1/** 2 * @file 3 * Network Point to Point Protocol over Layer 2 Tunneling Protocol program file. 4 * 5 */ 6 7/* 8 * Redistribution and use in source and binary forms, with or without modification, 9 * are permitted provided that the following conditions are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright notice, 12 * this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright notice, 14 * this list of conditions and the following disclaimer in the documentation 15 * and/or other materials provided with the distribution. 16 * 3. The name of the author may not be used to endorse or promote products 17 * derived from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 22 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 24 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 27 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 28 * OF SUCH DAMAGE. 29 * 30 * This file is part of the lwIP TCP/IP stack. 31 * 32 */ 33 34/* 35 * L2TP Support status: 36 * 37 * Supported: 38 * - L2TPv2 (PPP over L2TP, a.k.a. UDP tunnels) 39 * - LAC 40 * 41 * Not supported: 42 * - LNS (require PPP server support) 43 * - L2TPv3 ethernet pseudowires 44 * - L2TPv3 VLAN pseudowire 45 * - L2TPv3 PPP pseudowires 46 * - L2TPv3 IP encapsulation 47 * - L2TPv3 IP pseudowire 48 * - L2TP tunnel switching - http://tools.ietf.org/html/draft-ietf-l2tpext-tunnel-switching-08 49 * - Multiple tunnels per UDP socket, as well as multiple sessions per tunnel 50 * - Hidden AVPs 51 */ 52 53#include "netif/ppp/ppp_opts.h" 54#if PPP_SUPPORT && PPPOL2TP_SUPPORT /* don't build if not configured for use in lwipopts.h */ 55 56#include "lwip/err.h" 57#include "lwip/memp.h" 58#include "lwip/netif.h" 59#include "lwip/udp.h" 60#include "lwip/snmp.h" 61 62#include "netif/ppp/ppp_impl.h" 63#include "netif/ppp/lcp.h" 64#include "netif/ppp/ipcp.h" 65#include "netif/ppp/pppol2tp.h" 66#include "netif/ppp/pppcrypt.h" 67#include "netif/ppp/magic.h" 68 69/* Memory pool */ 70LWIP_MEMPOOL_DECLARE(PPPOL2TP_PCB, MEMP_NUM_PPPOL2TP_INTERFACES, sizeof(pppol2tp_pcb), "PPPOL2TP_PCB") 71 72/* callbacks called from PPP core */ 73static err_t pppol2tp_write(ppp_pcb *ppp, void *ctx, struct pbuf *p); 74static err_t pppol2tp_netif_output(ppp_pcb *ppp, void *ctx, struct pbuf *p, u_short protocol); 75static err_t pppol2tp_destroy(ppp_pcb *ppp, void *ctx); /* Destroy a L2TP control block */ 76static void pppol2tp_connect(ppp_pcb *ppp, void *ctx); /* Be a LAC, connect to a LNS. */ 77static void pppol2tp_disconnect(ppp_pcb *ppp, void *ctx); /* Disconnect */ 78 79 /* Prototypes for procedures local to this file. */ 80static void pppol2tp_input(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port); 81static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, struct pbuf *p, u16_t ns, u16_t nr); 82static void pppol2tp_timeout(void *arg); 83static void pppol2tp_abort_connect(pppol2tp_pcb *l2tp); 84static err_t pppol2tp_send_sccrq(pppol2tp_pcb *l2tp); 85static err_t pppol2tp_send_scccn(pppol2tp_pcb *l2tp, u16_t ns); 86static err_t pppol2tp_send_icrq(pppol2tp_pcb *l2tp, u16_t ns); 87static err_t pppol2tp_send_iccn(pppol2tp_pcb *l2tp, u16_t ns); 88static err_t pppol2tp_send_zlb(pppol2tp_pcb *l2tp, u16_t ns); 89static err_t pppol2tp_send_stopccn(pppol2tp_pcb *l2tp, u16_t ns); 90static err_t pppol2tp_xmit(pppol2tp_pcb *l2tp, struct pbuf *pb); 91static err_t pppol2tp_udp_send(pppol2tp_pcb *l2tp, struct pbuf *pb); 92 93/* Callbacks structure for PPP core */ 94static const struct link_callbacks pppol2tp_callbacks = { 95 pppol2tp_connect, 96#if PPP_SERVER 97 NULL, 98#endif /* PPP_SERVER */ 99 pppol2tp_disconnect, 100 pppol2tp_destroy, 101 pppol2tp_write, 102 pppol2tp_netif_output, 103 NULL, 104 NULL 105}; 106 107 108/* Create a new L2TP session. */ 109ppp_pcb *pppol2tp_create(struct netif *pppif, 110 struct netif *netif, const ip_addr_t *ipaddr, u16_t port, 111 const u8_t *secret, u8_t secret_len, 112 ppp_link_status_cb_fn link_status_cb, void *ctx_cb) { 113 ppp_pcb *ppp; 114 pppol2tp_pcb *l2tp; 115 struct udp_pcb *udp; 116#if !PPPOL2TP_AUTH_SUPPORT 117 LWIP_UNUSED_ARG(secret); 118 LWIP_UNUSED_ARG(secret_len); 119#endif /* !PPPOL2TP_AUTH_SUPPORT */ 120 121 if (ipaddr == NULL) { 122 goto ipaddr_check_failed; 123 } 124 125 l2tp = (pppol2tp_pcb *)LWIP_MEMPOOL_ALLOC(PPPOL2TP_PCB); 126 if (l2tp == NULL) { 127 goto memp_malloc_l2tp_failed; 128 } 129 130 udp = udp_new_ip_type(IP_GET_TYPE(ipaddr)); 131 if (udp == NULL) { 132 goto udp_new_failed; 133 } 134 udp_recv(udp, pppol2tp_input, l2tp); 135 136 ppp = ppp_new(pppif, &pppol2tp_callbacks, l2tp, link_status_cb, ctx_cb); 137 if (ppp == NULL) { 138 goto ppp_new_failed; 139 } 140 141 memset(l2tp, 0, sizeof(pppol2tp_pcb)); 142 l2tp->phase = PPPOL2TP_STATE_INITIAL; 143 l2tp->ppp = ppp; 144 l2tp->udp = udp; 145 l2tp->netif = netif; 146 ip_addr_copy(l2tp->remote_ip, *ipaddr); 147 l2tp->remote_port = port; 148#if PPPOL2TP_AUTH_SUPPORT 149 l2tp->secret = secret; 150 l2tp->secret_len = secret_len; 151#endif /* PPPOL2TP_AUTH_SUPPORT */ 152 153 return ppp; 154 155ppp_new_failed: 156 udp_remove(udp); 157udp_new_failed: 158 LWIP_MEMPOOL_FREE(PPPOL2TP_PCB, l2tp); 159memp_malloc_l2tp_failed: 160ipaddr_check_failed: 161 return NULL; 162} 163 164/* Called by PPP core */ 165static err_t pppol2tp_write(ppp_pcb *ppp, void *ctx, struct pbuf *p) { 166 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx; 167 struct pbuf *ph; /* UDP + L2TP header */ 168 err_t ret; 169#if MIB2_STATS 170 u16_t tot_len; 171#else /* MIB2_STATS */ 172 LWIP_UNUSED_ARG(ppp); 173#endif /* MIB2_STATS */ 174 175 ph = pbuf_alloc(PBUF_TRANSPORT, (u16_t)(PPPOL2TP_OUTPUT_DATA_HEADER_LEN), PBUF_RAM); 176 if(!ph) { 177 LINK_STATS_INC(link.memerr); 178 LINK_STATS_INC(link.proterr); 179 MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards); 180 pbuf_free(p); 181 return ERR_MEM; 182 } 183 184 pbuf_header(ph, -(s16_t)PPPOL2TP_OUTPUT_DATA_HEADER_LEN); /* hide L2TP header */ 185 pbuf_cat(ph, p); 186#if MIB2_STATS 187 tot_len = ph->tot_len; 188#endif /* MIB2_STATS */ 189 190 ret = pppol2tp_xmit(l2tp, ph); 191 if (ret != ERR_OK) { 192 LINK_STATS_INC(link.err); 193 MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards); 194 return ret; 195 } 196 197 MIB2_STATS_NETIF_ADD(ppp->netif, ifoutoctets, (u16_t)tot_len); 198 MIB2_STATS_NETIF_INC(ppp->netif, ifoutucastpkts); 199 LINK_STATS_INC(link.xmit); 200 return ERR_OK; 201} 202 203/* Called by PPP core */ 204static err_t pppol2tp_netif_output(ppp_pcb *ppp, void *ctx, struct pbuf *p, u_short protocol) { 205 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx; 206 struct pbuf *pb; 207 u8_t *pl; 208 err_t err; 209#if MIB2_STATS 210 u16_t tot_len; 211#else /* MIB2_STATS */ 212 LWIP_UNUSED_ARG(ppp); 213#endif /* MIB2_STATS */ 214 215 /* @todo: try to use pbuf_header() here! */ 216 pb = pbuf_alloc(PBUF_TRANSPORT, PPPOL2TP_OUTPUT_DATA_HEADER_LEN + sizeof(protocol), PBUF_RAM); 217 if(!pb) { 218 LINK_STATS_INC(link.memerr); 219 LINK_STATS_INC(link.proterr); 220 MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards); 221 return ERR_MEM; 222 } 223 224 pbuf_header(pb, -(s16_t)PPPOL2TP_OUTPUT_DATA_HEADER_LEN); 225 226 pl = (u8_t*)pb->payload; 227 PUTSHORT(protocol, pl); 228 229 pbuf_chain(pb, p); 230#if MIB2_STATS 231 tot_len = pb->tot_len; 232#endif /* MIB2_STATS */ 233 234 if( (err = pppol2tp_xmit(l2tp, pb)) != ERR_OK) { 235 LINK_STATS_INC(link.err); 236 MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards); 237 return err; 238 } 239 240 MIB2_STATS_NETIF_ADD(ppp->netif, ifoutoctets, tot_len); 241 MIB2_STATS_NETIF_INC(ppp->netif, ifoutucastpkts); 242 LINK_STATS_INC(link.xmit); 243 return ERR_OK; 244} 245 246/* Destroy a L2TP control block */ 247static err_t pppol2tp_destroy(ppp_pcb *ppp, void *ctx) { 248 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx; 249 LWIP_UNUSED_ARG(ppp); 250 251 sys_untimeout(pppol2tp_timeout, l2tp); 252 udp_remove(l2tp->udp); 253 LWIP_MEMPOOL_FREE(PPPOL2TP_PCB, l2tp); 254 return ERR_OK; 255} 256 257/* Be a LAC, connect to a LNS. */ 258static void pppol2tp_connect(ppp_pcb *ppp, void *ctx) { 259 err_t err; 260 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx; 261 lcp_options *lcp_wo; 262 lcp_options *lcp_ao; 263#if PPP_IPV4_SUPPORT && VJ_SUPPORT 264 ipcp_options *ipcp_wo; 265 ipcp_options *ipcp_ao; 266#endif /* PPP_IPV4_SUPPORT && VJ_SUPPORT */ 267 268 l2tp->tunnel_port = l2tp->remote_port; 269 l2tp->our_ns = 0; 270 l2tp->peer_nr = 0; 271 l2tp->peer_ns = 0; 272 l2tp->source_tunnel_id = 0; 273 l2tp->remote_tunnel_id = 0; 274 l2tp->source_session_id = 0; 275 l2tp->remote_session_id = 0; 276 /* l2tp->*_retried are cleared when used */ 277 278 lcp_wo = &ppp->lcp_wantoptions; 279 lcp_wo->mru = PPPOL2TP_DEFMRU; 280 lcp_wo->neg_asyncmap = 0; 281 lcp_wo->neg_pcompression = 0; 282 lcp_wo->neg_accompression = 0; 283 lcp_wo->passive = 0; 284 lcp_wo->silent = 0; 285 286 lcp_ao = &ppp->lcp_allowoptions; 287 lcp_ao->mru = PPPOL2TP_DEFMRU; 288 lcp_ao->neg_asyncmap = 0; 289 lcp_ao->neg_pcompression = 0; 290 lcp_ao->neg_accompression = 0; 291 292#if PPP_IPV4_SUPPORT && VJ_SUPPORT 293 ipcp_wo = &ppp->ipcp_wantoptions; 294 ipcp_wo->neg_vj = 0; 295 ipcp_wo->old_vj = 0; 296 297 ipcp_ao = &ppp->ipcp_allowoptions; 298 ipcp_ao->neg_vj = 0; 299 ipcp_ao->old_vj = 0; 300#endif /* PPP_IPV4_SUPPORT && VJ_SUPPORT */ 301 302 /* Listen to a random source port, we need to do that instead of using udp_connect() 303 * because the L2TP LNS might answer with its own random source port (!= 1701) 304 */ 305#if LWIP_IPV6 306 if (IP_IS_V6_VAL(l2tp->udp->local_ip)) { 307 udp_bind(l2tp->udp, IP6_ADDR_ANY, 0); 308 } else 309#endif /* LWIP_IPV6 */ 310 udp_bind(l2tp->udp, IP_ADDR_ANY, 0); 311 312#if PPPOL2TP_AUTH_SUPPORT 313 /* Generate random vector */ 314 if (l2tp->secret != NULL) { 315 magic_random_bytes(l2tp->secret_rv, sizeof(l2tp->secret_rv)); 316 } 317#endif /* PPPOL2TP_AUTH_SUPPORT */ 318 319 do { 320 l2tp->remote_tunnel_id = magic(); 321 } while(l2tp->remote_tunnel_id == 0); 322 /* save state, in case we fail to send SCCRQ */ 323 l2tp->sccrq_retried = 0; 324 l2tp->phase = PPPOL2TP_STATE_SCCRQ_SENT; 325 if ((err = pppol2tp_send_sccrq(l2tp)) != 0) { 326 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCRQ, error=%d\n", err)); 327 } 328 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp); 329} 330 331/* Disconnect */ 332static void pppol2tp_disconnect(ppp_pcb *ppp, void *ctx) { 333 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx; 334 335 l2tp->our_ns++; 336 pppol2tp_send_stopccn(l2tp, l2tp->our_ns); 337 338 /* stop any timer, disconnect can be called while initiating is in progress */ 339 sys_untimeout(pppol2tp_timeout, l2tp); 340 l2tp->phase = PPPOL2TP_STATE_INITIAL; 341 ppp_link_end(ppp); /* notify upper layers */ 342} 343 344/* UDP Callback for incoming IPv4 L2TP frames */ 345static void pppol2tp_input(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) { 346 pppol2tp_pcb *l2tp = (pppol2tp_pcb*)arg; 347 u16_t hflags, hlen, len=0, tunnel_id=0, session_id=0, ns=0, nr=0, offset=0; 348 u8_t *inp; 349 LWIP_UNUSED_ARG(pcb); 350 351 /* we can't unbound a UDP pcb, thus we can still receive UDP frames after the link is closed */ 352 if (l2tp->phase < PPPOL2TP_STATE_SCCRQ_SENT) { 353 goto free_and_return; 354 } 355 356 if (!ip_addr_cmp(&l2tp->remote_ip, addr)) { 357 goto free_and_return; 358 } 359 360 /* discard packet if port mismatch, but only if we received a SCCRP */ 361 if (l2tp->phase > PPPOL2TP_STATE_SCCRQ_SENT && l2tp->tunnel_port != port) { 362 goto free_and_return; 363 } 364 365 /* printf("-----------\nL2TP INPUT, %d\n", p->len); */ 366 367 /* L2TP header */ 368 if (p->len < sizeof(hflags) + sizeof(tunnel_id) + sizeof(session_id) ) { 369 goto packet_too_short; 370 } 371 372 inp = (u8_t*)p->payload; 373 GETSHORT(hflags, inp); 374 375 if (hflags & PPPOL2TP_HEADERFLAG_CONTROL) { 376 /* check mandatory flags for a control packet */ 377 if ( (hflags & PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY) != PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY ) { 378 PPPDEBUG(LOG_DEBUG, ("pppol2tp: mandatory header flags for control packet not set\n")); 379 goto free_and_return; 380 } 381 /* check forbidden flags for a control packet */ 382 if (hflags & PPPOL2TP_HEADERFLAG_CONTROL_FORBIDDEN) { 383 PPPDEBUG(LOG_DEBUG, ("pppol2tp: forbidden header flags for control packet found\n")); 384 goto free_and_return; 385 } 386 } else { 387 /* check mandatory flags for a data packet */ 388 if ( (hflags & PPPOL2TP_HEADERFLAG_DATA_MANDATORY) != PPPOL2TP_HEADERFLAG_DATA_MANDATORY) { 389 PPPDEBUG(LOG_DEBUG, ("pppol2tp: mandatory header flags for data packet not set\n")); 390 goto free_and_return; 391 } 392 } 393 394 /* Expected header size */ 395 hlen = sizeof(hflags) + sizeof(tunnel_id) + sizeof(session_id); 396 if (hflags & PPPOL2TP_HEADERFLAG_LENGTH) { 397 hlen += sizeof(len); 398 } 399 if (hflags & PPPOL2TP_HEADERFLAG_SEQUENCE) { 400 hlen += sizeof(ns) + sizeof(nr); 401 } 402 if (hflags & PPPOL2TP_HEADERFLAG_OFFSET) { 403 hlen += sizeof(offset); 404 } 405 if (p->len < hlen) { 406 goto packet_too_short; 407 } 408 409 if (hflags & PPPOL2TP_HEADERFLAG_LENGTH) { 410 GETSHORT(len, inp); 411 if (p->len < len || len < hlen) { 412 goto packet_too_short; 413 } 414 } 415 GETSHORT(tunnel_id, inp); 416 GETSHORT(session_id, inp); 417 if (hflags & PPPOL2TP_HEADERFLAG_SEQUENCE) { 418 GETSHORT(ns, inp); 419 GETSHORT(nr, inp); 420 } 421 if (hflags & PPPOL2TP_HEADERFLAG_OFFSET) { 422 GETSHORT(offset, inp) 423 if (offset > 4096) { /* don't be fooled with large offset which might overflow hlen */ 424 PPPDEBUG(LOG_DEBUG, ("pppol2tp: strange packet received, offset=%d\n", offset)); 425 goto free_and_return; 426 } 427 hlen += offset; 428 if (p->len < hlen) { 429 goto packet_too_short; 430 } 431 INCPTR(offset, inp); 432 } 433 434 /* printf("HLEN = %d\n", hlen); */ 435 436 /* skip L2TP header */ 437 if (pbuf_header(p, -(s16_t)hlen) != 0) { 438 goto free_and_return; 439 } 440 441 /* printf("LEN=%d, TUNNEL_ID=%d, SESSION_ID=%d, NS=%d, NR=%d, OFFSET=%d\n", len, tunnel_id, session_id, ns, nr, offset); */ 442 PPPDEBUG(LOG_DEBUG, ("pppol2tp: input packet, len=%"U16_F", tunnel=%"U16_F", session=%"U16_F", ns=%"U16_F", nr=%"U16_F"\n", 443 len, tunnel_id, session_id, ns, nr)); 444 445 /* Control packet */ 446 if (hflags & PPPOL2TP_HEADERFLAG_CONTROL) { 447 pppol2tp_dispatch_control_packet(l2tp, port, p, ns, nr); 448 goto free_and_return; 449 } 450 451 /* Data packet */ 452 if(l2tp->phase != PPPOL2TP_STATE_DATA) { 453 goto free_and_return; 454 } 455 if(tunnel_id != l2tp->remote_tunnel_id) { 456 PPPDEBUG(LOG_DEBUG, ("pppol2tp: tunnel ID mismatch, assigned=%d, received=%d\n", l2tp->remote_tunnel_id, tunnel_id)); 457 goto free_and_return; 458 } 459 if(session_id != l2tp->remote_session_id) { 460 PPPDEBUG(LOG_DEBUG, ("pppol2tp: session ID mismatch, assigned=%d, received=%d\n", l2tp->remote_session_id, session_id)); 461 goto free_and_return; 462 } 463 /* 464 * skip address & flags if necessary 465 * 466 * RFC 2661 does not specify whether the PPP frame in the L2TP payload should 467 * have a HDLC header or not. We handle both cases for compatibility. 468 */ 469 if (p->len >= 2) { 470 GETSHORT(hflags, inp); 471 if (hflags == 0xff03) { 472 pbuf_header(p, -(s16_t)2); 473 } 474 } 475 /* Dispatch the packet thereby consuming it. */ 476 ppp_input(l2tp->ppp, p); 477 return; 478 479packet_too_short: 480 PPPDEBUG(LOG_DEBUG, ("pppol2tp: packet too short: %d\n", p->len)); 481free_and_return: 482 pbuf_free(p); 483} 484 485/* L2TP Control packet entry point */ 486static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, struct pbuf *p, u16_t ns, u16_t nr) { 487 u8_t *inp; 488 u16_t avplen, avpflags, vendorid, attributetype, messagetype=0; 489 err_t err; 490#if PPPOL2TP_AUTH_SUPPORT 491 lwip_md5_context md5_ctx; 492 u8_t md5_hash[16]; 493 u8_t challenge_id = 0; 494#endif /* PPPOL2TP_AUTH_SUPPORT */ 495 496 l2tp->peer_nr = nr; 497 l2tp->peer_ns = ns; 498 /* printf("L2TP CTRL INPUT, ns=%d, nr=%d, len=%d\n", ns, nr, p->len); */ 499 500 /* Handle the special case of the ICCN acknowledge */ 501 if (l2tp->phase == PPPOL2TP_STATE_ICCN_SENT && l2tp->peer_nr > l2tp->our_ns) { 502 l2tp->phase = PPPOL2TP_STATE_DATA; 503 } 504 505 /* ZLB packets */ 506 if (p->tot_len == 0) { 507 return; 508 } 509 510 p = ppp_singlebuf(p); 511 inp = (u8_t*)p->payload; 512 /* Decode AVPs */ 513 while (p->len > 0) { 514 if (p->len < sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype) ) { 515 goto packet_too_short; 516 } 517 GETSHORT(avpflags, inp); 518 avplen = avpflags & PPPOL2TP_AVPHEADERFLAG_LENGTHMASK; 519 /* printf("AVPLEN = %d\n", avplen); */ 520 if (p->len < avplen || avplen < sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype)) { 521 goto packet_too_short; 522 } 523 GETSHORT(vendorid, inp); 524 GETSHORT(attributetype, inp); 525 avplen -= sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype); 526 527 /* Message type must be the first AVP */ 528 if (messagetype == 0) { 529 if (attributetype != 0 || vendorid != 0 || avplen != sizeof(messagetype) ) { 530 PPPDEBUG(LOG_DEBUG, ("pppol2tp: message type must be the first AVP\n")); 531 return; 532 } 533 GETSHORT(messagetype, inp); 534 /* printf("Message type = %d\n", messagetype); */ 535 switch(messagetype) { 536 /* Start Control Connection Reply */ 537 case PPPOL2TP_MESSAGETYPE_SCCRP: 538 /* Only accept SCCRP packet if we sent a SCCRQ */ 539 if (l2tp->phase != PPPOL2TP_STATE_SCCRQ_SENT) { 540 goto send_zlb; 541 } 542 break; 543 /* Incoming Call Reply */ 544 case PPPOL2TP_MESSAGETYPE_ICRP: 545 /* Only accept ICRP packet if we sent a IRCQ */ 546 if (l2tp->phase != PPPOL2TP_STATE_ICRQ_SENT) { 547 goto send_zlb; 548 } 549 break; 550 /* Stop Control Connection Notification */ 551 case PPPOL2TP_MESSAGETYPE_STOPCCN: 552 pppol2tp_send_zlb(l2tp, l2tp->our_ns); /* Ack the StopCCN before we switch to down state */ 553 if (l2tp->phase < PPPOL2TP_STATE_DATA) { 554 pppol2tp_abort_connect(l2tp); 555 } else if (l2tp->phase == PPPOL2TP_STATE_DATA) { 556 /* Don't disconnect here, we let the LCP Echo/Reply find the fact 557 * that PPP session is down. Asking the PPP stack to end the session 558 * require strict checking about the PPP phase to prevent endless 559 * disconnection loops. 560 */ 561 } 562 return; 563 default: 564 break; 565 } 566 goto nextavp; 567 } 568 569 /* Skip proprietary L2TP extensions */ 570 if (vendorid != 0) { 571 goto skipavp; 572 } 573 574 switch (messagetype) { 575 /* Start Control Connection Reply */ 576 case PPPOL2TP_MESSAGETYPE_SCCRP: 577 switch (attributetype) { 578 case PPPOL2TP_AVPTYPE_TUNNELID: 579 if (avplen != sizeof(l2tp->source_tunnel_id) ) { 580 PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Assign tunnel ID length check failed\n")); 581 return; 582 } 583 GETSHORT(l2tp->source_tunnel_id, inp); 584 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Assigned tunnel ID %"U16_F"\n", l2tp->source_tunnel_id)); 585 goto nextavp; 586#if PPPOL2TP_AUTH_SUPPORT 587 case PPPOL2TP_AVPTYPE_CHALLENGE: 588 if (avplen == 0) { 589 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Challenge length check failed\n")); 590 return; 591 } 592 if (l2tp->secret == NULL) { 593 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Received challenge from peer and no secret key available\n")); 594 pppol2tp_abort_connect(l2tp); 595 return; 596 } 597 /* Generate hash of ID, secret, challenge */ 598 lwip_md5_init(&md5_ctx); 599 lwip_md5_starts(&md5_ctx); 600 challenge_id = PPPOL2TP_MESSAGETYPE_SCCCN; 601 lwip_md5_update(&md5_ctx, &challenge_id, 1); 602 lwip_md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len); 603 lwip_md5_update(&md5_ctx, inp, avplen); 604 lwip_md5_finish(&md5_ctx, l2tp->challenge_hash); 605 lwip_md5_free(&md5_ctx); 606 l2tp->send_challenge = 1; 607 goto skipavp; 608 case PPPOL2TP_AVPTYPE_CHALLENGERESPONSE: 609 if (avplen != PPPOL2TP_AVPTYPE_CHALLENGERESPONSE_SIZE) { 610 PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Challenge Response length check failed\n")); 611 return; 612 } 613 /* Generate hash of ID, secret, challenge */ 614 lwip_md5_init(&md5_ctx); 615 lwip_md5_starts(&md5_ctx); 616 challenge_id = PPPOL2TP_MESSAGETYPE_SCCRP; 617 lwip_md5_update(&md5_ctx, &challenge_id, 1); 618 lwip_md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len); 619 lwip_md5_update(&md5_ctx, l2tp->secret_rv, sizeof(l2tp->secret_rv)); 620 lwip_md5_finish(&md5_ctx, md5_hash); 621 lwip_md5_free(&md5_ctx); 622 if ( memcmp(inp, md5_hash, sizeof(md5_hash)) ) { 623 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Received challenge response from peer and secret key do not match\n")); 624 pppol2tp_abort_connect(l2tp); 625 return; 626 } 627 goto skipavp; 628#endif /* PPPOL2TP_AUTH_SUPPORT */ 629 default: 630 break; 631 } 632 break; 633 /* Incoming Call Reply */ 634 case PPPOL2TP_MESSAGETYPE_ICRP: 635 switch (attributetype) { 636 case PPPOL2TP_AVPTYPE_SESSIONID: 637 if (avplen != sizeof(l2tp->source_session_id) ) { 638 PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Assign session ID length check failed\n")); 639 return; 640 } 641 GETSHORT(l2tp->source_session_id, inp); 642 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Assigned session ID %"U16_F"\n", l2tp->source_session_id)); 643 goto nextavp; 644 default: 645 break; 646 } 647 break; 648 default: 649 break; 650 } 651 652skipavp: 653 INCPTR(avplen, inp); 654nextavp: 655 /* printf("AVP Found, vendor=%d, attribute=%d, len=%d\n", vendorid, attributetype, avplen); */ 656 /* next AVP */ 657 if (pbuf_header(p, -(s16_t)(avplen + sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype)) ) != 0) { 658 return; 659 } 660 } 661 662 switch(messagetype) { 663 /* Start Control Connection Reply */ 664 case PPPOL2TP_MESSAGETYPE_SCCRP: 665 do { 666 l2tp->remote_session_id = magic(); 667 } while(l2tp->remote_session_id == 0); 668 l2tp->tunnel_port = port; /* LNS server might have chosen its own local port */ 669 l2tp->icrq_retried = 0; 670 l2tp->phase = PPPOL2TP_STATE_ICRQ_SENT; 671 l2tp->our_ns++; 672 if ((err = pppol2tp_send_scccn(l2tp, l2tp->our_ns)) != 0) { 673 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCCN, error=%d\n", err)); 674 } 675 l2tp->our_ns++; 676 if ((err = pppol2tp_send_icrq(l2tp, l2tp->our_ns)) != 0) { 677 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICRQ, error=%d\n", err)); 678 } 679 sys_untimeout(pppol2tp_timeout, l2tp); 680 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp); 681 break; 682 /* Incoming Call Reply */ 683 case PPPOL2TP_MESSAGETYPE_ICRP: 684 l2tp->iccn_retried = 0; 685 l2tp->phase = PPPOL2TP_STATE_ICCN_SENT; 686 l2tp->our_ns++; 687 ppp_start(l2tp->ppp); /* notify upper layers */ 688 if ((err = pppol2tp_send_iccn(l2tp, l2tp->our_ns)) != 0) { 689 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICCN, error=%d\n", err)); 690 } 691 sys_untimeout(pppol2tp_timeout, l2tp); 692 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp); 693 break; 694 /* Unhandled packet, send ZLB ACK */ 695 default: 696 goto send_zlb; 697 } 698 return; 699 700send_zlb: 701 pppol2tp_send_zlb(l2tp, l2tp->our_ns); 702 return; 703packet_too_short: 704 PPPDEBUG(LOG_DEBUG, ("pppol2tp: packet too short: %d\n", p->len)); 705} 706 707/* L2TP Timeout handler */ 708static void pppol2tp_timeout(void *arg) { 709 pppol2tp_pcb *l2tp = (pppol2tp_pcb*)arg; 710 err_t err; 711 u32_t retry_wait; 712 713 PPPDEBUG(LOG_DEBUG, ("pppol2tp: timeout\n")); 714 715 switch (l2tp->phase) { 716 case PPPOL2TP_STATE_SCCRQ_SENT: 717 /* backoff wait */ 718 if (l2tp->sccrq_retried < 0xff) { 719 l2tp->sccrq_retried++; 720 } 721 if (!l2tp->ppp->settings.persist && l2tp->sccrq_retried >= PPPOL2TP_MAXSCCRQ) { 722 pppol2tp_abort_connect(l2tp); 723 return; 724 } 725 retry_wait = LWIP_MIN(PPPOL2TP_CONTROL_TIMEOUT * l2tp->sccrq_retried, PPPOL2TP_SLOW_RETRY); 726 PPPDEBUG(LOG_DEBUG, ("pppol2tp: sccrq_retried=%d\n", l2tp->sccrq_retried)); 727 if ((err = pppol2tp_send_sccrq(l2tp)) != 0) { 728 l2tp->sccrq_retried--; 729 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCRQ, error=%d\n", err)); 730 } 731 sys_timeout(retry_wait, pppol2tp_timeout, l2tp); 732 break; 733 734 case PPPOL2TP_STATE_ICRQ_SENT: 735 l2tp->icrq_retried++; 736 if (l2tp->icrq_retried >= PPPOL2TP_MAXICRQ) { 737 pppol2tp_abort_connect(l2tp); 738 return; 739 } 740 PPPDEBUG(LOG_DEBUG, ("pppol2tp: icrq_retried=%d\n", l2tp->icrq_retried)); 741 if (l2tp->peer_nr <= l2tp->our_ns -1) { /* the SCCCN was not acknowledged */ 742 if ((err = pppol2tp_send_scccn(l2tp, l2tp->our_ns -1)) != 0) { 743 l2tp->icrq_retried--; 744 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCCN, error=%d\n", err)); 745 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp); 746 break; 747 } 748 } 749 if ((err = pppol2tp_send_icrq(l2tp, l2tp->our_ns)) != 0) { 750 l2tp->icrq_retried--; 751 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICRQ, error=%d\n", err)); 752 } 753 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp); 754 break; 755 756 case PPPOL2TP_STATE_ICCN_SENT: 757 l2tp->iccn_retried++; 758 if (l2tp->iccn_retried >= PPPOL2TP_MAXICCN) { 759 pppol2tp_abort_connect(l2tp); 760 return; 761 } 762 PPPDEBUG(LOG_DEBUG, ("pppol2tp: iccn_retried=%d\n", l2tp->iccn_retried)); 763 if ((err = pppol2tp_send_iccn(l2tp, l2tp->our_ns)) != 0) { 764 l2tp->iccn_retried--; 765 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICCN, error=%d\n", err)); 766 } 767 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp); 768 break; 769 770 default: 771 return; /* all done, work in peace */ 772 } 773} 774 775/* Connection attempt aborted */ 776static void pppol2tp_abort_connect(pppol2tp_pcb *l2tp) { 777 PPPDEBUG(LOG_DEBUG, ("pppol2tp: could not establish connection\n")); 778 l2tp->phase = PPPOL2TP_STATE_INITIAL; 779 ppp_link_failed(l2tp->ppp); /* notify upper layers */ 780} 781 782/* Initiate a new tunnel */ 783static err_t pppol2tp_send_sccrq(pppol2tp_pcb *l2tp) { 784 struct pbuf *pb; 785 u8_t *p; 786 u16_t len; 787 788 /* calculate UDP packet length */ 789 len = 12 +8 +8 +10 +10 +6+sizeof(PPPOL2TP_HOSTNAME)-1 +6+sizeof(PPPOL2TP_VENDORNAME)-1 +8 +8; 790#if PPPOL2TP_AUTH_SUPPORT 791 if (l2tp->secret != NULL) { 792 len += 6 + sizeof(l2tp->secret_rv); 793 } 794#endif /* PPPOL2TP_AUTH_SUPPORT */ 795 796 /* allocate a buffer */ 797 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM); 798 if (pb == NULL) { 799 return ERR_MEM; 800 } 801 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len); 802 803 p = (u8_t*)pb->payload; 804 /* fill in pkt */ 805 /* L2TP control header */ 806 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p); 807 PUTSHORT(len, p); /* Length */ 808 PUTSHORT(0, p); /* Tunnel Id */ 809 PUTSHORT(0, p); /* Session Id */ 810 PUTSHORT(0, p); /* NS Sequence number - to peer */ 811 PUTSHORT(0, p); /* NR Sequence number - expected for peer */ 812 813 /* AVP - Message type */ 814 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ 815 PUTSHORT(0, p); /* Vendor ID */ 816 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */ 817 PUTSHORT(PPPOL2TP_MESSAGETYPE_SCCRQ, p); /* Attribute value: Message type: SCCRQ */ 818 819 /* AVP - L2TP Version */ 820 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ 821 PUTSHORT(0, p); /* Vendor ID */ 822 PUTSHORT(PPPOL2TP_AVPTYPE_VERSION, p); /* Attribute type: Version */ 823 PUTSHORT(PPPOL2TP_VERSION, p); /* Attribute value: L2TP Version */ 824 825 /* AVP - Framing capabilities */ 826 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */ 827 PUTSHORT(0, p); /* Vendor ID */ 828 PUTSHORT(PPPOL2TP_AVPTYPE_FRAMINGCAPABILITIES, p); /* Attribute type: Framing capabilities */ 829 PUTLONG(PPPOL2TP_FRAMINGCAPABILITIES, p); /* Attribute value: Framing capabilities */ 830 831 /* AVP - Bearer capabilities */ 832 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */ 833 PUTSHORT(0, p); /* Vendor ID */ 834 PUTSHORT(PPPOL2TP_AVPTYPE_BEARERCAPABILITIES, p); /* Attribute type: Bearer capabilities */ 835 PUTLONG(PPPOL2TP_BEARERCAPABILITIES, p); /* Attribute value: Bearer capabilities */ 836 837 /* AVP - Host name */ 838 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6+sizeof(PPPOL2TP_HOSTNAME)-1, p); /* Mandatory flag + len field */ 839 PUTSHORT(0, p); /* Vendor ID */ 840 PUTSHORT(PPPOL2TP_AVPTYPE_HOSTNAME, p); /* Attribute type: Hostname */ 841 MEMCPY(p, PPPOL2TP_HOSTNAME, sizeof(PPPOL2TP_HOSTNAME)-1); /* Attribute value: Hostname */ 842 INCPTR(sizeof(PPPOL2TP_HOSTNAME)-1, p); 843 844 /* AVP - Vendor name */ 845 PUTSHORT(6+sizeof(PPPOL2TP_VENDORNAME)-1, p); /* len field */ 846 PUTSHORT(0, p); /* Vendor ID */ 847 PUTSHORT(PPPOL2TP_AVPTYPE_VENDORNAME, p); /* Attribute type: Vendor name */ 848 MEMCPY(p, PPPOL2TP_VENDORNAME, sizeof(PPPOL2TP_VENDORNAME)-1); /* Attribute value: Vendor name */ 849 INCPTR(sizeof(PPPOL2TP_VENDORNAME)-1, p); 850 851 /* AVP - Assign tunnel ID */ 852 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ 853 PUTSHORT(0, p); /* Vendor ID */ 854 PUTSHORT(PPPOL2TP_AVPTYPE_TUNNELID, p); /* Attribute type: Tunnel ID */ 855 PUTSHORT(l2tp->remote_tunnel_id, p); /* Attribute value: Tunnel ID */ 856 857 /* AVP - Receive window size */ 858 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ 859 PUTSHORT(0, p); /* Vendor ID */ 860 PUTSHORT(PPPOL2TP_AVPTYPE_RECEIVEWINDOWSIZE, p); /* Attribute type: Receive window size */ 861 PUTSHORT(PPPOL2TP_RECEIVEWINDOWSIZE, p); /* Attribute value: Receive window size */ 862 863#if PPPOL2TP_AUTH_SUPPORT 864 /* AVP - Challenge */ 865 if (l2tp->secret != NULL) { 866 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6 + sizeof(l2tp->secret_rv), p); /* Mandatory flag + len field */ 867 PUTSHORT(0, p); /* Vendor ID */ 868 PUTSHORT(PPPOL2TP_AVPTYPE_CHALLENGE, p); /* Attribute type: Challenge */ 869 MEMCPY(p, l2tp->secret_rv, sizeof(l2tp->secret_rv)); /* Attribute value: Random vector */ 870 INCPTR(sizeof(l2tp->secret_rv), p); 871 } 872#endif /* PPPOL2TP_AUTH_SUPPORT */ 873 874 return pppol2tp_udp_send(l2tp, pb); 875} 876 877/* Complete tunnel establishment */ 878static err_t pppol2tp_send_scccn(pppol2tp_pcb *l2tp, u16_t ns) { 879 struct pbuf *pb; 880 u8_t *p; 881 u16_t len; 882 883 /* calculate UDP packet length */ 884 len = 12 +8; 885#if PPPOL2TP_AUTH_SUPPORT 886 if (l2tp->send_challenge) { 887 len += 6 + sizeof(l2tp->challenge_hash); 888 } 889#endif /* PPPOL2TP_AUTH_SUPPORT */ 890 891 /* allocate a buffer */ 892 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM); 893 if (pb == NULL) { 894 return ERR_MEM; 895 } 896 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len); 897 898 p = (u8_t*)pb->payload; 899 /* fill in pkt */ 900 /* L2TP control header */ 901 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p); 902 PUTSHORT(len, p); /* Length */ 903 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */ 904 PUTSHORT(0, p); /* Session Id */ 905 PUTSHORT(ns, p); /* NS Sequence number - to peer */ 906 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */ 907 908 /* AVP - Message type */ 909 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ 910 PUTSHORT(0, p); /* Vendor ID */ 911 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */ 912 PUTSHORT(PPPOL2TP_MESSAGETYPE_SCCCN, p); /* Attribute value: Message type: SCCCN */ 913 914#if PPPOL2TP_AUTH_SUPPORT 915 /* AVP - Challenge response */ 916 if (l2tp->send_challenge) { 917 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6 + sizeof(l2tp->challenge_hash), p); /* Mandatory flag + len field */ 918 PUTSHORT(0, p); /* Vendor ID */ 919 PUTSHORT(PPPOL2TP_AVPTYPE_CHALLENGERESPONSE, p); /* Attribute type: Challenge response */ 920 MEMCPY(p, l2tp->challenge_hash, sizeof(l2tp->challenge_hash)); /* Attribute value: Computed challenge */ 921 INCPTR(sizeof(l2tp->challenge_hash), p); 922 } 923#endif /* PPPOL2TP_AUTH_SUPPORT */ 924 925 return pppol2tp_udp_send(l2tp, pb); 926} 927 928/* Initiate a new session */ 929static err_t pppol2tp_send_icrq(pppol2tp_pcb *l2tp, u16_t ns) { 930 struct pbuf *pb; 931 u8_t *p; 932 u16_t len; 933 u32_t serialnumber; 934 935 /* calculate UDP packet length */ 936 len = 12 +8 +8 +10; 937 938 /* allocate a buffer */ 939 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM); 940 if (pb == NULL) { 941 return ERR_MEM; 942 } 943 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len); 944 945 p = (u8_t*)pb->payload; 946 /* fill in pkt */ 947 /* L2TP control header */ 948 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p); 949 PUTSHORT(len, p); /* Length */ 950 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */ 951 PUTSHORT(0, p); /* Session Id */ 952 PUTSHORT(ns, p); /* NS Sequence number - to peer */ 953 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */ 954 955 /* AVP - Message type */ 956 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ 957 PUTSHORT(0, p); /* Vendor ID */ 958 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */ 959 PUTSHORT(PPPOL2TP_MESSAGETYPE_ICRQ, p); /* Attribute value: Message type: ICRQ */ 960 961 /* AVP - Assign session ID */ 962 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ 963 PUTSHORT(0, p); /* Vendor ID */ 964 PUTSHORT(PPPOL2TP_AVPTYPE_SESSIONID, p); /* Attribute type: Session ID */ 965 PUTSHORT(l2tp->remote_session_id, p); /* Attribute value: Session ID */ 966 967 /* AVP - Call Serial Number */ 968 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */ 969 PUTSHORT(0, p); /* Vendor ID */ 970 PUTSHORT(PPPOL2TP_AVPTYPE_CALLSERIALNUMBER, p); /* Attribute type: Serial number */ 971 serialnumber = magic(); 972 PUTLONG(serialnumber, p); /* Attribute value: Serial number */ 973 974 return pppol2tp_udp_send(l2tp, pb); 975} 976 977/* Complete tunnel establishment */ 978static err_t pppol2tp_send_iccn(pppol2tp_pcb *l2tp, u16_t ns) { 979 struct pbuf *pb; 980 u8_t *p; 981 u16_t len; 982 983 /* calculate UDP packet length */ 984 len = 12 +8 +10 +10; 985 986 /* allocate a buffer */ 987 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM); 988 if (pb == NULL) { 989 return ERR_MEM; 990 } 991 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len); 992 993 p = (u8_t*)pb->payload; 994 /* fill in pkt */ 995 /* L2TP control header */ 996 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p); 997 PUTSHORT(len, p); /* Length */ 998 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */ 999 PUTSHORT(l2tp->source_session_id, p); /* Session Id */ 1000 PUTSHORT(ns, p); /* NS Sequence number - to peer */ 1001 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */ 1002 1003 /* AVP - Message type */ 1004 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ 1005 PUTSHORT(0, p); /* Vendor ID */ 1006 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */ 1007 PUTSHORT(PPPOL2TP_MESSAGETYPE_ICCN, p); /* Attribute value: Message type: ICCN */ 1008 1009 /* AVP - Framing type */ 1010 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */ 1011 PUTSHORT(0, p); /* Vendor ID */ 1012 PUTSHORT(PPPOL2TP_AVPTYPE_FRAMINGTYPE, p); /* Attribute type: Framing type */ 1013 PUTLONG(PPPOL2TP_FRAMINGTYPE, p); /* Attribute value: Framing type */ 1014 1015 /* AVP - TX Connect speed */ 1016 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */ 1017 PUTSHORT(0, p); /* Vendor ID */ 1018 PUTSHORT(PPPOL2TP_AVPTYPE_TXCONNECTSPEED, p); /* Attribute type: TX Connect speed */ 1019 PUTLONG(PPPOL2TP_TXCONNECTSPEED, p); /* Attribute value: TX Connect speed */ 1020 1021 return pppol2tp_udp_send(l2tp, pb); 1022} 1023 1024/* Send a ZLB ACK packet */ 1025static err_t pppol2tp_send_zlb(pppol2tp_pcb *l2tp, u16_t ns) { 1026 struct pbuf *pb; 1027 u8_t *p; 1028 u16_t len; 1029 1030 /* calculate UDP packet length */ 1031 len = 12; 1032 1033 /* allocate a buffer */ 1034 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM); 1035 if (pb == NULL) { 1036 return ERR_MEM; 1037 } 1038 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len); 1039 1040 p = (u8_t*)pb->payload; 1041 /* fill in pkt */ 1042 /* L2TP control header */ 1043 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p); 1044 PUTSHORT(len, p); /* Length */ 1045 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */ 1046 PUTSHORT(0, p); /* Session Id */ 1047 PUTSHORT(ns, p); /* NS Sequence number - to peer */ 1048 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */ 1049 1050 return pppol2tp_udp_send(l2tp, pb); 1051} 1052 1053/* Send a StopCCN packet */ 1054static err_t pppol2tp_send_stopccn(pppol2tp_pcb *l2tp, u16_t ns) { 1055 struct pbuf *pb; 1056 u8_t *p; 1057 u16_t len; 1058 1059 /* calculate UDP packet length */ 1060 len = 12 +8 +8 +8; 1061 1062 /* allocate a buffer */ 1063 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM); 1064 if (pb == NULL) { 1065 return ERR_MEM; 1066 } 1067 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len); 1068 1069 p = (u8_t*)pb->payload; 1070 /* fill in pkt */ 1071 /* L2TP control header */ 1072 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p); 1073 PUTSHORT(len, p); /* Length */ 1074 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */ 1075 PUTSHORT(0, p); /* Session Id */ 1076 PUTSHORT(ns, p); /* NS Sequence number - to peer */ 1077 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */ 1078 1079 /* AVP - Message type */ 1080 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ 1081 PUTSHORT(0, p); /* Vendor ID */ 1082 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */ 1083 PUTSHORT(PPPOL2TP_MESSAGETYPE_STOPCCN, p); /* Attribute value: Message type: StopCCN */ 1084 1085 /* AVP - Assign tunnel ID */ 1086 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ 1087 PUTSHORT(0, p); /* Vendor ID */ 1088 PUTSHORT(PPPOL2TP_AVPTYPE_TUNNELID, p); /* Attribute type: Tunnel ID */ 1089 PUTSHORT(l2tp->remote_tunnel_id, p); /* Attribute value: Tunnel ID */ 1090 1091 /* AVP - Result code */ 1092 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ 1093 PUTSHORT(0, p); /* Vendor ID */ 1094 PUTSHORT(PPPOL2TP_AVPTYPE_RESULTCODE, p); /* Attribute type: Result code */ 1095 PUTSHORT(PPPOL2TP_RESULTCODE, p); /* Attribute value: Result code */ 1096 1097 return pppol2tp_udp_send(l2tp, pb); 1098} 1099 1100static err_t pppol2tp_xmit(pppol2tp_pcb *l2tp, struct pbuf *pb) { 1101 u8_t *p; 1102 1103 /* make room for L2TP header - should not fail */ 1104 if (pbuf_header(pb, (s16_t)PPPOL2TP_OUTPUT_DATA_HEADER_LEN) != 0) { 1105 /* bail out */ 1106 PPPDEBUG(LOG_ERR, ("pppol2tp: pppol2tp_pcb: could not allocate room for L2TP header\n")); 1107 LINK_STATS_INC(link.lenerr); 1108 pbuf_free(pb); 1109 return ERR_BUF; 1110 } 1111 1112 p = (u8_t*)pb->payload; 1113 PUTSHORT(PPPOL2TP_HEADERFLAG_DATA_MANDATORY, p); 1114 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */ 1115 PUTSHORT(l2tp->source_session_id, p); /* Session Id */ 1116 1117 return pppol2tp_udp_send(l2tp, pb); 1118} 1119 1120static err_t pppol2tp_udp_send(pppol2tp_pcb *l2tp, struct pbuf *pb) { 1121 err_t err; 1122 if (l2tp->netif) { 1123 err = udp_sendto_if(l2tp->udp, pb, &l2tp->remote_ip, l2tp->tunnel_port, l2tp->netif); 1124 } else { 1125 err = udp_sendto(l2tp->udp, pb, &l2tp->remote_ip, l2tp->tunnel_port); 1126 } 1127 pbuf_free(pb); 1128 return err; 1129} 1130 1131#endif /* PPP_SUPPORT && PPPOL2TP_SUPPORT */ 1132