| /*********************************************************************** |
| * |
| * common.c |
| * |
| * Implementation of user-space PPPoE redirector for Linux. |
| * |
| * Common functions used by PPPoE client and server |
| * |
| * Copyright (C) 2000 by Roaring Penguin Software Inc. |
| * |
| * This program may be distributed according to the terms of the GNU |
| * General Public License, version 2 or (at your option) any later version. |
| * |
| ***********************************************************************/ |
| |
| static char const RCSID[] = |
| "$Id: common.c,v 1.2 2004/01/13 04:03:58 paulus Exp $"; |
| |
| #include "pppoe.h" |
| |
| #ifdef HAVE_SYSLOG_H |
| #include <syslog.h> |
| #endif |
| |
| #include <string.h> |
| #include <errno.h> |
| #include <stdlib.h> |
| |
| #ifdef HAVE_UNISTD_H |
| #include <unistd.h> |
| #endif |
| |
| /********************************************************************** |
| *%FUNCTION: parsePacket |
| *%ARGUMENTS: |
| * packet -- the PPPoE discovery packet to parse |
| * func -- function called for each tag in the packet |
| * extra -- an opaque data pointer supplied to parsing function |
| *%RETURNS: |
| * 0 if everything went well; -1 if there was an error |
| *%DESCRIPTION: |
| * Parses a PPPoE discovery packet, calling "func" for each tag in the packet. |
| * "func" is passed the additional argument "extra". |
| ***********************************************************************/ |
| int |
| parsePacket(PPPoEPacket *packet, ParseFunc *func, void *extra) |
| { |
| UINT16_t len = ntohs(packet->length); |
| unsigned char *curTag; |
| UINT16_t tagType, tagLen; |
| |
| if (packet->ver != 1) { |
| syslog(LOG_ERR, "Invalid PPPoE version (%d)", (int) packet->ver); |
| return -1; |
| } |
| if (packet->type != 1) { |
| syslog(LOG_ERR, "Invalid PPPoE type (%d)", (int) packet->type); |
| return -1; |
| } |
| |
| /* Do some sanity checks on packet */ |
| if (len > ETH_DATA_LEN - 6) { /* 6-byte overhead for PPPoE header */ |
| syslog(LOG_ERR, "Invalid PPPoE packet length (%u)", len); |
| return -1; |
| } |
| |
| /* Step through the tags */ |
| curTag = packet->payload; |
| while(curTag - packet->payload < len) { |
| /* Alignment is not guaranteed, so do this by hand... */ |
| tagType = (((UINT16_t) curTag[0]) << 8) + |
| (UINT16_t) curTag[1]; |
| tagLen = (((UINT16_t) curTag[2]) << 8) + |
| (UINT16_t) curTag[3]; |
| if (tagType == TAG_END_OF_LIST) { |
| return 0; |
| } |
| if ((curTag - packet->payload) + tagLen + TAG_HDR_SIZE > len) { |
| syslog(LOG_ERR, "Invalid PPPoE tag length (%u)", tagLen); |
| return -1; |
| } |
| func(tagType, tagLen, curTag+TAG_HDR_SIZE, extra); |
| curTag = curTag + TAG_HDR_SIZE + tagLen; |
| } |
| return 0; |
| } |
| |
| /********************************************************************** |
| *%FUNCTION: findTag |
| *%ARGUMENTS: |
| * packet -- the PPPoE discovery packet to parse |
| * type -- the type of the tag to look for |
| * tag -- will be filled in with tag contents |
| *%RETURNS: |
| * A pointer to the tag if one of the specified type is found; NULL |
| * otherwise. |
| *%DESCRIPTION: |
| * Looks for a specific tag type. |
| ***********************************************************************/ |
| unsigned char * |
| findTag(PPPoEPacket *packet, UINT16_t type, PPPoETag *tag) |
| { |
| UINT16_t len = ntohs(packet->length); |
| unsigned char *curTag; |
| UINT16_t tagType, tagLen; |
| |
| if (packet->ver != 1) { |
| syslog(LOG_ERR, "Invalid PPPoE version (%d)", (int) packet->ver); |
| return NULL; |
| } |
| if (packet->type != 1) { |
| syslog(LOG_ERR, "Invalid PPPoE type (%d)", (int) packet->type); |
| return NULL; |
| } |
| |
| /* Do some sanity checks on packet */ |
| if (len > ETH_DATA_LEN - 6) { /* 6-byte overhead for PPPoE header */ |
| syslog(LOG_ERR, "Invalid PPPoE packet length (%u)", len); |
| return NULL; |
| } |
| |
| /* Step through the tags */ |
| curTag = packet->payload; |
| while(curTag - packet->payload < len) { |
| /* Alignment is not guaranteed, so do this by hand... */ |
| tagType = (((UINT16_t) curTag[0]) << 8) + |
| (UINT16_t) curTag[1]; |
| tagLen = (((UINT16_t) curTag[2]) << 8) + |
| (UINT16_t) curTag[3]; |
| if (tagType == TAG_END_OF_LIST) { |
| return NULL; |
| } |
| if ((curTag - packet->payload) + tagLen + TAG_HDR_SIZE > len) { |
| syslog(LOG_ERR, "Invalid PPPoE tag length (%u)", tagLen); |
| return NULL; |
| } |
| if (tagType == type) { |
| memcpy(tag, curTag, tagLen + TAG_HDR_SIZE); |
| return curTag; |
| } |
| curTag = curTag + TAG_HDR_SIZE + tagLen; |
| } |
| return NULL; |
| } |
| |
| /********************************************************************** |
| *%FUNCTION: printErr |
| *%ARGUMENTS: |
| * str -- error message |
| *%RETURNS: |
| * Nothing |
| *%DESCRIPTION: |
| * Prints a message to stderr and syslog. |
| ***********************************************************************/ |
| void |
| printErr(char const *str) |
| { |
| fprintf(stderr, "pppoe: %s\n", str); |
| syslog(LOG_ERR, "%s", str); |
| } |
| |
| |
| /********************************************************************** |
| *%FUNCTION: strDup |
| *%ARGUMENTS: |
| * str -- string to copy |
| *%RETURNS: |
| * A malloc'd copy of str. Exits if malloc fails. |
| ***********************************************************************/ |
| char * |
| strDup(char const *str) |
| { |
| char *copy = malloc(strlen(str)+1); |
| if (!copy) { |
| rp_fatal("strdup failed"); |
| } |
| strcpy(copy, str); |
| return copy; |
| } |
| |
| #ifdef PPPOE_STANDALONE |
| /********************************************************************** |
| *%FUNCTION: computeTCPChecksum |
| *%ARGUMENTS: |
| * ipHdr -- pointer to IP header |
| * tcpHdr -- pointer to TCP header |
| *%RETURNS: |
| * The computed TCP checksum |
| ***********************************************************************/ |
| UINT16_t |
| computeTCPChecksum(unsigned char *ipHdr, unsigned char *tcpHdr) |
| { |
| UINT32_t sum = 0; |
| UINT16_t count = ipHdr[2] * 256 + ipHdr[3]; |
| unsigned char *addr = tcpHdr; |
| unsigned char pseudoHeader[12]; |
| |
| /* Count number of bytes in TCP header and data */ |
| count -= (ipHdr[0] & 0x0F) * 4; |
| |
| memcpy(pseudoHeader, ipHdr+12, 8); |
| pseudoHeader[8] = 0; |
| pseudoHeader[9] = ipHdr[9]; |
| pseudoHeader[10] = (count >> 8) & 0xFF; |
| pseudoHeader[11] = (count & 0xFF); |
| |
| /* Checksum the pseudo-header */ |
| sum += * (UINT16_t *) pseudoHeader; |
| sum += * ((UINT16_t *) (pseudoHeader+2)); |
| sum += * ((UINT16_t *) (pseudoHeader+4)); |
| sum += * ((UINT16_t *) (pseudoHeader+6)); |
| sum += * ((UINT16_t *) (pseudoHeader+8)); |
| sum += * ((UINT16_t *) (pseudoHeader+10)); |
| |
| /* Checksum the TCP header and data */ |
| while (count > 1) { |
| sum += * (UINT16_t *) addr; |
| addr += 2; |
| count -= 2; |
| } |
| if (count > 0) { |
| sum += *addr; |
| } |
| |
| while(sum >> 16) { |
| sum = (sum & 0xffff) + (sum >> 16); |
| } |
| return (UINT16_t) (~sum & 0xFFFF); |
| } |
| |
| /********************************************************************** |
| *%FUNCTION: clampMSS |
| *%ARGUMENTS: |
| * packet -- PPPoE session packet |
| * dir -- either "incoming" or "outgoing" |
| * clampMss -- clamp value |
| *%RETURNS: |
| * Nothing |
| *%DESCRIPTION: |
| * Clamps MSS option if TCP SYN flag is set. |
| ***********************************************************************/ |
| void |
| clampMSS(PPPoEPacket *packet, char const *dir, int clampMss) |
| { |
| unsigned char *tcpHdr; |
| unsigned char *ipHdr; |
| unsigned char *opt; |
| unsigned char *endHdr; |
| unsigned char *mssopt = NULL; |
| UINT16_t csum; |
| |
| int len, minlen; |
| |
| /* check PPP protocol type */ |
| if (packet->payload[0] & 0x01) { |
| /* 8 bit protocol type */ |
| |
| /* Is it IPv4? */ |
| if (packet->payload[0] != 0x21) { |
| /* Nope, ignore it */ |
| return; |
| } |
| |
| ipHdr = packet->payload + 1; |
| minlen = 41; |
| } else { |
| /* 16 bit protocol type */ |
| |
| /* Is it IPv4? */ |
| if (packet->payload[0] != 0x00 || |
| packet->payload[1] != 0x21) { |
| /* Nope, ignore it */ |
| return; |
| } |
| |
| ipHdr = packet->payload + 2; |
| minlen = 42; |
| } |
| |
| /* Is it too short? */ |
| len = (int) ntohs(packet->length); |
| if (len < minlen) { |
| /* 20 byte IP header; 20 byte TCP header; at least 1 or 2 byte PPP protocol */ |
| return; |
| } |
| |
| /* Verify once more that it's IPv4 */ |
| if ((ipHdr[0] & 0xF0) != 0x40) { |
| return; |
| } |
| |
| /* Is it a fragment that's not at the beginning of the packet? */ |
| if ((ipHdr[6] & 0x1F) || ipHdr[7]) { |
| /* Yup, don't touch! */ |
| return; |
| } |
| /* Is it TCP? */ |
| if (ipHdr[9] != 0x06) { |
| return; |
| } |
| |
| /* Get start of TCP header */ |
| tcpHdr = ipHdr + (ipHdr[0] & 0x0F) * 4; |
| |
| /* Is SYN set? */ |
| if (!(tcpHdr[13] & 0x02)) { |
| return; |
| } |
| |
| /* Compute and verify TCP checksum -- do not touch a packet with a bad |
| checksum */ |
| csum = computeTCPChecksum(ipHdr, tcpHdr); |
| if (csum) { |
| syslog(LOG_ERR, "Bad TCP checksum %x", (unsigned int) csum); |
| |
| /* Upper layers will drop it */ |
| return; |
| } |
| |
| /* Look for existing MSS option */ |
| endHdr = tcpHdr + ((tcpHdr[12] & 0xF0) >> 2); |
| opt = tcpHdr + 20; |
| while (opt < endHdr) { |
| if (!*opt) break; /* End of options */ |
| switch(*opt) { |
| case 1: |
| opt++; |
| break; |
| |
| case 2: |
| if (opt[1] != 4) { |
| /* Something fishy about MSS option length. */ |
| syslog(LOG_ERR, |
| "Bogus length for MSS option (%u) from %u.%u.%u.%u", |
| (unsigned int) opt[1], |
| (unsigned int) ipHdr[12], |
| (unsigned int) ipHdr[13], |
| (unsigned int) ipHdr[14], |
| (unsigned int) ipHdr[15]); |
| return; |
| } |
| mssopt = opt; |
| break; |
| default: |
| if (opt[1] < 2) { |
| /* Someone's trying to attack us? */ |
| syslog(LOG_ERR, |
| "Bogus TCP option length (%u) from %u.%u.%u.%u", |
| (unsigned int) opt[1], |
| (unsigned int) ipHdr[12], |
| (unsigned int) ipHdr[13], |
| (unsigned int) ipHdr[14], |
| (unsigned int) ipHdr[15]); |
| return; |
| } |
| opt += (opt[1]); |
| break; |
| } |
| /* Found existing MSS option? */ |
| if (mssopt) break; |
| } |
| |
| /* If MSS exists and it's low enough, do nothing */ |
| if (mssopt) { |
| unsigned mss = mssopt[2] * 256 + mssopt[3]; |
| if (mss <= clampMss) { |
| return; |
| } |
| |
| mssopt[2] = (((unsigned) clampMss) >> 8) & 0xFF; |
| mssopt[3] = ((unsigned) clampMss) & 0xFF; |
| } else { |
| /* No MSS option. Don't add one; we'll have to use 536. */ |
| return; |
| } |
| |
| /* Recompute TCP checksum */ |
| tcpHdr[16] = 0; |
| tcpHdr[17] = 0; |
| csum = computeTCPChecksum(ipHdr, tcpHdr); |
| (* (UINT16_t *) (tcpHdr+16)) = csum; |
| } |
| #endif /* PPPOE_STANDALONE */ |
| |
| /*********************************************************************** |
| *%FUNCTION: sendPADT |
| *%ARGUMENTS: |
| * conn -- PPPoE connection |
| * msg -- if non-NULL, extra error message to include in PADT packet. |
| *%RETURNS: |
| * Nothing |
| *%DESCRIPTION: |
| * Sends a PADT packet |
| ***********************************************************************/ |
| void |
| sendPADT(PPPoEConnection *conn, char const *msg) |
| { |
| PPPoEPacket packet; |
| unsigned char *cursor = packet.payload; |
| |
| UINT16_t plen = 0; |
| |
| /* Do nothing if no session established yet */ |
| if (!conn->session) return; |
| |
| /* Do nothing if no discovery socket */ |
| if (conn->discoverySocket < 0) return; |
| |
| memcpy(packet.ethHdr.h_dest, conn->peerEth, ETH_ALEN); |
| memcpy(packet.ethHdr.h_source, conn->myEth, ETH_ALEN); |
| |
| packet.ethHdr.h_proto = htons(Eth_PPPOE_Discovery); |
| packet.ver = 1; |
| packet.type = 1; |
| packet.code = CODE_PADT; |
| packet.session = conn->session; |
| |
| /* Reset Session to zero so there is no possibility of |
| recursive calls to this function by any signal handler */ |
| conn->session = 0; |
| |
| /* If we're using Host-Uniq, copy it over */ |
| if (conn->useHostUniq) { |
| PPPoETag hostUniq; |
| pid_t pid = getpid(); |
| hostUniq.type = htons(TAG_HOST_UNIQ); |
| hostUniq.length = htons(sizeof(pid)); |
| memcpy(hostUniq.payload, &pid, sizeof(pid)); |
| memcpy(cursor, &hostUniq, sizeof(pid) + TAG_HDR_SIZE); |
| cursor += sizeof(pid) + TAG_HDR_SIZE; |
| plen += sizeof(pid) + TAG_HDR_SIZE; |
| } |
| |
| /* Copy error message */ |
| if (msg) { |
| PPPoETag err; |
| size_t elen = strlen(msg); |
| err.type = htons(TAG_GENERIC_ERROR); |
| err.length = htons(elen); |
| strcpy(err.payload, msg); |
| memcpy(cursor, &err, elen + TAG_HDR_SIZE); |
| cursor += elen + TAG_HDR_SIZE; |
| plen += elen + TAG_HDR_SIZE; |
| } |
| |
| /* Copy cookie and relay-ID if needed */ |
| if (conn->cookie.type) { |
| CHECK_ROOM(cursor, packet.payload, |
| ntohs(conn->cookie.length) + TAG_HDR_SIZE); |
| memcpy(cursor, &conn->cookie, ntohs(conn->cookie.length) + TAG_HDR_SIZE); |
| cursor += ntohs(conn->cookie.length) + TAG_HDR_SIZE; |
| plen += ntohs(conn->cookie.length) + TAG_HDR_SIZE; |
| } |
| |
| if (conn->relayId.type) { |
| CHECK_ROOM(cursor, packet.payload, |
| ntohs(conn->relayId.length) + TAG_HDR_SIZE); |
| memcpy(cursor, &conn->relayId, ntohs(conn->relayId.length) + TAG_HDR_SIZE); |
| cursor += ntohs(conn->relayId.length) + TAG_HDR_SIZE; |
| plen += ntohs(conn->relayId.length) + TAG_HDR_SIZE; |
| } |
| |
| packet.length = htons(plen); |
| sendPacket(conn, conn->discoverySocket, &packet, (int) (plen + HDR_SIZE)); |
| if (conn->debugFile) { |
| dumpPacket(conn->debugFile, &packet, "SENT"); |
| fprintf(conn->debugFile, "\n"); |
| fflush(conn->debugFile); |
| } |
| syslog(LOG_INFO,"Sent PADT"); |
| } |
| |
| /********************************************************************** |
| *%FUNCTION: parseLogErrs |
| *%ARGUMENTS: |
| * type -- tag type |
| * len -- tag length |
| * data -- tag data |
| * extra -- extra user data |
| *%RETURNS: |
| * Nothing |
| *%DESCRIPTION: |
| * Picks error tags out of a packet and logs them. |
| ***********************************************************************/ |
| void |
| parseLogErrs(UINT16_t type, UINT16_t len, unsigned char *data, |
| void *extra) |
| { |
| switch(type) { |
| case TAG_SERVICE_NAME_ERROR: |
| syslog(LOG_ERR, "PADT: Service-Name-Error: %.*s", (int) len, data); |
| fprintf(stderr, "PADT: Service-Name-Error: %.*s\n", (int) len, data); |
| break; |
| case TAG_AC_SYSTEM_ERROR: |
| syslog(LOG_ERR, "PADT: System-Error: %.*s", (int) len, data); |
| fprintf(stderr, "PADT: System-Error: %.*s\n", (int) len, data); |
| break; |
| case TAG_GENERIC_ERROR: |
| syslog(LOG_ERR, "PADT: Generic-Error: %.*s", (int) len, data); |
| fprintf(stderr, "PADT: Generic-Error: %.*s\n", (int) len, data); |
| break; |
| } |
| } |
| |
