1/*	$OpenBSD: l2tp_subr.c,v 1.5 2023/09/11 07:33:07 yasuoka Exp $	*/
2
3/*-
4 * Copyright (c) 2009 Internet Initiative Japan Inc.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28/* $Id: l2tp_subr.c,v 1.5 2023/09/11 07:33:07 yasuoka Exp $ */
29/**@file L2TP related sub-routines */
30#include <sys/types.h>
31#include <sys/time.h>
32#include <sys/socket.h>
33#include <netinet/in.h>
34#include <stdlib.h>
35#include <stdio.h>
36#include <syslog.h>
37#include <string.h>
38#include <event.h>
39
40#ifdef USE_LIBSOCKUTIL
41#include <seil/sockfromto.h>
42#endif
43
44#include "debugutil.h"
45#include "hash.h"
46#include "bytebuf.h"
47#include "slist.h"
48#include "l2tp.h"
49#include "l2tp_subr.h"
50#include "l2tp_local.h"
51
52#ifdef	L2TP_SUBR_DEBUG
53#define	L2TP_SUBR_ASSERT(x)	ASSERT(x)
54#else
55#define	L2TP_SUBR_ASSERT(x)
56#endif
57
58/*
59 * AVP
60 */
61int
62avp_enum(struct l2tp_avp *avp, const u_char *pkt, int pktlen, int filldata)
63{
64	uint16_t flags;
65
66	L2TP_SUBR_ASSERT(pktlen >= 6);
67
68	if (pktlen < 6)
69		return -1;
70
71	GETSHORT(flags, pkt);
72
73	avp->is_mandatory = ((flags & 0x8000) != 0)? 1 : 0;
74	avp->is_hidden = ((flags & 0x4000) != 0)? 1 : 0;
75	avp->length = flags & 0x03ff;
76
77	GETSHORT(avp->vendor_id, pkt);
78
79	avp->attr_type = *pkt << 8;
80	avp->attr_type |= *(pkt + 1);
81	pkt += 2;
82
83	if (avp->length < 6 || avp->length > pktlen)
84		return -1;
85
86	if (avp->length > 6 && filldata != 0)
87		memcpy(avp->attr_value, pkt, avp->length - 6);
88
89	return avp->length;
90}
91
92#define	NAME_VAL(x)	{ x, #x }
93static struct _label_name {
94	int		label;
95	const char	*name;
96}
97l2tp_mes_type_names[] = {
98	NAME_VAL(L2TP_AVP_MESSAGE_TYPE_SCCRQ),
99	NAME_VAL(L2TP_AVP_MESSAGE_TYPE_SCCRP),
100	NAME_VAL(L2TP_AVP_MESSAGE_TYPE_SCCCN),
101	NAME_VAL(L2TP_AVP_MESSAGE_TYPE_StopCCN),
102	NAME_VAL(L2TP_AVP_MESSAGE_TYPE_HELLO),
103	NAME_VAL(L2TP_AVP_MESSAGE_TYPE_OCRQ),
104	NAME_VAL(L2TP_AVP_MESSAGE_TYPE_OCRP),
105	NAME_VAL(L2TP_AVP_MESSAGE_TYPE_OCCN),
106	NAME_VAL(L2TP_AVP_MESSAGE_TYPE_ICRQ),
107	NAME_VAL(L2TP_AVP_MESSAGE_TYPE_ICRP),
108	NAME_VAL(L2TP_AVP_MESSAGE_TYPE_ICCN),
109	NAME_VAL(L2TP_AVP_MESSAGE_TYPE_CDN),
110},
111l2tp_avp_attribute_names[] = {
112	NAME_VAL(L2TP_AVP_TYPE_MESSAGE_TYPE),
113	NAME_VAL(L2TP_AVP_TYPE_RESULT_CODE),
114	NAME_VAL(L2TP_AVP_TYPE_PROTOCOL_VERSION),
115	NAME_VAL(L2TP_AVP_TYPE_FRAMING_CAPABILITIES),
116	NAME_VAL(L2TP_AVP_TYPE_BEARER_CAPABILITIES),
117	NAME_VAL(L2TP_AVP_TYPE_TIE_BREAKER),
118	NAME_VAL(L2TP_AVP_TYPE_FIRMWARE_REVISION),
119	NAME_VAL(L2TP_AVP_TYPE_HOST_NAME),
120	NAME_VAL(L2TP_AVP_TYPE_VENDOR_NAME),
121	NAME_VAL(L2TP_AVP_TYPE_ASSINGED_TUNNEL_ID),
122	NAME_VAL(L2TP_AVP_TYPE_RECV_WINDOW_SIZE),
123	NAME_VAL(L2TP_AVP_TYPE_CHALLENGE),
124	NAME_VAL(L2TP_AVP_TYPE_CAUSE_CODE),
125	NAME_VAL(L2TP_AVP_TYPE_CHALLENGE_RESPONSE),
126	NAME_VAL(L2TP_AVP_TYPE_ASSIGNED_SESSION_ID),
127	NAME_VAL(L2TP_AVP_TYPE_CALL_SERIAL_NUMBER),
128	NAME_VAL(L2TP_AVP_TYPE_MINIMUM_BPS),
129	NAME_VAL(L2TP_AVP_TYPE_MAXIMUM_BPS),
130	NAME_VAL(L2TP_AVP_TYPE_BEARER_TYPE),
131	NAME_VAL(L2TP_AVP_TYPE_FRAMING_TYPE),
132	NAME_VAL(L2TP_AVP_TYPE_CALLED_NUMBER),
133	NAME_VAL(L2TP_AVP_TYPE_CALLING_NUMBER),
134	NAME_VAL(L2TP_AVP_TYPE_SUB_ADDRESS),
135	NAME_VAL(L2TP_AVP_TYPE_TX_CONNECT_SPEED),
136	NAME_VAL(L2TP_AVP_TYPE_PHYSICAL_CHANNEL_ID),
137	NAME_VAL(L2TP_AVP_TYPE_INITIAL_RECV_LCP_CONFREQ),
138	NAME_VAL(L2TP_AVP_TYPE_LAST_SENT_LCP_CONFREQ),
139	NAME_VAL(L2TP_AVP_TYPE_LAST_RECV_LCP_CONFREQ),
140	NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_TYPE),
141	NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_NAME),
142	NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_CHALLENGE),
143	NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_ID),
144	NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_RESPONSE),
145	NAME_VAL(L2TP_AVP_TYPE_CALL_ERRORS),
146	NAME_VAL(L2TP_AVP_TYPE_ACCM),
147	NAME_VAL(L2TP_AVP_TYPE_RANDOM_VECTOR),
148	NAME_VAL(L2TP_AVP_TYPE_PRIVATE_GROUP_ID),
149	NAME_VAL(L2TP_AVP_TYPE_RX_CONNECT_SPEED),
150	NAME_VAL(L2TP_AVP_TYPE_SEQUENCING_REQUIRED),
151	NAME_VAL(L2TP_AVP_TYPE_TX_MINIMUM),
152	NAME_VAL(L2TP_AVP_TYPE_CALLING_SUB_ADDRESS),
153	NAME_VAL(L2TP_AVP_TYPE_PPP_DISCONNECT_CAUSE_CODE),
154	NAME_VAL(L2TP_AVP_TYPE_CCDS),
155	NAME_VAL(L2TP_AVP_TYPE_SDS),
156	NAME_VAL(L2TP_AVP_TYPE_LCP_WANT_OPTIONS),
157	NAME_VAL(L2TP_AVP_TYPE_LCP_ALLOW_OPTIONS),
158	NAME_VAL(L2TP_AVP_TYPE_LNS_LAST_SENT_LCP_CONFREQ),
159	NAME_VAL(L2TP_AVP_TYPE_LNS_LAST_RECV_LCP_CONFREQ),
160	NAME_VAL(L2TP_AVP_TYPE_MODEM_ON_HOLD_CAPABLE),
161	NAME_VAL(L2TP_AVP_TYPE_MODEM_ON_HOLD_STATUS),
162	NAME_VAL(L2TP_AVP_TYPE_PPPOE_RELAY),
163	NAME_VAL(L2TP_AVP_TYPE_PPPOE_RELAY_RESP_CAP),
164	NAME_VAL(L2TP_AVP_TYPE_PPPOE_RELAY_FORW_CAP),
165	NAME_VAL(L2TP_AVP_TYPE_EXTENDED_VENDOR_ID),
166	NAME_VAL(L2TP_AVP_TYPE_PSEUDOWIRE_CAP_LIST),
167	NAME_VAL(L2TP_AVP_TYPE_LOCAL_SESSION_ID),
168	NAME_VAL(L2TP_AVP_TYPE_REMOTE_SESSION_ID),
169	NAME_VAL(L2TP_AVP_TYPE_ASSIGNED_COOKIE),
170	NAME_VAL(L2TP_AVP_TYPE_REMOTE_END_ID),
171	NAME_VAL(L2TP_AVP_TYPE_APPLICATION_CODE),
172	NAME_VAL(L2TP_AVP_TYPE_PSEUDOWIRE_TYPE),
173	NAME_VAL(L2TP_AVP_TYPE_L2_SPECIFIC_SUBLAYER),
174	NAME_VAL(L2TP_AVP_TYPE_DATA_SEQUENCING),
175	NAME_VAL(L2TP_AVP_TYPE_CIRCUIT_STATUS),
176	NAME_VAL(L2TP_AVP_TYPE_PREFERRED_LANGUAGE),
177	NAME_VAL(L2TP_AVP_TYPE_CTRL_MSG_AUTH_NONCE),
178	NAME_VAL(L2TP_AVP_TYPE_TX_CONNECT_SPEED),
179	NAME_VAL(L2TP_AVP_TYPE_RX_CONNECT_SPEED),
180	NAME_VAL(L2TP_AVP_TYPE_FAILOVER_CAPABILITY),
181	NAME_VAL(L2TP_AVP_TYPE_TUNNEL_RECOVERY),
182	NAME_VAL(L2TP_AVP_TYPE_SUGGESTED_CTRL_SEQUENCE),
183	NAME_VAL(L2TP_AVP_TYPE_FAILOVER_SESSION_STATE),
184	NAME_VAL(L2TP_AVP_TYPE_MULTICAST_CAPABILITY),
185	NAME_VAL(L2TP_AVP_TYPE_NEW_OUTGOING_SESSIONS),
186	NAME_VAL(L2TP_AVP_TYPE_NEW_OUTGOING_SESSIONS_ACK),
187	NAME_VAL(L2TP_AVP_TYPE_WITHDRAW_OUTGOING_SESSIONS),
188	NAME_VAL(L2TP_AVP_TYPE_MULTICAST_PACKETS_PRIORITY),
189},
190l2tp_stopccn_rcode_names[] = {
191	NAME_VAL(L2TP_STOP_CCN_RCODE_GENERAL),
192	NAME_VAL(L2TP_STOP_CCN_RCODE_GENERAL_ERROR),
193	NAME_VAL(L2TP_STOP_CCN_RCODE_ALREADY_EXISTS),
194	NAME_VAL(L2TP_STOP_CCN_RCODE_UNAUTHORIZED),
195	NAME_VAL(L2TP_STOP_CCN_RCODE_BAD_PROTOCOL_VERSION),
196	NAME_VAL(L2TP_STOP_CCN_RCODE_SHUTTING_DOWN),
197	NAME_VAL(L2TP_STOP_CCN_RCODE_FSM_ERROR),
198},
199l2tp_cdn_rcode_names[] = {
200	NAME_VAL(L2TP_CDN_RCODE_LOST_CARRIER),
201	NAME_VAL(L2TP_CDN_RCODE_ERROR_CODE),
202	NAME_VAL(L2TP_CDN_RCODE_ADMINISTRATIVE_REASON),
203	NAME_VAL(L2TP_CDN_RCODE_TEMP_NOT_AVALIABLE),
204	NAME_VAL(L2TP_CDN_RCODE_PERM_NOT_AVALIABLE),
205	NAME_VAL(L2TP_CDN_RCODE_INVALID_DESTINATION),
206	NAME_VAL(L2TP_CDN_RCODE_NO_CARRIER),
207	NAME_VAL(L2TP_CDN_RCODE_BUSY),
208	NAME_VAL(L2TP_CDN_RCODE_NO_DIALTONE),
209	NAME_VAL(L2TP_CDN_RCODE_CALL_TIMEOUT_BY_LAC),
210	NAME_VAL(L2TP_CDN_RCODE_NO_FRAMING_DETECTED),
211},
212l2tp_ecode_names[] = {
213	NAME_VAL(L2TP_ECODE_NO_CONTROL_CONNECTION),
214	NAME_VAL(L2TP_ECODE_WRONG_LENGTH),
215	NAME_VAL(L2TP_ECODE_INVALID_MESSAGE),
216	NAME_VAL(L2TP_ECODE_NO_RESOURCE),
217	NAME_VAL(L2TP_ECODE_INVALID_SESSION_ID),
218	NAME_VAL(L2TP_ECODE_GENERIC_ERROR),
219	NAME_VAL(L2TP_ECODE_TRY_ANOTHER),
220	NAME_VAL(L2TP_ECODE_UNKNOWN_MANDATORY_AVP),
221};
222#undef	NAME_VAL
223
224const char *
225avp_attr_type_string(int attr_type)
226{
227	int i;
228
229	for (i = 0; i < countof(l2tp_avp_attribute_names); i++) {
230		if (attr_type == l2tp_avp_attribute_names[i].label)
231			return l2tp_avp_attribute_names[i].name + 14;
232	}
233	return "UNKNOWN_AVP";
234}
235
236const char *
237l2tp_stopccn_rcode_string(int rcode)
238{
239	int i;
240
241	for (i = 0; i < countof(l2tp_stopccn_rcode_names); i++) {
242		if (rcode == l2tp_stopccn_rcode_names[i].label)
243			return l2tp_stopccn_rcode_names[i].name + 20;
244	}
245	return "UNKNOWN";
246}
247
248const char *
249l2tp_cdn_rcode_string(int rcode)
250{
251	int i;
252
253	for (i = 0; i < countof(l2tp_cdn_rcode_names); i++) {
254		if (rcode == l2tp_cdn_rcode_names[i].label)
255			return l2tp_cdn_rcode_names[i].name + 15;
256	}
257	return "UNKNOWN";
258}
259
260const char *
261l2tp_ecode_string(int ecode)
262{
263	int i;
264
265	if (ecode == 0)
266		return "none";
267	for (i = 0; i < countof(l2tp_ecode_names); i++) {
268		if (ecode == l2tp_ecode_names[i].label)
269			return l2tp_ecode_names[i].name + 11;
270	}
271	return "UNKNOWN";
272}
273
274/**
275 * Search the AVP that matches given vendor_id and attr_type and return it
276 * In case the "fill_data" is specified (non 0 value is specified as the
277 * "fill_data"), the memory space of the "avp" must be larger than or equal
278 * to L2TP_AVP_MAXSIZ (1024).
279 */
280struct l2tp_avp *
281avp_find(struct l2tp_avp *avp, const u_char *pkt, int pktlen,
282    uint16_t vendor_id, uint16_t attr_type, int fill_data)
283{
284	int avpsz;
285
286	while (pktlen >= 6 &&
287	    (avpsz = avp_enum(avp, pkt, pktlen, fill_data)) > 0) {
288		L2TP_SUBR_ASSERT(avpsz >= 6);
289		if (avp->vendor_id != vendor_id || avp->attr_type != attr_type) {
290			pkt += avpsz;
291			pktlen -= avpsz;
292			continue;
293		}
294		return avp;
295	}
296
297	return NULL;
298}
299
300/**
301 * Search the Message-Type AVP and return it.  The memory space of the "avp"
302 * must be larger than or equal to L2TP_AVP_MAXSIZ (1024).
303 */
304struct l2tp_avp *
305avp_find_message_type_avp(struct l2tp_avp *avp, const u_char *pkt, int pktlen)
306{
307	return avp_find(avp, pkt, pktlen, 0, L2TP_AVP_TYPE_MESSAGE_TYPE, 1);
308}
309
310/**
311 * add an AVP to bytebuffer
312 */
313int
314bytebuf_add_avp(bytebuffer *bytebuf, struct l2tp_avp *avp, int value_len)
315{
316	struct l2tp_avp avp1;
317
318	memcpy(&avp1, avp, sizeof(struct l2tp_avp));
319
320	avp1.length = value_len + 6;
321	avp1.vendor_id = htons(avp->vendor_id);
322	avp1.attr_type = htons(avp->attr_type);
323	*(uint16_t *)&avp1 = htons(*(uint16_t *)&avp1);
324
325	if (bytebuffer_put(bytebuf, &avp1, 6) == NULL)
326		return -1;
327	if (bytebuffer_put(bytebuf, avp->attr_value, value_len) == NULL)
328		return -1;
329
330	return 0;
331}
332
333const char *
334avp_mes_type_string(int mes_type)
335{
336	int i;
337
338	for (i = 0; i < countof(l2tp_mes_type_names); i++) {
339		if (mes_type == l2tp_mes_type_names[i].label)
340			return l2tp_mes_type_names[i].name + 22;
341	}
342	return "Unknown";
343}
344