BadVPN – Blame information for rev 1
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | /** |
2 | * @file |
||
3 | * Network Point to Point Protocol over Layer 2 Tunneling Protocol program file. |
||
4 | * |
||
5 | */ |
||
6 | |||
7 | /* |
||
8 | * Redistribution and use in source and binary forms, with or without modification, |
||
9 | * are permitted provided that the following conditions are met: |
||
10 | * |
||
11 | * 1. Redistributions of source code must retain the above copyright notice, |
||
12 | * this list of conditions and the following disclaimer. |
||
13 | * 2. Redistributions in binary form must reproduce the above copyright notice, |
||
14 | * this list of conditions and the following disclaimer in the documentation |
||
15 | * and/or other materials provided with the distribution. |
||
16 | * 3. The name of the author may not be used to endorse or promote products |
||
17 | * derived from this software without specific prior written permission. |
||
18 | * |
||
19 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED |
||
20 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
||
21 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT |
||
22 | * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
||
23 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT |
||
24 | * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
||
25 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
||
26 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING |
||
27 | * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY |
||
28 | * OF SUCH DAMAGE. |
||
29 | * |
||
30 | * This file is part of the lwIP TCP/IP stack. |
||
31 | * |
||
32 | */ |
||
33 | |||
34 | /* |
||
35 | * L2TP Support status: |
||
36 | * |
||
37 | * Supported: |
||
38 | * - L2TPv2 (PPP over L2TP, a.k.a. UDP tunnels) |
||
39 | * - LAC |
||
40 | * |
||
41 | * Not supported: |
||
42 | * - LNS (require PPP server support) |
||
43 | * - L2TPv3 ethernet pseudowires |
||
44 | * - L2TPv3 VLAN pseudowire |
||
45 | * - L2TPv3 PPP pseudowires |
||
46 | * - L2TPv3 IP encapsulation |
||
47 | * - L2TPv3 IP pseudowire |
||
48 | * - L2TP tunnel switching - http://tools.ietf.org/html/draft-ietf-l2tpext-tunnel-switching-08 |
||
49 | * - Multiple tunnels per UDP socket, as well as multiple sessions per tunnel |
||
50 | * - Hidden AVPs |
||
51 | */ |
||
52 | |||
53 | #include "netif/ppp/ppp_opts.h" |
||
54 | #if PPP_SUPPORT && PPPOL2TP_SUPPORT /* don't build if not configured for use in lwipopts.h */ |
||
55 | |||
56 | #include "lwip/err.h" |
||
57 | #include "lwip/memp.h" |
||
58 | #include "lwip/netif.h" |
||
59 | #include "lwip/udp.h" |
||
60 | #include "lwip/snmp.h" |
||
61 | |||
62 | #include "netif/ppp/ppp_impl.h" |
||
63 | #include "netif/ppp/lcp.h" |
||
64 | #include "netif/ppp/ipcp.h" |
||
65 | #include "netif/ppp/pppol2tp.h" |
||
66 | #include "netif/ppp/pppcrypt.h" |
||
67 | #include "netif/ppp/magic.h" |
||
68 | |||
69 | /* Memory pool */ |
||
70 | LWIP_MEMPOOL_DECLARE(PPPOL2TP_PCB, MEMP_NUM_PPPOL2TP_INTERFACES, sizeof(pppol2tp_pcb), "PPPOL2TP_PCB") |
||
71 | |||
72 | /* callbacks called from PPP core */ |
||
73 | static err_t pppol2tp_write(ppp_pcb *ppp, void *ctx, struct pbuf *p); |
||
74 | static err_t pppol2tp_netif_output(ppp_pcb *ppp, void *ctx, struct pbuf *p, u_short protocol); |
||
75 | static err_t pppol2tp_destroy(ppp_pcb *ppp, void *ctx); /* Destroy a L2TP control block */ |
||
76 | static void pppol2tp_connect(ppp_pcb *ppp, void *ctx); /* Be a LAC, connect to a LNS. */ |
||
77 | static void pppol2tp_disconnect(ppp_pcb *ppp, void *ctx); /* Disconnect */ |
||
78 | |||
79 | /* Prototypes for procedures local to this file. */ |
||
80 | static void pppol2tp_input(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port); |
||
81 | static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, struct pbuf *p, u16_t ns, u16_t nr); |
||
82 | static void pppol2tp_timeout(void *arg); |
||
83 | static void pppol2tp_abort_connect(pppol2tp_pcb *l2tp); |
||
84 | static err_t pppol2tp_send_sccrq(pppol2tp_pcb *l2tp); |
||
85 | static err_t pppol2tp_send_scccn(pppol2tp_pcb *l2tp, u16_t ns); |
||
86 | static err_t pppol2tp_send_icrq(pppol2tp_pcb *l2tp, u16_t ns); |
||
87 | static err_t pppol2tp_send_iccn(pppol2tp_pcb *l2tp, u16_t ns); |
||
88 | static err_t pppol2tp_send_zlb(pppol2tp_pcb *l2tp, u16_t ns); |
||
89 | static err_t pppol2tp_send_stopccn(pppol2tp_pcb *l2tp, u16_t ns); |
||
90 | static err_t pppol2tp_xmit(pppol2tp_pcb *l2tp, struct pbuf *pb); |
||
91 | static err_t pppol2tp_udp_send(pppol2tp_pcb *l2tp, struct pbuf *pb); |
||
92 | |||
93 | /* Callbacks structure for PPP core */ |
||
94 | static const struct link_callbacks pppol2tp_callbacks = { |
||
95 | pppol2tp_connect, |
||
96 | #if PPP_SERVER |
||
97 | NULL, |
||
98 | #endif /* PPP_SERVER */ |
||
99 | pppol2tp_disconnect, |
||
100 | pppol2tp_destroy, |
||
101 | pppol2tp_write, |
||
102 | pppol2tp_netif_output, |
||
103 | NULL, |
||
104 | NULL |
||
105 | }; |
||
106 | |||
107 | |||
108 | /* Create a new L2TP session. */ |
||
109 | ppp_pcb *pppol2tp_create(struct netif *pppif, |
||
110 | struct netif *netif, const ip_addr_t *ipaddr, u16_t port, |
||
111 | const u8_t *secret, u8_t secret_len, |
||
112 | ppp_link_status_cb_fn link_status_cb, void *ctx_cb) { |
||
113 | ppp_pcb *ppp; |
||
114 | pppol2tp_pcb *l2tp; |
||
115 | struct udp_pcb *udp; |
||
116 | #if !PPPOL2TP_AUTH_SUPPORT |
||
117 | LWIP_UNUSED_ARG(secret); |
||
118 | LWIP_UNUSED_ARG(secret_len); |
||
119 | #endif /* !PPPOL2TP_AUTH_SUPPORT */ |
||
120 | |||
121 | if (ipaddr == NULL) { |
||
122 | goto ipaddr_check_failed; |
||
123 | } |
||
124 | |||
125 | l2tp = (pppol2tp_pcb *)LWIP_MEMPOOL_ALLOC(PPPOL2TP_PCB); |
||
126 | if (l2tp == NULL) { |
||
127 | goto memp_malloc_l2tp_failed; |
||
128 | } |
||
129 | |||
130 | udp = udp_new_ip_type(IP_GET_TYPE(ipaddr)); |
||
131 | if (udp == NULL) { |
||
132 | goto udp_new_failed; |
||
133 | } |
||
134 | udp_recv(udp, pppol2tp_input, l2tp); |
||
135 | |||
136 | ppp = ppp_new(pppif, &pppol2tp_callbacks, l2tp, link_status_cb, ctx_cb); |
||
137 | if (ppp == NULL) { |
||
138 | goto ppp_new_failed; |
||
139 | } |
||
140 | |||
141 | memset(l2tp, 0, sizeof(pppol2tp_pcb)); |
||
142 | l2tp->phase = PPPOL2TP_STATE_INITIAL; |
||
143 | l2tp->ppp = ppp; |
||
144 | l2tp->udp = udp; |
||
145 | l2tp->netif = netif; |
||
146 | ip_addr_copy(l2tp->remote_ip, *ipaddr); |
||
147 | l2tp->remote_port = port; |
||
148 | #if PPPOL2TP_AUTH_SUPPORT |
||
149 | l2tp->secret = secret; |
||
150 | l2tp->secret_len = secret_len; |
||
151 | #endif /* PPPOL2TP_AUTH_SUPPORT */ |
||
152 | |||
153 | return ppp; |
||
154 | |||
155 | ppp_new_failed: |
||
156 | udp_remove(udp); |
||
157 | udp_new_failed: |
||
158 | LWIP_MEMPOOL_FREE(PPPOL2TP_PCB, l2tp); |
||
159 | memp_malloc_l2tp_failed: |
||
160 | ipaddr_check_failed: |
||
161 | return NULL; |
||
162 | } |
||
163 | |||
164 | /* Called by PPP core */ |
||
165 | static err_t pppol2tp_write(ppp_pcb *ppp, void *ctx, struct pbuf *p) { |
||
166 | pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx; |
||
167 | struct pbuf *ph; /* UDP + L2TP header */ |
||
168 | err_t ret; |
||
169 | #if MIB2_STATS |
||
170 | u16_t tot_len; |
||
171 | #else /* MIB2_STATS */ |
||
172 | LWIP_UNUSED_ARG(ppp); |
||
173 | #endif /* MIB2_STATS */ |
||
174 | |||
175 | ph = pbuf_alloc(PBUF_TRANSPORT, (u16_t)(PPPOL2TP_OUTPUT_DATA_HEADER_LEN), PBUF_RAM); |
||
176 | if(!ph) { |
||
177 | LINK_STATS_INC(link.memerr); |
||
178 | LINK_STATS_INC(link.proterr); |
||
179 | MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards); |
||
180 | pbuf_free(p); |
||
181 | return ERR_MEM; |
||
182 | } |
||
183 | |||
184 | pbuf_remove_header(ph, PPPOL2TP_OUTPUT_DATA_HEADER_LEN); /* hide L2TP header */ |
||
185 | pbuf_cat(ph, p); |
||
186 | #if MIB2_STATS |
||
187 | tot_len = ph->tot_len; |
||
188 | #endif /* MIB2_STATS */ |
||
189 | |||
190 | ret = pppol2tp_xmit(l2tp, ph); |
||
191 | if (ret != ERR_OK) { |
||
192 | LINK_STATS_INC(link.err); |
||
193 | MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards); |
||
194 | return ret; |
||
195 | } |
||
196 | |||
197 | MIB2_STATS_NETIF_ADD(ppp->netif, ifoutoctets, (u16_t)tot_len); |
||
198 | MIB2_STATS_NETIF_INC(ppp->netif, ifoutucastpkts); |
||
199 | LINK_STATS_INC(link.xmit); |
||
200 | return ERR_OK; |
||
201 | } |
||
202 | |||
203 | /* Called by PPP core */ |
||
204 | static err_t pppol2tp_netif_output(ppp_pcb *ppp, void *ctx, struct pbuf *p, u_short protocol) { |
||
205 | pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx; |
||
206 | struct pbuf *pb; |
||
207 | u8_t *pl; |
||
208 | err_t err; |
||
209 | #if MIB2_STATS |
||
210 | u16_t tot_len; |
||
211 | #else /* MIB2_STATS */ |
||
212 | LWIP_UNUSED_ARG(ppp); |
||
213 | #endif /* MIB2_STATS */ |
||
214 | |||
215 | /* @todo: try to use pbuf_header() here! */ |
||
216 | pb = pbuf_alloc(PBUF_TRANSPORT, PPPOL2TP_OUTPUT_DATA_HEADER_LEN + sizeof(protocol), PBUF_RAM); |
||
217 | if(!pb) { |
||
218 | LINK_STATS_INC(link.memerr); |
||
219 | LINK_STATS_INC(link.proterr); |
||
220 | MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards); |
||
221 | return ERR_MEM; |
||
222 | } |
||
223 | |||
224 | pbuf_remove_header(pb, PPPOL2TP_OUTPUT_DATA_HEADER_LEN); |
||
225 | |||
226 | pl = (u8_t*)pb->payload; |
||
227 | PUTSHORT(protocol, pl); |
||
228 | |||
229 | pbuf_chain(pb, p); |
||
230 | #if MIB2_STATS |
||
231 | tot_len = pb->tot_len; |
||
232 | #endif /* MIB2_STATS */ |
||
233 | |||
234 | if( (err = pppol2tp_xmit(l2tp, pb)) != ERR_OK) { |
||
235 | LINK_STATS_INC(link.err); |
||
236 | MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards); |
||
237 | return err; |
||
238 | } |
||
239 | |||
240 | MIB2_STATS_NETIF_ADD(ppp->netif, ifoutoctets, tot_len); |
||
241 | MIB2_STATS_NETIF_INC(ppp->netif, ifoutucastpkts); |
||
242 | LINK_STATS_INC(link.xmit); |
||
243 | return ERR_OK; |
||
244 | } |
||
245 | |||
246 | /* Destroy a L2TP control block */ |
||
247 | static err_t pppol2tp_destroy(ppp_pcb *ppp, void *ctx) { |
||
248 | pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx; |
||
249 | LWIP_UNUSED_ARG(ppp); |
||
250 | |||
251 | sys_untimeout(pppol2tp_timeout, l2tp); |
||
252 | udp_remove(l2tp->udp); |
||
253 | LWIP_MEMPOOL_FREE(PPPOL2TP_PCB, l2tp); |
||
254 | return ERR_OK; |
||
255 | } |
||
256 | |||
257 | /* Be a LAC, connect to a LNS. */ |
||
258 | static void pppol2tp_connect(ppp_pcb *ppp, void *ctx) { |
||
259 | err_t err; |
||
260 | pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx; |
||
261 | lcp_options *lcp_wo; |
||
262 | lcp_options *lcp_ao; |
||
263 | #if PPP_IPV4_SUPPORT && VJ_SUPPORT |
||
264 | ipcp_options *ipcp_wo; |
||
265 | ipcp_options *ipcp_ao; |
||
266 | #endif /* PPP_IPV4_SUPPORT && VJ_SUPPORT */ |
||
267 | |||
268 | l2tp->tunnel_port = l2tp->remote_port; |
||
269 | l2tp->our_ns = 0; |
||
270 | l2tp->peer_nr = 0; |
||
271 | l2tp->peer_ns = 0; |
||
272 | l2tp->source_tunnel_id = 0; |
||
273 | l2tp->remote_tunnel_id = 0; |
||
274 | l2tp->source_session_id = 0; |
||
275 | l2tp->remote_session_id = 0; |
||
276 | /* l2tp->*_retried are cleared when used */ |
||
277 | |||
278 | lcp_wo = &ppp->lcp_wantoptions; |
||
279 | lcp_wo->mru = PPPOL2TP_DEFMRU; |
||
280 | lcp_wo->neg_asyncmap = 0; |
||
281 | lcp_wo->neg_pcompression = 0; |
||
282 | lcp_wo->neg_accompression = 0; |
||
283 | lcp_wo->passive = 0; |
||
284 | lcp_wo->silent = 0; |
||
285 | |||
286 | lcp_ao = &ppp->lcp_allowoptions; |
||
287 | lcp_ao->mru = PPPOL2TP_DEFMRU; |
||
288 | lcp_ao->neg_asyncmap = 0; |
||
289 | lcp_ao->neg_pcompression = 0; |
||
290 | lcp_ao->neg_accompression = 0; |
||
291 | |||
292 | #if PPP_IPV4_SUPPORT && VJ_SUPPORT |
||
293 | ipcp_wo = &ppp->ipcp_wantoptions; |
||
294 | ipcp_wo->neg_vj = 0; |
||
295 | ipcp_wo->old_vj = 0; |
||
296 | |||
297 | ipcp_ao = &ppp->ipcp_allowoptions; |
||
298 | ipcp_ao->neg_vj = 0; |
||
299 | ipcp_ao->old_vj = 0; |
||
300 | #endif /* PPP_IPV4_SUPPORT && VJ_SUPPORT */ |
||
301 | |||
302 | /* Listen to a random source port, we need to do that instead of using udp_connect() |
||
303 | * because the L2TP LNS might answer with its own random source port (!= 1701) |
||
304 | */ |
||
305 | #if LWIP_IPV6 |
||
306 | if (IP_IS_V6_VAL(l2tp->udp->local_ip)) { |
||
307 | udp_bind(l2tp->udp, IP6_ADDR_ANY, 0); |
||
308 | } else |
||
309 | #endif /* LWIP_IPV6 */ |
||
310 | udp_bind(l2tp->udp, IP_ADDR_ANY, 0); |
||
311 | |||
312 | #if PPPOL2TP_AUTH_SUPPORT |
||
313 | /* Generate random vector */ |
||
314 | if (l2tp->secret != NULL) { |
||
315 | magic_random_bytes(l2tp->secret_rv, sizeof(l2tp->secret_rv)); |
||
316 | } |
||
317 | #endif /* PPPOL2TP_AUTH_SUPPORT */ |
||
318 | |||
319 | do { |
||
320 | l2tp->remote_tunnel_id = magic(); |
||
321 | } while(l2tp->remote_tunnel_id == 0); |
||
322 | /* save state, in case we fail to send SCCRQ */ |
||
323 | l2tp->sccrq_retried = 0; |
||
324 | l2tp->phase = PPPOL2TP_STATE_SCCRQ_SENT; |
||
325 | if ((err = pppol2tp_send_sccrq(l2tp)) != 0) { |
||
326 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCRQ, error=%d\n", err)); |
||
327 | } |
||
328 | sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp); |
||
329 | } |
||
330 | |||
331 | /* Disconnect */ |
||
332 | static void pppol2tp_disconnect(ppp_pcb *ppp, void *ctx) { |
||
333 | pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx; |
||
334 | |||
335 | l2tp->our_ns++; |
||
336 | pppol2tp_send_stopccn(l2tp, l2tp->our_ns); |
||
337 | |||
338 | /* stop any timer, disconnect can be called while initiating is in progress */ |
||
339 | sys_untimeout(pppol2tp_timeout, l2tp); |
||
340 | l2tp->phase = PPPOL2TP_STATE_INITIAL; |
||
341 | ppp_link_end(ppp); /* notify upper layers */ |
||
342 | } |
||
343 | |||
344 | /* UDP Callback for incoming IPv4 L2TP frames */ |
||
345 | static void pppol2tp_input(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) { |
||
346 | pppol2tp_pcb *l2tp = (pppol2tp_pcb*)arg; |
||
347 | u16_t hflags, hlen, len=0, tunnel_id=0, session_id=0, ns=0, nr=0, offset=0; |
||
348 | u8_t *inp; |
||
349 | LWIP_UNUSED_ARG(pcb); |
||
350 | |||
351 | /* we can't unbound a UDP pcb, thus we can still receive UDP frames after the link is closed */ |
||
352 | if (l2tp->phase < PPPOL2TP_STATE_SCCRQ_SENT) { |
||
353 | goto free_and_return; |
||
354 | } |
||
355 | |||
356 | if (!ip_addr_cmp(&l2tp->remote_ip, addr)) { |
||
357 | goto free_and_return; |
||
358 | } |
||
359 | |||
360 | /* discard packet if port mismatch, but only if we received a SCCRP */ |
||
361 | if (l2tp->phase > PPPOL2TP_STATE_SCCRQ_SENT && l2tp->tunnel_port != port) { |
||
362 | goto free_and_return; |
||
363 | } |
||
364 | |||
365 | /* printf("-----------\nL2TP INPUT, %d\n", p->len); */ |
||
366 | |||
367 | /* L2TP header */ |
||
368 | if (p->len < sizeof(hflags) + sizeof(tunnel_id) + sizeof(session_id) ) { |
||
369 | goto packet_too_short; |
||
370 | } |
||
371 | |||
372 | inp = (u8_t*)p->payload; |
||
373 | GETSHORT(hflags, inp); |
||
374 | |||
375 | if (hflags & PPPOL2TP_HEADERFLAG_CONTROL) { |
||
376 | /* check mandatory flags for a control packet */ |
||
377 | if ( (hflags & PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY) != PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY ) { |
||
378 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: mandatory header flags for control packet not set\n")); |
||
379 | goto free_and_return; |
||
380 | } |
||
381 | /* check forbidden flags for a control packet */ |
||
382 | if (hflags & PPPOL2TP_HEADERFLAG_CONTROL_FORBIDDEN) { |
||
383 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: forbidden header flags for control packet found\n")); |
||
384 | goto free_and_return; |
||
385 | } |
||
386 | } else { |
||
387 | /* check mandatory flags for a data packet */ |
||
388 | if ( (hflags & PPPOL2TP_HEADERFLAG_DATA_MANDATORY) != PPPOL2TP_HEADERFLAG_DATA_MANDATORY) { |
||
389 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: mandatory header flags for data packet not set\n")); |
||
390 | goto free_and_return; |
||
391 | } |
||
392 | } |
||
393 | |||
394 | /* Expected header size */ |
||
395 | hlen = sizeof(hflags) + sizeof(tunnel_id) + sizeof(session_id); |
||
396 | if (hflags & PPPOL2TP_HEADERFLAG_LENGTH) { |
||
397 | hlen += sizeof(len); |
||
398 | } |
||
399 | if (hflags & PPPOL2TP_HEADERFLAG_SEQUENCE) { |
||
400 | hlen += sizeof(ns) + sizeof(nr); |
||
401 | } |
||
402 | if (hflags & PPPOL2TP_HEADERFLAG_OFFSET) { |
||
403 | hlen += sizeof(offset); |
||
404 | } |
||
405 | if (p->len < hlen) { |
||
406 | goto packet_too_short; |
||
407 | } |
||
408 | |||
409 | if (hflags & PPPOL2TP_HEADERFLAG_LENGTH) { |
||
410 | GETSHORT(len, inp); |
||
411 | if (p->len < len || len < hlen) { |
||
412 | goto packet_too_short; |
||
413 | } |
||
414 | } |
||
415 | GETSHORT(tunnel_id, inp); |
||
416 | GETSHORT(session_id, inp); |
||
417 | if (hflags & PPPOL2TP_HEADERFLAG_SEQUENCE) { |
||
418 | GETSHORT(ns, inp); |
||
419 | GETSHORT(nr, inp); |
||
420 | } |
||
421 | if (hflags & PPPOL2TP_HEADERFLAG_OFFSET) { |
||
422 | GETSHORT(offset, inp) |
||
423 | if (offset > 4096) { /* don't be fooled with large offset which might overflow hlen */ |
||
424 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: strange packet received, offset=%d\n", offset)); |
||
425 | goto free_and_return; |
||
426 | } |
||
427 | hlen += offset; |
||
428 | if (p->len < hlen) { |
||
429 | goto packet_too_short; |
||
430 | } |
||
431 | INCPTR(offset, inp); |
||
432 | } |
||
433 | |||
434 | /* printf("HLEN = %d\n", hlen); */ |
||
435 | |||
436 | /* skip L2TP header */ |
||
437 | if (pbuf_remove_header(p, hlen) != 0) { |
||
438 | goto free_and_return; |
||
439 | } |
||
440 | |||
441 | /* printf("LEN=%d, TUNNEL_ID=%d, SESSION_ID=%d, NS=%d, NR=%d, OFFSET=%d\n", len, tunnel_id, session_id, ns, nr, offset); */ |
||
442 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: input packet, len=%"U16_F", tunnel=%"U16_F", session=%"U16_F", ns=%"U16_F", nr=%"U16_F"\n", |
||
443 | len, tunnel_id, session_id, ns, nr)); |
||
444 | |||
445 | /* Control packet */ |
||
446 | if (hflags & PPPOL2TP_HEADERFLAG_CONTROL) { |
||
447 | pppol2tp_dispatch_control_packet(l2tp, port, p, ns, nr); |
||
448 | goto free_and_return; |
||
449 | } |
||
450 | |||
451 | /* Data packet */ |
||
452 | if(l2tp->phase != PPPOL2TP_STATE_DATA) { |
||
453 | goto free_and_return; |
||
454 | } |
||
455 | if(tunnel_id != l2tp->remote_tunnel_id) { |
||
456 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: tunnel ID mismatch, assigned=%d, received=%d\n", l2tp->remote_tunnel_id, tunnel_id)); |
||
457 | goto free_and_return; |
||
458 | } |
||
459 | if(session_id != l2tp->remote_session_id) { |
||
460 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: session ID mismatch, assigned=%d, received=%d\n", l2tp->remote_session_id, session_id)); |
||
461 | goto free_and_return; |
||
462 | } |
||
463 | /* |
||
464 | * skip address & flags if necessary |
||
465 | * |
||
466 | * RFC 2661 does not specify whether the PPP frame in the L2TP payload should |
||
467 | * have a HDLC header or not. We handle both cases for compatibility. |
||
468 | */ |
||
469 | if (p->len >= 2) { |
||
470 | GETSHORT(hflags, inp); |
||
471 | if (hflags == 0xff03) { |
||
472 | pbuf_remove_header(p, 2); |
||
473 | } |
||
474 | } |
||
475 | /* Dispatch the packet thereby consuming it. */ |
||
476 | ppp_input(l2tp->ppp, p); |
||
477 | return; |
||
478 | |||
479 | packet_too_short: |
||
480 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: packet too short: %d\n", p->len)); |
||
481 | free_and_return: |
||
482 | pbuf_free(p); |
||
483 | } |
||
484 | |||
485 | /* L2TP Control packet entry point */ |
||
486 | static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, struct pbuf *p, u16_t ns, u16_t nr) { |
||
487 | u8_t *inp; |
||
488 | u16_t avplen, avpflags, vendorid, attributetype, messagetype=0; |
||
489 | err_t err; |
||
490 | #if PPPOL2TP_AUTH_SUPPORT |
||
491 | lwip_md5_context md5_ctx; |
||
492 | u8_t md5_hash[16]; |
||
493 | u8_t challenge_id = 0; |
||
494 | #endif /* PPPOL2TP_AUTH_SUPPORT */ |
||
495 | |||
496 | l2tp->peer_nr = nr; |
||
497 | l2tp->peer_ns = ns; |
||
498 | /* printf("L2TP CTRL INPUT, ns=%d, nr=%d, len=%d\n", ns, nr, p->len); */ |
||
499 | |||
500 | /* Handle the special case of the ICCN acknowledge */ |
||
501 | if (l2tp->phase == PPPOL2TP_STATE_ICCN_SENT && l2tp->peer_nr > l2tp->our_ns) { |
||
502 | l2tp->phase = PPPOL2TP_STATE_DATA; |
||
503 | } |
||
504 | |||
505 | /* ZLB packets */ |
||
506 | if (p->tot_len == 0) { |
||
507 | return; |
||
508 | } |
||
509 | |||
510 | p = pbuf_coalesce(p, PBUF_RAW); |
||
511 | inp = (u8_t*)p->payload; |
||
512 | /* Decode AVPs */ |
||
513 | while (p->len > 0) { |
||
514 | if (p->len < sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype) ) { |
||
515 | goto packet_too_short; |
||
516 | } |
||
517 | GETSHORT(avpflags, inp); |
||
518 | avplen = avpflags & PPPOL2TP_AVPHEADERFLAG_LENGTHMASK; |
||
519 | /* printf("AVPLEN = %d\n", avplen); */ |
||
520 | if (p->len < avplen || avplen < sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype)) { |
||
521 | goto packet_too_short; |
||
522 | } |
||
523 | GETSHORT(vendorid, inp); |
||
524 | GETSHORT(attributetype, inp); |
||
525 | avplen -= sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype); |
||
526 | |||
527 | /* Message type must be the first AVP */ |
||
528 | if (messagetype == 0) { |
||
529 | if (attributetype != 0 || vendorid != 0 || avplen != sizeof(messagetype) ) { |
||
530 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: message type must be the first AVP\n")); |
||
531 | return; |
||
532 | } |
||
533 | GETSHORT(messagetype, inp); |
||
534 | /* printf("Message type = %d\n", messagetype); */ |
||
535 | switch(messagetype) { |
||
536 | /* Start Control Connection Reply */ |
||
537 | case PPPOL2TP_MESSAGETYPE_SCCRP: |
||
538 | /* Only accept SCCRP packet if we sent a SCCRQ */ |
||
539 | if (l2tp->phase != PPPOL2TP_STATE_SCCRQ_SENT) { |
||
540 | goto send_zlb; |
||
541 | } |
||
542 | break; |
||
543 | /* Incoming Call Reply */ |
||
544 | case PPPOL2TP_MESSAGETYPE_ICRP: |
||
545 | /* Only accept ICRP packet if we sent a IRCQ */ |
||
546 | if (l2tp->phase != PPPOL2TP_STATE_ICRQ_SENT) { |
||
547 | goto send_zlb; |
||
548 | } |
||
549 | break; |
||
550 | /* Stop Control Connection Notification */ |
||
551 | case PPPOL2TP_MESSAGETYPE_STOPCCN: |
||
552 | pppol2tp_send_zlb(l2tp, l2tp->our_ns); /* Ack the StopCCN before we switch to down state */ |
||
553 | if (l2tp->phase < PPPOL2TP_STATE_DATA) { |
||
554 | pppol2tp_abort_connect(l2tp); |
||
555 | } else if (l2tp->phase == PPPOL2TP_STATE_DATA) { |
||
556 | /* Don't disconnect here, we let the LCP Echo/Reply find the fact |
||
557 | * that PPP session is down. Asking the PPP stack to end the session |
||
558 | * require strict checking about the PPP phase to prevent endless |
||
559 | * disconnection loops. |
||
560 | */ |
||
561 | } |
||
562 | return; |
||
563 | default: |
||
564 | break; |
||
565 | } |
||
566 | goto nextavp; |
||
567 | } |
||
568 | |||
569 | /* Skip proprietary L2TP extensions */ |
||
570 | if (vendorid != 0) { |
||
571 | goto skipavp; |
||
572 | } |
||
573 | |||
574 | switch (messagetype) { |
||
575 | /* Start Control Connection Reply */ |
||
576 | case PPPOL2TP_MESSAGETYPE_SCCRP: |
||
577 | switch (attributetype) { |
||
578 | case PPPOL2TP_AVPTYPE_TUNNELID: |
||
579 | if (avplen != sizeof(l2tp->source_tunnel_id) ) { |
||
580 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Assign tunnel ID length check failed\n")); |
||
581 | return; |
||
582 | } |
||
583 | GETSHORT(l2tp->source_tunnel_id, inp); |
||
584 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: Assigned tunnel ID %"U16_F"\n", l2tp->source_tunnel_id)); |
||
585 | goto nextavp; |
||
586 | #if PPPOL2TP_AUTH_SUPPORT |
||
587 | case PPPOL2TP_AVPTYPE_CHALLENGE: |
||
588 | if (avplen == 0) { |
||
589 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: Challenge length check failed\n")); |
||
590 | return; |
||
591 | } |
||
592 | if (l2tp->secret == NULL) { |
||
593 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: Received challenge from peer and no secret key available\n")); |
||
594 | pppol2tp_abort_connect(l2tp); |
||
595 | return; |
||
596 | } |
||
597 | /* Generate hash of ID, secret, challenge */ |
||
598 | lwip_md5_init(&md5_ctx); |
||
599 | lwip_md5_starts(&md5_ctx); |
||
600 | challenge_id = PPPOL2TP_MESSAGETYPE_SCCCN; |
||
601 | lwip_md5_update(&md5_ctx, &challenge_id, 1); |
||
602 | lwip_md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len); |
||
603 | lwip_md5_update(&md5_ctx, inp, avplen); |
||
604 | lwip_md5_finish(&md5_ctx, l2tp->challenge_hash); |
||
605 | lwip_md5_free(&md5_ctx); |
||
606 | l2tp->send_challenge = 1; |
||
607 | goto skipavp; |
||
608 | case PPPOL2TP_AVPTYPE_CHALLENGERESPONSE: |
||
609 | if (avplen != PPPOL2TP_AVPTYPE_CHALLENGERESPONSE_SIZE) { |
||
610 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Challenge Response length check failed\n")); |
||
611 | return; |
||
612 | } |
||
613 | /* Generate hash of ID, secret, challenge */ |
||
614 | lwip_md5_init(&md5_ctx); |
||
615 | lwip_md5_starts(&md5_ctx); |
||
616 | challenge_id = PPPOL2TP_MESSAGETYPE_SCCRP; |
||
617 | lwip_md5_update(&md5_ctx, &challenge_id, 1); |
||
618 | lwip_md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len); |
||
619 | lwip_md5_update(&md5_ctx, l2tp->secret_rv, sizeof(l2tp->secret_rv)); |
||
620 | lwip_md5_finish(&md5_ctx, md5_hash); |
||
621 | lwip_md5_free(&md5_ctx); |
||
622 | if ( memcmp(inp, md5_hash, sizeof(md5_hash)) ) { |
||
623 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: Received challenge response from peer and secret key do not match\n")); |
||
624 | pppol2tp_abort_connect(l2tp); |
||
625 | return; |
||
626 | } |
||
627 | goto skipavp; |
||
628 | #endif /* PPPOL2TP_AUTH_SUPPORT */ |
||
629 | default: |
||
630 | break; |
||
631 | } |
||
632 | break; |
||
633 | /* Incoming Call Reply */ |
||
634 | case PPPOL2TP_MESSAGETYPE_ICRP: |
||
635 | switch (attributetype) { |
||
636 | case PPPOL2TP_AVPTYPE_SESSIONID: |
||
637 | if (avplen != sizeof(l2tp->source_session_id) ) { |
||
638 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Assign session ID length check failed\n")); |
||
639 | return; |
||
640 | } |
||
641 | GETSHORT(l2tp->source_session_id, inp); |
||
642 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: Assigned session ID %"U16_F"\n", l2tp->source_session_id)); |
||
643 | goto nextavp; |
||
644 | default: |
||
645 | break; |
||
646 | } |
||
647 | break; |
||
648 | default: |
||
649 | break; |
||
650 | } |
||
651 | |||
652 | skipavp: |
||
653 | INCPTR(avplen, inp); |
||
654 | nextavp: |
||
655 | /* printf("AVP Found, vendor=%d, attribute=%d, len=%d\n", vendorid, attributetype, avplen); */ |
||
656 | /* next AVP */ |
||
657 | if (pbuf_remove_header(p, avplen + sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype)) != 0) { |
||
658 | return; |
||
659 | } |
||
660 | } |
||
661 | |||
662 | switch(messagetype) { |
||
663 | /* Start Control Connection Reply */ |
||
664 | case PPPOL2TP_MESSAGETYPE_SCCRP: |
||
665 | do { |
||
666 | l2tp->remote_session_id = magic(); |
||
667 | } while(l2tp->remote_session_id == 0); |
||
668 | l2tp->tunnel_port = port; /* LNS server might have chosen its own local port */ |
||
669 | l2tp->icrq_retried = 0; |
||
670 | l2tp->phase = PPPOL2TP_STATE_ICRQ_SENT; |
||
671 | l2tp->our_ns++; |
||
672 | if ((err = pppol2tp_send_scccn(l2tp, l2tp->our_ns)) != 0) { |
||
673 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCCN, error=%d\n", err)); |
||
674 | LWIP_UNUSED_ARG(err); /* if PPPDEBUG is disabled */ |
||
675 | } |
||
676 | l2tp->our_ns++; |
||
677 | if ((err = pppol2tp_send_icrq(l2tp, l2tp->our_ns)) != 0) { |
||
678 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICRQ, error=%d\n", err)); |
||
679 | LWIP_UNUSED_ARG(err); /* if PPPDEBUG is disabled */ |
||
680 | } |
||
681 | sys_untimeout(pppol2tp_timeout, l2tp); |
||
682 | sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp); |
||
683 | break; |
||
684 | /* Incoming Call Reply */ |
||
685 | case PPPOL2TP_MESSAGETYPE_ICRP: |
||
686 | l2tp->iccn_retried = 0; |
||
687 | l2tp->phase = PPPOL2TP_STATE_ICCN_SENT; |
||
688 | l2tp->our_ns++; |
||
689 | ppp_start(l2tp->ppp); /* notify upper layers */ |
||
690 | if ((err = pppol2tp_send_iccn(l2tp, l2tp->our_ns)) != 0) { |
||
691 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICCN, error=%d\n", err)); |
||
692 | LWIP_UNUSED_ARG(err); /* if PPPDEBUG is disabled */ |
||
693 | } |
||
694 | sys_untimeout(pppol2tp_timeout, l2tp); |
||
695 | sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp); |
||
696 | break; |
||
697 | /* Unhandled packet, send ZLB ACK */ |
||
698 | default: |
||
699 | goto send_zlb; |
||
700 | } |
||
701 | return; |
||
702 | |||
703 | send_zlb: |
||
704 | pppol2tp_send_zlb(l2tp, l2tp->our_ns); |
||
705 | return; |
||
706 | packet_too_short: |
||
707 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: packet too short: %d\n", p->len)); |
||
708 | } |
||
709 | |||
710 | /* L2TP Timeout handler */ |
||
711 | static void pppol2tp_timeout(void *arg) { |
||
712 | pppol2tp_pcb *l2tp = (pppol2tp_pcb*)arg; |
||
713 | err_t err; |
||
714 | u32_t retry_wait; |
||
715 | |||
716 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: timeout\n")); |
||
717 | |||
718 | switch (l2tp->phase) { |
||
719 | case PPPOL2TP_STATE_SCCRQ_SENT: |
||
720 | /* backoff wait */ |
||
721 | if (l2tp->sccrq_retried < 0xff) { |
||
722 | l2tp->sccrq_retried++; |
||
723 | } |
||
724 | if (!l2tp->ppp->settings.persist && l2tp->sccrq_retried >= PPPOL2TP_MAXSCCRQ) { |
||
725 | pppol2tp_abort_connect(l2tp); |
||
726 | return; |
||
727 | } |
||
728 | retry_wait = LWIP_MIN(PPPOL2TP_CONTROL_TIMEOUT * l2tp->sccrq_retried, PPPOL2TP_SLOW_RETRY); |
||
729 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: sccrq_retried=%d\n", l2tp->sccrq_retried)); |
||
730 | if ((err = pppol2tp_send_sccrq(l2tp)) != 0) { |
||
731 | l2tp->sccrq_retried--; |
||
732 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCRQ, error=%d\n", err)); |
||
733 | LWIP_UNUSED_ARG(err); /* if PPPDEBUG is disabled */ |
||
734 | } |
||
735 | sys_timeout(retry_wait, pppol2tp_timeout, l2tp); |
||
736 | break; |
||
737 | |||
738 | case PPPOL2TP_STATE_ICRQ_SENT: |
||
739 | l2tp->icrq_retried++; |
||
740 | if (l2tp->icrq_retried >= PPPOL2TP_MAXICRQ) { |
||
741 | pppol2tp_abort_connect(l2tp); |
||
742 | return; |
||
743 | } |
||
744 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: icrq_retried=%d\n", l2tp->icrq_retried)); |
||
745 | if (l2tp->peer_nr <= l2tp->our_ns -1) { /* the SCCCN was not acknowledged */ |
||
746 | if ((err = pppol2tp_send_scccn(l2tp, l2tp->our_ns -1)) != 0) { |
||
747 | l2tp->icrq_retried--; |
||
748 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCCN, error=%d\n", err)); |
||
749 | LWIP_UNUSED_ARG(err); /* if PPPDEBUG is disabled */ |
||
750 | sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp); |
||
751 | break; |
||
752 | } |
||
753 | } |
||
754 | if ((err = pppol2tp_send_icrq(l2tp, l2tp->our_ns)) != 0) { |
||
755 | l2tp->icrq_retried--; |
||
756 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICRQ, error=%d\n", err)); |
||
757 | LWIP_UNUSED_ARG(err); /* if PPPDEBUG is disabled */ |
||
758 | } |
||
759 | sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp); |
||
760 | break; |
||
761 | |||
762 | case PPPOL2TP_STATE_ICCN_SENT: |
||
763 | l2tp->iccn_retried++; |
||
764 | if (l2tp->iccn_retried >= PPPOL2TP_MAXICCN) { |
||
765 | pppol2tp_abort_connect(l2tp); |
||
766 | return; |
||
767 | } |
||
768 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: iccn_retried=%d\n", l2tp->iccn_retried)); |
||
769 | if ((err = pppol2tp_send_iccn(l2tp, l2tp->our_ns)) != 0) { |
||
770 | l2tp->iccn_retried--; |
||
771 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICCN, error=%d\n", err)); |
||
772 | LWIP_UNUSED_ARG(err); /* if PPPDEBUG is disabled */ |
||
773 | } |
||
774 | sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp); |
||
775 | break; |
||
776 | |||
777 | default: |
||
778 | return; /* all done, work in peace */ |
||
779 | } |
||
780 | } |
||
781 | |||
782 | /* Connection attempt aborted */ |
||
783 | static void pppol2tp_abort_connect(pppol2tp_pcb *l2tp) { |
||
784 | PPPDEBUG(LOG_DEBUG, ("pppol2tp: could not establish connection\n")); |
||
785 | l2tp->phase = PPPOL2TP_STATE_INITIAL; |
||
786 | ppp_link_failed(l2tp->ppp); /* notify upper layers */ |
||
787 | } |
||
788 | |||
789 | /* Initiate a new tunnel */ |
||
790 | static err_t pppol2tp_send_sccrq(pppol2tp_pcb *l2tp) { |
||
791 | struct pbuf *pb; |
||
792 | u8_t *p; |
||
793 | u16_t len; |
||
794 | |||
795 | /* calculate UDP packet length */ |
||
796 | len = 12 +8 +8 +10 +10 +6+sizeof(PPPOL2TP_HOSTNAME)-1 +6+sizeof(PPPOL2TP_VENDORNAME)-1 +8 +8; |
||
797 | #if PPPOL2TP_AUTH_SUPPORT |
||
798 | if (l2tp->secret != NULL) { |
||
799 | len += 6 + sizeof(l2tp->secret_rv); |
||
800 | } |
||
801 | #endif /* PPPOL2TP_AUTH_SUPPORT */ |
||
802 | |||
803 | /* allocate a buffer */ |
||
804 | pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM); |
||
805 | if (pb == NULL) { |
||
806 | return ERR_MEM; |
||
807 | } |
||
808 | LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len); |
||
809 | |||
810 | p = (u8_t*)pb->payload; |
||
811 | /* fill in pkt */ |
||
812 | /* L2TP control header */ |
||
813 | PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p); |
||
814 | PUTSHORT(len, p); /* Length */ |
||
815 | PUTSHORT(0, p); /* Tunnel Id */ |
||
816 | PUTSHORT(0, p); /* Session Id */ |
||
817 | PUTSHORT(0, p); /* NS Sequence number - to peer */ |
||
818 | PUTSHORT(0, p); /* NR Sequence number - expected for peer */ |
||
819 | |||
820 | /* AVP - Message type */ |
||
821 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ |
||
822 | PUTSHORT(0, p); /* Vendor ID */ |
||
823 | PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */ |
||
824 | PUTSHORT(PPPOL2TP_MESSAGETYPE_SCCRQ, p); /* Attribute value: Message type: SCCRQ */ |
||
825 | |||
826 | /* AVP - L2TP Version */ |
||
827 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ |
||
828 | PUTSHORT(0, p); /* Vendor ID */ |
||
829 | PUTSHORT(PPPOL2TP_AVPTYPE_VERSION, p); /* Attribute type: Version */ |
||
830 | PUTSHORT(PPPOL2TP_VERSION, p); /* Attribute value: L2TP Version */ |
||
831 | |||
832 | /* AVP - Framing capabilities */ |
||
833 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */ |
||
834 | PUTSHORT(0, p); /* Vendor ID */ |
||
835 | PUTSHORT(PPPOL2TP_AVPTYPE_FRAMINGCAPABILITIES, p); /* Attribute type: Framing capabilities */ |
||
836 | PUTLONG(PPPOL2TP_FRAMINGCAPABILITIES, p); /* Attribute value: Framing capabilities */ |
||
837 | |||
838 | /* AVP - Bearer capabilities */ |
||
839 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */ |
||
840 | PUTSHORT(0, p); /* Vendor ID */ |
||
841 | PUTSHORT(PPPOL2TP_AVPTYPE_BEARERCAPABILITIES, p); /* Attribute type: Bearer capabilities */ |
||
842 | PUTLONG(PPPOL2TP_BEARERCAPABILITIES, p); /* Attribute value: Bearer capabilities */ |
||
843 | |||
844 | /* AVP - Host name */ |
||
845 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6+sizeof(PPPOL2TP_HOSTNAME)-1, p); /* Mandatory flag + len field */ |
||
846 | PUTSHORT(0, p); /* Vendor ID */ |
||
847 | PUTSHORT(PPPOL2TP_AVPTYPE_HOSTNAME, p); /* Attribute type: Hostname */ |
||
848 | MEMCPY(p, PPPOL2TP_HOSTNAME, sizeof(PPPOL2TP_HOSTNAME)-1); /* Attribute value: Hostname */ |
||
849 | INCPTR(sizeof(PPPOL2TP_HOSTNAME)-1, p); |
||
850 | |||
851 | /* AVP - Vendor name */ |
||
852 | PUTSHORT(6+sizeof(PPPOL2TP_VENDORNAME)-1, p); /* len field */ |
||
853 | PUTSHORT(0, p); /* Vendor ID */ |
||
854 | PUTSHORT(PPPOL2TP_AVPTYPE_VENDORNAME, p); /* Attribute type: Vendor name */ |
||
855 | MEMCPY(p, PPPOL2TP_VENDORNAME, sizeof(PPPOL2TP_VENDORNAME)-1); /* Attribute value: Vendor name */ |
||
856 | INCPTR(sizeof(PPPOL2TP_VENDORNAME)-1, p); |
||
857 | |||
858 | /* AVP - Assign tunnel ID */ |
||
859 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ |
||
860 | PUTSHORT(0, p); /* Vendor ID */ |
||
861 | PUTSHORT(PPPOL2TP_AVPTYPE_TUNNELID, p); /* Attribute type: Tunnel ID */ |
||
862 | PUTSHORT(l2tp->remote_tunnel_id, p); /* Attribute value: Tunnel ID */ |
||
863 | |||
864 | /* AVP - Receive window size */ |
||
865 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ |
||
866 | PUTSHORT(0, p); /* Vendor ID */ |
||
867 | PUTSHORT(PPPOL2TP_AVPTYPE_RECEIVEWINDOWSIZE, p); /* Attribute type: Receive window size */ |
||
868 | PUTSHORT(PPPOL2TP_RECEIVEWINDOWSIZE, p); /* Attribute value: Receive window size */ |
||
869 | |||
870 | #if PPPOL2TP_AUTH_SUPPORT |
||
871 | /* AVP - Challenge */ |
||
872 | if (l2tp->secret != NULL) { |
||
873 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6 + sizeof(l2tp->secret_rv), p); /* Mandatory flag + len field */ |
||
874 | PUTSHORT(0, p); /* Vendor ID */ |
||
875 | PUTSHORT(PPPOL2TP_AVPTYPE_CHALLENGE, p); /* Attribute type: Challenge */ |
||
876 | MEMCPY(p, l2tp->secret_rv, sizeof(l2tp->secret_rv)); /* Attribute value: Random vector */ |
||
877 | INCPTR(sizeof(l2tp->secret_rv), p); |
||
878 | } |
||
879 | #endif /* PPPOL2TP_AUTH_SUPPORT */ |
||
880 | |||
881 | return pppol2tp_udp_send(l2tp, pb); |
||
882 | } |
||
883 | |||
884 | /* Complete tunnel establishment */ |
||
885 | static err_t pppol2tp_send_scccn(pppol2tp_pcb *l2tp, u16_t ns) { |
||
886 | struct pbuf *pb; |
||
887 | u8_t *p; |
||
888 | u16_t len; |
||
889 | |||
890 | /* calculate UDP packet length */ |
||
891 | len = 12 +8; |
||
892 | #if PPPOL2TP_AUTH_SUPPORT |
||
893 | if (l2tp->send_challenge) { |
||
894 | len += 6 + sizeof(l2tp->challenge_hash); |
||
895 | } |
||
896 | #endif /* PPPOL2TP_AUTH_SUPPORT */ |
||
897 | |||
898 | /* allocate a buffer */ |
||
899 | pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM); |
||
900 | if (pb == NULL) { |
||
901 | return ERR_MEM; |
||
902 | } |
||
903 | LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len); |
||
904 | |||
905 | p = (u8_t*)pb->payload; |
||
906 | /* fill in pkt */ |
||
907 | /* L2TP control header */ |
||
908 | PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p); |
||
909 | PUTSHORT(len, p); /* Length */ |
||
910 | PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */ |
||
911 | PUTSHORT(0, p); /* Session Id */ |
||
912 | PUTSHORT(ns, p); /* NS Sequence number - to peer */ |
||
913 | PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */ |
||
914 | |||
915 | /* AVP - Message type */ |
||
916 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ |
||
917 | PUTSHORT(0, p); /* Vendor ID */ |
||
918 | PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */ |
||
919 | PUTSHORT(PPPOL2TP_MESSAGETYPE_SCCCN, p); /* Attribute value: Message type: SCCCN */ |
||
920 | |||
921 | #if PPPOL2TP_AUTH_SUPPORT |
||
922 | /* AVP - Challenge response */ |
||
923 | if (l2tp->send_challenge) { |
||
924 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6 + sizeof(l2tp->challenge_hash), p); /* Mandatory flag + len field */ |
||
925 | PUTSHORT(0, p); /* Vendor ID */ |
||
926 | PUTSHORT(PPPOL2TP_AVPTYPE_CHALLENGERESPONSE, p); /* Attribute type: Challenge response */ |
||
927 | MEMCPY(p, l2tp->challenge_hash, sizeof(l2tp->challenge_hash)); /* Attribute value: Computed challenge */ |
||
928 | INCPTR(sizeof(l2tp->challenge_hash), p); |
||
929 | } |
||
930 | #endif /* PPPOL2TP_AUTH_SUPPORT */ |
||
931 | |||
932 | return pppol2tp_udp_send(l2tp, pb); |
||
933 | } |
||
934 | |||
935 | /* Initiate a new session */ |
||
936 | static err_t pppol2tp_send_icrq(pppol2tp_pcb *l2tp, u16_t ns) { |
||
937 | struct pbuf *pb; |
||
938 | u8_t *p; |
||
939 | u16_t len; |
||
940 | u32_t serialnumber; |
||
941 | |||
942 | /* calculate UDP packet length */ |
||
943 | len = 12 +8 +8 +10; |
||
944 | |||
945 | /* allocate a buffer */ |
||
946 | pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM); |
||
947 | if (pb == NULL) { |
||
948 | return ERR_MEM; |
||
949 | } |
||
950 | LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len); |
||
951 | |||
952 | p = (u8_t*)pb->payload; |
||
953 | /* fill in pkt */ |
||
954 | /* L2TP control header */ |
||
955 | PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p); |
||
956 | PUTSHORT(len, p); /* Length */ |
||
957 | PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */ |
||
958 | PUTSHORT(0, p); /* Session Id */ |
||
959 | PUTSHORT(ns, p); /* NS Sequence number - to peer */ |
||
960 | PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */ |
||
961 | |||
962 | /* AVP - Message type */ |
||
963 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ |
||
964 | PUTSHORT(0, p); /* Vendor ID */ |
||
965 | PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */ |
||
966 | PUTSHORT(PPPOL2TP_MESSAGETYPE_ICRQ, p); /* Attribute value: Message type: ICRQ */ |
||
967 | |||
968 | /* AVP - Assign session ID */ |
||
969 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ |
||
970 | PUTSHORT(0, p); /* Vendor ID */ |
||
971 | PUTSHORT(PPPOL2TP_AVPTYPE_SESSIONID, p); /* Attribute type: Session ID */ |
||
972 | PUTSHORT(l2tp->remote_session_id, p); /* Attribute value: Session ID */ |
||
973 | |||
974 | /* AVP - Call Serial Number */ |
||
975 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */ |
||
976 | PUTSHORT(0, p); /* Vendor ID */ |
||
977 | PUTSHORT(PPPOL2TP_AVPTYPE_CALLSERIALNUMBER, p); /* Attribute type: Serial number */ |
||
978 | serialnumber = magic(); |
||
979 | PUTLONG(serialnumber, p); /* Attribute value: Serial number */ |
||
980 | |||
981 | return pppol2tp_udp_send(l2tp, pb); |
||
982 | } |
||
983 | |||
984 | /* Complete tunnel establishment */ |
||
985 | static err_t pppol2tp_send_iccn(pppol2tp_pcb *l2tp, u16_t ns) { |
||
986 | struct pbuf *pb; |
||
987 | u8_t *p; |
||
988 | u16_t len; |
||
989 | |||
990 | /* calculate UDP packet length */ |
||
991 | len = 12 +8 +10 +10; |
||
992 | |||
993 | /* allocate a buffer */ |
||
994 | pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM); |
||
995 | if (pb == NULL) { |
||
996 | return ERR_MEM; |
||
997 | } |
||
998 | LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len); |
||
999 | |||
1000 | p = (u8_t*)pb->payload; |
||
1001 | /* fill in pkt */ |
||
1002 | /* L2TP control header */ |
||
1003 | PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p); |
||
1004 | PUTSHORT(len, p); /* Length */ |
||
1005 | PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */ |
||
1006 | PUTSHORT(l2tp->source_session_id, p); /* Session Id */ |
||
1007 | PUTSHORT(ns, p); /* NS Sequence number - to peer */ |
||
1008 | PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */ |
||
1009 | |||
1010 | /* AVP - Message type */ |
||
1011 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ |
||
1012 | PUTSHORT(0, p); /* Vendor ID */ |
||
1013 | PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */ |
||
1014 | PUTSHORT(PPPOL2TP_MESSAGETYPE_ICCN, p); /* Attribute value: Message type: ICCN */ |
||
1015 | |||
1016 | /* AVP - Framing type */ |
||
1017 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */ |
||
1018 | PUTSHORT(0, p); /* Vendor ID */ |
||
1019 | PUTSHORT(PPPOL2TP_AVPTYPE_FRAMINGTYPE, p); /* Attribute type: Framing type */ |
||
1020 | PUTLONG(PPPOL2TP_FRAMINGTYPE, p); /* Attribute value: Framing type */ |
||
1021 | |||
1022 | /* AVP - TX Connect speed */ |
||
1023 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */ |
||
1024 | PUTSHORT(0, p); /* Vendor ID */ |
||
1025 | PUTSHORT(PPPOL2TP_AVPTYPE_TXCONNECTSPEED, p); /* Attribute type: TX Connect speed */ |
||
1026 | PUTLONG(PPPOL2TP_TXCONNECTSPEED, p); /* Attribute value: TX Connect speed */ |
||
1027 | |||
1028 | return pppol2tp_udp_send(l2tp, pb); |
||
1029 | } |
||
1030 | |||
1031 | /* Send a ZLB ACK packet */ |
||
1032 | static err_t pppol2tp_send_zlb(pppol2tp_pcb *l2tp, u16_t ns) { |
||
1033 | struct pbuf *pb; |
||
1034 | u8_t *p; |
||
1035 | u16_t len; |
||
1036 | |||
1037 | /* calculate UDP packet length */ |
||
1038 | len = 12; |
||
1039 | |||
1040 | /* allocate a buffer */ |
||
1041 | pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM); |
||
1042 | if (pb == NULL) { |
||
1043 | return ERR_MEM; |
||
1044 | } |
||
1045 | LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len); |
||
1046 | |||
1047 | p = (u8_t*)pb->payload; |
||
1048 | /* fill in pkt */ |
||
1049 | /* L2TP control header */ |
||
1050 | PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p); |
||
1051 | PUTSHORT(len, p); /* Length */ |
||
1052 | PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */ |
||
1053 | PUTSHORT(0, p); /* Session Id */ |
||
1054 | PUTSHORT(ns, p); /* NS Sequence number - to peer */ |
||
1055 | PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */ |
||
1056 | |||
1057 | return pppol2tp_udp_send(l2tp, pb); |
||
1058 | } |
||
1059 | |||
1060 | /* Send a StopCCN packet */ |
||
1061 | static err_t pppol2tp_send_stopccn(pppol2tp_pcb *l2tp, u16_t ns) { |
||
1062 | struct pbuf *pb; |
||
1063 | u8_t *p; |
||
1064 | u16_t len; |
||
1065 | |||
1066 | /* calculate UDP packet length */ |
||
1067 | len = 12 +8 +8 +8; |
||
1068 | |||
1069 | /* allocate a buffer */ |
||
1070 | pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM); |
||
1071 | if (pb == NULL) { |
||
1072 | return ERR_MEM; |
||
1073 | } |
||
1074 | LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len); |
||
1075 | |||
1076 | p = (u8_t*)pb->payload; |
||
1077 | /* fill in pkt */ |
||
1078 | /* L2TP control header */ |
||
1079 | PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p); |
||
1080 | PUTSHORT(len, p); /* Length */ |
||
1081 | PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */ |
||
1082 | PUTSHORT(0, p); /* Session Id */ |
||
1083 | PUTSHORT(ns, p); /* NS Sequence number - to peer */ |
||
1084 | PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */ |
||
1085 | |||
1086 | /* AVP - Message type */ |
||
1087 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ |
||
1088 | PUTSHORT(0, p); /* Vendor ID */ |
||
1089 | PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */ |
||
1090 | PUTSHORT(PPPOL2TP_MESSAGETYPE_STOPCCN, p); /* Attribute value: Message type: StopCCN */ |
||
1091 | |||
1092 | /* AVP - Assign tunnel ID */ |
||
1093 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ |
||
1094 | PUTSHORT(0, p); /* Vendor ID */ |
||
1095 | PUTSHORT(PPPOL2TP_AVPTYPE_TUNNELID, p); /* Attribute type: Tunnel ID */ |
||
1096 | PUTSHORT(l2tp->remote_tunnel_id, p); /* Attribute value: Tunnel ID */ |
||
1097 | |||
1098 | /* AVP - Result code */ |
||
1099 | PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */ |
||
1100 | PUTSHORT(0, p); /* Vendor ID */ |
||
1101 | PUTSHORT(PPPOL2TP_AVPTYPE_RESULTCODE, p); /* Attribute type: Result code */ |
||
1102 | PUTSHORT(PPPOL2TP_RESULTCODE, p); /* Attribute value: Result code */ |
||
1103 | |||
1104 | return pppol2tp_udp_send(l2tp, pb); |
||
1105 | } |
||
1106 | |||
1107 | static err_t pppol2tp_xmit(pppol2tp_pcb *l2tp, struct pbuf *pb) { |
||
1108 | u8_t *p; |
||
1109 | |||
1110 | /* make room for L2TP header - should not fail */ |
||
1111 | if (pbuf_add_header(pb, PPPOL2TP_OUTPUT_DATA_HEADER_LEN) != 0) { |
||
1112 | /* bail out */ |
||
1113 | PPPDEBUG(LOG_ERR, ("pppol2tp: pppol2tp_pcb: could not allocate room for L2TP header\n")); |
||
1114 | LINK_STATS_INC(link.lenerr); |
||
1115 | pbuf_free(pb); |
||
1116 | return ERR_BUF; |
||
1117 | } |
||
1118 | |||
1119 | p = (u8_t*)pb->payload; |
||
1120 | PUTSHORT(PPPOL2TP_HEADERFLAG_DATA_MANDATORY, p); |
||
1121 | PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */ |
||
1122 | PUTSHORT(l2tp->source_session_id, p); /* Session Id */ |
||
1123 | |||
1124 | return pppol2tp_udp_send(l2tp, pb); |
||
1125 | } |
||
1126 | |||
1127 | static err_t pppol2tp_udp_send(pppol2tp_pcb *l2tp, struct pbuf *pb) { |
||
1128 | err_t err; |
||
1129 | if (l2tp->netif) { |
||
1130 | err = udp_sendto_if(l2tp->udp, pb, &l2tp->remote_ip, l2tp->tunnel_port, l2tp->netif); |
||
1131 | } else { |
||
1132 | err = udp_sendto(l2tp->udp, pb, &l2tp->remote_ip, l2tp->tunnel_port); |
||
1133 | } |
||
1134 | pbuf_free(pb); |
||
1135 | return err; |
||
1136 | } |
||
1137 | |||
1138 | #endif /* PPP_SUPPORT && PPPOL2TP_SUPPORT */ |