1 | /*
2 | * Layer Two Tunnelling Protocol Daemon
3 | * Copyright (C) 1998 Adtran, Inc.
4 | *
5 | * Mark Spencer
6 | *
7 | * This software is distributed under the terms
8 | * of the GPL, which you should have received
9 | * along with this source.
10 | *
11 | * Attribute Value Pair handler routines
12 | */
13 | #include <stdlib.h>
14 | #include <string.h>
15 | #include <stdio.h>
16 | #include <errno.h>
17 | #include <netinet/in.h>
18 | #include "l2tp.h"
19 |
20 | #define AVP_MAX 39
21 |
22 | struct avp avps[] = {
23 |
24 | {0, 1, &message_type_avp, "Message Type"},
25 | {1, 1, &result_code_avp, "Result Code"},
26 | {2, 1, &protocol_version_avp, "Protocol Version"},
27 | {3, 1, &framing_caps_avp, "Framing Capabilities"},
28 | {4, 1, &bearer_caps_avp, "Bearer Capabilities"},
29 | {5, 0, NULL, "Tie Breaker"},
30 | {6, 0, &firmware_rev_avp, "Firmware Revision"},
31 | {7, 0, &hostname_avp, "Host Name"},
32 | {8, 1, &vendor_avp, "Vendor Name"},
33 | {9, 1, &assigned_tunnel_avp, "Assigned Tunnel ID"},
34 | {10, 1, &receive_window_size_avp, "Receive Window Size"},
35 | {11, 1, &challenge_avp, "Challenge"},
36 | {12, 0, NULL, "Q.931 Cause Code"},
37 | {13, 1, &chalresp_avp, "Challenge Response"},
38 | {14, 1, &assigned_call_avp, "Assigned Call ID"},
39 | {15, 1, &call_serno_avp, "Call Serial Number"},
40 | {16, 1, NULL, "Minimum BPS"},
41 | {17, 1, NULL, "Maximum BPS"},
42 | {18, 1, &bearer_type_avp, "Bearer Type"},
43 | {19, 1, &frame_type_avp, "Framing Type"},
44 | {20, 1, &packet_delay_avp, "Packet Processing Delay"},
45 | {21, 1, &dialed_number_avp, "Dialed Number"},
46 | {22, 1, &dialing_number_avp, "Dialing Number"},
47 | {23, 1, &sub_address_avp, "Sub-Address"},
48 | {24, 1, &tx_speed_avp, "Transmit Connect Speed"},
49 | {25, 1, &call_physchan_avp, "Physical channel ID"},
50 | {26, 0, NULL, "Initial Received LCP Confreq"},
51 | {27, 0, NULL, "Last Sent LCP Confreq"},
52 | {28, 0, NULL, "Last Received LCP Confreq"},
53 | {29, 1, &ignore_avp, "Proxy Authen Type"},
54 | {30, 0, &ignore_avp, "Proxy Authen Name"},
55 | {31, 0, &ignore_avp, "Proxy Authen Challenge"},
56 | {32, 0, &ignore_avp, "Proxy Authen ID"},
57 | {33, 1, &ignore_avp, "Proxy Authen Response"},
58 | {34, 1, NULL, "Call Errors"},
59 | {35, 1, &ignore_avp, "ACCM"},
60 | {36, 1, &rand_vector_avp, "Random Vector"},
61 | {37, 1, NULL, "Private Group ID"},
62 | {38, 0, &rx_speed_avp, "Receive Connect Speed"},
63 | {39, 1, &seq_reqd_avp, "Sequencing Required"}
64 | };
65 |
66 | char *msgtypes[] = {
67 | NULL,
68 | "Start-Control-Connection-Request",
69 | "Start-Control-Connection-Reply",
70 | "Start-Control-Connection-Connected",
71 | "Stop-Control-Connection-Notification",
72 | NULL,
73 | "Hello",
74 | "Outgoing-Call-Request",
75 | "Outgoing-Call-Reply",
76 | "Outgoing-Call-Connected",
77 | "Incoming-Call-Request",
78 | "Incoming-Call-Reply",
79 | "Incoming-Call-Connected",
80 | NULL,
81 | "Call-Disconnect-Notify",
82 | "WAN-Error-Notify",
83 | "Set-Link-Info"
84 | };
85 |
86 | char *stopccn_result_codes[] = {
87 | "Reserved",
88 | "General request to clear control connection",
89 | "General error--Error Code indicates the problem",
90 | "Control channel already exists",
91 | "Requester is not authorized to establish a control channel",
92 | "The protocol version of the requester is not supported--Error Code indicates the highest version supported",
93 | "Requester is being shut down",
94 | "Finite State Machine error"
95 | };
96 |
97 | char *cdn_result_codes[] = {
98 | "Reserved",
99 | "Call disconnected due to loss of carrier",
100 | "Call disconnected for the reason indicated in error code",
101 | "Call disconnected for administrative reasons",
102 | "Call failed due to lack of appropriate facilities being available (temporary condition)",
103 | "Call failed due to lack of appropriate facilities being available (permanent condition)",
104 | "Invalid destination",
105 | "Call failed due to no carrier detected",
106 | "Call failed due to lack of a dial tone",
107 | "Call was no established within time allotted by LAC",
108 | "Call was connected but no appropriate framing was detect"
109 | };
110 |
111 | void wrong_length (struct call *c, char *field, int expected, int found,
112 | int min)
113 | {
114 | if (min)
115 | snprintf (c->errormsg, sizeof (c->errormsg),
116 | "%s: expected at least %d, got %d", field, expected, found);
117 | else
118 | snprintf (c->errormsg, sizeof (c->errormsg),
119 | "%s: expected %d, got %d", field, expected, found);
120 |
121 | c->error = ERROR_LENGTH;
122 | c->result = RESULT_ERROR;
123 | c->needclose = -1;
124 | }
125 |
126 | /*
127 | * t, c, data, and datalen may be assumed to be defined for all avp's
128 | */
129 |
130 | int message_type_avp (struct tunnel *t, struct call *c, void *data,
131 | int datalen)
132 | {
133 | /*
134 | * This will be with every control message. It is critical that this
135 | * procedure check for the validity of sending this kind of a message
136 | * (assuming sanity check)
137 | */
138 |
139 | _u16 *raw = data;
140 | c->msgtype = ntohs (raw[3]);
141 | if (datalen != 8)
142 | {
143 | if (DEBUG)
144 | log (LOG_DEBUG, "%s: wrong size (%d != 8)\n", __FUNCTION__,
145 | datalen);
146 | wrong_length (c, "Message Type", 8, datalen, 0);
147 | return -EINVAL;
148 | }
149 | if ((c->msgtype > MAX_MSG) || (!msgtypes[c->msgtype]))
150 | {
151 | if (DEBUG)
152 | log (LOG_DEBUG, "%s: unknown message type %d\n", __FUNCTION__,
153 | c->msgtype);
154 | return -EINVAL;
155 | }
156 | if (debug_avp)
157 | if (DEBUG)
158 | log (LOG_DEBUG, "%s: message type %d (%s)\n", __FUNCTION__,
159 | c->msgtype, msgtypes[c->msgtype]);
160 | #ifdef SANITY
161 | if (t->sanity)
162 | {
163 | /*
164 | * Look ou our state for each message and make sure everything
165 | * make sense...
166 | */
167 | if ((c != t->self) && (c->msgtype < Hello))
168 | {
169 | if (DEBUG)
170 | log (LOG_DEBUG,
171 | "%s: attempting to negotiate tunnel inside a call!\n",
172 | __FUNCTION__);
173 | return -EINVAL;
174 | }
175 |
176 | switch (c->msgtype)
177 | {
178 | case SCCRQ:
179 | if ((t->state != 0) && (t->state != SCCRQ))
180 | {
181 | /*
182 | * When we handle tie breaker AVP's, then we'll check
183 | * to see if we've both requested tunnels
184 | */
185 |
186 | if (DEBUG)
187 | log (LOG_DEBUG,
188 | "%s: attempting to negotiate SCCRQ with state != 0\n",
189 | __FUNCTION__);
190 | return -EINVAL;
191 | }
192 | break;
193 | case SCCRP:
194 | if (t->state != SCCRQ)
195 | {
196 | if (DEBUG)
197 | log (LOG_DEBUG,
198 | "%s: attempting to negotiate SCCRP with state != SCCRQ!\n",
199 | __FUNCTION__);
200 | return -EINVAL;
201 | }
202 | break;
203 | case SCCCN:
204 | if (t->state != SCCRP)
205 | {
206 | if (DEBUG)
207 | log (LOG_DEBUG,
208 | "%s: attempting to negotiate SCCCN with state != SCCRP!\n",
209 | __FUNCTION__);
210 | return -EINVAL;
211 | }
212 | break;
213 | case ICRQ:
214 | if (t->state != SCCCN)
215 | {
216 | if (DEBUG)
217 | log (LOG_DEBUG,
218 | "%s: attempting to negotiate ICRQ when state != SCCCN\n",
219 | __FUNCTION__);
220 | return -EINVAL;
221 | }
222 | if (c != t->self)
223 | {
224 | if (DEBUG)
225 | log (LOG_DEBUG,
226 | "%s: attempting to negotiate ICRQ on a call!\n",
227 | __FUNCTION__);
228 | return -EINVAL;
229 | }
230 | break;
231 | case ICRP:
232 | if (t->state != SCCCN)
233 | {
234 | if (DEBUG)
235 | log (LOG_DEBUG,
236 | "%s: attempting to negotiate ICRP on tunnel!=SCCCN\n",
237 | __FUNCTION__);
238 | return -EINVAL;
239 | }
240 | if (c->state != ICRQ)
241 | {
242 | if (DEBUG)
243 | log (LOG_DEBUG,
244 | "%s: attempting to negotiate ICRP when state != ICRQ\n",
245 | __FUNCTION__);
246 | return -EINVAL;
247 | }
248 | break;
249 | case ICCN:
250 | if (c->state != ICRP)
251 | {
252 | if (DEBUG)
253 | log (LOG_DEBUG,
254 | "%s: attempting to negotiate ICCN when state != ICRP\n",
255 | __FUNCTION__);
256 | return -EINVAL;
257 | }
258 | break;
259 | case SLI:
260 | if (c->state != ICCN)
261 | {
262 | if (DEBUG)
263 | log (LOG_DEBUG,
264 | "%s: attempting to negotiate SLI when state != ICCN\n",
265 | __FUNCTION__);
266 | return -EINVAL;
267 | }
268 | break;
269 | case OCRP: /* jz: case for ORCP */
270 | if (t->state != SCCCN)
271 | {
272 | if (DEBUG)
273 | log (LOG_DEBUG,
274 | "%s: attempting to negotiate OCRP on tunnel!=SCCCN\n",
275 | __FUNCTION__);
276 | return -EINVAL;
277 | }
278 | if (c->state != OCRQ)
279 | {
280 | if (DEBUG)
281 | log (LOG_DEBUG,
282 | "%s: attempting to negotiate OCRP when state != OCRQ\n",
283 | __FUNCTION__);
284 | return -EINVAL;
285 | }
286 | break;
287 | case OCCN: /* jz: case for OCCN */
288 |
289 | if (c->state != OCRQ)
290 | {
291 | if (DEBUG)
292 | log (LOG_DEBUG,
293 | "%s: attempting to negotiate OCCN when state != OCRQ\n",
294 | __FUNCTION__);
295 | return -EINVAL;
296 | }
297 | break;
298 | case StopCCN:
299 | case CDN:
300 | case Hello:
301 | break;
302 | default:
303 | log (LOG_WARN, "%s: i don't know how to handle %s messages\n",
304 | __FUNCTION__, msgtypes[c->msgtype]);
305 | return -EINVAL;
306 | }
307 | }
308 | #endif
309 | if (c->msgtype == ICRQ)
310 | {
311 | struct call *tmp;
312 | if (debug_avp)
313 | {
314 | if (DEBUG)
315 | log (LOG_DEBUG, "%s: new incoming call\n", __FUNCTION__);
316 | }
317 | tmp = new_call (t);
318 | if (!tmp)
319 | {
320 | log (LOG_WARN, "%s: unable to create new call\n", __FUNCTION__);
321 | return -EINVAL;
322 | }
323 | tmp->next = t->call_head;
324 | t->call_head = tmp;
325 | t->count++;
326 | /*
327 | * Is this still safe to assume that the head will always
328 | * be the most recent call being negotiated?
329 | * Probably... FIXME anyway...
330 | */
331 |
332 | }
333 | return 0;
334 | }
335 |
336 | int rand_vector_avp (struct tunnel *t, struct call *c, void *data,
337 | int datalen)
338 | {
339 | int size;
340 | _u16 *raw = (_u16 *) data;
341 | size = (raw[0] & 0x0FFF) - 6;
342 | if (t->sanity)
343 | {
344 | if (size < 0)
345 | {
346 | if (DEBUG)
347 | log (LOG_DEBUG, "%s: Random vector too small (%d < 0)\n",
348 | __FUNCTION__, size);
349 | wrong_length (c, "Random Vector", 6, datalen, 1);
350 | return -EINVAL;
351 | }
352 | if (size > MAX_VECTOR_SIZE)
353 | {
354 | if (DEBUG)
355 | log (LOG_DEBUG, "%s: Random vector too large (%d > %d)\n",
356 | __FUNCTION__, datalen, MAX_VECTOR_SIZE);
357 | wrong_length (c, "Random Vector", 6, datalen, 1);
358 | return -EINVAL;
359 | }
360 | }
361 | if (debug_avp)
362 | log (LOG_DEBUG, "%s: Random Vector of %d octets\n", __FUNCTION__,
363 | size);
364 | t->chal_us.vector = (unsigned char *) &raw[3];
365 | t->chal_us.vector_len = size;
366 | return 0;
367 | }
368 |
369 | int ignore_avp (struct tunnel *t, struct call *c, void *data, int datalen)
370 | {
371 | /*
372 | * The spec says we have to accept authentication information
373 | * even if we just ignore it, so that's exactly what
374 | * we're going to do at this point. Proxy authentication is such
375 | * a rediculous security threat anyway except from local
376 | * controled machines.
377 | *
378 | * FIXME: I need to handle proxy authentication as an option.
379 | * One option is to simply change the options we pass to pppd.
380 | *
381 | */
382 | if (debug_avp)
383 | {
384 | if (DEBUG)
385 | log (LOG_DEBUG, "%s : Ignoring AVP\n", __FUNCTION__);
386 | }
387 | return 0;
388 | }
389 |
390 | int seq_reqd_avp (struct tunnel *t, struct call *c, void *data, int datalen)
391 | {
392 | #ifdef SANITY
393 | if (t->sanity)
394 | {
395 | if (datalen != 6)
396 | {
397 | if (DEBUG)
398 | log (LOG_DEBUG,
399 | "%s: avp is incorrect size. %d != 6\n", __FUNCTION__,
400 | datalen);
401 | wrong_length (c, "Sequencing Required", 6, datalen, 1);
402 | return -EINVAL;
403 | }
404 | switch (c->msgtype)
405 | {
406 | case ICCN:
407 | break;
408 | default:
409 | if (DEBUG)
410 | log (LOG_DEBUG,
411 | "%s: sequencing required not appropriate for %s!\n",
412 | __FUNCTION__, msgtypes[c->msgtype]);
413 | return -EINVAL;
414 | }
415 | }
416 | #endif
417 | if (debug_avp)
418 | {
419 | if (DEBUG)
420 | log (LOG_DEBUG, "%s: peer requires sequencing.\n", __FUNCTION__);
421 | }
422 | c->seq_reqd = -1;
423 | return 0;
424 | }
425 |
426 | int result_code_avp (struct tunnel *t, struct call *c, void *data,
427 | int datalen)
428 | {
429 | /*
430 | * Find out what version of l2tp the other side is using.
431 | * I'm not sure what we're supposed to do with this but whatever..
432 | */
433 |
434 | int error;
435 | int result;
436 | _u16 *raw = data;
437 | #ifdef SANITY
438 | if (t->sanity)
439 | {
440 | if (datalen < 10)
441 | {
442 | if (DEBUG)
443 | log (LOG_DEBUG,
444 | "%s: avp is incorrect size. %d < 10\n", __FUNCTION__,
445 | datalen);
446 | wrong_length (c, "Result Code", 10, datalen, 1);
447 | return -EINVAL;
448 | }
449 | switch (c->msgtype)
450 | {
451 | case CDN:
452 | case StopCCN:
453 | break;
454 | default:
455 | if (DEBUG)
456 | log (LOG_DEBUG,
457 | "%s: result code not appropriate for %s. Ignoring.\n",
458 | __FUNCTION__, msgtypes[c->msgtype]);
459 | return 0;
460 | }
461 | }
462 | #endif
463 | result = ntohs (raw[3]);
464 | error = ntohs (raw[4]);
465 | if ((c->msgtype == StopCCN) && ((result > 7) || (result < 1)))
466 | {
467 | if (DEBUG)
468 | log (LOG_DEBUG,
469 | "%s: result code out of range (%d %d %d). Ignoring.\n",
470 | __FUNCTION__, result, error, datalen);
471 | return 0;
472 | }
473 |
474 | if ((c->msgtype == CDN) && ((result > 11) || (result < 1)))
475 | {
476 | if (DEBUG)
477 | log (LOG_DEBUG,
478 | "%s: result code out of range (%d %d %d). Ignoring.\n",
479 | __FUNCTION__, result, error, datalen);
480 | return 0;
481 | }
482 |
483 | c->error = error;
484 | c->result = result;
485 | safe_copy (c->errormsg, (char *) &raw[5], datalen - 10);
486 | if (debug_avp)
487 | {
488 | if (DEBUG && (c->msgtype == StopCCN))
489 | {
490 | log (LOG_DEBUG,
491 | "%s: peer closing for reason %d (%s), error = %d (%s)\n",
492 | __FUNCTION__, result, stopccn_result_codes[result], error,
493 | c->errormsg);
494 | }
495 | else
496 | {
497 | log (LOG_DEBUG,
498 | "%s: peer closing for reason %d (%s), error = %d (%s)\n",
499 | __FUNCTION__, result, cdn_result_codes[result], error,
500 | c->errormsg);
501 | }
502 | }
503 | return 0;
504 | }
505 |
506 | int protocol_version_avp (struct tunnel *t, struct call *c, void *data,
507 | int datalen)
508 | {
509 | /*
510 | * Find out what version of l2tp the other side is using.
511 | * I'm not sure what we're supposed to do with this but whatever..
512 | */
513 |
514 | int ver;
515 | _u16 *raw = data;
516 | #ifdef SANITY
517 | if (t->sanity)
518 | {
519 | if (datalen != 8)
520 | {
521 | if (DEBUG)
522 | log (LOG_DEBUG,
523 | "%s: avp is incorrect size. %d != 8\n", __FUNCTION__,
524 | datalen);
525 | wrong_length (c, "Protocol Version", 8, datalen, 1);
526 | return -EINVAL;
527 | }
528 | switch (c->msgtype)
529 | {
530 | case SCCRP:
531 | case SCCRQ:
532 | break;
533 | default:
534 | if (DEBUG)
535 | log (LOG_DEBUG,
536 | "%s: protocol version not appropriate for %s. Ignoring.\n",
537 | __FUNCTION__, msgtypes[c->msgtype]);
538 | return 0;
539 | }
540 | }
541 | #endif
542 | ver = ntohs (raw[3]);
543 | if (debug_avp)
544 | {
545 | if (DEBUG)
546 | log (LOG_DEBUG,
547 | "%s: peer is using version %d, revision %d.\n", __FUNCTION__,
548 | (ver >> 8), ver & 0xFF);
549 | }
550 | return 0;
551 | }
552 |
553 | int framing_caps_avp (struct tunnel *t, struct call *c, void *data,
554 | int datalen)
555 | {
556 | /*
557 | * Retrieve the framing capabilities
558 | * from the peer
559 | */
560 |
561 | int caps;
562 | _u16 *raw = data;
563 |
564 | #ifdef SANITY
565 | if (t->sanity)
566 | {
567 | switch (c->msgtype)
568 | {
569 | case SCCRP:
570 | case SCCRQ:
571 | break;
572 | default:
573 | if (DEBUG)
574 | log (LOG_DEBUG,
575 | "%s: framing capabilities not appropriate for %s. Ignoring.\n",
576 | __FUNCTION__, msgtypes[c->msgtype]);
577 | return 0;
578 | }
579 | if (datalen != 10)
580 | {
581 | if (DEBUG)
582 | log (LOG_DEBUG,
583 | "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
584 | datalen);
585 | wrong_length (c, "Framming Capabilities", 10, datalen, 0);
586 | return -EINVAL;
587 | }
588 | }
589 | #endif
590 | caps = ntohs (raw[4]);
591 | if (debug_avp)
592 | if (DEBUG)
593 | log (LOG_DEBUG,
594 | "%s: supported peer frames:%s%s\n", __FUNCTION__,
595 | caps & ASYNC_FRAMING ? " async" : "",
596 | caps & SYNC_FRAMING ? " sync" : "");
597 | t->fc = caps & (ASYNC_FRAMING | SYNC_FRAMING);
598 | return 0;
599 | }
600 |
601 | int bearer_caps_avp (struct tunnel *t, struct call *c, void *data,
602 | int datalen)
603 | {
604 | /*
605 | * What kind of bearer channels does our peer support?
606 | */
607 | int caps;
608 | _u16 *raw = data;
609 |
610 | #ifdef SANITY
611 | if (t->sanity)
612 | {
613 | switch (c->msgtype)
614 | {
615 | case SCCRP:
616 | case SCCRQ:
617 | break;
618 | default:
619 | if (DEBUG)
620 | log (LOG_DEBUG,
621 | "%s: bearer capabilities not appropriate for message %s. Ignoring.\n",
622 | __FUNCTION__, msgtypes[c->msgtype]);
623 | return 0;
624 | }
625 | if (datalen != 10)
626 | {
627 | if (DEBUG)
628 | log (LOG_DEBUG,
629 | "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
630 | datalen);
631 | wrong_length (c, "Bearer Capabilities", 10, datalen, 0);
632 | return -EINVAL;
633 | }
634 | }
635 | #endif
636 | caps = ntohs (raw[4]);
637 | if (debug_avp)
638 | {
639 | if (DEBUG)
640 | log (LOG_DEBUG,
641 | "%s: supported peer bearers:%s%s\n",
642 | caps & ANALOG_BEARER ? " analog" : "",
643 | caps & DIGITAL_BEARER ? " digital" : "");
644 | }
645 | t->bc = caps & (ANALOG_BEARER | DIGITAL_BEARER);
646 | return 0;
647 | }
648 |
649 |
650 | /* FIXME: I need to handle tie breakers eventually */
651 |
652 | int firmware_rev_avp (struct tunnel *t, struct call *c, void *data,
653 | int datalen)
654 | {
655 | /*
656 | * Report and record remote firmware version
657 | */
658 | int ver;
659 | _u16 *raw = data;
660 |
661 | #ifdef SANITY
662 | if (t->sanity)
663 | {
664 | switch (c->msgtype)
665 | {
666 | case SCCRP:
667 | case SCCRQ:
668 | break;
669 | default:
670 | if (DEBUG)
671 | log (LOG_DEBUG,
672 | "%s: firmware revision not appropriate for message %s. Ignoring.\n",
673 | __FUNCTION__, msgtypes[c->msgtype]);
674 | return 0;
675 | }
676 | if (datalen != 8)
677 | {
678 | if (DEBUG)
679 | log (LOG_DEBUG,
680 | "%s: avp is incorrect size. %d != 8\n", __FUNCTION__,
681 | datalen);
682 | wrong_length (c, "Firmware Revision", 8, datalen, 0);
683 | return -EINVAL;
684 | }
685 | }
686 | #endif
687 | ver = ntohs (raw[3]);
688 | if (debug_avp)
689 | {
690 | if (DEBUG)
691 | log (LOG_DEBUG,
692 | "%s: peer reports firmware version %d (0x%.4x)\n",
693 | __FUNCTION__, ver, ver);
694 | }
695 | t->firmware = ver;
696 | return 0;
697 | }
698 |
699 | int bearer_type_avp (struct tunnel *t, struct call *c, void *data,
700 | int datalen)
701 | {
702 | /*
703 | * What kind of bearer channel is the call on?
704 | */
705 | int b;
706 | _u16 *raw = data;
707 |
708 | #ifdef SANITY
709 | if (t->sanity)
710 | {
711 | switch (c->msgtype)
712 | {
713 | case ICRQ:
714 | case OCRQ:
715 | break;
716 | default:
717 | if (DEBUG)
718 | log (LOG_DEBUG,
719 | "%s: bearer type not appropriate for message %s. Ignoring.\n",
720 | __FUNCTION__, msgtypes[c->msgtype]);
721 | return 0;
722 | }
723 | if (datalen != 10)
724 | {
725 | if (DEBUG)
726 | log (LOG_DEBUG,
727 | "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
728 | datalen);
729 | wrong_length (c, "Bearer Type", 10, datalen, 0);
730 | return -EINVAL;
731 | }
732 | }
733 | #endif
734 | b = ntohs (raw[4]);
735 | if (debug_avp)
736 | {
737 | if (DEBUG)
738 | log (LOG_DEBUG,
739 | "%s: peer bears:%s\n", __FUNCTION__,
740 | b & ANALOG_BEARER ? " analog" : "digital");
741 | }
742 | t->call_head->bearer = b;
743 | return 0;
744 | }
745 |
746 | int frame_type_avp (struct tunnel *t, struct call *c, void *data, int datalen)
747 | {
748 | /*
749 | * What kind of frame channel is the call on?
750 | */
751 | int b;
752 | _u16 *raw = data;
753 |
754 | #ifdef SANITY
755 | if (t->sanity)
756 | {
757 | switch (c->msgtype)
758 | {
759 | case ICCN:
760 | case OCRQ:
761 | case OCCN:
762 | break;
763 | default:
764 | if (DEBUG)
765 | log (LOG_DEBUG,
766 | "%s: frame type not appropriate for message %s. Ignoring.\n",
767 | __FUNCTION__, msgtypes[c->msgtype]);
768 | return 0;
769 | }
770 | if (datalen != 10)
771 | {
772 | if (DEBUG)
773 | log (LOG_DEBUG,
774 | "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
775 | datalen);
776 | wrong_length (c, "Frame Type", 10, datalen, 0);
777 | return -EINVAL;
778 | }
779 | }
780 | #endif
781 | b = ntohs (raw[4]);
782 | if (debug_avp)
783 | {
784 | if (DEBUG)
785 | log (LOG_DEBUG,
786 | "%s: peer uses:%s frames\n", __FUNCTION__,
787 | b & ASYNC_FRAMING ? " async" : "sync");
788 | }
789 | c->frame = b;
790 | return 0;
791 | }
792 |
793 | int hostname_avp (struct tunnel *t, struct call *c, void *data, int datalen)
794 | {
795 | /*
796 | * What is the peer's name?
797 | */
798 | int size;
799 | _u16 *raw = data;
800 |
801 | #ifdef SANITY
802 | if (t->sanity)
803 | {
804 | switch (c->msgtype)
805 | {
806 | case SCCRP:
807 | case SCCRQ:
808 | break;
809 | default:
810 | if (DEBUG)
811 | log (LOG_DEBUG,
812 | "%s: hostname not appropriate for message %s. Ignoring.\n",
813 | __FUNCTION__, msgtypes[c->msgtype]);
814 | return 0;
815 | }
816 | if (datalen < 6)
817 | {
818 | if (DEBUG)
819 | log (LOG_DEBUG,
820 | "%s: avp is too small. %d < 6\n", __FUNCTION__,
821 | datalen);
822 | wrong_length (c, "Hostname", 6, datalen, 1);
823 | return -EINVAL;
824 | }
825 | }
826 | #endif
827 | size = raw[0] & 0x0FFF;
828 | if (size > MAXSTRLEN - 1)
829 | {
830 | if (DEBUG)
831 | log (LOG_DEBUG, "%s: truncating reported hostname (size is %d)\n",
832 | __FUNCTION__, size);
833 | size = MAXSTRLEN - 1;
834 | }
835 | safe_copy (t->hostname, (char *) &raw[3], size);
836 | if (debug_avp)
837 | {
838 | if (DEBUG)
839 | log (LOG_DEBUG,
840 | "%s: peer reports hostname '%s'\n", __FUNCTION__,
841 | t->hostname);
842 | }
843 | return 0;
844 | }
845 |
846 | int dialing_number_avp (struct tunnel *t, struct call *c, void *data,
847 | int datalen)
848 | {
849 | /*
850 | * What is the peer's name?
851 | */
852 | int size;
853 | _u16 *raw = data;
854 |
855 | #ifdef SANITY
856 | if (t->sanity)
857 | {
858 | switch (c->msgtype)
859 | {
860 | case ICRQ:
861 | break;
862 | default:
863 | if (DEBUG)
864 | log (LOG_DEBUG,
865 | "%s: dialing number not appropriate for message %s. Ignoring.\n",
866 | __FUNCTION__, msgtypes[c->msgtype]);
867 | return 0;
868 | }
869 | if (datalen < 6)
870 | {
871 | if (DEBUG)
872 | log (LOG_DEBUG,
873 | "%s: avp is too small. %d < 6\n", __FUNCTION__,
874 | datalen);
875 | wrong_length (c, "Dialing Number", 6, datalen, 1);
876 | return -EINVAL;
877 | }
878 | }
879 | #endif
880 | size = raw[0] & 0x0FFF;
881 | if (size > MAXSTRLEN - 1)
882 | {
883 | if (DEBUG)
884 | log (LOG_DEBUG,
885 | "%s: truncating reported dialing number (size is %d)\n",
886 | __FUNCTION__, size);
887 | size = MAXSTRLEN - 1;
888 | }
889 | safe_copy (t->call_head->dialing, (char *) &raw[3], size);
890 | if (debug_avp)
891 | {
892 | if (DEBUG)
893 | log (LOG_DEBUG,
894 | "%s: peer reports dialing number '%s'\n", __FUNCTION__,
895 | t->call_head->dialing);
896 | }
897 | return 0;
898 | }
899 |
900 | int dialed_number_avp (struct tunnel *t, struct call *c, void *data,
901 | int datalen)
902 | {
903 | /*
904 | * What is the peer's name?
905 | */
906 | int size;
907 | _u16 *raw = data;
908 |
909 | #ifdef SANITY
910 | if (t->sanity)
911 | {
912 | switch (c->msgtype)
913 | {
914 | case OCRQ:
915 | case ICRQ:
916 | break;
917 | default:
918 | if (DEBUG)
919 | log (LOG_DEBUG,
920 | "%s: dialed number not appropriate for message %s. Ignoring.\n",
921 | __FUNCTION__, msgtypes[c->msgtype]);
922 | return 0;
923 | }
924 | if (datalen < 6)
925 | {
926 | if (DEBUG)
927 | log (LOG_DEBUG,
928 | "%s: avp is too small. %d < 6\n", __FUNCTION__,
929 | datalen);
930 | wrong_length (c, "Dialed Number", 6, datalen, 1);
931 | return -EINVAL;
932 | }
933 | }
934 | #endif
935 | size = raw[0] & 0x0FFF;
936 | if (size > MAXSTRLEN - 1)
937 | {
938 | if (DEBUG)
939 | log (LOG_DEBUG,
940 | "%s: truncating reported dialed number (size is %d)\n",
941 | __FUNCTION__, size);
942 | size = MAXSTRLEN - 1;
943 | }
944 | safe_copy (t->call_head->dialed, (char *) &raw[3], size);
945 | if (debug_avp)
946 | {
947 | if (DEBUG)
948 | log (LOG_DEBUG,
949 | "%s: peer reports dialed number '%s'\n", __FUNCTION__,
950 | t->call_head->dialed);
951 | }
952 | return 0;
953 | }
954 |
955 | int sub_address_avp (struct tunnel *t, struct call *c, void *data,
956 | int datalen)
957 | {
958 | /*
959 | * What is the peer's name?
960 | */
961 | int size;
962 | _u16 *raw = data;
963 |
964 | #ifdef SANITY
965 | if (t->sanity)
966 | {
967 | switch (c->msgtype)
968 | {
969 | case OCRP:
970 | case ICRQ:
971 | break;
972 | default:
973 | if (DEBUG)
974 | log (LOG_DEBUG,
975 | "%s: sub_address not appropriate for message %s. Ignoring.\n",
976 | __FUNCTION__, msgtypes[c->msgtype]);
977 | return 0;
978 | }
979 | if (datalen < 6)
980 | {
981 | if (DEBUG)
982 | log (LOG_DEBUG,
983 | "%s: avp is too small. %d < 6\n", __FUNCTION__,
984 | datalen);
985 | wrong_length (c, "Sub-address", 6, datalen, 1);
986 | return -EINVAL;
987 | }
988 | }
989 | #endif
990 | size = raw[0] & 0x0FFF;
991 | if (size > MAXSTRLEN - 1)
992 | {
993 | if (DEBUG)
994 | log (LOG_DEBUG,
995 | "%s: truncating reported sub address (size is %d)\n",
996 | __FUNCTION__, size);
997 | size = MAXSTRLEN - 1;
998 | }
999 | safe_copy (t->call_head->subaddy, (char *) &raw[3], size);
1000 | if (debug_avp)
1001 | {
1002 | if (DEBUG)
1003 | log (LOG_DEBUG,
1004 | "%s: peer reports subaddress '%s'\n", __FUNCTION__,
1005 | t->call_head->subaddy);
1006 | }
1007 | return 0;
1008 | }
1009 |
1010 | int vendor_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1011 | {
1012 | /*
1013 | * What vendor makes the other end?
1014 | */
1015 | int size;
1016 | _u16 *raw = data;
1017 |
1018 | #ifdef SANITY
1019 | if (t->sanity)
1020 | {
1021 | switch (c->msgtype)
1022 | {
1023 | case SCCRP:
1024 | case SCCRQ:
1025 | break;
1026 | default:
1027 | if (DEBUG)
1028 | log (LOG_DEBUG,
1029 | "%s: vendor not appropriate for message %s. Ignoring.\n",
1030 | __FUNCTION__, msgtypes[c->msgtype]);
1031 | return 0;
1032 | }
1033 | if (datalen < 6)
1034 | {
1035 | if (DEBUG)
1036 | log (LOG_DEBUG,
1037 | "%s: avp is too small. %d < 6\n", __FUNCTION__,
1038 | datalen);
1039 | wrong_length (c, "Vendor", 6, datalen, 1);
1040 | return -EINVAL;
1041 | }
1042 | }
1043 | #endif
1044 | size = raw[0] & 0x0FFF;
1045 | if (size > MAXSTRLEN - 1)
1046 | {
1047 | if (DEBUG)
1048 | log (LOG_DEBUG, "%s: truncating reported vendor (size is %d)\n",
1049 | __FUNCTION__, size);
1050 | size = MAXSTRLEN - 1;
1051 | }
1052 | safe_copy (t->vendor, (char *) &raw[3], size);
1053 | if (debug_avp)
1054 | {
1055 | if (DEBUG)
1056 | log (LOG_DEBUG,
1057 | "%s: peer reports vendor '%s'\n", __FUNCTION__, t->vendor);
1058 | }
1059 | return 0;
1060 | }
1061 |
1062 | int challenge_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1063 | {
1064 | /*
1065 | * We are sent a challenge
1066 | */
1067 | _u16 *raw = data;
1068 | int size;
1069 | #ifdef SANITY
1070 | if (t->sanity)
1071 | {
1072 | switch (c->msgtype)
1073 | {
1074 | case SCCRP:
1075 | case SCCRQ:
1076 | break;
1077 | default:
1078 | if (DEBUG)
1079 | log (LOG_DEBUG,
1080 | "%s: challenge not appropriate for message %s. Ignoring.\n",
1081 | __FUNCTION__, msgtypes[c->msgtype]);
1082 | return 0;
1083 | }
1084 | if (datalen < 6)
1085 | {
1086 | if (DEBUG)
1087 | log (LOG_DEBUG,
1088 | "%s: avp is too small. %d < 6\n", __FUNCTION__,
1089 | datalen);
1090 | wrong_length (c, "challenge", 6, datalen, 1);
1091 | return -EINVAL;
1092 | }
1093 | }
1094 | #endif
1095 | size = raw[0] & 0x0FFF;
1096 | size -= sizeof (struct avp_hdr);
1097 | if (size != MD_SIG_SIZE)
1098 | {
1099 | log (LOG_DEBUG, "%s: Challenge is not the right length (%d != %d)\n",
1100 | __FUNCTION__, size, MD_SIG_SIZE);
1101 | return -EINVAL;
1102 | }
1103 | bcopy (&raw[3], t->chal_us.challenge, size);
1104 | t->chal_us.state = STATE_CHALLENGED;
1105 | if (debug_avp)
1106 | {
1107 | log (LOG_DEBUG, "%s: challenge avp found\n", __FUNCTION__);
1108 | }
1109 | return 0;
1110 | }
1111 |
1112 | int chalresp_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1113 | {
1114 | /*
1115 | * We are sent a challenge
1116 | */
1117 | _u16 *raw = data;
1118 | int size;
1119 | #ifdef SANITY
1120 | if (t->sanity)
1121 | {
1122 | switch (c->msgtype)
1123 | {
1124 | case SCCRP:
1125 | case SCCCN:
1126 | break;
1127 | default:
1128 | if (DEBUG)
1129 | log (LOG_DEBUG,
1130 | "%s: challenge response not appropriate for message %s. Ignoring.\n",
1131 | __FUNCTION__, msgtypes[c->msgtype]);
1132 | return 0;
1133 | }
1134 | if (datalen < 6)
1135 | {
1136 | if (DEBUG)
1137 | log (LOG_DEBUG,
1138 | "%s: avp is too small. %d < 6\n", __FUNCTION__,
1139 | datalen);
1140 | wrong_length (c, "challenge", 6, datalen, 1);
1141 | return -EINVAL;
1142 | }
1143 | }
1144 | #endif
1145 | size = raw[0] & 0x0FFF;
1146 | size -= sizeof (struct avp_hdr);
1147 | if (size != MD_SIG_SIZE)
1148 | {
1149 | log (LOG_DEBUG, "%s: Challenge is not the right length (%d != %d)\n",
1150 | __FUNCTION__, size, MD_SIG_SIZE);
1151 | return -EINVAL;
1152 | }
1153 |
1154 | bcopy (&raw[3], t->chal_them.reply, MD_SIG_SIZE);
1155 | if (debug_avp)
1156 | {
1157 | log (LOG_DEBUG, "%s: Challenge reply found\n", __FUNCTION__);
1158 | }
1159 | return 0;
1160 | }
1161 |
1162 | int assigned_tunnel_avp (struct tunnel *t, struct call *c, void *data,
1163 | int datalen)
1164 | {
1165 | /*
1166 | * What is their TID that we must use from now on?
1167 | */
1168 | _u16 *raw = data;
1169 |
1170 | #ifdef SANITY
1171 | if (t->sanity)
1172 | {
1173 | switch (c->msgtype)
1174 | {
1175 | case SCCRP:
1176 | case SCCRQ:
1177 | case StopCCN:
1178 | break;
1179 | default:
1180 | if (DEBUG)
1181 | log (LOG_DEBUG,
1182 | "%s: tunnel ID not appropriate for message %s. Ignoring.\n",
1183 | __FUNCTION__, msgtypes[c->msgtype]);
1184 | return 0;
1185 | }
1186 | if (datalen != 8)
1187 | {
1188 | if (DEBUG)
1189 | log (LOG_DEBUG,
1190 | "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
1191 | datalen);
1192 | wrong_length (c, "Assigned Tunnel ID", 8, datalen, 0);
1193 | return -EINVAL;
1194 | }
1195 | }
1196 | #endif
1197 | if (c->msgtype == StopCCN)
1198 | {
1199 | t->qtid = ntohs (raw[3]);
1200 | }
1201 | else
1202 | {
1203 | t->tid = ntohs (raw[3]);
1204 | }
1205 | if (debug_avp)
1206 | {
1207 | if (DEBUG)
1208 | log (LOG_DEBUG,
1209 | "%s: using peer's tunnel %d\n", __FUNCTION__,
1210 | ntohs (raw[3]));
1211 | }
1212 | return 0;
1213 | }
1214 |
1215 | int assigned_call_avp (struct tunnel *t, struct call *c, void *data,
1216 | int datalen)
1217 | {
1218 | /*
1219 | * What is their CID that we must use from now on?
1220 | */
1221 | _u16 *raw = data;
1222 |
1223 | #ifdef SANITY
1224 | if (t->sanity)
1225 | {
1226 | switch (c->msgtype)
1227 | {
1228 | case CDN:
1229 | case ICRP:
1230 | case ICRQ:
1231 | case OCRP: /* jz: deleting the debug message */
1232 | break;
1233 | case OCRQ:
1234 | default:
1235 | if (DEBUG)
1236 | log (LOG_DEBUG,
1237 | "%s: call ID not appropriate for message %s. Ignoring.\n",
1238 | __FUNCTION__, msgtypes[c->msgtype]);
1239 | return 0;
1240 | }
1241 | if (datalen != 8)
1242 | {
1243 | if (DEBUG)
1244 | log (LOG_DEBUG,
1245 | "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
1246 | datalen);
1247 | wrong_length (c, "Assigned Call ID", 8, datalen, 0);
1248 | return -EINVAL;
1249 | }
1250 | }
1251 | #endif
1252 | if (c->msgtype == CDN)
1253 | {
1254 | c->qcid = ntohs (raw[3]);
1255 | }
1256 | else if (c->msgtype == ICRQ)
1257 | {
1258 | t->call_head->cid = ntohs (raw[3]);
1259 | }
1260 | else if (c->msgtype == ICRP)
1261 | {
1262 | c->cid = ntohs (raw[3]);
1263 | }
1264 | else if (c->msgtype == OCRP)
1265 | { /* jz: copy callid to c->cid */
1266 | c->cid = ntohs (raw[3]);
1267 | }
1268 | else
1269 | {
1270 | log (LOG_DEBUG, "%s: Dunno what to do when it's state %s!\n",
1271 | __FUNCTION__, msgtypes[c->msgtype]);
1272 | }
1273 | if (debug_avp)
1274 | {
1275 | if (DEBUG)
1276 | log (LOG_DEBUG,
1277 | "%s: using peer's call %d\n", __FUNCTION__, ntohs (raw[3]));
1278 | }
1279 | return 0;
1280 | }
1281 |
1282 | int packet_delay_avp (struct tunnel *t, struct call *c, void *data,
1283 | int datalen)
1284 | {
1285 | /*
1286 | * What is their CID that we must use from now on?
1287 | */
1288 | _u16 *raw = data;
1289 |
1290 | #ifdef SANITY
1291 | if (t->sanity)
1292 | {
1293 | switch (c->msgtype)
1294 | {
1295 | case ICRP:
1296 | case OCRQ:
1297 | case ICCN:
1298 | case OCRP:
1299 | case OCCN:
1300 | break;
1301 | default:
1302 | if (DEBUG)
1303 | log (LOG_DEBUG,
1304 | "%s: packet delay not appropriate for message %s. Ignoring.\n",
1305 | __FUNCTION__, msgtypes[c->msgtype]);
1306 | return 0;
1307 | }
1308 | if (datalen != 8)
1309 | {
1310 | if (DEBUG)
1311 | log (LOG_DEBUG,
1312 | "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
1313 | datalen);
1314 | wrong_length (c, "Assigned Call ID", 8, datalen, 0);
1315 | return -EINVAL;
1316 | }
1317 | }
1318 | #endif
1319 | c->ppd = ntohs (raw[3]);
1320 | if (debug_avp)
1321 | {
1322 | if (DEBUG)
1323 | log (LOG_DEBUG,
1324 | "%s: peer's delay is %d 1/10's of a second\n", __FUNCTION__,
1325 | ntohs (raw[3]));
1326 | }
1327 | return 0;
1328 | }
1329 |
1330 | int call_serno_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1331 | {
1332 | /*
1333 | * What is the serial number of the call?
1334 | */
1335 | _u16 *raw = data;
1336 |
1337 | #ifdef SANITY
1338 | if (t->sanity)
1339 | {
1340 | switch (c->msgtype)
1341 | {
1342 | case ICRQ:
1343 | case OCRQ:
1344 | break;
1345 | default:
1346 | if (DEBUG)
1347 | log (LOG_DEBUG,
1348 | "%s: call ID not appropriate for message %s. Ignoring.\n",
1349 | __FUNCTION__, msgtypes[c->msgtype]);
1350 | return 0;
1351 | }
1352 | if (datalen != 10)
1353 | {
1354 | #ifdef STRICT
1355 | if (DEBUG)
1356 | log (LOG_DEBUG,
1357 | "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
1358 | datalen);
1359 | wrong_length (c, "Serial Number", 10, datalen, 0);
1360 | return -EINVAL;
1361 | #else
1362 | log (LOG_DEBUG,
1363 | "%s: peer is using old style serial number. Will be invalid.\n",
1364 | __FUNCTION__);
1365 | #endif
1366 |
1367 | }
1368 | }
1369 | #endif
1370 | t->call_head->serno = (((unsigned int) ntohs (raw[3])) << 16) |
1371 | ((unsigned int) ntohs (raw[4]));
1372 | if (debug_avp)
1373 | {
1374 | if (DEBUG)
1375 | log (LOG_DEBUG,
1376 | "%s: serial number is %d\n", __FUNCTION__,
1377 | t->call_head->serno);
1378 | }
1379 | return 0;
1380 | }
1381 |
1382 | int rx_speed_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1383 | {
1384 | /*
1385 | * What is the received baud rate of the call?
1386 | */
1387 | _u16 *raw = data;
1388 |
1389 | #ifdef SANITY
1390 | if (t->sanity)
1391 | {
1392 | switch (c->msgtype)
1393 | {
1394 | case ICCN:
1395 | case OCCN:
1396 | case OCRP:
1397 | break;
1398 | default:
1399 | if (DEBUG)
1400 | log (LOG_DEBUG,
1401 | "%s: rx connect speed not appropriate for message %s. Ignoring.\n",
1402 | __FUNCTION__, msgtypes[c->msgtype]);
1403 | return 0;
1404 | }
1405 | if (datalen != 10)
1406 | {
1407 | if (DEBUG)
1408 | log (LOG_DEBUG,
1409 | "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
1410 | datalen);
1411 | wrong_length (c, "Connect Speed (RX)", 10, datalen, 0);
1412 | return -EINVAL;
1413 | }
1414 | }
1415 | #endif
1416 | c->rxspeed = (((unsigned int) ntohs (raw[3])) << 16) |
1417 | ((unsigned int) ntohs (raw[4]));
1418 | if (debug_avp)
1419 | {
1420 | if (DEBUG)
1421 | log (LOG_DEBUG,
1422 | "%s: receive baud rate is %d\n", __FUNCTION__, c->rxspeed);
1423 | }
1424 | return 0;
1425 | }
1426 |
1427 | int tx_speed_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1428 | {
1429 | /*
1430 | * What is the tranmsit baud rate of the call?
1431 | */
1432 | _u16 *raw = data;
1433 |
1434 | #ifdef SANITY
1435 | if (t->sanity)
1436 | {
1437 | switch (c->msgtype)
1438 | {
1439 | case ICCN:
1440 | case OCCN:
1441 | case OCRP:
1442 | break;
1443 | default:
1444 | if (DEBUG)
1445 | log (LOG_DEBUG,
1446 | "%s: tx connect speed not appropriate for message %s. Ignoring.\n",
1447 | __FUNCTION__, msgtypes[c->msgtype]);
1448 | return 0;
1449 | }
1450 | if (datalen != 10)
1451 | {
1452 | if (DEBUG)
1453 | log (LOG_DEBUG,
1454 | "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
1455 | datalen);
1456 | wrong_length (c, "Connect Speed (tx)", 10, datalen, 0);
1457 | return -EINVAL;
1458 | }
1459 | }
1460 | #endif
1461 | c->txspeed = (((unsigned int) ntohs (raw[3])) << 16) |
1462 | ((unsigned int) ntohs (raw[4]));
1463 | if (debug_avp)
1464 | {
1465 | if (DEBUG)
1466 | log (LOG_DEBUG,
1467 | "%s: transmit baud rate is %d\n", __FUNCTION__, c->txspeed);
1468 | }
1469 | return 0;
1470 | }
1471 | int call_physchan_avp (struct tunnel *t, struct call *c, void *data,
1472 | int datalen)
1473 | {
1474 | /*
1475 | * What is the physical channel?
1476 | */
1477 | _u16 *raw = data;
1478 |
1479 | #ifdef SANITY
1480 | if (t->sanity)
1481 | {
1482 | switch (c->msgtype)
1483 | {
1484 | case ICRQ:
1485 | case OCRQ:
1486 | case OCRP:
1487 | case OCCN:
1488 | break;
1489 | default:
1490 | if (DEBUG)
1491 | log (LOG_DEBUG,
1492 | "%s: physical channel not appropriate for message %s. Ignoring.\n",
1493 | __FUNCTION__, msgtypes[c->msgtype]);
1494 | return 0;
1495 | }
1496 | if (datalen != 10)
1497 | {
1498 | if (DEBUG)
1499 | log (LOG_DEBUG,
1500 | "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
1501 | datalen);
1502 | wrong_length (c, "Physical Channel", 10, datalen, 0);
1503 | return -EINVAL;
1504 | }
1505 | }
1506 | #endif
1507 | t->call_head->physchan = (((unsigned int) ntohs (raw[3])) << 16) |
1508 | ((unsigned int) ntohs (raw[4]));
1509 | if (debug_avp)
1510 | {
1511 | if (DEBUG)
1512 | log (LOG_DEBUG,
1513 | "%s: physical channel is %d\n", __FUNCTION__,
1514 | t->call_head->physchan);
1515 | }
1516 | return 0;
1517 | }
1518 |
1519 | int receive_window_size_avp (struct tunnel *t, struct call *c, void *data,
1520 | int datalen)
1521 | {
1522 | /*
1523 | * What is their RWS?
1524 | */
1525 | _u16 *raw = data;
1526 |
1527 | #ifdef SANITY
1528 | if (t->sanity)
1529 | {
1530 | switch (c->msgtype)
1531 | {
1532 | case SCCRP:
1533 | case SCCRQ:
1534 | case OCRP: /* jz */
1535 | case OCCN: /* jz */
1536 | case StopCCN:
1537 | /* case ICRP:
1538 | case ICCN: */
1539 | break;
1540 | default:
1541 | if (DEBUG)
1542 | log (LOG_DEBUG,
1543 | "%s: RWS not appropriate for message %s. Ignoring.\n",
1544 | __FUNCTION__, msgtypes[c->msgtype]);
1545 | return 0;
1546 | }
1547 | if (datalen != 8)
1548 | {
1549 | if (DEBUG)
1550 | log (LOG_DEBUG,
1551 | "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
1552 | datalen);
1553 | wrong_length (c, "Receive Window Size", 8, datalen, 0);
1554 | return -EINVAL;
1555 | }
1556 | }
1557 | #endif
1558 | t->rws = ntohs (raw[3]);
1559 | /* if (c->rws >= 0)
1560 | c->fbit = FBIT; */
1561 | if (debug_avp)
1562 | {
1563 | if (DEBUG)
1564 | log (LOG_DEBUG,
1565 | "%s: peer wants RWS of %d. Will use flow control.\n",
1566 | __FUNCTION__, t->rws);
1567 | }
1568 | return 0;
1569 | }
1570 |
1571 |
1572 | int handle_avps (struct buffer *buf, struct tunnel *t, struct call *c)
1573 | {
1574 | /*
1575 | * buf's start should point to the beginning of a packet. We assume it's
1576 | * a valid packet and has had check_control done to it, so no error
1577 | * checking is done at this point.
1578 | */
1579 |
1580 | struct avp_hdr *avp;
1581 | int len = buf->len - sizeof (struct control_hdr);
1582 | int firstavp = -1;
1583 | int hidlen;
1584 | char *data = buf->start + sizeof (struct control_hdr);
1585 | avp = (struct avp_hdr *) data;
1586 | if (debug_avp)
1587 | log (LOG_DEBUG, "%s: handling avp's for tunnel %d, call %d\n",
1588 | __FUNCTION__, t->ourtid, c->ourcid);
1589 | while (len > 0)
1590 | {
1591 | /* Go ahead and byte-swap the header */
1592 | swaps (avp, sizeof (struct avp_hdr));
1593 | if (avp->attr > AVP_MAX)
1594 | {
1595 | if (AMBIT (avp->length))
1596 | {
1597 | log (LOG_WARN,
1598 | "%s: dont know how to handle mandatory attribute %d. Closing %s.\n"
1599 | __FUNCTION__, avp->attr,
1600 | (c != t->self) ? "call" : "tunnel");
1601 | set_error (c, VENDOR_ERROR,
1602 | "mandatory attribute %d cannot be handled",
1603 | avp->attr);
1604 | c->needclose = -1;
1605 | return -EINVAL;
1606 | }
1607 | else
1608 | {
1609 | if (DEBUG)
1610 | log (LOG_WARN,
1611 | "%s: dont know how to handle atribute %d.\n",
1612 | __FUNCTION__, avp->attr);
1613 | goto next;
1614 | }
1615 | }
1616 | if (ALENGTH (avp->length) > len)
1617 | {
1618 | log (LOG_WARN,
1619 | "%s: AVP received with length > remaining packet length!\n",
1620 | __FUNCTION__);
1621 | set_error (c, ERROR_LENGTH, "Invalid AVP length");
1622 | c->needclose = -1;
1623 | return -EINVAL;
1624 | }
1625 | if (avp->attr && firstavp)
1626 | {
1627 | log (LOG_WARN, "%s: First AVP was not message type.\n",
1628 | __FUNCTION__);
1629 | set_error (c, VENDOR_ERROR, "First AVP must be message type");
1630 | c->needclose = -1;
1631 | return -EINVAL;
1632 | }
1633 | if (ALENGTH (avp->length) < sizeof (struct avp_hdr))
1634 | {
1635 | log (LOG_WARN, "%s: AVP with too small of size (%d).\n",
1636 | __FUNCTION__, ALENGTH (avp->length));
1637 | set_error (c, ERROR_LENGTH, "AVP too small");
1638 | c->needclose = -1;
1639 | return -EINVAL;
1640 | }
1641 | if (AZBITS (avp->length))
1642 | {
1643 | log (LOG_WARN, "%s: %sAVP has reserved bits set.\n", __FUNCTION__,
1644 | AMBIT (avp->length) ? "Mandatory " : "");
1645 | if (AMBIT (avp->length))
1646 | {
1647 | set_error (c, ERROR_RESERVED, "reserved bits set in AVP");
1648 | c->needclose = -1;
1649 | return -EINVAL;
1650 | }
1651 | goto next;
1652 | }
1653 | if (AHBIT (avp->length))
1654 | {
1655 | #ifdef DEBUG_HIDDEN
1656 | log (LOG_DEBUG, "%s: Hidden bit set on AVP.\n", __FUNCTION__);
1657 | #endif
1658 | /* We want to rewrite the AVP as an unhidden AVP
1659 | and then pass it along as normal. Remeber how
1660 | long the AVP was in the first place though! */
1661 | hidlen = avp->length;
1662 | if (decrypt_avp (data, t))
1663 | {
1664 | if (debug_avp)
1665 | log (LOG_WARN, "%s: Unable to handle hidden %sAVP\n:",
1666 | __FUNCTION__,
1667 | (AMBIT (avp->length) ? "mandatory " : ""));
1668 | if (AMBIT (avp->length))
1669 | {
1670 | set_error (c, VENDOR_ERROR, "Invalid Hidden AVP");
1671 | c->needclose = -1;
1672 | return -EINVAL;
1673 | }
1674 | goto next;
1675 | };
1676 | len -= 2;
1677 | hidlen -= 2;
1678 | data += 2;
1679 | avp = (struct avp_hdr *) data;
1680 | /* Now we should look like a normal AVP */
1681 | }
1682 | else
1683 | hidlen = 0;
1684 | if (avps[avp->attr].handler)
1685 | {
1686 | if (avps[avp->attr].handler (t, c, avp, ALENGTH (avp->length)))
1687 | {
1688 | if (AMBIT (avp->length))
1689 | {
1690 | log (LOG_WARN,
1691 | "%s: Bad exit status handling attribute %d (%s) on mandatory packet.\n",
1692 | __FUNCTION__, avp->attr,
1693 | avps[avp->attr].description);
1694 | c->needclose = -1;
1695 | return -EINVAL;
1696 | }
1697 | else
1698 | {
1699 | if (DEBUG)
1700 | log (LOG_DEBUG,
1701 | "%s: Bad exit status handling attribute %d (%s).\n",
1702 | __FUNCTION__, avp->attr,
1703 | avps[avp->attr].description);
1704 | }
1705 | }
1706 | }
1707 | else
1708 | {
1709 | if (AMBIT (avp->length))
1710 | {
1711 | log (LOG_WARN,
1712 | "%s: No handler for mandatory attribute %d (%s). Closing %s.\n",
1713 | __FUNCTION__, avp->attr, avps[avp->attr].description,
1714 | (c != t->self) ? "call" : "tunnel");
1715 | set_error (c, VENDOR_ERROR, "No handler for attr %d (%s)\n",
1716 | avp->attr, avps[avp->attr].description);
1717 | return -EINVAL;
1718 | }
1719 | else
1720 | {
1721 | if (DEBUG)
1722 | log (LOG_WARN, "%s: no handler for atribute %d (%s).\n",
1723 | __FUNCTION__, avp->attr,
1724 | avps[avp->attr].description);
1725 | }
1726 | }
1727 | next:
1728 | if (hidlen)
1729 | {
1730 | /* Skip over the complete length of the hidden AVP */
1731 | len -= ALENGTH (hidlen);
1732 | data += ALENGTH (hidlen);
1733 | }
1734 | else
1735 | {
1736 | len -= ALENGTH (avp->length);
1737 | data += ALENGTH (avp->length); /* Next AVP, please */
1738 | }
1739 | avp = (struct avp_hdr *) data;
1740 | firstavp = 0;
1741 | }
1742 | if (len != 0)
1743 | {
1744 | log (LOG_WARN, "%s: negative overall packet length\n", __FUNCTION__);
1745 | return -EINVAL;
1746 | }
1747 | return 0;
1748 | }