1 | /*
2 | * Layer Two Tunnelling Protocol Daemon
3 | * Copyright (C) 1998 Adtran, Inc.
4 | *
5 | * Mark Spencer
6 | *
7 | * This software is distributed under the terms
8 | * of the GPL, which you should have received
9 | * along with this source.
10 | *
11 | * Handle a call as a separate thread
12 | */
13 |
14 | #include <stdio.h>
15 | #include <fcntl.h>
16 | #include <sys/socket.h>
17 | #include <netinet/in.h>
18 | #include <arpa/inet.h>
19 | #include <sys/wait.h>
20 | #include <stdlib.h>
21 | #include <string.h>
22 | #include <unistd.h>
23 | #include <errno.h>
24 | #include <signal.h>
25 | #include <termios.h>
26 | #include "l2tp.h"
27 | #ifdef USE_KERNEL
28 | #include <sys/ioctl.h>
29 | #endif
30 |
31 | struct buffer *new_payload (struct sockaddr_in peer)
32 | {
33 | struct buffer *tmp = new_buf (MAX_RECV_SIZE);
34 | if (!tmp)
35 | return NULL;
36 | tmp->peer = peer;
37 | tmp->start += sizeof (struct payload_hdr);
38 | tmp->len = 0;
39 | return tmp;
40 | }
41 |
42 | inline void recycle_payload (struct buffer *buf, struct sockaddr_in peer)
43 | {
44 | buf->start = buf->rstart + sizeof (struct payload_hdr);
45 | buf->len = 0;
46 | buf->peer = peer;
47 | }
48 |
49 | void add_payload_hdr (struct tunnel *t, struct call *c, struct buffer *buf)
50 | {
51 | struct payload_hdr *p;
52 | buf->start -= sizeof (struct payload_hdr);
53 | buf->len += sizeof (struct payload_hdr);
54 | /* Account for no offset */
55 | buf->start += 4;
56 | buf->len -= 4;
57 | if (!c->fbit && !c->ourfbit)
58 | {
59 | /* Forget about Ns and Nr fields then */
60 | buf->start += 4;
61 | buf->len -= 4;
62 | }
63 | if (!c->lbit)
64 | {
65 | /* Forget about specifying the length */
66 | buf->start += 2;
67 | buf->len -= 2;
68 | }
69 | p = (struct payload_hdr *) buf->start;
70 | /* p->ver = htons(c->lbit | c->rbit | c->fbit | c->ourfbit | VER_L2TP); */
71 | p->ver = htons (c->lbit | c->fbit | c->ourfbit | VER_L2TP);
72 | if (c->lbit)
73 | {
74 | p->length = htons ((_u16) buf->len);
75 | }
76 | else
77 | {
78 | p = (struct payload_hdr *) (((char *) p) - 2);
79 | }
80 | p->tid = htons (t->tid);
81 | p->cid = htons (c->cid);
82 | if (c->fbit || c->ourfbit)
83 | {
84 | p->Ns = htons (c->pSs);
85 | p->Nr = htons (c->pSr);
86 | }
87 | c->pSs++;
88 | /* c->rbit=0; */
89 | }
90 |
91 | int read_packet (struct buffer *buf, int fd, int convert)
92 | {
93 | unsigned char c;
94 | unsigned char escape = 0;
95 | unsigned char *p;
96 | static unsigned char rbuf[MAX_RECV_SIZE];
97 | static int pos = 0;
98 | static int max = 0;
99 | int res;
100 | int errors = 0;
101 | /* Read a packet, doing async->sync conversion if necessary */
102 | p = buf->start;
103 | while (1)
104 | {
105 | if (pos >= max)
106 | {
107 | max = read (fd, rbuf, sizeof (rbuf));
108 | res = max;
109 | pos = 0;
110 | }
111 | else
112 | {
113 | res = 1;
114 | }
115 | c = rbuf[pos++];
116 | if (res < 1)
117 | {
118 | if (res == 0)
119 | {
120 | /*
121 | * Hmm.. Nothing to read. It happens
122 | */
123 | return 0;
124 | /* } else if ((errno == EINTR ) || (errno == EAGAIN)) { */
125 | }
126 | else if ((errno == EIO) || (errno == EINTR) || (errno == EAGAIN))
127 | {
128 |
129 | /*
130 | * Oops, we were interrupted!
131 | * Or, we ran out of data too soon
132 | * anyway, we discared whatever it is we
133 | * have
134 | */
135 | return 0;
136 | }
137 | errors++;
138 | log (LOG_DEBUG, "%s: Error %d (%s)\n", __FUNCTION__, errno,
139 | strerror (errno));
140 | if (errors > 10)
141 | {
142 | log (LOG_DEBUG,
143 | "%s: Too many errors. Declaring call dead.\n",
144 | __FUNCTION__);
145 | return -errno;
146 | }
147 | continue;
148 | }
149 | switch (c)
150 | {
151 | case PPP_FLAG:
152 | if (escape)
153 | {
154 | log (LOG_DEBUG, "%s: got an escaped PPP_FLAG\n",
155 | __FUNCTION__);
156 | return -EINVAL;
157 | }
158 | if (convert)
159 | {
160 | if (!buf->len)
161 | break;
162 | /* Drop the FCS */
163 | buf->len -= 2;
164 | }
165 | else
166 | {
167 | if (buf->len < buf->maxlen)
168 | {
169 | *p = c;
170 | p++;
171 | buf->len++;
172 | }
173 | }
174 | return buf->len;
175 | case PPP_ESCAPE:
176 | escape = PPP_TRANS;
177 | if (convert)
178 | break;
179 | default:
180 | if (convert)
181 | c ^= escape;
182 | escape = 0;
183 | if (buf->len < buf->maxlen)
184 | {
185 | *p = c;
186 | p++;
187 | buf->len++;
188 | break;
189 | };
190 | log (LOG_WARN, "%s: read overrun\n", __FUNCTION__);
191 | return -EINVAL;
192 | }
193 | }
194 | /* I should never get here */
195 | log (LOG_WARN, "%s: You should not see this message. If you do, please
196 | enter a bug report at http://sourceforge.net/projects/l2tpd", __FUNCTION__);
197 | return -EINVAL;
198 | }
199 |
200 | void call_close (struct call *c)
201 | {
202 | struct buffer *buf;
203 | struct schedule_entry *se, *ose;
204 | struct call *tmp, *tmp2;
205 | if (!c || !c->container)
206 | {
207 | log (LOG_DEBUG, "%s: called on null call or containerless call\n",
208 | __FUNCTION__);
209 | return;
210 | }
211 | if (c == c->container->self)
212 | {
213 | /*
214 | * We're actually closing the
215 | * entire tunnel
216 | */
217 |
218 | /* First deschedule any remaining packet transmissions
219 | for this tunnel. That means Hello's and any reminaing
220 | packets scheduled for transmission. This is a very
221 | nasty little piece of code here. */
222 |
223 | se = events;
224 | ose = NULL;
225 | while (se)
226 | {
227 | if ((((struct buffer *) se->data)->tunnel == c->container)
228 | || ((struct tunnel *) se->data == c->container))
229 | {
230 | #ifdef DEBUG_CLOSE
231 | log (LOG_DEBUG, "%s: Descheduling event\n", __FUNCTION__);
232 | #endif
233 | if (ose)
234 | {
235 | ose->next = se->next;
236 | if ((struct tunnel *) se->data != c->container)
237 | toss ((struct buffer *) (se->data));
238 | free (se);
239 | se = ose->next;
240 | }
241 | else
242 | {
243 | events = se->next;
244 | if ((struct tunnel *) se->data != c->container)
245 | toss ((struct buffer *) (se->data));
246 | free (se);
247 | se = events;
248 | }
249 | }
250 | else
251 | {
252 | ose = se;
253 | se = se->next;
254 | }
255 | }
256 |
257 | if (c->closing)
258 | {
259 | /* Really close this tunnel, as our
260 | StopCCN has been ack'd */
261 | #ifdef DEBUG_CLOSE
262 | log (LOG_DEBUG, "%s: Actually closing tunnel %d\n", __FUNCTION__,
263 | c->container->ourtid);
264 | #endif
265 | #ifdef USE_KERNEL
266 | if (kernel_support)
267 | ioctl (server_socket, L2TPIOCDELTUNNEL, c->container->ourtid);
268 | #endif
269 | destroy_tunnel (c->container);
270 | return;
271 | }
272 |
273 | /*
274 | * We need to close, but need to provide reliable delivery
275 | * of the final StopCCN. We record our state to know when
276 | * we have actually received an ACK on our StopCCN
277 | */
278 | c->closeSs = c->container->cSs;
279 | buf = new_outgoing (c->container);
280 | add_message_type_avp (buf, StopCCN);
281 | if (c->container->hbit)
282 | {
283 | mk_challenge (c->container->chal_them.vector, VECTOR_SIZE);
284 | add_randvect_avp (buf, c->container->chal_them.vector,
285 | VECTOR_SIZE);
286 | }
287 | add_tunnelid_avp (buf, c->container->ourtid);
288 | if (c->result < 0)
289 | c->result = RESULT_CLEAR;
290 | if (c->error < 0)
291 | c->error = 0;
292 | add_result_code_avp (buf, c->result, c->error, c->errormsg,
293 | strlen (c->errormsg));
294 | add_control_hdr (c->container, c, buf);
295 | if (packet_dump)
296 | do_packet_dump (buf);
297 | #ifdef DEBUG_CLOSE
298 | log (LOG_DEBUG, "%s: enqueing close message for tunnel\n",
299 | __FUNCTION__);
300 | #endif
301 | control_xmit (buf);
302 | /*
303 | * We also need to stop all traffic on any calls contained
304 | * within us.
305 | */
306 | tmp = c->container->call_head;
307 | while (tmp)
308 | {
309 | tmp2 = tmp->next;
310 | tmp->needclose = 0;
311 | tmp->closing = -1;
312 | call_close (tmp);
313 | tmp = tmp2;
314 | }
315 | log (LOG_LOG,
316 | "%s : Connection %d closed to %s, port %d (%s)\n", __FUNCTION__,
317 | c->container->tid,
318 | IPADDY (c->container->peer.sin_addr),
319 | ntohs (c->container->peer.sin_port), c->errormsg);
320 | }
321 | else
322 | {
323 | /*
324 | * Just close a call
325 | */
326 | #ifdef USE_KERNEL
327 | struct l2tp_call_opts co;
328 | #endif
329 | if (c->zlb_xmit)
330 | deschedule (c->zlb_xmit);
331 | /* if (c->dethrottle) deschedule(c->dethrottle); */
332 | if (c->closing)
333 | {
334 | #ifdef DEBUG_CLOSE
335 | log (LOG_DEBUG, "%s: Actually closing call %d\n", __FUNCTION__,
336 | c->ourcid);
337 | #endif
338 | destroy_call (c);
339 | return;
340 | }
341 | #ifdef USE_KERNEL
342 | if (kernel_support)
343 | {
344 | co.ourtid = c->container->ourtid;
345 | co.ourcid = c->ourcid;
346 | ioctl (server_socket, L2TPIOCGETCALLOPTS, &co);
347 | co.flags = co.flags & ~L2TP_FLAG_CALL_UP;
348 | ioctl (server_socket, L2TPIOCSETCALLOPTS, &co);
349 | }
350 | #endif
351 | c->closeSs = c->container->cSs;
352 | buf = new_outgoing (c->container);
353 | add_message_type_avp (buf, CDN);
354 | if (c->container->hbit)
355 | {
356 | mk_challenge (c->container->chal_them.vector, VECTOR_SIZE);
357 | add_randvect_avp (buf, c->container->chal_them.vector,
358 | VECTOR_SIZE);
359 | }
360 | if (c->result < 0)
361 | c->result = RESULT_CLEAR;
362 | if (c->error < 0)
363 | c->error = 0;
364 | add_result_code_avp (buf, c->result, c->error, c->errormsg,
365 | strlen (c->errormsg));
366 | #ifdef TEST_HIDDEN
367 | add_callid_avp (buf, c->ourcid, c->container);
368 | #else
369 | add_callid_avp (buf, c->ourcid);
370 | #endif
371 | add_control_hdr (c->container, c, buf);
372 | if (packet_dump)
373 | do_packet_dump (buf);
374 | #ifdef DEBUG_CLOSE
375 | log (LOG_DEBUG, "%s: enqueuing close message for call %d\n",
376 | __FUNCTION__, c->ourcid);
377 | #endif
378 | control_xmit (buf);
379 | log (LOG_LOG, "%s: Call %d to %s disconnected\n", __FUNCTION__,
380 | c->ourcid, IPADDY (c->container->peer.sin_addr));
381 | }
382 | /*
383 | * Note that we're in the process of closing now
384 | */
385 | c->closing = -1;
386 | }
387 |
388 | void destroy_call (struct call *c)
389 | {
390 | /*
391 | * Here, we unconditionally destroy a call.
392 | */
393 |
394 | struct call *p;
395 | struct timeval tv;
396 | pid_t pid;
397 | /*
398 | * Close the tty
399 | */
400 | if (c->fd > 0)
401 | close (c->fd);
402 | /* if (c->dethrottle) deschedule(c->dethrottle); */
403 | if (c->zlb_xmit)
404 | deschedule (c->zlb_xmit);
405 | if (c->addr)
406 | unreserve_addr (c->addr);
407 | /*
408 | * Kill off pppd and wait for it to
409 | * return to us. This should only be called
410 | * in rare cases if pppd hasn't already died
411 | * voluntarily
412 | */
413 | pid = c->pppd;
414 | if (pid)
415 | {
416 | /* Set c->pppd to zero to prevent recursion with child_handler */
417 | c->pppd = 0;
418 | kill (pid, SIGTERM);
419 | waitpid (pid, NULL, 0);
420 | }
421 | if (c->container)
422 | {
423 | #ifdef USE_KERNEL
424 | if (kernel_support)
425 | ioctl (server_socket, L2TPIOCDELCALL,
426 | (c->container->ourtid << 16) | (c->ourcid));
427 | #endif
428 | p = c->container->call_head;
429 | /*
430 | * Remove us from the call list, although
431 | * we might not actually be there
432 | */
433 | if (p)
434 | {
435 | if (p == c)
436 | {
437 | c->container->call_head = c->next;
438 | c->container->count--;
439 | }
440 | else
441 | {
442 | while (p->next && (p->next != c))
443 | p = p->next;
444 | if (p->next)
445 | {
446 | p->next = c->next;
447 | c->container->count--;
448 | }
449 | }
450 | }
451 | }
452 | if (c->lac)
453 | {
454 | c->lac->c = NULL;
455 | if (c->lac->redial && (c->lac->rtimeout > 0) && !c->lac->rsched &&
456 | c->lac->active)
457 | {
458 | #ifdef DEBUG_MAGIC
459 | log (LOG_LOG, "%s: Will redial in %d seconds\n", __FUNCTION__,
460 | c->lac->rtimeout);
461 | #endif
462 | tv.tv_sec = c->lac->rtimeout;
463 | tv.tv_usec = 0;
464 | c->lac->rsched = schedule (tv, magic_lac_dial, c->lac);
465 | }
466 | }
467 |
468 | free (c);
469 |
470 | }
471 |
472 |
473 | struct call *new_call (struct tunnel *parent)
474 | {
475 | struct call *tmp = malloc (sizeof (struct call));
476 | if (!tmp)
477 | return NULL;
478 | tmp->tx_pkts = 0;
479 | tmp->rx_pkts = 0;
480 | tmp->tx_bytes = 0;
481 | tmp->rx_bytes = 0;
482 | tmp->zlb_xmit = NULL;
483 | /* tmp->throttle = 0; */
484 | /* tmp->dethrottle=NULL; */
485 | tmp->prx = 0;
486 | /* tmp->rbit = 0; */
487 | tmp->msgtype = 0;
488 | /* tmp->timeout = 0; */
489 | tmp->pSs = 0;
490 | tmp->pSr = 0;
491 | tmp->pLr = -1;
492 | tmp->nego = 0;
493 | tmp->debug = 0;
494 | tmp->seq_reqd = 0;
495 | tmp->state = 0; /* Nothing so far */
496 | if (parent->self)
497 | {
498 | #ifndef TESTING
499 | #ifdef USE_KERNEL
500 | if (kernel_support)
501 | tmp->ourcid =
502 | ioctl (server_socket, L2TPIOCADDCALL, parent->ourtid << 16);
503 | else
504 | #endif
505 | /* while(get_call(parent->ourtid, (tmp->ourcid = (rand() && 0xFFFF)),0,0)); */
506 | /* FIXME: What about possibility of multiple random #'s??? */
507 | tmp->ourcid = (rand () & 0xFFFF);
508 | #else
509 | tmp->ourcid = 0x6227;
510 | #endif
511 | }
512 | tmp->dialed[0] = 0;
513 | tmp->dialing[0] = 0;
514 | tmp->subaddy[0] = 0;
515 | tmp->physchan = -1;
516 | tmp->serno = 0;
517 | tmp->bearer = -1;
518 | tmp->cid = -1;
519 | tmp->qcid = -1;
520 | tmp->container = parent;
521 | /* tmp->rws = -1; */
522 | tmp->fd = -1;
523 | tmp->oldptyconf = malloc (sizeof (struct termios));
524 | tmp->pnu = 0;
525 | tmp->cnu = 0;
526 | tmp->needclose = 0;
527 | tmp->closing = 0;
528 | tmp->die = 0;
529 | tmp->pppd = 0;
530 | tmp->error = -1;
531 | tmp->result = -1;
532 | tmp->errormsg[0] = 0;
533 | tmp->fbit = 0;
534 | tmp->cid = 0;
535 | tmp->lbit = 0;
536 | /* Inherit LAC and LNS from parent */
537 | tmp->lns = parent->lns;
538 | tmp->lac = parent->lac;
539 | tmp->addr = 0;
540 | /* tmp->ourrws = DEFAULT_RWS_SIZE; */
541 | /* if (tmp->ourrws >= 0)
542 | tmp->ourfbit = FBIT;
543 | else */
544 | tmp->ourfbit = 0; /* initialize to 0 since we don't actually use this
545 | value at this point anywhere in the code (I don't
546 | think) We might just be able to remove it completely */
547 | tmp->dial_no[0] = '\0'; /* jz: dialing number for outgoing call */
548 | return tmp;
549 | }
550 |
551 | struct call *get_tunnel (int tunnel, unsigned int addr, int port)
552 | {
553 | struct tunnel *st;
554 | if (tunnel)
555 | {
556 | st = tunnels.head;
557 | while (st)
558 | {
559 | if (st->ourtid == tunnel)
560 | {
561 | return st->self;
562 | }
563 | st = st->next;
564 | }
565 | }
566 | return NULL;
567 | }
568 | struct call *get_call (int tunnel, int call, unsigned int addr, int port)
569 | {
570 | /*
571 | * Figure out which call struct should handle this.
572 | * If we have tunnel and call ID's then they are unique.
573 | * Otherwise, if the tunnel is 0, look for an existing connection
574 | * or create a new tunnel.
575 | */
576 | struct tunnel *st;
577 | struct call *sc;
578 | if (tunnel)
579 | {
580 | st = tunnels.head;
581 | while (st)
582 | {
583 | if (st->ourtid == tunnel)
584 | {
585 | if (call)
586 | {
587 | sc = st->call_head;
588 | while (sc)
589 | {
590 | if (sc->ourcid == call)
591 | return sc;
592 | sc = sc->next;
593 | }
594 | log (LOG_DEBUG, "%s: can't find call %d in tunnel %d\n",
595 | __FUNCTION__, call, tunnel);
596 | return NULL;
597 | }
598 | else
599 | {
600 | return st->self;
601 | }
602 | }
603 | st = st->next;
604 | }
605 | log (LOG_DEBUG, "%s:can't find tunnel %d\n", __FUNCTION__, tunnel);
606 | return NULL;
607 | }
608 | else
609 | {
610 | #ifdef USE_KERNEL
611 | struct l2tp_tunnel_opts to;
612 | #endif
613 | /* You can't specify a call number if you haven't specified
614 | a tunnel silly! */
615 |
616 | if (call)
617 | {
618 | log (LOG_WARN,
619 | "%s: call ID specified, but no tunnel ID specified. tossing.\n",
620 | __FUNCTION__);
621 | return NULL;
622 | }
623 | /*
624 | * Well, nothing appropriate... Let's add a new tunnel, if
625 | * we are not at capacity.
626 | */
627 | if (debug_tunnel)
628 | {
629 | log (LOG_DEBUG,
630 | "%s: allocating new tunnel for host %s, port %d.\n",
631 | __FUNCTION__, IPADDY (addr), ntohs (port));
632 | }
633 | if (!(st = new_tunnel ()))
634 | {
635 | log (LOG_WARN,
636 | "%s: unable to allocate new tunnel for host %s, port %d.\n",
637 | __FUNCTION__, IPADDY (addr), ntohs (port));
638 | return NULL;
639 | };
640 | st->peer.sin_family = AF_INET;
641 | st->peer.sin_port = port;
642 | bcopy (&addr, &st->peer.sin_addr, sizeof (addr));
643 | #ifdef USE_KERNEL
644 | if (kernel_support)
645 | {
646 | /* Update kernel as to peer's location */
647 | to.ourtid = st->ourtid;
648 | ioctl (server_socket, L2TPIOCGETTUNOPTS, &to);
649 | bcopy (&st->peer, &to.peer, sizeof (st->peer));
650 | to.addrlen = sizeof (st->peer);
651 | ioctl (server_socket, L2TPIOCSETTUNOPTS, &to);
652 | }
653 | #endif
654 | st->next = tunnels.head;
655 | tunnels.head = st;
656 | tunnels.count++;
657 | return st->self;
658 | }
659 | }