1/*********************************************************************** 2* 3* lt2p.h 4* 5* Header file for L2TP definitions. 6* 7* Copyright (C) 2002 Roaring Penguin Software Inc. 8* 9* LIC: GPL 10* 11***********************************************************************/ 12 13#ifndef L2TP_H 14#define L2TP_H 15 16#include <stdint.h> 17#include <netinet/in.h> 18#include <arpa/inet.h> 19#include <net/route.h> 20 21#include "hash.h" 22#include "event.h" 23 24#define ENABLE_DEBUG 25 26#ifdef ENABLE_DEBUG 27#define DBG(x) x 28#else 29#define DBG(x) (void) 0 30#endif 31 32#define MD5LEN 16 /* Length of MD5 hash */ 33 34/* Debug bitmasks */ 35#define DBG_TUNNEL 1 /* Tunnel-related events */ 36#define DBG_XMIT_RCV 2 /* Datagram transmission/reception */ 37#define DBG_AUTH 4 /* Authentication */ 38#define DBG_SESSION 8 /* Session-related events */ 39#define DBG_FLOW 16 /* Flow control code */ 40#define DBG_AVP 32 /* Hiding/showing of AVP's */ 41#define DBG_SNOOP 64 /* Snooping in on LCP */ 42 43/* Maximum size of L2TP datagram we accept... kludge... */ 44#define MAX_PACKET_LEN 4096 45 46#define MAX_SECRET_LEN 96 47#define MAX_HOSTNAME 128 48#define MAX_OPTS 64 49 50#define MAX_RETRANSMISSIONS 5 51 52#define EXTRA_HEADER_ROOM 32 53 54/* Forward declarations */ 55 56/* an L2TP datagram */ 57typedef struct l2tp_dgram_t { 58 uint16_t msg_type; /* Message type */ 59 uint8_t bits; /* Options bits */ 60 uint8_t version; /* Version */ 61 uint16_t length; /* Length (opt) */ 62 uint16_t tid; /* Tunnel ID */ 63 uint16_t sid; /* Session ID */ 64 uint16_t Ns; /* Ns (opt) */ 65 uint16_t Nr; /* Nr (opt) */ 66 uint16_t off_size; /* Offset size (opt) */ 67 unsigned char data[MAX_PACKET_LEN]; /* Data */ 68 size_t last_random; /* Offset of last random vector AVP */ 69 size_t payload_len; /* Payload len (not including L2TP header) */ 70 size_t cursor; /* Cursor for adding/stripping AVP's */ 71 size_t alloc_len; /* Length allocated for data */ 72 struct l2tp_dgram_t *next; /* Link to next packet in xmit queue */ 73} l2tp_dgram; 74 75/* An L2TP peer */ 76typedef struct l2tp_peer_t { 77 hash_bucket hash; /* all_peers hash (hashed by address) */ 78 struct sockaddr_in addr; /* Peer's address */ 79 int mask_bits; /* Peer's netmask in number of bits */ 80 char hostname[MAX_HOSTNAME]; /* My hostname as presented to this peer. */ 81 size_t hostname_len; /* Length of my hostname */ 82 char peername[MAX_HOSTNAME]; /* Peer's hostname. */ 83 size_t peername_len; /* Length of hostname */ 84 char secret[MAX_SECRET_LEN]; /* Secret for this peer */ 85 size_t secret_len; /* Length of secret */ 86 struct l2tp_call_ops_t *lac_ops; /* Call ops if we act as LAC */ 87 char *lac_options[MAX_OPTS+1]; /* Handler options if we act as LAC */ 88 int num_lac_options; /* Number of above */ 89 struct l2tp_call_ops_t *lns_ops; /* Call ops if we act as LNS */ 90 char *lns_options[MAX_OPTS+1]; /* Handler options if we act as LNS */ 91 int num_lns_options; /* Number of above */ 92 int hide_avps; /* If true, hide AVPs to this peer */ 93 int retain_tunnel; /* If true, keep tunnel after last session is 94 deleted. Otherwise, delete tunnel too. */ 95 int validate_peer_ip; /* If true, do not accept datagrams except 96 from initial peer IP address */ 97 int persist; /* If true, keep session established */ 98 int holdoff; /* If persist is true, delay after which the 99 session is re-established. */ 100 int maxfail; /* If persist is true, try to establish a 101 broken session at most on maxfail times. */ 102 int fail; /* Number of failed attempts. */ 103} l2tp_peer; 104 105/* An L2TP tunnel */ 106typedef struct l2tp_tunnel_t { 107 hash_bucket hash_by_my_id; /* Hash bucket for tunnel hash table */ 108 hash_bucket hash_by_peer; /* Hash bucket for tunnel-by-peer table */ 109 hash_table sessions_by_my_id; /* Sessions in this tunnel */ 110 uint16_t my_id; /* My tunnel ID */ 111 uint16_t assigned_id; /* ID assigned by peer */ 112 l2tp_peer *peer; /* The L2TP peer */ 113 struct sockaddr_in peer_addr; /* Peer's address */ 114 uint16_t Ns; /* Sequence of next packet to queue */ 115 uint16_t Ns_on_wire; /* Sequence of next packet to be sent on wire */ 116 uint16_t Nr; /* Expected sequence of next received packet */ 117 uint16_t peer_Nr; /* Last packet ack'd by peer */ 118 int ssthresh; /* Slow-start threshold */ 119 int cwnd; /* Congestion window */ 120 int cwnd_counter; /* Counter for incrementing cwnd in congestion-avoidance phase */ 121 int timeout; /* Retransmission timeout (seconds) */ 122 int retransmissions; /* Number of retransmissions */ 123 int rws; /* Our receive window size */ 124 int peer_rws; /* Peer receive window size */ 125 EventSelector *es; /* The event selector */ 126 EventHandler *hello_handler; /* Timer for sending HELLO */ 127 EventHandler *timeout_handler; /* Handler for timeout */ 128 EventHandler *ack_handler; /* Handler for sending Ack */ 129 l2tp_dgram *xmit_queue_head; /* Head of control transmit queue */ 130 l2tp_dgram *xmit_queue_tail; /* Tail of control transmit queue */ 131 l2tp_dgram *xmit_new_dgrams; /* dgrams which have not been transmitted */ 132 char peer_hostname[MAX_HOSTNAME]; /* Peer's host name */ 133 unsigned char response[MD5LEN]; /* Our response to challenge */ 134 unsigned char expected_response[MD5LEN]; /* Expected resp. to challenge */ 135 int state; /* Tunnel state */ 136 struct rtentry rt; /* Route added to destination */ 137 struct l2tp_call_ops_t *call_ops; /* Call ops */ 138 void *private; /* Private data for call-op's use */ 139} l2tp_tunnel; 140 141/* A session within a tunnel */ 142typedef struct l2tp_session_t { 143 hash_bucket hash_by_my_id; /* Hash bucket for session table */ 144 l2tp_tunnel *tunnel; /* Tunnel we belong to */ 145 uint16_t my_id; /* My ID */ 146 uint16_t assigned_id; /* Assigned ID */ 147 int state; /* Session state */ 148 149 /* Some flags */ 150 unsigned int snooping:1; /* Are we snooping in on LCP? */ 151 unsigned int got_send_accm:1; /* Do we have send_accm? */ 152 unsigned int got_recv_accm:1; /* Do we have recv_accm? */ 153 unsigned int we_are_lac:1; /* Are we a LAC? */ 154 unsigned int sequencing_required:1; /* Sequencing required? */ 155 unsigned int sent_sli:1; /* Did we send SLI yet? */ 156 157 uint32_t send_accm; /* Negotiated send accm */ 158 uint32_t recv_accm; /* Negotiated receive accm */ 159 uint16_t Nr; /* Data sequence number */ 160 uint16_t Ns; /* Data sequence number */ 161 struct l2tp_call_ops_t *call_ops; /* Call ops */ 162 char calling_number[MAX_HOSTNAME]; /* Calling number */ 163 void *private; /* Private data for call-op's use */ 164} l2tp_session; 165 166/* Call operations */ 167typedef struct l2tp_call_ops_t { 168 /* Called once session has been established (LAC) or when we want 169 to establish session (LNS) */ 170 int (*establish)(l2tp_session *ses); 171 172 /* Called when session must be closed. May be called without 173 established() being called if session could not be established.*/ 174 void (*close)(l2tp_session *ses, char const *reason, int may_reestablish); 175 176 /* Called when a PPP frame arrives over tunnel */ 177 void (*handle_ppp_frame)(l2tp_session *ses, unsigned char *buf, 178 size_t len); 179 180 /* Called once tunnel has been established (LAC) or when we want 181 to establish tunnel (LNS) */ 182 int (*tunnel_establish)(l2tp_tunnel *tun); 183 184 /* Called when tunnel must be closed. May be called without 185 established() being called if tunnel could not be established.*/ 186 void (*tunnel_close)(l2tp_tunnel *tun); 187} l2tp_call_ops; 188 189/* an LNS handler */ 190typedef struct l2tp_lns_handler_t { 191 struct l2tp_lns_handler_t *next; 192 char const *handler_name; 193 l2tp_call_ops *call_ops; 194} l2tp_lns_handler; 195 196/* an LAC handler */ 197typedef struct l2tp_lac_handler_t { 198 struct l2tp_lac_handler_t *next; 199 char const *handler_name; 200 l2tp_call_ops *call_ops; 201} l2tp_lac_handler; 202 203/* Settings */ 204typedef struct l2tp_settings_t { 205 int listen_port; /* Port we listen on */ 206 struct in_addr listen_addr; /* IP to bind to */ 207} l2tp_settings; 208 209extern l2tp_settings Settings; 210 211/* Bit definitions */ 212#define TYPE_BIT 0x80 213#define LENGTH_BIT 0x40 214#define SEQUENCE_BIT 0x08 215#define OFFSET_BIT 0x02 216#define PRIORITY_BIT 0x01 217#define RESERVED_BITS 0x34 218#define VERSION_MASK 0x0F 219#define VERSION_RESERVED 0xF0 220 221#define AVP_MANDATORY_BIT 0x80 222#define AVP_HIDDEN_BIT 0x40 223#define AVP_RESERVED_BITS 0x3C 224 225#define MANDATORY 1 226#define NOT_MANDATORY 0 227#define HIDDEN 1 228#define NOT_HIDDEN 0 229#define VENDOR_IETF 0 230 231#define AVP_MESSAGE_TYPE 0 232#define AVP_RESULT_CODE 1 233#define AVP_PROTOCOL_VERSION 2 234#define AVP_FRAMING_CAPABILITIES 3 235#define AVP_BEARER_CAPABILITIES 4 236#define AVP_TIE_BREAKER 5 237#define AVP_FIRMWARE_REVISION 6 238#define AVP_HOST_NAME 7 239#define AVP_VENDOR_NAME 8 240#define AVP_ASSIGNED_TUNNEL_ID 9 241#define AVP_RECEIVE_WINDOW_SIZE 10 242#define AVP_CHALLENGE 11 243#define AVP_Q931_CAUSE_CODE 12 244#define AVP_CHALLENGE_RESPONSE 13 245#define AVP_ASSIGNED_SESSION_ID 14 246#define AVP_CALL_SERIAL_NUMBER 15 247#define AVP_MINIMUM_BPS 16 248#define AVP_MAXIMUM_BPS 17 249#define AVP_BEARER_TYPE 18 250#define AVP_FRAMING_TYPE 19 251#define AVP_CALLED_NUMBER 21 252#define AVP_CALLING_NUMBER 22 253#define AVP_SUB_ADDRESS 23 254#define AVP_TX_CONNECT_SPEED 24 255#define AVP_PHYSICAL_CHANNEL_ID 25 256#define AVP_INITIAL_RECEIVED_CONFREQ 26 257#define AVP_LAST_SENT_CONFREQ 27 258#define AVP_LAST_RECEIVED_CONFREQ 28 259#define AVP_PROXY_AUTHEN_TYPE 29 260#define AVP_PROXY_AUTHEN_NAME 30 261#define AVP_PROXY_AUTHEN_CHALLENGE 31 262#define AVP_PROXY_AUTHEN_ID 32 263#define AVP_PROXY_AUTHEN_RESPONSE 33 264#define AVP_CALL_ERRORS 34 265#define AVP_ACCM 35 266#define AVP_RANDOM_VECTOR 36 267#define AVP_PRIVATE_GROUP_ID 37 268#define AVP_RX_CONNECT_SPEED 38 269#define AVP_SEQUENCING_REQUIRED 39 270 271#define HIGHEST_AVP 39 272 273#define MESSAGE_SCCRQ 1 274#define MESSAGE_SCCRP 2 275#define MESSAGE_SCCCN 3 276#define MESSAGE_StopCCN 4 277#define MESSAGE_HELLO 6 278 279#define MESSAGE_OCRQ 7 280#define MESSAGE_OCRP 8 281#define MESSAGE_OCCN 9 282 283#define MESSAGE_ICRQ 10 284#define MESSAGE_ICRP 11 285#define MESSAGE_ICCN 12 286 287#define MESSAGE_CDN 14 288#define MESSAGE_WEN 15 289#define MESSAGE_SLI 16 290 291/* A fake type for our own consumption */ 292#define MESSAGE_ZLB 32767 293 294/* Result and error codes */ 295#define RESULT_GENERAL_REQUEST 1 296#define RESULT_GENERAL_ERROR 2 297#define RESULT_CHANNEL_EXISTS 3 298#define RESULT_NOAUTH 4 299#define RESULT_UNSUPPORTED_VERSION 5 300#define RESULT_SHUTTING_DOWN 6 301#define RESULT_FSM_ERROR 7 302 303#define ERROR_OK 0 304#define ERROR_NO_CONTROL_CONNECTION 1 305#define ERROR_BAD_LENGTH 2 306#define ERROR_BAD_VALUE 3 307#define ERROR_OUT_OF_RESOURCES 4 308#define ERROR_INVALID_SESSION_ID 5 309#define ERROR_VENDOR_SPECIFIC 6 310#define ERROR_TRY_ANOTHER 7 311#define ERROR_UNKNOWN_AVP_WITH_M_BIT 8 312 313/* Tunnel states */ 314enum { 315 TUNNEL_IDLE, 316 TUNNEL_WAIT_CTL_REPLY, 317 TUNNEL_WAIT_CTL_CONN, 318 TUNNEL_ESTABLISHED, 319 TUNNEL_RECEIVED_STOP_CCN, 320 TUNNEL_SENT_STOP_CCN 321}; 322 323/* Session states */ 324enum { 325 SESSION_IDLE, 326 SESSION_WAIT_TUNNEL, 327 SESSION_WAIT_REPLY, 328 SESSION_WAIT_CONNECT, 329 SESSION_ESTABLISHED 330}; 331 332/* Constants and structures for parsing config file */ 333typedef struct l2tp_opt_descriptor_t { 334 char const *name; 335 int type; 336 void *addr; 337} l2tp_opt_descriptor; 338 339/* Structures for option-handlers for different sections */ 340typedef struct option_handler_t { 341 struct option_handler_t *next; 342 char const *section; 343 int (*process_option)(EventSelector *, char const *, char const *); 344} option_handler; 345 346#define OPT_TYPE_BOOL 0 347#define OPT_TYPE_INT 1 348#define OPT_TYPE_IPADDR 2 349#define OPT_TYPE_STRING 3 350#define OPT_TYPE_CALLFUNC 4 351#define OPT_TYPE_PORT 5 /* 1-65535 */ 352 353/* tunnel.c */ 354l2tp_session *l2tp_tunnel_find_session(l2tp_tunnel *tunnel, uint16_t sid); 355l2tp_tunnel *l2tp_tunnel_find_by_my_id(uint16_t id); 356l2tp_tunnel *l2tp_tunnel_find_for_peer(l2tp_peer *peer, EventSelector *es); 357void l2tp_tunnel_add_session(l2tp_session *ses); 358void l2tp_tunnel_reestablish(EventSelector *es, int fd, unsigned int flags, void *data); 359void l2tp_tunnel_delete_session(l2tp_session *ses, char const *reason, int may_reestablish); 360void l2tp_tunnel_handle_received_control_datagram(l2tp_dgram *dgram, 361 EventSelector *es, 362 struct sockaddr_in *from); 363void l2tp_tunnel_init(EventSelector *es); 364void l2tp_tunnel_xmit_control_message(l2tp_tunnel *tunnel, l2tp_dgram *dgram); 365void l2tp_tunnel_stop_tunnel(l2tp_tunnel *tunnel, char const *reason); 366void l2tp_tunnel_stop_all(char const *reason); 367 368l2tp_session *l2tp_tunnel_first_session(l2tp_tunnel *tunnel, void **cursor); 369l2tp_session *l2tp_tunnel_next_session(l2tp_tunnel *tunnel, void **cursor); 370void tunnel_send_ZLB(l2tp_tunnel *tunnel); 371 372/* Access functions */ 373int l2tp_num_tunnels(void); 374l2tp_tunnel *l2tp_first_tunnel(void **cursor); 375l2tp_tunnel *l2tp_next_tunnel(void **cursor); 376char const *l2tp_tunnel_state_name(l2tp_tunnel *tunnel); 377 378/* session.c */ 379void l2tp_session_lcp_snoop(l2tp_session *ses, 380 unsigned char const *buf, 381 int len, 382 int incoming); 383int l2tp_session_register_lns_handler(l2tp_lns_handler *handler); 384int l2tp_session_register_lac_handler(l2tp_lac_handler *handler); 385l2tp_lns_handler *l2tp_session_find_lns_handler(char const *name); 386l2tp_lac_handler *l2tp_session_find_lac_handler(char const *name); 387 388void l2tp_session_send_CDN(l2tp_session *ses, int result_code, int error_code, 389 char const *fmt, ...); 390void l2tp_session_hash_init(hash_table *tab); 391void l2tp_session_free(l2tp_session *ses, char const *reason, int may_reestablish); 392void l2tp_session_notify_tunnel_open(l2tp_session *ses); 393void l2tp_session_lns_handle_incoming_call(l2tp_tunnel *tunnel, 394 uint16_t assigned_id, 395 l2tp_dgram *dgram, 396 char const *calling_number); 397void l2tp_session_handle_CDN(l2tp_session *ses, l2tp_dgram *dgram); 398void l2tp_session_handle_ICRP(l2tp_session *ses, l2tp_dgram *dgram); 399void l2tp_session_handle_ICCN(l2tp_session *ses, l2tp_dgram *dgram); 400char const *l2tp_session_state_name(l2tp_session *ses); 401 402/* Call this when a LAC wants to send an incoming-call-request to an LNS */ 403l2tp_session *l2tp_session_call_lns(l2tp_peer *peer, 404 char const *calling_number, 405 EventSelector *es, 406 void *private); 407 408/* dgram.c */ 409l2tp_dgram *l2tp_dgram_new(size_t len); 410l2tp_dgram *l2tp_dgram_new_control(uint16_t msg_type, uint16_t tid, uint16_t sid); 411void l2tp_dgram_free(l2tp_dgram *dgram); 412l2tp_dgram *l2tp_dgram_take_from_wire(int fd, struct sockaddr_in *from); 413int l2tp_dgram_send_to_wire(l2tp_dgram const *dgram, 414 struct sockaddr_in const *to); 415int l2tp_dgram_send_ppp_frame(l2tp_session *ses, unsigned char const *buf, 416 int len); 417 418unsigned char *l2tp_dgram_search_avp(l2tp_dgram *dgram, 419 l2tp_tunnel *tunnel, 420 int *mandatory, 421 int *hidden, 422 uint16_t *len, 423 uint16_t vendor, 424 uint16_t type); 425 426unsigned char *l2tp_dgram_pull_avp(l2tp_dgram *dgram, 427 l2tp_tunnel *tunnel, 428 int *mandatory, 429 int *hidden, 430 uint16_t *len, 431 uint16_t *vendor, 432 uint16_t *type, 433 int *err); 434 435int l2tp_dgram_add_avp(l2tp_dgram *dgram, 436 l2tp_tunnel *tunnel, 437 int mandatory, 438 uint16_t len, 439 uint16_t vendor, 440 uint16_t type, 441 void *val); 442 443int l2tp_dgram_validate_avp(uint16_t vendor, uint16_t type, 444 uint16_t len, int mandatory); 445 446/* utils.c */ 447typedef void (*l2tp_shutdown_func)(void *); 448 449void l2tp_random_init(void); 450void l2tp_random_fill(void *ptr, size_t size); 451void l2tp_set_errmsg(char const *fmt, ...); 452char const *l2tp_get_errmsg(void); 453void l2tp_cleanup(void); 454int l2tp_register_shutdown_handler(l2tp_shutdown_func f, void *data); 455void l2tp_die(void); 456int l2tp_load_handler(EventSelector *es, char const *fname); 457 458#define L2TP_RANDOM_FILL(x) l2tp_random_fill(&(x), sizeof(x)) 459 460/* network.c */ 461extern int Sock; 462extern char Hostname[MAX_HOSTNAME]; 463 464int l2tp_network_init(EventSelector *es); 465void network_readable(EventSelector *es, int fd, unsigned int flags, void *data); 466 467/* peer.c */ 468void l2tp_peer_init(void); 469l2tp_peer *l2tp_peer_find(struct sockaddr_in *addr, char const *hostname); 470l2tp_peer *l2tp_peer_insert(struct sockaddr_in *addr); 471 472/* debug.c */ 473char const *l2tp_debug_avp_type_to_str(uint16_t type); 474char const *l2tp_debug_message_type_to_str(uint16_t type); 475char const *l2tp_debug_tunnel_to_str(l2tp_tunnel *tunnel); 476char const *l2tp_debug_session_to_str(l2tp_session *session); 477char const *l2tp_debug_describe_dgram(l2tp_dgram const *dgram); 478void l2tp_db(int what, char const *fmt, ...); 479void l2tp_debug_set_bitmask(unsigned long mask); 480 481/* auth.c */ 482void l2tp_auth_gen_response(uint16_t msg_type, char const *secret, 483 unsigned char const *challenge, size_t chal_len, 484 unsigned char buf[16]); 485 486/* options.c */ 487int l2tp_parse_config_file(EventSelector *es, 488 char const *fname); 489int l2tp_option_set(EventSelector *es, 490 char const *name, 491 char const *value, 492 l2tp_opt_descriptor descriptors[]); 493 494void l2tp_option_register_section(option_handler *h); 495char const *l2tp_chomp_word(char const *line, char *word); 496 497/* tunnel.c */ 498#ifdef RTCONFIG_VPNC 499extern int vpnc; 500#endif 501 502#endif 503