1 /* $OpenBSD: l2tp_subr.c,v 1.5 2023/09/11 07:33:07 yasuoka Exp $ */ 2 3 /*- 4 * Copyright (c) 2009 Internet Initiative Japan Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 /* $Id: l2tp_subr.c,v 1.5 2023/09/11 07:33:07 yasuoka Exp $ */ 29 /**@file L2TP related sub-routines */ 30 #include <sys/types.h> 31 #include <sys/time.h> 32 #include <sys/socket.h> 33 #include <netinet/in.h> 34 #include <stdlib.h> 35 #include <stdio.h> 36 #include <syslog.h> 37 #include <string.h> 38 #include <event.h> 39 40 #ifdef USE_LIBSOCKUTIL 41 #include <seil/sockfromto.h> 42 #endif 43 44 #include "debugutil.h" 45 #include "hash.h" 46 #include "bytebuf.h" 47 #include "slist.h" 48 #include "l2tp.h" 49 #include "l2tp_subr.h" 50 #include "l2tp_local.h" 51 52 #ifdef L2TP_SUBR_DEBUG 53 #define L2TP_SUBR_ASSERT(x) ASSERT(x) 54 #else 55 #define L2TP_SUBR_ASSERT(x) 56 #endif 57 58 /* 59 * AVP 60 */ 61 int 62 avp_enum(struct l2tp_avp *avp, const u_char *pkt, int pktlen, int filldata) 63 { 64 uint16_t flags; 65 66 L2TP_SUBR_ASSERT(pktlen >= 6); 67 68 if (pktlen < 6) 69 return -1; 70 71 GETSHORT(flags, pkt); 72 73 avp->is_mandatory = ((flags & 0x8000) != 0)? 1 : 0; 74 avp->is_hidden = ((flags & 0x4000) != 0)? 1 : 0; 75 avp->length = flags & 0x03ff; 76 77 GETSHORT(avp->vendor_id, pkt); 78 79 avp->attr_type = *pkt << 8; 80 avp->attr_type |= *(pkt + 1); 81 pkt += 2; 82 83 if (avp->length < 6 || avp->length > pktlen) 84 return -1; 85 86 if (avp->length > 6 && filldata != 0) 87 memcpy(avp->attr_value, pkt, avp->length - 6); 88 89 return avp->length; 90 } 91 92 #define NAME_VAL(x) { x, #x } 93 static struct _label_name { 94 int label; 95 const char *name; 96 } 97 l2tp_mes_type_names[] = { 98 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_SCCRQ), 99 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_SCCRP), 100 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_SCCCN), 101 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_StopCCN), 102 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_HELLO), 103 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_OCRQ), 104 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_OCRP), 105 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_OCCN), 106 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_ICRQ), 107 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_ICRP), 108 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_ICCN), 109 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_CDN), 110 }, 111 l2tp_avp_attribute_names[] = { 112 NAME_VAL(L2TP_AVP_TYPE_MESSAGE_TYPE), 113 NAME_VAL(L2TP_AVP_TYPE_RESULT_CODE), 114 NAME_VAL(L2TP_AVP_TYPE_PROTOCOL_VERSION), 115 NAME_VAL(L2TP_AVP_TYPE_FRAMING_CAPABILITIES), 116 NAME_VAL(L2TP_AVP_TYPE_BEARER_CAPABILITIES), 117 NAME_VAL(L2TP_AVP_TYPE_TIE_BREAKER), 118 NAME_VAL(L2TP_AVP_TYPE_FIRMWARE_REVISION), 119 NAME_VAL(L2TP_AVP_TYPE_HOST_NAME), 120 NAME_VAL(L2TP_AVP_TYPE_VENDOR_NAME), 121 NAME_VAL(L2TP_AVP_TYPE_ASSINGED_TUNNEL_ID), 122 NAME_VAL(L2TP_AVP_TYPE_RECV_WINDOW_SIZE), 123 NAME_VAL(L2TP_AVP_TYPE_CHALLENGE), 124 NAME_VAL(L2TP_AVP_TYPE_CAUSE_CODE), 125 NAME_VAL(L2TP_AVP_TYPE_CHALLENGE_RESPONSE), 126 NAME_VAL(L2TP_AVP_TYPE_ASSIGNED_SESSION_ID), 127 NAME_VAL(L2TP_AVP_TYPE_CALL_SERIAL_NUMBER), 128 NAME_VAL(L2TP_AVP_TYPE_MINIMUM_BPS), 129 NAME_VAL(L2TP_AVP_TYPE_MAXIMUM_BPS), 130 NAME_VAL(L2TP_AVP_TYPE_BEARER_TYPE), 131 NAME_VAL(L2TP_AVP_TYPE_FRAMING_TYPE), 132 NAME_VAL(L2TP_AVP_TYPE_CALLED_NUMBER), 133 NAME_VAL(L2TP_AVP_TYPE_CALLING_NUMBER), 134 NAME_VAL(L2TP_AVP_TYPE_SUB_ADDRESS), 135 NAME_VAL(L2TP_AVP_TYPE_TX_CONNECT_SPEED), 136 NAME_VAL(L2TP_AVP_TYPE_PHYSICAL_CHANNEL_ID), 137 NAME_VAL(L2TP_AVP_TYPE_INITIAL_RECV_LCP_CONFREQ), 138 NAME_VAL(L2TP_AVP_TYPE_LAST_SENT_LCP_CONFREQ), 139 NAME_VAL(L2TP_AVP_TYPE_LAST_RECV_LCP_CONFREQ), 140 NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_TYPE), 141 NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_NAME), 142 NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_CHALLENGE), 143 NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_ID), 144 NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_RESPONSE), 145 NAME_VAL(L2TP_AVP_TYPE_CALL_ERRORS), 146 NAME_VAL(L2TP_AVP_TYPE_ACCM), 147 NAME_VAL(L2TP_AVP_TYPE_RANDOM_VECTOR), 148 NAME_VAL(L2TP_AVP_TYPE_PRIVATE_GROUP_ID), 149 NAME_VAL(L2TP_AVP_TYPE_RX_CONNECT_SPEED), 150 NAME_VAL(L2TP_AVP_TYPE_SEQUENCING_REQUIRED), 151 NAME_VAL(L2TP_AVP_TYPE_TX_MINIMUM), 152 NAME_VAL(L2TP_AVP_TYPE_CALLING_SUB_ADDRESS), 153 NAME_VAL(L2TP_AVP_TYPE_PPP_DISCONNECT_CAUSE_CODE), 154 NAME_VAL(L2TP_AVP_TYPE_CCDS), 155 NAME_VAL(L2TP_AVP_TYPE_SDS), 156 NAME_VAL(L2TP_AVP_TYPE_LCP_WANT_OPTIONS), 157 NAME_VAL(L2TP_AVP_TYPE_LCP_ALLOW_OPTIONS), 158 NAME_VAL(L2TP_AVP_TYPE_LNS_LAST_SENT_LCP_CONFREQ), 159 NAME_VAL(L2TP_AVP_TYPE_LNS_LAST_RECV_LCP_CONFREQ), 160 NAME_VAL(L2TP_AVP_TYPE_MODEM_ON_HOLD_CAPABLE), 161 NAME_VAL(L2TP_AVP_TYPE_MODEM_ON_HOLD_STATUS), 162 NAME_VAL(L2TP_AVP_TYPE_PPPOE_RELAY), 163 NAME_VAL(L2TP_AVP_TYPE_PPPOE_RELAY_RESP_CAP), 164 NAME_VAL(L2TP_AVP_TYPE_PPPOE_RELAY_FORW_CAP), 165 NAME_VAL(L2TP_AVP_TYPE_EXTENDED_VENDOR_ID), 166 NAME_VAL(L2TP_AVP_TYPE_PSEUDOWIRE_CAP_LIST), 167 NAME_VAL(L2TP_AVP_TYPE_LOCAL_SESSION_ID), 168 NAME_VAL(L2TP_AVP_TYPE_REMOTE_SESSION_ID), 169 NAME_VAL(L2TP_AVP_TYPE_ASSIGNED_COOKIE), 170 NAME_VAL(L2TP_AVP_TYPE_REMOTE_END_ID), 171 NAME_VAL(L2TP_AVP_TYPE_APPLICATION_CODE), 172 NAME_VAL(L2TP_AVP_TYPE_PSEUDOWIRE_TYPE), 173 NAME_VAL(L2TP_AVP_TYPE_L2_SPECIFIC_SUBLAYER), 174 NAME_VAL(L2TP_AVP_TYPE_DATA_SEQUENCING), 175 NAME_VAL(L2TP_AVP_TYPE_CIRCUIT_STATUS), 176 NAME_VAL(L2TP_AVP_TYPE_PREFERRED_LANGUAGE), 177 NAME_VAL(L2TP_AVP_TYPE_CTRL_MSG_AUTH_NONCE), 178 NAME_VAL(L2TP_AVP_TYPE_TX_CONNECT_SPEED), 179 NAME_VAL(L2TP_AVP_TYPE_RX_CONNECT_SPEED), 180 NAME_VAL(L2TP_AVP_TYPE_FAILOVER_CAPABILITY), 181 NAME_VAL(L2TP_AVP_TYPE_TUNNEL_RECOVERY), 182 NAME_VAL(L2TP_AVP_TYPE_SUGGESTED_CTRL_SEQUENCE), 183 NAME_VAL(L2TP_AVP_TYPE_FAILOVER_SESSION_STATE), 184 NAME_VAL(L2TP_AVP_TYPE_MULTICAST_CAPABILITY), 185 NAME_VAL(L2TP_AVP_TYPE_NEW_OUTGOING_SESSIONS), 186 NAME_VAL(L2TP_AVP_TYPE_NEW_OUTGOING_SESSIONS_ACK), 187 NAME_VAL(L2TP_AVP_TYPE_WITHDRAW_OUTGOING_SESSIONS), 188 NAME_VAL(L2TP_AVP_TYPE_MULTICAST_PACKETS_PRIORITY), 189 }, 190 l2tp_stopccn_rcode_names[] = { 191 NAME_VAL(L2TP_STOP_CCN_RCODE_GENERAL), 192 NAME_VAL(L2TP_STOP_CCN_RCODE_GENERAL_ERROR), 193 NAME_VAL(L2TP_STOP_CCN_RCODE_ALREADY_EXISTS), 194 NAME_VAL(L2TP_STOP_CCN_RCODE_UNAUTHORIZED), 195 NAME_VAL(L2TP_STOP_CCN_RCODE_BAD_PROTOCOL_VERSION), 196 NAME_VAL(L2TP_STOP_CCN_RCODE_SHUTTING_DOWN), 197 NAME_VAL(L2TP_STOP_CCN_RCODE_FSM_ERROR), 198 }, 199 l2tp_cdn_rcode_names[] = { 200 NAME_VAL(L2TP_CDN_RCODE_LOST_CARRIER), 201 NAME_VAL(L2TP_CDN_RCODE_ERROR_CODE), 202 NAME_VAL(L2TP_CDN_RCODE_ADMINISTRATIVE_REASON), 203 NAME_VAL(L2TP_CDN_RCODE_TEMP_NOT_AVALIABLE), 204 NAME_VAL(L2TP_CDN_RCODE_PERM_NOT_AVALIABLE), 205 NAME_VAL(L2TP_CDN_RCODE_INVALID_DESTINATION), 206 NAME_VAL(L2TP_CDN_RCODE_NO_CARRIER), 207 NAME_VAL(L2TP_CDN_RCODE_BUSY), 208 NAME_VAL(L2TP_CDN_RCODE_NO_DIALTONE), 209 NAME_VAL(L2TP_CDN_RCODE_CALL_TIMEOUT_BY_LAC), 210 NAME_VAL(L2TP_CDN_RCODE_NO_FRAMING_DETECTED), 211 }, 212 l2tp_ecode_names[] = { 213 NAME_VAL(L2TP_ECODE_NO_CONTROL_CONNECTION), 214 NAME_VAL(L2TP_ECODE_WRONG_LENGTH), 215 NAME_VAL(L2TP_ECODE_INVALID_MESSAGE), 216 NAME_VAL(L2TP_ECODE_NO_RESOURCE), 217 NAME_VAL(L2TP_ECODE_INVALID_SESSION_ID), 218 NAME_VAL(L2TP_ECODE_GENERIC_ERROR), 219 NAME_VAL(L2TP_ECODE_TRY_ANOTHER), 220 NAME_VAL(L2TP_ECODE_UNKNOWN_MANDATORY_AVP), 221 }; 222 #undef NAME_VAL 223 224 const char * 225 avp_attr_type_string(int attr_type) 226 { 227 int i; 228 229 for (i = 0; i < countof(l2tp_avp_attribute_names); i++) { 230 if (attr_type == l2tp_avp_attribute_names[i].label) 231 return l2tp_avp_attribute_names[i].name + 14; 232 } 233 return "UNKNOWN_AVP"; 234 } 235 236 const char * 237 l2tp_stopccn_rcode_string(int rcode) 238 { 239 int i; 240 241 for (i = 0; i < countof(l2tp_stopccn_rcode_names); i++) { 242 if (rcode == l2tp_stopccn_rcode_names[i].label) 243 return l2tp_stopccn_rcode_names[i].name + 20; 244 } 245 return "UNKNOWN"; 246 } 247 248 const char * 249 l2tp_cdn_rcode_string(int rcode) 250 { 251 int i; 252 253 for (i = 0; i < countof(l2tp_cdn_rcode_names); i++) { 254 if (rcode == l2tp_cdn_rcode_names[i].label) 255 return l2tp_cdn_rcode_names[i].name + 15; 256 } 257 return "UNKNOWN"; 258 } 259 260 const char * 261 l2tp_ecode_string(int ecode) 262 { 263 int i; 264 265 if (ecode == 0) 266 return "none"; 267 for (i = 0; i < countof(l2tp_ecode_names); i++) { 268 if (ecode == l2tp_ecode_names[i].label) 269 return l2tp_ecode_names[i].name + 11; 270 } 271 return "UNKNOWN"; 272 } 273 274 /** 275 * Search the AVP that matches given vendor_id and attr_type and return it 276 * In case the "fill_data" is specified (non 0 value is specified as the 277 * "fill_data"), the memory space of the "avp" must be larger than or equal 278 * to L2TP_AVP_MAXSIZ (1024). 279 */ 280 struct l2tp_avp * 281 avp_find(struct l2tp_avp *avp, const u_char *pkt, int pktlen, 282 uint16_t vendor_id, uint16_t attr_type, int fill_data) 283 { 284 int avpsz; 285 286 while (pktlen >= 6 && 287 (avpsz = avp_enum(avp, pkt, pktlen, fill_data)) > 0) { 288 L2TP_SUBR_ASSERT(avpsz >= 6); 289 if (avp->vendor_id != vendor_id || avp->attr_type != attr_type) { 290 pkt += avpsz; 291 pktlen -= avpsz; 292 continue; 293 } 294 return avp; 295 } 296 297 return NULL; 298 } 299 300 /** 301 * Search the Message-Type AVP and return it. The memory space of the "avp" 302 * must be larger than or equal to L2TP_AVP_MAXSIZ (1024). 303 */ 304 struct l2tp_avp * 305 avp_find_message_type_avp(struct l2tp_avp *avp, const u_char *pkt, int pktlen) 306 { 307 return avp_find(avp, pkt, pktlen, 0, L2TP_AVP_TYPE_MESSAGE_TYPE, 1); 308 } 309 310 /** 311 * add an AVP to bytebuffer 312 */ 313 int 314 bytebuf_add_avp(bytebuffer *bytebuf, struct l2tp_avp *avp, int value_len) 315 { 316 struct l2tp_avp avp1; 317 318 memcpy(&avp1, avp, sizeof(struct l2tp_avp)); 319 320 avp1.length = value_len + 6; 321 avp1.vendor_id = htons(avp->vendor_id); 322 avp1.attr_type = htons(avp->attr_type); 323 *(uint16_t *)&avp1 = htons(*(uint16_t *)&avp1); 324 325 if (bytebuffer_put(bytebuf, &avp1, 6) == NULL) 326 return -1; 327 if (bytebuffer_put(bytebuf, avp->attr_value, value_len) == NULL) 328 return -1; 329 330 return 0; 331 } 332 333 const char * 334 avp_mes_type_string(int mes_type) 335 { 336 int i; 337 338 for (i = 0; i < countof(l2tp_mes_type_names); i++) { 339 if (mes_type == l2tp_mes_type_names[i].label) 340 return l2tp_mes_type_names[i].name + 22; 341 } 342 return "Unknown"; 343 } 344