configure MRU in initlcp

l2tpns.c

@@ -4,7 +4,7 @@
 // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
 // vim: sw=8 ts=8
 
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.97 2005-05-07 08:53:23 bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.98 2005-05-07 11:57:53 bodea Exp $";
 
 #include <arpa/inet.h>
 #include <assert.h>
@@ -1801,12 +1801,11 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
 		uint16_t message = 0xFFFF;	// message type
 		uint8_t fatal = 0;
 		uint8_t mandatory = 0;
-		uint8_t chap = 0;		// if CHAP being used
+		uint8_t authtype = 0;		// proxy auth type
 		uint16_t asession = 0;		// assigned session
 		uint32_t amagic = 0;		// magic number
 		uint8_t aflags = 0;		// flags from last LCF
 		uint16_t version = 0x0100;	// protocol version (we handle 0.0 as well and send that back just in case)
-		int requestchap = 0;		// do we request PAP instead of original CHAP request?
 		char called[MAXTEL] = "";	// called number
 		char calling[MAXTEL] = "";	// calling number
 
@@ -2187,7 +2186,11 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
 					{
 						uint16_t atype = ntohs(*(uint16_t *)b);
 						LOG(4, s, t, "   Proxy Auth Type %d (%s)\n", atype, auth_type(atype));
-						requestchap = (atype == 2);
+						if (atype = 2)
+							authtype = AUTHCHAP;
+						else if (atype == 3)
+							authtype = AUTHPAP;
+
 						break;
 					}
 				case 30:    // Proxy Authentication Name
@@ -2224,8 +2227,10 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
 						{
 							if (*p == 5 && p[1] == 6) // Magic-Number
 								amagic = ntohl(*(uint32_t *) (p + 2));
-							else if (*p == 3 && p[1] == 5 && *(uint16_t *) (p + 2) == htons(PPPCHAP) && p[4] == 5) // Authentication-Protocol
+							else if (*p == 3 && p[1] == 4 && *(uint16_t *) (p + 2) == htons(PPPPAP)) // Authentication-Protocol (PAP)
-								chap = 1;
+								authtype = AUTHPAP;
+							else if (*p == 3 && p[1] == 5 && *(uint16_t *) (p + 2) == htons(PPPCHAP) && p[4] == 5) // Authentication-Protocol (CHAP)
+								authtype = AUTHCHAP;
 							else if (*p == 7) // Protocol-Field-Compression
 								aflags |= SESSIONPFC;
 							else if (*p == 8) // Address-and-Control-Field-Compression
@@ -2350,8 +2355,8 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
 					session[s].l2tp_flags = aflags; // set flags received
 					LOG(3, s, t, "Magic %X Flags %X\n", amagic, aflags);
 					controlnull(t); // ack
-					// In CHAP state, request PAP instead
+					// proxy authentication type is not supported
-					if (requestchap)
+					if (authtype && !(config->radius_authtypes & authtype))
 						initlcp(t, s);
 					break;
 				case 14:      // CDN

l2tpns.h

@@ -1,5 +1,5 @@
 // L2TPNS Global Stuff
-// $Id: l2tpns.h,v 1.65 2005-05-05 10:02:08 bodea Exp $
+// $Id: l2tpns.h,v 1.66 2005-05-07 11:57:53 bodea Exp $
 
 #ifndef __L2TPNS_H__
 #define __L2TPNS_H__
@@ -43,6 +43,7 @@
 #define ECHO_TIMEOUT	60		// Time between last packet sent and LCP ECHO generation
 #define IDLE_TIMEOUT	240		// Time between last packet sent and LCP ECHO generation
 #define BUSY_WAIT_TIME	3000		// 5 minutes in 1/10th seconds to wait for radius to cleanup on shutdown
+#define DEFAULT_MRU	1458		// maximum packet size to avoid fragmentation when LNS ethernet MTU is 1500
 
 // Constants
 #ifndef ETCDIR

ppp.c

@@ -1,6 +1,6 @@
 // L2TPNS PPP Stuff
 
-char const *cvs_id_ppp = "$Id: ppp.c,v 1.50 2005-05-07 08:53:23 bodea Exp $";
+char const *cvs_id_ppp = "$Id: ppp.c,v 1.51 2005-05-07 11:57:53 bodea Exp $";
 
 #include <stdio.h>
 #include <string.h>
@@ -1195,39 +1195,48 @@ uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, tunnelidt t, sessionid
 	return b;
 }
 
-// Send initial LCP ConfigReq for PAP, set magic no.
+// Send initial LCP ConfigReq for preferred authentication type, set magic no and MRU
 void initlcp(tunnelidt t, sessionidt s)
 {
-	char b[500], *q;
+	char b[500], *q, *l;
-	int size;
 
 	if (!(q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP)))
 		return;
 
-	LOG(4, s, t, "Sending LCP ConfigReq for PAP\n");
+	LOG(4, s, t, "Sending LCP ConfigReq for %s\n",
-	*q = ConfigReq;
+	    config->radius_authprefer == AUTHCHAP ? "CHAP" : "PAP");
-	*(uint8_t *)(q + 1) = (time_now % 255) + 1; // ID
+
-	*(uint16_t *)(q + 2) = htons(14); // Length
+	if (!session[s].mru)
-	*(uint8_t *)(q + 4) = 5;
+		session[s].mru = DEFAULT_MRU;
-	*(uint8_t *)(q + 5) = 6;
+
-	*(uint32_t *)(q + 6) = htonl(session[s].magic);
+	l = q;
-	*(uint8_t *)(q + 10) = 3;
+	*l++ = ConfigReq;
+	*l++ = (time_now % 255) + 1; // ID
+
+	*l++ = 1; *l++ = 4; // Maximum-Receive-Unit (length 4)
+	*(uint16_t *) l = htons(session[s].mru); l += 2;
+
+	*l++ = 3; // Authentication-Protocol
 	if (config->radius_authprefer == AUTHCHAP)
 	{
-		*(uint8_t *)(q + 11) = 5;
+		*l++ = 5; // length
-		*(uint16_t *)(q + 12) = htons(PPPCHAP);
+		*(uint16_t *) l = htons(PPPCHAP); l += 2;
-		*(uint8_t *)(q + 14) = 5; // MD5
+		*l++ = 5; // MD5
-		size = 15;
 	}
 	else
 	{
-		*(uint8_t *)(q + 11) = 4;
+		*l++ = 4; // length
-		*(uint16_t *)(q + 12) = htons(PPPPAP);
+		*(uint16_t *) l = htons(PPPPAP); l += 2;
-		size = 14;
 	}
 
-	LOG_HEX(5, "PPPLCP", q, size);
+	*l++ = 5; *l++ = 6; // Magic-Number (length 6)
-	tunnelsend(b, (q - b) + size, t);
+	*(uint32_t *) l = htonl(session[s].magic);
+	l += 4;
+
+	*(uint16_t *)(q + 2) = htons(l - q); // Length
+
+	LOG_HEX(5, "PPPLCP", q, l - q);
+	tunnelsend(b, (l - b), t);
 }
 
 // Send CCP request for no compression