1*10465441SEvalZero /**
2*10465441SEvalZero * @file
3*10465441SEvalZero * Network Point to Point Protocol over Layer 2 Tunneling Protocol program file.
4*10465441SEvalZero *
5*10465441SEvalZero */
6*10465441SEvalZero
7*10465441SEvalZero /*
8*10465441SEvalZero * Redistribution and use in source and binary forms, with or without modification,
9*10465441SEvalZero * are permitted provided that the following conditions are met:
10*10465441SEvalZero *
11*10465441SEvalZero * 1. Redistributions of source code must retain the above copyright notice,
12*10465441SEvalZero * this list of conditions and the following disclaimer.
13*10465441SEvalZero * 2. Redistributions in binary form must reproduce the above copyright notice,
14*10465441SEvalZero * this list of conditions and the following disclaimer in the documentation
15*10465441SEvalZero * and/or other materials provided with the distribution.
16*10465441SEvalZero * 3. The name of the author may not be used to endorse or promote products
17*10465441SEvalZero * derived from this software without specific prior written permission.
18*10465441SEvalZero *
19*10465441SEvalZero * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
20*10465441SEvalZero * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
21*10465441SEvalZero * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
22*10465441SEvalZero * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23*10465441SEvalZero * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
24*10465441SEvalZero * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25*10465441SEvalZero * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26*10465441SEvalZero * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27*10465441SEvalZero * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
28*10465441SEvalZero * OF SUCH DAMAGE.
29*10465441SEvalZero *
30*10465441SEvalZero * This file is part of the lwIP TCP/IP stack.
31*10465441SEvalZero *
32*10465441SEvalZero */
33*10465441SEvalZero
34*10465441SEvalZero /*
35*10465441SEvalZero * L2TP Support status:
36*10465441SEvalZero *
37*10465441SEvalZero * Supported:
38*10465441SEvalZero * - L2TPv2 (PPP over L2TP, a.k.a. UDP tunnels)
39*10465441SEvalZero * - LAC
40*10465441SEvalZero *
41*10465441SEvalZero * Not supported:
42*10465441SEvalZero * - LNS (require PPP server support)
43*10465441SEvalZero * - L2TPv3 ethernet pseudowires
44*10465441SEvalZero * - L2TPv3 VLAN pseudowire
45*10465441SEvalZero * - L2TPv3 PPP pseudowires
46*10465441SEvalZero * - L2TPv3 IP encapsulation
47*10465441SEvalZero * - L2TPv3 IP pseudowire
48*10465441SEvalZero * - L2TP tunnel switching - http://tools.ietf.org/html/draft-ietf-l2tpext-tunnel-switching-08
49*10465441SEvalZero * - Multiple tunnels per UDP socket, as well as multiple sessions per tunnel
50*10465441SEvalZero * - Hidden AVPs
51*10465441SEvalZero */
52*10465441SEvalZero
53*10465441SEvalZero #include "netif/ppp/ppp_opts.h"
54*10465441SEvalZero #if PPP_SUPPORT && PPPOL2TP_SUPPORT /* don't build if not configured for use in lwipopts.h */
55*10465441SEvalZero
56*10465441SEvalZero #include "lwip/err.h"
57*10465441SEvalZero #include "lwip/memp.h"
58*10465441SEvalZero #include "lwip/netif.h"
59*10465441SEvalZero #include "lwip/udp.h"
60*10465441SEvalZero #include "lwip/snmp.h"
61*10465441SEvalZero
62*10465441SEvalZero #include "netif/ppp/ppp_impl.h"
63*10465441SEvalZero #include "netif/ppp/lcp.h"
64*10465441SEvalZero #include "netif/ppp/ipcp.h"
65*10465441SEvalZero #include "netif/ppp/pppol2tp.h"
66*10465441SEvalZero #include "netif/ppp/pppcrypt.h"
67*10465441SEvalZero #include "netif/ppp/magic.h"
68*10465441SEvalZero
69*10465441SEvalZero /* Memory pool */
70*10465441SEvalZero LWIP_MEMPOOL_DECLARE(PPPOL2TP_PCB, MEMP_NUM_PPPOL2TP_INTERFACES, sizeof(pppol2tp_pcb), "PPPOL2TP_PCB")
71*10465441SEvalZero
72*10465441SEvalZero /* callbacks called from PPP core */
73*10465441SEvalZero static err_t pppol2tp_write(ppp_pcb *ppp, void *ctx, struct pbuf *p);
74*10465441SEvalZero static err_t pppol2tp_netif_output(ppp_pcb *ppp, void *ctx, struct pbuf *p, u_short protocol);
75*10465441SEvalZero static err_t pppol2tp_destroy(ppp_pcb *ppp, void *ctx); /* Destroy a L2TP control block */
76*10465441SEvalZero static void pppol2tp_connect(ppp_pcb *ppp, void *ctx); /* Be a LAC, connect to a LNS. */
77*10465441SEvalZero static void pppol2tp_disconnect(ppp_pcb *ppp, void *ctx); /* Disconnect */
78*10465441SEvalZero
79*10465441SEvalZero /* Prototypes for procedures local to this file. */
80*10465441SEvalZero static void pppol2tp_input(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port);
81*10465441SEvalZero static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, struct pbuf *p, u16_t ns, u16_t nr);
82*10465441SEvalZero static void pppol2tp_timeout(void *arg);
83*10465441SEvalZero static void pppol2tp_abort_connect(pppol2tp_pcb *l2tp);
84*10465441SEvalZero static err_t pppol2tp_send_sccrq(pppol2tp_pcb *l2tp);
85*10465441SEvalZero static err_t pppol2tp_send_scccn(pppol2tp_pcb *l2tp, u16_t ns);
86*10465441SEvalZero static err_t pppol2tp_send_icrq(pppol2tp_pcb *l2tp, u16_t ns);
87*10465441SEvalZero static err_t pppol2tp_send_iccn(pppol2tp_pcb *l2tp, u16_t ns);
88*10465441SEvalZero static err_t pppol2tp_send_zlb(pppol2tp_pcb *l2tp, u16_t ns);
89*10465441SEvalZero static err_t pppol2tp_send_stopccn(pppol2tp_pcb *l2tp, u16_t ns);
90*10465441SEvalZero static err_t pppol2tp_xmit(pppol2tp_pcb *l2tp, struct pbuf *pb);
91*10465441SEvalZero static err_t pppol2tp_udp_send(pppol2tp_pcb *l2tp, struct pbuf *pb);
92*10465441SEvalZero
93*10465441SEvalZero /* Callbacks structure for PPP core */
94*10465441SEvalZero static const struct link_callbacks pppol2tp_callbacks = {
95*10465441SEvalZero pppol2tp_connect,
96*10465441SEvalZero #if PPP_SERVER
97*10465441SEvalZero NULL,
98*10465441SEvalZero #endif /* PPP_SERVER */
99*10465441SEvalZero pppol2tp_disconnect,
100*10465441SEvalZero pppol2tp_destroy,
101*10465441SEvalZero pppol2tp_write,
102*10465441SEvalZero pppol2tp_netif_output,
103*10465441SEvalZero NULL,
104*10465441SEvalZero NULL
105*10465441SEvalZero };
106*10465441SEvalZero
107*10465441SEvalZero
108*10465441SEvalZero /* Create a new L2TP session. */
pppol2tp_create(struct netif * pppif,struct netif * netif,const ip_addr_t * ipaddr,u16_t port,const u8_t * secret,u8_t secret_len,ppp_link_status_cb_fn link_status_cb,void * ctx_cb)109*10465441SEvalZero ppp_pcb *pppol2tp_create(struct netif *pppif,
110*10465441SEvalZero struct netif *netif, const ip_addr_t *ipaddr, u16_t port,
111*10465441SEvalZero const u8_t *secret, u8_t secret_len,
112*10465441SEvalZero ppp_link_status_cb_fn link_status_cb, void *ctx_cb) {
113*10465441SEvalZero ppp_pcb *ppp;
114*10465441SEvalZero pppol2tp_pcb *l2tp;
115*10465441SEvalZero struct udp_pcb *udp;
116*10465441SEvalZero #if !PPPOL2TP_AUTH_SUPPORT
117*10465441SEvalZero LWIP_UNUSED_ARG(secret);
118*10465441SEvalZero LWIP_UNUSED_ARG(secret_len);
119*10465441SEvalZero #endif /* !PPPOL2TP_AUTH_SUPPORT */
120*10465441SEvalZero
121*10465441SEvalZero if (ipaddr == NULL) {
122*10465441SEvalZero goto ipaddr_check_failed;
123*10465441SEvalZero }
124*10465441SEvalZero
125*10465441SEvalZero l2tp = (pppol2tp_pcb *)LWIP_MEMPOOL_ALLOC(PPPOL2TP_PCB);
126*10465441SEvalZero if (l2tp == NULL) {
127*10465441SEvalZero goto memp_malloc_l2tp_failed;
128*10465441SEvalZero }
129*10465441SEvalZero
130*10465441SEvalZero udp = udp_new_ip_type(IP_GET_TYPE(ipaddr));
131*10465441SEvalZero if (udp == NULL) {
132*10465441SEvalZero goto udp_new_failed;
133*10465441SEvalZero }
134*10465441SEvalZero udp_recv(udp, pppol2tp_input, l2tp);
135*10465441SEvalZero
136*10465441SEvalZero ppp = ppp_new(pppif, &pppol2tp_callbacks, l2tp, link_status_cb, ctx_cb);
137*10465441SEvalZero if (ppp == NULL) {
138*10465441SEvalZero goto ppp_new_failed;
139*10465441SEvalZero }
140*10465441SEvalZero
141*10465441SEvalZero memset(l2tp, 0, sizeof(pppol2tp_pcb));
142*10465441SEvalZero l2tp->phase = PPPOL2TP_STATE_INITIAL;
143*10465441SEvalZero l2tp->ppp = ppp;
144*10465441SEvalZero l2tp->udp = udp;
145*10465441SEvalZero l2tp->netif = netif;
146*10465441SEvalZero ip_addr_copy(l2tp->remote_ip, *ipaddr);
147*10465441SEvalZero l2tp->remote_port = port;
148*10465441SEvalZero #if PPPOL2TP_AUTH_SUPPORT
149*10465441SEvalZero l2tp->secret = secret;
150*10465441SEvalZero l2tp->secret_len = secret_len;
151*10465441SEvalZero #endif /* PPPOL2TP_AUTH_SUPPORT */
152*10465441SEvalZero
153*10465441SEvalZero return ppp;
154*10465441SEvalZero
155*10465441SEvalZero ppp_new_failed:
156*10465441SEvalZero udp_remove(udp);
157*10465441SEvalZero udp_new_failed:
158*10465441SEvalZero LWIP_MEMPOOL_FREE(PPPOL2TP_PCB, l2tp);
159*10465441SEvalZero memp_malloc_l2tp_failed:
160*10465441SEvalZero ipaddr_check_failed:
161*10465441SEvalZero return NULL;
162*10465441SEvalZero }
163*10465441SEvalZero
164*10465441SEvalZero /* Called by PPP core */
pppol2tp_write(ppp_pcb * ppp,void * ctx,struct pbuf * p)165*10465441SEvalZero static err_t pppol2tp_write(ppp_pcb *ppp, void *ctx, struct pbuf *p) {
166*10465441SEvalZero pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
167*10465441SEvalZero struct pbuf *ph; /* UDP + L2TP header */
168*10465441SEvalZero err_t ret;
169*10465441SEvalZero #if MIB2_STATS
170*10465441SEvalZero u16_t tot_len;
171*10465441SEvalZero #else /* MIB2_STATS */
172*10465441SEvalZero LWIP_UNUSED_ARG(ppp);
173*10465441SEvalZero #endif /* MIB2_STATS */
174*10465441SEvalZero
175*10465441SEvalZero ph = pbuf_alloc(PBUF_TRANSPORT, (u16_t)(PPPOL2TP_OUTPUT_DATA_HEADER_LEN), PBUF_RAM);
176*10465441SEvalZero if(!ph) {
177*10465441SEvalZero LINK_STATS_INC(link.memerr);
178*10465441SEvalZero LINK_STATS_INC(link.proterr);
179*10465441SEvalZero MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards);
180*10465441SEvalZero pbuf_free(p);
181*10465441SEvalZero return ERR_MEM;
182*10465441SEvalZero }
183*10465441SEvalZero
184*10465441SEvalZero pbuf_header(ph, -(s16_t)PPPOL2TP_OUTPUT_DATA_HEADER_LEN); /* hide L2TP header */
185*10465441SEvalZero pbuf_cat(ph, p);
186*10465441SEvalZero #if MIB2_STATS
187*10465441SEvalZero tot_len = ph->tot_len;
188*10465441SEvalZero #endif /* MIB2_STATS */
189*10465441SEvalZero
190*10465441SEvalZero ret = pppol2tp_xmit(l2tp, ph);
191*10465441SEvalZero if (ret != ERR_OK) {
192*10465441SEvalZero LINK_STATS_INC(link.err);
193*10465441SEvalZero MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards);
194*10465441SEvalZero return ret;
195*10465441SEvalZero }
196*10465441SEvalZero
197*10465441SEvalZero MIB2_STATS_NETIF_ADD(ppp->netif, ifoutoctets, (u16_t)tot_len);
198*10465441SEvalZero MIB2_STATS_NETIF_INC(ppp->netif, ifoutucastpkts);
199*10465441SEvalZero LINK_STATS_INC(link.xmit);
200*10465441SEvalZero return ERR_OK;
201*10465441SEvalZero }
202*10465441SEvalZero
203*10465441SEvalZero /* Called by PPP core */
pppol2tp_netif_output(ppp_pcb * ppp,void * ctx,struct pbuf * p,u_short protocol)204*10465441SEvalZero static err_t pppol2tp_netif_output(ppp_pcb *ppp, void *ctx, struct pbuf *p, u_short protocol) {
205*10465441SEvalZero pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
206*10465441SEvalZero struct pbuf *pb;
207*10465441SEvalZero u8_t *pl;
208*10465441SEvalZero err_t err;
209*10465441SEvalZero #if MIB2_STATS
210*10465441SEvalZero u16_t tot_len;
211*10465441SEvalZero #else /* MIB2_STATS */
212*10465441SEvalZero LWIP_UNUSED_ARG(ppp);
213*10465441SEvalZero #endif /* MIB2_STATS */
214*10465441SEvalZero
215*10465441SEvalZero /* @todo: try to use pbuf_header() here! */
216*10465441SEvalZero pb = pbuf_alloc(PBUF_TRANSPORT, PPPOL2TP_OUTPUT_DATA_HEADER_LEN + sizeof(protocol), PBUF_RAM);
217*10465441SEvalZero if(!pb) {
218*10465441SEvalZero LINK_STATS_INC(link.memerr);
219*10465441SEvalZero LINK_STATS_INC(link.proterr);
220*10465441SEvalZero MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards);
221*10465441SEvalZero return ERR_MEM;
222*10465441SEvalZero }
223*10465441SEvalZero
224*10465441SEvalZero pbuf_header(pb, -(s16_t)PPPOL2TP_OUTPUT_DATA_HEADER_LEN);
225*10465441SEvalZero
226*10465441SEvalZero pl = (u8_t*)pb->payload;
227*10465441SEvalZero PUTSHORT(protocol, pl);
228*10465441SEvalZero
229*10465441SEvalZero pbuf_chain(pb, p);
230*10465441SEvalZero #if MIB2_STATS
231*10465441SEvalZero tot_len = pb->tot_len;
232*10465441SEvalZero #endif /* MIB2_STATS */
233*10465441SEvalZero
234*10465441SEvalZero if( (err = pppol2tp_xmit(l2tp, pb)) != ERR_OK) {
235*10465441SEvalZero LINK_STATS_INC(link.err);
236*10465441SEvalZero MIB2_STATS_NETIF_INC(ppp->netif, ifoutdiscards);
237*10465441SEvalZero return err;
238*10465441SEvalZero }
239*10465441SEvalZero
240*10465441SEvalZero MIB2_STATS_NETIF_ADD(ppp->netif, ifoutoctets, tot_len);
241*10465441SEvalZero MIB2_STATS_NETIF_INC(ppp->netif, ifoutucastpkts);
242*10465441SEvalZero LINK_STATS_INC(link.xmit);
243*10465441SEvalZero return ERR_OK;
244*10465441SEvalZero }
245*10465441SEvalZero
246*10465441SEvalZero /* Destroy a L2TP control block */
pppol2tp_destroy(ppp_pcb * ppp,void * ctx)247*10465441SEvalZero static err_t pppol2tp_destroy(ppp_pcb *ppp, void *ctx) {
248*10465441SEvalZero pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
249*10465441SEvalZero LWIP_UNUSED_ARG(ppp);
250*10465441SEvalZero
251*10465441SEvalZero sys_untimeout(pppol2tp_timeout, l2tp);
252*10465441SEvalZero udp_remove(l2tp->udp);
253*10465441SEvalZero LWIP_MEMPOOL_FREE(PPPOL2TP_PCB, l2tp);
254*10465441SEvalZero return ERR_OK;
255*10465441SEvalZero }
256*10465441SEvalZero
257*10465441SEvalZero /* Be a LAC, connect to a LNS. */
pppol2tp_connect(ppp_pcb * ppp,void * ctx)258*10465441SEvalZero static void pppol2tp_connect(ppp_pcb *ppp, void *ctx) {
259*10465441SEvalZero err_t err;
260*10465441SEvalZero pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
261*10465441SEvalZero lcp_options *lcp_wo;
262*10465441SEvalZero lcp_options *lcp_ao;
263*10465441SEvalZero #if PPP_IPV4_SUPPORT && VJ_SUPPORT
264*10465441SEvalZero ipcp_options *ipcp_wo;
265*10465441SEvalZero ipcp_options *ipcp_ao;
266*10465441SEvalZero #endif /* PPP_IPV4_SUPPORT && VJ_SUPPORT */
267*10465441SEvalZero
268*10465441SEvalZero l2tp->tunnel_port = l2tp->remote_port;
269*10465441SEvalZero l2tp->our_ns = 0;
270*10465441SEvalZero l2tp->peer_nr = 0;
271*10465441SEvalZero l2tp->peer_ns = 0;
272*10465441SEvalZero l2tp->source_tunnel_id = 0;
273*10465441SEvalZero l2tp->remote_tunnel_id = 0;
274*10465441SEvalZero l2tp->source_session_id = 0;
275*10465441SEvalZero l2tp->remote_session_id = 0;
276*10465441SEvalZero /* l2tp->*_retried are cleared when used */
277*10465441SEvalZero
278*10465441SEvalZero lcp_wo = &ppp->lcp_wantoptions;
279*10465441SEvalZero lcp_wo->mru = PPPOL2TP_DEFMRU;
280*10465441SEvalZero lcp_wo->neg_asyncmap = 0;
281*10465441SEvalZero lcp_wo->neg_pcompression = 0;
282*10465441SEvalZero lcp_wo->neg_accompression = 0;
283*10465441SEvalZero lcp_wo->passive = 0;
284*10465441SEvalZero lcp_wo->silent = 0;
285*10465441SEvalZero
286*10465441SEvalZero lcp_ao = &ppp->lcp_allowoptions;
287*10465441SEvalZero lcp_ao->mru = PPPOL2TP_DEFMRU;
288*10465441SEvalZero lcp_ao->neg_asyncmap = 0;
289*10465441SEvalZero lcp_ao->neg_pcompression = 0;
290*10465441SEvalZero lcp_ao->neg_accompression = 0;
291*10465441SEvalZero
292*10465441SEvalZero #if PPP_IPV4_SUPPORT && VJ_SUPPORT
293*10465441SEvalZero ipcp_wo = &ppp->ipcp_wantoptions;
294*10465441SEvalZero ipcp_wo->neg_vj = 0;
295*10465441SEvalZero ipcp_wo->old_vj = 0;
296*10465441SEvalZero
297*10465441SEvalZero ipcp_ao = &ppp->ipcp_allowoptions;
298*10465441SEvalZero ipcp_ao->neg_vj = 0;
299*10465441SEvalZero ipcp_ao->old_vj = 0;
300*10465441SEvalZero #endif /* PPP_IPV4_SUPPORT && VJ_SUPPORT */
301*10465441SEvalZero
302*10465441SEvalZero /* Listen to a random source port, we need to do that instead of using udp_connect()
303*10465441SEvalZero * because the L2TP LNS might answer with its own random source port (!= 1701)
304*10465441SEvalZero */
305*10465441SEvalZero #if LWIP_IPV6
306*10465441SEvalZero if (IP_IS_V6_VAL(l2tp->udp->local_ip)) {
307*10465441SEvalZero udp_bind(l2tp->udp, IP6_ADDR_ANY, 0);
308*10465441SEvalZero } else
309*10465441SEvalZero #endif /* LWIP_IPV6 */
310*10465441SEvalZero udp_bind(l2tp->udp, IP_ADDR_ANY, 0);
311*10465441SEvalZero
312*10465441SEvalZero #if PPPOL2TP_AUTH_SUPPORT
313*10465441SEvalZero /* Generate random vector */
314*10465441SEvalZero if (l2tp->secret != NULL) {
315*10465441SEvalZero magic_random_bytes(l2tp->secret_rv, sizeof(l2tp->secret_rv));
316*10465441SEvalZero }
317*10465441SEvalZero #endif /* PPPOL2TP_AUTH_SUPPORT */
318*10465441SEvalZero
319*10465441SEvalZero do {
320*10465441SEvalZero l2tp->remote_tunnel_id = magic();
321*10465441SEvalZero } while(l2tp->remote_tunnel_id == 0);
322*10465441SEvalZero /* save state, in case we fail to send SCCRQ */
323*10465441SEvalZero l2tp->sccrq_retried = 0;
324*10465441SEvalZero l2tp->phase = PPPOL2TP_STATE_SCCRQ_SENT;
325*10465441SEvalZero if ((err = pppol2tp_send_sccrq(l2tp)) != 0) {
326*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCRQ, error=%d\n", err));
327*10465441SEvalZero }
328*10465441SEvalZero sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
329*10465441SEvalZero }
330*10465441SEvalZero
331*10465441SEvalZero /* Disconnect */
pppol2tp_disconnect(ppp_pcb * ppp,void * ctx)332*10465441SEvalZero static void pppol2tp_disconnect(ppp_pcb *ppp, void *ctx) {
333*10465441SEvalZero pppol2tp_pcb *l2tp = (pppol2tp_pcb *)ctx;
334*10465441SEvalZero
335*10465441SEvalZero l2tp->our_ns++;
336*10465441SEvalZero pppol2tp_send_stopccn(l2tp, l2tp->our_ns);
337*10465441SEvalZero
338*10465441SEvalZero /* stop any timer, disconnect can be called while initiating is in progress */
339*10465441SEvalZero sys_untimeout(pppol2tp_timeout, l2tp);
340*10465441SEvalZero l2tp->phase = PPPOL2TP_STATE_INITIAL;
341*10465441SEvalZero ppp_link_end(ppp); /* notify upper layers */
342*10465441SEvalZero }
343*10465441SEvalZero
344*10465441SEvalZero /* UDP Callback for incoming IPv4 L2TP frames */
pppol2tp_input(void * arg,struct udp_pcb * pcb,struct pbuf * p,const ip_addr_t * addr,u16_t port)345*10465441SEvalZero static void pppol2tp_input(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) {
346*10465441SEvalZero pppol2tp_pcb *l2tp = (pppol2tp_pcb*)arg;
347*10465441SEvalZero u16_t hflags, hlen, len=0, tunnel_id=0, session_id=0, ns=0, nr=0, offset=0;
348*10465441SEvalZero u8_t *inp;
349*10465441SEvalZero LWIP_UNUSED_ARG(pcb);
350*10465441SEvalZero
351*10465441SEvalZero /* we can't unbound a UDP pcb, thus we can still receive UDP frames after the link is closed */
352*10465441SEvalZero if (l2tp->phase < PPPOL2TP_STATE_SCCRQ_SENT) {
353*10465441SEvalZero goto free_and_return;
354*10465441SEvalZero }
355*10465441SEvalZero
356*10465441SEvalZero if (!ip_addr_cmp(&l2tp->remote_ip, addr)) {
357*10465441SEvalZero goto free_and_return;
358*10465441SEvalZero }
359*10465441SEvalZero
360*10465441SEvalZero /* discard packet if port mismatch, but only if we received a SCCRP */
361*10465441SEvalZero if (l2tp->phase > PPPOL2TP_STATE_SCCRQ_SENT && l2tp->tunnel_port != port) {
362*10465441SEvalZero goto free_and_return;
363*10465441SEvalZero }
364*10465441SEvalZero
365*10465441SEvalZero /* printf("-----------\nL2TP INPUT, %d\n", p->len); */
366*10465441SEvalZero
367*10465441SEvalZero /* L2TP header */
368*10465441SEvalZero if (p->len < sizeof(hflags) + sizeof(tunnel_id) + sizeof(session_id) ) {
369*10465441SEvalZero goto packet_too_short;
370*10465441SEvalZero }
371*10465441SEvalZero
372*10465441SEvalZero inp = (u8_t*)p->payload;
373*10465441SEvalZero GETSHORT(hflags, inp);
374*10465441SEvalZero
375*10465441SEvalZero if (hflags & PPPOL2TP_HEADERFLAG_CONTROL) {
376*10465441SEvalZero /* check mandatory flags for a control packet */
377*10465441SEvalZero if ( (hflags & PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY) != PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY ) {
378*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: mandatory header flags for control packet not set\n"));
379*10465441SEvalZero goto free_and_return;
380*10465441SEvalZero }
381*10465441SEvalZero /* check forbidden flags for a control packet */
382*10465441SEvalZero if (hflags & PPPOL2TP_HEADERFLAG_CONTROL_FORBIDDEN) {
383*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: forbidden header flags for control packet found\n"));
384*10465441SEvalZero goto free_and_return;
385*10465441SEvalZero }
386*10465441SEvalZero } else {
387*10465441SEvalZero /* check mandatory flags for a data packet */
388*10465441SEvalZero if ( (hflags & PPPOL2TP_HEADERFLAG_DATA_MANDATORY) != PPPOL2TP_HEADERFLAG_DATA_MANDATORY) {
389*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: mandatory header flags for data packet not set\n"));
390*10465441SEvalZero goto free_and_return;
391*10465441SEvalZero }
392*10465441SEvalZero }
393*10465441SEvalZero
394*10465441SEvalZero /* Expected header size */
395*10465441SEvalZero hlen = sizeof(hflags) + sizeof(tunnel_id) + sizeof(session_id);
396*10465441SEvalZero if (hflags & PPPOL2TP_HEADERFLAG_LENGTH) {
397*10465441SEvalZero hlen += sizeof(len);
398*10465441SEvalZero }
399*10465441SEvalZero if (hflags & PPPOL2TP_HEADERFLAG_SEQUENCE) {
400*10465441SEvalZero hlen += sizeof(ns) + sizeof(nr);
401*10465441SEvalZero }
402*10465441SEvalZero if (hflags & PPPOL2TP_HEADERFLAG_OFFSET) {
403*10465441SEvalZero hlen += sizeof(offset);
404*10465441SEvalZero }
405*10465441SEvalZero if (p->len < hlen) {
406*10465441SEvalZero goto packet_too_short;
407*10465441SEvalZero }
408*10465441SEvalZero
409*10465441SEvalZero if (hflags & PPPOL2TP_HEADERFLAG_LENGTH) {
410*10465441SEvalZero GETSHORT(len, inp);
411*10465441SEvalZero if (p->len < len || len < hlen) {
412*10465441SEvalZero goto packet_too_short;
413*10465441SEvalZero }
414*10465441SEvalZero }
415*10465441SEvalZero GETSHORT(tunnel_id, inp);
416*10465441SEvalZero GETSHORT(session_id, inp);
417*10465441SEvalZero if (hflags & PPPOL2TP_HEADERFLAG_SEQUENCE) {
418*10465441SEvalZero GETSHORT(ns, inp);
419*10465441SEvalZero GETSHORT(nr, inp);
420*10465441SEvalZero }
421*10465441SEvalZero if (hflags & PPPOL2TP_HEADERFLAG_OFFSET) {
422*10465441SEvalZero GETSHORT(offset, inp)
423*10465441SEvalZero if (offset > 4096) { /* don't be fooled with large offset which might overflow hlen */
424*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: strange packet received, offset=%d\n", offset));
425*10465441SEvalZero goto free_and_return;
426*10465441SEvalZero }
427*10465441SEvalZero hlen += offset;
428*10465441SEvalZero if (p->len < hlen) {
429*10465441SEvalZero goto packet_too_short;
430*10465441SEvalZero }
431*10465441SEvalZero INCPTR(offset, inp);
432*10465441SEvalZero }
433*10465441SEvalZero
434*10465441SEvalZero /* printf("HLEN = %d\n", hlen); */
435*10465441SEvalZero
436*10465441SEvalZero /* skip L2TP header */
437*10465441SEvalZero if (pbuf_header(p, -(s16_t)hlen) != 0) {
438*10465441SEvalZero goto free_and_return;
439*10465441SEvalZero }
440*10465441SEvalZero
441*10465441SEvalZero /* printf("LEN=%d, TUNNEL_ID=%d, SESSION_ID=%d, NS=%d, NR=%d, OFFSET=%d\n", len, tunnel_id, session_id, ns, nr, offset); */
442*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: input packet, len=%"U16_F", tunnel=%"U16_F", session=%"U16_F", ns=%"U16_F", nr=%"U16_F"\n",
443*10465441SEvalZero len, tunnel_id, session_id, ns, nr));
444*10465441SEvalZero
445*10465441SEvalZero /* Control packet */
446*10465441SEvalZero if (hflags & PPPOL2TP_HEADERFLAG_CONTROL) {
447*10465441SEvalZero pppol2tp_dispatch_control_packet(l2tp, port, p, ns, nr);
448*10465441SEvalZero goto free_and_return;
449*10465441SEvalZero }
450*10465441SEvalZero
451*10465441SEvalZero /* Data packet */
452*10465441SEvalZero if(l2tp->phase != PPPOL2TP_STATE_DATA) {
453*10465441SEvalZero goto free_and_return;
454*10465441SEvalZero }
455*10465441SEvalZero if(tunnel_id != l2tp->remote_tunnel_id) {
456*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: tunnel ID mismatch, assigned=%d, received=%d\n", l2tp->remote_tunnel_id, tunnel_id));
457*10465441SEvalZero goto free_and_return;
458*10465441SEvalZero }
459*10465441SEvalZero if(session_id != l2tp->remote_session_id) {
460*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: session ID mismatch, assigned=%d, received=%d\n", l2tp->remote_session_id, session_id));
461*10465441SEvalZero goto free_and_return;
462*10465441SEvalZero }
463*10465441SEvalZero /*
464*10465441SEvalZero * skip address & flags if necessary
465*10465441SEvalZero *
466*10465441SEvalZero * RFC 2661 does not specify whether the PPP frame in the L2TP payload should
467*10465441SEvalZero * have a HDLC header or not. We handle both cases for compatibility.
468*10465441SEvalZero */
469*10465441SEvalZero if (p->len >= 2) {
470*10465441SEvalZero GETSHORT(hflags, inp);
471*10465441SEvalZero if (hflags == 0xff03) {
472*10465441SEvalZero pbuf_header(p, -(s16_t)2);
473*10465441SEvalZero }
474*10465441SEvalZero }
475*10465441SEvalZero /* Dispatch the packet thereby consuming it. */
476*10465441SEvalZero ppp_input(l2tp->ppp, p);
477*10465441SEvalZero return;
478*10465441SEvalZero
479*10465441SEvalZero packet_too_short:
480*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: packet too short: %d\n", p->len));
481*10465441SEvalZero free_and_return:
482*10465441SEvalZero pbuf_free(p);
483*10465441SEvalZero }
484*10465441SEvalZero
485*10465441SEvalZero /* L2TP Control packet entry point */
pppol2tp_dispatch_control_packet(pppol2tp_pcb * l2tp,u16_t port,struct pbuf * p,u16_t ns,u16_t nr)486*10465441SEvalZero static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, struct pbuf *p, u16_t ns, u16_t nr) {
487*10465441SEvalZero u8_t *inp;
488*10465441SEvalZero u16_t avplen, avpflags, vendorid, attributetype, messagetype=0;
489*10465441SEvalZero err_t err;
490*10465441SEvalZero #if PPPOL2TP_AUTH_SUPPORT
491*10465441SEvalZero lwip_md5_context md5_ctx;
492*10465441SEvalZero u8_t md5_hash[16];
493*10465441SEvalZero u8_t challenge_id = 0;
494*10465441SEvalZero #endif /* PPPOL2TP_AUTH_SUPPORT */
495*10465441SEvalZero
496*10465441SEvalZero l2tp->peer_nr = nr;
497*10465441SEvalZero l2tp->peer_ns = ns;
498*10465441SEvalZero /* printf("L2TP CTRL INPUT, ns=%d, nr=%d, len=%d\n", ns, nr, p->len); */
499*10465441SEvalZero
500*10465441SEvalZero /* Handle the special case of the ICCN acknowledge */
501*10465441SEvalZero if (l2tp->phase == PPPOL2TP_STATE_ICCN_SENT && l2tp->peer_nr > l2tp->our_ns) {
502*10465441SEvalZero l2tp->phase = PPPOL2TP_STATE_DATA;
503*10465441SEvalZero }
504*10465441SEvalZero
505*10465441SEvalZero /* ZLB packets */
506*10465441SEvalZero if (p->tot_len == 0) {
507*10465441SEvalZero return;
508*10465441SEvalZero }
509*10465441SEvalZero
510*10465441SEvalZero p = ppp_singlebuf(p);
511*10465441SEvalZero inp = (u8_t*)p->payload;
512*10465441SEvalZero /* Decode AVPs */
513*10465441SEvalZero while (p->len > 0) {
514*10465441SEvalZero if (p->len < sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype) ) {
515*10465441SEvalZero goto packet_too_short;
516*10465441SEvalZero }
517*10465441SEvalZero GETSHORT(avpflags, inp);
518*10465441SEvalZero avplen = avpflags & PPPOL2TP_AVPHEADERFLAG_LENGTHMASK;
519*10465441SEvalZero /* printf("AVPLEN = %d\n", avplen); */
520*10465441SEvalZero if (p->len < avplen || avplen < sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype)) {
521*10465441SEvalZero goto packet_too_short;
522*10465441SEvalZero }
523*10465441SEvalZero GETSHORT(vendorid, inp);
524*10465441SEvalZero GETSHORT(attributetype, inp);
525*10465441SEvalZero avplen -= sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype);
526*10465441SEvalZero
527*10465441SEvalZero /* Message type must be the first AVP */
528*10465441SEvalZero if (messagetype == 0) {
529*10465441SEvalZero if (attributetype != 0 || vendorid != 0 || avplen != sizeof(messagetype) ) {
530*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: message type must be the first AVP\n"));
531*10465441SEvalZero return;
532*10465441SEvalZero }
533*10465441SEvalZero GETSHORT(messagetype, inp);
534*10465441SEvalZero /* printf("Message type = %d\n", messagetype); */
535*10465441SEvalZero switch(messagetype) {
536*10465441SEvalZero /* Start Control Connection Reply */
537*10465441SEvalZero case PPPOL2TP_MESSAGETYPE_SCCRP:
538*10465441SEvalZero /* Only accept SCCRP packet if we sent a SCCRQ */
539*10465441SEvalZero if (l2tp->phase != PPPOL2TP_STATE_SCCRQ_SENT) {
540*10465441SEvalZero goto send_zlb;
541*10465441SEvalZero }
542*10465441SEvalZero break;
543*10465441SEvalZero /* Incoming Call Reply */
544*10465441SEvalZero case PPPOL2TP_MESSAGETYPE_ICRP:
545*10465441SEvalZero /* Only accept ICRP packet if we sent a IRCQ */
546*10465441SEvalZero if (l2tp->phase != PPPOL2TP_STATE_ICRQ_SENT) {
547*10465441SEvalZero goto send_zlb;
548*10465441SEvalZero }
549*10465441SEvalZero break;
550*10465441SEvalZero /* Stop Control Connection Notification */
551*10465441SEvalZero case PPPOL2TP_MESSAGETYPE_STOPCCN:
552*10465441SEvalZero pppol2tp_send_zlb(l2tp, l2tp->our_ns); /* Ack the StopCCN before we switch to down state */
553*10465441SEvalZero if (l2tp->phase < PPPOL2TP_STATE_DATA) {
554*10465441SEvalZero pppol2tp_abort_connect(l2tp);
555*10465441SEvalZero } else if (l2tp->phase == PPPOL2TP_STATE_DATA) {
556*10465441SEvalZero /* Don't disconnect here, we let the LCP Echo/Reply find the fact
557*10465441SEvalZero * that PPP session is down. Asking the PPP stack to end the session
558*10465441SEvalZero * require strict checking about the PPP phase to prevent endless
559*10465441SEvalZero * disconnection loops.
560*10465441SEvalZero */
561*10465441SEvalZero }
562*10465441SEvalZero return;
563*10465441SEvalZero default:
564*10465441SEvalZero break;
565*10465441SEvalZero }
566*10465441SEvalZero goto nextavp;
567*10465441SEvalZero }
568*10465441SEvalZero
569*10465441SEvalZero /* Skip proprietary L2TP extensions */
570*10465441SEvalZero if (vendorid != 0) {
571*10465441SEvalZero goto skipavp;
572*10465441SEvalZero }
573*10465441SEvalZero
574*10465441SEvalZero switch (messagetype) {
575*10465441SEvalZero /* Start Control Connection Reply */
576*10465441SEvalZero case PPPOL2TP_MESSAGETYPE_SCCRP:
577*10465441SEvalZero switch (attributetype) {
578*10465441SEvalZero case PPPOL2TP_AVPTYPE_TUNNELID:
579*10465441SEvalZero if (avplen != sizeof(l2tp->source_tunnel_id) ) {
580*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Assign tunnel ID length check failed\n"));
581*10465441SEvalZero return;
582*10465441SEvalZero }
583*10465441SEvalZero GETSHORT(l2tp->source_tunnel_id, inp);
584*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: Assigned tunnel ID %"U16_F"\n", l2tp->source_tunnel_id));
585*10465441SEvalZero goto nextavp;
586*10465441SEvalZero #if PPPOL2TP_AUTH_SUPPORT
587*10465441SEvalZero case PPPOL2TP_AVPTYPE_CHALLENGE:
588*10465441SEvalZero if (avplen == 0) {
589*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: Challenge length check failed\n"));
590*10465441SEvalZero return;
591*10465441SEvalZero }
592*10465441SEvalZero if (l2tp->secret == NULL) {
593*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: Received challenge from peer and no secret key available\n"));
594*10465441SEvalZero pppol2tp_abort_connect(l2tp);
595*10465441SEvalZero return;
596*10465441SEvalZero }
597*10465441SEvalZero /* Generate hash of ID, secret, challenge */
598*10465441SEvalZero lwip_md5_init(&md5_ctx);
599*10465441SEvalZero lwip_md5_starts(&md5_ctx);
600*10465441SEvalZero challenge_id = PPPOL2TP_MESSAGETYPE_SCCCN;
601*10465441SEvalZero lwip_md5_update(&md5_ctx, &challenge_id, 1);
602*10465441SEvalZero lwip_md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len);
603*10465441SEvalZero lwip_md5_update(&md5_ctx, inp, avplen);
604*10465441SEvalZero lwip_md5_finish(&md5_ctx, l2tp->challenge_hash);
605*10465441SEvalZero lwip_md5_free(&md5_ctx);
606*10465441SEvalZero l2tp->send_challenge = 1;
607*10465441SEvalZero goto skipavp;
608*10465441SEvalZero case PPPOL2TP_AVPTYPE_CHALLENGERESPONSE:
609*10465441SEvalZero if (avplen != PPPOL2TP_AVPTYPE_CHALLENGERESPONSE_SIZE) {
610*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Challenge Response length check failed\n"));
611*10465441SEvalZero return;
612*10465441SEvalZero }
613*10465441SEvalZero /* Generate hash of ID, secret, challenge */
614*10465441SEvalZero lwip_md5_init(&md5_ctx);
615*10465441SEvalZero lwip_md5_starts(&md5_ctx);
616*10465441SEvalZero challenge_id = PPPOL2TP_MESSAGETYPE_SCCRP;
617*10465441SEvalZero lwip_md5_update(&md5_ctx, &challenge_id, 1);
618*10465441SEvalZero lwip_md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len);
619*10465441SEvalZero lwip_md5_update(&md5_ctx, l2tp->secret_rv, sizeof(l2tp->secret_rv));
620*10465441SEvalZero lwip_md5_finish(&md5_ctx, md5_hash);
621*10465441SEvalZero lwip_md5_free(&md5_ctx);
622*10465441SEvalZero if ( memcmp(inp, md5_hash, sizeof(md5_hash)) ) {
623*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: Received challenge response from peer and secret key do not match\n"));
624*10465441SEvalZero pppol2tp_abort_connect(l2tp);
625*10465441SEvalZero return;
626*10465441SEvalZero }
627*10465441SEvalZero goto skipavp;
628*10465441SEvalZero #endif /* PPPOL2TP_AUTH_SUPPORT */
629*10465441SEvalZero default:
630*10465441SEvalZero break;
631*10465441SEvalZero }
632*10465441SEvalZero break;
633*10465441SEvalZero /* Incoming Call Reply */
634*10465441SEvalZero case PPPOL2TP_MESSAGETYPE_ICRP:
635*10465441SEvalZero switch (attributetype) {
636*10465441SEvalZero case PPPOL2TP_AVPTYPE_SESSIONID:
637*10465441SEvalZero if (avplen != sizeof(l2tp->source_session_id) ) {
638*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: AVP Assign session ID length check failed\n"));
639*10465441SEvalZero return;
640*10465441SEvalZero }
641*10465441SEvalZero GETSHORT(l2tp->source_session_id, inp);
642*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: Assigned session ID %"U16_F"\n", l2tp->source_session_id));
643*10465441SEvalZero goto nextavp;
644*10465441SEvalZero default:
645*10465441SEvalZero break;
646*10465441SEvalZero }
647*10465441SEvalZero break;
648*10465441SEvalZero default:
649*10465441SEvalZero break;
650*10465441SEvalZero }
651*10465441SEvalZero
652*10465441SEvalZero skipavp:
653*10465441SEvalZero INCPTR(avplen, inp);
654*10465441SEvalZero nextavp:
655*10465441SEvalZero /* printf("AVP Found, vendor=%d, attribute=%d, len=%d\n", vendorid, attributetype, avplen); */
656*10465441SEvalZero /* next AVP */
657*10465441SEvalZero if (pbuf_header(p, -(s16_t)(avplen + sizeof(avpflags) + sizeof(vendorid) + sizeof(attributetype)) ) != 0) {
658*10465441SEvalZero return;
659*10465441SEvalZero }
660*10465441SEvalZero }
661*10465441SEvalZero
662*10465441SEvalZero switch(messagetype) {
663*10465441SEvalZero /* Start Control Connection Reply */
664*10465441SEvalZero case PPPOL2TP_MESSAGETYPE_SCCRP:
665*10465441SEvalZero do {
666*10465441SEvalZero l2tp->remote_session_id = magic();
667*10465441SEvalZero } while(l2tp->remote_session_id == 0);
668*10465441SEvalZero l2tp->tunnel_port = port; /* LNS server might have chosen its own local port */
669*10465441SEvalZero l2tp->icrq_retried = 0;
670*10465441SEvalZero l2tp->phase = PPPOL2TP_STATE_ICRQ_SENT;
671*10465441SEvalZero l2tp->our_ns++;
672*10465441SEvalZero if ((err = pppol2tp_send_scccn(l2tp, l2tp->our_ns)) != 0) {
673*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCCN, error=%d\n", err));
674*10465441SEvalZero }
675*10465441SEvalZero l2tp->our_ns++;
676*10465441SEvalZero if ((err = pppol2tp_send_icrq(l2tp, l2tp->our_ns)) != 0) {
677*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICRQ, error=%d\n", err));
678*10465441SEvalZero }
679*10465441SEvalZero sys_untimeout(pppol2tp_timeout, l2tp);
680*10465441SEvalZero sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
681*10465441SEvalZero break;
682*10465441SEvalZero /* Incoming Call Reply */
683*10465441SEvalZero case PPPOL2TP_MESSAGETYPE_ICRP:
684*10465441SEvalZero l2tp->iccn_retried = 0;
685*10465441SEvalZero l2tp->phase = PPPOL2TP_STATE_ICCN_SENT;
686*10465441SEvalZero l2tp->our_ns++;
687*10465441SEvalZero ppp_start(l2tp->ppp); /* notify upper layers */
688*10465441SEvalZero if ((err = pppol2tp_send_iccn(l2tp, l2tp->our_ns)) != 0) {
689*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICCN, error=%d\n", err));
690*10465441SEvalZero }
691*10465441SEvalZero sys_untimeout(pppol2tp_timeout, l2tp);
692*10465441SEvalZero sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
693*10465441SEvalZero break;
694*10465441SEvalZero /* Unhandled packet, send ZLB ACK */
695*10465441SEvalZero default:
696*10465441SEvalZero goto send_zlb;
697*10465441SEvalZero }
698*10465441SEvalZero return;
699*10465441SEvalZero
700*10465441SEvalZero send_zlb:
701*10465441SEvalZero pppol2tp_send_zlb(l2tp, l2tp->our_ns);
702*10465441SEvalZero return;
703*10465441SEvalZero packet_too_short:
704*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: packet too short: %d\n", p->len));
705*10465441SEvalZero }
706*10465441SEvalZero
707*10465441SEvalZero /* L2TP Timeout handler */
pppol2tp_timeout(void * arg)708*10465441SEvalZero static void pppol2tp_timeout(void *arg) {
709*10465441SEvalZero pppol2tp_pcb *l2tp = (pppol2tp_pcb*)arg;
710*10465441SEvalZero err_t err;
711*10465441SEvalZero u32_t retry_wait;
712*10465441SEvalZero
713*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: timeout\n"));
714*10465441SEvalZero
715*10465441SEvalZero switch (l2tp->phase) {
716*10465441SEvalZero case PPPOL2TP_STATE_SCCRQ_SENT:
717*10465441SEvalZero /* backoff wait */
718*10465441SEvalZero if (l2tp->sccrq_retried < 0xff) {
719*10465441SEvalZero l2tp->sccrq_retried++;
720*10465441SEvalZero }
721*10465441SEvalZero if (!l2tp->ppp->settings.persist && l2tp->sccrq_retried >= PPPOL2TP_MAXSCCRQ) {
722*10465441SEvalZero pppol2tp_abort_connect(l2tp);
723*10465441SEvalZero return;
724*10465441SEvalZero }
725*10465441SEvalZero retry_wait = LWIP_MIN(PPPOL2TP_CONTROL_TIMEOUT * l2tp->sccrq_retried, PPPOL2TP_SLOW_RETRY);
726*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: sccrq_retried=%d\n", l2tp->sccrq_retried));
727*10465441SEvalZero if ((err = pppol2tp_send_sccrq(l2tp)) != 0) {
728*10465441SEvalZero l2tp->sccrq_retried--;
729*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCRQ, error=%d\n", err));
730*10465441SEvalZero }
731*10465441SEvalZero sys_timeout(retry_wait, pppol2tp_timeout, l2tp);
732*10465441SEvalZero break;
733*10465441SEvalZero
734*10465441SEvalZero case PPPOL2TP_STATE_ICRQ_SENT:
735*10465441SEvalZero l2tp->icrq_retried++;
736*10465441SEvalZero if (l2tp->icrq_retried >= PPPOL2TP_MAXICRQ) {
737*10465441SEvalZero pppol2tp_abort_connect(l2tp);
738*10465441SEvalZero return;
739*10465441SEvalZero }
740*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: icrq_retried=%d\n", l2tp->icrq_retried));
741*10465441SEvalZero if (l2tp->peer_nr <= l2tp->our_ns -1) { /* the SCCCN was not acknowledged */
742*10465441SEvalZero if ((err = pppol2tp_send_scccn(l2tp, l2tp->our_ns -1)) != 0) {
743*10465441SEvalZero l2tp->icrq_retried--;
744*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send SCCCN, error=%d\n", err));
745*10465441SEvalZero sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
746*10465441SEvalZero break;
747*10465441SEvalZero }
748*10465441SEvalZero }
749*10465441SEvalZero if ((err = pppol2tp_send_icrq(l2tp, l2tp->our_ns)) != 0) {
750*10465441SEvalZero l2tp->icrq_retried--;
751*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICRQ, error=%d\n", err));
752*10465441SEvalZero }
753*10465441SEvalZero sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
754*10465441SEvalZero break;
755*10465441SEvalZero
756*10465441SEvalZero case PPPOL2TP_STATE_ICCN_SENT:
757*10465441SEvalZero l2tp->iccn_retried++;
758*10465441SEvalZero if (l2tp->iccn_retried >= PPPOL2TP_MAXICCN) {
759*10465441SEvalZero pppol2tp_abort_connect(l2tp);
760*10465441SEvalZero return;
761*10465441SEvalZero }
762*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: iccn_retried=%d\n", l2tp->iccn_retried));
763*10465441SEvalZero if ((err = pppol2tp_send_iccn(l2tp, l2tp->our_ns)) != 0) {
764*10465441SEvalZero l2tp->iccn_retried--;
765*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: failed to send ICCN, error=%d\n", err));
766*10465441SEvalZero }
767*10465441SEvalZero sys_timeout(PPPOL2TP_CONTROL_TIMEOUT, pppol2tp_timeout, l2tp);
768*10465441SEvalZero break;
769*10465441SEvalZero
770*10465441SEvalZero default:
771*10465441SEvalZero return; /* all done, work in peace */
772*10465441SEvalZero }
773*10465441SEvalZero }
774*10465441SEvalZero
775*10465441SEvalZero /* Connection attempt aborted */
pppol2tp_abort_connect(pppol2tp_pcb * l2tp)776*10465441SEvalZero static void pppol2tp_abort_connect(pppol2tp_pcb *l2tp) {
777*10465441SEvalZero PPPDEBUG(LOG_DEBUG, ("pppol2tp: could not establish connection\n"));
778*10465441SEvalZero l2tp->phase = PPPOL2TP_STATE_INITIAL;
779*10465441SEvalZero ppp_link_failed(l2tp->ppp); /* notify upper layers */
780*10465441SEvalZero }
781*10465441SEvalZero
782*10465441SEvalZero /* Initiate a new tunnel */
pppol2tp_send_sccrq(pppol2tp_pcb * l2tp)783*10465441SEvalZero static err_t pppol2tp_send_sccrq(pppol2tp_pcb *l2tp) {
784*10465441SEvalZero struct pbuf *pb;
785*10465441SEvalZero u8_t *p;
786*10465441SEvalZero u16_t len;
787*10465441SEvalZero
788*10465441SEvalZero /* calculate UDP packet length */
789*10465441SEvalZero len = 12 +8 +8 +10 +10 +6+sizeof(PPPOL2TP_HOSTNAME)-1 +6+sizeof(PPPOL2TP_VENDORNAME)-1 +8 +8;
790*10465441SEvalZero #if PPPOL2TP_AUTH_SUPPORT
791*10465441SEvalZero if (l2tp->secret != NULL) {
792*10465441SEvalZero len += 6 + sizeof(l2tp->secret_rv);
793*10465441SEvalZero }
794*10465441SEvalZero #endif /* PPPOL2TP_AUTH_SUPPORT */
795*10465441SEvalZero
796*10465441SEvalZero /* allocate a buffer */
797*10465441SEvalZero pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
798*10465441SEvalZero if (pb == NULL) {
799*10465441SEvalZero return ERR_MEM;
800*10465441SEvalZero }
801*10465441SEvalZero LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
802*10465441SEvalZero
803*10465441SEvalZero p = (u8_t*)pb->payload;
804*10465441SEvalZero /* fill in pkt */
805*10465441SEvalZero /* L2TP control header */
806*10465441SEvalZero PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
807*10465441SEvalZero PUTSHORT(len, p); /* Length */
808*10465441SEvalZero PUTSHORT(0, p); /* Tunnel Id */
809*10465441SEvalZero PUTSHORT(0, p); /* Session Id */
810*10465441SEvalZero PUTSHORT(0, p); /* NS Sequence number - to peer */
811*10465441SEvalZero PUTSHORT(0, p); /* NR Sequence number - expected for peer */
812*10465441SEvalZero
813*10465441SEvalZero /* AVP - Message type */
814*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
815*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
816*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
817*10465441SEvalZero PUTSHORT(PPPOL2TP_MESSAGETYPE_SCCRQ, p); /* Attribute value: Message type: SCCRQ */
818*10465441SEvalZero
819*10465441SEvalZero /* AVP - L2TP Version */
820*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
821*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
822*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_VERSION, p); /* Attribute type: Version */
823*10465441SEvalZero PUTSHORT(PPPOL2TP_VERSION, p); /* Attribute value: L2TP Version */
824*10465441SEvalZero
825*10465441SEvalZero /* AVP - Framing capabilities */
826*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
827*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
828*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_FRAMINGCAPABILITIES, p); /* Attribute type: Framing capabilities */
829*10465441SEvalZero PUTLONG(PPPOL2TP_FRAMINGCAPABILITIES, p); /* Attribute value: Framing capabilities */
830*10465441SEvalZero
831*10465441SEvalZero /* AVP - Bearer capabilities */
832*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
833*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
834*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_BEARERCAPABILITIES, p); /* Attribute type: Bearer capabilities */
835*10465441SEvalZero PUTLONG(PPPOL2TP_BEARERCAPABILITIES, p); /* Attribute value: Bearer capabilities */
836*10465441SEvalZero
837*10465441SEvalZero /* AVP - Host name */
838*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6+sizeof(PPPOL2TP_HOSTNAME)-1, p); /* Mandatory flag + len field */
839*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
840*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_HOSTNAME, p); /* Attribute type: Hostname */
841*10465441SEvalZero MEMCPY(p, PPPOL2TP_HOSTNAME, sizeof(PPPOL2TP_HOSTNAME)-1); /* Attribute value: Hostname */
842*10465441SEvalZero INCPTR(sizeof(PPPOL2TP_HOSTNAME)-1, p);
843*10465441SEvalZero
844*10465441SEvalZero /* AVP - Vendor name */
845*10465441SEvalZero PUTSHORT(6+sizeof(PPPOL2TP_VENDORNAME)-1, p); /* len field */
846*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
847*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_VENDORNAME, p); /* Attribute type: Vendor name */
848*10465441SEvalZero MEMCPY(p, PPPOL2TP_VENDORNAME, sizeof(PPPOL2TP_VENDORNAME)-1); /* Attribute value: Vendor name */
849*10465441SEvalZero INCPTR(sizeof(PPPOL2TP_VENDORNAME)-1, p);
850*10465441SEvalZero
851*10465441SEvalZero /* AVP - Assign tunnel ID */
852*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
853*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
854*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_TUNNELID, p); /* Attribute type: Tunnel ID */
855*10465441SEvalZero PUTSHORT(l2tp->remote_tunnel_id, p); /* Attribute value: Tunnel ID */
856*10465441SEvalZero
857*10465441SEvalZero /* AVP - Receive window size */
858*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
859*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
860*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_RECEIVEWINDOWSIZE, p); /* Attribute type: Receive window size */
861*10465441SEvalZero PUTSHORT(PPPOL2TP_RECEIVEWINDOWSIZE, p); /* Attribute value: Receive window size */
862*10465441SEvalZero
863*10465441SEvalZero #if PPPOL2TP_AUTH_SUPPORT
864*10465441SEvalZero /* AVP - Challenge */
865*10465441SEvalZero if (l2tp->secret != NULL) {
866*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6 + sizeof(l2tp->secret_rv), p); /* Mandatory flag + len field */
867*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
868*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_CHALLENGE, p); /* Attribute type: Challenge */
869*10465441SEvalZero MEMCPY(p, l2tp->secret_rv, sizeof(l2tp->secret_rv)); /* Attribute value: Random vector */
870*10465441SEvalZero INCPTR(sizeof(l2tp->secret_rv), p);
871*10465441SEvalZero }
872*10465441SEvalZero #endif /* PPPOL2TP_AUTH_SUPPORT */
873*10465441SEvalZero
874*10465441SEvalZero return pppol2tp_udp_send(l2tp, pb);
875*10465441SEvalZero }
876*10465441SEvalZero
877*10465441SEvalZero /* Complete tunnel establishment */
pppol2tp_send_scccn(pppol2tp_pcb * l2tp,u16_t ns)878*10465441SEvalZero static err_t pppol2tp_send_scccn(pppol2tp_pcb *l2tp, u16_t ns) {
879*10465441SEvalZero struct pbuf *pb;
880*10465441SEvalZero u8_t *p;
881*10465441SEvalZero u16_t len;
882*10465441SEvalZero
883*10465441SEvalZero /* calculate UDP packet length */
884*10465441SEvalZero len = 12 +8;
885*10465441SEvalZero #if PPPOL2TP_AUTH_SUPPORT
886*10465441SEvalZero if (l2tp->send_challenge) {
887*10465441SEvalZero len += 6 + sizeof(l2tp->challenge_hash);
888*10465441SEvalZero }
889*10465441SEvalZero #endif /* PPPOL2TP_AUTH_SUPPORT */
890*10465441SEvalZero
891*10465441SEvalZero /* allocate a buffer */
892*10465441SEvalZero pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
893*10465441SEvalZero if (pb == NULL) {
894*10465441SEvalZero return ERR_MEM;
895*10465441SEvalZero }
896*10465441SEvalZero LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
897*10465441SEvalZero
898*10465441SEvalZero p = (u8_t*)pb->payload;
899*10465441SEvalZero /* fill in pkt */
900*10465441SEvalZero /* L2TP control header */
901*10465441SEvalZero PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
902*10465441SEvalZero PUTSHORT(len, p); /* Length */
903*10465441SEvalZero PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
904*10465441SEvalZero PUTSHORT(0, p); /* Session Id */
905*10465441SEvalZero PUTSHORT(ns, p); /* NS Sequence number - to peer */
906*10465441SEvalZero PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
907*10465441SEvalZero
908*10465441SEvalZero /* AVP - Message type */
909*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
910*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
911*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
912*10465441SEvalZero PUTSHORT(PPPOL2TP_MESSAGETYPE_SCCCN, p); /* Attribute value: Message type: SCCCN */
913*10465441SEvalZero
914*10465441SEvalZero #if PPPOL2TP_AUTH_SUPPORT
915*10465441SEvalZero /* AVP - Challenge response */
916*10465441SEvalZero if (l2tp->send_challenge) {
917*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 6 + sizeof(l2tp->challenge_hash), p); /* Mandatory flag + len field */
918*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
919*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_CHALLENGERESPONSE, p); /* Attribute type: Challenge response */
920*10465441SEvalZero MEMCPY(p, l2tp->challenge_hash, sizeof(l2tp->challenge_hash)); /* Attribute value: Computed challenge */
921*10465441SEvalZero INCPTR(sizeof(l2tp->challenge_hash), p);
922*10465441SEvalZero }
923*10465441SEvalZero #endif /* PPPOL2TP_AUTH_SUPPORT */
924*10465441SEvalZero
925*10465441SEvalZero return pppol2tp_udp_send(l2tp, pb);
926*10465441SEvalZero }
927*10465441SEvalZero
928*10465441SEvalZero /* Initiate a new session */
pppol2tp_send_icrq(pppol2tp_pcb * l2tp,u16_t ns)929*10465441SEvalZero static err_t pppol2tp_send_icrq(pppol2tp_pcb *l2tp, u16_t ns) {
930*10465441SEvalZero struct pbuf *pb;
931*10465441SEvalZero u8_t *p;
932*10465441SEvalZero u16_t len;
933*10465441SEvalZero u32_t serialnumber;
934*10465441SEvalZero
935*10465441SEvalZero /* calculate UDP packet length */
936*10465441SEvalZero len = 12 +8 +8 +10;
937*10465441SEvalZero
938*10465441SEvalZero /* allocate a buffer */
939*10465441SEvalZero pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
940*10465441SEvalZero if (pb == NULL) {
941*10465441SEvalZero return ERR_MEM;
942*10465441SEvalZero }
943*10465441SEvalZero LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
944*10465441SEvalZero
945*10465441SEvalZero p = (u8_t*)pb->payload;
946*10465441SEvalZero /* fill in pkt */
947*10465441SEvalZero /* L2TP control header */
948*10465441SEvalZero PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
949*10465441SEvalZero PUTSHORT(len, p); /* Length */
950*10465441SEvalZero PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
951*10465441SEvalZero PUTSHORT(0, p); /* Session Id */
952*10465441SEvalZero PUTSHORT(ns, p); /* NS Sequence number - to peer */
953*10465441SEvalZero PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
954*10465441SEvalZero
955*10465441SEvalZero /* AVP - Message type */
956*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
957*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
958*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
959*10465441SEvalZero PUTSHORT(PPPOL2TP_MESSAGETYPE_ICRQ, p); /* Attribute value: Message type: ICRQ */
960*10465441SEvalZero
961*10465441SEvalZero /* AVP - Assign session ID */
962*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
963*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
964*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_SESSIONID, p); /* Attribute type: Session ID */
965*10465441SEvalZero PUTSHORT(l2tp->remote_session_id, p); /* Attribute value: Session ID */
966*10465441SEvalZero
967*10465441SEvalZero /* AVP - Call Serial Number */
968*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
969*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
970*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_CALLSERIALNUMBER, p); /* Attribute type: Serial number */
971*10465441SEvalZero serialnumber = magic();
972*10465441SEvalZero PUTLONG(serialnumber, p); /* Attribute value: Serial number */
973*10465441SEvalZero
974*10465441SEvalZero return pppol2tp_udp_send(l2tp, pb);
975*10465441SEvalZero }
976*10465441SEvalZero
977*10465441SEvalZero /* Complete tunnel establishment */
pppol2tp_send_iccn(pppol2tp_pcb * l2tp,u16_t ns)978*10465441SEvalZero static err_t pppol2tp_send_iccn(pppol2tp_pcb *l2tp, u16_t ns) {
979*10465441SEvalZero struct pbuf *pb;
980*10465441SEvalZero u8_t *p;
981*10465441SEvalZero u16_t len;
982*10465441SEvalZero
983*10465441SEvalZero /* calculate UDP packet length */
984*10465441SEvalZero len = 12 +8 +10 +10;
985*10465441SEvalZero
986*10465441SEvalZero /* allocate a buffer */
987*10465441SEvalZero pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
988*10465441SEvalZero if (pb == NULL) {
989*10465441SEvalZero return ERR_MEM;
990*10465441SEvalZero }
991*10465441SEvalZero LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
992*10465441SEvalZero
993*10465441SEvalZero p = (u8_t*)pb->payload;
994*10465441SEvalZero /* fill in pkt */
995*10465441SEvalZero /* L2TP control header */
996*10465441SEvalZero PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
997*10465441SEvalZero PUTSHORT(len, p); /* Length */
998*10465441SEvalZero PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
999*10465441SEvalZero PUTSHORT(l2tp->source_session_id, p); /* Session Id */
1000*10465441SEvalZero PUTSHORT(ns, p); /* NS Sequence number - to peer */
1001*10465441SEvalZero PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
1002*10465441SEvalZero
1003*10465441SEvalZero /* AVP - Message type */
1004*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
1005*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
1006*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
1007*10465441SEvalZero PUTSHORT(PPPOL2TP_MESSAGETYPE_ICCN, p); /* Attribute value: Message type: ICCN */
1008*10465441SEvalZero
1009*10465441SEvalZero /* AVP - Framing type */
1010*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
1011*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
1012*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_FRAMINGTYPE, p); /* Attribute type: Framing type */
1013*10465441SEvalZero PUTLONG(PPPOL2TP_FRAMINGTYPE, p); /* Attribute value: Framing type */
1014*10465441SEvalZero
1015*10465441SEvalZero /* AVP - TX Connect speed */
1016*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 10, p); /* Mandatory flag + len field */
1017*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
1018*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_TXCONNECTSPEED, p); /* Attribute type: TX Connect speed */
1019*10465441SEvalZero PUTLONG(PPPOL2TP_TXCONNECTSPEED, p); /* Attribute value: TX Connect speed */
1020*10465441SEvalZero
1021*10465441SEvalZero return pppol2tp_udp_send(l2tp, pb);
1022*10465441SEvalZero }
1023*10465441SEvalZero
1024*10465441SEvalZero /* Send a ZLB ACK packet */
pppol2tp_send_zlb(pppol2tp_pcb * l2tp,u16_t ns)1025*10465441SEvalZero static err_t pppol2tp_send_zlb(pppol2tp_pcb *l2tp, u16_t ns) {
1026*10465441SEvalZero struct pbuf *pb;
1027*10465441SEvalZero u8_t *p;
1028*10465441SEvalZero u16_t len;
1029*10465441SEvalZero
1030*10465441SEvalZero /* calculate UDP packet length */
1031*10465441SEvalZero len = 12;
1032*10465441SEvalZero
1033*10465441SEvalZero /* allocate a buffer */
1034*10465441SEvalZero pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
1035*10465441SEvalZero if (pb == NULL) {
1036*10465441SEvalZero return ERR_MEM;
1037*10465441SEvalZero }
1038*10465441SEvalZero LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
1039*10465441SEvalZero
1040*10465441SEvalZero p = (u8_t*)pb->payload;
1041*10465441SEvalZero /* fill in pkt */
1042*10465441SEvalZero /* L2TP control header */
1043*10465441SEvalZero PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
1044*10465441SEvalZero PUTSHORT(len, p); /* Length */
1045*10465441SEvalZero PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
1046*10465441SEvalZero PUTSHORT(0, p); /* Session Id */
1047*10465441SEvalZero PUTSHORT(ns, p); /* NS Sequence number - to peer */
1048*10465441SEvalZero PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
1049*10465441SEvalZero
1050*10465441SEvalZero return pppol2tp_udp_send(l2tp, pb);
1051*10465441SEvalZero }
1052*10465441SEvalZero
1053*10465441SEvalZero /* Send a StopCCN packet */
pppol2tp_send_stopccn(pppol2tp_pcb * l2tp,u16_t ns)1054*10465441SEvalZero static err_t pppol2tp_send_stopccn(pppol2tp_pcb *l2tp, u16_t ns) {
1055*10465441SEvalZero struct pbuf *pb;
1056*10465441SEvalZero u8_t *p;
1057*10465441SEvalZero u16_t len;
1058*10465441SEvalZero
1059*10465441SEvalZero /* calculate UDP packet length */
1060*10465441SEvalZero len = 12 +8 +8 +8;
1061*10465441SEvalZero
1062*10465441SEvalZero /* allocate a buffer */
1063*10465441SEvalZero pb = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
1064*10465441SEvalZero if (pb == NULL) {
1065*10465441SEvalZero return ERR_MEM;
1066*10465441SEvalZero }
1067*10465441SEvalZero LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
1068*10465441SEvalZero
1069*10465441SEvalZero p = (u8_t*)pb->payload;
1070*10465441SEvalZero /* fill in pkt */
1071*10465441SEvalZero /* L2TP control header */
1072*10465441SEvalZero PUTSHORT(PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY, p);
1073*10465441SEvalZero PUTSHORT(len, p); /* Length */
1074*10465441SEvalZero PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
1075*10465441SEvalZero PUTSHORT(0, p); /* Session Id */
1076*10465441SEvalZero PUTSHORT(ns, p); /* NS Sequence number - to peer */
1077*10465441SEvalZero PUTSHORT(l2tp->peer_ns+1, p); /* NR Sequence number - expected for peer */
1078*10465441SEvalZero
1079*10465441SEvalZero /* AVP - Message type */
1080*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
1081*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
1082*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_MESSAGE, p); /* Attribute type: Message Type */
1083*10465441SEvalZero PUTSHORT(PPPOL2TP_MESSAGETYPE_STOPCCN, p); /* Attribute value: Message type: StopCCN */
1084*10465441SEvalZero
1085*10465441SEvalZero /* AVP - Assign tunnel ID */
1086*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
1087*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
1088*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_TUNNELID, p); /* Attribute type: Tunnel ID */
1089*10465441SEvalZero PUTSHORT(l2tp->remote_tunnel_id, p); /* Attribute value: Tunnel ID */
1090*10465441SEvalZero
1091*10465441SEvalZero /* AVP - Result code */
1092*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPHEADERFLAG_MANDATORY + 8, p); /* Mandatory flag + len field */
1093*10465441SEvalZero PUTSHORT(0, p); /* Vendor ID */
1094*10465441SEvalZero PUTSHORT(PPPOL2TP_AVPTYPE_RESULTCODE, p); /* Attribute type: Result code */
1095*10465441SEvalZero PUTSHORT(PPPOL2TP_RESULTCODE, p); /* Attribute value: Result code */
1096*10465441SEvalZero
1097*10465441SEvalZero return pppol2tp_udp_send(l2tp, pb);
1098*10465441SEvalZero }
1099*10465441SEvalZero
pppol2tp_xmit(pppol2tp_pcb * l2tp,struct pbuf * pb)1100*10465441SEvalZero static err_t pppol2tp_xmit(pppol2tp_pcb *l2tp, struct pbuf *pb) {
1101*10465441SEvalZero u8_t *p;
1102*10465441SEvalZero
1103*10465441SEvalZero /* make room for L2TP header - should not fail */
1104*10465441SEvalZero if (pbuf_header(pb, (s16_t)PPPOL2TP_OUTPUT_DATA_HEADER_LEN) != 0) {
1105*10465441SEvalZero /* bail out */
1106*10465441SEvalZero PPPDEBUG(LOG_ERR, ("pppol2tp: pppol2tp_pcb: could not allocate room for L2TP header\n"));
1107*10465441SEvalZero LINK_STATS_INC(link.lenerr);
1108*10465441SEvalZero pbuf_free(pb);
1109*10465441SEvalZero return ERR_BUF;
1110*10465441SEvalZero }
1111*10465441SEvalZero
1112*10465441SEvalZero p = (u8_t*)pb->payload;
1113*10465441SEvalZero PUTSHORT(PPPOL2TP_HEADERFLAG_DATA_MANDATORY, p);
1114*10465441SEvalZero PUTSHORT(l2tp->source_tunnel_id, p); /* Tunnel Id */
1115*10465441SEvalZero PUTSHORT(l2tp->source_session_id, p); /* Session Id */
1116*10465441SEvalZero
1117*10465441SEvalZero return pppol2tp_udp_send(l2tp, pb);
1118*10465441SEvalZero }
1119*10465441SEvalZero
pppol2tp_udp_send(pppol2tp_pcb * l2tp,struct pbuf * pb)1120*10465441SEvalZero static err_t pppol2tp_udp_send(pppol2tp_pcb *l2tp, struct pbuf *pb) {
1121*10465441SEvalZero err_t err;
1122*10465441SEvalZero if (l2tp->netif) {
1123*10465441SEvalZero err = udp_sendto_if(l2tp->udp, pb, &l2tp->remote_ip, l2tp->tunnel_port, l2tp->netif);
1124*10465441SEvalZero } else {
1125*10465441SEvalZero err = udp_sendto(l2tp->udp, pb, &l2tp->remote_ip, l2tp->tunnel_port);
1126*10465441SEvalZero }
1127*10465441SEvalZero pbuf_free(pb);
1128*10465441SEvalZero return err;
1129*10465441SEvalZero }
1130*10465441SEvalZero
1131*10465441SEvalZero #endif /* PPP_SUPPORT && PPPOL2TP_SUPPORT */
1132