* Fri Mar 5 2004 David Parrish <david@dparrish.com> 1.1.0

- Change all strcpy() calls to strncpy() to avoid buffer overflow potential - Add ICMP host unreachable support - Logging to syslog if log_file = "syslog:facility" - Now requires libcli 1.5 - All configuration moves to a config structure - Ability to modify and write config on the fly through command-line interface - Config file support is removed, and now handled by the cli - Show hostname in cli prompt - Keep current state type for tunnels - Add uptime command do CLI, which also shows real-time bandwidth utilisation - Add goodbye command to cluster master, which forces droppping a slave - Cache IP address allocation, so that reconnecting users get the same address - Fix tunnel resend timeouts, so that dead tunnels will be cleaned up - Allocate tunnels and radius without using a linked list which had issues - Fix some off-by-one errors in tunnel and session and radius arrays - Save and reload ip address pool when dieing - Check version and size of reloaded data when restarting - Remove plugin_config support - Remove old support for TBF which didn't work anyway. HTB is required to do throttling now. - Add COPYING and Changes files
2004-03-05 00:09:03 +00:00 · 2004-03-05 00:09:03 +00:00 · fc0a363208
commit fc0a363208
parent 7c1104efff
22 changed files with 1731 additions and 1248 deletions
--- a/icmp.c
+++ b/icmp.c
@ -0,0 +1,86 @@
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <linux/ip.h>
+#include <linux/icmp.h>
+#include <stdio.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <memory.h>
+#include "l2tpns.h"
+
+extern ipt myip;
+
+__u16 _checksum(unsigned char *addr, int count);
+
+void host_unreachable(ipt destination, u16 id, ipt source, char *packet, int packet_len)
+{
+	char buf[128] = {0};
+	struct iphdr *iph;
+	struct icmphdr *icmp;
+	char *data;
+	int len = 0, on = 1, icmp_socket;
+	struct sockaddr_in whereto = {0};
+
+	if (!(icmp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)))
+		return;
+	setsockopt(icmp_socket, IPPROTO_IP, IP_HDRINCL, (char *)&on, sizeof(on));
+
+	whereto.sin_addr.s_addr = destination;
+	whereto.sin_family = AF_INET;
+
+	iph = (struct iphdr *)(buf);
+	len = sizeof(struct iphdr);
+	icmp = (struct icmphdr *)(buf + len);
+	len += sizeof(struct icmphdr);
+	data = (char *)(buf + len);
+	len += (packet_len < 64) ? packet_len : 64;
+	memcpy(data, packet, (packet_len < 64) ? packet_len : 64);
+
+	iph->tos = 0;
+	iph->id = id;
+	iph->frag_off = 0;
+	iph->ttl = 30;
+	iph->check = 0;
+	iph->version = 4;
+	iph->ihl = 5;
+	iph->protocol = 1;
+	iph->check = 0;
+	iph->daddr = destination;
+	iph->saddr = source;
+
+	iph->tot_len = ntohs(len);
+
+	icmp->type = ICMP_DEST_UNREACH;
+	icmp->code = ICMP_HOST_UNREACH;
+	icmp->checksum = _checksum((char *)icmp, sizeof(struct icmphdr) + ((packet_len < 64) ? packet_len : 64));
+
+	iph->check = _checksum((char *)iph, sizeof(struct iphdr));
+
+	sendto(icmp_socket, (char *)buf, len, 0, (struct sockaddr *)&whereto, sizeof(struct sockaddr));
+	close(icmp_socket);
+}
+
+__u16 _checksum(unsigned char *addr, int count)
+{
+	register long sum = 0;
+
+	for (; count > 1; count -= 2)
+	{
+		sum += ntohs(*(u32 *)addr);
+		addr += 2;
+	}
+
+	if (count > 1) sum += *(unsigned char *)addr;
+
+	// take only 16 bits out of the 32 bit sum and add up the carries
+	while (sum >> 16)
+		sum = (sum & 0xFFFF) + (sum >> 16);
+
+	// one's complement the result
+	sum = ~sum;
+
+	return htons((u16) sum);
+}