diff options
-rw-r--r-- | accel-pppd/ipdb.h | 2 | ||||
-rw-r--r-- | accel-pppd/ppp/ipcp_opt_ipaddr.c | 7 | ||||
-rw-r--r-- | accel-pppd/ppp/ipv6cp_opt_intfid.c | 279 | ||||
-rw-r--r-- | accel-pppd/ppp/ppp.h | 7 | ||||
-rw-r--r-- | accel-pppd/ppp/ppp_ipv6cp.c | 689 | ||||
-rw-r--r-- | accel-pppd/ppp/ppp_ipv6cp.h | 105 | ||||
-rw-r--r-- | accel-pppd/radius/radius.c | 4 |
7 files changed, 1086 insertions, 7 deletions
diff --git a/accel-pppd/ipdb.h b/accel-pppd/ipdb.h index 3539420..3a717a1 100644 --- a/accel-pppd/ipdb.h +++ b/accel-pppd/ipdb.h @@ -17,7 +17,7 @@ struct ipv6db_item_t { struct ipdb_t *owner; struct in6_addr addr; - struct in6_addr peer_addr; + int prefix_len; }; diff --git a/accel-pppd/ppp/ipcp_opt_ipaddr.c b/accel-pppd/ppp/ipcp_opt_ipaddr.c index 217a080..ac45ac7 100644 --- a/accel-pppd/ppp/ipcp_opt_ipaddr.c +++ b/accel-pppd/ppp/ipcp_opt_ipaddr.c @@ -107,6 +107,9 @@ static int ipaddr_send_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *o if (conf_check_exists && check_exists(ipcp->ppp, ipaddr_opt->ip->peer_addr)) return -1; + ipcp->ppp->ipaddr = ipaddr_opt->ip->addr; + ipcp->ppp->peer_ipaddr = ipaddr_opt->ip->peer_addr; + opt32->hdr.id=CI_ADDR; opt32->hdr.len=6; opt32->val=ipaddr_opt->ip->addr; @@ -132,8 +135,8 @@ static int ipaddr_recv_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *o return IPCP_OPT_REJ; if (ipaddr_opt->ip->peer_addr == opt32->val) { - ipcp->ppp->ipaddr = ipaddr_opt->ip->addr; - ipcp->ppp->peer_ipaddr = ipaddr_opt->ip->peer_addr; + //ipcp->ppp->ipaddr = ipaddr_opt->ip->addr; + //ipcp->ppp->peer_ipaddr = ipaddr_opt->ip->peer_addr; ipcp->delay_ack = ccp_ipcp_started(ipcp->ppp); return IPCP_OPT_ACK; } diff --git a/accel-pppd/ppp/ipv6cp_opt_intfid.c b/accel-pppd/ppp/ipv6cp_opt_intfid.c new file mode 100644 index 0000000..8e6675c --- /dev/null +++ b/accel-pppd/ppp/ipv6cp_opt_intfid.c @@ -0,0 +1,279 @@ +#include <stdlib.h> +#include <stdio.h> +#include <unistd.h> +#include <fcntl.h> +#include <string.h> +#include <errno.h> +#include <endian.h> +#include <sys/socket.h> +#include <sys/ioctl.h> +#include "linux_ppp.h" + +#include <netlink/netlink.h> + +#include "log.h" +#include "events.h" +#include "ppp.h" +#include "ppp_ipv6cp.h" +#include "ipdb.h" + +#include "memdebug.h" + +#define INTF_ID_FIXED 0 +#define INTF_ID_RANDOM 1 + +static int conf_check_exists; +static int conf_intf_id = INTF_ID_FIXED; +static uint64_t conf_intf_id_val = 1; + +// from /usr/include/linux/ipv6.h +struct in6_ifreq { + struct in6_addr ifr6_addr; + __u32 ifr6_prefixlen; + int ifr6_ifindex; +}; + +static int urandom_fd; +static int sock6_fd; + +static struct ipv6cp_option_t *ipaddr_init(struct ppp_ipv6cp_t *ipv6cp); +static void ipaddr_free(struct ppp_ipv6cp_t *ipv6cp, struct ipv6cp_option_t *opt); +static int ipaddr_send_conf_req(struct ppp_ipv6cp_t *ipv6cp, struct ipv6cp_option_t *opt, uint8_t *ptr); +static int ipaddr_send_conf_nak(struct ppp_ipv6cp_t *ipv6cp, struct ipv6cp_option_t *opt, uint8_t *ptr); +static int ipaddr_recv_conf_req(struct ppp_ipv6cp_t *ipv6cp, struct ipv6cp_option_t *opt, uint8_t *ptr); +//static int ipaddr_recv_conf_ack(struct ppp_ipv6cp_t *ipv6cp, struct ipv6cp_option_t *opt, uint8_t *ptr); +static void ipaddr_print(void (*print)(const char *fmt,...),struct ipv6cp_option_t*, uint8_t *ptr); + +struct ipaddr_option_t +{ + struct ipv6cp_option_t opt; + uint64_t intf_id; + struct ipv6db_item_t *ip; + int started:1; +}; + +static struct ipv6cp_option_handler_t ipaddr_opt_hnd = +{ + .init = ipaddr_init, + .send_conf_req = ipaddr_send_conf_req, + .send_conf_nak = ipaddr_send_conf_nak, + .recv_conf_req = ipaddr_recv_conf_req, + .free = ipaddr_free, + .print = ipaddr_print, +}; + +static struct ipv6cp_option_t *ipaddr_init(struct ppp_ipv6cp_t *ipv6cp) +{ + struct ipaddr_option_t *ipaddr_opt = _malloc(sizeof(*ipaddr_opt)); + + memset(ipaddr_opt, 0, sizeof(*ipaddr_opt)); + + ipaddr_opt->opt.id = CI_INTFID; + ipaddr_opt->opt.len = 10; + + switch (conf_intf_id) { + case INTF_ID_FIXED: + ipaddr_opt->intf_id = conf_intf_id_val; + break; + case INTF_ID_RANDOM: + read(urandom_fd, &ipaddr_opt->intf_id, 8); + break; + } + + return &ipaddr_opt->opt; +} + +static void ipaddr_free(struct ppp_ipv6cp_t *ipv6cp, struct ipv6cp_option_t *opt) +{ + struct ipaddr_option_t *ipaddr_opt=container_of(opt,typeof(*ipaddr_opt),opt); + + _free(ipaddr_opt); +} + +static int check_exists(struct ppp_t *self_ppp, struct in6_addr *addr) +{ + struct ppp_t *ppp; + int r = 0; + + pthread_rwlock_rdlock(&ppp_lock); + list_for_each_entry(ppp, &ppp_list, entry) { + if (ppp->terminating) + continue; + if (ppp == self_ppp) + continue; + + if (addr->s6_addr32[0] == ppp->ipv6_addr.s6_addr32[0] && + addr->s6_addr32[1] == ppp->ipv6_addr.s6_addr32[1]) { + log_ppp_warn("ppp:ipv6cp: requested IP already assigned to %s\n", ppp->ifname); + r = 1; + break; + } + } + pthread_rwlock_unlock(&ppp_lock); + + return r; +} + +static int ipaddr_send_conf_req(struct ppp_ipv6cp_t *ipv6cp, struct ipv6cp_option_t *opt, uint8_t *ptr) +{ + struct ipaddr_option_t *ipaddr_opt = container_of(opt, typeof(*ipaddr_opt), opt); + struct ipv6cp_opt64_t *opt64 = (struct ipv6cp_opt64_t *)ptr; + + if (!ipaddr_opt->ip) { + ipaddr_opt->ip = ipdb_get_ipv6(ipv6cp->ppp); + if (!ipaddr_opt->ip) { + log_ppp_warn("ppp:ipv6cp: no free IP address\n"); + return -1; + } + } + + if (conf_check_exists && check_exists(ipv6cp->ppp, &ipaddr_opt->ip->addr)) + return -1; + + opt64->hdr.id = CI_INTFID; + opt64->hdr.len = 10; + opt64->val = ipaddr_opt->intf_id; + return 10; +} + +static int ipaddr_send_conf_nak(struct ppp_ipv6cp_t *ipv6cp, struct ipv6cp_option_t *opt, uint8_t *ptr) +{ + struct ipaddr_option_t *ipaddr_opt = container_of(opt, typeof(*ipaddr_opt), opt); + struct ipv6cp_opt64_t *opt64 = (struct ipv6cp_opt64_t *)ptr; + opt64->hdr.id = CI_INTFID; + opt64->hdr.len = 10; + opt64->val = *(uint64_t *)(&ipaddr_opt->ip->addr.s6_addr32[2]); + return 10; +} + +static int ipaddr_recv_conf_req(struct ppp_ipv6cp_t *ipv6cp, struct ipv6cp_option_t *opt, uint8_t *ptr) +{ + struct ipaddr_option_t *ipaddr_opt = container_of(opt, typeof(*ipaddr_opt), opt); + struct ipv6cp_opt64_t *opt64 = (struct ipv6cp_opt64_t* )ptr; + struct ifreq ifr; + struct in6_ifreq ifr6; + + if (opt64->hdr.len != 10) + return IPV6CP_OPT_REJ; + + if (*(uint64_t *)(&ipaddr_opt->ip->addr.s6_addr32[2]) == opt64->val) + goto ack; + + return IPV6CP_OPT_NAK; + +ack: + if (ipaddr_opt->started) + return IPV6CP_OPT_ACK; + + ipaddr_opt->started = 1; + + //ipv6cp->ppp->ipaddr = ipaddr_opt->ip->addr; + //ipv6cp->ppp->peer_ipaddr = ipaddr_opt->ip->peer_addr; + + //triton_event_fire(EV_PPP_ACCT_START, ipv6cp->ppp); + //if (ipv6cp->ppp->stop_time) + // return IPV6CP_OPT_ACK; + + //triton_event_fire(EV_PPP_PRE_UP, ipv6cp->ppp); + //if (ipv6cp->ppp->stop_time) + // return IPV6CP_OPT_ACK; + + memset(&ifr, 0, sizeof(ifr)); + strcpy(ifr.ifr_name, ipv6cp->ppp->ifname); + + if (ioctl(sock_fd, SIOCGIFINDEX, &ifr)) { + log_ppp_error("ppp:ipv6cp: ioctl(SIOCGIFINDEX): %s\n", strerror(errno)); + return IPV6CP_OPT_REJ; + } + + memset(&ifr6, 0, sizeof(ifr6)); + ifr6.ifr6_addr.s6_addr16[0] = htons(0xfe80); + *(uint64_t *)(ifr6.ifr6_addr.s6_addr + 8) = ipaddr_opt->intf_id; + ifr6.ifr6_prefixlen = 64; + ifr6.ifr6_ifindex = ifr.ifr_ifindex; + + if (ioctl(sock6_fd, SIOCSIFADDR, &ifr6)) { + log_ppp_error("ppp:ipv6cp: ioctl(SIOCSIFADDR): %s\n", strerror(errno)); + return IPV6CP_OPT_REJ; + } + + return IPV6CP_OPT_ACK; +} + +static void ipaddr_print(void (*print)(const char *fmt,...), struct ipv6cp_option_t *opt, uint8_t *ptr) +{ + struct ipaddr_option_t *ipaddr_opt = container_of(opt, typeof(*ipaddr_opt), opt); + struct ipv6cp_opt64_t *opt64 = (struct ipv6cp_opt64_t *)ptr; + struct in6_addr a; + + if (ptr) + *(uint64_t *)(a.s6_addr + 8) = opt64->val; + else + *(uint64_t *)(a.s6_addr + 8) = ipaddr_opt->intf_id; + + print("<addr %x:%x:%x:%x>", ntohs(a.s6_addr16[4]), ntohs(a.s6_addr16[5]), ntohs(a.s6_addr16[6]), ntohs(a.s6_addr16[7])); +} + +static uint64_t parse_intfid(const char *opt) +{ + union { + uint64_t u64; + uint16_t u16[4]; + } u; + + int n[4]; + int i; + + if (sscanf(opt, "%x:%x:%x:%x", &n[0], &n[1], &n[2], &n[3]) != 4) + goto err; + + for (i = 0; i < 4; i++) { + if (n[i] < 0 || n[i] > 0xffff) + goto err; + u.u16[i] = htons(n[i]); + } + + return u.u64; + +err: + log_error("ppp:ipv6cp: failed to parse ipv6-intf-id\n"); + conf_intf_id = INTF_ID_RANDOM; + return 0; +} + +static void load_config(void) +{ + const char *opt; + + opt = conf_get_opt("ppp", "check-ip"); + if (opt && atoi(opt) > 0) + conf_check_exists = 1; + + opt = conf_get_opt("ppp", "ipv6-intf-id"); + if (opt) { + if (!strcmp(opt, "random")) + conf_intf_id = INTF_ID_RANDOM; + else { + conf_intf_id = INTF_ID_FIXED; + conf_intf_id_val = parse_intfid(opt); + } + } +} + +static void init() +{ + sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0); + if (!sock6_fd) { + log_warn("ppp:ipv6cp: kernel doesn't support ipv6\n"); + return; + } + + urandom_fd = open("/dev/urandom", O_RDONLY); + + ipv6cp_option_register(&ipaddr_opt_hnd); + load_config(); + triton_event_register_handler(EV_CONFIG_RELOAD, (triton_event_func)load_config); +} + +DEFINE_INIT(5, init); + diff --git a/accel-pppd/ppp/ppp.h b/accel-pppd/ppp/ppp.h index ae2a7c9..c810e4a 100644 --- a/accel-pppd/ppp/ppp.h +++ b/accel-pppd/ppp/ppp.h @@ -4,6 +4,7 @@ #include <sys/types.h> #include <time.h> #include <pthread.h> +#include <netinet/in.h> #include "triton.h" #include "list.h" @@ -98,8 +99,10 @@ struct ppp_t time_t start_time; time_t stop_time; char *username; - uint32_t ipaddr; - uint32_t peer_ipaddr; + in_addr_t ipaddr; + in_addr_t peer_ipaddr; + struct in6_addr ipv6_addr; + int ipv6_prefix_len; struct ppp_ctrl_t *ctrl; diff --git a/accel-pppd/ppp/ppp_ipv6cp.c b/accel-pppd/ppp/ppp_ipv6cp.c new file mode 100644 index 0000000..a7d2ad2 --- /dev/null +++ b/accel-pppd/ppp/ppp_ipv6cp.c @@ -0,0 +1,689 @@ +#include <stdlib.h> +#include <string.h> +#include <sys/socket.h> +#include <arpa/inet.h> +#include "linux_ppp.h" + +#include "triton.h" + +#include "log.h" + +#include "ppp.h" +#include "ppp_ipv6cp.h" + +#include "memdebug.h" + +struct recv_opt_t +{ + struct list_head entry; + struct ipv6cp_opt_hdr_t *hdr; + int len; + int state; + struct ipv6cp_option_t *lopt; +}; + +static int conf_ipv6 = 2; // 0 - disables, 1 - allow, 2 - require + +static LIST_HEAD(option_handlers); + +static void ipv6cp_layer_up(struct ppp_fsm_t*); +static void ipv6cp_layer_down(struct ppp_fsm_t*); +static int send_conf_req(struct ppp_fsm_t*); +static void send_conf_ack(struct ppp_fsm_t*); +static void send_conf_nak(struct ppp_fsm_t*); +static void send_conf_rej(struct ppp_fsm_t*); +static void ipv6cp_recv(struct ppp_handler_t*); +static void send_term_req(struct ppp_fsm_t *fsm); +static void send_term_ack(struct ppp_fsm_t *fsm); + +static void ipv6cp_options_init(struct ppp_ipv6cp_t *ipv6cp) +{ + struct ipv6cp_option_t *lopt; + struct ipv6cp_option_handler_t *h; + + ipv6cp->conf_req_len = sizeof(struct ipv6cp_hdr_t); + + list_for_each_entry(h,&option_handlers,entry) { + lopt = h->init(ipv6cp); + if (lopt) { + lopt->h = h; + list_add_tail(&lopt->entry, &ipv6cp->options); + ipv6cp->conf_req_len += lopt->len; + } + } +} + +static void ipv6cp_options_free(struct ppp_ipv6cp_t *ipv6cp) +{ + struct ipv6cp_option_t *lopt; + + while (!list_empty(&ipv6cp->options)) { + lopt = list_entry(ipv6cp->options.next, typeof(*lopt), entry); + list_del(&lopt->entry); + lopt->h->free(ipv6cp, lopt); + } +} + +static struct ppp_layer_data_t *ipv6cp_layer_init(struct ppp_t *ppp) +{ + struct ppp_ipv6cp_t *ipv6cp = _malloc(sizeof(*ipv6cp)); + memset(ipv6cp, 0, sizeof(*ipv6cp)); + + log_ppp_debug("ipv6cp_layer_init\n"); + + ipv6cp->ppp = ppp; + ipv6cp->fsm.ppp = ppp; + + ipv6cp->hnd.proto = PPP_IPV6CP; + ipv6cp->hnd.recv = ipv6cp_recv; + + ppp_register_unit_handler(ppp, &ipv6cp->hnd); + + ipv6cp->fsm.proto = PPP_IPV6CP; + ppp_fsm_init(&ipv6cp->fsm); + + ipv6cp->fsm.layer_up = ipv6cp_layer_up; + ipv6cp->fsm.layer_finished = ipv6cp_layer_down; + ipv6cp->fsm.send_conf_req = send_conf_req; + ipv6cp->fsm.send_conf_ack = send_conf_ack; + ipv6cp->fsm.send_conf_nak = send_conf_nak; + ipv6cp->fsm.send_conf_rej = send_conf_rej; + ipv6cp->fsm.send_term_req = send_term_req; + ipv6cp->fsm.send_term_ack = send_term_ack; + + INIT_LIST_HEAD(&ipv6cp->options); + INIT_LIST_HEAD(&ipv6cp->ropt_list); + + ipv6cp->passive = conf_ipv6 == 1; + + ipv6cp_options_init(ipv6cp); + + return &ipv6cp->ld; +} + +int ipv6cp_layer_start(struct ppp_layer_data_t *ld) +{ + struct ppp_ipv6cp_t *ipv6cp = container_of(ld, typeof(*ipv6cp), ld); + + log_ppp_debug("ipv6cp_layer_start\n"); + + if (!conf_ipv6) { + ppp_layer_started(ipv6cp->ppp, &ipv6cp->ld); + return 0; + } + + ppp_fsm_lower_up(&ipv6cp->fsm); + if (ppp_fsm_open(&ipv6cp->fsm)) + return -1; + + return 0; +} + +void ipv6cp_layer_finish(struct ppp_layer_data_t *ld) +{ + struct ppp_ipv6cp_t *ipv6cp = container_of(ld, typeof(*ipv6cp), ld); + + log_ppp_debug("ipv6cp_layer_finish\n"); + + ipv6cp->fsm.fsm_state = FSM_Closed; + + log_ppp_debug("ipv6cp_layer_finished\n"); + ppp_layer_finished(ipv6cp->ppp, &ipv6cp->ld); +} + +void ipv6cp_layer_free(struct ppp_layer_data_t *ld) +{ + struct ppp_ipv6cp_t *ipv6cp = container_of(ld, typeof(*ipv6cp), ld); + + log_ppp_debug("ipv6cp_layer_free\n"); + + ppp_unregister_handler(ipv6cp->ppp, &ipv6cp->hnd); + ipv6cp_options_free(ipv6cp); + ppp_fsm_free(&ipv6cp->fsm); + + _free(ipv6cp); +} + +static void ipv6cp_layer_up(struct ppp_fsm_t *fsm) +{ + struct ppp_ipv6cp_t *ipv6cp = container_of(fsm, typeof(*ipv6cp), fsm); + + log_ppp_debug("ipv6cp_layer_started\n"); + + if (!ipv6cp->started) { + ipv6cp->started = 1; + ppp_layer_started(ipv6cp->ppp, &ipv6cp->ld); + } +} + +static void ipv6cp_layer_down(struct ppp_fsm_t *fsm) +{ + struct ppp_ipv6cp_t *ipv6cp = container_of(fsm, typeof(*ipv6cp), fsm); + + log_ppp_debug("ipv6cp_layer_finished\n"); + + if (ipv6cp->started) { + ipv6cp->started = 0; + ppp_layer_finished(ipv6cp->ppp, &ipv6cp->ld); + } else + ppp_terminate(ipv6cp->ppp, TERM_NAS_ERROR, 0); +} + +static void print_ropt(struct recv_opt_t *ropt) +{ + int i; + uint8_t *ptr = (uint8_t*)ropt->hdr; + + log_ppp_info2("<"); + for (i = 0; i < ropt->len; i++) { + log_ppp_info2(" %x", ptr[i]); + } + log_ppp_info2(" >"); +} + +static int send_conf_req(struct ppp_fsm_t *fsm) +{ + struct ppp_ipv6cp_t *ipv6cp = container_of(fsm, typeof(*ipv6cp), fsm); + uint8_t *buf = _malloc(ipv6cp->conf_req_len), *ptr = buf; + struct ipv6cp_hdr_t *ipv6cp_hdr = (struct ipv6cp_hdr_t*)ptr; + struct ipv6cp_option_t *lopt; + int n; + + if (ipv6cp->passive) + return 0; + + ipv6cp_hdr->proto = htons(PPP_IPV6CP); + ipv6cp_hdr->code = CONFREQ; + ipv6cp_hdr->id = ++ipv6cp->fsm.id; + ipv6cp_hdr->len = 0; + + ptr += sizeof(*ipv6cp_hdr); + + list_for_each_entry(lopt, &ipv6cp->options, entry) { + n = lopt->h->send_conf_req(ipv6cp, lopt, ptr); + if (n < 0) + return -1; + if (n) { + ptr += n; + lopt->print = 1; + } else + lopt->print = 0; + } + + if (conf_ppp_verbose) { + log_ppp_info2("send [IPV6CP ConfReq id=%x", ipv6cp_hdr->id); + list_for_each_entry(lopt,&ipv6cp->options,entry) { + if (lopt->print) { + log_ppp_info2(" "); + lopt->h->print(log_ppp_info2, lopt, NULL); + } + } + log_ppp_info2("]\n"); + } + + ipv6cp_hdr->len = htons(ptr - buf - 2); + ppp_unit_send(ipv6cp->ppp, ipv6cp_hdr, ptr - buf); + + _free(buf); + + return 0; +} + +static void send_conf_ack(struct ppp_fsm_t *fsm) +{ + struct ppp_ipv6cp_t *ipv6cp = container_of(fsm, typeof(*ipv6cp), fsm); + struct ipv6cp_hdr_t *hdr = (struct ipv6cp_hdr_t*)ipv6cp->ppp->buf; + + hdr->code = CONFACK; + + if (conf_ppp_verbose) + log_ppp_info2("send [IPV6CP ConfAck id=%x]\n", ipv6cp->fsm.recv_id); + + ppp_unit_send(ipv6cp->ppp, hdr, ntohs(hdr->len) + 2); +} + +static void send_conf_nak(struct ppp_fsm_t *fsm) +{ + struct ppp_ipv6cp_t *ipv6cp = container_of(fsm, typeof(*ipv6cp), fsm); + uint8_t *buf = _malloc(ipv6cp->conf_req_len), *ptr = buf, *ptr1; + struct ipv6cp_hdr_t *ipv6cp_hdr = (struct ipv6cp_hdr_t*)ptr; + struct recv_opt_t *ropt; + + if (conf_ppp_verbose) + log_ppp_info2("send [IPV6CP ConfNak id=%x", ipv6cp->fsm.recv_id); + + ipv6cp_hdr->proto = htons(PPP_IPV6CP); + ipv6cp_hdr->code = CONFNAK; + ipv6cp_hdr->id = ipv6cp->fsm.recv_id; + ipv6cp_hdr->len = 0; + + ptr += sizeof(*ipv6cp_hdr); + + list_for_each_entry(ropt, &ipv6cp->ropt_list, entry) { + if (ropt->state == IPV6CP_OPT_NAK) { + ptr1 = ptr; + ptr += ropt->lopt->h->send_conf_nak(ipv6cp, ropt->lopt, ptr); + if (conf_ppp_verbose) { + log_ppp_info2(" "); + ropt->lopt->h->print(log_ppp_info2, ropt->lopt, ptr1); + } + } + } + + if (conf_ppp_verbose) + log_ppp_info2("]\n"); + + ipv6cp_hdr->len = htons(ptr-buf-2); + ppp_unit_send(ipv6cp->ppp, ipv6cp_hdr, ptr - buf); + + _free(buf); +} + +static void send_conf_rej(struct ppp_fsm_t *fsm) +{ + struct ppp_ipv6cp_t *ipv6cp = container_of(fsm, typeof(*ipv6cp), fsm); + uint8_t *buf = _malloc(ipv6cp->ropt_len + sizeof(struct ipv6cp_hdr_t)), *ptr = buf; + struct ipv6cp_hdr_t *ipv6cp_hdr = (struct ipv6cp_hdr_t*)ptr; + struct recv_opt_t *ropt; + + if (conf_ppp_verbose) + log_ppp_info2("send [IPV6CP ConfRej id=%x", ipv6cp->fsm.recv_id); + + ipv6cp_hdr->proto = htons(PPP_IPV6CP); + ipv6cp_hdr->code = CONFREJ; + ipv6cp_hdr->id = ipv6cp->fsm.recv_id; + ipv6cp_hdr->len = 0; + + ptr += sizeof(*ipv6cp_hdr); + + list_for_each_entry(ropt, &ipv6cp->ropt_list, entry) { + if (ropt->state == IPV6CP_OPT_REJ) { + if (conf_ppp_verbose) { + log_ppp_info2(" "); + if (ropt->lopt) + ropt->lopt->h->print(log_ppp_info2, ropt->lopt, (uint8_t*)ropt->hdr); + else + print_ropt(ropt); + } + memcpy(ptr, ropt->hdr, ropt->len); + ptr += ropt->len; + } + } + + if (conf_ppp_verbose) + log_ppp_info2("]\n"); + + ipv6cp_hdr->len = htons(ptr - buf - 2); + ppp_unit_send(ipv6cp->ppp, ipv6cp_hdr, ptr-buf); + + _free(buf); +} + +static int ipv6cp_recv_conf_req(struct ppp_ipv6cp_t *ipv6cp, uint8_t *data, int size) +{ + struct ipv6cp_opt_hdr_t *hdr; + struct recv_opt_t *ropt; + struct ipv6cp_option_t *lopt; + int r,ret = 1; + + ipv6cp->ropt_len = size; + + while (size > 0) { + hdr = (struct ipv6cp_opt_hdr_t *)data; + + ropt = _malloc(sizeof(*ropt)); + memset(ropt, 0, sizeof(*ropt)); + + if (hdr->len > size) + ropt->len = size; + else + ropt->len = hdr->len; + ropt->hdr = hdr; + ropt->state = IPV6CP_OPT_NONE; + list_add_tail(&ropt->entry, &ipv6cp->ropt_list); + + data += ropt->len; + size -= ropt->len; + } + + list_for_each_entry(lopt, &ipv6cp->options, entry) + lopt->state=IPV6CP_OPT_NONE; + + if (conf_ppp_verbose) { + log_ppp_info2("recv [IPV6CP ConfReq id=%x", ipv6cp->fsm.recv_id); + + list_for_each_entry(ropt, &ipv6cp->ropt_list, entry) { + list_for_each_entry(lopt, &ipv6cp->options, entry) { + if (lopt->id == ropt->hdr->id) { + ropt->lopt = lopt; + log_ppp_info2(" "); + lopt->h->print(log_ppp_info2, lopt, (uint8_t*)ropt->hdr); + break; + } + } + if (!ropt->lopt) { + log_ppp_info2(" "); + print_ropt(ropt); + } + } + log_ppp_info2("]\n"); + } + + list_for_each_entry(ropt, &ipv6cp->ropt_list, entry) { + list_for_each_entry(lopt, &ipv6cp->options, entry) { + if (lopt->id == ropt->hdr->id) { + r = lopt->h->recv_conf_req(ipv6cp, lopt, (uint8_t*)ropt->hdr); + if (ipv6cp->ppp->stop_time) + return -1; + lopt->state = r; + ropt->state = r; + ropt->lopt = lopt; + if (r < ret) + ret = r; + break; + } + } + if (!ropt->lopt) { + ropt->state = IPV6CP_OPT_REJ; + ret = IPV6CP_OPT_REJ; + } + } + + + /*list_for_each_entry(lopt,&ipv6cp->options,entry) + { + if (lopt->state==IPV6CP_OPT_NONE) + { + r=lopt->h->recv_conf_req(ipv6cp,lopt,NULL); + lopt->state=r; + if (r<ret) ret=r; + } + }*/ + + return ret; +} + +static void ipv6cp_free_conf_req(struct ppp_ipv6cp_t *ipv6cp) +{ + struct recv_opt_t *ropt; + + while (!list_empty(&ipv6cp->ropt_list)) { + ropt = list_entry(ipv6cp->ropt_list.next, typeof(*ropt), entry); + list_del(&ropt->entry); + _free(ropt); + } +} + +static int ipv6cp_recv_conf_rej(struct ppp_ipv6cp_t *ipv6cp, uint8_t *data, int size) +{ + struct ipv6cp_opt_hdr_t *hdr; + struct ipv6cp_option_t *lopt; + int res = 0; + + if (conf_ppp_verbose) + log_ppp_info2("recv [IPV6CP ConfRej id=%x", ipv6cp->fsm.recv_id); + + if (ipv6cp->fsm.recv_id != ipv6cp->fsm.id) { + if (conf_ppp_verbose) + log_ppp_info2(": id mismatch ]\n"); + return 0; + } + + while (size > 0) { + hdr = (struct ipv6cp_opt_hdr_t *)data; + + list_for_each_entry(lopt, &ipv6cp->options, entry) { + if (lopt->id == hdr->id) { + if (!lopt->h->recv_conf_rej) + res = -1; + else if (lopt->h->recv_conf_rej(ipv6cp, lopt, data)) + res = -1; + break; + } + } + + data += hdr->len; + size -= hdr->len; + } + + if (conf_ppp_verbose) + log_ppp_info2("]\n"); + + return res; +} + +static int ipv6cp_recv_conf_nak(struct ppp_ipv6cp_t *ipv6cp, uint8_t *data, int size) +{ + struct ipv6cp_opt_hdr_t *hdr; + struct ipv6cp_option_t *lopt; + int res = 0; + + if (conf_ppp_verbose) + log_ppp_info2("recv [IPV6CP ConfNak id=%x", ipv6cp->fsm.recv_id); + + if (ipv6cp->fsm.recv_id != ipv6cp->fsm.id) { + if (conf_ppp_verbose) + log_ppp_info2(": id mismatch ]\n"); + return 0; + } + + while (size > 0) { + hdr = (struct ipv6cp_opt_hdr_t *)data; + + list_for_each_entry(lopt, &ipv6cp->options, entry) { + if (lopt->id == hdr->id) { + if (conf_ppp_verbose) { + log_ppp_info2(" "); + lopt->h->print(log_ppp_info2,lopt,data); + } + if (lopt->h->recv_conf_nak && lopt->h->recv_conf_nak(ipv6cp, lopt, data)) + res =- 1; + break; + } + } + + data += hdr->len; + size -= hdr->len; + } + + if (conf_ppp_verbose) + log_ppp_info2("]\n"); + + return res; +} + +static int ipv6cp_recv_conf_ack(struct ppp_ipv6cp_t *ipv6cp, uint8_t *data, int size) +{ + struct ipv6cp_opt_hdr_t *hdr; + struct ipv6cp_option_t *lopt; + int res = 0; + + if (conf_ppp_verbose) + log_ppp_info2("recv [IPV6CP ConfAck id=%x", ipv6cp->fsm.recv_id); + + if (ipv6cp->fsm.recv_id != ipv6cp->fsm.id) { + if (conf_ppp_verbose) + log_ppp_info2(": id mismatch ]\n"); + return 0; + } + + while (size > 0) { + hdr = (struct ipv6cp_opt_hdr_t *)data; + + list_for_each_entry(lopt, &ipv6cp->options, entry) { + if (lopt->id == hdr->id) { + if (conf_ppp_verbose) { + log_ppp_info2(" "); + lopt->h->print(log_ppp_info2, lopt, data); + } + if (!lopt->h->recv_conf_ack) + break; + if (lopt->h->recv_conf_ack(ipv6cp, lopt, data)) + res = -1; + break; + } + } + + data += hdr->len; + size -= hdr->len; + } + + if (conf_ppp_verbose) + log_ppp_info2("]\n"); + + return res; +} + +static void send_term_req(struct ppp_fsm_t *fsm) +{ + struct ppp_ipv6cp_t *ipv6cp = container_of(fsm, typeof(*ipv6cp), fsm); + struct ipv6cp_hdr_t hdr = { + .proto = htons(PPP_IPV6CP), + .code = TERMREQ, + .id = ++ipv6cp->fsm.id, + .len = htons(4), + }; + + if (conf_ppp_verbose) + log_ppp_info2("send [IPV6CP TermReq id=%i]\n", hdr.id); + + ppp_unit_send(ipv6cp->ppp, &hdr, 6); +} + +static void send_term_ack(struct ppp_fsm_t *fsm) +{ + struct ppp_ipv6cp_t *ipv6cp = container_of(fsm, typeof(*ipv6cp), fsm); + struct ipv6cp_hdr_t hdr = { + .proto = htons(PPP_IPV6CP), + .code = TERMACK, + .id = ipv6cp->fsm.recv_id, + .len = htons(4), + }; + + if (conf_ppp_verbose) + log_ppp_info2("send [IPV6CP TermAck id=%i]\n", hdr.id); + + ppp_unit_send(ipv6cp->ppp, &hdr, 6); +} + +static void ipv6cp_recv(struct ppp_handler_t*h) +{ + struct ipv6cp_hdr_t *hdr; + struct ppp_ipv6cp_t *ipv6cp = container_of(h, typeof(*ipv6cp), hnd); + int r; + + if (!conf_ipv6) { + lcp_send_proto_rej(ipv6cp->ppp, PPP_IPV6CP); + return; + } + + if (ipv6cp->fsm.fsm_state == FSM_Initial || ipv6cp->fsm.fsm_state == FSM_Closed || ipv6cp->ppp->terminating) { + if (conf_ppp_verbose) + log_ppp_warn("IPV6CP: discarding packet\n"); + return; + } + + if (ipv6cp->ppp->buf_size < PPP_HEADERLEN + 2) { + log_ppp_warn("IPV6CP: short packet received\n"); + return; + } + + hdr = (struct ipv6cp_hdr_t *)ipv6cp->ppp->buf; + if (ntohs(hdr->len) < PPP_HEADERLEN) { + log_ppp_warn("IPV6CP: short packet received\n"); + return; + } + + ipv6cp->fsm.recv_id = hdr->id; + switch(hdr->code) { + case CONFREQ: + r = ipv6cp_recv_conf_req(ipv6cp,(uint8_t*)(hdr + 1), ntohs(hdr->len) - PPP_HDRLEN); + if (ipv6cp->ppp->stop_time) { + ipv6cp_free_conf_req(ipv6cp); + return; + } + switch(r) { + case IPV6CP_OPT_ACK: + ppp_fsm_recv_conf_req_ack(&ipv6cp->fsm); + break; + case IPV6CP_OPT_NAK: + ppp_fsm_recv_conf_req_nak(&ipv6cp->fsm); + break; + case IPV6CP_OPT_REJ: + ppp_fsm_recv_conf_req_rej(&ipv6cp->fsm); + break; + } + ipv6cp_free_conf_req(ipv6cp); + if (r == IPV6CP_OPT_FAIL) + ppp_terminate(ipv6cp->ppp, TERM_USER_ERROR, 0); + else if (ipv6cp->passive) { + ipv6cp->passive = 0; + send_conf_req(&ipv6cp->fsm); + } + break; + case CONFACK: + if (ipv6cp_recv_conf_ack(ipv6cp,(uint8_t*)(hdr + 1), ntohs(hdr->len) - PPP_HDRLEN)) + ppp_terminate(ipv6cp->ppp, TERM_USER_ERROR, 0); + else + ppp_fsm_recv_conf_ack(&ipv6cp->fsm); + break; + case CONFNAK: + ipv6cp_recv_conf_nak(ipv6cp,(uint8_t*)(hdr + 1), ntohs(hdr->len) - PPP_HDRLEN); + ppp_fsm_recv_conf_rej(&ipv6cp->fsm); + break; + case CONFREJ: + if (ipv6cp_recv_conf_rej(ipv6cp, (uint8_t*)(hdr + 1), ntohs(hdr->len) - PPP_HDRLEN)) + ppp_terminate(ipv6cp->ppp, TERM_USER_ERROR, 0); + else + ppp_fsm_recv_conf_rej(&ipv6cp->fsm); + break; + case TERMREQ: + if (conf_ppp_verbose) + log_ppp_info2("recv [IPV6CP TermReq id=%x]\n", hdr->id); + ppp_fsm_recv_term_req(&ipv6cp->fsm); + break; + case TERMACK: + if (conf_ppp_verbose) + log_ppp_info2("recv [IPV6CP TermAck id=%x]\n", hdr->id); + //ppp_fsm_recv_term_ack(&ipv6cp->fsm); + //ppp_terminate(ipv6cp->ppp, 0); + break; + case CODEREJ: + if (conf_ppp_verbose) + log_ppp_info2("recv [IPV6CP CodeRej id=%x]\n", hdr->id); + ppp_fsm_recv_code_rej_bad(&ipv6cp->fsm); + break; + default: + ppp_fsm_recv_unk(&ipv6cp->fsm); + break; + } +} + +int ipv6cp_option_register(struct ipv6cp_option_handler_t *h) +{ + /*struct ipv6cp_option_drv_t *p; + + list_for_each_entry(p,option_drv_list,entry) + if (p->id==h->id) + return -1;*/ + + list_add_tail(&h->entry, &option_handlers); + + return 0; +} + +static struct ppp_layer_t ipv6cp_layer = +{ + .init = ipv6cp_layer_init, + .start = ipv6cp_layer_start, + .finish = ipv6cp_layer_finish, + .free = ipv6cp_layer_free, +}; + +static void ipv6cp_init(void) +{ + ppp_register_layer("ipv6cp", &ipv6cp_layer); +} + +DEFINE_INIT(4, ipv6cp_init); + diff --git a/accel-pppd/ppp/ppp_ipv6cp.h b/accel-pppd/ppp/ppp_ipv6cp.h new file mode 100644 index 0000000..e688e6c --- /dev/null +++ b/accel-pppd/ppp/ppp_ipv6cp.h @@ -0,0 +1,105 @@ +#ifndef PPP_IPV6CP_H +#define PPP_IPV6CP_H + +#include <stdint.h> + +#include "triton.h" +#include "ppp_fsm.h" +/* + * Options. + */ +#define CI_INTFID 1 + +struct ipv6cp_hdr_t +{ + uint16_t proto; + uint8_t code; + uint8_t id; + uint16_t len; +} __attribute__((packed)); + +struct ipv6cp_opt_hdr_t +{ + uint8_t id; + uint8_t len; +} __attribute__((packed)); + +struct ipv6cp_opt8_t +{ + struct ipv6cp_opt_hdr_t hdr; + uint8_t val; +} __attribute__((packed)); + +struct ipv6cp_opt16_t +{ + struct ipv6cp_opt_hdr_t hdr; + uint16_t val; +} __attribute__((packed)); + +struct ipv6cp_opt32_t +{ + struct ipv6cp_opt_hdr_t hdr; + uint32_t val; +} __attribute__((packed)); + +struct ipv6cp_opt64_t +{ + struct ipv6cp_opt_hdr_t hdr; + uint64_t val; +} __attribute__((packed)); + + +#define IPV6CP_OPT_NONE 0 +#define IPV6CP_OPT_ACK 1 +#define IPV6CP_OPT_NAK -1 +#define IPV6CP_OPT_REJ -2 +#define IPV6CP_OPT_FAIL -3 + +struct ppp_ipv6cp_t; +struct ipv6cp_option_handler_t; + +struct ipv6cp_option_t +{ + struct list_head entry; + int id; + int len; + int state; + int print:1; + struct ipv6cp_option_handler_t *h; +}; + +struct ipv6cp_option_handler_t +{ + struct list_head entry; + struct ipv6cp_option_t* (*init)(struct ppp_ipv6cp_t*); + int (*send_conf_req)(struct ppp_ipv6cp_t*,struct ipv6cp_option_t*,uint8_t*); + int (*send_conf_rej)(struct ppp_ipv6cp_t*,struct ipv6cp_option_t*,uint8_t*); + int (*send_conf_nak)(struct ppp_ipv6cp_t*,struct ipv6cp_option_t*,uint8_t*); + int (*recv_conf_req)(struct ppp_ipv6cp_t*,struct ipv6cp_option_t*,uint8_t*); + int (*recv_conf_rej)(struct ppp_ipv6cp_t*,struct ipv6cp_option_t*,uint8_t*); + int (*recv_conf_nak)(struct ppp_ipv6cp_t*,struct ipv6cp_option_t*,uint8_t*); + int (*recv_conf_ack)(struct ppp_ipv6cp_t*,struct ipv6cp_option_t*,uint8_t*); + void (*free)(struct ppp_ipv6cp_t*,struct ipv6cp_option_t*); + void (*print)(void (*print)(const char *fmt,...), struct ipv6cp_option_t*,uint8_t*); +}; + +struct ppp_ipv6cp_t +{ + struct ppp_layer_data_t ld; + struct ppp_handler_t hnd; + struct ppp_fsm_t fsm; + struct ppp_t *ppp; + struct list_head options; + + struct list_head ropt_list; // last received ConfReq + int ropt_len; + + int conf_req_len; + int started:1; + int passive:1; +}; + +int ipv6cp_option_register(struct ipv6cp_option_handler_t *h); + +#endif + diff --git a/accel-pppd/radius/radius.c b/accel-pppd/radius/radius.c index 5f507cb..ae5948b 100644 --- a/accel-pppd/radius/radius.c +++ b/accel-pppd/radius/radius.c @@ -176,8 +176,8 @@ static struct ipv6db_item_t *get_ipv6(struct ppp_t *ppp) { struct radius_pd_t *rpd = find_pd(ppp); - if (memcmp(&rpd->ipv6_addr.peer_addr, &in6addr_any, sizeof(in6addr_any))) - return &rpd->ipv6_addr; + //if (memcmp(&rpd->ipv6_addr.peer_addr, &in6addr_any, sizeof(in6addr_any))) + // return &rpd->ipv6_addr; return NULL; } |