| Age | Commit message (Collapse) | Author |
|---|
|
Add two options to the 'l2tp create tunnel' command:
* 'peer-port' allows to specify the destination port of the
SCCRQ packet (instead of standard port 1701). This allows
to connect to a peer listening on a non standard port.
* 'host-port' allows to specify the source port of the SCCRQ
packet (instead of an arbitrary free port).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Define option 'use-ephemeral-ports' for accel-ppp.conf. When set
to 0, this option deactivates the use of ephemeral ports. That is,
accel-ppp won't choose an arbitrary source port when replying to a
tunnel establishment request, but will use the SCCRQ's destination
port instead.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Commit 05bb6859 "pptp,l2tp: bind to port options" assigns fixed source
port for every L2TP tunnel. This removes support for ephemeral ports
(as described in RFC 2661 section 8.1) and statically sets the source
port when accel-ppp initiates tunnel connections.
This patch reverts to the previous behaviour (automatic source port
selection) while keeping the ability to listen for incoming
connections on a port different from 1701 (which was the purpose of
commit 05bb6859).
Support for disabling usage of ephemeral ports and for manual port
selection upon tunnel creation will be added later on by means of
configuration options.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
This variable doesn't need to be visible outside of its
compilation unit.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
Allocate space for the terminationg null byte, to avoid truncating
PPP channel name.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Since multiple sessions may be created in each tunnel, a client may
bypass the connlimit module by creating many sessions in an existing
tunnel (connlimit is only used upon reception of SCCRQ messages).
This patch adds connlimit checks when handling session creation requests
(ICRQ and OCRQ) so that connection limits get enforced in every case.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Define l2tp_packet_add_int64() to create attributes of 64 bits long
integers.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Set Challenge attribute using a random length so that its size can't
be guessed when hide-avps is on.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Add option "hide-avps" in the "l2tp" section for hiding attributes
sent to peer. This same option is also made available on accel-ppp's
command line interface:
accel-ppp# tunnel create tunnel peer-addr 192.0.2.1 hide-avps 1
Attribute hiding is performed upon attribute creation (in the
l2tp_packet_add_*() functions family) rather than upon packet sending.
This avoid running the cipher for every retransmission; the counterpart
is that l2tp_packet_print() can't dump original attributes of hidden
AVPs.
Currently, only one random vector is used for all hidden AVPs in a
packet. This is easily extensible though, as the 'last_RV' field in
struct l2tp_packet_t may be overridden to use new vectors for next
AVPs.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Define and export the u_randbuf() function that fills a buffer with
random data.
Convert L2TP's challenge generation code for using it.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Decode hidden AVPs on reception. This is transparent for functions in
l2tp.c (except for the presence of the Random Vector AVP).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Secret length is used quite often especially when handling hidden AVPs.
Store conf_secret length together with conf_secret to avoid calling
strlen(conf_secret) every time.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Received attributes of type ATTR_TYPE_INT64 are transferred to upper
layer in network byte order while any other integer type uses host
byte order.
This patch converts int64 values to host byte order so that they can be
used like other integer types.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
When adding a string AVP to an L2TP packet, the attribute value is
allocated and set using strdup(). There's no need to memcpy() it
again afterwards.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use "info2" log messages to inform about packets sent or processed.
For HELLO and ZLB messages, the log level is set to "debug" as these
are transmitted quite often and don't bring much information (this same
logging policy is used for logging packets when conf_verbose is on).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Log message for any packet retransmission action using log_tunnel()
and level "info2".
Remove l2tp_conn_log() since it is no longer used.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Add a log message (warn level) for any discarded message type.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use info1 messages to log information about main session establishment
and disconnection steps. These messages are:
* establishment requests and their origin (CLI, ICRQ or OCRQ)
* establishment confirmation (when session is really established)
* PPP establishment
* disconnection requests and their reason
Other information of interest use info2. These include:
* Peer Session ID setting
* Session internal structure freeing
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use info1 messages to log information about main tunnel establishment
and disconnection steps. These messages are:
* establishment requests and their origin (CLI or SCCRQ)
* establishment confirmation (when tunnel is really established)
* disconnection requests and their reason
Other information of interest use info2. These include:
* Peer port update
* Peer Tunnel ID setting
* Tunnel internal structure freeing
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Adapt packet logging policy to make it consistent across L2TP packet
handling functions:
* Don't log messages if conf_verbose is off.
* Log HELLO and ZLB messages with log_debug and use log_info2 for
any other message type.
* Log retransmissions with log_info2, no matter the message type.
* Log outgoing messages right before sending them.
* Log incoming messages right before analysing their message type.
This unifies the way l2tp_conn_read() and l2tp_udp_read() log
incoming messages.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Implement minimal WEN messages processing, so that they get properly
acknowledged.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Handle incomming messages differently depending on their Message Type:
* Close tunnel only when handling tunnel establishment messages
fails (SCCRP and SCCCN) and everytime a StopCCN is received.
* Never close tunnel after reception of HELLO, SLI or session
establishment messages (ICRQ and OCRQ).
* Ignore messages with invalid first attribute type.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Interpret AVPs present in CDN to provide user with better diagnostic.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Allocate PPP channel name using the string size to be stored and check
for allocation failure. Use two snprintf() and a _malloc() instead of
asprintf() so that allocated memory will be visible by memdebug.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
In all reception or sending functions, return 0 on success or if
incomming message has been ignored (l2tp_recv_*() only). Return -1
upon any processing error.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
There is no need to warn about missing Challenge when handling SCCRQ
comming from a host for which a secret exists: this will be done
automatically upon SCCRP generation (by l2tp_tunnel_genchallresp()).
Using the log message from l2tp_tunnel_genchallresp() has the advantage
of working for missing Challenge AVPs in both SCCRQ and SCCRP messages.
This patch also removes a redundant log message in l2tp_session_recv()
when handling unknown message types.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
* Avoid retrieving tunnel and session contexts manually; use
l2tp_{tunnel,session}_self() instead.
* Use l2tp_session_disconnect() instead of using an
l2tp_send_CDN(); l2tp_session_free() sequence.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
If a HELLO message can't be acknowledged just log an error as tunnel
doesn't need to get closed. If too many HELLO messages aren't
acknowledged, the peer will close the tunnel itself.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
If tunnel or session establishment timeout expires, send StopCCN or CDN
to notify peer before closing tunnel/session.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Always disconnect tunnel once l2tp_tunnel_disconnect() is called,
even if sending StopCCN failed.
Change the way unknown message types are handled to comply with
new l2tp_tunnel_disconnect() signature.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Don't terminate tunnel in case of error while handling a duplicate
message. Such errors aren't critical enough to justify termination
of a tunnel and all of its sessions.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
When starting a tunnel created upon user request, free it in case
of error.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
A side effect of setting peer port to zero when sending SCCRQ messages
is that the tunnel can't send any new message before receiving first
peer's answer (this doesn't apply to retransmissions as peer port is
set in the original packet). It is then impossible to send StopCCN
messages within this time frame.
This patch fixes this issue using a new tunnel flag which indicates if
tunnel's peer port has a default value or if it has been set after
reception of peer's first message.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Handle tunnel timeout timers in l2tp_tunnel_start() and
l2tp_tunnel_connect(). This avoids timer code duplication across
functions that are spectific to the tunnel establishment mode.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Start and stop session timeout timers in l2tp_tunnel_start_session()
and l2tp_session_connect(). This unifies timers management across the
four different ways of creating sessions.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Define l2tp_session_incall_reply() which can be used as
parameter for l2tp_tunnel_start_session(). This removes
the need for updating session's state in l2tp_send_ICRP()
and normalises the way incomming and outgoing sessions are
handled.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Define l2tp_session_place_call() which can start either an incomming
or outgoing session depending on the 'sess->lns_mode' flag. This
removes the need for testing session mode before calling
l2tp_tunnel_start_session().
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Creating new sessions always involves the same steps:
* Create new session context
* Call session's first function in this context
* Start session establishment timer
This patch starts centralising the first two steps in
l2tp_tunnel_confirm_session() (renamed l2tp_tunnel_start_session()
in order to use similar ways for starting tunnels and sessions).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Handling ICRQ or OCRQ requests occurs in tunnel context, but if session
creation is rejected, a CDN has to be sent. However, l2tp_send_CDN() is
supposed to be called in session context. This means that it uselessly
switches to tunnel context before sending messages and requires a
session structure to work on.
This patch creates a new function for sending CDN from tunnel context.
It gets the session and peer session IDs from its arguments and calls
l2tp_tunnel_send() directly. The l2tp_recv_ICRQ() and l2tp_recv_OCRQ()
functions are modified to take advantage of this new function and will
now send CDN even upon early message processing error.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Define the l2tp_{tunnel,session}_send() functions for sending
messages in tunnel or session context. Session messages have
their session ID automatically set and switch to tunnel context
for sending messages.
Though the 'debug' parameter is removed from function prototypes,
the logging mechanism is respected: HELLO and ZLB are displayed as
'debug' messages while other message types use 'info2'.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Print details about errors that can occur when using the
"l2tp create tunnel" command line.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Print details about errors that can occur when using the
"l2tp create session" command line.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Check for errors in start_udp_server() and return exit status to
calling function.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use memdebug variants of {m,re}alloc() so that the corresponding
_free() will work correctly if MEMDEBUG is defined.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Update l2tp_session_free's prototype to return its error status.
Do the opposite for l2tp_tunnel_cancel_session (make it return void)
as it never fails.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Define macros for logging tunnel or session messages with automatic
context information display.
Use these macros to replace most existing error messages + add
missing ones.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
When several messages are sent consecutively, the peer can reply with
a single ZLB to acknowledge all messages. In this case, removing
only the first message from the retransmission queue isn't enough
(acknowledged messages left in the queue will be retransmitted).
This case can happen when replying to an outgoing call request, wich
is handled by sending two messages in a row (an OCRP and an OCCN).
This patch avoids useless retransmissions by removing all messages
acknowledged by peer from the retransmission queue.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Handle OCRQ requests when operating as LAC.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
