1 /**
2 * @file
3 * Network Point to Point Protocol over Layer 2 Tunneling Protocol program file.
4 *
5 */
6
7 /*
8 * Redistribution and use in source and binary forms, with or without modification,
9 * are permitted provided that the following conditions are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright notice,
12 * this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright notice,
14 * this list of conditions and the following disclaimer in the documentation
15 * and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
20 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
22 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
24 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
28 * OF SUCH DAMAGE.
29 *
30 * This file is part of the lwIP TCP/IP stack.
31 *
32 */
33
34 /*
35 * L2TP Support status:
36 *
37 * Supported:
38 * - L2TPv2 (PPP over L2TP, a.k.a. UDP tunnels)
39 * - LAC
40 *
41 * Not supported:
42 * - LNS (require PPP server support)
43 * - L2TPv3 ethernet pseudowires
44 * - L2TPv3 VLAN pseudowire
45 * - L2TPv3 PPP pseudowires
46 * - L2TPv3 IP encapsulation
47 * - L2TPv3 IP pseudowire
48 * - L2TP tunnel switching - http://tools.ietf.org/html/draft-ietf-l2tpext-tunnel-switching-08
49 * - Multiple tunnels per UDP socket, as well as multiple sessions per tunnel
50 * - Hidden AVPs
51 */
52
53 #include "netif/ppp/ppp_opts.h"
54 #if PPP_SUPPORT && PPPOL2TP_SUPPORT /* don't build if not configured for use in lwipopts.h */
55
56 #include "lwip/err.h"
57 #include "lwip/memp.h"
58 #include "lwip/netif.h"
59 #include "lwip/udp.h"
60 #include "lwip/snmp.h"
61
62 #include "netif/ppp/ppp_impl.h"
63 #include "netif/ppp/lcp.h"
64 #include "netif/ppp/ipcp.h"
65 #include "netif/ppp/pppol2tp.h"
66 #include "netif/ppp/pppcrypt.h"
67 #include "netif/ppp/magic.h"
68
69 /* Memory pool */
70 LWIP_MEMPOOL_DECLARE(PPPOL2TP_PCB, MEMP_NUM_PPPOL2TP_INTERFACES, sizeof(pppol2tp_pcb), "PPPOL2TP_PCB")
71
72 /* callbacks called from PPP core */
73 static err_t pppol2tp_write(ppp_pcb *ppp, void *ctx, struct pbuf *p);
74 static err_t pppol2tp_netif_output(ppp_pcb *ppp, void *ctx, struct pbuf *p, u_short protocol);
75 static err_t pppol2tp_destroy(ppp_pcb *ppp, void *ctx); /* Destroy a L2TP control block */
76 static void pppol2tp_connect(ppp_pcb *ppp, void *ctx); /* Be a LAC, connect to a LNS. */
77 static void pppol2tp_disconnect(ppp_pcb *ppp, void *ctx); /* Disconnect */
78
79 /* Prototypes for procedures local to this file. */
80 static void pppol2tp_input(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port);
81 static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, struct pbuf *p, u16_t ns, u16_t nr);
82 static void pppol2tp_timeout(void *arg);
83 static void pppol2tp_abort_connect(pppol2tp_pcb *l2tp);
84 static err_t pppol2tp_send_sccrq(pppol2tp_pcb *l2tp);
85 static err_t pppol2tp_send_scccn(pppol2tp_pcb *l2tp, u16_t ns);
86 static err_t pppol2tp_send_icrq(pppol2tp_pcb *l2tp, u16_t ns);
87 static err_t pppol2tp_send_iccn(pppol2tp_pcb *l2tp, u16_t ns);
88 static err_t pppol2tp_send_zlb(pppol2tp_pcb *l2tp, u16_t ns);
89 static err_t pppol2tp_send_stopccn(pppol2tp_pcb *l2tp, u16_t ns);
90 static err_t pppol2tp_xmit(pppol2tp_pcb *l2tp, struct pbuf *pb);
91 static err_t pppol2tp_udp_send(pppol2tp_pcb *l2tp, struct pbuf *pb);
92
93 /* Callbacks structure for PPP core */
94 static const struct link_callbacks pppol2tp_callbacks = {
95 pppol2tp_connect,
96 #if PPP_SERVER
97 NULL,
98 #endif /* PPP_SERVER */
99 pppol2tp_disconnect,
100 pppol2tp_destroy,
101 pppol2tp_write,
102 pppol2tp_netif_output,
103 NULL,
104 NULL
105 };
106
107
108 /* Create a new L2TP session. */
pppol2tp_create(struct netif * pppif,struct netif * netif,const ip_addr_t * ipaddr,u16_t port,const u8_t * secret,u8_t secret_len,ppp_link_status_cb_fn link_status_cb,void * ctx_cb)109 ppp_pcb *pppol2tp_create(struct netif *pppif,
110 struct netif *netif, const ip_addr_t *ipaddr, u16_t port,
111 const u8_t *secret, u8_t secret_len,
112 ppp_link_status_cb_fn link_status_cb, void *ctx_cb) {
113 ppp_pcb *ppp;
114 pppol2tp_pcb *l2tp;
115 struct udp_pcb *udp;
116 #if !PPPOL2TP_AUTH_SUPPORT
117 LWIP_UNUSED_ARG(secret);
118 LWIP_UNUSED_ARG(secret_len);
119 #endif /* !PPPOL2TP_AUTH_SUPPORT */
120
121 if (ipaddr == NULL) {
122 goto ipaddr_check_failed;
123 }
124
125 l2tp = (pppol2tp_pcb *)LWIP_MEMPOOL_ALLOC(PPPOL2TP_PCB);
126 if (l2tp == NULL) {
127 goto memp_malloc_l2tp_failed;
128 }
129
130 udp = udp_new_ip_type(IP_GET_TYPE(ipaddr));
131 if (udp == NULL) {
132 goto udp_new_failed;
133 }
134 udp_recv(udp, pppol2tp_input, l2tp);
135
136 ppp = ppp_new(pppif, &pppol2tp_callbacks, l2tp, link_status_cb, ctx_cb);
137 if (ppp == NULL) {
138 goto ppp_new_failed;
139 }
140
141 memset(l2tp, 0, sizeof(pppol2tp_pcb));
142 l2tp->phase = PPPOL2TP_STATE_INITIAL;
143 l2tp->ppp = ppp;
144 l2tp->udp = udp;
145 l2tp->netif = netif;
146 ip_addr_copy(l2tp->remote_ip, *ipaddr);
147 l2tp->remote_port = port;
148 #if PPPOL2TP_AUTH_SUPPORT
149 l2tp->secret = secret;
150 l2tp->secret_len = secret_len;
151 #endif /* PPPOL2TP_AUTH_SUPPORT */
152
153 return ppp;
154
155 ppp_new_failed:
156 udp_remove(udp);
157 udp_new_failed:
158 LWIP_MEMPOOL_FREE(PPPOL2TP_PCB, l2tp);
159 memp_malloc_l2tp_failed:
160 ipaddr_check_failed:
161 return NULL;
162 }
163
164 /* Called by PPP core */
pppol2tp_write(ppp_pcb * ppp,void * ctx,struct pbuf * p)165 static err_t pppol2tp_write(ppp_pcb *ppp, void *ctx, struct pbuf *p) {
166 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
167 struct pbuf *ph; /* UDP + L2TP header */
168 err_t ret;
169 #if MIB2_STATS
170 u16_t tot_len;
171 #else /* MIB2_STATS */
172 LWIP_UNUSED_ARG(ppp);
173 #endif /* MIB2_STATS */
174
175 ph = pbuf_alloc(PBUF_TRANSPORT, (u16_t)(PPPOL2TP_OUTPUT_DATA_HEADER_LEN), PBUF_RAM);
176 if(!ph) {
177 LINK_STATS_INC(link.memerr);
178 LINK_STATS_INC(link.proterr);
179 MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards);
180 pbuf_free(p);
181 return ERR_MEM;
182 }
183
184 pbuf_header(ph, -(s16_t)PPPOL2TP_OUTPUT_DATA_HEADER_LEN); /* hide L2TP header */
185 pbuf_cat(ph, p);
186 #if MIB2_STATS
187 tot_len = ph->tot_len;
188 #endif /* MIB2_STATS */
189
190 ret = pppol2tp_xmit(l2tp, ph);
191 if (ret != ERR_OK) {
192 LINK_STATS_INC(link.err);
193 MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards);
194 return ret;
195 }
196
197 MIB2_STATS_NETIF_ADD(ppp->netif, ifoutoctets, (u16_t)tot_len);
198 MIB2_STATS_NETIF_INC(ppp->netif, ifoutucastpkts);
199 LINK_STATS_INC(link.xmit);
200 return ERR_OK;
201 }
202
203 /* Called by PPP core */
pppol2tp_netif_output(ppp_pcb * ppp,void * ctx,struct pbuf * p,u_short protocol)204 static err_t pppol2tp_netif_output(ppp_pcb *ppp, void *ctx, struct pbuf *p, u_short protocol) {
205 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
206 struct pbuf *pb;
207 u8_t *pl;
208 err_t err;
209 #if MIB2_STATS
210 u16_t tot_len;
211 #else /* MIB2_STATS */
212 LWIP_UNUSED_ARG(ppp);
213 #endif /* MIB2_STATS */
214
215 /* @todo: try to use pbuf_header() here! */
216 pb = pbuf_alloc(PBUF_TRANSPORT, PPPOL2TP_OUTPUT_DATA_HEADER_LEN + sizeof(protocol), PBUF_RAM);
217 if(!pb) {
218 LINK_STATS_INC(link.memerr);
219 LINK_STATS_INC(link.proterr);
220 MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards);
221 return ERR_MEM;
222 }
223
224 pbuf_header(pb, -(s16_t)PPPOL2TP_OUTPUT_DATA_HEADER_LEN);
225
226 pl = (u8_t*)pb->payload;
227 PUTSHORT(protocol, pl);
228
229 pbuf_chain(pb, p);
230 #if MIB2_STATS
231 tot_len = pb->tot_len;
232 #endif /* MIB2_STATS */
233
234 if( (err = pppol2tp_xmit(l2tp, pb)) != ERR_OK) {
235 LINK_STATS_INC(link.err);
236 MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards);
237 return err;
238 }
239
240 MIB2_STATS_NETIF_ADD(ppp->netif, ifoutoctets, tot_len);
241 MIB2_STATS_NETIF_INC(ppp->netif, ifoutucastpkts);
242 LINK_STATS_INC(link.xmit);
243 return ERR_OK;
244 }
245
246 /* Destroy a L2TP control block */
pppol2tp_destroy(ppp_pcb * ppp,void * ctx)247 static err_t pppol2tp_destroy(ppp_pcb *ppp, void *ctx) {
248 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
249 LWIP_UNUSED_ARG(ppp);
250
251 sys_untimeout(pppol2tp_timeout, l2tp);
252 udp_remove(l2tp->udp);
253 LWIP_MEMPOOL_FREE(PPPOL2TP_PCB, l2tp);
254 return ERR_OK;
255 }
256
257 /* Be a LAC, connect to a LNS. */
pppol2tp_connect(ppp_pcb * ppp,void * ctx)258 static void pppol2tp_connect(ppp_pcb *ppp, void *ctx) {
259 err_t err;
260 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
261 lcp_options *lcp_wo;
262 lcp_options *lcp_ao;
263 #if PPP_IPV4_SUPPORT && VJ_SUPPORT
264 ipcp_options *ipcp_wo;
265 ipcp_options *ipcp_ao;
266 #endif /* PPP_IPV4_SUPPORT && VJ_SUPPORT */
267
268 l2tp->tunnel_port = l2tp->remote_port;
269 l2tp->our_ns = 0;
270 l2tp->peer_nr = 0;
271 l2tp->peer_ns = 0;
272 l2tp->source_tunnel_id = 0;
273 l2tp->remote_tunnel_id = 0;
274 l2tp->source_session_id = 0;
275 l2tp->remote_session_id = 0;
276 /* l2tp->*_retried are cleared when used */
277
278 lcp_wo = &ppp->lcp_wantoptions;
279 lcp_wo->mru = PPPOL2TP_DEFMRU;
280 lcp_wo->neg_asyncmap = 0;
281 lcp_wo->neg_pcompression = 0;
282 lcp_wo->neg_accompression = 0;
283 lcp_wo->passive = 0;
284 lcp_wo->silent = 0;
285
286 lcp_ao = &ppp->lcp_allowoptions;
287 lcp_ao->mru = PPPOL2TP_DEFMRU;
288 lcp_ao->neg_asyncmap = 0;
289 lcp_ao->neg_pcompression = 0;
290 lcp_ao->neg_accompression = 0;
291
292 #if PPP_IPV4_SUPPORT && VJ_SUPPORT
293 ipcp_wo = &ppp->ipcp_wantoptions;
294 ipcp_wo->neg_vj = 0;
295 ipcp_wo->old_vj = 0;
296
297 ipcp_ao = &ppp->ipcp_allowoptions;
298 ipcp_ao->neg_vj = 0;
299 ipcp_ao->old_vj = 0;
300 #endif /* PPP_IPV4_SUPPORT && VJ_SUPPORT */
301
302 /* Listen to a random source port, we need to do that instead of using udp_connect()
303 * because the L2TP LNS might answer with its own random source port (!= 1701)
304 */
305 #if LWIP_IPV6
306 if (IP_IS_V6_VAL(l2tp->udp->local_ip)) {
307 udp_bind(l2tp->udp, IP6_ADDR_ANY, 0);
308 } else
309 #endif /* LWIP_IPV6 */
310 udp_bind(l2tp->udp, IP_ADDR_ANY, 0);
311
312 #if PPPOL2TP_AUTH_SUPPORT
313 /* Generate random vector */
314 if (l2tp->secret != NULL) {
315 magic_random_bytes(l2tp->secret_rv, sizeof(l2tp->secret_rv));
316 }
317 #endif /* PPPOL2TP_AUTH_SUPPORT */
318
319 do {
320 l2tp->remote_tunnel_id = magic();
321 } while(l2tp->remote_tunnel_id == 0);
322 /* save state, in case we fail to send SCCRQ */
323 l2tp->sccrq_retried = 0;
324 l2tp->phase = PPPOL2TP_STATE_SCCRQ_SENT;
325 if ((err = pppol2tp_send_sccrq(l2tp)) != 0) {
326 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCRQ, error=%d\n", err));
327 }
328 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
329 }
330
331 /* Disconnect */
pppol2tp_disconnect(ppp_pcb * ppp,void * ctx)332 static void pppol2tp_disconnect(ppp_pcb *ppp, void *ctx) {
333 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
334
335 l2tp->our_ns++;
336 pppol2tp_send_stopccn(l2tp, l2tp->our_ns);
337
338 /* stop any timer, disconnect can be called while initiating is in progress */
339 sys_untimeout(pppol2tp_timeout, l2tp);
340 l2tp->phase = PPPOL2TP_STATE_INITIAL;
341 ppp_link_end(ppp); /* notify upper layers */
342 }
343
344 /* UDP Callback for incoming IPv4 L2TP frames */
pppol2tp_input(void * arg,struct udp_pcb * pcb,struct pbuf * p,const ip_addr_t * addr,u16_t port)345 static void pppol2tp_input(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) {
346 pppol2tp_pcb *l2tp = (pppol2tp_pcb*)arg;
347 u16_t hflags, hlen, len=0, tunnel_id=0, session_id=0, ns=0, nr=0, offset=0;
348 u8_t *inp;
349 LWIP_UNUSED_ARG(pcb);
350
351 /* we can't unbound a UDP pcb, thus we can still receive UDP frames after the link is closed */
352 if (l2tp->phase < PPPOL2TP_STATE_SCCRQ_SENT) {
353 goto free_and_return;
354 }
355
356 if (!ip_addr_cmp(&l2tp->remote_ip, addr)) {
357 goto free_and_return;
358 }
359
360 /* discard packet if port mismatch, but only if we received a SCCRP */
361 if (l2tp->phase > PPPOL2TP_STATE_SCCRQ_SENT && l2tp->tunnel_port != port) {
362 goto free_and_return;
363 }
364
365 /* printf("-----------\nL2TP INPUT, %d\n", p->len); */
366
367 /* L2TP header */
368 if (p->len < sizeof(hflags) + sizeof(tunnel_id) + sizeof(session_id) ) {
369 goto packet_too_short;
370 }
371
372 inp = (u8_t*)p->payload;
373 GETSHORT(hflags, inp);
374
375 if (hflags & PPPOL2TP_HEADERFLAG_CONTROL) {
376 /* check mandatory flags for a control packet */
377 if ( (hflags & PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY) != PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY ) {
378 PPPDEBUG(LOG_DEBUG, ("pppol2tp: mandatory header flags for control packet not set\n"));
379 goto free_and_return;
380 }
381 /* check forbidden flags for a control packet */
382 if (hflags & PPPOL2TP_HEADERFLAG_CONTROL_FORBIDDEN) {
383 PPPDEBUG(LOG_DEBUG, ("pppol2tp: forbidden header flags for control packet found\n"));
384 goto free_and_return;
385 }
386 } else {
387 /* check mandatory flags for a data packet */
388 if ( (hflags & PPPOL2TP_HEADERFLAG_DATA_MANDATORY) != PPPOL2TP_HEADERFLAG_DATA_MANDATORY) {
389 PPPDEBUG(LOG_DEBUG, ("pppol2tp: mandatory header flags for data packet not set\n"));
390 goto free_and_return;
391 }
392 }
393
394 /* Expected header size */
395 hlen = sizeof(hflags) + sizeof(tunnel_id) + sizeof(session_id);
396 if (hflags & PPPOL2TP_HEADERFLAG_LENGTH) {
397 hlen += sizeof(len);
398 }
399 if (hflags & PPPOL2TP_HEADERFLAG_SEQUENCE) {
400 hlen += sizeof(ns) + sizeof(nr);
401 }
402 if (hflags & PPPOL2TP_HEADERFLAG_OFFSET) {
403 hlen += sizeof(offset);
404 }
405 if (p->len < hlen) {
406 goto packet_too_short;
407 }
408
409 if (hflags & PPPOL2TP_HEADERFLAG_LENGTH) {
410 GETSHORT(len, inp);
411 if (p->len < len || len < hlen) {
412 goto packet_too_short;
413 }
414 }
415 GETSHORT(tunnel_id, inp);
416 GETSHORT(session_id, inp);
417 if (hflags & PPPOL2TP_HEADERFLAG_SEQUENCE) {
418 GETSHORT(ns, inp);
419 GETSHORT(nr, inp);
420 }
421 if (hflags & PPPOL2TP_HEADERFLAG_OFFSET) {
422 GETSHORT(offset, inp)
423 if (offset > 4096) { /* don't be fooled with large offset which might overflow hlen */
424 PPPDEBUG(LOG_DEBUG, ("pppol2tp: strange packet received, offset=%d\n", offset));
425 goto free_and_return;
426 }
427 hlen += offset;
428 if (p->len < hlen) {
429 goto packet_too_short;
430 }
431 INCPTR(offset, inp);
432 }
433
434 /* printf("HLEN = %d\n", hlen); */
435
436 /* skip L2TP header */
437 if (pbuf_header(p, -(s16_t)hlen) != 0) {
438 goto free_and_return;
439 }
440
441 /* printf("LEN=%d, TUNNEL_ID=%d, SESSION_ID=%d, NS=%d, NR=%d, OFFSET=%d\n", len, tunnel_id, session_id, ns, nr, offset); */
442 PPPDEBUG(LOG_DEBUG, ("pppol2tp: input packet, len=%"U16_F", tunnel=%"U16_F", session=%"U16_F", ns=%"U16_F", nr=%"U16_F"\n",
443 len, tunnel_id, session_id, ns, nr));
444
445 /* Control packet */
446 if (hflags & PPPOL2TP_HEADERFLAG_CONTROL) {
447 pppol2tp_dispatch_control_packet(l2tp, port, p, ns, nr);
448 goto free_and_return;
449 }
450
451 /* Data packet */
452 if(l2tp->phase != PPPOL2TP_STATE_DATA) {
453 goto free_and_return;
454 }
455 if(tunnel_id != l2tp->remote_tunnel_id) {
456 PPPDEBUG(LOG_DEBUG, ("pppol2tp: tunnel ID mismatch, assigned=%d, received=%d\n", l2tp->remote_tunnel_id, tunnel_id));
457 goto free_and_return;
458 }
459 if(session_id != l2tp->remote_session_id) {
460 PPPDEBUG(LOG_DEBUG, ("pppol2tp: session ID mismatch, assigned=%d, received=%d\n", l2tp->remote_session_id, session_id));
461 goto free_and_return;
462 }
463 /*
464 * skip address & flags if necessary
465 *
466 * RFC 2661 does not specify whether the PPP frame in the L2TP payload should
467 * have a HDLC header or not. We handle both cases for compatibility.
468 */
469 if (p->len >= 2) {
470 GETSHORT(hflags, inp);
471 if (hflags == 0xff03) {
472 pbuf_header(p, -(s16_t)2);
473 }
474 }
475 /* Dispatch the packet thereby consuming it. */
476 ppp_input(l2tp->ppp, p);
477 return;
478
479 packet_too_short:
480 PPPDEBUG(LOG_DEBUG, ("pppol2tp: packet too short: %d\n", p->len));
481 free_and_return:
482 pbuf_free(p);
483 }
484
485 /* L2TP Control packet entry point */
pppol2tp_dispatch_control_packet(pppol2tp_pcb * l2tp,u16_t port,struct pbuf * p,u16_t ns,u16_t nr)486 static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, struct pbuf *p, u16_t ns, u16_t nr) {
487 u8_t *inp;
488 u16_t avplen, avpflags, vendorid, attributetype, messagetype=0;
489 err_t err;
490 #if PPPOL2TP_AUTH_SUPPORT
491 lwip_md5_context md5_ctx;
492 u8_t md5_hash[16];
493 u8_t challenge_id = 0;
494 #endif /* PPPOL2TP_AUTH_SUPPORT */
495
496 l2tp->peer_nr = nr;
497 l2tp->peer_ns = ns;
498 /* printf("L2TP CTRL INPUT, ns=%d, nr=%d, len=%d\n", ns, nr, p->len); */
499
500 /* Handle the special case of the ICCN acknowledge */
501 if (l2tp->phase == PPPOL2TP_STATE_ICCN_SENT && l2tp->peer_nr > l2tp->our_ns) {
502 l2tp->phase = PPPOL2TP_STATE_DATA;
503 }
504
505 /* ZLB packets */
506 if (p->tot_len == 0) {
507 return;
508 }
509
510 p = ppp_singlebuf(p);
511 inp = (u8_t*)p->payload;
512 /* Decode AVPs */
513 while (p->len > 0) {
514 if (p->len < sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype) ) {
515 goto packet_too_short;
516 }
517 GETSHORT(avpflags, inp);
518 avplen = avpflags & PPPOL2TP_AVPHEADERFLAG_LENGTHMASK;
519 /* printf("AVPLEN = %d\n", avplen); */
520 if (p->len < avplen || avplen < sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype)) {
521 goto packet_too_short;
522 }
523 GETSHORT(vendorid, inp);
524 GETSHORT(attributetype, inp);
525 avplen -= sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype);
526
527 /* Message type must be the first AVP */
528 if (messagetype == 0) {
529 if (attributetype != 0 || vendorid != 0 || avplen != sizeof(messagetype) ) {
530 PPPDEBUG(LOG_DEBUG, ("pppol2tp: message type must be the first AVP\n"));
531 return;
532 }
533 GETSHORT(messagetype, inp);
534 /* printf("Message type = %d\n", messagetype); */
535 switch(messagetype) {
536 /* Start Control Connection Reply */
537 case PPPOL2TP_MESSAGETYPE_SCCRP:
538 /* Only accept SCCRP packet if we sent a SCCRQ */
539 if (l2tp->phase != PPPOL2TP_STATE_SCCRQ_SENT) {
540 goto send_zlb;
541 }
542 break;
543 /* Incoming Call Reply */
544 case PPPOL2TP_MESSAGETYPE_ICRP:
545 /* Only accept ICRP packet if we sent a IRCQ */
546 if (l2tp->phase != PPPOL2TP_STATE_ICRQ_SENT) {
547 goto send_zlb;
548 }
549 break;
550 /* Stop Control Connection Notification */
551 case PPPOL2TP_MESSAGETYPE_STOPCCN:
552 pppol2tp_send_zlb(l2tp, l2tp->our_ns); /* Ack the StopCCN before we switch to down state */
553 if (l2tp->phase < PPPOL2TP_STATE_DATA) {
554 pppol2tp_abort_connect(l2tp);
555 } else if (l2tp->phase == PPPOL2TP_STATE_DATA) {
556 /* Don't disconnect here, we let the LCP Echo/Reply find the fact
557 * that PPP session is down. Asking the PPP stack to end the session
558 * require strict checking about the PPP phase to prevent endless
559 * disconnection loops.
560 */
561 }
562 return;
563 default:
564 break;
565 }
566 goto nextavp;
567 }
568
569 /* Skip proprietary L2TP extensions */
570 if (vendorid != 0) {
571 goto skipavp;
572 }
573
574 switch (messagetype) {
575 /* Start Control Connection Reply */
576 case PPPOL2TP_MESSAGETYPE_SCCRP:
577 switch (attributetype) {
578 case PPPOL2TP_AVPTYPE_TUNNELID:
579 if (avplen != sizeof(l2tp->source_tunnel_id) ) {
580 PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Assign tunnel ID length check failed\n"));
581 return;
582 }
583 GETSHORT(l2tp->source_tunnel_id, inp);
584 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Assigned tunnel ID %"U16_F"\n", l2tp->source_tunnel_id));
585 goto nextavp;
586 #if PPPOL2TP_AUTH_SUPPORT
587 case PPPOL2TP_AVPTYPE_CHALLENGE:
588 if (avplen == 0) {
589 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Challenge length check failed\n"));
590 return;
591 }
592 if (l2tp->secret == NULL) {
593 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Received challenge from peer and no secret key available\n"));
594 pppol2tp_abort_connect(l2tp);
595 return;
596 }
597 /* Generate hash of ID, secret, challenge */
598 lwip_md5_init(&md5_ctx);
599 lwip_md5_starts(&md5_ctx);
600 challenge_id = PPPOL2TP_MESSAGETYPE_SCCCN;
601 lwip_md5_update(&md5_ctx, &challenge_id, 1);
602 lwip_md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len);
603 lwip_md5_update(&md5_ctx, inp, avplen);
604 lwip_md5_finish(&md5_ctx, l2tp->challenge_hash);
605 lwip_md5_free(&md5_ctx);
606 l2tp->send_challenge = 1;
607 goto skipavp;
608 case PPPOL2TP_AVPTYPE_CHALLENGERESPONSE:
609 if (avplen != PPPOL2TP_AVPTYPE_CHALLENGERESPONSE_SIZE) {
610 PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Challenge Response length check failed\n"));
611 return;
612 }
613 /* Generate hash of ID, secret, challenge */
614 lwip_md5_init(&md5_ctx);
615 lwip_md5_starts(&md5_ctx);
616 challenge_id = PPPOL2TP_MESSAGETYPE_SCCRP;
617 lwip_md5_update(&md5_ctx, &challenge_id, 1);
618 lwip_md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len);
619 lwip_md5_update(&md5_ctx, l2tp->secret_rv, sizeof(l2tp->secret_rv));
620 lwip_md5_finish(&md5_ctx, md5_hash);
621 lwip_md5_free(&md5_ctx);
622 if ( memcmp(inp, md5_hash, sizeof(md5_hash)) ) {
623 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Received challenge response from peer and secret key do not match\n"));
624 pppol2tp_abort_connect(l2tp);
625 return;
626 }
627 goto skipavp;
628 #endif /* PPPOL2TP_AUTH_SUPPORT */
629 default:
630 break;
631 }
632 break;
633 /* Incoming Call Reply */
634 case PPPOL2TP_MESSAGETYPE_ICRP:
635 switch (attributetype) {
636 case PPPOL2TP_AVPTYPE_SESSIONID:
637 if (avplen != sizeof(l2tp->source_session_id) ) {
638 PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Assign session ID length check failed\n"));
639 return;
640 }
641 GETSHORT(l2tp->source_session_id, inp);
642 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Assigned session ID %"U16_F"\n", l2tp->source_session_id));
643 goto nextavp;
644 default:
645 break;
646 }
647 break;
648 default:
649 break;
650 }
651
652 skipavp:
653 INCPTR(avplen, inp);
654 nextavp:
655 /* printf("AVP Found, vendor=%d, attribute=%d, len=%d\n", vendorid, attributetype, avplen); */
656 /* next AVP */
657 if (pbuf_header(p, -(s16_t)(avplen + sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype)) ) != 0) {
658 return;
659 }
660 }
661
662 switch(messagetype) {
663 /* Start Control Connection Reply */
664 case PPPOL2TP_MESSAGETYPE_SCCRP:
665 do {
666 l2tp->remote_session_id = magic();
667 } while(l2tp->remote_session_id == 0);
668 l2tp->tunnel_port = port; /* LNS server might have chosen its own local port */
669 l2tp->icrq_retried = 0;
670 l2tp->phase = PPPOL2TP_STATE_ICRQ_SENT;
671 l2tp->our_ns++;
672 if ((err = pppol2tp_send_scccn(l2tp, l2tp->our_ns)) != 0) {
673 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCCN, error=%d\n", err));
674 }
675 l2tp->our_ns++;
676 if ((err = pppol2tp_send_icrq(l2tp, l2tp->our_ns)) != 0) {
677 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICRQ, error=%d\n", err));
678 }
679 sys_untimeout(pppol2tp_timeout, l2tp);
680 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
681 break;
682 /* Incoming Call Reply */
683 case PPPOL2TP_MESSAGETYPE_ICRP:
684 l2tp->iccn_retried = 0;
685 l2tp->phase = PPPOL2TP_STATE_ICCN_SENT;
686 l2tp->our_ns++;
687 ppp_start(l2tp->ppp); /* notify upper layers */
688 if ((err = pppol2tp_send_iccn(l2tp, l2tp->our_ns)) != 0) {
689 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICCN, error=%d\n", err));
690 }
691 sys_untimeout(pppol2tp_timeout, l2tp);
692 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
693 break;
694 /* Unhandled packet, send ZLB ACK */
695 default:
696 goto send_zlb;
697 }
698 return;
699
700 send_zlb:
701 pppol2tp_send_zlb(l2tp, l2tp->our_ns);
702 return;
703 packet_too_short:
704 PPPDEBUG(LOG_DEBUG, ("pppol2tp: packet too short: %d\n", p->len));
705 }
706
707 /* L2TP Timeout handler */
pppol2tp_timeout(void * arg)708 static void pppol2tp_timeout(void *arg) {
709 pppol2tp_pcb *l2tp = (pppol2tp_pcb*)arg;
710 err_t err;
711 u32_t retry_wait;
712
713 PPPDEBUG(LOG_DEBUG, ("pppol2tp: timeout\n"));
714
715 switch (l2tp->phase) {
716 case PPPOL2TP_STATE_SCCRQ_SENT:
717 /* backoff wait */
718 if (l2tp->sccrq_retried < 0xff) {
719 l2tp->sccrq_retried++;
720 }
721 if (!l2tp->ppp->settings.persist && l2tp->sccrq_retried >= PPPOL2TP_MAXSCCRQ) {
722 pppol2tp_abort_connect(l2tp);
723 return;
724 }
725 retry_wait = LWIP_MIN(PPPOL2TP_CONTROL_TIMEOUT * l2tp->sccrq_retried, PPPOL2TP_SLOW_RETRY);
726 PPPDEBUG(LOG_DEBUG, ("pppol2tp: sccrq_retried=%d\n", l2tp->sccrq_retried));
727 if ((err = pppol2tp_send_sccrq(l2tp)) != 0) {
728 l2tp->sccrq_retried--;
729 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCRQ, error=%d\n", err));
730 }
731 sys_timeout(retry_wait, pppol2tp_timeout, l2tp);
732 break;
733
734 case PPPOL2TP_STATE_ICRQ_SENT:
735 l2tp->icrq_retried++;
736 if (l2tp->icrq_retried >= PPPOL2TP_MAXICRQ) {
737 pppol2tp_abort_connect(l2tp);
738 return;
739 }
740 PPPDEBUG(LOG_DEBUG, ("pppol2tp: icrq_retried=%d\n", l2tp->icrq_retried));
741 if (l2tp->peer_nr <= l2tp->our_ns -1) { /* the SCCCN was not acknowledged */
742 if ((err = pppol2tp_send_scccn(l2tp, l2tp->our_ns -1)) != 0) {
743 l2tp->icrq_retried--;
744 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCCN, error=%d\n", err));
745 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
746 break;
747 }
748 }
749 if ((err = pppol2tp_send_icrq(l2tp, l2tp->our_ns)) != 0) {
750 l2tp->icrq_retried--;
751 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICRQ, error=%d\n", err));
752 }
753 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
754 break;
755
756 case PPPOL2TP_STATE_ICCN_SENT:
757 l2tp->iccn_retried++;
758 if (l2tp->iccn_retried >= PPPOL2TP_MAXICCN) {
759 pppol2tp_abort_connect(l2tp);
760 return;
761 }
762 PPPDEBUG(LOG_DEBUG, ("pppol2tp: iccn_retried=%d\n", l2tp->iccn_retried));
763 if ((err = pppol2tp_send_iccn(l2tp, l2tp->our_ns)) != 0) {
764 l2tp->iccn_retried--;
765 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICCN, error=%d\n", err));
766 }
767 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
768 break;
769
770 default:
771 return; /* all done, work in peace */
772 }
773 }
774
775 /* Connection attempt aborted */
pppol2tp_abort_connect(pppol2tp_pcb * l2tp)776 static void pppol2tp_abort_connect(pppol2tp_pcb *l2tp) {
777 PPPDEBUG(LOG_DEBUG, ("pppol2tp: could not establish connection\n"));
778 l2tp->phase = PPPOL2TP_STATE_INITIAL;
779 ppp_link_failed(l2tp->ppp); /* notify upper layers */
780 }
781
782 /* Initiate a new tunnel */
pppol2tp_send_sccrq(pppol2tp_pcb * l2tp)783 static err_t pppol2tp_send_sccrq(pppol2tp_pcb *l2tp) {
784 struct pbuf *pb;
785 u8_t *p;
786 u16_t len;
787
788 /* calculate UDP packet length */
789 len = 12 +8 +8 +10 +10 +6+sizeof(PPPOL2TP_HOSTNAME)-1 +6+sizeof(PPPOL2TP_VENDORNAME)-1 +8 +8;
790 #if PPPOL2TP_AUTH_SUPPORT
791 if (l2tp->secret != NULL) {
792 len += 6 + sizeof(l2tp->secret_rv);
793 }
794 #endif /* PPPOL2TP_AUTH_SUPPORT */
795
796 /* allocate a buffer */
797 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
798 if (pb == NULL) {
799 return ERR_MEM;
800 }
801 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
802
803 p = (u8_t*)pb->payload;
804 /* fill in pkt */
805 /* L2TP control header */
806 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
807 PUTSHORT(len, p); /* Length */
808 PUTSHORT(0, p); /* Tunnel Id */
809 PUTSHORT(0, p); /* Session Id */
810 PUTSHORT(0, p); /* NS Sequence number - to peer */
811 PUTSHORT(0, p); /* NR Sequence number - expected for peer */
812
813 /* AVP - Message type */
814 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
815 PUTSHORT(0, p); /* Vendor ID */
816 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
817 PUTSHORT(PPPOL2TP_MESSAGETYPE_SCCRQ, p); /* Attribute value: Message type: SCCRQ */
818
819 /* AVP - L2TP Version */
820 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
821 PUTSHORT(0, p); /* Vendor ID */
822 PUTSHORT(PPPOL2TP_AVPTYPE_VERSION, p); /* Attribute type: Version */
823 PUTSHORT(PPPOL2TP_VERSION, p); /* Attribute value: L2TP Version */
824
825 /* AVP - Framing capabilities */
826 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
827 PUTSHORT(0, p); /* Vendor ID */
828 PUTSHORT(PPPOL2TP_AVPTYPE_FRAMINGCAPABILITIES, p); /* Attribute type: Framing capabilities */
829 PUTLONG(PPPOL2TP_FRAMINGCAPABILITIES, p); /* Attribute value: Framing capabilities */
830
831 /* AVP - Bearer capabilities */
832 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
833 PUTSHORT(0, p); /* Vendor ID */
834 PUTSHORT(PPPOL2TP_AVPTYPE_BEARERCAPABILITIES, p); /* Attribute type: Bearer capabilities */
835 PUTLONG(PPPOL2TP_BEARERCAPABILITIES, p); /* Attribute value: Bearer capabilities */
836
837 /* AVP - Host name */
838 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6+sizeof(PPPOL2TP_HOSTNAME)-1, p); /* Mandatory flag + len field */
839 PUTSHORT(0, p); /* Vendor ID */
840 PUTSHORT(PPPOL2TP_AVPTYPE_HOSTNAME, p); /* Attribute type: Hostname */
841 MEMCPY(p, PPPOL2TP_HOSTNAME, sizeof(PPPOL2TP_HOSTNAME)-1); /* Attribute value: Hostname */
842 INCPTR(sizeof(PPPOL2TP_HOSTNAME)-1, p);
843
844 /* AVP - Vendor name */
845 PUTSHORT(6+sizeof(PPPOL2TP_VENDORNAME)-1, p); /* len field */
846 PUTSHORT(0, p); /* Vendor ID */
847 PUTSHORT(PPPOL2TP_AVPTYPE_VENDORNAME, p); /* Attribute type: Vendor name */
848 MEMCPY(p, PPPOL2TP_VENDORNAME, sizeof(PPPOL2TP_VENDORNAME)-1); /* Attribute value: Vendor name */
849 INCPTR(sizeof(PPPOL2TP_VENDORNAME)-1, p);
850
851 /* AVP - Assign tunnel ID */
852 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
853 PUTSHORT(0, p); /* Vendor ID */
854 PUTSHORT(PPPOL2TP_AVPTYPE_TUNNELID, p); /* Attribute type: Tunnel ID */
855 PUTSHORT(l2tp->remote_tunnel_id, p); /* Attribute value: Tunnel ID */
856
857 /* AVP - Receive window size */
858 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
859 PUTSHORT(0, p); /* Vendor ID */
860 PUTSHORT(PPPOL2TP_AVPTYPE_RECEIVEWINDOWSIZE, p); /* Attribute type: Receive window size */
861 PUTSHORT(PPPOL2TP_RECEIVEWINDOWSIZE, p); /* Attribute value: Receive window size */
862
863 #if PPPOL2TP_AUTH_SUPPORT
864 /* AVP - Challenge */
865 if (l2tp->secret != NULL) {
866 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6 + sizeof(l2tp->secret_rv), p); /* Mandatory flag + len field */
867 PUTSHORT(0, p); /* Vendor ID */
868 PUTSHORT(PPPOL2TP_AVPTYPE_CHALLENGE, p); /* Attribute type: Challenge */
869 MEMCPY(p, l2tp->secret_rv, sizeof(l2tp->secret_rv)); /* Attribute value: Random vector */
870 INCPTR(sizeof(l2tp->secret_rv), p);
871 }
872 #endif /* PPPOL2TP_AUTH_SUPPORT */
873
874 return pppol2tp_udp_send(l2tp, pb);
875 }
876
877 /* Complete tunnel establishment */
pppol2tp_send_scccn(pppol2tp_pcb * l2tp,u16_t ns)878 static err_t pppol2tp_send_scccn(pppol2tp_pcb *l2tp, u16_t ns) {
879 struct pbuf *pb;
880 u8_t *p;
881 u16_t len;
882
883 /* calculate UDP packet length */
884 len = 12 +8;
885 #if PPPOL2TP_AUTH_SUPPORT
886 if (l2tp->send_challenge) {
887 len += 6 + sizeof(l2tp->challenge_hash);
888 }
889 #endif /* PPPOL2TP_AUTH_SUPPORT */
890
891 /* allocate a buffer */
892 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
893 if (pb == NULL) {
894 return ERR_MEM;
895 }
896 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
897
898 p = (u8_t*)pb->payload;
899 /* fill in pkt */
900 /* L2TP control header */
901 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
902 PUTSHORT(len, p); /* Length */
903 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
904 PUTSHORT(0, p); /* Session Id */
905 PUTSHORT(ns, p); /* NS Sequence number - to peer */
906 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
907
908 /* AVP - Message type */
909 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
910 PUTSHORT(0, p); /* Vendor ID */
911 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
912 PUTSHORT(PPPOL2TP_MESSAGETYPE_SCCCN, p); /* Attribute value: Message type: SCCCN */
913
914 #if PPPOL2TP_AUTH_SUPPORT
915 /* AVP - Challenge response */
916 if (l2tp->send_challenge) {
917 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6 + sizeof(l2tp->challenge_hash), p); /* Mandatory flag + len field */
918 PUTSHORT(0, p); /* Vendor ID */
919 PUTSHORT(PPPOL2TP_AVPTYPE_CHALLENGERESPONSE, p); /* Attribute type: Challenge response */
920 MEMCPY(p, l2tp->challenge_hash, sizeof(l2tp->challenge_hash)); /* Attribute value: Computed challenge */
921 INCPTR(sizeof(l2tp->challenge_hash), p);
922 }
923 #endif /* PPPOL2TP_AUTH_SUPPORT */
924
925 return pppol2tp_udp_send(l2tp, pb);
926 }
927
928 /* Initiate a new session */
pppol2tp_send_icrq(pppol2tp_pcb * l2tp,u16_t ns)929 static err_t pppol2tp_send_icrq(pppol2tp_pcb *l2tp, u16_t ns) {
930 struct pbuf *pb;
931 u8_t *p;
932 u16_t len;
933 u32_t serialnumber;
934
935 /* calculate UDP packet length */
936 len = 12 +8 +8 +10;
937
938 /* allocate a buffer */
939 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
940 if (pb == NULL) {
941 return ERR_MEM;
942 }
943 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
944
945 p = (u8_t*)pb->payload;
946 /* fill in pkt */
947 /* L2TP control header */
948 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
949 PUTSHORT(len, p); /* Length */
950 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
951 PUTSHORT(0, p); /* Session Id */
952 PUTSHORT(ns, p); /* NS Sequence number - to peer */
953 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
954
955 /* AVP - Message type */
956 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
957 PUTSHORT(0, p); /* Vendor ID */
958 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
959 PUTSHORT(PPPOL2TP_MESSAGETYPE_ICRQ, p); /* Attribute value: Message type: ICRQ */
960
961 /* AVP - Assign session ID */
962 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
963 PUTSHORT(0, p); /* Vendor ID */
964 PUTSHORT(PPPOL2TP_AVPTYPE_SESSIONID, p); /* Attribute type: Session ID */
965 PUTSHORT(l2tp->remote_session_id, p); /* Attribute value: Session ID */
966
967 /* AVP - Call Serial Number */
968 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
969 PUTSHORT(0, p); /* Vendor ID */
970 PUTSHORT(PPPOL2TP_AVPTYPE_CALLSERIALNUMBER, p); /* Attribute type: Serial number */
971 serialnumber = magic();
972 PUTLONG(serialnumber, p); /* Attribute value: Serial number */
973
974 return pppol2tp_udp_send(l2tp, pb);
975 }
976
977 /* Complete tunnel establishment */
pppol2tp_send_iccn(pppol2tp_pcb * l2tp,u16_t ns)978 static err_t pppol2tp_send_iccn(pppol2tp_pcb *l2tp, u16_t ns) {
979 struct pbuf *pb;
980 u8_t *p;
981 u16_t len;
982
983 /* calculate UDP packet length */
984 len = 12 +8 +10 +10;
985
986 /* allocate a buffer */
987 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
988 if (pb == NULL) {
989 return ERR_MEM;
990 }
991 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
992
993 p = (u8_t*)pb->payload;
994 /* fill in pkt */
995 /* L2TP control header */
996 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
997 PUTSHORT(len, p); /* Length */
998 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
999 PUTSHORT(l2tp->source_session_id, p); /* Session Id */
1000 PUTSHORT(ns, p); /* NS Sequence number - to peer */
1001 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
1002
1003 /* AVP - Message type */
1004 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
1005 PUTSHORT(0, p); /* Vendor ID */
1006 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
1007 PUTSHORT(PPPOL2TP_MESSAGETYPE_ICCN, p); /* Attribute value: Message type: ICCN */
1008
1009 /* AVP - Framing type */
1010 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
1011 PUTSHORT(0, p); /* Vendor ID */
1012 PUTSHORT(PPPOL2TP_AVPTYPE_FRAMINGTYPE, p); /* Attribute type: Framing type */
1013 PUTLONG(PPPOL2TP_FRAMINGTYPE, p); /* Attribute value: Framing type */
1014
1015 /* AVP - TX Connect speed */
1016 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
1017 PUTSHORT(0, p); /* Vendor ID */
1018 PUTSHORT(PPPOL2TP_AVPTYPE_TXCONNECTSPEED, p); /* Attribute type: TX Connect speed */
1019 PUTLONG(PPPOL2TP_TXCONNECTSPEED, p); /* Attribute value: TX Connect speed */
1020
1021 return pppol2tp_udp_send(l2tp, pb);
1022 }
1023
1024 /* Send a ZLB ACK packet */
pppol2tp_send_zlb(pppol2tp_pcb * l2tp,u16_t ns)1025 static err_t pppol2tp_send_zlb(pppol2tp_pcb *l2tp, u16_t ns) {
1026 struct pbuf *pb;
1027 u8_t *p;
1028 u16_t len;
1029
1030 /* calculate UDP packet length */
1031 len = 12;
1032
1033 /* allocate a buffer */
1034 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
1035 if (pb == NULL) {
1036 return ERR_MEM;
1037 }
1038 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
1039
1040 p = (u8_t*)pb->payload;
1041 /* fill in pkt */
1042 /* L2TP control header */
1043 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
1044 PUTSHORT(len, p); /* Length */
1045 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
1046 PUTSHORT(0, p); /* Session Id */
1047 PUTSHORT(ns, p); /* NS Sequence number - to peer */
1048 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
1049
1050 return pppol2tp_udp_send(l2tp, pb);
1051 }
1052
1053 /* Send a StopCCN packet */
pppol2tp_send_stopccn(pppol2tp_pcb * l2tp,u16_t ns)1054 static err_t pppol2tp_send_stopccn(pppol2tp_pcb *l2tp, u16_t ns) {
1055 struct pbuf *pb;
1056 u8_t *p;
1057 u16_t len;
1058
1059 /* calculate UDP packet length */
1060 len = 12 +8 +8 +8;
1061
1062 /* allocate a buffer */
1063 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
1064 if (pb == NULL) {
1065 return ERR_MEM;
1066 }
1067 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
1068
1069 p = (u8_t*)pb->payload;
1070 /* fill in pkt */
1071 /* L2TP control header */
1072 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
1073 PUTSHORT(len, p); /* Length */
1074 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
1075 PUTSHORT(0, p); /* Session Id */
1076 PUTSHORT(ns, p); /* NS Sequence number - to peer */
1077 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
1078
1079 /* AVP - Message type */
1080 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
1081 PUTSHORT(0, p); /* Vendor ID */
1082 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
1083 PUTSHORT(PPPOL2TP_MESSAGETYPE_STOPCCN, p); /* Attribute value: Message type: StopCCN */
1084
1085 /* AVP - Assign tunnel ID */
1086 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
1087 PUTSHORT(0, p); /* Vendor ID */
1088 PUTSHORT(PPPOL2TP_AVPTYPE_TUNNELID, p); /* Attribute type: Tunnel ID */
1089 PUTSHORT(l2tp->remote_tunnel_id, p); /* Attribute value: Tunnel ID */
1090
1091 /* AVP - Result code */
1092 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
1093 PUTSHORT(0, p); /* Vendor ID */
1094 PUTSHORT(PPPOL2TP_AVPTYPE_RESULTCODE, p); /* Attribute type: Result code */
1095 PUTSHORT(PPPOL2TP_RESULTCODE, p); /* Attribute value: Result code */
1096
1097 return pppol2tp_udp_send(l2tp, pb);
1098 }
1099
pppol2tp_xmit(pppol2tp_pcb * l2tp,struct pbuf * pb)1100 static err_t pppol2tp_xmit(pppol2tp_pcb *l2tp, struct pbuf *pb) {
1101 u8_t *p;
1102
1103 /* make room for L2TP header - should not fail */
1104 if (pbuf_header(pb, (s16_t)PPPOL2TP_OUTPUT_DATA_HEADER_LEN) != 0) {
1105 /* bail out */
1106 PPPDEBUG(LOG_ERR, ("pppol2tp: pppol2tp_pcb: could not allocate room for L2TP header\n"));
1107 LINK_STATS_INC(link.lenerr);
1108 pbuf_free(pb);
1109 return ERR_BUF;
1110 }
1111
1112 p = (u8_t*)pb->payload;
1113 PUTSHORT(PPPOL2TP_HEADERFLAG_DATA_MANDATORY, p);
1114 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
1115 PUTSHORT(l2tp->source_session_id, p); /* Session Id */
1116
1117 return pppol2tp_udp_send(l2tp, pb);
1118 }
1119
pppol2tp_udp_send(pppol2tp_pcb * l2tp,struct pbuf * pb)1120 static err_t pppol2tp_udp_send(pppol2tp_pcb *l2tp, struct pbuf *pb) {
1121 err_t err;
1122 if (l2tp->netif) {
1123 err = udp_sendto_if(l2tp->udp, pb, &l2tp->remote_ip, l2tp->tunnel_port, l2tp->netif);
1124 } else {
1125 err = udp_sendto(l2tp->udp, pb, &l2tp->remote_ip, l2tp->tunnel_port);
1126 }
1127 pbuf_free(pb);
1128 return err;
1129 }
1130
1131 #endif /* PPP_SUPPORT && PPPOL2TP_SUPPORT */
1132