1 // SoftEther VPN Source Code - Stable Edition Repository 2 // Cedar Communication Module 3 // 4 // SoftEther VPN Server, Client and Bridge are free software under the Apache License, Version 2.0. 5 // 6 // Copyright (c) Daiyuu Nobori. 7 // Copyright (c) SoftEther VPN Project, University of Tsukuba, Japan. 8 // Copyright (c) SoftEther Corporation. 9 // Copyright (c) all contributors on SoftEther VPN project in GitHub. 10 // 11 // All Rights Reserved. 12 // 13 // http://www.softether.org/ 14 // 15 // This stable branch is officially managed by Daiyuu Nobori, the owner of SoftEther VPN Project. 16 // Pull requests should be sent to the Developer Edition Master Repository on https://github.com/SoftEtherVPN/SoftEtherVPN 17 // 18 // License: The Apache License, Version 2.0 19 // https://www.apache.org/licenses/LICENSE-2.0 20 // 21 // DISCLAIMER 22 // ========== 23 // 24 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 25 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 26 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 27 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 28 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 29 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 30 // SOFTWARE. 31 // 32 // THIS SOFTWARE IS DEVELOPED IN JAPAN, AND DISTRIBUTED FROM JAPAN, UNDER 33 // JAPANESE LAWS. YOU MUST AGREE IN ADVANCE TO USE, COPY, MODIFY, MERGE, PUBLISH, 34 // DISTRIBUTE, SUBLICENSE, AND/OR SELL COPIES OF THIS SOFTWARE, THAT ANY 35 // JURIDICAL DISPUTES WHICH ARE CONCERNED TO THIS SOFTWARE OR ITS CONTENTS, 36 // AGAINST US (SOFTETHER PROJECT, SOFTETHER CORPORATION, DAIYUU NOBORI OR OTHER 37 // SUPPLIERS), OR ANY JURIDICAL DISPUTES AGAINST US WHICH ARE CAUSED BY ANY KIND 38 // OF USING, COPYING, MODIFYING, MERGING, PUBLISHING, DISTRIBUTING, SUBLICENSING, 39 // AND/OR SELLING COPIES OF THIS SOFTWARE SHALL BE REGARDED AS BE CONSTRUED AND 40 // CONTROLLED BY JAPANESE LAWS, AND YOU MUST FURTHER CONSENT TO EXCLUSIVE 41 // JURISDICTION AND VENUE IN THE COURTS SITTING IN TOKYO, JAPAN. YOU MUST WAIVE 42 // ALL DEFENSES OF LACK OF PERSONAL JURISDICTION AND FORUM NON CONVENIENS. 43 // PROCESS MAY BE SERVED ON EITHER PARTY IN THE MANNER AUTHORIZED BY APPLICABLE 44 // LAW OR COURT RULE. 45 // 46 // USE ONLY IN JAPAN. DO NOT USE THIS SOFTWARE IN ANOTHER COUNTRY UNLESS YOU HAVE 47 // A CONFIRMATION THAT THIS SOFTWARE DOES NOT VIOLATE ANY CRIMINAL LAWS OR CIVIL 48 // RIGHTS IN THAT PARTICULAR COUNTRY. USING THIS SOFTWARE IN OTHER COUNTRIES IS 49 // COMPLETELY AT YOUR OWN RISK. THE SOFTETHER VPN PROJECT HAS DEVELOPED AND 50 // DISTRIBUTED THIS SOFTWARE TO COMPLY ONLY WITH THE JAPANESE LAWS AND EXISTING 51 // CIVIL RIGHTS INCLUDING PATENTS WHICH ARE SUBJECTS APPLY IN JAPAN. OTHER 52 // COUNTRIES' LAWS OR CIVIL RIGHTS ARE NONE OF OUR CONCERNS NOR RESPONSIBILITIES. 53 // WE HAVE NEVER INVESTIGATED ANY CRIMINAL REGULATIONS, CIVIL LAWS OR 54 // INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENTS IN ANY OF OTHER 200+ COUNTRIES 55 // AND TERRITORIES. BY NATURE, THERE ARE 200+ REGIONS IN THE WORLD, WITH 56 // DIFFERENT LAWS. IT IS IMPOSSIBLE TO VERIFY EVERY COUNTRIES' LAWS, REGULATIONS 57 // AND CIVIL RIGHTS TO MAKE THE SOFTWARE COMPLY WITH ALL COUNTRIES' LAWS BY THE 58 // PROJECT. EVEN IF YOU WILL BE SUED BY A PRIVATE ENTITY OR BE DAMAGED BY A 59 // PUBLIC SERVANT IN YOUR COUNTRY, THE DEVELOPERS OF THIS SOFTWARE WILL NEVER BE 60 // LIABLE TO RECOVER OR COMPENSATE SUCH DAMAGES, CRIMINAL OR CIVIL 61 // RESPONSIBILITIES. NOTE THAT THIS LINE IS NOT LICENSE RESTRICTION BUT JUST A 62 // STATEMENT FOR WARNING AND DISCLAIMER. 63 // 64 // READ AND UNDERSTAND THE 'WARNING.TXT' FILE BEFORE USING THIS SOFTWARE. 65 // SOME SOFTWARE PROGRAMS FROM THIRD PARTIES ARE INCLUDED ON THIS SOFTWARE WITH 66 // LICENSE CONDITIONS WHICH ARE DESCRIBED ON THE 'THIRD_PARTY.TXT' FILE. 67 // 68 // 69 // SOURCE CODE CONTRIBUTION 70 // ------------------------ 71 // 72 // Your contribution to SoftEther VPN Project is much appreciated. 73 // Please send patches to us through GitHub. 74 // Read the SoftEther VPN Patch Acceptance Policy in advance: 75 // http://www.softether.org/5-download/src/9.patch 76 // 77 // 78 // DEAR SECURITY EXPERTS 79 // --------------------- 80 // 81 // If you find a bug or a security vulnerability please kindly inform us 82 // about the problem immediately so that we can fix the security problem 83 // to protect a lot of users around the world as soon as possible. 84 // 85 // Our e-mail address for security reports is: 86 // softether-vpn-security [at] softether.org 87 // 88 // Please note that the above e-mail address is not a technical support 89 // inquiry address. If you need technical assistance, please visit 90 // http://www.softether.org/ and ask your question on the users forum. 91 // 92 // Thank you for your cooperation. 93 // 94 // 95 // NO MEMORY OR RESOURCE LEAKS 96 // --------------------------- 97 // 98 // The memory-leaks and resource-leaks verification under the stress 99 // test has been passed before release this source code. 100 101 102 // IPsec_L2TP.h 103 // Header of IPsec_L2TP.c 104 105 #ifndef IPSEC_L2TP_H 106 #define IPSEC_L2TP_H 107 108 //// Macro 109 110 // Check the sequence number 111 #define L2TP_SEQ_LT(a, b) (((USHORT)(((USHORT)(a)) - ((USHORT)(b)))) & 0x8000) 112 #define L2TP_SEQ_EQ(a, b) ((USHORT)(a) == (USHORT)(b)) 113 114 //// Constants 115 116 // Client string 117 #define L2TP_IPC_CLIENT_NAME_TAG "L2TP VPN Client - %s" 118 #define L2TP_IPC_CLIENT_NAME_NO_TAG "L2TP VPN Client" 119 #define L2TP_IPC_POSTFIX "L2TP" 120 121 // L2TP vendor name 122 #define L2TP_VENDOR_NAME "L2TP" 123 124 // L2TP packet retransmission interval 125 #define L2TP_PACKET_RESEND_INTERVAL 500 126 127 // Timeout for L2TP tunnel disconnecting completion 128 #define L2TP_TUNNEL_DISCONNECT_TIMEOUT 3000 129 130 // Timeout for L2TP session disconnection completion 131 #define L2TP_SESSION_DISCONNECT_TIMEOUT 3000 132 133 // Time-out interval of L2TP tunnel 134 #define L2TP_TUNNEL_TIMEOUT (60 * 1000) 135 136 // Transmission interval of L2TP Hello 137 #define L2TP_HELLO_INTERVAL (8801) 138 139 // Threshold number of registered items in the transmission queue for suppressing the L2TP Hello transmission 140 #define L2TP_HELLO_SUPRESS_MAX_THRETHORD_NUM_SEND_QUEUE 32 141 142 // Quota 143 #define L2TP_QUOTA_MAX_NUM_TUNNELS_PER_IP 1000 // Number of L2TP sessions per IP address 144 #define L2TP_QUOTA_MAX_NUM_TUNNELS 30000 // Limit of the number of sessions 145 #define L2TP_QUOTA_MAX_NUM_SESSIONS_PER_TUNNEL 1024 // Max sessions in a tunnel 146 147 // L2TP window size 148 #define L2TP_WINDOW_SIZE 16 149 150 // L2TP packet header bit mask 151 #define L2TP_HEADER_BIT_TYPE 0x80 // Type 152 #define L2TP_HEADER_BIT_LENGTH 0x40 // Length 153 #define L2TP_HEADER_BIT_SEQUENCE 0x08 // Sequence 154 #define L2TP_HEADER_BIT_OFFSET 0x02 // Offset 155 #define L2TP_HEADER_BIT_PRIORITY 0x01 // Priority 156 #define L2TP_HEADER_BIT_VER 0x0F // Version 157 158 // L2TP AVP header bit mask 159 #define L2TP_AVP_BIT_MANDATORY 0x80 // Mandatory 160 #define L2TP_AVP_BIT_HIDDEN 0x40 // Hidden 161 #define L2TP_AVP_LENGTH 0x3FF // Length 162 163 // AVP value 164 #define L2TP_AVP_TYPE_MESSAGE_TYPE 0 // Message Type 165 #define L2TP_AVP_TYPE_RESULT_CODE 1 // Result Code 166 #define L2TP_AVP_TYPE_PROTOCOL_VERSION 2 // Protocol Version 167 #define L2TP_AVP_TYPE_FRAME_CAP 3 // Framing Capabilities 168 #define L2TP_AVP_TYPE_BEARER_CAP 4 // Bearer Capabilities 169 #define L2TP_AVP_TYPE_TIE_BREAKER 5 // Tie Breaker 170 #define L2TP_AVP_TYPE_HOST_NAME 7 // Host Name 171 #define L2TP_AVP_TYPE_VENDOR_NAME 8 // Vendor Name 172 #define L2TP_AVP_TYPE_ASSIGNED_TUNNEL 9 // Assigned Tunnel 173 #define L2TP_AVP_TYPE_RECV_WINDOW_SIZE 10 // Receive Window Size 174 #define L2TP_AVP_TYPE_ASSIGNED_SESSION 14 // Assigned Session ID 175 #define L2TP_AVP_TYPE_CALL_SERIAL 15 // Call Serial Number 176 #define L2TP_AVP_TYPE_PPP_DISCONNECT_CAUSE 46 // PPP Disconnect Cause Code 177 #define L2TP_AVP_TYPE_V3_ROUTER_ID 60 // Router ID 178 #define L2TP_AVP_TYPE_V3_TUNNEL_ID 61 // Assigned Control Connection ID 179 #define L2TP_AVP_TYPE_V3_PW_CAP_LIST 62 // Pseudowire Capabilities List 180 #define L2TP_AVP_TYPE_V3_SESSION_ID_LOCAL 63 // Local Session ID 181 #define L2TP_AVP_TYPE_V3_SESSION_ID_REMOTE 64 // Remote Session ID 182 #define L2TP_AVP_TYPE_V3_PW_TYPE 68 // Pseudowire Type 183 #define L2TP_AVP_TYPE_V3_CIRCUIT_STATUS 71 184 185 // Message Type value 186 #define L2TP_MESSAGE_TYPE_SCCRQ 1 // Start-Control-Connection-Request 187 #define L2TP_MESSAGE_TYPE_SCCRP 2 // Start-Control-Connection-Reply 188 #define L2TP_MESSAGE_TYPE_SCCCN 3 // Start-Control-Connection-Connected 189 #define L2TP_MESSAGE_TYPE_STOPCCN 4 // Stop-Control-Connection-Notification 190 #define L2TP_MESSAGE_TYPE_HELLO 6 // Hello 191 #define L2TP_MESSAGE_TYPE_ICRQ 10 // Incoming-Call-Request 192 #define L2TP_MESSAGE_TYPE_ICRP 11 // Incoming-Call-Reply 193 #define L2TP_MESSAGE_TYPE_ICCN 12 // Incoming-Call-Connected 194 #define L2TP_MESSAGE_TYPE_CDN 14 // Call-Disconnect-Notify 195 196 // Type of L2TPv3 virtual network 197 #define L2TPV3_PW_TYPE_ETHERNET 5 // Ethernet 198 #define L2TPV3_PW_TYPE_ETHERNET_VLAN 4 // Ethernet VLAN 199 200 // L2TPv3 vendor unique value 201 #define L2TP_AVP_VENDOR_ID_CISCO 9 // Cisco Systems 202 #define L2TPV3_CISCO_AVP_TUNNEL_ID 1 // Assigned Connection ID 203 #define L2TPV3_CISCO_AVP_PW_CAP_LIST 2 // Pseudowire Capabilities List 204 #define L2TPV3_CISCO_AVP_SESSION_ID_LOCAL 3 // Local Session ID 205 #define L2TPV3_CISCO_AVP_SESSION_ID_REMOTE 4 // Remote Session ID 206 #define L2TPV3_CISCO_AVP_PW_TYPE 7 // Pseudowire Type 207 #define L2TPV3_CISCO_AVP_DRAFT_AVP_VERSION 10 // Draft AVP Version 208 209 210 211 //// Types 212 213 // L2TP queue 214 struct L2TP_QUEUE 215 { 216 BUF *Buf; // Data 217 USHORT Ns; // Sequence number 218 UINT64 NextSendTick; // Scheduled time to be sent next 219 L2TP_PACKET *L2TPPacket; // L2TP packet data 220 }; 221 222 // L2TP AVP value 223 struct L2TP_AVP 224 { 225 bool Mandatory; // Force bit 226 UINT Length; // Overall length 227 USHORT VendorID; // Vendor ID 228 USHORT Type; // Type 229 UINT DataSize; // Data size 230 void *Data; // Data body 231 }; 232 233 // L2TP packet 234 struct L2TP_PACKET 235 { 236 bool IsControl; // Whether it's a control message 237 bool HasLength; // Whether there is length bit 238 bool HasSequence; // Whether there is sequence bit 239 bool HasOffset; // Whether there is offset bit 240 bool IsPriority; // Whether priority packet 241 bool IsZLB; // Zero Length Bit 242 bool IsYamahaV3; // L2TPv3 on YAMAHA 243 UINT Ver; // Version 244 UINT Length; // Length 245 UINT TunnelId; // Tunnel ID 246 UINT SessionId; // Session ID 247 USHORT Ns, Nr; // Sequence number 248 UINT OffsetSize; // Offset size 249 UINT DataSize; // Data size 250 void *Data; // Data body 251 LIST *AvpList; // AVP list 252 UINT MessageType; // Message type 253 }; 254 255 // L2TP session 256 struct L2TP_SESSION 257 { 258 L2TP_TUNNEL *Tunnel; // Parent L2TP tunnel 259 bool IsV3; // L2TPv3 260 bool IsCiscoV3; // L2TPv3 for Cisco 261 UINT SessionId1; // Session ID (server -> client direction) 262 UINT SessionId2; // Session ID (client -> server direction) 263 bool Established; // Established 264 bool WantToDisconnect; // Whether to want to disconnect 265 bool Disconnecting; // Whether disconnected 266 UINT64 DisconnectTimeout; // Disconnection completion time-out 267 bool HasThread; // Whether have a thread 268 THREAD *Thread; // Thread 269 TUBE *TubeSend; // Tube of PPP to L2TP direction 270 TUBE *TubeRecv; // Tube of L2TP to PPP direction 271 UINT PseudowireType; // Type of L2TPv3 virtual line 272 ETHERIP_SERVER *EtherIP; // EtherIP server 273 }; 274 275 // L2TP tunnel 276 struct L2TP_TUNNEL 277 { 278 bool IsV3; // L2TPv3 279 bool IsCiscoV3; // L2TPv3 for Cisco 280 bool IsYamahaV3; // L2TPv3 for YAMAHA 281 IP ClientIp; // Client IP address 282 UINT ClientPort; // Client port number 283 IP ServerIp; // Server IP address 284 UINT ServerPort; // Server port number 285 UINT TunnelId1; // Tunnel ID (server -> client direction) 286 UINT TunnelId2; // Tunnel ID (client -> server direction) 287 char HostName[MAX_SIZE]; // Destination host name 288 char VendorName[MAX_SIZE]; // Destination vendor name 289 LIST *SessionList; // L2TP session list 290 LIST *SendQueue; // Transmission queue 291 LIST *RecvQueue; // Reception queue 292 USHORT NextNs; // Value of Ns of the packet to be sent next 293 USHORT LastNr; // Value of NR received in the last 294 bool Established; // Whether the tunnel is established 295 bool StateChanged; // Whether the state have changed 296 bool WantToDisconnect; // Whether to want to disconnect 297 bool Disconnecting; // Whether disconnected 298 UINT64 DisconnectTimeout; // Disconnection completion time-out 299 UINT64 LastRecvTick; // Time which the data has been received at last 300 bool Timedout; // Whether the time-out 301 UINT64 LastHelloSent; // Time which the data has been sent at last 302 }; 303 304 // L2TP server 305 struct L2TP_SERVER 306 { 307 CEDAR *Cedar; 308 UINT64 Now; // Current time 309 LIST *SendPacketList; // Transmission packet 310 LIST *TunnelList; // Tunnel list 311 INTERRUPT_MANAGER *Interrupts; // Interrupt manager 312 SOCK_EVENT *SockEvent; // SockEvent 313 bool Halt; // Start the shutdown 314 bool Halting; // During shutdown 315 bool HaltCompleted; // Shutdown is complete 316 EVENT *HaltCompletedEvent; // Stopping completion event 317 LIST *ThreadList; // Thread list 318 char CryptName[MAX_SIZE]; // Cipher algorithm name 319 IKE_SERVER *IkeServer; // IKE server (Only if associated) 320 IKE_CLIENT *IkeClient; // IKE client (Only if associated) 321 bool IsIPsecIPv6; // Whether it's IPv6 322 UINT CryptBlockSize; // Cipher block size of the upper layer 323 TUBE_FLUSH_LIST *FlushList; // Tube Flush List 324 }; 325 326 327 //// Function prototype 328 L2TP_SERVER *NewL2TPServer(CEDAR *cedar); 329 L2TP_SERVER *NewL2TPServerEx(CEDAR *cedar, IKE_SERVER *ike, bool is_ipv6, UINT crypt_block_size); 330 UINT GetNumL2TPTunnelsByClientIP(L2TP_SERVER *l2tp, IP *client_ip); 331 void SetL2TPServerSockEvent(L2TP_SERVER *l2tp, SOCK_EVENT *e); 332 void FreeL2TPServer(L2TP_SERVER *l2tp); 333 void StopL2TPServer(L2TP_SERVER *l2tp, bool no_wait); 334 void ProcL2TPPacketRecv(L2TP_SERVER *l2tp, UDPPACKET *p); 335 L2TP_PACKET *ParseL2TPPacket(UDPPACKET *p); 336 BUF *BuildL2TPPacketData(L2TP_PACKET *pp, L2TP_TUNNEL *t); 337 L2TP_AVP *GetAVPValue(L2TP_PACKET *p, UINT type); 338 L2TP_AVP *GetAVPValueEx(L2TP_PACKET *p, UINT type, UINT vendor_id); 339 L2TP_TUNNEL *NewL2TPTunnel(L2TP_SERVER *l2tp, L2TP_PACKET *p, UDPPACKET *udp); 340 UINT GenerateNewTunnelId(L2TP_SERVER *l2tp, IP *client_ip); 341 UINT GenerateNewTunnelIdEx(L2TP_SERVER *l2tp, IP *client_ip, bool is_32bit); 342 void FreeL2TPTunnel(L2TP_TUNNEL *t); 343 L2TP_TUNNEL *GetTunnelFromId(L2TP_SERVER *l2tp, IP *client_ip, UINT tunnel_id, bool is_v3); 344 L2TP_TUNNEL *GetTunnelFromIdOfAssignedByClient(L2TP_SERVER *l2tp, IP *client_ip, UINT tunnel_id); 345 L2TP_TUNNEL *GetTunnelFromIdOfAssignedByClientEx(L2TP_SERVER *l2tp, IP *client_ip, UINT tunnel_id, bool is_v3); 346 void SendL2TPControlPacket(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, UINT session_id, L2TP_PACKET *p); 347 void SendL2TPControlPacketMain(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_QUEUE *q); 348 void SendL2TPDataPacket(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s, void *data, UINT size); 349 void FreeL2TPQueue(L2TP_QUEUE *q); 350 void L2TPAddInterrupt(L2TP_SERVER *l2tp, UINT64 next_tick); 351 void L2TPSendUDP(L2TP_SERVER *l2tp, UDPPACKET *p); 352 void L2TPProcessInterrupts(L2TP_SERVER *l2tp); 353 L2TP_PACKET *NewL2TPControlPacket(UINT message_type, bool is_v3); 354 L2TP_AVP *NewAVP(USHORT type, bool mandatory, USHORT vendor_id, void *data, UINT data_size); 355 int CmpL2TPQueueForRecv(void *p1, void *p2); 356 void L2TPProcessRecvControlPacket(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_PACKET *p); 357 L2TP_SESSION *GetSessionFromId(L2TP_TUNNEL *t, UINT session_id); 358 L2TP_SESSION *GetSessionFromIdAssignedByClient(L2TP_TUNNEL *t, UINT session_id); 359 L2TP_SESSION *NewL2TPSession(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, UINT session_id_by_client); 360 UINT GenerateNewSessionId(L2TP_TUNNEL *t); 361 UINT GenerateNewSessionIdEx(L2TP_TUNNEL *t, bool is_32bit); 362 void FreeL2TPSession(L2TP_SESSION *s); 363 void DisconnectL2TPSession(L2TP_TUNNEL *t, L2TP_SESSION *s); 364 void DisconnectL2TPTunnel(L2TP_TUNNEL *t); 365 void StartL2TPThread(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s); 366 void StopL2TPThread(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s); 367 UINT CalcL2TPMss(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s); 368 UINT GenerateNewSessionIdForL2TPv3(L2TP_SERVER *l2tp); 369 L2TP_SESSION *SearchL2TPSessionById(L2TP_SERVER *l2tp, bool is_v3, UINT id); 370 void L2TPSessionManageEtherIPServer(L2TP_SERVER *l2tp, L2TP_SESSION *s); 371 372 #endif // IPSEC_L2TP_H 373 374 375