1 /***********************************************************************
5 * Implementation of user-space PPPoE redirector for Linux.
7 * Common functions used by PPPoE client and server
9 * Copyright (C) 2000 by Roaring Penguin Software Inc.
11 * This program may be distributed according to the terms of the GNU
12 * General Public License, version 2 or (at your option) any later version.
14 ***********************************************************************/
16 static char const RCSID[] =
17 "$Id: common.c,v 1.1 2001/12/14 02:55:20 mostrows Exp $";
33 /**********************************************************************
34 *%FUNCTION: parsePacket
36 * packet -- the PPPoE discovery packet to parse
37 * func -- function called for each tag in the packet
38 * extra -- an opaque data pointer supplied to parsing function
40 * 0 if everything went well; -1 if there was an error
42 * Parses a PPPoE discovery packet, calling "func" for each tag in the packet.
43 * "func" is passed the additional argument "extra".
44 ***********************************************************************/
46 parsePacket(PPPoEPacket *packet, ParseFunc *func, void *extra)
48 UINT16_t len = ntohs(packet->length);
49 unsigned char *curTag;
50 UINT16_t tagType, tagLen;
52 if (packet->ver != 1) {
53 syslog(LOG_ERR, "Invalid PPPoE version (%d)", (int) packet->ver);
56 if (packet->type != 1) {
57 syslog(LOG_ERR, "Invalid PPPoE type (%d)", (int) packet->type);
61 /* Do some sanity checks on packet */
62 if (len > ETH_DATA_LEN - 6) { /* 6-byte overhead for PPPoE header */
63 syslog(LOG_ERR, "Invalid PPPoE packet length (%u)", len);
67 /* Step through the tags */
68 curTag = packet->payload;
69 while(curTag - packet->payload < len) {
70 /* Alignment is not guaranteed, so do this by hand... */
71 tagType = (((UINT16_t) curTag[0]) << 8) +
73 tagLen = (((UINT16_t) curTag[2]) << 8) +
75 if (tagType == TAG_END_OF_LIST) {
78 if ((curTag - packet->payload) + tagLen + TAG_HDR_SIZE > len) {
79 syslog(LOG_ERR, "Invalid PPPoE tag length (%u)", tagLen);
82 func(tagType, tagLen, curTag+TAG_HDR_SIZE, extra);
83 curTag = curTag + TAG_HDR_SIZE + tagLen;
88 /**********************************************************************
91 * packet -- the PPPoE discovery packet to parse
92 * type -- the type of the tag to look for
93 * tag -- will be filled in with tag contents
95 * A pointer to the tag if one of the specified type is found; NULL
98 * Looks for a specific tag type.
99 ***********************************************************************/
101 findTag(PPPoEPacket *packet, UINT16_t type, PPPoETag *tag)
103 UINT16_t len = ntohs(packet->length);
104 unsigned char *curTag;
105 UINT16_t tagType, tagLen;
107 if (packet->ver != 1) {
108 syslog(LOG_ERR, "Invalid PPPoE version (%d)", (int) packet->ver);
111 if (packet->type != 1) {
112 syslog(LOG_ERR, "Invalid PPPoE type (%d)", (int) packet->type);
116 /* Do some sanity checks on packet */
117 if (len > ETH_DATA_LEN - 6) { /* 6-byte overhead for PPPoE header */
118 syslog(LOG_ERR, "Invalid PPPoE packet length (%u)", len);
122 /* Step through the tags */
123 curTag = packet->payload;
124 while(curTag - packet->payload < len) {
125 /* Alignment is not guaranteed, so do this by hand... */
126 tagType = (((UINT16_t) curTag[0]) << 8) +
127 (UINT16_t) curTag[1];
128 tagLen = (((UINT16_t) curTag[2]) << 8) +
129 (UINT16_t) curTag[3];
130 if (tagType == TAG_END_OF_LIST) {
133 if ((curTag - packet->payload) + tagLen + TAG_HDR_SIZE > len) {
134 syslog(LOG_ERR, "Invalid PPPoE tag length (%u)", tagLen);
137 if (tagType == type) {
138 memcpy(tag, curTag, tagLen + TAG_HDR_SIZE);
141 curTag = curTag + TAG_HDR_SIZE + tagLen;
146 /**********************************************************************
149 * str -- error message
153 * Prints a message to stderr and syslog.
154 ***********************************************************************/
156 printErr(char const *str)
158 fprintf(stderr, "pppoe: %s\n", str);
159 syslog(LOG_ERR, "%s", str);
163 /**********************************************************************
166 * str -- string to copy
168 * A malloc'd copy of str. Exits if malloc fails.
169 ***********************************************************************/
171 strDup(char const *str)
173 char *copy = malloc(strlen(str)+1);
175 rp_fatal("strdup failed");
181 /**********************************************************************
182 *%FUNCTION: computeTCPChecksum
184 * ipHdr -- pointer to IP header
185 * tcpHdr -- pointer to TCP header
187 * The computed TCP checksum
188 ***********************************************************************/
190 computeTCPChecksum(unsigned char *ipHdr, unsigned char *tcpHdr)
193 UINT16_t count = ipHdr[2] * 256 + ipHdr[3];
194 unsigned char *addr = tcpHdr;
195 unsigned char pseudoHeader[12];
197 /* Count number of bytes in TCP header and data */
198 count -= (ipHdr[0] & 0x0F) * 4;
200 memcpy(pseudoHeader, ipHdr+12, 8);
202 pseudoHeader[9] = ipHdr[9];
203 pseudoHeader[10] = (count >> 8) & 0xFF;
204 pseudoHeader[11] = (count & 0xFF);
206 /* Checksum the pseudo-header */
207 sum += * (UINT16_t *) pseudoHeader;
208 sum += * ((UINT16_t *) (pseudoHeader+2));
209 sum += * ((UINT16_t *) (pseudoHeader+4));
210 sum += * ((UINT16_t *) (pseudoHeader+6));
211 sum += * ((UINT16_t *) (pseudoHeader+8));
212 sum += * ((UINT16_t *) (pseudoHeader+10));
214 /* Checksum the TCP header and data */
216 sum += * (UINT16_t *) addr;
225 sum = (sum & 0xffff) + (sum >> 16);
227 return (UINT16_t) (~sum & 0xFFFF);
230 /**********************************************************************
233 * packet -- PPPoE session packet
234 * dir -- either "incoming" or "outgoing"
235 * clampMss -- clamp value
239 * Clamps MSS option if TCP SYN flag is set.
240 ***********************************************************************/
242 clampMSS(PPPoEPacket *packet, char const *dir, int clampMss)
244 unsigned char *tcpHdr;
245 unsigned char *ipHdr;
247 unsigned char *endHdr;
248 unsigned char *mssopt = NULL;
254 if (packet->payload[0] != 0x00 ||
255 packet->payload[1] != 0x21) {
256 /* Nope, ignore it */
260 ipHdr = packet->payload + 2;
262 /* Is it too short? */
263 len = (int) ntohs(packet->length);
265 /* 20 byte IP header; 20 byte TCP header; 2 byte PPP protocol */
269 /* Verify once more that it's IPv4 */
270 if ((ipHdr[0] & 0xF0) != 0x40) {
274 /* Is it a fragment that's not at the beginning of the packet? */
275 if ((ipHdr[6] & 0x1F) || ipHdr[7]) {
276 /* Yup, don't touch! */
280 if (ipHdr[9] != 0x06) {
284 /* Get start of TCP header */
285 tcpHdr = ipHdr + (ipHdr[0] & 0x0F) * 4;
288 if (!(tcpHdr[13] & 0x02)) {
292 /* Compute and verify TCP checksum -- do not touch a packet with a bad
294 csum = computeTCPChecksum(ipHdr, tcpHdr);
296 syslog(LOG_ERR, "Bad TCP checksum %x", (unsigned int) csum);
298 /* Upper layers will drop it */
302 /* Look for existing MSS option */
303 endHdr = tcpHdr + ((tcpHdr[12] & 0xF0) >> 2);
305 while (opt < endHdr) {
306 if (!*opt) break; /* End of options */
314 /* Something fishy about MSS option length. */
316 "Bogus length for MSS option (%u) from %u.%u.%u.%u",
317 (unsigned int) opt[1],
318 (unsigned int) ipHdr[12],
319 (unsigned int) ipHdr[13],
320 (unsigned int) ipHdr[14],
321 (unsigned int) ipHdr[15]);
328 /* Someone's trying to attack us? */
330 "Bogus TCP option length (%u) from %u.%u.%u.%u",
331 (unsigned int) opt[1],
332 (unsigned int) ipHdr[12],
333 (unsigned int) ipHdr[13],
334 (unsigned int) ipHdr[14],
335 (unsigned int) ipHdr[15]);
341 /* Found existing MSS option? */
345 /* If MSS exists and it's low enough, do nothing */
347 unsigned mss = mssopt[2] * 256 + mssopt[3];
348 if (mss <= clampMss) {
352 mssopt[2] = (((unsigned) clampMss) >> 8) & 0xFF;
353 mssopt[3] = ((unsigned) clampMss) & 0xFF;
355 /* No MSS option. Don't add one; we'll have to use 536. */
359 /* Recompute TCP checksum */
362 csum = computeTCPChecksum(ipHdr, tcpHdr);
363 (* (UINT16_t *) (tcpHdr+16)) = csum;
366 /***********************************************************************
369 * conn -- PPPoE connection
370 * msg -- if non-NULL, extra error message to include in PADT packet.
374 * Sends a PADT packet
375 ***********************************************************************/
377 sendPADT(PPPoEConnection *conn, char const *msg)
380 unsigned char *cursor = packet.payload;
384 /* Do nothing if no session established yet */
385 if (!conn->session) return;
387 /* Do nothing if no discovery socket */
388 if (conn->discoverySocket < 0) return;
390 memcpy(packet.ethHdr.h_dest, conn->peerEth, ETH_ALEN);
391 memcpy(packet.ethHdr.h_source, conn->myEth, ETH_ALEN);
393 packet.ethHdr.h_proto = htons(Eth_PPPOE_Discovery);
396 packet.code = CODE_PADT;
397 packet.session = conn->session;
399 /* Reset Session to zero so there is no possibility of
400 recursive calls to this function by any signal handler */
403 /* If we're using Host-Uniq, copy it over */
404 if (conn->useHostUniq) {
406 pid_t pid = getpid();
407 hostUniq.type = htons(TAG_HOST_UNIQ);
408 hostUniq.length = htons(sizeof(pid));
409 memcpy(hostUniq.payload, &pid, sizeof(pid));
410 memcpy(cursor, &hostUniq, sizeof(pid) + TAG_HDR_SIZE);
411 cursor += sizeof(pid) + TAG_HDR_SIZE;
412 plen += sizeof(pid) + TAG_HDR_SIZE;
415 /* Copy error message */
418 size_t elen = strlen(msg);
419 err.type = htons(TAG_GENERIC_ERROR);
420 err.length = htons(elen);
421 strcpy(err.payload, msg);
422 memcpy(cursor, &err, elen + TAG_HDR_SIZE);
423 cursor += elen + TAG_HDR_SIZE;
424 plen += elen + TAG_HDR_SIZE;
427 /* Copy cookie and relay-ID if needed */
428 if (conn->cookie.type) {
429 CHECK_ROOM(cursor, packet.payload,
430 ntohs(conn->cookie.length) + TAG_HDR_SIZE);
431 memcpy(cursor, &conn->cookie, ntohs(conn->cookie.length) + TAG_HDR_SIZE);
432 cursor += ntohs(conn->cookie.length) + TAG_HDR_SIZE;
433 plen += ntohs(conn->cookie.length) + TAG_HDR_SIZE;
436 if (conn->relayId.type) {
437 CHECK_ROOM(cursor, packet.payload,
438 ntohs(conn->relayId.length) + TAG_HDR_SIZE);
439 memcpy(cursor, &conn->relayId, ntohs(conn->relayId.length) + TAG_HDR_SIZE);
440 cursor += ntohs(conn->relayId.length) + TAG_HDR_SIZE;
441 plen += ntohs(conn->relayId.length) + TAG_HDR_SIZE;
444 packet.length = htons(plen);
445 sendPacket(conn, conn->discoverySocket, &packet, (int) (plen + HDR_SIZE));
446 if (conn->debugFile) {
447 dumpPacket(conn->debugFile, &packet, "SENT");
448 fprintf(conn->debugFile, "\n");
449 fflush(conn->debugFile);
451 syslog(LOG_INFO,"Sent PADT");
454 /**********************************************************************
455 *%FUNCTION: parseLogErrs
460 * extra -- extra user data
464 * Picks error tags out of a packet and logs them.
465 ***********************************************************************/
467 parseLogErrs(UINT16_t type, UINT16_t len, unsigned char *data,
471 case TAG_SERVICE_NAME_ERROR:
472 syslog(LOG_ERR, "PADT: Service-Name-Error: %.*s", (int) len, data);
473 fprintf(stderr, "PADT: Service-Name-Error: %.*s\n", (int) len, data);
475 case TAG_AC_SYSTEM_ERROR:
476 syslog(LOG_ERR, "PADT: System-Error: %.*s", (int) len, data);
477 fprintf(stderr, "PADT: System-Error: %.*s\n", (int) len, data);
479 case TAG_GENERIC_ERROR:
480 syslog(LOG_ERR, "PADT: Generic-Error: %.*s", (int) len, data);
481 fprintf(stderr, "PADT: Generic-Error: %.*s\n", (int) len, data);