search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HACK: pinfo->private_data points to smb_info again
[wireshark-wip.git] / epan / dissectors / packet-l2tp.c
blob06976336a2cce0383127365b73703f0ccb09fb63
1 /* packet-l2tp.c
2 * Routines for Layer Two Tunnelling Protocol (L2TP) packet disassembly
3 * John Thomes <john@ensemblecom.com>
4 *
5 * Minor changes by: (2000-01-10)
6 * Laurent Cazalet <laurent.cazalet@mailclub.net>
7 * Thomas Parvais <thomas.parvais@advalvas.be>
8 *
9 * $Id$
10 *
11 * Wireshark - Network traffic analyzer
12 * By Gerald Combs <gerald@wireshark.org>
13 * Copyright 1998 Gerald Combs
14 *
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
19 *
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 */
29
30 /*
31 * RFC 2661 for L2TPv2
32 * http://tools.ietf.org/html/rfc2661
33 *
34 * RFC 3931 for L2TPv3
35 * http://tools.ietf.org/html/rfc3931
36 *
37 * Layer Two Tunneling Protocol "L2TP" number assignments:
38 * http://www.iana.org/assignments/l2tp-parameters
39 *
40 * Pseudowire types:
41 *
42 * RFC 4591 for Frame Relay
43 * http://tools.ietf.org/html/rfc4591
44 *
45 * RFC 4454 for ATM
46 * http://tools.ietf.org/html/rfc4454
47 *
48 * RFC 4719 for Ethernet
49 * http://tools.ietf.org/html/rfc4719
50 *
51 * RFC 4349 for HDLC
52 * http://tools.ietf.org/html/rfc4349
53 *
54 * XXX - what about LAPD?
55 */
56
57 #include "config.h"
58
59 #include <glib.h>
60
61 #include <wsutil/md5.h>
62 #include <wsutil/sha1.h>
63
64 #include <epan/packet.h>
65 #include <epan/addr_resolv.h>
66 #include <epan/ipproto.h>
67 #include <epan/sminmpec.h>
68 #include <epan/prefs.h>
69 #include <epan/conversation.h>
70 #include <epan/expert.h>
71 #include <epan/proto.h>
72 #include <epan/wmem/wmem.h>
73
74 #include "packet-l2tp.h"
75
76 static int proto_l2tp = -1;
77 static int hf_l2tp_type = -1;
78 static int hf_l2tp_length_bit = -1;
79 static int hf_l2tp_seq_bit = -1;
80 static int hf_l2tp_offset_bit = -1;
81 static int hf_l2tp_priority = -1;
82 static int hf_l2tp_version = -1;
83 static int hf_l2tp_length = -1;
84 static int hf_l2tp_tunnel = -1;
85 static int hf_l2tp_session = -1;
86 static int hf_l2tp_Ns = -1;
87 static int hf_l2tp_Nr = -1;
88 static int hf_l2tp_offset = -1;
89 static int hf_l2tp_avp_mandatory = -1;
90 static int hf_l2tp_avp_hidden = -1;
91 static int hf_l2tp_avp_length = -1;
92 static int hf_l2tp_avp_vendor_id = -1;
93 static int hf_l2tp_avp_type = -1;
94 static int hf_l2tp_tie_breaker = -1;
95 static int hf_l2tp_sid = -1;
96 static int hf_l2tp_res = -1;
97 static int hf_l2tp_ccid = -1;
98 static int hf_l2tp_cookie = -1;
99 static int hf_l2tp_l2_spec_def = -1;
100 static int hf_l2tp_l2_spec_atm = -1;
101 static int hf_l2tp_l2_spec_docsis_dmpt = -1;
102 static int hf_l2tp_l2_spec_v = -1;
103 static int hf_l2tp_l2_spec_s = -1;
104 static int hf_l2tp_l2_spec_flow_id = -1;
105 static int hf_l2tp_l2_spec_sequence = -1;
106 static int hf_l2tp_l2_spec_t = -1;
107 static int hf_l2tp_l2_spec_g = -1;
108 static int hf_l2tp_l2_spec_c = -1;
109 static int hf_l2tp_l2_spec_u = -1;
110 static int hf_l2tp_cisco_avp_type = -1;
111 static int hf_l2tp_cablelabs_avp_type = -1;
112 static int hf_l2tp_avp_message_type = -1;
113 static int hf_l2tp_avp_assigned_tunnel_id = -1;
114 static int hf_l2tp_avp_assigned_control_conn_id = -1;
115 static int hf_l2tp_avp_assigned_session_id = -1;
116 static int hf_l2tp_avp_remote_session_id = -1;
117 static int hf_l2tp_avp_local_session_id = -1;
118 static int hf_l2tp_avp_called_number = -1;
119 static int hf_l2tp_avp_calling_number = -1;
120 static int hf_l2tp_cisco_tie_breaker = -1;
121 static int hf_l2tp_cablel_avp_l_bit = -1;
122 static int hf_l2tp_cablel_avp_tsid_group_id = -1;
123 static int hf_l2tp_cablel_avp_frequency = -1;
124 static int hf_l2tp_cablel_avp_modulation = -1;
125 static int hf_l2tp_cablel_avp_m = -1;
126 static int hf_l2tp_cablel_avp_n = -1;
127
128 /* Generated from convert_proto_tree_add_text.pl */
129 static int hf_l2tp_cisco_pw_type = -1;
130 static int hf_l2tp_avp_error_code = -1;
131 static int hf_l2tp_avp_cause_msg = -1;
132 static int hf_l2tp_avp_host_name = -1;
133 static int hf_l2tp_avp_maximum_bps = -1;
134 static int hf_l2tp_avp_pseudowire_type = -1;
135 static int hf_l2tp_avp_minimum_bps = -1;
136 static int hf_l2tp_avp_nonce = -1;
137 static int hf_l2tp_avp_circuit_status = -1;
138 static int hf_l2tp_avp_receive_window_size = -1;
139 static int hf_l2tp_avp_vendor_name = -1;
140 static int hf_l2tp_avp_layer2_specific_sublayer = -1;
141 static int hf_l2tp_avp_disconnect_code = -1;
142 static int hf_l2tp_cisco_circuit_status = -1;
143 static int hf_l2tp_cisco_remote_session_id = -1;
144 static int hf_l2tp_avp_router_id = -1;
145 static int hf_l2tp_avp_send_accm = -1;
146 static int hf_l2tp_avp_last_sent_lcp_confreq = -1;
147 static int hf_l2tp_avp_sync_framing_supported = -1;
148 static int hf_l2tp_cisco_assigned_control_connection_id = -1;
149 static int hf_l2tp_avp_sync_framing_type = -1;
150 static int hf_l2tp_avp_assigned_cookie = -1;
151 static int hf_l2tp_avp_time_out_errors = -1;
152 static int hf_l2tp_avp_sub_address = -1;
153 static int hf_l2tp_avp_connect_speed = -1;
154 static int hf_l2tp_avp_analog_access_supported = -1;
155 static int hf_l2tp_avp_private_group_id = -1;
156 static int hf_l2tp_avp_proxy_authen_response = -1;
157 static int hf_l2tp_avp_chap_challenge = -1;
158 static int hf_l2tp_avp_call_serial_number = -1;
159 static int hf_l2tp_avp_digital_access_supported = -1;
160 static int hf_l2tp_avp_physical_channel = -1;
161 static int hf_l2tp_avp_advisory_msg = -1;
162 static int hf_l2tp_avp_data_sequencing = -1;
163 static int hf_l2tp_avp_control_protocol_number = -1;
164 static int hf_l2tp_avp_error_message = -1;
165 static int hf_l2tp_avp_initial_received_lcp_confreq = -1;
166 static int hf_l2tp_avp_async_framing_supported = -1;
167 static int hf_l2tp_cisco_message_digest = -1;
168 static int hf_l2tp_avp_circuit_type = -1;
169 static int hf_l2tp_cisco_circuit_type = -1;
170 static int hf_l2tp_avp_proxy_authen_challenge = -1;
171 static int hf_l2tp_cisco_assigned_cookie = -1;
172 static int hf_l2tp_avp_receive_accm = -1;
173 static int hf_l2tp_stop_ccn_result_code = -1;
174 static int hf_l2tp_avp_proxy_authen_id = -1;
175 static int hf_l2tp_avp_digital_bearer_type = -1;
176 static int hf_l2tp_avp_rx_connect_speed = -1;
177 static int hf_l2tp_cisco_nonce = -1;
178 static int hf_l2tp_avp_chap_challenge_response = -1;
179 static int hf_l2tp_avp_cause_code = -1;
180 static int hf_l2tp_avp_protocol_revision = -1;
181 static int hf_l2tp_avp_alignment_errors = -1;
182 static int hf_l2tp_avp_last_received_lcp_confreq = -1;
183 static int hf_l2tp_avp_crc_errors = -1;
184 static int hf_l2tp_avp_random_vector = -1;
185 static int hf_l2tp_avp_preferred_language = -1;
186 static int hf_l2tp_cisco_interface_mtu = -1;
187 static int hf_l2tp_avp_async_framing_type = -1;
188 static int hf_l2tp_avp_pw_type = -1;
189 static int hf_l2tp_cisco_local_session_id = -1;
190 static int hf_l2tp_avp_hardware_overruns = -1;
191 static int hf_l2tp_avp_proxy_authen_type = -1;
192 static int hf_l2tp_cisco_draft_avp_version = -1;
193 static int hf_l2tp_avp_protocol_version = -1;
194 static int hf_l2tp_result_code = -1;
195 static int hf_l2tp_avp_buffer_overruns = -1;
196 static int hf_l2tp_avp_remote_end_id = -1;
197 static int hf_l2tp_cisco_pseudowire_type = -1;
198 static int hf_l2tp_avp_message_digest = -1;
199 static int hf_l2tp_avp_proxy_authen_name = -1;
200 static int hf_l2tp_avp_analog_bearer_type = -1;
201 static int hf_l2tp_avp_cause_code_direction = -1;
202 static int hf_l2tp_avp_firmware_revision = -1;
203 static int hf_l2tp_avp_cause_code_message = -1;
204 static int hf_l2tp_avp_framing_errors = -1;
205 static int hf_l2tp_cisco_remote_end_id = -1;
206 static int hf_l2tp_avp_tx_connect_speed_v3 = -1;
207 static int hf_l2tp_avp_rx_connect_speed_v3 = -1;
208
209 static dissector_table_t l2tp_vendor_avp_dissector_table;
210
211 #define UDP_PORT_L2TP 1701
212
213 #define CONTROL_BIT(msg_info) (msg_info & 0x8000) /* Type bit control = 1 data = 0 */
214 #define LENGTH_BIT(msg_info) (msg_info & 0x4000) /* Length bit = 1 */
215 #define RESERVE_BITS(msg_info) (msg_info &0x37F8) /* Reserved bit - usused */
216 #define SEQUENCE_BIT(msg_info) (msg_info & 0x0800) /* SEQUENCE bit = 1 Ns and Nr fields */
217 #define OFFSET_BIT(msg_info) (msg_info & 0x0200) /* Offset */
218 #define PRIORITY_BIT(msg_info) (msg_info & 0x0100) /* Priority */
219 #define L2TP_VERSION(msg_info) (msg_info & 0x000f) /* Version of l2tp */
220 #define MANDATORY_BIT(msg_info) (msg_info & 0x8000) /* Mandatory = 1 */
221 #define HIDDEN_BIT(msg_info) (msg_info & 0x4000) /* Hidden = 1 */
222 #define AVP_LENGTH(msg_info) (msg_info & 0x03ff) /* AVP Length */
223 #define FRAMING_SYNC(msg_info) (msg_info & 0x0001) /* SYNC Framing Type */
224 #define FRAMING_ASYNC(msg_info) (msg_info & 0x0002) /* ASYNC Framing Type */
225 #define BEARER_DIGITAL(msg_info) (msg_info & 0x0001) /* Digital Bearer Type */
226 #define BEARER_ANALOG(msg_info) (msg_info & 0x0002) /* Analog Bearer Type */
227 #define CIRCUIT_STATUS_BIT(msg_info) (msg_info & 0x0001) /* Circuit Status */
228 #define CIRCUIT_TYPE_BIT(msg_info) (msg_info & 0x0001) /* Circuit Condition */
229
230 /* DOCSIS DMPT Sub-Layer Header definitions */
231 #define FLOW_ID_MASK 0x0E
232
233 static gint ett_l2tp = -1;
234 static gint ett_l2tp_ctrl = -1;
235 static gint ett_l2tp_avp = -1;
236 static gint ett_l2tp_avp_sub = -1;
237 static gint ett_l2tp_lcp = -1;
238 static gint ett_l2tp_l2_spec = -1;
239
240 static expert_field ei_l2tp_incorrect_digest = EI_INIT;
241
242 static const enum_val_t l2tpv3_cookies[] = {
243 {"detect", "Detect", -1},
244 {"cookie0", "None", 0},
245 {"cookie4", "4 Byte Cookie", 4},
246 {"cookie8", "8 Byte Cookie", 8},
247 {NULL, NULL, 0}
248 };
249
250 #define L2TPv3_COOKIE_DEFAULT 0
251
252 #define L2TPv3_PROTOCOL_ETH 0
253 #define L2TPv3_PROTOCOL_CHDLC 1
254 #define L2TPv3_PROTOCOL_FR 2
255 #define L2TPv3_PROTOCOL_PPP 3
256 #define L2TPv3_PROTOCOL_IP 4
257 #define L2TPv3_PROTOCOL_MPLS 5
258 #define L2TPv3_PROTOCOL_AAL5 6
259 #define L2TPv3_PROTOCOL_LAPD 7
260 #define L2TPv3_PROTOCOL_DOCSIS_DMPT 8
261 #define L2TPv3_PROTOCOL_ERICSSON 9
262 #define L2TPv3_PROTOCOL_MAX (L2TPv3_PROTOCOL_ERICSSON + 1)
263
264 #define L2TPv3_PROTOCOL_DEFAULT L2TPv3_PROTOCOL_CHDLC
265
266 static const enum_val_t l2tpv3_protocols[] = {
267 {"detect", "Detect", -1},
268 {"eth", "Ethernet", L2TPv3_PROTOCOL_ETH},
269 {"chdlc", "Cisco HDLC", L2TPv3_PROTOCOL_CHDLC},
270 {"fr", "Frame Relay", L2TPv3_PROTOCOL_FR},
271 {"ppp", "PPP", L2TPv3_PROTOCOL_PPP},
272 {"ip", "IP", L2TPv3_PROTOCOL_IP},
273 {"mpls", "MPLS", L2TPv3_PROTOCOL_MPLS},
274 {"aal5", "AAL5", L2TPv3_PROTOCOL_AAL5},
275 {"lapd", "LAPD", L2TPv3_PROTOCOL_LAPD},
276 {"docsis-dmpt", "DOCSIS-DMPT", L2TPv3_PROTOCOL_DOCSIS_DMPT},
277 {"ehdlc", "Ericsson HDLC", L2TPv3_PROTOCOL_ERICSSON},
278 {NULL, NULL, 0}
279 };
280
281 #define L2TPv3_L2_SPECIFIC_NONE 0
282 #define L2TPv3_L2_SPECIFIC_DEFAULT 1
283 #define L2TPv3_L2_SPECIFIC_ATM 2
284 #define L2TPv3_L2_SPECIFIC_LAPD 3
285 #define L2TPv3_L2_SPECIFIC_DOCSIS_DMPT 4
286 #define L2TPv3_L2_SPECIFIC_MAX (L2TPv3_L2_SPECIFIC_DOCSIS_DMPT + 1)
287
288 static const enum_val_t l2tpv3_l2_specifics[] = {
289 {"detect", "Detect", -1},
290 {"none", "None", L2TPv3_L2_SPECIFIC_NONE},
291 {"default", "Default L2-Specific", L2TPv3_L2_SPECIFIC_DEFAULT},
292 {"atm", "ATM-Specific", L2TPv3_L2_SPECIFIC_ATM},
293 {"lapd", "LAPD-Specific", L2TPv3_L2_SPECIFIC_LAPD},
294 {"dmpt", "DOCSIS DMPT-Specific", L2TPv3_L2_SPECIFIC_DOCSIS_DMPT},
295 {NULL, NULL, 0}
296 };
297
298 static gint l2tpv3_cookie = -1;
299 static gint l2tpv3_protocol = -1;
300 static gint l2tpv3_l2_specific = -1;
301
302 #define MESSAGE_TYPE_SCCRQ 1
303 #define MESSAGE_TYPE_SCCRP 2
304 #define MESSAGE_TYPE_SCCCN 3
305 #define MESSAGE_TYPE_StopCCN 4
306 #define MESSAGE_TYPE_Reserved_5 5
307 #define MESSAGE_TYPE_HELLO 6
308 #define MESSAGE_TYPE_OCRQ 7
309 #define MESSAGE_TYPE_OCRP 8
310 #define MESSAGE_TYPE_OCCN 9
311 #define MESSAGE_TYPE_ICRQ 10
312 #define MESSAGE_TYPE_ICRP 11
313 #define MESSAGE_TYPE_ICCN 12
314 #define MESSAGE_TYPE_Reserved_13 13
315 #define MESSAGE_TYPE_CDN 14
316 #define MESSAGE_TYPE_WEN 15
317 #define MESSAGE_TYPE_SLI 16
318 #define MESSAGE_TYPE_MDMST 17
319 #define MESSAGE_TYPE_SRRQ 18
320 #define MESSAGE_TYPE_SRRP 19
321 #define MESSAGE_TYPE_ACK 20
322 #define MESSAGE_TYPE_FSQ 21
323 #define MESSAGE_TYPE_FSR 22
324 #define MESSAGE_TYPE_MSRQ 23
325 #define MESSAGE_TYPE_MSRP 24
326 #define MESSAGE_TYPE_MSE 25
327 #define MESSAGE_TYPE_MSI 26
328 #define MESSAGE_TYPE_MSEN 27
329
330 static const value_string message_type_vals[] = {
331 { MESSAGE_TYPE_SCCRQ, "Start_Control_Request" },
332 { MESSAGE_TYPE_SCCRP, "Start_Control_Reply" },
333 { MESSAGE_TYPE_SCCCN, "Start_Control_Connected" },
334 { MESSAGE_TYPE_StopCCN, "Stop_Control_Notification" },
335 { MESSAGE_TYPE_Reserved_5, "Reserved" },
336 { MESSAGE_TYPE_HELLO, "Hello" },
337 { MESSAGE_TYPE_OCRQ, "Outgoing_Call_Request" },
338 { MESSAGE_TYPE_OCRP, "Outgoing_Call_Reply" },
339 { MESSAGE_TYPE_OCCN, "Outgoing_Call_Connected" },
340 { MESSAGE_TYPE_ICRQ, "Incoming_Call_Request" },
341 { MESSAGE_TYPE_ICRP, "Incoming_Call_Reply" },
342 { MESSAGE_TYPE_ICCN, "Incoming_Call_Connected" },
343 { MESSAGE_TYPE_Reserved_13, "Reserved" },
344 { MESSAGE_TYPE_CDN, "Call_Disconnect_Notification" },
345 { MESSAGE_TYPE_WEN, "WAN_Error_Notify" },
346 { MESSAGE_TYPE_SLI, "Set_Link_Info" },
347 { MESSAGE_TYPE_MDMST, "Modem_Status" },
348 { MESSAGE_TYPE_SRRQ, "Service_Relay_Request_Msg" },
349 { MESSAGE_TYPE_SRRP, "Service_Relay_Reply_Message" },
350 { MESSAGE_TYPE_ACK, "Explicit_Acknowledgement" },
351 /* Fail Over Extensions - RFC4951 */
352 { MESSAGE_TYPE_FSQ, "Failover_Session_Query_Message" },
353 { MESSAGE_TYPE_FSR, "Failover_Session_Response_Message" },
354 /* Multicast Management - RFC4045 */
355 { MESSAGE_TYPE_MSRQ, "Multicast-Session-Request" },
356 { MESSAGE_TYPE_MSRP, "Multicast-Session-Response" },
357 { MESSAGE_TYPE_MSE, "Multicast-Session-Establishment" },
358 { MESSAGE_TYPE_MSI, "Multicast-Session-Information" },
359 { MESSAGE_TYPE_MSEN, "Multicast-Session-End-Notify" },
360 { 0, NULL },
361 };
362 static value_string_ext message_type_vals_ext = VALUE_STRING_EXT_INIT(message_type_vals);
363
364 static const value_string l2tp_message_type_short_str_vals[] = {
365 { MESSAGE_TYPE_SCCRQ, "SCCRQ" },
366 { MESSAGE_TYPE_SCCRP, "SCCRP" },
367 { MESSAGE_TYPE_SCCCN, "SCCCN" },
368 { MESSAGE_TYPE_StopCCN, "StopCCN" },
369 { 5, "Reserved"},
370 { MESSAGE_TYPE_HELLO, "Hello" },
371 { MESSAGE_TYPE_OCRQ, "OCRQ" },
372 { MESSAGE_TYPE_OCRP, "OCRP" },
373 { MESSAGE_TYPE_OCCN, "OCCN" },
374 { MESSAGE_TYPE_ICRQ, "ICRQ" },
375 { MESSAGE_TYPE_ICRP, "ICRP" },
376 { MESSAGE_TYPE_ICCN, "ICCN" },
377 { 13, "Reserved"},
378 { MESSAGE_TYPE_CDN, "CDN" },
379 { MESSAGE_TYPE_WEN, "WEN" },
380 { MESSAGE_TYPE_SLI, "SLI" },
381 { MESSAGE_TYPE_MDMST, "MDMST" },
382 { MESSAGE_TYPE_SRRQ, "SRRQ" },
383 { MESSAGE_TYPE_SRRP, "SRRP" },
384 { MESSAGE_TYPE_ACK, "ACK" },
385 /* Fail Over Extensions - RFC4951 */
386 { MESSAGE_TYPE_FSQ, "FSQ" },
387 { MESSAGE_TYPE_FSR, "FSR" },
388 /* Multicast Management - RFC4045 */
389 { MESSAGE_TYPE_MSRQ, "MSRQ" },
390 { MESSAGE_TYPE_MSRP, "MSRP" },
391 { MESSAGE_TYPE_MSE, "MSE" },
392 { MESSAGE_TYPE_MSI, "MSI" },
393 { MESSAGE_TYPE_MSEN, "MSEN" },
394 { 0, NULL },
395 };
396 static value_string_ext l2tp_message_type_short_str_vals_ext = VALUE_STRING_EXT_INIT(l2tp_message_type_short_str_vals);
397
398
399 static const char *control_msg = "Control Message";
400 static const char *data_msg = "Data Message";
401 static const value_string l2tp_type_vals[] = {
402 { 0, "Data Message" },
403 { 1, "Control Message" },
404 { 0, NULL },
405 };
406
407 static const value_string cause_code_direction_vals[] = {
408 { 0, "global error" },
409 { 1, "at peer" },
410 { 2, "at local" },
411 { 0, NULL },
412 };
413
414 static const true_false_string l2tp_length_bit_truth =
415 { "Length field is present", "Length field is not present" };
416
417 static const true_false_string l2tp_seq_bit_truth =
418 { "Ns and Nr fields are present", "Ns and Nr fields are not present" };
419
420 static const true_false_string l2tp_offset_bit_truth =
421 { "Offset Size field is present", "Offset size field is not present" };
422
423 static const true_false_string l2tp_priority_truth =
424 { "This data message has priority", "No priority" };
425
426 static const value_string authen_type_vals[] = {
427 { 0, "Reserved" },
428 { 1, "Textual username/password exchange" },
429 { 2, "PPP CHAP" },
430 { 3, "PPP PAP" },
431 { 4, "No Authentication" },
432 { 5, "Microsoft CHAP Version 1" },
433 { 6, "Reserved" },
434 { 7, "EAP" },
435 { 0, NULL }
436 };
437
438 static const value_string data_sequencing_vals[] = {
439 { 0, "No incoming data packets require sequencing" },
440 { 1, "Only non-IP data packets require sequencing" },
441 { 2, "All incoming data packets require sequencing" },
442 { 0, NULL }
443 };
444
445 static const value_string l2_sublayer_vals[] = {
446 { 0, "No L2-Specific Sublayer" },
447 { 1, "Default L2-Specific Sublayer present" },
448 { 2, "ATM-Specific Sublayer present" },
449 { 3, "MPT-Specific Sublayer" },
450 { 4, "PSP-Specific Sublayer" },
451 { 0, NULL }
452 };
453
454 /* Result Code values for the StopCCN message */
455 static const value_string result_code_stopccn_vals[] = {
456 { 0, "Reserved", },
457 { 1, "General request to clear control connection", },
458 { 2, "General error, Error Code indicates the problem", },
459 { 3, "Control connection already exists", },
460 { 4, "Requester is not authorized to establish a control connection", },
461 { 5, "The protocol version of the requester is not supported", },
462 { 6, "Requester is being shut down", },
463 { 7, "Finite state machine error or timeout", },
464 { 8, "Control connection due to mismatching CCDS value", }, /* [RFC3308] */
465 { 0, NULL }
466 };
467
468 /* Result Code values for the CDN message */
469 static const value_string result_code_cdn_vals[] = {
470 { 0, "Reserved", },
471 { 1, "Session disconnected due to loss of carrier or circuit disconnect", },
472 { 2, "Session disconnected for the reason indicated in Error Code", },
473 { 3, "Session disconnected for administrative reasons", },
474 { 4, "Appropriate facilities unavailable (temporary condition)", },
475 { 5, "Appropriate facilities unavailable (permanent condition)", },
476 { 6, "Invalid destination", },
477 { 7, "Call failed due to no carrier detected", },
478 { 8, "Call failed due to detection of a busy signal", },
479 { 9, "Call failed due to lack of a dial tone", },
480 { 10, "Call was not established within time allotted by LAC", },
481 { 11, "Call was connected but no appropriate framing was detected", },
482 { 12, "Disconnecting call due to mismatching SDS value", },
483 { 13, "Session not established due to losing tie breaker", },
484 { 14, "Session not established due to unsupported PW type", },
485 { 15, "Session not established, sequencing required without valid L2-Specific Sublayer", },
486 { 16, "Finite state machine error or timeout", },
487 { 17, "FR PVC was deleted permanently (no longer provisioned) ", }, /* [RFC4591] */
488 { 18, "FR PVC has been INACTIVE for an extended period of time", }, /* [RFC4591] */
489 { 19, "Mismatched FR Header Length", }, /* [RFC4591] */
490 { 20, "HDLC Link was deleted permanently (no longer provisioned)", }, /* [RFC4349] */
491 { 21, "HDLC Link has been INACTIVE for an extended period of time", }, /* [RFC4349] */
492 { 22, "Session not established due to other LCCE can not support the OAM Cell Emulation", }, /* [RFC4454] */
493 { 23, "Mismatching interface MTU", }, /* [RFC4667] */
494 { 24, "Attempt to connect to non-existent forwarder", }, /* [RFC4667] */
495 { 25, "Attempt to connect to unauthorized forwarder", }, /* [RFC4667] */
496 { 26, "Loop Detected", }, /* [draft-ietf-l2tpext-tunnel-switching-06.txt] */
497 { 27, "Attachment Circuit bound to different PE", }, /* [RFC6074] */
498 { 28, "Attachment Circuit bound to different remote Attachment Circuit", }, /* [RFC6074] */
499 { 29, "Unassigned", },
500 { 30, "Return code to indicate connection was refused because of TDM PW parameters. The error code indicates the problem.", }, /* [RFC5611] */
501 { 31, "Sequencing not supported", }, /* [RFC6073] */
502 { 0, NULL }
503 };
504 static value_string_ext result_code_cdn_vals_ext = VALUE_STRING_EXT_INIT(result_code_cdn_vals);
505
506
507 static const value_string error_code_vals[] = {
508 { 0, "No General Error", },
509 { 1, "No control connection exists yet for this pair of LCCEs", },
510 { 2, "Length is wrong", },
511 { 3, "One of the field values was out of range", },
512 { 4, "Insufficient resources to handle this operation now", },
513 { 5, "Invalid Session ID", },
514 { 6, "A generic vendor-specific error occurred", },
515 { 7, "Try another", },
516 { 8, "Receipt of an unknown AVP with the M bit set", },
517 { 9, "Try another directed", },
518 { 10, "Next hop unreachable", },
519 { 11, "Next hop busy", },
520 { 12, "TSA busy", },
521 { 0, NULL }
522 };
523
524 #define CONTROL_MESSAGE 0
525 #define RESULT_ERROR_CODE 1
526 #define PROTOCOL_VERSION 2
527 #define FRAMING_CAPABILITIES 3
528 #define BEARER_CAPABILITIES 4
529 #define TIE_BREAKER 5
530 #define FIRMWARE_REVISION 6
531 #define HOST_NAME 7
532 #define VENDOR_NAME 8
533 #define ASSIGNED_TUNNEL_ID 9
534 #define RECEIVE_WINDOW_SIZE 10
535 #define CHALLENGE 11
536 #define CAUSE_CODE 12
537 #define CHALLENGE_RESPONSE 13
538 #define ASSIGNED_SESSION 14
539 #define CALL_SERIAL_NUMBER 15
540 #define MINIMUM_BPS 16
541 #define MAXIMUM_BPS 17
542 #define BEARER_TYPE 18
543 #define FRAMING_TYPE 19
544 #define CALLED_NUMBER 21
545 #define CALLING_NUMBER 22
546 #define SUB_ADDRESS 23
547 #define TX_CONNECT_SPEED 24
548 #define PHYSICAL_CHANNEL 25
549 #define INITIAL_RECEIVED_LCP_CONFREQ 26
550 #define LAST_SENT_LCP_CONFREQ 27
551 #define LAST_RECEIVED_LCP_CONFREQ 28
552 #define PROXY_AUTHEN_TYPE 29
553 #define PROXY_AUTHEN_NAME 30
554 #define PROXY_AUTHEN_CHALLENGE 31
555 #define PROXY_AUTHEN_ID 32
556 #define PROXY_AUTHEN_RESPONSE 33
557 #define CALL_STATUS_AVPS 34
558 #define ACCM 35
559 #define RANDOM_VECTOR 36
560 #define PRIVATE_GROUP_ID 37
561 #define RX_CONNECT_SPEED 38
562 #define SEQUENCING_REQUIRED 39
563 #define PPP_DISCONNECT_CAUSE_CODE 46 /* RFC 3145 */
564 #define EXTENDED_VENDOR_ID 58
565 #define MESSAGE_DIGEST 59
566 #define ROUTER_ID 60
567 #define ASSIGNED_CONTROL_CONN_ID 61
568 #define PW_CAPABILITY_LIST 62
569 #define LOCAL_SESSION_ID 63
570 #define REMOTE_SESSION_ID 64
571 #define ASSIGNED_COOKIE 65
572 #define REMOTE_END_ID 66
573 #define PW_TYPE 68
574 #define L2_SPECIFIC_SUBLAYER 69
575 #define DATA_SEQUENCING 70
576 #define CIRCUIT_STATUS 71
577 #define PREFERRED_LANGUAGE 72
578 #define CTL_MSG_AUTH_NONCE 73
579 #define TX_CONNECT_SPEED_V3 74
580 #define RX_CONNECT_SPEED_V3 75
581
582 /* http://www.iana.org/assignments/l2tp-parameters/l2tp-parameters.xhtml */
583 #define NUM_AVP_TYPES 102
584 static const value_string avp_type_vals[] = {
585 { CONTROL_MESSAGE, "Control Message" },
586 { RESULT_ERROR_CODE, "Result-Error Code" },
587 { PROTOCOL_VERSION, "Protocol Version" },
588 { FRAMING_CAPABILITIES, "Framing Capabilities" },
589 { BEARER_CAPABILITIES, "Bearer Capabilities" },
590 { TIE_BREAKER, "Tie Breaker" },
591 { FIRMWARE_REVISION, "Firmware Revision" },
592 { HOST_NAME, "Host Name" },
593 { VENDOR_NAME, "Vendor Name" },
594 { ASSIGNED_TUNNEL_ID, "Assigned Tunnel ID" },
595 { RECEIVE_WINDOW_SIZE, "Receive Window Size" },
596 { CHALLENGE, "Challenge" },
597 { CAUSE_CODE, "Cause Code" },
598 { CHALLENGE_RESPONSE, "Challenge Response" },
599 { ASSIGNED_SESSION, "Assigned Session" },
600 { CALL_SERIAL_NUMBER, "Call Serial Number" },
601 { MINIMUM_BPS, "Minimum BPS" },
602 { MAXIMUM_BPS, "Maximum BPS" },
603 { BEARER_TYPE, "Bearer Type" },
604 { FRAMING_TYPE, "Framing Type" },
605 { 20, "Reserved" },
606 { CALLED_NUMBER, "Called Number" },
607 { CALLING_NUMBER, "Calling Number" },
608 { SUB_ADDRESS, "Sub-Address" },
609 { TX_CONNECT_SPEED, "Connect Speed" },
610 { PHYSICAL_CHANNEL, "Physical Channel" },
611 { INITIAL_RECEIVED_LCP_CONFREQ, "Initial Received LCP CONFREQ" },
612 { LAST_SENT_LCP_CONFREQ, "Last Sent LCP CONFREQ" },
613 { LAST_RECEIVED_LCP_CONFREQ, "Last Received LCP CONFREQ" },
614 { PROXY_AUTHEN_TYPE, "Proxy Authen Type" },
615 { PROXY_AUTHEN_NAME, "Proxy Authen Name" },
616 { PROXY_AUTHEN_CHALLENGE, "Proxy Authen Challenge" },
617 { PROXY_AUTHEN_ID, "Proxy Authen ID" },
618 { PROXY_AUTHEN_RESPONSE, "Proxy Authen Response" },
619 { CALL_STATUS_AVPS, "Call status AVPs" },
620 { ACCM, "ACCM" },
621 { RANDOM_VECTOR, "Random Vector" },
622 { PRIVATE_GROUP_ID, "Private group ID" },
623 { RX_CONNECT_SPEED, "RxConnect Speed" },
624 { SEQUENCING_REQUIRED, "Sequencing Required" },
625 { PPP_DISCONNECT_CAUSE_CODE, "PPP Disconnect Cause Code" },
626 { EXTENDED_VENDOR_ID, "Extended Vendor ID" },
627 { MESSAGE_DIGEST, "Message Digest" },
628 { ROUTER_ID, "Router ID" },
629 { ASSIGNED_CONTROL_CONN_ID, "Assigned Control Connection ID" },
630 { PW_CAPABILITY_LIST, "Pseudowire Capability List" },
631 { LOCAL_SESSION_ID, "Local Session ID" },
632 { REMOTE_SESSION_ID, "Remote Session ID" },
633 { ASSIGNED_COOKIE, "Assigned Cookie" },
634 { REMOTE_END_ID, "Remote End ID" },
635 { PW_TYPE, "Pseudowire Type" },
636 { L2_SPECIFIC_SUBLAYER, "Layer2 Specific Sublayer" },
637 { DATA_SEQUENCING, "Data Sequencing" },
638 { CIRCUIT_STATUS, "Circuit Status" },
639 { PREFERRED_LANGUAGE, "Preferred Language" },
640 { CTL_MSG_AUTH_NONCE, "Control Message Authentication Nonce" },
641 { TX_CONNECT_SPEED_V3, "Tx Connect Speed Version 3" },
642 { RX_CONNECT_SPEED_V3, "Rx Connect Speed Version 3" },
643 { 76, "Failover Capability" }, /*[RFC4951] */
644 { 77, "Tunnel Recovery" }, /*[RFC4951] */
645 { 78, "Suggested Control Sequence" }, /*[RFC4951] */
646 { 79, "Failover Session State" }, /*[RFC4951] */
647 { 80, "Multicast Capability" }, /*[RFC4045] */
648 { 81, "New Outgoing Sessions" }, /*[RFC4045] */
649 { 82, "New Outgoing Sessions Acknowledgement" }, /*[RFC4045] */
650 { 83, "Withdraw Outgoing Sessions" }, /*[RFC4045] */
651 { 84, "Multicast Packets Priority" }, /*[RFC4045] */
652 { 85, "Frame-Relay Header Length" }, /*[RFC4591] */
653 { 86, "ATM Maximum Concatenated Cells AVP" }, /*[RFC4454] */
654 { 87, "OAM Emulation Required AVP" }, /*[RFC4454] */
655 { 88, "ATM Alarm Status AVP" }, /*[RFC4454] */
656 /* Also, see ATM Alarm Status AVP Values below */
657 { 89, "Attachment Group Identifier" }, /*[RFC4667] */
658 { 90, "Local End Identifier" }, /*[RFC4667] */
659 { 91, "Interface Maximum Transmission Unit" }, /*[RFC4667] */
660 { 92, "FCS Retention" }, /*[RFC4720] */
661 { 93, "Tunnel Switching Aggregator ID AVP" }, /*[draft-ietf-l2tpext-tunnel-switching-06.txt] */
662 { 94, "Maximum Receive Unit (MRU) AVP" }, /*[RFC4623] */
663 { 95, "Maximum Reassembled Receive Unit (MRRU) AVP" }, /*[RFC4623] */
664 { 96, "VCCV Capability AVP" }, /*[RFC5085] */
665 { 97, "Connect Speed Update AVP" }, /*[RFC5515] */
666 { 98, "Connect Speed Update Enable AVP" }, /*[RFC5515] */
667 { 99, "TDM Pseudowire AVP" }, /*[RFC5611] */
668 { 100, "RTP AVP" }, /*[RFC5611] */
669 { 101, "PW Switching Point AVP" }, /*[RFC6073] */
670 { 0, NULL }
671 };
672
673 static value_string_ext avp_type_vals_ext = VALUE_STRING_EXT_INIT(avp_type_vals);
674
675 #define CISCO_ASSIGNED_CONNECTION_ID 1
676 #define CISCO_PW_CAPABILITY_LIST 2
677 #define CISCO_LOCAL_SESSION_ID 3
678 #define CISCO_REMOTE_SESSION_ID 4
679 #define CISCO_ASSIGNED_COOKIE 5
680 #define CISCO_REMOTE_END_ID 6
681 #define CISCO_PW_TYPE 7
682 #define CISCO_CIRCUIT_STATUS 8
683 #define CISCO_SESSION_TIE_BREAKER 9
684 #define CISCO_DRAFT_AVP_VERSION 10
685 #define CISCO_MESSAGE_DIGEST 12
686 #define CISCO_AUTH_NONCE 13
687 #define CISCO_INTERFACE_MTU 14
688
689 static const value_string cisco_avp_type_vals[] = {
690 { CISCO_ASSIGNED_CONNECTION_ID, "Assigned Connection ID" },
691 { CISCO_PW_CAPABILITY_LIST, "Pseudowire Capabilities List" },
692 { CISCO_LOCAL_SESSION_ID, "Local Session ID" },
693 { CISCO_REMOTE_SESSION_ID, "Remote Session ID" },
694 { CISCO_ASSIGNED_COOKIE, "Assigned Cookie" },
695 { CISCO_REMOTE_END_ID, "Remote End ID" },
696 { CISCO_PW_TYPE, "Pseudowire Type" },
697 { CISCO_CIRCUIT_STATUS, "Circuit Status" },
698 { CISCO_SESSION_TIE_BREAKER, "Session Tie Breaker" },
699 { CISCO_DRAFT_AVP_VERSION, "Draft AVP Version" },
700 { CISCO_MESSAGE_DIGEST, "Message Digest" },
701 { CISCO_AUTH_NONCE, "Control Message Authentication Nonce" },
702 { CISCO_INTERFACE_MTU, "Interface MTU" },
703 { 0, NULL }
704 };
705
706 static const value_string cablelabs_avp_type_vals[] = {
707 /* 7.5.2 DEPI Specific AVPs */
708 { 0, "Reserved" },
709 { 1, "DEPI Result Code" },
710 { 2, "DEPI Resource Allocation Request" },
711 { 3, "DEPI Resource Allocation Reply" },
712 { 4, "DEPI Local MTU" },
713 { 5, "DOCSIS SYNC Control" },
714 { 6, "EQAM Capability Bits" },
715 { 7, "DEPI Remote MTU" },
716 { 8, "DEPI Local UDP Port" },
717 { 9, "DPR Session Type" },
718 { 10, "DPR Session Status" },
719 /* 7.5.3 QAM Channel PHY AVPs */
720 { 100, "Downstream QAM Channel TSID Group" },
721 { 101, "Downstream QAM Channel Frequency" },
722 { 102, "Downstream QAM Channel Power" },
723 { 103, "Downstream QAM Channel Modulation" },
724 { 104, "Downstream QAM Channel J.83 Annex" },
725 { 105, "Downstream QAM Channel Symbol Rate" },
726 { 106, "Downstream QAM Channel Interleaver Depth" },
727 { 107, "Downstream QAM Channel RF Block Muting53" },
728 /* 7.5.4 DEPI Redundancy Capabilities AVPs */
729 { 200, "DEPI Redundancy Capabilities" },
730 { 0, NULL }
731 };
732
733 static const value_string l2tp_cablel_modulation_vals[] = {
734 { 0, "64-QAM" },
735 { 1, "128-QAM" },
736 { 0, NULL }
737 };
738
739 static const value_string pw_types_vals[] = {
740 { 0x0001, "Frame Relay DLCI" },
741 { 0x0002, "ATM AAL5 SDU VCC transport" },
742 { 0x0003, "ATM Cell transparent Port Mode" },
743 { 0x0004, "Ethernet VLAN" },
744 { 0x0005, "Ethernet" },
745 { 0x0006, "HDLC" },
746 { 0x0007, "PPP" },
747 { 0x0009, "ATM Cell transport VCC Mode" },
748 { 0x000A, "ATM Cell transport VPC Mode" },
749 { 0x000B, "IP Transport" },
750 { 0x000C, "MPEG-TS Payload Type (MPTPW)" },
751 { 0x000D, "Packet Streaming Protocol (PSPPW)" },
752 /* 0x000E-0x0010 Unassigned */
753 { 0x0011, "Structure-agnostic E1 circuit" }, /* [RFC5611] */
754 { 0x0012, "Structure-agnostic T1 (DS1) circuit" }, /* [RFC5611] */
755 { 0x0013, "Structure-agnostic E3 circuit" }, /* [RFC5611] */
756 { 0x0014, "Structure-agnostic T3 (DS3) circuit" }, /* [RFC5611] */
757 { 0x0015, "CESoPSN basic mode" }, /* [RFC5611] */
758 { 0x0016, "Unassigned" },
759 { 0x0017, "CESoPSN TDM with CAS" }, /* [RFC5611] */
760
761 { 0, NULL },
762 };
763
764 static const true_false_string tfs_up_down = { "Up", "Down" };
765 static const true_false_string tfs_new_existing = { "New", "Existing" };
766
767 static dissector_handle_t ppp_hdlc_handle;
768 static dissector_handle_t ppp_lcp_options_handle;
769
770 static dissector_handle_t eth_withoutfcs_handle;
771 static dissector_handle_t chdlc_handle;
772 static dissector_handle_t fr_handle;
773 static dissector_handle_t ip_handle;
774 static dissector_handle_t mpls_handle;
775 static dissector_handle_t atm_oam_handle;
776 static dissector_handle_t llc_handle;
777 static dissector_handle_t lapd_handle;
778 static dissector_handle_t mp2t_handle;
779 static dissector_handle_t ehdlc_handle;
780 static dissector_handle_t data_handle;
781
782 static dissector_handle_t l2tp_udp_handle;
783 static dissector_handle_t l2tp_ip_handle;
784
785 #define L2TP_HMAC_MD5 0
786 #define L2TP_HMAC_SHA1 1
787 #define L2TP_HMAC_MD5_KEY_LEN 16
788 #define L2TP_HMAC_MD5_DIGEST_LEN 16
789 #define L2TP_HMAC_SHA1_DIGEST_LEN 20
790
791 typedef struct l2tpv3_conversation {
792 address lcce1;
793 guint16 lcce1_port;
794 address lcce2;
795 guint16 lcce2_port;
796 port_type pt;
797 struct l2tpv3_tunnel *tunnel;
798 } l2tpv3_conversation_t;
799
800 typedef struct l2tpv3_tunnel {
801 l2tpv3_conversation_t *conv;
802
803 address lcce1;
804 guint32 lcce1_id;
805 guint8 *lcce1_nonce;
806 gint lcce1_nonce_len;
807
808 address lcce2;
809 guint32 lcce2_id;
810 guint8 *lcce2_nonce;
811 gint lcce2_nonce_len;
812
813 gchar *shared_key_secret;
814 guint8 shared_key[L2TP_HMAC_MD5_KEY_LEN];
815
816 GSList *sessions;
817 } l2tpv3_tunnel_t;
818
819 typedef struct lcce_settings {
820 guint32 id;
821 gint cookie_len;
822 gint l2_specific;
823 } lcce_settings_t;
824
825 typedef struct l2tpv3_session {
826 lcce_settings_t lcce1;
827 lcce_settings_t lcce2;
828
829 gint pw_type;
830 } l2tpv3_session_t;
831
832 static const gchar* shared_secret = "";
833
834 static GSList *list_heads = NULL;
835
836 static void update_shared_key(l2tpv3_tunnel_t *tunnel)
837 {
838 const gchar *secret = "";
839
840 /* There is at least one nonce in the packet, so we can do authentication,
841 otherwise it's just a plain digest without nonces. */
842 if (tunnel->lcce1_nonce != NULL || tunnel->lcce2_nonce != NULL) {
843 secret = shared_secret;
844 }
845
846 /* If there's no shared key in the conversation context, or the secret has been changed */
847 if (tunnel->shared_key_secret == NULL || strcmp(secret, tunnel->shared_key_secret) != 0) {
848 /* For secret specification, see RFC 3931 pg 37 */
849 guint8 data = 2;
850 md5_hmac(&data, 1, secret, strlen(secret), tunnel->shared_key);
851 tunnel->shared_key_secret = wmem_strdup(wmem_file_scope(), secret);
852 }
853 }
854
855 static void md5_hmac_digest(l2tpv3_tunnel_t *tunnel,
856 tvbuff_t *tvb,
857 int length,
858 int idx,
859 int avp_len,
860 int msg_type,
861 packet_info *pinfo,
862 guint8 digest[20])
863 {
864 guint8 zero[L2TP_HMAC_MD5_DIGEST_LEN];
865 md5_hmac_state_t ms;
866 int remainder;
867 int offset = 0;
868
869 if (tunnel->conv->pt == PT_NONE) /* IP encapsulated L2TPv3 */
870 offset = 4;
871
872 md5_hmac_init(&ms, tunnel->shared_key, L2TP_HMAC_MD5_KEY_LEN);
873
874 if (msg_type != MESSAGE_TYPE_SCCRQ) {
875 if (tunnel->lcce1_nonce != NULL && tunnel->lcce2_nonce != NULL) {
876 if (ADDRESSES_EQUAL(&tunnel->lcce1, &pinfo->src)) {
877 md5_hmac_append(&ms, tunnel->lcce1_nonce, tunnel->lcce1_nonce_len);
878 md5_hmac_append(&ms, tunnel->lcce2_nonce, tunnel->lcce2_nonce_len);
879 } else {
880 md5_hmac_append(&ms, tunnel->lcce2_nonce, tunnel->lcce2_nonce_len);
881 md5_hmac_append(&ms, tunnel->lcce1_nonce, tunnel->lcce1_nonce_len);
882 }
883 }
884 }
885
886 md5_hmac_append(&ms, tvb_get_ptr(tvb, offset, idx + 1 - offset), idx + 1 - offset);
887 /* Message digest is calculated with an empty message digest field */
888 memset(zero, 0, L2TP_HMAC_MD5_DIGEST_LEN);
889 md5_hmac_append(&ms, zero, avp_len - 1);
890 remainder = length - (idx + avp_len);
891 md5_hmac_append(&ms, tvb_get_ptr(tvb, idx + avp_len, remainder), remainder);
892 md5_hmac_finish(&ms, digest);
893 }
894
895 static void sha1_hmac_digest(l2tpv3_tunnel_t *tunnel,
896 tvbuff_t *tvb,
897 int length,
898 int idx,
899 int avp_len,
900 int msg_type,
901 packet_info *pinfo,
902 guint8 digest[20])
903 {
904 guint8 zero[L2TP_HMAC_SHA1_DIGEST_LEN];
905 sha1_hmac_context ms;
906 int remainder;
907 int offset = 0;
908
909 if (tunnel->conv->pt == PT_NONE) /* IP encapsulated L2TPv3 */
910 offset = 4;
911
912 sha1_hmac_starts(&ms, tunnel->shared_key, L2TP_HMAC_MD5_KEY_LEN);
913
914 if (msg_type != MESSAGE_TYPE_SCCRQ) {
915 if (tunnel->lcce1_nonce != NULL && tunnel->lcce2_nonce != NULL) {
916 if (ADDRESSES_EQUAL(&tunnel->lcce1, &pinfo->src)) {
917 sha1_hmac_update(&ms, tunnel->lcce1_nonce, tunnel->lcce1_nonce_len);
918 sha1_hmac_update(&ms, tunnel->lcce2_nonce, tunnel->lcce2_nonce_len);
919 } else {
920 sha1_hmac_update(&ms, tunnel->lcce2_nonce, tunnel->lcce2_nonce_len);
921 sha1_hmac_update(&ms, tunnel->lcce1_nonce, tunnel->lcce1_nonce_len);
922 }
923 }
924 }
925
926 sha1_hmac_update(&ms, tvb_get_ptr(tvb, 0, idx + 1 - offset), idx + 1 - offset);
927 /* Message digest is calculated with an empty message digest field */
928 memset(zero, 0, L2TP_HMAC_SHA1_DIGEST_LEN);
929 sha1_hmac_update(&ms, zero, avp_len - 1);
930 remainder = length - (idx + avp_len);
931 sha1_hmac_update(&ms, tvb_get_ptr(tvb, idx + avp_len, remainder), remainder);
932 sha1_hmac_finish(&ms, digest);
933 }
934
935 static int check_control_digest(l2tpv3_tunnel_t *tunnel,
936 tvbuff_t *tvb,
937 int length,
938 int idx,
939 int avp_len,
940 int msg_type,
941 packet_info *pinfo)
942 {
943 guint8 digest[L2TP_HMAC_SHA1_DIGEST_LEN];
944
945 if (!tunnel)
946 return 1;
947
948 update_shared_key(tunnel);
949
950 switch (tvb_get_guint8(tvb, idx)) {
951 case L2TP_HMAC_MD5:
952 if ((avp_len - 1) != L2TP_HMAC_MD5_DIGEST_LEN)
953 return -1;
954 md5_hmac_digest(tunnel, tvb, length, idx, avp_len, msg_type, pinfo, digest);
955 break;
956 case L2TP_HMAC_SHA1:
957 if ((avp_len - 1) != L2TP_HMAC_SHA1_DIGEST_LEN)
958 return -1;
959 sha1_hmac_digest(tunnel, tvb, length, idx, avp_len, msg_type, pinfo, digest);
960 break;
961 default:
962 return 1;
963 break;
964 }
965
966 if (memcmp(digest, tvb_get_ptr(tvb, idx + 1, avp_len - 1), avp_len - 1) != 0)
967 return -1;
968
969 return 0;
970 }
971
972 static void store_cma_nonce(l2tpv3_tunnel_t *tunnel,
973 tvbuff_t *tvb,
974 int offset,
975 int length,
976 int msg_type)
977 {
978 guint8 *nonce = NULL;
979
980 if (!tunnel)
981 return;
982
983 switch (msg_type) {
984 case MESSAGE_TYPE_SCCRQ:
985 if (!tunnel->lcce1_nonce) {
986 tunnel->lcce1_nonce = (guint8 *)wmem_alloc(wmem_file_scope(), length);
987 tunnel->lcce1_nonce_len = length;
988 nonce = tunnel->lcce1_nonce;
989 }
990 break;
991 case MESSAGE_TYPE_SCCRP:
992 if (!tunnel->lcce2_nonce) {
993 tunnel->lcce2_nonce = (guint8 *)wmem_alloc(wmem_file_scope(), length);
994 tunnel->lcce2_nonce_len = length;
995 nonce = tunnel->lcce2_nonce;
996 }
997 break;
998 default:
999 break;
1000 }
1001
1002 if (nonce)
1003 tvb_memcpy(tvb, (void *)nonce, offset, length);
1004
1005 return;
1006 }
1007
1008 static void store_ccid(l2tpv3_tunnel_t *tunnel,
1009 tvbuff_t *tvb,
1010 int offset,
1011 int msg_type)
1012 {
1013 if (!tunnel)
1014 return;
1015
1016 switch (msg_type) {
1017 case MESSAGE_TYPE_SCCRQ:
1018 tunnel->lcce1_id = tvb_get_ntohl(tvb, offset);
1019 break;
1020 case MESSAGE_TYPE_SCCRP:
1021 tunnel->lcce2_id = tvb_get_ntohl(tvb, offset);
1022 break;
1023 default:
1024 break;
1025 }
1026
1027 return;
1028 }
1029
1030 static l2tpv3_session_t *find_session(l2tpv3_tunnel_t *tunnel,
1031 guint32 lcce1_id,
1032 guint32 lcce2_id)
1033 {
1034 l2tpv3_session_t *session = NULL;
1035 GSList *iterator;
1036
1037 iterator = tunnel->sessions;
1038 while (iterator) {
1039 session = (l2tpv3_session_t *)iterator->data;
1040
1041 if ((session->lcce1.id == lcce1_id) ||
1042 (session->lcce2.id == lcce2_id)) {
1043 return session;
1044 }
1045
1046 iterator = g_slist_next(iterator);
1047 }
1048
1049 return NULL;
1050 }
1051
1052 static void init_session(l2tpv3_session_t *session)
1053 {
1054 session->lcce1.cookie_len = session->lcce2.cookie_len = -1;
1055 session->lcce1.l2_specific = session->lcce2.l2_specific = -1;
1056 session->pw_type = -1;
1057 }
1058
1059 static l2tpv3_session_t *alloc_session(void)
1060 {
1061 l2tpv3_session_t *session = wmem_new0(wmem_packet_scope(), l2tpv3_session_t);
1062 init_session(session);
1063
1064 return session;
1065 }
1066
1067 static l2tpv3_session_t *store_lsession_id(l2tpv3_session_t *_session,
1068 tvbuff_t *tvb,
1069 int offset,
1070 int msg_type)
1071 {
1072 l2tpv3_session_t *session = _session;
1073
1074 switch (msg_type) {
1075 case MESSAGE_TYPE_ICRQ:
1076 case MESSAGE_TYPE_OCRQ:
1077 case MESSAGE_TYPE_ICRP:
1078 case MESSAGE_TYPE_OCRP:
1079 break;
1080 default:
1081 return session;
1082 }
1083
1084 if (session == NULL)
1085 session = alloc_session();
1086
1087 switch (msg_type) {
1088 case MESSAGE_TYPE_ICRQ:
1089 case MESSAGE_TYPE_OCRQ:
1090 session->lcce1.id = tvb_get_ntohl(tvb, offset);
1091 break;
1092 case MESSAGE_TYPE_ICRP:
1093 case MESSAGE_TYPE_OCRP:
1094 session->lcce2.id = tvb_get_ntohl(tvb, offset);
1095 break;
1096 }
1097
1098 return session;
1099 }
1100
1101 static l2tpv3_session_t *store_rsession_id(l2tpv3_session_t *_session,
1102 tvbuff_t *tvb,
1103 int offset,
1104 int msg_type)
1105 {
1106 l2tpv3_session_t *session = _session;
1107
1108 switch (msg_type) {
1109 case MESSAGE_TYPE_ICRP:
1110 case MESSAGE_TYPE_OCRP:
1111 break;
1112 default:
1113 return session;
1114 }
1115
1116 if (session == NULL)
1117 session = alloc_session();
1118
1119 session->lcce1.id = tvb_get_ntohl(tvb, offset);
1120
1121 return session;
1122 }
1123
1124 static l2tpv3_session_t *store_cookie_len(l2tpv3_session_t *_session,
1125 int len,
1126 int msg_type)
1127 {
1128 l2tpv3_session_t *session = _session;
1129
1130 switch (msg_type) {
1131 case MESSAGE_TYPE_ICRQ:
1132 case MESSAGE_TYPE_OCRQ:
1133 case MESSAGE_TYPE_ICRP:
1134 case MESSAGE_TYPE_OCRP:
1135 break;
1136 default:
1137 return session;
1138 }
1139
1140 if (session == NULL)
1141 session = alloc_session();
1142
1143 switch (msg_type) {
1144 case MESSAGE_TYPE_ICRQ:
1145 case MESSAGE_TYPE_OCRQ:
1146 session->lcce1.cookie_len = len;
1147 break;
1148 case MESSAGE_TYPE_ICRP:
1149 case MESSAGE_TYPE_OCRP:
1150 session->lcce2.cookie_len = len;
1151 break;
1152 }
1153
1154 return session;
1155 }
1156
1157 static l2tpv3_session_t *store_pw_type(l2tpv3_session_t *_session,
1158 tvbuff_t *tvb,
1159 int offset,
1160 int msg_type)
1161 {
1162 l2tpv3_session_t *session = _session;
1163 gint result = l2tpv3_protocol;
1164 guint16 pw_type;
1165
1166 switch (msg_type) {
1167 case MESSAGE_TYPE_ICRQ:
1168 case MESSAGE_TYPE_OCRQ:
1169 break;
1170 default:
1171 return session;
1172 }
1173
1174 if (session == NULL)
1175 session = alloc_session();
1176
1177 pw_type = tvb_get_ntohs(tvb, offset);
1178 switch (pw_type) {
1179 case 0x0007:
1180 result = L2TPv3_PROTOCOL_PPP; break;
1181 case 0x0005:
1182 result = L2TPv3_PROTOCOL_ETH; break;
1183 case 0x0006:
1184 result = L2TPv3_PROTOCOL_CHDLC; break;
1185 case 0x0002:
1186 result = L2TPv3_PROTOCOL_AAL5; break;
1187 case 0x0001:
1188 result = L2TPv3_PROTOCOL_FR; break;
1189 default:
1190 break;
1191 }
1192
1193 session->pw_type = result;
1194
1195 return session;
1196 }
1197
1198 static l2tpv3_session_t *store_l2_sublayer(l2tpv3_session_t *_session,
1199 tvbuff_t *tvb,
1200 int offset,
1201 int msg_type)
1202 {
1203 l2tpv3_session_t *session = _session;
1204 gint result = l2tpv3_l2_specific;
1205 guint16 l2_sublayer;
1206
1207 switch (msg_type) {
1208 case MESSAGE_TYPE_ICRQ:
1209 case MESSAGE_TYPE_OCRQ:
1210 case MESSAGE_TYPE_ICCN:
1211 case MESSAGE_TYPE_OCCN:
1212 case MESSAGE_TYPE_ICRP:
1213 case MESSAGE_TYPE_OCRP:
1214 break;
1215 default:
1216 return session;
1217 }
1218
1219 if (session == NULL)
1220 session = alloc_session();
1221
1222 l2_sublayer = tvb_get_ntohs(tvb, offset);
1223 switch (l2_sublayer) {
1224 case 0x0000:
1225 result = L2TPv3_L2_SPECIFIC_NONE; break;
1226 case 0x0001:
1227 result = L2TPv3_L2_SPECIFIC_DEFAULT; break;
1228 case 0x0002:
1229 result = L2TPv3_L2_SPECIFIC_ATM; break;
1230 case 0x0003:
1231 result = L2TPv3_L2_SPECIFIC_DOCSIS_DMPT; break;
1232 default:
1233 break;
1234 }
1235
1236 switch (msg_type) {
1237 case MESSAGE_TYPE_ICRQ:
1238 case MESSAGE_TYPE_OCRQ:
1239 case MESSAGE_TYPE_ICCN:
1240 case MESSAGE_TYPE_OCCN:
1241 session->lcce1.l2_specific = result;
1242 case MESSAGE_TYPE_ICRP:
1243 case MESSAGE_TYPE_OCRP:
1244 session->lcce2.l2_specific = result;
1245 break;
1246 }
1247
1248 return session;
1249 }
1250
1251 static void update_session(l2tpv3_tunnel_t *tunnel, l2tpv3_session_t *session)
1252 {
1253 l2tpv3_session_t *existing = NULL;
1254
1255 if (tunnel == NULL || session == NULL)
1256 return;
1257
1258 if (session->lcce1.id == 0 && session->lcce2.id == 0)
1259 return;
1260
1261 existing = find_session(tunnel, session->lcce1.id, session->lcce2.id);
1262 if (!existing) {
1263 existing = wmem_new0(wmem_file_scope(), l2tpv3_session_t);
1264 init_session(existing);
1265 }
1266
1267 if (session->lcce1.id != 0)
1268 existing->lcce1.id = session->lcce1.id;
1269
1270 if (session->lcce2.id != 0)
1271 existing->lcce2.id = session->lcce2.id;
1272
1273 if (session->lcce1.cookie_len != -1)
1274 existing->lcce1.cookie_len = session->lcce1.cookie_len;
1275
1276 if (session->lcce2.cookie_len != -1)
1277 existing->lcce2.cookie_len = session->lcce2.cookie_len;
1278
1279 if (session->lcce1.l2_specific != -1)
1280 existing->lcce1.l2_specific = session->lcce1.l2_specific;
1281
1282 if (session->lcce2.l2_specific != -1)
1283 existing->lcce2.l2_specific = session->lcce2.l2_specific;
1284
1285 if (session->pw_type != -1)
1286 existing->pw_type = session->pw_type;
1287
1288 if (tunnel->sessions == NULL) {
1289 tunnel->sessions = g_slist_append(tunnel->sessions, existing);
1290 list_heads = g_slist_append(list_heads, tunnel->sessions);
1291 } else {
1292 tunnel->sessions = g_slist_append(tunnel->sessions, existing);
1293 }
1294 }
1295
1296
1297 /*
1298 * Dissect CISCO AVP:s
1299 */
1300 static int dissect_l2tp_cisco_avps(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree) {
1301
1302 int offset = 0;
1303 int avp_type;
1304 guint32 avp_vendor_id;
1305 guint16 avp_len;
1306 guint16 ver_len_hidden;
1307 proto_item *tf, *te;
1308 proto_tree *l2tp_avp_tree, *l2tp_avp_tree_sub;
1309
1310 ver_len_hidden = tvb_get_ntohs(tvb, offset);
1311 avp_len = AVP_LENGTH(ver_len_hidden);
1312 avp_vendor_id = tvb_get_ntohs(tvb, offset + 2);
1313 avp_type = tvb_get_ntohs(tvb, offset + 4);
1314
1315 tf = proto_tree_add_text(tree, tvb, offset,
1316 avp_len, "Vendor %s: %s AVP",
1317 val_to_str_ext(avp_vendor_id, &sminmpec_values_ext, "Unknown (%u)"),
1318 val_to_str(avp_type, cisco_avp_type_vals, "Unknown (%u)"));
1319
1320
1321 l2tp_avp_tree = proto_item_add_subtree(tf, ett_l2tp_avp);
1322
1323 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_mandatory, tvb, offset, 2, ENC_BIG_ENDIAN);
1324 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_hidden, tvb, offset, 2, ENC_BIG_ENDIAN);
1325 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_length, tvb, offset, 2, ENC_BIG_ENDIAN);
1326
1327 if (HIDDEN_BIT(ver_len_hidden)) { /* don't try do display hidden */
1328 offset += avp_len;
1329 return offset;
1330 }
1331
1332 offset += 2;
1333 avp_len -= 2;
1334
1335 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_vendor_id, tvb, offset, 2, ENC_BIG_ENDIAN);
1336 offset += 2;
1337 avp_len -= 2;
1338
1339 proto_tree_add_uint(l2tp_avp_tree, hf_l2tp_cisco_avp_type, tvb, offset, 2, avp_type);
1340 offset += 2;
1341 avp_len -= 2;
1342
1343 switch (avp_type) {
1344 case CISCO_ASSIGNED_CONNECTION_ID:
1345 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cisco_assigned_control_connection_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1346 break;
1347
1348 case CISCO_PW_CAPABILITY_LIST:
1349 te = proto_tree_add_text(l2tp_avp_tree, tvb, offset, avp_len,
1350 "Pseudowire Capabilities List");
1351 l2tp_avp_tree_sub = proto_item_add_subtree(te, ett_l2tp_avp_sub);
1352 while (avp_len >= 2) {
1353 proto_tree_add_item(l2tp_avp_tree_sub, hf_l2tp_cisco_pw_type, tvb, offset, 2, ENC_BIG_ENDIAN);
1354 offset += 2;
1355 avp_len -= 2;
1356 }
1357 break;
1358
1359 case CISCO_LOCAL_SESSION_ID:
1360 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cisco_local_session_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1361 break;
1362 case CISCO_REMOTE_SESSION_ID:
1363 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cisco_remote_session_id, tvb, offset, 4, ENC_BIG_ENDIAN);
1364 break;
1365 case CISCO_ASSIGNED_COOKIE:
1366 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cisco_assigned_cookie, tvb, offset, avp_len, ENC_NA);
1367 break;
1368 case CISCO_REMOTE_END_ID:
1369 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cisco_remote_end_id, tvb, offset, avp_len, ENC_NA|ENC_ASCII);
1370 break;
1371 case CISCO_PW_TYPE:
1372 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cisco_pseudowire_type, tvb, offset, 2, ENC_BIG_ENDIAN);
1373 break;
1374 case CISCO_CIRCUIT_STATUS:
1375 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cisco_circuit_status, tvb, offset, 2, ENC_BIG_ENDIAN);
1376 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cisco_circuit_type, tvb, offset, 2, ENC_BIG_ENDIAN);
1377 break;
1378 case CISCO_SESSION_TIE_BREAKER:
1379 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cisco_tie_breaker,
1380 tvb, offset, 8, ENC_BIG_ENDIAN);
1381 break;
1382 case CISCO_DRAFT_AVP_VERSION:
1383 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cisco_draft_avp_version, tvb, offset, 2, ENC_BIG_ENDIAN);
1384 break;
1385 case CISCO_MESSAGE_DIGEST:
1386 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cisco_message_digest, tvb, offset, avp_len, ENC_NA);
1387 break;
1388 case CISCO_AUTH_NONCE:
1389 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cisco_nonce, tvb, offset, avp_len, ENC_NA);
1390 break;
1391 case CISCO_INTERFACE_MTU:
1392 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cisco_interface_mtu, tvb, offset, avp_len, ENC_BIG_ENDIAN);
1393 break;
1394
1395 default:
1396 proto_tree_add_text(l2tp_avp_tree, tvb, offset,
1397 avp_len, "Vendor-Specific AVP");
1398 break;
1399 }
1400 offset += avp_len;
1401
1402 return offset;
1403 }
1404
1405 /*
1406 * Ref: http://www.cablelabs.com/specifications/CM-SP-DEPI-I08-100611.pdf
1407 */
1408 static int
1409 dissect_l2tp_vnd_cablelabs_avps(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
1410 {
1411 int offset = 0;
1412 int avp_type;
1413 guint32 avp_vendor_id;
1414 guint32 avp_len;
1415 guint16 ver_len_hidden;
1416 proto_item *tf;
1417 proto_tree *l2tp_avp_tree;
1418
1419 ver_len_hidden = tvb_get_ntohs(tvb, offset);
1420 avp_len = AVP_LENGTH(ver_len_hidden);
1421 avp_vendor_id = tvb_get_ntohs(tvb, offset + 2);
1422 avp_type = tvb_get_ntohs(tvb, offset + 4);
1423
1424 tf = proto_tree_add_text(tree, tvb, offset,
1425 avp_len, "Vendor %s: %s AVP",
1426 val_to_str_ext(avp_vendor_id, &sminmpec_values_ext, "Unknown (%u)"),
1427 val_to_str(avp_type, cablelabs_avp_type_vals, "Unknown (%u)"));
1428 l2tp_avp_tree = proto_item_add_subtree(tf, ett_l2tp_avp);
1429
1430 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_mandatory, tvb, offset, 2, ENC_BIG_ENDIAN);
1431 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_hidden, tvb, offset, 2, ENC_BIG_ENDIAN);
1432 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_length, tvb, offset, 2, ENC_BIG_ENDIAN);
1433
1434 if (HIDDEN_BIT(ver_len_hidden)) { /* don't try do display hidden */
1435 offset += avp_len;
1436 return offset;
1437 }
1438
1439 offset += 2;
1440 avp_len -= 2;
1441
1442 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_vendor_id, tvb, offset, 2, ENC_BIG_ENDIAN);
1443 offset += 2;
1444 avp_len -= 2;
1445
1446 proto_tree_add_uint(l2tp_avp_tree, hf_l2tp_cablelabs_avp_type, tvb, offset, 2, avp_type);
1447 offset += 2;
1448 avp_len -= 2;
1449
1450 switch (avp_type) {
1451 case 101:
1452 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cablel_avp_l_bit, tvb, offset, 2, ENC_BIG_ENDIAN);
1453 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cablel_avp_tsid_group_id, tvb, offset, 2, ENC_BIG_ENDIAN);
1454 offset+=2;
1455 avp_len-=2;
1456 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cablel_avp_frequency, tvb, offset, 4, ENC_BIG_ENDIAN);
1457 avp_len -= 4;
1458 offset+=4;
1459 break;
1460 case 103:
1461 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cablel_avp_l_bit, tvb, offset, 2, ENC_BIG_ENDIAN);
1462 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cablel_avp_tsid_group_id, tvb, offset, 2, ENC_BIG_ENDIAN);
1463 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cablel_avp_modulation, tvb, offset, 2, ENC_BIG_ENDIAN);
1464 offset+=2;
1465 avp_len-=2;
1466 break;
1467 case 105:
1468 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cablel_avp_l_bit, tvb, offset, 2, ENC_BIG_ENDIAN);
1469 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cablel_avp_tsid_group_id, tvb, offset, 2, ENC_BIG_ENDIAN);
1470 offset+=2;
1471 avp_len-=2;
1472 while(avp_len > 0){
1473 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cablel_avp_m, tvb, offset, 2, ENC_BIG_ENDIAN);
1474 offset+=2;
1475 avp_len-=2;
1476 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_cablel_avp_n, tvb, offset, 2, ENC_BIG_ENDIAN);
1477 offset+=2;
1478 avp_len-=2;
1479 }
1480 break;
1481 default:
1482 proto_tree_add_text(l2tp_avp_tree, tvb, offset,
1483 avp_len, "Vendor-Specific AVP(not dissected yet)");
1484 break;
1485 }
1486 offset += avp_len;
1487
1488 return offset;
1489 }
1490
1491
1492 /*
1493 * Processes AVPs for Control Messages all versions and transports
1494 */
1495 static void process_control_avps(tvbuff_t *tvb,
1496 packet_info *pinfo,
1497 proto_tree *l2tp_tree,
1498 int idx,
1499 int length,
1500 guint32 ccid,
1501 l2tpv3_tunnel_t *tunnel)
1502 {
1503 proto_tree *l2tp_lcp_avp_tree, *l2tp_avp_tree = NULL, *l2tp_avp_tree_sub;
1504 proto_item *tf, *te;
1505
1506 int msg_type = 0;
1507 gboolean isStopCcn = FALSE;
1508 int avp_type;
1509 guint32 avp_vendor_id;
1510 guint16 avp_len;
1511 guint16 ver_len_hidden;
1512 tvbuff_t *next_tvb, *avp_tvb;
1513 int digest_idx = 0;
1514 guint16 digest_avp_len = 0;
1515 proto_item *digest_item = NULL;
1516 l2tp_cntrl_data_t *l2tp_cntrl_data = wmem_new0(wmem_packet_scope(), l2tp_cntrl_data_t);
1517
1518 l2tpv3_session_t *session = NULL;
1519
1520 l2tp_cntrl_data->ccid = ccid;
1521
1522 while (idx < length) { /* Process AVP's */
1523 ver_len_hidden = tvb_get_ntohs(tvb, idx);
1524 avp_len = AVP_LENGTH(ver_len_hidden);
1525 avp_vendor_id = tvb_get_ntohs(tvb, idx + 2);
1526 avp_type = tvb_get_ntohs(tvb, idx + 4);
1527
1528 if (avp_len < 6) {
1529 proto_tree_add_text(l2tp_avp_tree ? l2tp_avp_tree : l2tp_tree, tvb, idx, 2,
1530 "AVP length must be >= 6, got %u", avp_len);
1531 return;
1532 }
1533
1534 if (avp_vendor_id != VENDOR_IETF) {
1535
1536 avp_tvb = tvb_new_subset(tvb, idx, avp_len, avp_len);
1537
1538 if (avp_vendor_id == VENDOR_CISCO) { /* Vendor-Specific AVP */
1539
1540 dissect_l2tp_cisco_avps(avp_tvb, pinfo, l2tp_tree);
1541 idx += avp_len;
1542 continue;
1543
1544 } else {
1545 /* Vendor-Specific AVP */
1546 if (!dissector_try_uint_new(l2tp_vendor_avp_dissector_table, avp_vendor_id, avp_tvb, pinfo, l2tp_tree, FALSE, l2tp_cntrl_data)){
1547 tf = proto_tree_add_text(l2tp_tree, tvb, idx,
1548 avp_len, "Vendor %s AVP Type %u",
1549 val_to_str_ext(avp_vendor_id, &sminmpec_values_ext, "Unknown (%u)"),
1550 avp_type);
1551
1552 l2tp_avp_tree = proto_item_add_subtree(tf, ett_l2tp_avp);
1553
1554 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_mandatory, tvb, idx, 2, ENC_BIG_ENDIAN);
1555 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_hidden, tvb, idx, 2, ENC_BIG_ENDIAN);
1556 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_length, tvb, idx, 2, ENC_BIG_ENDIAN);
1557
1558 if (HIDDEN_BIT(ver_len_hidden)) { /* don't try do display hidden */
1559 idx += avp_len;
1560 continue;
1561 }
1562 idx += 2;
1563 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_vendor_id, tvb, idx, 2, ENC_BIG_ENDIAN);
1564 idx += 2;
1565
1566 proto_tree_add_text(l2tp_avp_tree, tvb, idx, 2, "Type: %u", avp_type);
1567 idx += 2;
1568 proto_tree_add_text(l2tp_avp_tree, tvb, idx, avp_len, "Vendor-Specific AVP");
1569 avp_len-=6;
1570 }
1571 idx += avp_len;
1572 continue;
1573 }
1574 }
1575
1576 /* IETF AVP:s */
1577 tf = proto_tree_add_text(l2tp_tree, tvb, idx,
1578 avp_len, "%s AVP",
1579 val_to_str_ext(avp_type, &avp_type_vals_ext, "Unknown (%u)"));
1580
1581 l2tp_avp_tree = proto_item_add_subtree(tf, ett_l2tp_avp);
1582
1583 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_mandatory, tvb, idx, 2, ENC_BIG_ENDIAN);
1584 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_hidden, tvb, idx, 2, ENC_BIG_ENDIAN);
1585 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_length, tvb, idx, 2, ENC_BIG_ENDIAN);
1586
1587 if (HIDDEN_BIT(ver_len_hidden)) { /* don't try do display hidden */
1588 idx += avp_len;
1589 continue;
1590 }
1591
1592 idx += 2;
1593 avp_len -= 2;
1594
1595 /* Special Case for handling Extended Vendor Id */
1596 if (avp_type == EXTENDED_VENDOR_ID) {
1597 idx += 2;
1598 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_vendor_id,
1599 tvb, idx, 4, ENC_BIG_ENDIAN);
1600
1601
1602 idx += 4;
1603 continue;
1604 }
1605 else {
1606 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_vendor_id,
1607 tvb, idx, 2, ENC_BIG_ENDIAN);
1608 idx += 2;
1609 avp_len -= 2;
1610 }
1611
1612 proto_tree_add_uint(l2tp_avp_tree, hf_l2tp_avp_type,
1613 tvb, idx, 2, avp_type);
1614 idx += 2;
1615 avp_len -= 2;
1616
1617 switch (avp_type) {
1618
1619 case CONTROL_MESSAGE:
1620 msg_type = tvb_get_ntohs(tvb, idx);
1621 l2tp_cntrl_data->msg_type = msg_type;
1622 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_message_type,
1623 tvb, idx, 2, ENC_BIG_ENDIAN);
1624
1625 if (msg_type == MESSAGE_TYPE_StopCCN) {
1626 isStopCcn = TRUE;
1627 }
1628 break;
1629
1630 case RESULT_ERROR_CODE:
1631 if (avp_len < 2)
1632 break;
1633 if (isStopCcn) {
1634 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_stop_ccn_result_code, tvb, idx, 2, ENC_BIG_ENDIAN);
1635 }
1636 else {
1637 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_result_code, tvb, idx, 2, ENC_BIG_ENDIAN);
1638 }
1639 idx += 2;
1640 avp_len -= 2;
1641
1642 if (avp_len < 2)
1643 break;
1644 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_error_code, tvb, idx, 2, ENC_BIG_ENDIAN);
1645 idx += 2;
1646 avp_len -= 2;
1647
1648 if (avp_len == 0)
1649 break;
1650 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_error_message, tvb, idx, avp_len, ENC_NA);
1651 break;
1652
1653 case PROTOCOL_VERSION:
1654 if (avp_len < 1)
1655 break;
1656 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_protocol_version, tvb, idx, 1, ENC_NA);
1657 idx += 1;
1658 avp_len -= 1;
1659
1660 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_protocol_revision, tvb, idx, 1, ENC_NA);
1661 break;
1662
1663 case FRAMING_CAPABILITIES:
1664 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_async_framing_supported, tvb, idx, 4, ENC_BIG_ENDIAN);
1665 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_sync_framing_supported, tvb, idx, 4, ENC_BIG_ENDIAN);
1666 break;
1667
1668 case BEARER_CAPABILITIES:
1669 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_analog_access_supported, tvb, idx, 4, ENC_BIG_ENDIAN);
1670 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_digital_access_supported, tvb, idx, 4, ENC_BIG_ENDIAN);
1671 break;
1672
1673 case TIE_BREAKER:
1674 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_tie_breaker, tvb, idx, 8, ENC_BIG_ENDIAN);
1675 break;
1676
1677 case FIRMWARE_REVISION:
1678 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_firmware_revision, tvb, idx, 2, ENC_BIG_ENDIAN);
1679 break;
1680
1681 case HOST_NAME:
1682 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_host_name, tvb, idx, avp_len, ENC_NA|ENC_ASCII);
1683 break;
1684
1685 case VENDOR_NAME:
1686 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_vendor_name, tvb, idx, avp_len, ENC_NA|ENC_ASCII);
1687 break;
1688
1689 case ASSIGNED_TUNNEL_ID:
1690 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_assigned_tunnel_id, tvb, idx, 2, ENC_BIG_ENDIAN);
1691 break;
1692
1693 case RECEIVE_WINDOW_SIZE:
1694 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_receive_window_size, tvb, idx, 2, ENC_BIG_ENDIAN);
1695 break;
1696
1697 case CHALLENGE:
1698 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_chap_challenge, tvb, idx, avp_len, ENC_NA);
1699 break;
1700
1701 case CAUSE_CODE:
1702 /*
1703 * XXX - export stuff from the Q.931 dissector
1704 * to dissect the cause code and cause message,
1705 * and use it.
1706 */
1707 if (avp_len < 2)
1708 break;
1709 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_cause_code, tvb, idx, 2, ENC_BIG_ENDIAN);
1710 idx += 2;
1711 avp_len -= 2;
1712
1713 if (avp_len < 1)
1714 break;
1715 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_cause_msg, tvb, idx, 1, ENC_NA);
1716 idx += 1;
1717 avp_len -= 1;
1718
1719 if (avp_len == 0)
1720 break;
1721 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_advisory_msg, tvb, idx, avp_len, ENC_NA|ENC_ASCII);
1722 break;
1723
1724 case CHALLENGE_RESPONSE:
1725 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_chap_challenge_response, tvb, idx, 16, ENC_NA);
1726 break;
1727
1728 case ASSIGNED_SESSION:
1729 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_assigned_session_id, tvb, idx, 2, ENC_BIG_ENDIAN);
1730 break;
1731
1732 case CALL_SERIAL_NUMBER:
1733 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_call_serial_number, tvb, idx, 4, ENC_BIG_ENDIAN);
1734 break;
1735
1736 case MINIMUM_BPS:
1737 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_minimum_bps, tvb, idx, 4, ENC_BIG_ENDIAN);
1738 break;
1739
1740 case MAXIMUM_BPS:
1741 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_maximum_bps, tvb, idx, 4, ENC_BIG_ENDIAN);
1742 break;
1743
1744 case BEARER_TYPE:
1745 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_analog_bearer_type, tvb, idx, 4, ENC_BIG_ENDIAN);
1746 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_digital_bearer_type, tvb, idx, 4, ENC_BIG_ENDIAN);
1747 break;
1748
1749 case FRAMING_TYPE:
1750 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_async_framing_type, tvb, idx, 4, ENC_BIG_ENDIAN);
1751 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_sync_framing_type, tvb, idx, 4, ENC_BIG_ENDIAN);
1752 break;
1753
1754 case CALLED_NUMBER:
1755 if (avp_len == 0)
1756 break;
1757 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_called_number,
1758 tvb, idx, avp_len, ENC_ASCII);
1759 break;
1760
1761 case CALLING_NUMBER:
1762 if (avp_len == 0)
1763 break;
1764 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_calling_number,
1765 tvb, idx, avp_len, ENC_ASCII);
1766 break;
1767
1768 case SUB_ADDRESS:
1769 if (avp_len == 0)
1770 break;
1771 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_sub_address, tvb, idx, avp_len, ENC_NA|ENC_ASCII);
1772 break;
1773
1774 case TX_CONNECT_SPEED:
1775 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_connect_speed, tvb, idx, 4, ENC_BIG_ENDIAN);
1776 break;
1777
1778 case PHYSICAL_CHANNEL:
1779 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_physical_channel, tvb, idx, 4, ENC_BIG_ENDIAN);
1780 break;
1781
1782 case INITIAL_RECEIVED_LCP_CONFREQ:
1783 te = proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_initial_received_lcp_confreq, tvb, idx, avp_len, ENC_NA);
1784 l2tp_lcp_avp_tree = proto_item_add_subtree(te, ett_l2tp_lcp);
1785 next_tvb = tvb_new_subset(tvb, idx, avp_len, avp_len);
1786 call_dissector(ppp_lcp_options_handle, next_tvb, pinfo, l2tp_lcp_avp_tree );
1787 break;
1788
1789 case LAST_SENT_LCP_CONFREQ:
1790 te = proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_last_sent_lcp_confreq, tvb, idx, avp_len, ENC_NA);
1791 l2tp_lcp_avp_tree = proto_item_add_subtree(te, ett_l2tp_lcp);
1792 next_tvb = tvb_new_subset(tvb, idx, avp_len, avp_len);
1793 call_dissector(ppp_lcp_options_handle, next_tvb, pinfo, l2tp_lcp_avp_tree );
1794 break;
1795
1796 case LAST_RECEIVED_LCP_CONFREQ:
1797 te = proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_last_received_lcp_confreq, tvb, idx, avp_len, ENC_NA);
1798 l2tp_lcp_avp_tree = proto_item_add_subtree(te, ett_l2tp_lcp);
1799 next_tvb = tvb_new_subset(tvb, idx, avp_len, avp_len);
1800 call_dissector(ppp_lcp_options_handle, next_tvb, pinfo, l2tp_lcp_avp_tree );
1801 break;
1802
1803 case PROXY_AUTHEN_TYPE:
1804 msg_type = tvb_get_ntohs(tvb, idx);
1805 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_proxy_authen_type, tvb, idx, 2, ENC_BIG_ENDIAN);
1806 break;
1807
1808 case PROXY_AUTHEN_NAME:
1809 if (avp_len == 0)
1810 break;
1811 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_proxy_authen_name, tvb, idx, avp_len, ENC_NA|ENC_ASCII);
1812 break;
1813
1814 case PROXY_AUTHEN_CHALLENGE:
1815 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_proxy_authen_challenge, tvb, idx, avp_len, ENC_NA);
1816 break;
1817
1818 case PROXY_AUTHEN_ID:
1819 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_proxy_authen_id, tvb, idx + 1, 1, ENC_NA);
1820 break;
1821
1822 case PROXY_AUTHEN_RESPONSE:
1823 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_proxy_authen_response, tvb, idx, avp_len, ENC_NA);
1824 break;
1825
1826 case CALL_STATUS_AVPS:
1827 if (avp_len < 2)
1828 break;
1829 idx += 2;
1830 avp_len -= 2;
1831
1832 if (avp_len < 4)
1833 break;
1834 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_crc_errors, tvb, idx, 4, ENC_BIG_ENDIAN);
1835 idx += 4;
1836 avp_len -= 4;
1837
1838 if (avp_len < 4)
1839 break;
1840 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_framing_errors, tvb, idx, 4, ENC_BIG_ENDIAN);
1841 idx += 4;
1842 avp_len -= 4;
1843
1844 if (avp_len < 4)
1845 break;
1846 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_hardware_overruns, tvb, idx, 4, ENC_BIG_ENDIAN);
1847 idx += 4;
1848 avp_len -= 4;
1849
1850 if (avp_len < 4)
1851 break;
1852 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_buffer_overruns, tvb, idx, 4, ENC_BIG_ENDIAN);
1853 idx += 4;
1854 avp_len -= 4;
1855
1856 if (avp_len < 4)
1857 break;
1858 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_time_out_errors, tvb, idx, 4, ENC_BIG_ENDIAN);
1859 idx += 4;
1860 avp_len -= 4;
1861
1862 if (avp_len < 4)
1863 break;
1864 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_alignment_errors, tvb, idx, 4, ENC_BIG_ENDIAN);
1865 idx += 4;
1866 avp_len -= 4;
1867 break;
1868
1869 case ACCM:
1870 if (avp_len < 2)
1871 break;
1872 idx += 2;
1873 avp_len -= 2;
1874
1875 if (avp_len < 4)
1876 break;
1877 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_send_accm, tvb, idx, 4, ENC_BIG_ENDIAN);
1878 idx += 4;
1879 avp_len -= 4;
1880
1881 if (avp_len < 4)
1882 break;
1883 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_receive_accm, tvb, idx, 4, ENC_BIG_ENDIAN);
1884 idx += 4;
1885 avp_len -= 4;
1886 break;
1887
1888 case RANDOM_VECTOR:
1889 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_random_vector, tvb, idx, avp_len, ENC_NA);
1890 break;
1891
1892 case PRIVATE_GROUP_ID:
1893 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_private_group_id, tvb, idx, avp_len, ENC_NA);
1894 break;
1895
1896 case RX_CONNECT_SPEED:
1897 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_rx_connect_speed, tvb, idx, 4, ENC_BIG_ENDIAN);
1898 break;
1899
1900 case PPP_DISCONNECT_CAUSE_CODE:
1901 if (avp_len < 2)
1902 break;
1903 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_disconnect_code, tvb, idx, 2, ENC_BIG_ENDIAN);
1904 idx += 2;
1905 avp_len -= 2;
1906
1907 if (avp_len < 2)
1908 break;
1909 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_control_protocol_number, tvb, idx, 2, ENC_BIG_ENDIAN);
1910 idx += 2;
1911 avp_len -= 2;
1912
1913 if (avp_len < 1)
1914 break;
1915 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_cause_code_direction, tvb, idx, 1, ENC_NA);
1916 idx += 1;
1917 avp_len -= 1;
1918
1919 if (avp_len == 0)
1920 break;
1921 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_cause_code_message, tvb, idx, avp_len, ENC_NA|ENC_ASCII);
1922 break;
1923
1924 case MESSAGE_DIGEST:
1925 {
1926 digest_idx = idx;
1927 digest_avp_len = avp_len;
1928 digest_item = proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_message_digest, tvb, idx, avp_len, ENC_NA);
1929 break;
1930 }
1931 case ROUTER_ID:
1932 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_router_id, tvb, idx, 4, ENC_BIG_ENDIAN);
1933 break;
1934 case ASSIGNED_CONTROL_CONN_ID:
1935 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_assigned_control_conn_id,
1936 tvb, idx, 4, ENC_BIG_ENDIAN);
1937 store_ccid(tunnel, tvb, idx, msg_type);
1938 break;
1939 case PW_CAPABILITY_LIST:
1940 te = proto_tree_add_text(l2tp_avp_tree, tvb, idx, avp_len,
1941 "Pseudowire Capabilities List");
1942 l2tp_avp_tree_sub = proto_item_add_subtree(te, ett_l2tp_avp_sub);
1943
1944 while (avp_len >= 2) {
1945 proto_tree_add_item(l2tp_avp_tree_sub, hf_l2tp_avp_pw_type, tvb, idx, 2, ENC_BIG_ENDIAN);
1946 idx += 2;
1947 avp_len -= 2;
1948 }
1949 break;
1950 case LOCAL_SESSION_ID:
1951 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_local_session_id,
1952 tvb, idx, 4, ENC_BIG_ENDIAN);
1953 col_append_fstr(pinfo->cinfo,COL_INFO, ", LSID: %2u",
1954 tvb_get_ntohl(tvb, idx));
1955 session = store_lsession_id(session, tvb, idx, msg_type);
1956 break;
1957 case REMOTE_SESSION_ID:
1958 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_remote_session_id,
1959 tvb, idx, 4, ENC_BIG_ENDIAN);
1960 col_append_fstr(pinfo->cinfo,COL_INFO, ", RSID: %2u",
1961 tvb_get_ntohl(tvb, idx));
1962 session = store_rsession_id(session, tvb, idx, msg_type);
1963 break;
1964 case ASSIGNED_COOKIE:
1965 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_assigned_cookie, tvb, idx, avp_len, ENC_NA);
1966 session = store_cookie_len(session, avp_len, msg_type);
1967 break;
1968 case REMOTE_END_ID:
1969 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_remote_end_id, tvb, idx, avp_len, ENC_NA|ENC_ASCII);
1970 break;
1971 case PW_TYPE:
1972 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_pseudowire_type, tvb, idx, 2, ENC_BIG_ENDIAN);
1973 session = store_pw_type(session, tvb, idx, msg_type);
1974 break;
1975 case L2_SPECIFIC_SUBLAYER:
1976 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_layer2_specific_sublayer, tvb, idx, 2, ENC_BIG_ENDIAN);
1977 session = store_l2_sublayer(session, tvb, idx, msg_type);
1978 break;
1979 case DATA_SEQUENCING:
1980 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_data_sequencing, tvb, idx, 2, ENC_BIG_ENDIAN);
1981 break;
1982 case CIRCUIT_STATUS:
1983 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_circuit_status, tvb, idx, 2, ENC_BIG_ENDIAN);
1984 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_circuit_type, tvb, idx, 2, ENC_BIG_ENDIAN);
1985 break;
1986 case PREFERRED_LANGUAGE:
1987 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_preferred_language, tvb, idx, avp_len, ENC_NA|ENC_ASCII);
1988 break;
1989 case CTL_MSG_AUTH_NONCE:
1990 proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_nonce, tvb, idx, avp_len, ENC_NA);
1991 store_cma_nonce(tunnel, tvb, idx, avp_len, msg_type);
1992 break;
1993 case TX_CONNECT_SPEED_V3:
1994 {
1995 guint64 speed;
1996 if (avp_len < 8)
1997 break;
1998
1999 speed = tvb_get_ntoh64(tvb, idx);
2000 tf = proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_tx_connect_speed_v3, tvb, idx, 8, ENC_BIG_ENDIAN);
2001 if (speed == 0) {
2002 proto_item_append_text(tf, " (indeterminable or no physical p2p link)");
2003 }
2004 break;
2005 }
2006 case RX_CONNECT_SPEED_V3:
2007 {
2008 guint64 speed;
2009 if (avp_len < 8)
2010 break;
2011
2012 speed = tvb_get_ntoh64(tvb, idx);
2013 tf = proto_tree_add_item(l2tp_avp_tree, hf_l2tp_avp_rx_connect_speed_v3, tvb, idx, 8, ENC_BIG_ENDIAN);
2014 if (speed == 0) {
2015 proto_item_append_text(tf, " (indeterminable or no physical p2p link)");
2016 }
2017 break;
2018 }
2019 default:
2020 proto_tree_add_text(l2tp_avp_tree, tvb, idx, avp_len,
2021 "Unknown AVP");
2022 break;
2023 }
2024
2025 idx += avp_len;
2026 }
2027
2028 /* SCCRQ digest can only be calculated once we know whether nonces are being used */
2029 if (digest_avp_len) {
2030 if (check_control_digest(tunnel, tvb, length, digest_idx, digest_avp_len, msg_type, pinfo) < 0)
2031 expert_add_info(pinfo, digest_item, &ei_l2tp_incorrect_digest);
2032 }
2033
2034 update_session(tunnel, session);
2035 }
2036
2037 /*
2038 * Processes Data Messages for v3 IP and UDP, starting from the Session ID
2039 * (common to IP and UDP). Dissects the L2TPv3 Session header, the (optional)
2040 * L2-Specific sublayer and calls the appropriate dissector for the payload.
2041 */
2042 static void
2043 process_l2tpv3_data(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
2044 proto_tree *l2tp_tree, proto_item *l2tp_item, int *pIdx,
2045 l2tpv3_tunnel_t *tunnel)
2046 {
2047 int idx = *pIdx;
2048 int sid;
2049 guint8 oam_cell = 0;
2050 proto_tree *l2_specific = NULL;
2051 proto_item *ti = NULL;
2052 tvbuff_t *next_tvb;
2053 gint cookie_len = l2tpv3_cookie;
2054 gint l2_spec = l2tpv3_l2_specific;
2055 gint pw_type = l2tpv3_protocol;
2056
2057 lcce_settings_t *lcce = NULL;
2058 l2tpv3_session_t *session = NULL;
2059
2060 /* Get Session ID */
2061 sid = tvb_get_ntohl(tvb, idx);
2062 idx += 4;
2063
2064 if (tunnel) {
2065 if (ADDRESSES_EQUAL(&tunnel->lcce1, &pinfo->dst)) {
2066 session = find_session(tunnel, sid, 0);
2067 if (session)
2068 lcce = &session->lcce1;
2069 } else {
2070 session = find_session(tunnel, 0, sid);
2071 if (session)
2072 lcce = &session->lcce2;
2073 }
2074 }
2075
2076 if (lcce) {
2077 if (l2_spec == -1)
2078 l2_spec = lcce->l2_specific;
2079 if (cookie_len == -1)
2080 cookie_len = lcce->cookie_len;
2081 if (pw_type == -1)
2082 pw_type = session->pw_type;
2083 }
2084
2085 if (l2_spec == -1)
2086 l2_spec = L2TPv3_L2_SPECIFIC_NONE;
2087
2088 if (pw_type == -1)
2089 pw_type = L2TPv3_PROTOCOL_DEFAULT;
2090
2091 if (cookie_len == -1)
2092 cookie_len = L2TPv3_COOKIE_DEFAULT;
2093
2094 col_add_fstr(pinfo->cinfo,COL_INFO,
2095 "%s (session id=%u)",
2096 data_msg, sid);
2097
2098 if (tree) {
2099 proto_tree_add_item(l2tp_tree, hf_l2tp_sid, tvb, idx-4, 4, ENC_BIG_ENDIAN);
2100 proto_item_set_len(l2tp_item, idx);
2101 if (!(tvb_offset_exists(tvb, idx)))
2102 return;
2103 if (cookie_len != 0)
2104 proto_tree_add_item(l2tp_tree, hf_l2tp_cookie, tvb, idx, cookie_len, ENC_NA);
2105 }
2106
2107 switch(l2_spec){
2108 case L2TPv3_L2_SPECIFIC_DEFAULT:
2109 if (tree) {
2110 ti = proto_tree_add_item(tree, hf_l2tp_l2_spec_def,
2111 tvb, idx + cookie_len, 4, ENC_NA);
2112 l2_specific = proto_item_add_subtree(ti, ett_l2tp_l2_spec);
2113
2114 proto_tree_add_item(l2_specific, hf_l2tp_l2_spec_s, tvb, idx + cookie_len,
2115 1, ENC_BIG_ENDIAN);
2116 proto_tree_add_item(l2_specific, hf_l2tp_l2_spec_sequence, tvb,
2117 idx + cookie_len + 1, 3, ENC_BIG_ENDIAN);
2118 }
2119 next_tvb = tvb_new_subset_remaining(tvb, idx + cookie_len + 4);
2120 break;
2121 case L2TPv3_L2_SPECIFIC_DOCSIS_DMPT:
2122 if (tree) {
2123 ti = proto_tree_add_item(tree, hf_l2tp_l2_spec_docsis_dmpt,
2124 tvb, idx + cookie_len, 4, ENC_NA);
2125 l2_specific = proto_item_add_subtree(ti, ett_l2tp_l2_spec);
2126
2127 proto_tree_add_item(l2_specific, hf_l2tp_l2_spec_v, tvb,
2128 idx + cookie_len,1, ENC_BIG_ENDIAN);
2129
2130 proto_tree_add_item(l2_specific, hf_l2tp_l2_spec_s, tvb,
2131 idx + cookie_len,1, ENC_BIG_ENDIAN);
2132
2133 proto_tree_add_item(l2_specific, hf_l2tp_l2_spec_flow_id, tvb,
2134 idx + cookie_len,1, ENC_BIG_ENDIAN);
2135
2136 proto_tree_add_item(l2_specific, hf_l2tp_l2_spec_sequence, tvb,
2137 idx + cookie_len + 2,2, ENC_BIG_ENDIAN);
2138 }
2139 next_tvb = tvb_new_subset_remaining(tvb, idx + cookie_len + 4);
2140 break;
2141 case L2TPv3_L2_SPECIFIC_ATM:
2142 if (tree) {
2143 ti = proto_tree_add_item(tree, hf_l2tp_l2_spec_atm,
2144 tvb, idx + cookie_len, 4, ENC_NA);
2145 l2_specific = proto_item_add_subtree(ti, ett_l2tp_l2_spec);
2146
2147 proto_tree_add_item(l2_specific, hf_l2tp_l2_spec_s, tvb, idx + cookie_len,
2148 1, ENC_BIG_ENDIAN);
2149 proto_tree_add_item(l2_specific, hf_l2tp_l2_spec_t, tvb, idx + cookie_len,
2150 1, ENC_BIG_ENDIAN);
2151 /*
2152 * As per RFC 4454, the T bit specifies whether
2153 * we're transporting an OAM cell or an AAL5 frame.
2154 */
2155 oam_cell = tvb_get_guint8(tvb, idx + cookie_len) & 0x08;
2156 proto_tree_add_item(l2_specific, hf_l2tp_l2_spec_g, tvb, idx + cookie_len,
2157 1, ENC_BIG_ENDIAN);
2158 proto_tree_add_item(l2_specific, hf_l2tp_l2_spec_c, tvb, idx + cookie_len,
2159 1, ENC_BIG_ENDIAN);
2160 proto_tree_add_item(l2_specific, hf_l2tp_l2_spec_u, tvb, idx + cookie_len,
2161 1, ENC_BIG_ENDIAN);
2162 proto_tree_add_item(l2_specific, hf_l2tp_l2_spec_sequence, tvb,
2163 idx + cookie_len + 1, 3, ENC_BIG_ENDIAN);
2164 }
2165 next_tvb = tvb_new_subset_remaining(tvb, idx + cookie_len + 4);
2166 break;
2167 case L2TPv3_L2_SPECIFIC_LAPD:
2168 if (tree)
2169 proto_tree_add_text(tree, tvb, idx + cookie_len + 4, 3,"LAPD info");
2170 next_tvb = tvb_new_subset_remaining(tvb, idx + cookie_len+4+3);
2171 break;
2172 case L2TPv3_L2_SPECIFIC_NONE:
2173 default:
2174 next_tvb = tvb_new_subset_remaining(tvb, idx + cookie_len);
2175 break;
2176 }
2177
2178 switch(pw_type){
2179 case L2TPv3_PROTOCOL_ETH:
2180 call_dissector(eth_withoutfcs_handle, next_tvb, pinfo, tree);
2181 break;
2182 case L2TPv3_PROTOCOL_CHDLC:
2183 call_dissector(chdlc_handle, next_tvb, pinfo, tree);
2184 break;
2185 case L2TPv3_PROTOCOL_FR:
2186 call_dissector(fr_handle, next_tvb, pinfo, tree);
2187 break;
2188 case L2TPv3_PROTOCOL_PPP:
2189 /*
2190 * PPP is transported without Address and Control
2191 * fields, ppp_hdlc_handle can handle that as if if
2192 * was ACFC (NULL Address and Control)
2193 */
2194 call_dissector(ppp_hdlc_handle, next_tvb, pinfo, tree);
2195 break;
2196 case L2TPv3_PROTOCOL_IP:
2197 call_dissector(ip_handle, next_tvb, pinfo, tree);
2198 break;
2199 case L2TPv3_PROTOCOL_MPLS:
2200 call_dissector(mpls_handle, next_tvb, pinfo, tree);
2201 break;
2202 case L2TPv3_PROTOCOL_DOCSIS_DMPT:
2203 call_dissector(mp2t_handle, next_tvb, pinfo, tree);
2204 break;
2205 case L2TPv3_PROTOCOL_AAL5:
2206 if (oam_cell) {
2207 call_dissector(atm_oam_handle, next_tvb, pinfo, tree);
2208 } else {
2209 call_dissector(llc_handle, next_tvb, pinfo, tree);
2210 }
2211 break;
2212 case L2TPv3_PROTOCOL_LAPD:
2213 call_dissector(lapd_handle, next_tvb, pinfo, tree);
2214 break;
2215 case L2TPv3_PROTOCOL_ERICSSON:
2216 call_dissector(ehdlc_handle, next_tvb, pinfo, tree);
2217 break;
2218 default:
2219 call_dissector(data_handle, next_tvb, pinfo, tree);
2220 break;
2221 }
2222 }
2223
2224 /*
2225 * Processes v3 data message over UDP, to then call process_l2tpv3_data
2226 * from the common part (Session ID)
2227 */
2228 static void
2229 process_l2tpv3_data_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
2230 l2tpv3_conversation_t *l2tp_conv)
2231 {
2232 proto_tree *l2tp_tree = NULL, *ctrl_tree;
2233 proto_item *l2tp_item = NULL, *ti;
2234
2235 int idx = 0;
2236 int control;
2237 int sid;
2238
2239 control = tvb_get_ntohs(tvb, idx);
2240 idx += 2; /* skip ahead */
2241 idx += 2; /* Skip the reserved */
2242 sid = tvb_get_ntohl(tvb, idx);
2243
2244 if (tree) {
2245 l2tp_item = proto_tree_add_item(tree, proto_l2tp, tvb, 0, -1, ENC_NA);
2246 l2tp_tree = proto_item_add_subtree(l2tp_item, ett_l2tp);
2247 proto_item_append_text(l2tp_item, " version 3");
2248
2249 ti = proto_tree_add_text(l2tp_tree, tvb, 0, 2,
2250 "Packet Type: %s Session Id=%u",
2251 data_msg, sid);
2252
2253 ctrl_tree = proto_item_add_subtree(ti, ett_l2tp_ctrl);
2254 proto_tree_add_uint(ctrl_tree, hf_l2tp_type, tvb, 0, 2, control);
2255 proto_tree_add_boolean(ctrl_tree, hf_l2tp_length_bit, tvb, 0, 2, control);
2256 proto_tree_add_boolean(ctrl_tree, hf_l2tp_seq_bit, tvb, 0, 2, control);
2257 proto_tree_add_uint(ctrl_tree, hf_l2tp_version, tvb, 0, 2, control);
2258 /* Data in v3 over UDP has this reserved */
2259 proto_tree_add_item(l2tp_tree, hf_l2tp_res, tvb, 2, 2, ENC_BIG_ENDIAN);
2260 }
2261
2262 /* Call process_l2tpv3_data from Session ID (offset in idx of 4) */
2263 process_l2tpv3_data(tvb, pinfo, tree, l2tp_tree, l2tp_item, &idx, l2tp_conv->tunnel);
2264 }
2265
2266 /*
2267 * Processes v3 data message over IP, to then call process_l2tpv3_data
2268 * from the common part (Session ID)
2269 */
2270 static void
2271 process_l2tpv3_data_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
2272 l2tpv3_conversation_t *l2tp_conv)
2273 {
2274 proto_tree *l2tp_tree = NULL;
2275 proto_item *l2tp_item = NULL;
2276
2277 int idx = 0;
2278 int sid;
2279
2280 sid = tvb_get_ntohl(tvb, idx);
2281
2282 if (tree) {
2283 l2tp_item = proto_tree_add_item(tree, proto_l2tp, tvb, 0, -1, ENC_NA);
2284 l2tp_tree = proto_item_add_subtree(l2tp_item, ett_l2tp);
2285 proto_item_append_text(l2tp_item, " version 3");
2286
2287 proto_tree_add_text(l2tp_tree, tvb, 0, 4,
2288 "Packet Type: %s Session Id=%u",
2289 data_msg, sid);
2290 }
2291
2292 /* Call process_l2tpv3_data from Session ID (offset in idx of 0) */
2293 process_l2tpv3_data(tvb, pinfo, tree, l2tp_tree, l2tp_item, &idx, l2tp_conv->tunnel);
2294 }
2295
2296 /*
2297 * Processes v3 Control Message over IP, that carries NULL Session ID
2298 * to then call process_control_avps after dissecting the control.
2299 */
2300 static void
2301 process_l2tpv3_control(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int baseIdx,
2302 l2tpv3_conversation_t *l2tp_conv)
2303 {
2304 proto_tree *l2tp_tree = NULL, *ctrl_tree;
2305 proto_item *l2tp_item = NULL, *ti;
2306
2307 int idx = baseIdx;
2308 int tmp_idx;
2309 guint16 length = 0; /* Length field */
2310 guint32 ccid = 0; /* Control Connection ID */
2311 guint16 vendor_id = 0;
2312 guint16 avp_type;
2313 guint16 msg_type;
2314 guint16 control = 0;
2315
2316 l2tpv3_tunnel_t *tunnel = NULL;
2317 l2tpv3_tunnel_t tmp_tunnel;
2318
2319 control = tvb_get_ntohs(tvb, idx);
2320 idx += 2; /* skip ahead */
2321 if (LENGTH_BIT(control)) { /* length field included ? */
2322 length = tvb_get_ntohs(tvb, idx);
2323 idx += 2;
2324 }
2325
2326 /* Get Control Channel ID */
2327 ccid = tvb_get_ntohl(tvb, idx);
2328 idx += 4;
2329
2330 tmp_idx = idx;
2331
2332 if ((LENGTH_BIT(control))&&(length==12)) /* ZLB Message */
2333 col_add_fstr(pinfo->cinfo, COL_INFO,
2334 "%s - ZLB (tunnel id=%u)",
2335 control_msg , ccid);
2336 else
2337 {
2338 if (SEQUENCE_BIT(control)) {
2339 tmp_idx += 4;
2340 }
2341
2342 tmp_idx+=2;
2343
2344 vendor_id = tvb_get_ntohs(tvb, tmp_idx);
2345 tmp_idx+=2;
2346
2347 avp_type = tvb_get_ntohs(tvb, tmp_idx);
2348 tmp_idx += 2;
2349
2350 /* If it's a vendor AVP let the vendor AVP dissector fill in the info column */
2351 if ( vendor_id == VENDOR_IETF ) {
2352 if (avp_type == CONTROL_MESSAGE) {
2353 /* We print message type */
2354 msg_type = tvb_get_ntohs(tvb, tmp_idx);
2355 col_add_fstr(pinfo->cinfo, COL_INFO,
2356 "%s - %s (tunnel id=%u)",
2357 control_msg ,
2358 val_to_str_ext(msg_type, &l2tp_message_type_short_str_vals_ext, "Unknown (%u)"),
2359 ccid);
2360 }
2361 else {
2362 /*
2363 * This is not a control message.
2364 * We never pass here except in case of bad l2tp packet!
2365 */
2366 col_add_fstr(pinfo->cinfo, COL_INFO,
2367 "%s (tunnel id=%u)",
2368 control_msg, ccid);
2369 }
2370 }
2371 }
2372
2373 if (LENGTH_BIT(control)) {
2374 /*
2375 * Set the length of this tvbuff to be no longer than the length
2376 * in the header.
2377 *
2378 * XXX - complain if that length is longer than the length of
2379 * the tvbuff? Have "set_actual_length()" return a Boolean
2380 * and have its callers check the result?
2381 */
2382 set_actual_length(tvb, length+baseIdx);
2383 }
2384
2385 if (tree) {
2386 l2tp_item = proto_tree_add_item(tree, proto_l2tp, tvb, 0, -1, ENC_NA);
2387 l2tp_tree = proto_item_add_subtree(l2tp_item, ett_l2tp);
2388 proto_item_append_text(l2tp_item, " version 3");
2389
2390 if (baseIdx) {
2391 proto_tree_add_item(l2tp_tree, hf_l2tp_sid, tvb, 0, 4, ENC_BIG_ENDIAN);
2392 }
2393 ti = proto_tree_add_text(l2tp_tree, tvb, baseIdx, 2,
2394 "Packet Type: %s Control Connection Id=%d",
2395 (CONTROL_BIT(control) ? control_msg : data_msg), ccid);
2396
2397 ctrl_tree = proto_item_add_subtree(ti, ett_l2tp_ctrl);
2398 proto_tree_add_uint(ctrl_tree, hf_l2tp_type, tvb, baseIdx, 2, control);
2399 proto_tree_add_boolean(ctrl_tree, hf_l2tp_length_bit, tvb, baseIdx, 2, control);
2400 proto_tree_add_boolean(ctrl_tree, hf_l2tp_seq_bit, tvb, baseIdx, 2, control);
2401 proto_tree_add_uint(ctrl_tree, hf_l2tp_version, tvb, baseIdx, 2, control);
2402 }
2403 idx = baseIdx + 2;
2404 if (LENGTH_BIT(control)) {
2405 if (tree) {
2406 proto_tree_add_item(l2tp_tree, hf_l2tp_length, tvb, idx, 2, ENC_BIG_ENDIAN);
2407 }
2408 idx += 2;
2409 }
2410
2411 if (tree) {
2412 proto_tree_add_item(l2tp_tree, hf_l2tp_ccid, tvb, idx, 4, ENC_BIG_ENDIAN);
2413 }
2414 idx += 4;
2415
2416 if (SEQUENCE_BIT(control)) {
2417 if (tree) {
2418 proto_tree_add_item(l2tp_tree, hf_l2tp_Ns, tvb, idx, 2, ENC_BIG_ENDIAN);
2419 }
2420 idx += 2;
2421 if (tree) {
2422 proto_tree_add_item(l2tp_tree, hf_l2tp_Nr, tvb, idx, 2, ENC_BIG_ENDIAN);
2423 }
2424 idx += 2;
2425
2426 }
2427
2428 if (tree && (LENGTH_BIT(control))&&(length==12)) {
2429 proto_tree_add_text(l2tp_tree, tvb, 0, 0, "Zero Length Bit message");
2430 } else {
2431 avp_type = tvb_get_ntohs(tvb, idx + 4);
2432 if (avp_type == CONTROL_MESSAGE) {
2433
2434 msg_type = tvb_get_ntohs(tvb, idx + 6);
2435 if (msg_type == MESSAGE_TYPE_SCCRQ) {
2436 tunnel = &tmp_tunnel;
2437 memset(tunnel, 0, sizeof(l2tpv3_tunnel_t));
2438 tunnel->conv = l2tp_conv;
2439 SE_COPY_ADDRESS(&tunnel->lcce1, &pinfo->src);
2440 SE_COPY_ADDRESS(&tunnel->lcce2, &pinfo->dst);
2441 }
2442 }
2443 }
2444
2445 if (!LENGTH_BIT(control)) {
2446 return;
2447 }
2448
2449 if (tunnel == NULL) {
2450 tunnel = l2tp_conv->tunnel;
2451 }
2452
2453 process_control_avps(tvb, pinfo, l2tp_tree, idx, length+baseIdx, ccid, tunnel);
2454
2455 if (tunnel == &tmp_tunnel && l2tp_conv->tunnel == NULL) {
2456 l2tp_conv->tunnel = wmem_new0(wmem_file_scope(), l2tpv3_tunnel_t);
2457 memcpy(l2tp_conv->tunnel, &tmp_tunnel, sizeof(l2tpv3_tunnel_t));
2458 }
2459 }
2460
2461 /*
2462 * Dissector for L2TP over UDP. For v2, calls process_control_avps for
2463 * control messages, or the ppp dissector based on the control bit.
2464 * For v3, calls either process_l2tpv3_control or process_l2tpv3_data_udp
2465 * based on the control bit.
2466 */
2467 static int
2468 dissect_l2tp_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2469 {
2470 proto_tree *l2tp_tree = NULL, *ctrl_tree;
2471 proto_item *l2tp_item = NULL, *ti;
2472 int idx = 0;
2473 int tmp_idx;
2474 guint16 length = 0; /* Length field */
2475 guint16 tid; /* Tunnel ID */
2476 guint16 cid; /* Call ID */
2477 guint16 offset_size; /* Offset size */
2478 guint16 avp_type;
2479 guint16 msg_type;
2480 guint16 control;
2481 tvbuff_t *next_tvb;
2482 conversation_t *conv = NULL;
2483 l2tpv3_conversation_t *l2tp_conv = NULL;
2484
2485 /*
2486 * Don't accept packets that aren't for an L2TP version we know,
2487 * as they might not be L2TP packets even though they happen
2488 * to be coming from or going to the L2TP port.
2489 */
2490 if (tvb_length(tvb) < 2)
2491 return 0; /* not enough information to check */
2492 control = tvb_get_ntohs(tvb, 0);
2493 switch (L2TP_VERSION(control)) {
2494
2495 case 2:
2496 case 3:
2497 break;
2498
2499 default:
2500 return 0;
2501 }
2502
2503 conv = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP,
2504 pinfo->srcport, pinfo->destport, NO_PORT_B);
2505
2506 if (conv == NULL) {
2507 conv = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP,
2508 pinfo->srcport, pinfo->destport, 0);
2509 }
2510
2511 if ((conv == NULL) || (conv->dissector_handle != l2tp_udp_handle)) {
2512 conv = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP,
2513 pinfo->srcport, 0, NO_PORT2);
2514 conversation_set_dissector(conv, l2tp_udp_handle);
2515 }
2516
2517 col_set_str(pinfo->cinfo, COL_PROTOCOL, "L2TP");
2518 col_clear(pinfo->cinfo, COL_INFO);
2519
2520 switch (L2TP_VERSION(control)) {
2521
2522 case 2:
2523 break;
2524
2525 case 3:
2526 l2tp_conv = (l2tpv3_conversation_t *)conversation_get_proto_data(conv, proto_l2tp);
2527 if (!l2tp_conv) {
2528 l2tp_conv = wmem_new0(wmem_file_scope(), l2tpv3_conversation_t);
2529 l2tp_conv->pt = PT_UDP;
2530 conversation_add_proto_data(conv, proto_l2tp, (void *)l2tp_conv);
2531 }
2532
2533 col_set_str(pinfo->cinfo, COL_PROTOCOL, "L2TPv3");
2534 if (CONTROL_BIT(control)) {
2535 /* Call to process l2tp v3 control message */
2536 process_l2tpv3_control(tvb, pinfo, tree, 0, l2tp_conv);
2537 }
2538 else {
2539 /* Call to process l2tp v3 data message */
2540 process_l2tpv3_data_udp(tvb, pinfo, tree, l2tp_conv);
2541 }
2542 return tvb_length(tvb);
2543 }
2544
2545 if (LENGTH_BIT(control)) { /* length field included ? */
2546 idx += 2; /* skip ahead */
2547 length = tvb_get_ntohs(tvb, idx);
2548 }
2549
2550 /* collect the tunnel id & call id */
2551 idx += 2;
2552 tid = tvb_get_ntohs(tvb, idx);
2553 idx += 2;
2554 cid = tvb_get_ntohs(tvb, idx);
2555
2556 if (CONTROL_BIT(control)) {
2557 /* CONTROL MESSAGE */
2558 tmp_idx = idx;
2559
2560 if ((LENGTH_BIT(control))&&(length==12)) /* ZLB Message */
2561 col_add_fstr(pinfo->cinfo, COL_INFO,
2562 "%s - ZLB (tunnel id=%d, session id=%u)",
2563 control_msg, tid, cid);
2564 else
2565 {
2566 if (SEQUENCE_BIT(control)) {
2567 tmp_idx += 4;
2568 }
2569
2570 tmp_idx+=4;
2571
2572 avp_type = tvb_get_ntohs(tvb, (tmp_idx+=2));
2573
2574 if (avp_type == CONTROL_MESSAGE) {
2575 /* We print message type */
2576 msg_type = tvb_get_ntohs(tvb, tmp_idx+2);
2577 col_add_fstr(pinfo->cinfo, COL_INFO,
2578 "%s - %s (tunnel id=%u, session id=%u)",
2579 control_msg,
2580 val_to_str_ext(msg_type, &l2tp_message_type_short_str_vals_ext, "Unknown (%u)"),
2581 tid, cid);
2582 }
2583 else
2584 {
2585 /*
2586 * This is not a control message.
2587 * We never pass here except in case of bad l2tp packet!
2588 */
2589 col_add_fstr(pinfo->cinfo, COL_INFO,
2590 "%s (tunnel id=%u, session id=%u)",
2591 control_msg, tid, cid);
2592
2593 }
2594 }
2595 }
2596 else {
2597 /* DATA Message */
2598 col_add_fstr(pinfo->cinfo, COL_INFO,
2599 "%s (tunnel id=%u, session id=%u)",
2600 data_msg, tid, cid);
2601 }
2602
2603 if (LENGTH_BIT(control)) {
2604 /*
2605 * Set the length of this tvbuff to be no longer than the length
2606 * in the header.
2607 *
2608 * XXX - complain if that length is longer than the length of
2609 * the tvbuff? Have "set_actual_length()" return a Boolean
2610 * and have its callers check the result?
2611 */
2612 set_actual_length(tvb, length);
2613 }
2614
2615 if (tree) {
2616 l2tp_item = proto_tree_add_item(tree,proto_l2tp, tvb, 0, -1, ENC_NA);
2617 l2tp_tree = proto_item_add_subtree(l2tp_item, ett_l2tp);
2618
2619 ti = proto_tree_add_text(l2tp_tree, tvb, 0, 2,
2620 "Packet Type: %s Tunnel Id=%d Session Id=%d",
2621 (CONTROL_BIT(control) ? control_msg : data_msg), tid, cid);
2622
2623 ctrl_tree = proto_item_add_subtree(ti, ett_l2tp_ctrl);
2624 proto_tree_add_uint(ctrl_tree, hf_l2tp_type, tvb, 0, 2, control);
2625 proto_tree_add_boolean(ctrl_tree, hf_l2tp_length_bit, tvb, 0, 2, control);
2626 proto_tree_add_boolean(ctrl_tree, hf_l2tp_seq_bit, tvb, 0, 2, control);
2627 proto_tree_add_boolean(ctrl_tree, hf_l2tp_offset_bit, tvb, 0, 2, control);
2628 proto_tree_add_boolean(ctrl_tree, hf_l2tp_priority, tvb, 0, 2, control);
2629 proto_tree_add_uint(ctrl_tree, hf_l2tp_version, tvb, 0, 2, control);
2630 }
2631 idx = 2;
2632 if (LENGTH_BIT(control)) {
2633 if (tree) {
2634 proto_tree_add_item(l2tp_tree, hf_l2tp_length, tvb, idx, 2, ENC_BIG_ENDIAN);
2635 }
2636 idx += 2;
2637 }
2638
2639 if (tree) {
2640 proto_tree_add_item(l2tp_tree, hf_l2tp_tunnel, tvb, idx, 2, ENC_BIG_ENDIAN);
2641 }
2642 idx += 2;
2643 if (tree) {
2644 proto_tree_add_item(l2tp_tree, hf_l2tp_session, tvb, idx, 2, ENC_BIG_ENDIAN);
2645 }
2646 idx += 2;
2647
2648 if (SEQUENCE_BIT(control)) {
2649 if (tree) {
2650 proto_tree_add_item(l2tp_tree, hf_l2tp_Ns, tvb, idx, 2, ENC_BIG_ENDIAN);
2651 }
2652 idx += 2;
2653 if (tree) {
2654 proto_tree_add_item(l2tp_tree, hf_l2tp_Nr, tvb, idx, 2, ENC_BIG_ENDIAN);
2655 }
2656 idx += 2;
2657 }
2658 if (OFFSET_BIT(control)) {
2659 offset_size = tvb_get_ntohs(tvb, idx);
2660 if (tree) {
2661 proto_tree_add_uint(l2tp_tree, hf_l2tp_offset, tvb, idx, 2,
2662 offset_size);
2663 }
2664 idx += 2;
2665 if (offset_size != 0) {
2666 if (tree) {
2667 proto_tree_add_text(l2tp_tree, tvb, idx, offset_size, "Offset Padding");
2668 }
2669 idx += offset_size;
2670 }
2671 }
2672
2673 if (tree && (LENGTH_BIT(control))&&(length==12)) {
2674 proto_tree_add_text(l2tp_tree, tvb, 0, 0, "Zero Length Bit message");
2675 }
2676
2677 if (!CONTROL_BIT(control)) { /* Data Messages so we are done */
2678 if (tree)
2679 proto_item_set_len(l2tp_item, idx);
2680 /* If we have data, signified by having a length bit, dissect it */
2681 if (tvb_offset_exists(tvb, idx)) {
2682 next_tvb = tvb_new_subset_remaining(tvb, idx);
2683 call_dissector(ppp_hdlc_handle, next_tvb, pinfo, tree);
2684 }
2685 return tvb_length(tvb);
2686 }
2687
2688 if (LENGTH_BIT(control))
2689 process_control_avps(tvb, pinfo, l2tp_tree, idx, length, -1, NULL);
2690
2691 return tvb_length(tvb);
2692 }
2693
2694
2695 /*
2696 * Only L2TPv3 runs directly over IP, and dissect_l2tp_ip starts dissecting
2697 * those packets to call either process_l2tpv3_control for Control Messages
2698 * or process_l2tpv3_data_ip for Data Messages over IP, based on the
2699 * Session ID
2700 */
2701 static void
2702 dissect_l2tp_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
2703 {
2704 int idx = 0;
2705 guint32 sid; /* Session ID */
2706
2707 conversation_t *conv = NULL;
2708 l2tpv3_conversation_t *l2tp_conv = NULL;
2709
2710 conv = find_or_create_conversation(pinfo);
2711
2712 l2tp_conv = (l2tpv3_conversation_t *)conversation_get_proto_data(conv, proto_l2tp);
2713 if (!l2tp_conv) {
2714 l2tp_conv = wmem_new0(wmem_file_scope(), l2tpv3_conversation_t);
2715 l2tp_conv->pt = PT_NONE;
2716 conversation_add_proto_data(conv, proto_l2tp, (void *)l2tp_conv);
2717 }
2718
2719 /* Only L2TPv3 runs directly over IP */
2720 col_set_str(pinfo->cinfo, COL_PROTOCOL, "L2TPv3");
2721
2722 col_clear(pinfo->cinfo, COL_INFO);
2723
2724 sid = tvb_get_ntohl(tvb, idx);
2725 if (sid == 0) {
2726 /* This is control message */
2727 /* Call to process l2tp v3 control message */
2728 process_l2tpv3_control(tvb, pinfo, tree, 4, l2tp_conv);
2729 }
2730 else {
2731 /* Call to process l2tp v3 data message */
2732 process_l2tpv3_data_ip(tvb, pinfo, tree, l2tp_conv);
2733 }
2734
2735 return;
2736 }
2737
2738 void init_l2tp_dissection(void)
2739 {
2740 GSList *iterator = list_heads;
2741
2742 while (iterator) {
2743 if (iterator->data != NULL)
2744 g_slist_free((GSList *)iterator->data);
2745 iterator = g_slist_next(iterator);
2746 }
2747
2748 if (list_heads != NULL) {
2749 g_slist_free(list_heads);
2750 list_heads = NULL;
2751 }
2752 }
2753
2754 /* registration with the filtering engine */
2755 void
2756 proto_register_l2tp(void)
2757 {
2758 static hf_register_info hf[] = {
2759 { &hf_l2tp_type,
2760 { "Type", "l2tp.type", FT_UINT16, BASE_DEC, VALS(l2tp_type_vals), 0x8000,
2761 "Type bit", HFILL }},
2762
2763 { &hf_l2tp_length_bit,
2764 { "Length Bit", "l2tp.length_bit", FT_BOOLEAN, 16, TFS(&l2tp_length_bit_truth), 0x4000,
2765 NULL, HFILL }},
2766
2767 { &hf_l2tp_seq_bit,
2768 { "Sequence Bit", "l2tp.seq_bit", FT_BOOLEAN, 16, TFS(&l2tp_seq_bit_truth), 0x0800,
2769 NULL, HFILL }},
2770
2771 { &hf_l2tp_offset_bit,
2772 { "Offset bit", "l2tp.offset_bit", FT_BOOLEAN, 16, TFS(&l2tp_offset_bit_truth), 0x0200,
2773 NULL, HFILL }},
2774
2775 { &hf_l2tp_priority,
2776 { "Priority", "l2tp.priority", FT_BOOLEAN, 16, TFS(&l2tp_priority_truth), 0x0100,
2777 "Priority bit", HFILL }},
2778
2779 { &hf_l2tp_version,
2780 { "Version", "l2tp.version", FT_UINT16, BASE_DEC, NULL, 0x000f,
2781 NULL, HFILL }},
2782
2783 { &hf_l2tp_length,
2784 { "Length","l2tp.length", FT_UINT16, BASE_DEC, NULL, 0x0,
2785 NULL, HFILL }},
2786
2787 { &hf_l2tp_tunnel,
2788 { "Tunnel ID","l2tp.tunnel", FT_UINT16, BASE_DEC, NULL, 0x0, /* Probably should be FT_BYTES */
2789 NULL, HFILL }},
2790
2791 { &hf_l2tp_session,
2792 { "Session ID","l2tp.session", FT_UINT16, BASE_DEC, NULL, 0x0, /* Probably should be FT_BYTES */
2793 NULL, HFILL }},
2794
2795 { &hf_l2tp_Ns,
2796 { "Ns","l2tp.Ns", FT_UINT16, BASE_DEC, NULL, 0x0,
2797 NULL, HFILL }},
2798
2799 { &hf_l2tp_Nr,
2800 { "Nr","l2tp.Nr", FT_UINT16, BASE_DEC, NULL, 0x0,
2801 NULL, HFILL }},
2802
2803 { &hf_l2tp_offset,
2804 { "Offset","l2tp.offset", FT_UINT16, BASE_DEC, NULL, 0x0,
2805 "Number of octest past the L2TP header at which the payload data starts.", HFILL }},
2806
2807 { &hf_l2tp_avp_mandatory,
2808 { "Mandatory", "l2tp.avp.mandatory", FT_BOOLEAN, 16, NULL, 0x8000,
2809 NULL, HFILL }},
2810
2811 { &hf_l2tp_avp_hidden,
2812 { "Hidden", "l2tp.avp.hidden", FT_BOOLEAN, 16, NULL, 0x4000,
2813 NULL, HFILL }},
2814
2815 { &hf_l2tp_avp_length,
2816 { "Length", "l2tp.avp.length", FT_UINT16, BASE_DEC, NULL, 0x03ff,
2817 NULL, HFILL }},
2818
2819 { &hf_l2tp_avp_vendor_id,
2820 { "Vendor ID", "l2tp.avp.vendor_id", FT_UINT16, BASE_DEC|BASE_EXT_STRING, &sminmpec_values_ext, 0,
2821 "AVP Vendor ID", HFILL }},
2822
2823 { &hf_l2tp_avp_type,
2824 { "AVP Type", "l2tp.avp.type", FT_UINT16, BASE_DEC|BASE_EXT_STRING, &avp_type_vals_ext, 0,
2825 NULL, HFILL }},
2826
2827 { &hf_l2tp_tie_breaker,
2828 { "Tie Breaker", "l2tp.tie_breaker", FT_UINT64, BASE_HEX, NULL, 0,
2829 NULL, HFILL }},
2830
2831 { &hf_l2tp_sid,
2832 { "Session ID","l2tp.sid", FT_UINT32, BASE_DEC, NULL, 0x0,
2833 NULL, HFILL }},
2834
2835 { &hf_l2tp_ccid,
2836 { "Control Connection ID","l2tp.ccid", FT_UINT32, BASE_DEC, NULL, 0x0,
2837 NULL, HFILL }},
2838
2839 { &hf_l2tp_res,
2840 { "Reserved","l2tp.res", FT_UINT16, BASE_HEX, NULL, 0x0,
2841 NULL, HFILL }},
2842
2843 { &hf_l2tp_cookie,
2844 { "Cookie","l2tp.cookie", FT_BYTES, BASE_NONE, NULL, 0x0,
2845 NULL, HFILL }},
2846
2847 { &hf_l2tp_l2_spec_def,
2848 { "Default L2-Specific Sublayer","l2tp.l2_spec_def", FT_NONE, BASE_NONE, NULL, 0x0,
2849 NULL, HFILL }},
2850
2851 { &hf_l2tp_l2_spec_atm,
2852 { "ATM-Specific Sublayer","l2tp.l2_spec_atm", FT_NONE, BASE_NONE, NULL, 0x0,
2853 NULL, HFILL }},
2854
2855 { &hf_l2tp_l2_spec_docsis_dmpt,
2856 { "DOCSIS DMPT - Specific Sublayer","l2tp.l2_spec_docsis_dmpt", FT_NONE, BASE_NONE, NULL, 0x0,
2857 NULL, HFILL }},
2858
2859 { &hf_l2tp_l2_spec_v,
2860 { "V-bit","l2tp.l2_spec_v", FT_BOOLEAN, 8, NULL, 0x80,
2861 "VCCV Bit", HFILL }},
2862
2863 { &hf_l2tp_l2_spec_s,
2864 { "S-bit","l2tp.l2_spec_s", FT_BOOLEAN, 8, NULL, 0x40,
2865 "Sequence Bit", HFILL }},
2866
2867 { &hf_l2tp_l2_spec_t,
2868 { "T-bit","l2tp.l2_spec_t", FT_BOOLEAN, 8, NULL, 0x08,
2869 "Transport Type Bit", HFILL }},
2870
2871 { &hf_l2tp_l2_spec_g,
2872 { "G-bit","l2tp.l2_spec_g", FT_BOOLEAN, 8, NULL, 0x04,
2873 "EFCI Bit", HFILL }},
2874
2875 { &hf_l2tp_l2_spec_c,
2876 { "C-bit","l2tp.l2_spec_c", FT_BOOLEAN, 8, NULL, 0x02,
2877 "CLP Bit", HFILL }},
2878
2879 { &hf_l2tp_l2_spec_u,
2880 { "U-bit","l2tp.l2_spec_u", FT_BOOLEAN, 8, NULL, 0x01,
2881 "C/R Bit", HFILL }},
2882
2883 { &hf_l2tp_l2_spec_flow_id,
2884 { "Flow ID","l2tp.l2_spec_flow_id", FT_UINT8, BASE_HEX, NULL, FLOW_ID_MASK,
2885 NULL, HFILL }},
2886
2887 { &hf_l2tp_l2_spec_sequence,
2888 { "Sequence Number","l2tp.l2_spec_sequence", FT_UINT24, BASE_DEC, NULL, 0x0,
2889 NULL, HFILL }},
2890
2891 { &hf_l2tp_cisco_avp_type,
2892 { "Type", "l2tp.avp.ciscotype", FT_UINT16, BASE_DEC, VALS(cisco_avp_type_vals), 0,
2893 "AVP Type", HFILL }},
2894
2895 { &hf_l2tp_cablelabs_avp_type,
2896 { "Type", "l2tp.avp.cablelabstype", FT_UINT16, BASE_DEC, VALS(cablelabs_avp_type_vals), 0,
2897 "AVP Type", HFILL }},
2898
2899 { &hf_l2tp_avp_message_type,
2900 { "Message Type", "l2tp.avp.message_type", FT_UINT16, BASE_DEC|BASE_EXT_STRING, &message_type_vals_ext, 0,
2901 NULL, HFILL }},
2902
2903 { &hf_l2tp_avp_assigned_tunnel_id,
2904 { "Assigned Tunnel ID", "l2tp.avp.assigned_tunnel_id", FT_UINT16, BASE_DEC, NULL, 0,
2905 NULL, HFILL }},
2906
2907 { &hf_l2tp_avp_assigned_control_conn_id,
2908 { "Assigned Control Connection ID", "l2tp.avp.assigned_control_conn_id", FT_UINT32, BASE_DEC, NULL, 0,
2909 NULL, HFILL }},
2910
2911 { &hf_l2tp_avp_assigned_session_id,
2912 { "Assigned Session ID", "l2tp.avp.assigned_session_id", FT_UINT16, BASE_DEC, NULL, 0,
2913 NULL, HFILL }},
2914
2915 { &hf_l2tp_avp_remote_session_id,
2916 { "Remote Session ID", "l2tp.avp.remote_session_id", FT_UINT32, BASE_DEC, NULL, 0,
2917 NULL, HFILL }},
2918
2919 { &hf_l2tp_avp_local_session_id,
2920 { "Local Session ID", "l2tp.avp.local_session_id", FT_UINT32, BASE_DEC, NULL, 0,
2921 NULL, HFILL }},
2922
2923 { &hf_l2tp_avp_called_number,
2924 { "Called Number", "l2tp.avp.called_number", FT_STRING, BASE_NONE, NULL, 0,
2925 NULL, HFILL }},
2926
2927 { &hf_l2tp_avp_calling_number,
2928 { "Calling Number", "l2tp.avp.calling_number", FT_STRING, BASE_NONE, NULL, 0,
2929 NULL, HFILL }},
2930
2931 { &hf_l2tp_cisco_tie_breaker,
2932 { "Tie Breaker", "l2tp.cisco.tie_breaker", FT_UINT64, BASE_HEX, NULL, 0,
2933 NULL, HFILL }},
2934
2935 { &hf_l2tp_cablel_avp_l_bit,
2936 { "L(lock bit)", "l2tp.cablel.l_bit", FT_BOOLEAN, 16, NULL, 0x8000,
2937 NULL, HFILL }},
2938
2939 { &hf_l2tp_cablel_avp_tsid_group_id,
2940 { "TSID Group ID", "l2tp.cablel.tsid_group_id", FT_UINT16, BASE_DEC, NULL, 0x7f00,
2941 NULL, HFILL }},
2942
2943 { &hf_l2tp_cablel_avp_frequency,
2944 { "Frequency", "l2tp.cablel.frequency", FT_UINT32, BASE_DEC, NULL, 0,
2945 NULL, HFILL }},
2946
2947 { &hf_l2tp_cablel_avp_modulation,
2948 { "Modulation", "l2tp.cablel.modulation", FT_UINT16, BASE_DEC, VALS(l2tp_cablel_modulation_vals), 0x000f,
2949 NULL, HFILL }},
2950
2951 { &hf_l2tp_cablel_avp_m,
2952 { "M", "l2tp.cablel.m", FT_UINT16, BASE_DEC, NULL, 0x0,
2953 NULL, HFILL }},
2954
2955 { &hf_l2tp_cablel_avp_n,
2956 { "N", "l2tp.cablel.n", FT_UINT16, BASE_DEC, NULL, 0x0,
2957 NULL, HFILL }},
2958
2959 /* Generated from convert_proto_tree_add_text.pl */
2960 { &hf_l2tp_cisco_assigned_control_connection_id, { "Assigned Control Connection ID", "l2tp.cisco.assigned_control_connection_id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2961 { &hf_l2tp_cisco_pw_type, { "PW Type", "l2tp.cisco.pw_type", FT_UINT16, BASE_DEC, VALS(pw_types_vals), 0x0, NULL, HFILL }},
2962 { &hf_l2tp_cisco_local_session_id, { "Local Session ID", "l2tp.cisco.local_session_id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2963 { &hf_l2tp_cisco_remote_session_id, { "Remote Session ID", "l2tp.cisco.remote_session_id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2964 { &hf_l2tp_cisco_assigned_cookie, { "Assigned Cookie", "l2tp.cisco.assigned_cookie", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2965 { &hf_l2tp_cisco_remote_end_id, { "Remote End ID", "l2tp.cisco.remote_end_id", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2966 { &hf_l2tp_cisco_pseudowire_type, { "Pseudowire Type", "l2tp.cisco.pseudowire_type", FT_UINT16, BASE_DEC, VALS(pw_types_vals), 0x0, NULL, HFILL }},
2967 { &hf_l2tp_cisco_circuit_status, { "Circuit Status", "l2tp.cisco.circuit_status", FT_BOOLEAN, 16, TFS(&tfs_up_down), 0x0001, NULL, HFILL }},
2968 { &hf_l2tp_cisco_circuit_type, { "Circuit Type", "l2tp.cisco.circuit_type", FT_BOOLEAN, 16, TFS(&tfs_new_existing), 0x0001, NULL, HFILL }},
2969 { &hf_l2tp_cisco_draft_avp_version, { "Draft AVP Version", "l2tp.cisco.draft_avp_version", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2970 { &hf_l2tp_cisco_message_digest, { "Message Digest", "l2tp.cisco.message_digest", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2971 { &hf_l2tp_cisco_nonce, { "Nonce", "l2tp.cisco.nonce", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2972 { &hf_l2tp_cisco_interface_mtu, { "Interface MTU", "l2tp.cisco.interface_mtu", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2973 { &hf_l2tp_stop_ccn_result_code, { "Result code", "l2tp.result_code", FT_UINT16, BASE_DEC, VALS(result_code_stopccn_vals), 0x0, NULL, HFILL }},
2974 { &hf_l2tp_result_code, { "Result code", "l2tp.result_code", FT_UINT16, BASE_DEC|BASE_EXT_STRING, &result_code_cdn_vals_ext, 0x0, NULL, HFILL }},
2975 { &hf_l2tp_avp_error_code, { "Error code", "l2tp.avp.error_code", FT_UINT16, BASE_DEC, VALS(error_code_vals), 0x0, NULL, HFILL }},
2976 { &hf_l2tp_avp_error_message, { "Error Message", "l2tp.avp.error_message", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2977 { &hf_l2tp_avp_protocol_version, { "Version", "l2tp.avp.protocol_version", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2978 { &hf_l2tp_avp_protocol_revision, { "Revision", "l2tp.avp.protocol_revision", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2979 { &hf_l2tp_avp_async_framing_supported, { "Async Framing Supported", "l2tp.avp.async_framing_supported", FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x0002, NULL, HFILL }},
2980 { &hf_l2tp_avp_sync_framing_supported, { "Sync Framing Supported", "l2tp.avp.sync_framing_supported", FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x0001, NULL, HFILL }},
2981 { &hf_l2tp_avp_analog_access_supported, { "Analog Access Supported", "l2tp.avp.analog_access_supported", FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x0002, NULL, HFILL }},
2982 { &hf_l2tp_avp_digital_access_supported, { "Digital Access Supported", "l2tp.avp.digital_access_supported", FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x0001, NULL, HFILL }},
2983 { &hf_l2tp_avp_firmware_revision, { "Firmware Revision", "l2tp.avp.firmware_revision", FT_UINT16, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
2984 { &hf_l2tp_avp_host_name, { "Host Name", "l2tp.avp.host_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2985 { &hf_l2tp_avp_vendor_name, { "Vendor Name", "l2tp.avp.vendor_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2986 { &hf_l2tp_avp_receive_window_size, { "Receive Window Size", "l2tp.avp.receive_window_size", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2987 { &hf_l2tp_avp_chap_challenge, { "CHAP Challenge", "l2tp.avp.chap_challenge", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2988 { &hf_l2tp_avp_cause_code, { "Cause Code", "l2tp.avp.cause_code", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2989 { &hf_l2tp_avp_cause_msg, { "Cause Msg", "l2tp.avp.cause_msg", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2990 { &hf_l2tp_avp_advisory_msg, { "Advisory Msg", "l2tp.avp.advisory_msg", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2991 { &hf_l2tp_avp_chap_challenge_response, { "CHAP Challenge Response", "l2tp.avp.chap_challenge_response", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2992 { &hf_l2tp_avp_call_serial_number, { "Call Serial Number", "l2tp.avp.call_serial_number", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2993 { &hf_l2tp_avp_minimum_bps, { "Minimum BPS", "l2tp.avp.minimum_bps", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2994 { &hf_l2tp_avp_maximum_bps, { "Maximum BPS", "l2tp.avp.maximum_bps", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
2995 { &hf_l2tp_avp_analog_bearer_type, { "Analog Bearer Type", "l2tp.avp.analog_bearer_type", FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x0002, NULL, HFILL }},
2996 { &hf_l2tp_avp_digital_bearer_type, { "Digital Bearer Type", "l2tp.avp.digital_bearer_type", FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x0001, NULL, HFILL }},
2997 { &hf_l2tp_avp_async_framing_type, { "Async Framing Type", "l2tp.avp.async_framing_type", FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x0002, NULL, HFILL }},
2998 { &hf_l2tp_avp_sync_framing_type, { "Sync Framing Type", "l2tp.avp.sync_framing_type", FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x0001, NULL, HFILL }},
2999 { &hf_l2tp_avp_sub_address, { "Sub-Address", "l2tp.avp.sub_address", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3000 { &hf_l2tp_avp_connect_speed, { "Connect Speed", "l2tp.avp.connect_speed", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3001 { &hf_l2tp_avp_physical_channel, { "Physical Channel", "l2tp.avp.physical_channel", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3002 { &hf_l2tp_avp_initial_received_lcp_confreq, { "Initial Received LCP CONFREQ", "l2tp.avp.initial_received_lcp_confreq", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3003 { &hf_l2tp_avp_last_sent_lcp_confreq, { "Last Sent LCP CONFREQ", "l2tp.avp.last_sent_lcp_confreq", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3004 { &hf_l2tp_avp_last_received_lcp_confreq, { "Last Received LCP CONFREQ", "l2tp.avp.last_received_lcp_confreq", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3005 { &hf_l2tp_avp_proxy_authen_type, { "Proxy Authen Type", "l2tp.avp.proxy_authen_type", FT_UINT16, BASE_DEC, VALS(authen_type_vals), 0x0, NULL, HFILL }},
3006 { &hf_l2tp_avp_proxy_authen_name, { "Proxy Authen Name", "l2tp.avp.proxy_authen_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3007 { &hf_l2tp_avp_proxy_authen_challenge, { "Proxy Authen Challenge", "l2tp.avp.proxy_authen_challenge", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3008 { &hf_l2tp_avp_proxy_authen_id, { "Proxy Authen ID", "l2tp.avp.proxy_authen_id", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3009 { &hf_l2tp_avp_proxy_authen_response, { "Proxy Authen Response", "l2tp.avp.proxy_authen_response", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3010 { &hf_l2tp_avp_crc_errors, { "CRC Errors", "l2tp.avp.crc_errors", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3011 { &hf_l2tp_avp_framing_errors, { "Framing Errors", "l2tp.avp.framing_errors", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3012 { &hf_l2tp_avp_hardware_overruns, { "Hardware Overruns", "l2tp.avp.hardware_overruns", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3013 { &hf_l2tp_avp_buffer_overruns, { "Buffer Overruns", "l2tp.avp.buffer_overruns", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3014 { &hf_l2tp_avp_time_out_errors, { "Time-out Errors", "l2tp.avp.time_out_errors", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3015 { &hf_l2tp_avp_alignment_errors, { "Alignment Errors", "l2tp.avp.alignment_errors", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3016 { &hf_l2tp_avp_send_accm, { "Send ACCM", "l2tp.avp.send_accm", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3017 { &hf_l2tp_avp_receive_accm, { "Receive ACCM", "l2tp.avp.receive_accm", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3018 { &hf_l2tp_avp_random_vector, { "Random Vector", "l2tp.avp.random_vector", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3019 { &hf_l2tp_avp_private_group_id, { "Private Group ID", "l2tp.avp.private_group_id", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3020 { &hf_l2tp_avp_rx_connect_speed, { "Rx Connect Speed", "l2tp.avp.rx_connect_speed", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3021 { &hf_l2tp_avp_disconnect_code, { "Disconnect Code", "l2tp.avp.disconnect_code", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3022 { &hf_l2tp_avp_control_protocol_number, { "Control Protocol Number", "l2tp.avp.control_protocol_number", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3023 { &hf_l2tp_avp_cause_code_direction, { "Direction", "l2tp.avp.cause_code_direction", FT_UINT8, BASE_DEC, VALS(cause_code_direction_vals), 0x0, NULL, HFILL }},
3024 { &hf_l2tp_avp_cause_code_message, { "Message", "l2tp.avp.cause_code_message", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3025 { &hf_l2tp_avp_message_digest, { "Message Digest", "l2tp.avp.message_digest", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3026 { &hf_l2tp_avp_router_id, { "Router ID", "l2tp.avp.router_id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3027 { &hf_l2tp_avp_pw_type, { "PW Type", "l2tp.avp.pw_type", FT_UINT16, BASE_DEC, VALS(pw_types_vals), 0x0, NULL, HFILL }},
3028 { &hf_l2tp_avp_assigned_cookie, { "Assigned Cookie", "l2tp.avp.assigned_cookie", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3029 { &hf_l2tp_avp_remote_end_id, { "Remote End ID", "l2tp.avp.remote_end_id", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3030 { &hf_l2tp_avp_pseudowire_type, { "Pseudowire Type", "l2tp.avp.pseudowire_type", FT_UINT16, BASE_DEC, VALS(pw_types_vals), 0x0, NULL, HFILL }},
3031 { &hf_l2tp_avp_layer2_specific_sublayer, { "Layer2 Specific Sublayer", "l2tp.avp.layer2_specific_sublayer", FT_UINT16, BASE_DEC, VALS(l2_sublayer_vals), 0x0, NULL, HFILL }},
3032 { &hf_l2tp_avp_data_sequencing, { "Data Sequencing", "l2tp.avp.data_sequencing", FT_UINT16, BASE_DEC, VALS(data_sequencing_vals), 0x0, NULL, HFILL }},
3033 { &hf_l2tp_avp_circuit_status, { "Circuit Status", "l2tp.avp.circuit_status", FT_BOOLEAN, 16, TFS(&tfs_up_down), 0x0001, NULL, HFILL }},
3034 { &hf_l2tp_avp_circuit_type, { "Circuit Type", "l2tp.avp.circuit_type", FT_BOOLEAN, 16, TFS(&tfs_new_existing), 0x0002, NULL, HFILL }},
3035 { &hf_l2tp_avp_preferred_language, { "Preferred Language", "l2tp.avp.preferred_language", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3036 { &hf_l2tp_avp_nonce, { "Nonce", "l2tp.avp.nonce", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3037 { &hf_l2tp_avp_tx_connect_speed_v3, { "Tx Connect Speed v3", "l2tp.avp.tx_connect_speed_v3", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }},
3038 { &hf_l2tp_avp_rx_connect_speed_v3, { "Rx Connect Speed v3", "l2tp.avp.rx_connect_speed_v3", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }},
3039 };
3040
3041 static gint *ett[] = {
3042 &ett_l2tp,
3043 &ett_l2tp_ctrl,
3044 &ett_l2tp_avp,
3045 &ett_l2tp_avp_sub,
3046 &ett_l2tp_l2_spec,
3047 &ett_l2tp_lcp,
3048 };
3049
3050 static ei_register_info ei[] = {
3051 { &ei_l2tp_incorrect_digest, { "l2tp.incorrect_digest", PI_CHECKSUM, PI_WARN, "Incorrect Digest", EXPFILL }},
3052 };
3053
3054 module_t *l2tp_module;
3055 expert_module_t* expert_l2tp;
3056
3057 proto_l2tp = proto_register_protocol(
3058 "Layer 2 Tunneling Protocol", "L2TP", "l2tp");
3059 proto_register_field_array(proto_l2tp, hf, array_length(hf));
3060 proto_register_subtree_array(ett, array_length(ett));
3061 expert_l2tp = expert_register_protocol(proto_l2tp);
3062 expert_register_field_array(expert_l2tp, ei, array_length(ei));
3063
3064 l2tp_vendor_avp_dissector_table = register_dissector_table("l2tp.vendor_avp", "L2TP vendor AVP dissector table", FT_UINT32, BASE_DEC);
3065
3066 l2tp_module = prefs_register_protocol(proto_l2tp, NULL);
3067
3068 prefs_register_enum_preference(l2tp_module,
3069 "cookie_size",
3070 "L2TPv3 Cookie Size",
3071 "L2TPv3 Cookie Size",
3072 &l2tpv3_cookie,
3073 l2tpv3_cookies,
3074 FALSE);
3075
3076 prefs_register_enum_preference(l2tp_module,
3077 "l2_specific",
3078 "L2TPv3 L2-Specific Sublayer",
3079 "L2TPv3 L2-Specific Sublayer",
3080 &l2tpv3_l2_specific,
3081 l2tpv3_l2_specifics,
3082 FALSE);
3083
3084 prefs_register_enum_preference(l2tp_module,
3085 "protocol",
3086 "Decode L2TPv3 packet contents as this protocol",
3087 "Decode L2TPv3 packet contents as this protocol",
3088 &l2tpv3_protocol,
3089 l2tpv3_protocols,
3090 FALSE);
3091
3092 prefs_register_string_preference(l2tp_module,"shared_secret","Shared Secret",
3093 "Shared secret used for control message digest authentication",
3094 &shared_secret);
3095
3096 register_init_routine(init_l2tp_dissection);
3097 }
3098
3099 void
3100 proto_reg_handoff_l2tp(void)
3101 {
3102 l2tp_udp_handle = new_create_dissector_handle(dissect_l2tp_udp, proto_l2tp);
3103 dissector_add_uint("udp.port", UDP_PORT_L2TP, l2tp_udp_handle);
3104
3105 l2tp_ip_handle = create_dissector_handle(dissect_l2tp_ip, proto_l2tp);
3106 dissector_add_uint("ip.proto", IP_PROTO_L2TP, l2tp_ip_handle);
3107
3108 /*
3109 * Get a handle for the PPP-in-HDLC-like-framing dissector.
3110 */
3111 ppp_hdlc_handle = find_dissector("ppp_hdlc");
3112 ppp_lcp_options_handle = find_dissector("ppp_lcp_options");
3113
3114 /* Register vendor AVP dissector(s)*/
3115 dissector_add_uint("l2tp.vendor_avp", VENDOR_CABLELABS, new_create_dissector_handle(dissect_l2tp_vnd_cablelabs_avps, proto_l2tp));
3116
3117
3118 /*
3119 * Get a handle for the dissectors used in v3.
3120 */
3121 eth_withoutfcs_handle = find_dissector("eth_withoutfcs");
3122 chdlc_handle = find_dissector("chdlc");
3123 fr_handle = find_dissector("fr");
3124 ip_handle = find_dissector("ip");
3125 mpls_handle = find_dissector("mpls");
3126 atm_oam_handle = find_dissector("atm_oam_cell");
3127 llc_handle = find_dissector("llc");
3128 lapd_handle = find_dissector("lapd");
3129 mp2t_handle = find_dissector("mp2t");
3130 ehdlc_handle = find_dissector("ehdlc");
3131 data_handle = find_dissector("data");
3132 }