30949fd4b5
structures (well, they're treated as opaque). It's now possible to manage IPv6 interface addresses and routing table entries and to filter IPV6 traffic whether encapsulated or not. IPV6CP support is crude for now, and hasn't been tested against any other implementations. RADIUS and IPv6 are independent of eachother for now. ppp.linkup/ppp.linkdown aren't currently used by IPV6CP o Understand all protocols(5) in filter rules rather than only a select few. o Allow a mask specification for the ``delete'' command. It's now possible to specifically delete one of two conflicting routes. o When creating and deleting proxy arp entries, do it for all IPv4 interface addresses rather than doing it just for the ``current'' peer address. o When iface-alias isn't in effect, don't blow away manually (via ``iface add'') added interface addresses. o When listening on a tcp server (diagnostic) socket, bind so that a tcp46 socket is created -- allowing both IPv4 and IPv6 connections. o When displaying ICMP traffic, don't display the icmp type twice. When display traffic, display at least some information about unrecognised traffic. o Bump version Inspired after filtering work by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
551 lines
13 KiB
C
551 lines
13 KiB
C
/*-
|
|
* Copyright (c) 2001 Brian Somers <brian@Awfulhak.org>
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
#include <sys/param.h>
|
|
#include <netinet/in_systm.h>
|
|
#include <netinet/in.h>
|
|
#include <netinet/ip.h>
|
|
#include <arpa/inet.h>
|
|
#include <sys/socket.h>
|
|
#include <net/if.h>
|
|
#include <net/route.h>
|
|
#include <netdb.h>
|
|
#include <sys/un.h>
|
|
|
|
#include <errno.h>
|
|
#include <fcntl.h>
|
|
#include <resolv.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <sys/stat.h>
|
|
#include <termios.h>
|
|
#include <unistd.h>
|
|
|
|
#include "layer.h"
|
|
#include "ua.h"
|
|
#include "defs.h"
|
|
#include "command.h"
|
|
#include "mbuf.h"
|
|
#include "log.h"
|
|
#include "timer.h"
|
|
#include "fsm.h"
|
|
#include "proto.h"
|
|
#include "iplist.h"
|
|
#include "throughput.h"
|
|
#include "slcompress.h"
|
|
#include "lqr.h"
|
|
#include "hdlc.h"
|
|
#include "lcp.h"
|
|
#include "ncpaddr.h"
|
|
#include "ip.h"
|
|
#include "ipcp.h"
|
|
#include "filter.h"
|
|
#include "descriptor.h"
|
|
#include "vjcomp.h"
|
|
#include "async.h"
|
|
#include "ccp.h"
|
|
#include "link.h"
|
|
#include "physical.h"
|
|
#include "mp.h"
|
|
#ifndef NORADIUS
|
|
#include "radius.h"
|
|
#endif
|
|
#include "ipv6cp.h"
|
|
#include "ncp.h"
|
|
#include "bundle.h"
|
|
#include "id.h"
|
|
#include "arp.h"
|
|
#include "systems.h"
|
|
#include "prompt.h"
|
|
#include "route.h"
|
|
#include "iface.h"
|
|
#include "chat.h"
|
|
#include "auth.h"
|
|
#include "chap.h"
|
|
#include "pap.h"
|
|
#include "cbcp.h"
|
|
#include "datalink.h"
|
|
|
|
|
|
static u_short default_urgent_tcp_ports[] = {
|
|
21, /* ftp */
|
|
22, /* ssh */
|
|
23, /* telnet */
|
|
513, /* login */
|
|
514, /* shell */
|
|
543, /* klogin */
|
|
544 /* kshell */
|
|
};
|
|
|
|
static u_short default_urgent_udp_ports[] = { };
|
|
|
|
#define NDEFTCPPORTS \
|
|
(sizeof default_urgent_tcp_ports / sizeof default_urgent_tcp_ports[0])
|
|
#define NDEFUDPPORTS \
|
|
(sizeof default_urgent_udp_ports / sizeof default_urgent_udp_ports[0])
|
|
|
|
void
|
|
ncp_Init(struct ncp *ncp, struct bundle *bundle)
|
|
{
|
|
ncp->afq = AF_INET;
|
|
ncp->route = NULL;
|
|
|
|
ncp->cfg.urgent.tcp.nports = ncp->cfg.urgent.tcp.maxports = NDEFTCPPORTS;
|
|
ncp->cfg.urgent.tcp.port = (u_short *)malloc(NDEFTCPPORTS * sizeof(u_short));
|
|
memcpy(ncp->cfg.urgent.tcp.port, default_urgent_tcp_ports,
|
|
NDEFTCPPORTS * sizeof(u_short));
|
|
ncp->cfg.urgent.tos = 1;
|
|
|
|
ncp->cfg.urgent.udp.nports = ncp->cfg.urgent.udp.maxports = NDEFUDPPORTS;
|
|
ncp->cfg.urgent.udp.port = (u_short *)malloc(NDEFUDPPORTS * sizeof(u_short));
|
|
memcpy(ncp->cfg.urgent.udp.port, default_urgent_udp_ports,
|
|
NDEFUDPPORTS * sizeof(u_short));
|
|
|
|
|
|
mp_Init(&ncp->mp, bundle);
|
|
|
|
/* Send over the first physical link by default */
|
|
ipcp_Init(&ncp->ipcp, bundle, &bundle->links->physical->link,
|
|
&bundle->fsm);
|
|
#ifndef NOINET6
|
|
ipv6cp_Init(&ncp->ipv6cp, bundle, &bundle->links->physical->link,
|
|
&bundle->fsm);
|
|
#endif
|
|
}
|
|
|
|
void
|
|
ncp_Destroy(struct ncp *ncp)
|
|
{
|
|
ipcp_Destroy(&ncp->ipcp);
|
|
#ifndef NOINET6
|
|
ipv6cp_Destroy(&ncp->ipv6cp);
|
|
#endif
|
|
|
|
if (ncp->cfg.urgent.tcp.maxports) {
|
|
ncp->cfg.urgent.tcp.nports = ncp->cfg.urgent.tcp.maxports = 0;
|
|
free(ncp->cfg.urgent.tcp.port);
|
|
ncp->cfg.urgent.tcp.port = NULL;
|
|
}
|
|
if (ncp->cfg.urgent.udp.maxports) {
|
|
ncp->cfg.urgent.udp.nports = ncp->cfg.urgent.udp.maxports = 0;
|
|
free(ncp->cfg.urgent.udp.port);
|
|
ncp->cfg.urgent.udp.port = NULL;
|
|
}
|
|
}
|
|
|
|
int
|
|
ncp_fsmStart(struct ncp *ncp, struct bundle *bundle)
|
|
{
|
|
int res = 0;
|
|
|
|
#ifndef NOINET6
|
|
if (Enabled(bundle, OPT_IPCP)) {
|
|
#endif
|
|
fsm_Up(&ncp->ipcp.fsm);
|
|
fsm_Open(&ncp->ipcp.fsm);
|
|
res++;
|
|
#ifndef NOINET6
|
|
}
|
|
|
|
if (Enabled(bundle, OPT_IPV6CP)) {
|
|
fsm_Up(&ncp->ipv6cp.fsm);
|
|
fsm_Open(&ncp->ipv6cp.fsm);
|
|
res++;
|
|
}
|
|
#endif
|
|
|
|
return res;
|
|
}
|
|
|
|
void
|
|
ncp_IfaceAddrAdded(struct ncp *ncp, const struct iface_addr *addr)
|
|
{
|
|
switch (ncprange_family(&addr->ifa)) {
|
|
case AF_INET:
|
|
ipcp_IfaceAddrAdded(&ncp->ipcp, addr);
|
|
break;
|
|
#ifndef NOINET6
|
|
case AF_INET6:
|
|
ipv6cp_IfaceAddrAdded(&ncp->ipv6cp, addr);
|
|
break;
|
|
#endif
|
|
}
|
|
}
|
|
|
|
void
|
|
ncp_IfaceAddrDeleted(struct ncp *ncp, const struct iface_addr *addr)
|
|
{
|
|
if (ncprange_family(&addr->ifa) == AF_INET)
|
|
ipcp_IfaceAddrDeleted(&ncp->ipcp, addr);
|
|
}
|
|
|
|
void
|
|
ncp_SetLink(struct ncp *ncp, struct link *l)
|
|
{
|
|
ipcp_SetLink(&ncp->ipcp, l);
|
|
#ifndef NOINET6
|
|
ipv6cp_SetLink(&ncp->ipv6cp, l);
|
|
#endif
|
|
}
|
|
|
|
/*
|
|
* Enqueue a packet of the given address family. Nothing will make it
|
|
* down to the physical link level 'till ncp_FillPhysicalQueues() is used.
|
|
*/
|
|
void
|
|
ncp_Enqueue(struct ncp *ncp, int af, int pri, char *ptr, int count)
|
|
{
|
|
#ifndef NOINET6
|
|
struct ipv6cp *ipv6cp = &ncp->ipv6cp;
|
|
#endif
|
|
struct ipcp *ipcp = &ncp->ipcp;
|
|
struct mbuf *bp;
|
|
|
|
/*
|
|
* We allocate an extra 6 bytes, four at the front and two at the end.
|
|
* This is an optimisation so that we need to do less work in
|
|
* m_prepend() in acf_LayerPush() and proto_LayerPush() and
|
|
* appending in hdlc_LayerPush().
|
|
*/
|
|
|
|
switch (af) {
|
|
case AF_INET:
|
|
if (pri < 0 || pri >= IPCP_QUEUES(ipcp)) {
|
|
log_Printf(LogERROR, "Can't store in ip queue %d\n", pri);
|
|
break;
|
|
}
|
|
|
|
bp = m_get(count + 6, MB_IPOUT);
|
|
bp->m_offset += 4;
|
|
bp->m_len -= 6;
|
|
memcpy(MBUF_CTOP(bp), ptr, count);
|
|
m_enqueue(ipcp->Queue + pri, bp);
|
|
break;
|
|
|
|
#ifndef NOINET6
|
|
case AF_INET6:
|
|
if (pri < 0 || pri >= IPV6CP_QUEUES(ipcp)) {
|
|
log_Printf(LogERROR, "Can't store in ipv6 queue %d\n", pri);
|
|
break;
|
|
}
|
|
|
|
bp = m_get(count + 6, MB_IPOUT);
|
|
bp->m_offset += 4;
|
|
bp->m_len -= 6;
|
|
memcpy(MBUF_CTOP(bp), ptr, count);
|
|
m_enqueue(ipv6cp->Queue + pri, bp);
|
|
break;
|
|
#endif
|
|
|
|
default:
|
|
log_Printf(LogERROR, "Can't enqueue protocol family %d\n", af);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* How many packets are queued to go out ?
|
|
*/
|
|
size_t
|
|
ncp_QueueLen(struct ncp *ncp)
|
|
{
|
|
size_t result;
|
|
|
|
result = ipcp_QueueLen(&ncp->ipcp);
|
|
#ifndef NOINET6
|
|
result += ipv6cp_QueueLen(&ncp->ipv6cp);
|
|
#endif
|
|
result += mp_QueueLen(&ncp->mp); /* Usually empty */
|
|
|
|
return result;
|
|
}
|
|
|
|
/*
|
|
* Ditch all queued packets. This is usually done after our choked timer
|
|
* has fired - which happens because we couldn't send any traffic over
|
|
* any links for some time.
|
|
*/
|
|
void
|
|
ncp_DeleteQueues(struct ncp *ncp)
|
|
{
|
|
#ifndef NOINET6
|
|
struct ipv6cp *ipv6cp = &ncp->ipv6cp;
|
|
#endif
|
|
struct ipcp *ipcp = &ncp->ipcp;
|
|
struct mp *mp = &ncp->mp;
|
|
struct mqueue *q;
|
|
|
|
for (q = ipcp->Queue; q < ipcp->Queue + IPCP_QUEUES(ipcp); q++)
|
|
while (q->top)
|
|
m_freem(m_dequeue(q));
|
|
|
|
#ifndef NOINET6
|
|
for (q = ipv6cp->Queue; q < ipv6cp->Queue + IPV6CP_QUEUES(ipv6cp); q++)
|
|
while (q->top)
|
|
m_freem(m_dequeue(q));
|
|
#endif
|
|
|
|
link_DeleteQueue(&mp->link); /* Usually empty anyway */
|
|
}
|
|
|
|
/*
|
|
* Arrange that each of our links has at least one packet. We keep the
|
|
* number of packets queued at the link level to a minimum so that the
|
|
* loss of a link in multi-link mode results in the minimum number of
|
|
* dropped packets.
|
|
*/
|
|
size_t
|
|
ncp_FillPhysicalQueues(struct ncp *ncp, struct bundle *bundle)
|
|
{
|
|
size_t total;
|
|
|
|
if (bundle->ncp.mp.active)
|
|
total = mp_FillPhysicalQueues(bundle);
|
|
else {
|
|
struct datalink *dl;
|
|
size_t add;
|
|
|
|
for (total = 0, dl = bundle->links; dl; dl = dl->next)
|
|
if (dl->state == DATALINK_OPEN) {
|
|
add = link_QueueLen(&dl->physical->link);
|
|
if (add == 0 && dl->physical->out == NULL)
|
|
add = ncp_PushPacket(ncp, &ncp->afq, &dl->physical->link);
|
|
total += add;
|
|
}
|
|
}
|
|
|
|
return total + ncp_QueueLen(&bundle->ncp);
|
|
}
|
|
|
|
/*
|
|
* Push a packet into the given link. ``af'' is used as a persistent record
|
|
* of what is to be pushed next, coming either from mp->out or ncp->afq.
|
|
*/
|
|
int
|
|
ncp_PushPacket(struct ncp *ncp, int *af, struct link *l)
|
|
{
|
|
struct bundle *bundle = l->lcp.fsm.bundle;
|
|
int res;
|
|
|
|
#ifndef NOINET6
|
|
if (*af == AF_INET) {
|
|
if ((res = ipcp_PushPacket(&bundle->ncp.ipcp, l)))
|
|
*af = AF_INET6;
|
|
else
|
|
res = ipv6cp_PushPacket(&bundle->ncp.ipv6cp, l);
|
|
} else {
|
|
if ((res = ipv6cp_PushPacket(&bundle->ncp.ipv6cp, l)))
|
|
*af = AF_INET;
|
|
else
|
|
res = ipcp_PushPacket(&bundle->ncp.ipcp, l);
|
|
}
|
|
#else
|
|
res = ipcp_PushPacket(&bundle->ncp.ipcp, l);
|
|
#endif
|
|
|
|
return res;
|
|
}
|
|
|
|
int
|
|
ncp_IsUrgentPort(struct port_range *range, u_short src, u_short dst)
|
|
{
|
|
int f;
|
|
|
|
for (f = 0; f < range->nports; f++)
|
|
if (range->port[f] == src || range->port[f] == dst)
|
|
return 1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
void
|
|
ncp_AddUrgentPort(struct port_range *range, u_short port)
|
|
{
|
|
u_short *newport;
|
|
int p;
|
|
|
|
if (range->nports == range->maxports) {
|
|
range->maxports += 10;
|
|
newport = (u_short *)realloc(range->port,
|
|
range->maxports * sizeof(u_short));
|
|
if (newport == NULL) {
|
|
log_Printf(LogERROR, "ncp_AddUrgentPort: realloc: %s\n",
|
|
strerror(errno));
|
|
range->maxports -= 10;
|
|
return;
|
|
}
|
|
range->port = newport;
|
|
}
|
|
|
|
for (p = 0; p < range->nports; p++)
|
|
if (range->port[p] == port) {
|
|
log_Printf(LogWARN, "%u: Port already set to urgent\n", port);
|
|
break;
|
|
} else if (range->port[p] > port) {
|
|
memmove(range->port + p + 1, range->port + p,
|
|
(range->nports - p) * sizeof(u_short));
|
|
range->port[p] = port;
|
|
range->nports++;
|
|
break;
|
|
}
|
|
|
|
if (p == range->nports)
|
|
range->port[range->nports++] = port;
|
|
}
|
|
|
|
void
|
|
ncp_RemoveUrgentPort(struct port_range *range, u_short port)
|
|
{
|
|
int p;
|
|
|
|
for (p = 0; p < range->nports; p++)
|
|
if (range->port[p] == port) {
|
|
if (p != range->nports - 1)
|
|
memmove(range->port + p, range->port + p + 1,
|
|
(range->nports - p - 1) * sizeof(u_short));
|
|
range->nports--;
|
|
return;
|
|
}
|
|
|
|
if (p == range->nports)
|
|
log_Printf(LogWARN, "%u: Port not set to urgent\n", port);
|
|
}
|
|
|
|
void
|
|
ncp_ClearUrgentPorts(struct port_range *range)
|
|
{
|
|
range->nports = 0;
|
|
}
|
|
|
|
int
|
|
ncp_Show(struct cmdargs const *arg)
|
|
{
|
|
struct ncp *ncp = &arg->bundle->ncp;
|
|
int p;
|
|
|
|
#ifndef NOINET6
|
|
prompt_Printf(arg->prompt, "Next queued AF: %s\n",
|
|
ncp->afq == AF_INET6 ? "inet6" : "inet");
|
|
#endif
|
|
|
|
if (ncp->route) {
|
|
prompt_Printf(arg->prompt, "\n");
|
|
route_ShowSticky(arg->prompt, ncp->route, "Sticky routes", 1);
|
|
}
|
|
|
|
prompt_Printf(arg->prompt, "\nDefaults:\n");
|
|
prompt_Printf(arg->prompt, " sendpipe: ");
|
|
if (ncp->cfg.sendpipe > 0)
|
|
prompt_Printf(arg->prompt, "%-20ld\n", ncp->cfg.sendpipe);
|
|
else
|
|
prompt_Printf(arg->prompt, "unspecified\n");
|
|
prompt_Printf(arg->prompt, " recvpipe: ");
|
|
if (ncp->cfg.recvpipe > 0)
|
|
prompt_Printf(arg->prompt, "%ld\n", ncp->cfg.recvpipe);
|
|
else
|
|
prompt_Printf(arg->prompt, "unspecified\n");
|
|
|
|
prompt_Printf(arg->prompt, "\n Urgent ports\n");
|
|
prompt_Printf(arg->prompt, " TCP: ");
|
|
if (ncp->cfg.urgent.tcp.nports == 0)
|
|
prompt_Printf(arg->prompt, "none");
|
|
else
|
|
for (p = 0; p < ncp->cfg.urgent.tcp.nports; p++) {
|
|
if (p)
|
|
prompt_Printf(arg->prompt, ", ");
|
|
prompt_Printf(arg->prompt, "%u", ncp->cfg.urgent.tcp.port[p]);
|
|
}
|
|
|
|
prompt_Printf(arg->prompt, "\n UDP: ");
|
|
if (ncp->cfg.urgent.udp.nports == 0)
|
|
prompt_Printf(arg->prompt, "none");
|
|
else
|
|
for (p = 0; p < ncp->cfg.urgent.udp.nports; p++) {
|
|
if (p)
|
|
prompt_Printf(arg->prompt, ", ");
|
|
prompt_Printf(arg->prompt, "%u", ncp->cfg.urgent.udp.port[p]);
|
|
}
|
|
prompt_Printf(arg->prompt, "\n TOS: %s\n\n",
|
|
ncp->cfg.urgent.tos ? "yes" : "no");
|
|
|
|
return 0;
|
|
}
|
|
|
|
int
|
|
ncp_LayersOpen(struct ncp *ncp)
|
|
{
|
|
int n;
|
|
|
|
n = !!(ncp->ipcp.fsm.state == ST_OPENED);
|
|
#ifndef NOINET6
|
|
n += !!(ncp->ipv6cp.fsm.state == ST_OPENED);
|
|
#endif
|
|
|
|
return n;
|
|
}
|
|
|
|
int
|
|
ncp_LayersUnfinished(struct ncp *ncp)
|
|
{
|
|
int n = 0;
|
|
|
|
if (ncp->ipcp.fsm.state > ST_CLOSED ||
|
|
ncp->ipcp.fsm.state == ST_STARTING)
|
|
n++;
|
|
|
|
#ifndef NOINET6
|
|
if (ncp->ipv6cp.fsm.state > ST_CLOSED ||
|
|
ncp->ipv6cp.fsm.state == ST_STARTING)
|
|
n++;
|
|
#endif
|
|
|
|
return n;
|
|
}
|
|
|
|
void
|
|
ncp_Close(struct ncp *ncp)
|
|
{
|
|
if (ncp->ipcp.fsm.state > ST_CLOSED ||
|
|
ncp->ipcp.fsm.state == ST_STARTING)
|
|
fsm_Close(&ncp->ipcp.fsm);
|
|
|
|
#ifndef NOINET6
|
|
if (ncp->ipv6cp.fsm.state > ST_CLOSED ||
|
|
ncp->ipv6cp.fsm.state == ST_STARTING)
|
|
fsm_Close(&ncp->ipv6cp.fsm);
|
|
#endif
|
|
}
|
|
|
|
void
|
|
ncp2initial(struct ncp *ncp)
|
|
{
|
|
fsm2initial(&ncp->ipcp.fsm);
|
|
#ifndef NOINET6
|
|
fsm2initial(&ncp->ipv6cp.fsm);
|
|
#endif
|
|
}
|