search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Correct PPTP server firewall rules chain.
[tomato/davidwu.git] / release / src / router / rp-l2tp / l2tp.h
blobd8aae782d9aa793c9b7fa1c362db815cd0c8462d
1 /***********************************************************************
2 *
3 * lt2p.h
4 *
5 * Header file for L2TP definitions.
6 *
7 * Copyright (C) 2002 Roaring Penguin Software Inc.
8 *
9 * LIC: GPL
10 *
11 ***********************************************************************/
12
13 #ifndef L2TP_H
14 #define L2TP_H
15
16 #include <stdint.h>
17 #include <netinet/in.h>
18 #include <arpa/inet.h>
19 #include <net/route.h>
20
21 #include "hash.h"
22 #include "event.h"
23
24 #define ENABLE_DEBUG
25
26 #ifdef ENABLE_DEBUG
27 #define DBG(x) x
28 #else
29 #define DBG(x) (void) 0
30 #endif
31
32 #define MD5LEN 16 /* Length of MD5 hash */
33
34 /* Debug bitmasks */
35 #define DBG_TUNNEL 1 /* Tunnel-related events */
36 #define DBG_XMIT_RCV 2 /* Datagram transmission/reception */
37 #define DBG_AUTH 4 /* Authentication */
38 #define DBG_SESSION 8 /* Session-related events */
39 #define DBG_FLOW 16 /* Flow control code */
40 #define DBG_AVP 32 /* Hiding/showing of AVP's */
41 #define DBG_SNOOP 64 /* Snooping in on LCP */
42
43 /* Maximum size of L2TP datagram we accept... kludge... */
44 #define MAX_PACKET_LEN 4096
45
46 #define MAX_SECRET_LEN 96
47 #define MAX_HOSTNAME 128
48 #define MAX_OPTS 64
49
50 #define MAX_RETRANSMISSIONS 5
51
52 #define EXTRA_HEADER_ROOM 32
53
54 /* Forward declarations */
55
56 /* an L2TP datagram */
57 typedef struct l2tp_dgram_t {
58 uint16_t msg_type; /* Message type */
59 uint8_t bits; /* Options bits */
60 uint8_t version; /* Version */
61 uint16_t length; /* Length (opt) */
62 uint16_t tid; /* Tunnel ID */
63 uint16_t sid; /* Session ID */
64 uint16_t Ns; /* Ns (opt) */
65 uint16_t Nr; /* Nr (opt) */
66 uint16_t off_size; /* Offset size (opt) */
67 unsigned char data[MAX_PACKET_LEN]; /* Data */
68 size_t last_random; /* Offset of last random vector AVP */
69 size_t payload_len; /* Payload len (not including L2TP header) */
70 size_t cursor; /* Cursor for adding/stripping AVP's */
71 size_t alloc_len; /* Length allocated for data */
72 struct l2tp_dgram_t *next; /* Link to next packet in xmit queue */
73 } l2tp_dgram;
74
75 /* An L2TP peer */
76 typedef struct l2tp_peer_t {
77 hash_bucket hash; /* all_peers hash (hashed by address) */
78 struct sockaddr_in addr; /* Peer's address */
79 int mask_bits; /* Peer's netmask in number of bits */
80 char hostname[MAX_HOSTNAME]; /* My hostname as presented to this peer. */
81 size_t hostname_len; /* Length of my hostname */
82 char peername[MAX_HOSTNAME]; /* Peer's hostname. */
83 size_t peername_len; /* Length of hostname */
84 char secret[MAX_SECRET_LEN]; /* Secret for this peer */
85 size_t secret_len; /* Length of secret */
86 struct l2tp_call_ops_t *lac_ops; /* Call ops if we act as LAC */
87 char *lac_options[MAX_OPTS+1]; /* Handler options if we act as LAC */
88 int num_lac_options; /* Number of above */
89 struct l2tp_call_ops_t *lns_ops; /* Call ops if we act as LNS */
90 char *lns_options[MAX_OPTS+1]; /* Handler options if we act as LNS */
91 int num_lns_options; /* Number of above */
92 int hide_avps; /* If true, hide AVPs to this peer */
93 int retain_tunnel; /* If true, keep tunnel after last session is
94 deleted. Otherwise, delete tunnel too. */
95 int validate_peer_ip; /* If true, do not accept datagrams except
96 from initial peer IP address */
97 int persist; /* If true, keep session established */
98 int holdoff; /* If persist is true, delay after which the
99 session is re-established. */
100 int maxfail; /* If persist is true, try to establish a
101 broken session at most on maxfail times. */
102 int fail; /* Number of failed attempts. */
103 } l2tp_peer;
104
105 /* An L2TP tunnel */
106 typedef struct l2tp_tunnel_t {
107 hash_bucket hash_by_my_id; /* Hash bucket for tunnel hash table */
108 hash_bucket hash_by_peer; /* Hash bucket for tunnel-by-peer table */
109 hash_table sessions_by_my_id; /* Sessions in this tunnel */
110 uint16_t my_id; /* My tunnel ID */
111 uint16_t assigned_id; /* ID assigned by peer */
112 l2tp_peer *peer; /* The L2TP peer */
113 struct sockaddr_in peer_addr; /* Peer's address */
114 uint16_t Ns; /* Sequence of next packet to queue */
115 uint16_t Ns_on_wire; /* Sequence of next packet to be sent on wire */
116 uint16_t Nr; /* Expected sequence of next received packet */
117 uint16_t peer_Nr; /* Last packet ack'd by peer */
118 int ssthresh; /* Slow-start threshold */
119 int cwnd; /* Congestion window */
120 int cwnd_counter; /* Counter for incrementing cwnd in congestion-avoidance phase */
121 int timeout; /* Retransmission timeout (seconds) */
122 int retransmissions; /* Number of retransmissions */
123 int rws; /* Our receive window size */
124 int peer_rws; /* Peer receive window size */
125 EventSelector *es; /* The event selector */
126 EventHandler *hello_handler; /* Timer for sending HELLO */
127 EventHandler *timeout_handler; /* Handler for timeout */
128 EventHandler *ack_handler; /* Handler for sending Ack */
129 l2tp_dgram *xmit_queue_head; /* Head of control transmit queue */
130 l2tp_dgram *xmit_queue_tail; /* Tail of control transmit queue */
131 l2tp_dgram *xmit_new_dgrams; /* dgrams which have not been transmitted */
132 char peer_hostname[MAX_HOSTNAME]; /* Peer's host name */
133 unsigned char response[MD5LEN]; /* Our response to challenge */
134 unsigned char expected_response[MD5LEN]; /* Expected resp. to challenge */
135 int state; /* Tunnel state */
136 struct rtentry rt; /* Route added to destination */
137 } l2tp_tunnel;
138
139 /* A session within a tunnel */
140 typedef struct l2tp_session_t {
141 hash_bucket hash_by_my_id; /* Hash bucket for session table */
142 l2tp_tunnel *tunnel; /* Tunnel we belong to */
143 uint16_t my_id; /* My ID */
144 uint16_t assigned_id; /* Assigned ID */
145 int state; /* Session state */
146
147 /* Some flags */
148 unsigned int snooping:1; /* Are we snooping in on LCP? */
149 unsigned int got_send_accm:1; /* Do we have send_accm? */
150 unsigned int got_recv_accm:1; /* Do we have recv_accm? */
151 unsigned int we_are_lac:1; /* Are we a LAC? */
152 unsigned int sequencing_required:1; /* Sequencing required? */
153 unsigned int sent_sli:1; /* Did we send SLI yet? */
154
155 uint32_t send_accm; /* Negotiated send accm */
156 uint32_t recv_accm; /* Negotiated receive accm */
157 uint16_t Nr; /* Data sequence number */
158 uint16_t Ns; /* Data sequence number */
159 struct l2tp_call_ops_t *call_ops; /* Call ops */
160 char calling_number[MAX_HOSTNAME]; /* Calling number */
161 void *private; /* Private data for call-op's use */
162 } l2tp_session;
163
164 /* Call operations */
165 typedef struct l2tp_call_ops_t {
166 /* Called once session has been established (LAC) or when we want
167 to establish session (LNS) */
168 int (*establish)(l2tp_session *ses);
169
170 /* Called when session must be closed. May be called without
171 established() being called if session could not be established.*/
172 void (*close)(l2tp_session *ses, char const *reason, int may_reestablish);
173
174 /* Called when a PPP frame arrives over tunnel */
175 void (*handle_ppp_frame)(l2tp_session *ses, unsigned char *buf,
176 size_t len);
177 } l2tp_call_ops;
178
179 /* an LNS handler */
180 typedef struct l2tp_lns_handler_t {
181 struct l2tp_lns_handler_t *next;
182 char const *handler_name;
183 l2tp_call_ops *call_ops;
184 } l2tp_lns_handler;
185
186 /* an LAC handler */
187 typedef struct l2tp_lac_handler_t {
188 struct l2tp_lac_handler_t *next;
189 char const *handler_name;
190 l2tp_call_ops *call_ops;
191 } l2tp_lac_handler;
192
193 /* Settings */
194 typedef struct l2tp_settings_t {
195 int listen_port; /* Port we listen on */
196 struct in_addr listen_addr; /* IP to bind to */
197 } l2tp_settings;
198
199 extern l2tp_settings Settings;
200
201 /* Bit definitions */
202 #define TYPE_BIT 0x80
203 #define LENGTH_BIT 0x40
204 #define SEQUENCE_BIT 0x08
205 #define OFFSET_BIT 0x02
206 #define PRIORITY_BIT 0x01
207 #define RESERVED_BITS 0x34
208 #define VERSION_MASK 0x0F
209 #define VERSION_RESERVED 0xF0
210
211 #define AVP_MANDATORY_BIT 0x80
212 #define AVP_HIDDEN_BIT 0x40
213 #define AVP_RESERVED_BITS 0x3C
214
215 #define MANDATORY 1
216 #define NOT_MANDATORY 0
217 #define HIDDEN 1
218 #define NOT_HIDDEN 0
219 #define VENDOR_IETF 0
220
221 #define AVP_MESSAGE_TYPE 0
222 #define AVP_RESULT_CODE 1
223 #define AVP_PROTOCOL_VERSION 2
224 #define AVP_FRAMING_CAPABILITIES 3
225 #define AVP_BEARER_CAPABILITIES 4
226 #define AVP_TIE_BREAKER 5
227 #define AVP_FIRMWARE_REVISION 6
228 #define AVP_HOST_NAME 7
229 #define AVP_VENDOR_NAME 8
230 #define AVP_ASSIGNED_TUNNEL_ID 9
231 #define AVP_RECEIVE_WINDOW_SIZE 10
232 #define AVP_CHALLENGE 11
233 #define AVP_Q931_CAUSE_CODE 12
234 #define AVP_CHALLENGE_RESPONSE 13
235 #define AVP_ASSIGNED_SESSION_ID 14
236 #define AVP_CALL_SERIAL_NUMBER 15
237 #define AVP_MINIMUM_BPS 16
238 #define AVP_MAXIMUM_BPS 17
239 #define AVP_BEARER_TYPE 18
240 #define AVP_FRAMING_TYPE 19
241 #define AVP_CALLED_NUMBER 21
242 #define AVP_CALLING_NUMBER 22
243 #define AVP_SUB_ADDRESS 23
244 #define AVP_TX_CONNECT_SPEED 24
245 #define AVP_PHYSICAL_CHANNEL_ID 25
246 #define AVP_INITIAL_RECEIVED_CONFREQ 26
247 #define AVP_LAST_SENT_CONFREQ 27
248 #define AVP_LAST_RECEIVED_CONFREQ 28
249 #define AVP_PROXY_AUTHEN_TYPE 29
250 #define AVP_PROXY_AUTHEN_NAME 30
251 #define AVP_PROXY_AUTHEN_CHALLENGE 31
252 #define AVP_PROXY_AUTHEN_ID 32
253 #define AVP_PROXY_AUTHEN_RESPONSE 33
254 #define AVP_CALL_ERRORS 34
255 #define AVP_ACCM 35
256 #define AVP_RANDOM_VECTOR 36
257 #define AVP_PRIVATE_GROUP_ID 37
258 #define AVP_RX_CONNECT_SPEED 38
259 #define AVP_SEQUENCING_REQUIRED 39
260
261 #define HIGHEST_AVP 39
262
263 #define MESSAGE_SCCRQ 1
264 #define MESSAGE_SCCRP 2
265 #define MESSAGE_SCCCN 3
266 #define MESSAGE_StopCCN 4
267 #define MESSAGE_HELLO 6
268
269 #define MESSAGE_OCRQ 7
270 #define MESSAGE_OCRP 8
271 #define MESSAGE_OCCN 9
272
273 #define MESSAGE_ICRQ 10
274 #define MESSAGE_ICRP 11
275 #define MESSAGE_ICCN 12
276
277 #define MESSAGE_CDN 14
278 #define MESSAGE_WEN 15
279 #define MESSAGE_SLI 16
280
281 /* A fake type for our own consumption */
282 #define MESSAGE_ZLB 32767
283
284 /* Result and error codes */
285 #define RESULT_GENERAL_REQUEST 1
286 #define RESULT_GENERAL_ERROR 2
287 #define RESULT_CHANNEL_EXISTS 3
288 #define RESULT_NOAUTH 4
289 #define RESULT_UNSUPPORTED_VERSION 5
290 #define RESULT_SHUTTING_DOWN 6
291 #define RESULT_FSM_ERROR 7
292
293 #define ERROR_OK 0
294 #define ERROR_NO_CONTROL_CONNECTION 1
295 #define ERROR_BAD_LENGTH 2
296 #define ERROR_BAD_VALUE 3
297 #define ERROR_OUT_OF_RESOURCES 4
298 #define ERROR_INVALID_SESSION_ID 5
299 #define ERROR_VENDOR_SPECIFIC 6
300 #define ERROR_TRY_ANOTHER 7
301 #define ERROR_UNKNOWN_AVP_WITH_M_BIT 8
302
303 /* Tunnel states */
304 enum {
305 TUNNEL_IDLE,
306 TUNNEL_WAIT_CTL_REPLY,
307 TUNNEL_WAIT_CTL_CONN,
308 TUNNEL_ESTABLISHED,
309 TUNNEL_RECEIVED_STOP_CCN,
310 TUNNEL_SENT_STOP_CCN
311 };
312
313 /* Session states */
314 enum {
315 SESSION_IDLE,
316 SESSION_WAIT_TUNNEL,
317 SESSION_WAIT_REPLY,
318 SESSION_WAIT_CONNECT,
319 SESSION_ESTABLISHED
320 };
321
322 /* Constants and structures for parsing config file */
323 typedef struct l2tp_opt_descriptor_t {
324 char const *name;
325 int type;
326 void *addr;
327 } l2tp_opt_descriptor;
328
329 /* Structures for option-handlers for different sections */
330 typedef struct option_handler_t {
331 struct option_handler_t *next;
332 char const *section;
333 int (*process_option)(EventSelector *, char const *, char const *);
334 } option_handler;
335
336 #define OPT_TYPE_BOOL 0
337 #define OPT_TYPE_INT 1
338 #define OPT_TYPE_IPADDR 2
339 #define OPT_TYPE_STRING 3
340 #define OPT_TYPE_CALLFUNC 4
341 #define OPT_TYPE_PORT 5 /* 1-65535 */
342
343 /* tunnel.c */
344 l2tp_session *l2tp_tunnel_find_session(l2tp_tunnel *tunnel, uint16_t sid);
345 l2tp_tunnel *l2tp_tunnel_find_by_my_id(uint16_t id);
346 l2tp_tunnel *l2tp_tunnel_find_for_peer(l2tp_peer *peer, EventSelector *es);
347 void l2tp_tunnel_add_session(l2tp_session *ses);
348 void l2tp_tunnel_reestablish(EventSelector *es, int fd, unsigned int flags, void *data);
349 void l2tp_tunnel_delete_session(l2tp_session *ses, char const *reason, int may_reestablish);
350 void l2tp_tunnel_handle_received_control_datagram(l2tp_dgram *dgram,
351 EventSelector *es,
352 struct sockaddr_in *from);
353 void l2tp_tunnel_init(EventSelector *es);
354 void l2tp_tunnel_xmit_control_message(l2tp_tunnel *tunnel, l2tp_dgram *dgram);
355 void l2tp_tunnel_stop_tunnel(l2tp_tunnel *tunnel, char const *reason);
356 void l2tp_tunnel_stop_all(char const *reason);
357
358 l2tp_session *l2tp_tunnel_first_session(l2tp_tunnel *tunnel, void **cursor);
359 l2tp_session *l2tp_tunnel_next_session(l2tp_tunnel *tunnel, void **cursor);
360 void tunnel_send_ZLB(l2tp_tunnel *tunnel);
361
362 /* Access functions */
363 int l2tp_num_tunnels(void);
364 l2tp_tunnel *l2tp_first_tunnel(void **cursor);
365 l2tp_tunnel *l2tp_next_tunnel(void **cursor);
366 char const *l2tp_tunnel_state_name(l2tp_tunnel *tunnel);
367
368 /* session.c */
369 void l2tp_session_lcp_snoop(l2tp_session *ses,
370 unsigned char const *buf,
371 int len,
372 int incoming);
373 int l2tp_session_register_lns_handler(l2tp_lns_handler *handler);
374 int l2tp_session_register_lac_handler(l2tp_lac_handler *handler);
375 l2tp_lns_handler *l2tp_session_find_lns_handler(char const *name);
376 l2tp_lac_handler *l2tp_session_find_lac_handler(char const *name);
377
378 void l2tp_session_send_CDN(l2tp_session *ses, int result_code, int error_code,
379 char const *fmt, ...);
380 void l2tp_session_hash_init(hash_table *tab);
381 void l2tp_session_free(l2tp_session *ses, char const *reason, int may_reestablish);
382 void l2tp_session_notify_tunnel_open(l2tp_session *ses);
383 void l2tp_session_lns_handle_incoming_call(l2tp_tunnel *tunnel,
384 uint16_t assigned_id,
385 l2tp_dgram *dgram,
386 char const *calling_number);
387 void l2tp_session_handle_CDN(l2tp_session *ses, l2tp_dgram *dgram);
388 void l2tp_session_handle_ICRP(l2tp_session *ses, l2tp_dgram *dgram);
389 void l2tp_session_handle_ICCN(l2tp_session *ses, l2tp_dgram *dgram);
390 char const *l2tp_session_state_name(l2tp_session *ses);
391
392 /* Call this when a LAC wants to send an incoming-call-request to an LNS */
393 l2tp_session *l2tp_session_call_lns(l2tp_peer *peer,
394 char const *calling_number,
395 EventSelector *es,
396 void *private);
397
398 /* dgram.c */
399 l2tp_dgram *l2tp_dgram_new(size_t len);
400 l2tp_dgram *l2tp_dgram_new_control(uint16_t msg_type, uint16_t tid, uint16_t sid);
401 void l2tp_dgram_free(l2tp_dgram *dgram);
402 l2tp_dgram *l2tp_dgram_take_from_wire(struct sockaddr_in *from);
403 int l2tp_dgram_send_to_wire(l2tp_dgram const *dgram,
404 struct sockaddr_in const *to);
405 int l2tp_dgram_send_ppp_frame(l2tp_session *ses, unsigned char const *buf,
406 int len);
407
408 unsigned char *l2tp_dgram_search_avp(l2tp_dgram *dgram,
409 l2tp_tunnel *tunnel,
410 int *mandatory,
411 int *hidden,
412 uint16_t *len,
413 uint16_t vendor,
414 uint16_t type);
415
416 unsigned char *l2tp_dgram_pull_avp(l2tp_dgram *dgram,
417 l2tp_tunnel *tunnel,
418 int *mandatory,
419 int *hidden,
420 uint16_t *len,
421 uint16_t *vendor,
422 uint16_t *type,
423 int *err);
424
425 int l2tp_dgram_add_avp(l2tp_dgram *dgram,
426 l2tp_tunnel *tunnel,
427 int mandatory,
428 uint16_t len,
429 uint16_t vendor,
430 uint16_t type,
431 void *val);
432
433 int l2tp_dgram_validate_avp(uint16_t vendor, uint16_t type,
434 uint16_t len, int mandatory);
435
436 /* utils.c */
437 typedef void (*l2tp_shutdown_func)(void *);
438
439 void l2tp_random_init(void);
440 void l2tp_random_fill(void *ptr, size_t size);
441 void l2tp_set_errmsg(char const *fmt, ...);
442 char const *l2tp_get_errmsg(void);
443 void l2tp_cleanup(void);
444 int l2tp_register_shutdown_handler(l2tp_shutdown_func f, void *data);
445 void l2tp_die(void);
446 int l2tp_load_handler(EventSelector *es, char const *fname);
447
448 #define L2TP_RANDOM_FILL(x) l2tp_random_fill(&(x), sizeof(x))
449
450 /* network.c */
451 extern int Sock;
452 //extern char Hostname[MAX_HOSTNAME]; //2005-04-14 by kanki
453
454 int l2tp_network_init(EventSelector *es);
455
456 /* peer.c */
457 void l2tp_peer_init(void);
458 l2tp_peer *l2tp_peer_find(struct sockaddr_in *addr, char const *hostname);
459 l2tp_peer *l2tp_peer_insert(struct sockaddr_in *addr);
460
461 /* debug.c */
462 char const *l2tp_debug_avp_type_to_str(uint16_t type);
463 char const *l2tp_debug_message_type_to_str(uint16_t type);
464 char const *l2tp_debug_tunnel_to_str(l2tp_tunnel *tunnel);
465 char const *l2tp_debug_session_to_str(l2tp_session *session);
466 char const *l2tp_debug_describe_dgram(l2tp_dgram const *dgram);
467 void l2tp_db(int what, char const *fmt, ...);
468 void l2tp_debug_set_bitmask(unsigned long mask);
469
470 /* auth.c */
471 void l2tp_auth_gen_response(uint16_t msg_type, char const *secret,
472 unsigned char const *challenge, size_t chal_len,
473 unsigned char buf[16]);
474
475 /* options.c */
476 int l2tp_parse_config_file(EventSelector *es,
477 char const *fname);
478 int l2tp_option_set(EventSelector *es,
479 char const *name,
480 char const *value,
481 l2tp_opt_descriptor descriptors[]);
482
483 void l2tp_option_register_section(option_handler *h);
484 char const *l2tp_chomp_word(char const *line, char *word);
485
486 #endif