1 // SoftEther VPN Source Code - Stable Edition Repository
2 // Cedar Communication Module
3 //
4 // SoftEther VPN Server, Client and Bridge are free software under the Apache License, Version 2.0.
5 //
6 // Copyright (c) Daiyuu Nobori.
7 // Copyright (c) SoftEther VPN Project, University of Tsukuba, Japan.
8 // Copyright (c) SoftEther Corporation.
9 // Copyright (c) all contributors on SoftEther VPN project in GitHub.
10 //
11 // All Rights Reserved.
12 //
13 // http://www.softether.org/
14 //
15 // This stable branch is officially managed by Daiyuu Nobori, the owner of SoftEther VPN Project.
16 // Pull requests should be sent to the Developer Edition Master Repository on https://github.com/SoftEtherVPN/SoftEtherVPN
17 //
18 // License: The Apache License, Version 2.0
19 // https://www.apache.org/licenses/LICENSE-2.0
20 //
21 // DISCLAIMER
22 // ==========
23 //
24 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
25 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
26 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
27 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
28 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
29 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30 // SOFTWARE.
31 //
32 // THIS SOFTWARE IS DEVELOPED IN JAPAN, AND DISTRIBUTED FROM JAPAN, UNDER
33 // JAPANESE LAWS. YOU MUST AGREE IN ADVANCE TO USE, COPY, MODIFY, MERGE, PUBLISH,
34 // DISTRIBUTE, SUBLICENSE, AND/OR SELL COPIES OF THIS SOFTWARE, THAT ANY
35 // JURIDICAL DISPUTES WHICH ARE CONCERNED TO THIS SOFTWARE OR ITS CONTENTS,
36 // AGAINST US (SOFTETHER PROJECT, SOFTETHER CORPORATION, DAIYUU NOBORI OR OTHER
37 // SUPPLIERS), OR ANY JURIDICAL DISPUTES AGAINST US WHICH ARE CAUSED BY ANY KIND
38 // OF USING, COPYING, MODIFYING, MERGING, PUBLISHING, DISTRIBUTING, SUBLICENSING,
39 // AND/OR SELLING COPIES OF THIS SOFTWARE SHALL BE REGARDED AS BE CONSTRUED AND
40 // CONTROLLED BY JAPANESE LAWS, AND YOU MUST FURTHER CONSENT TO EXCLUSIVE
41 // JURISDICTION AND VENUE IN THE COURTS SITTING IN TOKYO, JAPAN. YOU MUST WAIVE
42 // ALL DEFENSES OF LACK OF PERSONAL JURISDICTION AND FORUM NON CONVENIENS.
43 // PROCESS MAY BE SERVED ON EITHER PARTY IN THE MANNER AUTHORIZED BY APPLICABLE
44 // LAW OR COURT RULE.
45 //
46 // USE ONLY IN JAPAN. DO NOT USE THIS SOFTWARE IN ANOTHER COUNTRY UNLESS YOU HAVE
47 // A CONFIRMATION THAT THIS SOFTWARE DOES NOT VIOLATE ANY CRIMINAL LAWS OR CIVIL
48 // RIGHTS IN THAT PARTICULAR COUNTRY. USING THIS SOFTWARE IN OTHER COUNTRIES IS
49 // COMPLETELY AT YOUR OWN RISK. THE SOFTETHER VPN PROJECT HAS DEVELOPED AND
50 // DISTRIBUTED THIS SOFTWARE TO COMPLY ONLY WITH THE JAPANESE LAWS AND EXISTING
51 // CIVIL RIGHTS INCLUDING PATENTS WHICH ARE SUBJECTS APPLY IN JAPAN. OTHER
52 // COUNTRIES' LAWS OR CIVIL RIGHTS ARE NONE OF OUR CONCERNS NOR RESPONSIBILITIES.
53 // WE HAVE NEVER INVESTIGATED ANY CRIMINAL REGULATIONS, CIVIL LAWS OR
54 // INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENTS IN ANY OF OTHER 200+ COUNTRIES
55 // AND TERRITORIES. BY NATURE, THERE ARE 200+ REGIONS IN THE WORLD, WITH
56 // DIFFERENT LAWS. IT IS IMPOSSIBLE TO VERIFY EVERY COUNTRIES' LAWS, REGULATIONS
57 // AND CIVIL RIGHTS TO MAKE THE SOFTWARE COMPLY WITH ALL COUNTRIES' LAWS BY THE
58 // PROJECT. EVEN IF YOU WILL BE SUED BY A PRIVATE ENTITY OR BE DAMAGED BY A
59 // PUBLIC SERVANT IN YOUR COUNTRY, THE DEVELOPERS OF THIS SOFTWARE WILL NEVER BE
60 // LIABLE TO RECOVER OR COMPENSATE SUCH DAMAGES, CRIMINAL OR CIVIL
61 // RESPONSIBILITIES. NOTE THAT THIS LINE IS NOT LICENSE RESTRICTION BUT JUST A
62 // STATEMENT FOR WARNING AND DISCLAIMER.
63 //
64 // READ AND UNDERSTAND THE 'WARNING.TXT' FILE BEFORE USING THIS SOFTWARE.
65 // SOME SOFTWARE PROGRAMS FROM THIRD PARTIES ARE INCLUDED ON THIS SOFTWARE WITH
66 // LICENSE CONDITIONS WHICH ARE DESCRIBED ON THE 'THIRD_PARTY.TXT' FILE.
67 //
68 //
69 // SOURCE CODE CONTRIBUTION
70 // ------------------------
71 //
72 // Your contribution to SoftEther VPN Project is much appreciated.
73 // Please send patches to us through GitHub.
74 // Read the SoftEther VPN Patch Acceptance Policy in advance:
75 // http://www.softether.org/5-download/src/9.patch
76 //
77 //
78 // DEAR SECURITY EXPERTS
79 // ---------------------
80 //
81 // If you find a bug or a security vulnerability please kindly inform us
82 // about the problem immediately so that we can fix the security problem
83 // to protect a lot of users around the world as soon as possible.
84 //
85 // Our e-mail address for security reports is:
86 // softether-vpn-security [at] softether.org
87 //
88 // Please note that the above e-mail address is not a technical support
89 // inquiry address. If you need technical assistance, please visit
90 // http://www.softether.org/ and ask your question on the users forum.
91 //
92 // Thank you for your cooperation.
93 //
94 //
95 // NO MEMORY OR RESOURCE LEAKS
96 // ---------------------------
97 //
98 // The memory-leaks and resource-leaks verification under the stress
99 // test has been passed before release this source code.
100
101
102 // IPsec_L2TP.c
103 // L2TP protocol stack
104
105 #include "CedarPch.h"
106
107 // Release the L2TP AVP value
FreeL2TPAVP(L2TP_AVP * a)108 void FreeL2TPAVP(L2TP_AVP *a)
109 {
110 // Validate arguments
111 if (a == NULL)
112 {
113 return;
114 }
115
116 if (a->Data != NULL)
117 {
118 Free(a->Data);
119 }
120
121 Free(a);
122 }
123
124 // Release the L2TP packet
FreeL2TPPacket(L2TP_PACKET * p)125 void FreeL2TPPacket(L2TP_PACKET *p)
126 {
127 UINT i;
128 // Validate arguments
129 if (p == NULL)
130 {
131 return;
132 }
133
134 if (p->AvpList != NULL)
135 {
136 for (i = 0;i < LIST_NUM(p->AvpList);i++)
137 {
138 L2TP_AVP *a = LIST_DATA(p->AvpList, i);
139
140 FreeL2TPAVP(a);
141 }
142
143 ReleaseList(p->AvpList);
144 }
145
146 if (p->Data != NULL)
147 {
148 Free(p->Data);
149 }
150
151 Free(p);
152 }
153
154 // Send an L2TP control packet
SendL2TPControlPacket(L2TP_SERVER * l2tp,L2TP_TUNNEL * t,UINT session_id,L2TP_PACKET * p)155 void SendL2TPControlPacket(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, UINT session_id, L2TP_PACKET *p)
156 {
157 BUF *buf;
158 L2TP_QUEUE *q;
159 // Validate arguments
160 if (l2tp == NULL || t == NULL || p == NULL)
161 {
162 return;
163 }
164
165 p->IsControl = true;
166 p->TunnelId = t->TunnelId1;
167 p->SessionId = session_id;
168
169 p->Ns = t->NextNs;
170 t->NextNs++;
171
172 p->Nr = t->LastNr + 1;
173
174 buf = BuildL2TPPacketData(p, t);
175
176 q = ZeroMalloc(sizeof(L2TP_QUEUE));
177 q->Buf = buf;
178 q->Ns = p->Ns;
179 q->NextSendTick = l2tp->Now + (UINT64)L2TP_PACKET_RESEND_INTERVAL;
180 SendL2TPControlPacketMain(l2tp, t, q);
181
182 L2TPAddInterrupt(l2tp, q->NextSendTick);
183
184 Add(t->SendQueue, q);
185
186 }
187
188 // Specify the interrupt occurrence time of the next
L2TPAddInterrupt(L2TP_SERVER * l2tp,UINT64 next_tick)189 void L2TPAddInterrupt(L2TP_SERVER *l2tp, UINT64 next_tick)
190 {
191 // Validate arguments
192 if (l2tp == NULL || next_tick == 0)
193 {
194 return;
195 }
196
197 AddInterrupt(l2tp->Interrupts, next_tick);
198 }
199
200 // Send a L2TP data packet
SendL2TPDataPacket(L2TP_SERVER * l2tp,L2TP_TUNNEL * t,L2TP_SESSION * s,void * data,UINT size)201 void SendL2TPDataPacket(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s, void *data, UINT size)
202 {
203 UDPPACKET *p;
204 UCHAR *buf;
205 UINT buf_size;
206 // Validate arguments
207 if (l2tp == NULL || t == NULL || s == NULL || (size != 0 && data == NULL))
208 {
209 return;
210 }
211
212 // Build a L2TP data packet
213 if (s->IsV3 == false)
214 {
215 // L2TP Ver 2
216 buf_size = 8 + size;
217 buf = Malloc(buf_size);
218 buf[0] = 0x40;
219 buf[1] = 0x02;
220
221 WRITE_USHORT(buf + 2, buf_size);
222 WRITE_USHORT(buf + 4, t->TunnelId1);
223 WRITE_USHORT(buf + 6, s->SessionId1);
224
225 Copy(buf + 8, data, size);
226
227 // Transmission
228 p = NewUdpPacket(&t->ServerIp, t->ServerPort, &t->ClientIp, t->ClientPort, buf, buf_size);
229 }
230 else
231 {
232 // L2TPv3
233 if (t->IsYamahaV3 == false)
234 {
235 buf_size = 4 + size;
236 buf = Malloc(buf_size);
237
238 WRITE_UINT(buf, s->SessionId1);
239
240 Copy(buf + 4, data, size);
241
242 // Transmission
243 p = NewUdpPacket(&t->ServerIp, IPSEC_PORT_L2TPV3_VIRTUAL, &t->ClientIp, IPSEC_PORT_L2TPV3_VIRTUAL, buf, buf_size);
244 }
245 else
246 {
247 UINT header = 0x00030000;
248
249 buf_size = 8 + size;
250 buf = Malloc(buf_size);
251
252 WRITE_UINT(buf, header);
253 WRITE_UINT(buf + 4, s->SessionId1);
254
255 Copy(buf + 8, data, size);
256
257 // Transmission
258 p = NewUdpPacket(&t->ServerIp, t->ServerPort, &t->ClientIp, t->ClientPort, buf, buf_size);
259 }
260 }
261
262 L2TPSendUDP(l2tp, p);
263 }
264
265 // L2TP packet transmission main
SendL2TPControlPacketMain(L2TP_SERVER * l2tp,L2TP_TUNNEL * t,L2TP_QUEUE * q)266 void SendL2TPControlPacketMain(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_QUEUE *q)
267 {
268 UDPPACKET *p;
269 // Validate arguments
270 if (l2tp == NULL || t == NULL || q == NULL)
271 {
272 return;
273 }
274
275 p = NewUdpPacket(&t->ServerIp, t->ServerPort, &t->ClientIp, t->ClientPort,
276 Clone(q->Buf->Buf, q->Buf->Size), q->Buf->Size);
277
278 // Update the received sequence number
279 WRITE_USHORT(((UCHAR *)p->Data) + (p->SrcPort == IPSEC_PORT_L2TPV3_VIRTUAL ? 14 : 10), t->LastNr + 1);
280
281 L2TPSendUDP(l2tp, p);
282 }
283
284 // Send a UDP packet
L2TPSendUDP(L2TP_SERVER * l2tp,UDPPACKET * p)285 void L2TPSendUDP(L2TP_SERVER *l2tp, UDPPACKET *p)
286 {
287 // Validate arguments
288 if (l2tp == NULL || p == NULL)
289 {
290 return;
291 }
292
293 Add(l2tp->SendPacketList, p);
294 }
295
296 // Build a L2TP packet
BuildL2TPPacketData(L2TP_PACKET * pp,L2TP_TUNNEL * t)297 BUF *BuildL2TPPacketData(L2TP_PACKET *pp, L2TP_TUNNEL *t)
298 {
299 BUF *ret;
300 UCHAR c;
301 USHORT us;
302 UINT ui;
303 // Validate arguments
304 if (pp == NULL || t == NULL)
305 {
306 return NULL;
307 }
308
309 ret = NewBuf();
310
311 c = 0;
312
313 if (pp->Ver == 3)
314 {
315 if (pp->SessionId != 0)
316 {
317 // Add the Remote Session ID AVP
318 L2TP_AVP *a = GetAVPValue(pp, L2TP_AVP_TYPE_V3_SESSION_ID_REMOTE);
319 if (a == NULL || a->DataSize != sizeof(UINT))
320 {
321 UINT ui = Endian32(pp->SessionId);
322 Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_V3_SESSION_ID_REMOTE, true, 0, &ui, sizeof(UINT)));
323
324 if (GetAVPValueEx(pp, L2TPV3_CISCO_AVP_SESSION_ID_LOCAL, L2TP_AVP_VENDOR_ID_CISCO) != NULL)
325 {
326 Add(pp->AvpList, NewAVP(L2TPV3_CISCO_AVP_SESSION_ID_REMOTE, true, L2TP_AVP_VENDOR_ID_CISCO, &ui, sizeof(UINT)));
327 }
328 }
329 }
330 }
331
332 if (pp->Ver == 3)
333 {
334 if (t->IsYamahaV3 == false)
335 {
336 // Zero as Session ID
337 ui = 0;
338 WriteBuf(ret, &ui, sizeof(UINT));
339 }
340 }
341
342 // Flags
343 if (pp->IsControl)
344 {
345 c |= L2TP_HEADER_BIT_TYPE;
346 c |= L2TP_HEADER_BIT_LENGTH;
347 c |= L2TP_HEADER_BIT_SEQUENCE;
348 }
349 else
350 {
351 c |= L2TP_HEADER_BIT_OFFSET;
352 }
353
354 if (pp->IsControl == false && pp->Ver == 3 && t->IsYamahaV3)
355 {
356 c = 0;
357 }
358
359 WriteBuf(ret, &c, 1);
360
361 // Ver
362 c = 2;
363 if (pp->Ver == 3)
364 {
365 c = 3;
366 }
367 WriteBuf(ret, &c, 1);
368
369 // Length
370 if (pp->IsControl)
371 {
372 us = 0;
373 WriteBuf(ret, &us, sizeof(USHORT));
374 }
375
376 // Reserved
377 if (pp->IsControl == false && pp->Ver == 3 && t->IsYamahaV3)
378 {
379 us = 0;
380 WriteBuf(ret, &us, sizeof(USHORT));
381 }
382
383 // Tunnel ID
384 if (pp->Ver != 3)
385 {
386 us = Endian16((USHORT)pp->TunnelId);
387 WriteBuf(ret, &us, sizeof(USHORT));
388 }
389 else
390 {
391 ui = Endian32(pp->TunnelId);
392 WriteBuf(ret, &ui, sizeof(UINT));
393 }
394
395 // Session ID
396 if (pp->Ver != 3)
397 {
398 us = Endian16((USHORT)pp->SessionId);
399 WriteBuf(ret, &us, sizeof(USHORT));
400 }
401
402 if (pp->IsControl)
403 {
404 // Ns
405 us = Endian16(pp->Ns);
406 WriteBuf(ret, &us, sizeof(USHORT));
407
408 // Nr
409 us = Endian16(pp->Nr);
410 WriteBuf(ret, &us, sizeof(USHORT));
411 }
412 else
413 {
414 if (!(pp->IsControl == false && pp->Ver == 3 && t->IsYamahaV3))
415 {
416 // Offset Size = 0
417 us = 0;
418 WriteBuf(ret, &us, sizeof(USHORT));
419 }
420 }
421
422 if (pp->IsControl)
423 {
424 // AVP
425 UINT i;
426 for (i = 0;i < LIST_NUM(pp->AvpList);i++)
427 {
428 L2TP_AVP *a = LIST_DATA(pp->AvpList, i);
429
430 // Length and Flags
431 us = Endian16(a->DataSize + 6);
432
433 if (a->Mandatory)
434 {
435 *((UCHAR *)&us) |= L2TP_AVP_BIT_MANDATORY;
436 }
437
438 WriteBuf(ret, &us, sizeof(USHORT));
439
440 // Vendor ID
441 us = Endian16(a->VendorID);
442 WriteBuf(ret, &us, sizeof(USHORT));
443
444 // Type
445 us = Endian16(a->Type);
446 WriteBuf(ret, &us, sizeof(USHORT));
447
448 // Data
449 WriteBuf(ret, a->Data, a->DataSize);
450 }
451 }
452 else
453 {
454 // Payload
455 WriteBuf(ret, pp->Data, pp->DataSize);
456 }
457
458 if (pp->IsControl)
459 {
460 // Update Length
461 bool l2tpv3_non_yamaha = ((pp->Ver == 3) && (t->IsYamahaV3 == false));
462 WRITE_USHORT(((UCHAR *)ret->Buf) + 2 + (l2tpv3_non_yamaha ? sizeof(UINT) : 0), (USHORT)(ret->Size - (l2tpv3_non_yamaha ? sizeof(UINT) : 0)));
463 }
464
465 SeekBuf(ret, 0, 0);
466
467 return ret;
468 }
469
470 // Parse the L2TP packet
ParseL2TPPacket(UDPPACKET * p)471 L2TP_PACKET *ParseL2TPPacket(UDPPACKET *p)
472 {
473 L2TP_PACKET *ret;
474 UCHAR *buf;
475 UINT size;
476 bool is_l2tpv3 = false;
477 bool is_l2tpv3_yamaha = false;
478 // Validate arguments
479 if (p == NULL)
480 {
481 return NULL;
482 }
483
484 ret = ZeroMalloc(sizeof(L2TP_PACKET));
485
486 if (p->SrcPort == IPSEC_PORT_L2TPV3_VIRTUAL)
487 {
488 // L2TPv3 (Cisco)
489 is_l2tpv3 = true;
490 }
491
492 buf = p->Data;
493 size = p->Size;
494
495 if (size >= 2 && ((buf[1] & L2TP_HEADER_BIT_VER) == 3))
496 {
497 if (p->SrcPort != IPSEC_PORT_L2TPV3_VIRTUAL)
498 {
499 // L2TPv3 (YAMAHA)
500 is_l2tpv3 = true;
501 is_l2tpv3_yamaha = true;
502 }
503 }
504
505 if (is_l2tpv3 && (is_l2tpv3_yamaha == false))
506 {
507 // L2TPv3 (Cisco)
508 UINT session_id;
509 if (size < 4)
510 {
511 goto LABEL_ERROR;
512 }
513
514 session_id = READ_UINT(buf);
515
516 if (session_id != 0)
517 {
518 // L2TPv3 data packet reception
519 ret->SessionId = session_id;
520
521 buf += sizeof(UINT);
522 size -= sizeof(UINT);
523
524 ret->Data = Clone(buf, size);
525 ret->DataSize = size;
526
527 ret->Ver = 3;
528
529 return ret;
530 }
531 else
532 {
533 // L2TPv3 control packet reception
534 buf += sizeof(UINT);
535 size -= sizeof(UINT);
536 }
537 }
538
539 // L2TP
540 if (size < 6)
541 {
542 goto LABEL_ERROR;
543 }
544
545 if (*buf & L2TP_HEADER_BIT_TYPE)
546 {
547 ret->IsControl = true;
548 }
549
550 if (*buf & L2TP_HEADER_BIT_LENGTH)
551 {
552 ret->HasLength = true;
553 }
554
555 if (*buf & L2TP_HEADER_BIT_SEQUENCE)
556 {
557 ret->HasSequence = true;
558 }
559
560 if (is_l2tpv3 == false)
561 {
562 if (*buf & L2TP_HEADER_BIT_OFFSET)
563 {
564 ret->HasOffset = true;
565 }
566
567 if (*buf & L2TP_HEADER_BIT_PRIORITY)
568 {
569 ret->IsPriority = true;
570 }
571 }
572
573 buf++;
574 size--;
575
576 ret->Ver = *buf & L2TP_HEADER_BIT_VER;
577
578 buf++;
579 size--;
580
581 if (is_l2tpv3 == false)
582 {
583 // L2TP
584 if (ret->Ver != 2)
585 {
586 goto LABEL_ERROR;
587 }
588 }
589 else
590 {
591 // L2TPv3
592 if (ret->Ver != 3)
593 {
594 goto LABEL_ERROR;
595 }
596 }
597
598 if (ret->IsControl)
599 {
600 if (ret->HasLength == false || ret->HasSequence == false)
601 {
602 goto LABEL_ERROR;
603 }
604 }
605 else
606 {
607 /*if (ret->HasSequence)
608 {
609 goto LABEL_ERROR;
610 }*/
611 }
612
613 if (ret->HasLength)
614 {
615 // Length
616 if (size < 2)
617 {
618 goto LABEL_ERROR;
619 }
620 ret->Length = READ_USHORT(buf);
621 buf += 2;
622 size -= 2;
623
624 if (size < (ret->Length - 4))
625 {
626 goto LABEL_ERROR;
627 }
628
629 size = ret->Length - 4;
630 }
631
632 if (is_l2tpv3)
633 {
634 if (p->SrcPort != IPSEC_PORT_L2TPV3_VIRTUAL)
635 {
636 if (ret->IsControl == false)
637 {
638 // Reserved
639 if (size < 2)
640 {
641 goto LABEL_ERROR;
642 }
643
644 buf += 2;
645 size -= 2;
646 }
647 }
648 }
649
650 // Tunnel ID, Session ID
651 if (size < 4)
652 {
653 goto LABEL_ERROR;
654 }
655
656 if (is_l2tpv3 == false)
657 {
658 // L2TP
659 ret->TunnelId = READ_USHORT(buf);
660 buf += 2;
661 size -= 2;
662
663 ret->SessionId = READ_USHORT(buf);
664 buf += 2;
665 size -= 2;
666 }
667 else
668 {
669 // L2TPv3: Only tunnel ID is written in the header
670 ret->TunnelId = READ_UINT(buf);
671 buf += 4;
672 size -= 4;
673
674 // The session ID is not written in the header
675 ret->SessionId = 0;
676
677 if (ret->IsControl == false)
678 {
679 ret->SessionId = ret->TunnelId;
680 }
681 }
682
683 if (ret->HasSequence)
684 {
685 // Ns, Nr
686 if (size < 4)
687 {
688 goto LABEL_ERROR;
689 }
690
691 ret->Ns = READ_USHORT(buf);
692 buf += 2;
693 size -= 2;
694
695 ret->Nr = READ_USHORT(buf);
696 buf += 2;
697 size -= 2;
698 }
699
700 if (ret->HasOffset)
701 {
702 // Offset
703 if (size < 2)
704 {
705 goto LABEL_ERROR;
706 }
707
708 ret->OffsetSize = READ_USHORT(buf);
709 buf += 2;
710 size -= 2;
711
712 if (size < ret->OffsetSize)
713 {
714 goto LABEL_ERROR;
715 }
716
717 buf += ret->OffsetSize;
718 size -= ret->OffsetSize;
719 }
720
721 ret->DataSize = size;
722 ret->Data = Clone(buf, ret->DataSize);
723
724 if (ret->IsControl == false)
725 {
726 if (ret->DataSize == 0)
727 {
728 goto LABEL_ERROR;
729 }
730 }
731
732 if (ret->IsControl)
733 {
734 if (ret->DataSize == 0)
735 {
736 ret->IsZLB = true;
737 }
738 }
739
740 if (ret->IsControl)
741 {
742 ret->AvpList = NewListFast(NULL);
743
744 // Parse the AVP field
745 while (size != 0)
746 {
747 L2TP_AVP a;
748
749 Zero(&a, sizeof(a));
750
751 // Header
752 if (size < 6)
753 {
754 goto LABEL_ERROR;
755 }
756
757 if (*buf & L2TP_AVP_BIT_MANDATORY)
758 {
759 a.Mandatory = true;
760 }
761
762 if (*buf & L2TP_AVP_BIT_HIDDEN)
763 {
764 goto LABEL_ERROR;
765 }
766
767 a.Length = READ_USHORT(buf) & L2TP_AVP_LENGTH;
768
769 if (a.Length < 6)
770 {
771 goto LABEL_ERROR;
772 }
773
774 buf += 2;
775 size -= 2;
776
777 a.VendorID = READ_USHORT(buf);
778 buf += 2;
779 size -= 2;
780
781 a.Type = READ_USHORT(buf);
782 buf += 2;
783 size -= 2;
784
785 a.DataSize = a.Length - 6;
786
787 if (a.DataSize > size)
788 {
789 goto LABEL_ERROR;
790 }
791
792 a.Data = Clone(buf, a.DataSize);
793
794 buf += a.DataSize;
795 size -= a.DataSize;
796
797 Add(ret->AvpList, Clone(&a, sizeof(a)));
798 }
799 }
800
801 if (ret->IsControl && ret->IsZLB == false)
802 {
803 // Get the MessageType in the case of Control packet
804 L2TP_AVP *a = GetAVPValue(ret, L2TP_AVP_TYPE_MESSAGE_TYPE);
805 if (a == NULL || a->DataSize != 2)
806 {
807 goto LABEL_ERROR;
808 }
809
810 ret->MessageType = READ_USHORT(a->Data);
811 }
812
813 if (ret->Ver == 3 && ret->IsControl)
814 {
815 // Get the Remote Session ID in the case of L2TPv3
816 L2TP_AVP *a = GetAVPValue(ret, L2TP_AVP_TYPE_V3_SESSION_ID_REMOTE);
817 if (a != NULL && a->DataSize == sizeof(UINT))
818 {
819 ret->SessionId = READ_UINT(a->Data);
820 }
821 }
822
823 ret->IsYamahaV3 = is_l2tpv3_yamaha;
824
825 return ret;
826
827 LABEL_ERROR:
828 FreeL2TPPacket(ret);
829 return NULL;
830 }
831
832 // Get the AVP value
GetAVPValue(L2TP_PACKET * p,UINT type)833 L2TP_AVP *GetAVPValue(L2TP_PACKET *p, UINT type)
834 {
835 return GetAVPValueEx(p, type, 0);
836 }
GetAVPValueEx(L2TP_PACKET * p,UINT type,UINT vendor_id)837 L2TP_AVP *GetAVPValueEx(L2TP_PACKET *p, UINT type, UINT vendor_id)
838 {
839 UINT i;
840 // Validate arguments
841 if (p == NULL)
842 {
843 return NULL;
844 }
845
846 for (i = 0;i < LIST_NUM(p->AvpList);i++)
847 {
848 L2TP_AVP *a = LIST_DATA(p->AvpList, i);
849
850 if (a->Type == type && a->VendorID == vendor_id)
851 {
852 return a;
853 }
854 }
855
856 if (vendor_id == 0)
857 {
858 if (type == L2TP_AVP_TYPE_V3_TUNNEL_ID)
859 {
860 return GetAVPValueEx(p, L2TPV3_CISCO_AVP_TUNNEL_ID, L2TP_AVP_VENDOR_ID_CISCO);
861 }
862 else if (type == L2TP_AVP_TYPE_V3_SESSION_ID_LOCAL)
863 {
864 return GetAVPValueEx(p, L2TPV3_CISCO_AVP_SESSION_ID_LOCAL, L2TP_AVP_VENDOR_ID_CISCO);
865 }
866 else if (type == L2TP_AVP_TYPE_V3_SESSION_ID_REMOTE)
867 {
868 return GetAVPValueEx(p, L2TPV3_CISCO_AVP_SESSION_ID_REMOTE, L2TP_AVP_VENDOR_ID_CISCO);
869 }
870 }
871
872 return NULL;
873 }
874
875 // Release the L2TP transmission queue
FreeL2TPQueue(L2TP_QUEUE * q)876 void FreeL2TPQueue(L2TP_QUEUE *q)
877 {
878 // Validate arguments
879 if (q == NULL)
880 {
881 return;
882 }
883
884 FreeBuf(q->Buf);
885
886 FreeL2TPPacket(q->L2TPPacket);
887
888 Free(q);
889 }
890
891 // Sort function of L2TP reception queue
CmpL2TPQueueForRecv(void * p1,void * p2)892 int CmpL2TPQueueForRecv(void *p1, void *p2)
893 {
894 L2TP_QUEUE *q1, *q2;
895 // Validate arguments
896 if (p1 == NULL || p2 == NULL)
897 {
898 return 0;
899 }
900 q1 = *(L2TP_QUEUE **)p1;
901 q2 = *(L2TP_QUEUE **)p2;
902 if (q1 == NULL || q2 == NULL)
903 {
904 return 0;
905 }
906
907 if (L2TP_SEQ_LT(q1->Ns, q2->Ns))
908 {
909 return -1;
910 }
911 else if (q1->Ns == q2->Ns)
912 {
913 return 0;
914 }
915 else
916 {
917 return 1;
918 }
919 }
920
921 // Create a L2TP tunnel
NewL2TPTunnel(L2TP_SERVER * l2tp,L2TP_PACKET * p,UDPPACKET * udp)922 L2TP_TUNNEL *NewL2TPTunnel(L2TP_SERVER *l2tp, L2TP_PACKET *p, UDPPACKET *udp)
923 {
924 L2TP_TUNNEL *t;
925 L2TP_AVP *a;
926 // Validate arguments
927 if (l2tp == NULL || p == NULL || udp == NULL)
928 {
929 return NULL;
930 }
931
932 t = ZeroMalloc(sizeof(L2TP_TUNNEL));
933
934 if (p->Ver == 3)
935 {
936 t->IsV3 = true;
937 }
938
939 t->SessionList = NewList(NULL);
940
941 Copy(&t->ClientIp, &udp->SrcIP, sizeof(IP));
942 t->ClientPort = udp->SrcPort;
943
944 Copy(&t->ServerIp, &udp->DstIP, sizeof(IP));
945 t->ServerPort = udp->DestPort;
946
947 // Hostname
948 a = GetAVPValue(p, L2TP_AVP_TYPE_HOST_NAME);
949 if (a != NULL && a->DataSize >= 1 && a->DataSize < sizeof(t->HostName))
950 {
951 Copy(t->HostName, a->Data, a->DataSize);
952 }
953 else
954 {
955 IPToStr(t->HostName, sizeof(t->HostName), &t->ClientIp);
956 }
957
958 // Vendor Name
959 a = GetAVPValue(p, L2TP_AVP_TYPE_VENDOR_NAME);
960 if (a != NULL && a->DataSize >= 1 && a->DataSize < sizeof(t->VendorName))
961 {
962 Copy(t->VendorName, a->Data, a->DataSize);
963 }
964
965 // Assigned Tunnel ID
966 a = GetAVPValue(p, (p->Ver == 3 ? L2TP_AVP_TYPE_V3_TUNNEL_ID : L2TP_AVP_TYPE_ASSIGNED_TUNNEL));
967 if (a == NULL || a->DataSize != (t->IsV3 ? sizeof(UINT) : sizeof(USHORT)))
968 {
969 goto LABEL_ERROR;
970 }
971
972 t->TunnelId1 = (t->IsV3 ? READ_UINT(a->Data) : READ_USHORT(a->Data));
973 t->TunnelId2 = GenerateNewTunnelIdEx(l2tp, &t->ClientIp, t->IsV3);
974
975 if (t->TunnelId2 == 0)
976 {
977 goto LABEL_ERROR;
978 }
979
980 if (p->Ver == 3)
981 {
982 // Identify whether it's Cisco
983 a = GetAVPValueEx(p, L2TPV3_CISCO_AVP_TUNNEL_ID, L2TP_AVP_VENDOR_ID_CISCO);
984 if (a != NULL)
985 {
986 t->IsCiscoV3 = true;
987 }
988
989 // L2TPv3 on YAMAHA
990 t->IsYamahaV3 = p->IsYamahaV3;
991 }
992
993 // Transmission queue
994 t->SendQueue = NewList(NULL);
995
996 // Reception queue
997 t->RecvQueue = NewList(CmpL2TPQueueForRecv);
998
999 t->LastRecvTick = l2tp->Now;
1000 t->LastHelloSent = l2tp->Now;
1001
1002 return t;
1003
1004 LABEL_ERROR:
1005 FreeL2TPTunnel(t);
1006 return NULL;
1007 }
1008
1009 // Search a tunnel
GetTunnelFromId(L2TP_SERVER * l2tp,IP * client_ip,UINT tunnel_id,bool is_v3)1010 L2TP_TUNNEL *GetTunnelFromId(L2TP_SERVER *l2tp, IP *client_ip, UINT tunnel_id, bool is_v3)
1011 {
1012 UINT i;
1013 // Validate arguments
1014 if (l2tp == NULL || client_ip == 0 || tunnel_id == 0)
1015 {
1016 return NULL;
1017 }
1018
1019 for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
1020 {
1021 L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
1022
1023 if (t->TunnelId2 == tunnel_id && CmpIpAddr(&t->ClientIp, client_ip) == 0)
1024 {
1025 if (EQUAL_BOOL(t->IsV3, is_v3))
1026 {
1027 return t;
1028 }
1029 }
1030 }
1031
1032 return NULL;
1033 }
1034
1035 // Search the tunnel by the tunnel ID that is assigned by the client
GetTunnelFromIdOfAssignedByClient(L2TP_SERVER * l2tp,IP * client_ip,UINT tunnel_id)1036 L2TP_TUNNEL *GetTunnelFromIdOfAssignedByClient(L2TP_SERVER *l2tp, IP *client_ip, UINT tunnel_id)
1037 {
1038 UINT i;
1039 // Validate arguments
1040 if (l2tp == NULL || client_ip == 0 || tunnel_id == 0)
1041 {
1042 return NULL;
1043 }
1044
1045 for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
1046 {
1047 L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
1048
1049 if (t->TunnelId1 == tunnel_id && CmpIpAddr(&t->ClientIp, client_ip) == 0)
1050 {
1051 return t;
1052 }
1053 }
1054
1055 return NULL;
1056 }
GetTunnelFromIdOfAssignedByClientEx(L2TP_SERVER * l2tp,IP * client_ip,UINT tunnel_id,bool is_v3)1057 L2TP_TUNNEL *GetTunnelFromIdOfAssignedByClientEx(L2TP_SERVER *l2tp, IP *client_ip, UINT tunnel_id, bool is_v3)
1058 {
1059 UINT i;
1060 // Validate arguments
1061 if (l2tp == NULL || client_ip == 0 || tunnel_id == 0)
1062 {
1063 return NULL;
1064 }
1065
1066 for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
1067 {
1068 L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
1069
1070 if (t->TunnelId1 == tunnel_id && CmpIpAddr(&t->ClientIp, client_ip) == 0)
1071 {
1072 if (EQUAL_BOOL(t->IsV3, is_v3))
1073 {
1074 return t;
1075 }
1076 }
1077 }
1078
1079 return NULL;
1080 }
1081
1082 // Create a new tunnel ID
GenerateNewTunnelId(L2TP_SERVER * l2tp,IP * client_ip)1083 UINT GenerateNewTunnelId(L2TP_SERVER *l2tp, IP *client_ip)
1084 {
1085 return GenerateNewTunnelIdEx(l2tp, client_ip, false);
1086 }
GenerateNewTunnelIdEx(L2TP_SERVER * l2tp,IP * client_ip,bool is_32bit)1087 UINT GenerateNewTunnelIdEx(L2TP_SERVER *l2tp, IP *client_ip, bool is_32bit)
1088 {
1089 UINT id;
1090 UINT max_number = 0xffff;
1091 // Validate arguments
1092 if (l2tp == NULL || client_ip == NULL)
1093 {
1094 return 0;
1095 }
1096
1097 if (is_32bit)
1098 {
1099 max_number = 0xfffffffe;
1100 }
1101
1102 for (id = 1;id <= max_number;id++)
1103 {
1104 if (GetTunnelFromId(l2tp, client_ip, id, is_32bit) == NULL)
1105 {
1106 return id;
1107 }
1108 }
1109
1110 return 0;
1111 }
1112
1113 // Release the L2TP tunnel
FreeL2TPTunnel(L2TP_TUNNEL * t)1114 void FreeL2TPTunnel(L2TP_TUNNEL *t)
1115 {
1116 UINT i;
1117 // Validate arguments
1118 if (t == NULL)
1119 {
1120 return;
1121 }
1122
1123 for (i = 0;i < LIST_NUM(t->SessionList);i++)
1124 {
1125 L2TP_SESSION *s = LIST_DATA(t->SessionList, i);
1126
1127 FreeL2TPSession(s);
1128 }
1129
1130 ReleaseList(t->SessionList);
1131
1132 for (i = 0;i < LIST_NUM(t->SendQueue);i++)
1133 {
1134 L2TP_QUEUE *q = LIST_DATA(t->SendQueue, i);
1135
1136 FreeL2TPQueue(q);
1137 }
1138
1139 ReleaseList(t->SendQueue);
1140
1141 for (i = 0;i < LIST_NUM(t->RecvQueue);i++)
1142 {
1143 L2TP_QUEUE *q = LIST_DATA(t->RecvQueue, i);
1144
1145 FreeL2TPQueue(q);
1146 }
1147
1148 ReleaseList(t->RecvQueue);
1149
1150 Free(t);
1151 }
1152
1153 // Generate a new L2TP control packet
NewL2TPControlPacket(UINT message_type,bool is_v3)1154 L2TP_PACKET *NewL2TPControlPacket(UINT message_type, bool is_v3)
1155 {
1156 L2TP_PACKET *p = ZeroMalloc(sizeof(L2TP_PACKET));
1157
1158 p->IsControl = true;
1159 p->HasLength = true;
1160 p->HasSequence = true;
1161 p->Ver = (is_v3 ? 3 : 2);
1162 p->MessageType = message_type;
1163
1164 p->AvpList = NewListFast(NULL);
1165
1166 if (message_type != 0)
1167 {
1168 L2TP_AVP *a;
1169 USHORT us;
1170
1171 a = ZeroMalloc(sizeof(L2TP_AVP));
1172
1173 a->Type = L2TP_AVP_TYPE_MESSAGE_TYPE;
1174 a->Mandatory = true;
1175
1176 us = Endian16(message_type);
1177 a->Data = Clone(&us, sizeof(USHORT));
1178 a->DataSize = sizeof(USHORT);
1179
1180 Add(p->AvpList, a);
1181 }
1182
1183 return p;
1184 }
1185
1186 // Create a new AVP value
NewAVP(USHORT type,bool mandatory,USHORT vendor_id,void * data,UINT data_size)1187 L2TP_AVP *NewAVP(USHORT type, bool mandatory, USHORT vendor_id, void *data, UINT data_size)
1188 {
1189 L2TP_AVP *a;
1190 // Validate arguments
1191 if (data_size != 0 && data == NULL)
1192 {
1193 return NULL;
1194 }
1195
1196 a = ZeroMalloc(sizeof(L2TP_AVP));
1197
1198 a->Type = type;
1199 a->Mandatory = mandatory;
1200 a->VendorID = vendor_id;
1201 a->Data = Clone(data, data_size);
1202 a->DataSize = data_size;
1203
1204 return a;
1205 }
1206
1207 // Process a received L2TP packet
L2TPProcessRecvControlPacket(L2TP_SERVER * l2tp,L2TP_TUNNEL * t,L2TP_PACKET * p)1208 void L2TPProcessRecvControlPacket(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_PACKET *p)
1209 {
1210 // Validate arguments
1211 if (l2tp == NULL || t == NULL || p == NULL)
1212 {
1213 return;
1214 }
1215
1216 if (p->SessionId == 0)
1217 {
1218 if (p->MessageType == L2TP_MESSAGE_TYPE_SCCCN && l2tp->Halt == false)
1219 {
1220 // Tunnel establishment completed
1221 if (t->Established == false)
1222 {
1223 if (t->Disconnecting == false)
1224 {
1225 t->Established = true;
1226 t->LastHelloSent = l2tp->Now;
1227 }
1228 }
1229 }
1230
1231 if (t->Established)
1232 {
1233 if (p->MessageType == L2TP_MESSAGE_TYPE_ICRQ && t->WantToDisconnect == false && l2tp->Halt == false)
1234 {
1235 // Request to establish a new session arrives
1236 L2TP_AVP *a = GetAVPValue(p,
1237 (t->IsV3 ? L2TP_AVP_TYPE_V3_SESSION_ID_LOCAL : L2TP_AVP_TYPE_ASSIGNED_SESSION));
1238 if (a != NULL && a->DataSize == (t->IsV3 ? sizeof(UINT) : sizeof(USHORT)) && IsZero(a->Data, (t->IsV3 ? sizeof(UINT) : sizeof(USHORT))) == false)
1239 {
1240 UINT session_id = (t->IsV3 ? READ_UINT(a->Data) : READ_USHORT(a->Data));
1241
1242 // Check whether there is other same session ID
1243 if (GetSessionFromIdAssignedByClient(t, session_id) == NULL)
1244 {
1245 // Create a session
1246 L2TP_SESSION *s = NewL2TPSession(l2tp, t, session_id);
1247
1248 if (s != NULL)
1249 {
1250 L2TP_PACKET *pp;
1251 USHORT us;
1252 UINT ui;
1253
1254 // Get the PseudowireType
1255 if (t->IsV3)
1256 {
1257 s->PseudowireType = L2TPV3_PW_TYPE_ETHERNET;
1258
1259 a = GetAVPValue(p, L2TP_AVP_TYPE_V3_PW_TYPE);
1260
1261 if (a != NULL && a->DataSize == sizeof(USHORT))
1262 {
1263 ui = READ_USHORT(a->Data);
1264
1265 s->PseudowireType = ui;
1266 }
1267 }
1268
1269 Add(t->SessionList, s);
1270 Debug("L2TP New Session: ID = %u/%u on Tunnel %u/%u\n", s->SessionId1, s->SessionId2,
1271 t->TunnelId1, t->TunnelId2);
1272
1273 // Respond the session creation completion notice
1274 pp = NewL2TPControlPacket(L2TP_MESSAGE_TYPE_ICRP, s->IsV3);
1275
1276 // Assigned Session AVP
1277 if (s->IsV3 == false)
1278 {
1279 us = Endian16(s->SessionId2);
1280 Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_ASSIGNED_SESSION, true, 0, &us, sizeof(USHORT)));
1281 }
1282 else
1283 {
1284 ui = Endian32(s->SessionId2);
1285 Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_V3_SESSION_ID_LOCAL, true, 0, &ui, sizeof(UINT)));
1286
1287 if (s->IsCiscoV3)
1288 {
1289 Add(pp->AvpList, NewAVP(L2TPV3_CISCO_AVP_SESSION_ID_LOCAL, true, L2TP_AVP_VENDOR_ID_CISCO, &ui, sizeof(UINT)));
1290 }
1291 }
1292
1293 if (s->IsV3)
1294 {
1295 if (t->IsYamahaV3 == false)
1296 {
1297 // Pseudowire AVP
1298 us = Endian16(s->PseudowireType);
1299 Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_V3_PW_TYPE, true, 0, &us, sizeof(USHORT)));
1300 }
1301
1302 if (s->IsCiscoV3)
1303 {
1304 Add(pp->AvpList, NewAVP(L2TPV3_CISCO_AVP_PW_TYPE, true, L2TP_AVP_VENDOR_ID_CISCO, &us, sizeof(USHORT)));
1305 }
1306
1307 if (t->IsYamahaV3)
1308 {
1309 us = Endian16(0x0003);
1310 Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_V3_CIRCUIT_STATUS, true, 0, &us, sizeof(USHORT)));
1311 }
1312 }
1313
1314 SendL2TPControlPacket(l2tp, t, session_id, pp);
1315
1316 FreeL2TPPacket(pp);
1317 }
1318 }
1319 }
1320 }
1321 else if (p->MessageType == L2TP_MESSAGE_TYPE_STOPCCN)
1322 {
1323 // Tunnel disconnect request arrives
1324 L2TP_AVP *a = GetAVPValue(p, (t->IsV3 ? L2TP_AVP_TYPE_V3_TUNNEL_ID : L2TP_AVP_TYPE_ASSIGNED_TUNNEL));
1325 if (a != NULL && a->DataSize == (t->IsV3 ? sizeof(UINT) : sizeof(USHORT)))
1326 {
1327 UINT ui = (t->IsV3 ? READ_UINT(a->Data) : READ_USHORT(a->Data));
1328
1329 if (ui == t->TunnelId1)
1330 {
1331 // Disconnect the tunnel
1332 DisconnectL2TPTunnel(t);
1333 }
1334 }
1335 }
1336 }
1337 }
1338 else
1339 {
1340 // Search a session
1341 L2TP_SESSION *s = GetSessionFromId(t, p->SessionId);
1342
1343 if (s != NULL)
1344 {
1345 if (s->Established == false)
1346 {
1347 if (p->MessageType == L2TP_MESSAGE_TYPE_ICCN)
1348 {
1349 // Session establishment completed
1350 if (s->Disconnecting == false)
1351 {
1352 s->Established = true;
1353 }
1354 }
1355 }
1356 else
1357 {
1358 if (p->MessageType == L2TP_MESSAGE_TYPE_CDN)
1359 {
1360 // Received a session disconnection request
1361 L2TP_AVP *a = GetAVPValue(p,
1362 (t->IsV3 ? L2TP_AVP_TYPE_V3_SESSION_ID_LOCAL : L2TP_AVP_TYPE_ASSIGNED_SESSION));
1363 if (a != NULL && a->DataSize == (t->IsV3 ? sizeof(UINT) : sizeof(USHORT)))
1364 {
1365 UINT ui = (t->IsV3 ? READ_UINT(a->Data) : READ_USHORT(a->Data));
1366
1367 if (ui == s->SessionId1)
1368 {
1369 // Disconnect the session
1370 DisconnectL2TPSession(t, s);
1371 }
1372 }
1373 }
1374 }
1375 }
1376 else
1377 {
1378 Debug("Session ID %u not found in Tunnel ID %u/%u\n", p->SessionId, t->TunnelId1, t->TunnelId2);
1379 }
1380 }
1381 }
1382
1383 // Disconnect the L2TP tunnel
DisconnectL2TPTunnel(L2TP_TUNNEL * t)1384 void DisconnectL2TPTunnel(L2TP_TUNNEL *t)
1385 {
1386 // Validate arguments
1387 if (t == NULL)
1388 {
1389 return;
1390 }
1391
1392 if (/*t->Established && */t->Disconnecting == false && t->WantToDisconnect == false)
1393 {
1394 UINT i;
1395
1396 Debug("Trying to Disconnect Tunnel ID %u/%u\n", t->TunnelId1, t->TunnelId2);
1397 t->WantToDisconnect = true;
1398
1399 // Disconnect all sessions within the tunnel
1400 for (i = 0;i < LIST_NUM(t->SessionList);i++)
1401 {
1402 L2TP_SESSION *s = LIST_DATA(t->SessionList, i);
1403
1404 DisconnectL2TPSession(t, s);
1405 }
1406 }
1407 }
1408
1409 // Disconnect the L2TP session
DisconnectL2TPSession(L2TP_TUNNEL * t,L2TP_SESSION * s)1410 void DisconnectL2TPSession(L2TP_TUNNEL *t, L2TP_SESSION *s)
1411 {
1412 // Validate arguments
1413 if (t == NULL || s == NULL)
1414 {
1415 return;
1416 }
1417
1418 if (s->Established && s->Disconnecting == false && s->WantToDisconnect == false)
1419 {
1420 Debug("Trying to Disconnect Session ID %u/%u on Tunnel %u/%u\n", s->SessionId1, s->SessionId2,
1421 t->TunnelId1, t->TunnelId2);
1422 s->WantToDisconnect = true;
1423 }
1424 }
1425
1426 // Create a new session
NewL2TPSession(L2TP_SERVER * l2tp,L2TP_TUNNEL * t,UINT session_id_by_client)1427 L2TP_SESSION *NewL2TPSession(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, UINT session_id_by_client)
1428 {
1429 L2TP_SESSION *s;
1430 UINT session_id_by_server;
1431 // Validate arguments
1432 if (l2tp == NULL || t == NULL || session_id_by_client == 0)
1433 {
1434 return NULL;
1435 }
1436
1437 if (LIST_NUM(t->SessionList) >= L2TP_QUOTA_MAX_NUM_SESSIONS_PER_TUNNEL)
1438 {
1439 return NULL;
1440 }
1441
1442 if (t->IsV3 == false)
1443 {
1444 session_id_by_server = GenerateNewSessionIdEx(t, t->IsV3);
1445 }
1446 else
1447 {
1448 session_id_by_server = GenerateNewSessionIdForL2TPv3(l2tp);
1449 }
1450 if (session_id_by_server == 0)
1451 {
1452 return NULL;
1453 }
1454
1455 s = ZeroMalloc(sizeof(L2TP_SESSION));
1456
1457 s->SessionId1 = session_id_by_client;
1458 s->SessionId2 = session_id_by_server;
1459
1460 s->IsV3 = t->IsV3;
1461 s->IsCiscoV3 = t->IsCiscoV3;
1462
1463 s->Tunnel = t;
1464
1465 return s;
1466 }
1467
1468 // Retrieve a session from L2TP session ID
SearchL2TPSessionById(L2TP_SERVER * l2tp,bool is_v3,UINT id)1469 L2TP_SESSION *SearchL2TPSessionById(L2TP_SERVER *l2tp, bool is_v3, UINT id)
1470 {
1471 UINT i, j;
1472 // Validate arguments
1473 if (l2tp == NULL || id == 0)
1474 {
1475 return NULL;
1476 }
1477
1478 for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
1479 {
1480 L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
1481
1482 for (j = 0;j < LIST_NUM(t->SessionList);j++)
1483 {
1484 L2TP_SESSION *s = LIST_DATA(t->SessionList, j);
1485
1486 if (s->SessionId2 == id)
1487 {
1488 if (EQUAL_BOOL(s->IsV3, is_v3))
1489 {
1490 return s;
1491 }
1492 }
1493 }
1494 }
1495
1496 return NULL;
1497 }
1498
1499 // Create a new session ID
GenerateNewSessionId(L2TP_TUNNEL * t)1500 UINT GenerateNewSessionId(L2TP_TUNNEL *t)
1501 {
1502 return GenerateNewSessionIdEx(t, false);
1503 }
GenerateNewSessionIdEx(L2TP_TUNNEL * t,bool is_32bit)1504 UINT GenerateNewSessionIdEx(L2TP_TUNNEL *t, bool is_32bit)
1505 {
1506 UINT i;
1507 UINT max_number = 0xffff;
1508 // Validate arguments
1509 if (t == NULL)
1510 {
1511 return 0;
1512 }
1513
1514 if (is_32bit)
1515 {
1516 max_number = 0xfffffffe;
1517 }
1518
1519 for (i = 1;i <= max_number;i++)
1520 {
1521 if (GetSessionFromId(t, i) == NULL)
1522 {
1523 return i;
1524 }
1525 }
1526
1527 return 0;
1528 }
GenerateNewSessionIdForL2TPv3(L2TP_SERVER * l2tp)1529 UINT GenerateNewSessionIdForL2TPv3(L2TP_SERVER *l2tp)
1530 {
1531 // Validate arguments
1532 if (l2tp == NULL)
1533 {
1534 return 0;
1535 }
1536
1537 while (true)
1538 {
1539 UINT id = Rand32();
1540
1541 if (id == 0 || id == 0xffffffff)
1542 {
1543 continue;
1544 }
1545
1546 if (SearchL2TPSessionById(l2tp, true, id) == false)
1547 {
1548 return id;
1549 }
1550 }
1551 }
1552
1553 // Release the session
FreeL2TPSession(L2TP_SESSION * s)1554 void FreeL2TPSession(L2TP_SESSION *s)
1555 {
1556 // Validate arguments
1557 if (s == NULL)
1558 {
1559 return;
1560 }
1561
1562 Free(s);
1563 }
1564
1565 // Search a session from the session ID
GetSessionFromId(L2TP_TUNNEL * t,UINT session_id)1566 L2TP_SESSION *GetSessionFromId(L2TP_TUNNEL *t, UINT session_id)
1567 {
1568 UINT i;
1569 // Validate arguments
1570 if (t == NULL || session_id == 0)
1571 {
1572 return NULL;
1573 }
1574
1575 for (i = 0;i < LIST_NUM(t->SessionList);i++)
1576 {
1577 L2TP_SESSION *s = LIST_DATA(t->SessionList, i);
1578
1579 if (s->SessionId2 == session_id)
1580 {
1581 return s;
1582 }
1583 }
1584
1585 return NULL;
1586 }
1587
1588 // Search a session from the session ID (Search by ID assigned from the client side)
GetSessionFromIdAssignedByClient(L2TP_TUNNEL * t,UINT session_id)1589 L2TP_SESSION *GetSessionFromIdAssignedByClient(L2TP_TUNNEL *t, UINT session_id)
1590 {
1591 UINT i;
1592 // Validate arguments
1593 if (t == NULL || session_id == 0)
1594 {
1595 return NULL;
1596 }
1597
1598 for (i = 0;i < LIST_NUM(t->SessionList);i++)
1599 {
1600 L2TP_SESSION *s = LIST_DATA(t->SessionList, i);
1601
1602 if (s->SessionId1 == session_id)
1603 {
1604 return s;
1605 }
1606 }
1607
1608 return NULL;
1609 }
1610
1611 // Get the number of L2TP sessions connected from the client IP address
GetNumL2TPTunnelsByClientIP(L2TP_SERVER * l2tp,IP * client_ip)1612 UINT GetNumL2TPTunnelsByClientIP(L2TP_SERVER *l2tp, IP *client_ip)
1613 {
1614 UINT i, ret;
1615 // Validate arguments
1616 if (l2tp == NULL || client_ip == NULL)
1617 {
1618 return 0;
1619 }
1620
1621 ret = 0;
1622
1623 for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
1624 {
1625 L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
1626
1627 if (CmpIpAddr(&t->ClientIp, client_ip) == 0)
1628 {
1629 ret++;
1630 }
1631 }
1632
1633 return ret;
1634 }
1635
1636 // Performs processing L2TP received packets.
ProcL2TPPacketRecv(L2TP_SERVER * l2tp,UDPPACKET * p)1637 void ProcL2TPPacketRecv(L2TP_SERVER *l2tp, UDPPACKET *p)
1638 {
1639 L2TP_PACKET *pp;
1640 bool no_free = false;
1641 // Validate arguments
1642 if (l2tp == NULL || p == NULL)
1643 {
1644 return;
1645 }
1646
1647 // Parse a packet.
1648 pp = ParseL2TPPacket(p);
1649 if (pp == NULL)
1650 {
1651 return;
1652 }
1653
1654 if (pp->MessageType == L2TP_MESSAGE_TYPE_SCCRQ && pp->SessionId == 0 && pp->TunnelId == 0 &&
1655 pp->Nr == 0 && pp->Ns == 0 && l2tp->Halt == false)
1656 {
1657 {
1658 L2TP_AVP *a = GetAVPValue(pp, (pp->Ver == 3 ? L2TP_AVP_TYPE_V3_TUNNEL_ID : L2TP_AVP_TYPE_ASSIGNED_TUNNEL));
1659 if (a != NULL && a->DataSize == (pp->Ver == 3 ? sizeof(UINT) : sizeof(USHORT)))
1660 {
1661 UINT client_assigned_id = (pp->Ver == 3 ? READ_UINT(a->Data) : READ_USHORT(a->Data));
1662 if (GetTunnelFromIdOfAssignedByClient(l2tp, &p->SrcIP, client_assigned_id) == NULL)
1663 {
1664 if (LIST_NUM(l2tp->TunnelList) < L2TP_QUOTA_MAX_NUM_TUNNELS && GetNumL2TPTunnelsByClientIP(l2tp, &p->SrcIP) < L2TP_QUOTA_MAX_NUM_TUNNELS_PER_IP)
1665 {
1666 char ipstr[MAX_SIZE];
1667 L2TP_PACKET *pp2;
1668 UCHAR protocol_version[2];
1669 UCHAR caps_data[4];
1670 USHORT us;
1671 char hostname[MAX_SIZE];
1672
1673 // Begin Tunneling
1674 L2TP_TUNNEL *t = NewL2TPTunnel(l2tp, pp, p);
1675
1676 if (t != NULL)
1677 {
1678 IPToStr(ipstr, sizeof(ipstr), &t->ClientIp);
1679 Debug("L2TP New Tunnel From %s (%s, %s): New Tunnel ID = %u/%u\n", ipstr, t->HostName, t->VendorName,
1680 t->TunnelId1, t->TunnelId2);
1681
1682 // Add the tunnel to the list
1683 Add(l2tp->TunnelList, t);
1684
1685 // Respond with SCCEP to SCCRQ
1686 pp2 = NewL2TPControlPacket(L2TP_MESSAGE_TYPE_SCCRP, t->IsV3);
1687
1688 if (t->IsYamahaV3 == false)
1689 {
1690 // Protocol Version
1691 protocol_version[0] = 1;
1692 protocol_version[1] = 0;
1693 Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_PROTOCOL_VERSION, true, 0, protocol_version, sizeof(protocol_version)));
1694
1695 // Framing Capabilities
1696 Zero(caps_data, sizeof(caps_data));
1697 if (t->IsV3 == false)
1698 {
1699 caps_data[3] = 3;
1700 }
1701 Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_FRAME_CAP, false, 0, caps_data, sizeof(caps_data)));
1702 }
1703
1704 if (t->IsV3 == false)
1705 {
1706 // Bearer Capabilities
1707 Zero(caps_data, sizeof(caps_data));
1708 caps_data[3] = 3;
1709 Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_BEARER_CAP, false, 0, caps_data, sizeof(caps_data)));
1710 }
1711
1712 // Host Name
1713 GetMachineHostName(hostname, sizeof(hostname));
1714 if (IsEmptyStr(hostname))
1715 {
1716 StrCpy(hostname, sizeof(hostname), "vpn");
1717 }
1718 Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_HOST_NAME, true, 0, hostname, StrLen(hostname)));
1719
1720 // Vendor Name
1721 if (t->IsYamahaV3 == false)
1722 {
1723 Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_VENDOR_NAME, false, 0, L2TP_VENDOR_NAME, StrLen(L2TP_VENDOR_NAME)));
1724 }
1725 else
1726 {
1727 char *yamaha_str = "YAMAHA Corporation";
1728 Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_VENDOR_NAME, false, 0, yamaha_str, StrLen(yamaha_str)));
1729 }
1730
1731 if (t->IsYamahaV3)
1732 {
1733 UINT zero = 0;
1734 Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_V3_ROUTER_ID, true, 0, &zero, sizeof(UINT)));
1735 }
1736
1737 // Assigned Tunnel ID
1738 if (t->IsV3 == false)
1739 {
1740 us = Endian16(t->TunnelId2);
1741 Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_ASSIGNED_TUNNEL, true, 0, &us, sizeof(USHORT)));
1742 }
1743 else
1744 {
1745 UINT ui = Endian32(t->TunnelId2);
1746 Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_V3_TUNNEL_ID, true, 0, &ui, sizeof(UINT)));
1747
1748 if (t->IsCiscoV3)
1749 {
1750 Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_TUNNEL_ID, true, L2TP_AVP_VENDOR_ID_CISCO, &ui, sizeof(UINT)));
1751 }
1752 }
1753
1754 // Pseudowire Capabilities List
1755 if (t->IsV3)
1756 {
1757 // Only Ethernet
1758 USHORT cap_list[2];
1759 cap_list[0] = Endian16(L2TPV3_PW_TYPE_ETHERNET);
1760 cap_list[1] = Endian16(L2TPV3_PW_TYPE_ETHERNET_VLAN);
1761 Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_V3_PW_CAP_LIST, true, 0, cap_list, sizeof(cap_list)));
1762
1763 if (t->IsCiscoV3)
1764 {
1765 Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_PW_CAP_LIST, true, L2TP_AVP_VENDOR_ID_CISCO, cap_list, sizeof(cap_list)));
1766 }
1767 }
1768
1769 // Cisco AVP
1770 if (t->IsCiscoV3)
1771 {
1772 USHORT us = Endian16(1);
1773 Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_DRAFT_AVP_VERSION, true, L2TP_AVP_VENDOR_ID_CISCO, &us, sizeof(USHORT)));
1774 }
1775
1776 // Recv Window Size
1777 if (t->IsYamahaV3 == false)
1778 {
1779 us = Endian16(L2TP_WINDOW_SIZE);
1780 Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_RECV_WINDOW_SIZE, false, 0, &us, sizeof(USHORT)));
1781 }
1782
1783 SendL2TPControlPacket(l2tp, t, 0, pp2);
1784
1785 FreeL2TPPacket(pp2);
1786 }
1787 }
1788 }
1789 }
1790 }
1791 }
1792 else
1793 {
1794 // Process related to the existing tunnel
1795 // Find the tunnel
1796 L2TP_TUNNEL *t = NULL;
1797 L2TP_SESSION *l2tpv3_session = NULL;
1798
1799 if (pp->IsControl || pp->Ver != 3)
1800 {
1801 t = GetTunnelFromId(l2tp, &p->SrcIP, pp->TunnelId, pp->Ver == 3);
1802 }
1803 else
1804 {
1805 l2tpv3_session = SearchL2TPSessionById(l2tp, true, pp->SessionId);
1806 if (l2tpv3_session != NULL)
1807 {
1808 t = l2tpv3_session->Tunnel;
1809
1810 pp->TunnelId = t->TunnelId2;
1811 }
1812 }
1813
1814 if (t == NULL)
1815 {
1816 char ipstr[MAX_SIZE];
1817
1818 IPToStr(ipstr, sizeof(ipstr), &p->SrcIP);
1819 Debug("L2TP Tunnel From %s ID=%u Not Found on the Table.\n", ipstr, pp->TunnelId);
1820 }
1821 else
1822 {
1823 // Update last reception time
1824 t->LastRecvTick = l2tp->Now;
1825
1826 if (pp->IsControl)
1827 {
1828 // Control packet
1829 UINT i;
1830 LIST *o = NULL;
1831 L2TP_QUEUE *q;
1832 L2TP_QUEUE tt;
1833
1834 // Delete the queue that the other party has already received from the retransmission queue
1835 for (i = 0;i < LIST_NUM(t->SendQueue);i++)
1836 {
1837 L2TP_QUEUE *q = LIST_DATA(t->SendQueue, i);
1838 if (L2TP_SEQ_LT(q->Ns, pp->Nr))
1839 {
1840 if (o == NULL)
1841 {
1842 o = NewListFast(NULL);
1843 }
1844
1845 Add(o, q);
1846 }
1847 }
1848
1849 if (o != NULL)
1850 {
1851 for (i = 0;i < LIST_NUM(o);i++)
1852 {
1853 L2TP_QUEUE *q = LIST_DATA(o, i);
1854
1855 Delete(t->SendQueue, q);
1856
1857 FreeL2TPQueue(q);
1858 }
1859
1860 ReleaseList(o);
1861 }
1862
1863 if ((!L2TP_SEQ_LT(pp->Ns, t->LastNr)) && (pp->Ns != t->LastNr))
1864 {
1865 // Add the packet received from the opposite to the queue
1866 if (LIST_NUM(t->RecvQueue) < L2TP_WINDOW_SIZE)
1867 {
1868 Zero(&tt, sizeof(tt));
1869 tt.Ns = pp->Ns;
1870
1871 if (Search(t->RecvQueue, &tt) == NULL)
1872 {
1873 q = ZeroMalloc(sizeof(L2TP_QUEUE));
1874 q->Ns = pp->Ns;
1875 q->L2TPPacket = pp;
1876 no_free = true;
1877 Insert(t->RecvQueue, q);
1878
1879 // Read to the end of completed part from the head of the queue
1880 while (TRUE)
1881 {
1882 L2TP_QUEUE *q;
1883 if (LIST_NUM(t->RecvQueue) == 0)
1884 {
1885 break;
1886 }
1887
1888 q = LIST_DATA(t->RecvQueue, 0);
1889 if (!L2TP_SEQ_EQ(q->Ns, t->LastNr + 1))
1890 {
1891 break;
1892 }
1893
1894 if (q->L2TPPacket->IsZLB == false)
1895 {
1896 t->LastNr = q->Ns;
1897
1898 // The packet other than ZLB is treated
1899 t->StateChanged = true;
1900 }
1901
1902 Delete(t->RecvQueue, q);
1903
1904 // Process the received packet
1905 L2TPProcessRecvControlPacket(l2tp, t, q->L2TPPacket);
1906
1907 FreeL2TPQueue(q);
1908 }
1909 }
1910 }
1911 }
1912 else
1913 {
1914 // Reply ACK for already-received packets
1915 if (pp->IsZLB == false)
1916 {
1917 // The packet other than ZLB is treated
1918 t->StateChanged = true;
1919 }
1920 }
1921 }
1922 else
1923 {
1924 // Data packet
1925 L2TP_SESSION *s = GetSessionFromId(t, pp->SessionId);
1926
1927 if (s != NULL && s->Established)
1928 {
1929 if (s->IsV3 == false)
1930 {
1931 // Start the L2TP thread (If not already started)
1932 StartL2TPThread(l2tp, t, s);
1933
1934 // Pass the data
1935 TubeSendEx(s->TubeRecv, pp->Data, pp->DataSize, NULL, true);
1936 AddTubeToFlushList(l2tp->FlushList, s->TubeRecv);
1937 }
1938 else
1939 {
1940 BLOCK *b;
1941
1942 // Start the EtherIP session (If it's not have yet started)
1943 L2TPSessionManageEtherIPServer(l2tp, s);
1944
1945 // Pass the data
1946 b = NewBlock(pp->Data, pp->DataSize, 0);
1947
1948 EtherIPProcRecvPackets(s->EtherIP, b);
1949
1950 Free(b);
1951 }
1952 }
1953 }
1954 }
1955 }
1956
1957 if (no_free == false)
1958 {
1959 FreeL2TPPacket(pp);
1960 }
1961 }
1962
1963 // Manage the EtherIP server that is associated with the L2TP session
L2TPSessionManageEtherIPServer(L2TP_SERVER * l2tp,L2TP_SESSION * s)1964 void L2TPSessionManageEtherIPServer(L2TP_SERVER *l2tp, L2TP_SESSION *s)
1965 {
1966 IKE_SERVER *ike;
1967 IKE_CLIENT *c;
1968 // Validate arguments
1969 if (l2tp == NULL || s == NULL)
1970 {
1971 return;
1972 }
1973
1974 if (l2tp->IkeClient == NULL || l2tp->IkeServer == NULL)
1975 {
1976 return;
1977 }
1978
1979 ike = l2tp->IkeServer;
1980 c = l2tp->IkeClient;
1981
1982 if (s->EtherIP == NULL)
1983 {
1984 char crypt_name[MAX_SIZE];
1985 UINT crypt_block_size = IKE_MAX_BLOCK_SIZE;
1986
1987 Zero(crypt_name, sizeof(crypt_name));
1988
1989 if (c->CurrentIpSecSaRecv != NULL)
1990 {
1991 Format(crypt_name, sizeof(crypt_name),
1992 "IPsec - %s (%u bits)",
1993 c->CurrentIpSecSaRecv->TransformSetting.Crypto->Name,
1994 c->CurrentIpSecSaRecv->TransformSetting.CryptoKeySize * 8);
1995
1996 crypt_block_size = c->CurrentIpSecSaRecv->TransformSetting.Crypto->BlockSize;
1997 }
1998
1999 s->EtherIP = NewEtherIPServer(ike->Cedar, ike->IPsec, ike,
2000 &c->ClientIP, c->ClientPort,
2001 &c->ServerIP, c->ServerPort, crypt_name,
2002 c->IsL2TPOnIPsecTunnelMode, crypt_block_size, c->ClientId,
2003 ++ike->CurrentEtherId);
2004
2005 StrCpy(s->EtherIP->VendorName, sizeof(s->EtherIP->VendorName), s->Tunnel->VendorName);
2006
2007 s->EtherIP->L2TPv3 = true;
2008
2009 Debug("IKE_CLIENT 0x%X: EtherIP Server Started.\n", c);
2010
2011 IPsecLog(ike, c, NULL, NULL, NULL, "LI_ETHERIP_SERVER_STARTED", ike->CurrentEtherId);
2012 }
2013 else
2014 {
2015 StrCpy(s->EtherIP->ClientId, sizeof(s->EtherIP->ClientId), c->ClientId);
2016 }
2017
2018 if (s->EtherIP->Interrupts == NULL)
2019 {
2020 s->EtherIP->Interrupts = l2tp->Interrupts;
2021 }
2022
2023 if (s->EtherIP->SockEvent == NULL)
2024 {
2025 SetEtherIPServerSockEvent(s->EtherIP, l2tp->SockEvent);
2026 }
2027
2028 s->EtherIP->Now = l2tp->Now;
2029 }
2030
2031 // Calculate the appropriate MSS of the L2TP
CalcL2TPMss(L2TP_SERVER * l2tp,L2TP_TUNNEL * t,L2TP_SESSION * s)2032 UINT CalcL2TPMss(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s)
2033 {
2034 UINT ret;
2035 // Validate arguments
2036 if (l2tp == NULL || t == NULL || s == NULL)
2037 {
2038 return 0;
2039 }
2040
2041 ret = MTU_FOR_PPPOE;
2042
2043 if (l2tp->IkeServer != NULL)
2044 {
2045 // On IPsec
2046 if (l2tp->IsIPsecIPv6)
2047 {
2048 ret -= 40;
2049 }
2050 else
2051 {
2052 ret -= 20;
2053 }
2054
2055 // UDP
2056 ret -= 8;
2057
2058 // ESP
2059 ret -= 20 + l2tp->CryptBlockSize * 2;
2060 }
2061 else
2062 {
2063 // Raw L2TP
2064 if (IsIP6(&t->ClientIp))
2065 {
2066 ret -= 40;
2067 }
2068 else
2069 {
2070 ret -= 20;
2071 }
2072 }
2073
2074 // L2TP UDP
2075 ret -= 8;
2076
2077 // L2TP
2078 ret -= 8;
2079
2080 // PPP
2081 ret -= 4;
2082
2083 // Target communication
2084 ret -= 20;
2085
2086 // TCP header
2087 ret -= 20;
2088
2089 return ret;
2090 }
2091
2092 // Start the L2TP thread
StartL2TPThread(L2TP_SERVER * l2tp,L2TP_TUNNEL * t,L2TP_SESSION * s)2093 void StartL2TPThread(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s)
2094 {
2095 // Validate arguments
2096 if (l2tp == NULL || t == NULL || s == NULL)
2097 {
2098 return;
2099 }
2100
2101 if (s->HasThread == false)
2102 {
2103 char tmp[MAX_SIZE];
2104
2105 Debug("Thread Created for Session %u/%u on Tunnel %u/%u\n",
2106 s->SessionId1, s->SessionId2, t->TunnelId1, t->TunnelId2);
2107
2108 s->HasThread = true;
2109
2110 NewTubePair(&s->TubeSend, &s->TubeRecv, 0);
2111 SetTubeSockEvent(s->TubeSend, l2tp->SockEvent);
2112
2113 if (IsEmptyStr(t->VendorName) == false)
2114 {
2115 Format(tmp, sizeof(tmp), L2TP_IPC_CLIENT_NAME_TAG, t->VendorName);
2116 }
2117 else
2118 {
2119 StrCpy(tmp, sizeof(tmp), L2TP_IPC_CLIENT_NAME_NO_TAG);
2120 }
2121
2122 // Create a PPP thread
2123 s->Thread = NewPPPSession(l2tp->Cedar, &t->ClientIp, t->ClientPort, &t->ServerIp, t->ServerPort,
2124 s->TubeSend, s->TubeRecv, L2TP_IPC_POSTFIX, tmp, t->HostName, l2tp->CryptName,
2125 CalcL2TPMss(l2tp, t, s));
2126 }
2127 }
2128
2129 // Stop the L2TP thread
StopL2TPThread(L2TP_SERVER * l2tp,L2TP_TUNNEL * t,L2TP_SESSION * s)2130 void StopL2TPThread(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s)
2131 {
2132 THREAD *thread;
2133 // Validate arguments
2134 if (l2tp == NULL || t == NULL || s == NULL)
2135 {
2136 return;
2137 }
2138
2139 if (s->IsV3)
2140 {
2141 // Process the L2TPv3
2142 if (s->EtherIP != NULL)
2143 {
2144 // Release the EtherIP server
2145 ReleaseEtherIPServer(s->EtherIP);
2146 s->EtherIP = NULL;
2147 }
2148 return;
2149 }
2150
2151 if (s->HasThread == false)
2152 {
2153 return;
2154 }
2155 thread = s->Thread;
2156 s->Thread = NULL;
2157 s->HasThread = false;
2158
2159 // Disconnect the tube
2160 TubeDisconnect(s->TubeRecv);
2161 TubeDisconnect(s->TubeSend);
2162
2163 // Release the tube
2164 ReleaseTube(s->TubeRecv);
2165 ReleaseTube(s->TubeSend);
2166
2167 s->TubeRecv = NULL;
2168 s->TubeSend = NULL;
2169
2170 // Pass the thread to termination list
2171 if (l2tp->IkeServer == NULL)
2172 {
2173 AddThreadToThreadList(l2tp->ThreadList, thread);
2174 }
2175 else
2176 {
2177 AddThreadToThreadList(l2tp->IkeServer->ThreadList, thread);
2178 }
2179
2180 Debug("Thread Stopped for Session %u/%u on Tunnel %u/%u\n",
2181 s->SessionId1, s->SessionId2, t->TunnelId1, t->TunnelId2);
2182
2183 // Release the thread
2184 ReleaseThread(thread);
2185 }
2186
2187 // Interrupt processing of L2TP server
L2TPProcessInterrupts(L2TP_SERVER * l2tp)2188 void L2TPProcessInterrupts(L2TP_SERVER *l2tp)
2189 {
2190 UINT i, j;
2191 LIST *delete_tunnel_list = NULL;
2192 // Validate arguments
2193 if (l2tp == NULL)
2194 {
2195 return;
2196 }
2197
2198 if (l2tp->Halt)
2199 {
2200 if (l2tp->Halting == false)
2201 {
2202 l2tp->Halting = true;
2203
2204 // Disconnect all tunnels
2205 for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
2206 {
2207 L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
2208
2209 DisconnectL2TPTunnel(t);
2210 }
2211 }
2212 }
2213
2214 // Flush
2215 FlushTubeFlushList(l2tp->FlushList);
2216
2217 // Enumerate all tunnels
2218 for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
2219 {
2220 L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
2221 LIST *delete_session_list = NULL;
2222
2223 if ((l2tp->Now >= (t->LastRecvTick + (UINT64)L2TP_TUNNEL_TIMEOUT)) && t->Timedout == false)
2224 {
2225 // Disconnect the tunnel forcibly if data can not be received for a certain period of time
2226 t->Timedout = true;
2227
2228 Debug("L2TP Tunnel %u/%u Timed out.\n", t->TunnelId1, t->TunnelId2);
2229 DisconnectL2TPTunnel(t);
2230 }
2231
2232 if (t->Established && (l2tp->Now >= (t->LastHelloSent + (UINT64)L2TP_HELLO_INTERVAL)))
2233 {
2234 if (LIST_NUM(t->SendQueue) <= L2TP_HELLO_SUPRESS_MAX_THRETHORD_NUM_SEND_QUEUE)
2235 {
2236 L2TP_PACKET *pp = NewL2TPControlPacket(L2TP_MESSAGE_TYPE_HELLO, t->IsV3);
2237
2238 // Send a Hello message
2239 t->LastHelloSent = l2tp->Now;
2240 //Debug("L2TP Sending Hello %u/%u: tick=%I64u\n", t->TunnelId1, t->TunnelId2, l2tp->Now);
2241
2242 SendL2TPControlPacket(l2tp, t, 0, pp);
2243
2244 FreeL2TPPacket(pp);
2245
2246 L2TPAddInterrupt(l2tp, t->LastHelloSent + (UINT64)L2TP_HELLO_INTERVAL);
2247 }
2248 }
2249
2250 // Enumerate all sessions
2251 for (j = 0;j < LIST_NUM(t->SessionList);j++)
2252 {
2253 L2TP_SESSION *s = LIST_DATA(t->SessionList, j);
2254
2255 if (s->HasThread)
2256 {
2257 // Send packet data
2258 while (true)
2259 {
2260 TUBEDATA *d = TubeRecvAsync(s->TubeSend);
2261
2262 if (d == NULL)
2263 {
2264 break;
2265 }
2266
2267 SendL2TPDataPacket(l2tp, t, s, d->Data, d->DataSize);
2268
2269 FreeTubeData(d);
2270 }
2271
2272 if (IsTubeConnected(s->TubeSend) == false)
2273 {
2274 // Disconnect the this session because the PPP thread ends
2275 DisconnectL2TPSession(t, s);
2276 }
2277 }
2278
2279 if (s->IsV3)
2280 {
2281 if (s->EtherIP != NULL)
2282 {
2283 UINT k;
2284
2285 L2TPSessionManageEtherIPServer(l2tp, s);
2286
2287 // Notify an interrupt to the EtherIP module
2288 EtherIPProcInterrupts(s->EtherIP);
2289
2290 // Send an EtherIP packet data
2291 for (k = 0;k < LIST_NUM(s->EtherIP->SendPacketList);k++)
2292 {
2293 BLOCK *b = LIST_DATA(s->EtherIP->SendPacketList, k);
2294
2295 SendL2TPDataPacket(l2tp, t, s, b->Buf, b->Size);
2296
2297 FreeBlock(b);
2298 }
2299
2300 DeleteAll(s->EtherIP->SendPacketList);
2301 }
2302 }
2303
2304 if (s->WantToDisconnect && s->Disconnecting == false)
2305 {
2306 // Disconnect the session
2307 UCHAR error_data[4];
2308 USHORT us;
2309 UINT ui;
2310 UINT ppp_error_1 = 0, ppp_error_2 = 0;
2311
2312 // Send the session disconnection response
2313 L2TP_PACKET *pp = NewL2TPControlPacket(L2TP_MESSAGE_TYPE_CDN, s->IsV3);
2314
2315 if (s->TubeRecv != NULL)
2316 {
2317 ppp_error_1 = s->TubeRecv->IntParam1;
2318 ppp_error_2 = s->TubeRecv->IntParam2;
2319 }
2320
2321 // Assigned Session ID
2322 if (s->IsV3 == false)
2323 {
2324 us = Endian16(s->SessionId2);
2325 Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_ASSIGNED_SESSION, true, 0,
2326 &us, sizeof(USHORT)));
2327 }
2328 else
2329 {
2330 ui = Endian16(s->SessionId2);
2331 Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_V3_SESSION_ID_LOCAL, true, 0,
2332 &ui, sizeof(UINT)));
2333
2334 if (t->IsCiscoV3)
2335 {
2336 Add(pp->AvpList, NewAVP(L2TPV3_CISCO_AVP_SESSION_ID_LOCAL, true, L2TP_AVP_VENDOR_ID_CISCO,
2337 &ui, sizeof(UINT)));
2338 }
2339 }
2340
2341 // Result-Error Code
2342 Zero(error_data, sizeof(error_data));
2343 error_data[1] = 0x03;
2344 Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_RESULT_CODE, true, 0,
2345 error_data, sizeof(error_data)));
2346
2347 if (ppp_error_1 != 0)
2348 {
2349 // PPP Disconnect Cause Code AVP
2350 BUF *b = NewBuf();
2351 UCHAR uc;
2352 USHORT us;
2353
2354 // Disconnect Code
2355 us = Endian16(ppp_error_1);
2356 WriteBuf(b, &us, sizeof(USHORT));
2357
2358 // Control Protocol Number
2359 us = Endian16(0xc021);
2360 WriteBuf(b, &us, sizeof(USHORT));
2361
2362 // Direction
2363 uc = (UCHAR)ppp_error_2;
2364 WriteBuf(b, &uc, sizeof(UCHAR));
2365
2366 Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_PPP_DISCONNECT_CAUSE, false, 0,
2367 b->Buf, b->Size));
2368
2369 FreeBuf(b);
2370 }
2371
2372 SendL2TPControlPacket(l2tp, t, s->SessionId1, pp);
2373
2374 FreeL2TPPacket(pp);
2375
2376 // Disconnect the session
2377 Debug("L2TP Session %u/%u on Tunnel %u/%u Disconnected.\n", s->SessionId1, s->SessionId2,
2378 t->TunnelId1, t->TunnelId2);
2379 s->Disconnecting = true;
2380 s->Established = false;
2381 s->DisconnectTimeout = l2tp->Now + (UINT64)L2TP_TUNNEL_DISCONNECT_TIMEOUT;
2382
2383 // Stop the thread
2384 StopL2TPThread(l2tp, t, s);
2385
2386 L2TPAddInterrupt(l2tp, s->DisconnectTimeout);
2387 }
2388
2389 if (s->Disconnecting && ((l2tp->Now >= s->DisconnectTimeout) || LIST_NUM(t->SendQueue) == 0))
2390 {
2391 // Delete the session if synchronization between the client
2392 // and the server is complete or a time-out occurs
2393 if (delete_session_list == NULL)
2394 {
2395 delete_session_list = NewListFast(NULL);
2396 }
2397
2398 Add(delete_session_list, s);
2399 }
2400 }
2401
2402 if (delete_session_list != NULL)
2403 {
2404 // Session deletion process
2405 for (j = 0;j < LIST_NUM(delete_session_list);j++)
2406 {
2407 L2TP_SESSION *s = LIST_DATA(delete_session_list, j);
2408
2409 Debug("L2TP Session %u/%u on Tunnel %u/%u Cleaned up.\n", s->SessionId1, s->SessionId2,
2410 t->TunnelId1, t->TunnelId2);
2411
2412 FreeL2TPSession(s);
2413 Delete(t->SessionList, s);
2414 }
2415
2416 ReleaseList(delete_session_list);
2417 }
2418
2419 if (t->WantToDisconnect && t->Disconnecting == false)
2420 {
2421 // Disconnect the tunnel
2422 USHORT error_data[4];
2423 USHORT us;
2424 UINT ui;
2425 // Reply the tunnel disconnection response
2426 L2TP_PACKET *pp = NewL2TPControlPacket(L2TP_MESSAGE_TYPE_STOPCCN, t->IsV3);
2427
2428 // Assigned Tunnel ID
2429 if (t->IsV3 == false)
2430 {
2431 us = Endian16(t->TunnelId2);
2432 Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_ASSIGNED_TUNNEL, true, 0,
2433 &us, sizeof(USHORT)));
2434 }
2435 else
2436 {
2437 ui = Endian32(t->TunnelId2);
2438 Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_V3_TUNNEL_ID, true, 0,
2439 &ui, sizeof(UINT)));
2440
2441 if (t->IsCiscoV3)
2442 {
2443 Add(pp->AvpList, NewAVP(L2TPV3_CISCO_AVP_TUNNEL_ID, true, L2TP_AVP_VENDOR_ID_CISCO,
2444 &ui, sizeof(UINT)));
2445 }
2446 }
2447
2448 // Result-Error Code
2449 Zero(error_data, sizeof(error_data));
2450 error_data[1] = 0x06;
2451 Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_RESULT_CODE, true, 0,
2452 error_data, sizeof(error_data)));
2453
2454 SendL2TPControlPacket(l2tp, t, 0, pp);
2455
2456 FreeL2TPPacket(pp);
2457
2458 Debug("L2TP Tunnel %u/%u is Disconnected.\n", t->TunnelId1, t->TunnelId2);
2459 t->Disconnecting = true;
2460 t->Established = false;
2461 t->DisconnectTimeout = l2tp->Now + (UINT64)L2TP_TUNNEL_DISCONNECT_TIMEOUT;
2462 L2TPAddInterrupt(l2tp, t->DisconnectTimeout);
2463 }
2464
2465 if (t->Disconnecting && (((LIST_NUM(t->SendQueue) == 0) && LIST_NUM(t->SessionList) == 0) || (l2tp->Now >= t->DisconnectTimeout)))
2466 {
2467 // Delete the tunnel if there is no session in the tunnel when synchronization
2468 // between the client and the server has been completed or a time-out occurs
2469 if (delete_tunnel_list == NULL)
2470 {
2471 delete_tunnel_list = NewListFast(NULL);
2472 }
2473
2474 Add(delete_tunnel_list, t);
2475 }
2476 }
2477
2478 if (delete_tunnel_list != NULL)
2479 {
2480 for (i = 0;i < LIST_NUM(delete_tunnel_list);i++)
2481 {
2482 L2TP_TUNNEL *t = LIST_DATA(delete_tunnel_list, i);
2483
2484 Debug("L2TP Tunnel %u/%u Cleaned up.\n", t->TunnelId1, t->TunnelId2);
2485
2486 FreeL2TPTunnel(t);
2487 Delete(l2tp->TunnelList, t);
2488 }
2489
2490 ReleaseList(delete_tunnel_list);
2491 }
2492
2493 // Re-transmit packets
2494 for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
2495 {
2496 L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
2497 UINT j;
2498
2499 if (LIST_NUM(t->SendQueue) >= 1)
2500 {
2501 // Packet to be transmitted exists one or more
2502 for (j = 0;j < LIST_NUM(t->SendQueue);j++)
2503 {
2504 L2TP_QUEUE *q = LIST_DATA(t->SendQueue, j);
2505
2506 if (l2tp->Now >= q->NextSendTick)
2507 {
2508 q->NextSendTick = l2tp->Now + (UINT64)L2TP_PACKET_RESEND_INTERVAL;
2509
2510 L2TPAddInterrupt(l2tp, q->NextSendTick);
2511
2512 SendL2TPControlPacketMain(l2tp, t, q);
2513 }
2514 }
2515 }
2516 else
2517 {
2518 // There is no packet to be transmitted, but the state of the tunnel is changed
2519 if (t->StateChanged)
2520 {
2521 // Send a ZLB
2522 L2TP_QUEUE *q = ZeroMalloc(sizeof(L2TP_QUEUE));
2523 L2TP_PACKET *pp = NewL2TPControlPacket(0, t->IsV3);
2524
2525 pp->TunnelId = t->TunnelId1;
2526 pp->Ns = t->NextNs;
2527 q->Buf = BuildL2TPPacketData(pp, t);
2528
2529 SendL2TPControlPacketMain(l2tp, t, q);
2530
2531 FreeL2TPQueue(q);
2532 FreeL2TPPacket(pp);
2533 }
2534 }
2535
2536 t->StateChanged = false;
2537 }
2538
2539 if (l2tp->Halting)
2540 {
2541 if (LIST_NUM(l2tp->TunnelList) == 0)
2542 {
2543 // Stop all the L2TP tunnel completed
2544 if (l2tp->HaltCompleted == false)
2545 {
2546 l2tp->HaltCompleted = true;
2547
2548 Set(l2tp->HaltCompletedEvent);
2549 }
2550 }
2551 }
2552
2553 // Maintenance the thread list
2554 if (l2tp->IkeServer == NULL)
2555 {
2556 MainteThreadList(l2tp->ThreadList);
2557 //Debug("l2tp->ThreadList: %u\n", LIST_NUM(l2tp->ThreadList));
2558 }
2559 }
2560
2561 // Create a new L2TP server
NewL2TPServer(CEDAR * cedar)2562 L2TP_SERVER *NewL2TPServer(CEDAR *cedar)
2563 {
2564 return NewL2TPServerEx(cedar, NULL, false, 0);
2565 }
NewL2TPServerEx(CEDAR * cedar,IKE_SERVER * ike,bool is_ipv6,UINT crypt_block_size)2566 L2TP_SERVER *NewL2TPServerEx(CEDAR *cedar, IKE_SERVER *ike, bool is_ipv6, UINT crypt_block_size)
2567 {
2568 L2TP_SERVER *l2tp;
2569 // Validate arguments
2570 if (cedar == NULL)
2571 {
2572 return NULL;
2573 }
2574
2575 l2tp = ZeroMalloc(sizeof(L2TP_SERVER));
2576
2577 l2tp->FlushList = NewTubeFlushList();
2578
2579 l2tp->Cedar = cedar;
2580 AddRef(l2tp->Cedar->ref);
2581
2582 l2tp->SendPacketList = NewList(NULL);
2583 l2tp->TunnelList = NewList(NULL);
2584
2585 l2tp->HaltCompletedEvent = NewEvent();
2586
2587 l2tp->ThreadList = NewThreadList();
2588
2589 l2tp->IkeServer = ike;
2590
2591 l2tp->IsIPsecIPv6 = is_ipv6;
2592 l2tp->CryptBlockSize = crypt_block_size;
2593
2594 return l2tp;
2595 }
2596
2597 // Stop the L2TP server
StopL2TPServer(L2TP_SERVER * l2tp,bool no_wait)2598 void StopL2TPServer(L2TP_SERVER *l2tp, bool no_wait)
2599 {
2600 // Validate arguments
2601 if (l2tp == NULL)
2602 {
2603 return;
2604 }
2605 if (l2tp->Halt)
2606 {
2607 return;
2608 }
2609
2610 // Begin to shut down
2611 l2tp->Halt = true;
2612 Debug("Shutting down L2TP Server...\n");
2613
2614 // Hit the event
2615 SetSockEvent(l2tp->SockEvent);
2616
2617 if (no_wait == false)
2618 {
2619 // Wait until complete stopping all tunnels
2620 Wait(l2tp->HaltCompletedEvent, INFINITE);
2621 }
2622 else
2623 {
2624 UINT i, j;
2625 // Kill the thread of all sessions
2626 for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
2627 {
2628 L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
2629
2630 for (j = 0;j < LIST_NUM(t->SessionList);j++)
2631 {
2632 L2TP_SESSION *s = LIST_DATA(t->SessionList, j);
2633
2634 StopL2TPThread(l2tp, t, s);
2635 }
2636 }
2637 }
2638
2639 // Thread stop
2640 Debug("Stopping all L2TP PPP Threads...\n");
2641 StopThreadList(l2tp->ThreadList);
2642 Debug("L2TP Server Shutdown Completed.\n");
2643 }
2644
2645 // Release the L2TP server
FreeL2TPServer(L2TP_SERVER * l2tp)2646 void FreeL2TPServer(L2TP_SERVER *l2tp)
2647 {
2648 UINT i;
2649 // Validate arguments
2650 if (l2tp == NULL)
2651 {
2652 return;
2653 }
2654
2655 FreeThreadList(l2tp->ThreadList);
2656
2657 for (i = 0;i < LIST_NUM(l2tp->SendPacketList);i++)
2658 {
2659 UDPPACKET *p = LIST_DATA(l2tp->SendPacketList, i);
2660
2661 FreeUdpPacket(p);
2662 }
2663
2664 ReleaseList(l2tp->SendPacketList);
2665
2666 for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
2667 {
2668 L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
2669
2670 FreeL2TPTunnel(t);
2671 }
2672
2673 ReleaseList(l2tp->TunnelList);
2674
2675 ReleaseSockEvent(l2tp->SockEvent);
2676
2677 ReleaseEvent(l2tp->HaltCompletedEvent);
2678
2679 ReleaseCedar(l2tp->Cedar);
2680
2681 FreeTubeFlushList(l2tp->FlushList);
2682
2683 Free(l2tp);
2684 }
2685
2686 // Set a SockEvent to the L2TP server
SetL2TPServerSockEvent(L2TP_SERVER * l2tp,SOCK_EVENT * e)2687 void SetL2TPServerSockEvent(L2TP_SERVER *l2tp, SOCK_EVENT *e)
2688 {
2689 // Validate arguments
2690 if (l2tp == NULL)
2691 {
2692 return;
2693 }
2694
2695 if (e != NULL)
2696 {
2697 AddRef(e->ref);
2698 }
2699
2700 if (l2tp->SockEvent != NULL)
2701 {
2702 ReleaseSockEvent(l2tp->SockEvent);
2703 l2tp->SockEvent = NULL;
2704 }
2705
2706 l2tp->SockEvent = e;
2707 }
2708
2709