From 88b01cc61f8cbd41162041da7bf206eca7e04b2f Mon Sep 17 00:00:00 2001 From: Kozlov Dmitry Date: Sat, 21 Apr 2012 22:01:56 +0400 Subject: implemented per CTRL mppe config --- accel-pppd/accel-ppp.conf.5 | 6 +++++ accel-pppd/ctrl/l2tp/l2tp.c | 15 +++++++++++ accel-pppd/ctrl/pppoe/pppoe.c | 15 +++++++++++ accel-pppd/ctrl/pptp/pptp.c | 16 +++++++++++ accel-pppd/ppp/ccp_mppe.c | 62 ++++++++++++++++++++++++++++--------------- accel-pppd/ppp/ppp.h | 7 +++++ accel-pppd/ppp/ppp_ccp.c | 1 + 7 files changed, 101 insertions(+), 21 deletions(-) diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 index c622ce3e..4591d669 100644 --- a/accel-pppd/accel-ppp.conf.5 +++ b/accel-pppd/accel-ppp.conf.5 @@ -222,6 +222,8 @@ Specifies maximum number of echo-requests may be sent without valid echo-reply, .BI "timeout=" n Timeout waiting reply from client in seconds (default 5). .TP +.BI "mppe=" deny|allow|prefer|require +.TP .SH [pppoe] .br Configuration of PPPoE module. @@ -264,6 +266,8 @@ Specifies whether to handle TR101 tags. .BI "padi-limit=" n Specifies overall limit of PADI packets to reply in 1 second period (default 0 - unlimited). Rate of per-mac PADI packets is limited to no more than 1 packet per second. .TP +.BI "mppe=" deny|allow|prefer|require +.TP .SH [l2tp] .br Configuration of L2TP module. @@ -291,6 +295,8 @@ If this option is given and .B n is greater of zero then l2tp module will produce verbose logging. .TP +.BI "mppe=" deny|allow|prefer|require +.TP .SH [radius] .br Configuration of RADIUS module. diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index a9ecd588..65cf456c 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -52,6 +52,7 @@ static int conf_retransmit = 5; static int conf_hello_interval = 60; static int conf_dir300_quirk = 0; static const char *conf_host_name = "accel-ppp"; +static int conf_mppe = MPPE_UNSET; static unsigned int stat_active; static unsigned int stat_starting; @@ -310,6 +311,7 @@ static int l2tp_tunnel_alloc(struct l2tp_serv_t *serv, struct l2tp_packet_t *pac conn->ctrl.started = l2tp_ppp_started; conn->ctrl.finished = l2tp_ppp_finished; conn->ctrl.max_mtu = 1420; + conn->ctrl.mppe = conf_mppe; conn->ctrl.calling_station_id = _malloc(17); conn->ctrl.called_station_id = _malloc(17); @@ -1146,6 +1148,19 @@ static void load_config(void) opt = conf_get_opt("l2tp", "dir300_quirk"); if (opt) conf_dir300_quirk = atoi(opt); + + conf_mppe = MPPE_UNSET; + opt = conf_get_opt("l2tp", "mppe"); + if (opt) { + if (strcmp(opt, "deny") == 0) + conf_mppe = MPPE_DENY; + else if (strcmp(opt, "allow") == 0) + conf_mppe = MPPE_ALLOW; + else if (strcmp(opt, "prefer") == 0) + conf_mppe = MPPE_PREFER; + else if (strcmp(opt, "require") == 0) + conf_mppe = MPPE_REQUIRE; + } } static void l2tp_init(void) diff --git a/accel-pppd/ctrl/pppoe/pppoe.c b/accel-pppd/ctrl/pppoe/pppoe.c index e1bc4021..43dc6437 100644 --- a/accel-pppd/ctrl/pppoe/pppoe.c +++ b/accel-pppd/ctrl/pppoe/pppoe.c @@ -80,6 +80,7 @@ int conf_ifname_in_sid; char *conf_pado_delay; int conf_tr101 = 1; int conf_padi_limit = 0; +int conf_mppe = MPPE_UNSET; static mempool_t conn_pool; static mempool_t pado_pool; @@ -263,6 +264,7 @@ static struct pppoe_conn_t *allocate_channel(struct pppoe_serv_t *serv, const ui conn->ctrl.max_mtu = MAX_PPPOE_MTU; conn->ctrl.type = CTRL_TYPE_PPPOE; conn->ctrl.name = "pppoe"; + conn->ctrl.mppe = conf_mppe; conn->ctrl.calling_station_id = _malloc(IFNAMSIZ + 19); conn->ctrl.called_station_id = _malloc(IFNAMSIZ + 19); @@ -1407,6 +1409,19 @@ static void load_config(void) opt = conf_get_opt("pppoe", "padi-limit"); if (opt) conf_padi_limit = atoi(opt); + + conf_mppe = MPPE_UNSET; + opt = conf_get_opt("l2tp", "mppe"); + if (opt) { + if (strcmp(opt, "deny") == 0) + conf_mppe = MPPE_DENY; + else if (strcmp(opt, "allow") == 0) + conf_mppe = MPPE_ALLOW; + else if (strcmp(opt, "prefer") == 0) + conf_mppe = MPPE_PREFER; + else if (strcmp(opt, "require") == 0) + conf_mppe = MPPE_REQUIRE; + } } static void pppoe_init(void) diff --git a/accel-pppd/ctrl/pptp/pptp.c b/accel-pppd/ctrl/pptp/pptp.c index e0875d6f..456b85a4 100644 --- a/accel-pppd/ctrl/pptp/pptp.c +++ b/accel-pppd/ctrl/pptp/pptp.c @@ -58,6 +58,8 @@ static int conf_timeout = 5; static int conf_echo_interval = 0; static int conf_echo_failure = 3; static int conf_verbose = 0; +static int conf_mppe = MPPE_UNSET; + static mempool_t conn_pool; static unsigned int stat_starting; @@ -668,6 +670,7 @@ static int pptp_connect(struct triton_md_handler_t *h) conn->ctrl.max_mtu = PPTP_MAX_MTU; conn->ctrl.type = CTRL_TYPE_PPTP; conn->ctrl.name = "pptp"; + conn->ctrl.mppe = conf_mppe; conn->ctrl.calling_station_id = _malloc(17); conn->ctrl.called_station_id = _malloc(17); @@ -739,6 +742,19 @@ static void load_config(void) opt = conf_get_opt("pptp", "verbose"); if (opt && atoi(opt) > 0) conf_verbose = 1; + + conf_mppe = MPPE_UNSET; + opt = conf_get_opt("pptp", "mppe"); + if (opt) { + if (strcmp(opt, "deny") == 0) + conf_mppe = MPPE_DENY; + else if (strcmp(opt, "allow") == 0) + conf_mppe = MPPE_ALLOW; + else if (strcmp(opt, "prefer") == 0) + conf_mppe = MPPE_PREFER; + else if (strcmp(opt, "require") == 0) + conf_mppe = MPPE_REQUIRE; + } } static void pptp_init(void) diff --git a/accel-pppd/ppp/ccp_mppe.c b/accel-pppd/ppp/ccp_mppe.c index 9099fb0f..7c432842 100644 --- a/accel-pppd/ppp/ccp_mppe.c +++ b/accel-pppd/ppp/ccp_mppe.c @@ -32,7 +32,7 @@ static int mppe_recv_conf_nak(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, u static int mppe_recv_conf_rej(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, uint8_t *ptr); static void mppe_print(void (*print)(const char *fmt,...),struct ccp_option_t*, uint8_t *ptr); -static int conf_mppe = -1; +static int conf_mppe = MPPE_ALLOW; struct mppe_option_t { @@ -59,18 +59,24 @@ static struct ccp_option_t *mppe_init(struct ppp_ccp_t *ccp) { struct mppe_option_t *mppe_opt = _malloc(sizeof(*mppe_opt)); memset(mppe_opt, 0, sizeof(*mppe_opt)); + int mppe; + + if (ccp->ppp->ctrl->mppe == MPPE_UNSET) + mppe = conf_mppe; + else + mppe = ccp->ppp->ctrl->mppe; - if (conf_mppe != -1) - mppe_opt->policy = conf_mppe; + if (mppe != MPPE_ALLOW) + mppe_opt->policy = mppe; else mppe_opt->policy = 1; - if (conf_mppe > 0) + if (mppe > 0) mppe_opt->mppe = 1; else mppe_opt->mppe = -1; - if (conf_mppe == 2) + if (mppe == MPPE_REQUIRE) ccp->ld.passive = 0; mppe_opt->opt.id = CI_MPPE; @@ -165,6 +171,12 @@ static int mppe_recv_conf_req(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, u { struct mppe_option_t *mppe_opt = container_of(opt, typeof(*mppe_opt), opt); struct ccp_opt32_t *opt32 = (struct ccp_opt32_t *)ptr; + int mppe; + + if (ccp->ppp->ctrl->mppe == MPPE_UNSET) + mppe = conf_mppe; + else + mppe = ccp->ppp->ctrl->mppe; if (!ptr) { if (mppe_opt->policy == 2) @@ -181,7 +193,7 @@ static int mppe_recv_conf_req(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, u } else if (mppe_opt->policy == 1) { if (ntohl(opt32->val) == (MPPE_S | MPPE_H)) mppe_opt->mppe = 1; - else if ((ntohl(opt32->val) & (MPPE_S | MPPE_H)) || conf_mppe == 1) { + else if ((ntohl(opt32->val) & (MPPE_S | MPPE_H)) || mppe == 1) { mppe_opt->mppe = 1; return CCP_OPT_NAK; } else if (opt32->val) { @@ -271,6 +283,7 @@ static void ev_mppe_keys(struct ev_mppe_keys_t *ev) { struct ppp_ccp_t *ccp = ccp_find_layer_data(ev->ppp); struct mppe_option_t *mppe_opt = container_of(ccp_find_option(ev->ppp, &mppe_opt_hnd), typeof(*mppe_opt), opt); + int mppe; memcpy(mppe_opt->recv_key, ev->recv_key, 16); memcpy(mppe_opt->send_key, ev->send_key, 16); @@ -284,19 +297,26 @@ static void ev_mppe_keys(struct ev_mppe_keys_t *ev) return; } - mppe_opt->policy = ev->policy; + if (ccp->ppp->ctrl->mppe == MPPE_UNSET) + mppe = conf_mppe; + else + mppe = ev->ppp->ctrl->mppe; - if (ev->policy == 2) { - mppe_opt->mppe = 1; - ccp->ld.passive = 0; - } else if (ev->policy == 1) { - if (conf_mppe == 1) - mppe_opt->mppe = 1; - else - mppe_opt->mppe = -1; + if (ev->ppp->ctrl->mppe == MPPE_UNSET) { + mppe_opt->policy = ev->policy; - if (conf_mppe == 2) - ccp->ld.passive = 1; + if (ev->policy == 2) { + mppe_opt->mppe = 1; + ccp->ld.passive = 0; + } else if (ev->policy == 1) { + if (mppe == 1) + mppe_opt->mppe = 1; + else + mppe_opt->mppe = -1; + + if (mppe == 2) + ccp->ld.passive = 1; + } } } @@ -307,13 +327,13 @@ static void load_config(void) opt = conf_get_opt("ppp", "mppe"); if (opt) { if (!strcmp(opt,"require")) - conf_mppe = 2; + conf_mppe = MPPE_REQUIRE; else if (!strcmp(opt,"prefer") || !strcmp(opt,"prefere")) - conf_mppe = 1; + conf_mppe = MPPE_PREFER; else if (!strcmp(opt,"deny")) - conf_mppe = 0; + conf_mppe = MPPE_DENY; } else - conf_mppe = -1; + conf_mppe = MPPE_ALLOW; } static void mppe_opt_init() diff --git a/accel-pppd/ppp/ppp.h b/accel-pppd/ppp/ppp.h index bb308899..18cb5c21 100644 --- a/accel-pppd/ppp/ppp.h +++ b/accel-pppd/ppp/ppp.h @@ -60,6 +60,12 @@ #define CTRL_TYPE_L2TP 2 #define CTRL_TYPE_PPPOE 3 +#define MPPE_UNSET -2 +#define MPPE_ALLOW -1 +#define MPPE_DENY 0 +#define MPPE_PREFER 1 +#define MPPE_REQUIRE 2 + struct ppp_t; struct ipv4db_item_t; @@ -71,6 +77,7 @@ struct ppp_ctrl_t int type; const char *name; int max_mtu; + int mppe; char *calling_station_id; char *called_station_id; void (*started)(struct ppp_t*); diff --git a/accel-pppd/ppp/ppp_ccp.c b/accel-pppd/ppp/ppp_ccp.c index ee32fbcd..297d9bc7 100644 --- a/accel-pppd/ppp/ppp_ccp.c +++ b/accel-pppd/ppp/ppp_ccp.c @@ -719,6 +719,7 @@ static void ccp_recv(struct ppp_handler_t*h) ppp_fsm_recv_code_rej_bad(&ccp->fsm); break; default: + log_ppp_info2("recv [CCP Unknown code=%x id=%x]\n", hdr->code, hdr->id); ppp_fsm_recv_unk(&ccp->fsm); break; } -- cgit v1.2.3