3 files changed, 29 insertions, 6 deletions

diff --git a/accel-pppd/ctrl/sstp/sstp.c b/accel-pppd/ctrl/sstp/sstp.c
index a90ab959..7f60e6de 100644
--- a/accel-pppd/ctrl/sstp/sstp.c
+++ b/accel-pppd/ctrl/sstp/sstp.c
@@ -1483,10 +1483,6 @@ static int sstp_recv_msg_call_connect_request(struct sstp_conn_t *conn, struct s
 		conn->ppp_state = STATE_FINISHED;
 		goto error;
 	}
-
-	if (conn->timeout_timer.tpd)
-		triton_timer_del(&conn->timeout_timer);
-
 	return 0;
 
 error:
@@ -1504,6 +1500,7 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct
 	} __attribute__((packed)) *msg = (void *)hdr;
 	uint8_t hash;
 	unsigned int len;
+	struct npioctl np;
 #ifdef CRYPTO_OPENSSL
 	typeof(*msg) buf;
 	uint8_t md[EVP_MAX_MD_SIZE], *ptr;
@@ -1602,8 +1599,28 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct
 #endif
 	}
 
+	if (conn->timeout_timer.tpd)
+		triton_timer_del(&conn->timeout_timer);
 	conn->sstp_state = STATE_SERVER_CALL_CONNECTED;
 
+	conn->ctrl.ppp_npmode = NPMODE_PASS;
+	switch (conn->ppp_state) {
+	case STATE_STARTED:
+		if (conn->ppp.ses.ipv4) {
+			np.protocol = PPP_IP;
+			np.mode = conn->ctrl.ppp_npmode;
+			if (net->ppp_ioctl(conn->ppp.unit_fd, PPPIOCSNPMODE, &np))
+				log_ppp_error("failed to set NP (IPv4) mode: %s\n", strerror(errno));
+		}
+		if (conn->ppp.ses.ipv6) {
+			np.protocol = PPP_IPV6;
+			np.mode = conn->ctrl.ppp_npmode;
+			if (net->ppp_ioctl(conn->ppp.unit_fd, PPPIOCSNPMODE, &np))
+				log_ppp_error("failed to set NP (IPv6) mode: %s\n", strerror(errno));
+		}
+		break;
+	}
+
 	_free(conn->nonce);
 	conn->nonce = NULL;
 	_free(conn->hlak_key);
@@ -2088,6 +2105,10 @@ static void sstp_timeout(struct triton_timer_t *t)
 	case STATE_CALL_DISCONNECT_ACK_PENDING:
 		triton_context_call(&conn->ctx, (triton_event_func)sstp_disconnect, conn);
 		break;
+	case STATE_SERVER_CONNECT_REQUEST_PENDING:
+	case STATE_SERVER_CALL_CONNECTED_PENDING:
+		log_ppp_warn("sstp: negotiation timeout\n");
+		/* fall through */
 	default:
 		sstp_abort(conn, 0);
 		break;
@@ -2333,6 +2354,7 @@ static int sstp_connect(struct triton_md_handler_t *h)
 		conn->ctrl.max_mtu = conf_ppp_max_mtu;
 		conn->ctrl.type = CTRL_TYPE_SSTP;
 		conn->ctrl.ppp = 1;
+		conn->ctrl.ppp_npmode = NPMODE_DROP;
 		conn->ctrl.name = "sstp";
 		conn->ctrl.ifname = "";
 		conn->ctrl.mppe = MPPE_DENY;
diff --git a/accel-pppd/ifcfg.c b/accel-pppd/ifcfg.c
index d9395478..6ab55051 100644
--- a/accel-pppd/ifcfg.c
+++ b/accel-pppd/ifcfg.c
@@ -158,7 +158,7 @@ void __export ap_session_accounting_started(struct ap_session *ses)
 				ppp = container_of(ses, typeof(*ppp), ses);
 				if (ses->ipv4) {
 					np.protocol = PPP_IP;
-					np.mode = NPMODE_PASS;
+					np.mode = ses->ctrl->ppp_npmode ? : NPMODE_PASS;
 
 					if (net->ppp_ioctl(ppp->unit_fd, PPPIOCSNPMODE, &np))
 						log_ppp_error("failed to set NP (IPv4) mode: %s\n", strerror(errno));
@@ -166,7 +166,7 @@ void __export ap_session_accounting_started(struct ap_session *ses)
 
 				if (ses->ipv6) {
 					np.protocol = PPP_IPV6;
-					np.mode = NPMODE_PASS;
+					np.mode = ses->ctrl->ppp_npmode ? : NPMODE_PASS;
 
 					if (net->ppp_ioctl(ppp->unit_fd, PPPIOCSNPMODE, &np))
 						log_ppp_error("failed to set NP (IPv6) mode: %s\n", strerror(errno));
diff --git a/accel-pppd/include/ap_session.h b/accel-pppd/include/ap_session.h
index 8c79d31d..2af2f040 100644
--- a/accel-pppd/include/ap_session.h
+++ b/accel-pppd/include/ap_session.h
@@ -53,6 +53,7 @@ struct ap_ctrl {
 	char *called_station_id;
 	int dont_ifcfg:1;
 	int ppp:1;
+	int ppp_npmode:2;
 	void (*started)(struct ap_session*);
 	void (*finished)(struct ap_session *);
 	int (*terminate)(struct ap_session *, int hard);