search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Correct PPTP server firewall rules chain.
[tomato/davidwu.git] / release / src / router / xl2tpd / avp.c
blob5b0980f3ebe30b0da010cb892e7a03181ef9a77c
1 /*
2 * Layer Two Tunnelling Protocol Daemon
3 * Copyright (C) 1998 Adtran, Inc.
4 * Copyright (C) 2002 Jeff McAdams
5 *
6 * Mark Spencer
7 *
8 * This software is distributed under the terms
9 * of the GPL, which you should have received
10 * along with this source.
11 *
12 * Attribute Value Pair handler routines
13 */
14 #include <stdlib.h>
15 #include <string.h>
16 #include <stdio.h>
17 #include <errno.h>
18 #include <netinet/in.h>
19 #include "l2tp.h"
20
21 #define AVP_MAX 39
22
23 struct avp avps[] = {
24
25 {0, 1, &message_type_avp, "Message Type"},
26 {1, 1, &result_code_avp, "Result Code"},
27 {2, 1, &protocol_version_avp, "Protocol Version"},
28 {3, 1, &framing_caps_avp, "Framing Capabilities"},
29 {4, 1, &bearer_caps_avp, "Bearer Capabilities"},
30 {5, 0, NULL, "Tie Breaker"},
31 {6, 0, &firmware_rev_avp, "Firmware Revision"},
32 {7, 0, &hostname_avp, "Host Name"},
33 {8, 1, &vendor_avp, "Vendor Name"},
34 {9, 1, &assigned_tunnel_avp, "Assigned Tunnel ID"},
35 {10, 1, &receive_window_size_avp, "Receive Window Size"},
36 {11, 1, &challenge_avp, "Challenge"},
37 {12, 0, NULL, "Q.931 Cause Code"},
38 {13, 1, &chalresp_avp, "Challenge Response"},
39 {14, 1, &assigned_call_avp, "Assigned Call ID"},
40 {15, 1, &call_serno_avp, "Call Serial Number"},
41 {16, 1, NULL, "Minimum BPS"},
42 {17, 1, NULL, "Maximum BPS"},
43 {18, 1, &bearer_type_avp, "Bearer Type"},
44 {19, 1, &frame_type_avp, "Framing Type"},
45 {20, 1, &packet_delay_avp, "Packet Processing Delay"},
46 {21, 1, &dialed_number_avp, "Dialed Number"},
47 {22, 1, &dialing_number_avp, "Dialing Number"},
48 {23, 1, &sub_address_avp, "Sub-Address"},
49 {24, 1, &tx_speed_avp, "Transmit Connect Speed"},
50 {25, 1, &call_physchan_avp, "Physical channel ID"},
51 {26, 0, NULL, "Initial Received LCP Confreq"},
52 {27, 0, NULL, "Last Sent LCP Confreq"},
53 {28, 0, NULL, "Last Received LCP Confreq"},
54 {29, 1, &ignore_avp, "Proxy Authen Type"},
55 {30, 0, &ignore_avp, "Proxy Authen Name"},
56 {31, 0, &ignore_avp, "Proxy Authen Challenge"},
57 {32, 0, &ignore_avp, "Proxy Authen ID"},
58 {33, 1, &ignore_avp, "Proxy Authen Response"},
59 {34, 1, NULL, "Call Errors"},
60 {35, 1, &ignore_avp, "ACCM"},
61 {36, 1, &rand_vector_avp, "Random Vector"},
62 {37, 1, NULL, "Private Group ID"},
63 {38, 0, &rx_speed_avp, "Receive Connect Speed"},
64 {39, 1, &seq_reqd_avp, "Sequencing Required"}
65 };
66
67 char *msgtypes[] = {
68 NULL,
69 "Start-Control-Connection-Request",
70 "Start-Control-Connection-Reply",
71 "Start-Control-Connection-Connected",
72 "Stop-Control-Connection-Notification",
73 NULL,
74 "Hello",
75 "Outgoing-Call-Request",
76 "Outgoing-Call-Reply",
77 "Outgoing-Call-Connected",
78 "Incoming-Call-Request",
79 "Incoming-Call-Reply",
80 "Incoming-Call-Connected",
81 NULL,
82 "Call-Disconnect-Notify",
83 "WAN-Error-Notify",
84 "Set-Link-Info"
85 };
86
87 char *stopccn_result_codes[] = {
88 "Reserved",
89 "General request to clear control connection",
90 "General error--Error Code indicates the problem",
91 "Control channel already exists",
92 "Requester is not authorized to establish a control channel",
93 "The protocol version of the requester is not supported--Error Code indicates the highest version supported",
94 "Requester is being shut down",
95 "Finite State Machine error"
96 };
97
98 char *cdn_result_codes[] = {
99 "Reserved",
100 "Call disconnected due to loss of carrier",
101 "Call disconnected for the reason indicated in error code",
102 "Call disconnected for administrative reasons",
103 "Call failed due to lack of appropriate facilities being available (temporary condition)",
104 "Call failed due to lack of appropriate facilities being available (permanent condition)",
105 "Invalid destination",
106 "Call failed due to no carrier detected",
107 "Call failed due to lack of a dial tone",
108 "Call was no established within time allotted by LAC",
109 "Call was connected but no appropriate framing was detect"
110 };
111
112 void wrong_length (struct call *c, char *field, int expected, int found,
113 int min)
114 {
115 if (min)
116 snprintf (c->errormsg, sizeof (c->errormsg),
117 "%s: expected at least %d, got %d", field, expected, found);
118 else
119 snprintf (c->errormsg, sizeof (c->errormsg),
120 "%s: expected %d, got %d", field, expected, found);
121
122 c->error = ERROR_LENGTH;
123 c->result = RESULT_ERROR;
124 c->needclose = -1;
125 }
126
127 struct unaligned_u16 {
128 _u16 s;
129 } __attribute__((packed));
130
131 /*
132 * t, c, data, and datalen may be assumed to be defined for all avp's
133 */
134
135 int message_type_avp (struct tunnel *t, struct call *c, void *data,
136 int datalen)
137 {
138 /*
139 * This will be with every control message. It is critical that this
140 * procedure check for the validity of sending this kind of a message
141 * (assuming sanity check)
142 */
143
144 struct unaligned_u16 *raw = data;
145 c->msgtype = ntohs (raw[3].s);
146 if (datalen != 8)
147 {
148 if (DEBUG)
149 l2tp_log (LOG_DEBUG, "%s: wrong size (%d != 8)\n", __FUNCTION__,
150 datalen);
151 wrong_length (c, "Message Type", 8, datalen, 0);
152 return -EINVAL;
153 }
154 if ((c->msgtype > MAX_MSG) || (!msgtypes[c->msgtype]))
155 {
156 if (DEBUG)
157 l2tp_log (LOG_DEBUG, "%s: unknown message type %d\n", __FUNCTION__,
158 c->msgtype);
159 return -EINVAL;
160 }
161 if (gconfig.debug_avp)
162 if (DEBUG)
163 l2tp_log (LOG_DEBUG, "%s: message type %d (%s)\n", __FUNCTION__,
164 c->msgtype, msgtypes[c->msgtype]);
165 #ifdef SANITY
166 if (t->sanity)
167 {
168 /*
169 * Look ou our state for each message and make sure everything
170 * make sense...
171 */
172 if ((c != t->self) && (c->msgtype < Hello))
173 {
174 if (DEBUG)
175 l2tp_log (LOG_DEBUG,
176 "%s: attempting to negotiate tunnel inside a call!\n",
177 __FUNCTION__);
178 return -EINVAL;
179 }
180
181 switch (c->msgtype)
182 {
183 case SCCRQ:
184 if ((t->state != 0) && (t->state != SCCRQ))
185 {
186 /*
187 * When we handle tie breaker AVP's, then we'll check
188 * to see if we've both requested tunnels
189 */
190
191 if (DEBUG)
192 l2tp_log (LOG_DEBUG,
193 "%s: attempting to negotiate SCCRQ with state != 0\n",
194 __FUNCTION__);
195 return -EINVAL;
196 }
197 break;
198 case SCCRP:
199 if (t->state != SCCRQ)
200 {
201 if (DEBUG)
202 l2tp_log (LOG_DEBUG,
203 "%s: attempting to negotiate SCCRP with state != SCCRQ!\n",
204 __FUNCTION__);
205 return -EINVAL;
206 }
207 break;
208 case SCCCN:
209 if (t->state != SCCRP)
210 {
211 if (DEBUG)
212 l2tp_log (LOG_DEBUG,
213 "%s: attempting to negotiate SCCCN with state != SCCRP!\n",
214 __FUNCTION__);
215 return -EINVAL;
216 }
217 break;
218 case ICRQ:
219 if (t->state != SCCCN)
220 {
221 if (DEBUG)
222 l2tp_log (LOG_DEBUG,
223 "%s: attempting to negotiate ICRQ when state != SCCCN\n",
224 __FUNCTION__);
225 return -EINVAL;
226 }
227 if (c != t->self)
228 {
229 if (DEBUG)
230 l2tp_log (LOG_DEBUG,
231 "%s: attempting to negotiate ICRQ on a call!\n",
232 __FUNCTION__);
233 return -EINVAL;
234 }
235 break;
236 case ICRP:
237 if (t->state != SCCCN)
238 {
239 if (DEBUG)
240 l2tp_log (LOG_DEBUG,
241 "%s: attempting to negotiate ICRP on tunnel!=SCCCN\n",
242 __FUNCTION__);
243 return -EINVAL;
244 }
245 if (c->state != ICRQ)
246 {
247 if (DEBUG)
248 l2tp_log (LOG_DEBUG,
249 "%s: attempting to negotiate ICRP when state != ICRQ\n",
250 __FUNCTION__);
251 return -EINVAL;
252 }
253 break;
254 case ICCN:
255 if (c->state != ICRP)
256 {
257 if (DEBUG)
258 l2tp_log (LOG_DEBUG,
259 "%s: attempting to negotiate ICCN when state != ICRP\n",
260 __FUNCTION__);
261 return -EINVAL;
262 }
263 break;
264 case SLI:
265 if (c->state != ICCN)
266 {
267 if (DEBUG)
268 l2tp_log (LOG_DEBUG,
269 "%s: attempting to negotiate SLI when state != ICCN\n",
270 __FUNCTION__);
271 return -EINVAL;
272 }
273 break;
274 case OCRP: /* jz: case for ORCP */
275 if (t->state != SCCCN)
276 {
277 if (DEBUG)
278 l2tp_log (LOG_DEBUG,
279 "%s: attempting to negotiate OCRP on tunnel!=SCCCN\n",
280 __FUNCTION__);
281 return -EINVAL;
282 }
283 if (c->state != OCRQ)
284 {
285 if (DEBUG)
286 l2tp_log (LOG_DEBUG,
287 "%s: attempting to negotiate OCRP when state != OCRQ\n",
288 __FUNCTION__);
289 return -EINVAL;
290 }
291 break;
292 case OCCN: /* jz: case for OCCN */
293
294 if (c->state != OCRQ)
295 {
296 if (DEBUG)
297 l2tp_log (LOG_DEBUG,
298 "%s: attempting to negotiate OCCN when state != OCRQ\n",
299 __FUNCTION__);
300 return -EINVAL;
301 }
302 break;
303 case StopCCN:
304 case CDN:
305 case Hello:
306 break;
307 default:
308 l2tp_log (LOG_WARNING, "%s: i don't know how to handle %s messages\n",
309 __FUNCTION__, msgtypes[c->msgtype]);
310 return -EINVAL;
311 }
312 }
313 #endif
314 if (c->msgtype == ICRQ)
315 {
316 struct call *tmp;
317 if (gconfig.debug_avp)
318 {
319 if (DEBUG)
320 l2tp_log (LOG_DEBUG, "%s: new incoming call\n", __FUNCTION__);
321 }
322 tmp = new_call (t);
323 if (!tmp)
324 {
325 l2tp_log (LOG_WARNING, "%s: unable to create new call\n", __FUNCTION__);
326 return -EINVAL;
327 }
328 tmp->next = t->call_head;
329 t->call_head = tmp;
330 t->count++;
331 /*
332 * Is this still safe to assume that the head will always
333 * be the most recent call being negotiated?
334 * Probably... FIXME anyway...
335 */
336
337 }
338 return 0;
339 }
340
341 int rand_vector_avp (struct tunnel *t, struct call *c, void *data,
342 int datalen)
343 {
344 int size;
345 struct unaligned_u16 *raw = data;
346 size = raw[0].s & 0x03FF;
347 size -= sizeof (struct avp_hdr);
348 #ifdef SANITY
349 if (t->sanity)
350 {
351 if (size < 0)
352 {
353 if (DEBUG)
354 l2tp_log (LOG_DEBUG, "%s: Random vector too small (%d < 0)\n",
355 __FUNCTION__, size);
356 wrong_length (c, "Random Vector", 6, datalen, 1);
357 return -EINVAL;
358 }
359 if (size > MAX_VECTOR_SIZE)
360 {
361 if (DEBUG)
362 l2tp_log (LOG_DEBUG, "%s: Random vector too large (%d > %d)\n",
363 __FUNCTION__, datalen, MAX_VECTOR_SIZE);
364 wrong_length (c, "Random Vector", 6, datalen, 1);
365 return -EINVAL;
366 }
367 }
368 #endif
369 if (gconfig.debug_avp)
370 l2tp_log (LOG_DEBUG, "%s: Random Vector of %d octets\n", __FUNCTION__,
371 size);
372 t->chal_us.vector = (unsigned char *) &raw[3].s;
373 t->chal_us.vector_len = size;
374 return 0;
375 }
376
377 int ignore_avp (struct tunnel *t, struct call *c, void *data, int datalen)
378 {
379 /*
380 * The spec says we have to accept authentication information
381 * even if we just ignore it, so that's exactly what
382 * we're going to do at this point. Proxy authentication is such
383 * a rediculous security threat anyway except from local
384 * controled machines.
385 *
386 * FIXME: I need to handle proxy authentication as an option.
387 * One option is to simply change the options we pass to pppd.
388 *
389 */
390 if (gconfig.debug_avp)
391 {
392 if (DEBUG)
393 l2tp_log (LOG_DEBUG, "%s : Ignoring AVP\n", __FUNCTION__);
394 }
395 return 0;
396 }
397
398 int seq_reqd_avp (struct tunnel *t, struct call *c, void *data, int datalen)
399 {
400 #ifdef SANITY
401 if (t->sanity)
402 {
403 if (datalen != 6)
404 {
405 if (DEBUG)
406 l2tp_log (LOG_DEBUG,
407 "%s: avp is incorrect size. %d != 6\n", __FUNCTION__,
408 datalen);
409 wrong_length (c, "Sequencing Required", 6, datalen, 1);
410 return -EINVAL;
411 }
412 switch (c->msgtype)
413 {
414 case ICCN:
415 break;
416 default:
417 if (DEBUG)
418 l2tp_log (LOG_DEBUG,
419 "%s: sequencing required not appropriate for %s!\n",
420 __FUNCTION__, msgtypes[c->msgtype]);
421 return -EINVAL;
422 }
423 }
424 #endif
425 if (gconfig.debug_avp)
426 {
427 if (DEBUG)
428 l2tp_log (LOG_DEBUG, "%s: peer requires sequencing.\n", __FUNCTION__);
429 }
430 c->seq_reqd = -1;
431 return 0;
432 }
433
434 int result_code_avp (struct tunnel *t, struct call *c, void *data,
435 int datalen)
436 {
437 /*
438 * Find out what version of l2tp the other side is using.
439 * I'm not sure what we're supposed to do with this but whatever..
440 */
441
442 int error;
443 int result;
444 struct unaligned_u16 *raw = data;
445 #ifdef SANITY
446 if (t->sanity)
447 {
448 if (datalen < 10)
449 {
450 if (DEBUG)
451 l2tp_log (LOG_DEBUG,
452 "%s: avp is incorrect size. %d < 10\n", __FUNCTION__,
453 datalen);
454 wrong_length (c, "Result Code", 10, datalen, 1);
455 return -EINVAL;
456 }
457 switch (c->msgtype)
458 {
459 case CDN:
460 case StopCCN:
461 break;
462 default:
463 if (DEBUG)
464 l2tp_log (LOG_DEBUG,
465 "%s: result code not appropriate for %s. Ignoring.\n",
466 __FUNCTION__, msgtypes[c->msgtype]);
467 return 0;
468 }
469 }
470 #endif
471 result = ntohs (raw[3].s);
472 error = ntohs (raw[4].s);
473
474 /*
475 * from prepare_StopCCN and prepare_CDN, note missing htons() call
476 * http://www.opensource.apple.com/source/ppp/ppp-412.3/Drivers/L2TP/L2TP-plugin/l2tp.c
477 */
478 if (((result & 0xFF) == 0) && (result >> 8 != 0))
479 {
480 if (DEBUG)
481 l2tp_log (LOG_DEBUG,
482 "%s: result code endianness fix for buggy Apple client. network=%d, le=%d\n",
483 __FUNCTION__, result, result >> 8);
484 result >>= 8;
485 }
486
487 if (((error & 0xFF) == 0) && (error >> 8 != 0))
488 {
489 if (DEBUG)
490 l2tp_log (LOG_DEBUG,
491 "%s: error code endianness fix for buggy Apple client. network=%d, le=%d\n",
492 __FUNCTION__, error, error >> 8);
493 error >>= 8;
494 }
495
496 if ((c->msgtype == StopCCN) && ((result > 7) || (result < 1)))
497 {
498 if (DEBUG)
499 l2tp_log (LOG_DEBUG,
500 "%s: result code out of range (%d %d %d). Ignoring.\n",
501 __FUNCTION__, result, error, datalen);
502 return 0;
503 }
504
505 if ((c->msgtype == CDN) && ((result > 11) || (result < 1)))
506 {
507 if (DEBUG)
508 l2tp_log (LOG_DEBUG,
509 "%s: result code out of range (%d %d %d). Ignoring.\n",
510 __FUNCTION__, result, error, datalen);
511 return 0;
512 }
513
514 c->error = error;
515 c->result = result;
516 safe_copy (c->errormsg, (char *) &raw[5].s, datalen - 10);
517 if (gconfig.debug_avp)
518 {
519 if (DEBUG && (c->msgtype == StopCCN))
520 {
521 l2tp_log (LOG_DEBUG,
522 "%s: peer closing for reason %d (%s), error = %d (%s)\n",
523 __FUNCTION__, result, stopccn_result_codes[result], error,
524 c->errormsg);
525 }
526 else
527 {
528 l2tp_log (LOG_DEBUG,
529 "%s: peer closing for reason %d (%s), error = %d (%s)\n",
530 __FUNCTION__, result, cdn_result_codes[result], error,
531 c->errormsg);
532 }
533 }
534 return 0;
535 }
536
537 int protocol_version_avp (struct tunnel *t, struct call *c, void *data,
538 int datalen)
539 {
540 /*
541 * Find out what version of l2tp the other side is using.
542 * I'm not sure what we're supposed to do with this but whatever..
543 */
544
545 int ver;
546 struct unaligned_u16 *raw = data;
547 #ifdef SANITY
548 if (t->sanity)
549 {
550 if (datalen != 8)
551 {
552 if (DEBUG)
553 l2tp_log (LOG_DEBUG,
554 "%s: avp is incorrect size. %d != 8\n", __FUNCTION__,
555 datalen);
556 wrong_length (c, "Protocol Version", 8, datalen, 1);
557 return -EINVAL;
558 }
559 switch (c->msgtype)
560 {
561 case SCCRP:
562 case SCCRQ:
563 break;
564 default:
565 if (DEBUG)
566 l2tp_log (LOG_DEBUG,
567 "%s: protocol version not appropriate for %s. Ignoring.\n",
568 __FUNCTION__, msgtypes[c->msgtype]);
569 return 0;
570 }
571 }
572 #endif
573 ver = ntohs (raw[3].s);
574 if (gconfig.debug_avp)
575 {
576 if (DEBUG)
577 l2tp_log (LOG_DEBUG,
578 "%s: peer is using version %d, revision %d.\n", __FUNCTION__,
579 (ver >> 8), ver & 0xFF);
580 }
581 return 0;
582 }
583
584 int framing_caps_avp (struct tunnel *t, struct call *c, void *data,
585 int datalen)
586 {
587 /*
588 * Retrieve the framing capabilities
589 * from the peer
590 */
591
592 int caps;
593 struct unaligned_u16 *raw = data;
594
595 #ifdef SANITY
596 if (t->sanity)
597 {
598 switch (c->msgtype)
599 {
600 case SCCRP:
601 case SCCRQ:
602 break;
603 default:
604 if (DEBUG)
605 l2tp_log (LOG_DEBUG,
606 "%s: framing capabilities not appropriate for %s. Ignoring.\n",
607 __FUNCTION__, msgtypes[c->msgtype]);
608 return 0;
609 }
610 if (datalen != 10)
611 {
612 if (DEBUG)
613 l2tp_log (LOG_DEBUG,
614 "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
615 datalen);
616 wrong_length (c, "Framming Capabilities", 10, datalen, 0);
617 return -EINVAL;
618 }
619 }
620 #endif
621 caps = ntohs (raw[4].s);
622 if (gconfig.debug_avp)
623 if (DEBUG)
624 l2tp_log (LOG_DEBUG,
625 "%s: supported peer frames:%s%s\n", __FUNCTION__,
626 caps & ASYNC_FRAMING ? " async" : "",
627 caps & SYNC_FRAMING ? " sync" : "");
628 t->fc = caps & (ASYNC_FRAMING | SYNC_FRAMING);
629 return 0;
630 }
631
632 int bearer_caps_avp (struct tunnel *t, struct call *c, void *data,
633 int datalen)
634 {
635 /*
636 * What kind of bearer channels does our peer support?
637 */
638 int caps;
639 struct unaligned_u16 *raw = data;
640
641 #ifdef SANITY
642 if (t->sanity)
643 {
644 switch (c->msgtype)
645 {
646 case SCCRP:
647 case SCCRQ:
648 break;
649 default:
650 if (DEBUG)
651 l2tp_log (LOG_DEBUG,
652 "%s: bearer capabilities not appropriate for message %s. Ignoring.\n",
653 __FUNCTION__, msgtypes[c->msgtype]);
654 return 0;
655 }
656 if (datalen != 10)
657 {
658 if (DEBUG)
659 l2tp_log (LOG_DEBUG,
660 "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
661 datalen);
662 wrong_length (c, "Bearer Capabilities", 10, datalen, 0);
663 return -EINVAL;
664 }
665 }
666 #endif
667 caps = ntohs (raw[4].s);
668 if (gconfig.debug_avp)
669 {
670 if (DEBUG)
671 {
672 l2tp_log (LOG_DEBUG,
673 "%s: supported peer bearers:%s%s\n",
674 __FUNCTION__,
675 caps & ANALOG_BEARER ? " analog" : "",
676 caps & DIGITAL_BEARER ? " digital" : "");
677 }
678
679 }
680 t->bc = caps & (ANALOG_BEARER | DIGITAL_BEARER);
681 return 0;
682 }
683
684
685 /* FIXME: I need to handle tie breakers eventually */
686
687 int firmware_rev_avp (struct tunnel *t, struct call *c, void *data,
688 int datalen)
689 {
690 /*
691 * Report and record remote firmware version
692 */
693 int ver;
694 struct unaligned_u16 *raw = data;
695
696 #ifdef SANITY
697 if (t->sanity)
698 {
699 switch (c->msgtype)
700 {
701 case SCCRP:
702 case SCCRQ:
703 break;
704 default:
705 if (DEBUG)
706 l2tp_log (LOG_DEBUG,
707 "%s: firmware revision not appropriate for message %s. Ignoring.\n",
708 __FUNCTION__, msgtypes[c->msgtype]);
709 return 0;
710 }
711 if (datalen != 8)
712 {
713 if (DEBUG)
714 l2tp_log (LOG_DEBUG,
715 "%s: avp is incorrect size. %d != 8\n", __FUNCTION__,
716 datalen);
717 wrong_length (c, "Firmware Revision", 8, datalen, 0);
718 return -EINVAL;
719 }
720 }
721 #endif
722 ver = ntohs (raw[3].s);
723 if (gconfig.debug_avp)
724 {
725 if (DEBUG)
726 l2tp_log (LOG_DEBUG,
727 "%s: peer reports firmware version %d (0x%.4x)\n",
728 __FUNCTION__, ver, ver);
729 }
730 t->firmware = ver;
731 return 0;
732 }
733
734 int bearer_type_avp (struct tunnel *t, struct call *c, void *data,
735 int datalen)
736 {
737 /*
738 * What kind of bearer channel is the call on?
739 */
740 int b;
741 struct unaligned_u16 *raw = data;
742
743 #ifdef SANITY
744 if (t->sanity)
745 {
746 switch (c->msgtype)
747 {
748 case ICRQ:
749 case OCRQ:
750 break;
751 default:
752 if (DEBUG)
753 l2tp_log (LOG_DEBUG,
754 "%s: bearer type not appropriate for message %s. Ignoring.\n",
755 __FUNCTION__, msgtypes[c->msgtype]);
756 return 0;
757 }
758 if (datalen != 10)
759 {
760 if (DEBUG)
761 l2tp_log (LOG_DEBUG,
762 "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
763 datalen);
764 wrong_length (c, "Bearer Type", 10, datalen, 0);
765 return -EINVAL;
766 }
767 }
768 #endif
769 b = ntohs (raw[4].s);
770 if (gconfig.debug_avp)
771 {
772 if (DEBUG)
773 l2tp_log (LOG_DEBUG,
774 "%s: peer bears:%s\n", __FUNCTION__,
775 b & ANALOG_BEARER ? " analog" : "digital");
776 }
777 t->call_head->bearer = b;
778 return 0;
779 }
780
781 int frame_type_avp (struct tunnel *t, struct call *c, void *data, int datalen)
782 {
783 /*
784 * What kind of frame channel is the call on?
785 */
786 int b;
787 struct unaligned_u16 *raw = data;
788
789 #ifdef SANITY
790 if (t->sanity)
791 {
792 switch (c->msgtype)
793 {
794 case ICCN:
795 case OCRQ:
796 case OCCN:
797 break;
798 default:
799 if (DEBUG)
800 l2tp_log (LOG_DEBUG,
801 "%s: frame type not appropriate for message %s. Ignoring.\n",
802 __FUNCTION__, msgtypes[c->msgtype]);
803 return 0;
804 }
805 if (datalen != 10)
806 {
807 if (DEBUG)
808 l2tp_log (LOG_DEBUG,
809 "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
810 datalen);
811 wrong_length (c, "Frame Type", 10, datalen, 0);
812 return -EINVAL;
813 }
814 }
815 #endif
816 b = ntohs (raw[4].s);
817 if (gconfig.debug_avp)
818 {
819 if (DEBUG)
820 l2tp_log (LOG_DEBUG,
821 "%s: peer uses:%s frames\n", __FUNCTION__,
822 b & ASYNC_FRAMING ? " async" : "sync");
823 }
824 c->frame = b;
825 return 0;
826 }
827
828 int hostname_avp (struct tunnel *t, struct call *c, void *data, int datalen)
829 {
830 /*
831 * What is the peer's name?
832 */
833 int size;
834 struct unaligned_u16 *raw = data;
835
836 #ifdef SANITY
837 if (t->sanity)
838 {
839 switch (c->msgtype)
840 {
841 case SCCRP:
842 case SCCRQ:
843 break;
844 default:
845 if (DEBUG)
846 l2tp_log (LOG_DEBUG,
847 "%s: hostname not appropriate for message %s. Ignoring.\n",
848 __FUNCTION__, msgtypes[c->msgtype]);
849 return 0;
850 }
851 if (datalen < 6)
852 {
853 if (DEBUG)
854 l2tp_log (LOG_DEBUG,
855 "%s: avp is too small. %d < 6\n", __FUNCTION__,
856 datalen);
857 wrong_length (c, "Hostname", 6, datalen, 1);
858 return -EINVAL;
859 }
860 }
861 #endif
862 size = raw[0].s & 0x03FF;
863 size -= sizeof (struct avp_hdr);
864 if (size > MAXSTRLEN - 1)
865 {
866 if (DEBUG)
867 l2tp_log (LOG_DEBUG, "%s: truncating reported hostname (size is %d)\n",
868 __FUNCTION__, size);
869 size = MAXSTRLEN - 1;
870 }
871 safe_copy (t->hostname, (char *) &raw[3].s, size);
872 if (gconfig.debug_avp)
873 {
874 if (DEBUG)
875 l2tp_log (LOG_DEBUG,
876 "%s: peer reports hostname '%s'\n", __FUNCTION__,
877 t->hostname);
878 }
879 return 0;
880 }
881
882 int dialing_number_avp (struct tunnel *t, struct call *c, void *data,
883 int datalen)
884 {
885 /*
886 * What is the peer's name?
887 */
888 int size;
889 struct unaligned_u16 *raw = data;
890
891 #ifdef SANITY
892 if (t->sanity)
893 {
894 switch (c->msgtype)
895 {
896 case ICRQ:
897 break;
898 default:
899 if (DEBUG)
900 l2tp_log (LOG_DEBUG,
901 "%s: dialing number not appropriate for message %s. Ignoring.\n",
902 __FUNCTION__, msgtypes[c->msgtype]);
903 return 0;
904 }
905 if (datalen < 6)
906 {
907 if (DEBUG)
908 l2tp_log (LOG_DEBUG,
909 "%s: avp is too small. %d < 6\n", __FUNCTION__,
910 datalen);
911 wrong_length (c, "Dialing Number", 6, datalen, 1);
912 return -EINVAL;
913 }
914 }
915 #endif
916 size = raw[0].s & 0x03FF;
917 size -= sizeof (struct avp_hdr);
918 if (size > MAXSTRLEN - 1)
919 {
920 if (DEBUG)
921 l2tp_log (LOG_DEBUG,
922 "%s: truncating reported dialing number (size is %d)\n",
923 __FUNCTION__, size);
924 size = MAXSTRLEN - 1;
925 }
926 safe_copy (t->call_head->dialing, (char *) &raw[3].s, size);
927 if (gconfig.debug_avp)
928 {
929 if (DEBUG)
930 l2tp_log (LOG_DEBUG,
931 "%s: peer reports dialing number '%s'\n", __FUNCTION__,
932 t->call_head->dialing);
933 }
934 return 0;
935 }
936
937 int dialed_number_avp (struct tunnel *t, struct call *c, void *data,
938 int datalen)
939 {
940 /*
941 * What is the peer's name?
942 */
943 int size;
944 struct unaligned_u16 *raw = data;
945
946 #ifdef SANITY
947 if (t->sanity)
948 {
949 switch (c->msgtype)
950 {
951 case OCRQ:
952 case ICRQ:
953 break;
954 default:
955 if (DEBUG)
956 l2tp_log (LOG_DEBUG,
957 "%s: dialed number not appropriate for message %s. Ignoring.\n",
958 __FUNCTION__, msgtypes[c->msgtype]);
959 return 0;
960 }
961 if (datalen < 6)
962 {
963 if (DEBUG)
964 l2tp_log (LOG_DEBUG,
965 "%s: avp is too small. %d < 6\n", __FUNCTION__,
966 datalen);
967 wrong_length (c, "Dialed Number", 6, datalen, 1);
968 return -EINVAL;
969 }
970 }
971 #endif
972 size = raw[0].s & 0x03FF;
973 size -= sizeof (struct avp_hdr);
974 if (size > MAXSTRLEN - 1)
975 {
976 if (DEBUG)
977 l2tp_log (LOG_DEBUG,
978 "%s: truncating reported dialed number (size is %d)\n",
979 __FUNCTION__, size);
980 size = MAXSTRLEN - 1;
981 }
982 safe_copy (t->call_head->dialed, (char *) &raw[3].s, size);
983 if (gconfig.debug_avp)
984 {
985 if (DEBUG)
986 l2tp_log (LOG_DEBUG,
987 "%s: peer reports dialed number '%s'\n", __FUNCTION__,
988 t->call_head->dialed);
989 }
990 return 0;
991 }
992
993 int sub_address_avp (struct tunnel *t, struct call *c, void *data,
994 int datalen)
995 {
996 /*
997 * What is the peer's name?
998 */
999 int size;
1000 struct unaligned_u16 *raw = data;
1001
1002 #ifdef SANITY
1003 if (t->sanity)
1004 {
1005 switch (c->msgtype)
1006 {
1007 case OCRP:
1008 case ICRQ:
1009 break;
1010 default:
1011 if (DEBUG)
1012 l2tp_log (LOG_DEBUG,
1013 "%s: sub_address not appropriate for message %s. Ignoring.\n",
1014 __FUNCTION__, msgtypes[c->msgtype]);
1015 return 0;
1016 }
1017 if (datalen < 6)
1018 {
1019 if (DEBUG)
1020 l2tp_log (LOG_DEBUG,
1021 "%s: avp is too small. %d < 6\n", __FUNCTION__,
1022 datalen);
1023 wrong_length (c, "Sub-address", 6, datalen, 1);
1024 return -EINVAL;
1025 }
1026 }
1027 #endif
1028 size = raw[0].s & 0x03FF;
1029 size -= sizeof (struct avp_hdr);
1030 if (size > MAXSTRLEN - 1)
1031 {
1032 if (DEBUG)
1033 l2tp_log (LOG_DEBUG,
1034 "%s: truncating reported sub address (size is %d)\n",
1035 __FUNCTION__, size);
1036 size = MAXSTRLEN - 1;
1037 }
1038 safe_copy (t->call_head->subaddy, (char *) &raw[3].s, size);
1039 if (gconfig.debug_avp)
1040 {
1041 if (DEBUG)
1042 l2tp_log (LOG_DEBUG,
1043 "%s: peer reports subaddress '%s'\n", __FUNCTION__,
1044 t->call_head->subaddy);
1045 }
1046 return 0;
1047 }
1048
1049 int vendor_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1050 {
1051 /*
1052 * What vendor makes the other end?
1053 */
1054 int size;
1055 struct unaligned_u16 *raw = data;
1056
1057 #ifdef SANITY
1058 if (t->sanity)
1059 {
1060 switch (c->msgtype)
1061 {
1062 case SCCRP:
1063 case SCCRQ:
1064 break;
1065 default:
1066 if (DEBUG)
1067 l2tp_log (LOG_DEBUG,
1068 "%s: vendor not appropriate for message %s. Ignoring.\n",
1069 __FUNCTION__, msgtypes[c->msgtype]);
1070 return 0;
1071 }
1072 if (datalen < 6)
1073 {
1074 if (DEBUG)
1075 l2tp_log (LOG_DEBUG,
1076 "%s: avp is too small. %d < 6\n", __FUNCTION__,
1077 datalen);
1078 wrong_length (c, "Vendor", 6, datalen, 1);
1079 return -EINVAL;
1080 }
1081 }
1082 #endif
1083 size = raw[0].s & 0x03FF;
1084 size -= sizeof (struct avp_hdr);
1085 if (size > MAXSTRLEN - 1)
1086 {
1087 if (DEBUG)
1088 l2tp_log (LOG_DEBUG, "%s: truncating reported vendor (size is %d)\n",
1089 __FUNCTION__, size);
1090 size = MAXSTRLEN - 1;
1091 }
1092 safe_copy (t->vendor, (char *) &raw[3].s, size);
1093 if (gconfig.debug_avp)
1094 {
1095 if (DEBUG)
1096 l2tp_log (LOG_DEBUG,
1097 "%s: peer reports vendor '%s'\n", __FUNCTION__, t->vendor);
1098 }
1099 return 0;
1100 }
1101
1102 int challenge_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1103 {
1104 /*
1105 * We are sent a challenge
1106 */
1107 struct unaligned_u16 *raw = data;
1108 int size;
1109 #ifdef SANITY
1110 if (t->sanity)
1111 {
1112 switch (c->msgtype)
1113 {
1114 case SCCRP:
1115 case SCCRQ:
1116 break;
1117 default:
1118 if (DEBUG)
1119 l2tp_log (LOG_DEBUG,
1120 "%s: challenge not appropriate for message %s. Ignoring.\n",
1121 __FUNCTION__, msgtypes[c->msgtype]);
1122 return 0;
1123 }
1124 if (datalen < 6)
1125 {
1126 if (DEBUG)
1127 l2tp_log (LOG_DEBUG,
1128 "%s: avp is too small. %d < 6\n", __FUNCTION__,
1129 datalen);
1130 wrong_length (c, "challenge", 6, datalen, 1);
1131 return -EINVAL;
1132 }
1133 }
1134 #endif
1135 /* size = raw[0].s & 0x0FFF; */
1136 /* length field of AVP's is only 10 bits long, not 12 */
1137 size = raw[0].s & 0x03FF;
1138 size -= sizeof (struct avp_hdr);
1139 /* if (size != MD_SIG_SIZE)
1140 {
1141 l2tp_log (LOG_DEBUG, "%s: Challenge is not the right length (%d != %d)\n",
1142 __FUNCTION__, size, MD_SIG_SIZE);
1143 return -EINVAL;
1144 } */
1145 if (t->chal_us.challenge)
1146 free(t->chal_us.challenge);
1147 t->chal_us.challenge = malloc(size);
1148 if (t->chal_us.challenge == NULL)
1149 {
1150 return -ENOMEM;
1151 }
1152 bcopy (&raw[3].s, (t->chal_us.challenge), size);
1153 t->chal_us.chal_len = size;
1154 t->chal_us.state = STATE_CHALLENGED;
1155 if (gconfig.debug_avp)
1156 {
1157 l2tp_log (LOG_DEBUG, "%s: challenge avp found\n", __FUNCTION__);
1158 }
1159 return 0;
1160 }
1161
1162 int chalresp_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1163 {
1164 /*
1165 * We are sent a challenge
1166 */
1167 struct unaligned_u16 *raw = data;
1168 int size;
1169 #ifdef SANITY
1170 if (t->sanity)
1171 {
1172 switch (c->msgtype)
1173 {
1174 case SCCRP:
1175 case SCCCN:
1176 break;
1177 default:
1178 if (DEBUG)
1179 l2tp_log (LOG_DEBUG,
1180 "%s: challenge response not appropriate for message %s. Ignoring.\n",
1181 __FUNCTION__, msgtypes[c->msgtype]);
1182 return 0;
1183 }
1184 if (datalen < 6)
1185 {
1186 if (DEBUG)
1187 l2tp_log (LOG_DEBUG,
1188 "%s: avp is too small. %d < 6\n", __FUNCTION__,
1189 datalen);
1190 wrong_length (c, "challenge", 6, datalen, 1);
1191 return -EINVAL;
1192 }
1193 }
1194 #endif
1195 size = raw[0].s & 0x03FF;
1196 size -= sizeof (struct avp_hdr);
1197 if (size != MD_SIG_SIZE)
1198 {
1199 l2tp_log (LOG_DEBUG, "%s: Challenge is not the right length (%d != %d)\n",
1200 __FUNCTION__, size, MD_SIG_SIZE);
1201 return -EINVAL;
1202 }
1203
1204 bcopy (&raw[3].s, t->chal_them.reply, MD_SIG_SIZE);
1205 if (gconfig.debug_avp)
1206 {
1207 l2tp_log (LOG_DEBUG, "%s: Challenge reply found\n", __FUNCTION__);
1208 }
1209 return 0;
1210 }
1211
1212 int assigned_tunnel_avp (struct tunnel *t, struct call *c, void *data,
1213 int datalen)
1214 {
1215 /*
1216 * What is their TID that we must use from now on?
1217 */
1218 struct unaligned_u16 *raw = data;
1219
1220 #ifdef SANITY
1221 if (t->sanity)
1222 {
1223 switch (c->msgtype)
1224 {
1225 case SCCRP:
1226 case SCCRQ:
1227 case StopCCN:
1228 break;
1229 default:
1230 if (DEBUG)
1231 l2tp_log (LOG_DEBUG,
1232 "%s: tunnel ID not appropriate for message %s. Ignoring.\n",
1233 __FUNCTION__, msgtypes[c->msgtype]);
1234 return 0;
1235 }
1236 if (datalen != 8)
1237 {
1238 if (DEBUG)
1239 l2tp_log (LOG_DEBUG,
1240 "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
1241 datalen);
1242 wrong_length (c, "Assigned Tunnel ID", 8, datalen, 0);
1243 return -EINVAL;
1244 }
1245 }
1246 #endif
1247 if (c->msgtype == StopCCN)
1248 {
1249 t->qtid = ntohs (raw[3].s);
1250 }
1251 else
1252 {
1253 t->tid = ntohs (raw[3].s);
1254 }
1255 if (gconfig.debug_avp)
1256 {
1257 if (DEBUG)
1258 l2tp_log (LOG_DEBUG,
1259 "%s: using peer's tunnel %d\n", __FUNCTION__,
1260 ntohs (raw[3].s));
1261 }
1262 return 0;
1263 }
1264
1265 int assigned_call_avp (struct tunnel *t, struct call *c, void *data,
1266 int datalen)
1267 {
1268 /*
1269 * What is their CID that we must use from now on?
1270 */
1271 struct unaligned_u16 *raw = data;
1272
1273 #ifdef SANITY
1274 if (t->sanity)
1275 {
1276 switch (c->msgtype)
1277 {
1278 case CDN:
1279 case ICRP:
1280 case ICRQ:
1281 case OCRP: /* jz: deleting the debug message */
1282 break;
1283 case OCRQ:
1284 default:
1285 if (DEBUG)
1286 l2tp_log (LOG_DEBUG,
1287 "%s: call ID not appropriate for message %s. Ignoring.\n",
1288 __FUNCTION__, msgtypes[c->msgtype]);
1289 return 0;
1290 }
1291 if (datalen != 8)
1292 {
1293 if (DEBUG)
1294 l2tp_log (LOG_DEBUG,
1295 "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
1296 datalen);
1297 wrong_length (c, "Assigned Call ID", 8, datalen, 0);
1298 return -EINVAL;
1299 }
1300 }
1301 #endif
1302 if (c->msgtype == CDN)
1303 {
1304 c->qcid = ntohs (raw[3].s);
1305 }
1306 else if (c->msgtype == ICRQ)
1307 {
1308 t->call_head->cid = ntohs (raw[3].s);
1309 }
1310 else if (c->msgtype == ICRP)
1311 {
1312 c->cid = ntohs (raw[3].s);
1313 }
1314 else if (c->msgtype == OCRP)
1315 { /* jz: copy callid to c->cid */
1316 c->cid = ntohs (raw[3].s);
1317 }
1318 else
1319 {
1320 l2tp_log (LOG_DEBUG, "%s: Dunno what to do when it's state %s!\n",
1321 __FUNCTION__, msgtypes[c->msgtype]);
1322 }
1323 if (gconfig.debug_avp)
1324 {
1325 if (DEBUG)
1326 l2tp_log (LOG_DEBUG,
1327 "%s: using peer's call %d\n", __FUNCTION__, ntohs (raw[3].s));
1328 }
1329 return 0;
1330 }
1331
1332 int packet_delay_avp (struct tunnel *t, struct call *c, void *data,
1333 int datalen)
1334 {
1335 /*
1336 * What is their CID that we must use from now on?
1337 */
1338 struct unaligned_u16 *raw = data;
1339
1340 #ifdef SANITY
1341 if (t->sanity)
1342 {
1343 switch (c->msgtype)
1344 {
1345 case ICRP:
1346 case OCRQ:
1347 case ICCN:
1348 case OCRP:
1349 case OCCN:
1350 break;
1351 default:
1352 if (DEBUG)
1353 l2tp_log (LOG_DEBUG,
1354 "%s: packet delay not appropriate for message %s. Ignoring.\n",
1355 __FUNCTION__, msgtypes[c->msgtype]);
1356 return 0;
1357 }
1358 if (datalen != 8)
1359 {
1360 if (DEBUG)
1361 l2tp_log (LOG_DEBUG,
1362 "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
1363 datalen);
1364 wrong_length (c, "Assigned Call ID", 8, datalen, 0);
1365 return -EINVAL;
1366 }
1367 }
1368 #endif
1369 c->ppd = ntohs (raw[3].s);
1370 if (gconfig.debug_avp)
1371 {
1372 if (DEBUG)
1373 l2tp_log (LOG_DEBUG,
1374 "%s: peer's delay is %d 1/10's of a second\n", __FUNCTION__,
1375 ntohs (raw[3].s));
1376 }
1377 return 0;
1378 }
1379
1380 int call_serno_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1381 {
1382 /*
1383 * What is the serial number of the call?
1384 */
1385 struct unaligned_u16 *raw = data;
1386
1387 #ifdef SANITY
1388 if (t->sanity)
1389 {
1390 switch (c->msgtype)
1391 {
1392 case ICRQ:
1393 case OCRQ:
1394 break;
1395 default:
1396 if (DEBUG)
1397 l2tp_log (LOG_DEBUG,
1398 "%s: call ID not appropriate for message %s. Ignoring.\n",
1399 __FUNCTION__, msgtypes[c->msgtype]);
1400 return 0;
1401 }
1402 if (datalen != 10)
1403 {
1404 #ifdef STRICT
1405 if (DEBUG)
1406 l2tp_log (LOG_DEBUG,
1407 "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
1408 datalen);
1409 wrong_length (c, "Serial Number", 10, datalen, 0);
1410 return -EINVAL;
1411 #else
1412 l2tp_log (LOG_DEBUG,
1413 "%s: peer is using old style serial number. Will be invalid.\n",
1414 __FUNCTION__);
1415 #endif
1416
1417 }
1418 }
1419 #endif
1420 t->call_head->serno = (((unsigned int) ntohs (raw[3].s)) << 16) |
1421 ((unsigned int) ntohs (raw[4].s));
1422 if (gconfig.debug_avp)
1423 {
1424 if (DEBUG)
1425 l2tp_log (LOG_DEBUG,
1426 "%s: serial number is %d\n", __FUNCTION__,
1427 t->call_head->serno);
1428 }
1429 return 0;
1430 }
1431
1432 int rx_speed_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1433 {
1434 /*
1435 * What is the received baud rate of the call?
1436 */
1437 struct unaligned_u16 *raw = data;
1438
1439 #ifdef SANITY
1440 if (t->sanity)
1441 {
1442 switch (c->msgtype)
1443 {
1444 case ICCN:
1445 case OCCN:
1446 case OCRP:
1447 break;
1448 default:
1449 if (DEBUG)
1450 l2tp_log (LOG_DEBUG,
1451 "%s: rx connect speed not appropriate for message %s. Ignoring.\n",
1452 __FUNCTION__, msgtypes[c->msgtype]);
1453 return 0;
1454 }
1455 if (datalen != 10)
1456 {
1457 if (DEBUG)
1458 l2tp_log (LOG_DEBUG,
1459 "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
1460 datalen);
1461 wrong_length (c, "Connect Speed (RX)", 10, datalen, 0);
1462 return -EINVAL;
1463 }
1464 }
1465 #endif
1466 c->rxspeed = (((unsigned int) ntohs (raw[3].s)) << 16) |
1467 ((unsigned int) ntohs (raw[4].s));
1468 if (gconfig.debug_avp)
1469 {
1470 if (DEBUG)
1471 l2tp_log (LOG_DEBUG,
1472 "%s: receive baud rate is %d\n", __FUNCTION__, c->rxspeed);
1473 }
1474 return 0;
1475 }
1476
1477 int tx_speed_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1478 {
1479 /*
1480 * What is the tranmsit baud rate of the call?
1481 */
1482 struct unaligned_u16 *raw = data;
1483
1484 #ifdef SANITY
1485 if (t->sanity)
1486 {
1487 switch (c->msgtype)
1488 {
1489 case ICCN:
1490 case OCCN:
1491 case OCRP:
1492 break;
1493 default:
1494 if (DEBUG)
1495 l2tp_log (LOG_DEBUG,
1496 "%s: tx connect speed not appropriate for message %s. Ignoring.\n",
1497 __FUNCTION__, msgtypes[c->msgtype]);
1498 return 0;
1499 }
1500 if (datalen != 10)
1501 {
1502 if (DEBUG)
1503 l2tp_log (LOG_DEBUG,
1504 "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
1505 datalen);
1506 wrong_length (c, "Connect Speed (tx)", 10, datalen, 0);
1507 return -EINVAL;
1508 }
1509 }
1510 #endif
1511 c->txspeed = (((unsigned int) ntohs (raw[3].s)) << 16) |
1512 ((unsigned int) ntohs (raw[4].s));
1513 if (gconfig.debug_avp)
1514 {
1515 if (DEBUG)
1516 l2tp_log (LOG_DEBUG,
1517 "%s: transmit baud rate is %d\n", __FUNCTION__, c->txspeed);
1518 }
1519 return 0;
1520 }
1521 int call_physchan_avp (struct tunnel *t, struct call *c, void *data,
1522 int datalen)
1523 {
1524 /*
1525 * What is the physical channel?
1526 */
1527 struct unaligned_u16 *raw = data;
1528
1529 #ifdef SANITY
1530 if (t->sanity)
1531 {
1532 switch (c->msgtype)
1533 {
1534 case ICRQ:
1535 case OCRQ:
1536 case OCRP:
1537 case OCCN:
1538 break;
1539 default:
1540 if (DEBUG)
1541 l2tp_log (LOG_DEBUG,
1542 "%s: physical channel not appropriate for message %s. Ignoring.\n",
1543 __FUNCTION__, msgtypes[c->msgtype]);
1544 return 0;
1545 }
1546 if (datalen != 10)
1547 {
1548 if (DEBUG)
1549 l2tp_log (LOG_DEBUG,
1550 "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
1551 datalen);
1552 wrong_length (c, "Physical Channel", 10, datalen, 0);
1553 return -EINVAL;
1554 }
1555 }
1556 #endif
1557 t->call_head->physchan = (((unsigned int) ntohs (raw[3].s)) << 16) |
1558 ((unsigned int) ntohs (raw[4].s));
1559 if (gconfig.debug_avp)
1560 {
1561 if (DEBUG)
1562 l2tp_log (LOG_DEBUG,
1563 "%s: physical channel is %d\n", __FUNCTION__,
1564 t->call_head->physchan);
1565 }
1566 return 0;
1567 }
1568
1569 int receive_window_size_avp (struct tunnel *t, struct call *c, void *data,
1570 int datalen)
1571 {
1572 /*
1573 * What is their RWS?
1574 */
1575 struct unaligned_u16 *raw = data;
1576
1577 #ifdef SANITY
1578 if (t->sanity)
1579 {
1580 switch (c->msgtype)
1581 {
1582 case SCCRP:
1583 case SCCRQ:
1584 case OCRP: /* jz */
1585 case OCCN: /* jz */
1586 case StopCCN:
1587 /* case ICRP:
1588 case ICCN: */
1589 break;
1590 default:
1591 if (DEBUG)
1592 l2tp_log (LOG_DEBUG,
1593 "%s: RWS not appropriate for message %s. Ignoring.\n",
1594 __FUNCTION__, msgtypes[c->msgtype]);
1595 return 0;
1596 }
1597 if (datalen != 8)
1598 {
1599 if (DEBUG)
1600 l2tp_log (LOG_DEBUG,
1601 "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
1602 datalen);
1603 wrong_length (c, "Receive Window Size", 8, datalen, 0);
1604 return -EINVAL;
1605 }
1606 }
1607 #endif
1608 t->rws = ntohs (raw[3].s);
1609 /* if (c->rws >= 0)
1610 c->fbit = FBIT; */
1611 if (gconfig.debug_avp)
1612 {
1613 if (DEBUG)
1614 l2tp_log (LOG_DEBUG,
1615 "%s: peer wants RWS of %d. Will use flow control.\n",
1616 __FUNCTION__, t->rws);
1617 }
1618 return 0;
1619 }
1620
1621
1622 int handle_avps (struct buffer *buf, struct tunnel *t, struct call *c)
1623 {
1624 /*
1625 * buf's start should point to the beginning of a packet. We assume it's
1626 * a valid packet and has had check_control done to it, so no error
1627 * checking is done at this point.
1628 */
1629
1630 struct avp_hdr *avp;
1631 int len = buf->len - sizeof (struct control_hdr);
1632 int firstavp = -1;
1633 int hidlen = 0;
1634 char *data = buf->start + sizeof (struct control_hdr);
1635 avp = (struct avp_hdr *) data;
1636 if (gconfig.debug_avp)
1637 l2tp_log (LOG_DEBUG, "%s: handling avp's for tunnel %d, call %d\n",
1638 __FUNCTION__, t->ourtid, c->ourcid);
1639 while (len > 0)
1640 {
1641 /* Go ahead and byte-swap the header */
1642 swaps (avp, sizeof (struct avp_hdr));
1643 if (avp->attr > AVP_MAX)
1644 {
1645 if (AMBIT (avp->length))
1646 {
1647 l2tp_log (LOG_WARNING,
1648 "%s: don't know how to handle mandatory attribute %d. Closing %s.\n",
1649 __FUNCTION__, avp->attr,
1650 (c != t->self) ? "call" : "tunnel");
1651 set_error (c, VENDOR_ERROR,
1652 "mandatory attribute %d cannot be handled",
1653 avp->attr);
1654 c->needclose = -1;
1655 return -EINVAL;
1656 }
1657 else
1658 {
1659 if (DEBUG)
1660 l2tp_log (LOG_WARNING,
1661 "%s: don't know how to handle atribute %d.\n",
1662 __FUNCTION__, avp->attr);
1663 goto next;
1664 }
1665 }
1666 if (ALENGTH (avp->length) > len)
1667 {
1668 l2tp_log (LOG_WARNING,
1669 "%s: AVP received with length > remaining packet length!\n",
1670 __FUNCTION__);
1671 set_error (c, ERROR_LENGTH, "Invalid AVP length");
1672 c->needclose = -1;
1673 return -EINVAL;
1674 }
1675 if (avp->attr && firstavp)
1676 {
1677 l2tp_log (LOG_WARNING, "%s: First AVP was not message type.\n",
1678 __FUNCTION__);
1679 set_error (c, VENDOR_ERROR, "First AVP must be message type");
1680 c->needclose = -1;
1681 return -EINVAL;
1682 }
1683 if (ALENGTH (avp->length) < sizeof (struct avp_hdr))
1684 {
1685 l2tp_log (LOG_WARNING, "%s: AVP with too small of size (%d).\n",
1686 __FUNCTION__, ALENGTH (avp->length));
1687 set_error (c, ERROR_LENGTH, "AVP too small");
1688 c->needclose = -1;
1689 return -EINVAL;
1690 }
1691 if (AZBITS (avp->length))
1692 {
1693 l2tp_log (LOG_WARNING, "%s: %sAVP has reserved bits set.\n", __FUNCTION__,
1694 AMBIT (avp->length) ? "Mandatory " : "");
1695 if (AMBIT (avp->length))
1696 {
1697 set_error (c, ERROR_RESERVED, "reserved bits set in AVP");
1698 c->needclose = -1;
1699 return -EINVAL;
1700 }
1701 goto next;
1702 }
1703 if (AHBIT (avp->length))
1704 {
1705 #ifdef DEBUG_HIDDEN
1706 l2tp_log (LOG_DEBUG, "%s: Hidden bit set on AVP.\n", __FUNCTION__);
1707 #endif
1708 /* We want to rewrite the AVP as an unhidden AVP
1709 and then pass it along as normal. Remeber how
1710 long the AVP was in the first place though! */
1711 hidlen = avp->length;
1712 if (decrypt_avp (data, t))
1713 {
1714 if (gconfig.debug_avp)
1715 l2tp_log (LOG_WARNING, "%s: Unable to handle hidden %sAVP\n:",
1716 __FUNCTION__,
1717 (AMBIT (avp->length) ? "mandatory " : ""));
1718 if (AMBIT (avp->length))
1719 {
1720 set_error (c, VENDOR_ERROR, "Invalid Hidden AVP");
1721 c->needclose = -1;
1722 return -EINVAL;
1723 }
1724 goto next;
1725 };
1726 len -= 2;
1727 hidlen -= 2;
1728 data += 2;
1729 avp = (struct avp_hdr *) data;
1730 /* Now we should look like a normal AVP */
1731 }
1732 else
1733 hidlen = 0;
1734 if (avps[avp->attr].handler)
1735 {
1736 if (avps[avp->attr].handler (t, c, avp, ALENGTH (avp->length)))
1737 {
1738 if (AMBIT (avp->length))
1739 {
1740 l2tp_log (LOG_WARNING,
1741 "%s: Bad exit status handling attribute %d (%s) on mandatory packet.\n",
1742 __FUNCTION__, avp->attr,
1743 avps[avp->attr].description);
1744 c->needclose = -1;
1745 return -EINVAL;
1746 }
1747 else
1748 {
1749 if (DEBUG)
1750 l2tp_log (LOG_DEBUG,
1751 "%s: Bad exit status handling attribute %d (%s).\n",
1752 __FUNCTION__, avp->attr,
1753 avps[avp->attr].description);
1754 }
1755 }
1756 }
1757 else
1758 {
1759 if (AMBIT (avp->length))
1760 {
1761 l2tp_log (LOG_WARNING,
1762 "%s: No handler for mandatory attribute %d (%s). Closing %s.\n",
1763 __FUNCTION__, avp->attr, avps[avp->attr].description,
1764 (c != t->self) ? "call" : "tunnel");
1765 set_error (c, VENDOR_ERROR, "No handler for attr %d (%s)\n",
1766 avp->attr, avps[avp->attr].description);
1767 return -EINVAL;
1768 }
1769 else
1770 {
1771 if (DEBUG)
1772 l2tp_log (LOG_WARNING, "%s: no handler for atribute %d (%s).\n",
1773 __FUNCTION__, avp->attr,
1774 avps[avp->attr].description);
1775 }
1776 }
1777 next:
1778 if (hidlen)
1779 {
1780 /* Skip over the complete length of the hidden AVP */
1781 len -= ALENGTH (hidlen);
1782 data += ALENGTH (hidlen);
1783 }
1784 else
1785 {
1786 len -= ALENGTH (avp->length);
1787 data += ALENGTH (avp->length); /* Next AVP, please */
1788 }
1789 avp = (struct avp_hdr *) data;
1790 firstavp = 0;
1791 }
1792 if (len != 0)
1793 {
1794 l2tp_log (LOG_WARNING, "%s: negative overall packet length\n", __FUNCTION__);
1795 return -EINVAL;
1796 }
1797 return 0;
1798 }