1 --- l2tpd-0.70-pre20031121.orig/Makefile
2 +++ l2tpd-0.70-pre20031121/Makefile
4 # become runtime options) debugging flags
6 #DFLAGS= -g -O2 -DDEBUG_PPPD
7 -DFLAGS= -g -O2 -DDEBUG_PPPD -DDEBUG_CONTROL -DDEBUG_ENTROPY
8 +#DFLAGS= -g -O2 -Wall -DDEBUG_PPPD -DDEBUG_CONTROL -DDEBUG_ENTROPY
9 +DFLAGS= -ggdb -Wall -DDEBUG_PPPD -DDEBUG_CONTROL -DDEBUG_ENTROPY
11 # Uncomment the next line for Linux
15 FFLAGS= -DIP_ALLOCATION
17 -CFLAGS= $(DFLAGS) -Wall -DSANITY $(OSFLAGS) $(FFLAGS)
18 +CFLAGS= $(DFLAGS) -Wall -DSANITY $(OSFLAGS) $(FFLAGS)
19 HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h
20 OBJS=l2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o
21 LIBS= $(OSLIB) # -lefence # efence for malloc checking
22 --- l2tpd-0.70-pre20031121.orig/control.c
23 +++ l2tpd-0.70-pre20031121/control.c
25 add_bearer_caps_avp (buf, t->ourbc);
26 /* FIXME: Tie breaker */
27 add_firmware_avp (buf);
28 - add_hostname_avp (buf);
29 + add_hostname_avp (buf, t);
31 add_tunnelid_avp (buf, t->ourtid);
34 "%s: Peer did not specify assigned tunnel ID. Closing.\n",
36 set_error (c, VENDOR_ERROR, "Specify your assigned tunnel ID");
40 if (!(t->lns = get_lns (t)))
42 "%s: Denied connection to unauthorized peer %s\n",
43 __FUNCTION__, IPADDY (t->peer.sin_addr));
44 set_error (c, VENDOR_ERROR, "No Authorization");
48 t->ourrws = t->lns->tun_rws;
50 "%s: Peer did not specify framing capability. Closing.\n",
52 set_error (c, VENDOR_ERROR, "Specify framing capability");
56 /* FIXME: Do we need to be sure they specified a version number?
58 if (DEBUG) log(LOG_DEBUG,
59 "%s: Peer did not specify bearer capability. Closing.\n",__FUNCTION__);
60 set_error(c, VENDOR_ERROR, "Specify bearer capability");
64 if ((!strlen (t->hostname)) && ((t->chal_us.state) || ((t->lns->challenge))))
66 "%s: Peer did not specify hostname. Closing.\n",
68 set_error (c, VENDOR_ERROR, "Specify your hostname");
74 add_frame_caps_avp (buf, t->ourfc);
75 add_bearer_caps_avp (buf, t->ourbc);
76 add_firmware_avp (buf);
77 - add_hostname_avp (buf);
78 + add_hostname_avp (buf, t);
80 add_tunnelid_avp (buf, t->ourtid);
83 "%s: Peer did not specify framing capability. Closing.\n",
85 set_error (c, VENDOR_ERROR, "Specify framing capability");
89 /* FIXME: Do we need to be sure they specified a version number?
91 if (DEBUG) log(LOG_DEBUG,
92 "%s: Peer did not specify bearer capability. Closing.\n",__FUNCTION__);
93 set_error(c, VENDOR_ERROR, "Specify bearer capability");
97 if ((!strlen (t->hostname)) && ((t->chal_them.state) || ((t->chal_us.state))))
99 "%s: Peer did not specify hostname. Closing.\n",
101 set_error (c, VENDOR_ERROR, "Specify your hostname");
107 "%s: Peer did not specify assigned tunnel ID. Closing.\n",
109 set_error (c, VENDOR_ERROR, "Specify your assigned tunnel ID");
113 if (t->chal_them.state)
115 set_error (c, VENDOR_ERROR, "No secret key on our side");
116 log (LOG_WARN, "%s: No secret key for authenticating '%s'\n",
117 __FUNCTION__, t->hostname);
123 "Invalid challenge authentication");
124 log (LOG_DEBUG, "%s: Invalid authentication for host '%s'\n",
125 __FUNCTION__, t->hostname);
131 log (LOG_WARN, "%s: No secret for authenticating to '%s'\n",
132 __FUNCTION__, t->hostname);
133 set_error (c, VENDOR_ERROR, "No secret key on our end");
139 "Invalid challenge authentication");
140 log (LOG_DEBUG, "%s: Invalid authentication for host '%s'\n",
141 __FUNCTION__, t->hostname);
146 @@ -1584,6 +1571,14 @@
148 for (x = 0; x < buf->len; x++)
150 + // we must at least still have 4 bytes left in the worst case scenario:
151 + // 1 for a possible escape, 1 for the value and 1 to end the PPP stream.
152 + if(pos >= (sizeof(wbuf) - 4)) {
154 + log(LOG_CRIT, "%s: rx packet is too big after PPP encoding (size %u, max is %u)\n",
155 + __FUNCTION__, buf->len, MAX_RECV_SIZE);
158 e = *((char *) buf->start + x);
159 if ((e < 0x20) || (e == PPP_ESCAPE) || (e == PPP_FLAG))
161 @@ -1592,7 +1587,6 @@
162 wbuf[pos++] = PPP_ESCAPE;
167 wbuf[pos++] = PPP_FLAG;
168 x = write (c->fd, wbuf, pos);
169 --- l2tpd-0.70-pre20031121.orig/misc.h
170 +++ l2tpd-0.70-pre20031121/misc.h
172 extern void safe_copy (char *, char *, int);
173 extern void opt_destroy (struct ppp_opts *);
174 extern struct ppp_opts *add_opt (struct ppp_opts *, char *, ...);
175 +extern u_int16_t get16(u_int8_t *);
176 +extern u_int32_t get32(u_int8_t *);
177 +extern u_int64_t get64(u_int8_t *);
178 +extern void set16(u_int8_t *, u_int16_t);
179 +extern void set32(u_int8_t *, u_int32_t);
180 +extern void set64(u_int8_t *, u_int64_t);
183 --- l2tpd-0.70-pre20031121.orig/avp.h
184 +++ l2tpd-0.70-pre20031121/avp.h
193 + u_int16_t vendorid;
197 +#define AVP_F_MANDATORY 0x1
198 +#define AVP_F_FIXLEN 0x2
199 +#define AVP_F_ASCII 0x4
203 - int num; /* Number of AVP */
204 - int m; /* Set M? */
205 - int (*handler) (struct tunnel *, struct call *, void *, int);
206 - /* This should handle the AVP
207 - taking a tunnel, call, the data,
208 - and the length of the AVP as
209 - parameters. Should return 0
211 - char *description; /* A name, for debugging */
212 + u_int32_t num; /* Number of AVP */
214 + u_int32_t sz; /* expected avp payload size as
215 + * (AVP_F_FIXLEN) ? (==) : (!>=)
216 + * note: size checked is performed
217 + * after unhiding */
218 + u_int8_t allowed_states[8]; /* List of allowed message types for
219 + * a particular avp. Fixed len for
220 + * alignement issues. */
222 + /* This should handle the AVP taking a tunnel, call,
223 + * the data, and the length of the AVP as parameters.
224 + * Should return 0 upon success */
225 + int (*handle) (struct tunnel *, struct call *, void *, int);
227 + /* This should handle avp specifics sanity checks */
228 + int (*validate) (int, struct tunnel *, struct call *, void *, int);
229 + char *description; /* A name, for debugging */
232 extern int handle_avps (struct buffer *buf, struct tunnel *t, struct call *c);
234 #define RESULT_CLEAR 1
235 #define RESULT_ERROR 2
236 #define RESULT_EXISTS 3
239 +#define MESSAGE_TYPE_AVP 0
240 +#define RESULT_CODE_AVP 1
241 +#define PROTOCOL_VERSION_AVP 2
242 +#define FRAMING_CAP_AVP 3
243 +#define BEARER_CAP_AVP 4
244 +#define TIE_BREAKER_AVP 5
245 +#define FIRMWARE_REV_AVP 6
246 +#define HOSTNAME_AVP 7
247 +#define VENDOR_NAME_AVP 8
248 +#define ASSIGNED_TUN_ID_AVP 9
249 +#define RX_WIN_SIZE_AVP 10
250 +#define CHALLENGE_AVP 11
251 +#define CHALLENGE_RESP_AVP 12
252 +#define CAUSE_ERROR_AVP 13
253 +#define ASSIGNED_SES_ID_AVP 14
254 +#define SERIAL_NUMBER_AVP 15
255 +#define MIN_BPS_AVP 16
256 +#define MAX_BPS_AVP 17
257 +#define BEARER_TYPE_AVP 18
258 +#define FRAMING_TYPE_AVP 19
259 +#define PACKET_DELAY_AVP 20
260 +#define CALLED_NUMBER_AVP 21
261 +#define CALLING_NUMBER_AVP 22
262 +#define SUB_ADDRESS_AVP 23
263 +#define TX_CONNECT_SPEED_AVP 24
264 +#define PHYS_CHAN_ID_AVP 25
265 +#define INIT_RX_LCP_AVP 26
266 +#define LAST_TX_LCP_AVP 27
267 +#define LAST_RX_LCP_AVP 28
268 +#define PROXY_AUTH_TYPE_AVP 29
269 +#define PROXY_AUTH_NAME_AVP 30
270 +#define PROXY_AUTH_CHAL_AVP 31
271 +#define PROXY_AUTH_ID_AVP 32
272 +#define PROXY_AUTH_CHAL_RESP_AVP 33
273 +#define CALL_ERROR_AVP 34
275 +#define RANDOM_VECTOR_AVP 36
276 +#define PRIV_GROUP_ID_AVP 37
277 +#define RX_CONNECT_SPEED_AVP 38
278 +#define SEQ_REQUIRED_AVP 39
279 +#define AVP_MAX SEQ_REQUIRED_AVP
281 +extern int validate_msgtype_avp(int, struct tunnel *, struct call *, void *, int);
282 +extern int validate_gen_avp(int, struct tunnel *, struct call *, void *, int);
284 extern void encrypt_avp (struct buffer *, _u16, struct tunnel *);
285 extern int decrypt_avp (char *, struct tunnel *);
287 extern int message_type_avp (struct tunnel *, struct call *, void *, int);
288 extern int protocol_version_avp (struct tunnel *, struct call *, void *, int);
289 extern int framing_caps_avp (struct tunnel *, struct call *, void *, int);
291 extern int receive_window_size_avp (struct tunnel *, struct call *, void *,
293 extern int result_code_avp (struct tunnel *, struct call *, void *, int);
294 -extern int assigned_call_avp (struct tunnel *, struct call *, void *, int);
295 +extern int assigned_session_avp (struct tunnel *, struct call *, void *, int);
296 extern int call_serno_avp (struct tunnel *, struct call *, void *, int);
297 extern int bearer_type_avp (struct tunnel *, struct call *, void *, int);
298 extern int call_physchan_avp (struct tunnel *, struct call *, void *, int);
299 -extern int dialed_number_avp (struct tunnel *, struct call *, void *, int);
300 -extern int dialing_number_avp (struct tunnel *, struct call *, void *, int);
301 +extern int called_number_avp (struct tunnel *, struct call *, void *, int);
302 +extern int calling_number_avp (struct tunnel *, struct call *, void *, int);
303 extern int sub_address_avp (struct tunnel *, struct call *, void *, int);
304 extern int frame_type_avp (struct tunnel *, struct call *, void *, int);
305 extern int rx_speed_avp (struct tunnel *, struct call *, void *, int);
307 extern int add_avp_rws (struct buffer *, _u16);
308 extern int add_tunnelid_avp (struct buffer *, _u16);
309 extern int add_vendor_avp (struct buffer *);
310 -extern int add_hostname_avp (struct buffer *);
311 +extern int add_hostname_avp (struct buffer *, struct tunnel*);
312 extern int add_firmware_avp (struct buffer *);
313 extern int add_bearer_caps_avp (struct buffer *buf, _u16 caps);
314 extern int add_frame_caps_avp (struct buffer *buf, _u16 caps);
315 --- l2tpd-0.70-pre20031121.orig/network.c
316 +++ l2tpd-0.70-pre20031121/network.c
318 t->self->needclose = -1;
329 log (LOG_DEBUG, "%s: recv packet from %s, size = %d," \
330 -"tunnel = %d, call = %d\n", __FUNCTION__, inet_ntoa (from.sin_addr), recvsize, tunnel, call);
331 + "tunnel = %d, call = %d\n", __func__,
332 + inet_ntoa (from.sin_addr), recvsize,
337 --- l2tpd-0.70-pre20031121.orig/aaa.c
338 +++ l2tpd-0.70-pre20031121/aaa.c
340 __FUNCTION__, u, t, s);
342 strncpy (secret, s, size);
351 --- l2tpd-0.70-pre20031121.orig/l2tpd.c
352 +++ l2tpd-0.70-pre20031121/l2tpd.c
355 unlink (gconfig.pidfile);
357 + /* erase control pipe */
358 + unlink(CONTROL_PIPE);
363 @@ -333,13 +336,17 @@
364 tcgetattr (c->fd, &ptyconf);
365 *(c->oldptyconf) = ptyconf;
366 ptyconf.c_cflag &= ~(ICANON | ECHO);
367 - ptyconf.c_lflag &= ~ECHO;
368 + ptyconf.c_lflag &= ~ECHO;
369 tcsetattr (c->fd, TCSANOW, &ptyconf);
371 snprintf (tty, sizeof (tty), "/dev/tty%c%c", a, b);
372 fd2 = open (tty, O_RDWR);
373 - stropt[pos++] = strdup(tty);
374 - stropt[pos] = NULL;
376 + log(LOG_WARN, "unable to open tty %s", tty);
378 + /* XXX JEF: CHECK ME */
379 + stropt[pos++] = strdup(tty);
380 + stropt[pos] = NULL;
387 lac = (struct lac *) data;
392 + log (LOG_WARN, "%s : called on NULL lac!\n", __FUNCTION__);
397 log (LOG_DEBUG, "%s: LAC %s not active", __FUNCTION__, lac->entname);
400 log (LOG_LOG, "%s: maximum retries exceeded.\n", __FUNCTION__);
405 - log (LOG_WARN, "%s : called on NULL lac!\n", __FUNCTION__);
419 - char *sub_str; /* jz: use by the strtok function */
420 - char *tmp_ptr; /* jz: use by the strtok function */
421 + char *host, *tunstr, *callstr, *tmpstr;
425 @@ -792,24 +795,39 @@
426 if (buf[cnt - 1] == '\n')
429 - log (LOG_DEBUG, "%s: Got message %s (%d bytes long)\n",
430 + log (LOG_DEBUG, "%s: Got message \"%s\" (%d bytes long)\n",
431 __FUNCTION__, buf, cnt);
436 - host = strchr (buf, ' ') + 1;
437 + host = strchr (buf, ' ');
442 log (LOG_DEBUG, "%s: Attempting to tunnel to %s\n",
445 l2tp_call (host, UDP_LISTEN_PORT, NULL, NULL);
449 - switch_io = 1; /* jz: Switch for Incoming - Outgoing Calls */
451 - tunstr = strchr (buf, ' ') + 1;
452 + case 'c': /* option 'c' for incoming call */
453 + case 'o': /* option 'o' for outgoing call */
454 + tunstr = strchr (buf, ' ');
460 + switch_io = 1; /* Switch for Incoming Calls */
462 + switch_io = 0; /* Switch for Outgoing Calls */
463 + tmpstr = strchr(tunstr, ' ');
466 + strncpy(dial_no_tmp,tmpstr, sizeof(*dial_no_tmp));
472 @@ -842,52 +860,12 @@
474 lac_call (tunl, NULL, NULL);
477 - case 'o': /* jz: option 'o' for doing a outgoing call */
479 - switch_io = 0; /* jz: Switch for incoming - outgoing Calls */
481 - sub_str = strchr (buf, ' ') + 1;
483 - tunstr = strtok (sub_str, " "); /* jz: using strtok function to get */
484 - tmp_ptr = strtok (NULL, " "); /* params out of the pipe */
485 - strcpy (dial_no_tmp, tmp_ptr);
490 - if (!strcasecmp (lac->entname, tunstr))
495 - magic_lac_dial (lac);
498 - "%s: Session '%s' already active!\n",
499 - __FUNCTION__, lac->entname);
506 - tunl = atoi (tunstr);
509 - log (LOG_DEBUG, "%s: No such tunnel '%s'\n", __FUNCTION__,
513 -#ifdef DEBUG_CONTROL
514 - log (LOG_DEBUG, "%s: Attempting to call on tunnel %d\n",
515 - __FUNCTION__, tunl);
517 - lac_call (tunl, NULL, NULL);
521 - callstr = strchr (buf, ' ') + 1;
522 + callstr = strchr (buf, ' ');
527 call = atoi (callstr);
529 log (LOG_DEBUG, "%s: Attempting to call %d\n", __FUNCTION__,
534 - tunstr = strchr (buf, ' ') + 1;
535 + tunstr = strchr (buf, ' ');
549 /* Otherwise select goes nuts */
551 control_fd = open (CONTROL_PIPE, O_RDONLY | O_NONBLOCK, 0600);
556 - int pidfilewritten=0;
558 if((pid = fork()) < 0) {
559 log(LOG_LOG, "%s: Unable to fork ()\n",__FUNCTION__);
560 @@ -1012,56 +995,52 @@
571 + dup2(open("/dev/null", O_RDONLY), 0);
572 + dup2(open("/dev/null", O_RDONLY), 1);
573 + dup2(open("/dev/null", O_RDONLY), 2);
575 /* Read previous pid file. */
576 - if ((i = open(gconfig.pidfile,O_RDONLY)) > 0) {
577 - l=read(i,buf,sizeof(buf)-1);
579 - log(LOG_LOG, "%s: Unable to read pid file [%s]\n",
580 - __FUNCTION__, gconfig.pidfile);
585 - /* If the previous server process is not still running,
586 - write a new pid file immediately. */
587 - if (pid && (pid == getpid () || kill (pid, 0) < 0)) {
588 - unlink (gconfig.pidfile);
589 - if ((i = open (gconfig.pidfile, O_WRONLY | O_CREAT, 0640)) >= 0)
591 - snprintf (buf, sizeof(buf), "%d\n", (int)getpid());
592 - write (i, buf, strlen(buf));
594 - pidfilewritten = 1;
596 + if((i = open(gconfig.pidfile,O_RDONLY)) > 0) {
597 + l=read(i,buf,sizeof(buf)-1);
606 + /* if pid is read and process exist exit */
607 + if(pid && !kill(pid, 0)) {
608 log(LOG_LOG, "%s: There's already a l2tpd server running.\n",
610 close(server_socket);
614 + /* remove stalled pid file */
615 + unlink(gconfig.pidfile);
620 - if(! pidfilewritten) {
621 - unlink(gconfig.pidfile);
622 - if ((i = open (gconfig.pidfile, O_WRONLY | O_CREAT, 0640)) >= 0) {
623 - snprintf (buf, strlen(buf), "%d\n", (int)getpid());
624 - write (i, buf, strlen(buf));
626 - pidfilewritten = 1;
629 + /* create new pid file */
630 + if ((i = open (gconfig.pidfile, O_WRONLY | O_CREAT, 0644)) >= 0) {
631 + snprintf (buf, sizeof(buf), "%d", (int)getpid());
632 + write (i, buf, strlen(buf));
636 + log(LOG_LOG, "%s: could not write pid file %s error %d",
637 + __FUNCTION__, gconfig.pidfile, i);
638 + close(server_socket);
645 void init (int argc,char *argv[])
648 @@ -1103,10 +1082,6 @@
650 log (LOG_LOG, "l2tpd version " SERVER_VERSION " started on %s PID:%d\n",
651 hostname, getpid ());
653 - "Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.\n");
654 - log (LOG_LOG, "Forked by Scott Balmos and David Stipp, (C) 2001\n");
655 - log (LOG_LOG, "Inherited by Jeff McAdams, (C) 2002\n");
656 listenaddr.s_addr = gconfig.listenaddr;
657 log (LOG_LOG, "%s version %s on a %s, listening on IP address %s, port %d\n", uts.sysname,
658 uts.release, uts.machine, inet_ntoa(listenaddr), gconfig.port);
659 --- l2tpd-0.70-pre20031121.orig/misc.c
660 +++ l2tpd-0.70-pre20031121/misc.c
666 +u_int16_t get16(u_int8_t *p) {
667 + return p[0] << 8 | p[1];
670 +u_int32_t get32(u_int8_t *p) {
671 + return p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
674 +u_int64_t get64(u_int8_t *p) {
675 + return (u_int64_t)p[0] << 56 | (u_int64_t)p[1] << 48 |
676 + (u_int64_t)p[2] << 40 | (u_int64_t)p[3] << 32 |
677 + (u_int64_t)p[4] << 24 | (u_int64_t)p[5] << 16 |
678 + (u_int64_t)p[6] << 8 | (u_int64_t)p[7];
681 +void set16(u_int8_t *cp, u_int16_t x) {
686 +void set32(u_int8_t *cp, u_int32_t x) {
688 + *cp++ = (x >> 16) & 0xff;
689 + *cp++ = (x >> 8) & 0xff;
693 +void set64(u_int8_t *cp, u_int64_t x) {
695 + *cp++ = (x >> 48) & 0xff;
696 + *cp++ = (x >> 40) & 0xff;
697 + *cp++ = (x >> 32) & 0xff;
698 + *cp++ = (x >> 24) & 0xff;
699 + *cp++ = (x >> 16) & 0xff;
700 + *cp++ = (x >> 8) & 0xff;
704 --- l2tpd-0.70-pre20031121.orig/avp.c
705 +++ l2tpd-0.70-pre20031121/avp.c
707 * Layer Two Tunnelling Protocol Daemon
708 * Copyright (C) 1998 Adtran, Inc.
709 * Copyright (C) 2002 Jeff McAdams
710 + * Copyright (C) 2003 Jean-Francois Dive
714 + * 12/2003 parsing sanitization, Jean-Francois Dive
716 * This software is distributed under the terms
717 * of the GPL, which you should have received
718 * along with this source.
720 #include <netinet/in.h>
726 + * - Clean Proxy Authentication solution.
729 +/*****************************************************************************/
730 struct avp avps[] = {
732 - {0, 1, &message_type_avp, "Message Type"},
733 - {1, 1, &result_code_avp, "Result Code"},
734 - {2, 1, &protocol_version_avp, "Protocol Version"},
735 - {3, 1, &framing_caps_avp, "Framing Capabilities"},
736 - {4, 1, &bearer_caps_avp, "Bearer Capabilities"},
737 - {5, 0, NULL, "Tie Breaker"},
738 - {6, 0, &firmware_rev_avp, "Firmware Revision"},
739 - {7, 0, &hostname_avp, "Host Name"},
740 - {8, 1, &vendor_avp, "Vendor Name"},
741 - {9, 1, &assigned_tunnel_avp, "Assigned Tunnel ID"},
742 - {10, 1, &receive_window_size_avp, "Receive Window Size"},
743 - {11, 1, &challenge_avp, "Challenge"},
744 - {12, 0, NULL, "Q.931 Cause Code"},
745 - {13, 1, &chalresp_avp, "Challenge Response"},
746 - {14, 1, &assigned_call_avp, "Assigned Call ID"},
747 - {15, 1, &call_serno_avp, "Call Serial Number"},
748 - {16, 1, NULL, "Minimum BPS"},
749 - {17, 1, NULL, "Maximum BPS"},
750 - {18, 1, &bearer_type_avp, "Bearer Type"},
751 - {19, 1, &frame_type_avp, "Framing Type"},
752 - {20, 1, &packet_delay_avp, "Packet Processing Delay"},
753 - {21, 1, &dialed_number_avp, "Dialed Number"},
754 - {22, 1, &dialing_number_avp, "Dialing Number"},
755 - {23, 1, &sub_address_avp, "Sub-Address"},
756 - {24, 1, &tx_speed_avp, "Transmit Connect Speed"},
757 - {25, 1, &call_physchan_avp, "Physical channel ID"},
758 - {26, 0, NULL, "Initial Received LCP Confreq"},
759 - {27, 0, NULL, "Last Sent LCP Confreq"},
760 - {28, 0, NULL, "Last Received LCP Confreq"},
761 - {29, 1, &ignore_avp, "Proxy Authen Type"},
762 - {30, 0, &ignore_avp, "Proxy Authen Name"},
763 - {31, 0, &ignore_avp, "Proxy Authen Challenge"},
764 - {32, 0, &ignore_avp, "Proxy Authen ID"},
765 - {33, 1, &ignore_avp, "Proxy Authen Response"},
766 - {34, 1, NULL, "Call Errors"},
767 - {35, 1, &ignore_avp, "ACCM"},
768 - {36, 1, &rand_vector_avp, "Random Vector"},
769 - {37, 1, NULL, "Private Group ID"},
770 - {38, 0, &rx_speed_avp, "Receive Connect Speed"},
771 - {39, 1, &seq_reqd_avp, "Sequencing Required"}
772 + {0, AVP_F_MANDATORY|AVP_F_FIXLEN, 2, {0}, &message_type_avp, &validate_msgtype_avp, "Message Type"},
773 + {1, AVP_F_MANDATORY, MAXSTRLEN, {CDN, StopCCN}, &result_code_avp, &validate_gen_avp, "Result Code"},
774 + {2, AVP_F_MANDATORY|AVP_F_FIXLEN, 2, {SCCRP, SCCRQ}, &protocol_version_avp, &validate_gen_avp, "Protocol Version"},
775 + {3, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {SCCRP, SCCRQ}, &framing_caps_avp, &validate_gen_avp, "Framing Capabilities"},
776 + {4, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {SCCRP, SCCRQ}, &bearer_caps_avp, &validate_gen_avp, "Bearer Capabilities"},
777 + {5, 0, 0, {0}, NULL, NULL, "Tie Breaker"},
778 + {6, AVP_F_FIXLEN, 2, {SCCRP, SCCRQ}, &firmware_rev_avp, &validate_gen_avp, "Firmware Revision"},
779 + {7, AVP_F_ASCII, MAXSTRLEN, {SCCRP, SCCRQ}, &hostname_avp, &validate_gen_avp, "Host Name"},
780 + {8, AVP_F_MANDATORY|AVP_F_ASCII, MAXSTRLEN, {SCCRP, SCCRQ}, &vendor_avp, &validate_gen_avp, "Vendor Name"},
781 + {9, AVP_F_MANDATORY|AVP_F_FIXLEN, 2, {SCCRP, SCCRQ, StopCCN}, &assigned_tunnel_avp, &validate_gen_avp, "Assigned Tunnel ID"},
782 + {10, AVP_F_MANDATORY|AVP_F_FIXLEN, 2,{SCCRP, SCCRQ, OCRP, OCCN, StopCCN}, &receive_window_size_avp, &validate_gen_avp, "Receive Window Size"},
783 + {11, AVP_F_MANDATORY, 128, {SCCRP, SCCRQ}, &challenge_avp, &validate_gen_avp, "Challenge"},
784 + {12, 0, 0, {0}, NULL, NULL, "Q.931 Cause Code"},
785 + {13, AVP_F_MANDATORY, MD_SIG_SIZE, {SCCRP, SCCCN}, &chalresp_avp, &validate_gen_avp, "Challenge Response"},
786 + {14, AVP_F_MANDATORY|AVP_F_FIXLEN, 2, {CDN, ICRP, ICRQ, OCRP, OCRQ}, &assigned_session_avp, &validate_gen_avp, "Assigned Session ID"},
787 + {15, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {ICRQ, OCRQ}, &call_serno_avp, &validate_gen_avp, "Call Serial Number"},
788 + {16, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {0}, NULL, NULL, "Minimum BPS"},
789 + {17, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {0}, NULL, NULL, "Maximum BPS"},
790 + {18, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {ICRQ, OCRQ}, &bearer_type_avp, &validate_gen_avp, "Bearer Type"},
791 + {19, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {ICCN, OCRQ, OCCN}, &frame_type_avp, &validate_gen_avp, "Framing Type"},
792 + {20, AVP_F_MANDATORY|AVP_F_FIXLEN, 2, {ICRP, OCRQ, ICCN, OCRP, OCCN}, &packet_delay_avp, &validate_gen_avp, "Packet Processing Delay"},
793 + {21, AVP_F_MANDATORY|AVP_F_ASCII, MAXSTRLEN, {ICRQ, OCRQ}, &called_number_avp, &validate_gen_avp, "Called Number"},
794 + {22, AVP_F_MANDATORY|AVP_F_ASCII, MAXSTRLEN, {ICRQ}, &calling_number_avp, &validate_gen_avp, "Calling Number"},
795 + {23, AVP_F_MANDATORY|AVP_F_ASCII, MAXSTRLEN, {OCRP, ICRQ}, &sub_address_avp, &validate_gen_avp, "Sub-Address"},
796 + {24, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {ICCN, OCCN, OCRP}, &tx_speed_avp, &validate_gen_avp, "Transmit Connect Speed"},
797 + {25, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {ICRQ, OCRQ, OCRP, OCCN}, &call_physchan_avp, &validate_gen_avp, "Physical channel ID"},
798 + {26, 0, 0, {0}, NULL, NULL, "Initial Received LCP Confreq"},
799 + {27, 0, 0, {0}, NULL, NULL, "Last Sent LCP Confreq"},
800 + {28, 0, 0, {0}, NULL, NULL, "Last Received LCP Confreq"},
801 + {29, AVP_F_MANDATORY, 0, {0}, &ignore_avp, NULL, "Proxy Authen Type"},
802 + {30, 0, 0, {0}, &ignore_avp, NULL, "Proxy Authen Name"},
803 + {31, 0, 0, {0}, &ignore_avp, NULL, "Proxy Authen Challenge"},
804 + {32, 0, 0, {0}, &ignore_avp, NULL, "Proxy Authen ID"},
805 + {33, AVP_F_MANDATORY, 0, {0}, &ignore_avp, NULL, "Proxy Authen Response"},
806 + {34, AVP_F_MANDATORY|AVP_F_FIXLEN, 26, {0}, NULL, NULL, "Call Errors"},
807 + {35, AVP_F_MANDATORY|AVP_F_FIXLEN, 10, {0}, &ignore_avp, NULL, "ACCM"},
808 + {36, AVP_F_MANDATORY, 1024, {0}, &rand_vector_avp, &validate_gen_avp, "Random Vector"},
809 + {37, AVP_F_MANDATORY, 0, {0}, NULL, NULL, "Private Group ID"},
810 + {38, AVP_F_FIXLEN, 4, {ICCN, OCCN, OCRP}, &rx_speed_avp, &validate_gen_avp, "Receive Connect Speed"},
811 + {39, AVP_F_MANDATORY, 0, {ICCN, OCCN, OCRP}, &seq_reqd_avp, &validate_gen_avp, "Sequencing Required"}
816 "Call was connected but no appropriate framing was detect"
819 +/*****************************************************************************/
820 void wrong_length (struct call *c, char *field, int expected, int found,
828 - * t, c, data, and datalen may be assumed to be defined for all avp's
831 -int message_type_avp (struct tunnel *t, struct call *c, void *data,
833 +/*****************************************************************************/
834 +int validate_msgtype_avp(int attr, struct tunnel *t, struct call *c,
835 + void *data, int datalen)
838 * This will be with every control message. It is critical that this
840 * (assuming sanity check)
844 - c->msgtype = ntohs (raw[3]);
848 - log (LOG_DEBUG, "%s: wrong size (%d != 8)\n", __FUNCTION__,
850 - wrong_length (c, "Message Type", 8, datalen, 0);
853 - if ((c->msgtype > MAX_MSG) || (!msgtypes[c->msgtype]))
856 - log (LOG_DEBUG, "%s: unknown message type %d\n", __FUNCTION__,
862 - log (LOG_DEBUG, "%s: message type %d (%s)\n", __FUNCTION__,
863 - c->msgtype, msgtypes[c->msgtype]);
865 + u_int8_t *p = data + sizeof(struct avp_hdr);
866 + c->msgtype = get16(p);
871 @@ -172,11 +157,11 @@
874 "%s: attempting to negotiate tunnel inside a call!\n",
880 - switch (c->msgtype)
884 if ((t->state != 0) && (t->state != SCCRQ))
888 "%s: attempting to negotiate SCCRQ with state != 0\n",
897 "%s: attempting to negotiate SCCRP with state != SCCRQ!\n",
906 "%s: attempting to negotiate SCCCN with state != SCCRP!\n",
915 "%s: attempting to negotiate ICRQ when state != SCCCN\n",
924 "%s: attempting to negotiate ICRQ on a call!\n",
933 "%s: attempting to negotiate ICRP on tunnel!=SCCCN\n",
938 if (c->state != ICRQ)
942 "%s: attempting to negotiate ICRP when state != ICRQ\n",
951 "%s: attempting to negotiate ICCN when state != ICRP\n",
960 "%s: attempting to negotiate SLI when state != ICCN\n",
969 "%s: attempting to negotiate OCRP on tunnel!=SCCCN\n",
974 if (c->state != OCRQ)
978 "%s: attempting to negotiate OCRP when state != OCRQ\n",
987 "%s: attempting to negotiate OCCN when state != OCRQ\n",
993 @@ -303,72 +288,33 @@
997 - log (LOG_WARN, "%s: i don't know how to handle %s messages\n",
998 - __FUNCTION__, msgtypes[c->msgtype]);
1003 - if (c->msgtype == ICRQ)
1009 - log (LOG_DEBUG, "%s: new incoming call\n", __FUNCTION__);
1011 - tmp = new_call (t);
1014 - log (LOG_WARN, "%s: unable to create new call\n", __FUNCTION__);
1015 + log (LOG_WARN, "%s: unknown messages type %d\n",
1016 + __func__, get16(p));
1019 - tmp->next = t->call_head;
1020 - t->call_head = tmp;
1023 - * Is this still safe to assume that the head will always
1024 - * be the most recent call being negotiated?
1025 - * Probably... FIXME anyway...
1033 -int rand_vector_avp (struct tunnel *t, struct call *c, void *data,
1037 - _u16 *raw = (_u16 *) data;
1038 - size = (raw[0] & 0x0FFF) - 6;
1044 - log (LOG_DEBUG, "%s: Random vector too small (%d < 0)\n",
1045 - __FUNCTION__, size);
1046 - wrong_length (c, "Random Vector", 6, datalen, 1);
1049 - if (size > MAX_VECTOR_SIZE)
1052 - log (LOG_DEBUG, "%s: Random vector too large (%d > %d)\n",
1053 - __FUNCTION__, datalen, MAX_VECTOR_SIZE);
1054 - wrong_length (c, "Random Vector", 6, datalen, 1);
1059 - log (LOG_DEBUG, "%s: Random Vector of %d octets\n", __FUNCTION__,
1061 - t->chal_us.vector = (unsigned char *) &raw[3];
1062 - t->chal_us.vector_len = size;
1064 +/*****************************************************************************/
1065 +int validate_gen_avp(int attr, struct tunnel *t, struct call *c,
1066 + void *data, int datalen) {
1067 + (void)data; (void)datalen;
1068 + int i = 0, found = 0;
1071 + for(i = 0; i < 8; i++) {
1072 + if(c->msgtype == avps[attr].allowed_states[i])
1081 +/* t, c, data, and datalen may be assumed to be defined for all avp's */
1082 +/*****************************************************************************/
1083 int ignore_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1086 @@ -383,94 +329,88 @@
1092 - log (LOG_DEBUG, "%s : Ignoring AVP\n", __FUNCTION__);
1094 + log (LOG_DEBUG, "%s : Ignoring AVP\n", __func__);
1098 -int seq_reqd_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1099 +/*****************************************************************************/
1100 +int message_type_avp (struct tunnel *t, struct call *c, void *data,
1105 + u_int8_t *p = data + sizeof(struct avp_hdr);
1108 + c->msgtype = get16(p);
1110 + if ((c->msgtype > MAX_MSG) || (!msgtypes[c->msgtype]))
1116 - "%s: avp is incorrect size. %d != 6\n", __FUNCTION__,
1118 - wrong_length (c, "Sequencing Required", 6, datalen, 1);
1121 - switch (c->msgtype)
1122 + log (LOG_DEBUG, "%s: unknown message type %d\n", __func__,
1127 + log (LOG_DEBUG, "%s: message type %d (%s)\n", __func__,
1128 + c->msgtype, msgtypes[c->msgtype]);
1129 + if (c->msgtype == ICRQ)
1133 + log (LOG_DEBUG, "%s: new incoming call\n", __func__);
1134 + tmp = new_call (t);
1142 - "%s: sequencing required not appropriate for %s!\n",
1143 - __FUNCTION__, msgtypes[c->msgtype]);
1144 + log (LOG_WARN, "%s: unable to create new call\n", __func__);
1147 + tmp->next = t->call_head;
1148 + t->call_head = tmp;
1151 + * Is this still safe to assume that the head will always
1152 + * be the most recent call being negotiated?
1153 + * Probably... FIXME anyway...
1160 +/*****************************************************************************/
1161 +int rand_vector_avp (struct tunnel *t, struct call *c, void *data,
1164 + u_int8_t *p = data + sizeof(struct avp_hdr);
1165 + int datalen = avplen - sizeof(struct avp_hdr);
1169 - log (LOG_DEBUG, "%s: peer requires sequencing.\n", __FUNCTION__);
1171 + log (LOG_DEBUG, "%s: random vector len %d\n", __func__, datalen);
1172 + t->chal_us.vector = (unsigned char *)p;
1173 + t->chal_us.vector_len = datalen;
1177 +/*****************************************************************************/
1178 +int seq_reqd_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1181 + log (LOG_DEBUG, "%s: peer requires sequencing.\n", __func__);
1186 +/*****************************************************************************/
1187 int result_code_avp (struct tunnel *t, struct call *c, void *data,
1192 - * Find out what version of l2tp the other side is using.
1193 - * I'm not sure what we're supposed to do with this but whatever..
1195 + u_int8_t *p = data + sizeof(struct avp_hdr);
1196 + int datalen = avplen - sizeof(struct avp_hdr);
1197 + u_int16_t result = get16(p);
1198 + u_int16_t error = get16(p + 2);
1210 - "%s: avp is incorrect size. %d < 10\n", __FUNCTION__,
1212 - wrong_length (c, "Result Code", 10, datalen, 1);
1215 - switch (c->msgtype)
1223 - "%s: result code not appropriate for %s. Ignoring.\n",
1224 - __FUNCTION__, msgtypes[c->msgtype]);
1229 - result = ntohs (raw[3]);
1230 - error = ntohs (raw[4]);
1231 if ((c->msgtype == StopCCN) && ((result > 7) || (result < 1)))
1235 - "%s: result code out of range (%d %d %d). Ignoring.\n",
1236 - __FUNCTION__, result, error, datalen);
1237 + "%s: (StopCCN) result code out of range ! (1 < %d < 7)\n",
1238 + __func__, result);
1242 @@ -478,1112 +418,348 @@
1246 - "%s: result code out of range (%d %d %d). Ignoring.\n",
1247 - __FUNCTION__, result, error, datalen);
1248 + "%s: (CDN) result code out of range !(1 < %d < 11)\n",
1249 + __func__, result);
1255 - safe_copy (c->errormsg, (char *) &raw[5], datalen - 10);
1256 + memcpy(c->errormsg, (char*)p + 4, datalen - 4);
1257 + c->errormsg[datalen - 4] = '\0';
1261 - if (DEBUG && (c->msgtype == StopCCN))
1262 + if(c->msgtype == StopCCN)
1265 "%s: peer closing for reason %d (%s), error = %d (%s)\n",
1266 - __FUNCTION__, result, stopccn_result_codes[result], error,
1267 + __func__, result, stopccn_result_codes[result], error,
1273 "%s: peer closing for reason %d (%s), error = %d (%s)\n",
1274 - __FUNCTION__, result, cdn_result_codes[result], error,
1275 + __func__, result, cdn_result_codes[result], error,
1282 +/*****************************************************************************/
1283 int protocol_version_avp (struct tunnel *t, struct call *c, void *data,
1288 - * Find out what version of l2tp the other side is using.
1289 - * I'm not sure what we're supposed to do with this but whatever..
1291 + u_int8_t *p = data + sizeof(struct avp_hdr);
1302 - "%s: avp is incorrect size. %d != 8\n", __FUNCTION__,
1304 - wrong_length (c, "Protocol Version", 8, datalen, 1);
1307 - switch (c->msgtype)
1315 - "%s: protocol version not appropriate for %s. Ignoring.\n",
1316 - __FUNCTION__, msgtypes[c->msgtype]);
1321 - ver = ntohs (raw[3]);
1326 - "%s: peer is using version %d, revision %d.\n", __FUNCTION__,
1327 - (ver >> 8), ver & 0xFF);
1329 + log (LOG_DEBUG, "%s: peer is using version %d, revision %d.\n",
1330 + __func__,*p, *(p+1));
1334 +/*****************************************************************************/
1335 int framing_caps_avp (struct tunnel *t, struct call *c, void *data,
1340 - * Retrieve the framing capabilities
1346 + u_int8_t *p = data + sizeof(struct avp_hdr);
1347 + u_int16_t caps = get16(p + 2);
1352 - switch (c->msgtype)
1360 - "%s: framing capabilities not appropriate for %s. Ignoring.\n",
1361 - __FUNCTION__, msgtypes[c->msgtype]);
1364 - if (datalen != 10)
1368 - "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
1370 - wrong_length (c, "Framming Capabilities", 10, datalen, 0);
1375 - caps = ntohs (raw[4]);
1379 - "%s: supported peer frames:%s%s\n", __FUNCTION__,
1380 - caps & ASYNC_FRAMING ? " async" : "",
1381 - caps & SYNC_FRAMING ? " sync" : "");
1382 + log (LOG_DEBUG, "%s: supported peer frames:%s %s\n", __func__,
1383 + caps & ASYNC_FRAMING ? "async" : "",
1384 + caps & SYNC_FRAMING ? "sync" : "");
1386 t->fc = caps & (ASYNC_FRAMING | SYNC_FRAMING);
1390 +/*****************************************************************************/
1391 int bearer_caps_avp (struct tunnel *t, struct call *c, void *data,
1396 - * What kind of bearer channels does our peer support?
1400 + u_int8_t *p = data + sizeof(struct avp_hdr);
1401 + u_int16_t caps = get16(p + 2);
1406 - switch (c->msgtype)
1414 - "%s: bearer capabilities not appropriate for message %s. Ignoring.\n",
1415 - __FUNCTION__, msgtypes[c->msgtype]);
1418 - if (datalen != 10)
1422 - "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
1424 - wrong_length (c, "Bearer Capabilities", 10, datalen, 0);
1429 - caps = ntohs (raw[4]);
1435 - "%s: supported peer bearers:%s%s\n",
1437 - caps & ANALOG_BEARER ? " analog" : "",
1438 - caps & DIGITAL_BEARER ? " digital" : "");
1440 + log (LOG_DEBUG, "%s: supported peer bearers:%s %s\n",
1442 + caps & ANALOG_BEARER ? "analog" : "",
1443 + caps & DIGITAL_BEARER ? "digital" : "");
1446 t->bc = caps & (ANALOG_BEARER | DIGITAL_BEARER);
1451 -/* FIXME: I need to handle tie breakers eventually */
1453 +/*****************************************************************************/
1454 int firmware_rev_avp (struct tunnel *t, struct call *c, void *data,
1459 - * Report and record remote firmware version
1463 + u_int8_t *p = data + sizeof(struct avp_hdr);
1468 - switch (c->msgtype)
1476 - "%s: firmware revision not appropriate for message %s. Ignoring.\n",
1477 - __FUNCTION__, msgtypes[c->msgtype]);
1484 - "%s: avp is incorrect size. %d != 8\n", __FUNCTION__,
1486 - wrong_length (c, "Firmware Revision", 8, datalen, 0);
1491 - ver = ntohs (raw[3]);
1492 + t->firmware = get16(p);
1497 - "%s: peer reports firmware version %d (0x%.4x)\n",
1498 - __FUNCTION__, ver, ver);
1500 - t->firmware = ver;
1501 + log (LOG_DEBUG, "%s: peer reports firmware version %d (0x%.4X)\n",
1502 + __func__, t->firmware, t->firmware);
1506 +/*****************************************************************************/
1507 int bearer_type_avp (struct tunnel *t, struct call *c, void *data,
1512 - * What kind of bearer channel is the call on?
1516 + u_int8_t *p = data + sizeof(struct avp_hdr);
1521 - switch (c->msgtype)
1529 - "%s: bearer type not appropriate for message %s. Ignoring.\n",
1530 - __FUNCTION__, msgtypes[c->msgtype]);
1533 - if (datalen != 10)
1537 - "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
1539 - wrong_length (c, "Bearer Type", 10, datalen, 0);
1544 - b = ntohs (raw[4]);
1545 + t->call_head->bearer = get16(p + 2);
1550 - "%s: peer bears:%s\n", __FUNCTION__,
1551 - b & ANALOG_BEARER ? " analog" : "digital");
1553 - t->call_head->bearer = b;
1554 + log (LOG_DEBUG, "%s: peer bears: %s\n", __func__,
1555 + (t->call_head->bearer & ANALOG_BEARER) ? "analog" : "digital");
1559 -int frame_type_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1560 +/*****************************************************************************/
1561 +int frame_type_avp (struct tunnel *t, struct call *c, void *data, int avplen)
1564 - * What kind of frame channel is the call on?
1568 + u_int8_t *p = data + sizeof(struct avp_hdr);
1573 - switch (c->msgtype)
1582 - "%s: frame type not appropriate for message %s. Ignoring.\n",
1583 - __FUNCTION__, msgtypes[c->msgtype]);
1586 - if (datalen != 10)
1590 - "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
1592 - wrong_length (c, "Frame Type", 10, datalen, 0);
1597 - b = ntohs (raw[4]);
1598 + c->frame = get16(p + 2);
1603 - "%s: peer uses:%s frames\n", __FUNCTION__,
1604 - b & ASYNC_FRAMING ? " async" : "sync");
1607 + log (LOG_DEBUG, "%s: peer uses:%s frames\n", __func__,
1608 + (c->frame & ASYNC_FRAMING) ? "async" : "sync");
1612 -int hostname_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1613 +/*****************************************************************************/
1614 +int hostname_avp (struct tunnel *t, struct call *c, void *data, int avplen)
1617 - * What is the peer's name?
1621 + u_int8_t *p = data + sizeof(struct avp_hdr);
1622 + int datalen = avplen - sizeof(struct avp_hdr);
1624 + memcpy(t->hostname, p, datalen);
1625 + t->hostname[datalen] = '\0';
1630 - switch (c->msgtype)
1638 - "%s: hostname not appropriate for message %s. Ignoring.\n",
1639 - __FUNCTION__, msgtypes[c->msgtype]);
1646 - "%s: avp is too small. %d < 6\n", __FUNCTION__,
1648 - wrong_length (c, "Hostname", 6, datalen, 1);
1653 - size = raw[0] & 0x0FFF;
1654 - if (size > MAXSTRLEN - 1)
1657 - log (LOG_DEBUG, "%s: truncating reported hostname (size is %d)\n",
1658 - __FUNCTION__, size);
1659 - size = MAXSTRLEN - 1;
1661 - safe_copy (t->hostname, (char *) &raw[3], size - 6);
1666 - "%s: peer reports hostname '%s'\n", __FUNCTION__,
1669 + log (LOG_DEBUG, "%s: peer reports hostname '%s'\n", __func__,
1675 -int dialing_number_avp (struct tunnel *t, struct call *c, void *data,
1677 +/*****************************************************************************/
1678 +int calling_number_avp (struct tunnel *t, struct call *c, void *data,
1682 - * What is the peer's name?
1686 + u_int8_t *p = data + sizeof(struct avp_hdr);
1687 + int datalen = avplen - sizeof(struct avp_hdr);
1689 + memcpy(t->call_head->dialing, p, datalen);
1690 + t->call_head->dialing[datalen] = '\0';
1695 - switch (c->msgtype)
1702 - "%s: dialing number not appropriate for message %s. Ignoring.\n",
1703 - __FUNCTION__, msgtypes[c->msgtype]);
1710 - "%s: avp is too small. %d < 6\n", __FUNCTION__,
1712 - wrong_length (c, "Dialing Number", 6, datalen, 1);
1717 - size = raw[0] & 0x0FFF;
1718 - if (size > MAXSTRLEN - 1)
1722 - "%s: truncating reported dialing number (size is %d)\n",
1723 - __FUNCTION__, size);
1724 - size = MAXSTRLEN - 1;
1726 - safe_copy (t->call_head->dialing, (char *) &raw[3], size);
1731 - "%s: peer reports dialing number '%s'\n", __FUNCTION__,
1732 - t->call_head->dialing);
1734 + log (LOG_DEBUG, "%s: peer reports dialing number '%s'\n", __func__,
1735 + t->call_head->dialing);
1740 -int dialed_number_avp (struct tunnel *t, struct call *c, void *data,
1742 +/*****************************************************************************/
1743 +int called_number_avp (struct tunnel *t, struct call *c, void *data,
1747 - * What is the peer's name?
1751 + u_int8_t *p = data + sizeof(struct avp_hdr);
1752 + int datalen = avplen - sizeof(struct avp_hdr);
1754 + memcpy(t->call_head->dialed, p, datalen);
1755 + t->call_head->dialed[datalen] = '\0';
1760 - switch (c->msgtype)
1768 - "%s: dialed number not appropriate for message %s. Ignoring.\n",
1769 - __FUNCTION__, msgtypes[c->msgtype]);
1776 - "%s: avp is too small. %d < 6\n", __FUNCTION__,
1778 - wrong_length (c, "Dialed Number", 6, datalen, 1);
1783 - size = raw[0] & 0x0FFF;
1784 - if (size > MAXSTRLEN - 1)
1788 - "%s: truncating reported dialed number (size is %d)\n",
1789 - __FUNCTION__, size);
1790 - size = MAXSTRLEN - 1;
1792 - safe_copy (t->call_head->dialed, (char *) &raw[3], size);
1797 - "%s: peer reports dialed number '%s'\n", __FUNCTION__,
1798 - t->call_head->dialed);
1800 + log (LOG_DEBUG, "%s: peer reports dialed number '%s'\n", __func__,
1801 + t->call_head->dialed);
1806 +/*****************************************************************************/
1807 int sub_address_avp (struct tunnel *t, struct call *c, void *data,
1812 - * What is the peer's name?
1816 + u_int8_t *p = data + sizeof(struct avp_hdr);
1817 + int datalen = avplen - sizeof(struct avp_hdr);
1819 + memcpy(t->call_head->subaddy, p, datalen);
1820 + t->call_head->subaddy[datalen] = '\0';
1825 - switch (c->msgtype)
1833 - "%s: sub_address not appropriate for message %s. Ignoring.\n",
1834 - __FUNCTION__, msgtypes[c->msgtype]);
1841 - "%s: avp is too small. %d < 6\n", __FUNCTION__,
1843 - wrong_length (c, "Sub-address", 6, datalen, 1);
1848 - size = raw[0] & 0x0FFF;
1849 - if (size > MAXSTRLEN - 1)
1853 - "%s: truncating reported sub address (size is %d)\n",
1854 - __FUNCTION__, size);
1855 - size = MAXSTRLEN - 1;
1857 - safe_copy (t->call_head->subaddy, (char *) &raw[3], size);
1862 - "%s: peer reports subaddress '%s'\n", __FUNCTION__,
1863 - t->call_head->subaddy);
1865 + log (LOG_DEBUG, "%s: peer reports subaddress '%s'\n", __func__,
1866 + t->call_head->subaddy);
1870 -int vendor_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1871 +/*****************************************************************************/
1872 +int vendor_avp (struct tunnel *t, struct call *c, void *data, int avplen)
1875 - * What vendor makes the other end?
1879 + u_int8_t *p = data + sizeof(struct avp_hdr);
1880 + int datalen = avplen - sizeof(struct avp_hdr);
1882 + memcpy(t->vendor, p, datalen);
1883 + t->vendor[datalen] = '\0';
1888 - switch (c->msgtype)
1896 - "%s: vendor not appropriate for message %s. Ignoring.\n",
1897 - __FUNCTION__, msgtypes[c->msgtype]);
1904 - "%s: avp is too small. %d < 6\n", __FUNCTION__,
1906 - wrong_length (c, "Vendor", 6, datalen, 1);
1911 - size = raw[0] & 0x0FFF;
1912 - if (size > MAXSTRLEN - 1)
1915 - log (LOG_DEBUG, "%s: truncating reported vendor (size is %d)\n",
1916 - __FUNCTION__, size);
1917 - size = MAXSTRLEN - 1;
1919 - safe_copy (t->vendor, (char *) &raw[3], size);
1924 - "%s: peer reports vendor '%s'\n", __FUNCTION__, t->vendor);
1926 + log (LOG_DEBUG, "%s: peer reports vendor '%s'\n", __func__, t->vendor);
1930 -int challenge_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1931 +/*****************************************************************************/
1932 +int challenge_avp (struct tunnel *t, struct call *c, void *data, int avplen)
1935 - * We are sent a challenge
1942 - switch (c->msgtype)
1950 - "%s: challenge not appropriate for message %s. Ignoring.\n",
1951 - __FUNCTION__, msgtypes[c->msgtype]);
1958 - "%s: avp is too small. %d < 6\n", __FUNCTION__,
1960 - wrong_length (c, "challenge", 6, datalen, 1);
1965 - /* size = raw[0] & 0x0FFF; */
1966 - /* length field of AVP's is only 10 bits long, not 12 */
1967 - size = raw[0] & 0x03FF;
1968 - size -= sizeof (struct avp_hdr);
1969 - /* if (size != MD_SIG_SIZE)
1971 - log (LOG_DEBUG, "%s: Challenge is not the right length (%d != %d)\n",
1972 - __FUNCTION__, size, MD_SIG_SIZE);
1975 - t->chal_us.challenge = malloc(size+1);
1976 - if (t->chal_us.challenge == NULL)
1978 + u_int8_t *p = data + sizeof(struct avp_hdr);
1979 + int datalen = avplen - sizeof(struct avp_hdr);
1981 + t->chal_us.challenge = calloc(datalen, 1);
1982 + if (!t->chal_us.challenge)
1985 - memset(t->chal_us.challenge, 0, size+1);
1986 - bcopy (&raw[3], (t->chal_us.challenge), size);
1987 + memcpy(t->chal_us.challenge, p, datalen);
1988 t->chal_us.state = STATE_CHALLENGED;
1992 - log (LOG_DEBUG, "%s: challenge avp found\n", __FUNCTION__);
1994 + log (LOG_DEBUG, "%s: challenge avp found\n", __func__);
1999 -int chalresp_avp (struct tunnel *t, struct call *c, void *data, int datalen)
2000 +/*****************************************************************************/
2001 +int chalresp_avp (struct tunnel *t, struct call *c, void *data, int avplen)
2004 - * We are sent a challenge
2011 - switch (c->msgtype)
2019 - "%s: challenge response not appropriate for message %s. Ignoring.\n",
2020 - __FUNCTION__, msgtypes[c->msgtype]);
2027 - "%s: avp is too small. %d < 6\n", __FUNCTION__,
2029 - wrong_length (c, "challenge", 6, datalen, 1);
2034 - size = raw[0] & 0x0FFF;
2035 - size -= sizeof (struct avp_hdr);
2036 - if (size != MD_SIG_SIZE)
2038 - log (LOG_DEBUG, "%s: Challenge is not the right length (%d != %d)\n",
2039 - __FUNCTION__, size, MD_SIG_SIZE);
2042 + u_int8_t *p = data + sizeof(struct avp_hdr);
2044 - bcopy (&raw[3], t->chal_them.reply, MD_SIG_SIZE);
2047 - log (LOG_DEBUG, "%s: Challenge reply found\n", __FUNCTION__);
2049 + memcpy(t->chal_them.reply, p, MD_SIG_SIZE);
2051 + log(LOG_DEBUG, "%s: Challenge reply found\n", __func__);
2055 +/*****************************************************************************/
2056 int assigned_tunnel_avp (struct tunnel *t, struct call *c, void *data,
2061 - * What is their TID that we must use from now on?
2064 + u_int8_t *p = data + sizeof(struct avp_hdr);
2065 + u_int16_t id = get16(p);
2070 - switch (c->msgtype)
2079 - "%s: tunnel ID not appropriate for message %s. Ignoring.\n",
2080 - __FUNCTION__, msgtypes[c->msgtype]);
2087 - "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
2089 - wrong_length (c, "Assigned Tunnel ID", 8, datalen, 0);
2094 if (c->msgtype == StopCCN)
2096 - t->qtid = ntohs (raw[3]);
2101 - t->tid = ntohs (raw[3]);
2108 - "%s: using peer's tunnel %d\n", __FUNCTION__,
2111 + log (LOG_DEBUG, "%s: using peer's tunnel %d\n", __func__, id);
2115 -int assigned_call_avp (struct tunnel *t, struct call *c, void *data,
2117 +/*****************************************************************************/
2118 +int assigned_session_avp (struct tunnel *t, struct call *c, void *data,
2122 - * What is their CID that we must use from now on?
2125 + u_int8_t *p = data + sizeof(struct avp_hdr);
2126 + u_int16_t id = get16(p);
2128 + switch(c->msgtype) {
2135 + t->call_head->cid = id;
2142 - switch (c->msgtype)
2147 - case OCRP: /* jz: deleting the debug message */
2153 - "%s: call ID not appropriate for message %s. Ignoring.\n",
2154 - __FUNCTION__, msgtypes[c->msgtype]);
2161 - "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
2163 - wrong_length (c, "Assigned Call ID", 8, datalen, 0);
2168 - if (c->msgtype == CDN)
2170 - c->qcid = ntohs (raw[3]);
2172 - else if (c->msgtype == ICRQ)
2174 - t->call_head->cid = ntohs (raw[3]);
2176 - else if (c->msgtype == ICRP)
2178 - c->cid = ntohs (raw[3]);
2180 - else if (c->msgtype == OCRP)
2181 - { /* jz: copy callid to c->cid */
2182 - c->cid = ntohs (raw[3]);
2186 - log (LOG_DEBUG, "%s: Dunno what to do when it's state %s!\n",
2187 - __FUNCTION__, msgtypes[c->msgtype]);
2193 - "%s: using peer's call %d\n", __FUNCTION__, ntohs (raw[3]));
2195 + log (LOG_DEBUG, "%s: assigned session id: %d\n", __func__, id);
2199 +/*****************************************************************************/
2200 int packet_delay_avp (struct tunnel *t, struct call *c, void *data,
2205 - * What is their CID that we must use from now on?
2208 + u_int8_t *p = data + sizeof(struct avp_hdr);
2213 - switch (c->msgtype)
2224 - "%s: packet delay not appropriate for message %s. Ignoring.\n",
2225 - __FUNCTION__, msgtypes[c->msgtype]);
2232 - "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
2234 - wrong_length (c, "Assigned Call ID", 8, datalen, 0);
2239 - c->ppd = ntohs (raw[3]);
2240 + c->ppd = get16(p);
2245 - "%s: peer's delay is %d 1/10's of a second\n", __FUNCTION__,
2248 + log (LOG_DEBUG, "%s: peer's delay is %d 1/10's of a second\n", __func__,
2253 -int call_serno_avp (struct tunnel *t, struct call *c, void *data, int datalen)
2254 +/*****************************************************************************/
2255 +int call_serno_avp (struct tunnel *t, struct call *c, void *data, int avplen)
2258 * What is the serial number of the call?
2265 - switch (c->msgtype)
2273 - "%s: call ID not appropriate for message %s. Ignoring.\n",
2274 - __FUNCTION__, msgtypes[c->msgtype]);
2277 - if (datalen != 10)
2282 - "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
2284 - wrong_length (c, "Serial Number", 10, datalen, 0);
2288 - "%s: peer is using old style serial number. Will be invalid.\n",
2291 + u_int8_t *p = data + sizeof(struct avp_hdr);
2296 - t->call_head->serno = (((unsigned int) ntohs (raw[3])) << 16) |
2297 - ((unsigned int) ntohs (raw[4]));
2298 + t->call_head->serno = get32(p);
2303 - "%s: serial number is %d\n", __FUNCTION__,
2304 - t->call_head->serno);
2306 + log (LOG_DEBUG, "%s: serial number is %d\n", __func__,
2307 + t->call_head->serno);
2311 -int rx_speed_avp (struct tunnel *t, struct call *c, void *data, int datalen)
2312 +/*****************************************************************************/
2313 +int rx_speed_avp (struct tunnel *t, struct call *c, void *data, int avplen)
2316 - * What is the received baud rate of the call?
2319 + u_int8_t *p = data + sizeof(struct avp_hdr);
2324 - switch (c->msgtype)
2333 - "%s: rx connect speed not appropriate for message %s. Ignoring.\n",
2334 - __FUNCTION__, msgtypes[c->msgtype]);
2337 - if (datalen != 10)
2341 - "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
2343 - wrong_length (c, "Connect Speed (RX)", 10, datalen, 0);
2348 - c->rxspeed = (((unsigned int) ntohs (raw[3])) << 16) |
2349 - ((unsigned int) ntohs (raw[4]));
2354 - "%s: receive baud rate is %d\n", __FUNCTION__, c->rxspeed);
2356 + c->rxspeed = get32(p);
2358 + log(LOG_DEBUG, "%s: receive baud rate is %d\n", __func__, c->rxspeed);
2362 -int tx_speed_avp (struct tunnel *t, struct call *c, void *data, int datalen)
2363 +/*****************************************************************************/
2364 +int tx_speed_avp (struct tunnel *t, struct call *c, void *data, int avplen)
2367 - * What is the tranmsit baud rate of the call?
2370 + u_int8_t *p = data + sizeof(struct avp_hdr);
2375 - switch (c->msgtype)
2384 - "%s: tx connect speed not appropriate for message %s. Ignoring.\n",
2385 - __FUNCTION__, msgtypes[c->msgtype]);
2388 - if (datalen != 10)
2392 - "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
2394 - wrong_length (c, "Connect Speed (tx)", 10, datalen, 0);
2399 - c->txspeed = (((unsigned int) ntohs (raw[3])) << 16) |
2400 - ((unsigned int) ntohs (raw[4]));
2401 + c->txspeed = get32(p);
2406 - "%s: transmit baud rate is %d\n", __FUNCTION__, c->txspeed);
2408 + log (LOG_DEBUG, "%s: transmit baud rate is %d\n",
2409 + __func__, c->txspeed);
2413 +/*****************************************************************************/
2414 int call_physchan_avp (struct tunnel *t, struct call *c, void *data,
2419 - * What is the physical channel?
2422 + u_int8_t *p = data + sizeof(struct avp_hdr);
2427 - switch (c->msgtype)
2437 - "%s: physical channel not appropriate for message %s. Ignoring.\n",
2438 - __FUNCTION__, msgtypes[c->msgtype]);
2441 - if (datalen != 10)
2445 - "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
2447 - wrong_length (c, "Physical Channel", 10, datalen, 0);
2452 - t->call_head->physchan = (((unsigned int) ntohs (raw[3])) << 16) |
2453 - ((unsigned int) ntohs (raw[4]));
2454 + t->call_head->physchan = get32(p);
2459 - "%s: physical channel is %d\n", __FUNCTION__,
2460 - t->call_head->physchan);
2462 + log(LOG_DEBUG, "%s: physical channel is %d\n", __func__,
2463 + t->call_head->physchan);
2467 +/*****************************************************************************/
2468 int receive_window_size_avp (struct tunnel *t, struct call *c, void *data,
2473 - * What is their RWS?
2476 + u_int8_t *p = data + sizeof(struct avp_hdr);
2481 - switch (c->msgtype)
2485 - case OCRP: /* jz */
2486 - case OCCN: /* jz */
2494 - "%s: RWS not appropriate for message %s. Ignoring.\n",
2495 - __FUNCTION__, msgtypes[c->msgtype]);
2502 - "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
2504 - wrong_length (c, "Receive Window Size", 8, datalen, 0);
2509 - t->rws = ntohs (raw[3]);
2510 + t->rws = get16(p);
2517 - "%s: peer wants RWS of %d. Will use flow control.\n",
2518 - __FUNCTION__, t->rws);
2520 + log (LOG_DEBUG, "%s: peer wants RWS of %d. Will use flow control.\n",
2521 + __func__, t->rws);
2526 +/*****************************************************************************/
2527 int handle_avps (struct buffer *buf, struct tunnel *t, struct call *c)
2530 @@ -1594,82 +770,100 @@
2532 struct avp_hdr *avp;
2533 int len = buf->len - sizeof (struct control_hdr);
2534 + u_int16_t rlen = 0;
2535 + u_int16_t attr = 0;
2539 char *data = buf->start + sizeof (struct control_hdr);
2540 avp = (struct avp_hdr *) data;
2543 log (LOG_DEBUG, "%s: handling avp's for tunnel %d, call %d\n",
2544 - __FUNCTION__, t->ourtid, c->ourcid);
2545 + __func__, t->ourtid, c->ourcid);
2548 + log (LOG_WARN, "%s: packet too small\n", __func__);
2549 + set_error(c, ERROR_LENGTH, "Invalid message length");
2555 - /* Go ahead and byte-swap the header */
2556 - swaps (avp, sizeof (struct avp_hdr));
2557 - if (avp->attr > AVP_MAX)
2558 + rlen = get16((u_int8_t*)&avp->length);
2559 + attr = get16((u_int8_t*)&avp->attr);
2561 + /* AVP header checks */
2562 + if (attr > AVP_MAX)
2564 - if (AMBIT (avp->length))
2568 - "%s: dont know how to handle mandatory attribute %d. Closing %s.\n"
2569 - __FUNCTION__, avp->attr,
2570 - (c != t->self) ? "call" : "tunnel");
2571 - set_error (c, VENDOR_ERROR,
2572 - "mandatory attribute %d cannot be handled",
2574 - c->needclose = -1;
2575 + "%s: unhandeled mandatory attribute %d. Closing %s.\n",
2576 + __func__, attr, (c != t->self) ? "call" : "tunnel");
2577 + set_error (c, VENDOR_ERROR,
2578 + "mandatory attribute %d cannot be handled", attr);
2585 - "%s: dont know how to handle atribute %d.\n",
2586 - __FUNCTION__, avp->attr);
2587 + "%s: handeled attribute %d.\n",
2592 - if (ALENGTH (avp->length) > len)
2593 + if (ALENGTH (rlen) > len)
2596 - "%s: AVP received with length > remaining packet length!\n",
2598 + "%s: AVP reported length > remaining packet length\n",
2600 set_error (c, ERROR_LENGTH, "Invalid AVP length");
2601 - c->needclose = -1;
2604 - if (avp->attr && firstavp)
2605 + if (ALENGTH (rlen) < sizeof (struct avp_hdr))
2607 - log (LOG_WARN, "%s: First AVP was not message type.\n",
2609 - set_error (c, VENDOR_ERROR, "First AVP must be message type");
2610 - c->needclose = -1;
2611 + log (LOG_WARN, "%s: AVP reported length too small (%d).\n",
2612 + __func__, ALENGTH (rlen));
2613 + set_error (c, ERROR_LENGTH, "AVP too small");
2616 - if (ALENGTH (avp->length) < sizeof (struct avp_hdr))
2617 + if (avps[attr].sz) {
2618 + if((avps[attr].flags & AVP_F_FIXLEN) ?
2619 + (ALENGTH(rlen) - sizeof(struct avp_hdr)) != avps[attr].sz :
2620 + (ALENGTH(rlen) - sizeof(struct avp_hdr)) > avps[attr].sz) {
2621 + log (LOG_DEBUG, "%s: %s avp size mismatch (%d %s %d)\n",
2623 + avps[attr].description,
2624 + (avps[attr].flags & AVP_F_FIXLEN) ? "!=" : "<",
2625 + ALENGTH(rlen), avps[attr].sz);
2626 + set_error (c, ERROR_LENGTH, "AVP size check failed");
2630 + if (attr && firstavp)
2632 - log (LOG_WARN, "%s: AVP with too small of size (%d).\n",
2633 - __FUNCTION__, ALENGTH (avp->length));
2634 - set_error (c, ERROR_LENGTH, "AVP too small");
2635 - c->needclose = -1;
2636 + log (LOG_WARN, "%s: First AVP was not message type.\n",
2638 + set_error (c, VENDOR_ERROR, "First AVP must be message type");
2641 - if (AZBITS (avp->length))
2642 + if (AZBITS (rlen))
2644 - log (LOG_WARN, "%s: %sAVP has reserved bits set.\n", __FUNCTION__,
2645 - AMBIT (avp->length) ? "Mandatory " : "");
2646 - if (AMBIT (avp->length))
2647 + log (LOG_WARN, "%s: %sAVP has reserved bits set.\n", __func__,
2648 + AMBIT (rlen) ? "Mandatory " : "");
2651 set_error (c, ERROR_RESERVED, "reserved bits set in AVP");
2652 - c->needclose = -1;
2657 - if (AHBIT (avp->length))
2662 -#ifdef DEBUG_HIDDEN
2663 - log (LOG_DEBUG, "%s: Hidden bit set on AVP.\n", __FUNCTION__);
2665 + log (LOG_DEBUG, "%s: Hidden bit set on AVP.\n", __func__);
2666 /* We want to rewrite the AVP as an unhidden AVP
2667 and then pass it along as normal. Remeber how
2668 long the AVP was in the first place though! */
2669 @@ -1678,12 +872,11 @@
2672 log (LOG_WARN, "%s: Unable to handle hidden %sAVP\n:",
2674 - (AMBIT (avp->length) ? "mandatory " : ""));
2675 - if (AMBIT (avp->length))
2677 + (AMBIT (rlen) ? "mandatory " : ""));
2680 set_error (c, VENDOR_ERROR, "Invalid Hidden AVP");
2681 - c->needclose = -1;
2685 @@ -1696,17 +889,43 @@
2689 - if (avps[avp->attr].handler)
2692 + if (avps[attr].validate)
2694 + if(avps[attr].validate(attr, t, c, avp, ALENGTH (rlen))) {
2698 + "%s: verification of AVP %d (%s) failed.\n",
2700 + avps[attr].description);
2701 + set_error (c, VENDOR_ERROR, "processing failed on mandatory AVP");
2708 + "%s: Bad exit status handling attribute %d (%s).\n",
2710 + avps[attr].description);
2716 + if (avps[attr].handle)
2718 - if (avps[avp->attr].handler (t, c, avp, ALENGTH (avp->length)))
2719 + if (avps[attr].handle(t, c, avp, ALENGTH (rlen)))
2721 - if (AMBIT (avp->length))
2725 - "%s: Bad exit status handling attribute %d (%s) on mandatory packet.\n",
2726 - __FUNCTION__, avp->attr,
2727 - avps[avp->attr].description);
2728 - c->needclose = -1;
2729 + "%s: Bad exit status handling mandatory attribute %d (%s).\n",
2731 + avps[attr].description);
2732 + set_error (c, VENDOR_ERROR, "processing failed on mandatory AVP");
2736 @@ -1714,29 +933,31 @@
2739 "%s: Bad exit status handling attribute %d (%s).\n",
2740 - __FUNCTION__, avp->attr,
2741 - avps[avp->attr].description);
2743 + avps[attr].description);
2749 - if (AMBIT (avp->length))
2753 "%s: No handler for mandatory attribute %d (%s). Closing %s.\n",
2754 - __FUNCTION__, avp->attr, avps[avp->attr].description,
2756 + avps[attr].description,
2757 (c != t->self) ? "call" : "tunnel");
2758 set_error (c, VENDOR_ERROR, "No handler for attr %d (%s)\n",
2759 - avp->attr, avps[avp->attr].description);
2761 + avps[attr].description);
2767 log (LOG_WARN, "%s: no handler for atribute %d (%s).\n",
2768 - __FUNCTION__, avp->attr,
2769 - avps[avp->attr].description);
2771 + avps[attr].description);
2775 @@ -1748,16 +969,17 @@
2779 - len -= ALENGTH (avp->length);
2780 - data += ALENGTH (avp->length); /* Next AVP, please */
2781 + len -= ALENGTH (rlen);
2782 + data += ALENGTH (rlen); /* Next AVP, please */
2784 avp = (struct avp_hdr *) data;
2789 - log (LOG_WARN, "%s: negative overall packet length\n", __FUNCTION__);
2790 + log (LOG_WARN, "%s: negative overall packet length\n", __func__);
2796 --- l2tpd-0.70-pre20031121.orig/avpsend.c
2797 +++ l2tpd-0.70-pre20031121/avpsend.c
2802 - * Layer Two Tunnelling Protocol Daemon
2803 - * Copyright (C) 1998 Adtran, Inc.
2804 - * Copyright (C) 2002 Jeff McAdams
2807 + * Copyright (C) 2004 Jean-Francois Dive
2809 * This software is distributed under the terms
2810 * of the GPL, which you should have received
2811 @@ -14,337 +8,288 @@
2812 * Attribute Value Pair creating routines
2815 +/* TODO: Handle Tie break */
2816 +/* TODO: Get real hostname / config */
2817 +/* TODO: There should be an overflow check on
2818 + * the buffer size. (safe for now as
2819 + * packet size = 4k
2824 -#include <netinet/in.h>
2825 +#include <unistd.h>
2829 - * These routines should add avp's to a buffer
2832 +extern struct avp avps[];
2834 +/* We could add here padding support which would allow
2835 + * to keep alignemnt straight <jdive> */
2836 +static int add_avp(struct buffer *buf, u_int32_t avpid, unsigned char *v,
2837 + u_int32_t sz, u_int8_t setpayload) {
2838 + u_int8_t *p = buf->start + buf->len;
2840 + if(avpid > AVP_MAX || !avps[avpid].flags) {
2841 + log(LOG_DEBUG, "%s: invalid avp id %d\n", __func__, avpid);
2845 + set16(p, (sz + 6) | (avps[avpid].flags & AVP_F_MANDATORY ? MBIT : 0));
2846 + set16(p + 2, VENDOR_ID);
2847 + set16(p + 4, avpid);
2849 + memcpy(p + 6, v, sz);
2851 -/* FIXME: If SANITY is on, we should check for buffer overruns */
2852 + buf->len += (sz + 6);
2856 -/* FIXME: Can't this be condensed alot? */
2857 +/*****************************************************************************/
2858 +int add_message_type_avp(struct buffer *buf, _u16 type) {
2861 + if(add_avp(buf, MESSAGE_TYPE_AVP, t, 2, 1))
2866 -int add_message_type_avp (struct buffer *buf, _u16 type)
2868 - _u16 *raw = (_u16 *) (buf->start + buf->len);
2869 - raw[0] = htons (0x8 | MBIT);
2870 - raw[1] = htons (VENDOR_ID);
2872 - raw[3] = htons (type);
2874 +/*****************************************************************************/
2875 +int add_protocol_avp(struct buffer *buf) {
2877 + set16(t, OUR_L2TP_VERSION);
2878 + if(add_avp(buf, PROTOCOL_VERSION_AVP, t, 2, 1))
2883 -int add_protocol_avp (struct buffer *buf)
2885 - _u16 *raw = (_u16 *) (buf->start + buf->len);
2886 - raw[0] = htons (0x8 | MBIT); /* Length and M bit */
2887 - raw[1] = htons (VENDOR_ID);
2888 - raw[2] = htons (0x2); /* Value of our AVP */
2889 - raw[3] = htons (OUR_L2TP_VERSION);
2891 +/*****************************************************************************/
2892 +int add_frame_caps_avp(struct buffer *buf, _u16 caps) {
2896 + set16(&t[2], caps);
2897 + if(add_avp(buf, FRAMING_CAP_AVP, t, 4, 1))
2902 -int add_frame_caps_avp (struct buffer *buf, _u16 caps)
2904 - _u16 *raw = (_u16 *) (buf->start + buf->len);
2905 - raw[0] = htons (0xA | MBIT);
2906 - raw[1] = htons (VENDOR_ID);
2907 - raw[2] = htons (0x3);
2909 - raw[4] = htons (caps);
2911 +/*****************************************************************************/
2912 +int add_bearer_caps_avp(struct buffer *buf, _u16 caps) {
2916 + set16(&t[2], caps);
2917 + if(add_avp(buf, BEARER_CAP_AVP, t, 4, 1))
2922 -int add_bearer_caps_avp (struct buffer *buf, _u16 caps)
2924 - _u16 *raw = (_u16 *) (buf->start + buf->len);
2925 - raw[0] = htons (0xA | MBIT);
2926 - raw[1] = htons (VENDOR_ID);
2927 - raw[2] = htons (0x4);
2929 - raw[4] = htons (caps);
2931 +/*****************************************************************************/
2932 +int add_firmware_avp(struct buffer *buf) {
2934 + set16(t, OUR_L2TP_VERSION);
2935 + if(add_avp(buf, FIRMWARE_REV_AVP, t, 2, 1))
2940 -/* FIXME: I need to send tie breaker AVP's */
2942 -int add_firmware_avp (struct buffer *buf)
2944 - _u16 *raw = (_u16 *) (buf->start + buf->len);
2945 - raw[0] = htons (0x8);
2946 - raw[1] = htons (VENDOR_ID);
2947 - raw[2] = htons (0x6);
2948 - raw[3] = htons (FIRMWARE_REV);
2950 +/*****************************************************************************/
2951 +int add_hostname_avp(struct buffer *buf, struct tunnel *t) {
2954 + if(t->lac && t->lac->hostname[0]) {
2955 + strncpy(n,t->lac->hostname, sizeof(n));
2956 + sz = strnlen(t->lac->hostname, sizeof(t->lac->hostname));
2958 + else if(t->lns && t->lns->hostname[0]) {
2959 + strncpy(n,t->lns->hostname, sizeof(n));
2960 + sz = strnlen(t->lns->hostname, sizeof(t->lns->hostname));
2963 + if(gethostname(n, STRLEN)) {
2964 + strcpy(n,"eriwan");
2968 + sz = strnlen(n, sizeof(n));
2970 + if(add_avp(buf, HOSTNAME_AVP, n, sz, 1))
2976 -int add_hostname_avp(struct buffer *buf) {
2977 - _u16 *raw = (_u16 *)(buf->start + buf->len);
2978 - raw[0] = htons((0x6 + strlen(hostname)) | MBIT);
2979 - raw[1] = htons(VENDOR_ID);
2980 - raw[2] = htons(0x7);
2981 - strcpy((char *)(&raw[3]), hostname);
2982 - buf->len += 6 + strlen(hostname);
2984 +/*****************************************************************************/
2985 +int add_vendor_avp(struct buffer *buf) {
2986 + if(add_avp(buf, VENDOR_NAME_AVP, VENDOR_NAME, strlen(VENDOR_NAME), 1))
2992 -int add_hostname_avp (struct buffer *buf)
2994 - char names[6] = "eriwan";
2995 - _u16 *raw = (_u16 *) (buf->start + buf->len);
2996 - raw[0] = htons (0xC | MBIT);
2997 - raw[1] = htons (VENDOR_ID);
2998 - raw[2] = htons (0x7);
2999 - strcpy ((char *) (&raw[3]), names);
3004 -int add_vendor_avp (struct buffer *buf)
3006 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3007 - raw[0] = htons (0x6 + strlen (VENDOR_NAME));
3008 - raw[1] = htons (VENDOR_ID);
3009 - raw[2] = htons (0x8);
3010 - strcpy ((char *) (&raw[3]), VENDOR_NAME);
3011 - buf->len += 6 + strlen (VENDOR_NAME);
3015 -int add_tunnelid_avp (struct buffer *buf, _u16 tid)
3017 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3018 - raw[0] = htons (0x8 | MBIT);
3019 - raw[1] = htons (VENDOR_ID);
3020 - raw[2] = htons (0x9);
3021 - raw[3] = htons (tid);
3026 -int add_avp_rws (struct buffer *buf, _u16 rws)
3028 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3029 - raw[0] = htons (0x8 | MBIT);
3030 - raw[1] = htons (VENDOR_ID);
3031 - raw[2] = htons (0xA);
3032 - raw[3] = htons (rws);
3037 -int add_challenge_avp (struct buffer *buf, char *c, int len)
3039 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3040 - raw[0] = htons ((0x6 + len) | MBIT);
3041 - raw[1] = htons (VENDOR_ID);
3042 - raw[2] = htons (0xB);
3043 - bcopy (c, (char *) (&raw[3]), len);
3044 - buf->len += 6 + len;
3048 -int add_chalresp_avp (struct buffer *buf, char *c, int len)
3050 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3051 - raw[0] = htons ((0x6 + len) | MBIT);
3052 - raw[1] = htons (VENDOR_ID);
3053 - raw[2] = htons (0xD);
3054 - bcopy (c, (char *) (&raw[3]), len);
3055 - buf->len += 6 + len;
3059 -int add_randvect_avp (struct buffer *buf, char *c, int len)
3061 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3062 - raw[0] = htons ((0x6 + len) | MBIT);
3063 - raw[1] = htons (VENDOR_ID);
3064 - raw[2] = htons (0x24);
3065 - bcopy (c, (char *) (&raw[3]), len);
3066 - buf->len += 6 + len;
3070 -int add_result_code_avp (struct buffer *buf, _u16 result, _u16 error,
3071 - char *msg, int len)
3073 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3074 - raw[0] = htons ((0xA + len) | MBIT);
3075 - raw[1] = htons (VENDOR_ID);
3076 - raw[2] = htons (0x1);
3077 - raw[3] = htons (result);
3078 - raw[4] = htons (error);
3079 - bcopy (msg, (char *) &raw[5], len);
3080 - buf->len += (10 + len);
3081 +/*****************************************************************************/
3082 +int add_tunnelid_avp(struct buffer *buf, _u16 tid) {
3085 + if(add_avp(buf, ASSIGNED_TUN_ID_AVP, t, 2, 1))
3090 +/*****************************************************************************/
3091 +int add_avp_rws(struct buffer *buf, _u16 rws) {
3094 + if(add_avp(buf, RX_WIN_SIZE_AVP, t, 2, 1))
3099 +/*****************************************************************************/
3100 +int add_challenge_avp(struct buffer *buf, char *c, int len) {
3101 + if(add_avp(buf, CHALLENGE_AVP, c, len, 1))
3106 +/*****************************************************************************/
3107 +int add_chalresp_avp(struct buffer *buf, char *c, int len) {
3108 + if(add_avp(buf, CHALLENGE_RESP_AVP, c, len, 1))
3113 +/*****************************************************************************/
3114 +int add_randvect_avp(struct buffer *buf, char *c, int len) {
3115 + if(add_avp(buf, RANDOM_VECTOR_AVP, c, len, 1))
3120 +/*****************************************************************************/
3121 +int add_result_code_avp(struct buffer *buf, _u16 result, _u16 error,
3122 + char *msg, int len) {
3125 + set16(&t[2], error);
3126 + memcpy((u_int8_t*)(buf->start + buf->len + 10), msg, len);
3127 + memcpy((u_int8_t*)(buf->start + buf->len + 6), t, 4);
3128 + if(add_avp(buf, RESULT_CODE_AVP, 0, 4 + len, 0))
3133 +/*****************************************************************************/
3135 -int add_callid_avp (struct buffer *buf, _u16 callid, struct tunnel *t)
3138 -int add_callid_avp (struct buffer *buf, _u16 callid)
3141 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3143 +int add_callid_avp(struct buffer *buf, _u16 callid, struct tunnel *t) {
3148 - raw[0] = htons (0x8 | MBIT);
3149 - raw[1] = htons (VENDOR_ID);
3150 - raw[2] = htons (0xE);
3151 - raw[3] = htons (callid);
3155 + if(add_avp(buf, ASSIGNED_SES_ID_AVP, t, 2, 1))
3158 encrypt_avp (buf, 8, t);
3162 +int add_callid_avp(struct buffer *buf, _u16 callid) {
3165 + if(add_avp(buf, ASSIGNED_SES_ID_AVP, t, 2, 1))
3171 +/*****************************************************************************/
3172 +int add_serno_avp(struct buffer *buf, unsigned int serno) {
3175 + if(add_avp(buf, SERIAL_NUMBER_AVP, t, 4, 1))
3180 +/*****************************************************************************/
3181 +int add_bearer_avp(struct buffer *buf, int bearer) {
3184 + if(add_avp(buf, BEARER_TYPE_AVP, t, 4, 1))
3189 +/*****************************************************************************/
3190 +int add_frame_avp(struct buffer *buf, int frame) {
3193 + if(add_avp(buf, FRAMING_TYPE_AVP, t, 4, 1))
3198 +/*****************************************************************************/
3199 +int add_txspeed_avp(struct buffer *buf, int speed) {
3202 + if(add_avp(buf, TX_CONNECT_SPEED_AVP, t, 4, 1))
3207 +/*****************************************************************************/
3208 +int add_rxspeed_avp(struct buffer *buf, int speed) {
3211 + if(add_avp(buf, RX_CONNECT_SPEED_AVP, t, 4, 1))
3216 +/*****************************************************************************/
3217 +int add_physchan_avp(struct buffer *buf, unsigned int physchan) {
3219 + set32(t, physchan);
3220 + if(add_avp(buf, PHYS_CHAN_ID_AVP, t, 4, 1))
3225 +/*****************************************************************************/
3226 +int add_ppd_avp(struct buffer *buf, _u16 ppd) {
3229 + if(add_avp(buf, PACKET_DELAY_AVP, t, 2, 1))
3234 +/*****************************************************************************/
3235 +int add_seqreqd_avp(struct buffer *buf) {
3236 + if(add_avp(buf, SEQ_REQUIRED_AVP, 0, 0, 0))
3241 +/*****************************************************************************/
3242 +int add_minbps_avp(struct buffer *buf, int speed) {
3245 + if(add_avp(buf, MIN_BPS_AVP, t, 4, 1))
3250 -int add_serno_avp (struct buffer *buf, unsigned int serno)
3252 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3253 - raw[0] = htons (0xA | MBIT);
3254 - raw[1] = htons (VENDOR_ID);
3255 - raw[2] = htons (0xF);
3256 - raw[3] = htons ((serno >> 16) & 0xFFFF);
3257 - raw[4] = htons (serno & 0xFFFF);
3262 -int add_bearer_avp (struct buffer *buf, int bearer)
3264 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3265 - raw[0] = htons (0xA | MBIT);
3266 - raw[1] = htons (VENDOR_ID);
3267 - raw[2] = htons (0x12);
3268 - raw[3] = htons ((bearer >> 16) & 0xFFFF);
3269 - raw[4] = htons (bearer & 0xFFFF);
3274 -int add_frame_avp (struct buffer *buf, int frame)
3276 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3277 - raw[0] = htons (0xA | MBIT);
3278 - raw[1] = htons (VENDOR_ID);
3279 - raw[2] = htons (0x13);
3280 - raw[3] = htons ((frame >> 16) & 0xFFFF);
3281 - raw[4] = htons (frame & 0xFFFF);
3286 -int add_txspeed_avp (struct buffer *buf, int speed)
3288 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3289 - raw[0] = htons (0xA | MBIT);
3290 - raw[1] = htons (VENDOR_ID);
3291 - raw[2] = htons (0x18);
3292 - raw[3] = htons ((speed >> 16) & 0xFFFF);
3293 - raw[4] = htons (speed & 0xFFFF);
3298 -int add_rxspeed_avp (struct buffer *buf, int speed)
3300 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3301 - raw[0] = htons (0xA | MBIT);
3302 - raw[1] = htons (VENDOR_ID);
3303 - raw[2] = htons (0x26);
3304 - raw[3] = htons ((speed >> 16) & 0xFFFF);
3305 - raw[4] = htons (speed & 0xFFFF);
3310 -int add_physchan_avp (struct buffer *buf, unsigned int physchan)
3312 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3313 - raw[0] = htons (0x8 | MBIT);
3314 - raw[1] = htons (VENDOR_ID);
3315 - raw[2] = htons (0x19);
3316 - raw[3] = htons ((physchan >> 16) & 0xFFFF);
3317 - raw[4] = htons (physchan & 0xFFFF);
3322 -int add_ppd_avp (struct buffer *buf, _u16 ppd)
3324 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3325 - raw[0] = htons (0x8 | MBIT);
3326 - raw[1] = htons (VENDOR_ID);
3327 - raw[2] = htons (0x14);
3328 - raw[3] = htons (ppd);
3333 -int add_seqreqd_avp (struct buffer *buf)
3335 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3336 - raw[0] = htons (0x6 | MBIT);
3337 - raw[1] = htons (VENDOR_ID);
3338 - raw[2] = htons (0x27);
3343 -/* jz: options dor the outgoing call */
3345 -/* jz: Minimum BPS - 16 */
3346 -int add_minbps_avp (struct buffer *buf, int speed)
3348 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3349 - raw[0] = htons (0xA | MBIT);
3350 - raw[1] = htons (VENDOR_ID);
3351 - raw[2] = htons (0x10);
3352 - raw[3] = htons ((speed >> 16) & 0xFFFF);
3353 - raw[4] = htons (speed & 0xFFFF);
3358 -/* jz: Maximum BPS - 17 */
3359 -int add_maxbps_avp (struct buffer *buf, int speed)
3361 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3362 - raw[0] = htons (0xA | MBIT);
3363 - raw[1] = htons (VENDOR_ID);
3364 - raw[2] = htons (0x11);
3365 - raw[3] = htons ((speed >> 16) & 0xFFFF);
3366 - raw[4] = htons (speed & 0xFFFF);
3371 -/* jz: Dialed Number 21 */
3372 -int add_number_avp (struct buffer *buf, char *no)
3374 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3375 - raw[0] = htons ((0x6 + strlen (no)) | MBIT);
3376 - raw[1] = htons (VENDOR_ID);
3377 - raw[2] = htons (0x15);
3378 - strncpy ((char *) (&(raw[3])), no, strlen (no));
3379 - buf->len += 6 + strlen (no);
3380 +/*****************************************************************************/
3381 +int add_maxbps_avp(struct buffer *buf, int speed) {
3384 + if(add_avp(buf, MAX_BPS_AVP, t, 4, 1))
3389 +/*****************************************************************************/
3390 +int add_number_avp(struct buffer *buf, char *no) {
3391 + if(add_avp(buf, CALLED_NUMBER_AVP, no, strlen(no), 1))
projects / openwrt.git / blob