123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511 |
- /*
- * pptpgre.c
- *
- * originally by C. S. Ananian
- * Modified for PoPToP
- *
- * $Id: pptpgre.c,v 1.9 2007/04/16 00:21:02 quozl Exp $
- */
- #ifdef HAVE_CONFIG_H
- #include "config.h"
- #endif
- #ifdef __linux__
- #define _GNU_SOURCE 1 /* broken arpa/inet.h */
- #endif
- #include "our_syslog.h"
- #include <stdio.h>
- #include <stdlib.h>
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
- #include <sys/stat.h>
- #include <time.h>
- #include <sys/time.h>
- #include <unistd.h>
- #include <string.h>
- #include <errno.h>
- #include <fcntl.h>
- #ifdef HAVE_SYS_UIO_H
- #include <sys/uio.h>
- #endif
- #include "ppphdlc.h"
- #include "pptpgre.h"
- #include "pptpdefs.h"
- #include "pptpctrl.h"
- #include "defaults.h"
- #include "pqueue.h"
- #ifndef HAVE_STRERROR
- #include "compat.h"
- #endif
- #define PACKET_MAX 8196
- typedef int (*callback_t)(int cl, void *pack, unsigned int len);
- /* test for a 32 bit counter overflow */
- #define WRAPPED( curseq, lastseq) \
- ((((curseq) & 0xffffff00) == 0) && \
- (((lastseq) & 0xffffff00 ) == 0xffffff00))
- static struct gre_state gre;
- gre_stats_t stats;
- static uint64_t time_now_usecs()
- {
- struct timeval tv;
- gettimeofday(&tv, NULL);
- return (tv.tv_sec * 1000000) + tv.tv_usec;
- }
- int pptp_gre_init(u_int32_t call_id_pair, int pty_fd, struct in_addr *inetaddrs)
- {
- struct sockaddr_in addr;
- int gre_fd;
- /* Open IP protocol socket */
- gre_fd = socket(AF_INET, SOCK_RAW, PPTP_PROTO);
- if (gre_fd < 0) {
- syslog(LOG_ERR, "GRE: socket() failed");
- return -1;
- }
- memset(&addr, 0, sizeof(addr));
- addr.sin_family = AF_INET;
- addr.sin_addr = inetaddrs[0];
- addr.sin_port = 0;
- if (bind(gre_fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
- syslog(LOG_ERR, "GRE: bind() failed: %s", strerror(errno));
- syslog(LOG_ERR, "GRE: continuing, but may not work if multi-homed");
- }
- addr.sin_family = AF_INET;
- addr.sin_addr = inetaddrs[1];
- addr.sin_port = 0;
- if (connect(gre_fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
- syslog(LOG_ERR, "GRE: connect() failed: %s", strerror(errno));
- return -1;
- }
- gre.seq_sent = 0;
- gre.ack_sent = gre.ack_recv = gre.seq_recv = 0xFFFFFFFF;
- /* seq_recv is -1, therefore next packet expected is seq 0,
- to comply with RFC 2637: 'The sequence number for each
- user session is set to zero at session startup.' */
-
- gre.call_id_pair = call_id_pair; /* network byte order */
- return gre_fd;
- }
- /* ONE blocking read per call; dispatches all packets possible */
- /* returns 0 on success, or <0 on read failure */
- int decaps_hdlc(int fd, int (*cb) (int cl, void *pack, unsigned len), int cl)
- {
- static unsigned char buffer[PACKET_MAX], copy[PACKET_MAX];
- static unsigned start = 0, end = 0;
- static unsigned len = 0, escape = 0;
- static u_int16_t fcs = PPPINITFCS16;
- static unsigned char err = 0;
- unsigned char c;
- int status;
- /* we do one read only, since it may block. and only if the
- * buffer is empty (start == end)
- */
- if (fd == -1) {
- if(cb == NULL) {
- /* peek mode */
- return err ? -1 : 0;
- } else if (!err) {
- /* re-xmit and nothing queued */
- syslog(LOG_ERR, "GRE: Re-xmit called with nothing queued");
- return -1;
- }
- }
- if (!err) {
- /* All known data is processed. This true unless the last
- * network write failed.
- */
- if ((status = read(fd, buffer, sizeof(buffer))) <= 0) {
- syslog(LOG_ERR, "GRE: read(fd=%d,buffer=%lx,len=%d) from PTY failed: status = %d error = %s%s",
- fd, (unsigned long) buffer, sizeof(buffer),
- status, status ? strerror(errno) : "No error",
- errno != EIO ? "" : ", usually caused by unexpected termination of pppd, check option syntax and pppd logs");
- /* FAQ: mistakes in pppd option spelling in
- * /etc/ppp/options.pptpd often cause EIO,
- * with pppd not reporting the problem to any
- * logs. Termination of pppd by signal can
- * *also* cause this situation. -- James Cameron
- */
- return -1;
- }
- end = status;
- start = 0;
- } else {
- /* We're here because of a network write failure. Try again.
- * Then do what we would do normally and enter the loop as if
- * just continuing the while(1). Not sure that this ever
- * really happens, but since we error-check status then we
- * should have the code to handle an error :-)
- */
- err = 0;
- if ((status = cb(cl, copy, len)) < 0) {
- syslog(LOG_ERR, "GRE: re-xmit failed from decaps_hdlc: %s", strerror(errno));
- err = 1;
- return status; /* return error */
- }
- /* Great! Let's do more! */
- fcs = PPPINITFCS16;
- len = 0;
- escape = 0;
- }
- while (1) {
- /* Infinite loop, we return when we're out of data */
- /* Check if out of data */
- if (start == end)
- return 0;
- /* Add to the packet up till the next HDLC_FLAG (start/end of
- * packet marker). Copy to 'copy', un-escape and checksum as we go.
- */
- while (buffer[start] != HDLC_FLAG) {
- /* Dispose of 'too long' packets */
- if (len >= PACKET_MAX) {
- syslog(LOG_ERR, "GRE: Received too long packet from pppd.");
- while (buffer[start] != HDLC_FLAG && start < end)
- start++;
- if (start < end) {
- goto newpacket;
- } else
- return 0;
- }
- /* Read a character, un-escaping if needed */
- if (buffer[start] == HDLC_ESCAPE && !escape)
- escape = 1;
- else {
- if (escape) {
- copy[len] = c = buffer[start] ^ 0x20;
- escape = 0;
- } else
- copy[len] = c = buffer[start];
- fcs = (fcs >> 8) ^ fcstab[(fcs ^ c) & 0xff];
- len++;
- }
- start++;
- /* Check if out of data */
- if (start == end)
- return 0;
- }
- /* Found flag. Skip past it */
- start++;
- /* Check for over-short packets and silently discard, as per RFC1662 */
- if ((len < 4) || (escape == 1)) {
- /* len == 0 is possible, we generate it :-) [using HDLC_ESCAPE at
- * start and end of packet]. Others are worth recording.
- */
- if (len && len < 4)
- syslog(LOG_ERR, "GRE: Received too short packet from pppd.");
- if (escape)
- syslog(LOG_ERR, "GRE: Received bad packet from pppd.");
- goto newpacket;
- }
- /* Check, then remove the 16-bit FCS checksum field */
- if (fcs != PPPGOODFCS16) {
- syslog(LOG_ERR, "GRE: Bad checksum from pppd.");
- goto newpacket;
- }
- len -= sizeof(u_int16_t);
- /* So now we have a packet of length 'len' in 'copy' */
- if ((status = cb(cl, copy, len)) < 0) {
- syslog(LOG_ERR, "GRE: xmit failed from decaps_hdlc: %s", strerror(errno));
- err = 1;
- return status; /* return error */
- }
- newpacket:
- /* Great! Let's do more! */
- fcs = PPPINITFCS16;
- len = 0;
- escape = 0;
- }
- }
- #define seq_greater(A,B) ((A)>(B) || \
- (((u_int32_t)(A)<0xff) && ((~((u_int32_t)(B)))<0xff)))
- /* Macro used in encaps_hdlc(). add "val" to "dest" at position "pos",
- * incrementing "pos" to point after the added value. set "tmp" to "val"
- * as a side-effect.
- */
- #define ADD_CHAR(dest, pos, val, tmp) \
- tmp = (val); \
- if ((tmp<0x20) || (tmp==HDLC_FLAG) || (tmp==HDLC_ESCAPE)) { \
- dest[pos++]=HDLC_ESCAPE; \
- dest[pos++]=tmp^0x20; \
- } else \
- dest[pos++]=tmp
- /* Make stripped packet into HDLC packet */
- int encaps_hdlc(int fd, void *pack, unsigned len)
- {
- unsigned char *source = (unsigned char *) pack;
- /* largest expansion possible - double all + double fcs + 2 flags */
- static unsigned char dest[2 * PACKET_MAX + 6];
- unsigned pos = 1, i;
- u_int16_t fcs;
- unsigned char c;
- fcs = PPPINITFCS16;
- /* make sure overflow is impossible so we don't have to bounds check
- * in loop. drop large packets.
- */
- if (len > PACKET_MAX) {
- syslog(LOG_ERR, "GRE: Asked to encapsulate too large packet (len = %d)", len);
- return -1;
- }
- /* start character */
- dest[0] = HDLC_FLAG;
- /* escape the payload */
- for (i = 0; i < len; i++) {
- ADD_CHAR(dest, pos, source[i], c);
- fcs = (fcs >> 8) ^ fcstab[(fcs ^ c) & 0xff];
- }
- fcs ^= 0xFFFF;
- ADD_CHAR(dest, pos, fcs & 0xFF, c);
- ADD_CHAR(dest, pos, fcs >> 8, c);
- /* tack on the end-flag */
- dest[pos++] = HDLC_FLAG;
- /* now write this packet */
- return write(fd, dest, pos);
- }
- #undef ADD_CHAR
- static int dequeue_gre (callback_t callback, int cl)
- {
- pqueue_t *head;
- int status;
- /* process packets in the queue that either are expected or
- have timed out. */
- head = pqueue_head();
- while ( head != NULL &&
- ( (head->seq == gre.seq_recv + 1) || /* wrap-around safe */
- (pqueue_expiry_time(head) <= 0)
- )
- ) {
- /* if it is timed out... */
- if (head->seq != gre.seq_recv + 1 ) { /* wrap-around safe */
- stats.rx_lost += head->seq - gre.seq_recv - 1;
- if (pptpctrl_debug)
- syslog(LOG_DEBUG,
- "GRE: timeout waiting for %d packets",
- head->seq - gre.seq_recv - 1);
- }
- if (pptpctrl_debug)
- syslog(LOG_DEBUG, "GRE: accepting #%d from queue",
- head->seq);
- gre.seq_recv = head->seq;
- status = callback(cl, head->packet, head->packlen);
- pqueue_del(head);
- if (status < 0) return status;
- head = pqueue_head();
- }
- return 0;
- }
- int decaps_gre(int fd, int (*cb) (int cl, void *pack, unsigned len), int cl)
- {
- static unsigned char buffer[PACKET_MAX + 64 /*ip header */ ];
- struct pptp_gre_header *header;
- int status, ip_len = 0;
- dequeue_gre(cb, cl);
- if ((status = read(fd, buffer, sizeof(buffer))) <= 0) {
- syslog(LOG_ERR, "GRE: read(fd=%d,buffer=%lx,len=%d) from network failed: status = %d error = %s",
- fd, (unsigned long) buffer, sizeof(buffer), status, status ? strerror(errno) : "No error");
- stats.rx_errors++;
- return -1;
- }
- /* strip off IP header, if present */
- if ((buffer[0] & 0xF0) == 0x40)
- ip_len = (buffer[0] & 0xF) * 4;
- header = (struct pptp_gre_header *) (buffer + ip_len);
- /* verify packet (else discard) */
- if (((ntoh8(header->ver) & 0x7F) != PPTP_GRE_VER) || /* version should be 1 */
- (ntoh16(header->protocol) != PPTP_GRE_PROTO) || /* GRE protocol for PPTP */
- PPTP_GRE_IS_C(ntoh8(header->flags)) || /* flag C should be clear */
- PPTP_GRE_IS_R(ntoh8(header->flags)) || /* flag R should be clear */
- (!PPTP_GRE_IS_K(ntoh8(header->flags))) || /* flag K should be set */
- ((ntoh8(header->flags) & 0xF) != 0)) { /* routing and recursion ctrl = 0 */
- /* if invalid, discard this packet */
- syslog(LOG_ERR, "GRE: Discarding packet by header check");
- stats.rx_invalid++;
- return 0;
- }
- if (header->call_id != GET_VALUE(PAC, gre.call_id_pair)) {
- /*
- * Discard silently to allow more than one GRE tunnel from
- * the same IP address in case clients are behind the
- * firewall.
- *
- * syslog(LOG_ERR, "GRE: Discarding for incorrect call");
- */
- return 0;
- }
- if (PPTP_GRE_IS_A(ntoh8(header->ver))) { /* acknowledgement present */
- u_int32_t ack = (PPTP_GRE_IS_S(ntoh8(header->flags))) ?
- ntoh32(header->ack) : ntoh32(header->seq);
- /* ack in different place if S=0 */
- if (seq_greater(ack, gre.ack_recv))
- gre.ack_recv = ack;
- /* also handle sequence number wrap-around */
- if (WRAPPED(ack,gre.ack_recv)) gre.ack_recv = ack;
- if (gre.ack_recv == stats.pt.seq) {
- int rtt = time_now_usecs() - stats.pt.time;
- stats.rtt = (stats.rtt + rtt) / 2;
- }
- }
- if (PPTP_GRE_IS_S(ntoh8(header->flags))) { /* payload present */
- unsigned headersize = sizeof(*header);
- unsigned payload_len = ntoh16(header->payload_len);
- u_int32_t seq = ntoh32(header->seq);
- if (!PPTP_GRE_IS_A(ntoh8(header->ver)))
- headersize -= sizeof(header->ack);
- /* check for incomplete packet (length smaller than expected) */
- if (status - headersize < payload_len) {
- stats.rx_truncated++;
- return 0;
- }
- /* check for out-of-order sequence number
- * N.B.: some client implementations violate RFC 2637
- * and start their sequence numbers at 1 instead of 0,
- * so we have to introduce a kludge to deal with it.
- * on wrap we may allow an out of order packet to pass
- */
- if (seq == gre.seq_recv + 1 || seq == 1) {
- if (pptpctrl_debug)
- syslog(LOG_DEBUG, "GRE: accepting packet #%d",
- seq);
- stats.rx_accepted++;
- gre.seq_recv = seq;
- return cb(cl, buffer + ip_len + headersize, payload_len);
- } else if (!seq_greater(seq, gre.seq_recv)) {
- if (pptpctrl_debug)
- syslog(LOG_DEBUG,
- "GRE: discarding duplicate or old packet #%d (expecting #%d)",
- seq, gre.seq_recv + 1);
- return 0; /* discard duplicate packets */
- } else {
- stats.rx_buffered++;
- if (pptpctrl_debug)
- syslog(LOG_DEBUG,
- "GRE: buffering packet #%d (expecting #%d, lost or reordered)",
- seq, gre.seq_recv + 1);
- pqueue_add(seq, buffer + ip_len + headersize, payload_len);
- return 0; /* discard out-of-order packets */
- }
- }
- return 0; /* ack, but no payload */
- }
- int encaps_gre(int fd, void *pack, unsigned len)
- {
- static union {
- struct pptp_gre_header header;
- unsigned char buffer[PACKET_MAX + sizeof(struct pptp_gre_header)];
- } u;
- unsigned header_len;
- ssize_t status;
- #ifdef HAVE_WRITEV
- struct iovec iovec[2];
- #endif
- if(fd == -1)
- /* peek mode */
- return (gre.ack_sent == gre.seq_recv) ? 0 : -1;
- /* package this up in a GRE shell. */
- u.header.flags = hton8(PPTP_GRE_FLAG_K);
- u.header.ver = hton8(PPTP_GRE_VER);
- u.header.protocol = hton16(PPTP_GRE_PROTO);
- u.header.payload_len = hton16(len);
- u.header.call_id = GET_VALUE(PNS, gre.call_id_pair);
- /* special case ACK with no payload */
- if (pack == NULL) {
- if (gre.ack_sent != gre.seq_recv) {
- u.header.ver |= hton8(PPTP_GRE_FLAG_A);
- u.header.payload_len = hton16(0);
- u.header.seq = hton32(gre.seq_recv); /* ack is in odd place because S=0 */
- gre.ack_sent = gre.seq_recv;
- /* don't sent ACK field, ACK is in SYN field */
- return write(fd, u.buffer, sizeof(u.header) - sizeof(u.header.ack));
- } else
- return 0; /* we don't need to send ACK */
- }
- /* send packet with payload */
- u.header.flags |= hton8(PPTP_GRE_FLAG_S);
- u.header.seq = hton32(gre.seq_sent);
- gre.seq_sent++;
- if (gre.ack_sent != gre.seq_recv) { /* send ack with this message */
- u.header.ver |= hton8(PPTP_GRE_FLAG_A);
- u.header.ack = hton32(gre.seq_recv);
- gre.ack_sent = gre.seq_recv;
- header_len = sizeof(u.header);
- } else { /* don't send ack */
- header_len = sizeof(u.header) - sizeof(u.header.ack);
- }
- if (len > PACKET_MAX) {
- syslog(LOG_ERR, "GRE: packet is too large %d", len);
- stats.tx_oversize++;
- return 0; /* drop this, it's too big */
- }
- #ifdef HAVE_WRITEV
- /* write header and buffer without copying. */
- iovec[0].iov_base = u.buffer;
- iovec[0].iov_len = header_len;
- iovec[1].iov_base = pack;
- iovec[1].iov_len = len;
- status = writev(fd, iovec, 2);
- #else
- /* copy payload into buffer */
- memcpy(u.buffer + header_len, pack, len);
- /* record and increment sequence numbers */
- /* write this baby out to the net */
- status = write(fd, u.buffer, header_len + len);
- #endif
- if ((status >= 0) || (errno != ENOBUFS)) {
- return status;
- }
- // if ENOBUFS, do not close the connection
- gre.seq_sent--;
- return 0;
- }
|