1 /* $OpenBSD: ppp.c,v 1.32 2024/07/01 07:09:07 yasuoka Exp $ */
2
3 /*-
4 * Copyright (c) 2009 Internet Initiative Japan Inc.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28 /* $Id: ppp.c,v 1.32 2024/07/01 07:09:07 yasuoka Exp $ */
29 /**@file
30 * This file provides PPP(Point-to-Point Protocol, RFC 1661) and
31 * {@link :: _npppd_ppp PPP instance} related functions.
32 */
33 #include <sys/types.h>
34 #include <sys/socket.h>
35 #include <netinet/in.h>
36 #include <net/if_dl.h>
37 #include <arpa/inet.h>
38 #include <stdlib.h>
39 #include <netdb.h>
40 #include <stdio.h>
41 #include <stdarg.h>
42 #include <string.h>
43 #include <unistd.h>
44 #include <errno.h>
45 #include <syslog.h>
46 #include <sys/time.h>
47 #include <time.h>
48 #include <event.h>
49
50 #include "npppd.h"
51 #include "time_utils.h"
52 #include "ppp.h"
53 #include "psm-opt.h"
54 #ifdef USE_NPPPD_RADIUS
55 #include <radius.h>
56 #include "npppd_radius.h"
57 #endif
58
59 #include "debugutil.h"
60
61 #ifdef PPP_DEBUG
62 #define PPP_DBG(x) ppp_log x
63 #define PPP_ASSERT(cond) \
64 if (!(cond)) { \
65 fprintf(stderr, \
66 "\nASSERT(" #cond ") failed on %s() at %s:%d.\n"\
67 , __func__, __FILE__, __LINE__); \
68 abort(); \
69 }
70 #else
71 #define PPP_ASSERT(cond)
72 #define PPP_DBG(x)
73 #endif
74
75 static u_int ppp_seq = 0;
76
77 static void ppp_stop0 (npppd_ppp *);
78 static int ppp_recv_packet (npppd_ppp *, unsigned char *, int, int);
79 static const char *ppp_peer_auth_string (npppd_ppp *);
80 static void ppp_idle_timeout (int, short, void *);
81 #ifdef USE_NPPPD_PIPEX
82 static void ppp_on_network_pipex(npppd_ppp *);
83 #endif
84 static uint32_t ppp_proto_bit(int);
85
86 #define AUTH_IS_PAP(ppp) ((ppp)->peer_auth == PPP_AUTH_PAP)
87 #define AUTH_IS_CHAP(ppp) ((ppp)->peer_auth == PPP_AUTH_CHAP_MD5 ||\
88 (ppp)->peer_auth == PPP_AUTH_CHAP_MS || \
89 (ppp)->peer_auth == PPP_AUTH_CHAP_MS_V2)
90 #define AUTH_IS_EAP(ppp) ((ppp)->peer_auth == PPP_AUTH_EAP)
91
92 /*
93 * About termination procedures:
94 * ppp_lcp_finished LCP is terminated
95 * Terminate-Request by the peer.
96 * Terminate-Request by ourself. (From ppp_stop())
97 * ppp_phy_downed Down the datalink/physical.
98 *
99 * On both cases, ppp_stop0 and ppp_down_others are called.
100 */
101 /** Create a npppd_ppp instance */
102 npppd_ppp *
ppp_create()103 ppp_create()
104 {
105 npppd_ppp *_this;
106
107 if ((_this = calloc(1, sizeof(npppd_ppp))) == NULL) {
108 log_printf(LOG_ERR, "calloc() failed in %s(): %m", __func__ );
109 return NULL;
110 }
111
112 _this->snp.snp_family = AF_INET;
113 _this->snp.snp_len = sizeof(_this->snp);
114 _this->snp.snp_type = SNP_PPP;
115 _this->snp.snp_data_ptr = _this;
116
117 return _this;
118 }
119
120 /**
121 * Initialize the npppd_ppp instance
122 * Set npppd_ppp#mru and npppd_ppp#phy_label before call this function.
123 */
124 int
ppp_init(npppd * pppd,npppd_ppp * _this)125 ppp_init(npppd *pppd, npppd_ppp *_this)
126 {
127 struct tunnconf *conf;
128
129 PPP_ASSERT(_this != NULL);
130 PPP_ASSERT(strlen(_this->phy_label) > 0);
131
132 _this->id = -1;
133 _this->ifidx = -1;
134 _this->has_acf = 1;
135 _this->recv_packet = ppp_recv_packet;
136 _this->id = ppp_seq++;
137 _this->pppd = pppd;
138
139 lcp_init(&_this->lcp, _this);
140
141 conf = ppp_get_tunnconf(_this);
142 _this->mru = conf->mru;
143
144 if (_this->outpacket_buf == NULL) {
145 _this->outpacket_buf = malloc(_this->mru + 64);
146 if (_this->outpacket_buf == NULL){
147 log_printf(LOG_ERR, "malloc() failed in %s(): %m",
148 __func__);
149 return -1;
150 }
151 }
152 _this->adjust_mss = (conf->tcp_mss_adjust)? 1 : 0;
153
154 #ifdef USE_NPPPD_PIPEX
155 _this->use_pipex = (conf->pipex)? 1 : 0;
156 #endif
157 /* load the logging configuration */
158 _this->ingress_filter = (conf->ingress_filter)? 1 : 0;
159
160 #ifdef USE_NPPPD_MPPE
161 mppe_init(&_this->mppe, _this);
162 #endif
163 ccp_init(&_this->ccp, _this);
164 ipcp_init(&_this->ipcp, _this);
165 pap_init(&_this->pap, _this);
166 chap_init(&_this->chap, _this);
167
168 /* load the idle timer configuration */
169 _this->timeout_sec = conf->idle_timeout;
170
171 if (!evtimer_initialized(&_this->idle_event))
172 evtimer_set(&_this->idle_event, ppp_idle_timeout, _this);
173
174 if (conf->lcp_keepalive) {
175 _this->lcp.echo_interval = conf->lcp_keepalive_interval;
176 _this->lcp.echo_retry_interval =
177 conf->lcp_keepalive_retry_interval;
178 _this->lcp.echo_max_retries = conf->lcp_keepalive_max_retries;
179 } else {
180 _this->lcp.echo_interval = 0;
181 _this->lcp.echo_retry_interval = 0;
182 _this->lcp.echo_max_retries = 0;
183 }
184 _this->log_dump_in = (conf->debug_dump_pktin == 0)? 0 : 1;
185 _this->log_dump_out = (conf->debug_dump_pktout == 0)? 0 : 1;
186
187 return 0;
188 }
189
190 static void
ppp_set_tunnel_label(npppd_ppp * _this,char * buf,int lbuf)191 ppp_set_tunnel_label(npppd_ppp *_this, char *buf, int lbuf)
192 {
193 int flag, af;
194 char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
195
196 hbuf[0] = 0;
197 sbuf[0] = 0;
198 af = ((struct sockaddr *)&_this->phy_info)->sa_family;
199 if (af < AF_MAX) {
200 flag = NI_NUMERICHOST;
201 if (af == AF_INET || af == AF_INET6)
202 flag |= NI_NUMERICSERV;
203 if (getnameinfo((struct sockaddr *)&_this->phy_info,
204 ((struct sockaddr *)&_this->phy_info)->sa_len, hbuf,
205 sizeof(hbuf), sbuf, sizeof(sbuf), flag) != 0) {
206 ppp_log(_this, LOG_ERR, "getnameinfo() failed at %s",
207 __func__);
208 strlcpy(hbuf, "0.0.0.0", sizeof(hbuf));
209 strlcpy(sbuf, "0", sizeof(sbuf));
210 }
211 if (af == AF_INET || af == AF_INET6)
212 snprintf(buf, lbuf, "%s:%s", hbuf, sbuf);
213 else
214 snprintf(buf, lbuf, "%s", hbuf);
215 } else if (af == NPPPD_AF_PHONE_NUMBER) {
216 strlcpy(buf,
217 ((npppd_phone_number *)&_this->phy_info)->pn_number, lbuf);
218 }
219 }
220 /**
221 * Start the npppd_ppp.
222 * Set npppd_ppp#phy_context, npppd_ppp#send_packet, npppd_ppp#phy_close and
223 * npppd_ppp#phy_info before call this function.
224 */
225 void
ppp_start(npppd_ppp * _this)226 ppp_start(npppd_ppp *_this)
227 {
228 char label[512];
229
230 PPP_ASSERT(_this != NULL);
231 PPP_ASSERT(_this->recv_packet != NULL);
232 PPP_ASSERT(_this->send_packet != NULL);
233 PPP_ASSERT(_this->phy_close != NULL);
234
235 _this->start_time = time(NULL);
236 _this->start_monotime = get_monosec();
237 /* log the lower layer information */
238 ppp_set_tunnel_label(_this, label, sizeof(label));
239 ppp_log(_this, LOG_INFO, "logtype=Started tunnel=%s(%s)",
240 _this->phy_label, label);
241
242 lcp_lowerup(&_this->lcp);
243 }
244
245 /** Prepare "dialin proxy". Return 0 if "dialin proxy" is not available. */
246 int
ppp_dialin_proxy_prepare(npppd_ppp * _this,dialin_proxy_info * dpi)247 ppp_dialin_proxy_prepare(npppd_ppp *_this, dialin_proxy_info *dpi)
248 {
249 int renego_force, renego;
250 struct tunnconf *conf;
251
252 conf = ppp_get_tunnconf(_this);
253
254 renego = conf->proto.l2tp.lcp_renegotiation;
255 renego_force = conf->proto.l2tp.force_lcp_renegotiation;
256
257 if (renego_force)
258 renego = 1;
259
260 if (lcp_dialin_proxy(&_this->lcp, dpi, renego, renego_force) != 0) {
261 ppp_log(_this, LOG_ERR,
262 "Failed to dialin-proxy, proxied lcp is broken.");
263 return 1;
264 }
265
266 return 0;
267 }
268
269 static void
ppp_down_others(npppd_ppp * _this)270 ppp_down_others(npppd_ppp *_this)
271 {
272 fsm_lowerdown(&_this->ccp.fsm);
273 fsm_lowerdown(&_this->ipcp.fsm);
274
275 npppd_release_ip(_this->pppd, _this);
276 if (AUTH_IS_PAP(_this))
277 pap_stop(&_this->pap);
278 if (AUTH_IS_CHAP(_this))
279 chap_stop(&_this->chap);
280 #ifdef USE_NPPPD_EAP_RADIUS
281 if (AUTH_IS_EAP(_this))
282 eap_stop(&_this->eap);
283 #endif
284 evtimer_del(&_this->idle_event);
285 }
286
287 /**
288 * Stop the PPP and destroy the npppd_ppp instance
289 * @param reason Reason of stopping the PPP. Specify NULL if there is
290 * no special reason. This reason will be used as a
291 * reason field of LCP Terminate-Request message and
292 * notified to the peer.
293 */
294 void
ppp_stop(npppd_ppp * _this,const char * reason)295 ppp_stop(npppd_ppp *_this, const char *reason)
296 {
297
298 PPP_ASSERT(_this != NULL);
299
300 #ifdef USE_NPPPD_RADIUS
301 ppp_set_radius_terminate_cause(_this,
302 RADIUS_TERMNATE_CAUSE_ADMIN_RESET);
303 #endif
304 ppp_set_disconnect_cause(_this, PPP_DISCON_NORMAL, 0, 2 /* by local */,
305 NULL);
306
307 ppp_down_others(_this);
308 fsm_close(&_this->lcp.fsm, reason);
309 }
310
311 /**
312 * Set disconnect cause
313 * @param code disconnect code in {@link ::npppd_ppp_disconnect_code}.
314 * @param proto control protocol number. see RFC3145.
315 * @param direction disconnect direction. see RFC 3145
316 */
317 void
ppp_set_disconnect_cause(npppd_ppp * _this,npppd_ppp_disconnect_code code,int proto,int direction,const char * message)318 ppp_set_disconnect_cause(npppd_ppp *_this, npppd_ppp_disconnect_code code,
319 int proto, int direction, const char *message)
320 {
321 if (_this->disconnect_code == PPP_DISCON_NO_INFORMATION) {
322 _this->disconnect_code = code;
323 _this->disconnect_proto = proto;
324 _this->disconnect_direction = direction;
325 _this->disconnect_message = message;
326 }
327 }
328
329 /** Set RADIUS Acct-Terminate-Cause code */
330 void
ppp_set_radius_terminate_cause(npppd_ppp * _this,int cause)331 ppp_set_radius_terminate_cause(npppd_ppp *_this, int cause)
332 {
333 if (_this->terminate_cause == 0)
334 _this->terminate_cause = cause;
335 }
336
337 static void
ppp_stop0(npppd_ppp * _this)338 ppp_stop0(npppd_ppp *_this)
339 {
340 char mppe_str[BUFSIZ];
341 char label[512];
342
343 #ifdef USE_NPPPD_RADIUS
344 ppp_set_radius_terminate_cause(_this, RADIUS_TERMNATE_CAUSE_NAS_ERROR);
345 #endif
346 ppp_set_disconnect_cause(_this, PPP_DISCON_NORMAL, 0, 1 /* by local */,
347 NULL);
348
349 _this->end_monotime = get_monosec();
350
351 if (_this->phy_close != NULL)
352 _this->phy_close(_this);
353 _this->phy_close = NULL;
354
355 /*
356 * NAT/Blackhole detection for PPTP(GRE)
357 */
358 if (_this->lcp.dialin_proxy != 0 &&
359 _this->lcp.dialin_proxy_lcp_renegotiation == 0) {
360 /* No LCP packets on dialin proxy without LCP renegotiation */
361 } else if (_this->lcp.recv_ress == 0) { /* No responses */
362 if (_this->lcp.recv_reqs == 0) /* No requests */
363 ppp_log(_this, LOG_WARNING, "no PPP frames from the "
364 "peer. router/NAT issue? (may have filtered out)");
365 else
366 ppp_log(_this, LOG_WARNING, "my PPP frames may not "
367 "have arrived at the peer. router/NAT issue? (may "
368 "be the only-first-person problem)");
369 }
370 #ifdef USE_NPPPD_PIPEX
371 if (npppd_ppp_pipex_disable(_this->pppd, _this) != 0)
372 ppp_log(_this, LOG_ERR,
373 "npppd_ppp_pipex_disable() failed: %m");
374 #endif
375
376 ppp_set_tunnel_label(_this, label, sizeof(label));
377 #ifdef USE_NPPPD_MPPE
378 if (_this->mppe_started) {
379 snprintf(mppe_str, sizeof(mppe_str),
380 "mppe=yes mppe_in=%dbits,%s mppe_out=%dbits,%s",
381 _this->mppe.recv.keybits,
382 (_this->mppe.recv.stateless)? "stateless" : "stateful",
383 _this->mppe.send.keybits,
384 (_this->mppe.send.stateless)? "stateless" : "stateful");
385 } else
386 #endif
387 snprintf(mppe_str, sizeof(mppe_str), "mppe=no");
388 ppp_log(_this, LOG_NOTICE,
389 "logtype=TUNNELUSAGE user=\"%s\" duration=%ldsec layer2=%s "
390 "layer2from=%s auth=%s data_in=%llubytes,%upackets "
391 "data_out=%llubytes,%upackets error_in=%u error_out=%u %s "
392 "iface=%s",
393 _this->username[0]? _this->username : "<unknown>",
394 (long)(_this->end_monotime - _this->start_monotime),
395 _this->phy_label, label,
396 _this->username[0]? ppp_peer_auth_string(_this) : "none",
397 (unsigned long long)_this->ibytes, _this->ipackets,
398 (unsigned long long)_this->obytes, _this->opackets,
399 _this->ierrors, _this->oerrors, mppe_str,
400 npppd_ppp_get_iface_name(_this->pppd, _this));
401
402 #ifdef USE_NPPPD_RADIUS
403 npppd_ppp_radius_acct_stop(_this->pppd, _this);
404 #endif
405 npppd_on_ppp_stop(_this->pppd, _this);
406 npppd_ppp_unbind_iface(_this->pppd, _this);
407 #ifdef USE_NPPPD_MPPE
408 mppe_fini(&_this->mppe);
409 #endif
410 evtimer_del(&_this->idle_event);
411
412 npppd_release_ip(_this->pppd, _this);
413 ppp_destroy(_this);
414 }
415
416 /**
417 * Destroy the npppd_ppp instance. Don't use this function after calling
418 * the ppp_start, please use ppp_stop() instead.
419 */
420 void
ppp_destroy(void * ctx)421 ppp_destroy(void *ctx)
422 {
423 npppd_ppp *_this = ctx;
424
425 free(_this->proxy_authen_resp);
426
427 /*
428 * Down/stop the protocols again to make sure they are stopped
429 * even if ppp_stop is done. They might be change their state
430 * by receiving packets from the peer.
431 */
432 fsm_lowerdown(&_this->ccp.fsm);
433 fsm_lowerdown(&_this->ipcp.fsm);
434 pap_stop(&_this->pap);
435 chap_stop(&_this->chap);
436
437 free(_this->outpacket_buf);
438
439 free(_this);
440 }
441
442 /************************************************************************
443 * Protocol events
444 ************************************************************************/
445 static const char *
ppp_peer_auth_string(npppd_ppp * _this)446 ppp_peer_auth_string(npppd_ppp *_this)
447 {
448 switch(_this->peer_auth) {
449 case PPP_AUTH_PAP: return "PAP";
450 case PPP_AUTH_CHAP_MD5: return "MD5-CHAP";
451 case PPP_AUTH_CHAP_MS: return "MS-CHAP";
452 case PPP_AUTH_CHAP_MS_V2: return "MS-CHAP-V2";
453 case PPP_AUTH_EAP: return "EAP";
454 default: return "ERROR";
455 }
456 }
457
458 /** called when the lcp is up */
459 void
ppp_lcp_up(npppd_ppp * _this)460 ppp_lcp_up(npppd_ppp *_this)
461 {
462 #ifdef USE_NPPPD_MPPE
463 if (MPPE_IS_REQUIRED(_this) && !MPPE_MUST_NEGO(_this)) {
464 ppp_log(_this, LOG_ERR, "MPPE is required, auth protocol must "
465 "be MS-CHAP-V2 or EAP");
466 ppp_stop(_this, "Encryption required");
467 return;
468 }
469 #endif
470 /*
471 * Use our MRU value even if the peer insists on larger value.
472 * We set the peer_mtu here, the value will be used as the MTU of the
473 * routing entry. So we will not receive packets larger than the MTU.
474 */
475 if (_this->peer_mru > _this->mru)
476 _this->peer_mru = _this->mru;
477
478 if (_this->peer_auth != 0 && _this->auth_runonce == 0) {
479 if (AUTH_IS_PAP(_this)) {
480 pap_start(&_this->pap);
481 _this->auth_runonce = 1;
482 return;
483 }
484 if (AUTH_IS_CHAP(_this)) {
485 chap_start(&_this->chap);
486 _this->auth_runonce = 1;
487 return;
488 }
489 #ifdef USE_NPPPD_EAP_RADIUS
490 if (AUTH_IS_EAP(_this)) {
491 eap_init(&_this->eap, _this);
492 eap_start(&_this->eap);
493 return;
494 }
495 #endif
496 }
497 if (_this->peer_auth == 0)
498 ppp_auth_ok(_this);
499 }
500
501 /**
502 * This function will be called the LCP is terminated.
503 * (On entering STOPPED or CLOSED state)
504 */
505 void
ppp_lcp_finished(npppd_ppp * _this)506 ppp_lcp_finished(npppd_ppp *_this)
507 {
508 PPP_ASSERT(_this != NULL);
509
510 ppp_down_others(_this);
511
512 fsm_lowerdown(&_this->lcp.fsm);
513 ppp_stop0(_this);
514 }
515
516 /**
517 * This function will be called by the physical layer when it is down.
518 * <p>
519 * Use this function only on such conditions that the physical layer cannot
520 * input or output PPP frames. Use {@link ::ppp_stop()} instead if we can
521 * disconnect PPP gently.</p>
522 */
523 void
ppp_phy_downed(npppd_ppp * _this)524 ppp_phy_downed(npppd_ppp *_this)
525 {
526 PPP_ASSERT(_this != NULL);
527
528 ppp_down_others(_this);
529 fsm_lowerdown(&_this->lcp.fsm);
530 fsm_close(&_this->lcp.fsm, NULL);
531
532 #ifdef USE_NPPPD_RADIUS
533 ppp_set_radius_terminate_cause(_this,
534 RADIUS_TERMNATE_CAUSE_LOST_CARRIER);
535 #endif
536 ppp_stop0(_this);
537 }
538
539 static const char *
proto_name(uint16_t proto)540 proto_name(uint16_t proto)
541 {
542 switch (proto) {
543 case PPP_PROTO_IP: return "ip";
544 case PPP_PROTO_LCP: return "lcp";
545 case PPP_PROTO_PAP: return "pap";
546 case PPP_PROTO_CHAP: return "chap";
547 case PPP_PROTO_EAP: return "eap";
548 case PPP_PROTO_MPPE: return "mppe";
549 case PPP_PROTO_NCP | NCP_CCP: return "ccp";
550 case PPP_PROTO_NCP | NCP_IPCP: return "ipcp";
551 /* following protocols are just for logging */
552 case PPP_PROTO_NCP | NCP_IPV6CP: return "ipv6cp";
553 case PPP_PROTO_ACSP: return "acsp";
554 }
555 return "unknown";
556 }
557
558 /** This function is called on authentication succeed */
559 void
ppp_auth_ok(npppd_ppp * _this)560 ppp_auth_ok(npppd_ppp *_this)
561 {
562 if (npppd_ppp_bind_iface(_this->pppd, _this) != 0) {
563 ppp_log(_this, LOG_WARNING, "No interface binding.");
564 ppp_stop(_this, NULL);
565
566 return;
567 }
568 if (_this->realm != NULL) {
569 npppd_ppp_get_username_for_auth(_this->pppd, _this,
570 _this->username, _this->username);
571 if (!npppd_check_calling_number(_this->pppd, _this)) {
572 ppp_log(_this, LOG_ALERT,
573 "logtype=TUNNELDENY user=\"%s\" "
574 "reason=\"Calling number check is failed\"",
575 _this->username);
576 /* XXX */
577 ppp_stop(_this, NULL);
578 return;
579 }
580 }
581 if (_this->peer_auth != 0) {
582 /* Limit the number of connections per the user */
583 if (!npppd_check_user_max_session(_this->pppd, _this)) {
584 ppp_stop(_this, NULL);
585
586 return;
587 }
588 PPP_ASSERT(_this->realm != NULL);
589 }
590
591 if (!npppd_ppp_iface_is_ready(_this->pppd, _this)) {
592 ppp_log(_this, LOG_WARNING,
593 "interface '%s' is not ready.",
594 npppd_ppp_get_iface_name(_this->pppd, _this));
595 ppp_stop(_this, NULL);
596
597 return;
598 }
599 free(_this->proxy_authen_resp);
600 _this->proxy_authen_resp = NULL;
601
602 fsm_lowerup(&_this->ipcp.fsm);
603 fsm_open(&_this->ipcp.fsm);
604 #ifdef USE_NPPPD_MPPE
605 if (MPPE_MUST_NEGO(_this)) {
606 fsm_lowerup(&_this->ccp.fsm);
607 fsm_open(&_this->ccp.fsm);
608 }
609 #endif
610
611 return;
612 }
613
614 /** timer event handler for idle timer */
615 static void
ppp_idle_timeout(int fd,short evtype,void * context)616 ppp_idle_timeout(int fd, short evtype, void *context)
617 {
618 npppd_ppp *_this;
619
620 _this = context;
621
622 ppp_log(_this, LOG_NOTICE, "Idle timeout(%d sec)", _this->timeout_sec);
623 #ifdef USE_NPPPD_RADIUS
624 ppp_set_radius_terminate_cause(_this,
625 RADIUS_TERMNATE_CAUSE_IDLE_TIMEOUT);
626 #endif
627 ppp_stop(_this, NULL);
628 }
629
630 /** reset the idle-timer. Call this function when the PPP is not idle. */
631 void
ppp_reset_idle_timeout(npppd_ppp * _this)632 ppp_reset_idle_timeout(npppd_ppp *_this)
633 {
634 struct timeval tv;
635
636 evtimer_del(&_this->idle_event);
637 if (_this->timeout_sec > 0) {
638 tv.tv_usec = 0;
639 tv.tv_sec = _this->timeout_sec;
640
641 evtimer_add(&_this->idle_event, &tv);
642 }
643 }
644
645 /** This function is called when IPCP is opened */
646 void
ppp_ipcp_opened(npppd_ppp * _this)647 ppp_ipcp_opened(npppd_ppp *_this)
648 {
649 time_t curr_time;
650
651 curr_time = get_monosec();
652
653 npppd_set_ip_enabled(_this->pppd, _this, 1);
654 if (_this->logged_acct_start == 0) {
655 char label[512], ipstr[64];
656
657 ppp_set_tunnel_label(_this, label, sizeof(label));
658
659 strlcpy(ipstr, " ip=", sizeof(ipstr));
660 strlcat(ipstr, inet_ntoa(_this->ppp_framed_ip_address),
661 sizeof(ipstr));
662 if (_this->ppp_framed_ip_netmask.s_addr != 0xffffffffL) {
663 strlcat(ipstr, ":", sizeof(ipstr));
664 strlcat(ipstr, inet_ntoa(_this->ppp_framed_ip_netmask),
665 sizeof(ipstr));
666 }
667
668 ppp_log(_this, LOG_NOTICE,
669 "logtype=TUNNELSTART user=\"%s\" duration=%lusec layer2=%s "
670 "layer2from=%s auth=%s %s iface=%s%s",
671 _this->username[0]? _this->username : "<unknown>",
672 (long)(curr_time - _this->start_monotime),
673 _this->phy_label, label,
674 _this->username[0]? ppp_peer_auth_string(_this) : "none",
675 ipstr, npppd_ppp_get_iface_name(_this->pppd, _this),
676 (_this->lcp.dialin_proxy != 0)? " dialin_proxy=yes" : ""
677 );
678 #ifdef USE_NPPPD_RADIUS
679 npppd_ppp_radius_acct_start(_this->pppd, _this);
680 #endif
681 npppd_on_ppp_start(_this->pppd, _this);
682
683 _this->logged_acct_start = 1;
684 ppp_reset_idle_timeout(_this);
685 }
686 #ifdef USE_NPPPD_PIPEX
687 ppp_on_network_pipex(_this);
688 #endif
689 }
690
691 /** This function is called when CCP is opened */
692 void
ppp_ccp_opened(npppd_ppp * _this)693 ppp_ccp_opened(npppd_ppp *_this)
694 {
695 #ifdef USE_NPPPD_MPPE
696 if (_this->ccp.mppe_rej == 0) {
697 if (_this->mppe_started == 0) {
698 mppe_start(&_this->mppe);
699 }
700 } else {
701 ppp_log(_this, LOG_INFO, "mppe is rejected by peer");
702 if (_this->mppe.required)
703 ppp_stop(_this, "MPPE is required");
704 }
705 #endif
706 #ifdef USE_NPPPD_PIPEX
707 ppp_on_network_pipex(_this);
708 #endif
709 }
710
711 void
ppp_ccp_stopped(npppd_ppp * _this)712 ppp_ccp_stopped(npppd_ppp *_this)
713 {
714 #ifdef USE_NPPPD_MPPE
715 if (_this->mppe.required) {
716 ppp_stop(_this, NULL);
717 return;
718 }
719 #endif
720 #ifdef USE_NPPPD_PIPEX
721 ppp_on_network_pipex(_this);
722 #endif
723 }
724
725 /************************************************************************
726 * Network I/O related functions
727 ************************************************************************/
728 /**
729 * Receive the PPP packet.
730 * @param flags Indicate information of received packet by bit flags.
731 * {@link ::PPP_IO_FLAGS_MPPE_ENCRYPTED} and
732 * {@link ::PPP_IO_FLAGS_DELAYED} may be used.
733 * @return return 0 on success. return 1 on failure.
734 */
735 static int
ppp_recv_packet(npppd_ppp * _this,unsigned char * pkt,int lpkt,int flags)736 ppp_recv_packet(npppd_ppp *_this, unsigned char *pkt, int lpkt, int flags)
737 {
738 u_char *inp, *inp_proto;
739 uint16_t proto;
740
741 PPP_ASSERT(_this != NULL);
742
743 inp = pkt;
744
745 if (lpkt < 4) {
746 ppp_log(_this, LOG_DEBUG, "%s(): Rcvd short header.", __func__);
747 return 0;
748 }
749
750
751 if (_this->has_acf == 0) {
752 /* nothing to do */
753 } else if (inp[0] == PPP_ALLSTATIONS && inp[1] == PPP_UI) {
754 inp += 2;
755 } else {
756 /*
757 * Address and Control Field Compression
758 */
759 if (!psm_opt_is_accepted(&_this->lcp, acfc) &&
760 _this->logged_no_address == 0) {
761 /*
762 * On packet loss condition, we may receive ACFC'ed
763 * packets before our LCP is opened because the peer's
764 * LCP is opened already.
765 */
766 ppp_log(_this, LOG_INFO,
767 "%s: Rcvd broken frame. ACFC is not accepted, "
768 "but received ppp frame that has no address.",
769 __func__);
770 /*
771 * Log this once because it may be noisy.
772 * For example, Yahama RTX-1000 refuses to use ACFC
773 * but it send PPP frames without the address field.
774 */
775 _this->logged_no_address = 1;
776 }
777 }
778 inp_proto = inp;
779 if ((inp[0] & 0x01) != 0) {
780 /*
781 * Protocol Field Compression
782 */
783 if (!psm_opt_is_accepted(&_this->lcp, pfc)) {
784 ppp_log(_this, LOG_INFO,
785 "%s: Rcvd broken frame. No protocol field: "
786 "%02x %02x", __func__, inp[0], inp[1]);
787 return 1;
788 }
789 GETCHAR(proto, inp);
790 } else {
791 GETSHORT(proto, inp);
792 }
793
794 /*
795 * if the PPP frame is reordered, drop it
796 * unless proto is reorder-tolerant
797 */
798 if (flags & PPP_IO_FLAGS_DELAYED && proto != PPP_PROTO_IP)
799 return 1;
800
801 if (_this->log_dump_in != 0 && debug_get_debugfp() != NULL) {
802 struct tunnconf *conf = ppp_get_tunnconf(_this);
803 if ((ppp_proto_bit(proto) & conf->debug_dump_pktin) != 0) {
804 ppp_log(_this, LOG_DEBUG,
805 "PPP input dump proto=%s(%d/%04x)",
806 proto_name(proto), proto, proto);
807 show_hd(debug_get_debugfp(), pkt, lpkt);
808 }
809 }
810 #ifdef USE_NPPPD_PIPEX
811 if (_this->pipex_enabled != 0 &&
812 _this->tunnel_type == NPPPD_TUNNEL_PPPOE) {
813 switch (proto) {
814 case PPP_PROTO_IP:
815 return 2; /* handled by PIPEX */
816 case PPP_PROTO_NCP | NCP_CCP:
817 if (lpkt - (inp - pkt) < 4)
818 break; /* error but do it on fsm.c */
819 if (*inp == 0x0e || /* Reset-Request */
820 *inp == 0x0f /* Reset-Ack */) {
821 return 2; /* handled by PIPEX */
822 }
823 /* FALLTHROUGH */
824 default:
825 break;
826 }
827 }
828 #endif /* USE_NPPPD_PIPEX */
829
830 switch (proto) {
831 #ifdef USE_NPPPD_MPPE
832 case PPP_PROTO_IP:
833 /* Checks for MPPE */
834 if ((flags & PPP_IO_FLAGS_MPPE_ENCRYPTED) == 0) {
835 if (MPPE_IS_REQUIRED(_this)) {
836 /* MPPE is required but naked ip */
837
838 if (_this->logged_naked_ip == 0) {
839 ppp_log(_this, LOG_INFO,
840 "mppe is required but received "
841 "naked IP.");
842 /* log this once */
843 _this->logged_naked_ip = 1;
844 }
845 /*
846 * Windows sends naked IP packets in condition
847 * such that MPPE is not opened and IPCP is
848 * opened(*1). This occurs at a high
849 * probability when the CCP establishment is
850 * delayed because of packet loss etc. If we
851 * call ppp_stop() here, Windows on the packet
852 * loss condition etc cannot not connect us.
853 * So we don't call ppp_stop() here.
854 * (*1) At least Microsoft Windows 2000
855 * Professional SP4 does.
856 */
857 /*ppp_stop(_this, "Encryption is required.");*/
858
859 return 1;
860 }
861 if (MPPE_RECV_READY(_this)) {
862 /* MPPE is opened but naked ip packet */
863 ppp_log(_this, LOG_WARNING,
864 "mppe is available but received naked IP.");
865 }
866 }
867 /* else input from MPPE */
868 break;
869 case PPP_PROTO_MPPE:
870 #ifdef USE_NPPPD_MPPE
871 if (!MPPE_RECV_READY(_this)) {
872 #else
873 {
874 #endif
875 ppp_log(_this, LOG_ERR,
876 "mppe packet is received but mppe is stopped.");
877 return 1;
878 }
879 break;
880 #endif
881 }
882
883 switch (proto) {
884 case PPP_PROTO_IP:
885 npppd_network_output(_this->pppd, _this, AF_INET, inp,
886 lpkt - (inp - pkt));
887 goto handled;
888 case PPP_PROTO_LCP:
889 fsm_input(&_this->lcp.fsm, inp, lpkt - (inp - pkt));
890 goto handled;
891 case PPP_PROTO_PAP:
892 pap_input(&_this->pap, inp, lpkt - (inp - pkt));
893 goto handled;
894 case PPP_PROTO_CHAP:
895 chap_input(&_this->chap, inp, lpkt - (inp - pkt));
896 goto handled;
897 #ifdef USE_NPPPD_EAP_RADIUS
898 case PPP_PROTO_EAP:
899 eap_input(&_this->eap, inp, lpkt - (inp - pkt));
900 goto handled;
901 #endif
902 #ifdef USE_NPPPD_MPPE
903 case PPP_PROTO_MPPE:
904 #ifdef USE_NPPPD_PIPEX
905 if (_this->pipex_enabled != 0)
906 return -1; /* silent discard */
907 #endif /* USE_NPPPD_PIPEX */
908 mppe_input(&_this->mppe, inp, lpkt - (inp - pkt));
909 goto handled;
910 #endif
911 default:
912 if ((proto & 0xff00) == PPP_PROTO_NCP) {
913 switch (proto & 0xff) {
914 case NCP_CCP: /* Compression */
915 #ifdef USE_NPPPD_MPPE
916 if (MPPE_MUST_NEGO(_this)) {
917 fsm_input(&_this->ccp.fsm, inp,
918 lpkt - (inp - pkt));
919 goto handled;
920 }
921 /* protocol-reject if MPPE is not necessary */
922 #endif
923 break;
924 case NCP_IPCP: /* IPCP */
925 fsm_input(&_this->ipcp.fsm, inp,
926 lpkt - (inp - pkt));
927 goto handled;
928 }
929 }
930 }
931 /* Protocol reject. Log it with protocol number */
932 ppp_log(_this, LOG_INFO, "unhandled protocol %s, %d(%04x)",
933 proto_name(proto), proto, proto);
934
935 if ((flags & PPP_IO_FLAGS_MPPE_ENCRYPTED) != 0) {
936 /*
937 * Don't return a protocol-reject for the packet was encrypted,
938 * because lcp protocol-reject is not encrypted by mppe.
939 */
940 } else {
941 /*
942 * as RFC1661: Rejected-Information MUST be truncated to
943 * comply with the peer's established MRU.
944 */
945 lcp_send_protrej(&_this->lcp, inp_proto,
946 MINIMUM(lpkt - (inp_proto - pkt), NPPPD_MIN_MRU - 32));
947 }
948
949 return 1;
950 handled:
951
952 return 0;
953 }
954
955 /** This function is called to output PPP packets */
956 void
957 ppp_output(npppd_ppp *_this, uint16_t proto, u_char code, u_char id,
958 u_char *datap, int ldata)
959 {
960 u_char *outp;
961 int outlen, hlen, is_lcp = 0;
962
963 outp = _this->outpacket_buf;
964
965 /* No header compressions for LCP */
966 is_lcp = (proto == PPP_PROTO_LCP)? 1 : 0;
967
968 if (_this->has_acf == 0 ||
969 (!is_lcp && psm_peer_opt_is_accepted(&_this->lcp, acfc))) {
970 /*
971 * Don't add ACF(Address and Control Field) if ACF is not
972 * needed on this link or ACFC is negotiated.
973 */
974 } else {
975 PUTCHAR(PPP_ALLSTATIONS, outp);
976 PUTCHAR(PPP_UI, outp);
977 }
978 if (!is_lcp && proto <= 0xff &&
979 psm_peer_opt_is_accepted(&_this->lcp, pfc)) {
980 /*
981 * Protocol Field Compression
982 */
983 PUTCHAR(proto, outp);
984 } else {
985 PUTSHORT(proto, outp);
986 }
987 hlen = outp - _this->outpacket_buf;
988
989 if (_this->mru > 0) {
990 if (MRU_PKTLEN(_this->mru, proto) < ldata) {
991 PPP_DBG((_this, LOG_ERR, "packet too large %d. mru=%d",
992 ldata , _this->mru));
993 _this->oerrors++;
994 PPP_ASSERT("NOT REACHED HERE" == NULL);
995 return;
996 }
997 }
998
999 if (code != 0) {
1000 outlen = ldata + HEADERLEN;
1001
1002 PUTCHAR(code, outp);
1003 PUTCHAR(id, outp);
1004 PUTSHORT(outlen, outp);
1005 } else {
1006 outlen = ldata;
1007 }
1008
1009 if (outp != datap && ldata > 0)
1010 memmove(outp, datap, ldata);
1011
1012 if (_this->log_dump_out != 0 && debug_get_debugfp() != NULL) {
1013 struct tunnconf *conf = ppp_get_tunnconf(_this);
1014 if ((ppp_proto_bit(proto) & conf->debug_dump_pktout) != 0) {
1015 ppp_log(_this, LOG_DEBUG,
1016 "PPP output dump proto=%s(%d/%04x)",
1017 proto_name(proto), proto, proto);
1018 show_hd(debug_get_debugfp(),
1019 _this->outpacket_buf, outlen + hlen);
1020 }
1021 }
1022 _this->send_packet(_this, _this->outpacket_buf, outlen + hlen, 0);
1023 }
1024
1025 /**
1026 * Return the buffer space for PPP output. The returned pointer will be
1027 * adjusted for header compression. The length of the space is larger than
1028 * {@link npppd_ppp#mru}.
1029 */
1030 u_char *
1031 ppp_packetbuf(npppd_ppp *_this, int proto)
1032 {
1033 int save;
1034
1035 save = 0;
1036 if (proto != PPP_PROTO_LCP) {
1037 if (psm_peer_opt_is_accepted(&_this->lcp, acfc))
1038 save += 2;
1039 if (proto <= 0xff && psm_peer_opt_is_accepted(&_this->lcp, pfc))
1040 save += 1;
1041 }
1042 return _this->outpacket_buf + (PPP_HDRLEN - save);
1043 }
1044
1045 /** Record log that begins the label based this instance. */
1046 int
1047 ppp_log(npppd_ppp *_this, int prio, const char *fmt, ...)
1048 {
1049 int status;
1050 char logbuf[BUFSIZ];
1051 va_list ap;
1052
1053 PPP_ASSERT(_this != NULL);
1054
1055 va_start(ap, fmt);
1056 snprintf(logbuf, sizeof(logbuf), "ppp id=%u layer=base %s",
1057 _this->id, fmt);
1058 status = vlog_printf(prio, logbuf, ap);
1059 va_end(ap);
1060
1061 return status;
1062 }
1063
1064 #ifdef USE_NPPPD_PIPEX
1065 /** The callback function on network is available for pipex */
1066 static void
1067 ppp_on_network_pipex(npppd_ppp *_this)
1068 {
1069 if (_this->use_pipex == 0)
1070 return;
1071 if (_this->tunnel_type != NPPPD_TUNNEL_PPTP &&
1072 _this->tunnel_type != NPPPD_TUNNEL_PPPOE &&
1073 _this->tunnel_type != NPPPD_TUNNEL_L2TP)
1074 return;
1075
1076 if (_this->pipex_started != 0)
1077 return; /* already started */
1078
1079 if (_this->assigned_ip4_enabled != 0 &&
1080 (!MPPE_MUST_NEGO(_this) || _this->ccp.fsm.state == OPENED ||
1081 _this->ccp.fsm.state == STOPPED)) {
1082 /* IPCP is opened and MPPE is not required or MPPE is opened */
1083 if (npppd_ppp_pipex_enable(_this->pppd, _this) != 0) {
1084 ppp_log(_this, LOG_WARNING, "failed enable pipex: %m");
1085 /* failed to create pipex session */
1086 ppp_phy_downed(_this);
1087 return;
1088 }
1089 ppp_log(_this, LOG_NOTICE, "Using pipex=%s",
1090 (_this->pipex_enabled != 0)? "yes" : "no");
1091 _this->pipex_started = 1;
1092 }
1093 /* else wait CCP or IPCP */
1094 }
1095 #endif
1096
1097 static uint32_t
1098 ppp_proto_bit(int proto)
1099 {
1100 switch (proto) {
1101 case PPP_PROTO_IP: return NPPPD_PROTO_BIT_IP;
1102 case PPP_PROTO_LCP: return NPPPD_PROTO_BIT_LCP;
1103 case PPP_PROTO_PAP: return NPPPD_PROTO_BIT_PAP;
1104 case PPP_PROTO_CHAP: return NPPPD_PROTO_BIT_CHAP;
1105 case PPP_PROTO_EAP: return NPPPD_PROTO_BIT_EAP;
1106 case PPP_PROTO_MPPE: return NPPPD_PROTO_BIT_MPPE;
1107 case PPP_PROTO_NCP | NCP_CCP: return NPPPD_PROTO_BIT_CCP;
1108 case PPP_PROTO_NCP | NCP_IPCP: return NPPPD_PROTO_BIT_IPCP;
1109 }
1110 return 0;
1111 }
1112
1113 struct tunnconf tunnconf_default_l2tp = {
1114 .mru = 1360,
1115 .tcp_mss_adjust = false,
1116 .pipex = true,
1117 .ingress_filter = false,
1118 .lcp_keepalive = false,
1119 .lcp_keepalive_interval = DEFAULT_LCP_ECHO_INTERVAL,
1120 .lcp_keepalive_retry_interval = DEFAULT_LCP_ECHO_RETRY_INTERVAL,
1121 .lcp_keepalive_max_retries = DEFAULT_LCP_ECHO_MAX_RETRIES,
1122 .auth_methods = NPPPD_AUTH_METHODS_CHAP | NPPPD_AUTH_METHODS_MSCHAPV2,
1123 .mppe_yesno = true,
1124 .mppe_required = false,
1125 .mppe_keylen = NPPPD_MPPE_40BIT | NPPPD_MPPE_56BIT | NPPPD_MPPE_128BIT,
1126 .mppe_keystate = NPPPD_MPPE_STATELESS | NPPPD_MPPE_STATEFUL,
1127 .callnum_check = 0,
1128 .proto = {
1129 .l2tp = {
1130 .hostname = NULL,
1131 .vendor_name = NULL,
1132 .listen = TAILQ_HEAD_INITIALIZER(
1133 tunnconf_default_l2tp.proto.l2tp.listen),
1134 /* .hello_interval, */
1135 /* .hello_timeout, */
1136 .data_use_seq = true,
1137 .require_ipsec = false,
1138 /* .accept_dialin, */
1139 .lcp_renegotiation = true,
1140 .force_lcp_renegotiation = false,
1141 /* .ctrl_in_pktdump, */
1142 /* .ctrl_out_pktdump, */
1143 /* .data_in_pktdump, */
1144 /* .data_out_pktdump, */
1145 }
1146 }
1147 };
1148 struct tunnconf tunnconf_default_pptp = {
1149 .mru = 1400,
1150 .tcp_mss_adjust = false,
1151 .pipex = true,
1152 .ingress_filter = false,
1153 .lcp_keepalive = true,
1154 .lcp_keepalive_interval = DEFAULT_LCP_ECHO_INTERVAL,
1155 .lcp_keepalive_retry_interval = DEFAULT_LCP_ECHO_RETRY_INTERVAL,
1156 .lcp_keepalive_max_retries = DEFAULT_LCP_ECHO_MAX_RETRIES,
1157 .auth_methods = NPPPD_AUTH_METHODS_CHAP | NPPPD_AUTH_METHODS_MSCHAPV2,
1158 .mppe_yesno = true,
1159 .mppe_required = true,
1160 .mppe_keylen = NPPPD_MPPE_40BIT | NPPPD_MPPE_56BIT | NPPPD_MPPE_128BIT,
1161 .mppe_keystate = NPPPD_MPPE_STATELESS | NPPPD_MPPE_STATEFUL,
1162 .callnum_check = 0,
1163 .proto = {
1164 .pptp = {
1165 .hostname = NULL,
1166 .vendor_name = NULL,
1167 .listen = TAILQ_HEAD_INITIALIZER(
1168 tunnconf_default_pptp.proto.pptp.listen),
1169 /* .echo_interval, */
1170 /* .echo_timeout, */
1171 }
1172 }
1173 };
1174 struct tunnconf tunnconf_default_pppoe = {
1175 .mru = 1492,
1176 .tcp_mss_adjust = false,
1177 .pipex = true,
1178 .ingress_filter = false,
1179 .lcp_keepalive = true,
1180 .lcp_keepalive_interval = DEFAULT_LCP_ECHO_INTERVAL,
1181 .lcp_keepalive_retry_interval = DEFAULT_LCP_ECHO_RETRY_INTERVAL,
1182 .lcp_keepalive_max_retries = DEFAULT_LCP_ECHO_MAX_RETRIES,
1183 .auth_methods = NPPPD_AUTH_METHODS_CHAP | NPPPD_AUTH_METHODS_MSCHAPV2,
1184 .mppe_yesno = true,
1185 .mppe_required = false,
1186 .mppe_keylen = NPPPD_MPPE_40BIT | NPPPD_MPPE_56BIT | NPPPD_MPPE_128BIT,
1187 .mppe_keystate = NPPPD_MPPE_STATELESS | NPPPD_MPPE_STATEFUL,
1188 .callnum_check = 0,
1189 .proto = {
1190 .pppoe = {
1191 /* .service_name */
1192 .accept_any_service = true,
1193 /* .ac_name */
1194 /* .desc_in_pktdump */
1195 /* .desc_out_pktdump */
1196 /* .session_in_pktdump */
1197 /* .session_out_pktdump */
1198 }
1199 }
1200 };
1201
1202 struct tunnconf *
1203 ppp_get_tunnconf(npppd_ppp *_this)
1204 {
1205 struct tunnconf *conf;
1206
1207 conf = npppd_get_tunnconf(_this->pppd, _this->phy_label);
1208 if (conf != NULL)
1209 return conf;
1210
1211 switch (_this->tunnel_type) {
1212 case NPPPD_TUNNEL_L2TP:
1213 return &tunnconf_default_l2tp;
1214 break;
1215 case NPPPD_TUNNEL_PPTP:
1216 return &tunnconf_default_pptp;
1217 break;
1218 case NPPPD_TUNNEL_PPPOE:
1219 return &tunnconf_default_pppoe;
1220 break;
1221 }
1222
1223 return NULL;
1224 }
1225