1/* 2 * Copyright (c) 2000-2002 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/* ----------------------------------------------------------------------------- 25 * 26 * Theory of operation : 27 * 28 * plugin to add L2TP client support to pppd. 29 * 30----------------------------------------------------------------------------- */ 31 32 33/* ----------------------------------------------------------------------------- 34 Includes 35----------------------------------------------------------------------------- */ 36 37#include <stdio.h> 38#include <ctype.h> 39#include <stdlib.h> 40#include <string.h> 41#include <unistd.h> 42#include <errno.h> 43#include <sys/socket.h> 44#include <sys/sysctl.h> 45 46#define APPLE 1 47#include "../L2TP-extension/l2tpk.h" 48#include "l2tp.h" 49#include "../../../Helpers/pppd/pppd.h" 50 51/* ----------------------------------------------------------------------------- 52 L2TP defines 53----------------------------------------------------------------------------- */ 54 55#define MAX_RANDOM_VECTOR_SIZE 128 /* ??? just a guess - look into this */ 56#define MAX_AVP_VALUE_SIZE 256 /* ??? just a guess */ 57#define MAX_CAUSE_MSG_SIZE 256 58 59/* define l2tp AVP types */ 60#define L2TP_AVP_MSG_TYPE 0 /* Message Type AVP Attribute Type (All Messages) */ 61#define L2TP_AVP_RESULT_CODE 1 /* Result Code AVP Attribute Type (CDN, StopCCN) */ 62#define L2TP_AVP_PROTO_VERS 2 /* Protocol Version AVP Attribute Type (SCCRP, SCCRQ) */ 63#define L2TP_AVP_FRAMING_CAPS 3 /* Framing Capabilities AVP Attribute Type (SCCRP, SCCRQ) */ 64#define L2TP_AVP_BEARER_CAPS 4 /* Bearer Capabilities AVP Attribute Type (SCCRP, SCCRQ) */ 65#define L2TP_AVP_TIE_BREAKER 5 /* Tie Breaker AVP Attribute Type (SCCRQ) */ 66#define L2TP_AVP_FIRMWARE_REV 6 /* Firmware Revision AVP Attribute Type (SCCRP, SCCRQ) */ 67#define L2TP_AVP_HOST_NAME 7 /* Host Name AVP Attribute Type (SCCRP, SCCRQ) */ 68#define L2TP_AVP_VENDOR_NAME 8 /* Vendor Name AVP Attribute Type (SCCRP, SCCRQ) */ 69#define L2TP_AVP_TUNNEL_ID 9 /* Assigned Tunnel ID AVP Attribute Type (SCCRP, SCCRQ, StopCCN) */ 70#define L2TP_AVP_WINDOW_SIZE 10 /* Reveive Window Size AVP Attribute Type (SCCRP, SCCRQ) */ 71#define L2TP_AVP_CHALLENGE 11 /* Challenge AVP Attribute Type (SCCRP, SCCRQ) */ 72#define L2TP_AVP_CAUSE_CODE 12 /* Cause Code AVP Attribute Type (CDN) */ 73#define L2TP_AVP_CHALLENGE_RESP 13 /* Challenge Response AVP Attribute Type (SCCCN, SCCRP) */ 74#define L2TP_AVP_SESSION_ID 14 /* Assigned Session ID AVP Attribute Type (CDN, ICRP, ICRQ, OCRP, OCRQ) */ 75#define L2TP_AVP_CALL_SERIAL_NUM 15 /* Call Serial Number AVP Attribute Type (ICRQ, OCRQ) */ 76#define L2TP_AVP_MIN_BPS 16 /* Minimum BPS (OCRQ) */ 77#define L2TP_AVP_MAX_BPS 17 /* Maximum BPS (OCRQ) */ 78#define L2TP_AVP_BEARER_TYPE 18 /* Bearer Type (ICRQ, OCRQ) */ 79#define L2TP_AVP_FRAMING_TYPE 19 /* Framing Type (ICCN, OCCN, OCRQ) */ 80#define L2TP_AVP_CALLED_NUM 21 /* Called Number (ICRQ, OCRQ) */ 81#define L2TP_AVP_CALLING_NUM 22 /* Calling Number (ICRQ) */ 82#define L2TP_AVP_SUB_ADDRESS 23 /* Sub-Address (ICRQ, OCRQ) */ 83#define L2TP_AVP_TX_CONNECT_SPEED 24 /* TX Connect Speed (ICCN, OCCN) */ 84#define L2TP_AVP_PHYS_CHANNEL_ID 25 /* Physical Channel ID (ICRQ, OCRP) */ 85#define L2TP_AVP_INIT_RECVD_CONFREQ 26 /* Initial Receieved LCP CONFREQ (ICCN) */ 86#define L2TP_AVP_LAST_SENT_CONFREQ 27 /* Last Sent LCP CONFREQ (ICCN) */ 87#define L2TP_AVP_LAST_RECVD_CONFREQ 28 /* Last Received LCP CONFREQ (ICCN) */ 88#define L2TP_AVP_PROXY_AUTH_TYPE 29 /* Proxy Authen Type (ICCN) */ 89#define L2TP_AVP_PROXY_AUTH_NAME 30 /* Proxy Authen Name (ICCN) */ 90#define L2TP_AVP_PROXY_AUTH_CHALLENGE 31 /* Proxy Authen Challenge (ICCN) */ 91#define L2TP_AVP_PROXY_AUTH_ID 32 /* Proxy Authen ID (ICCN) */ 92#define L2TP_AVP_PROXY_AUTH_RESP 33 /* Proxy Authen Response (ICCN) */ 93#define L2TP_AVP_CALL_ERRORS 34 /* Call Errors (WEN) */ 94#define L2TP_AVP_ACCM 35 /* ACCM (SLI) */ 95#define L2TP_AVP_RAND_VECT 36 /* Random Vector AVP Attribute Type (All Messages) */ 96#define L2TP_AVP_PRIVATE_GROUP_ID 37 /* Private Group ID (ICCN) */ 97#define L2TP_AVP_RX_CONNECT_SPEED 38 /* RX Connect Speed (ICCN, OCCN) */ 98#define L2TP_AVP_SEQ_REQUIRED 39 /* Sequencing Required (ICCN, OCCN) */ 99 100#define L2TP_LAST_AVP_TYPE L2TP_AVP_SEQ_REQUIRED 101 102 103/* 104 * The following is used to test each AVP as its processed for 105 * size and its appropriateness for a received control message. 106 */ 107 108/* 109 * required-AVP bitmap bits - used to determine if all required AVPs 110 * have been received for a particular message. Only AVPs that are 111 * required by one or more message types are included 112 */ 113#define L2TP_AVP_MSG_TYPE_BIT (0x00000001 << 0) 114#define L2TP_AVP_RESULT_CODE_BIT (0x00000001 << 1) 115#define L2TP_AVP_PROTO_VERS_BIT (0x00000001 << 2) 116#define L2TP_AVP_FRAMING_CAPS_BIT (0x00000001 << 3) 117#define L2TP_AVP_HOST_NAME_BIT (0x00000001 << 4) 118#define L2TP_AVP_TUNNEL_ID_BIT (0x00000001 << 5) 119#define L2TP_AVP_WINDOW_SIZE_BIT (0x00000001 << 6) 120#define L2TP_AVP_SESSION_ID_BIT (0x00000001 << 7) 121#define L2TP_AVP_CALL_SERIAL_NUM_BIT (0x00000001 << 8) 122#define L2TP_AVP_MIN_BPS_BIT (0x00000001 << 9) 123#define L2TP_AVP_MAX_BPS_BIT (0x00000001 << 10) 124#define L2TP_AVP_BEARER_TYPE_BIT (0x00000001 << 11) 125#define L2TP_AVP_FRAMING_TYPE_BIT (0x00000001 << 12) 126#define L2TP_AVP_CALLED_NUM_BIT (0x00000001 << 13) 127#define L2TP_AVP_TX_CONNECT_SPEED_BIT (0x00000001 << 14) 128#define L2TP_AVP_CALL_ERRORS_BIT (0x00000001 << 15) 129#define L2TP_AVP_ACCM_BIT (0x00000001 << 16) 130 131/* bitmaps for indicating which AVPs are required for message types */ 132#define L2TP_SCCRQ_BITMAP (L2TP_AVP_MSG_TYPE_BIT | L2TP_AVP_PROTO_VERS_BIT | L2TP_AVP_HOST_NAME_BIT | \ 133 L2TP_AVP_FRAMING_CAPS_BIT | L2TP_AVP_TUNNEL_ID_BIT) 134#define L2TP_SCCRP_BITMAP (L2TP_AVP_MSG_TYPE_BIT | L2TP_AVP_PROTO_VERS_BIT | L2TP_AVP_HOST_NAME_BIT | \ 135 L2TP_AVP_FRAMING_CAPS_BIT | L2TP_AVP_TUNNEL_ID_BIT) 136#define L2TP_SCCCN_BITMAP (L2TP_AVP_MSG_TYPE_BIT) 137#define L2TP_StopCCN_BITMAP (L2TP_AVP_MSG_TYPE_BIT | L2TP_AVP_TUNNEL_ID_BIT | L2TP_AVP_RESULT_CODE_BIT) 138#define L2TP_HELLO_BITMAP (L2TP_AVP_MSG_TYPE_BIT) 139#define L2TP_OCRQ_BITMAP (L2TP_AVP_MSG_TYPE_BIT | L2TP_AVP_SESSION_ID_BIT | L2TP_AVP_CALL_SERIAL_NUM_BIT | \ 140 L2TP_AVP_MIN_BPS_BIT | L2TP_AVP_MAX_BPS_BIT | L2TP_AVP_BEARER_TYPE_BIT | \ 141 L2TP_AVP_FRAMING_TYPE_BIT | L2TP_AVP_CALLED_NUM_BIT) 142#define L2TP_OCRP_BITMAP (L2TP_AVP_MSG_TYPE_BIT | L2TP_AVP_SESSION_ID_BIT) 143#define L2TP_OCCN_BITMAP (L2TP_AVP_MSG_TYPE_BIT | L2TP_AVP_TX_CONNECT_SPEED_BIT | L2TP_AVP_FRAMING_TYPE_BIT) 144#define L2TP_ICRQ_BITMAP (L2TP_AVP_MSG_TYPE_BIT | L2TP_AVP_SESSION_ID_BIT | L2TP_AVP_CALL_SERIAL_NUM_BIT) 145#define L2TP_ICRP_BITMAP (L2TP_AVP_MSG_TYPE_BIT | L2TP_AVP_SESSION_ID_BIT) 146#define L2TP_ICCN_BITMAP (L2TP_AVP_MSG_TYPE_BIT | L2TP_AVP_TX_CONNECT_SPEED_BIT | L2TP_AVP_FRAMING_TYPE_BIT) 147#define L2TP_CDN_BITMAP (L2TP_AVP_MSG_TYPE_BIT | L2TP_AVP_RESULT_CODE_BIT | L2TP_AVP_SESSION_ID_BIT) 148#define L2TP_WEN_BITMAP (L2TP_AVP_MSG_TYPE_BIT | L2TP_AVP_CALL_ERRORS_BIT) 149#define L2TP_SLI_BITMAP (L2TP_AVP_MSG_TYPE_BIT | L2TP_AVP_ACCM_BIT) 150 151 152#define AVP_SIZE_VARIABLE 0xff 153 154struct avp_attributes { 155 u_int16_t size; 156 u_int32_t maskbit; 157}; 158 159/* array for checking AVP sizes and validity for message type */ 160struct avp_attributes avp_attr[L2TP_LAST_AVP_TYPE + 1] = { 161 { 2, L2TP_AVP_MSG_TYPE_BIT }, /* 0 Message Type */ 162 { AVP_SIZE_VARIABLE, L2TP_AVP_RESULT_CODE_BIT }, /* 1 Result Code */ 163 { 2, L2TP_AVP_PROTO_VERS_BIT }, /* 2 Protocol Version */ 164 { 4, L2TP_AVP_FRAMING_CAPS_BIT }, /* 3 Framing Capabilities */ 165 { 4, 0 }, /* 4 Bearer Capabilities */ 166 { 8, 0 }, /* 5 Tie Breaker */ 167 { 2, 0 }, /* 6 Firmware Rev */ 168 { AVP_SIZE_VARIABLE, L2TP_AVP_HOST_NAME_BIT }, /* 7 Host Name */ 169 { AVP_SIZE_VARIABLE, 0 }, /* 8 Vendor name */ 170 { 2, L2TP_AVP_TUNNEL_ID_BIT }, /* 9 Tunnel ID */ 171 { 2, L2TP_AVP_WINDOW_SIZE_BIT }, /* 10 Window Size */ 172 { AVP_SIZE_VARIABLE, 0 }, /* 11 Challenge */ 173 { AVP_SIZE_VARIABLE, 0 }, /* 12 Cause Code */ 174 { AVP_SIZE_VARIABLE, 0 }, /* 13 Challenge Response */ 175 { 2, L2TP_AVP_SESSION_ID_BIT }, /* 14 Session ID */ 176 { 4, L2TP_AVP_CALL_SERIAL_NUM_BIT }, /* 15 Call Serial Number */ 177 { 4, L2TP_AVP_MIN_BPS_BIT }, /* 16 Minimum BPS */ 178 { 4, L2TP_AVP_MAX_BPS_BIT }, /* 17 Maximum BPS */ 179 { 4, L2TP_AVP_BEARER_TYPE_BIT }, /* 18 Bearer Type */ 180 { 4, L2TP_AVP_FRAMING_TYPE_BIT }, /* 19 Framing Type */ 181 { 0, 0 }, /* 20 unused */ 182 { AVP_SIZE_VARIABLE, L2TP_AVP_CALLED_NUM_BIT }, /* 21 Called Number */ 183 { AVP_SIZE_VARIABLE, 0 }, /* 22 Calling Number */ 184 { AVP_SIZE_VARIABLE, 0 }, /* 23 Sub-Address */ 185 { 4, L2TP_AVP_TX_CONNECT_SPEED_BIT }, /* 24 TX Connect Speed */ 186 { 4, 0 }, /* 25 Physical Channel ID */ 187 { AVP_SIZE_VARIABLE, 0 }, /* 26 Initial Received CONFREQ */ 188 { AVP_SIZE_VARIABLE, 0 }, /* 27 Last Sent CONFREQ */ 189 { AVP_SIZE_VARIABLE, 0 }, /* 28 Last Rcvd CONFREQ */ 190 { 2, 0 }, /* 29 Proxy Authen Type */ 191 { AVP_SIZE_VARIABLE, 0 }, /* 30 Proxy Auth Name */ 192 { AVP_SIZE_VARIABLE, 0 }, /* 31 Proxy Authen Challenge */ 193 { 2, 0 }, /* 32 Proxy Authen ID */ 194 { AVP_SIZE_VARIABLE, 0 }, /* 33 Proxy Authen Response */ 195 { 26, L2TP_AVP_CALL_ERRORS_BIT }, /* 34 Call Errors */ 196 { 10, L2TP_AVP_ACCM_BIT }, /* 35 ACCM */ 197 { AVP_SIZE_VARIABLE, 0 }, /* 36 Random Vector */ 198 { AVP_SIZE_VARIABLE, 0 }, /* 37 Private Group ID */ 199 { 4, 0 }, /* 38 RX Connect Speed */ 200 { 0, 0 } /* 39 Sequencing Required */ 201}; 202 203 204struct l2tp_avp_hdr { 205 /* Attribute-Value Pair header */ 206 u_int16_t flags_len; 207 u_int16_t vendor_id; 208 u_int16_t type; 209 u_int8_t value; 210}; 211 212 213/* ----------------------------------------------------------------------------- 214 Function Prototypes 215----------------------------------------------------------------------------- */ 216 217static int process_pkt_data(u_int8_t* buf, size_t len, u_int16_t* type, struct l2tp_parameters* params, u_int16_t expected_type); 218static int unhide_avp(u_int8_t*, u_int16_t*, u_int8_t*, size_t); 219static size_t prepare_SCCRQ(u_int8_t*, size_t, struct l2tp_parameters*); 220static size_t prepare_SCCRP(u_int8_t*, size_t, struct l2tp_parameters*); 221static size_t prepare_SCCRX(u_int8_t*, size_t, u_int16_t, struct l2tp_parameters*); 222static size_t prepare_SCCCN(u_int8_t*, size_t); 223static int prepare_StopCCN(u_int8_t*, size_t, struct l2tp_parameters*); 224static int prepare_Hello(u_int8_t*, size_t); 225static int prepare_ICRQ(u_int8_t*, size_t, struct l2tp_parameters*); 226static int prepare_ICRP(u_int8_t*, size_t, struct l2tp_parameters*); 227static size_t prepare_ICCN(u_int8_t*, size_t, struct l2tp_parameters*); 228static size_t prepare_CDN(u_int8_t*, size_t, struct l2tp_parameters*); 229#ifdef UNUSED 230static size_t prepare_WEN(u_int8_t*, size_t, struct l2tp_parameters*); 231#endif 232static int make_avp_hdr(u_int8_t**, size_t*, u_int16_t, size_t, u_int16_t); 233static int make_avp_short(u_int8_t**, size_t*, u_int16_t, u_int16_t, u_int16_t); 234static int make_avp_long(u_int8_t**, size_t*, u_int16_t, u_int32_t, u_int16_t); 235static char *msg_type_str(u_int16_t msg_type); 236static int l2tp_send(int ctrlsockfd, u_int8_t* buf, int len, u_int16_t session_id, struct sockaddr *to, char *text); 237 238#define PROCESS_PACKET(a,b,c,d,e) \ 239 if (process_pkt_data(a, b, c, d, e)) \ 240 return EXIT_L2TP_PROTOCOLERROR; 241 242#define SEND_PACKET(a,b,c,d,e,f) \ 243 if ((result = l2tp_send(a, b, c, d, e, f))) \ 244 return result; 245 246#define RECV_PACKET(a,b,c,d,e,f,g) \ 247 if ((result = l2tp_recv(a, b, c, d, e, f, g))) \ 248 return result; 249 250 251/* ----------------------------------------------------------------------------- 252 Globals variables 253----------------------------------------------------------------------------- */ 254 255extern int kill_link; 256 257u_int8_t control_buf[MAX_CNTL_BUFFER_SIZE] __attribute__ ((aligned(4))); 258struct l2tp_header *control_hdr = ALIGNED_CAST(struct l2tp_header *)control_buf; 259 260 261/* ----------------------------------------------------------------------------- 262----------------------------------------------------------------------------- */ 263int l2tp_outgoing_call(int fd, struct sockaddr *peer_address, 264 struct l2tp_parameters *our_params, struct l2tp_parameters *peer_params, 265 int recv_timeout) 266{ 267 int size; 268 int result; 269 u_int16_t msg_type; 270 struct sockaddr from; 271 272 /* ------------- send SCCRQ -------------*/ 273 size = prepare_SCCRQ(control_buf, MAX_CNTL_BUFFER_SIZE, our_params); 274 SEND_PACKET(fd, control_buf, size, 0, peer_address, "SCCRQ"); 275 276 /* ------------- read SCCRP -------------*/ 277 from.sa_len = sizeof(from); 278 result = l2tp_recv(fd, control_buf, MAX_CNTL_BUFFER_SIZE, &size, &from, recv_timeout, "SCCRP"); 279 if (result == -2) // cancel 280 return result; 281 if (result == -1 || size == 0) { // no reply 282 notice("L2TP cannot connect to the server\n"); 283 return EXIT_L2TP_NOANSWER; 284 } 285 286 /* the server can reply from an other port, lock our connection to the new received peer address */ 287 l2tp_change_peeraddress(fd, &from); 288 289 PROCESS_PACKET(control_buf, size, &msg_type, peer_params, L2TP_SCCRP); 290 291 if (peer_params->tunnel_id == 0) { /* check peer tunnel ID */ 292 error("L2TP received invalid Tunnel ID from peer\n"); 293 return EXIT_L2TP_PROTOCOLERROR; 294 } 295 296 /* now that we made contact, set adaptative time and timer values */ 297 l2tp_reset_timers(fd, 0); 298 299 /* set peer tunnel id and peer window */ 300 if (peer_params->window_size == 0) 301 peer_params->window_size = 4; /* assume 4 if absent as per rfc2661 */ 302 l2tp_set_peerparams(fd, peer_params); 303 304 /* ------------- send SCCCN -------------*/ 305 size = prepare_SCCCN(control_buf, MAX_CNTL_BUFFER_SIZE); 306 SEND_PACKET(fd, control_buf, size, 0, 0, "SCCCN"); 307 308 /* ------------- send ICRQ -------------*/ 309 size = prepare_ICRQ(control_buf, MAX_CNTL_BUFFER_SIZE, our_params); 310 SEND_PACKET(fd, control_buf, size, 0, 0, "ICRQ"); 311 312 /* ------------- read ICRP -------------*/ 313 from.sa_len = sizeof(from); 314 RECV_PACKET(fd, control_buf, MAX_CNTL_BUFFER_SIZE, &size, &from, recv_timeout, "ICRP"); 315 316 PROCESS_PACKET(control_buf, size, &msg_type, peer_params, L2TP_ICRP); 317 318 if (ntohs(control_hdr->session_id) != our_params->session_id) { 319 error("L2TP message from peer addressed to invalid session ID (our ID : %d, target ID : %d)\n", 320 our_params->session_id, ntohs(control_hdr->session_id)); 321 return EXIT_L2TP_PROTOCOLERROR; 322 } 323 if (peer_params->session_id == 0) { 324 error("L2TP received invalid Session ID from peer\n"); 325 return EXIT_L2TP_PROTOCOLERROR; 326 } 327 328 /* ------------- send ICCN -------------*/ 329 size = prepare_ICCN(control_buf, MAX_CNTL_BUFFER_SIZE, our_params); 330 SEND_PACKET(fd, control_buf, size, peer_params->session_id, 0, "ICCN"); 331 332 /* call succedeed ! */ 333 return 0; 334} 335 336/* ----------------------------------------------------------------------------- 337----------------------------------------------------------------------------- */ 338int l2tp_incoming_call(int fd, struct l2tp_parameters *our_params, struct l2tp_parameters *peer_params, int recv_timeout) 339{ 340 int size, result; 341 u_int16_t msg_type; 342 struct sockaddr from; 343 344 /* ------------- read SCCRQ -------------*/ 345 from.sa_len = sizeof(from); 346 RECV_PACKET(fd, control_buf, MAX_CNTL_BUFFER_SIZE, &size, &from, 0, "SCCRQ"); 347 348 /* lock the control connection to the specific address the server responded from */ 349 l2tp_change_peeraddress(fd, &from); 350 351 PROCESS_PACKET(control_buf, size, &msg_type, peer_params, L2TP_SCCRQ); 352 353 /* setup our tunnel ID in the kernel */ 354// l2tp_new_tunnelid(fd, &our_params->tunnel_id); 355 356 if (peer_params->tunnel_id == 0) { /* check peer tunnel ID */ 357 error("L2TP received invalid Tunnel ID from peer\n"); 358 return -1; 359 } 360 361 if (peer_params->window_size == 0) 362 peer_params->window_size = 4; /* assume 4 if absent as per rfc2661 */ 363 l2tp_set_peerparams(fd, peer_params); 364 365 /* ------------- send SCCRP -------------*/ 366 size = prepare_SCCRP(control_buf, MAX_CNTL_BUFFER_SIZE, our_params); 367 SEND_PACKET(fd, control_buf, size, 0, 0, "SCCRP"); 368 369 /* ------------- read SCCCN -------------*/ 370 from.sa_len = sizeof(from); 371 RECV_PACKET(fd, control_buf, MAX_CNTL_BUFFER_SIZE, &size, &from, recv_timeout, "SCCCN"); 372 373 PROCESS_PACKET(control_buf, size, &msg_type, peer_params, L2TP_SCCCN); 374 375 /* ------------- read ICRQ -------------*/ 376 from.sa_len = sizeof(from); 377 RECV_PACKET(fd, control_buf, MAX_CNTL_BUFFER_SIZE, &size, &from, recv_timeout, "ICRQ"); 378 379 PROCESS_PACKET(control_buf, size, &msg_type, peer_params, L2TP_ICRQ); 380 381 if ((peer_params->session_id) == 0) { 382 error("L2TP received invalid Session ID from peer\n"); 383 return -1; 384 } 385 386 /* ------------- send ICRP -------------*/ 387 size = prepare_ICRP(control_buf, MAX_CNTL_BUFFER_SIZE, our_params); 388 SEND_PACKET(fd, control_buf, size, peer_params->session_id, 0, "ICRP"); 389 390 /* ------------- read ICCN -------------*/ 391 RECV_PACKET(fd, control_buf, MAX_CNTL_BUFFER_SIZE, &size, &from, recv_timeout, "ICCN"); 392 393 PROCESS_PACKET(control_buf, size, &msg_type, peer_params, L2TP_ICCN); 394 395 if (ntohs(control_hdr->session_id) != our_params->session_id) { 396 error("L2TP message from peer addressed to invalid session ID (our ID : %d, target ID : %d)\n", 397 our_params->session_id, ntohs(control_hdr->session_id)); 398 return -1; 399 } 400 401 /* connected ! */ 402 403 return 0; 404} 405 406/* ----------------------------------------------------------------------------- 407 Send a Hello 408----------------------------------------------------------------------------- */ 409int l2tp_send_hello(int fd, struct l2tp_parameters *our_params) 410{ 411 int size; 412 413 size = prepare_Hello(control_buf, MAX_CNTL_BUFFER_SIZE); 414 return l2tp_send(fd, control_buf, size, 0, 0, "Hello"); 415} 416 417/* ----------------------------------------------------------------------------- 418 Send a bunch of Hellos to trigger ipsec 419 ----------------------------------------------------------------------------- */ 420int l2tp_send_hello_trigger(int fd, struct sockaddr *peer_address) 421{ 422 int hello_count, size, i; 423 size_t len = sizeof(int); 424 425 if (sysctlbyname("net.key.blockacq_count", &hello_count, &len, 0, 0)) { 426 hello_count = 10; 427 error("Failed to probe blockacq count: using %d", hello_count); 428 } 429 430 size = prepare_Hello(control_buf, MAX_CNTL_BUFFER_SIZE); 431 for (i = 0; i <= hello_count; i++) { 432 if (l2tp_send(fd, control_buf, size, 0, peer_address, "Hello")) { 433 error("Failed to send L2TP hello trigger. tried %d, max %d", i, hello_count); 434 return -1; 435 } 436 } 437 438 return 0; 439} 440 441/* ----------------------------------------------------------------------------- 442 Send a SCCRQ 443----------------------------------------------------------------------------- */ 444int l2tp_send_SCCRQ(int fd, struct sockaddr *peer_address, 445 struct l2tp_parameters *our_params) 446{ 447 int size; 448 449 size = prepare_SCCRQ(control_buf, MAX_CNTL_BUFFER_SIZE, our_params); 450 return l2tp_send(fd, control_buf, size, 0, peer_address, "SCCRQ"); 451} 452 453/* ----------------------------------------------------------------------------- 454 Send a CDN 455----------------------------------------------------------------------------- */ 456int l2tp_send_CDN(int fd, struct l2tp_parameters *our_params, struct l2tp_parameters *peer_params) 457{ 458 int size; 459 460 size = prepare_CDN(control_buf, MAX_CNTL_BUFFER_SIZE, our_params); 461 return l2tp_send(fd, control_buf, size, peer_params->session_id, 0, "CDN"); 462} 463 464/* ----------------------------------------------------------------------------- 465 Send a StopCCN 466----------------------------------------------------------------------------- */ 467int l2tp_send_StopCCN(int fd, struct l2tp_parameters *our_params) 468{ 469 int size; 470 471 size = prepare_StopCCN(control_buf, MAX_CNTL_BUFFER_SIZE, our_params); 472 return l2tp_send(fd, control_buf, size, 0, 0, "StopCCN"); 473} 474 475/* ----------------------------------------------------------------------------- 476----------------------------------------------------------------------------- */ 477int l2tp_data_in(int fd) 478{ 479 int size, result; 480 u_int16_t msg_type; 481 struct sockaddr from; 482 struct l2tp_parameters peer_params; 483 484 bzero(&peer_params, sizeof(peer_params)); 485 486 from.sa_len = sizeof(from); 487 RECV_PACKET(fd, control_buf, MAX_CNTL_BUFFER_SIZE, &size, (struct sockaddr*)&from, 0, "data"); 488 489 if (size == 0) { 490 // No data, reliable layer has disconnected 491 return -1; 492 } 493 494 /* process message */ 495 PROCESS_PACKET(control_buf, size, &msg_type, &peer_params, 0); 496 497 /* act on the message */ 498 switch (msg_type) { 499 case L2TP_SCCRQ: 500 case L2TP_SCCRP: 501 case L2TP_SCCCN: 502 case L2TP_ICRQ: 503 case L2TP_ICRP: 504 case L2TP_ICCN: 505 case L2TP_OCRQ: 506 case L2TP_OCRP: 507 case L2TP_OCCN: 508 error("L2TP received unexpected control message\n"); 509 //return -1; 510 break; 511 512 case L2TP_HELLO: 513 /* yeah - hello - nothing to do */ 514 break; 515 516 case L2TP_StopCCN: 517 return -1; 518 break; 519 520 case L2TP_CDN: 521 return -1; 522 break; 523 524 case L2TP_WEN: 525 case L2TP_SLI: 526 527 default: 528 /* should never get here - program error */ 529 /* ??? log error */ 530 //return -1; 531 break; 532 } 533 534 535 return 0; 536} 537 538 539/* ----------------------------------------------------------------------------- 540 Process AVPs from a received control packet 541----------------------------------------------------------------------------- */ 542int process_pkt_data(u_int8_t* buf, size_t len, u_int16_t* type, struct l2tp_parameters* params, u_int16_t expected_type) 543{ 544 u_int16_t msg_type = 0; 545 u_int16_t avp_flags; 546 u_int16_t avp_vendor; 547 u_int16_t avp_len; 548 u_int16_t avp_type; 549 u_int16_t value_len; 550 u_int16_t attr_size; 551 u_int8_t* value_buf = NULL; 552 int first_avp = 1; 553 int mandatory_msg = 0; 554 int random_vector_len = 0; 555 u_int8_t random_vector[MAX_RANDOM_VECTOR_SIZE]; 556 u_int8_t unhide_buf[MAX_AVP_VALUE_SIZE]; 557 u_int32_t avp_bitmap = 0; /* for checking if all mandatory AVPs are present */ 558 struct l2tp_avp_hdr avp_hdr; 559 560 buf += L2TP_CNTL_HDR_SIZE; 561 len -= L2TP_CNTL_HDR_SIZE; 562 563 /* 564 * process AVPs 565 */ 566 while (len > 0) { 567 /* get AVP flags and len */ 568 memcpy(&avp_hdr, buf, sizeof(struct l2tp_avp_hdr)); // Wcast-align fix - copy header to aligned struct 569 570 avp_flags = ntohs(avp_hdr.flags_len); 571 avp_len = avp_flags & L2TP_AVP_LEN_MASK; 572 avp_type = ntohs(avp_hdr.type); 573 574 /* check the avp length */ 575 if (avp_len < L2TP_AVP_HDR_SIZE || avp_len > len) { 576 error("L2TP received AVP with bad length... AVP type = %d\n", avp_type); 577 return -1; 578 } 579 580 avp_vendor = ntohs(avp_hdr.vendor_id); 581 582 /* setup ptr and len for value - inc input buf ptr to next AVP */ 583 if (value_buf != NULL) 584 free(value_buf); 585 value_buf = malloc(avp_len); // Wcast-align fix - copy avp to aligned buffer 586 memcpy(value_buf, buf + L2TP_AVP_HDR_SIZE, avp_len); 587 value_len = avp_len - L2TP_AVP_HDR_SIZE; 588 buf += avp_len; 589 len -= avp_len; 590 591 /* check that reserved flags and Vendor ID are zero */ 592 if ( (avp_flags & L2TP_AVP_FLAGS_RESERVED) != 0 || avp_vendor != 0) { 593 if (avp_flags & L2TP_AVP_FLAGS_M || first_avp) { 594 error("L2TP received invalid madatory AVP... AVP type = %d\n", avp_type); 595 return -1; 596 } else { 597 continue; 598 } 599 } 600 601 /* if first AVP - must be Message Type and cannot be hidden */ 602 if (first_avp) { 603 if (avp_type != L2TP_AVP_MSG_TYPE || avp_flags & L2TP_AVP_FLAGS_H || 604 value_len != sizeof(u_int16_t)) { 605 error("L2TP invalid Message Type AVP... AVP type = %d\n", avp_type); 606 return -1; 607 } 608 msg_type = ntohs(*(ALIGNED_CAST(u_int16_t *)value_buf)); 609 if (avp_flags & L2TP_AVP_FLAGS_M) 610 mandatory_msg = 1; 611 first_avp = 0; 612 avp_bitmap |= avp_attr[L2TP_AVP_MSG_TYPE].maskbit; 613 continue; 614 } 615 616 617 /* 618 * if AVP is hidden - unhide it 619 */ 620 if (avp_flags & L2TP_AVP_FLAGS_H) 621 if (unhide_avp(value_buf, &value_len, unhide_buf, MAX_AVP_VALUE_SIZE) < 0) { 622 error("L2TP error while unhiding a hidden AVP... AVP type = %d\n", avp_type); 623 return -1; 624 } 625 626 /* if known avp type - check avp size and mark it in bitmap */ 627 if (avp_type <= L2TP_LAST_AVP_TYPE) { 628 attr_size = avp_attr[avp_type].size; 629 if (attr_size != AVP_SIZE_VARIABLE && value_len != attr_size) { 630 error("L2TP AVP with invalid len... AVP type = %d\n", avp_type); 631 return -1; 632 } 633 avp_bitmap |= avp_attr[avp_type].maskbit; 634 } 635 636 switch (avp_type) { 637 case L2TP_AVP_PROTO_VERS: 638 params->protocol_vers = ntohs(*(ALIGNED_CAST(u_int16_t*)value_buf)); 639 if (params->protocol_vers != L2TP_PROTOCOL_VERSION) { 640 error("L2TP received message for invalid or unknown Protocol Version\n"); 641 return -1; 642 } 643 break; 644 645 case L2TP_AVP_FRAMING_CAPS: 646 /*params->framing_caps = ntohl(*((u_int32_t*)value_buf));*/ 647 break; 648 649 case L2TP_AVP_BEARER_CAPS: 650 /* params->bearer_caps = ntohl(*((u_int32_t*)value_buf));*/ 651 break; 652 653 case L2TP_AVP_TIE_BREAKER: 654 /*params->tie_breaker[0] = ntohl(*(((u_int32_t*)value_buf)++));*/ 655 /*params->tie_breaker[1] = ntohl(*((u_int32_t*)value_buf));*/ 656 break; 657 658 case L2TP_AVP_FIRMWARE_REV: 659 params->firmware_rev = ntohs(*(ALIGNED_CAST(u_int16_t*)value_buf)); 660 break; 661 662 case L2TP_AVP_HOST_NAME: 663 if (value_len >= sizeof(params->host_name)) 664 value_len = sizeof(params->host_name) - 1; 665 bcopy(value_buf, params->host_name, value_len); 666 params->host_name[value_len] = 0; 667 break; 668 669 case L2TP_AVP_VENDOR_NAME: 670 if (value_len >= sizeof(params->vendor_name)) 671 value_len = sizeof(params->vendor_name) - 1; 672 bcopy(value_buf, params->vendor_name, value_len); 673 params->vendor_name[value_len] = 0; 674 break; 675 676 case L2TP_AVP_TUNNEL_ID: 677 if ((params->tunnel_id = ntohs(*(ALIGNED_CAST(u_int16_t*)value_buf))) == 0) { 678 error("L2TP received invalid Assigned Tunnel ID\n"); 679 return -1; 680 } 681 break; 682 683 case L2TP_AVP_WINDOW_SIZE: 684 if ((params->window_size = ntohs(*(ALIGNED_CAST(u_int16_t*)value_buf))) == 0) { 685 params->window_size = 4; 686 } 687 break; 688 689 case L2TP_AVP_SESSION_ID: 690 if ((params->session_id = ntohs(*(ALIGNED_CAST(u_int16_t*)value_buf))) == 0) { 691 error("L2TP received invalid Assigned Session ID\n"); 692 return -1; 693 } 694 break; 695 696 case L2TP_AVP_CHALLENGE: 697 /* we don't handle this right now */ 698 error("L2TP received Auth Challenge AVP - not supported\n"); 699 break; 700 701 case L2TP_AVP_CHALLENGE_RESP: 702 /* we don't handle this right now */ 703 error("L2TP received Auth Challenge Response AVP - not supported\n"); 704 break; 705 706 case L2TP_AVP_CALL_SERIAL_NUM: 707 params->call_serial_num = ntohl(*(ALIGNED_CAST(u_int32_t*)value_buf)); 708 break; 709 710 case L2TP_AVP_BEARER_TYPE: 711 /*params->bearer_type = ntohl(*((u_int32_t*)value_buf));*/ 712 break; 713 714 case L2TP_AVP_CALLED_NUM: 715 #if 0 716 if (value_len > MAX_CALLED_NUM_SIZE) 717 value_len = MAX_CALLED_NUM_SIZE; 718 bcopy(value_buf, params->called_num, value_len); 719 params->called_num[value_len] = 0; 720 #endif 721 break; 722 723 case L2TP_AVP_CALLING_NUM: 724 #if 0 725 if (value_len > MAX_CALLING_NUM_SIZE) 726 value_len = MAX_CALLING_NUM_SIZE; 727 bcopy(value_buf, params->calling_num, value_len); 728 params->calling_num[value_len] = 0; 729 #endif 730 break; 731 732 case L2TP_AVP_SUB_ADDRESS: 733 #if 0 734 if (value_len > MAX_SUB_ADDRESS_SIZE) 735 value_len = MAX_SUB_ADDRESS_SIZE; 736 bcopy(value_buf, params->sub_address, value_len); 737 params->sub_address[value_len] = 0; 738 #endif 739 break; 740 741 case L2TP_AVP_PHYS_CHANNEL_ID: 742 /*params->phys_channel_id = ntohl(*((u_unt32_t*)value_buf));*/ 743 break; 744 745 case L2TP_AVP_FRAMING_TYPE: 746 /*params->framing_type = ntohl(*((u_unt32_t*)value_buf));*/ 747 break; 748 749 case L2TP_AVP_TX_CONNECT_SPEED: 750 /*params->tx_connect_speed = ntohl(*((u_unt32_t*)value_buf));*/ 751 break; 752 753 case L2TP_AVP_RX_CONNECT_SPEED: 754 /*params->tx_connect_speed = ntohl(*((u_unt32_t*)value_buf));*/ 755 break; 756 757 case L2TP_AVP_PRIVATE_GROUP_ID: 758 #if 0 759 if (value_len > MAX_PRIV_GROUP_ID_SIZE) 760 value_len = MAX_PRIV_GROUP_ID_SIZE; 761 bcopy(value_buf, params->priv_group_id, value_len); 762 params->priv_group_id[value_len] = 0; 763 #endif 764 break; 765 766 case L2TP_AVP_SEQ_REQUIRED: 767 params->seq_required = 1; 768 break; 769 770 case L2TP_AVP_INIT_RECVD_CONFREQ: 771 case L2TP_AVP_LAST_SENT_CONFREQ: 772 case L2TP_AVP_LAST_RECVD_CONFREQ: 773 /* ignore */ 774 break; 775 776 case L2TP_AVP_PROXY_AUTH_TYPE: 777 case L2TP_AVP_PROXY_AUTH_NAME: 778 case L2TP_AVP_PROXY_AUTH_CHALLENGE: 779 case L2TP_AVP_PROXY_AUTH_ID: 780 case L2TP_AVP_PROXY_AUTH_RESP: 781 /* ignore for now */ 782 break; 783 784 case L2TP_AVP_ACCM: 785 /* ignore */ 786 break; 787 788 case L2TP_AVP_RAND_VECT: 789 if (value_len <= MAX_RANDOM_VECTOR_SIZE) { 790 random_vector_len = value_len; 791 bcopy(value_buf, random_vector, value_len); 792 } else { 793 error("L2TP received larger than supported Random Vector\n"); 794 return -1; 795 } 796 break; 797 798 case L2TP_AVP_RESULT_CODE: 799 if (value_len < sizeof(u_int16_t)) { 800 error("L2TP received Result Code AVP with invalid length\n"); 801 return -1; 802 } 803 params->result_code = ntohs(*(ALIGNED_CAST(u_int16_t*)value_buf)); 804 if (value_len >= sizeof(u_int32_t)) { 805 params->error_code = ntohs(*(ALIGNED_CAST(u_int16_t*)value_buf + 1)); 806 if (value_len -= sizeof(u_int32_t)) { 807 if (value_len >= sizeof(params->error_message)) 808 value_len = sizeof(params->error_message) - 1; 809 bcopy(value_buf + sizeof(u_int32_t), params->error_message, value_len); 810 } 811 params->error_message[value_len] = 0; 812 } 813 break; 814 815 case L2TP_AVP_CALL_ERRORS: 816 #define AVP_CALL_ERRORS_SIZE 26 817 #define AVP_CALL_ERRORS_COUNT 6 818 819 if (value_len != AVP_CALL_ERRORS_SIZE) { 820 error("L2TP received Call Errors AVP with invalid length\n"); 821 return -1; 822 } 823 { 824 u_int32_t aligned_values[AVP_CALL_ERRORS_COUNT]; 825 /* copy data to aligned buf leaving off the reserved field */ 826 memcpy(aligned_values, value_buf + sizeof(u_int16_t), AVP_CALL_ERRORS_COUNT * sizeof(u_int32_t)); 827 828 params->crc_errors = ntohl(aligned_values[0]); 829 params->framing_errors = ntohl(aligned_values[1]); 830 params->hardware_overruns = ntohl(aligned_values[2]); 831 params->buffer_overruns = ntohl(aligned_values[3]); 832 params->timeout_errors = ntohl(aligned_values[4]); 833 params->alignment_errors = ntohl(aligned_values[5]); 834 } 835 break; 836 837 838 case L2TP_AVP_CAUSE_CODE: 839 if (value_len < sizeof(u_int16_t) + sizeof(u_int8_t)) { 840 error("L2TP received Cause Code AVP with invalid length\n"); 841 return -1; 842 } 843 params->cause_code = ntohs(*(ALIGNED_CAST(u_int16_t*)value_buf)); 844 params->cause_message = *(value_buf + sizeof(u_int16_t)); 845 if (value_len -= (sizeof(u_int16_t) + sizeof(u_int8_t))) { 846 if (value_len >= sizeof(params->advisory_message)) 847 value_len = sizeof(params->advisory_message) - 1; 848 bcopy(value_buf + sizeof(u_int16_t) + sizeof(u_int8_t), params->advisory_message, value_len); 849 } 850 params->advisory_message[value_len] = 0; 851 break; 852 853 854 855 default: 856 /* ??? log error - unknown AVP type */ 857 if (avp_flags & L2TP_AVP_FLAGS_M) { 858 error("L2TP received unknown mandatory AVP... AVP type = %d\n", avp_type); 859 return -1; 860 } else { 861 /* log unknown AVP */ 862 } 863 break; 864 } 865 } 866 if (value_buf != NULL) 867 free(value_buf); 868 869 870 /* 871 * Message-type specific processing 872 * Check if all required AVPs have been received 873 */ 874 switch (msg_type) { 875 case L2TP_HELLO: 876 if ((avp_bitmap & L2TP_HELLO_BITMAP) != L2TP_HELLO_BITMAP) { 877 error("L2TP received Hello control message with missing mandatory parameters\n"); 878 return -1; 879 } 880 break; 881 case L2TP_SCCRQ: 882 if ((avp_bitmap & L2TP_SCCRQ_BITMAP) != L2TP_SCCRQ_BITMAP) { 883 error("L2TP received SCCRQ control message with missing mandatory parameters\n"); 884 return -1; 885 } 886 break; 887 case L2TP_SCCRP: 888 if ((avp_bitmap & L2TP_SCCRP_BITMAP) != L2TP_SCCRP_BITMAP) { 889 error("L2TP received SCCRP control message with missing mandatory parameters\n"); 890 return -1; 891 } 892 break; 893 case L2TP_SCCCN: 894 if ((avp_bitmap & L2TP_SCCCN_BITMAP) != L2TP_SCCCN_BITMAP) { 895 error("L2TP received SCCN control message with missing mandatory parameters\n"); 896 return -1; 897 } 898 break; 899 case L2TP_StopCCN: 900 if ((avp_bitmap & L2TP_StopCCN_BITMAP) != L2TP_StopCCN_BITMAP) { 901 error("L2TP received StopCCN control message with missing mandatory parameters\n"); 902 return -1; 903 } 904 break; 905 case L2TP_ICRQ: 906 if ((avp_bitmap & L2TP_ICRQ_BITMAP) != L2TP_ICRQ_BITMAP) { 907 error("L2TP received ICRQ control message with missing mandatory parameters\n"); 908 return -1; 909 } 910 break; 911 case L2TP_ICRP: 912 if ((avp_bitmap & L2TP_ICRP_BITMAP) != L2TP_ICRP_BITMAP) { 913 error("L2TP received ICRP control message with missing mandatory parameters\n"); 914 return -1; 915 } 916 break; 917 case L2TP_ICCN: 918 if ((avp_bitmap & L2TP_ICCN_BITMAP) != L2TP_ICCN_BITMAP) { 919 error("L2TP received ICCN control message with missing mandatory parameters\n"); 920 return -1; 921 } 922 break; 923 case L2TP_CDN: 924 if ((avp_bitmap & L2TP_CDN_BITMAP) != L2TP_CDN_BITMAP) { 925 error("L2TP received CDN control message with missing mandatory parameters\n"); 926 return -1; 927 } 928 break; 929 case L2TP_WEN: 930 if ((avp_bitmap & L2TP_WEN_BITMAP) != L2TP_WEN_BITMAP) { 931 error("L2TP received WEN control message with missing mandatory parameters\n"); 932 return -1; 933 } 934 break; 935 case L2TP_SLI: 936 if ((avp_bitmap & L2TP_SLI_BITMAP) != L2TP_SLI_BITMAP) { 937 error("L2TP received SLI control message with missing mandatory parameters\n"); 938 return -1; 939 } 940 break; 941 942 case L2TP_OCRQ: 943 case L2TP_OCRP: 944 case L2TP_OCCN: 945 error("L2TP reveived unsupported message type\n"); 946 return -1; 947 break; 948 949 default: 950 if (mandatory_msg) { 951 error("L2TP received unknown mandatory message type\n"); 952 return -1; 953 } 954 /* ??? log error */ 955 msg_type = 0; 956 break; 957 958 } 959 960 *type = msg_type; 961 962 if (msg_type != L2TP_HELLO) 963 dbglog("L2TP received %s\n", msg_type_str(msg_type)); 964 if (expected_type && msg_type != expected_type) { 965 error("L2TP received invalid message (expected %s, received %s)", msg_type_str(expected_type), msg_type_str(msg_type)); 966 return -1; 967 } 968 return 0; 969} 970 971/* ----------------------------------------------------------------------------- 972----------------------------------------------------------------------------- */ 973char *msg_type_str(u_int16_t msg_type) 974{ 975 static char text[255]; 976 977 switch (msg_type) { 978 case ZLB_ACK: return "ZLB_ACK"; /* shouldn't happen */ 979 case L2TP_SCCRQ: return "SCCRQ"; 980 case L2TP_SCCRP: return "SCCRP"; 981 case L2TP_SCCCN: return "SCCCN"; 982 case L2TP_StopCCN: return "StopCCN"; 983 case L2TP_HELLO: return "Hello"; 984 case L2TP_OCRQ: return "OCRQ"; 985 case L2TP_OCCN: return "OCCN"; 986 case L2TP_ICRQ: return "ICRQ"; 987 case L2TP_ICRP: return "ICRP"; 988 case L2TP_ICCN: return "ICCN"; 989 case L2TP_CDN: return "CDN"; 990 case L2TP_WEN: return "WEN"; 991 case L2TP_SLI: return "SLI"; 992 } 993 snprintf(text, sizeof(text), "unknown message (type = 0x%x)", msg_type); 994 return (text); 995} 996 997/* ----------------------------------------------------------------------------- 998 unhide_avp 999----------------------------------------------------------------------------- */ 1000int unhide_avp(u_int8_t* value_buf, u_int16_t* value_len, u_int8_t* unhide_buf, size_t buf_len) 1001{ 1002 /* not implemented yet */ 1003 return -1; 1004} 1005 1006/* ----------------------------------------------------------------------------- 1007 Prepare SCCRQ AVPs for sending 1008 returns space used 1009----------------------------------------------------------------------------- */ 1010size_t prepare_SCCRQ(u_int8_t* buf, size_t len, struct l2tp_parameters* params) 1011{ 1012 size_t used; 1013 1014 if ( (used = prepare_SCCRX(buf, len, L2TP_SCCRQ, params)) == 0) 1015 return 0; 1016 1017#if 0 1018 buf += used; 1019 len -= used; 1020 1021 /* add additional AVPs here - if required */ 1022 1023#endif 1024 1025 return used; 1026} 1027 1028/* ----------------------------------------------------------------------------- 1029 Prepare SCCRP AVPs for sending 1030 returns space used 1031----------------------------------------------------------------------------- */ 1032size_t prepare_SCCRP(u_int8_t* buf, size_t len, struct l2tp_parameters* params) 1033{ 1034 size_t used; 1035 1036 if ( (used = prepare_SCCRX(buf, len, L2TP_SCCRP, params)) == 0) 1037 return 0; 1038 1039#if 0 1040 buf += used; 1041 len -= used; 1042 1043 /* add additional AVPs here - if required */ 1044 1045#endif 1046 1047 return used; 1048} 1049 1050/* ----------------------------------------------------------------------------- 1051 Prepare common AVPs for sending SCCRQ and SCCRP 1052 returns space used 1053----------------------------------------------------------------------------- */ 1054size_t prepare_SCCRX(u_int8_t* buf, size_t len, u_int16_t type, struct l2tp_parameters* params) 1055{ 1056 size_t size; 1057 size_t free_space = len; 1058 1059 buf += L2TP_CNTL_HDR_SIZE; 1060 free_space -= L2TP_CNTL_HDR_SIZE; 1061 1062 /* Message Type */ 1063 if (make_avp_short(&buf, &free_space, L2TP_AVP_MSG_TYPE, type, L2TP_AVP_FLAGS_M)) 1064 return 0; 1065 1066 /* Protocol Version */ 1067 if (make_avp_short(&buf, &free_space, L2TP_AVP_PROTO_VERS, params->protocol_vers, L2TP_AVP_FLAGS_M)) 1068 return 0; 1069 1070 /* Framing Capabililites */ 1071 if (make_avp_long(&buf, &free_space, L2TP_AVP_FRAMING_CAPS, params->framing_caps, L2TP_AVP_FLAGS_M)) 1072 return 0; 1073 1074 /* Host name */ 1075 size = strlen((char*)params->host_name) + 1; 1076 if (make_avp_hdr(&buf, &free_space, L2TP_AVP_HOST_NAME, size, L2TP_AVP_FLAGS_M)) 1077 return 0; 1078 bcopy(params->host_name, buf, size); 1079 buf += size; 1080 1081 /* Assigned Tunnel ID */ 1082 if (make_avp_short(&buf, &free_space, L2TP_AVP_TUNNEL_ID, params->tunnel_id, L2TP_AVP_FLAGS_M)) 1083 return 0; 1084 1085 /* Receive Window Size */ 1086 if (make_avp_short(&buf, &free_space, L2TP_AVP_WINDOW_SIZE, params->window_size, L2TP_AVP_FLAGS_M)) 1087 return 0; 1088 1089 return len - free_space; 1090} 1091 1092/* ----------------------------------------------------------------------------- 1093 Prepare SCCN AVPs for sending 1094 returns space used 1095----------------------------------------------------------------------------- */ 1096size_t prepare_SCCCN(u_int8_t* buf, size_t len) 1097{ 1098 size_t free_space = len; 1099 1100 buf += L2TP_CNTL_HDR_SIZE; 1101 free_space -= L2TP_CNTL_HDR_SIZE; 1102 1103 /* Message Type */ 1104 if (make_avp_short(&buf, &free_space, L2TP_AVP_MSG_TYPE, L2TP_SCCCN, L2TP_AVP_FLAGS_M)) 1105 return 0; 1106 1107 return len - free_space; 1108} 1109 1110/* ----------------------------------------------------------------------------- 1111 Prepare StopCCN AVPs for sending 1112 returns space used 1113----------------------------------------------------------------------------- */ 1114int prepare_StopCCN(u_int8_t* buf, size_t len, struct l2tp_parameters* params) 1115{ 1116 size_t free_space = len; 1117 u_int16_t avp_size; 1118 u_int16_t str_size = 0; 1119 1120 buf += L2TP_CNTL_HDR_SIZE; 1121 free_space -= L2TP_CNTL_HDR_SIZE; 1122 1123 /* Message Type */ 1124 if (make_avp_short(&buf, &free_space, L2TP_AVP_MSG_TYPE, L2TP_StopCCN, L2TP_AVP_FLAGS_M)) 1125 return 0; 1126 1127 /* Assigned Tunnel ID */ 1128 if (make_avp_short(&buf, &free_space, L2TP_AVP_TUNNEL_ID, params->tunnel_id, L2TP_AVP_FLAGS_M)) 1129 return 0; 1130 1131 /* Result Code */ 1132 1133 avp_size = L2TP_AVP_HDR_SIZE + sizeof(u_int16_t); 1134 if (params->error_code != 0) 1135 avp_size += (sizeof(u_int16_t) + (str_size = strlen((char*)params->error_message))); 1136 if (make_avp_hdr(&buf, &free_space, L2TP_AVP_RESULT_CODE, avp_size, L2TP_AVP_FLAGS_M)) 1137 return 0; 1138 memcpy(buf, ¶ms->result_code, sizeof(u_int16_t)); // Wcast-align fix - memcpy for unaligned access 1139 buf += sizeof(u_int16_t); 1140 if (params->error_code) 1141 { 1142 memcpy(buf, ¶ms->error_code, sizeof(u_int16_t)); // Wcast-align fix - memcpy for unaligned access 1143 buf += sizeof(u_int16_t); 1144 memcpy(buf, params->error_message, str_size); // Wcast-align fix - memcpy for unaligned access 1145 buf += str_size; 1146 } 1147 1148 return len - free_space; 1149} 1150 1151/* ----------------------------------------------------------------------------- 1152 Prepare Hello AVPs for sending 1153 returns space used 1154----------------------------------------------------------------------------- */ 1155int prepare_Hello(u_int8_t* buf, size_t len) 1156{ 1157 size_t free_space = len; 1158 1159 buf += L2TP_CNTL_HDR_SIZE; 1160 free_space -= L2TP_CNTL_HDR_SIZE; 1161 1162 /* Message Type */ 1163 if (make_avp_short(&buf, &free_space, L2TP_AVP_MSG_TYPE, L2TP_HELLO, L2TP_AVP_FLAGS_M)) 1164 return 0; 1165 1166 return len - free_space; 1167} 1168 1169/* ----------------------------------------------------------------------------- 1170 Prepare ICRQ AVPs for sending 1171 returns space used 1172----------------------------------------------------------------------------- */ 1173int prepare_ICRQ(u_int8_t* buf, size_t len, struct l2tp_parameters* params) 1174{ 1175 size_t free_space = len; 1176 1177 buf += L2TP_CNTL_HDR_SIZE; 1178 free_space -= L2TP_CNTL_HDR_SIZE; 1179 1180 /* Message Type */ 1181 if (make_avp_short(&buf, &free_space, L2TP_AVP_MSG_TYPE, L2TP_ICRQ, L2TP_AVP_FLAGS_M)) 1182 return 0; 1183 1184 /* Assigned Session ID */ 1185 if (make_avp_short(&buf, &free_space, L2TP_AVP_SESSION_ID, params->session_id, L2TP_AVP_FLAGS_M)) 1186 return 0; 1187 1188 /* Call Serial Number */ 1189 if (make_avp_long(&buf, &free_space, L2TP_AVP_CALL_SERIAL_NUM, params->call_serial_num, L2TP_AVP_FLAGS_M)) 1190 return 0; 1191 1192 return len - free_space; 1193} 1194 1195/* ----------------------------------------------------------------------------- 1196 Prepare ICRP AVPs for sending 1197 returns space used 1198----------------------------------------------------------------------------- */ 1199int prepare_ICRP(u_int8_t* buf, size_t len, struct l2tp_parameters* params) 1200{ 1201 size_t free_space = len; 1202 1203 buf += L2TP_CNTL_HDR_SIZE; 1204 free_space -= L2TP_CNTL_HDR_SIZE; 1205 1206 /* Message Type */ 1207 if (make_avp_short(&buf, &free_space, L2TP_AVP_MSG_TYPE, L2TP_ICRP, L2TP_AVP_FLAGS_M)) 1208 return 0; 1209 1210 /* Assigned Session ID */ 1211 if (make_avp_short(&buf, &free_space, L2TP_AVP_SESSION_ID, params->session_id, L2TP_AVP_FLAGS_M)) 1212 return 0; 1213 1214 return len - free_space; 1215} 1216 1217/* ----------------------------------------------------------------------------- 1218 Prepare ICCN AVPs for sending 1219 returns space used 1220----------------------------------------------------------------------------- */ 1221size_t prepare_ICCN(u_int8_t* buf, size_t len, struct l2tp_parameters* params) 1222{ 1223 size_t free_space = len; 1224 1225 buf += L2TP_CNTL_HDR_SIZE; 1226 free_space -= L2TP_CNTL_HDR_SIZE; 1227 1228 /* Message Type */ 1229 if (make_avp_short(&buf, &free_space, L2TP_AVP_MSG_TYPE, L2TP_ICCN, L2TP_AVP_FLAGS_M)) 1230 return 0; 1231 1232 /* TX Connect Speed */ 1233 if (make_avp_long(&buf, &free_space, L2TP_AVP_TX_CONNECT_SPEED, params->tx_connect_speed, L2TP_AVP_FLAGS_M)) 1234 return 0; 1235 1236 /* Framing Type */ 1237 if (make_avp_long(&buf, &free_space, L2TP_AVP_FRAMING_TYPE, params->framing_type, L2TP_AVP_FLAGS_M)) 1238 return 0; 1239 1240 return len - free_space; 1241} 1242 1243/* ----------------------------------------------------------------------------- 1244 Prepare CDN AVPs for sending 1245 returns space used 1246----------------------------------------------------------------------------- */ 1247size_t prepare_CDN(u_int8_t* buf, size_t len, struct l2tp_parameters* params) 1248{ 1249 size_t free_space = len; 1250 u_int16_t avp_size; 1251 u_int16_t str_size = 0; 1252 1253 buf += L2TP_CNTL_HDR_SIZE; 1254 free_space -= L2TP_CNTL_HDR_SIZE; 1255 1256 /* Message Type */ 1257 if (make_avp_short(&buf, &free_space, L2TP_AVP_MSG_TYPE, L2TP_CDN, L2TP_AVP_FLAGS_M)) 1258 return 0; 1259 1260 /* Assigned Session ID */ 1261 if (make_avp_short(&buf, &free_space, L2TP_AVP_SESSION_ID, params->session_id, L2TP_AVP_FLAGS_M)) 1262 return 0; 1263 1264 /* Result Code */ 1265 avp_size = L2TP_AVP_HDR_SIZE + sizeof(u_int16_t); 1266 if (params->error_code != 0) 1267 avp_size += (sizeof(u_int16_t) + (str_size = strlen((char*)params->error_message))); 1268 if (make_avp_hdr(&buf, &free_space, L2TP_AVP_RESULT_CODE, avp_size, L2TP_AVP_FLAGS_M)) 1269 return 0; 1270 memcpy(buf, ¶ms->result_code, sizeof(u_int16_t)); // Wcast-align fix - memcpy for unaligned access 1271 buf += sizeof(u_int16_t); 1272 if (params->error_code) 1273 { 1274 memcpy(buf, ¶ms->error_code, sizeof(u_int16_t)); // Wcast-align fix - memcpy for unaligned access 1275 buf += sizeof(u_int16_t); 1276 memcpy(buf, params->error_message, str_size); // Wcast-align fix - memcpy for unaligned access 1277 buf += str_size; 1278 } 1279 1280 /* Cause Code - optional */ 1281 //avp_size = L2TP_AVP_HDR_SIZE + sizeof(u_int16_t); 1282 //if (params->cause_message != 0) 1283 // avp_size += (sizeof(u_int8_t) + (str_size = strlen(params->advisory_message))); 1284 //if (make_avp_hdr(&buf, &free_space, L2TP_AVP_CAUSE_CODE, avp_size, L2TP_AVP_FLAGS_M)) 1285 // return 0; 1286 //if (params->cause_message) 1287 //{ 1288 // *(((u_int8_t*)buf)++) = params->cause_message; 1289 // bcopy(params->error_message, buf, str_size); 1290 // buf += str_size; 1291 //} 1292 1293 return len - free_space; 1294} 1295 1296#ifdef UNUSED 1297/* ----------------------------------------------------------------------------- 1298 Prepare WEN AVPs for sending 1299 returns space used 1300----------------------------------------------------------------------------- */ 1301size_t prepare_WEN(u_int8_t* buf, size_t len, struct l2tp_parameters* params) 1302{ 1303 size_t free_space = len; 1304 1305 buf += L2TP_CNTL_HDR_SIZE; 1306 free_space -= L2TP_CNTL_HDR_SIZE; 1307 1308 /* Message Type */ 1309 if (make_avp_short(&buf, &free_space, L2TP_AVP_MSG_TYPE, L2TP_WEN, L2TP_AVP_FLAGS_M)) 1310 return 0; 1311 1312 /* Call Errors */ 1313 if (make_avp_hdr(&buf, &free_space, L2TP_AVP_CALL_ERRORS, 26, L2TP_AVP_FLAGS_M)) 1314 return 0; 1315 1316 ((u_int16_t*)buf)++; /* skip reserved field */ 1317 *(((u_int32_t*)buf)++) = htonl(params->crc_errors); 1318 *(((u_int32_t*)buf)++) = htonl(params->framing_errors); 1319 *(((u_int32_t*)buf)++) = htonl(params->hardware_overruns); 1320 *(((u_int32_t*)buf)++) = htonl(params->buffer_overruns); 1321 *(((u_int32_t*)buf)++) = htonl(params->timeout_errors); 1322 *(((u_int32_t*)buf)++) = htonl(params->alignment_errors); 1323 1324 return len - free_space; 1325} 1326#endif 1327 1328/* ----------------------------------------------------------------------------- 1329 Make an AVP header in the specified buffer 1330 updates the buf to point to value field 1331 decrements len with size of header and value 1332----------------------------------------------------------------------------- */ 1333int make_avp_hdr(u_int8_t** buf, size_t* len, u_int16_t type, size_t value_size, u_int16_t flags) 1334{ 1335 u_int16_t val; 1336 1337 if (*len < L2TP_AVP_HDR_SIZE + value_size) 1338 return -1; 1339 1340 *len -= (L2TP_AVP_HDR_SIZE + value_size); 1341 val = htons((L2TP_AVP_HDR_SIZE + value_size) | flags); 1342 memcpy(*buf, &val, sizeof(val)); // Wcast-align fix - memcpy for unaligned move 1343 *buf += sizeof(u_int16_t); 1344 val = 0; 1345 memcpy(*buf, &val, sizeof(val)); // Wcast-align fix - memcpy for unaligned move 1346 *buf += sizeof(u_int16_t); 1347 val = htons(type); 1348 memcpy(*buf, &val, sizeof(val)); // Wcast-align fix - memcpy for unaligned move 1349 *buf += sizeof(u_int16_t); 1350 1351 return 0; 1352} 1353 1354/* ----------------------------------------------------------------------------- 1355 Make an AVP for a 2 byte value 1356 updates the buf to point to the next AVP location 1357 decrements len 1358----------------------------------------------------------------------------- */ 1359int make_avp_short(u_int8_t** buf, size_t* len, u_int16_t type, u_int16_t value, u_int16_t flags) 1360{ 1361 u_int16_t val; 1362 1363 if (*len < L2TP_AVP_HDR_SIZE + sizeof(u_int16_t)) 1364 return -1; 1365 1366 *len -= (L2TP_AVP_HDR_SIZE + sizeof(u_int16_t)); 1367 val = htons((L2TP_AVP_HDR_SIZE + sizeof(u_int16_t)) | flags); 1368 memcpy(*buf, &val, sizeof(val)); // Wcast-align fix - memcpy for unaligned move 1369 *buf += sizeof(u_int16_t); 1370 val = 0; 1371 memcpy(*buf, &val, sizeof(val)); // Wcast-align fix - memcpy for unaligned move 1372 *buf += sizeof(u_int16_t); 1373 val = htons(type); 1374 memcpy(*buf, &val, sizeof(val)); // Wcast-align fix - memcpy for unaligned move 1375 *buf += sizeof(u_int16_t); 1376 val = htons(value); 1377 memcpy(*buf, &val, sizeof(val)); // Wcast-align fix - memcpy for unaligned move 1378 *buf += sizeof(u_int16_t); 1379 1380 return 0; 1381} 1382 1383/* ----------------------------------------------------------------------------- 1384 Make an AVP for a 4 byte value 1385 updates the buf to point to the next AVP location 1386 decrements len 1387----------------------------------------------------------------------------- */ 1388int make_avp_long(u_int8_t** buf, size_t* len, u_int16_t type, u_int32_t value, u_int16_t flags) 1389{ 1390 u_int16_t short_val; 1391 u_int32_t long_val; 1392 1393 if (*len < L2TP_AVP_HDR_SIZE + sizeof(u_int32_t)) 1394 return -1; 1395 1396 *len -= (L2TP_AVP_HDR_SIZE + sizeof(u_int32_t)); 1397 short_val = htons((L2TP_AVP_HDR_SIZE + sizeof(u_int32_t)) | flags); 1398 memcpy(*buf, &short_val, sizeof(short_val)); // Wcast-align fix - memcpy for unaligned move 1399 *buf += sizeof(u_int16_t); 1400 short_val = 0; 1401 memcpy(*buf, &short_val, sizeof(short_val)); // Wcast-align fix - memcpy for unaligned move 1402 *buf += sizeof(u_int16_t); 1403 short_val = htons(type); 1404 memcpy(*buf, &short_val, sizeof(short_val)); // Wcast-align fix - memcpy for unaligned move 1405 *buf += sizeof(u_int16_t); 1406 long_val = htonl(value); 1407 memcpy(*buf, &long_val, sizeof(long_val)); // Wcast-align fix - memcpy for unaligned move 1408 *buf += sizeof(u_int32_t); 1409 1410 return 0; 1411} 1412 1413/* ----------------------------------------------------------------------------- 1414----------------------------------------------------------------------------- */ 1415int l2tp_send(int fd, u_int8_t* buf, int len, u_int16_t session_id, struct sockaddr *to, char *text) 1416{ 1417 size_t result; 1418 struct sockaddr addr; 1419 u_int16_t tmp; 1420 1421 if (len <= 0) { 1422 error("L2TP incorrect size when trying to send %s\n", text); 1423 return 0; 1424 } 1425 1426 /* specify the session id to send to. All other fields are taken care of in the extension */ 1427 tmp = htons(session_id); 1428 memcpy(buf + (3 * sizeof(u_int16_t)), &tmp, sizeof(u_int16_t)); // Wcast-align fix - memcpy for unaligned access 1429 1430 /* null address structure */ 1431 bzero(&addr, sizeof(addr)); 1432 addr.sa_len = sizeof(addr); 1433 1434 while ((result = sendto(fd, buf, len, 0, to ? to : &addr, to ? to->sa_len : addr.sa_len)) == -1) { 1435 if (kill_link) 1436 return -2; 1437 if (errno != EINTR) { 1438 error("L2TP error sending %s (%m)", text); 1439 return -1; 1440 } 1441 } 1442 1443 if (strcmp(text, "Hello")) 1444 dbglog("L2TP sent %s\n", text); 1445 1446 return 0; 1447} 1448 1449/* ----------------------------------------------------------------------------- 1450----------------------------------------------------------------------------- */ 1451int l2tp_recv(int fd, u_int8_t* buf, int len, int *outlen, struct sockaddr *from, int timeout, char *text) 1452{ 1453 socklen_t addrlen = from->sa_len; 1454 ssize_t result; 1455 struct timeval tv; 1456 fd_set rset; 1457 int maxfd; 1458 1459 if (timeout) { 1460 for (;;) { 1461 FD_ZERO(&rset); 1462 FD_SET(fd, &rset); 1463 maxfd = fd + 1; 1464 tv.tv_sec = timeout; 1465 tv.tv_usec = 0; 1466 if ((result = select(maxfd, &rset, 0, 0, timeout != -1 ? &tv : 0)) == 0) { 1467 if (debug > 1) 1468 dbglog("L2TP timeout receiving %s\n", text); 1469 return -1; 1470 } 1471 if (kill_link) 1472 return -2; 1473 if (result > 0) 1474 break; 1475 if (errno != EINTR) 1476 goto fail; 1477 } 1478 } 1479 1480 while ((result = recvfrom(fd, buf, len, MSG_DONTWAIT, from, &addrlen)) < 0) { 1481 if (kill_link) 1482 return -2; 1483 if (errno != EINTR) 1484 goto fail; 1485 } 1486 1487 *outlen = result; 1488 return 0; 1489 1490fail: 1491 error("L2TP receive error trying to read %s (%m)\n", text); 1492 return -1; 1493} 1494