPD_AUTH_METHODS_CHAP
| NPPPD_AUTH_METHODS_MSCHAPV2
,
1250 .mppe_required
= false,
1251 .mppe_keylen
= NPPPD_MPPE_40BIT
| NPPPD_MPPE_56BIT
| NPPPD_MPPE_128BIT
,
1252 .mppe_keystate
= NPPPD_MPPE_STATELESS
| NPPPD_MPPE_STATEFUL
,
1257 .accept_any_service
= true,
1259 /* .desc_in_pktdump */
1260 /* .desc_out_pktdump */
1261 /* .session_in_pktdump */
1262 /* .session_out_pktdump */
1268 ppp_get_tunnconf(npppd_ppp
*_this
)
1270 struct tunnconf
*conf
;
1272 conf
= npppd_get_tunnconf(_this
->pppd
, _this
->phy_label
);
1276 switch (_this
->tunnel_type
) {
1277 case NPPPD_TUNNEL_L2TP
:
1278 return &tunnconf_default_l2tp
;
1280 case NPPPD_TUNNEL_PPTP
:
1281 return &tunnconf_default_pptp
;
1283 case NPPPD_TUNNEL_PPPOE
:
1284 return &tunnconf_default_pppoe
;