search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
miniupnpd 1.9 (20160113)
[tomato.git] / release / src / router / xl2tpd / call.c
blobb412abbc0d04d654553e6823b2c141add35d26b4
1 /*
2 * Layer Two Tunnelling Protocol Daemon
3 * Copyright (C) 1998 Adtran, Inc.
4 * Copyright (C) 2002 Jeff McAdams
5 *
6 * Mark Spencer
7 *
8 * This software is distributed under the terms
9 * of the GPL, which you should have received
10 * along with this source.
11 *
12 * Handle a call as a separate thread
13 */
14
15 #include <stdio.h>
16 #include <fcntl.h>
17 #include <sys/socket.h>
18 #include <netinet/in.h>
19 #include <arpa/inet.h>
20 #include <sys/wait.h>
21 #include <stdlib.h>
22 #include <string.h>
23 #include <unistd.h>
24 #include <errno.h>
25 #include <signal.h>
26 #include <termios.h>
27 #include "l2tp.h"
28
29 #include "ipsecmast.h"
30
31 struct buffer *new_payload (struct sockaddr_in peer)
32 {
33 struct buffer *tmp = new_buf (MAX_RECV_SIZE);
34 if (!tmp)
35 return NULL;
36 tmp->peer = peer;
37 tmp->start += sizeof (struct payload_hdr);
38 tmp->len = 0;
39 return tmp;
40 }
41
42 inline void recycle_payload (struct buffer *buf, struct sockaddr_in peer)
43 {
44 buf->start = buf->rstart + sizeof (struct payload_hdr);
45 buf->len = 0;
46 buf->peer = peer;
47 }
48
49 void add_payload_hdr (struct tunnel *t, struct call *c, struct buffer *buf)
50 {
51 struct payload_hdr *p;
52 buf->start -= sizeof (struct payload_hdr);
53 buf->len += sizeof (struct payload_hdr);
54 /* Account for no offset */
55 buf->start += 2;
56 buf->len -= 2;
57 if (!c->fbit && !c->ourfbit)
58 {
59 /* Forget about Ns and Nr fields then */
60 buf->start += 4;
61 buf->len -= 4;
62 }
63 if (!c->lbit)
64 {
65 /* Forget about specifying the length */
66 buf->start += 2;
67 buf->len -= 2;
68 }
69 p = (struct payload_hdr *) buf->start;
70 /* p->ver = htons(c->lbit | c->rbit | c->fbit | c->ourfbit | VER_L2TP); */
71 p->ver = htons (c->lbit | c->fbit | c->ourfbit | VER_L2TP);
72 if (c->lbit)
73 {
74 p->length = htons ((_u16) buf->len);
75 }
76 else
77 {
78 p = (struct payload_hdr *) (((char *) p) - 2);
79 }
80 p->tid = htons (t->tid);
81 p->cid = htons (c->cid);
82 if (c->fbit || c->ourfbit)
83 {
84 p->Ns = htons (c->data_seq_num);
85 p->Nr = htons (c->data_rec_seq_num);
86 }
87 c->data_seq_num++;
88 /* c->rbit=0; */
89 }
90
91 int read_packet (struct buffer *buf, int fd, int convert)
92 {
93 unsigned char c;
94 unsigned char escape = 0;
95 unsigned char *p;
96 static unsigned char rbuf[MAX_RECV_SIZE];
97 static int pos = 0;
98 static int max = 0;
99 int res;
100 int errors = 0;
101
102 /* Read a packet, doing async->sync conversion if necessary */
103 p = buf->start;
104 while (1)
105 {
106 if (pos >= max)
107 {
108 max = read(fd, rbuf, sizeof (rbuf));
109 res = max;
110 pos = 0;
111 }
112 else
113 {
114 res = 1;
115 }
116
117 c = rbuf[pos++];
118
119 /* if there was a short read, then see what is about */
120 if (res < 1)
121 {
122 if (res == 0)
123 {
124 /*
125 * Hmm.. Nothing to read. It happens
126 */
127 return 0;
128 }
129 else if ((errno == EIO) || (errno == EINTR) || (errno == EAGAIN))
130 {
131
132 /*
133 * Oops, we were interrupted!
134 * Or, we ran out of data too soon
135 * anyway, we discared whatever it is we
136 * have
137 */
138 return 0;
139 }
140 errors++;
141 l2tp_log (LOG_DEBUG, "%s: Error %d (%s)\n", __FUNCTION__, errno,
142 strerror (errno));
143 if (errors > 10)
144 {
145 l2tp_log (LOG_DEBUG,
146 "%s: Too many errors. Declaring call dead.\n",
147 __FUNCTION__);
148 pos=0;
149 max=0;
150 return -errno;
151 }
152 continue;
153 }
154
155 switch (c)
156 {
157 case PPP_FLAG:
158 if (escape)
159 {
160 l2tp_log (LOG_DEBUG, "%s: got an escaped PPP_FLAG\n",
161 __FUNCTION__);
162 pos=0;
163 max=0;
164 return -EINVAL;
165 }
166
167 if (convert)
168 {
169 if (buf->len >= 2) {
170 /* must be the end, drop the FCS */
171 buf->len -= 2;
172 }
173 else if (buf->len == 1) {
174 /* Do nothing, just return the single character*/
175 }
176 else {
177 /* if the buffer is empty, then we have the beginning
178 * of a packet, not the end
179 */
180 break;
181 }
182 }
183 else
184 {
185 /* if there is space, then insert the byte */
186 if (buf->len < buf->maxlen)
187 {
188 *p = c;
189 p++;
190 buf->len++;
191 }
192 }
193
194 /* return what we have now */
195 return buf->len;
196
197 case PPP_ESCAPE:
198 escape = PPP_TRANS;
199 if (convert)
200 break;
201
202 /* fall through */
203 default:
204 if (convert)
205 c ^= escape;
206 escape = 0;
207 if (buf->len < buf->maxlen)
208 {
209 *p = c;
210 p++;
211 buf->len++;
212 break;
213 }
214 l2tp_log (LOG_WARNING, "%s: read overrun\n", __FUNCTION__);
215 pos=0;
216 max=0;
217 return -EINVAL;
218 }
219 }
220
221 /* I should never get here */
222 l2tp_log (LOG_WARNING, "%s: You should not see this message. If you do, please enter "
223 "a bug report at http://lists.xelerance.com/mailman/listinfo/xl2tpd", __FUNCTION__);
224 return -EINVAL;
225 }
226
227 void call_close (struct call *c)
228 {
229 struct buffer *buf;
230 struct schedule_entry *se, *ose;
231 struct call *tmp, *tmp2;
232 if (!c || !c->container)
233 {
234 l2tp_log (LOG_DEBUG, "%s: called on null call or containerless call\n",
235 __FUNCTION__);
236 return;
237 }
238 if (c == c->container->self)
239 {
240 /*
241 * We're actually closing the
242 * entire tunnel
243 */
244
245 /* First deschedule any remaining packet transmissions
246 for this tunnel. That means Hello's and any reminaing
247 packets scheduled for transmission. This is a very
248 nasty little piece of code here. */
249
250 se = events;
251 ose = NULL;
252 while (se)
253 {
254 if ((((struct buffer *) se->data)->tunnel == c->container)
255 || ((struct tunnel *) se->data == c->container))
256 {
257 #ifdef DEBUG_CLOSE
258 l2tp_log (LOG_DEBUG, "%s: Descheduling event\n", __FUNCTION__);
259 #endif
260 if (ose)
261 {
262 ose->next = se->next;
263 if ((struct tunnel *) se->data != c->container)
264 toss ((struct buffer *) (se->data));
265 free (se);
266 se = ose->next;
267 }
268 else
269 {
270 events = se->next;
271 if ((struct tunnel *) se->data != c->container)
272 toss ((struct buffer *) (se->data));
273 free (se);
274 se = events;
275 }
276 }
277 else
278 {
279 ose = se;
280 se = se->next;
281 }
282 }
283
284 if (c->closing)
285 {
286 /* Really close this tunnel, as our
287 StopCCN has been ack'd */
288 #ifdef DEBUG_CLOSE
289 l2tp_log (LOG_DEBUG, "%s: Actually closing tunnel %d\n", __FUNCTION__,
290 c->container->ourtid);
291 #endif
292 destroy_tunnel (c->container);
293 return;
294 }
295
296 /*
297 * We need to close, but need to provide reliable delivery
298 * of the final StopCCN. We record our state to know when
299 * we have actually received an ACK on our StopCCN
300 */
301 c->closeSs = c->container->control_seq_num;
302 buf = new_outgoing (c->container);
303 add_message_type_avp (buf, StopCCN);
304 if (c->container->hbit)
305 {
306 mk_challenge (c->container->chal_them.vector, VECTOR_SIZE);
307 add_randvect_avp (buf, c->container->chal_them.vector,
308 VECTOR_SIZE);
309 }
310 add_tunnelid_avp (buf, c->container->ourtid);
311 if (c->result < 0)
312 c->result = RESULT_CLEAR;
313 if (c->error < 0)
314 c->error = 0;
315 add_result_code_avp (buf, c->result, c->error, c->errormsg,
316 strlen (c->errormsg));
317 add_control_hdr (c->container, c, buf);
318 if (gconfig.packet_dump)
319 do_packet_dump (buf);
320 #ifdef DEBUG_CLOSE
321 l2tp_log (LOG_DEBUG, "%s: enqueing close message for tunnel\n",
322 __FUNCTION__);
323 #endif
324 control_xmit (buf);
325 /*
326 * We also need to stop all traffic on any calls contained
327 * within us.
328 */
329 tmp = c->container->call_head;
330 while (tmp)
331 {
332 tmp2 = tmp->next;
333 tmp->needclose = 0;
334 tmp->closing = -1;
335 call_close (tmp);
336 tmp = tmp2;
337 }
338 l2tp_log (LOG_INFO,
339 "Connection %d closed to %s, port %d (%s)\n",
340 c->container->tid,
341 IPADDY (c->container->peer.sin_addr),
342 ntohs (c->container->peer.sin_port), c->errormsg);
343 }
344 else
345 {
346 /*
347 * Just close a call
348 */
349 if (c->zlb_xmit)
350 deschedule (c->zlb_xmit);
351 /* if (c->dethrottle) deschedule(c->dethrottle); */
352 if (c->closing)
353 {
354 #ifdef DEBUG_CLOSE
355 l2tp_log (LOG_DEBUG, "%s: Actually closing call %d\n", __FUNCTION__,
356 c->ourcid);
357 #endif
358 destroy_call (c);
359 return;
360 }
361 c->closeSs = c->container->control_seq_num;
362 buf = new_outgoing (c->container);
363 add_message_type_avp (buf, CDN);
364 if (c->container->hbit)
365 {
366 mk_challenge (c->container->chal_them.vector, VECTOR_SIZE);
367 add_randvect_avp (buf, c->container->chal_them.vector,
368 VECTOR_SIZE);
369 }
370 if (c->result < 0)
371 c->result = RESULT_CLEAR;
372 if (c->error < 0)
373 c->error = 0;
374 add_result_code_avp (buf, c->result, c->error, c->errormsg,
375 strlen (c->errormsg));
376 #ifdef TEST_HIDDEN
377 add_callid_avp (buf, c->ourcid, c->container);
378 #else
379 add_callid_avp (buf, c->ourcid);
380 #endif
381 add_control_hdr (c->container, c, buf);
382 if (gconfig.packet_dump)
383 do_packet_dump (buf);
384 #ifdef DEBUG_CLOSE
385 l2tp_log (LOG_DEBUG, "%s: enqueuing close message for call %d\n",
386 __FUNCTION__, c->ourcid);
387 #endif
388 control_xmit (buf);
389 l2tp_log (LOG_INFO, "%s: Call %d to %s disconnected\n", __FUNCTION__,
390 c->ourcid, IPADDY (c->container->peer.sin_addr));
391 }
392 /*
393 * Note that we're in the process of closing now
394 */
395 c->closing = -1;
396 }
397
398 void destroy_call (struct call *c)
399 {
400 /*
401 * Here, we unconditionally destroy a call.
402 */
403
404 struct call *p;
405 struct timeval tv;
406 pid_t pid;
407 /*
408 * Close the tty
409 */
410 if (c->fd > 0)
411 close (c->fd);
412 /* if (c->dethrottle) deschedule(c->dethrottle); */
413 if (c->zlb_xmit)
414 deschedule (c->zlb_xmit);
415
416 #ifdef IP_ALLOCATION
417 if (c->addr)
418 unreserve_addr (c->addr);
419 #endif
420
421 /*
422 * Kill off pppd and wait for it to
423 * return to us. This should only be called
424 * in rare cases if pppd hasn't already died
425 * voluntarily
426 */
427 pid = c->pppd;
428 if (pid)
429 {
430 /* Set c->pppd to zero to prevent recursion with child_handler */
431 c->pppd = 0;
432 /*
433 * There is a bug in some pppd versions where sending a SIGTERM
434 * does not actually seem to kill pppd, and xl2tpd waits indefinately
435 * using waitpid, not accepting any new connections either. Therefor
436 * we now use some more force and send it a SIGKILL instead of SIGTERM.
437 * One confirmed buggy version of pppd is ppp-2.4.2-6.4.RHEL4
438 * See http://bugs.xelerance.com/view.php?id=739
439 *
440 * Sometimes pppd takes 7 sec to go down! We don't have that much time,
441 * since all other calls are suspended while doing this.
442 */
443
444 #ifdef TRUST_PPPD_TO_DIE
445 #ifdef DEBUG_PPPD
446 l2tp_log (LOG_DEBUG, "Terminating pppd: sending TERM signal to pid %d\n", pid);
447 #endif
448 kill (pid, SIGTERM);
449 #else
450 #ifdef DEBUG_PPPD
451 l2tp_log (LOG_DEBUG, "Terminating pppd: sending KILL signal to pid %d\n", pid);
452 #endif
453 kill (pid, SIGKILL);
454 #endif
455 }
456 if (c->container)
457 {
458 p = c->container->call_head;
459 /*
460 * Remove us from the call list, although
461 * we might not actually be there
462 */
463 if (p)
464 {
465 if (p == c)
466 {
467 c->container->call_head = c->next;
468 c->container->count--;
469 }
470 else
471 {
472 while (p->next && (p->next != c))
473 p = p->next;
474 if (p->next)
475 {
476 p->next = c->next;
477 c->container->count--;
478 }
479 }
480 }
481 }
482 if (c->lac)
483 {
484 c->lac->c = NULL;
485 if (c->lac->redial && (c->lac->rtimeout > 0) && !c->lac->rsched &&
486 c->lac->active)
487 {
488 #ifdef DEBUG_MAGIC
489 l2tp_log (LOG_DEBUG, "Will redial in %d seconds\n",
490 c->lac->rtimeout);
491 #endif
492 tv.tv_sec = c->lac->rtimeout;
493 tv.tv_usec = 0;
494 c->lac->rsched = schedule (tv, magic_lac_dial, c->lac);
495 }
496 }
497
498 free (c);
499 }
500
501
502 struct call *new_call (struct tunnel *parent)
503 {
504 unsigned char entropy_buf[2] = "\0";
505 struct call *tmp = malloc (sizeof (struct call));
506
507 if (!tmp)
508 return NULL;
509 tmp->tx_pkts = 0;
510 tmp->rx_pkts = 0;
511 tmp->tx_bytes = 0;
512 tmp->rx_bytes = 0;
513 tmp->zlb_xmit = NULL;
514 /* tmp->throttle = 0; */
515 /* tmp->dethrottle=NULL; */
516 tmp->prx = 0;
517 /* tmp->rbit = 0; */
518 tmp->msgtype = 0;
519 /* tmp->timeout = 0; */
520 tmp->data_seq_num = 0;
521 tmp->data_rec_seq_num = 0;
522 tmp->pLr = -1;
523 tmp->nego = 0;
524 tmp->debug = 0;
525 tmp->seq_reqd = 0;
526 tmp->state = 0; /* Nothing so far */
527 if (parent->self)
528 {
529 #ifndef TESTING
530 /* while(get_call(parent->ourtid, (tmp->ourcid = (rand() && 0xFFFF)),0,0)); */
531 /* FIXME: What about possibility of multiple random #'s??? */
532 /* tmp->ourcid = (rand () & 0xFFFF); */
533 get_entropy(entropy_buf, 2);
534 {
535 unsigned short *temp;
536 temp = (unsigned short *)entropy_buf;
537 tmp->ourcid = *temp & 0xFFFF;
538 #ifdef DEBUG_ENTROPY
539 l2tp_log(LOG_DEBUG, "ourcid = %u, entropy_buf = %hx\n", tmp->ourcid, *temp);
540 #endif
541 }
542 #else
543 tmp->ourcid = 0x6227;
544 #endif
545 }
546 tmp->dialed[0] = 0;
547 tmp->dialing[0] = 0;
548 tmp->subaddy[0] = 0;
549 tmp->physchan = -1;
550 tmp->serno = 0;
551 tmp->bearer = -1;
552 tmp->cid = -1;
553 tmp->qcid = -1;
554 tmp->container = parent;
555 /* tmp->rws = -1; */
556 tmp->fd = -1;
557 tmp->oldptyconf = malloc (sizeof (struct termios));
558 tmp->pnu = 0;
559 tmp->cnu = 0;
560 tmp->needclose = 0;
561 tmp->closing = 0;
562 tmp->die = 0;
563 tmp->pppd = 0;
564 tmp->error = -1;
565 tmp->result = -1;
566 tmp->errormsg[0] = 0;
567 tmp->fbit = 0;
568 tmp->cid = 0;
569 tmp->lbit = 0;
570 /* Inherit LAC and LNS from parent */
571 tmp->lns = parent->lns;
572 tmp->lac = parent->lac;
573 tmp->addr = 0;
574 /* tmp->ourrws = DEFAULT_RWS_SIZE; */
575 /* if (tmp->ourrws >= 0)
576 tmp->ourfbit = FBIT;
577 else */
578 tmp->ourfbit = 0; /* initialize to 0 since we don't actually use this
579 value at this point anywhere in the code (I don't
580 think) We might just be able to remove it completely */
581 tmp->dial_no[0] = '\0'; /* jz: dialing number for outgoing call */
582 return tmp;
583 }
584
585 struct call *get_tunnel (int tunnel, unsigned int addr, int port)
586 {
587 struct tunnel *st;
588 if (tunnel)
589 {
590 st = tunnels.head;
591 while (st)
592 {
593 if (st->ourtid == tunnel)
594 {
595 return st->self;
596 }
597 st = st->next;
598 }
599 }
600 return NULL;
601 }
602
603 struct call *get_call (int tunnel, int call, struct in_addr addr, int port,
604 IPsecSAref_t refme, IPsecSAref_t refhim)
605 {
606 /*
607 * Figure out which call struct should handle this.
608 * If we have tunnel and call ID's then they are unique.
609 * Otherwise, if the tunnel is 0, look for an existing connection
610 * or create a new tunnel.
611 */
612 struct tunnel *st;
613 struct call *sc;
614 if (tunnel)
615 {
616 st = tunnels.head;
617 while (st)
618 {
619 if (st->ourtid == tunnel &&
620 (gconfig.ipsecsaref==0 ||
621 (st->refhim == refhim
622 || refhim==IPSEC_SAREF_NULL
623 || st->refhim==IPSEC_SAREF_NULL)))
624 {
625 if (call)
626 {
627 sc = st->call_head;
628 while (sc)
629 {
630 /* confirm that this is in fact a call with the right SA! */
631 if (sc->ourcid == call) return sc;
632 sc = sc->next;
633 }
634 l2tp_log (LOG_DEBUG, "%s: can't find call %d in tunnel %d\n (ref=%d/%d)",
635 __FUNCTION__, call, tunnel, refme, refhim);
636 return NULL;
637 }
638 else
639 {
640 return st->self;
641 }
642 }
643 st = st->next;
644 }
645
646 l2tp_log (LOG_INFO, "Can not find tunnel %u (refhim=%u)\n",
647 tunnel, refhim);
648 return NULL;
649 }
650 else
651 {
652 /* You can't specify a call number if you haven't specified
653 a tunnel silly! */
654
655 if (call)
656 {
657 l2tp_log (LOG_WARNING,
658 "%s: call ID specified, but no tunnel ID specified. tossing.\n",
659 __FUNCTION__);
660 return NULL;
661 }
662 /*
663 * Well, nothing appropriate... Let's add a new tunnel, if
664 * we are not at capacity.
665 */
666 if (gconfig.debug_tunnel)
667 {
668 l2tp_log (LOG_DEBUG,
669 "%s: allocating new tunnel for host %s, port %d.\n",
670 __FUNCTION__, IPADDY (addr), ntohs (port));
671 }
672 if (!(st = new_tunnel ()))
673 {
674 l2tp_log (LOG_WARNING,
675 "%s: unable to allocate new tunnel for host %s, port %d.\n",
676 __FUNCTION__, IPADDY (addr), ntohs (port));
677 return NULL;
678 };
679 st->peer.sin_family = AF_INET;
680 st->peer.sin_port = port;
681 st->refme = refme;
682 st->refhim = refhim;
683 st->udp_fd = -1;
684 st->pppox_fd = -1;
685 bcopy (&addr, &st->peer.sin_addr, sizeof (addr));
686 st->next = tunnels.head;
687 tunnels.head = st;
688 tunnels.count++;
689 /* Add route to the peer */
690 memset(&st->rt, 0, sizeof(&st->rt));
691 route_add(st->peer.sin_addr, &st->rt);
692 return st->self;
693 }
694 }
Tomato firmware and modifications.