1 | /*
2 | * Layer Two Tunnelling Protocol Daemon
3 | * Copyright (C) 1998 Adtran, Inc.
4 | *
5 | * Mark Spencer
6 | *
7 | * This software is distributed under the terms
8 | * of the GPL, which you should have received
9 | * along with this source.
10 | *
11 | * Control Packet Handling
12 | *
13 | */
14 |
15 | #include <errno.h>
16 | #include <string.h>
17 | #include <stdio.h>
18 | #include <netinet/in.h>
19 | #include <arpa/inet.h>
20 | #include <unistd.h>
21 | #include <stdlib.h>
22 | #include "l2tp.h"
23 | #ifdef USE_KERNEL
24 | #include <sys/ioctl.h>
25 | #endif
26 |
27 | _u16 ppp_crc16_table[256] = {
28 | 0x0000, 0x1189, 0x2312, 0x329b, 0x4624, 0x57ad, 0x6536, 0x74bf,
29 | 0x8c48, 0x9dc1, 0xaf5a, 0xbed3, 0xca6c, 0xdbe5, 0xe97e, 0xf8f7,
30 | 0x1081, 0x0108, 0x3393, 0x221a, 0x56a5, 0x472c, 0x75b7, 0x643e,
31 | 0x9cc9, 0x8d40, 0xbfdb, 0xae52, 0xdaed, 0xcb64, 0xf9ff, 0xe876,
32 | 0x2102, 0x308b, 0x0210, 0x1399, 0x6726, 0x76af, 0x4434, 0x55bd,
33 | 0xad4a, 0xbcc3, 0x8e58, 0x9fd1, 0xeb6e, 0xfae7, 0xc87c, 0xd9f5,
34 | 0x3183, 0x200a, 0x1291, 0x0318, 0x77a7, 0x662e, 0x54b5, 0x453c,
35 | 0xbdcb, 0xac42, 0x9ed9, 0x8f50, 0xfbef, 0xea66, 0xd8fd, 0xc974,
36 | 0x4204, 0x538d, 0x6116, 0x709f, 0x0420, 0x15a9, 0x2732, 0x36bb,
37 | 0xce4c, 0xdfc5, 0xed5e, 0xfcd7, 0x8868, 0x99e1, 0xab7a, 0xbaf3,
38 | 0x5285, 0x430c, 0x7197, 0x601e, 0x14a1, 0x0528, 0x37b3, 0x263a,
39 | 0xdecd, 0xcf44, 0xfddf, 0xec56, 0x98e9, 0x8960, 0xbbfb, 0xaa72,
40 | 0x6306, 0x728f, 0x4014, 0x519d, 0x2522, 0x34ab, 0x0630, 0x17b9,
41 | 0xef4e, 0xfec7, 0xcc5c, 0xddd5, 0xa96a, 0xb8e3, 0x8a78, 0x9bf1,
42 | 0x7387, 0x620e, 0x5095, 0x411c, 0x35a3, 0x242a, 0x16b1, 0x0738,
43 | 0xffcf, 0xee46, 0xdcdd, 0xcd54, 0xb9eb, 0xa862, 0x9af9, 0x8b70,
44 | 0x8408, 0x9581, 0xa71a, 0xb693, 0xc22c, 0xd3a5, 0xe13e, 0xf0b7,
45 | 0x0840, 0x19c9, 0x2b52, 0x3adb, 0x4e64, 0x5fed, 0x6d76, 0x7cff,
46 | 0x9489, 0x8500, 0xb79b, 0xa612, 0xd2ad, 0xc324, 0xf1bf, 0xe036,
47 | 0x18c1, 0x0948, 0x3bd3, 0x2a5a, 0x5ee5, 0x4f6c, 0x7df7, 0x6c7e,
48 | 0xa50a, 0xb483, 0x8618, 0x9791, 0xe32e, 0xf2a7, 0xc03c, 0xd1b5,
49 | 0x2942, 0x38cb, 0x0a50, 0x1bd9, 0x6f66, 0x7eef, 0x4c74, 0x5dfd,
50 | 0xb58b, 0xa402, 0x9699, 0x8710, 0xf3af, 0xe226, 0xd0bd, 0xc134,
51 | 0x39c3, 0x284a, 0x1ad1, 0x0b58, 0x7fe7, 0x6e6e, 0x5cf5, 0x4d7c,
52 | 0xc60c, 0xd785, 0xe51e, 0xf497, 0x8028, 0x91a1, 0xa33a, 0xb2b3,
53 | 0x4a44, 0x5bcd, 0x6956, 0x78df, 0x0c60, 0x1de9, 0x2f72, 0x3efb,
54 | 0xd68d, 0xc704, 0xf59f, 0xe416, 0x90a9, 0x8120, 0xb3bb, 0xa232,
55 | 0x5ac5, 0x4b4c, 0x79d7, 0x685e, 0x1ce1, 0x0d68, 0x3ff3, 0x2e7a,
56 | 0xe70e, 0xf687, 0xc41c, 0xd595, 0xa12a, 0xb0a3, 0x8238, 0x93b1,
57 | 0x6b46, 0x7acf, 0x4854, 0x59dd, 0x2d62, 0x3ceb, 0x0e70, 0x1ff9,
58 | 0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330,
59 | 0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78
60 | };
61 |
62 | int global_serno = 1;
63 |
64 | struct buffer *new_outgoing (struct tunnel *t)
65 | {
66 | /*
67 | * Make a new outgoing control packet
68 | */
69 | struct buffer *tmp = new_buf (MAX_RECV_SIZE);
70 | if (!tmp)
71 | return NULL;
72 | tmp->peer = t->peer;
73 | tmp->start += sizeof (struct control_hdr);
74 | tmp->len = 0;
75 | tmp->retries = 0;
76 | tmp->tunnel = t;
77 | return tmp;
78 | }
79 |
80 | inline void recycle_outgoing (struct buffer *buf, struct sockaddr_in peer)
81 | {
82 | /*
83 | * This should only be used for ZLB's!
84 | */
85 | buf->start = buf->rstart + sizeof (struct control_hdr);
86 | buf->peer = peer;
87 | buf->len = 0;
88 | buf->retries = -1;
89 | buf->tunnel = NULL;
90 | }
91 | void add_fcs (struct buffer *buf)
92 | {
93 | _u16 fcs = PPP_INITFCS;
94 | unsigned char *c = buf->start;
95 | int x;
96 | for (x = 0; x < buf->len; x++)
97 | {
98 | fcs = PPP_FCS (fcs, *c);
99 | c++;
100 | }
101 | fcs = fcs ^ 0xFFFF;
102 | *c = fcs & 0xFF;
103 | c++;
104 | *c = (fcs >> 8) & 0xFF;
105 | buf->len += 2;
106 | }
107 |
108 | void add_control_hdr (struct tunnel *t, struct call *c, struct buffer *buf)
109 | {
110 | struct control_hdr *h;
111 | buf->start -= sizeof (struct control_hdr);
112 | buf->len += sizeof (struct control_hdr);
113 | h = (struct control_hdr *) buf->start;
114 | h->ver = htons (TBIT | LBIT | FBIT | VER_L2TP);
115 | h->length = htons ((_u16) buf->len);
116 | h->tid = htons (t->tid);
117 | h->cid = htons (c->cid);
118 | h->Ns = htons (t->cSs);
119 | h->Nr = htons (t->cSr);
120 | t->cSs++;
121 |
122 | }
123 |
124 | void hello (void *tun)
125 | {
126 | struct buffer *buf;
127 | struct tunnel *t;
128 | struct timeval tv;
129 | tv.tv_sec = HELLO_DELAY;
130 | tv.tv_usec = 0;
131 | t = (struct tunnel *) tun;
132 | buf = new_outgoing (t);
133 | add_message_type_avp (buf, Hello);
134 | add_control_hdr (t, t->self, buf);
135 | if (packet_dump)
136 | do_packet_dump (buf);
137 | #ifdef DEBUG_HELLO
138 | log (LOG_DEBUG, "%s: sending Hello on %d\n", __FUNCTION__, t->ourtid);
139 | #endif
140 | control_xmit (buf);
141 | /*
142 | * Schedule another Hello in a little bit.
143 | */
144 | #ifdef DEBUG_HELLO
145 | log (LOG_DEBUG, "%s: scheduling another Hello on %d\n", __FUNCTION__,
146 | t->ourtid);
147 | #endif
148 | t->hello = schedule (tv, hello, (void *) t);
149 | }
150 |
151 | void control_zlb (struct buffer *buf, struct tunnel *t, struct call *c)
152 | {
153 | recycle_outgoing (buf, t->peer);
154 | add_control_hdr (t, c, buf);
155 | t->cSs--;
156 | #ifdef DEBUG_ZLB
157 | log (LOG_DEBUG, "%s: sending control ZLB on tunnel %d\n", __FUNCTION__,
158 | t->tid);
159 | #endif
160 | udp_xmit (buf);
161 | }
162 |
163 | int control_finish (struct tunnel *t, struct call *c)
164 | {
165 | /*
166 | * After all AVP's have been handled, do anything else
167 | * which needs to be done, like prepare response
168 | * packets to go back. This is essentially the
169 | * implementation of the state machine of section 7.2.1
170 | *
171 | * If we set c->needclose, the call (or tunnel) will
172 | * be closed upon return.
173 | */
174 | struct buffer *buf;
175 | struct call *p, *z;
176 | struct tunnel *y;
177 | struct timeval tv;
178 | struct ppp_opts *po;
179 | #ifdef USE_KERNEL
180 | struct l2tp_call_opts co;
181 | #endif
182 | char ip1[STRLEN];
183 | char ip2[STRLEN];
184 | char dummy_buf[128] = "/var/l2tp/"; /* jz: needed to read /etc/ppp/var.options - just kick it if you dont like */
185 | if (c->msgtype < 0)
186 | {
187 | log (LOG_DEBUG, "%s: Whoa... non-ZLB with no message type!\n",
188 | __FUNCTION__);
189 | return -EINVAL;
190 | }
191 | if (debug_state)
192 | log (LOG_DEBUG,
193 | "%s: message type is %s(%d). Tunnel is %d, call is %d.\n",
194 | __FUNCTION__, msgtypes[c->msgtype], c->msgtype, t->tid, c->cid);
195 | switch (c->msgtype)
196 | {
197 | case 0:
198 | /*
199 | * We need to initiate a connection.
200 | */
201 | if (t->self == c)
202 | {
203 | if (t->lns)
204 | {
205 | t->ourrws = t->lns->tun_rws;
206 | t->hbit = t->lns->hbit;
207 | }
208 | else if (t->lac)
209 | {
210 | t->ourrws = t->lac->tun_rws;
211 | t->hbit = t->lac->hbit;
212 | }
213 | /* This is an attempt to bring up the tunnel */
214 | t->state = SCCRQ;
215 | buf = new_outgoing (t);
216 | add_message_type_avp (buf, SCCRQ);
217 | if (t->hbit)
218 | {
219 | mk_challenge (t->chal_them.vector, VECTOR_SIZE);
220 | add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE);
221 | }
222 | add_protocol_avp (buf);
223 | add_frame_caps_avp (buf, t->ourfc);
224 | add_bearer_caps_avp (buf, t->ourbc);
225 | /* FIXME: Tie breaker */
226 | add_firmware_avp (buf);
227 | add_hostname_avp (buf);
228 | add_vendor_avp (buf);
229 | add_tunnelid_avp (buf, t->ourtid);
230 | if (t->ourrws >= 0)
231 | add_avp_rws (buf, t->ourrws);
232 | if ((t->lac && t->lac->challenge)
233 | || (t->lns && t->lns->challenge))
234 | {
235 | mk_challenge (t->chal_them.challenge, MD_SIG_SIZE);
236 | add_challenge_avp (buf, t->chal_them.challenge, MD_SIG_SIZE);
237 | t->chal_them.state = STATE_CHALLENGED;
238 | /* We generate the challenge and make a note that we plan to
239 | challenge the peer, but we can't predict the response yet
240 | because we don't know their hostname AVP */
241 | }
242 | add_control_hdr (t, c, buf);
243 | c->cnu = 0;
244 | if (packet_dump)
245 | do_packet_dump (buf);
246 | if (debug_state)
247 | log (LOG_DEBUG, "%s: control_finish: sending SCCRQ\n",
248 | __FUNCTION__);
249 | control_xmit (buf);
250 | }
251 | else
252 | {
253 | if (switch_io)
254 | {
255 | c->state = ICRQ;
256 | if (c->lns)
257 | {
258 | c->lbit = c->lns->lbit ? LBIT : 0;
259 | /* c->ourrws = c->lns->call_rws;
260 | if (c->ourrws > -1) c->ourfbit = FBIT; else c->ourfbit = 0; */
261 | }
262 | else if (c->lac)
263 | {
264 | c->lbit = c->lac->lbit ? LBIT : 0;
265 | /* c->ourrws = c->lac->call_rws;
266 | if (c->ourrws > -1) c->ourfbit = FBIT; else c->ourfbit = 0; */
267 | }
268 | buf = new_outgoing (t);
269 | add_message_type_avp (buf, ICRQ);
270 | if (t->hbit)
271 | {
272 | mk_challenge (t->chal_them.vector, VECTOR_SIZE);
273 | add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE);
274 | }
275 | #ifdef TEST_HIDDEN
276 | add_callid_avp (buf, c->ourcid, t);
277 | #else
278 | add_callid_avp (buf, c->ourcid);
279 | #endif
280 | add_serno_avp (buf, global_serno);
281 | c->serno = global_serno;
282 | global_serno++;
283 | add_bearer_avp (buf, 0);
284 | add_control_hdr (t, c, buf);
285 | c->cnu = 0;
286 | if (packet_dump)
287 | do_packet_dump (buf);
288 | if (debug_state)
289 | log (LOG_DEBUG, "%s: sending ICRQ\n", __FUNCTION__);
290 | control_xmit (buf);
291 | }
292 | else
293 | { /* jz: sending a OCRQ */
294 | c->state = OCRQ;
295 | if (c->lns)
296 | {
297 | c->lbit = c->lns->lbit ? LBIT : 0;
298 | /* c->ourrws = c->lns->call_rws;
299 | if (c->ourrws > -1) c->ourfbit = FBIT; else c->ourfbit = 0; */
300 | }
301 | else if (c->lac)
302 | {
303 | /* c->ourrws = c->lac->call_rws;
304 | if (c->ourrws > -1) c->ourfbit = FBIT; else c->ourfbit = 0; */
305 | }
306 |
307 | if (t->fc & SYNC_FRAMING)
308 | c->frame = SYNC_FRAMING;
309 | else
310 | c->frame = ASYNC_FRAMING;
311 | buf = new_outgoing (t);
312 | add_message_type_avp (buf, OCRQ);
313 | #ifdef TEST_HIDDEN
314 | add_callid_avp (buf, c->ourcid, t);
315 | #else
316 | add_callid_avp (buf, c->ourcid);
317 | #endif
318 | add_serno_avp (buf, global_serno);
319 | c->serno = global_serno;
320 | global_serno++;
321 | add_minbps_avp (buf, DEFAULT_MIN_BPS);
322 | add_maxbps_avp (buf, DEFAULT_MAX_BPS);
323 | add_bearer_avp (buf, 0);
324 | add_frame_avp (buf, c->frame);
325 | add_number_avp (buf, c->dial_no);
326 | add_control_hdr (t, c, buf);
327 | c->cnu = 0;
328 | if (packet_dump)
329 | do_packet_dump (buf);
330 | control_xmit (buf);
331 | }
332 | }
333 | break;
334 | case SCCRQ:
335 | /*
336 | * We've received a request, now let's
337 | * formulate a response.
338 | */
339 | if (t->tid <= 0)
340 | {
341 | if (DEBUG)
342 | log (LOG_DEBUG,
343 | "%s: Peer did not specify assigned tunnel ID. Closing.\n",
344 | __FUNCTION__);
345 | set_error (c, VENDOR_ERROR, "Specify your assigned tunnel ID");
346 | c->needclose = -1;
347 | return -EINVAL;
348 | }
349 | if (!(t->lns = get_lns (t)))
350 | {
351 | if (DEBUG)
352 | log (LOG_DEBUG,
353 | "%s: Denied connection to unauthorized peer %s\n",
354 | __FUNCTION__, IPADDY (t->peer.sin_addr));
355 | set_error (c, VENDOR_ERROR, "No Authorization");
356 | c->needclose = -1;
357 | return -EINVAL;
358 | }
359 | t->ourrws = t->lns->tun_rws;
360 | t->hbit = t->lns->hbit;
361 | if (t->fc < 0)
362 | {
363 | if (DEBUG)
364 | log (LOG_DEBUG,
365 | "%s: Peer did not specify framing capability. Closing.\n",
366 | __FUNCTION__);
367 | set_error (c, VENDOR_ERROR, "Specify framing capability");
368 | c->needclose = -1;
369 | return -EINVAL;
370 | }
371 | /* FIXME: Do we need to be sure they specified a version number?
372 | * Theoretically, yes, but we don't have anything in the code
373 | * to actually *do* anything with it, so...why check at this point?
374 | * We shouldn't be requiring a bearer capabilities avp to be present in
375 | * SCCRQ and SCCRP as they aren't required
376 | if (t->bc < 0 ) {
377 | if (DEBUG) log(LOG_DEBUG,
378 | "%s: Peer did not specify bearer capability. Closing.\n",__FUNCTION__);
379 | set_error(c, VENDOR_ERROR, "Specify bearer capability");
380 | c->needclose = -1;
381 | return -EINVAL;
382 | } */
383 | if (!strlen (t->hostname))
384 | {
385 | if (DEBUG)
386 | log (LOG_DEBUG,
387 | "%s: Peer did not specify hostname. Closing.\n",
388 | __FUNCTION__);
389 | set_error (c, VENDOR_ERROR, "Specify your hostname");
390 | c->needclose = -1;
391 | return -EINVAL;
392 | }
393 | y = tunnels.head;
394 | while (y)
395 | {
396 | if ((y->tid == t->tid) &&
397 | (y->peer.sin_addr.s_addr == t->peer.sin_addr.s_addr) &&
398 | (y != t))
399 | {
400 | /* This can happen if we get a duplicate
401 | StartCCN or if they don't get our ack packet */
402 | /*
403 | * But it is legitimate for two different remote systems
404 | * to use the same tid
405 | */
406 | log (LOG_DEBUG,
407 | "%s: Peer requested tunnel %d twice, ignoring second one.\n",
408 | __FUNCTION__, t->tid);
409 | c->needclose = 0;
410 | c->closing = -1;
411 | return 0;
412 | }
413 | y = y->next;
414 | }
415 | t->state = SCCRP;
416 | buf = new_outgoing (t);
417 | add_message_type_avp (buf, SCCRP);
418 | if (t->hbit)
419 | {
420 | mk_challenge (t->chal_them.vector, VECTOR_SIZE);
421 | add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE);
422 | }
423 | add_protocol_avp (buf);
424 | add_frame_caps_avp (buf, t->ourfc);
425 | add_bearer_caps_avp (buf, t->ourbc);
426 | add_firmware_avp (buf);
427 | add_hostname_avp (buf);
428 | add_vendor_avp (buf);
429 | add_tunnelid_avp (buf, t->ourtid);
430 | if (t->ourrws >= 0)
431 | add_avp_rws (buf, t->ourrws);
432 | if (t->chal_us.state)
433 | {
434 | t->chal_us.ss = SCCRP;
435 | handle_challenge (t, &t->chal_us);
436 | add_chalresp_avp (buf, t->chal_us.response, MD_SIG_SIZE);
437 | }
438 | if (t->lns->challenge)
439 | {
440 | mk_challenge (t->chal_them.challenge, MD_SIG_SIZE);
441 | t->chal_them.ss = SCCCN;
442 | if (handle_challenge (t, &t->chal_them))
443 | {
444 | /* We already know what to expect back */
445 | log (LOG_WARN, "%s: No secret for '%s'\n", __FUNCTION__,
446 | t->hostname);
447 | set_error (c, VENDOR_ERROR, "No secret on our side");
448 | toss (buf);
449 | return -EINVAL;
450 | };
451 | add_challenge_avp (buf, t->chal_them.challenge, MD_SIG_SIZE);
452 | }
453 | add_control_hdr (t, c, buf);
454 | if (packet_dump)
455 | do_packet_dump (buf);
456 | c->cnu = 0;
457 | if (debug_state)
458 | log (LOG_DEBUG, "%s: sending SCCRP\n", __FUNCTION__);
459 | control_xmit (buf);
460 | break;
461 | case SCCRP:
462 | /*
463 | * We have a reply. If everything is okay, send
464 | * a connected message
465 | */
466 | if (t->fc < 0)
467 | {
468 | if (DEBUG)
469 | log (LOG_DEBUG,
470 | "%s: Peer did not specify framing capability. Closing.\n",
471 | __FUNCTION__);
472 | set_error (c, VENDOR_ERROR, "Specify framing capability");
473 | c->needclose = -1;
474 | return -EINVAL;
475 | }
476 | /* FIXME: Do we need to be sure they specified a version number?
477 | * Theoretically, yes, but we don't have anything in the code
478 | * to actually *do* anything with it, so...why check at this point?
479 | * We shouldn't be requiring a bearer capabilities avp to be present in
480 | * SCCRQ and SCCRP as they aren't required
481 | if (t->bc < 0 ) {
482 | if (DEBUG) log(LOG_DEBUG,
483 | "%s: Peer did not specify bearer capability. Closing.\n",__FUNCTION__);
484 | set_error(c, VENDOR_ERROR, "Specify bearer capability");
485 | c->needclose = -1;
486 | return -EINVAL;
487 | } */
488 | if (!strlen (t->hostname))
489 | {
490 | if (DEBUG)
491 | log (LOG_DEBUG,
492 | "%s: Peer did not specify hostname. Closing.\n",
493 | __FUNCTION__);
494 | set_error (c, VENDOR_ERROR, "Specify your hostname");
495 | c->needclose = -1;
496 | return -EINVAL;
497 | }
498 | if (t->tid <= 0)
499 | {
500 | if (DEBUG)
501 | log (LOG_DEBUG,
502 | "%s: Peer did not specify assigned tunnel ID. Closing.\n",
503 | __FUNCTION__);
504 | set_error (c, VENDOR_ERROR, "Specify your assigned tunnel ID");
505 | c->needclose = -1;
506 | return -EINVAL;
507 | }
508 | if (t->chal_them.state)
509 | {
510 | t->chal_them.ss = SCCRP;
511 | if (handle_challenge (t, &t->chal_them))
512 | {
513 | set_error (c, VENDOR_ERROR, "No secret key on our side");
514 | log (LOG_WARN, "%s: No secret key for authenticating '%s'\n",
515 | __FUNCTION__, t->hostname);
516 | c->needclose = -1;
517 | return -EINVAL;
518 | }
519 | if (memcmp
520 | (t->chal_them.reply, t->chal_them.response, MD_SIG_SIZE))
521 | {
522 | set_error (c, VENDOR_ERROR,
523 | "Invalid challenge authentication");
524 | log (LOG_DEBUG, "%s: Invalid authentication for host '%s'\n",
525 | __FUNCTION__, t->hostname);
526 | c->needclose = -1;
527 | return -EINVAL;
528 | }
529 | }
530 | if (t->chal_us.state)
531 | {
532 | t->chal_us.ss = SCCCN;
533 | if (handle_challenge (t, &t->chal_us))
534 | {
535 | log (LOG_WARN, "%s: No secret for authenticating to '%s'\n",
536 | __FUNCTION__, t->hostname);
537 | set_error (c, VENDOR_ERROR, "No secret key on our end");
538 | c->needclose = -1;
539 | return -EINVAL;
540 | };
541 | }
542 | #ifdef USE_KERNEL
543 | if (kernel_support)
544 | {
545 | struct l2tp_tunnel_opts to;
546 | to.ourtid = t->ourtid;
547 | ioctl (server_socket, L2TPIOCGETTUNOPTS, &to);
548 | to.tid = t->tid;
549 | ioctl (server_socket, L2TPIOCSETTUNOPTS, &to);
550 | }
551 | #endif
552 | t->state = SCCCN;
553 | buf = new_outgoing (t);
554 | add_message_type_avp (buf, SCCCN);
555 | if (t->hbit)
556 | {
557 | mk_challenge (t->chal_them.vector, VECTOR_SIZE);
558 | add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE);
559 | }
560 | if (t->chal_us.state)
561 | add_chalresp_avp (buf, t->chal_us.response, MD_SIG_SIZE);
562 | add_control_hdr (t, c, buf);
563 | if (packet_dump)
564 | do_packet_dump (buf);
565 | c->cnu = 0;
566 | if (debug_state)
567 | log (LOG_DEBUG, "%s: sending SCCCN\n", __FUNCTION__);
568 | control_xmit (buf);
569 | /* Schedule a HELLO */
570 | tv.tv_sec = HELLO_DELAY;
571 | tv.tv_usec = 0;
572 | #ifdef DEBUG_HELLO
573 | log (LOG_DEBUG, "%s: scheduling initial HELLO on %d\n", __FUNCTION__,
574 | t->ourtid);
575 | #endif
576 | t->hello = schedule (tv, hello, (void *) t);
577 | log (LOG_LOG,
578 | "%s: Connection established to %s, %d. Local: %d, Remote: %d.\n",
579 | __FUNCTION__, IPADDY (t->peer.sin_addr),
580 | ntohs (t->peer.sin_port), t->ourtid, t->tid);
581 | if (t->lac)
582 | {
583 | /* This is part of a LAC, so we want to go ahead
584 | and start an ICRQ now */
585 | magic_lac_dial (t->lac);
586 | }
587 | break;
588 | case SCCCN:
589 | if (t->chal_them.state)
590 | {
591 | if (memcmp
592 | (t->chal_them.reply, t->chal_them.response, MD_SIG_SIZE))
593 | {
594 | set_error (c, VENDOR_ERROR,
595 | "Invalid challenge authentication");
596 | log (LOG_DEBUG, "%s: Invalid authentication for host '%s'\n",
597 | __FUNCTION__, t->hostname);
598 | c->needclose = -1;
599 | return -EINVAL;
600 | }
601 | }
602 | #ifdef USE_KERNEL
603 | if (kernel_support)
604 | {
605 | struct l2tp_tunnel_opts to;
606 | to.ourtid = t->ourtid;
607 | ioctl (server_socket, L2TPIOCGETTUNOPTS, &to);
608 | to.tid = t->tid;
609 | ioctl (server_socket, L2TPIOCSETTUNOPTS, &to);
610 | }
611 | #endif
612 | t->state = SCCCN;
613 | log (LOG_LOG,
614 | "%s: Connection established to %s, %d. Local: %d, Remote: %d. LNS session is '%s'\n",
615 | __FUNCTION__, IPADDY (t->peer.sin_addr),
616 | ntohs (t->peer.sin_port), t->ourtid, t->tid, t->lns->entname);
617 | /* Schedule a HELLO */
618 | tv.tv_sec = HELLO_DELAY;
619 | tv.tv_usec = 0;
620 | #ifdef DEBUG_HELLO
621 | log (LOG_DEBUG, "%s: scheduling initial HELLO on %d\n", __FUNCTION__,
622 | t->ourtid);
623 | #endif
624 | t->hello = schedule (tv, hello, (void *) t);
625 | break;
626 | case StopCCN:
627 | if (t->qtid < 0)
628 | {
629 | if (DEBUG)
630 | log (LOG_DEBUG,
631 | "%s: Peer tried to disconnect without specifying tunnel ID\n",
632 | __FUNCTION__);
633 | return -EINVAL;
634 | }
635 | if ((t->qtid != t->tid) && (t->tid > 0))
636 | {
637 | if (DEBUG)
638 | log (LOG_DEBUG,
639 | "%s: Peer tried to disconnect with invalid TID (%d != %d)\n",
640 | __FUNCTION__, t->qtid, t->tid);
641 | return -EINVAL;
642 | }
643 | /* In case they're disconnecting immediately after SCCN */
644 | if (!t->tid)
645 | t->tid = t->qtid;
646 | if (t->self->result < 0)
647 | {
648 | if (DEBUG)
649 | log (LOG_DEBUG,
650 | "%s: Peer tried to disconnect without specifying result code.\n",
651 | __FUNCTION__);
652 | return -EINVAL;
653 | }
654 | log (LOG_LOG,
655 | "%s: Connection closed to %s, port %d (%s), Local: %d, Remote: %d\n",
656 | __FUNCTION__, IPADDY (t->peer.sin_addr),
657 | ntohs (t->peer.sin_port), t->self->errormsg, t->ourtid, t->tid);
658 | c->needclose = 0;
659 | c->closing = -1;
660 | break;
661 | case ICRQ:
662 | p = t->call_head;
663 | if (!p->lns)
664 | {
665 | set_error (p, ERROR_INVALID, "This tunnel cannot accept calls\n");
666 | call_close (p);
667 | return -EINVAL;
668 | }
669 | p->lbit = p->lns->lbit ? LBIT : 0;
670 | /* p->ourrws = p->lns->call_rws;
671 | if (p->ourrws > -1) p->ourfbit = FBIT; else p->ourfbit = 0; */
672 | if (p->cid < 0)
673 | {
674 | if (DEBUG)
675 | log (LOG_DEBUG,
676 | "%s: Peer tried to initiate call without call ID\n",
677 | __FUNCTION__);
678 | /* Here it doesn't make sense to use the needclose flag because
679 | the call p did not receive any packets */
680 | call_close (p);
681 | return -EINVAL;
682 | }
683 | z = p->next;
684 | while (z)
685 | {
686 | if (z->cid == p->cid)
687 | {
688 | /* This can happen if we get a duplicate
689 | ICRQ or if they don't get our ack packet */
690 | log (LOG_DEBUG,
691 | "%s: Peer requested call %d twice, ignoring second one.\n",
692 | __FUNCTION__, p->cid);
693 | p->needclose = 0;
694 | p->closing = -1;
695 | return 0;
696 | }
697 | z = z->next;
698 | }
699 | p = t->call_head;
700 | /* FIXME: by commenting this out, we're not checking whether the serial
701 | * number avp is included in the ICRQ at all which its required to be.
702 | * Since the serial number is only used for human debugging aid, this
703 | * isn't a big deal, but it would be nice to have *some* sort of check
704 | * for it and perhaps just log it and go on. */
705 | /* JLM if (p->serno<1) {
706 | if (DEBUG) log(LOG_DEBUG,
707 | "%s: Peer did not specify serial number when initiating call\n", __FUNCTION__);
708 | call_close(p);
709 | return -EINVAL;
710 | } */
711 | p->addr = get_addr (t->lns->range);
712 | if (!p->addr)
713 | {
714 | set_error (p, ERROR_NORES, "No available IP address");
715 | call_close (p);
716 | log (LOG_DEBUG, "%s: Out of IP addresses on tunnel %d!\n",
717 | __FUNCTION__, t->tid);
718 | return -EINVAL;
719 | }
720 | reserve_addr (p->addr);
721 | p->state = ICRP;
722 | buf = new_outgoing (t);
723 | add_message_type_avp (buf, ICRP);
724 | if (t->hbit)
725 | {
726 | mk_challenge (t->chal_them.vector, VECTOR_SIZE);
727 | add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE);
728 | }
729 | #ifdef TEST_HIDDEN
730 | add_callid_avp (buf, p->ourcid, t);
731 | #else
732 | add_callid_avp (buf, p->ourcid);
733 | #endif
734 | /* if (p->ourrws >=0)
735 | add_avp_rws(buf, p->ourrws); */
736 | /*
737 | * FIXME: I should really calculate
738 | * Packet Processing Delay
739 | */
740 | /* add_ppd_avp(buf,ppd); */
741 | add_control_hdr (t, p, buf);
742 | if (packet_dump)
743 | do_packet_dump (buf);
744 | p->cnu = 0;
745 | if (debug_state)
746 | log (LOG_DEBUG, "%s: Sending ICRP\n", __FUNCTION__);
747 | control_xmit (buf);
748 | break;
749 | case ICRP:
750 | if (c->cid < 0)
751 | {
752 | if (DEBUG)
753 | log (LOG_DEBUG,
754 | "%s: Peer tried to negotiate ICRP without specifying call ID\n",
755 | __FUNCTION__);
756 | c->needclose = -1;
757 | return -EINVAL;
758 | }
759 | c->state = ICCN;
760 | if (t->fc & SYNC_FRAMING)
761 | c->frame = SYNC_FRAMING;
762 | else
763 | c->frame = ASYNC_FRAMING;
764 |
765 | buf = new_outgoing (t);
766 | add_message_type_avp (buf, ICCN);
767 | if (t->hbit)
768 | {
769 | mk_challenge (t->chal_them.vector, VECTOR_SIZE);
770 | add_randvect_avp (buf, t->chal_them.vector, VECTOR_SIZE);
771 | }
772 | add_txspeed_avp (buf, DEFAULT_TX_BPS);
773 | add_frame_avp (buf, c->frame);
774 | /* if (c->ourrws >= 0)
775 | add_avp_rws(buf, c->ourrws); */
776 | /* FIXME: Packet Processing Delay */
777 | /* We don't need any kind of proxy PPP stuff */
778 | /* Can we proxy authenticate ourselves??? */
779 | add_rxspeed_avp (buf, DEFAULT_RX_BPS);
780 | add_seqreqd_avp (buf);
781 | add_control_hdr (t, c, buf);
782 | if (packet_dump)
783 | do_packet_dump (buf);
784 | c->cnu = 0;
785 | #ifdef USE_KERNEL
786 | if (kernel_support)
787 | {
788 | co.ourtid = c->container->ourtid;
789 | co.ourcid = c->ourcid;
790 | ioctl (server_socket, L2TPIOCGETCALLOPTS, &co);
791 | co.cid = c->cid;
792 | co.flags = co.flags | L2TP_FLAG_CALL_UP;
793 | co.rws = c->rws;
794 | co.ourrws = c->ourrws;
795 | co.flags |= c->lbit;
796 | ioctl (server_socket, L2TPIOCSETCALLOPTS, &co);
797 | }
798 | #endif
799 | if (debug_state)
800 | log (LOG_DEBUG, "%s: Sending ICCN\n", __FUNCTION__);
801 | log (LOG_LOG,
802 | "%s: Call established with %s, Local: %d, Remote: %d, Serial: %d\n",
803 | __FUNCTION__, IPADDY (t->peer.sin_addr), c->ourcid, c->cid,
804 | c->serno);
805 | control_xmit (buf);
806 | po = NULL;
807 | po = add_opt (po, "passive");
808 | po = add_opt (po, "-detach");
809 | if (c->lac)
810 | {
811 | if (c->lac->defaultroute)
812 | po = add_opt (po, "defaultroute");
813 | strncpy (ip1, IPADDY (c->lac->localaddr), sizeof (ip1));
814 | strncpy (ip2, IPADDY (c->lac->remoteaddr), sizeof (ip2));
815 | po = add_opt (po, "%s:%s", c->lac->localaddr ? ip1 : "",
816 | c->lac->remoteaddr ? ip2 : "");
817 | if (c->lac->authself)
818 | {
819 | if (c->lac->pap_refuse)
820 | po = add_opt (po, "refuse-pap");
821 | if (c->lac->chap_refuse)
822 | po = add_opt (po, "refuse-chap");
823 | }
824 | else
825 | {
826 | po = add_opt (po, "refuse-pap");
827 | po = add_opt (po, "refuse-chap");
828 | }
829 | if (c->lac->authpeer)
830 | {
831 | po = add_opt (po, "auth");
832 | if (c->lac->pap_require)
833 | po = add_opt (po, "require-pap");
834 | if (c->lac->chap_require)
835 | po = add_opt (po, "require-chap");
836 | }
837 | if (c->lac->authname[0])
838 | {
839 | po = add_opt (po, "name");
840 | po = add_opt (po, c->lac->authname);
841 | }
842 | if (c->lac->debug)
843 | po = add_opt (po, "debug");
844 | if (c->lac->pppoptfile[0])
845 | {
846 | po = add_opt (po, "file");
847 | po = add_opt (po, c->lac->pppoptfile);
848 | }
849 | };
850 | start_pppd (c, po);
851 | opt_destroy (po);
852 | if (c->lac)
853 | c->lac->rtries = 0;
854 | break;
855 | case ICCN:
856 | if (c == t->self)
857 | {
858 | log (LOG_DEBUG,
859 | "%s: Peer attempted ICCN on the actual tunnel, not the call",
860 | __FUNCTION__);
861 | return -EINVAL;
862 | }
863 | if (c->txspeed < 1)
864 | {
865 | log (LOG_DEBUG,
866 | "%s: Peer did not specify transmit speed\n", __FUNCTION__);
867 | c->needclose = -1;
868 | return -EINVAL;
869 | };
870 | if (c->frame < 1)
871 | {
872 | log (LOG_DEBUG,
873 | "%s: Peer did not specify framing type\n", __FUNCTION__);
874 | c->needclose = -1;
875 | return -EINVAL;
876 | }
877 | c->state = ICCN;
878 | #ifdef USE_KERNEL
879 | if (kernel_support)
880 | {
881 | co.ourtid = c->container->ourtid;
882 | co.ourcid = c->ourcid;
883 | if (ioctl (server_socket, L2TPIOCGETCALLOPTS, &co))
884 | perror ("ioctl(get)");
885 | co.cid = c->cid;
886 | co.flags = co.flags | L2TP_FLAG_CALL_UP;
887 | co.rws = c->rws;
888 | co.ourrws = c->ourrws;
889 | co.flags |= c->lbit;
890 | if (ioctl (server_socket, L2TPIOCSETCALLOPTS, &co))
891 | perror ("ioctl(set)");
892 | }
893 | #endif
894 | strncpy (ip1, IPADDY (c->lns->localaddr), sizeof (ip1));
895 | strncpy (ip2, IPADDY (c->addr), sizeof (ip2));
896 | po = NULL;
897 | po = add_opt (po, "passive");
898 | po = add_opt (po, "-detach");
899 | po = add_opt (po, "%s:%s", c->lns->localaddr ? ip1 : "", ip2);
900 | if (c->lns->authself)
901 | {
902 | if (c->lns->pap_refuse)
903 | po = add_opt (po, "refuse-pap");
904 | if (c->lns->chap_refuse)
905 | po = add_opt (po, "refuse-chap");
906 | }
907 | else
908 | {
909 | po = add_opt (po, "refuse-pap");
910 | po = add_opt (po, "refuse-chap");
911 | }
912 | if (c->lns->authpeer)
913 | {
914 | po = add_opt (po, "auth");
915 | if (c->lns->pap_require)
916 | po = add_opt (po, "require-pap");
917 | if (c->lns->chap_require)
918 | po = add_opt (po, "require-chap");
919 | if (c->lns->passwdauth)
920 | po = add_opt (po, "login");
921 | }
922 | if (c->lns->authname[0])
923 | {
924 | po = add_opt (po, "name");
925 | po = add_opt (po, c->lns->authname);
926 | }
927 | if (c->lns->debug)
928 | po = add_opt (po, "debug");
929 | if (c->lns->pppoptfile[0])
930 | {
931 | po = add_opt (po, "file");
932 | po = add_opt (po, c->lns->pppoptfile);
933 | }
934 | start_pppd (c, po);
935 | opt_destroy (po);
936 | log (LOG_LOG,
937 | "%s: Call established with %s, Local: %d, Remote: %d, Serial: %d\n",
938 | __FUNCTION__, IPADDY (t->peer.sin_addr), c->ourcid, c->cid,
939 | c->serno);
940 | break;
941 | case OCRP: /* jz: nothing to do for OCRP, waiting for OCCN */
942 | break;
943 | case OCCN: /* jz: get OCCN, so the only thing we must do is to start the pppd */
944 | po = NULL;
945 | po = add_opt (po, "passive");
946 | po = add_opt (po, "-detach");
947 | po = add_opt (po, "file");
948 | strcat (dummy_buf, c->dial_no); /* jz: use /etc/ppp/dialnumber.options for pppd - kick it if you dont like */
949 | strcat (dummy_buf, ".options");
950 | po = add_opt (po, dummy_buf);
951 | if (c->lac)
952 | {
953 | if (c->lac->defaultroute)
954 | po = add_opt (po, "defaultroute");
955 | strncpy (ip1, IPADDY (c->lac->localaddr), sizeof (ip1));
956 | strncpy (ip2, IPADDY (c->lac->remoteaddr), sizeof (ip2));
957 | po = add_opt (po, "%s:%s", c->lac->localaddr ? ip1 : "",
958 | c->lac->remoteaddr ? ip2 : "");
959 | if (c->lac->authself)
960 | {
961 | if (c->lac->pap_refuse)
962 | po = add_opt (po, "refuse-pap");
963 | if (c->lac->chap_refuse)
964 | po = add_opt (po, "refuse-chap");
965 | }
966 | else
967 | {
968 | po = add_opt (po, "refuse-pap");
969 | po = add_opt (po, "refuse-chap");
970 | }
971 | if (c->lac->authpeer)
972 | {
973 | po = add_opt (po, "auth");
974 | if (c->lac->pap_require)
975 | po = add_opt (po, "require-pap");
976 | if (c->lac->chap_require)
977 | po = add_opt (po, "require-chap");
978 | }
979 | if (c->lac->authname[0])
980 | {
981 | po = add_opt (po, "name");
982 | po = add_opt (po, c->lac->authname);
983 | }
984 | if (c->lac->debug)
985 | po = add_opt (po, "debug");
986 | if (c->lac->pppoptfile[0])
987 | {
988 | po = add_opt (po, "file");
989 | po = add_opt (po, c->lac->pppoptfile);
990 | }
991 | };
992 | start_pppd (c, po);
993 |
994 | log (LOG_LOG, "parameters: Local: %d , Remote: %d , Serial: %d , Pid: %d , Tunnelid: %d , Phoneid: %s\n", c->ourcid, c->cid, c->serno, c->pppd, t->ourtid, c->dial_no); /* jz: just show some information */
995 |
996 | opt_destroy (po);
997 | if (c->lac)
998 | c->lac->rtries = 0;
999 | break;
1000 |
1001 |
1002 | case CDN:
1003 | if (c->qcid < 0)
1004 | {
1005 | if (DEBUG)
1006 | log (LOG_DEBUG,
1007 | "%s: Peer tried to disconnect without specifying call ID\n",
1008 | __FUNCTION__);
1009 | return -EINVAL;
1010 | }
1011 | if (c == t->self)
1012 | {
1013 | p = t->call_head;
1014 | while (p && (p->cid != c->qcid))
1015 | p = p->next;
1016 | if (!p)
1017 | {
1018 | if (DEBUG)
1019 | log (LOG_DEBUG,
1020 | "%s: Unable to determine call to be disconnected.\n",
1021 | __FUNCTION__);
1022 | return -EINVAL;
1023 | }
1024 | }
1025 | else
1026 | p = c;
1027 | if ((c->qcid != p->cid) && p->cid > 0)
1028 | {
1029 | if (DEBUG)
1030 | log (LOG_DEBUG,
1031 | "%s: Peer tried to disconnect with invalid CID (%d != %d)\n",
1032 | __FUNCTION__, c->qcid, c->cid);
1033 | return -EINVAL;
1034 | }
1035 | c->qcid = -1;
1036 | if (c->result < 0)
1037 | {
1038 | if (DEBUG)
1039 | log (LOG_DEBUG,
1040 | "%s: Peer tried to disconnect without specifying result code.\n",
1041 | __FUNCTION__);
1042 | return -EINVAL;
1043 | }
1044 | log (LOG_LOG,
1045 | "%s: Connection closed to %s, serial %d (%s)\n", __FUNCTION__,
1046 | IPADDY (t->peer.sin_addr), c->serno, c->errormsg);
1047 | c->needclose = 0;
1048 | c->closing = -1;
1049 | break;
1050 | case Hello:
1051 | break;
1052 | case SLI:
1053 | break;
1054 | default:
1055 | log (LOG_DEBUG,
1056 | "%s: Don't know how to finish a message of type %d\n",
1057 | __FUNCTION__, c->msgtype);
1058 | set_error (c, VENDOR_ERROR, "Unimplemented message %d\n", c->msgtype);
1059 | }
1060 | return 0;
1061 | }
1062 |
1063 | inline int check_control (const struct buffer *buf, struct tunnel *t,
1064 | struct call *c)
1065 | {
1066 | /*
1067 | * Check if this is a valid control
1068 | * or not. Returns 0 on success
1069 | */
1070 | struct control_hdr *h = (struct control_hdr *) (buf->start);
1071 | struct buffer *zlb;
1072 | if (buf->len < sizeof (struct control_hdr))
1073 | {
1074 | if (DEBUG)
1075 | {
1076 | log (LOG_DEBUG,
1077 | "%s: Received too small of packet\n", __FUNCTION__);
1078 | }
1079 | return -EINVAL;
1080 | }
1081 | #ifdef SANITY
1082 | if (buf->len != h->length)
1083 | {
1084 | if (DEBUG)
1085 | {
1086 | log (LOG_DEBUG,
1087 | "%s: Reported and actual sizes differ (%d != %d)\n",
1088 | __FUNCTION__, h->length, buf->len);
1089 | }
1090 | return -EINVAL;
1091 | }
1092 | /*
1093 | * FIXME: H-bit handling goes here
1094 | */
1095 | #ifdef DEBUG_CONTROL
1096 | log (LOG_DEBUG, "%s: control, cid = %d, Ns = %d, Nr = %d\n", __FUNCTION__,
1097 | c->cid, h->Ns, h->Nr);
1098 | #endif
1099 | if (h->Ns != t->cSr)
1100 | {
1101 | if (DEBUG)
1102 | log (LOG_DEBUG,
1103 | "%s: Received out of order control packet on tunnel %d (%d != %d)\n",
1104 | __FUNCTION__, t->tid, h->Ns, t->cSr);
1105 | if (((h->Ns < t->cSr) && ((t->cSr - h->Ns) < 32768)) ||
1106 | ((h->Ns > t->cSr) && ((t->cSr - h->Ns) > 32768)))
1107 | {
1108 | /*
1109 | * Woopsies, they sent us a message we should have already received
1110 | * so we should send them a ZLB so they know
1111 | * for sure that we already have it.
1112 | */
1113 | #ifdef DEBUG_ZLB
1114 | if (DEBUG)
1115 | log (LOG_DEBUG, "%s: Sending an updated ZLB in reponse\n",
1116 | __FUNCTION__);
1117 | #endif
1118 | zlb = new_outgoing (t);
1119 | control_zlb (zlb, t, c);
1120 | udp_xmit (zlb);
1121 | toss (zlb);
1122 | }
1123 | else if (!t->cSr && (t->tid == -1))
1124 | {
1125 | /* We made this tunnel just for this message, so let's
1126 | destroy it. */
1127 | c->needclose = 0;
1128 | c->closing = -1;
1129 | }
1130 | return -EINVAL;
1131 | }
1132 | else
1133 | {
1134 | t->cSr++;
1135 | c->cnu = -1;
1136 | }
1137 | /*
1138 | * So we know what the other end has received
1139 | * so far
1140 | */
1141 |
1142 | t->cLr = h->Nr;
1143 | if (t->sanity)
1144 | {
1145 | if (!CTBIT (h->ver))
1146 | {
1147 | if (DEBUG)
1148 | {
1149 | log (LOG_DEBUG, "%s: Control bit not set\n", __FUNCTION__);
1150 | }
1151 | return -EINVAL;
1152 | }
1153 | if (!CLBIT (h->ver))
1154 | {
1155 | if (DEBUG)
1156 | {
1157 | log (LOG_DEBUG, "%s: Length bit not set\n", __FUNCTION__);
1158 | }
1159 | return -EINVAL;
1160 | }
1161 | if (!CFBIT (h->ver))
1162 | {
1163 | if (DEBUG)
1164 | {
1165 | log (LOG_DEBUG, "%s: Flow bit not set\n", __FUNCTION__);
1166 | }
1167 | return -EINVAL;
1168 | }
1169 | if (CVER (h->ver) != VER_L2TP)
1170 | {
1171 | if (DEBUG)
1172 | {
1173 | if (CVER (h->ver) == VER_PPTP)
1174 | {
1175 | log (LOG_DEBUG,
1176 | "%s: PPTP packet received\n", __FUNCTION__);
1177 | }
1178 | else if (CVER (h->ver) < VER_L2TP)
1179 | {
1180 | log (LOG_DEBUG,
1181 | "%s: L2F packet received\n", __FUNCTION__);
1182 | }
1183 | else
1184 | {
1185 | log (LOG_DEBUG,
1186 | "%s: Unknown version received\n", __FUNCTION__);
1187 | }
1188 | }
1189 | return -EINVAL;
1190 | }
1191 |
1192 | }
1193 | #endif
1194 | return 0;
1195 | }
1196 |
1197 | inline int check_payload (struct buffer *buf, struct tunnel *t,
1198 | struct call *c)
1199 | {
1200 | /*
1201 | * Check if this is a valid payload
1202 | * or not. Returns 0 on success.
1203 | */
1204 |
1205 | int ehlen = MIN_PAYLOAD_HDR_LEN;
1206 | struct payload_hdr *h = (struct payload_hdr *) (buf->start);
1207 | if (!c)
1208 | {
1209 | if (DEBUG)
1210 | {
1211 | log (LOG_DEBUG, "%s: Aempted to send payload on tunnel\n",
1212 | __FUNCTION__);
1213 | }
1214 | return -EINVAL;
1215 | }
1216 | if (buf->len < MIN_PAYLOAD_HDR_LEN)
1217 | {
1218 | /* has to be at least MIN_PAYLOAD_HDR_LEN
1219 | no matter what. we'll look more later */
1220 | if (DEBUG)
1221 | {
1222 | log (LOG_DEBUG, "%s:Recieved to small of packet\n", __FUNCTION__);
1223 | }
1224 | return -EINVAL;
1225 | }
1226 | #ifdef SANITY
1227 | if (t->sanity)
1228 | {
1229 | if (PTBIT (h->ver))
1230 | {
1231 | if (DEBUG)
1232 | {
1233 | log (LOG_DEBUG, "%s Control bit set\n", __FUNCTION__);
1234 | }
1235 | return -EINVAL;
1236 | }
1237 | if (PLBIT (h->ver))
1238 | ehlen += 2; /* Should have length information */
1239 | if (PFBIT (h->ver))
1240 | {
1241 | /* if (!c->fbit && !c->ourfbit) {
1242 | if (DEBUG)
1243 | log(LOG_DEBUG,"%s: flow bit set, but no RWS negotiated.\n",__FUNCTION__);
1244 | return -EINVAL;
1245 | } */
1246 | ehlen += 4; /* Should have Ns and Nr too */
1247 | }
1248 | /* if (!PFBIT(h->ver)) {
1249 | if (c->fbit || c->ourfbit) {
1250 | if (DEBUG)
1251 | log(LOG_DEBUG, "%s: no flow bit, but RWS was negotiated.\n",__FUNCTION__);
1252 | return -EINVAL;;
1253 | }
1254 | } */
1255 | if (PSBIT (h->ver))
1256 | ehlen += 4; /* Offset information */
1257 | if (PLBIT (h->ver))
1258 | ehlen += h->length; /* include length if available */
1259 | if (PVER (h->ver) != VER_L2TP)
1260 | {
1261 | if (DEBUG)
1262 | {
1263 | if (PVER (h->ver) == VER_PPTP)
1264 | {
1265 | log (LOG_DEBUG, "%s: PPTP packet received\n",
1266 | __FUNCTION__);
1267 | }
1268 | else if (CVER (h->ver) < VER_L2TP)
1269 | {
1270 | log (LOG_DEBUG, "%s: L2F packet received\n",
1271 | __FUNCTION__);
1272 | }
1273 | else
1274 | {
1275 | log (LOG_DEBUG, "%s: Unknown version received\n",
1276 | __FUNCTION__);
1277 | }
1278 | }
1279 | return -EINVAL;
1280 | }
1281 | if ((buf->len < ehlen) && !PLBIT (h->ver))
1282 | {
1283 | if (DEBUG)
1284 | {
1285 | log (LOG_DEBUG, "%s payload too small (%d < %d)\n",
1286 | __FUNCTION__, buf->len, ehlen);
1287 | }
1288 | return -EINVAL;
1289 | }
1290 | if ((buf->len != h->length) && PLBIT (h->ver))
1291 | {
1292 | if (DEBUG)
1293 | {
1294 | log (LOG_DEBUG, "%s: size mismatch (%d != %d)\n",
1295 | __FUNCTION__, buf->len, h->length);
1296 | }
1297 | return -EINVAL;
1298 | }
1299 | }
1300 | #endif
1301 | return 0;
1302 | }
1303 | inline int expand_payload (struct buffer *buf, struct tunnel *t,
1304 | struct call *c)
1305 | {
1306 | /*
1307 | * Expands payload header. Does not check for valid header,
1308 | * check_payload() should already be called as a prerequisite.
1309 | */
1310 | struct payload_hdr *h = (struct payload_hdr *) (buf->start);
1311 | _u16 *r = (_u16 *) h; /* Nice to have raw word pointers */
1312 | struct payload_hdr *new_hdr;
1313 | int ehlen = 0;
1314 | /*
1315 | * We first calculate our offset
1316 | */
1317 | if (!PLBIT (h->ver))
1318 | ehlen += 2; /* Should have length information */
1319 | if (!PFBIT (h->ver))
1320 | ehlen += 4; /* Should have Ns and Nr too */
1321 | if (!PSBIT (h->ver))
1322 | ehlen += 4; /* Offset information */
1323 | if (ehlen)
1324 | {
1325 | /*
1326 | * If this payload is missing any information, we'll
1327 | * fill it in
1328 | */
1329 | new_hdr = (struct payload_hdr *) (buf->start - ehlen);
1330 | if ((void *) new_hdr < (void *) buf->rstart)
1331 | {
1332 | log (LOG_WARN, "%s: not enough space to decompress frame\n",
1333 | __FUNCTION__);
1334 | return -EINVAL;
1335 |
1336 | };
1337 | new_hdr->ver = *r;
1338 | if (PLBIT (new_hdr->ver))
1339 | {
1340 | r++;
1341 | new_hdr->length = *r;
1342 | }
1343 | else
1344 | {
1345 | new_hdr->length = buf->len + ehlen;
1346 | };
1347 | r++;
1348 | new_hdr->tid = *r;
1349 | r++;
1350 | new_hdr->cid = *r;
1351 | if (PFBIT (new_hdr->ver))
1352 | {
1353 | r++;
1354 | new_hdr->Ns = *r;
1355 | r++;
1356 | new_hdr->Nr = *r;
1357 | }
1358 | else
1359 | {
1360 | new_hdr->Nr = c->pSs;
1361 | new_hdr->Ns = c->pSr;
1362 | };
1363 | if (PSBIT (new_hdr->ver))
1364 | {
1365 | r++;
1366 | new_hdr->o_size = *r;
1367 | r++;
1368 | new_hdr->o_pad = *r;
1369 | }
1370 | else
1371 | {
1372 | new_hdr->o_size = 0;
1373 | new_hdr->o_pad = 0;
1374 | }
1375 | }
1376 | else
1377 | new_hdr = h;
1378 | /*
1379 | * Handle sequence numbers
1380 | *
1381 | */
1382 | /* JLM if (PRBIT(new_hdr->ver)) {
1383 | if (c->pSr > new_hdr->Ns) {
1384 | log(LOG_DEBUG, "%s: R-bit set with Ns < pSr!\n",__FUNCTION__);
1385 | return -EINVAL;
1386 | }
1387 | #ifdef DEBUG_FLOW
1388 | log(LOG_DEBUG, "%s: R-bit set on packet %d\n",__FUNCTION__,new_hdr->Ns);
1389 | #endif
1390 | c->pSr=new_hdr->Ns;
1391 | } */
1392 | #ifdef DEBUG_PAYLOAD
1393 | log (LOG_DEBUG, "%s: payload, cid = %d, Ns = %d, Nr = %d\n", __FUNCTION__,
1394 | c->cid, new_hdr->Ns, new_hdr->Nr);
1395 | #endif
1396 | if (new_hdr->Ns != c->pSr)
1397 | {
1398 | /* RFC1982-esque comparison of serial numbers */
1399 | if (((new_hdr->Ns < c->pSr) && ((c->pSr - new_hdr->Ns) < 32768)) ||
1400 | ((new_hdr->Ns > c->pSr) && ((c->pSr - new_hdr->Ns) > 32768)))
1401 | {
1402 | #ifdef DEBUG_FLOW
1403 | if (DEBUG)
1404 | log (LOG_DEBUG,
1405 | "%s: Already seen this packet before (%d < %d)\n",
1406 | __FUNCTION__, new_hdr->Ns, c->pSr);
1407 | #endif
1408 | return -EINVAL;
1409 | }
1410 | else if (new_hdr->Ns <= c->pSr + PAYLOAD_FUDGE)
1411 | {
1412 | /* FIXME: I should buffer for out of order packets */
1413 | #ifdef DEBUG_FLOW
1414 | if (DEBUG)
1415 | log (LOG_DEBUG,
1416 | "%s: Oops, lost a packet or two (%d != %d). continuing...\n",
1417 | __FUNCTION__, new_hdr->Ns, c->pSr);
1418 | #endif
1419 | c->pSr = new_hdr->Ns;
1420 | }
1421 | else
1422 | {
1423 | #ifdef DEBUG_FLOW
1424 | if (DEBUG)
1425 | log (LOG_DEBUG,
1426 | "%s: Received out of order payload packet (%d != %d)\n",
1427 | __FUNCTION__, new_hdr->Ns, c->pSr);
1428 | #endif
1429 | return -EINVAL;
1430 | }
1431 | }
1432 | else
1433 | {
1434 | c->pSr++;
1435 | c->pnu = -1;
1436 | }
1437 | /*
1438 | * Check to see what the last thing
1439 | * we got back was
1440 | */
1441 | c->pLr = new_hdr->Nr;
1442 | buf->start = new_hdr;
1443 | buf->len += ehlen;
1444 | return 0;
1445 | }
1446 |
1447 | void send_zlb (void *data)
1448 | {
1449 | /*
1450 | * Send a ZLB. This procedure should be schedule()able
1451 | */
1452 | struct call *c;
1453 | struct tunnel *t;
1454 | struct buffer *buf;
1455 | c = (struct call *) data;
1456 | if (!c)
1457 | {
1458 | log (LOG_WARN, "%s: called on NULL call\n", __FUNCTION__);
1459 | return;
1460 | }
1461 | t = c->container;
1462 | if (!t)
1463 | {
1464 | log (LOG_WARN, "%s: called on call with NULL container\n",
1465 | __FUNCTION__);
1466 | return;
1467 | }
1468 | /* Update the counter so we know what Lr was when we last transmited a ZLB */
1469 | c->prx = c->pSr;
1470 | buf = new_payload (t->peer);
1471 | add_payload_hdr (t, c, buf);
1472 | c->pSs--; /* We don't increment on ZLB's */
1473 | c->zlb_xmit = NULL;
1474 | #ifdef DEBUG_ZLB
1475 | log (LOG_DEBUG, "%s: sending payload ZLB\n", __FUNCTION__);
1476 | #endif
1477 | udp_xmit (buf);
1478 | toss (buf);
1479 | }
1480 |
1481 | inline int write_packet (struct buffer *buf, struct tunnel *t, struct call *c,
1482 | int convert)
1483 | {
1484 | /*
1485 | * Write a packet, doing sync->async conversion if
1486 | * necessary
1487 | */
1488 | int x;
1489 | unsigned char e;
1490 | int err;
1491 | static unsigned char wbuf[MAX_RECV_SIZE];
1492 | int pos = 0;
1493 |
1494 | if (c->fd < 0)
1495 | {
1496 | if (DEBUG)
1497 | log (LOG_DEBUG, "%s: tty is not open yet.\n", __FUNCTION__);
1498 | return -EIO;
1499 | }
1500 | /*
1501 | * Skip over header
1502 | */
1503 | buf->start += sizeof (struct payload_hdr);
1504 | buf->len -= sizeof (struct payload_hdr);
1505 |
1506 | c->rx_pkts++;
1507 | c->rx_bytes += buf->len;
1508 |
1509 | /*
1510 | * FIXME: What about offset?
1511 | */
1512 |
1513 | while (!convert)
1514 | {
1515 | /* We are given async frames, so write them
1516 | directly to the tty */
1517 | err = write (c->fd, buf->start, buf->len);
1518 | if (err == buf->len)
1519 | {
1520 | return 0;
1521 | }
1522 | else if (err == 0)
1523 | {
1524 | log (LOG_WARN, "%s: wrote no bytes of async packet\n",
1525 | __FUNCTION__);
1526 | return -EINVAL;
1527 | }
1528 | else if (err < 0)
1529 | {
1530 | if ((errno == EAGAIN) || (errno == EINTR))
1531 | {
1532 | continue;
1533 | }
1534 | else
1535 | {
1536 | log (LOG_WARN, "%s: async write failed: %s\n", __FUNCTION__,
1537 | strerror (errno));
1538 | }
1539 | }
1540 | else if (err < buf->len)
1541 | {
1542 | log (LOG_WARN, "%s: short write (%d of %d bytes)\n", __FUNCTION__,
1543 | err, buf->len);
1544 | return -EINVAL;
1545 | }
1546 | else if (err > buf->len)
1547 | {
1548 | log (LOG_WARN, "%s: write returned LONGER than buffer length?\n",
1549 | __FUNCTION__);
1550 | return -EINVAL;
1551 | }
1552 | }
1553 |
1554 | /*
1555 | * sync->async conversion if we're doing sync frames
1556 | * since the pppd driver will expect async frames
1557 | * Write leading flag character
1558 | */
1559 |
1560 | add_fcs (buf);
1561 | e = PPP_FLAG;
1562 | wbuf[pos++] = e;
1563 | for (x = 0; x < buf->len; x++)
1564 | {
1565 | e = *((char *) buf->start + x);
1566 | if ((e < 0x20) || (e == PPP_ESCAPE) || (e == PPP_FLAG))
1567 | {
1568 | /* Escape this */
1569 | e = e ^ 0x20;
1570 | wbuf[pos++] = PPP_ESCAPE;
1571 | }
1572 | wbuf[pos++] = e;
1573 |
1574 | }
1575 | wbuf[pos++] = PPP_FLAG;
1576 | x = write (c->fd, wbuf, pos);
1577 | if (x < pos)
1578 | {
1579 | if (!(errno == EINTR) && !(errno == EAGAIN))
1580 | {
1581 | /*
1582 | * I guess pppd died. we'll pretend
1583 | * everything ended normally
1584 | */
1585 | if (DEBUG)
1586 | log (LOG_WARN, "%s: %s(%d)\n", __FUNCTION__, strerror (errno),
1587 | errno);
1588 | c->needclose = -1;
1589 | c->fd = -1;
1590 | return -EIO;
1591 | }
1592 | }
1593 | return 0;
1594 | }
1595 |
1596 | void handle_special (struct buffer *buf, struct call *c, _u16 call)
1597 | {
1598 | /*
1599 | * This procedure is called when we have received a packet
1600 | * on a call which doesn't exist in our tunnel. We want to
1601 | * send back a ZLB to keep the tunnel alive, on that particular
1602 | * call if it was a CDN, otherwise, send a CDN to notify them
1603 | * that this call has been terminated.
1604 | */
1605 | struct buffer *outgoing;
1606 | struct tunnel *t = c->container;
1607 | /* Don't do anything unless it's a control packet */
1608 | if (!CTBIT (*((_u16 *) buf->start)))
1609 | return;
1610 | /* Temporarily, we make the tunnel have cid of call instead of 0,
1611 | but we need to stop any scheduled events (like Hello's in
1612 | particular) which might use this value */
1613 | c->cid = call;
1614 | if (!check_control (buf, t, c))
1615 | {
1616 | if (buf->len == sizeof (struct control_hdr))
1617 | {
1618 | /* If it's a ZLB, we ignore it */
1619 | if (debug_tunnel)
1620 | log (LOG_DEBUG, "%s: ZLB for closed call\n", __FUNCTION__);
1621 | c->cid = 0;
1622 | return;
1623 | }
1624 | /* Make a packet with the specified call number */
1625 | outgoing = new_outgoing (t);
1626 | /* FIXME: If I'm not a CDN, I need to send a CDN */
1627 | control_zlb (buf, t, c);
1628 | c->cid = 0;
1629 | udp_xmit (buf);
1630 | toss (buf);
1631 | }
1632 | else
1633 | {
1634 | c->cid = 0;
1635 | if (debug_tunnel)
1636 | log (LOG_DEBUG, "%s: invalid control packet\n", __FUNCTION__);
1637 | }
1638 | }
1639 |
1640 | inline int handle_packet (struct buffer *buf, struct tunnel *t,
1641 | struct call *c)
1642 | {
1643 | int res;
1644 | struct timeval tv;
1645 | if (CTBIT (*((_u16 *) buf->start)))
1646 | {
1647 | /* We have a control packet */
1648 | if (!check_control (buf, t, c))
1649 | {
1650 | c->msgtype = -1;
1651 | if (buf->len == sizeof (struct control_hdr))
1652 | {
1653 | #ifdef DEBUG_ZLB
1654 | log (LOG_DEBUG, "%s: control ZLB received\n", __FUNCTION__);
1655 | #endif
1656 | t->cSr--;
1657 | c->cnu = 0;
1658 | if (c->needclose && c->closing)
1659 | {
1660 | if (c->container->cLr >= c->closeSs)
1661 | {
1662 | #ifdef DEBUG_ZLB
1663 | log (LOG_DEBUG, "%s: ZLB for closing message found\n",
1664 | __FUNCTION__);
1665 | #endif
1666 | c->needclose = 0;
1667 | /* Trigger final closing of call */
1668 | }
1669 | }
1670 | return 0;
1671 | }
1672 | else if (!handle_avps (buf, t, c))
1673 | return control_finish (t, c);
1674 | else
1675 | {
1676 | if (debug_tunnel)
1677 | log (LOG_DEBUG, "%s: bad AVP handling!\n", __FUNCTION__);
1678 | return -EINVAL;
1679 | }
1680 | }
1681 | else
1682 | {
1683 | log (LOG_DEBUG, "%s: bad control packet!\n", __FUNCTION__);
1684 | return -EINVAL;
1685 | }
1686 | }
1687 | else
1688 | {
1689 | if (!check_payload (buf, t, c))
1690 | {
1691 | if (!expand_payload (buf, t, c))
1692 | {
1693 | if (buf->len > sizeof (struct payload_hdr))
1694 | {
1695 | /* if (c->throttle) {
1696 | if (c->pSs > c->pLr + c->rws) {
1697 | #ifdef DEBUG_FLOW
1698 | log(LOG_DEBUG, "%s: not yet dethrottling call\n",__FUNCTION__);
1699 | #endif
1700 | } else {
1701 | #ifdef DEBUG_FLOW
1702 | log(LOG_DEBUG, "%s: dethrottling call\n",__FUNCTION__);
1703 | #endif
1704 | if (c->dethrottle) deschedule(c->dethrottle);
1705 | c->dethrottle=NULL;
1706 | c->throttle = 0;
1707 | }
1708 | } */
1709 | /* JLM res = write_packet(buf,t,c, c->frame & SYNC_FRAMING); */
1710 | res = write_packet (buf, t, c, SYNC_FRAMING);
1711 | if (res)
1712 | return res;
1713 | /*
1714 | * Assuming we wrote to the ppp driver okay, we should
1715 | * do something about ZLB's unless *we* requested no
1716 | * window size or if they we have turned off our fbit.
1717 | */
1718 |
1719 | /* if (c->ourfbit && (c->ourrws > 0)) {
1720 | if (c->pSr >= c->prx + c->ourrws - 2) {
1721 | We've received enough to fill our receive window. At
1722 | this point, we should immediately send a ZLB!
1723 | #ifdef DEBUG_ZLB
1724 | log(LOG_DEBUG, "%s: Sending immediate ZLB!\n",__FUNCTION__);
1725 | #endif
1726 | if (c->zlb_xmit) {
1727 | Deschedule any existing zlb_xmit's
1728 | deschedule(c->zlb_xmit);
1729 | c->zlb_xmit = NULL;
1730 | }
1731 | send_zlb((void *)c);
1732 | } else {
1733 | We need to schedule sending a ZLB. FIXME: Should
1734 | be 1/4 RTT instead, when rate adaptive stuff is
1735 | in place. Spec allows .5 seconds though
1736 | tv.tv_sec = 0;
1737 | tv.tv_usec = 500000;
1738 | if (c->zlb_xmit)
1739 | deschedule(c->zlb_xmit);
1740 | #ifdef DEBUG_ZLB
1741 | log(LOG_DEBUG, "%s: scheduling ZLB\n",__FUNCTION__);
1742 | #endif
1743 | c->zlb_xmit = schedule(tv, &send_zlb, (void *)c);
1744 | }
1745 | } */
1746 | return 0;
1747 | }
1748 | else if (buf->len == sizeof (struct payload_hdr))
1749 | {
1750 | #ifdef DEBUG_ZLB
1751 | log (LOG_DEBUG, "%s: payload ZLB received\n",
1752 | __FUNCTION__);
1753 | #endif
1754 | /* if (c->throttle) {
1755 | if (c->pSs > c->pLr + c->rws) {
1756 | #ifdef DEBUG_FLOW
1757 | log(LOG_DEBUG, "%s: not yet dethrottling call\n",__FUNCTION__);
1758 | #endif
1759 | } else {
1760 | #ifdef DEBUG_FLOW
1761 | log(LOG_DEBUG, "%s: dethrottling call\n",__FUNCTION__);
1762 | #endif
1763 | if (c->dethrottle)
1764 | deschedule(c->dethrottle);
1765 | c->dethrottle=NULL;
1766 | c->throttle = 0;
1767 | }
1768 | } */
1769 | c->pSr--;
1770 | return 0;
1771 | }
1772 | else
1773 | {
1774 | log (LOG_DEBUG, "%s: payload too small!\n", __FUNCTION__);
1775 | return -EINVAL;
1776 | }
1777 | }
1778 | else
1779 | {
1780 | if (debug_tunnel)
1781 | log (LOG_DEBUG, "%s: unable to expand payload!\n",
1782 | __FUNCTION__);
1783 | return -EINVAL;
1784 | }
1785 | }
1786 | else
1787 | {
1788 | log (LOG_DEBUG, "%s: invalid payload packet!\n", __FUNCTION__);
1789 | return -EINVAL;
1790 | }
1791 | }
1792 | }