1 /* $OpenBSD: l2tp_subr.c,v 1.5 2023/09/11 07:33:07 yasuoka Exp $ */
2
3 /*-
4 * Copyright (c) 2009 Internet Initiative Japan Inc.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28 /* $Id: l2tp_subr.c,v 1.5 2023/09/11 07:33:07 yasuoka Exp $ */
29 /**@file L2TP related sub-routines */
30 #include <sys/types.h>
31 #include <sys/time.h>
32 #include <sys/socket.h>
33 #include <netinet/in.h>
34 #include <stdlib.h>
35 #include <stdio.h>
36 #include <syslog.h>
37 #include <string.h>
38 #include <event.h>
39
40 #ifdef USE_LIBSOCKUTIL
41 #include <seil/sockfromto.h>
42 #endif
43
44 #include "debugutil.h"
45 #include "hash.h"
46 #include "bytebuf.h"
47 #include "slist.h"
48 #include "l2tp.h"
49 #include "l2tp_subr.h"
50 #include "l2tp_local.h"
51
52 #ifdef L2TP_SUBR_DEBUG
53 #define L2TP_SUBR_ASSERT(x) ASSERT(x)
54 #else
55 #define L2TP_SUBR_ASSERT(x)
56 #endif
57
58 /*
59 * AVP
60 */
61 int
avp_enum(struct l2tp_avp * avp,const u_char * pkt,int pktlen,int filldata)62 avp_enum(struct l2tp_avp *avp, const u_char *pkt, int pktlen, int filldata)
63 {
64 uint16_t flags;
65
66 L2TP_SUBR_ASSERT(pktlen >= 6);
67
68 if (pktlen < 6)
69 return -1;
70
71 GETSHORT(flags, pkt);
72
73 avp->is_mandatory = ((flags & 0x8000) != 0)? 1 : 0;
74 avp->is_hidden = ((flags & 0x4000) != 0)? 1 : 0;
75 avp->length = flags & 0x03ff;
76
77 GETSHORT(avp->vendor_id, pkt);
78
79 avp->attr_type = *pkt << 8;
80 avp->attr_type |= *(pkt + 1);
81 pkt += 2;
82
83 if (avp->length < 6 || avp->length > pktlen)
84 return -1;
85
86 if (avp->length > 6 && filldata != 0)
87 memcpy(avp->attr_value, pkt, avp->length - 6);
88
89 return avp->length;
90 }
91
92 #define NAME_VAL(x) { x, #x }
93 static struct _label_name {
94 int label;
95 const char *name;
96 }
97 l2tp_mes_type_names[] = {
98 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_SCCRQ),
99 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_SCCRP),
100 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_SCCCN),
101 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_StopCCN),
102 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_HELLO),
103 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_OCRQ),
104 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_OCRP),
105 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_OCCN),
106 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_ICRQ),
107 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_ICRP),
108 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_ICCN),
109 NAME_VAL(L2TP_AVP_MESSAGE_TYPE_CDN),
110 },
111 l2tp_avp_attribute_names[] = {
112 NAME_VAL(L2TP_AVP_TYPE_MESSAGE_TYPE),
113 NAME_VAL(L2TP_AVP_TYPE_RESULT_CODE),
114 NAME_VAL(L2TP_AVP_TYPE_PROTOCOL_VERSION),
115 NAME_VAL(L2TP_AVP_TYPE_FRAMING_CAPABILITIES),
116 NAME_VAL(L2TP_AVP_TYPE_BEARER_CAPABILITIES),
117 NAME_VAL(L2TP_AVP_TYPE_TIE_BREAKER),
118 NAME_VAL(L2TP_AVP_TYPE_FIRMWARE_REVISION),
119 NAME_VAL(L2TP_AVP_TYPE_HOST_NAME),
120 NAME_VAL(L2TP_AVP_TYPE_VENDOR_NAME),
121 NAME_VAL(L2TP_AVP_TYPE_ASSINGED_TUNNEL_ID),
122 NAME_VAL(L2TP_AVP_TYPE_RECV_WINDOW_SIZE),
123 NAME_VAL(L2TP_AVP_TYPE_CHALLENGE),
124 NAME_VAL(L2TP_AVP_TYPE_CAUSE_CODE),
125 NAME_VAL(L2TP_AVP_TYPE_CHALLENGE_RESPONSE),
126 NAME_VAL(L2TP_AVP_TYPE_ASSIGNED_SESSION_ID),
127 NAME_VAL(L2TP_AVP_TYPE_CALL_SERIAL_NUMBER),
128 NAME_VAL(L2TP_AVP_TYPE_MINIMUM_BPS),
129 NAME_VAL(L2TP_AVP_TYPE_MAXIMUM_BPS),
130 NAME_VAL(L2TP_AVP_TYPE_BEARER_TYPE),
131 NAME_VAL(L2TP_AVP_TYPE_FRAMING_TYPE),
132 NAME_VAL(L2TP_AVP_TYPE_CALLED_NUMBER),
133 NAME_VAL(L2TP_AVP_TYPE_CALLING_NUMBER),
134 NAME_VAL(L2TP_AVP_TYPE_SUB_ADDRESS),
135 NAME_VAL(L2TP_AVP_TYPE_TX_CONNECT_SPEED),
136 NAME_VAL(L2TP_AVP_TYPE_PHYSICAL_CHANNEL_ID),
137 NAME_VAL(L2TP_AVP_TYPE_INITIAL_RECV_LCP_CONFREQ),
138 NAME_VAL(L2TP_AVP_TYPE_LAST_SENT_LCP_CONFREQ),
139 NAME_VAL(L2TP_AVP_TYPE_LAST_RECV_LCP_CONFREQ),
140 NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_TYPE),
141 NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_NAME),
142 NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_CHALLENGE),
143 NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_ID),
144 NAME_VAL(L2TP_AVP_TYPE_PROXY_AUTHEN_RESPONSE),
145 NAME_VAL(L2TP_AVP_TYPE_CALL_ERRORS),
146 NAME_VAL(L2TP_AVP_TYPE_ACCM),
147 NAME_VAL(L2TP_AVP_TYPE_RANDOM_VECTOR),
148 NAME_VAL(L2TP_AVP_TYPE_PRIVATE_GROUP_ID),
149 NAME_VAL(L2TP_AVP_TYPE_RX_CONNECT_SPEED),
150 NAME_VAL(L2TP_AVP_TYPE_SEQUENCING_REQUIRED),
151 NAME_VAL(L2TP_AVP_TYPE_TX_MINIMUM),
152 NAME_VAL(L2TP_AVP_TYPE_CALLING_SUB_ADDRESS),
153 NAME_VAL(L2TP_AVP_TYPE_PPP_DISCONNECT_CAUSE_CODE),
154 NAME_VAL(L2TP_AVP_TYPE_CCDS),
155 NAME_VAL(L2TP_AVP_TYPE_SDS),
156 NAME_VAL(L2TP_AVP_TYPE_LCP_WANT_OPTIONS),
157 NAME_VAL(L2TP_AVP_TYPE_LCP_ALLOW_OPTIONS),
158 NAME_VAL(L2TP_AVP_TYPE_LNS_LAST_SENT_LCP_CONFREQ),
159 NAME_VAL(L2TP_AVP_TYPE_LNS_LAST_RECV_LCP_CONFREQ),
160 NAME_VAL(L2TP_AVP_TYPE_MODEM_ON_HOLD_CAPABLE),
161 NAME_VAL(L2TP_AVP_TYPE_MODEM_ON_HOLD_STATUS),
162 NAME_VAL(L2TP_AVP_TYPE_PPPOE_RELAY),
163 NAME_VAL(L2TP_AVP_TYPE_PPPOE_RELAY_RESP_CAP),
164 NAME_VAL(L2TP_AVP_TYPE_PPPOE_RELAY_FORW_CAP),
165 NAME_VAL(L2TP_AVP_TYPE_EXTENDED_VENDOR_ID),
166 NAME_VAL(L2TP_AVP_TYPE_PSEUDOWIRE_CAP_LIST),
167 NAME_VAL(L2TP_AVP_TYPE_LOCAL_SESSION_ID),
168 NAME_VAL(L2TP_AVP_TYPE_REMOTE_SESSION_ID),
169 NAME_VAL(L2TP_AVP_TYPE_ASSIGNED_COOKIE),
170 NAME_VAL(L2TP_AVP_TYPE_REMOTE_END_ID),
171 NAME_VAL(L2TP_AVP_TYPE_APPLICATION_CODE),
172 NAME_VAL(L2TP_AVP_TYPE_PSEUDOWIRE_TYPE),
173 NAME_VAL(L2TP_AVP_TYPE_L2_SPECIFIC_SUBLAYER),
174 NAME_VAL(L2TP_AVP_TYPE_DATA_SEQUENCING),
175 NAME_VAL(L2TP_AVP_TYPE_CIRCUIT_STATUS),
176 NAME_VAL(L2TP_AVP_TYPE_PREFERRED_LANGUAGE),
177 NAME_VAL(L2TP_AVP_TYPE_CTRL_MSG_AUTH_NONCE),
178 NAME_VAL(L2TP_AVP_TYPE_TX_CONNECT_SPEED),
179 NAME_VAL(L2TP_AVP_TYPE_RX_CONNECT_SPEED),
180 NAME_VAL(L2TP_AVP_TYPE_FAILOVER_CAPABILITY),
181 NAME_VAL(L2TP_AVP_TYPE_TUNNEL_RECOVERY),
182 NAME_VAL(L2TP_AVP_TYPE_SUGGESTED_CTRL_SEQUENCE),
183 NAME_VAL(L2TP_AVP_TYPE_FAILOVER_SESSION_STATE),
184 NAME_VAL(L2TP_AVP_TYPE_MULTICAST_CAPABILITY),
185 NAME_VAL(L2TP_AVP_TYPE_NEW_OUTGOING_SESSIONS),
186 NAME_VAL(L2TP_AVP_TYPE_NEW_OUTGOING_SESSIONS_ACK),
187 NAME_VAL(L2TP_AVP_TYPE_WITHDRAW_OUTGOING_SESSIONS),
188 NAME_VAL(L2TP_AVP_TYPE_MULTICAST_PACKETS_PRIORITY),
189 },
190 l2tp_stopccn_rcode_names[] = {
191 NAME_VAL(L2TP_STOP_CCN_RCODE_GENERAL),
192 NAME_VAL(L2TP_STOP_CCN_RCODE_GENERAL_ERROR),
193 NAME_VAL(L2TP_STOP_CCN_RCODE_ALREADY_EXISTS),
194 NAME_VAL(L2TP_STOP_CCN_RCODE_UNAUTHORIZED),
195 NAME_VAL(L2TP_STOP_CCN_RCODE_BAD_PROTOCOL_VERSION),
196 NAME_VAL(L2TP_STOP_CCN_RCODE_SHUTTING_DOWN),
197 NAME_VAL(L2TP_STOP_CCN_RCODE_FSM_ERROR),
198 },
199 l2tp_cdn_rcode_names[] = {
200 NAME_VAL(L2TP_CDN_RCODE_LOST_CARRIER),
201 NAME_VAL(L2TP_CDN_RCODE_ERROR_CODE),
202 NAME_VAL(L2TP_CDN_RCODE_ADMINISTRATIVE_REASON),
203 NAME_VAL(L2TP_CDN_RCODE_TEMP_NOT_AVALIABLE),
204 NAME_VAL(L2TP_CDN_RCODE_PERM_NOT_AVALIABLE),
205 NAME_VAL(L2TP_CDN_RCODE_INVALID_DESTINATION),
206 NAME_VAL(L2TP_CDN_RCODE_NO_CARRIER),
207 NAME_VAL(L2TP_CDN_RCODE_BUSY),
208 NAME_VAL(L2TP_CDN_RCODE_NO_DIALTONE),
209 NAME_VAL(L2TP_CDN_RCODE_CALL_TIMEOUT_BY_LAC),
210 NAME_VAL(L2TP_CDN_RCODE_NO_FRAMING_DETECTED),
211 },
212 l2tp_ecode_names[] = {
213 NAME_VAL(L2TP_ECODE_NO_CONTROL_CONNECTION),
214 NAME_VAL(L2TP_ECODE_WRONG_LENGTH),
215 NAME_VAL(L2TP_ECODE_INVALID_MESSAGE),
216 NAME_VAL(L2TP_ECODE_NO_RESOURCE),
217 NAME_VAL(L2TP_ECODE_INVALID_SESSION_ID),
218 NAME_VAL(L2TP_ECODE_GENERIC_ERROR),
219 NAME_VAL(L2TP_ECODE_TRY_ANOTHER),
220 NAME_VAL(L2TP_ECODE_UNKNOWN_MANDATORY_AVP),
221 };
222 #undef NAME_VAL
223
224 const char *
avp_attr_type_string(int attr_type)225 avp_attr_type_string(int attr_type)
226 {
227 int i;
228
229 for (i = 0; i < countof(l2tp_avp_attribute_names); i++) {
230 if (attr_type == l2tp_avp_attribute_names[i].label)
231 return l2tp_avp_attribute_names[i].name + 14;
232 }
233 return "UNKNOWN_AVP";
234 }
235
236 const char *
l2tp_stopccn_rcode_string(int rcode)237 l2tp_stopccn_rcode_string(int rcode)
238 {
239 int i;
240
241 for (i = 0; i < countof(l2tp_stopccn_rcode_names); i++) {
242 if (rcode == l2tp_stopccn_rcode_names[i].label)
243 return l2tp_stopccn_rcode_names[i].name + 20;
244 }
245 return "UNKNOWN";
246 }
247
248 const char *
l2tp_cdn_rcode_string(int rcode)249 l2tp_cdn_rcode_string(int rcode)
250 {
251 int i;
252
253 for (i = 0; i < countof(l2tp_cdn_rcode_names); i++) {
254 if (rcode == l2tp_cdn_rcode_names[i].label)
255 return l2tp_cdn_rcode_names[i].name + 15;
256 }
257 return "UNKNOWN";
258 }
259
260 const char *
l2tp_ecode_string(int ecode)261 l2tp_ecode_string(int ecode)
262 {
263 int i;
264
265 if (ecode == 0)
266 return "none";
267 for (i = 0; i < countof(l2tp_ecode_names); i++) {
268 if (ecode == l2tp_ecode_names[i].label)
269 return l2tp_ecode_names[i].name + 11;
270 }
271 return "UNKNOWN";
272 }
273
274 /**
275 * Search the AVP that matches given vendor_id and attr_type and return it
276 * In case the "fill_data" is specified (non 0 value is specified as the
277 * "fill_data"), the memory space of the "avp" must be larger than or equal
278 * to L2TP_AVP_MAXSIZ (1024).
279 */
280 struct l2tp_avp *
avp_find(struct l2tp_avp * avp,const u_char * pkt,int pktlen,uint16_t vendor_id,uint16_t attr_type,int fill_data)281 avp_find(struct l2tp_avp *avp, const u_char *pkt, int pktlen,
282 uint16_t vendor_id, uint16_t attr_type, int fill_data)
283 {
284 int avpsz;
285
286 while (pktlen >= 6 &&
287 (avpsz = avp_enum(avp, pkt, pktlen, fill_data)) > 0) {
288 L2TP_SUBR_ASSERT(avpsz >= 6);
289 if (avp->vendor_id != vendor_id || avp->attr_type != attr_type) {
290 pkt += avpsz;
291 pktlen -= avpsz;
292 continue;
293 }
294 return avp;
295 }
296
297 return NULL;
298 }
299
300 /**
301 * Search the Message-Type AVP and return it. The memory space of the "avp"
302 * must be larger than or equal to L2TP_AVP_MAXSIZ (1024).
303 */
304 struct l2tp_avp *
avp_find_message_type_avp(struct l2tp_avp * avp,const u_char * pkt,int pktlen)305 avp_find_message_type_avp(struct l2tp_avp *avp, const u_char *pkt, int pktlen)
306 {
307 return avp_find(avp, pkt, pktlen, 0, L2TP_AVP_TYPE_MESSAGE_TYPE, 1);
308 }
309
310 /**
311 * add an AVP to bytebuffer
312 */
313 int
bytebuf_add_avp(bytebuffer * bytebuf,struct l2tp_avp * avp,int value_len)314 bytebuf_add_avp(bytebuffer *bytebuf, struct l2tp_avp *avp, int value_len)
315 {
316 struct l2tp_avp avp1;
317
318 memcpy(&avp1, avp, sizeof(struct l2tp_avp));
319
320 avp1.length = value_len + 6;
321 avp1.vendor_id = htons(avp->vendor_id);
322 avp1.attr_type = htons(avp->attr_type);
323 *(uint16_t *)&avp1 = htons(*(uint16_t *)&avp1);
324
325 if (bytebuffer_put(bytebuf, &avp1, 6) == NULL)
326 return -1;
327 if (bytebuffer_put(bytebuf, avp->attr_value, value_len) == NULL)
328 return -1;
329
330 return 0;
331 }
332
333 const char *
avp_mes_type_string(int mes_type)334 avp_mes_type_string(int mes_type)
335 {
336 int i;
337
338 for (i = 0; i < countof(l2tp_mes_type_names); i++) {
339 if (mes_type == l2tp_mes_type_names[i].label)
340 return l2tp_mes_type_names[i].name + 22;
341 }
342 return "Unknown";
343 }
344