1 /**
2 * @file
3 * Network Point to Point Protocol over Layer 2 Tunneling Protocol program file.
4 *
5 */
6
7 /*
8 * Redistribution and use in source and binary forms, with or without modification,
9 * are permitted provided that the following conditions are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright notice,
12 * this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright notice,
14 * this list of conditions and the following disclaimer in the documentation
15 * and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
20 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
22 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
24 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
28 * OF SUCH DAMAGE.
29 *
30 * This file is part of the lwIP TCP/IP stack.
31 *
32 */
33
34 /*
35 * L2TP Support status:
36 *
37 * Supported:
38 * - L2TPv2 (PPP over L2TP, a.k.a. UDP tunnels)
39 * - LAC
40 *
41 * Not supported:
42 * - LNS (require PPP server support)
43 * - L2TPv3 ethernet pseudowires
44 * - L2TPv3 VLAN pseudowire
45 * - L2TPv3 PPP pseudowires
46 * - L2TPv3 IP encapsulation
47 * - L2TPv3 IP pseudowire
48 * - L2TP tunnel switching - http://tools.ietf.org/html/draft-ietf-l2tpext-tunnel-switching-08
49 * - Multiple tunnels per UDP socket, as well as multiple sessions per tunnel
50 * - Hidden AVPs
51 */
52
53 #include "netif/ppp/ppp_opts.h"
54 #if PPP_SUPPORT && PPPOL2TP_SUPPORT /* don't build if not configured for use in lwipopts.h */
55
56 #include "lwip/err.h"
57 #include "lwip/memp.h"
58 #include "lwip/netif.h"
59 #include "lwip/udp.h"
60 #include "lwip/snmp.h"
61
62 #include "netif/ppp/ppp_impl.h"
63 #include "netif/ppp/lcp.h"
64 #include "netif/ppp/ipcp.h"
65 #include "netif/ppp/pppol2tp.h"
66 #include "netif/ppp/pppcrypt.h"
67 #include "netif/ppp/magic.h"
68
69 /* Memory pool */
70 LWIP_MEMPOOL_DECLARE(PPPOL2TP_PCB, MEMP_NUM_PPPOL2TP_INTERFACES, sizeof(pppol2tp_pcb), "PPPOL2TP_PCB")
71
72 /* callbacks called from PPP core */
73 static err_t pppol2tp_write(ppp_pcb *ppp, void *ctx, struct pbuf *p);
74 static err_t pppol2tp_netif_output(ppp_pcb *ppp, void *ctx, struct pbuf *p, u_short protocol);
75 static err_t pppol2tp_destroy(ppp_pcb *ppp, void *ctx); /* Destroy a L2TP control block */
76 static err_t pppol2tp_connect(ppp_pcb *ppp, void *ctx); /* Be a LAC, connect to a LNS. */
77 static void pppol2tp_disconnect(ppp_pcb *ppp, void *ctx); /* Disconnect */
78
79 /* Prototypes for procedures local to this file. */
80 static void pppol2tp_input(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port);
81 static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, struct pbuf *p, u16_t ns, u16_t nr);
82 static void pppol2tp_timeout(void *arg);
83 static void pppol2tp_abort_connect(pppol2tp_pcb *l2tp);
84 static err_t pppol2tp_send_sccrq(pppol2tp_pcb *l2tp);
85 static err_t pppol2tp_send_scccn(pppol2tp_pcb *l2tp, u16_t ns);
86 static err_t pppol2tp_send_icrq(pppol2tp_pcb *l2tp, u16_t ns);
87 static err_t pppol2tp_send_iccn(pppol2tp_pcb *l2tp, u16_t ns);
88 static err_t pppol2tp_send_zlb(pppol2tp_pcb *l2tp, u16_t ns);
89 static err_t pppol2tp_send_stopccn(pppol2tp_pcb *l2tp, u16_t ns);
90 static err_t pppol2tp_xmit(pppol2tp_pcb *l2tp, struct pbuf *pb);
91 static err_t pppol2tp_udp_send(pppol2tp_pcb *l2tp, struct pbuf *pb);
92
93 /* Callbacks structure for PPP core */
94 static const struct link_callbacks pppol2tp_callbacks = {
95 pppol2tp_connect,
96 #if PPP_SERVER
97 NULL,
98 #endif /* PPP_SERVER */
99 pppol2tp_disconnect,
100 pppol2tp_destroy,
101 pppol2tp_write,
102 pppol2tp_netif_output,
103 NULL,
104 NULL
105 };
106
107
108 /* Create a new L2TP session. */
pppol2tp_create(struct netif * pppif,struct netif * netif,const ip_addr_t * ipaddr,u16_t port,const u8_t * secret,u8_t secret_len,ppp_link_status_cb_fn link_status_cb,void * ctx_cb)109 ppp_pcb *pppol2tp_create(struct netif *pppif,
110 struct netif *netif, const ip_addr_t *ipaddr, u16_t port,
111 const u8_t *secret, u8_t secret_len,
112 ppp_link_status_cb_fn link_status_cb, void *ctx_cb) {
113 ppp_pcb *ppp;
114 pppol2tp_pcb *l2tp;
115 struct udp_pcb *udp;
116
117 if (ipaddr == NULL) {
118 goto ipaddr_check_failed;
119 }
120
121 l2tp = (pppol2tp_pcb *)LWIP_MEMPOOL_ALLOC(PPPOL2TP_PCB);
122 if (l2tp == NULL) {
123 goto memp_malloc_l2tp_failed;
124 }
125
126 udp = udp_new_ip_type(IP_GET_TYPE(ipaddr));
127 if (udp == NULL) {
128 goto udp_new_failed;
129 }
130 udp_recv(udp, pppol2tp_input, l2tp);
131
132 ppp = ppp_new(pppif, &pppol2tp_callbacks, l2tp, link_status_cb, ctx_cb);
133 if (ppp == NULL) {
134 goto ppp_new_failed;
135 }
136
137 memset(l2tp, 0, sizeof(pppol2tp_pcb));
138 l2tp->phase = PPPOL2TP_STATE_INITIAL;
139 l2tp->ppp = ppp;
140 l2tp->udp = udp;
141 l2tp->netif = netif;
142 ip_addr_copy(l2tp->remote_ip, *ipaddr);
143 l2tp->remote_port = port;
144 #if PPPOL2TP_AUTH_SUPPORT
145 l2tp->secret = secret;
146 l2tp->secret_len = secret_len;
147 #endif /* PPPOL2TP_AUTH_SUPPORT */
148
149 return ppp;
150
151 ppp_new_failed:
152 udp_remove(udp);
153 udp_new_failed:
154 LWIP_MEMPOOL_FREE(PPPOL2TP_PCB, l2tp);
155 memp_malloc_l2tp_failed:
156 ipaddr_check_failed:
157 return NULL;
158 }
159
160 /* Called by PPP core */
pppol2tp_write(ppp_pcb * ppp,void * ctx,struct pbuf * p)161 static err_t pppol2tp_write(ppp_pcb *ppp, void *ctx, struct pbuf *p) {
162 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
163 struct pbuf *ph; /* UDP + L2TP header */
164 err_t ret;
165 #if MIB2_STATS
166 u16_t tot_len;
167 #else /* MIB2_STATS */
168 LWIP_UNUSED_ARG(ppp);
169 #endif /* MIB2_STATS */
170
171 ph = pbuf_alloc(PBUF_TRANSPORT, (u16_t)(PPPOL2TP_OUTPUT_DATA_HEADER_LEN), PBUF_RAM);
172 if(!ph) {
173 LINK_STATS_INC(link.memerr);
174 LINK_STATS_INC(link.proterr);
175 MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards);
176 pbuf_free(p);
177 return ERR_MEM;
178 }
179
180 pbuf_header(ph, -(s16_t)PPPOL2TP_OUTPUT_DATA_HEADER_LEN); /* hide L2TP header */
181 pbuf_cat(ph, p);
182 #if MIB2_STATS
183 tot_len = ph->tot_len;
184 #endif /* MIB2_STATS */
185
186 ret = pppol2tp_xmit(l2tp, ph);
187 if (ret != ERR_OK) {
188 LINK_STATS_INC(link.err);
189 MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards);
190 return ret;
191 }
192
193 MIB2_STATS_NETIF_ADD(ppp->netif, ifoutoctets, (u16_t)tot_len);
194 MIB2_STATS_NETIF_INC(ppp->netif, ifoutucastpkts);
195 LINK_STATS_INC(link.xmit);
196 return ERR_OK;
197 }
198
199 /* Called by PPP core */
pppol2tp_netif_output(ppp_pcb * ppp,void * ctx,struct pbuf * p,u_short protocol)200 static err_t pppol2tp_netif_output(ppp_pcb *ppp, void *ctx, struct pbuf *p, u_short protocol) {
201 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
202 struct pbuf *pb;
203 u8_t *pl;
204 err_t err;
205 #if MIB2_STATS
206 u16_t tot_len;
207 #else /* MIB2_STATS */
208 LWIP_UNUSED_ARG(ppp);
209 #endif /* MIB2_STATS */
210
211 /* @todo: try to use pbuf_header() here! */
212 pb = pbuf_alloc(PBUF_TRANSPORT, PPPOL2TP_OUTPUT_DATA_HEADER_LEN + sizeof(protocol), PBUF_RAM);
213 if(!pb) {
214 LINK_STATS_INC(link.memerr);
215 LINK_STATS_INC(link.proterr);
216 MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards);
217 return ERR_MEM;
218 }
219
220 pbuf_header(pb, -(s16_t)PPPOL2TP_OUTPUT_DATA_HEADER_LEN);
221
222 pl = (u8_t*)pb->payload;
223 PUTSHORT(protocol, pl);
224
225 pbuf_chain(pb, p);
226 #if MIB2_STATS
227 tot_len = pb->tot_len;
228 #endif /* MIB2_STATS */
229
230 if( (err = pppol2tp_xmit(l2tp, pb)) != ERR_OK) {
231 LINK_STATS_INC(link.err);
232 MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards);
233 return err;
234 }
235
236 MIB2_STATS_NETIF_ADD(ppp->netif, ifoutoctets, tot_len);
237 MIB2_STATS_NETIF_INC(ppp->netif, ifoutucastpkts);
238 LINK_STATS_INC(link.xmit);
239 return ERR_OK;
240 }
241
242 /* Destroy a L2TP control block */
pppol2tp_destroy(ppp_pcb * ppp,void * ctx)243 static err_t pppol2tp_destroy(ppp_pcb *ppp, void *ctx) {
244 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
245 LWIP_UNUSED_ARG(ppp);
246
247 sys_untimeout(pppol2tp_timeout, l2tp);
248 udp_remove(l2tp->udp);
249 LWIP_MEMPOOL_FREE(PPPOL2TP_PCB, l2tp);
250 return ERR_OK;
251 }
252
253 /* Be a LAC, connect to a LNS. */
pppol2tp_connect(ppp_pcb * ppp,void * ctx)254 static err_t pppol2tp_connect(ppp_pcb *ppp, void *ctx) {
255 err_t err;
256 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
257 lcp_options *lcp_wo;
258 lcp_options *lcp_ao;
259 #if PPP_IPV4_SUPPORT && VJ_SUPPORT
260 ipcp_options *ipcp_wo;
261 ipcp_options *ipcp_ao;
262 #endif /* PPP_IPV4_SUPPORT && VJ_SUPPORT */
263
264 l2tp->tunnel_port = l2tp->remote_port;
265 l2tp->our_ns = 0;
266 l2tp->peer_nr = 0;
267 l2tp->peer_ns = 0;
268 l2tp->source_tunnel_id = 0;
269 l2tp->remote_tunnel_id = 0;
270 l2tp->source_session_id = 0;
271 l2tp->remote_session_id = 0;
272 /* l2tp->*_retried are cleared when used */
273
274 lcp_wo = &ppp->lcp_wantoptions;
275 lcp_wo->mru = PPPOL2TP_DEFMRU;
276 lcp_wo->neg_asyncmap = 0;
277 lcp_wo->neg_pcompression = 0;
278 lcp_wo->neg_accompression = 0;
279 lcp_wo->passive = 0;
280 lcp_wo->silent = 0;
281
282 lcp_ao = &ppp->lcp_allowoptions;
283 lcp_ao->mru = PPPOL2TP_DEFMRU;
284 lcp_ao->neg_asyncmap = 0;
285 lcp_ao->neg_pcompression = 0;
286 lcp_ao->neg_accompression = 0;
287
288 #if PPP_IPV4_SUPPORT && VJ_SUPPORT
289 ipcp_wo = &ppp->ipcp_wantoptions;
290 ipcp_wo->neg_vj = 0;
291 ipcp_wo->old_vj = 0;
292
293 ipcp_ao = &ppp->ipcp_allowoptions;
294 ipcp_ao->neg_vj = 0;
295 ipcp_ao->old_vj = 0;
296 #endif /* PPP_IPV4_SUPPORT && VJ_SUPPORT */
297
298 /* Listen to a random source port, we need to do that instead of using udp_connect()
299 * because the L2TP LNS might answer with its own random source port (!= 1701)
300 */
301 #if LWIP_IPV6
302 if (IP_IS_V6_VAL(l2tp->udp->local_ip)) {
303 udp_bind(l2tp->udp, IP6_ADDR_ANY, 0);
304 } else
305 #endif /* LWIP_IPV6 */
306 udp_bind(l2tp->udp, IP4_ADDR_ANY, 0);
307
308 #if PPPOL2TP_AUTH_SUPPORT
309 /* Generate random vector */
310 if (l2tp->secret != NULL) {
311 magic_random_bytes(l2tp->secret_rv, sizeof(l2tp->secret_rv));
312 }
313 #endif /* PPPOL2TP_AUTH_SUPPORT */
314
315 do {
316 l2tp->remote_tunnel_id = magic();
317 } while(l2tp->remote_tunnel_id == 0);
318 /* save state, in case we fail to send SCCRQ */
319 l2tp->sccrq_retried = 0;
320 l2tp->phase = PPPOL2TP_STATE_SCCRQ_SENT;
321 if ((err = pppol2tp_send_sccrq(l2tp)) != 0) {
322 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCRQ, error=%d\n", err));
323 }
324 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
325 return err;
326 }
327
328 /* Disconnect */
pppol2tp_disconnect(ppp_pcb * ppp,void * ctx)329 static void pppol2tp_disconnect(ppp_pcb *ppp, void *ctx) {
330 pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
331
332 l2tp->our_ns++;
333 pppol2tp_send_stopccn(l2tp, l2tp->our_ns);
334
335 /* stop any timer, disconnect can be called while initiating is in progress */
336 sys_untimeout(pppol2tp_timeout, l2tp);
337 l2tp->phase = PPPOL2TP_STATE_INITIAL;
338 ppp_link_end(ppp); /* notify upper layers */
339 }
340
341 /* UDP Callback for incoming IPv4 L2TP frames */
pppol2tp_input(void * arg,struct udp_pcb * pcb,struct pbuf * p,const ip_addr_t * addr,u16_t port)342 static void pppol2tp_input(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) {
343 pppol2tp_pcb *l2tp = (pppol2tp_pcb*)arg;
344 u16_t hflags, hlen, len=0, tunnel_id=0, session_id=0, ns=0, nr=0, offset=0;
345 u8_t *inp;
346 LWIP_UNUSED_ARG(pcb);
347
348 /* we can't unbound a UDP pcb, thus we can still receive UDP frames after the link is closed */
349 if (l2tp->phase < PPPOL2TP_STATE_SCCRQ_SENT) {
350 goto free_and_return;
351 }
352
353 if (!ip_addr_cmp(&l2tp->remote_ip, addr)) {
354 goto free_and_return;
355 }
356
357 /* discard packet if port mismatch, but only if we received a SCCRP */
358 if (l2tp->phase > PPPOL2TP_STATE_SCCRQ_SENT && l2tp->tunnel_port != port) {
359 goto free_and_return;
360 }
361
362 /* printf("-----------\nL2TP INPUT, %d\n", p->len); */
363
364 /* L2TP header */
365 if (p->len < sizeof(hflags) + sizeof(tunnel_id) + sizeof(session_id) ) {
366 goto packet_too_short;
367 }
368
369 inp = (u8_t*)p->payload;
370 GETSHORT(hflags, inp);
371
372 if (hflags & PPPOL2TP_HEADERFLAG_CONTROL) {
373 /* check mandatory flags for a control packet */
374 if ( (hflags & PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY) != PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY ) {
375 PPPDEBUG(LOG_DEBUG, ("pppol2tp: mandatory header flags for control packet not set\n"));
376 goto free_and_return;
377 }
378 /* check forbidden flags for a control packet */
379 if (hflags & PPPOL2TP_HEADERFLAG_CONTROL_FORBIDDEN) {
380 PPPDEBUG(LOG_DEBUG, ("pppol2tp: forbidden header flags for control packet found\n"));
381 goto free_and_return;
382 }
383 } else {
384 /* check mandatory flags for a data packet */
385 if ( (hflags & PPPOL2TP_HEADERFLAG_DATA_MANDATORY) != PPPOL2TP_HEADERFLAG_DATA_MANDATORY) {
386 PPPDEBUG(LOG_DEBUG, ("pppol2tp: mandatory header flags for data packet not set\n"));
387 goto free_and_return;
388 }
389 }
390
391 /* Expected header size */
392 hlen = sizeof(hflags) + sizeof(tunnel_id) + sizeof(session_id);
393 if (hflags & PPPOL2TP_HEADERFLAG_LENGTH) {
394 hlen += sizeof(len);
395 }
396 if (hflags & PPPOL2TP_HEADERFLAG_SEQUENCE) {
397 hlen += sizeof(ns) + sizeof(nr);
398 }
399 if (hflags & PPPOL2TP_HEADERFLAG_OFFSET) {
400 hlen += sizeof(offset);
401 }
402 if (p->len < hlen) {
403 goto packet_too_short;
404 }
405
406 if (hflags & PPPOL2TP_HEADERFLAG_LENGTH) {
407 GETSHORT(len, inp);
408 if (p->len < len || len < hlen) {
409 goto packet_too_short;
410 }
411 }
412 GETSHORT(tunnel_id, inp);
413 GETSHORT(session_id, inp);
414 if (hflags & PPPOL2TP_HEADERFLAG_SEQUENCE) {
415 GETSHORT(ns, inp);
416 GETSHORT(nr, inp);
417 }
418 if (hflags & PPPOL2TP_HEADERFLAG_OFFSET) {
419 GETSHORT(offset, inp)
420 if (offset > 4096) { /* don't be fooled with large offset which might overflow hlen */
421 PPPDEBUG(LOG_DEBUG, ("pppol2tp: strange packet received, offset=%d\n", offset));
422 goto free_and_return;
423 }
424 hlen += offset;
425 if (p->len < hlen) {
426 goto packet_too_short;
427 }
428 INCPTR(offset, inp);
429 }
430
431 /* printf("HLEN = %d\n", hlen); */
432
433 /* skip L2TP header */
434 if (pbuf_header(p, -(s16_t)hlen) != 0) {
435 goto free_and_return;
436 }
437
438 /* printf("LEN=%d, TUNNEL_ID=%d, SESSION_ID=%d, NS=%d, NR=%d, OFFSET=%d\n", len, tunnel_id, session_id, ns, nr, offset); */
439 PPPDEBUG(LOG_DEBUG, ("pppol2tp: input packet, len=%"U16_F", tunnel=%"U16_F", session=%"U16_F", ns=%"U16_F", nr=%"U16_F"\n",
440 len, tunnel_id, session_id, ns, nr));
441
442 /* Control packet */
443 if (hflags & PPPOL2TP_HEADERFLAG_CONTROL) {
444 pppol2tp_dispatch_control_packet(l2tp, port, p, ns, nr);
445 goto free_and_return;
446 }
447
448 /* Data packet */
449 if(l2tp->phase != PPPOL2TP_STATE_DATA) {
450 goto free_and_return;
451 }
452 if(tunnel_id != l2tp->remote_tunnel_id) {
453 PPPDEBUG(LOG_DEBUG, ("pppol2tp: tunnel ID mismatch, assigned=%d, received=%d\n", l2tp->remote_tunnel_id, tunnel_id));
454 goto free_and_return;
455 }
456 if(session_id != l2tp->remote_session_id) {
457 PPPDEBUG(LOG_DEBUG, ("pppol2tp: session ID mismatch, assigned=%d, received=%d\n", l2tp->remote_session_id, session_id));
458 goto free_and_return;
459 }
460 /*
461 * skip address & flags if necessary
462 *
463 * RFC 2661 does not specify whether the PPP frame in the L2TP payload should
464 * have a HDLC header or not. We handle both cases for compatibility.
465 */
466 if (p->len >= 2) {
467 GETSHORT(hflags, inp);
468 if (hflags == 0xff03) {
469 pbuf_header(p, -(s16_t)2);
470 }
471 }
472 /* Dispatch the packet thereby consuming it. */
473 ppp_input(l2tp->ppp, p);
474 return;
475
476 packet_too_short:
477 PPPDEBUG(LOG_DEBUG, ("pppol2tp: packet too short: %d\n", p->len));
478 free_and_return:
479 pbuf_free(p);
480 }
481
482 /* L2TP Control packet entry point */
pppol2tp_dispatch_control_packet(pppol2tp_pcb * l2tp,u16_t port,struct pbuf * p,u16_t ns,u16_t nr)483 static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, struct pbuf *p, u16_t ns, u16_t nr) {
484 u8_t *inp;
485 u16_t avplen, avpflags, vendorid, attributetype, messagetype=0;
486 err_t err;
487 #if PPPOL2TP_AUTH_SUPPORT
488 lwip_md5_context md5_ctx;
489 u8_t md5_hash[16];
490 u8_t challenge_id = 0;
491 #endif /* PPPOL2TP_AUTH_SUPPORT */
492
493 l2tp->peer_nr = nr;
494 l2tp->peer_ns = ns;
495 /* printf("L2TP CTRL INPUT, ns=%d, nr=%d, len=%d\n", ns, nr, p->len); */
496
497 /* Handle the special case of the ICCN acknowledge */
498 if (l2tp->phase == PPPOL2TP_STATE_ICCN_SENT && l2tp->peer_nr > l2tp->our_ns) {
499 l2tp->phase = PPPOL2TP_STATE_DATA;
500 }
501
502 /* ZLB packets */
503 if (p->tot_len == 0) {
504 return;
505 }
506
507 p = ppp_singlebuf(p);
508 inp = (u8_t*)p->payload;
509 /* Decode AVPs */
510 while (p->len > 0) {
511 if (p->len < sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype) ) {
512 goto packet_too_short;
513 }
514 GETSHORT(avpflags, inp);
515 avplen = avpflags & PPPOL2TP_AVPHEADERFLAG_LENGTHMASK;
516 /* printf("AVPLEN = %d\n", avplen); */
517 if (p->len < avplen || avplen < sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype)) {
518 goto packet_too_short;
519 }
520 GETSHORT(vendorid, inp);
521 GETSHORT(attributetype, inp);
522 avplen -= sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype);
523
524 /* Message type must be the first AVP */
525 if (messagetype == 0) {
526 if (attributetype != 0 || vendorid != 0 || avplen != sizeof(messagetype) ) {
527 PPPDEBUG(LOG_DEBUG, ("pppol2tp: message type must be the first AVP\n"));
528 return;
529 }
530 GETSHORT(messagetype, inp);
531 /* printf("Message type = %d\n", messagetype); */
532 switch(messagetype) {
533 /* Start Control Connection Reply */
534 case PPPOL2TP_MESSAGETYPE_SCCRP:
535 /* Only accept SCCRP packet if we sent a SCCRQ */
536 if (l2tp->phase != PPPOL2TP_STATE_SCCRQ_SENT) {
537 goto send_zlb;
538 }
539 break;
540 /* Incoming Call Reply */
541 case PPPOL2TP_MESSAGETYPE_ICRP:
542 /* Only accept ICRP packet if we sent a IRCQ */
543 if (l2tp->phase != PPPOL2TP_STATE_ICRQ_SENT) {
544 goto send_zlb;
545 }
546 break;
547 /* Stop Control Connection Notification */
548 case PPPOL2TP_MESSAGETYPE_STOPCCN:
549 pppol2tp_send_zlb(l2tp, l2tp->our_ns); /* Ack the StopCCN before we switch to down state */
550 if (l2tp->phase < PPPOL2TP_STATE_DATA) {
551 pppol2tp_abort_connect(l2tp);
552 } else if (l2tp->phase == PPPOL2TP_STATE_DATA) {
553 /* Don't disconnect here, we let the LCP Echo/Reply find the fact
554 * that PPP session is down. Asking the PPP stack to end the session
555 * require strict checking about the PPP phase to prevent endless
556 * disconnection loops.
557 */
558 }
559 return;
560 default:
561 break;
562 }
563 goto nextavp;
564 }
565
566 /* Skip proprietary L2TP extensions */
567 if (vendorid != 0) {
568 goto skipavp;
569 }
570
571 switch (messagetype) {
572 /* Start Control Connection Reply */
573 case PPPOL2TP_MESSAGETYPE_SCCRP:
574 switch (attributetype) {
575 case PPPOL2TP_AVPTYPE_TUNNELID:
576 if (avplen != sizeof(l2tp->source_tunnel_id) ) {
577 PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Assign tunnel ID length check failed\n"));
578 return;
579 }
580 GETSHORT(l2tp->source_tunnel_id, inp);
581 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Assigned tunnel ID %"U16_F"\n", l2tp->source_tunnel_id));
582 goto nextavp;
583 #if PPPOL2TP_AUTH_SUPPORT
584 case PPPOL2TP_AVPTYPE_CHALLENGE:
585 if (avplen == 0) {
586 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Challenge length check failed\n"));
587 return;
588 }
589 if (l2tp->secret == NULL) {
590 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Received challenge from peer and no secret key available\n"));
591 pppol2tp_abort_connect(l2tp);
592 return;
593 }
594 /* Generate hash of ID, secret, challenge */
595 lwip_md5_init(&md5_ctx);
596 lwip_md5_starts(&md5_ctx);
597 challenge_id = PPPOL2TP_MESSAGETYPE_SCCCN;
598 lwip_md5_update(&md5_ctx, &challenge_id, 1);
599 lwip_md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len);
600 lwip_md5_update(&md5_ctx, inp, avplen);
601 lwip_md5_finish(&md5_ctx, l2tp->challenge_hash);
602 lwip_md5_free(&md5_ctx);
603 l2tp->send_challenge = 1;
604 goto skipavp;
605 case PPPOL2TP_AVPTYPE_CHALLENGERESPONSE:
606 if (avplen != PPPOL2TP_AVPTYPE_CHALLENGERESPONSE_SIZE) {
607 PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Challenge Response length check failed\n"));
608 return;
609 }
610 /* Generate hash of ID, secret, challenge */
611 lwip_md5_init(&md5_ctx);
612 lwip_md5_starts(&md5_ctx);
613 challenge_id = PPPOL2TP_MESSAGETYPE_SCCRP;
614 lwip_md5_update(&md5_ctx, &challenge_id, 1);
615 lwip_md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len);
616 lwip_md5_update(&md5_ctx, l2tp->secret_rv, sizeof(l2tp->secret_rv));
617 lwip_md5_finish(&md5_ctx, md5_hash);
618 lwip_md5_free(&md5_ctx);
619 if ( memcmp(inp, md5_hash, sizeof(md5_hash)) ) {
620 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Received challenge response from peer and secret key do not match\n"));
621 pppol2tp_abort_connect(l2tp);
622 return;
623 }
624 goto skipavp;
625 #endif /* PPPOL2TP_AUTH_SUPPORT */
626 default:
627 break;
628 }
629 break;
630 /* Incoming Call Reply */
631 case PPPOL2TP_MESSAGETYPE_ICRP:
632 switch (attributetype) {
633 case PPPOL2TP_AVPTYPE_SESSIONID:
634 if (avplen != sizeof(l2tp->source_session_id) ) {
635 PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Assign session ID length check failed\n"));
636 return;
637 }
638 GETSHORT(l2tp->source_session_id, inp);
639 PPPDEBUG(LOG_DEBUG, ("pppol2tp: Assigned session ID %"U16_F"\n", l2tp->source_session_id));
640 goto nextavp;
641 default:
642 break;
643 }
644 break;
645 default:
646 break;
647 }
648
649 skipavp:
650 INCPTR(avplen, inp);
651 nextavp:
652 /* printf("AVP Found, vendor=%d, attribute=%d, len=%d\n", vendorid, attributetype, avplen); */
653 /* next AVP */
654 if (pbuf_header(p, -(s16_t)(avplen + sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype)) ) != 0) {
655 return;
656 }
657 }
658
659 switch(messagetype) {
660 /* Start Control Connection Reply */
661 case PPPOL2TP_MESSAGETYPE_SCCRP:
662 do {
663 l2tp->remote_session_id = magic();
664 } while(l2tp->remote_session_id == 0);
665 l2tp->tunnel_port = port; /* LNS server might have chosen its own local port */
666 l2tp->icrq_retried = 0;
667 l2tp->phase = PPPOL2TP_STATE_ICRQ_SENT;
668 l2tp->our_ns++;
669 if ((err = pppol2tp_send_scccn(l2tp, l2tp->our_ns)) != 0) {
670 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCCN, error=%d\n", err));
671 }
672 l2tp->our_ns++;
673 if ((err = pppol2tp_send_icrq(l2tp, l2tp->our_ns)) != 0) {
674 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICRQ, error=%d\n", err));
675 }
676 sys_untimeout(pppol2tp_timeout, l2tp);
677 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
678 break;
679 /* Incoming Call Reply */
680 case PPPOL2TP_MESSAGETYPE_ICRP:
681 l2tp->iccn_retried = 0;
682 l2tp->phase = PPPOL2TP_STATE_ICCN_SENT;
683 l2tp->our_ns++;
684 ppp_start(l2tp->ppp); /* notify upper layers */
685 if ((err = pppol2tp_send_iccn(l2tp, l2tp->our_ns)) != 0) {
686 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICCN, error=%d\n", err));
687 }
688 sys_untimeout(pppol2tp_timeout, l2tp);
689 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
690 break;
691 /* Unhandled packet, send ZLB ACK */
692 default:
693 goto send_zlb;
694 }
695 return;
696
697 send_zlb:
698 pppol2tp_send_zlb(l2tp, l2tp->our_ns);
699 return;
700 packet_too_short:
701 PPPDEBUG(LOG_DEBUG, ("pppol2tp: packet too short: %d\n", p->len));
702 }
703
704 /* L2TP Timeout handler */
pppol2tp_timeout(void * arg)705 static void pppol2tp_timeout(void *arg) {
706 pppol2tp_pcb *l2tp = (pppol2tp_pcb*)arg;
707 err_t err;
708 u32_t retry_wait;
709
710 PPPDEBUG(LOG_DEBUG, ("pppol2tp: timeout\n"));
711
712 switch (l2tp->phase) {
713 case PPPOL2TP_STATE_SCCRQ_SENT:
714 /* backoff wait */
715 if (l2tp->sccrq_retried < 0xff) {
716 l2tp->sccrq_retried++;
717 }
718 if (!l2tp->ppp->settings.persist && l2tp->sccrq_retried >= PPPOL2TP_MAXSCCRQ) {
719 pppol2tp_abort_connect(l2tp);
720 return;
721 }
722 retry_wait = LWIP_MIN(PPPOL2TP_CONTROL_TIMEOUT * l2tp->sccrq_retried, PPPOL2TP_SLOW_RETRY);
723 PPPDEBUG(LOG_DEBUG, ("pppol2tp: sccrq_retried=%d\n", l2tp->sccrq_retried));
724 if ((err = pppol2tp_send_sccrq(l2tp)) != 0) {
725 l2tp->sccrq_retried--;
726 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCRQ, error=%d\n", err));
727 }
728 sys_timeout(retry_wait, pppol2tp_timeout, l2tp);
729 break;
730
731 case PPPOL2TP_STATE_ICRQ_SENT:
732 l2tp->icrq_retried++;
733 if (l2tp->icrq_retried >= PPPOL2TP_MAXICRQ) {
734 pppol2tp_abort_connect(l2tp);
735 return;
736 }
737 PPPDEBUG(LOG_DEBUG, ("pppol2tp: icrq_retried=%d\n", l2tp->icrq_retried));
738 if (l2tp->peer_nr <= l2tp->our_ns -1) { /* the SCCCN was not acknowledged */
739 if ((err = pppol2tp_send_scccn(l2tp, l2tp->our_ns -1)) != 0) {
740 l2tp->icrq_retried--;
741 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCCN, error=%d\n", err));
742 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
743 break;
744 }
745 }
746 if ((err = pppol2tp_send_icrq(l2tp, l2tp->our_ns)) != 0) {
747 l2tp->icrq_retried--;
748 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICRQ, error=%d\n", err));
749 }
750 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
751 break;
752
753 case PPPOL2TP_STATE_ICCN_SENT:
754 l2tp->iccn_retried++;
755 if (l2tp->iccn_retried >= PPPOL2TP_MAXICCN) {
756 pppol2tp_abort_connect(l2tp);
757 return;
758 }
759 PPPDEBUG(LOG_DEBUG, ("pppol2tp: iccn_retried=%d\n", l2tp->iccn_retried));
760 if ((err = pppol2tp_send_iccn(l2tp, l2tp->our_ns)) != 0) {
761 l2tp->iccn_retried--;
762 PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICCN, error=%d\n", err));
763 }
764 sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
765 break;
766
767 default:
768 return; /* all done, work in peace */
769 }
770 }
771
772 /* Connection attempt aborted */
pppol2tp_abort_connect(pppol2tp_pcb * l2tp)773 static void pppol2tp_abort_connect(pppol2tp_pcb *l2tp) {
774 PPPDEBUG(LOG_DEBUG, ("pppol2tp: could not establish connection\n"));
775 l2tp->phase = PPPOL2TP_STATE_INITIAL;
776 ppp_link_failed(l2tp->ppp); /* notify upper layers */
777 }
778
779 /* Initiate a new tunnel */
pppol2tp_send_sccrq(pppol2tp_pcb * l2tp)780 static err_t pppol2tp_send_sccrq(pppol2tp_pcb *l2tp) {
781 struct pbuf *pb;
782 u8_t *p;
783 u16_t len;
784
785 /* calculate UDP packet length */
786 len = 12 +8 +8 +10 +10 +6+sizeof(PPPOL2TP_HOSTNAME)-1 +6+sizeof(PPPOL2TP_VENDORNAME)-1 +8 +8;
787 #if PPPOL2TP_AUTH_SUPPORT
788 if (l2tp->secret != NULL) {
789 len += 6 + sizeof(l2tp->secret_rv);
790 }
791 #endif /* PPPOL2TP_AUTH_SUPPORT */
792
793 /* allocate a buffer */
794 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
795 if (pb == NULL) {
796 return ERR_MEM;
797 }
798 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
799
800 p = (u8_t*)pb->payload;
801 /* fill in pkt */
802 /* L2TP control header */
803 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
804 PUTSHORT(len, p); /* Length */
805 PUTSHORT(0, p); /* Tunnel Id */
806 PUTSHORT(0, p); /* Session Id */
807 PUTSHORT(0, p); /* NS Sequence number - to peer */
808 PUTSHORT(0, p); /* NR Sequence number - expected for peer */
809
810 /* AVP - Message type */
811 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
812 PUTSHORT(0, p); /* Vendor ID */
813 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
814 PUTSHORT(PPPOL2TP_MESSAGETYPE_SCCRQ, p); /* Attribute value: Message type: SCCRQ */
815
816 /* AVP - L2TP Version */
817 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
818 PUTSHORT(0, p); /* Vendor ID */
819 PUTSHORT(PPPOL2TP_AVPTYPE_VERSION, p); /* Attribute type: Version */
820 PUTSHORT(PPPOL2TP_VERSION, p); /* Attribute value: L2TP Version */
821
822 /* AVP - Framing capabilities */
823 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
824 PUTSHORT(0, p); /* Vendor ID */
825 PUTSHORT(PPPOL2TP_AVPTYPE_FRAMINGCAPABILITIES, p); /* Attribute type: Framing capabilities */
826 PUTLONG(PPPOL2TP_FRAMINGCAPABILITIES, p); /* Attribute value: Framing capabilities */
827
828 /* AVP - Bearer capabilities */
829 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
830 PUTSHORT(0, p); /* Vendor ID */
831 PUTSHORT(PPPOL2TP_AVPTYPE_BEARERCAPABILITIES, p); /* Attribute type: Bearer capabilities */
832 PUTLONG(PPPOL2TP_BEARERCAPABILITIES, p); /* Attribute value: Bearer capabilities */
833
834 /* AVP - Host name */
835 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6+sizeof(PPPOL2TP_HOSTNAME)-1, p); /* Mandatory flag + len field */
836 PUTSHORT(0, p); /* Vendor ID */
837 PUTSHORT(PPPOL2TP_AVPTYPE_HOSTNAME, p); /* Attribute type: Hostname */
838 MEMCPY(p, PPPOL2TP_HOSTNAME, sizeof(PPPOL2TP_HOSTNAME)-1); /* Attribute value: Hostname */
839 INCPTR(sizeof(PPPOL2TP_HOSTNAME)-1, p);
840
841 /* AVP - Vendor name */
842 PUTSHORT(6+sizeof(PPPOL2TP_VENDORNAME)-1, p); /* len field */
843 PUTSHORT(0, p); /* Vendor ID */
844 PUTSHORT(PPPOL2TP_AVPTYPE_VENDORNAME, p); /* Attribute type: Vendor name */
845 MEMCPY(p, PPPOL2TP_VENDORNAME, sizeof(PPPOL2TP_VENDORNAME)-1); /* Attribute value: Vendor name */
846 INCPTR(sizeof(PPPOL2TP_VENDORNAME)-1, p);
847
848 /* AVP - Assign tunnel ID */
849 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
850 PUTSHORT(0, p); /* Vendor ID */
851 PUTSHORT(PPPOL2TP_AVPTYPE_TUNNELID, p); /* Attribute type: Tunnel ID */
852 PUTSHORT(l2tp->remote_tunnel_id, p); /* Attribute value: Tunnel ID */
853
854 /* AVP - Receive window size */
855 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
856 PUTSHORT(0, p); /* Vendor ID */
857 PUTSHORT(PPPOL2TP_AVPTYPE_RECEIVEWINDOWSIZE, p); /* Attribute type: Receive window size */
858 PUTSHORT(PPPOL2TP_RECEIVEWINDOWSIZE, p); /* Attribute value: Receive window size */
859
860 #if PPPOL2TP_AUTH_SUPPORT
861 /* AVP - Challenge */
862 if (l2tp->secret != NULL) {
863 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6 + sizeof(l2tp->secret_rv), p); /* Mandatory flag + len field */
864 PUTSHORT(0, p); /* Vendor ID */
865 PUTSHORT(PPPOL2TP_AVPTYPE_CHALLENGE, p); /* Attribute type: Challenge */
866 MEMCPY(p, l2tp->secret_rv, sizeof(l2tp->secret_rv)); /* Attribute value: Random vector */
867 INCPTR(sizeof(l2tp->secret_rv), p);
868 }
869 #endif /* PPPOL2TP_AUTH_SUPPORT */
870
871 return pppol2tp_udp_send(l2tp, pb);
872 }
873
874 /* Complete tunnel establishment */
pppol2tp_send_scccn(pppol2tp_pcb * l2tp,u16_t ns)875 static err_t pppol2tp_send_scccn(pppol2tp_pcb *l2tp, u16_t ns) {
876 struct pbuf *pb;
877 u8_t *p;
878 u16_t len;
879
880 /* calculate UDP packet length */
881 len = 12 +8;
882 #if PPPOL2TP_AUTH_SUPPORT
883 if (l2tp->send_challenge) {
884 len += 6 + sizeof(l2tp->challenge_hash);
885 }
886 #endif /* PPPOL2TP_AUTH_SUPPORT */
887
888 /* allocate a buffer */
889 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
890 if (pb == NULL) {
891 return ERR_MEM;
892 }
893 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
894
895 p = (u8_t*)pb->payload;
896 /* fill in pkt */
897 /* L2TP control header */
898 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
899 PUTSHORT(len, p); /* Length */
900 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
901 PUTSHORT(0, p); /* Session Id */
902 PUTSHORT(ns, p); /* NS Sequence number - to peer */
903 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
904
905 /* AVP - Message type */
906 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
907 PUTSHORT(0, p); /* Vendor ID */
908 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
909 PUTSHORT(PPPOL2TP_MESSAGETYPE_SCCCN, p); /* Attribute value: Message type: SCCCN */
910
911 #if PPPOL2TP_AUTH_SUPPORT
912 /* AVP - Challenge response */
913 if (l2tp->send_challenge) {
914 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6 + sizeof(l2tp->challenge_hash), p); /* Mandatory flag + len field */
915 PUTSHORT(0, p); /* Vendor ID */
916 PUTSHORT(PPPOL2TP_AVPTYPE_CHALLENGERESPONSE, p); /* Attribute type: Challenge response */
917 MEMCPY(p, l2tp->challenge_hash, sizeof(l2tp->challenge_hash)); /* Attribute value: Computed challenge */
918 INCPTR(sizeof(l2tp->challenge_hash), p);
919 }
920 #endif /* PPPOL2TP_AUTH_SUPPORT */
921
922 return pppol2tp_udp_send(l2tp, pb);
923 }
924
925 /* Initiate a new session */
pppol2tp_send_icrq(pppol2tp_pcb * l2tp,u16_t ns)926 static err_t pppol2tp_send_icrq(pppol2tp_pcb *l2tp, u16_t ns) {
927 struct pbuf *pb;
928 u8_t *p;
929 u16_t len;
930 u32_t serialnumber;
931
932 /* calculate UDP packet length */
933 len = 12 +8 +8 +10;
934
935 /* allocate a buffer */
936 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
937 if (pb == NULL) {
938 return ERR_MEM;
939 }
940 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
941
942 p = (u8_t*)pb->payload;
943 /* fill in pkt */
944 /* L2TP control header */
945 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
946 PUTSHORT(len, p); /* Length */
947 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
948 PUTSHORT(0, p); /* Session Id */
949 PUTSHORT(ns, p); /* NS Sequence number - to peer */
950 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
951
952 /* AVP - Message type */
953 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
954 PUTSHORT(0, p); /* Vendor ID */
955 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
956 PUTSHORT(PPPOL2TP_MESSAGETYPE_ICRQ, p); /* Attribute value: Message type: ICRQ */
957
958 /* AVP - Assign session ID */
959 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
960 PUTSHORT(0, p); /* Vendor ID */
961 PUTSHORT(PPPOL2TP_AVPTYPE_SESSIONID, p); /* Attribute type: Session ID */
962 PUTSHORT(l2tp->remote_session_id, p); /* Attribute value: Session ID */
963
964 /* AVP - Call Serial Number */
965 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
966 PUTSHORT(0, p); /* Vendor ID */
967 PUTSHORT(PPPOL2TP_AVPTYPE_CALLSERIALNUMBER, p); /* Attribute type: Serial number */
968 serialnumber = magic();
969 PUTLONG(serialnumber, p); /* Attribute value: Serial number */
970
971 return pppol2tp_udp_send(l2tp, pb);
972 }
973
974 /* Complete tunnel establishment */
pppol2tp_send_iccn(pppol2tp_pcb * l2tp,u16_t ns)975 static err_t pppol2tp_send_iccn(pppol2tp_pcb *l2tp, u16_t ns) {
976 struct pbuf *pb;
977 u8_t *p;
978 u16_t len;
979
980 /* calculate UDP packet length */
981 len = 12 +8 +10 +10;
982
983 /* allocate a buffer */
984 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
985 if (pb == NULL) {
986 return ERR_MEM;
987 }
988 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
989
990 p = (u8_t*)pb->payload;
991 /* fill in pkt */
992 /* L2TP control header */
993 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
994 PUTSHORT(len, p); /* Length */
995 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
996 PUTSHORT(l2tp->source_session_id, p); /* Session Id */
997 PUTSHORT(ns, p); /* NS Sequence number - to peer */
998 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
999
1000 /* AVP - Message type */
1001 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
1002 PUTSHORT(0, p); /* Vendor ID */
1003 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
1004 PUTSHORT(PPPOL2TP_MESSAGETYPE_ICCN, p); /* Attribute value: Message type: ICCN */
1005
1006 /* AVP - Framing type */
1007 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
1008 PUTSHORT(0, p); /* Vendor ID */
1009 PUTSHORT(PPPOL2TP_AVPTYPE_FRAMINGTYPE, p); /* Attribute type: Framing type */
1010 PUTLONG(PPPOL2TP_FRAMINGTYPE, p); /* Attribute value: Framing type */
1011
1012 /* AVP - TX Connect speed */
1013 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
1014 PUTSHORT(0, p); /* Vendor ID */
1015 PUTSHORT(PPPOL2TP_AVPTYPE_TXCONNECTSPEED, p); /* Attribute type: TX Connect speed */
1016 PUTLONG(PPPOL2TP_TXCONNECTSPEED, p); /* Attribute value: TX Connect speed */
1017
1018 return pppol2tp_udp_send(l2tp, pb);
1019 }
1020
1021 /* Send a ZLB ACK packet */
pppol2tp_send_zlb(pppol2tp_pcb * l2tp,u16_t ns)1022 static err_t pppol2tp_send_zlb(pppol2tp_pcb *l2tp, u16_t ns) {
1023 struct pbuf *pb;
1024 u8_t *p;
1025 u16_t len;
1026
1027 /* calculate UDP packet length */
1028 len = 12;
1029
1030 /* allocate a buffer */
1031 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
1032 if (pb == NULL) {
1033 return ERR_MEM;
1034 }
1035 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
1036
1037 p = (u8_t*)pb->payload;
1038 /* fill in pkt */
1039 /* L2TP control header */
1040 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
1041 PUTSHORT(len, p); /* Length */
1042 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
1043 PUTSHORT(0, p); /* Session Id */
1044 PUTSHORT(ns, p); /* NS Sequence number - to peer */
1045 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
1046
1047 return pppol2tp_udp_send(l2tp, pb);
1048 }
1049
1050 /* Send a StopCCN packet */
pppol2tp_send_stopccn(pppol2tp_pcb * l2tp,u16_t ns)1051 static err_t pppol2tp_send_stopccn(pppol2tp_pcb *l2tp, u16_t ns) {
1052 struct pbuf *pb;
1053 u8_t *p;
1054 u16_t len;
1055
1056 /* calculate UDP packet length */
1057 len = 12 +8 +8 +8;
1058
1059 /* allocate a buffer */
1060 pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
1061 if (pb == NULL) {
1062 return ERR_MEM;
1063 }
1064 LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
1065
1066 p = (u8_t*)pb->payload;
1067 /* fill in pkt */
1068 /* L2TP control header */
1069 PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
1070 PUTSHORT(len, p); /* Length */
1071 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
1072 PUTSHORT(0, p); /* Session Id */
1073 PUTSHORT(ns, p); /* NS Sequence number - to peer */
1074 PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
1075
1076 /* AVP - Message type */
1077 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
1078 PUTSHORT(0, p); /* Vendor ID */
1079 PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
1080 PUTSHORT(PPPOL2TP_MESSAGETYPE_STOPCCN, p); /* Attribute value: Message type: StopCCN */
1081
1082 /* AVP - Assign tunnel ID */
1083 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
1084 PUTSHORT(0, p); /* Vendor ID */
1085 PUTSHORT(PPPOL2TP_AVPTYPE_TUNNELID, p); /* Attribute type: Tunnel ID */
1086 PUTSHORT(l2tp->remote_tunnel_id, p); /* Attribute value: Tunnel ID */
1087
1088 /* AVP - Result code */
1089 PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
1090 PUTSHORT(0, p); /* Vendor ID */
1091 PUTSHORT(PPPOL2TP_AVPTYPE_RESULTCODE, p); /* Attribute type: Result code */
1092 PUTSHORT(PPPOL2TP_RESULTCODE, p); /* Attribute value: Result code */
1093
1094 return pppol2tp_udp_send(l2tp, pb);
1095 }
1096
pppol2tp_xmit(pppol2tp_pcb * l2tp,struct pbuf * pb)1097 static err_t pppol2tp_xmit(pppol2tp_pcb *l2tp, struct pbuf *pb) {
1098 u8_t *p;
1099
1100 /* make room for L2TP header - should not fail */
1101 if (pbuf_header(pb, (s16_t)PPPOL2TP_OUTPUT_DATA_HEADER_LEN) != 0) {
1102 /* bail out */
1103 PPPDEBUG(LOG_ERR, ("pppol2tp: pppol2tp_pcb: could not allocate room for L2TP header\n"));
1104 LINK_STATS_INC(link.lenerr);
1105 pbuf_free(pb);
1106 return ERR_BUF;
1107 }
1108
1109 p = (u8_t*)pb->payload;
1110 PUTSHORT(PPPOL2TP_HEADERFLAG_DATA_MANDATORY, p);
1111 PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
1112 PUTSHORT(l2tp->source_session_id, p); /* Session Id */
1113
1114 return pppol2tp_udp_send(l2tp, pb);
1115 }
1116
pppol2tp_udp_send(pppol2tp_pcb * l2tp,struct pbuf * pb)1117 static err_t pppol2tp_udp_send(pppol2tp_pcb *l2tp, struct pbuf *pb) {
1118 err_t err;
1119 if (l2tp->netif) {
1120 err = udp_sendto_if(l2tp->udp, pb, &l2tp->remote_ip, l2tp->tunnel_port, l2tp->netif);
1121 } else {
1122 err = udp_sendto(l2tp->udp, pb, &l2tp->remote_ip, l2tp->tunnel_port);
1123 }
1124 pbuf_free(pb);
1125 return err;
1126 }
1127
1128 #endif /* PPP_SUPPORT && PPPOL2TP_SUPPORT */
1129