GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.sbin/npppd/npppd/ppp.c Lines: 0 434 0.0 %
Date: 2017-11-13 Branches: 0 297 0.0 %

Line Branch Exec Source
1
/*	$OpenBSD: ppp.c,v 1.27 2017/08/11 16:41:47 goda Exp $ */
2
3
/*-
4
 * Copyright (c) 2009 Internet Initiative Japan Inc.
5
 * All rights reserved.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted provided that the following conditions
9
 * are met:
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 * 2. Redistributions in binary form must reproduce the above copyright
13
 *    notice, this list of conditions and the following disclaimer in the
14
 *    documentation and/or other materials provided with the distribution.
15
 *
16
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26
 * SUCH DAMAGE.
27
 */
28
/* $Id: ppp.c,v 1.27 2017/08/11 16:41:47 goda Exp $ */
29
/**@file
30
 * This file provides PPP(Point-to-Point Protocol, RFC 1661) and
31
 * {@link :: _npppd_ppp PPP instance} related functions.
32
 */
33
#include <sys/types.h>
34
#include <sys/socket.h>
35
#include <netinet/in.h>
36
#include <net/if_dl.h>
37
#include <arpa/inet.h>
38
#include <stdlib.h>
39
#include <netdb.h>
40
#include <stdio.h>
41
#include <stdarg.h>
42
#include <string.h>
43
#include <unistd.h>
44
#include <errno.h>
45
#include <syslog.h>
46
#include <sys/time.h>
47
#include <time.h>
48
#include <event.h>
49
50
#include "slist.h"
51
52
#include "npppd.h"
53
#include "time_utils.h"
54
#include "ppp.h"
55
#include "psm-opt.h"
56
#ifdef USE_NPPPD_RADIUS
57
#include <radius.h>
58
#include "npppd_radius.h"
59
#endif
60
61
#include "debugutil.h"
62
63
#ifdef	PPP_DEBUG
64
#define	PPP_DBG(x)	ppp_log x
65
#define	PPP_ASSERT(cond)					\
66
	if (!(cond)) {						\
67
	    fprintf(stderr,					\
68
		"\nASSERT(" #cond ") failed on %s() at %s:%d.\n"\
69
		, __func__, __FILE__, __LINE__);		\
70
	    abort(); 						\
71
	}
72
#else
73
#define	PPP_ASSERT(cond)
74
#define	PPP_DBG(x)
75
#endif
76
77
static u_int ppp_seq = 0;
78
79
static void             ppp_stop0 (npppd_ppp *);
80
static int              ppp_recv_packet (npppd_ppp *, unsigned char *, int, int);
81
static const char      *ppp_peer_auth_string (npppd_ppp *);
82
static void             ppp_idle_timeout (int, short, void *);
83
#ifdef USE_NPPPD_PIPEX
84
static void             ppp_on_network_pipex(npppd_ppp *);
85
#endif
86
static uint32_t         ppp_proto_bit(int);
87
88
#define AUTH_IS_PAP(ppp) 	((ppp)->peer_auth == PPP_AUTH_PAP)
89
#define AUTH_IS_CHAP(ppp)	((ppp)->peer_auth == PPP_AUTH_CHAP_MD5 ||\
90
				(ppp)->peer_auth == PPP_AUTH_CHAP_MS ||	\
91
				(ppp)->peer_auth == PPP_AUTH_CHAP_MS_V2)
92
#define AUTH_IS_EAP(ppp) 	((ppp)->peer_auth == PPP_AUTH_EAP)
93
94
/*
95
 * About termination procedures:
96
 *	ppp_lcp_finished	LCP is terminated
97
 *				Terminate-Request by the peer.
98
 *				Terminate-Request by ourself. (From ppp_stop())
99
 *	ppp_phy_downed		Down the datalink/physical.
100
 *
101
 * On both cases, ppp_stop0 and ppp_down_others are called.
102
 */
103
/** Create a npppd_ppp instance */
104
npppd_ppp *
105
ppp_create()
106
{
107
	npppd_ppp *_this;
108
109
	if ((_this = calloc(1, sizeof(npppd_ppp))) == NULL) {
110
		log_printf(LOG_ERR, "calloc() failed in %s(): %m", __func__ );
111
		return NULL;
112
	}
113
114
	_this->snp.snp_family = AF_INET;
115
	_this->snp.snp_len = sizeof(_this->snp);
116
	_this->snp.snp_type = SNP_PPP;
117
	_this->snp.snp_data_ptr = _this;
118
119
	return _this;
120
}
121
122
/**
123
 * Initialize the npppd_ppp instance
124
 * Set npppd_ppp#mru and npppd_ppp#phy_label before call this function.
125
 */
126
int
127
ppp_init(npppd *pppd, npppd_ppp *_this)
128
{
129
	struct tunnconf *conf;
130
131
	PPP_ASSERT(_this != NULL);
132
	PPP_ASSERT(strlen(_this->phy_label) > 0);
133
134
	_this->id = -1;
135
	_this->ifidx = -1;
136
	_this->has_acf = 1;
137
	_this->recv_packet = ppp_recv_packet;
138
	_this->id = ppp_seq++;
139
	_this->pppd = pppd;
140
141
	lcp_init(&_this->lcp, _this);
142
143
	conf = ppp_get_tunnconf(_this);
144
	_this->mru = conf->mru;
145
146
	if (_this->outpacket_buf == NULL) {
147
		_this->outpacket_buf = malloc(_this->mru + 64);
148
		if (_this->outpacket_buf == NULL){
149
			log_printf(LOG_ERR, "malloc() failed in %s(): %m",
150
			    __func__);
151
			return -1;
152
		}
153
	}
154
	_this->adjust_mss = (conf->tcp_mss_adjust)? 1 : 0;
155
156
#ifdef USE_NPPPD_PIPEX
157
	_this->use_pipex = (conf->pipex)? 1 : 0;
158
#endif
159
	/* load the logging configuration */
160
	_this->ingress_filter = (conf->ingress_filter)? 1 : 0;
161
162
#ifdef	USE_NPPPD_MPPE
163
	mppe_init(&_this->mppe, _this);
164
#endif
165
	ccp_init(&_this->ccp, _this);
166
	ipcp_init(&_this->ipcp, _this);
167
	pap_init(&_this->pap, _this);
168
	chap_init(&_this->chap, _this);
169
170
	/* load the idle timer configuration */
171
	_this->timeout_sec = conf->idle_timeout;
172
173
	if (!evtimer_initialized(&_this->idle_event))
174
		evtimer_set(&_this->idle_event, ppp_idle_timeout, _this);
175
176
	if (conf->lcp_keepalive) {
177
		_this->lcp.echo_interval = conf->lcp_keepalive_interval;
178
		_this->lcp.echo_retry_interval =
179
		    conf->lcp_keepalive_retry_interval;
180
		_this->lcp.echo_max_retries = conf->lcp_keepalive_max_retries;
181
	} else {
182
		_this->lcp.echo_interval = 0;
183
		_this->lcp.echo_retry_interval = 0;
184
		_this->lcp.echo_max_retries = 0;
185
	}
186
	_this->log_dump_in = (conf->debug_dump_pktin == 0)? 0 : 1;
187
	_this->log_dump_out = (conf->debug_dump_pktout == 0)? 0 : 1;
188
189
	return 0;
190
}
191
192
static void
193
ppp_set_tunnel_label(npppd_ppp *_this, char *buf, int lbuf)
194
{
195
	int flag, af;
196
	char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
197
198
	hbuf[0] = 0;
199
	sbuf[0] = 0;
200
	af = ((struct sockaddr *)&_this->phy_info)->sa_family;
201
	if (af < AF_MAX) {
202
		flag = NI_NUMERICHOST;
203
		if (af == AF_INET || af == AF_INET6)
204
			flag |= NI_NUMERICSERV;
205
		if (getnameinfo((struct sockaddr *)&_this->phy_info,
206
		    ((struct sockaddr *)&_this->phy_info)->sa_len, hbuf,
207
		    sizeof(hbuf), sbuf, sizeof(sbuf), flag) != 0) {
208
			ppp_log(_this, LOG_ERR, "getnameinfo() failed at %s",
209
			    __func__);
210
			strlcpy(hbuf, "0.0.0.0", sizeof(hbuf));
211
			strlcpy(sbuf, "0", sizeof(sbuf));
212
		}
213
		if (af == AF_INET || af == AF_INET6)
214
			snprintf(buf, lbuf, "%s:%s", hbuf, sbuf);
215
		else
216
			snprintf(buf, lbuf, "%s", hbuf);
217
	} else if (af == NPPPD_AF_PHONE_NUMBER) {
218
		strlcpy(buf,
219
		    ((npppd_phone_number *)&_this->phy_info)->pn_number, lbuf);
220
	}
221
}
222
/**
223
 * Start the npppd_ppp.
224
 * Set npppd_ppp#phy_context, npppd_ppp#send_packet, npppd_ppp#phy_close and
225
 * npppd_ppp#phy_info before call this function.
226
 */
227
void
228
ppp_start(npppd_ppp *_this)
229
{
230
	char label[512];
231
232
	PPP_ASSERT(_this != NULL);
233
	PPP_ASSERT(_this->recv_packet != NULL);
234
	PPP_ASSERT(_this->send_packet != NULL);
235
	PPP_ASSERT(_this->phy_close != NULL);
236
237
	_this->start_time = time(NULL);
238
	_this->start_monotime = get_monosec();
239
	/* log the lower layer information */
240
	ppp_set_tunnel_label(_this, label, sizeof(label));
241
	ppp_log(_this, LOG_INFO, "logtype=Started tunnel=%s(%s)",
242
	    _this->phy_label, label);
243
244
	lcp_lowerup(&_this->lcp);
245
}
246
247
/** Prepare "dialin proxy".  Return 0 if "dialin proxy" is not available.  */
248
int
249
ppp_dialin_proxy_prepare(npppd_ppp *_this, dialin_proxy_info *dpi)
250
{
251
	int renego_force, renego;
252
	struct tunnconf *conf;
253
254
	conf = ppp_get_tunnconf(_this);
255
256
	renego = conf->proto.l2tp.lcp_renegotiation;
257
	renego_force = conf->proto.l2tp.force_lcp_renegotiation;
258
259
	if (renego_force)
260
		renego = 1;
261
262
	if (lcp_dialin_proxy(&_this->lcp, dpi, renego, renego_force) != 0) {
263
		ppp_log(_this, LOG_ERR,
264
		    "Failed to dialin-proxy, proxied lcp is broken.");
265
		return 1;
266
	}
267
268
	return 0;
269
}
270
271
static void
272
ppp_down_others(npppd_ppp *_this)
273
{
274
	fsm_lowerdown(&_this->ccp.fsm);
275
	fsm_lowerdown(&_this->ipcp.fsm);
276
277
	npppd_release_ip(_this->pppd, _this);
278
	if (AUTH_IS_PAP(_this))
279
		pap_stop(&_this->pap);
280
	if (AUTH_IS_CHAP(_this))
281
		chap_stop(&_this->chap);
282
#ifdef USE_NPPPD_EAP_RADIUS
283
	if (AUTH_IS_EAP(_this))
284
		eap_stop(&_this->eap);
285
#endif
286
	evtimer_del(&_this->idle_event);
287
}
288
289
/**
290
 * Stop the PPP and destroy the npppd_ppp instance
291
 * @param reason	Reason of stopping the PPP.  Specify NULL if there is
292
 *			no special reason.  This reason will be used as a
293
 *			reason field of LCP Terminate-Request message and
294
 *			notified to the peer.
295
 */
296
void
297
ppp_stop(npppd_ppp *_this, const char *reason)
298
{
299
300
	PPP_ASSERT(_this != NULL);
301
302
#ifdef USE_NPPPD_RADIUS
303
	ppp_set_radius_terminate_cause(_this,
304
	    RADIUS_TERMNATE_CAUSE_ADMIN_RESET);
305
#endif
306
	ppp_set_disconnect_cause(_this, PPP_DISCON_NORMAL, 0, 2 /* by local */,
307
	    NULL);
308
309
	ppp_down_others(_this);
310
	fsm_close(&_this->lcp.fsm, reason);
311
}
312
313
/**
314
 * Set disconnect cause
315
 * @param code		disconnect code in {@link ::npppd_ppp_disconnect_code}.
316
 * @param proto		control protocol number.  see RFC3145.
317
 * @param direction	disconnect direction.  see RFC 3145
318
 */
319
void
320
ppp_set_disconnect_cause(npppd_ppp *_this, npppd_ppp_disconnect_code code,
321
    int proto, int direction, const char *message)
322
{
323
	if (_this->disconnect_code == PPP_DISCON_NO_INFORMATION) {
324
		_this->disconnect_code = code;
325
		_this->disconnect_proto = proto;
326
		_this->disconnect_direction = direction;
327
		_this->disconnect_message = message;
328
	}
329
}
330
331
/** Set RADIUS Acct-Terminate-Cause code */
332
void
333
ppp_set_radius_terminate_cause(npppd_ppp *_this, int cause)
334
{
335
	if (_this->terminate_cause == 0)
336
		_this->terminate_cause = cause;
337
}
338
339
static void
340
ppp_stop0(npppd_ppp *_this)
341
{
342
	char mppe_str[BUFSIZ];
343
	char label[512];
344
345
#ifdef USE_NPPPD_RADIUS
346
	ppp_set_radius_terminate_cause(_this, RADIUS_TERMNATE_CAUSE_NAS_ERROR);
347
#endif
348
	ppp_set_disconnect_cause(_this, PPP_DISCON_NORMAL, 0, 1 /* by local */,
349
	    NULL);
350
351
	_this->end_monotime = get_monosec();
352
353
	if (_this->phy_close != NULL)
354
		_this->phy_close(_this);
355
	_this->phy_close = NULL;
356
357
	/*
358
	 * NAT/Blackhole detection for PPTP(GRE)
359
	 */
360
	if (_this->lcp.dialin_proxy != 0 &&
361
	    _this->lcp.dialin_proxy_lcp_renegotiation == 0) {
362
		/* No LCP packets on dialin proxy without LCP renegotiation */
363
	} else if (_this->lcp.recv_ress == 0) {	/* No responses */
364
		if (_this->lcp.recv_reqs == 0)	/* No requests */
365
			ppp_log(_this, LOG_WARNING, "no PPP frames from the "
366
			    "peer.  router/NAT issue? (may have filtered out)");
367
		else
368
			ppp_log(_this, LOG_WARNING, "my PPP frames may not "
369
			    "have arrived at the peer.  router/NAT issue? (may "
370
			    "be the only-first-person problem)");
371
	}
372
#ifdef USE_NPPPD_PIPEX
373
	if (npppd_ppp_pipex_disable(_this->pppd, _this) != 0)
374
		ppp_log(_this, LOG_ERR,
375
		    "npppd_ppp_pipex_disable() failed: %m");
376
#endif
377
378
	ppp_set_tunnel_label(_this, label, sizeof(label));
379
#ifdef	USE_NPPPD_MPPE
380
	if (_this->mppe_started) {
381
		snprintf(mppe_str, sizeof(mppe_str),
382
		    "mppe=yes mppe_in=%dbits,%s mppe_out=%dbits,%s",
383
		    _this->mppe.recv.keybits,
384
		    (_this->mppe.recv.stateless)? "stateless" : "stateful",
385
		    _this->mppe.send.keybits,
386
		    (_this->mppe.send.stateless)? "stateless" : "stateful");
387
	} else
388
#endif
389
		snprintf(mppe_str, sizeof(mppe_str), "mppe=no");
390
	ppp_log(_this, LOG_NOTICE,
391
		"logtype=TUNNELUSAGE user=\"%s\" duration=%ldsec layer2=%s "
392
		"layer2from=%s auth=%s data_in=%llubytes,%upackets "
393
		"data_out=%llubytes,%upackets error_in=%u error_out=%u %s "
394
		"iface=%s",
395
		_this->username[0]? _this->username : "<unknown>",
396
		(long)(_this->end_monotime - _this->start_monotime),
397
		_this->phy_label,  label,
398
		_this->username[0]? ppp_peer_auth_string(_this) : "none",
399
		(unsigned long long)_this->ibytes, _this->ipackets,
400
		(unsigned long long)_this->obytes, _this->opackets,
401
		_this->ierrors, _this->oerrors, mppe_str,
402
		npppd_ppp_get_iface_name(_this->pppd, _this));
403
404
#ifdef USE_NPPPD_RADIUS
405
	npppd_ppp_radius_acct_stop(_this->pppd, _this);
406
#endif
407
	npppd_on_ppp_stop(_this->pppd, _this);
408
	npppd_ppp_unbind_iface(_this->pppd, _this);
409
#ifdef	USE_NPPPD_MPPE
410
	mppe_fini(&_this->mppe);
411
#endif
412
	evtimer_del(&_this->idle_event);
413
414
	npppd_release_ip(_this->pppd, _this);
415
	ppp_destroy(_this);
416
}
417
418
/**
419
 * Destroy the npppd_ppp instance.  Don't use this function after calling
420
 * the ppp_start, please use ppp_stop() instead.
421
 */
422
void
423
ppp_destroy(void *ctx)
424
{
425
	npppd_ppp *_this = ctx;
426
427
	free(_this->proxy_authen_resp);
428
429
	/*
430
	 * Down/stop the protocols again to make sure they are stopped
431
	 * even if ppp_stop is done.  They might be change their state
432
	 * by receiving packets from the peer.
433
	 */
434
	fsm_lowerdown(&_this->ccp.fsm);
435
	fsm_lowerdown(&_this->ipcp.fsm);
436
	pap_stop(&_this->pap);
437
	chap_stop(&_this->chap);
438
439
	free(_this->outpacket_buf);
440
441
	free(_this);
442
}
443
444
/************************************************************************
445
 * Protocol events
446
 ************************************************************************/
447
static const char *
448
ppp_peer_auth_string(npppd_ppp *_this)
449
{
450
	switch(_this->peer_auth) {
451
	case PPP_AUTH_PAP:		return "PAP";
452
	case PPP_AUTH_CHAP_MD5:		return "MD5-CHAP";
453
	case PPP_AUTH_CHAP_MS:		return "MS-CHAP";
454
	case PPP_AUTH_CHAP_MS_V2:	return "MS-CHAP-V2";
455
	case PPP_AUTH_EAP:		return "EAP";
456
	default:			return "ERROR";
457
	}
458
}
459
460
/** called when the lcp is up */
461
void
462
ppp_lcp_up(npppd_ppp *_this)
463
{
464
#ifdef USE_NPPPD_MPPE
465
	if (MPPE_IS_REQUIRED(_this) && !MPPE_MUST_NEGO(_this)) {
466
		ppp_log(_this, LOG_ERR, "MPPE is required, auth protocol must "
467
		    "be MS-CHAP-V2 or EAP");
468
		ppp_stop(_this, "Encryption required");
469
		return;
470
	}
471
#endif
472
	/*
473
	 * Use our MRU value even if the peer insists on larger value.
474
	 * We set the peer_mtu here, the value will be used as the MTU of the
475
	 * routing entry.  So we will not receive packets larger than the MTU.
476
	 */
477
	if (_this->peer_mru > _this->mru)
478
		_this->peer_mru = _this->mru;
479
480
	if (_this->peer_auth != 0 && _this->auth_runonce == 0) {
481
		if (AUTH_IS_PAP(_this)) {
482
			pap_start(&_this->pap);
483
			_this->auth_runonce = 1;
484
			return;
485
		}
486
		if (AUTH_IS_CHAP(_this)) {
487
			chap_start(&_this->chap);
488
			_this->auth_runonce = 1;
489
			return;
490
		}
491
#ifdef USE_NPPPD_EAP_RADIUS
492
                if (AUTH_IS_EAP(_this)) {
493
                        eap_init(&_this->eap, _this);
494
                        eap_start(&_this->eap);
495
                        return;
496
                }
497
#endif
498
	}
499
	if (_this->peer_auth == 0)
500
		ppp_auth_ok(_this);
501
}
502
503
/**
504
 * This function will be called the LCP is terminated.
505
 * (On entering STOPPED or  CLOSED state)
506
 */
507
void
508
ppp_lcp_finished(npppd_ppp *_this)
509
{
510
	PPP_ASSERT(_this != NULL);
511
512
	ppp_down_others(_this);
513
514
	fsm_lowerdown(&_this->lcp.fsm);
515
	ppp_stop0(_this);
516
}
517
518
/**
519
 * This function will be called by the physical layer when it is down.
520
 * <p>
521
 * Use this function only on such conditions that the physical layer cannot
522
 * input or output PPP frames.  Use {@link ::ppp_stop()} instead if we can
523
 * disconnect PPP gently.</p>
524
 */
525
void
526
ppp_phy_downed(npppd_ppp *_this)
527
{
528
	PPP_ASSERT(_this != NULL);
529
530
	ppp_down_others(_this);
531
	fsm_lowerdown(&_this->lcp.fsm);
532
	fsm_close(&_this->lcp.fsm, NULL);
533
534
#ifdef USE_NPPPD_RADIUS
535
	ppp_set_radius_terminate_cause(_this,
536
	    RADIUS_TERMNATE_CAUSE_LOST_CARRIER);
537
#endif
538
	ppp_stop0(_this);
539
}
540
541
static const char *
542
proto_name(uint16_t proto)
543
{
544
	switch (proto) {
545
	case PPP_PROTO_IP:			return "ip";
546
	case PPP_PROTO_LCP:			return "lcp";
547
	case PPP_PROTO_PAP:			return "pap";
548
	case PPP_PROTO_CHAP:			return "chap";
549
	case PPP_PROTO_EAP:			return "eap";
550
	case PPP_PROTO_MPPE:			return "mppe";
551
	case PPP_PROTO_NCP | NCP_CCP:		return "ccp";
552
	case PPP_PROTO_NCP | NCP_IPCP:		return "ipcp";
553
	/* following protocols are just for logging */
554
	case PPP_PROTO_NCP | NCP_IPV6CP:	return "ipv6cp";
555
	case PPP_PROTO_ACSP:			return "acsp";
556
	}
557
	return "unknown";
558
}
559
560
/** This function is called on authentication succeed */
561
void
562
ppp_auth_ok(npppd_ppp *_this)
563
{
564
	if (npppd_ppp_bind_iface(_this->pppd, _this) != 0) {
565
		ppp_log(_this, LOG_WARNING, "No interface binding.");
566
		ppp_stop(_this, NULL);
567
568
		return;
569
	}
570
	if (_this->realm != NULL) {
571
		npppd_ppp_get_username_for_auth(_this->pppd, _this,
572
		    _this->username, _this->username);
573
		if (!npppd_check_calling_number(_this->pppd, _this)) {
574
			ppp_log(_this, LOG_ALERT,
575
			    "logtype=TUNNELDENY user=\"%s\" "
576
			    "reason=\"Calling number check is failed\"",
577
			    _this->username);
578
			    /* XXX */
579
			ppp_stop(_this, NULL);
580
			return;
581
		}
582
	}
583
	if (_this->peer_auth != 0) {
584
		/* Limit the number of connections per the user */
585
		if (!npppd_check_user_max_session(_this->pppd, _this)) {
586
			ppp_stop(_this, NULL);
587
588
			return;
589
		}
590
		PPP_ASSERT(_this->realm != NULL);
591
	}
592
593
	if (!npppd_ppp_iface_is_ready(_this->pppd, _this)) {
594
		ppp_log(_this, LOG_WARNING,
595
		    "interface '%s' is not ready.",
596
		    npppd_ppp_get_iface_name(_this->pppd, _this));
597
		ppp_stop(_this, NULL);
598
599
		return;
600
	}
601
	free(_this->proxy_authen_resp);
602
	_this->proxy_authen_resp = NULL;
603
604
	fsm_lowerup(&_this->ipcp.fsm);
605
	fsm_open(&_this->ipcp.fsm);
606
#ifdef	USE_NPPPD_MPPE
607
	if (MPPE_MUST_NEGO(_this)) {
608
		fsm_lowerup(&_this->ccp.fsm);
609
		fsm_open(&_this->ccp.fsm);
610
	}
611
#endif
612
613
	return;
614
}
615
616
/** timer event handler for idle timer */
617
static void
618
ppp_idle_timeout(int fd, short evtype, void *context)
619
{
620
	npppd_ppp *_this;
621
622
	_this = context;
623
624
	ppp_log(_this, LOG_NOTICE, "Idle timeout(%d sec)", _this->timeout_sec);
625
#ifdef USE_NPPPD_RADIUS
626
	ppp_set_radius_terminate_cause(_this,
627
	    RADIUS_TERMNATE_CAUSE_IDLE_TIMEOUT);
628
#endif
629
	ppp_stop(_this, NULL);
630
}
631
632
/** reset the idle-timer.  Call this function when the PPP is not idle. */
633
void
634
ppp_reset_idle_timeout(npppd_ppp *_this)
635
{
636
	struct timeval tv;
637
638
	evtimer_del(&_this->idle_event);
639
	if (_this->timeout_sec > 0) {
640
		tv.tv_usec = 0;
641
		tv.tv_sec = _this->timeout_sec;
642
643
		evtimer_add(&_this->idle_event, &tv);
644
	}
645
}
646
647
/** This function is called when IPCP is opened */
648
void
649
ppp_ipcp_opened(npppd_ppp *_this)
650
{
651
	time_t curr_time;
652
653
	curr_time = get_monosec();
654
655
	npppd_set_ip_enabled(_this->pppd, _this, 1);
656
	if (_this->logged_acct_start == 0) {
657
		char label[512], ipstr[64];
658
659
		ppp_set_tunnel_label(_this, label, sizeof(label));
660
661
		strlcpy(ipstr, " ip=", sizeof(ipstr));
662
		strlcat(ipstr, inet_ntoa(_this->ppp_framed_ip_address),
663
		    sizeof(ipstr));
664
		if (_this->ppp_framed_ip_netmask.s_addr != 0xffffffffL) {
665
			strlcat(ipstr, ":", sizeof(ipstr));
666
			strlcat(ipstr, inet_ntoa(_this->ppp_framed_ip_netmask),
667
			    sizeof(ipstr));
668
		}
669
670
		ppp_log(_this, LOG_NOTICE,
671
		    "logtype=TUNNELSTART user=\"%s\" duration=%lusec layer2=%s "
672
 		    "layer2from=%s auth=%s %s iface=%s%s",
673
		    _this->username[0]? _this->username : "<unknown>",
674
		    (long)(curr_time - _this->start_monotime),
675
		    _this->phy_label, label,
676
		    _this->username[0]? ppp_peer_auth_string(_this) : "none",
677
 		    ipstr, npppd_ppp_get_iface_name(_this->pppd, _this),
678
		    (_this->lcp.dialin_proxy != 0)? " dialin_proxy=yes" : ""
679
		    );
680
#ifdef USE_NPPPD_RADIUS
681
		npppd_ppp_radius_acct_start(_this->pppd, _this);
682
#endif
683
		npppd_on_ppp_start(_this->pppd, _this);
684
685
		_this->logged_acct_start = 1;
686
		ppp_reset_idle_timeout(_this);
687
	}
688
#ifdef USE_NPPPD_PIPEX
689
	ppp_on_network_pipex(_this);
690
#endif
691
}
692
693
/** This function is called when CCP is opened */
694
void
695
ppp_ccp_opened(npppd_ppp *_this)
696
{
697
#ifdef USE_NPPPD_MPPE
698
	if (_this->ccp.mppe_rej == 0) {
699
		if (_this->mppe_started == 0) {
700
			mppe_start(&_this->mppe);
701
		}
702
	} else {
703
		ppp_log(_this, LOG_INFO, "mppe is rejected by peer");
704
		if (_this->mppe.required)
705
			ppp_stop(_this, "MPPE is requred");
706
	}
707
#endif
708
#ifdef USE_NPPPD_PIPEX
709
	ppp_on_network_pipex(_this);
710
#endif
711
}
712
713
void
714
ppp_ccp_stopped(npppd_ppp *_this)
715
{
716
#ifdef USE_NPPPD_MPPE
717
	if (_this->mppe.required) {
718
		ppp_stop(_this, NULL);
719
		return;
720
	}
721
#endif
722
#ifdef USE_NPPPD_PIPEX
723
	ppp_on_network_pipex(_this);
724
#endif
725
}
726
727
/************************************************************************
728
 * Network I/O related functions
729
 ************************************************************************/
730
/**
731
 * Receive the PPP packet.
732
 * @param	flags	Indicate information of received packet by bit flags.
733
 *			{@link ::PPP_IO_FLAGS_MPPE_ENCRYPTED} and
734
 *			{@link ::PPP_IO_FLAGS_DELAYED} may be used.
735
 * @return	return 0 on success.  return 1 on failure.
736
 */
737
static int
738
ppp_recv_packet(npppd_ppp *_this, unsigned char *pkt, int lpkt, int flags)
739
{
740
	u_char *inp, *inp_proto;
741
	uint16_t proto;
742
743
	PPP_ASSERT(_this != NULL);
744
745
	inp = pkt;
746
747
	if (lpkt < 4) {
748
		ppp_log(_this, LOG_DEBUG, "%s(): Rcvd short header.", __func__);
749
		return 0;
750
	}
751
752
753
	if (_this->has_acf == 0) {
754
		/* nothing to do */
755
	} else if (inp[0] == PPP_ALLSTATIONS && inp[1] == PPP_UI) {
756
		inp += 2;
757
	} else {
758
		/*
759
		 * Address and Control Field Compression
760
		 */
761
		if (!psm_opt_is_accepted(&_this->lcp, acfc) &&
762
		    _this->logged_no_address == 0) {
763
			/*
764
			 * On packet loss condition, we may receive ACFC'ed
765
			 * packets before our LCP is opened because the peer's
766
			 * LCP is opened already.
767
			 */
768
			ppp_log(_this, LOG_INFO,
769
			    "%s: Rcvd broken frame.  ACFC is not accepted, "
770
			    "but received ppp frame that has no address.",
771
			    __func__);
772
			/*
773
			 * Log this once because it may be noisy.
774
			 * For example, Yahama RTX-1000 refuses to use ACFC
775
			 * but it send PPP frames without the address field.
776
			 */
777
			_this->logged_no_address = 1;
778
		}
779
	}
780
	inp_proto = inp;
781
	if ((inp[0] & 0x01) != 0) {
782
		/*
783
		 * Protocol Field Compression
784
		 */
785
		if (!psm_opt_is_accepted(&_this->lcp, pfc)) {
786
			ppp_log(_this, LOG_INFO,
787
			    "%s: Rcvd broken frame.  No protocol field: "
788
			    "%02x %02x", __func__, inp[0], inp[1]);
789
			return 1;
790
		}
791
		GETCHAR(proto, inp);
792
	} else {
793
		GETSHORT(proto, inp);
794
	}
795
796
	/*
797
	 * if the PPP frame is reordered, drop it
798
	 * unless proto is reorder-tolerant
799
	 */
800
	if (flags & PPP_IO_FLAGS_DELAYED && proto != PPP_PROTO_IP)
801
		return 1;
802
803
	if (_this->log_dump_in != 0 && debug_get_debugfp() != NULL) {
804
		struct tunnconf *conf = ppp_get_tunnconf(_this);
805
		if ((ppp_proto_bit(proto) & conf->debug_dump_pktin) != 0) {
806
			ppp_log(_this, LOG_DEBUG,
807
			    "PPP input dump proto=%s(%d/%04x)",
808
			    proto_name(proto), proto, proto);
809
			show_hd(debug_get_debugfp(), pkt, lpkt);
810
		}
811
	}
812
#ifdef USE_NPPPD_PIPEX
813
	if (_this->pipex_enabled != 0 &&
814
	    _this->tunnel_type == NPPPD_TUNNEL_PPPOE) {
815
		switch (proto) {
816
		case PPP_PROTO_IP:
817
			return 2;		/* handled by PIPEX */
818
		case PPP_PROTO_NCP | NCP_CCP:
819
			if (lpkt - (inp - pkt) < 4)
820
				break;		/* error but do it on fsm.c */
821
			if (*inp == 0x0e ||	/* Reset-Request */
822
			    *inp == 0x0f	/* Reset-Ack */) {
823
				return 2;	/* handled by PIPEX */
824
			}
825
			/* FALLTHROUGH */
826
		default:
827
			break;
828
		}
829
	}
830
#endif /* USE_NPPPD_PIPEX */
831
832
	switch (proto) {
833
#ifdef	USE_NPPPD_MPPE
834
	case PPP_PROTO_IP:
835
		/* Checks for MPPE */
836
		if ((flags & PPP_IO_FLAGS_MPPE_ENCRYPTED) == 0) {
837
			if (MPPE_IS_REQUIRED(_this)) {
838
				/* MPPE is required but naked ip */
839
840
				if (_this->logged_naked_ip == 0) {
841
					ppp_log(_this, LOG_INFO,
842
					    "mppe is required but received "
843
					    "naked IP.");
844
					/* log this once */
845
					_this->logged_naked_ip = 1;
846
				}
847
				/*
848
				 * Windows sends naked IP packets in condition
849
				 * such that MPPE is not opened and IPCP is
850
				 * opened(*1).  This occurs at a high
851
				 * probability when the CCP establishment is
852
				 * delayed because of packet loss etc.  If we
853
				 * call ppp_stop() here, Windows on the packet
854
				 * loss condition etc cannot not connect us.
855
				 * So we don't call ppp_stop() here.
856
				 * (*1) At least Microsof Windows 2000
857
				 * Professional SP4 does.
858
				 */
859
				 /*ppp_stop(_this, "Encryption is required.");*/
860
861
				return 1;
862
			}
863
			if (MPPE_RECV_READY(_this)) {
864
				/* MPPE is opened but naked ip packet */
865
				ppp_log(_this, LOG_WARNING,
866
				    "mppe is available but received naked IP.");
867
			}
868
		}
869
		/* else input from MPPE */
870
		break;
871
	case PPP_PROTO_MPPE:
872
#ifdef USE_NPPPD_MPPE
873
		if (!MPPE_RECV_READY(_this)) {
874
#else
875
		{
876
#endif
877
			ppp_log(_this, LOG_ERR,
878
			    "mppe packet is received but mppe is stopped.");
879
			return 1;
880
		}
881
		break;
882
#endif
883
	}
884
885
	switch (proto) {
886
	case PPP_PROTO_IP:
887
		npppd_network_output(_this->pppd, _this, AF_INET, inp,
888
		    lpkt - (inp - pkt));
889
		goto handled;
890
	case PPP_PROTO_LCP:
891
		fsm_input(&_this->lcp.fsm, inp, lpkt - (inp - pkt));
892
		goto handled;
893
	case PPP_PROTO_PAP:
894
		pap_input(&_this->pap, inp, lpkt - (inp - pkt));
895
		goto handled;
896
	case PPP_PROTO_CHAP:
897
		chap_input(&_this->chap, inp, lpkt - (inp - pkt));
898
		goto handled;
899
#ifdef USE_NPPPD_EAP_RADIUS
900
	case PPP_PROTO_EAP:
901
		eap_input(&_this->eap, inp, lpkt - (inp - pkt));
902
		goto handled;
903
#endif
904
#ifdef	USE_NPPPD_MPPE
905
	case PPP_PROTO_MPPE:
906
#ifdef USE_NPPPD_PIPEX
907
		if (_this->pipex_enabled != 0)
908
			return -1; /* silent discard */
909
#endif /* USE_NPPPD_PIPEX */
910
		mppe_input(&_this->mppe, inp, lpkt - (inp - pkt));
911
		goto handled;
912
#endif
913
	default:
914
		if ((proto & 0xff00) == PPP_PROTO_NCP) {
915
			switch (proto & 0xff) {
916
			case NCP_CCP:	/* Compression */
917
#ifdef	USE_NPPPD_MPPE
918
				if (MPPE_MUST_NEGO(_this)) {
919
					fsm_input(&_this->ccp.fsm, inp,
920
					    lpkt - (inp - pkt));
921
					goto handled;
922
				}
923
				/* protocol-reject if MPPE is not necessary */
924
#endif
925
				break;
926
			case NCP_IPCP:	/* IPCP */
927
				fsm_input(&_this->ipcp.fsm, inp,
928
				    lpkt - (inp - pkt));
929
				goto handled;
930
			}
931
		}
932
	}
933
	/* Protocol reject.  Log it with protocol number */
934
	ppp_log(_this, LOG_INFO, "unhandled protocol %s, %d(%04x)",
935
	    proto_name(proto), proto, proto);
936
937
	if ((flags & PPP_IO_FLAGS_MPPE_ENCRYPTED) != 0) {
938
		/*
939
		 * Don't return a protocol-reject for the packet was encrypted,
940
		 * because lcp protocol-reject is not encrypted by mppe.
941
		 */
942
	} else {
943
		/*
944
		 * as RFC1661: Rejected-Information MUST be truncated to
945
		 * comply with the peer's established MRU.
946
		 */
947
		lcp_send_protrej(&_this->lcp, inp_proto,
948
		    MINIMUM(lpkt - (inp_proto - pkt), NPPPD_MIN_MRU - 32));
949
	}
950
951
	return 1;
952
handled:
953
954
	return 0;
955
}
956
957
/** This function is called to output PPP packets */
958
void
959
ppp_output(npppd_ppp *_this, uint16_t proto, u_char code, u_char id,
960
    u_char *datap, int ldata)
961
{
962
	u_char *outp;
963
	int outlen, hlen, is_lcp = 0;
964
965
	outp = _this->outpacket_buf;
966
967
	/* No header compressions for LCP */
968
	is_lcp = (proto == PPP_PROTO_LCP)? 1 : 0;
969
970
	if (_this->has_acf == 0 ||
971
	    (!is_lcp && psm_peer_opt_is_accepted(&_this->lcp, acfc))) {
972
		/*
973
		 * Don't add ACF(Address and Control Field) if ACF is not
974
		 * needed on this link or ACFC is negotiated.
975
		 */
976
	} else {
977
		PUTCHAR(PPP_ALLSTATIONS, outp);
978
		PUTCHAR(PPP_UI, outp);
979
	}
980
	if (!is_lcp && proto <= 0xff &&
981
	    psm_peer_opt_is_accepted(&_this->lcp, pfc)) {
982
		/*
983
		 * Protocol Field Compression
984
		 */
985
		PUTCHAR(proto, outp);
986
	} else {
987
		PUTSHORT(proto, outp);
988
	}
989
	hlen = outp - _this->outpacket_buf;
990
991
	if (_this->mru > 0) {
992
		if (MRU_PKTLEN(_this->mru, proto) < ldata) {
993
			PPP_DBG((_this, LOG_ERR, "packet too large %d. mru=%d",
994
			    ldata , _this->mru));
995
			_this->oerrors++;
996
			PPP_ASSERT("NOT REACHED HERE" == NULL);
997
			return;
998
		}
999
	}
1000
1001
	if (code != 0) {
1002
		outlen = ldata + HEADERLEN;
1003
1004
		PUTCHAR(code, outp);
1005
		PUTCHAR(id, outp);
1006
		PUTSHORT(outlen, outp);
1007
	} else {
1008
		outlen = ldata;
1009
	}
1010
1011
	if (outp != datap && ldata > 0)
1012
		memmove(outp, datap, ldata);
1013
1014
	if (_this->log_dump_out != 0 && debug_get_debugfp() != NULL) {
1015
		struct tunnconf *conf = ppp_get_tunnconf(_this);
1016
		if ((ppp_proto_bit(proto) & conf->debug_dump_pktout) != 0) {
1017
			ppp_log(_this, LOG_DEBUG,
1018
			    "PPP output dump proto=%s(%d/%04x)",
1019
			    proto_name(proto), proto, proto);
1020
			show_hd(debug_get_debugfp(),
1021
			    _this->outpacket_buf, outlen + hlen);
1022
		}
1023
	}
1024
	_this->send_packet(_this, _this->outpacket_buf, outlen + hlen, 0);
1025
}
1026
1027
/**
1028
 * Return the buffer space for PPP output.  The returned pointer will be
1029
 * adjusted for header compression. The length of the space is larger than
1030
 * {@link npppd_ppp#mru}.
1031
 */
1032
u_char *
1033
ppp_packetbuf(npppd_ppp *_this, int proto)
1034
{
1035
	int save;
1036
1037
	save = 0;
1038
	if (proto != PPP_PROTO_LCP) {
1039
		if (psm_peer_opt_is_accepted(&_this->lcp, acfc))
1040
			save += 2;
1041
		if (proto <= 0xff && psm_peer_opt_is_accepted(&_this->lcp, pfc))
1042
			save += 1;
1043
	}
1044
	return _this->outpacket_buf + (PPP_HDRLEN - save);
1045
}
1046
1047
/** Record log that begins the label based this instance. */
1048
int
1049
ppp_log(npppd_ppp *_this, int prio, const char *fmt, ...)
1050
{
1051
	int status;
1052
	char logbuf[BUFSIZ];
1053
	va_list ap;
1054
1055
	PPP_ASSERT(_this != NULL);
1056
1057
	va_start(ap, fmt);
1058
	snprintf(logbuf, sizeof(logbuf), "ppp id=%u layer=base %s",
1059
	    _this->id, fmt);
1060
	status = vlog_printf(prio, logbuf, ap);
1061
	va_end(ap);
1062
1063
	return status;
1064
}
1065
1066
#ifdef USE_NPPPD_RADIUS
1067
#define UCHAR_BUFSIZ 255
1068
/**
1069
 * Process the Framed-IP-Address attribute and the Framed-IP-Netmask
1070
 * attribute of given RADIUS packet.
1071
 */
1072
void
1073
ppp_process_radius_framed_ip(npppd_ppp *_this, RADIUS_PACKET *pkt)
1074
{
1075
	struct in_addr ip4;
1076
1077
	if (radius_get_ipv4_attr(pkt, RADIUS_TYPE_FRAMED_IP_ADDRESS, &ip4)
1078
	    == 0)
1079
		_this->realm_framed_ip_address = ip4;
1080
1081
	_this->realm_framed_ip_netmask.s_addr = 0xffffffffL;
1082
	if (radius_get_ipv4_attr(pkt, RADIUS_TYPE_FRAMED_IP_NETMASK, &ip4)
1083
	    == 0)
1084
		_this->realm_framed_ip_netmask = ip4;
1085
}
1086
1087
/**
1088
 * Set RADIUS attributes for RADIUS authentication request.
1089
 * Return 0 on success.
1090
 */
1091
int
1092
ppp_set_radius_attrs_for_authreq(npppd_ppp *_this,
1093
    radius_req_setting *rad_setting, RADIUS_PACKET *radpkt)
1094
{
1095
	/* RFC 2865 "5.4 NAS-IP-Address" or RFC3162 "2.1. NAS-IPv6-Address" */
1096
	if (radius_prepare_nas_address(rad_setting, radpkt) != 0)
1097
		goto fail;
1098
1099
	/* RFC 2865 "5.6. Service-Type" */
1100
	if (radius_put_uint32_attr(radpkt, RADIUS_TYPE_SERVICE_TYPE,
1101
	    RADIUS_SERVICE_TYPE_FRAMED) != 0)
1102
		goto fail;
1103
1104
	/* RFC 2865 "5.7. Framed-Protocol" */
1105
	if (radius_put_uint32_attr(radpkt, RADIUS_TYPE_FRAMED_PROTOCOL,
1106
	    RADIUS_FRAMED_PROTOCOL_PPP) != 0)
1107
		goto fail;
1108
1109
	if (_this->calling_number[0] != '\0') {
1110
		if (radius_put_string_attr(radpkt,
1111
		    RADIUS_TYPE_CALLING_STATION_ID, _this->calling_number) != 0)
1112
			return 1;
1113
	}
1114
	return 0;
1115
fail:
1116
	return 1;
1117
}
1118
#endif
1119
1120
#ifdef USE_NPPPD_PIPEX
1121
/** The callback function on network is available for pipex */
1122
static void
1123
ppp_on_network_pipex(npppd_ppp *_this)
1124
{
1125
	if (_this->use_pipex == 0)
1126
		return;
1127
	if (_this->tunnel_type != NPPPD_TUNNEL_PPTP &&
1128
	    _this->tunnel_type != NPPPD_TUNNEL_PPPOE &&
1129
	    _this->tunnel_type != NPPPD_TUNNEL_L2TP)
1130
		return;
1131
1132
	if (_this->pipex_started != 0)
1133
		return;	/* already started */
1134
1135
	if (_this->assigned_ip4_enabled != 0 &&
1136
	    (!MPPE_MUST_NEGO(_this) || _this->ccp.fsm.state == OPENED ||
1137
		    _this->ccp.fsm.state == STOPPED)) {
1138
		/* IPCP is opened and MPPE is not required or MPPE is opened */
1139
		if (npppd_ppp_pipex_enable(_this->pppd, _this) != 0)
1140
			ppp_log(_this, LOG_WARNING, "failed enable pipex: %m");
1141
		ppp_log(_this, LOG_NOTICE, "Using pipex=%s",
1142
		    (_this->pipex_enabled != 0)? "yes" : "no");
1143
		_this->pipex_started = 1;
1144
	}
1145
	/* else wait CCP or IPCP */
1146
}
1147
#endif
1148
1149
static uint32_t
1150
ppp_proto_bit(int proto)
1151
{
1152
	switch (proto) {
1153
	case PPP_PROTO_IP:		return NPPPD_PROTO_BIT_IP;
1154
	case PPP_PROTO_LCP:		return NPPPD_PROTO_BIT_LCP;
1155
	case PPP_PROTO_PAP:		return NPPPD_PROTO_BIT_PAP;
1156
	case PPP_PROTO_CHAP:		return NPPPD_PROTO_BIT_CHAP;
1157
	case PPP_PROTO_EAP:		return NPPPD_PROTO_BIT_EAP;
1158
	case PPP_PROTO_MPPE:		return NPPPD_PROTO_BIT_MPPE;
1159
	case PPP_PROTO_NCP | NCP_CCP:	return NPPPD_PROTO_BIT_CCP;
1160
	case PPP_PROTO_NCP | NCP_IPCP:	return NPPPD_PROTO_BIT_IPCP;
1161
	}
1162
	return 0;
1163
}
1164
1165
struct tunnconf tunnconf_default_l2tp = {
1166
	.mru = 1360,
1167
	.tcp_mss_adjust = false,
1168
	.pipex = true,
1169
	.ingress_filter = false,
1170
	.lcp_keepalive = false,
1171
	.lcp_keepalive_interval = DEFAULT_LCP_ECHO_INTERVAL,
1172
	.lcp_keepalive_retry_interval = DEFAULT_LCP_ECHO_RETRY_INTERVAL,
1173
	.lcp_keepalive_max_retries = DEFAULT_LCP_ECHO_MAX_RETRIES,
1174
	.auth_methods = NPPPD_AUTH_METHODS_CHAP | NPPPD_AUTH_METHODS_MSCHAPV2,
1175
	.mppe_yesno = true,
1176
	.mppe_required = false,
1177
	.mppe_keylen = NPPPD_MPPE_40BIT | NPPPD_MPPE_56BIT | NPPPD_MPPE_128BIT,
1178
	.mppe_keystate = NPPPD_MPPE_STATELESS | NPPPD_MPPE_STATEFUL,
1179
	.callnum_check = 0,
1180
	.proto = {
1181
		.l2tp = {
1182
			.hostname = NULL,
1183
			.vendor_name = NULL,
1184
			.listen = TAILQ_HEAD_INITIALIZER(
1185
			    tunnconf_default_l2tp.proto.l2tp.listen),
1186
			/* .hello_interval, */
1187
			/* .hello_timeout, */
1188
			.data_use_seq = true,
1189
			.require_ipsec = false,
1190
			/* .accept_dialin, */
1191
			.lcp_renegotiation = true,
1192
			.force_lcp_renegotiation = false,
1193
			/* .ctrl_in_pktdump, */
1194
			/* .ctrl_out_pktdump, */
1195
			/* .data_in_pktdump, */
1196
			/* .data_out_pktdump, */
1197
		}
1198
	}
1199
};
1200
struct tunnconf tunnconf_default_pptp = {
1201
	.mru = 1400,
1202
	.tcp_mss_adjust = false,
1203
	.pipex = true,
1204
	.ingress_filter = false,
1205
	.lcp_keepalive = true,
1206
	.lcp_keepalive_interval = DEFAULT_LCP_ECHO_INTERVAL,
1207
	.lcp_keepalive_retry_interval = DEFAULT_LCP_ECHO_RETRY_INTERVAL,
1208
	.lcp_keepalive_max_retries = DEFAULT_LCP_ECHO_MAX_RETRIES,
1209
	.auth_methods = NPPPD_AUTH_METHODS_CHAP | NPPPD_AUTH_METHODS_MSCHAPV2,
1210
	.mppe_yesno = true,
1211
	.mppe_required = true,
1212
	.mppe_keylen = NPPPD_MPPE_40BIT | NPPPD_MPPE_56BIT | NPPPD_MPPE_128BIT,
1213
	.mppe_keystate = NPPPD_MPPE_STATELESS | NPPPD_MPPE_STATEFUL,
1214
	.callnum_check = 0,
1215
	.proto = {
1216
		.pptp = {
1217
			.hostname = NULL,
1218
			.vendor_name = NULL,
1219
			.listen = TAILQ_HEAD_INITIALIZER(
1220
			    tunnconf_default_pptp.proto.pptp.listen),
1221
			/* .echo_interval, */
1222
			/* .echo_timeout, */
1223
		}
1224
	}
1225
};
1226
struct tunnconf tunnconf_default_pppoe = {
1227
	.mru = 1492,
1228
	.tcp_mss_adjust = false,
1229
	.pipex = true,
1230
	.ingress_filter = false,
1231
	.lcp_keepalive = true,
1232
	.lcp_keepalive_interval = DEFAULT_LCP_ECHO_INTERVAL,
1233
	.lcp_keepalive_retry_interval = DEFAULT_LCP_ECHO_RETRY_INTERVAL,
1234
	.lcp_keepalive_max_retries = DEFAULT_LCP_ECHO_MAX_RETRIES,
1235
	.auth_methods = NPPPD_AUTH_METHODS_CHAP | NPPPD_AUTH_METHODS_MSCHAPV2,
1236
	.mppe_yesno = true,
1237
	.mppe_required = false,
1238
	.mppe_keylen = NPPPD_MPPE_40BIT | NPPPD_MPPE_56BIT | NPPPD_MPPE_128BIT,
1239
	.mppe_keystate = NPPPD_MPPE_STATELESS | NPPPD_MPPE_STATEFUL,
1240
	.callnum_check = 0,
1241
	.proto = {
1242
		.pppoe = {
1243
			/* .service_name */
1244
			.accept_any_service = true,
1245
			/* .ac_name */
1246
			/* .desc_in_pktdump */
1247
			/* .desc_out_pktdump */
1248
			/* .session_in_pktdump */
1249
			/* .session_out_pktdump */
1250
		}
1251
	}
1252
};
1253
1254
struct tunnconf *
1255
ppp_get_tunnconf(npppd_ppp *_this)
1256
{
1257
	struct tunnconf *conf;
1258
1259
	conf = npppd_get_tunnconf(_this->pppd, _this->phy_label);
1260
	if (conf != NULL)
1261
		return conf;
1262
1263
	switch (_this->tunnel_type) {
1264
	case NPPPD_TUNNEL_L2TP:
1265
		return &tunnconf_default_l2tp;
1266
		break;
1267
	case NPPPD_TUNNEL_PPTP:
1268
		return &tunnconf_default_pptp;
1269
		break;
1270
	case NPPPD_TUNNEL_PPPOE:
1271
		return &tunnconf_default_pppoe;
1272
		break;
1273
	}
1274
1275
	return NULL;
1276
}