1 // SoftEther VPN Source Code - Stable Edition Repository
2 // Cedar Communication Module
3 //
4 // SoftEther VPN Server, Client and Bridge are free software under the Apache License, Version 2.0.
5 //
6 // Copyright (c) Daiyuu Nobori.
7 // Copyright (c) SoftEther VPN Project, University of Tsukuba, Japan.
8 // Copyright (c) SoftEther Corporation.
9 // Copyright (c) all contributors on SoftEther VPN project in GitHub.
10 //
11 // All Rights Reserved.
12 //
13 // http://www.softether.org/
14 //
15 // This stable branch is officially managed by Daiyuu Nobori, the owner of SoftEther VPN Project.
16 // Pull requests should be sent to the Developer Edition Master Repository on https://github.com/SoftEtherVPN/SoftEtherVPN
17 //
18 // License: The Apache License, Version 2.0
19 // https://www.apache.org/licenses/LICENSE-2.0
20 //
21 // DISCLAIMER
22 // ==========
23 //
24 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
25 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
26 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
27 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
28 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
29 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30 // SOFTWARE.
31 //
32 // THIS SOFTWARE IS DEVELOPED IN JAPAN, AND DISTRIBUTED FROM JAPAN, UNDER
33 // JAPANESE LAWS. YOU MUST AGREE IN ADVANCE TO USE, COPY, MODIFY, MERGE, PUBLISH,
34 // DISTRIBUTE, SUBLICENSE, AND/OR SELL COPIES OF THIS SOFTWARE, THAT ANY
35 // JURIDICAL DISPUTES WHICH ARE CONCERNED TO THIS SOFTWARE OR ITS CONTENTS,
36 // AGAINST US (SOFTETHER PROJECT, SOFTETHER CORPORATION, DAIYUU NOBORI OR OTHER
37 // SUPPLIERS), OR ANY JURIDICAL DISPUTES AGAINST US WHICH ARE CAUSED BY ANY KIND
38 // OF USING, COPYING, MODIFYING, MERGING, PUBLISHING, DISTRIBUTING, SUBLICENSING,
39 // AND/OR SELLING COPIES OF THIS SOFTWARE SHALL BE REGARDED AS BE CONSTRUED AND
40 // CONTROLLED BY JAPANESE LAWS, AND YOU MUST FURTHER CONSENT TO EXCLUSIVE
41 // JURISDICTION AND VENUE IN THE COURTS SITTING IN TOKYO, JAPAN. YOU MUST WAIVE
42 // ALL DEFENSES OF LACK OF PERSONAL JURISDICTION AND FORUM NON CONVENIENS.
43 // PROCESS MAY BE SERVED ON EITHER PARTY IN THE MANNER AUTHORIZED BY APPLICABLE
44 // LAW OR COURT RULE.
45 //
46 // USE ONLY IN JAPAN. DO NOT USE THIS SOFTWARE IN ANOTHER COUNTRY UNLESS YOU HAVE
47 // A CONFIRMATION THAT THIS SOFTWARE DOES NOT VIOLATE ANY CRIMINAL LAWS OR CIVIL
48 // RIGHTS IN THAT PARTICULAR COUNTRY. USING THIS SOFTWARE IN OTHER COUNTRIES IS
49 // COMPLETELY AT YOUR OWN RISK. THE SOFTETHER VPN PROJECT HAS DEVELOPED AND
50 // DISTRIBUTED THIS SOFTWARE TO COMPLY ONLY WITH THE JAPANESE LAWS AND EXISTING
51 // CIVIL RIGHTS INCLUDING PATENTS WHICH ARE SUBJECTS APPLY IN JAPAN. OTHER
52 // COUNTRIES' LAWS OR CIVIL RIGHTS ARE NONE OF OUR CONCERNS NOR RESPONSIBILITIES.
53 // WE HAVE NEVER INVESTIGATED ANY CRIMINAL REGULATIONS, CIVIL LAWS OR
54 // INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENTS IN ANY OF OTHER 200+ COUNTRIES
55 // AND TERRITORIES. BY NATURE, THERE ARE 200+ REGIONS IN THE WORLD, WITH
56 // DIFFERENT LAWS. IT IS IMPOSSIBLE TO VERIFY EVERY COUNTRIES' LAWS, REGULATIONS
57 // AND CIVIL RIGHTS TO MAKE THE SOFTWARE COMPLY WITH ALL COUNTRIES' LAWS BY THE
58 // PROJECT. EVEN IF YOU WILL BE SUED BY A PRIVATE ENTITY OR BE DAMAGED BY A
59 // PUBLIC SERVANT IN YOUR COUNTRY, THE DEVELOPERS OF THIS SOFTWARE WILL NEVER BE
60 // LIABLE TO RECOVER OR COMPENSATE SUCH DAMAGES, CRIMINAL OR CIVIL
61 // RESPONSIBILITIES. NOTE THAT THIS LINE IS NOT LICENSE RESTRICTION BUT JUST A
62 // STATEMENT FOR WARNING AND DISCLAIMER.
63 //
64 // READ AND UNDERSTAND THE 'WARNING.TXT' FILE BEFORE USING THIS SOFTWARE.
65 // SOME SOFTWARE PROGRAMS FROM THIRD PARTIES ARE INCLUDED ON THIS SOFTWARE WITH
66 // LICENSE CONDITIONS WHICH ARE DESCRIBED ON THE 'THIRD_PARTY.TXT' FILE.
67 //
68 //
69 // SOURCE CODE CONTRIBUTION
70 // ------------------------
71 //
72 // Your contribution to SoftEther VPN Project is much appreciated.
73 // Please send patches to us through GitHub.
74 // Read the SoftEther VPN Patch Acceptance Policy in advance:
75 // http://www.softether.org/5-download/src/9.patch
76 //
77 //
78 // DEAR SECURITY EXPERTS
79 // ---------------------
80 //
81 // If you find a bug or a security vulnerability please kindly inform us
82 // about the problem immediately so that we can fix the security problem
83 // to protect a lot of users around the world as soon as possible.
84 //
85 // Our e-mail address for security reports is:
86 // softether-vpn-security [at] softether.org
87 //
88 // Please note that the above e-mail address is not a technical support
89 // inquiry address. If you need technical assistance, please visit
90 // http://www.softether.org/ and ask your question on the users forum.
91 //
92 // Thank you for your cooperation.
93 //
94 //
95 // NO MEMORY OR RESOURCE LEAKS
96 // ---------------------------
97 //
98 // The memory-leaks and resource-leaks verification under the stress
99 // test has been passed before release this source code.
100 
101 
102 // IPsec_L2TP.h
103 // Header of IPsec_L2TP.c
104 
105 #ifndef	IPSEC_L2TP_H
106 #define	IPSEC_L2TP_H
107 
108 //// Macro
109 
110 // Check the sequence number
111 #define	L2TP_SEQ_LT(a, b)			(((USHORT)(((USHORT)(a)) - ((USHORT)(b)))) & 0x8000)
112 #define	L2TP_SEQ_EQ(a, b)			((USHORT)(a) == (USHORT)(b))
113 
114 //// Constants
115 
116 // Client string
117 #define L2TP_IPC_CLIENT_NAME_TAG		"L2TP VPN Client - %s"
118 #define L2TP_IPC_CLIENT_NAME_NO_TAG		"L2TP VPN Client"
119 #define	L2TP_IPC_POSTFIX				"L2TP"
120 
121 // L2TP vendor name
122 #define	L2TP_VENDOR_NAME				"L2TP"
123 
124 // L2TP packet retransmission interval
125 #define	L2TP_PACKET_RESEND_INTERVAL		500
126 
127 // Timeout for L2TP tunnel disconnecting completion
128 #define	L2TP_TUNNEL_DISCONNECT_TIMEOUT	3000
129 
130 // Timeout for L2TP session disconnection completion
131 #define	L2TP_SESSION_DISCONNECT_TIMEOUT	3000
132 
133 // Time-out interval of L2TP tunnel
134 #define	L2TP_TUNNEL_TIMEOUT				(60 * 1000)
135 
136 // Transmission interval of L2TP Hello
137 #define	L2TP_HELLO_INTERVAL				(8801)
138 
139 // Threshold number of registered items in the transmission queue for suppressing the L2TP Hello transmission
140 #define	L2TP_HELLO_SUPRESS_MAX_THRETHORD_NUM_SEND_QUEUE		32
141 
142 // Quota
143 #define	L2TP_QUOTA_MAX_NUM_TUNNELS_PER_IP		1000			// Number of L2TP sessions per IP address
144 #define	L2TP_QUOTA_MAX_NUM_TUNNELS				30000			// Limit of the number of sessions
145 #define	L2TP_QUOTA_MAX_NUM_SESSIONS_PER_TUNNEL	1024		// Max sessions in a tunnel
146 
147 // L2TP window size
148 #define	L2TP_WINDOW_SIZE				16
149 
150 // L2TP packet header bit mask
151 #define	L2TP_HEADER_BIT_TYPE			0x80	// Type
152 #define	L2TP_HEADER_BIT_LENGTH			0x40	// Length
153 #define	L2TP_HEADER_BIT_SEQUENCE		0x08	// Sequence
154 #define	L2TP_HEADER_BIT_OFFSET			0x02	// Offset
155 #define	L2TP_HEADER_BIT_PRIORITY		0x01	// Priority
156 #define	L2TP_HEADER_BIT_VER				0x0F	// Version
157 
158 // L2TP AVP header bit mask
159 #define	L2TP_AVP_BIT_MANDATORY			0x80	// Mandatory
160 #define	L2TP_AVP_BIT_HIDDEN				0x40	// Hidden
161 #define	L2TP_AVP_LENGTH					0x3FF	// Length
162 
163 // AVP value
164 #define	L2TP_AVP_TYPE_MESSAGE_TYPE		0		// Message Type
165 #define	L2TP_AVP_TYPE_RESULT_CODE		1		// Result Code
166 #define	L2TP_AVP_TYPE_PROTOCOL_VERSION	2		// Protocol Version
167 #define	L2TP_AVP_TYPE_FRAME_CAP			3		// Framing Capabilities
168 #define	L2TP_AVP_TYPE_BEARER_CAP		4		// Bearer Capabilities
169 #define	L2TP_AVP_TYPE_TIE_BREAKER		5		// Tie Breaker
170 #define	L2TP_AVP_TYPE_HOST_NAME			7		// Host Name
171 #define	L2TP_AVP_TYPE_VENDOR_NAME		8		// Vendor Name
172 #define	L2TP_AVP_TYPE_ASSIGNED_TUNNEL	9		// Assigned Tunnel
173 #define	L2TP_AVP_TYPE_RECV_WINDOW_SIZE	10		// Receive Window Size
174 #define	L2TP_AVP_TYPE_ASSIGNED_SESSION	14		// Assigned Session ID
175 #define	L2TP_AVP_TYPE_CALL_SERIAL		15		// Call Serial Number
176 #define	L2TP_AVP_TYPE_PPP_DISCONNECT_CAUSE	46	// PPP Disconnect Cause Code
177 #define	L2TP_AVP_TYPE_V3_ROUTER_ID		60		// Router ID
178 #define	L2TP_AVP_TYPE_V3_TUNNEL_ID		61		// Assigned Control Connection ID
179 #define	L2TP_AVP_TYPE_V3_PW_CAP_LIST	62		// Pseudowire Capabilities List
180 #define	L2TP_AVP_TYPE_V3_SESSION_ID_LOCAL	63	// Local Session ID
181 #define	L2TP_AVP_TYPE_V3_SESSION_ID_REMOTE	64	// Remote Session ID
182 #define	L2TP_AVP_TYPE_V3_PW_TYPE		68		// Pseudowire Type
183 #define	L2TP_AVP_TYPE_V3_CIRCUIT_STATUS	71
184 
185 // Message Type value
186 #define	L2TP_MESSAGE_TYPE_SCCRQ			1		// Start-Control-Connection-Request
187 #define	L2TP_MESSAGE_TYPE_SCCRP			2		// Start-Control-Connection-Reply
188 #define	L2TP_MESSAGE_TYPE_SCCCN			3		// Start-Control-Connection-Connected
189 #define	L2TP_MESSAGE_TYPE_STOPCCN		4		// Stop-Control-Connection-Notification
190 #define	L2TP_MESSAGE_TYPE_HELLO			6		// Hello
191 #define	L2TP_MESSAGE_TYPE_ICRQ			10		// Incoming-Call-Request
192 #define	L2TP_MESSAGE_TYPE_ICRP			11		// Incoming-Call-Reply
193 #define	L2TP_MESSAGE_TYPE_ICCN			12		// Incoming-Call-Connected
194 #define	L2TP_MESSAGE_TYPE_CDN			14		// Call-Disconnect-Notify
195 
196 // Type of L2TPv3 virtual network
197 #define	L2TPV3_PW_TYPE_ETHERNET			5		// Ethernet
198 #define	L2TPV3_PW_TYPE_ETHERNET_VLAN	4		// Ethernet VLAN
199 
200 // L2TPv3 vendor unique value
201 #define	L2TP_AVP_VENDOR_ID_CISCO		9		// Cisco Systems
202 #define	L2TPV3_CISCO_AVP_TUNNEL_ID		1		// Assigned Connection ID
203 #define	L2TPV3_CISCO_AVP_PW_CAP_LIST	2		// Pseudowire Capabilities List
204 #define	L2TPV3_CISCO_AVP_SESSION_ID_LOCAL	3	// Local Session ID
205 #define	L2TPV3_CISCO_AVP_SESSION_ID_REMOTE	4	// Remote Session ID
206 #define	L2TPV3_CISCO_AVP_PW_TYPE			7	// Pseudowire Type
207 #define	L2TPV3_CISCO_AVP_DRAFT_AVP_VERSION	10	// Draft AVP Version
208 
209 
210 
211 //// Types
212 
213 // L2TP queue
214 struct L2TP_QUEUE
215 {
216 	BUF *Buf;									// Data
217 	USHORT Ns;									// Sequence number
218 	UINT64 NextSendTick;						// Scheduled time to be sent next
219 	L2TP_PACKET *L2TPPacket;					// L2TP packet data
220 };
221 
222 // L2TP AVP value
223 struct L2TP_AVP
224 {
225 	bool Mandatory;								// Force bit
226 	UINT Length;								// Overall length
227 	USHORT VendorID;							// Vendor ID
228 	USHORT Type;								// Type
229 	UINT DataSize;								// Data size
230 	void *Data;									// Data body
231 };
232 
233 // L2TP packet
234 struct L2TP_PACKET
235 {
236 	bool IsControl;								// Whether it's a control message
237 	bool HasLength;								// Whether there is length bit
238 	bool HasSequence;							// Whether there is sequence bit
239 	bool HasOffset;								// Whether there is offset bit
240 	bool IsPriority;							// Whether priority packet
241 	bool IsZLB;									// Zero Length Bit
242 	bool IsYamahaV3;							// L2TPv3 on YAMAHA
243 	UINT Ver;									// Version
244 	UINT Length;								// Length
245 	UINT TunnelId;								// Tunnel ID
246 	UINT SessionId;								// Session ID
247 	USHORT Ns, Nr;								// Sequence number
248 	UINT OffsetSize;							// Offset size
249 	UINT DataSize;								// Data size
250 	void *Data;									// Data body
251 	LIST *AvpList;								// AVP list
252 	UINT MessageType;							// Message type
253 };
254 
255 // L2TP session
256 struct L2TP_SESSION
257 {
258 	L2TP_TUNNEL *Tunnel;						// Parent L2TP tunnel
259 	bool IsV3;									// L2TPv3
260 	bool IsCiscoV3;								// L2TPv3 for Cisco
261 	UINT SessionId1;							// Session ID (server -> client direction)
262 	UINT SessionId2;							// Session ID (client -> server direction)
263 	bool Established;							// Established
264 	bool WantToDisconnect;						// Whether to want to disconnect
265 	bool Disconnecting;							// Whether disconnected
266 	UINT64 DisconnectTimeout;					// Disconnection completion time-out
267 	bool HasThread;								// Whether have a thread
268 	THREAD *Thread;								// Thread
269 	TUBE *TubeSend;								// Tube of PPP to L2TP direction
270 	TUBE *TubeRecv;								// Tube of L2TP to PPP direction
271 	UINT PseudowireType;						// Type of L2TPv3 virtual line
272 	ETHERIP_SERVER *EtherIP;					// EtherIP server
273 };
274 
275 // L2TP tunnel
276 struct L2TP_TUNNEL
277 {
278 	bool IsV3;									// L2TPv3
279 	bool IsCiscoV3;								// L2TPv3 for Cisco
280 	bool IsYamahaV3;							// L2TPv3 for YAMAHA
281 	IP ClientIp;								// Client IP address
282 	UINT ClientPort;							// Client port number
283 	IP ServerIp;								// Server IP address
284 	UINT ServerPort;							// Server port number
285 	UINT TunnelId1;								// Tunnel ID (server -> client direction)
286 	UINT TunnelId2;								// Tunnel ID (client -> server direction)
287 	char HostName[MAX_SIZE];					// Destination host name
288 	char VendorName[MAX_SIZE];					// Destination vendor name
289 	LIST *SessionList;							// L2TP session list
290 	LIST *SendQueue;							// Transmission queue
291 	LIST *RecvQueue;							// Reception queue
292 	USHORT NextNs;								// Value of Ns of the packet to be sent next
293 	USHORT LastNr;								// Value of NR received in the last
294 	bool Established;							// Whether the tunnel is established
295 	bool StateChanged;							// Whether the state have changed
296 	bool WantToDisconnect;						// Whether to want to disconnect
297 	bool Disconnecting;							// Whether disconnected
298 	UINT64 DisconnectTimeout;					// Disconnection completion time-out
299 	UINT64 LastRecvTick;						// Time which the data has been received at last
300 	bool Timedout;								// Whether the time-out
301 	UINT64 LastHelloSent;						// Time which the data has been sent at last
302 };
303 
304 // L2TP server
305 struct L2TP_SERVER
306 {
307 	CEDAR *Cedar;
308 	UINT64 Now;									// Current time
309 	LIST *SendPacketList;						// Transmission packet
310 	LIST *TunnelList;							// Tunnel list
311 	INTERRUPT_MANAGER *Interrupts;				// Interrupt manager
312 	SOCK_EVENT *SockEvent;						// SockEvent
313 	bool Halt;									// Start the shutdown
314 	bool Halting;								// During shutdown
315 	bool HaltCompleted;							// Shutdown is complete
316 	EVENT *HaltCompletedEvent;					// Stopping completion event
317 	LIST *ThreadList;							// Thread list
318 	char CryptName[MAX_SIZE];					// Cipher algorithm name
319 	IKE_SERVER *IkeServer;						// IKE server (Only if associated)
320 	IKE_CLIENT *IkeClient;						// IKE client (Only if associated)
321 	bool IsIPsecIPv6;							// Whether it's IPv6
322 	UINT CryptBlockSize;						// Cipher block size of the upper layer
323 	TUBE_FLUSH_LIST *FlushList;					// Tube Flush List
324 };
325 
326 
327 //// Function prototype
328 L2TP_SERVER *NewL2TPServer(CEDAR *cedar);
329 L2TP_SERVER *NewL2TPServerEx(CEDAR *cedar, IKE_SERVER *ike, bool is_ipv6, UINT crypt_block_size);
330 UINT GetNumL2TPTunnelsByClientIP(L2TP_SERVER *l2tp, IP *client_ip);
331 void SetL2TPServerSockEvent(L2TP_SERVER *l2tp, SOCK_EVENT *e);
332 void FreeL2TPServer(L2TP_SERVER *l2tp);
333 void StopL2TPServer(L2TP_SERVER *l2tp, bool no_wait);
334 void ProcL2TPPacketRecv(L2TP_SERVER *l2tp, UDPPACKET *p);
335 L2TP_PACKET *ParseL2TPPacket(UDPPACKET *p);
336 BUF *BuildL2TPPacketData(L2TP_PACKET *pp, L2TP_TUNNEL *t);
337 L2TP_AVP *GetAVPValue(L2TP_PACKET *p, UINT type);
338 L2TP_AVP *GetAVPValueEx(L2TP_PACKET *p, UINT type, UINT vendor_id);
339 L2TP_TUNNEL *NewL2TPTunnel(L2TP_SERVER *l2tp, L2TP_PACKET *p, UDPPACKET *udp);
340 UINT GenerateNewTunnelId(L2TP_SERVER *l2tp, IP *client_ip);
341 UINT GenerateNewTunnelIdEx(L2TP_SERVER *l2tp, IP *client_ip, bool is_32bit);
342 void FreeL2TPTunnel(L2TP_TUNNEL *t);
343 L2TP_TUNNEL *GetTunnelFromId(L2TP_SERVER *l2tp, IP *client_ip, UINT tunnel_id, bool is_v3);
344 L2TP_TUNNEL *GetTunnelFromIdOfAssignedByClient(L2TP_SERVER *l2tp, IP *client_ip, UINT tunnel_id);
345 L2TP_TUNNEL *GetTunnelFromIdOfAssignedByClientEx(L2TP_SERVER *l2tp, IP *client_ip, UINT tunnel_id, bool is_v3);
346 void SendL2TPControlPacket(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, UINT session_id, L2TP_PACKET *p);
347 void SendL2TPControlPacketMain(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_QUEUE *q);
348 void SendL2TPDataPacket(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s, void *data, UINT size);
349 void FreeL2TPQueue(L2TP_QUEUE *q);
350 void L2TPAddInterrupt(L2TP_SERVER *l2tp, UINT64 next_tick);
351 void L2TPSendUDP(L2TP_SERVER *l2tp, UDPPACKET *p);
352 void L2TPProcessInterrupts(L2TP_SERVER *l2tp);
353 L2TP_PACKET *NewL2TPControlPacket(UINT message_type, bool is_v3);
354 L2TP_AVP *NewAVP(USHORT type, bool mandatory, USHORT vendor_id, void *data, UINT data_size);
355 int CmpL2TPQueueForRecv(void *p1, void *p2);
356 void L2TPProcessRecvControlPacket(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_PACKET *p);
357 L2TP_SESSION *GetSessionFromId(L2TP_TUNNEL *t, UINT session_id);
358 L2TP_SESSION *GetSessionFromIdAssignedByClient(L2TP_TUNNEL *t, UINT session_id);
359 L2TP_SESSION *NewL2TPSession(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, UINT session_id_by_client);
360 UINT GenerateNewSessionId(L2TP_TUNNEL *t);
361 UINT GenerateNewSessionIdEx(L2TP_TUNNEL *t, bool is_32bit);
362 void FreeL2TPSession(L2TP_SESSION *s);
363 void DisconnectL2TPSession(L2TP_TUNNEL *t, L2TP_SESSION *s);
364 void DisconnectL2TPTunnel(L2TP_TUNNEL *t);
365 void StartL2TPThread(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s);
366 void StopL2TPThread(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s);
367 UINT CalcL2TPMss(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s);
368 UINT GenerateNewSessionIdForL2TPv3(L2TP_SERVER *l2tp);
369 L2TP_SESSION *SearchL2TPSessionById(L2TP_SERVER *l2tp, bool is_v3, UINT id);
370 void L2TPSessionManageEtherIPServer(L2TP_SERVER *l2tp, L2TP_SESSION *s);
371 
372 #endif	// IPSEC_L2TP_H
373 
374 
375