search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Allow IPv6 address entry in tools>ping - Loosens valid character check
[tomato/davidwu.git] / release / src / router / xl2tpd / network.c
blob241bd82bcec606448cf34fdf12428393366d3e0a
1 /*
2 * Layer Two Tunnelling Protocol Daemon
3 * Copyright (C) 1998 Adtran, Inc.
4 * Copyright (C) 2002 Jeff McAdams
5 *
6 * Mark Spencer
7 *
8 * This software is distributed under the terms
9 * of the GPL, which you should have received
10 * along with this source.
11 *
12 * Network routines for UDP handling
13 */
14 #include <stdio.h>
15 #include <errno.h>
16 #include <string.h>
17 #include <sys/socket.h>
18 #include <netinet/in.h>
19 #include <arpa/inet.h>
20 #include <netdb.h>
21 #include <fcntl.h>
22 #include <unistd.h>
23 #include <stdlib.h>
24 #include <sys/ioctl.h>
25 #ifndef LINUX
26 # include <sys/uio.h>
27 #endif
28 #include "l2tp.h"
29 #include "ipsecmast.h"
30 #include "misc.h" /* for IPADDY macro */
31
32 char hostname[256];
33 struct sockaddr_in server, from; /* Server and transmitter structs */
34 int server_socket; /* Server socket */
35 #ifdef USE_KERNEL
36 int kernel_support; /* Kernel Support there or not? */
37 #endif
38
39
40 int init_network (void)
41 {
42 long arg;
43 unsigned int length = sizeof (server);
44 gethostname (hostname, sizeof (hostname));
45 server.sin_family = AF_INET;
46 server.sin_addr.s_addr = gconfig.listenaddr;
47 server.sin_port = htons (gconfig.port);
48 if ((server_socket = socket (PF_INET, SOCK_DGRAM, 0)) < 0)
49 {
50 l2tp_log (LOG_CRIT, "%s: Unable to allocate socket. Terminating.\n",
51 __FUNCTION__);
52 return -EINVAL;
53 };
54
55 if (bind (server_socket, (struct sockaddr *) &server, sizeof (server)))
56 {
57 close (server_socket);
58 l2tp_log (LOG_CRIT, "%s: Unable to bind socket: %s. Terminating.\n",
59 __FUNCTION__, strerror(errno), errno);
60 return -EINVAL;
61 };
62 if (getsockname (server_socket, (struct sockaddr *) &server, &length))
63 {
64 l2tp_log (LOG_CRIT, "%s: Unable to read socket name.Terminating.\n",
65 __FUNCTION__);
66 return -EINVAL;
67 }
68
69 #ifdef LINUX
70 /*
71 * For L2TP/IPsec with KLIPSng, set the socket to receive IPsec REFINFO
72 * values.
73 */
74 arg=1;
75 if(setsockopt(server_socket, IPPROTO_IP, IP_IPSEC_REFINFO,
76 &arg, sizeof(arg)) != 0) {
77 l2tp_log(LOG_CRIT, "setsockopt recvref[%d]: %s\n", IP_IPSEC_REFINFO, strerror(errno));
78
79 gconfig.ipsecsaref=0;
80 }
81 #else
82 l2tp_log(LOG_INFO, "No attempt being made to use IPsec SAref's since we're not on a Linux machine.\n");
83
84 #endif
85
86 #ifdef USE_KERNEL
87 if (gconfig.forceuserspace)
88 {
89 l2tp_log (LOG_INFO, "Not looking for kernel support.\n");
90 kernel_support = 0;
91 }
92 else
93 {
94 int kernel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
95 if (kernel_fd < 0)
96 {
97 l2tp_log (LOG_INFO, "L2TP kernel support not detected.\n");
98 kernel_support = 0;
99 }
100 else
101 {
102 close(kernel_fd);
103 l2tp_log (LOG_INFO, "Using l2tp kernel support.\n");
104 kernel_support = -1;
105 }
106 }
107 #else
108 l2tp_log (LOG_INFO, "This binary does not support kernel L2TP.\n");
109 #endif
110 arg = fcntl (server_socket, F_GETFL);
111 arg |= O_NONBLOCK;
112 fcntl (server_socket, F_SETFL, arg);
113 gconfig.port = ntohs (server.sin_port);
114 return 0;
115 }
116
117 inline void extract (void *buf, int *tunnel, int *call)
118 {
119 /*
120 * Extract the tunnel and call #'s, and fix the order of the
121 * version
122 */
123
124 struct payload_hdr *p = (struct payload_hdr *) buf;
125 if (PLBIT (p->ver))
126 {
127 *tunnel = p->tid;
128 *call = p->cid;
129 }
130 else
131 {
132 *tunnel = p->length;
133 *call = p->tid;
134 }
135 }
136
137 inline void fix_hdr (void *buf)
138 {
139 /*
140 * Fix the byte order of the header
141 */
142
143 struct payload_hdr *p = (struct payload_hdr *) buf;
144 _u16 ver = ntohs (p->ver);
145 if (CTBIT (p->ver))
146 {
147 /*
148 * Control headers are always
149 * exactly 12 bytes big.
150 */
151 swaps (buf, 12);
152 }
153 else
154 {
155 int len = 6;
156 if (PSBIT (ver))
157 len += 2;
158 if (PLBIT (ver))
159 len += 2;
160 if (PFBIT (ver))
161 len += 4;
162 swaps (buf, len);
163 }
164 }
165
166 void dethrottle (void *call)
167 {
168 /* struct call *c = (struct call *)call; */
169 /* if (c->throttle) {
170 #ifdef DEBUG_FLOW
171 log(LOG_DEBUG, "%s: dethrottling call %d, and setting R-bit\n",__FUNCTION__,c->ourcid);
172 #endif c->rbit = RBIT;
173 c->throttle = 0;
174 } else {
175 log(LOG_DEBUG, "%s: call %d already dethrottled?\n",__FUNCTION__,c->ourcid);
176 } */
177 }
178
179 void control_xmit (void *b)
180 {
181 struct buffer *buf = (struct buffer *) b;
182 struct tunnel *t;
183 struct timeval tv;
184 int ns;
185
186 if (!buf)
187 {
188 l2tp_log (LOG_WARNING, "%s: called on NULL buffer!\n", __FUNCTION__);
189 return;
190 }
191
192 t = buf->tunnel;
193 #ifdef DEBUG_CONTROL_XMIT
194 if(t) {
195 l2tp_log (LOG_DEBUG,
196 "trying to send control packet to %d\n",
197 t->ourtid);
198 }
199 #endif
200
201 buf->retries++;
202 ns = ntohs (((struct control_hdr *) (buf->start))->Ns);
203 if (t)
204 {
205 if (ns < t->cLr)
206 {
207 #ifdef DEBUG_CONTROL_XMIT
208 l2tp_log (LOG_DEBUG, "%s: Tossing packet %d\n", __FUNCTION__, ns);
209 #endif
210 /* Okay, it's been received. Let's toss it now */
211 toss (buf);
212 return;
213 }
214 }
215 if (buf->retries > DEFAULT_MAX_RETRIES)
216 {
217 /*
218 * Too many retries. Either kill the tunnel, or
219 * if there is no tunnel, just stop retransmitting.
220 */
221 if (t)
222 {
223 if (t->self->needclose)
224 {
225 l2tp_log (LOG_DEBUG,
226 "Unable to deliver closing message for tunnel %d. Destroying anyway.\n",
227 t->ourtid);
228 t->self->needclose = 0;
229 t->self->closing = -1;
230 }
231 else
232 {
233 l2tp_log (LOG_NOTICE,
234 "Maximum retries exceeded for tunnel %d. Closing.\n",
235 t->ourtid);
236 strcpy (t->self->errormsg, "Timeout");
237 t->self->needclose = -1;
238 }
239 call_close(t->self);
240 }
241 toss (buf);
242 }
243 else
244 {
245 /*
246 * FIXME: How about adaptive timeouts?
247 */
248 tv.tv_sec = 1;
249 tv.tv_usec = 0;
250 schedule (tv, control_xmit, buf);
251 #ifdef DEBUG_CONTROL_XMIT
252 l2tp_log (LOG_DEBUG, "%s: Scheduling and transmitting packet %d\n",
253 __FUNCTION__, ns);
254 #endif
255 udp_xmit (buf, t);
256 }
257 }
258
259 void udp_xmit (struct buffer *buf, struct tunnel *t)
260 {
261 struct cmsghdr *cmsg;
262 char cbuf[CMSG_SPACE(sizeof (unsigned int))];
263 unsigned int *refp;
264 struct msghdr msgh;
265 int err;
266 struct iovec iov;
267
268 /*
269 * OKAY, now send a packet with the right SAref values.
270 */
271 memset(&msgh, 0, sizeof(struct msghdr));
272
273 msgh.msg_control = cbuf;
274 msgh.msg_controllen = 0;
275
276 if(gconfig.ipsecsaref && t->refhim != IPSEC_SAREF_NULL) {
277 msgh.msg_controllen = sizeof(cbuf);
278
279 cmsg = CMSG_FIRSTHDR(&msgh);
280 cmsg->cmsg_level = IPPROTO_IP;
281 cmsg->cmsg_type = IP_IPSEC_REFINFO;
282 cmsg->cmsg_len = CMSG_LEN(sizeof(unsigned int));
283
284 if(gconfig.debug_network) {
285 l2tp_log(LOG_DEBUG,"sending with saref=%d\n", t->refhim);
286 }
287 refp = (unsigned int *)CMSG_DATA(cmsg);
288 *refp = t->refhim;
289
290 msgh.msg_controllen = cmsg->cmsg_len;
291 }
292
293 iov.iov_base = buf->start;
294 iov.iov_len = buf->len;
295
296 /* return packet from whence it came */
297 msgh.msg_name = &buf->peer;
298 msgh.msg_namelen = sizeof(buf->peer);
299
300 msgh.msg_iov = &iov;
301 msgh.msg_iovlen = 1;
302 msgh.msg_flags = 0;
303
304
305 /* Receive one packet. */
306 if ((err = sendmsg(server_socket, &msgh, 0)) < 0) {
307 l2tp_log(LOG_ERR, "udp_xmit failed to %s:%d with err=%d:%s\n",
308 IPADDY(t->peer.sin_addr), ntohs(t->peer.sin_port),
309 err,strerror(errno));
310 }
311 }
312
313 int build_fdset (fd_set *readfds)
314 {
315 struct tunnel *tun;
316 struct call *call;
317 int max = 0;
318
319 tun = tunnels.head;
320 FD_ZERO (readfds);
321
322 while (tun)
323 {
324 call = tun->call_head;
325 while (call)
326 {
327 if (call->needclose ^ call->closing)
328 {
329 call_close (call);
330 call = tun->call_head;
331 if (!call)
332 break;
333 continue;
334 }
335 if (call->fd > -1)
336 {
337 if (!call->needclose && !call->closing)
338 {
339 if (call->fd > max)
340 max = call->fd;
341 FD_SET (call->fd, readfds);
342 }
343 }
344 call = call->next;
345 }
346 /* Now that call fds have been collected, and checked for
347 * closing, check if the tunnel needs to be closed too
348 */
349 if (tun->self->needclose ^ tun->self->closing)
350 {
351 if (gconfig.debug_tunnel)
352 l2tp_log (LOG_DEBUG, "%s: closing down tunnel %d\n",
353 __FUNCTION__, tun->ourtid);
354 call_close (tun->self);
355 /* Reset the while loop
356 * and check for NULL */
357 tun = tunnels.head;
358 if (!tun)
359 break;
360 continue;
361 }
362 tun = tun->next;
363 }
364 FD_SET (server_socket, readfds);
365 if (server_socket > max)
366 max = server_socket;
367 FD_SET (control_fd, readfds);
368 if (control_fd > max)
369 max = control_fd;
370 return max;
371 }
372
373 void network_thread ()
374 {
375 /*
376 * We loop forever waiting on either data from the ppp drivers or from
377 * our network socket. Control handling is no longer done here.
378 */
379 struct sockaddr_in from, to;
380 unsigned int fromlen, tolen;
381 int tunnel, call; /* Tunnel and call */
382 int recvsize; /* Length of data received */
383 struct buffer *buf; /* Payload buffer */
384 struct call *c, *sc; /* Call to send this off to */
385 struct tunnel *st; /* Tunnel */
386 fd_set readfds; /* Descriptors to watch for reading */
387 int max; /* Highest fd */
388 struct timeval tv, *ptv; /* Timeout for select */
389 struct msghdr msgh;
390 struct iovec iov;
391 char cbuf[256];
392 unsigned int refme, refhim;
393
394 /* This one buffer can be recycled for everything except control packets */
395 buf = new_buf (MAX_RECV_SIZE);
396
397 tunnel = 0;
398 call = 0;
399
400 for (;;)
401 {
402 int ret;
403 process_signal();
404 max = build_fdset (&readfds);
405 ptv = process_schedule(&tv);
406 ret = select (max + 1, &readfds, NULL, NULL, ptv);
407 if (ret <= 0)
408 {
409 if (ret == 0)
410 {
411 if (gconfig.debug_network)
412 {
413 l2tp_log (LOG_DEBUG, "%s: select timeout\n", __FUNCTION__);
414 }
415 }
416 else
417 {
418 if (gconfig.debug_network)
419 {
420 l2tp_log (LOG_DEBUG,
421 "%s: select returned error %d (%s)\n",
422 __FUNCTION__, errno, strerror (errno));
423 }
424 }
425 continue;
426 }
427 if (FD_ISSET (control_fd, &readfds))
428 {
429 do_control ();
430 }
431 if (FD_ISSET (server_socket, &readfds))
432 {
433 /*
434 * Okay, now we're ready for reading and processing new data.
435 */
436 recycle_buf (buf);
437
438 /* Reserve space for expanding payload packet headers */
439 buf->start += PAYLOAD_BUF;
440 buf->len -= PAYLOAD_BUF;
441
442 memset(&from, 0, sizeof(from));
443 memset(&to, 0, sizeof(to));
444
445 fromlen = sizeof(from);
446 tolen = sizeof(to);
447
448 memset(&msgh, 0, sizeof(struct msghdr));
449 iov.iov_base = buf->start;
450 iov.iov_len = buf->len;
451 msgh.msg_control = cbuf;
452 msgh.msg_controllen = sizeof(cbuf);
453 msgh.msg_name = &from;
454 msgh.msg_namelen = fromlen;
455 msgh.msg_iov = &iov;
456 msgh.msg_iovlen = 1;
457 msgh.msg_flags = 0;
458
459 /* Receive one packet. */
460 recvsize = recvmsg(server_socket, &msgh, 0);
461
462 if (recvsize < MIN_PAYLOAD_HDR_LEN)
463 {
464 if (recvsize < 0)
465 {
466 if (errno != EAGAIN)
467 l2tp_log (LOG_WARNING,
468 "%s: recvfrom returned error %d (%s)\n",
469 __FUNCTION__, errno, strerror (errno));
470 }
471 else
472 {
473 l2tp_log (LOG_WARNING, "%s: received too small a packet\n",
474 __FUNCTION__);
475 }
476 continue;
477 }
478
479
480 refme=refhim=0;
481
482 /* extract IPsec info out */
483 if(gconfig.ipsecsaref) {
484 struct cmsghdr *cmsg;
485 /* Process auxiliary received data in msgh */
486 for (cmsg = CMSG_FIRSTHDR(&msgh);
487 cmsg != NULL;
488 cmsg = CMSG_NXTHDR(&msgh,cmsg)) {
489 if (cmsg->cmsg_level == IPPROTO_IP
490 && cmsg->cmsg_type == IP_IPSEC_REFINFO) {
491 unsigned int *refp;
492
493 refp = (unsigned int *)CMSG_DATA(cmsg);
494 refme =refp[0];
495 refhim=refp[1];
496 }
497 }
498 }
499
500 /*
501 * some logic could be added here to verify that we only
502 * get L2TP packets inside of IPsec, or to provide different
503 * classes of service to packets not inside of IPsec.
504 */
505 buf->len = recvsize;
506 fix_hdr (buf->start);
507 extract (buf->start, &tunnel, &call);
508
509 if (gconfig.debug_network)
510 {
511 l2tp_log(LOG_DEBUG, "%s: recv packet from %s, size = %d, "
512 "tunnel = %d, call = %d ref=%u refhim=%u\n",
513 __FUNCTION__, inet_ntoa (from.sin_addr),
514 recvsize, tunnel, call, refme, refhim);
515 }
516
517 if (gconfig.packet_dump)
518 {
519 do_packet_dump (buf);
520 }
521 if (!
522 (c = get_call (tunnel, call, from.sin_addr,
523 from.sin_port, refme, refhim)))
524 {
525 if ((c =
526 get_tunnel (tunnel, from.sin_addr.s_addr,
527 from.sin_port)))
528 {
529 /*
530 * It is theoretically possible that we could be sent
531 * a control message (say a StopCCN) on a call that we
532 * have already closed or some such nonsense. To
533 * prevent this from closing the tunnel, if we get a
534 * call on a valid tunnel, but not with a valid CID,
535 * we'll just send a ZLB to ack receiving the packet.
536 */
537 if (gconfig.debug_tunnel)
538 l2tp_log (LOG_DEBUG,
539 "%s: no such call %d on tunnel %d. Sending special ZLB\n",
540 __FUNCTION__);
541 handle_special (buf, c, call);
542
543 /* get a new buffer */
544 buf = new_buf (MAX_RECV_SIZE);
545 }
546 else
547 l2tp_log (LOG_DEBUG,
548 "%s: unable to find call or tunnel to handle packet. call = %d, tunnel = %d Dumping.\n",
549 __FUNCTION__, call, tunnel);
550
551 }
552 else
553 {
554 buf->peer = from;
555 /* Handle the packet */
556 c->container->chal_us.vector = NULL;
557 if (handle_packet (buf, c->container, c))
558 {
559 if (gconfig.debug_tunnel)
560 l2tp_log (LOG_DEBUG, "%s: bad packet\n", __FUNCTION__);
561 };
562 if (c->cnu)
563 {
564 /* Send Zero Byte Packet */
565 control_zlb (buf, c->container, c);
566 c->cnu = 0;
567 }
568 };
569 }
570
571 /*
572 * finished obvious sources, look for data from PPP connections.
573 */
574 st = tunnels.head;
575 while (st)
576 {
577 sc = st->call_head;
578 while (sc)
579 {
580 if ((sc->fd >= 0) && FD_ISSET (sc->fd, &readfds))
581 {
582 /* Got some payload to send */
583 int result;
584 recycle_payload (buf, sc->container->peer);
585 /*
586 #ifdef DEBUG_FLOW_MORE
587 l2tp_log (LOG_DEBUG, "%s: rws = %d, pSs = %d, pLr = %d\n",
588 __FUNCTION__, sc->rws, sc->pSs, sc->pLr);
589 #endif
590 if ((sc->rws>0) && (sc->pSs > sc->pLr + sc->rws) && !sc->rbit) {
591 #ifdef DEBUG_FLOW
592 log(LOG_DEBUG, "%s: throttling payload (call = %d, tunnel = %d, Lr = %d, Ss = %d, rws = %d)!\n",__FUNCTION__,
593 sc->cid, sc->container->tid, sc->pLr, sc->pSs, sc->rws);
594 #endif
595 sc->throttle = -1;
596 We unthrottle in handle_packet if we get a payload packet,
597 valid or ZLB, but we also schedule a dethrottle in which
598 case the R-bit will be set
599 FIXME: Rate Adaptive timeout?
600 tv.tv_sec = 2;
601 tv.tv_usec = 0;
602 sc->dethrottle = schedule(tv, dethrottle, sc);
603 } else */
604 /* while ((result=read_packet(buf,sc->fd,sc->frame & SYNC_FRAMING))>0) { */
605 while ((result =
606 read_packet (buf, sc->fd, SYNC_FRAMING)) > 0)
607 {
608 add_payload_hdr (sc->container, sc, buf);
609 if (gconfig.packet_dump)
610 {
611 do_packet_dump (buf);
612 }
613
614
615 sc->prx = sc->data_rec_seq_num;
616 if (sc->zlb_xmit)
617 {
618 deschedule (sc->zlb_xmit);
619 sc->zlb_xmit = NULL;
620 }
621 sc->tx_bytes += buf->len;
622 sc->tx_pkts++;
623 udp_xmit (buf, st);
624 recycle_payload (buf, sc->container->peer);
625 }
626 if (result != 0)
627 {
628 l2tp_log (LOG_WARNING,
629 "%s: tossing read packet, error = %s (%d). Closing call.\n",
630 __FUNCTION__, strerror (-result), -result);
631 strcpy (sc->errormsg, strerror (-result));
632 sc->needclose = -1;
633 }
634 }
635 sc = sc->next;
636 }
637 st = st->next;
638 }
639 }
640
641 }