1 /* $OpenBSD: ppp.c,v 1.33 2025/02/03 08:26:51 yasuoka Exp $ */
2
3 /*-
4 * Copyright (c) 2009 Internet Initiative Japan Inc.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28 /* $Id: ppp.c,v 1.33 2025/02/03 08:26:51 yasuoka Exp $ */
29 /**@file
30 * This file provides PPP(Point-to-Point Protocol, RFC 1661) and
31 * {@link :: _npppd_ppp PPP instance} related functions.
32 */
33 #include <sys/types.h>
34 #include <sys/socket.h>
35 #include <netinet/in.h>
36 #include <net/if_dl.h>
37 #include <arpa/inet.h>
38 #include <stdlib.h>
39 #include <netdb.h>
40 #include <stdio.h>
41 #include <stdarg.h>
42 #include <string.h>
43 #include <unistd.h>
44 #include <errno.h>
45 #include <syslog.h>
46 #include <sys/time.h>
47 #include <time.h>
48 #include <event.h>
49
50 #include "npppd.h"
51 #include "time_utils.h"
52 #include "ppp.h"
53 #include "psm-opt.h"
54 #ifdef USE_NPPPD_RADIUS
55 #include <radius.h>
56 #include "npppd_radius.h"
57 #endif
58
59 #include "debugutil.h"
60
61 #ifdef PPP_DEBUG
62 #define PPP_DBG(x) ppp_log x
63 #define PPP_ASSERT(cond) \
64 if (!(cond)) { \
65 fprintf(stderr, \
66 "\nASSERT(" #cond ") failed on %s() at %s:%d.\n"\
67 , __func__, __FILE__, __LINE__); \
68 abort(); \
69 }
70 #else
71 #define PPP_ASSERT(cond)
72 #define PPP_DBG(x)
73 #endif
74
75 static u_int ppp_seq = 0;
76
77 static void ppp_stop0 (npppd_ppp *);
78 static int ppp_recv_packet (npppd_ppp *, unsigned char *, int, int);
79 static const char *ppp_peer_auth_string (npppd_ppp *);
80 static void ppp_idle_timeout (int, short, void *);
81 #ifdef USE_NPPPD_PIPEX
82 static void ppp_on_network_pipex(npppd_ppp *);
83 #endif
84 static uint32_t ppp_proto_bit(int);
85
86 #define AUTH_IS_PAP(ppp) ((ppp)->peer_auth == PPP_AUTH_PAP)
87 #define AUTH_IS_CHAP(ppp) ((ppp)->peer_auth == PPP_AUTH_CHAP_MD5 ||\
88 (ppp)->peer_auth == PPP_AUTH_CHAP_MS || \
89 (ppp)->peer_auth == PPP_AUTH_CHAP_MS_V2)
90 #define AUTH_IS_EAP(ppp) ((ppp)->peer_auth == PPP_AUTH_EAP)
91
92 /*
93 * About termination procedures:
94 * ppp_lcp_finished LCP is terminated
95 * Terminate-Request by the peer.
96 * Terminate-Request by ourself. (From ppp_stop())
97 * ppp_phy_downed Down the datalink/physical.
98 *
99 * On both cases, ppp_stop0 and ppp_down_others are called.
100 */
101 /** Create a npppd_ppp instance */
102 npppd_ppp *
ppp_create()103 ppp_create()
104 {
105 npppd_ppp *_this;
106
107 if ((_this = calloc(1, sizeof(npppd_ppp))) == NULL) {
108 log_printf(LOG_ERR, "calloc() failed in %s(): %m", __func__ );
109 return NULL;
110 }
111
112 _this->snp.snp_family = AF_INET;
113 _this->snp.snp_len = sizeof(_this->snp);
114 _this->snp.snp_type = SNP_PPP;
115 _this->snp.snp_data_ptr = _this;
116
117 return _this;
118 }
119
120 /**
121 * Initialize the npppd_ppp instance
122 * Set npppd_ppp#mru and npppd_ppp#phy_label before call this function.
123 */
124 int
ppp_init(npppd * pppd,npppd_ppp * _this)125 ppp_init(npppd *pppd, npppd_ppp *_this)
126 {
127 struct tunnconf *conf;
128
129 PPP_ASSERT(_this != NULL);
130 PPP_ASSERT(strlen(_this->phy_label) > 0);
131
132 _this->id = -1;
133 _this->ifidx = -1;
134 _this->has_acf = 1;
135 _this->recv_packet = ppp_recv_packet;
136 _this->id = ppp_seq++;
137 _this->pppd = pppd;
138
139 lcp_init(&_this->lcp, _this);
140
141 conf = ppp_get_tunnconf(_this);
142 _this->mru = conf->mru;
143
144 if (_this->outpacket_buf == NULL) {
145 _this->outpacket_buf = malloc(_this->mru + 64);
146 if (_this->outpacket_buf == NULL){
147 log_printf(LOG_ERR, "malloc() failed in %s(): %m",
148 __func__);
149 return -1;
150 }
151 }
152 _this->adjust_mss = (conf->tcp_mss_adjust)? 1 : 0;
153
154 #ifdef USE_NPPPD_PIPEX
155 _this->use_pipex = (conf->pipex)? 1 : 0;
156 #endif
157 /* load the logging configuration */
158 _this->ingress_filter = (conf->ingress_filter)? 1 : 0;
159
160 #ifdef USE_NPPPD_MPPE
161 mppe_init(&_this->mppe, _this);
162 #endif
163 ccp_init(&_this->ccp, _this);
164 ipcp_init(&_this->ipcp, _this);
165 pap_init(&_this->pap, _this);
166 chap_init(&_this->chap, _this);
167
168 /* load the idle timer configuration */
169 _this->timeout_sec = conf->idle_timeout;
170
171 if (!evtimer_initialized(&_this->idle_event))
172 evtimer_set(&_this->idle_event, ppp_idle_timeout, _this);
173
174 if (conf->lcp_keepalive) {
175 _this->lcp.echo_interval = conf->lcp_keepalive_interval;
176 _this->lcp.echo_retry_interval =
177 conf->lcp_keepalive_retry_interval;
178 _this->lcp.echo_max_retries = conf->lcp_keepalive_max_retries;
179 } else {
180 _this->lcp.echo_interval = 0;
181 _this->lcp.echo_retry_interval = 0;
182 _this->lcp.echo_max_retries = 0;
183 }
184 _this->log_dump_in = (conf->debug_dump_pktin == 0)? 0 : 1;
185 _this->log_dump_out = (conf->debug_dump_pktout == 0)? 0 : 1;
186
187 return 0;
188 }
189
190 static void
ppp_set_tunnel_label(npppd_ppp * _this,char * buf,int lbuf)191 ppp_set_tunnel_label(npppd_ppp *_this, char *buf, int lbuf)
192 {
193 int flag, af;
194 char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
195 u_char *ea;
196
197 hbuf[0] = 0;
198 sbuf[0] = 0;
199 af = ((struct sockaddr *)&_this->phy_info)->sa_family;
200 if (af == AF_LINK) {
201 ea = LLADDR((struct sockaddr_dl *)&_this->phy_info);
202 snprintf(buf, lbuf, "%02x:%02x:%02x:%02x:%02x:%02x", *ea,
203 *(ea + 1), *(ea + 2), *(ea + 3), *(ea + 4), *(ea + 5));
204 } else if (af < AF_MAX) {
205 flag = NI_NUMERICHOST;
206 if (af == AF_INET || af == AF_INET6)
207 flag |= NI_NUMERICSERV;
208 if (getnameinfo((struct sockaddr *)&_this->phy_info,
209 ((struct sockaddr *)&_this->phy_info)->sa_len, hbuf,
210 sizeof(hbuf), sbuf, sizeof(sbuf), flag) != 0) {
211 ppp_log(_this, LOG_ERR, "getnameinfo() failed at %s",
212 __func__);
213 strlcpy(hbuf, "0.0.0.0", sizeof(hbuf));
214 strlcpy(sbuf, "0", sizeof(sbuf));
215 }
216 if (af == AF_INET || af == AF_INET6)
217 snprintf(buf, lbuf, "%s:%s", hbuf, sbuf);
218 else
219 snprintf(buf, lbuf, "%s", hbuf);
220 } else if (af == NPPPD_AF_PHONE_NUMBER) {
221 strlcpy(buf,
222 ((npppd_phone_number *)&_this->phy_info)->pn_number, lbuf);
223 }
224 }
225 /**
226 * Start the npppd_ppp.
227 * Set npppd_ppp#phy_context, npppd_ppp#send_packet, npppd_ppp#phy_close and
228 * npppd_ppp#phy_info before call this function.
229 */
230 void
ppp_start(npppd_ppp * _this)231 ppp_start(npppd_ppp *_this)
232 {
233 char label[512];
234
235 PPP_ASSERT(_this != NULL);
236 PPP_ASSERT(_this->recv_packet != NULL);
237 PPP_ASSERT(_this->send_packet != NULL);
238 PPP_ASSERT(_this->phy_close != NULL);
239
240 _this->start_time = time(NULL);
241 _this->start_monotime = get_monosec();
242 /* log the lower layer information */
243 ppp_set_tunnel_label(_this, label, sizeof(label));
244 ppp_log(_this, LOG_INFO, "logtype=Started tunnel=%s(%s)",
245 _this->phy_label, label);
246
247 lcp_lowerup(&_this->lcp);
248 }
249
250 /** Prepare "dialin proxy". Return 0 if "dialin proxy" is not available. */
251 int
ppp_dialin_proxy_prepare(npppd_ppp * _this,dialin_proxy_info * dpi)252 ppp_dialin_proxy_prepare(npppd_ppp *_this, dialin_proxy_info *dpi)
253 {
254 int renego_force, renego;
255 struct tunnconf *conf;
256
257 conf = ppp_get_tunnconf(_this);
258
259 renego = conf->proto.l2tp.lcp_renegotiation;
260 renego_force = conf->proto.l2tp.force_lcp_renegotiation;
261
262 if (renego_force)
263 renego = 1;
264
265 if (lcp_dialin_proxy(&_this->lcp, dpi, renego, renego_force) != 0) {
266 ppp_log(_this, LOG_ERR,
267 "Failed to dialin-proxy, proxied lcp is broken.");
268 return 1;
269 }
270
271 return 0;
272 }
273
274 static void
ppp_down_others(npppd_ppp * _this)275 ppp_down_others(npppd_ppp *_this)
276 {
277 fsm_lowerdown(&_this->ccp.fsm);
278 fsm_lowerdown(&_this->ipcp.fsm);
279
280 npppd_release_ip(_this->pppd, _this);
281 if (AUTH_IS_PAP(_this))
282 pap_stop(&_this->pap);
283 if (AUTH_IS_CHAP(_this))
284 chap_stop(&_this->chap);
285 #ifdef USE_NPPPD_EAP_RADIUS
286 if (AUTH_IS_EAP(_this))
287 eap_stop(&_this->eap);
288 #endif
289 evtimer_del(&_this->idle_event);
290 }
291
292 /**
293 * Stop the PPP and destroy the npppd_ppp instance
294 * @param reason Reason of stopping the PPP. Specify NULL if there is
295 * no special reason. This reason will be used as a
296 * reason field of LCP Terminate-Request message and
297 * notified to the peer.
298 */
299 void
ppp_stop(npppd_ppp * _this,const char * reason)300 ppp_stop(npppd_ppp *_this, const char *reason)
301 {
302
303 PPP_ASSERT(_this != NULL);
304
305 #ifdef USE_NPPPD_RADIUS
306 ppp_set_radius_terminate_cause(_this,
307 RADIUS_TERMNATE_CAUSE_ADMIN_RESET);
308 #endif
309 ppp_set_disconnect_cause(_this, PPP_DISCON_NORMAL, 0, 2 /* by local */,
310 NULL);
311
312 ppp_down_others(_this);
313 fsm_close(&_this->lcp.fsm, reason);
314 }
315
316 /**
317 * Set disconnect cause
318 * @param code disconnect code in {@link ::npppd_ppp_disconnect_code}.
319 * @param proto control protocol number. see RFC3145.
320 * @param direction disconnect direction. see RFC 3145
321 */
322 void
ppp_set_disconnect_cause(npppd_ppp * _this,npppd_ppp_disconnect_code code,int proto,int direction,const char * message)323 ppp_set_disconnect_cause(npppd_ppp *_this, npppd_ppp_disconnect_code code,
324 int proto, int direction, const char *message)
325 {
326 if (_this->disconnect_code == PPP_DISCON_NO_INFORMATION) {
327 _this->disconnect_code = code;
328 _this->disconnect_proto = proto;
329 _this->disconnect_direction = direction;
330 _this->disconnect_message = message;
331 }
332 }
333
334 /** Set RADIUS Acct-Terminate-Cause code */
335 void
ppp_set_radius_terminate_cause(npppd_ppp * _this,int cause)336 ppp_set_radius_terminate_cause(npppd_ppp *_this, int cause)
337 {
338 if (_this->terminate_cause == 0)
339 _this->terminate_cause = cause;
340 }
341
342 static void
ppp_stop0(npppd_ppp * _this)343 ppp_stop0(npppd_ppp *_this)
344 {
345 char mppe_str[BUFSIZ];
346 char label[512];
347
348 #ifdef USE_NPPPD_RADIUS
349 ppp_set_radius_terminate_cause(_this, RADIUS_TERMNATE_CAUSE_NAS_ERROR);
350 #endif
351 ppp_set_disconnect_cause(_this, PPP_DISCON_NORMAL, 0, 1 /* by local */,
352 NULL);
353
354 _this->end_monotime = get_monosec();
355
356 if (_this->phy_close != NULL)
357 _this->phy_close(_this);
358 _this->phy_close = NULL;
359
360 /*
361 * NAT/Blackhole detection for PPTP(GRE)
362 */
363 if (_this->lcp.dialin_proxy != 0 &&
364 _this->lcp.dialin_proxy_lcp_renegotiation == 0) {
365 /* No LCP packets on dialin proxy without LCP renegotiation */
366 } else if (_this->lcp.recv_ress == 0) { /* No responses */
367 if (_this->lcp.recv_reqs == 0) /* No requests */
368 ppp_log(_this, LOG_WARNING, "no PPP frames from the "
369 "peer. router/NAT issue? (may have filtered out)");
370 else
371 ppp_log(_this, LOG_WARNING, "my PPP frames may not "
372 "have arrived at the peer. router/NAT issue? (may "
373 "be the only-first-person problem)");
374 }
375 #ifdef USE_NPPPD_PIPEX
376 if (npppd_ppp_pipex_disable(_this->pppd, _this) != 0)
377 ppp_log(_this, LOG_ERR,
378 "npppd_ppp_pipex_disable() failed: %m");
379 #endif
380
381 ppp_set_tunnel_label(_this, label, sizeof(label));
382 #ifdef USE_NPPPD_MPPE
383 if (_this->mppe_started) {
384 snprintf(mppe_str, sizeof(mppe_str),
385 "mppe=yes mppe_in=%dbits,%s mppe_out=%dbits,%s",
386 _this->mppe.recv.keybits,
387 (_this->mppe.recv.stateless)? "stateless" : "stateful",
388 _this->mppe.send.keybits,
389 (_this->mppe.send.stateless)? "stateless" : "stateful");
390 } else
391 #endif
392 snprintf(mppe_str, sizeof(mppe_str), "mppe=no");
393 ppp_log(_this, LOG_NOTICE,
394 "logtype=TUNNELUSAGE user=\"%s\" duration=%ldsec layer2=%s "
395 "layer2from=%s auth=%s data_in=%llubytes,%upackets "
396 "data_out=%llubytes,%upackets error_in=%u error_out=%u %s "
397 "iface=%s",
398 _this->username[0]? _this->username : "<unknown>",
399 (long)(_this->end_monotime - _this->start_monotime),
400 _this->phy_label, label,
401 _this->username[0]? ppp_peer_auth_string(_this) : "none",
402 (unsigned long long)_this->ibytes, _this->ipackets,
403 (unsigned long long)_this->obytes, _this->opackets,
404 _this->ierrors, _this->oerrors, mppe_str,
405 npppd_ppp_get_iface_name(_this->pppd, _this));
406
407 #ifdef USE_NPPPD_RADIUS
408 npppd_ppp_radius_acct_stop(_this->pppd, _this);
409 #endif
410 npppd_on_ppp_stop(_this->pppd, _this);
411 npppd_ppp_unbind_iface(_this->pppd, _this);
412 #ifdef USE_NPPPD_MPPE
413 mppe_fini(&_this->mppe);
414 #endif
415 evtimer_del(&_this->idle_event);
416
417 npppd_release_ip(_this->pppd, _this);
418 ppp_destroy(_this);
419 }
420
421 /**
422 * Destroy the npppd_ppp instance. Don't use this function after calling
423 * the ppp_start, please use ppp_stop() instead.
424 */
425 void
ppp_destroy(void * ctx)426 ppp_destroy(void *ctx)
427 {
428 npppd_ppp *_this = ctx;
429
430 free(_this->proxy_authen_resp);
431
432 /*
433 * Down/stop the protocols again to make sure they are stopped
434 * even if ppp_stop is done. They might be change their state
435 * by receiving packets from the peer.
436 */
437 fsm_lowerdown(&_this->ccp.fsm);
438 fsm_lowerdown(&_this->ipcp.fsm);
439 pap_stop(&_this->pap);
440 chap_stop(&_this->chap);
441
442 free(_this->outpacket_buf);
443
444 free(_this);
445 }
446
447 /************************************************************************
448 * Protocol events
449 ************************************************************************/
450 static const char *
ppp_peer_auth_string(npppd_ppp * _this)451 ppp_peer_auth_string(npppd_ppp *_this)
452 {
453 switch(_this->peer_auth) {
454 case PPP_AUTH_PAP: return "PAP";
455 case PPP_AUTH_CHAP_MD5: return "MD5-CHAP";
456 case PPP_AUTH_CHAP_MS: return "MS-CHAP";
457 case PPP_AUTH_CHAP_MS_V2: return "MS-CHAP-V2";
458 case PPP_AUTH_EAP: return "EAP";
459 default: return "ERROR";
460 }
461 }
462
463 /** called when the lcp is up */
464 void
ppp_lcp_up(npppd_ppp * _this)465 ppp_lcp_up(npppd_ppp *_this)
466 {
467 #ifdef USE_NPPPD_MPPE
468 if (MPPE_IS_REQUIRED(_this) && !MPPE_MUST_NEGO(_this)) {
469 ppp_log(_this, LOG_ERR, "MPPE is required, auth protocol must "
470 "be MS-CHAP-V2 or EAP");
471 ppp_stop(_this, "Encryption required");
472 return;
473 }
474 #endif
475 /*
476 * Use our MRU value even if the peer insists on larger value.
477 * We set the peer_mtu here, the value will be used as the MTU of the
478 * routing entry. So we will not receive packets larger than the MTU.
479 */
480 if (_this->peer_mru > _this->mru)
481 _this->peer_mru = _this->mru;
482
483 if (_this->peer_auth != 0 && _this->auth_runonce == 0) {
484 if (AUTH_IS_PAP(_this)) {
485 pap_start(&_this->pap);
486 _this->auth_runonce = 1;
487 return;
488 }
489 if (AUTH_IS_CHAP(_this)) {
490 chap_start(&_this->chap);
491 _this->auth_runonce = 1;
492 return;
493 }
494 #ifdef USE_NPPPD_EAP_RADIUS
495 if (AUTH_IS_EAP(_this)) {
496 eap_init(&_this->eap, _this);
497 eap_start(&_this->eap);
498 return;
499 }
500 #endif
501 }
502 if (_this->peer_auth == 0)
503 ppp_auth_ok(_this);
504 }
505
506 /**
507 * This function will be called the LCP is terminated.
508 * (On entering STOPPED or CLOSED state)
509 */
510 void
ppp_lcp_finished(npppd_ppp * _this)511 ppp_lcp_finished(npppd_ppp *_this)
512 {
513 PPP_ASSERT(_this != NULL);
514
515 ppp_down_others(_this);
516
517 fsm_lowerdown(&_this->lcp.fsm);
518 ppp_stop0(_this);
519 }
520
521 /**
522 * This function will be called by the physical layer when it is down.
523 * <p>
524 * Use this function only on such conditions that the physical layer cannot
525 * input or output PPP frames. Use {@link ::ppp_stop()} instead if we can
526 * disconnect PPP gently.</p>
527 */
528 void
ppp_phy_downed(npppd_ppp * _this)529 ppp_phy_downed(npppd_ppp *_this)
530 {
531 PPP_ASSERT(_this != NULL);
532
533 ppp_down_others(_this);
534 fsm_lowerdown(&_this->lcp.fsm);
535 fsm_close(&_this->lcp.fsm, NULL);
536
537 #ifdef USE_NPPPD_RADIUS
538 ppp_set_radius_terminate_cause(_this,
539 RADIUS_TERMNATE_CAUSE_LOST_CARRIER);
540 #endif
541 ppp_stop0(_this);
542 }
543
544 static const char *
proto_name(uint16_t proto)545 proto_name(uint16_t proto)
546 {
547 switch (proto) {
548 case PPP_PROTO_IP: return "ip";
549 case PPP_PROTO_LCP: return "lcp";
550 case PPP_PROTO_PAP: return "pap";
551 case PPP_PROTO_CHAP: return "chap";
552 case PPP_PROTO_EAP: return "eap";
553 case PPP_PROTO_MPPE: return "mppe";
554 case PPP_PROTO_NCP | NCP_CCP: return "ccp";
555 case PPP_PROTO_NCP | NCP_IPCP: return "ipcp";
556 /* following protocols are just for logging */
557 case PPP_PROTO_NCP | NCP_IPV6CP: return "ipv6cp";
558 case PPP_PROTO_ACSP: return "acsp";
559 }
560 return "unknown";
561 }
562
563 /** This function is called on authentication succeed */
564 void
ppp_auth_ok(npppd_ppp * _this)565 ppp_auth_ok(npppd_ppp *_this)
566 {
567 if (npppd_ppp_bind_iface(_this->pppd, _this) != 0) {
568 ppp_log(_this, LOG_WARNING, "No interface binding.");
569 ppp_stop(_this, NULL);
570
571 return;
572 }
573 if (_this->realm != NULL) {
574 npppd_ppp_get_username_for_auth(_this->pppd, _this,
575 _this->username, _this->username);
576 if (!npppd_check_calling_number(_this->pppd, _this)) {
577 ppp_log(_this, LOG_ALERT,
578 "logtype=TUNNELDENY user=\"%s\" "
579 "reason=\"Calling number check is failed\"",
580 _this->username);
581 /* XXX */
582 ppp_stop(_this, NULL);
583 return;
584 }
585 }
586 if (_this->peer_auth != 0) {
587 /* Limit the number of connections per the user */
588 if (!npppd_check_user_max_session(_this->pppd, _this)) {
589 ppp_stop(_this, NULL);
590
591 return;
592 }
593 PPP_ASSERT(_this->realm != NULL);
594 }
595
596 if (!npppd_ppp_iface_is_ready(_this->pppd, _this)) {
597 ppp_log(_this, LOG_WARNING,
598 "interface '%s' is not ready.",
599 npppd_ppp_get_iface_name(_this->pppd, _this));
600 ppp_stop(_this, NULL);
601
602 return;
603 }
604 free(_this->proxy_authen_resp);
605 _this->proxy_authen_resp = NULL;
606
607 fsm_lowerup(&_this->ipcp.fsm);
608 fsm_open(&_this->ipcp.fsm);
609 #ifdef USE_NPPPD_MPPE
610 if (MPPE_MUST_NEGO(_this)) {
611 fsm_lowerup(&_this->ccp.fsm);
612 fsm_open(&_this->ccp.fsm);
613 }
614 #endif
615
616 return;
617 }
618
619 /** timer event handler for idle timer */
620 static void
ppp_idle_timeout(int fd,short evtype,void * context)621 ppp_idle_timeout(int fd, short evtype, void *context)
622 {
623 npppd_ppp *_this;
624
625 _this = context;
626
627 ppp_log(_this, LOG_NOTICE, "Idle timeout(%d sec)", _this->timeout_sec);
628 #ifdef USE_NPPPD_RADIUS
629 ppp_set_radius_terminate_cause(_this,
630 RADIUS_TERMNATE_CAUSE_IDLE_TIMEOUT);
631 #endif
632 ppp_stop(_this, NULL);
633 }
634
635 /** reset the idle-timer. Call this function when the PPP is not idle. */
636 void
ppp_reset_idle_timeout(npppd_ppp * _this)637 ppp_reset_idle_timeout(npppd_ppp *_this)
638 {
639 struct timeval tv;
640
641 evtimer_del(&_this->idle_event);
642 if (_this->timeout_sec > 0) {
643 tv.tv_usec = 0;
644 tv.tv_sec = _this->timeout_sec;
645
646 evtimer_add(&_this->idle_event, &tv);
647 }
648 }
649
650 /** This function is called when IPCP is opened */
651 void
ppp_ipcp_opened(npppd_ppp * _this)652 ppp_ipcp_opened(npppd_ppp *_this)
653 {
654 time_t curr_time;
655
656 curr_time = get_monosec();
657
658 npppd_set_ip_enabled(_this->pppd, _this, 1);
659 if (_this->logged_acct_start == 0) {
660 char label[512], ipstr[64];
661
662 ppp_set_tunnel_label(_this, label, sizeof(label));
663
664 strlcpy(ipstr, " ip=", sizeof(ipstr));
665 strlcat(ipstr, inet_ntoa(_this->ppp_framed_ip_address),
666 sizeof(ipstr));
667 if (_this->ppp_framed_ip_netmask.s_addr != 0xffffffffL) {
668 strlcat(ipstr, ":", sizeof(ipstr));
669 strlcat(ipstr, inet_ntoa(_this->ppp_framed_ip_netmask),
670 sizeof(ipstr));
671 }
672
673 ppp_log(_this, LOG_NOTICE,
674 "logtype=TUNNELSTART user=\"%s\" duration=%lusec layer2=%s "
675 "layer2from=%s auth=%s %s iface=%s%s",
676 _this->username[0]? _this->username : "<unknown>",
677 (long)(curr_time - _this->start_monotime),
678 _this->phy_label, label,
679 _this->username[0]? ppp_peer_auth_string(_this) : "none",
680 ipstr, npppd_ppp_get_iface_name(_this->pppd, _this),
681 (_this->lcp.dialin_proxy != 0)? " dialin_proxy=yes" : ""
682 );
683 #ifdef USE_NPPPD_RADIUS
684 npppd_ppp_radius_acct_start(_this->pppd, _this);
685 #endif
686 npppd_on_ppp_start(_this->pppd, _this);
687
688 _this->logged_acct_start = 1;
689 ppp_reset_idle_timeout(_this);
690 }
691 #ifdef USE_NPPPD_PIPEX
692 ppp_on_network_pipex(_this);
693 #endif
694 }
695
696 /** This function is called when CCP is opened */
697 void
ppp_ccp_opened(npppd_ppp * _this)698 ppp_ccp_opened(npppd_ppp *_this)
699 {
700 #ifdef USE_NPPPD_MPPE
701 if (_this->ccp.mppe_rej == 0) {
702 if (_this->mppe_started == 0) {
703 mppe_start(&_this->mppe);
704 }
705 } else {
706 ppp_log(_this, LOG_INFO, "mppe is rejected by peer");
707 if (_this->mppe.required)
708 ppp_stop(_this, "MPPE is required");
709 }
710 #endif
711 #ifdef USE_NPPPD_PIPEX
712 ppp_on_network_pipex(_this);
713 #endif
714 }
715
716 void
ppp_ccp_stopped(npppd_ppp * _this)717 ppp_ccp_stopped(npppd_ppp *_this)
718 {
719 #ifdef USE_NPPPD_MPPE
720 if (_this->mppe.required) {
721 ppp_stop(_this, NULL);
722 return;
723 }
724 #endif
725 #ifdef USE_NPPPD_PIPEX
726 ppp_on_network_pipex(_this);
727 #endif
728 }
729
730 /************************************************************************
731 * Network I/O related functions
732 ************************************************************************/
733 /**
734 * Receive the PPP packet.
735 * @param flags Indicate information of received packet by bit flags.
736 * {@link ::PPP_IO_FLAGS_MPPE_ENCRYPTED} and
737 * {@link ::PPP_IO_FLAGS_DELAYED} may be used.
738 * @return return 0 on success. return 1 on failure.
739 */
740 static int
ppp_recv_packet(npppd_ppp * _this,unsigned char * pkt,int lpkt,int flags)741 ppp_recv_packet(npppd_ppp *_this, unsigned char *pkt, int lpkt, int flags)
742 {
743 u_char *inp, *inp_proto;
744 uint16_t proto;
745
746 PPP_ASSERT(_this != NULL);
747
748 inp = pkt;
749
750 if (lpkt < 4) {
751 ppp_log(_this, LOG_DEBUG, "%s(): Rcvd short header.", __func__);
752 return 0;
753 }
754
755
756 if (_this->has_acf == 0) {
757 /* nothing to do */
758 } else if (inp[0] == PPP_ALLSTATIONS && inp[1] == PPP_UI) {
759 inp += 2;
760 } else {
761 /*
762 * Address and Control Field Compression
763 */
764 if (!psm_opt_is_accepted(&_this->lcp, acfc) &&
765 _this->logged_no_address == 0) {
766 /*
767 * On packet loss condition, we may receive ACFC'ed
768 * packets before our LCP is opened because the peer's
769 * LCP is opened already.
770 */
771 ppp_log(_this, LOG_INFO,
772 "%s: Rcvd broken frame. ACFC is not accepted, "
773 "but received ppp frame that has no address.",
774 __func__);
775 /*
776 * Log this once because it may be noisy.
777 * For example, Yahama RTX-1000 refuses to use ACFC
778 * but it send PPP frames without the address field.
779 */
780 _this->logged_no_address = 1;
781 }
782 }
783 inp_proto = inp;
784 if ((inp[0] & 0x01) != 0) {
785 /*
786 * Protocol Field Compression
787 */
788 if (!psm_opt_is_accepted(&_this->lcp, pfc)) {
789 ppp_log(_this, LOG_INFO,
790 "%s: Rcvd broken frame. No protocol field: "
791 "%02x %02x", __func__, inp[0], inp[1]);
792 return 1;
793 }
794 GETCHAR(proto, inp);
795 } else {
796 GETSHORT(proto, inp);
797 }
798
799 /*
800 * if the PPP frame is reordered, drop it
801 * unless proto is reorder-tolerant
802 */
803 if (flags & PPP_IO_FLAGS_DELAYED && proto != PPP_PROTO_IP)
804 return 1;
805
806 if (_this->log_dump_in != 0 && debug_get_debugfp() != NULL) {
807 struct tunnconf *conf = ppp_get_tunnconf(_this);
808 if ((ppp_proto_bit(proto) & conf->debug_dump_pktin) != 0) {
809 ppp_log(_this, LOG_DEBUG,
810 "PPP input dump proto=%s(%d/%04x)",
811 proto_name(proto), proto, proto);
812 show_hd(debug_get_debugfp(), pkt, lpkt);
813 }
814 }
815 #ifdef USE_NPPPD_PIPEX
816 if (_this->pipex_enabled != 0 &&
817 _this->tunnel_type == NPPPD_TUNNEL_PPPOE) {
818 switch (proto) {
819 case PPP_PROTO_IP:
820 return 2; /* handled by PIPEX */
821 case PPP_PROTO_NCP | NCP_CCP:
822 if (lpkt - (inp - pkt) < 4)
823 break; /* error but do it on fsm.c */
824 if (*inp == 0x0e || /* Reset-Request */
825 *inp == 0x0f /* Reset-Ack */) {
826 return 2; /* handled by PIPEX */
827 }
828 /* FALLTHROUGH */
829 default:
830 break;
831 }
832 }
833 #endif /* USE_NPPPD_PIPEX */
834
835 switch (proto) {
836 #ifdef USE_NPPPD_MPPE
837 case PPP_PROTO_IP:
838 /* Checks for MPPE */
839 if ((flags & PPP_IO_FLAGS_MPPE_ENCRYPTED) == 0) {
840 if (MPPE_IS_REQUIRED(_this)) {
841 /* MPPE is required but naked ip */
842
843 if (_this->logged_naked_ip == 0) {
844 ppp_log(_this, LOG_INFO,
845 "mppe is required but received "
846 "naked IP.");
847 /* log this once */
848 _this->logged_naked_ip = 1;
849 }
850 /*
851 * Windows sends naked IP packets in condition
852 * such that MPPE is not opened and IPCP is
853 * opened(*1). This occurs at a high
854 * probability when the CCP establishment is
855 * delayed because of packet loss etc. If we
856 * call ppp_stop() here, Windows on the packet
857 * loss condition etc cannot not connect us.
858 * So we don't call ppp_stop() here.
859 * (*1) At least Microsoft Windows 2000
860 * Professional SP4 does.
861 */
862 /*ppp_stop(_this, "Encryption is required.");*/
863
864 return 1;
865 }
866 if (MPPE_RECV_READY(_this)) {
867 /* MPPE is opened but naked ip packet */
868 ppp_log(_this, LOG_WARNING,
869 "mppe is available but received naked IP.");
870 }
871 }
872 /* else input from MPPE */
873 break;
874 case PPP_PROTO_MPPE:
875 #ifdef USE_NPPPD_MPPE
876 if (!MPPE_RECV_READY(_this)) {
877 #else
878 {
879 #endif
880 ppp_log(_this, LOG_ERR,
881 "mppe packet is received but mppe is stopped.");
882 return 1;
883 }
884 break;
885 #endif
886 }
887
888 switch (proto) {
889 case PPP_PROTO_IP:
890 npppd_network_output(_this->pppd, _this, AF_INET, inp,
891 lpkt - (inp - pkt));
892 goto handled;
893 case PPP_PROTO_LCP:
894 fsm_input(&_this->lcp.fsm, inp, lpkt - (inp - pkt));
895 goto handled;
896 case PPP_PROTO_PAP:
897 pap_input(&_this->pap, inp, lpkt - (inp - pkt));
898 goto handled;
899 case PPP_PROTO_CHAP:
900 chap_input(&_this->chap, inp, lpkt - (inp - pkt));
901 goto handled;
902 #ifdef USE_NPPPD_EAP_RADIUS
903 case PPP_PROTO_EAP:
904 eap_input(&_this->eap, inp, lpkt - (inp - pkt));
905 goto handled;
906 #endif
907 #ifdef USE_NPPPD_MPPE
908 case PPP_PROTO_MPPE:
909 #ifdef USE_NPPPD_PIPEX
910 if (_this->pipex_enabled != 0)
911 return -1; /* silent discard */
912 #endif /* USE_NPPPD_PIPEX */
913 mppe_input(&_this->mppe, inp, lpkt - (inp - pkt));
914 goto handled;
915 #endif
916 default:
917 if ((proto & 0xff00) == PPP_PROTO_NCP) {
918 switch (proto & 0xff) {
919 case NCP_CCP: /* Compression */
920 #ifdef USE_NPPPD_MPPE
921 if (MPPE_MUST_NEGO(_this)) {
922 fsm_input(&_this->ccp.fsm, inp,
923 lpkt - (inp - pkt));
924 goto handled;
925 }
926 /* protocol-reject if MPPE is not necessary */
927 #endif
928 break;
929 case NCP_IPCP: /* IPCP */
930 fsm_input(&_this->ipcp.fsm, inp,
931 lpkt - (inp - pkt));
932 goto handled;
933 }
934 }
935 }
936 /* Protocol reject. Log it with protocol number */
937 ppp_log(_this, LOG_INFO, "unhandled protocol %s, %d(%04x)",
938 proto_name(proto), proto, proto);
939
940 if ((flags & PPP_IO_FLAGS_MPPE_ENCRYPTED) != 0) {
941 /*
942 * Don't return a protocol-reject for the packet was encrypted,
943 * because lcp protocol-reject is not encrypted by mppe.
944 */
945 } else {
946 /*
947 * as RFC1661: Rejected-Information MUST be truncated to
948 * comply with the peer's established MRU.
949 */
950 lcp_send_protrej(&_this->lcp, inp_proto,
951 MINIMUM(lpkt - (inp_proto - pkt), NPPPD_MIN_MRU - 32));
952 }
953
954 return 1;
955 handled:
956
957 return 0;
958 }
959
960 /** This function is called to output PPP packets */
961 void
962 ppp_output(npppd_ppp *_this, uint16_t proto, u_char code, u_char id,
963 u_char *datap, int ldata)
964 {
965 u_char *outp;
966 int outlen, hlen, is_lcp = 0;
967
968 outp = _this->outpacket_buf;
969
970 /* No header compressions for LCP */
971 is_lcp = (proto == PPP_PROTO_LCP)? 1 : 0;
972
973 if (_this->has_acf == 0 ||
974 (!is_lcp && psm_peer_opt_is_accepted(&_this->lcp, acfc))) {
975 /*
976 * Don't add ACF(Address and Control Field) if ACF is not
977 * needed on this link or ACFC is negotiated.
978 */
979 } else {
980 PUTCHAR(PPP_ALLSTATIONS, outp);
981 PUTCHAR(PPP_UI, outp);
982 }
983 if (!is_lcp && proto <= 0xff &&
984 psm_peer_opt_is_accepted(&_this->lcp, pfc)) {
985 /*
986 * Protocol Field Compression
987 */
988 PUTCHAR(proto, outp);
989 } else {
990 PUTSHORT(proto, outp);
991 }
992 hlen = outp - _this->outpacket_buf;
993
994 if (_this->mru > 0) {
995 if (MRU_PKTLEN(_this->mru, proto) < ldata) {
996 PPP_DBG((_this, LOG_ERR, "packet too large %d. mru=%d",
997 ldata , _this->mru));
998 _this->oerrors++;
999 PPP_ASSERT("NOT REACHED HERE" == NULL);
1000 return;
1001 }
1002 }
1003
1004 if (code != 0) {
1005 outlen = ldata + HEADERLEN;
1006
1007 PUTCHAR(code, outp);
1008 PUTCHAR(id, outp);
1009 PUTSHORT(outlen, outp);
1010 } else {
1011 outlen = ldata;
1012 }
1013
1014 if (outp != datap && ldata > 0)
1015 memmove(outp, datap, ldata);
1016
1017 if (_this->log_dump_out != 0 && debug_get_debugfp() != NULL) {
1018 struct tunnconf *conf = ppp_get_tunnconf(_this);
1019 if ((ppp_proto_bit(proto) & conf->debug_dump_pktout) != 0) {
1020 ppp_log(_this, LOG_DEBUG,
1021 "PPP output dump proto=%s(%d/%04x)",
1022 proto_name(proto), proto, proto);
1023 show_hd(debug_get_debugfp(),
1024 _this->outpacket_buf, outlen + hlen);
1025 }
1026 }
1027 _this->send_packet(_this, _this->outpacket_buf, outlen + hlen, 0);
1028 }
1029
1030 /**
1031 * Return the buffer space for PPP output. The returned pointer will be
1032 * adjusted for header compression. The length of the space is larger than
1033 * {@link npppd_ppp#mru}.
1034 */
1035 u_char *
1036 ppp_packetbuf(npppd_ppp *_this, int proto)
1037 {
1038 int save;
1039
1040 save = 0;
1041 if (proto != PPP_PROTO_LCP) {
1042 if (psm_peer_opt_is_accepted(&_this->lcp, acfc))
1043 save += 2;
1044 if (proto <= 0xff && psm_peer_opt_is_accepted(&_this->lcp, pfc))
1045 save += 1;
1046 }
1047 return _this->outpacket_buf + (PPP_HDRLEN - save);
1048 }
1049
1050 /** Record log that begins the label based this instance. */
1051 int
1052 ppp_log(npppd_ppp *_this, int prio, const char *fmt, ...)
1053 {
1054 int status;
1055 char logbuf[BUFSIZ];
1056 va_list ap;
1057
1058 PPP_ASSERT(_this != NULL);
1059
1060 va_start(ap, fmt);
1061 snprintf(logbuf, sizeof(logbuf), "ppp id=%u layer=base %s",
1062 _this->id, fmt);
1063 status = vlog_printf(prio, logbuf, ap);
1064 va_end(ap);
1065
1066 return status;
1067 }
1068
1069 #ifdef USE_NPPPD_PIPEX
1070 /** The callback function on network is available for pipex */
1071 static void
1072 ppp_on_network_pipex(npppd_ppp *_this)
1073 {
1074 if (_this->use_pipex == 0)
1075 return;
1076 if (_this->tunnel_type != NPPPD_TUNNEL_PPTP &&
1077 _this->tunnel_type != NPPPD_TUNNEL_PPPOE &&
1078 _this->tunnel_type != NPPPD_TUNNEL_L2TP)
1079 return;
1080
1081 if (_this->pipex_started != 0)
1082 return; /* already started */
1083
1084 if (_this->assigned_ip4_enabled != 0 &&
1085 (!MPPE_MUST_NEGO(_this) || _this->ccp.fsm.state == OPENED ||
1086 _this->ccp.fsm.state == STOPPED)) {
1087 /* IPCP is opened and MPPE is not required or MPPE is opened */
1088 if (npppd_ppp_pipex_enable(_this->pppd, _this) != 0) {
1089 ppp_log(_this, LOG_WARNING, "failed enable pipex: %m");
1090 /* failed to create pipex session */
1091 ppp_phy_downed(_this);
1092 return;
1093 }
1094 ppp_log(_this, LOG_NOTICE, "Using pipex=%s",
1095 (_this->pipex_enabled != 0)? "yes" : "no");
1096 _this->pipex_started = 1;
1097 }
1098 /* else wait CCP or IPCP */
1099 }
1100 #endif
1101
1102 static uint32_t
1103 ppp_proto_bit(int proto)
1104 {
1105 switch (proto) {
1106 case PPP_PROTO_IP: return NPPPD_PROTO_BIT_IP;
1107 case PPP_PROTO_LCP: return NPPPD_PROTO_BIT_LCP;
1108 case PPP_PROTO_PAP: return NPPPD_PROTO_BIT_PAP;
1109 case PPP_PROTO_CHAP: return NPPPD_PROTO_BIT_CHAP;
1110 case PPP_PROTO_EAP: return NPPPD_PROTO_BIT_EAP;
1111 case PPP_PROTO_MPPE: return NPPPD_PROTO_BIT_MPPE;
1112 case PPP_PROTO_NCP | NCP_CCP: return NPPPD_PROTO_BIT_CCP;
1113 case PPP_PROTO_NCP | NCP_IPCP: return NPPPD_PROTO_BIT_IPCP;
1114 }
1115 return 0;
1116 }
1117
1118 struct tunnconf tunnconf_default_l2tp = {
1119 .mru = 1360,
1120 .tcp_mss_adjust = false,
1121 .pipex = true,
1122 .ingress_filter = false,
1123 .lcp_keepalive = false,
1124 .lcp_keepalive_interval = DEFAULT_LCP_ECHO_INTERVAL,
1125 .lcp_keepalive_retry_interval = DEFAULT_LCP_ECHO_RETRY_INTERVAL,
1126 .lcp_keepalive_max_retries = DEFAULT_LCP_ECHO_MAX_RETRIES,
1127 .auth_methods = NPPPD_AUTH_METHODS_CHAP | NPPPD_AUTH_METHODS_MSCHAPV2,
1128 .mppe_yesno = true,
1129 .mppe_required = false,
1130 .mppe_keylen = NPPPD_MPPE_40BIT | NPPPD_MPPE_56BIT | NPPPD_MPPE_128BIT,
1131 .mppe_keystate = NPPPD_MPPE_STATELESS | NPPPD_MPPE_STATEFUL,
1132 .callnum_check = 0,
1133 .proto = {
1134 .l2tp = {
1135 .hostname = NULL,
1136 .vendor_name = NULL,
1137 .listen = TAILQ_HEAD_INITIALIZER(
1138 tunnconf_default_l2tp.proto.l2tp.listen),
1139 /* .hello_interval, */
1140 /* .hello_timeout, */
1141 .data_use_seq = true,
1142 .require_ipsec = false,
1143 /* .accept_dialin, */
1144 .lcp_renegotiation = true,
1145 .force_lcp_renegotiation = false,
1146 /* .ctrl_in_pktdump, */
1147 /* .ctrl_out_pktdump, */
1148 /* .data_in_pktdump, */
1149 /* .data_out_pktdump, */
1150 }
1151 }
1152 };
1153 struct tunnconf tunnconf_default_pptp = {
1154 .mru = 1400,
1155 .tcp_mss_adjust = false,
1156 .pipex = true,
1157 .ingress_filter = false,
1158 .lcp_keepalive = true,
1159 .lcp_keepalive_interval = DEFAULT_LCP_ECHO_INTERVAL,
1160 .lcp_keepalive_retry_interval = DEFAULT_LCP_ECHO_RETRY_INTERVAL,
1161 .lcp_keepalive_max_retries = DEFAULT_LCP_ECHO_MAX_RETRIES,
1162 .auth_methods = NPPPD_AUTH_METHODS_CHAP | NPPPD_AUTH_METHODS_MSCHAPV2,
1163 .mppe_yesno = true,
1164 .mppe_required = true,
1165 .mppe_keylen = NPPPD_MPPE_40BIT | NPPPD_MPPE_56BIT | NPPPD_MPPE_128BIT,
1166 .mppe_keystate = NPPPD_MPPE_STATELESS | NPPPD_MPPE_STATEFUL,
1167 .callnum_check = 0,
1168 .proto = {
1169 .pptp = {
1170 .hostname = NULL,
1171 .vendor_name = NULL,
1172 .listen = TAILQ_HEAD_INITIALIZER(
1173 tunnconf_default_pptp.proto.pptp.listen),
1174 /* .echo_interval, */
1175 /* .echo_timeout, */
1176 }
1177 }
1178 };
1179 struct tunnconf tunnconf_default_pppoe = {
1180 .mru = 1492,
1181 .tcp_mss_adjust = false,
1182 .pipex = true,
1183 .ingress_filter = false,
1184 .lcp_keepalive = true,
1185 .lcp_keepalive_interval = DEFAULT_LCP_ECHO_INTERVAL,
1186 .lcp_keepalive_retry_interval = DEFAULT_LCP_ECHO_RETRY_INTERVAL,
1187 .lcp_keepalive_max_retries = DEFAULT_LCP_ECHO_MAX_RETRIES,
1188 .auth_methods = NPPPD_AUTH_METHODS_CHAP | NPPPD_AUTH_METHODS_MSCHAPV2,
1189 .mppe_yesno = true,
1190 .mppe_required = false,
1191 .mppe_keylen = NPPPD_MPPE_40BIT | NPPPD_MPPE_56BIT | NPPPD_MPPE_128BIT,
1192 .mppe_keystate = NPPPD_MPPE_STATELESS | NPPPD_MPPE_STATEFUL,
1193 .callnum_check = 0,
1194 .proto = {
1195 .pppoe = {
1196 /* .service_name */
1197 .accept_any_service = true,
1198 /* .ac_name */
1199 /* .desc_in_pktdump */
1200 /* .desc_out_pktdump */
1201 /* .session_in_pktdump */
1202 /* .session_out_pktdump */
1203 }
1204 }
1205 };
1206
1207 struct tunnconf *
1208 ppp_get_tunnconf(npppd_ppp *_this)
1209 {
1210 struct tunnconf *conf;
1211
1212 conf = npppd_get_tunnconf(_this->pppd, _this->phy_label);
1213 if (conf != NULL)
1214 return conf;
1215
1216 switch (_this->tunnel_type) {
1217 case NPPPD_TUNNEL_L2TP:
1218 return &tunnconf_default_l2tp;
1219 break;
1220 case NPPPD_TUNNEL_PPTP:
1221 return &tunnconf_default_pptp;
1222 break;
1223 case NPPPD_TUNNEL_PPPOE:
1224 return &tunnconf_default_pppoe;
1225 break;
1226 }
1227
1228 return NULL;
1229 }
1230