add l2tpd
[openwrt/svn-archive/archive.git] / openwrt / package / l2tpd / patches / debian-2.patch
1 --- l2tpd-0.70-pre20031121.orig/Makefile
2 +++ l2tpd-0.70-pre20031121/Makefile
3 @@ -28,7 +28,8 @@
4 # become runtime options) debugging flags
5 #
6 #DFLAGS= -g -O2 -DDEBUG_PPPD
7 -DFLAGS= -g -O2 -DDEBUG_PPPD -DDEBUG_CONTROL -DDEBUG_ENTROPY
8 +#DFLAGS= -g -O2 -Wall -DDEBUG_PPPD -DDEBUG_CONTROL -DDEBUG_ENTROPY
9 +DFLAGS= -ggdb -Wall -DDEBUG_PPPD -DDEBUG_CONTROL -DDEBUG_ENTROPY
10 #
11 # Uncomment the next line for Linux
12 #
13 @@ -58,7 +59,7 @@
14
15 FFLAGS= -DIP_ALLOCATION
16
17 -CFLAGS= $(DFLAGS) -Wall -DSANITY $(OSFLAGS) $(FFLAGS)
18 +CFLAGS= $(DFLAGS) -Wall -DSANITY $(OSFLAGS) $(FFLAGS)
19 HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h
20 OBJS=l2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o
21 LIBS= $(OSLIB) # -lefence # efence for malloc checking
22 --- l2tpd-0.70-pre20031121.orig/control.c
23 +++ l2tpd-0.70-pre20031121/control.c
24 @@ -227,7 +227,7 @@
25 add_bearer_caps_avp (buf, t->ourbc);
26 /* FIXME: Tie breaker */
27 add_firmware_avp (buf);
28 - add_hostname_avp (buf);
29 + add_hostname_avp (buf, t);
30 add_vendor_avp (buf);
31 add_tunnelid_avp (buf, t->ourtid);
32 if (t->ourrws >= 0)
33 @@ -346,7 +346,6 @@
34 "%s: Peer did not specify assigned tunnel ID. Closing.\n",
35 __FUNCTION__);
36 set_error (c, VENDOR_ERROR, "Specify your assigned tunnel ID");
37 - c->needclose = -1;
38 return -EINVAL;
39 }
40 if (!(t->lns = get_lns (t)))
41 @@ -356,7 +355,6 @@
42 "%s: Denied connection to unauthorized peer %s\n",
43 __FUNCTION__, IPADDY (t->peer.sin_addr));
44 set_error (c, VENDOR_ERROR, "No Authorization");
45 - c->needclose = -1;
46 return -EINVAL;
47 }
48 t->ourrws = t->lns->tun_rws;
49 @@ -368,7 +366,6 @@
50 "%s: Peer did not specify framing capability. Closing.\n",
51 __FUNCTION__);
52 set_error (c, VENDOR_ERROR, "Specify framing capability");
53 - c->needclose = -1;
54 return -EINVAL;
55 }
56 /* FIXME: Do we need to be sure they specified a version number?
57 @@ -380,7 +377,6 @@
58 if (DEBUG) log(LOG_DEBUG,
59 "%s: Peer did not specify bearer capability. Closing.\n",__FUNCTION__);
60 set_error(c, VENDOR_ERROR, "Specify bearer capability");
61 - c->needclose = -1;
62 return -EINVAL;
63 } */
64 if ((!strlen (t->hostname)) && ((t->chal_us.state) || ((t->lns->challenge))))
65 @@ -390,7 +386,6 @@
66 "%s: Peer did not specify hostname. Closing.\n",
67 __FUNCTION__);
68 set_error (c, VENDOR_ERROR, "Specify your hostname");
69 - c->needclose = -1;
70 return -EINVAL;
71 }
72 y = tunnels.head;
73 @@ -427,7 +422,7 @@
74 add_frame_caps_avp (buf, t->ourfc);
75 add_bearer_caps_avp (buf, t->ourbc);
76 add_firmware_avp (buf);
77 - add_hostname_avp (buf);
78 + add_hostname_avp (buf, t);
79 add_vendor_avp (buf);
80 add_tunnelid_avp (buf, t->ourtid);
81 if (t->ourrws >= 0)
82 @@ -481,7 +476,6 @@
83 "%s: Peer did not specify framing capability. Closing.\n",
84 __FUNCTION__);
85 set_error (c, VENDOR_ERROR, "Specify framing capability");
86 - c->needclose = -1;
87 return -EINVAL;
88 }
89 /* FIXME: Do we need to be sure they specified a version number?
90 @@ -493,7 +487,6 @@
91 if (DEBUG) log(LOG_DEBUG,
92 "%s: Peer did not specify bearer capability. Closing.\n",__FUNCTION__);
93 set_error(c, VENDOR_ERROR, "Specify bearer capability");
94 - c->needclose = -1;
95 return -EINVAL;
96 } */
97 if ((!strlen (t->hostname)) && ((t->chal_them.state) || ((t->chal_us.state))))
98 @@ -503,7 +496,6 @@
99 "%s: Peer did not specify hostname. Closing.\n",
100 __FUNCTION__);
101 set_error (c, VENDOR_ERROR, "Specify your hostname");
102 - c->needclose = -1;
103 return -EINVAL;
104 }
105 if (t->tid <= 0)
106 @@ -513,7 +505,6 @@
107 "%s: Peer did not specify assigned tunnel ID. Closing.\n",
108 __FUNCTION__);
109 set_error (c, VENDOR_ERROR, "Specify your assigned tunnel ID");
110 - c->needclose = -1;
111 return -EINVAL;
112 }
113 if (t->chal_them.state)
114 @@ -524,7 +515,6 @@
115 set_error (c, VENDOR_ERROR, "No secret key on our side");
116 log (LOG_WARN, "%s: No secret key for authenticating '%s'\n",
117 __FUNCTION__, t->hostname);
118 - c->needclose = -1;
119 return -EINVAL;
120 }
121 if (memcmp
122 @@ -534,7 +524,6 @@
123 "Invalid challenge authentication");
124 log (LOG_DEBUG, "%s: Invalid authentication for host '%s'\n",
125 __FUNCTION__, t->hostname);
126 - c->needclose = -1;
127 return -EINVAL;
128 }
129 }
130 @@ -546,7 +535,6 @@
131 log (LOG_WARN, "%s: No secret for authenticating to '%s'\n",
132 __FUNCTION__, t->hostname);
133 set_error (c, VENDOR_ERROR, "No secret key on our end");
134 - c->needclose = -1;
135 return -EINVAL;
136 };
137 }
138 @@ -606,7 +594,6 @@
139 "Invalid challenge authentication");
140 log (LOG_DEBUG, "%s: Invalid authentication for host '%s'\n",
141 __FUNCTION__, t->hostname);
142 - c->needclose = -1;
143 return -EINVAL;
144 }
145 }
146 @@ -1584,6 +1571,14 @@
147 wbuf[pos++] = e;
148 for (x = 0; x < buf->len; x++)
149 {
150 + // we must at least still have 4 bytes left in the worst case scenario:
151 + // 1 for a possible escape, 1 for the value and 1 to end the PPP stream.
152 + if(pos >= (sizeof(wbuf) - 4)) {
153 + if(DEBUG)
154 + log(LOG_CRIT, "%s: rx packet is too big after PPP encoding (size %u, max is %u)\n",
155 + __FUNCTION__, buf->len, MAX_RECV_SIZE);
156 + return -EINVAL;
157 + }
158 e = *((char *) buf->start + x);
159 if ((e < 0x20) || (e == PPP_ESCAPE) || (e == PPP_FLAG))
160 {
161 @@ -1592,7 +1587,6 @@
162 wbuf[pos++] = PPP_ESCAPE;
163 }
164 wbuf[pos++] = e;
165 -
166 }
167 wbuf[pos++] = PPP_FLAG;
168 x = write (c->fd, wbuf, pos);
169 --- l2tpd-0.70-pre20031121.orig/misc.h
170 +++ l2tpd-0.70-pre20031121/misc.h
171 @@ -80,4 +80,11 @@
172 extern void safe_copy (char *, char *, int);
173 extern void opt_destroy (struct ppp_opts *);
174 extern struct ppp_opts *add_opt (struct ppp_opts *, char *, ...);
175 +extern u_int16_t get16(u_int8_t *);
176 +extern u_int32_t get32(u_int8_t *);
177 +extern u_int64_t get64(u_int8_t *);
178 +extern void set16(u_int8_t *, u_int16_t);
179 +extern void set32(u_int8_t *, u_int32_t);
180 +extern void set64(u_int8_t *, u_int64_t);
181 +
182 #endif
183 --- l2tpd-0.70-pre20031121.orig/avp.h
184 +++ l2tpd-0.70-pre20031121/avp.h
185 @@ -19,22 +19,35 @@
186
187 struct avp_hdr
188 {
189 - _u16 length;
190 - _u16 vendorid;
191 - _u16 attr;
192 + u_int16_t length;
193 + u_int16_t vendorid;
194 + u_int16_t attr;
195 };
196
197 +#define AVP_F_MANDATORY 0x1
198 +#define AVP_F_FIXLEN 0x2
199 +#define AVP_F_ASCII 0x4
200 +
201 struct avp
202 {
203 - int num; /* Number of AVP */
204 - int m; /* Set M? */
205 - int (*handler) (struct tunnel *, struct call *, void *, int);
206 - /* This should handle the AVP
207 - taking a tunnel, call, the data,
208 - and the length of the AVP as
209 - parameters. Should return 0
210 - upon success */
211 - char *description; /* A name, for debugging */
212 + u_int32_t num; /* Number of AVP */
213 + u_int32_t flags;
214 + u_int32_t sz; /* expected avp payload size as
215 + * (AVP_F_FIXLEN) ? (==) : (!>=)
216 + * note: size checked is performed
217 + * after unhiding */
218 + u_int8_t allowed_states[8]; /* List of allowed message types for
219 + * a particular avp. Fixed len for
220 + * alignement issues. */
221 +
222 + /* This should handle the AVP taking a tunnel, call,
223 + * the data, and the length of the AVP as parameters.
224 + * Should return 0 upon success */
225 + int (*handle) (struct tunnel *, struct call *, void *, int);
226 +
227 + /* This should handle avp specifics sanity checks */
228 + int (*validate) (int, struct tunnel *, struct call *, void *, int);
229 + char *description; /* A name, for debugging */
230 };
231
232 extern int handle_avps (struct buffer *buf, struct tunnel *t, struct call *c);
233 @@ -84,8 +97,56 @@
234 #define RESULT_CLEAR 1
235 #define RESULT_ERROR 2
236 #define RESULT_EXISTS 3
237 +
238 +/* avp id's */
239 +#define MESSAGE_TYPE_AVP 0
240 +#define RESULT_CODE_AVP 1
241 +#define PROTOCOL_VERSION_AVP 2
242 +#define FRAMING_CAP_AVP 3
243 +#define BEARER_CAP_AVP 4
244 +#define TIE_BREAKER_AVP 5
245 +#define FIRMWARE_REV_AVP 6
246 +#define HOSTNAME_AVP 7
247 +#define VENDOR_NAME_AVP 8
248 +#define ASSIGNED_TUN_ID_AVP 9
249 +#define RX_WIN_SIZE_AVP 10
250 +#define CHALLENGE_AVP 11
251 +#define CHALLENGE_RESP_AVP 12
252 +#define CAUSE_ERROR_AVP 13
253 +#define ASSIGNED_SES_ID_AVP 14
254 +#define SERIAL_NUMBER_AVP 15
255 +#define MIN_BPS_AVP 16
256 +#define MAX_BPS_AVP 17
257 +#define BEARER_TYPE_AVP 18
258 +#define FRAMING_TYPE_AVP 19
259 +#define PACKET_DELAY_AVP 20
260 +#define CALLED_NUMBER_AVP 21
261 +#define CALLING_NUMBER_AVP 22
262 +#define SUB_ADDRESS_AVP 23
263 +#define TX_CONNECT_SPEED_AVP 24
264 +#define PHYS_CHAN_ID_AVP 25
265 +#define INIT_RX_LCP_AVP 26
266 +#define LAST_TX_LCP_AVP 27
267 +#define LAST_RX_LCP_AVP 28
268 +#define PROXY_AUTH_TYPE_AVP 29
269 +#define PROXY_AUTH_NAME_AVP 30
270 +#define PROXY_AUTH_CHAL_AVP 31
271 +#define PROXY_AUTH_ID_AVP 32
272 +#define PROXY_AUTH_CHAL_RESP_AVP 33
273 +#define CALL_ERROR_AVP 34
274 +#define ACCM_AVP 35
275 +#define RANDOM_VECTOR_AVP 36
276 +#define PRIV_GROUP_ID_AVP 37
277 +#define RX_CONNECT_SPEED_AVP 38
278 +#define SEQ_REQUIRED_AVP 39
279 +#define AVP_MAX SEQ_REQUIRED_AVP
280 +
281 +extern int validate_msgtype_avp(int, struct tunnel *, struct call *, void *, int);
282 +extern int validate_gen_avp(int, struct tunnel *, struct call *, void *, int);
283 +
284 extern void encrypt_avp (struct buffer *, _u16, struct tunnel *);
285 extern int decrypt_avp (char *, struct tunnel *);
286 +
287 extern int message_type_avp (struct tunnel *, struct call *, void *, int);
288 extern int protocol_version_avp (struct tunnel *, struct call *, void *, int);
289 extern int framing_caps_avp (struct tunnel *, struct call *, void *, int);
290 @@ -97,12 +158,12 @@
291 extern int receive_window_size_avp (struct tunnel *, struct call *, void *,
292 int);
293 extern int result_code_avp (struct tunnel *, struct call *, void *, int);
294 -extern int assigned_call_avp (struct tunnel *, struct call *, void *, int);
295 +extern int assigned_session_avp (struct tunnel *, struct call *, void *, int);
296 extern int call_serno_avp (struct tunnel *, struct call *, void *, int);
297 extern int bearer_type_avp (struct tunnel *, struct call *, void *, int);
298 extern int call_physchan_avp (struct tunnel *, struct call *, void *, int);
299 -extern int dialed_number_avp (struct tunnel *, struct call *, void *, int);
300 -extern int dialing_number_avp (struct tunnel *, struct call *, void *, int);
301 +extern int called_number_avp (struct tunnel *, struct call *, void *, int);
302 +extern int calling_number_avp (struct tunnel *, struct call *, void *, int);
303 extern int sub_address_avp (struct tunnel *, struct call *, void *, int);
304 extern int frame_type_avp (struct tunnel *, struct call *, void *, int);
305 extern int rx_speed_avp (struct tunnel *, struct call *, void *, int);
306 @@ -118,7 +179,7 @@
307 extern int add_avp_rws (struct buffer *, _u16);
308 extern int add_tunnelid_avp (struct buffer *, _u16);
309 extern int add_vendor_avp (struct buffer *);
310 -extern int add_hostname_avp (struct buffer *);
311 +extern int add_hostname_avp (struct buffer *, struct tunnel*);
312 extern int add_firmware_avp (struct buffer *);
313 extern int add_bearer_caps_avp (struct buffer *buf, _u16 caps);
314 extern int add_frame_caps_avp (struct buffer *buf, _u16 caps);
315 --- l2tpd-0.70-pre20031121.orig/network.c
316 +++ l2tpd-0.70-pre20031121/network.c
317 @@ -214,6 +214,8 @@
318 t->self->needclose = -1;
319 }
320 }
321 + free(buf->rstart);
322 + free(buf);
323 }
324 else
325 {
326 @@ -371,7 +373,9 @@
327 if (debug_network)
328 {
329 log (LOG_DEBUG, "%s: recv packet from %s, size = %d," \
330 -"tunnel = %d, call = %d\n", __FUNCTION__, inet_ntoa (from.sin_addr), recvsize, tunnel, call);
331 + "tunnel = %d, call = %d\n", __func__,
332 + inet_ntoa (from.sin_addr), recvsize,
333 + tunnel, call);
334 }
335 if (packet_dump)
336 {
337 --- l2tpd-0.70-pre20031121.orig/aaa.c
338 +++ l2tpd-0.70-pre20031121/aaa.c
339 @@ -209,9 +209,11 @@
340 __FUNCTION__, u, t, s);
341 #endif
342 strncpy (secret, s, size);
343 + fclose(f);
344 return -1;
345 }
346 }
347 + fclose(f);
348 return 0;
349 }
350
351 --- l2tpd-0.70-pre20031121.orig/l2tpd.c
352 +++ l2tpd-0.70-pre20031121/l2tpd.c
353 @@ -266,6 +266,9 @@
354 /* erase pid file */
355 unlink (gconfig.pidfile);
356
357 + /* erase control pipe */
358 + unlink(CONTROL_PIPE);
359 +
360 exit (1);
361 }
362
363 @@ -333,13 +336,17 @@
364 tcgetattr (c->fd, &ptyconf);
365 *(c->oldptyconf) = ptyconf;
366 ptyconf.c_cflag &= ~(ICANON | ECHO);
367 - ptyconf.c_lflag &= ~ECHO;
368 + ptyconf.c_lflag &= ~ECHO;
369 tcsetattr (c->fd, TCSANOW, &ptyconf);
370
371 snprintf (tty, sizeof (tty), "/dev/tty%c%c", a, b);
372 fd2 = open (tty, O_RDWR);
373 - stropt[pos++] = strdup(tty);
374 - stropt[pos] = NULL;
375 + if(!fd2)
376 + log(LOG_WARN, "unable to open tty %s", tty);
377 +
378 + /* XXX JEF: CHECK ME */
379 + stropt[pos++] = strdup(tty);
380 + stropt[pos] = NULL;
381
382 #ifdef USE_KERNEL
383 }
384 @@ -623,7 +630,13 @@
385 {
386 struct lac *lac;
387 lac = (struct lac *) data;
388 - if (!lac->active)
389 +
390 + if (!lac)
391 + {
392 + log (LOG_WARN, "%s : called on NULL lac!\n", __FUNCTION__);
393 + return;
394 + }
395 + if (!lac->active)
396 {
397 log (LOG_DEBUG, "%s: LAC %s not active", __FUNCTION__, lac->entname);
398 return;
399 @@ -635,11 +648,6 @@
400 log (LOG_LOG, "%s: maximum retries exceeded.\n", __FUNCTION__);
401 return;
402 }
403 - if (!lac)
404 - {
405 - log (LOG_WARN, "%s : called on NULL lac!\n", __FUNCTION__);
406 - return;
407 - }
408 if (!lac->t)
409 {
410 #ifdef DEGUG_MAGIC
411 @@ -774,12 +782,7 @@
412 void do_control ()
413 {
414 char buf[1024];
415 - char *host;
416 - char *tunstr;
417 - char *callstr;
418 -
419 - char *sub_str; /* jz: use by the strtok function */
420 - char *tmp_ptr; /* jz: use by the strtok function */
421 + char *host, *tunstr, *callstr, *tmpstr;
422 struct lac *lac;
423 int call;
424 int tunl;
425 @@ -792,24 +795,39 @@
426 if (buf[cnt - 1] == '\n')
427 buf[--cnt] = 0;
428 #ifdef DEBUG_CONTROL
429 - log (LOG_DEBUG, "%s: Got message %s (%d bytes long)\n",
430 + log (LOG_DEBUG, "%s: Got message \"%s\" (%d bytes long)\n",
431 __FUNCTION__, buf, cnt);
432 #endif
433 switch (buf[0])
434 {
435 case 't':
436 - host = strchr (buf, ' ') + 1;
437 + host = strchr (buf, ' ');
438 + if(!host)
439 + goto out;
440 + host++;
441 #ifdef DEBUG_CONTROL
442 log (LOG_DEBUG, "%s: Attempting to tunnel to %s\n",
443 __FUNCTION__, host);
444 #endif
445 l2tp_call (host, UDP_LISTEN_PORT, NULL, NULL);
446 break;
447 - case 'c':
448 -
449 - switch_io = 1; /* jz: Switch for Incoming - Outgoing Calls */
450 -
451 - tunstr = strchr (buf, ' ') + 1;
452 + case 'c': /* option 'c' for incoming call */
453 + case 'o': /* option 'o' for outgoing call */
454 + tunstr = strchr (buf, ' ');
455 + if(!tunstr)
456 + goto out;
457 + tunstr++;
458 +
459 + if(buf[0] == 'c')
460 + switch_io = 1; /* Switch for Incoming Calls */
461 + else {
462 + switch_io = 0; /* Switch for Outgoing Calls */
463 + tmpstr = strchr(tunstr, ' ');
464 + if(!tmpstr)
465 + goto out;
466 + strncpy(dial_no_tmp,tmpstr, sizeof(*dial_no_tmp));
467 + }
468 +
469 lac = laclist;
470 while (lac)
471 {
472 @@ -842,52 +860,12 @@
473 #endif
474 lac_call (tunl, NULL, NULL);
475 break;
476 -
477 - case 'o': /* jz: option 'o' for doing a outgoing call */
478 -
479 - switch_io = 0; /* jz: Switch for incoming - outgoing Calls */
480 -
481 - sub_str = strchr (buf, ' ') + 1;
482 -
483 - tunstr = strtok (sub_str, " "); /* jz: using strtok function to get */
484 - tmp_ptr = strtok (NULL, " "); /* params out of the pipe */
485 - strcpy (dial_no_tmp, tmp_ptr);
486 -
487 - lac = laclist;
488 - while (lac)
489 - {
490 - if (!strcasecmp (lac->entname, tunstr))
491 - {
492 - lac->active = -1;
493 - lac->rtries = 0;
494 - if (!lac->c)
495 - magic_lac_dial (lac);
496 - else
497 - log (LOG_DEBUG,
498 - "%s: Session '%s' already active!\n",
499 - __FUNCTION__, lac->entname);
500 - break;
501 - }
502 - lac = lac->next;
503 - }
504 - if (lac)
505 - break;
506 - tunl = atoi (tunstr);
507 - if (!tunl)
508 - {
509 - log (LOG_DEBUG, "%s: No such tunnel '%s'\n", __FUNCTION__,
510 - tunstr);
511 - break;
512 - }
513 -#ifdef DEBUG_CONTROL
514 - log (LOG_DEBUG, "%s: Attempting to call on tunnel %d\n",
515 - __FUNCTION__, tunl);
516 -#endif
517 - lac_call (tunl, NULL, NULL);
518 - break;
519 -
520 case 'h':
521 - callstr = strchr (buf, ' ') + 1;
522 + callstr = strchr (buf, ' ');
523 + if(!callstr)
524 + goto out;
525 + callstr++;
526 +
527 call = atoi (callstr);
528 #ifdef DEBUG_CONTROL
529 log (LOG_DEBUG, "%s: Attempting to call %d\n", __FUNCTION__,
530 @@ -896,7 +874,11 @@
531 lac_hangup (call);
532 break;
533 case 'd':
534 - tunstr = strchr (buf, ' ') + 1;
535 + tunstr = strchr (buf, ' ');
536 + if(!tunstr)
537 + goto out;
538 + tunstr++;
539 +
540 lac = laclist;
541 while (lac)
542 {
543 @@ -937,6 +919,8 @@
544 }
545 }
546 }
547 +
548 +out:
549 /* Otherwise select goes nuts */
550 close (control_fd);
551 control_fd = open (CONTROL_PIPE, O_RDONLY | O_NONBLOCK, 0600);
552 @@ -1002,7 +986,6 @@
553 int pid=0;
554 int i,l;
555 char buf[STRLEN];
556 - int pidfilewritten=0;
557
558 if((pid = fork()) < 0) {
559 log(LOG_LOG, "%s: Unable to fork ()\n",__FUNCTION__);
560 @@ -1012,56 +995,52 @@
561 else if (pid)
562 exit(0);
563
564 - close(0);
565 - close(1);
566 - close(2);
567 +
568 + close(0);
569 + close(1);
570 + close(2);
571 + dup2(open("/dev/null", O_RDONLY), 0);
572 + dup2(open("/dev/null", O_RDONLY), 1);
573 + dup2(open("/dev/null", O_RDONLY), 2);
574
575 /* Read previous pid file. */
576 - if ((i = open(gconfig.pidfile,O_RDONLY)) > 0) {
577 - l=read(i,buf,sizeof(buf)-1);
578 - if (i < 0) {
579 - log(LOG_LOG, "%s: Unable to read pid file [%s]\n",
580 - __FUNCTION__, gconfig.pidfile);
581 - }
582 - buf[i] = '\0';
583 - pid = atoi(buf);
584 -
585 - /* If the previous server process is not still running,
586 - write a new pid file immediately. */
587 - if (pid && (pid == getpid () || kill (pid, 0) < 0)) {
588 - unlink (gconfig.pidfile);
589 - if ((i = open (gconfig.pidfile, O_WRONLY | O_CREAT, 0640)) >= 0)
590 - {
591 - snprintf (buf, sizeof(buf), "%d\n", (int)getpid());
592 - write (i, buf, strlen(buf));
593 - close (i);
594 - pidfilewritten = 1;
595 - }
596 + if((i = open(gconfig.pidfile,O_RDONLY)) > 0) {
597 + l=read(i,buf,sizeof(buf)-1);
598 + if (l >= 0) {
599 + buf[l] = '\0';
600 + pid = atoi(buf);
601 }
602 - else
603 - {
604 + close(i);
605 +
606 + /* if pid is read and process exist exit */
607 + if(pid && !kill(pid, 0)) {
608 log(LOG_LOG, "%s: There's already a l2tpd server running.\n",
609 __FUNCTION__);
610 close(server_socket);
611 exit(1);
612 }
613 +
614 + /* remove stalled pid file */
615 + unlink(gconfig.pidfile);
616 }
617
618 pid = setsid();
619
620 - if(! pidfilewritten) {
621 - unlink(gconfig.pidfile);
622 - if ((i = open (gconfig.pidfile, O_WRONLY | O_CREAT, 0640)) >= 0) {
623 - snprintf (buf, strlen(buf), "%d\n", (int)getpid());
624 - write (i, buf, strlen(buf));
625 - close (i);
626 - pidfilewritten = 1;
627 - }
628 - }
629 + /* create new pid file */
630 + if ((i = open (gconfig.pidfile, O_WRONLY | O_CREAT, 0644)) >= 0) {
631 + snprintf (buf, sizeof(buf), "%d", (int)getpid());
632 + write (i, buf, strlen(buf));
633 + close (i);
634 + }
635 + else {
636 + log(LOG_LOG, "%s: could not write pid file %s error %d",
637 + __FUNCTION__, gconfig.pidfile, i);
638 + close(server_socket);
639 + exit(1);
640 + }
641 }
642
643
644 -
645 void init (int argc,char *argv[])
646 {
647 struct lac *lac;
648 @@ -1103,10 +1082,6 @@
649 }
650 log (LOG_LOG, "l2tpd version " SERVER_VERSION " started on %s PID:%d\n",
651 hostname, getpid ());
652 - log (LOG_LOG,
653 - "Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.\n");
654 - log (LOG_LOG, "Forked by Scott Balmos and David Stipp, (C) 2001\n");
655 - log (LOG_LOG, "Inherited by Jeff McAdams, (C) 2002\n");
656 listenaddr.s_addr = gconfig.listenaddr;
657 log (LOG_LOG, "%s version %s on a %s, listening on IP address %s, port %d\n", uts.sysname,
658 uts.release, uts.machine, inet_ntoa(listenaddr), gconfig.port);
659 --- l2tpd-0.70-pre20031121.orig/misc.c
660 +++ l2tpd-0.70-pre20031121/misc.c
661 @@ -301,3 +301,42 @@
662 return -1;
663 }
664 }
665 +
666 +u_int16_t get16(u_int8_t *p) {
667 + return p[0] << 8 | p[1];
668 +}
669 +
670 +u_int32_t get32(u_int8_t *p) {
671 + return p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
672 +}
673 +
674 +u_int64_t get64(u_int8_t *p) {
675 + return (u_int64_t)p[0] << 56 | (u_int64_t)p[1] << 48 |
676 + (u_int64_t)p[2] << 40 | (u_int64_t)p[3] << 32 |
677 + (u_int64_t)p[4] << 24 | (u_int64_t)p[5] << 16 |
678 + (u_int64_t)p[6] << 8 | (u_int64_t)p[7];
679 +}
680 +
681 +void set16(u_int8_t *cp, u_int16_t x) {
682 + *cp++ = x >> 8;
683 + *cp = x & 0xff;
684 +}
685 +
686 +void set32(u_int8_t *cp, u_int32_t x) {
687 + *cp++ = x >> 24;
688 + *cp++ = (x >> 16) & 0xff;
689 + *cp++ = (x >> 8) & 0xff;
690 + *cp = x & 0xff;
691 +}
692 +
693 +void set64(u_int8_t *cp, u_int64_t x) {
694 + *cp++ = x >> 56;
695 + *cp++ = (x >> 48) & 0xff;
696 + *cp++ = (x >> 40) & 0xff;
697 + *cp++ = (x >> 32) & 0xff;
698 + *cp++ = (x >> 24) & 0xff;
699 + *cp++ = (x >> 16) & 0xff;
700 + *cp++ = (x >> 8) & 0xff;
701 + *cp = x & 0xff;
702 +}
703 +
704 --- l2tpd-0.70-pre20031121.orig/avp.c
705 +++ l2tpd-0.70-pre20031121/avp.c
706 @@ -4,9 +4,12 @@
707 * Layer Two Tunnelling Protocol Daemon
708 * Copyright (C) 1998 Adtran, Inc.
709 * Copyright (C) 2002 Jeff McAdams
710 + * Copyright (C) 2003 Jean-Francois Dive
711 *
712 * Mark Spencer
713 *
714 + * 12/2003 parsing sanitization, Jean-Francois Dive
715 + *
716 * This software is distributed under the terms
717 * of the GPL, which you should have received
718 * along with this source.
719 @@ -20,50 +23,53 @@
720 #include <netinet/in.h>
721 #include "l2tp.h"
722
723 -#define AVP_MAX 39
724 +/* TODO:
725 + * - Tie breaker.
726 + * - Clean Proxy Authentication solution.
727 + */
728
729 +/*****************************************************************************/
730 struct avp avps[] = {
731 -
732 - {0, 1, &message_type_avp, "Message Type"},
733 - {1, 1, &result_code_avp, "Result Code"},
734 - {2, 1, &protocol_version_avp, "Protocol Version"},
735 - {3, 1, &framing_caps_avp, "Framing Capabilities"},
736 - {4, 1, &bearer_caps_avp, "Bearer Capabilities"},
737 - {5, 0, NULL, "Tie Breaker"},
738 - {6, 0, &firmware_rev_avp, "Firmware Revision"},
739 - {7, 0, &hostname_avp, "Host Name"},
740 - {8, 1, &vendor_avp, "Vendor Name"},
741 - {9, 1, &assigned_tunnel_avp, "Assigned Tunnel ID"},
742 - {10, 1, &receive_window_size_avp, "Receive Window Size"},
743 - {11, 1, &challenge_avp, "Challenge"},
744 - {12, 0, NULL, "Q.931 Cause Code"},
745 - {13, 1, &chalresp_avp, "Challenge Response"},
746 - {14, 1, &assigned_call_avp, "Assigned Call ID"},
747 - {15, 1, &call_serno_avp, "Call Serial Number"},
748 - {16, 1, NULL, "Minimum BPS"},
749 - {17, 1, NULL, "Maximum BPS"},
750 - {18, 1, &bearer_type_avp, "Bearer Type"},
751 - {19, 1, &frame_type_avp, "Framing Type"},
752 - {20, 1, &packet_delay_avp, "Packet Processing Delay"},
753 - {21, 1, &dialed_number_avp, "Dialed Number"},
754 - {22, 1, &dialing_number_avp, "Dialing Number"},
755 - {23, 1, &sub_address_avp, "Sub-Address"},
756 - {24, 1, &tx_speed_avp, "Transmit Connect Speed"},
757 - {25, 1, &call_physchan_avp, "Physical channel ID"},
758 - {26, 0, NULL, "Initial Received LCP Confreq"},
759 - {27, 0, NULL, "Last Sent LCP Confreq"},
760 - {28, 0, NULL, "Last Received LCP Confreq"},
761 - {29, 1, &ignore_avp, "Proxy Authen Type"},
762 - {30, 0, &ignore_avp, "Proxy Authen Name"},
763 - {31, 0, &ignore_avp, "Proxy Authen Challenge"},
764 - {32, 0, &ignore_avp, "Proxy Authen ID"},
765 - {33, 1, &ignore_avp, "Proxy Authen Response"},
766 - {34, 1, NULL, "Call Errors"},
767 - {35, 1, &ignore_avp, "ACCM"},
768 - {36, 1, &rand_vector_avp, "Random Vector"},
769 - {37, 1, NULL, "Private Group ID"},
770 - {38, 0, &rx_speed_avp, "Receive Connect Speed"},
771 - {39, 1, &seq_reqd_avp, "Sequencing Required"}
772 + {0, AVP_F_MANDATORY|AVP_F_FIXLEN, 2, {0}, &message_type_avp, &validate_msgtype_avp, "Message Type"},
773 + {1, AVP_F_MANDATORY, MAXSTRLEN, {CDN, StopCCN}, &result_code_avp, &validate_gen_avp, "Result Code"},
774 + {2, AVP_F_MANDATORY|AVP_F_FIXLEN, 2, {SCCRP, SCCRQ}, &protocol_version_avp, &validate_gen_avp, "Protocol Version"},
775 + {3, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {SCCRP, SCCRQ}, &framing_caps_avp, &validate_gen_avp, "Framing Capabilities"},
776 + {4, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {SCCRP, SCCRQ}, &bearer_caps_avp, &validate_gen_avp, "Bearer Capabilities"},
777 + {5, 0, 0, {0}, NULL, NULL, "Tie Breaker"},
778 + {6, AVP_F_FIXLEN, 2, {SCCRP, SCCRQ}, &firmware_rev_avp, &validate_gen_avp, "Firmware Revision"},
779 + {7, AVP_F_ASCII, MAXSTRLEN, {SCCRP, SCCRQ}, &hostname_avp, &validate_gen_avp, "Host Name"},
780 + {8, AVP_F_MANDATORY|AVP_F_ASCII, MAXSTRLEN, {SCCRP, SCCRQ}, &vendor_avp, &validate_gen_avp, "Vendor Name"},
781 + {9, AVP_F_MANDATORY|AVP_F_FIXLEN, 2, {SCCRP, SCCRQ, StopCCN}, &assigned_tunnel_avp, &validate_gen_avp, "Assigned Tunnel ID"},
782 + {10, AVP_F_MANDATORY|AVP_F_FIXLEN, 2,{SCCRP, SCCRQ, OCRP, OCCN, StopCCN}, &receive_window_size_avp, &validate_gen_avp, "Receive Window Size"},
783 + {11, AVP_F_MANDATORY, 128, {SCCRP, SCCRQ}, &challenge_avp, &validate_gen_avp, "Challenge"},
784 + {12, 0, 0, {0}, NULL, NULL, "Q.931 Cause Code"},
785 + {13, AVP_F_MANDATORY, MD_SIG_SIZE, {SCCRP, SCCCN}, &chalresp_avp, &validate_gen_avp, "Challenge Response"},
786 + {14, AVP_F_MANDATORY|AVP_F_FIXLEN, 2, {CDN, ICRP, ICRQ, OCRP, OCRQ}, &assigned_session_avp, &validate_gen_avp, "Assigned Session ID"},
787 + {15, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {ICRQ, OCRQ}, &call_serno_avp, &validate_gen_avp, "Call Serial Number"},
788 + {16, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {0}, NULL, NULL, "Minimum BPS"},
789 + {17, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {0}, NULL, NULL, "Maximum BPS"},
790 + {18, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {ICRQ, OCRQ}, &bearer_type_avp, &validate_gen_avp, "Bearer Type"},
791 + {19, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {ICCN, OCRQ, OCCN}, &frame_type_avp, &validate_gen_avp, "Framing Type"},
792 + {20, AVP_F_MANDATORY|AVP_F_FIXLEN, 2, {ICRP, OCRQ, ICCN, OCRP, OCCN}, &packet_delay_avp, &validate_gen_avp, "Packet Processing Delay"},
793 + {21, AVP_F_MANDATORY|AVP_F_ASCII, MAXSTRLEN, {ICRQ, OCRQ}, &called_number_avp, &validate_gen_avp, "Called Number"},
794 + {22, AVP_F_MANDATORY|AVP_F_ASCII, MAXSTRLEN, {ICRQ}, &calling_number_avp, &validate_gen_avp, "Calling Number"},
795 + {23, AVP_F_MANDATORY|AVP_F_ASCII, MAXSTRLEN, {OCRP, ICRQ}, &sub_address_avp, &validate_gen_avp, "Sub-Address"},
796 + {24, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {ICCN, OCCN, OCRP}, &tx_speed_avp, &validate_gen_avp, "Transmit Connect Speed"},
797 + {25, AVP_F_MANDATORY|AVP_F_FIXLEN, 4, {ICRQ, OCRQ, OCRP, OCCN}, &call_physchan_avp, &validate_gen_avp, "Physical channel ID"},
798 + {26, 0, 0, {0}, NULL, NULL, "Initial Received LCP Confreq"},
799 + {27, 0, 0, {0}, NULL, NULL, "Last Sent LCP Confreq"},
800 + {28, 0, 0, {0}, NULL, NULL, "Last Received LCP Confreq"},
801 + {29, AVP_F_MANDATORY, 0, {0}, &ignore_avp, NULL, "Proxy Authen Type"},
802 + {30, 0, 0, {0}, &ignore_avp, NULL, "Proxy Authen Name"},
803 + {31, 0, 0, {0}, &ignore_avp, NULL, "Proxy Authen Challenge"},
804 + {32, 0, 0, {0}, &ignore_avp, NULL, "Proxy Authen ID"},
805 + {33, AVP_F_MANDATORY, 0, {0}, &ignore_avp, NULL, "Proxy Authen Response"},
806 + {34, AVP_F_MANDATORY|AVP_F_FIXLEN, 26, {0}, NULL, NULL, "Call Errors"},
807 + {35, AVP_F_MANDATORY|AVP_F_FIXLEN, 10, {0}, &ignore_avp, NULL, "ACCM"},
808 + {36, AVP_F_MANDATORY, 1024, {0}, &rand_vector_avp, &validate_gen_avp, "Random Vector"},
809 + {37, AVP_F_MANDATORY, 0, {0}, NULL, NULL, "Private Group ID"},
810 + {38, AVP_F_FIXLEN, 4, {ICCN, OCCN, OCRP}, &rx_speed_avp, &validate_gen_avp, "Receive Connect Speed"},
811 + {39, AVP_F_MANDATORY, 0, {ICCN, OCCN, OCRP}, &seq_reqd_avp, &validate_gen_avp, "Sequencing Required"}
812 };
813
814 char *msgtypes[] = {
815 @@ -111,6 +117,7 @@
816 "Call was connected but no appropriate framing was detect"
817 };
818
819 +/*****************************************************************************/
820 void wrong_length (struct call *c, char *field, int expected, int found,
821 int min)
822 {
823 @@ -126,12 +133,9 @@
824 c->needclose = -1;
825 }
826
827 -/*
828 - * t, c, data, and datalen may be assumed to be defined for all avp's
829 - */
830 -
831 -int message_type_avp (struct tunnel *t, struct call *c, void *data,
832 - int datalen)
833 +/*****************************************************************************/
834 +int validate_msgtype_avp(int attr, struct tunnel *t, struct call *c,
835 + void *data, int datalen)
836 {
837 /*
838 * This will be with every control message. It is critical that this
839 @@ -139,28 +143,9 @@
840 * (assuming sanity check)
841 */
842
843 - _u16 *raw = data;
844 - c->msgtype = ntohs (raw[3]);
845 - if (datalen != 8)
846 - {
847 - if (DEBUG)
848 - log (LOG_DEBUG, "%s: wrong size (%d != 8)\n", __FUNCTION__,
849 - datalen);
850 - wrong_length (c, "Message Type", 8, datalen, 0);
851 - return -EINVAL;
852 - }
853 - if ((c->msgtype > MAX_MSG) || (!msgtypes[c->msgtype]))
854 - {
855 - if (DEBUG)
856 - log (LOG_DEBUG, "%s: unknown message type %d\n", __FUNCTION__,
857 - c->msgtype);
858 - return -EINVAL;
859 - }
860 - if (debug_avp)
861 - if (DEBUG)
862 - log (LOG_DEBUG, "%s: message type %d (%s)\n", __FUNCTION__,
863 - c->msgtype, msgtypes[c->msgtype]);
864 -#ifdef SANITY
865 + u_int8_t *p = data + sizeof(struct avp_hdr);
866 + c->msgtype = get16(p);
867 +
868 if (t->sanity)
869 {
870 /*
871 @@ -172,11 +157,11 @@
872 if (DEBUG)
873 log (LOG_DEBUG,
874 "%s: attempting to negotiate tunnel inside a call!\n",
875 - __FUNCTION__);
876 + __func__);
877 return -EINVAL;
878 }
879
880 - switch (c->msgtype)
881 + switch (get16(p))
882 {
883 case SCCRQ:
884 if ((t->state != 0) && (t->state != SCCRQ))
885 @@ -189,7 +174,7 @@
886 if (DEBUG)
887 log (LOG_DEBUG,
888 "%s: attempting to negotiate SCCRQ with state != 0\n",
889 - __FUNCTION__);
890 + __func__);
891 return -EINVAL;
892 }
893 break;
894 @@ -199,7 +184,7 @@
895 if (DEBUG)
896 log (LOG_DEBUG,
897 "%s: attempting to negotiate SCCRP with state != SCCRQ!\n",
898 - __FUNCTION__);
899 + __func__);
900 return -EINVAL;
901 }
902 break;
903 @@ -209,7 +194,7 @@
904 if (DEBUG)
905 log (LOG_DEBUG,
906 "%s: attempting to negotiate SCCCN with state != SCCRP!\n",
907 - __FUNCTION__);
908 + __func__);
909 return -EINVAL;
910 }
911 break;
912 @@ -219,7 +204,7 @@
913 if (DEBUG)
914 log (LOG_DEBUG,
915 "%s: attempting to negotiate ICRQ when state != SCCCN\n",
916 - __FUNCTION__);
917 + __func__);
918 return -EINVAL;
919 }
920 if (c != t->self)
921 @@ -227,7 +212,7 @@
922 if (DEBUG)
923 log (LOG_DEBUG,
924 "%s: attempting to negotiate ICRQ on a call!\n",
925 - __FUNCTION__);
926 + __func__);
927 return -EINVAL;
928 }
929 break;
930 @@ -237,7 +222,7 @@
931 if (DEBUG)
932 log (LOG_DEBUG,
933 "%s: attempting to negotiate ICRP on tunnel!=SCCCN\n",
934 - __FUNCTION__);
935 + __func__);
936 return -EINVAL;
937 }
938 if (c->state != ICRQ)
939 @@ -245,7 +230,7 @@
940 if (DEBUG)
941 log (LOG_DEBUG,
942 "%s: attempting to negotiate ICRP when state != ICRQ\n",
943 - __FUNCTION__);
944 + __func__);
945 return -EINVAL;
946 }
947 break;
948 @@ -255,7 +240,7 @@
949 if (DEBUG)
950 log (LOG_DEBUG,
951 "%s: attempting to negotiate ICCN when state != ICRP\n",
952 - __FUNCTION__);
953 + __func__);
954 return -EINVAL;
955 }
956 break;
957 @@ -265,7 +250,7 @@
958 if (DEBUG)
959 log (LOG_DEBUG,
960 "%s: attempting to negotiate SLI when state != ICCN\n",
961 - __FUNCTION__);
962 + __func__);
963 return -EINVAL;
964 }
965 break;
966 @@ -275,7 +260,7 @@
967 if (DEBUG)
968 log (LOG_DEBUG,
969 "%s: attempting to negotiate OCRP on tunnel!=SCCCN\n",
970 - __FUNCTION__);
971 + __func__);
972 return -EINVAL;
973 }
974 if (c->state != OCRQ)
975 @@ -283,7 +268,7 @@
976 if (DEBUG)
977 log (LOG_DEBUG,
978 "%s: attempting to negotiate OCRP when state != OCRQ\n",
979 - __FUNCTION__);
980 + __func__);
981 return -EINVAL;
982 }
983 break;
984 @@ -294,7 +279,7 @@
985 if (DEBUG)
986 log (LOG_DEBUG,
987 "%s: attempting to negotiate OCCN when state != OCRQ\n",
988 - __FUNCTION__);
989 + __func__);
990 return -EINVAL;
991 }
992 break;
993 @@ -303,72 +288,33 @@
994 case Hello:
995 break;
996 default:
997 - log (LOG_WARN, "%s: i don't know how to handle %s messages\n",
998 - __FUNCTION__, msgtypes[c->msgtype]);
999 - return -EINVAL;
1000 - }
1001 - }
1002 -#endif
1003 - if (c->msgtype == ICRQ)
1004 - {
1005 - struct call *tmp;
1006 - if (debug_avp)
1007 - {
1008 - if (DEBUG)
1009 - log (LOG_DEBUG, "%s: new incoming call\n", __FUNCTION__);
1010 - }
1011 - tmp = new_call (t);
1012 - if (!tmp)
1013 - {
1014 - log (LOG_WARN, "%s: unable to create new call\n", __FUNCTION__);
1015 + log (LOG_WARN, "%s: unknown messages type %d\n",
1016 + __func__, get16(p));
1017 return -EINVAL;
1018 }
1019 - tmp->next = t->call_head;
1020 - t->call_head = tmp;
1021 - t->count++;
1022 - /*
1023 - * Is this still safe to assume that the head will always
1024 - * be the most recent call being negotiated?
1025 - * Probably... FIXME anyway...
1026 - */
1027 -
1028 }
1029 - return 0;
1030 + return 0;
1031 }
1032
1033 -int rand_vector_avp (struct tunnel *t, struct call *c, void *data,
1034 - int datalen)
1035 -{
1036 - int size;
1037 - _u16 *raw = (_u16 *) data;
1038 - size = (raw[0] & 0x0FFF) - 6;
1039 - if (t->sanity)
1040 - {
1041 - if (size < 0)
1042 - {
1043 - if (DEBUG)
1044 - log (LOG_DEBUG, "%s: Random vector too small (%d < 0)\n",
1045 - __FUNCTION__, size);
1046 - wrong_length (c, "Random Vector", 6, datalen, 1);
1047 - return -EINVAL;
1048 - }
1049 - if (size > MAX_VECTOR_SIZE)
1050 - {
1051 - if (DEBUG)
1052 - log (LOG_DEBUG, "%s: Random vector too large (%d > %d)\n",
1053 - __FUNCTION__, datalen, MAX_VECTOR_SIZE);
1054 - wrong_length (c, "Random Vector", 6, datalen, 1);
1055 - return -EINVAL;
1056 - }
1057 - }
1058 - if (debug_avp)
1059 - log (LOG_DEBUG, "%s: Random Vector of %d octets\n", __FUNCTION__,
1060 - size);
1061 - t->chal_us.vector = (unsigned char *) &raw[3];
1062 - t->chal_us.vector_len = size;
1063 - return 0;
1064 +/*****************************************************************************/
1065 +int validate_gen_avp(int attr, struct tunnel *t, struct call *c,
1066 + void *data, int datalen) {
1067 + (void)data; (void)datalen;
1068 + int i = 0, found = 0;
1069 +
1070 + if(t->sanity) {
1071 + for(i = 0; i < 8; i++) {
1072 + if(c->msgtype == avps[attr].allowed_states[i])
1073 + found++;
1074 + }
1075 + if(!found)
1076 + return -EINVAL;
1077 + }
1078 + return 0;
1079 }
1080
1081 +/* t, c, data, and datalen may be assumed to be defined for all avp's */
1082 +/*****************************************************************************/
1083 int ignore_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1084 {
1085 /*
1086 @@ -383,94 +329,88 @@
1087 *
1088 */
1089 if (debug_avp)
1090 - {
1091 - if (DEBUG)
1092 - log (LOG_DEBUG, "%s : Ignoring AVP\n", __FUNCTION__);
1093 - }
1094 + log (LOG_DEBUG, "%s : Ignoring AVP\n", __func__);
1095 return 0;
1096 }
1097
1098 -int seq_reqd_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1099 +/*****************************************************************************/
1100 +int message_type_avp (struct tunnel *t, struct call *c, void *data,
1101 + int avplen)
1102 {
1103 -#ifdef SANITY
1104 - if (t->sanity)
1105 + u_int8_t *p = data + sizeof(struct avp_hdr);
1106 +
1107 + if(!c->msgtype)
1108 + c->msgtype = get16(p);
1109 +
1110 + if ((c->msgtype > MAX_MSG) || (!msgtypes[c->msgtype]))
1111 {
1112 - if (datalen != 6)
1113 - {
1114 - if (DEBUG)
1115 - log (LOG_DEBUG,
1116 - "%s: avp is incorrect size. %d != 6\n", __FUNCTION__,
1117 - datalen);
1118 - wrong_length (c, "Sequencing Required", 6, datalen, 1);
1119 - return -EINVAL;
1120 - }
1121 - switch (c->msgtype)
1122 + log (LOG_DEBUG, "%s: unknown message type %d\n", __func__,
1123 + c->msgtype);
1124 + return -EINVAL;
1125 + }
1126 + if (debug_avp)
1127 + log (LOG_DEBUG, "%s: message type %d (%s)\n", __func__,
1128 + c->msgtype, msgtypes[c->msgtype]);
1129 + if (c->msgtype == ICRQ)
1130 + {
1131 + struct call *tmp;
1132 + if (debug_avp)
1133 + log (LOG_DEBUG, "%s: new incoming call\n", __func__);
1134 + tmp = new_call (t);
1135 + if (!tmp)
1136 {
1137 - case ICCN:
1138 - break;
1139 - default:
1140 - if (DEBUG)
1141 - log (LOG_DEBUG,
1142 - "%s: sequencing required not appropriate for %s!\n",
1143 - __FUNCTION__, msgtypes[c->msgtype]);
1144 + log (LOG_WARN, "%s: unable to create new call\n", __func__);
1145 return -EINVAL;
1146 }
1147 + tmp->next = t->call_head;
1148 + t->call_head = tmp;
1149 + t->count++;
1150 + /*
1151 + * Is this still safe to assume that the head will always
1152 + * be the most recent call being negotiated?
1153 + * Probably... FIXME anyway...
1154 + */
1155 }
1156 -#endif
1157 + return 0;
1158 +}
1159 +
1160 +/*****************************************************************************/
1161 +int rand_vector_avp (struct tunnel *t, struct call *c, void *data,
1162 + int avplen)
1163 +{
1164 + u_int8_t *p = data + sizeof(struct avp_hdr);
1165 + int datalen = avplen - sizeof(struct avp_hdr);
1166 if (debug_avp)
1167 - {
1168 - if (DEBUG)
1169 - log (LOG_DEBUG, "%s: peer requires sequencing.\n", __FUNCTION__);
1170 - }
1171 + log (LOG_DEBUG, "%s: random vector len %d\n", __func__, datalen);
1172 + t->chal_us.vector = (unsigned char *)p;
1173 + t->chal_us.vector_len = datalen;
1174 + return 0;
1175 +}
1176 +
1177 +/*****************************************************************************/
1178 +int seq_reqd_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1179 +{
1180 + if (debug_avp)
1181 + log (LOG_DEBUG, "%s: peer requires sequencing.\n", __func__);
1182 c->seq_reqd = -1;
1183 return 0;
1184 }
1185
1186 +/*****************************************************************************/
1187 int result_code_avp (struct tunnel *t, struct call *c, void *data,
1188 - int datalen)
1189 + int avplen)
1190 {
1191 - /*
1192 - * Find out what version of l2tp the other side is using.
1193 - * I'm not sure what we're supposed to do with this but whatever..
1194 - */
1195 + u_int8_t *p = data + sizeof(struct avp_hdr);
1196 + int datalen = avplen - sizeof(struct avp_hdr);
1197 + u_int16_t result = get16(p);
1198 + u_int16_t error = get16(p + 2);
1199
1200 - int error;
1201 - int result;
1202 - _u16 *raw = data;
1203 -#ifdef SANITY
1204 - if (t->sanity)
1205 - {
1206 - if (datalen < 10)
1207 - {
1208 - if (DEBUG)
1209 - log (LOG_DEBUG,
1210 - "%s: avp is incorrect size. %d < 10\n", __FUNCTION__,
1211 - datalen);
1212 - wrong_length (c, "Result Code", 10, datalen, 1);
1213 - return -EINVAL;
1214 - }
1215 - switch (c->msgtype)
1216 - {
1217 - case CDN:
1218 - case StopCCN:
1219 - break;
1220 - default:
1221 - if (DEBUG)
1222 - log (LOG_DEBUG,
1223 - "%s: result code not appropriate for %s. Ignoring.\n",
1224 - __FUNCTION__, msgtypes[c->msgtype]);
1225 - return 0;
1226 - }
1227 - }
1228 -#endif
1229 - result = ntohs (raw[3]);
1230 - error = ntohs (raw[4]);
1231 if ((c->msgtype == StopCCN) && ((result > 7) || (result < 1)))
1232 {
1233 if (DEBUG)
1234 log (LOG_DEBUG,
1235 - "%s: result code out of range (%d %d %d). Ignoring.\n",
1236 - __FUNCTION__, result, error, datalen);
1237 + "%s: (StopCCN) result code out of range ! (1 < %d < 7)\n",
1238 + __func__, result);
1239 return 0;
1240 }
1241
1242 @@ -478,1112 +418,348 @@
1243 {
1244 if (DEBUG)
1245 log (LOG_DEBUG,
1246 - "%s: result code out of range (%d %d %d). Ignoring.\n",
1247 - __FUNCTION__, result, error, datalen);
1248 + "%s: (CDN) result code out of range !(1 < %d < 11)\n",
1249 + __func__, result);
1250 return 0;
1251 }
1252
1253 c->error = error;
1254 c->result = result;
1255 - safe_copy (c->errormsg, (char *) &raw[5], datalen - 10);
1256 + memcpy(c->errormsg, (char*)p + 4, datalen - 4);
1257 + c->errormsg[datalen - 4] = '\0';
1258 +
1259 if (debug_avp)
1260 {
1261 - if (DEBUG && (c->msgtype == StopCCN))
1262 + if(c->msgtype == StopCCN)
1263 {
1264 log (LOG_DEBUG,
1265 "%s: peer closing for reason %d (%s), error = %d (%s)\n",
1266 - __FUNCTION__, result, stopccn_result_codes[result], error,
1267 + __func__, result, stopccn_result_codes[result], error,
1268 c->errormsg);
1269 }
1270 else
1271 {
1272 log (LOG_DEBUG,
1273 "%s: peer closing for reason %d (%s), error = %d (%s)\n",
1274 - __FUNCTION__, result, cdn_result_codes[result], error,
1275 + __func__, result, cdn_result_codes[result], error,
1276 c->errormsg);
1277 }
1278 }
1279 return 0;
1280 }
1281
1282 +/*****************************************************************************/
1283 int protocol_version_avp (struct tunnel *t, struct call *c, void *data,
1284 - int datalen)
1285 + int avplen)
1286 {
1287 - /*
1288 - * Find out what version of l2tp the other side is using.
1289 - * I'm not sure what we're supposed to do with this but whatever..
1290 - */
1291 + u_int8_t *p = data + sizeof(struct avp_hdr);
1292
1293 - int ver;
1294 - _u16 *raw = data;
1295 -#ifdef SANITY
1296 - if (t->sanity)
1297 - {
1298 - if (datalen != 8)
1299 - {
1300 - if (DEBUG)
1301 - log (LOG_DEBUG,
1302 - "%s: avp is incorrect size. %d != 8\n", __FUNCTION__,
1303 - datalen);
1304 - wrong_length (c, "Protocol Version", 8, datalen, 1);
1305 - return -EINVAL;
1306 - }
1307 - switch (c->msgtype)
1308 - {
1309 - case SCCRP:
1310 - case SCCRQ:
1311 - break;
1312 - default:
1313 - if (DEBUG)
1314 - log (LOG_DEBUG,
1315 - "%s: protocol version not appropriate for %s. Ignoring.\n",
1316 - __FUNCTION__, msgtypes[c->msgtype]);
1317 - return 0;
1318 - }
1319 - }
1320 -#endif
1321 - ver = ntohs (raw[3]);
1322 if (debug_avp)
1323 - {
1324 - if (DEBUG)
1325 - log (LOG_DEBUG,
1326 - "%s: peer is using version %d, revision %d.\n", __FUNCTION__,
1327 - (ver >> 8), ver & 0xFF);
1328 - }
1329 + log (LOG_DEBUG, "%s: peer is using version %d, revision %d.\n",
1330 + __func__,*p, *(p+1));
1331 return 0;
1332 }
1333
1334 +/*****************************************************************************/
1335 int framing_caps_avp (struct tunnel *t, struct call *c, void *data,
1336 - int datalen)
1337 + int avplen)
1338 {
1339 - /*
1340 - * Retrieve the framing capabilities
1341 - * from the peer
1342 - */
1343 -
1344 - int caps;
1345 - _u16 *raw = data;
1346 + u_int8_t *p = data + sizeof(struct avp_hdr);
1347 + u_int16_t caps = get16(p + 2);
1348
1349 -#ifdef SANITY
1350 - if (t->sanity)
1351 - {
1352 - switch (c->msgtype)
1353 - {
1354 - case SCCRP:
1355 - case SCCRQ:
1356 - break;
1357 - default:
1358 - if (DEBUG)
1359 - log (LOG_DEBUG,
1360 - "%s: framing capabilities not appropriate for %s. Ignoring.\n",
1361 - __FUNCTION__, msgtypes[c->msgtype]);
1362 - return 0;
1363 - }
1364 - if (datalen != 10)
1365 - {
1366 - if (DEBUG)
1367 - log (LOG_DEBUG,
1368 - "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
1369 - datalen);
1370 - wrong_length (c, "Framming Capabilities", 10, datalen, 0);
1371 - return -EINVAL;
1372 - }
1373 - }
1374 -#endif
1375 - caps = ntohs (raw[4]);
1376 if (debug_avp)
1377 - if (DEBUG)
1378 - log (LOG_DEBUG,
1379 - "%s: supported peer frames:%s%s\n", __FUNCTION__,
1380 - caps & ASYNC_FRAMING ? " async" : "",
1381 - caps & SYNC_FRAMING ? " sync" : "");
1382 + log (LOG_DEBUG, "%s: supported peer frames:%s %s\n", __func__,
1383 + caps & ASYNC_FRAMING ? "async" : "",
1384 + caps & SYNC_FRAMING ? "sync" : "");
1385 +
1386 t->fc = caps & (ASYNC_FRAMING | SYNC_FRAMING);
1387 return 0;
1388 }
1389
1390 +/*****************************************************************************/
1391 int bearer_caps_avp (struct tunnel *t, struct call *c, void *data,
1392 - int datalen)
1393 + int avplen)
1394 {
1395 - /*
1396 - * What kind of bearer channels does our peer support?
1397 - */
1398 - int caps;
1399 - _u16 *raw = data;
1400 + u_int8_t *p = data + sizeof(struct avp_hdr);
1401 + u_int16_t caps = get16(p + 2);
1402
1403 -#ifdef SANITY
1404 - if (t->sanity)
1405 - {
1406 - switch (c->msgtype)
1407 - {
1408 - case SCCRP:
1409 - case SCCRQ:
1410 - break;
1411 - default:
1412 - if (DEBUG)
1413 - log (LOG_DEBUG,
1414 - "%s: bearer capabilities not appropriate for message %s. Ignoring.\n",
1415 - __FUNCTION__, msgtypes[c->msgtype]);
1416 - return 0;
1417 - }
1418 - if (datalen != 10)
1419 - {
1420 - if (DEBUG)
1421 - log (LOG_DEBUG,
1422 - "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
1423 - datalen);
1424 - wrong_length (c, "Bearer Capabilities", 10, datalen, 0);
1425 - return -EINVAL;
1426 - }
1427 - }
1428 -#endif
1429 - caps = ntohs (raw[4]);
1430 if (debug_avp)
1431 - {
1432 - if (DEBUG)
1433 - {
1434 - log (LOG_DEBUG,
1435 - "%s: supported peer bearers:%s%s\n",
1436 - __FUNCTION__,
1437 - caps & ANALOG_BEARER ? " analog" : "",
1438 - caps & DIGITAL_BEARER ? " digital" : "");
1439 - }
1440 + log (LOG_DEBUG, "%s: supported peer bearers:%s %s\n",
1441 + __func__,
1442 + caps & ANALOG_BEARER ? "analog" : "",
1443 + caps & DIGITAL_BEARER ? "digital" : "");
1444
1445 - }
1446 t->bc = caps & (ANALOG_BEARER | DIGITAL_BEARER);
1447 return 0;
1448 }
1449
1450 -
1451 -/* FIXME: I need to handle tie breakers eventually */
1452 -
1453 +/*****************************************************************************/
1454 int firmware_rev_avp (struct tunnel *t, struct call *c, void *data,
1455 - int datalen)
1456 + int avplen)
1457 {
1458 - /*
1459 - * Report and record remote firmware version
1460 - */
1461 - int ver;
1462 - _u16 *raw = data;
1463 + u_int8_t *p = data + sizeof(struct avp_hdr);
1464
1465 -#ifdef SANITY
1466 - if (t->sanity)
1467 - {
1468 - switch (c->msgtype)
1469 - {
1470 - case SCCRP:
1471 - case SCCRQ:
1472 - break;
1473 - default:
1474 - if (DEBUG)
1475 - log (LOG_DEBUG,
1476 - "%s: firmware revision not appropriate for message %s. Ignoring.\n",
1477 - __FUNCTION__, msgtypes[c->msgtype]);
1478 - return 0;
1479 - }
1480 - if (datalen != 8)
1481 - {
1482 - if (DEBUG)
1483 - log (LOG_DEBUG,
1484 - "%s: avp is incorrect size. %d != 8\n", __FUNCTION__,
1485 - datalen);
1486 - wrong_length (c, "Firmware Revision", 8, datalen, 0);
1487 - return -EINVAL;
1488 - }
1489 - }
1490 -#endif
1491 - ver = ntohs (raw[3]);
1492 + t->firmware = get16(p);
1493 if (debug_avp)
1494 - {
1495 - if (DEBUG)
1496 - log (LOG_DEBUG,
1497 - "%s: peer reports firmware version %d (0x%.4x)\n",
1498 - __FUNCTION__, ver, ver);
1499 - }
1500 - t->firmware = ver;
1501 + log (LOG_DEBUG, "%s: peer reports firmware version %d (0x%.4X)\n",
1502 + __func__, t->firmware, t->firmware);
1503 return 0;
1504 }
1505
1506 +/*****************************************************************************/
1507 int bearer_type_avp (struct tunnel *t, struct call *c, void *data,
1508 - int datalen)
1509 + int avplen)
1510 {
1511 - /*
1512 - * What kind of bearer channel is the call on?
1513 - */
1514 - int b;
1515 - _u16 *raw = data;
1516 + u_int8_t *p = data + sizeof(struct avp_hdr);
1517
1518 -#ifdef SANITY
1519 - if (t->sanity)
1520 - {
1521 - switch (c->msgtype)
1522 - {
1523 - case ICRQ:
1524 - case OCRQ:
1525 - break;
1526 - default:
1527 - if (DEBUG)
1528 - log (LOG_DEBUG,
1529 - "%s: bearer type not appropriate for message %s. Ignoring.\n",
1530 - __FUNCTION__, msgtypes[c->msgtype]);
1531 - return 0;
1532 - }
1533 - if (datalen != 10)
1534 - {
1535 - if (DEBUG)
1536 - log (LOG_DEBUG,
1537 - "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
1538 - datalen);
1539 - wrong_length (c, "Bearer Type", 10, datalen, 0);
1540 - return -EINVAL;
1541 - }
1542 - }
1543 -#endif
1544 - b = ntohs (raw[4]);
1545 + t->call_head->bearer = get16(p + 2);
1546 if (debug_avp)
1547 - {
1548 - if (DEBUG)
1549 - log (LOG_DEBUG,
1550 - "%s: peer bears:%s\n", __FUNCTION__,
1551 - b & ANALOG_BEARER ? " analog" : "digital");
1552 - }
1553 - t->call_head->bearer = b;
1554 + log (LOG_DEBUG, "%s: peer bears: %s\n", __func__,
1555 + (t->call_head->bearer & ANALOG_BEARER) ? "analog" : "digital");
1556 return 0;
1557 }
1558
1559 -int frame_type_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1560 +/*****************************************************************************/
1561 +int frame_type_avp (struct tunnel *t, struct call *c, void *data, int avplen)
1562 {
1563 - /*
1564 - * What kind of frame channel is the call on?
1565 - */
1566 - int b;
1567 - _u16 *raw = data;
1568 + u_int8_t *p = data + sizeof(struct avp_hdr);
1569
1570 -#ifdef SANITY
1571 - if (t->sanity)
1572 - {
1573 - switch (c->msgtype)
1574 - {
1575 - case ICCN:
1576 - case OCRQ:
1577 - case OCCN:
1578 - break;
1579 - default:
1580 - if (DEBUG)
1581 - log (LOG_DEBUG,
1582 - "%s: frame type not appropriate for message %s. Ignoring.\n",
1583 - __FUNCTION__, msgtypes[c->msgtype]);
1584 - return 0;
1585 - }
1586 - if (datalen != 10)
1587 - {
1588 - if (DEBUG)
1589 - log (LOG_DEBUG,
1590 - "%s: avp is incorrect size. %d != 10\n", __FUNCTION__,
1591 - datalen);
1592 - wrong_length (c, "Frame Type", 10, datalen, 0);
1593 - return -EINVAL;
1594 - }
1595 - }
1596 -#endif
1597 - b = ntohs (raw[4]);
1598 + c->frame = get16(p + 2);
1599 if (debug_avp)
1600 - {
1601 - if (DEBUG)
1602 - log (LOG_DEBUG,
1603 - "%s: peer uses:%s frames\n", __FUNCTION__,
1604 - b & ASYNC_FRAMING ? " async" : "sync");
1605 - }
1606 - c->frame = b;
1607 + log (LOG_DEBUG, "%s: peer uses:%s frames\n", __func__,
1608 + (c->frame & ASYNC_FRAMING) ? "async" : "sync");
1609 return 0;
1610 }
1611
1612 -int hostname_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1613 +/*****************************************************************************/
1614 +int hostname_avp (struct tunnel *t, struct call *c, void *data, int avplen)
1615 {
1616 - /*
1617 - * What is the peer's name?
1618 - */
1619 - int size;
1620 - _u16 *raw = data;
1621 + u_int8_t *p = data + sizeof(struct avp_hdr);
1622 + int datalen = avplen - sizeof(struct avp_hdr);
1623 +
1624 + memcpy(t->hostname, p, datalen);
1625 + t->hostname[datalen] = '\0';
1626
1627 -#ifdef SANITY
1628 - if (t->sanity)
1629 - {
1630 - switch (c->msgtype)
1631 - {
1632 - case SCCRP:
1633 - case SCCRQ:
1634 - break;
1635 - default:
1636 - if (DEBUG)
1637 - log (LOG_DEBUG,
1638 - "%s: hostname not appropriate for message %s. Ignoring.\n",
1639 - __FUNCTION__, msgtypes[c->msgtype]);
1640 - return 0;
1641 - }
1642 - if (datalen < 6)
1643 - {
1644 - if (DEBUG)
1645 - log (LOG_DEBUG,
1646 - "%s: avp is too small. %d < 6\n", __FUNCTION__,
1647 - datalen);
1648 - wrong_length (c, "Hostname", 6, datalen, 1);
1649 - return -EINVAL;
1650 - }
1651 - }
1652 -#endif
1653 - size = raw[0] & 0x0FFF;
1654 - if (size > MAXSTRLEN - 1)
1655 - {
1656 - if (DEBUG)
1657 - log (LOG_DEBUG, "%s: truncating reported hostname (size is %d)\n",
1658 - __FUNCTION__, size);
1659 - size = MAXSTRLEN - 1;
1660 - }
1661 - safe_copy (t->hostname, (char *) &raw[3], size - 6);
1662 if (debug_avp)
1663 - {
1664 - if (DEBUG)
1665 - log (LOG_DEBUG,
1666 - "%s: peer reports hostname '%s'\n", __FUNCTION__,
1667 - t->hostname);
1668 - }
1669 + log (LOG_DEBUG, "%s: peer reports hostname '%s'\n", __func__,
1670 + t->hostname);
1671 +
1672 return 0;
1673 }
1674
1675 -int dialing_number_avp (struct tunnel *t, struct call *c, void *data,
1676 - int datalen)
1677 +/*****************************************************************************/
1678 +int calling_number_avp (struct tunnel *t, struct call *c, void *data,
1679 + int avplen)
1680 {
1681 - /*
1682 - * What is the peer's name?
1683 - */
1684 - int size;
1685 - _u16 *raw = data;
1686 + u_int8_t *p = data + sizeof(struct avp_hdr);
1687 + int datalen = avplen - sizeof(struct avp_hdr);
1688 +
1689 + memcpy(t->call_head->dialing, p, datalen);
1690 + t->call_head->dialing[datalen] = '\0';
1691
1692 -#ifdef SANITY
1693 - if (t->sanity)
1694 - {
1695 - switch (c->msgtype)
1696 - {
1697 - case ICRQ:
1698 - break;
1699 - default:
1700 - if (DEBUG)
1701 - log (LOG_DEBUG,
1702 - "%s: dialing number not appropriate for message %s. Ignoring.\n",
1703 - __FUNCTION__, msgtypes[c->msgtype]);
1704 - return 0;
1705 - }
1706 - if (datalen < 6)
1707 - {
1708 - if (DEBUG)
1709 - log (LOG_DEBUG,
1710 - "%s: avp is too small. %d < 6\n", __FUNCTION__,
1711 - datalen);
1712 - wrong_length (c, "Dialing Number", 6, datalen, 1);
1713 - return -EINVAL;
1714 - }
1715 - }
1716 -#endif
1717 - size = raw[0] & 0x0FFF;
1718 - if (size > MAXSTRLEN - 1)
1719 - {
1720 - if (DEBUG)
1721 - log (LOG_DEBUG,
1722 - "%s: truncating reported dialing number (size is %d)\n",
1723 - __FUNCTION__, size);
1724 - size = MAXSTRLEN - 1;
1725 - }
1726 - safe_copy (t->call_head->dialing, (char *) &raw[3], size);
1727 if (debug_avp)
1728 - {
1729 - if (DEBUG)
1730 - log (LOG_DEBUG,
1731 - "%s: peer reports dialing number '%s'\n", __FUNCTION__,
1732 - t->call_head->dialing);
1733 - }
1734 + log (LOG_DEBUG, "%s: peer reports dialing number '%s'\n", __func__,
1735 + t->call_head->dialing);
1736 +
1737 return 0;
1738 }
1739
1740 -int dialed_number_avp (struct tunnel *t, struct call *c, void *data,
1741 - int datalen)
1742 +/*****************************************************************************/
1743 +int called_number_avp (struct tunnel *t, struct call *c, void *data,
1744 + int avplen)
1745 {
1746 - /*
1747 - * What is the peer's name?
1748 - */
1749 - int size;
1750 - _u16 *raw = data;
1751 + u_int8_t *p = data + sizeof(struct avp_hdr);
1752 + int datalen = avplen - sizeof(struct avp_hdr);
1753 +
1754 + memcpy(t->call_head->dialed, p, datalen);
1755 + t->call_head->dialed[datalen] = '\0';
1756
1757 -#ifdef SANITY
1758 - if (t->sanity)
1759 - {
1760 - switch (c->msgtype)
1761 - {
1762 - case OCRQ:
1763 - case ICRQ:
1764 - break;
1765 - default:
1766 - if (DEBUG)
1767 - log (LOG_DEBUG,
1768 - "%s: dialed number not appropriate for message %s. Ignoring.\n",
1769 - __FUNCTION__, msgtypes[c->msgtype]);
1770 - return 0;
1771 - }
1772 - if (datalen < 6)
1773 - {
1774 - if (DEBUG)
1775 - log (LOG_DEBUG,
1776 - "%s: avp is too small. %d < 6\n", __FUNCTION__,
1777 - datalen);
1778 - wrong_length (c, "Dialed Number", 6, datalen, 1);
1779 - return -EINVAL;
1780 - }
1781 - }
1782 -#endif
1783 - size = raw[0] & 0x0FFF;
1784 - if (size > MAXSTRLEN - 1)
1785 - {
1786 - if (DEBUG)
1787 - log (LOG_DEBUG,
1788 - "%s: truncating reported dialed number (size is %d)\n",
1789 - __FUNCTION__, size);
1790 - size = MAXSTRLEN - 1;
1791 - }
1792 - safe_copy (t->call_head->dialed, (char *) &raw[3], size);
1793 if (debug_avp)
1794 - {
1795 - if (DEBUG)
1796 - log (LOG_DEBUG,
1797 - "%s: peer reports dialed number '%s'\n", __FUNCTION__,
1798 - t->call_head->dialed);
1799 - }
1800 + log (LOG_DEBUG, "%s: peer reports dialed number '%s'\n", __func__,
1801 + t->call_head->dialed);
1802 +
1803 return 0;
1804 }
1805
1806 +/*****************************************************************************/
1807 int sub_address_avp (struct tunnel *t, struct call *c, void *data,
1808 - int datalen)
1809 + int avplen)
1810 {
1811 - /*
1812 - * What is the peer's name?
1813 - */
1814 - int size;
1815 - _u16 *raw = data;
1816 + u_int8_t *p = data + sizeof(struct avp_hdr);
1817 + int datalen = avplen - sizeof(struct avp_hdr);
1818 +
1819 + memcpy(t->call_head->subaddy, p, datalen);
1820 + t->call_head->subaddy[datalen] = '\0';
1821
1822 -#ifdef SANITY
1823 - if (t->sanity)
1824 - {
1825 - switch (c->msgtype)
1826 - {
1827 - case OCRP:
1828 - case ICRQ:
1829 - break;
1830 - default:
1831 - if (DEBUG)
1832 - log (LOG_DEBUG,
1833 - "%s: sub_address not appropriate for message %s. Ignoring.\n",
1834 - __FUNCTION__, msgtypes[c->msgtype]);
1835 - return 0;
1836 - }
1837 - if (datalen < 6)
1838 - {
1839 - if (DEBUG)
1840 - log (LOG_DEBUG,
1841 - "%s: avp is too small. %d < 6\n", __FUNCTION__,
1842 - datalen);
1843 - wrong_length (c, "Sub-address", 6, datalen, 1);
1844 - return -EINVAL;
1845 - }
1846 - }
1847 -#endif
1848 - size = raw[0] & 0x0FFF;
1849 - if (size > MAXSTRLEN - 1)
1850 - {
1851 - if (DEBUG)
1852 - log (LOG_DEBUG,
1853 - "%s: truncating reported sub address (size is %d)\n",
1854 - __FUNCTION__, size);
1855 - size = MAXSTRLEN - 1;
1856 - }
1857 - safe_copy (t->call_head->subaddy, (char *) &raw[3], size);
1858 if (debug_avp)
1859 - {
1860 - if (DEBUG)
1861 - log (LOG_DEBUG,
1862 - "%s: peer reports subaddress '%s'\n", __FUNCTION__,
1863 - t->call_head->subaddy);
1864 - }
1865 + log (LOG_DEBUG, "%s: peer reports subaddress '%s'\n", __func__,
1866 + t->call_head->subaddy);
1867 return 0;
1868 }
1869
1870 -int vendor_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1871 +/*****************************************************************************/
1872 +int vendor_avp (struct tunnel *t, struct call *c, void *data, int avplen)
1873 {
1874 - /*
1875 - * What vendor makes the other end?
1876 - */
1877 - int size;
1878 - _u16 *raw = data;
1879 + u_int8_t *p = data + sizeof(struct avp_hdr);
1880 + int datalen = avplen - sizeof(struct avp_hdr);
1881 +
1882 + memcpy(t->vendor, p, datalen);
1883 + t->vendor[datalen] = '\0';
1884
1885 -#ifdef SANITY
1886 - if (t->sanity)
1887 - {
1888 - switch (c->msgtype)
1889 - {
1890 - case SCCRP:
1891 - case SCCRQ:
1892 - break;
1893 - default:
1894 - if (DEBUG)
1895 - log (LOG_DEBUG,
1896 - "%s: vendor not appropriate for message %s. Ignoring.\n",
1897 - __FUNCTION__, msgtypes[c->msgtype]);
1898 - return 0;
1899 - }
1900 - if (datalen < 6)
1901 - {
1902 - if (DEBUG)
1903 - log (LOG_DEBUG,
1904 - "%s: avp is too small. %d < 6\n", __FUNCTION__,
1905 - datalen);
1906 - wrong_length (c, "Vendor", 6, datalen, 1);
1907 - return -EINVAL;
1908 - }
1909 - }
1910 -#endif
1911 - size = raw[0] & 0x0FFF;
1912 - if (size > MAXSTRLEN - 1)
1913 - {
1914 - if (DEBUG)
1915 - log (LOG_DEBUG, "%s: truncating reported vendor (size is %d)\n",
1916 - __FUNCTION__, size);
1917 - size = MAXSTRLEN - 1;
1918 - }
1919 - safe_copy (t->vendor, (char *) &raw[3], size);
1920 if (debug_avp)
1921 - {
1922 - if (DEBUG)
1923 - log (LOG_DEBUG,
1924 - "%s: peer reports vendor '%s'\n", __FUNCTION__, t->vendor);
1925 - }
1926 + log (LOG_DEBUG, "%s: peer reports vendor '%s'\n", __func__, t->vendor);
1927 return 0;
1928 }
1929
1930 -int challenge_avp (struct tunnel *t, struct call *c, void *data, int datalen)
1931 +/*****************************************************************************/
1932 +int challenge_avp (struct tunnel *t, struct call *c, void *data, int avplen)
1933 {
1934 - /*
1935 - * We are sent a challenge
1936 - */
1937 - _u16 *raw = data;
1938 - int size;
1939 -#ifdef SANITY
1940 - if (t->sanity)
1941 - {
1942 - switch (c->msgtype)
1943 - {
1944 - case SCCRP:
1945 - case SCCRQ:
1946 - break;
1947 - default:
1948 - if (DEBUG)
1949 - log (LOG_DEBUG,
1950 - "%s: challenge not appropriate for message %s. Ignoring.\n",
1951 - __FUNCTION__, msgtypes[c->msgtype]);
1952 - return 0;
1953 - }
1954 - if (datalen < 6)
1955 - {
1956 - if (DEBUG)
1957 - log (LOG_DEBUG,
1958 - "%s: avp is too small. %d < 6\n", __FUNCTION__,
1959 - datalen);
1960 - wrong_length (c, "challenge", 6, datalen, 1);
1961 - return -EINVAL;
1962 - }
1963 - }
1964 -#endif
1965 - /* size = raw[0] & 0x0FFF; */
1966 - /* length field of AVP's is only 10 bits long, not 12 */
1967 - size = raw[0] & 0x03FF;
1968 - size -= sizeof (struct avp_hdr);
1969 - /* if (size != MD_SIG_SIZE)
1970 - {
1971 - log (LOG_DEBUG, "%s: Challenge is not the right length (%d != %d)\n",
1972 - __FUNCTION__, size, MD_SIG_SIZE);
1973 - return -EINVAL;
1974 - } */
1975 - t->chal_us.challenge = malloc(size+1);
1976 - if (t->chal_us.challenge == NULL)
1977 - {
1978 + u_int8_t *p = data + sizeof(struct avp_hdr);
1979 + int datalen = avplen - sizeof(struct avp_hdr);
1980 +
1981 + t->chal_us.challenge = calloc(datalen, 1);
1982 + if (!t->chal_us.challenge)
1983 return -ENOMEM;
1984 - }
1985 - memset(t->chal_us.challenge, 0, size+1);
1986 - bcopy (&raw[3], (t->chal_us.challenge), size);
1987 + memcpy(t->chal_us.challenge, p, datalen);
1988 t->chal_us.state = STATE_CHALLENGED;
1989 +
1990 if (debug_avp)
1991 - {
1992 - log (LOG_DEBUG, "%s: challenge avp found\n", __FUNCTION__);
1993 - }
1994 + log (LOG_DEBUG, "%s: challenge avp found\n", __func__);
1995 +
1996 return 0;
1997 }
1998
1999 -int chalresp_avp (struct tunnel *t, struct call *c, void *data, int datalen)
2000 +/*****************************************************************************/
2001 +int chalresp_avp (struct tunnel *t, struct call *c, void *data, int avplen)
2002 {
2003 - /*
2004 - * We are sent a challenge
2005 - */
2006 - _u16 *raw = data;
2007 - int size;
2008 -#ifdef SANITY
2009 - if (t->sanity)
2010 - {
2011 - switch (c->msgtype)
2012 - {
2013 - case SCCRP:
2014 - case SCCCN:
2015 - break;
2016 - default:
2017 - if (DEBUG)
2018 - log (LOG_DEBUG,
2019 - "%s: challenge response not appropriate for message %s. Ignoring.\n",
2020 - __FUNCTION__, msgtypes[c->msgtype]);
2021 - return 0;
2022 - }
2023 - if (datalen < 6)
2024 - {
2025 - if (DEBUG)
2026 - log (LOG_DEBUG,
2027 - "%s: avp is too small. %d < 6\n", __FUNCTION__,
2028 - datalen);
2029 - wrong_length (c, "challenge", 6, datalen, 1);
2030 - return -EINVAL;
2031 - }
2032 - }
2033 -#endif
2034 - size = raw[0] & 0x0FFF;
2035 - size -= sizeof (struct avp_hdr);
2036 - if (size != MD_SIG_SIZE)
2037 - {
2038 - log (LOG_DEBUG, "%s: Challenge is not the right length (%d != %d)\n",
2039 - __FUNCTION__, size, MD_SIG_SIZE);
2040 - return -EINVAL;
2041 - }
2042 + u_int8_t *p = data + sizeof(struct avp_hdr);
2043
2044 - bcopy (&raw[3], t->chal_them.reply, MD_SIG_SIZE);
2045 - if (debug_avp)
2046 - {
2047 - log (LOG_DEBUG, "%s: Challenge reply found\n", __FUNCTION__);
2048 - }
2049 + memcpy(t->chal_them.reply, p, MD_SIG_SIZE);
2050 + if(debug_avp)
2051 + log(LOG_DEBUG, "%s: Challenge reply found\n", __func__);
2052 return 0;
2053 }
2054
2055 +/*****************************************************************************/
2056 int assigned_tunnel_avp (struct tunnel *t, struct call *c, void *data,
2057 - int datalen)
2058 + int avplen)
2059 {
2060 - /*
2061 - * What is their TID that we must use from now on?
2062 - */
2063 - _u16 *raw = data;
2064 + u_int8_t *p = data + sizeof(struct avp_hdr);
2065 + u_int16_t id = get16(p);
2066
2067 -#ifdef SANITY
2068 - if (t->sanity)
2069 - {
2070 - switch (c->msgtype)
2071 - {
2072 - case SCCRP:
2073 - case SCCRQ:
2074 - case StopCCN:
2075 - break;
2076 - default:
2077 - if (DEBUG)
2078 - log (LOG_DEBUG,
2079 - "%s: tunnel ID not appropriate for message %s. Ignoring.\n",
2080 - __FUNCTION__, msgtypes[c->msgtype]);
2081 - return 0;
2082 - }
2083 - if (datalen != 8)
2084 - {
2085 - if (DEBUG)
2086 - log (LOG_DEBUG,
2087 - "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
2088 - datalen);
2089 - wrong_length (c, "Assigned Tunnel ID", 8, datalen, 0);
2090 - return -EINVAL;
2091 - }
2092 - }
2093 -#endif
2094 if (c->msgtype == StopCCN)
2095 - {
2096 - t->qtid = ntohs (raw[3]);
2097 - }
2098 + t->qtid = id;
2099 else
2100 - {
2101 - t->tid = ntohs (raw[3]);
2102 - }
2103 + t->tid = id;
2104 if (debug_avp)
2105 - {
2106 - if (DEBUG)
2107 - log (LOG_DEBUG,
2108 - "%s: using peer's tunnel %d\n", __FUNCTION__,
2109 - ntohs (raw[3]));
2110 - }
2111 + log (LOG_DEBUG, "%s: using peer's tunnel %d\n", __func__, id);
2112 return 0;
2113 }
2114
2115 -int assigned_call_avp (struct tunnel *t, struct call *c, void *data,
2116 - int datalen)
2117 +/*****************************************************************************/
2118 +int assigned_session_avp (struct tunnel *t, struct call *c, void *data,
2119 + int avplen)
2120 {
2121 - /*
2122 - * What is their CID that we must use from now on?
2123 - */
2124 - _u16 *raw = data;
2125 + u_int8_t *p = data + sizeof(struct avp_hdr);
2126 + u_int16_t id = get16(p);
2127 +
2128 + switch(c->msgtype) {
2129 + case CDN:
2130 + case ICRP:
2131 + case OCRP:
2132 + c->cid = id;
2133 + break;
2134 + case ICRQ:
2135 + t->call_head->cid = id;
2136 + break;
2137 + };
2138
2139 -#ifdef SANITY
2140 - if (t->sanity)
2141 - {
2142 - switch (c->msgtype)
2143 - {
2144 - case CDN:
2145 - case ICRP:
2146 - case ICRQ:
2147 - case OCRP: /* jz: deleting the debug message */
2148 - break;
2149 - case OCRQ:
2150 - default:
2151 - if (DEBUG)
2152 - log (LOG_DEBUG,
2153 - "%s: call ID not appropriate for message %s. Ignoring.\n",
2154 - __FUNCTION__, msgtypes[c->msgtype]);
2155 - return 0;
2156 - }
2157 - if (datalen != 8)
2158 - {
2159 - if (DEBUG)
2160 - log (LOG_DEBUG,
2161 - "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
2162 - datalen);
2163 - wrong_length (c, "Assigned Call ID", 8, datalen, 0);
2164 - return -EINVAL;
2165 - }
2166 - }
2167 -#endif
2168 - if (c->msgtype == CDN)
2169 - {
2170 - c->qcid = ntohs (raw[3]);
2171 - }
2172 - else if (c->msgtype == ICRQ)
2173 - {
2174 - t->call_head->cid = ntohs (raw[3]);
2175 - }
2176 - else if (c->msgtype == ICRP)
2177 - {
2178 - c->cid = ntohs (raw[3]);
2179 - }
2180 - else if (c->msgtype == OCRP)
2181 - { /* jz: copy callid to c->cid */
2182 - c->cid = ntohs (raw[3]);
2183 - }
2184 - else
2185 - {
2186 - log (LOG_DEBUG, "%s: Dunno what to do when it's state %s!\n",
2187 - __FUNCTION__, msgtypes[c->msgtype]);
2188 - }
2189 if (debug_avp)
2190 - {
2191 - if (DEBUG)
2192 - log (LOG_DEBUG,
2193 - "%s: using peer's call %d\n", __FUNCTION__, ntohs (raw[3]));
2194 - }
2195 + log (LOG_DEBUG, "%s: assigned session id: %d\n", __func__, id);
2196 return 0;
2197 }
2198
2199 +/*****************************************************************************/
2200 int packet_delay_avp (struct tunnel *t, struct call *c, void *data,
2201 - int datalen)
2202 + int avplen)
2203 {
2204 - /*
2205 - * What is their CID that we must use from now on?
2206 - */
2207 - _u16 *raw = data;
2208 + u_int8_t *p = data + sizeof(struct avp_hdr);
2209
2210 -#ifdef SANITY
2211 - if (t->sanity)
2212 - {
2213 - switch (c->msgtype)
2214 - {
2215 - case ICRP:
2216 - case OCRQ:
2217 - case ICCN:
2218 - case OCRP:
2219 - case OCCN:
2220 - break;
2221 - default:
2222 - if (DEBUG)
2223 - log (LOG_DEBUG,
2224 - "%s: packet delay not appropriate for message %s. Ignoring.\n",
2225 - __FUNCTION__, msgtypes[c->msgtype]);
2226 - return 0;
2227 - }
2228 - if (datalen != 8)
2229 - {
2230 - if (DEBUG)
2231 - log (LOG_DEBUG,
2232 - "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
2233 - datalen);
2234 - wrong_length (c, "Assigned Call ID", 8, datalen, 0);
2235 - return -EINVAL;
2236 - }
2237 - }
2238 -#endif
2239 - c->ppd = ntohs (raw[3]);
2240 + c->ppd = get16(p);
2241 if (debug_avp)
2242 - {
2243 - if (DEBUG)
2244 - log (LOG_DEBUG,
2245 - "%s: peer's delay is %d 1/10's of a second\n", __FUNCTION__,
2246 - ntohs (raw[3]));
2247 - }
2248 + log (LOG_DEBUG, "%s: peer's delay is %d 1/10's of a second\n", __func__,
2249 + c->ppd);
2250 return 0;
2251 }
2252
2253 -int call_serno_avp (struct tunnel *t, struct call *c, void *data, int datalen)
2254 +/*****************************************************************************/
2255 +int call_serno_avp (struct tunnel *t, struct call *c, void *data, int avplen)
2256 {
2257 /*
2258 * What is the serial number of the call?
2259 */
2260 - _u16 *raw = data;
2261 -
2262 -#ifdef SANITY
2263 - if (t->sanity)
2264 - {
2265 - switch (c->msgtype)
2266 - {
2267 - case ICRQ:
2268 - case OCRQ:
2269 - break;
2270 - default:
2271 - if (DEBUG)
2272 - log (LOG_DEBUG,
2273 - "%s: call ID not appropriate for message %s. Ignoring.\n",
2274 - __FUNCTION__, msgtypes[c->msgtype]);
2275 - return 0;
2276 - }
2277 - if (datalen != 10)
2278 - {
2279 -#ifdef STRICT
2280 - if (DEBUG)
2281 - log (LOG_DEBUG,
2282 - "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
2283 - datalen);
2284 - wrong_length (c, "Serial Number", 10, datalen, 0);
2285 - return -EINVAL;
2286 -#else
2287 - log (LOG_DEBUG,
2288 - "%s: peer is using old style serial number. Will be invalid.\n",
2289 - __FUNCTION__);
2290 -#endif
2291 + u_int8_t *p = data + sizeof(struct avp_hdr);
2292
2293 - }
2294 - }
2295 -#endif
2296 - t->call_head->serno = (((unsigned int) ntohs (raw[3])) << 16) |
2297 - ((unsigned int) ntohs (raw[4]));
2298 + t->call_head->serno = get32(p);
2299 if (debug_avp)
2300 - {
2301 - if (DEBUG)
2302 - log (LOG_DEBUG,
2303 - "%s: serial number is %d\n", __FUNCTION__,
2304 - t->call_head->serno);
2305 - }
2306 + log (LOG_DEBUG, "%s: serial number is %d\n", __func__,
2307 + t->call_head->serno);
2308 return 0;
2309 }
2310
2311 -int rx_speed_avp (struct tunnel *t, struct call *c, void *data, int datalen)
2312 +/*****************************************************************************/
2313 +int rx_speed_avp (struct tunnel *t, struct call *c, void *data, int avplen)
2314 {
2315 - /*
2316 - * What is the received baud rate of the call?
2317 - */
2318 - _u16 *raw = data;
2319 + u_int8_t *p = data + sizeof(struct avp_hdr);
2320
2321 -#ifdef SANITY
2322 - if (t->sanity)
2323 - {
2324 - switch (c->msgtype)
2325 - {
2326 - case ICCN:
2327 - case OCCN:
2328 - case OCRP:
2329 - break;
2330 - default:
2331 - if (DEBUG)
2332 - log (LOG_DEBUG,
2333 - "%s: rx connect speed not appropriate for message %s. Ignoring.\n",
2334 - __FUNCTION__, msgtypes[c->msgtype]);
2335 - return 0;
2336 - }
2337 - if (datalen != 10)
2338 - {
2339 - if (DEBUG)
2340 - log (LOG_DEBUG,
2341 - "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
2342 - datalen);
2343 - wrong_length (c, "Connect Speed (RX)", 10, datalen, 0);
2344 - return -EINVAL;
2345 - }
2346 - }
2347 -#endif
2348 - c->rxspeed = (((unsigned int) ntohs (raw[3])) << 16) |
2349 - ((unsigned int) ntohs (raw[4]));
2350 - if (debug_avp)
2351 - {
2352 - if (DEBUG)
2353 - log (LOG_DEBUG,
2354 - "%s: receive baud rate is %d\n", __FUNCTION__, c->rxspeed);
2355 - }
2356 + c->rxspeed = get32(p);
2357 + if(debug_avp)
2358 + log(LOG_DEBUG, "%s: receive baud rate is %d\n", __func__, c->rxspeed);
2359 return 0;
2360 }
2361
2362 -int tx_speed_avp (struct tunnel *t, struct call *c, void *data, int datalen)
2363 +/*****************************************************************************/
2364 +int tx_speed_avp (struct tunnel *t, struct call *c, void *data, int avplen)
2365 {
2366 - /*
2367 - * What is the tranmsit baud rate of the call?
2368 - */
2369 - _u16 *raw = data;
2370 + u_int8_t *p = data + sizeof(struct avp_hdr);
2371
2372 -#ifdef SANITY
2373 - if (t->sanity)
2374 - {
2375 - switch (c->msgtype)
2376 - {
2377 - case ICCN:
2378 - case OCCN:
2379 - case OCRP:
2380 - break;
2381 - default:
2382 - if (DEBUG)
2383 - log (LOG_DEBUG,
2384 - "%s: tx connect speed not appropriate for message %s. Ignoring.\n",
2385 - __FUNCTION__, msgtypes[c->msgtype]);
2386 - return 0;
2387 - }
2388 - if (datalen != 10)
2389 - {
2390 - if (DEBUG)
2391 - log (LOG_DEBUG,
2392 - "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
2393 - datalen);
2394 - wrong_length (c, "Connect Speed (tx)", 10, datalen, 0);
2395 - return -EINVAL;
2396 - }
2397 - }
2398 -#endif
2399 - c->txspeed = (((unsigned int) ntohs (raw[3])) << 16) |
2400 - ((unsigned int) ntohs (raw[4]));
2401 + c->txspeed = get32(p);
2402 if (debug_avp)
2403 - {
2404 - if (DEBUG)
2405 - log (LOG_DEBUG,
2406 - "%s: transmit baud rate is %d\n", __FUNCTION__, c->txspeed);
2407 - }
2408 + log (LOG_DEBUG, "%s: transmit baud rate is %d\n",
2409 + __func__, c->txspeed);
2410 return 0;
2411 }
2412 +
2413 +/*****************************************************************************/
2414 int call_physchan_avp (struct tunnel *t, struct call *c, void *data,
2415 - int datalen)
2416 + int avplen)
2417 {
2418 - /*
2419 - * What is the physical channel?
2420 - */
2421 - _u16 *raw = data;
2422 + u_int8_t *p = data + sizeof(struct avp_hdr);
2423
2424 -#ifdef SANITY
2425 - if (t->sanity)
2426 - {
2427 - switch (c->msgtype)
2428 - {
2429 - case ICRQ:
2430 - case OCRQ:
2431 - case OCRP:
2432 - case OCCN:
2433 - break;
2434 - default:
2435 - if (DEBUG)
2436 - log (LOG_DEBUG,
2437 - "%s: physical channel not appropriate for message %s. Ignoring.\n",
2438 - __FUNCTION__, msgtypes[c->msgtype]);
2439 - return 0;
2440 - }
2441 - if (datalen != 10)
2442 - {
2443 - if (DEBUG)
2444 - log (LOG_DEBUG,
2445 - "%s: avp is wrong size. %d != 10\n", __FUNCTION__,
2446 - datalen);
2447 - wrong_length (c, "Physical Channel", 10, datalen, 0);
2448 - return -EINVAL;
2449 - }
2450 - }
2451 -#endif
2452 - t->call_head->physchan = (((unsigned int) ntohs (raw[3])) << 16) |
2453 - ((unsigned int) ntohs (raw[4]));
2454 + t->call_head->physchan = get32(p);
2455 if (debug_avp)
2456 - {
2457 - if (DEBUG)
2458 - log (LOG_DEBUG,
2459 - "%s: physical channel is %d\n", __FUNCTION__,
2460 - t->call_head->physchan);
2461 - }
2462 + log(LOG_DEBUG, "%s: physical channel is %d\n", __func__,
2463 + t->call_head->physchan);
2464 return 0;
2465 }
2466
2467 +/*****************************************************************************/
2468 int receive_window_size_avp (struct tunnel *t, struct call *c, void *data,
2469 - int datalen)
2470 + int avplen)
2471 {
2472 - /*
2473 - * What is their RWS?
2474 - */
2475 - _u16 *raw = data;
2476 + u_int8_t *p = data + sizeof(struct avp_hdr);
2477
2478 -#ifdef SANITY
2479 - if (t->sanity)
2480 - {
2481 - switch (c->msgtype)
2482 - {
2483 - case SCCRP:
2484 - case SCCRQ:
2485 - case OCRP: /* jz */
2486 - case OCCN: /* jz */
2487 - case StopCCN:
2488 -/* case ICRP:
2489 - case ICCN: */
2490 - break;
2491 - default:
2492 - if (DEBUG)
2493 - log (LOG_DEBUG,
2494 - "%s: RWS not appropriate for message %s. Ignoring.\n",
2495 - __FUNCTION__, msgtypes[c->msgtype]);
2496 - return 0;
2497 - }
2498 - if (datalen != 8)
2499 - {
2500 - if (DEBUG)
2501 - log (LOG_DEBUG,
2502 - "%s: avp is wrong size. %d != 8\n", __FUNCTION__,
2503 - datalen);
2504 - wrong_length (c, "Receive Window Size", 8, datalen, 0);
2505 - return -EINVAL;
2506 - }
2507 - }
2508 -#endif
2509 - t->rws = ntohs (raw[3]);
2510 + t->rws = get16(p);
2511 /* if (c->rws >= 0)
2512 c->fbit = FBIT; */
2513 if (debug_avp)
2514 - {
2515 - if (DEBUG)
2516 - log (LOG_DEBUG,
2517 - "%s: peer wants RWS of %d. Will use flow control.\n",
2518 - __FUNCTION__, t->rws);
2519 - }
2520 + log (LOG_DEBUG, "%s: peer wants RWS of %d. Will use flow control.\n",
2521 + __func__, t->rws);
2522 return 0;
2523 }
2524
2525
2526 +/*****************************************************************************/
2527 int handle_avps (struct buffer *buf, struct tunnel *t, struct call *c)
2528 {
2529 /*
2530 @@ -1594,82 +770,100 @@
2531
2532 struct avp_hdr *avp;
2533 int len = buf->len - sizeof (struct control_hdr);
2534 + u_int16_t rlen = 0;
2535 + u_int16_t attr = 0;
2536 int firstavp = -1;
2537 - int hidlen;
2538 + int hidlen = 0;
2539 char *data = buf->start + sizeof (struct control_hdr);
2540 avp = (struct avp_hdr *) data;
2541 +
2542 if (debug_avp)
2543 log (LOG_DEBUG, "%s: handling avp's for tunnel %d, call %d\n",
2544 - __FUNCTION__, t->ourtid, c->ourcid);
2545 + __func__, t->ourtid, c->ourcid);
2546 +
2547 + if(len < 6) {
2548 + log (LOG_WARN, "%s: packet too small\n", __func__);
2549 + set_error(c, ERROR_LENGTH, "Invalid message length");
2550 + return -EINVAL;
2551 + }
2552 +
2553 while (len > 0)
2554 {
2555 - /* Go ahead and byte-swap the header */
2556 - swaps (avp, sizeof (struct avp_hdr));
2557 - if (avp->attr > AVP_MAX)
2558 + rlen = get16((u_int8_t*)&avp->length);
2559 + attr = get16((u_int8_t*)&avp->attr);
2560 +
2561 + /* AVP header checks */
2562 + if (attr > AVP_MAX)
2563 {
2564 - if (AMBIT (avp->length))
2565 + if (AMBIT(rlen))
2566 {
2567 log (LOG_WARN,
2568 - "%s: dont know how to handle mandatory attribute %d. Closing %s.\n"
2569 - __FUNCTION__, avp->attr,
2570 - (c != t->self) ? "call" : "tunnel");
2571 - set_error (c, VENDOR_ERROR,
2572 - "mandatory attribute %d cannot be handled",
2573 - avp->attr);
2574 - c->needclose = -1;
2575 + "%s: unhandeled mandatory attribute %d. Closing %s.\n",
2576 + __func__, attr, (c != t->self) ? "call" : "tunnel");
2577 + set_error (c, VENDOR_ERROR,
2578 + "mandatory attribute %d cannot be handled", attr);
2579 return -EINVAL;
2580 }
2581 else
2582 {
2583 if (DEBUG)
2584 log (LOG_WARN,
2585 - "%s: dont know how to handle atribute %d.\n",
2586 - __FUNCTION__, avp->attr);
2587 + "%s: handeled attribute %d.\n",
2588 + __func__, attr);
2589 goto next;
2590 }
2591 }
2592 - if (ALENGTH (avp->length) > len)
2593 + if (ALENGTH (rlen) > len)
2594 {
2595 log (LOG_WARN,
2596 - "%s: AVP received with length > remaining packet length!\n",
2597 - __FUNCTION__);
2598 + "%s: AVP reported length > remaining packet length\n",
2599 + __func__);
2600 set_error (c, ERROR_LENGTH, "Invalid AVP length");
2601 - c->needclose = -1;
2602 return -EINVAL;
2603 }
2604 - if (avp->attr && firstavp)
2605 + if (ALENGTH (rlen) < sizeof (struct avp_hdr))
2606 {
2607 - log (LOG_WARN, "%s: First AVP was not message type.\n",
2608 - __FUNCTION__);
2609 - set_error (c, VENDOR_ERROR, "First AVP must be message type");
2610 - c->needclose = -1;
2611 + log (LOG_WARN, "%s: AVP reported length too small (%d).\n",
2612 + __func__, ALENGTH (rlen));
2613 + set_error (c, ERROR_LENGTH, "AVP too small");
2614 return -EINVAL;
2615 }
2616 - if (ALENGTH (avp->length) < sizeof (struct avp_hdr))
2617 + if (avps[attr].sz) {
2618 + if((avps[attr].flags & AVP_F_FIXLEN) ?
2619 + (ALENGTH(rlen) - sizeof(struct avp_hdr)) != avps[attr].sz :
2620 + (ALENGTH(rlen) - sizeof(struct avp_hdr)) > avps[attr].sz) {
2621 + log (LOG_DEBUG, "%s: %s avp size mismatch (%d %s %d)\n",
2622 + __func__,
2623 + avps[attr].description,
2624 + (avps[attr].flags & AVP_F_FIXLEN) ? "!=" : "<",
2625 + ALENGTH(rlen), avps[attr].sz);
2626 + set_error (c, ERROR_LENGTH, "AVP size check failed");
2627 + return -EINVAL;
2628 + }
2629 + }
2630 + if (attr && firstavp)
2631 {
2632 - log (LOG_WARN, "%s: AVP with too small of size (%d).\n",
2633 - __FUNCTION__, ALENGTH (avp->length));
2634 - set_error (c, ERROR_LENGTH, "AVP too small");
2635 - c->needclose = -1;
2636 + log (LOG_WARN, "%s: First AVP was not message type.\n",
2637 + __func__);
2638 + set_error (c, VENDOR_ERROR, "First AVP must be message type");
2639 return -EINVAL;
2640 }
2641 - if (AZBITS (avp->length))
2642 + if (AZBITS (rlen))
2643 {
2644 - log (LOG_WARN, "%s: %sAVP has reserved bits set.\n", __FUNCTION__,
2645 - AMBIT (avp->length) ? "Mandatory " : "");
2646 - if (AMBIT (avp->length))
2647 + log (LOG_WARN, "%s: %sAVP has reserved bits set.\n", __func__,
2648 + AMBIT (rlen) ? "Mandatory " : "");
2649 + if (AMBIT (rlen))
2650 {
2651 set_error (c, ERROR_RESERVED, "reserved bits set in AVP");
2652 - c->needclose = -1;
2653 return -EINVAL;
2654 }
2655 goto next;
2656 }
2657 - if (AHBIT (avp->length))
2658 +
2659 + /* decryption */
2660 + if (AHBIT (rlen))
2661 {
2662 -#ifdef DEBUG_HIDDEN
2663 - log (LOG_DEBUG, "%s: Hidden bit set on AVP.\n", __FUNCTION__);
2664 -#endif
2665 + log (LOG_DEBUG, "%s: Hidden bit set on AVP.\n", __func__);
2666 /* We want to rewrite the AVP as an unhidden AVP
2667 and then pass it along as normal. Remeber how
2668 long the AVP was in the first place though! */
2669 @@ -1678,12 +872,11 @@
2670 {
2671 if (debug_avp)
2672 log (LOG_WARN, "%s: Unable to handle hidden %sAVP\n:",
2673 - __FUNCTION__,
2674 - (AMBIT (avp->length) ? "mandatory " : ""));
2675 - if (AMBIT (avp->length))
2676 + __func__,
2677 + (AMBIT (rlen) ? "mandatory " : ""));
2678 + if (AMBIT (rlen))
2679 {
2680 set_error (c, VENDOR_ERROR, "Invalid Hidden AVP");
2681 - c->needclose = -1;
2682 return -EINVAL;
2683 }
2684 goto next;
2685 @@ -1696,17 +889,43 @@
2686 }
2687 else
2688 hidlen = 0;
2689 - if (avps[avp->attr].handler)
2690 +
2691 + /* validate */
2692 + if (avps[attr].validate)
2693 + {
2694 + if(avps[attr].validate(attr, t, c, avp, ALENGTH (rlen))) {
2695 + if (AMBIT (rlen))
2696 + {
2697 + log (LOG_WARN,
2698 + "%s: verification of AVP %d (%s) failed.\n",
2699 + __func__, attr,
2700 + avps[attr].description);
2701 + set_error (c, VENDOR_ERROR, "processing failed on mandatory AVP");
2702 + return -EINVAL;
2703 + }
2704 + else
2705 + {
2706 + if (DEBUG)
2707 + log (LOG_DEBUG,
2708 + "%s: Bad exit status handling attribute %d (%s).\n",
2709 + __func__, attr,
2710 + avps[attr].description);
2711 + }
2712 + }
2713 + }
2714 +
2715 + /* handling */
2716 + if (avps[attr].handle)
2717 {
2718 - if (avps[avp->attr].handler (t, c, avp, ALENGTH (avp->length)))
2719 + if (avps[attr].handle(t, c, avp, ALENGTH (rlen)))
2720 {
2721 - if (AMBIT (avp->length))
2722 + if (AMBIT (rlen))
2723 {
2724 log (LOG_WARN,
2725 - "%s: Bad exit status handling attribute %d (%s) on mandatory packet.\n",
2726 - __FUNCTION__, avp->attr,
2727 - avps[avp->attr].description);
2728 - c->needclose = -1;
2729 + "%s: Bad exit status handling mandatory attribute %d (%s).\n",
2730 + __func__, attr,
2731 + avps[attr].description);
2732 + set_error (c, VENDOR_ERROR, "processing failed on mandatory AVP");
2733 return -EINVAL;
2734 }
2735 else
2736 @@ -1714,29 +933,31 @@
2737 if (DEBUG)
2738 log (LOG_DEBUG,
2739 "%s: Bad exit status handling attribute %d (%s).\n",
2740 - __FUNCTION__, avp->attr,
2741 - avps[avp->attr].description);
2742 + __func__, attr,
2743 + avps[attr].description);
2744 }
2745 }
2746 }
2747 else
2748 {
2749 - if (AMBIT (avp->length))
2750 + if (AMBIT (rlen))
2751 {
2752 log (LOG_WARN,
2753 "%s: No handler for mandatory attribute %d (%s). Closing %s.\n",
2754 - __FUNCTION__, avp->attr, avps[avp->attr].description,
2755 + __func__, attr,
2756 + avps[attr].description,
2757 (c != t->self) ? "call" : "tunnel");
2758 set_error (c, VENDOR_ERROR, "No handler for attr %d (%s)\n",
2759 - avp->attr, avps[avp->attr].description);
2760 + attr,
2761 + avps[attr].description);
2762 return -EINVAL;
2763 }
2764 else
2765 {
2766 if (DEBUG)
2767 log (LOG_WARN, "%s: no handler for atribute %d (%s).\n",
2768 - __FUNCTION__, avp->attr,
2769 - avps[avp->attr].description);
2770 + __func__, attr,
2771 + avps[attr].description);
2772 }
2773 }
2774 next:
2775 @@ -1748,16 +969,17 @@
2776 }
2777 else
2778 {
2779 - len -= ALENGTH (avp->length);
2780 - data += ALENGTH (avp->length); /* Next AVP, please */
2781 + len -= ALENGTH (rlen);
2782 + data += ALENGTH (rlen); /* Next AVP, please */
2783 }
2784 avp = (struct avp_hdr *) data;
2785 firstavp = 0;
2786 }
2787 if (len != 0)
2788 {
2789 - log (LOG_WARN, "%s: negative overall packet length\n", __FUNCTION__);
2790 + log (LOG_WARN, "%s: negative overall packet length\n", __func__);
2791 return -EINVAL;
2792 }
2793 +
2794 return 0;
2795 }
2796 --- l2tpd-0.70-pre20031121.orig/avpsend.c
2797 +++ l2tpd-0.70-pre20031121/avpsend.c
2798 @@ -1,11 +1,5 @@
2799 /*
2800 - * $Id$
2801 - *
2802 - * Layer Two Tunnelling Protocol Daemon
2803 - * Copyright (C) 1998 Adtran, Inc.
2804 - * Copyright (C) 2002 Jeff McAdams
2805 - *
2806 - * Mark Spencer
2807 + * Copyright (C) 2004 Jean-Francois Dive
2808 *
2809 * This software is distributed under the terms
2810 * of the GPL, which you should have received
2811 @@ -14,337 +8,288 @@
2812 * Attribute Value Pair creating routines
2813 */
2814
2815 +/* TODO: Handle Tie break */
2816 +/* TODO: Get real hostname / config */
2817 +/* TODO: There should be an overflow check on
2818 + * the buffer size. (safe for now as
2819 + * packet size = 4k
2820 + */
2821 +
2822 #include <stdlib.h>
2823 #include <string.h>
2824 -#include <netinet/in.h>
2825 +#include <unistd.h>
2826 #include "l2tp.h"
2827
2828 -/*
2829 - * These routines should add avp's to a buffer
2830 - * to be sent
2831 - */
2832 +extern struct avp avps[];
2833
2834 +/* We could add here padding support which would allow
2835 + * to keep alignemnt straight <jdive> */
2836 +static int add_avp(struct buffer *buf, u_int32_t avpid, unsigned char *v,
2837 + u_int32_t sz, u_int8_t setpayload) {
2838 + u_int8_t *p = buf->start + buf->len;
2839 +
2840 + if(avpid > AVP_MAX || !avps[avpid].flags) {
2841 + log(LOG_DEBUG, "%s: invalid avp id %d\n", __func__, avpid);
2842 + return 1;
2843 + }
2844 +
2845 + set16(p, (sz + 6) | (avps[avpid].flags & AVP_F_MANDATORY ? MBIT : 0));
2846 + set16(p + 2, VENDOR_ID);
2847 + set16(p + 4, avpid);
2848 + if(setpayload)
2849 + memcpy(p + 6, v, sz);
2850
2851 -/* FIXME: If SANITY is on, we should check for buffer overruns */
2852 + buf->len += (sz + 6);
2853 + return 0;
2854 +}
2855
2856 -/* FIXME: Can't this be condensed alot? */
2857 +/*****************************************************************************/
2858 +int add_message_type_avp(struct buffer *buf, _u16 type) {
2859 + u_int8_t t[2];
2860 + set16(t, type);
2861 + if(add_avp(buf, MESSAGE_TYPE_AVP, t, 2, 1))
2862 + return 1;
2863 + return 0;
2864 +}
2865
2866 -int add_message_type_avp (struct buffer *buf, _u16 type)
2867 -{
2868 - _u16 *raw = (_u16 *) (buf->start + buf->len);
2869 - raw[0] = htons (0x8 | MBIT);
2870 - raw[1] = htons (VENDOR_ID);
2871 - raw[2] = 0;
2872 - raw[3] = htons (type);
2873 - buf->len += 8;
2874 +/*****************************************************************************/
2875 +int add_protocol_avp(struct buffer *buf) {
2876 + u_int8_t t[2];
2877 + set16(t, OUR_L2TP_VERSION);
2878 + if(add_avp(buf, PROTOCOL_VERSION_AVP, t, 2, 1))
2879 + return 1;
2880 return 0;
2881 }
2882
2883 -int add_protocol_avp (struct buffer *buf)
2884 -{
2885 - _u16 *raw = (_u16 *) (buf->start + buf->len);
2886 - raw[0] = htons (0x8 | MBIT); /* Length and M bit */
2887 - raw[1] = htons (VENDOR_ID);
2888 - raw[2] = htons (0x2); /* Value of our AVP */
2889 - raw[3] = htons (OUR_L2TP_VERSION);
2890 - buf->len += 8;
2891 +/*****************************************************************************/
2892 +int add_frame_caps_avp(struct buffer *buf, _u16 caps) {
2893 + u_int8_t t[4];
2894 + t[0] = 0;
2895 + t[1] = 0;
2896 + set16(&t[2], caps);
2897 + if(add_avp(buf, FRAMING_CAP_AVP, t, 4, 1))
2898 + return 1;
2899 return 0;
2900 }
2901
2902 -int add_frame_caps_avp (struct buffer *buf, _u16 caps)
2903 -{
2904 - _u16 *raw = (_u16 *) (buf->start + buf->len);
2905 - raw[0] = htons (0xA | MBIT);
2906 - raw[1] = htons (VENDOR_ID);
2907 - raw[2] = htons (0x3);
2908 - raw[3] = 0;
2909 - raw[4] = htons (caps);
2910 - buf->len += 10;
2911 +/*****************************************************************************/
2912 +int add_bearer_caps_avp(struct buffer *buf, _u16 caps) {
2913 + u_int8_t t[4];
2914 + t[0] = 0;
2915 + t[1] = 0;
2916 + set16(&t[2], caps);
2917 + if(add_avp(buf, BEARER_CAP_AVP, t, 4, 1))
2918 + return 1;
2919 return 0;
2920 }
2921
2922 -int add_bearer_caps_avp (struct buffer *buf, _u16 caps)
2923 -{
2924 - _u16 *raw = (_u16 *) (buf->start + buf->len);
2925 - raw[0] = htons (0xA | MBIT);
2926 - raw[1] = htons (VENDOR_ID);
2927 - raw[2] = htons (0x4);
2928 - raw[3] = 0;
2929 - raw[4] = htons (caps);
2930 - buf->len += 10;
2931 +/*****************************************************************************/
2932 +int add_firmware_avp(struct buffer *buf) {
2933 + u_int8_t t[2];
2934 + set16(t, OUR_L2TP_VERSION);
2935 + if(add_avp(buf, FIRMWARE_REV_AVP, t, 2, 1))
2936 + return 1;
2937 return 0;
2938 }
2939
2940 -/* FIXME: I need to send tie breaker AVP's */
2941 -
2942 -int add_firmware_avp (struct buffer *buf)
2943 -{
2944 - _u16 *raw = (_u16 *) (buf->start + buf->len);
2945 - raw[0] = htons (0x8);
2946 - raw[1] = htons (VENDOR_ID);
2947 - raw[2] = htons (0x6);
2948 - raw[3] = htons (FIRMWARE_REV);
2949 - buf->len += 8;
2950 +/*****************************************************************************/
2951 +int add_hostname_avp(struct buffer *buf, struct tunnel *t) {
2952 + char n[STRLEN];
2953 + int sz = 0;
2954 + if(t->lac && t->lac->hostname[0]) {
2955 + strncpy(n,t->lac->hostname, sizeof(n));
2956 + sz = strnlen(t->lac->hostname, sizeof(t->lac->hostname));
2957 + }
2958 + else if(t->lns && t->lns->hostname[0]) {
2959 + strncpy(n,t->lns->hostname, sizeof(n));
2960 + sz = strnlen(t->lns->hostname, sizeof(t->lns->hostname));
2961 + }
2962 + else {
2963 + if(gethostname(n, STRLEN)) {
2964 + strcpy(n,"eriwan");
2965 + sz = 6;
2966 + }
2967 + else
2968 + sz = strnlen(n, sizeof(n));
2969 + }
2970 + if(add_avp(buf, HOSTNAME_AVP, n, sz, 1))
2971 + return 1;
2972 return 0;
2973 }
2974
2975 -/*
2976 -int add_hostname_avp(struct buffer *buf) {
2977 - _u16 *raw = (_u16 *)(buf->start + buf->len);
2978 - raw[0] = htons((0x6 + strlen(hostname)) | MBIT);
2979 - raw[1] = htons(VENDOR_ID);
2980 - raw[2] = htons(0x7);
2981 - strcpy((char *)(&raw[3]), hostname);
2982 - buf->len += 6 + strlen(hostname);
2983 - return 0;
2984 +/*****************************************************************************/
2985 +int add_vendor_avp(struct buffer *buf) {
2986 + if(add_avp(buf, VENDOR_NAME_AVP, VENDOR_NAME, strlen(VENDOR_NAME), 1))
2987 + return 1;
2988 + return 0;
2989 }
2990 -*/
2991
2992 -int add_hostname_avp (struct buffer *buf)
2993 -{
2994 - char names[6] = "eriwan";
2995 - _u16 *raw = (_u16 *) (buf->start + buf->len);
2996 - raw[0] = htons (0xC | MBIT);
2997 - raw[1] = htons (VENDOR_ID);
2998 - raw[2] = htons (0x7);
2999 - strcpy ((char *) (&raw[3]), names);
3000 - buf->len += 12;
3001 - return 0;
3002 -}
3003 -
3004 -int add_vendor_avp (struct buffer *buf)
3005 -{
3006 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3007 - raw[0] = htons (0x6 + strlen (VENDOR_NAME));
3008 - raw[1] = htons (VENDOR_ID);
3009 - raw[2] = htons (0x8);
3010 - strcpy ((char *) (&raw[3]), VENDOR_NAME);
3011 - buf->len += 6 + strlen (VENDOR_NAME);
3012 - return 0;
3013 -}
3014 -
3015 -int add_tunnelid_avp (struct buffer *buf, _u16 tid)
3016 -{
3017 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3018 - raw[0] = htons (0x8 | MBIT);
3019 - raw[1] = htons (VENDOR_ID);
3020 - raw[2] = htons (0x9);
3021 - raw[3] = htons (tid);
3022 - buf->len += 8;
3023 - return 0;
3024 -}
3025 -
3026 -int add_avp_rws (struct buffer *buf, _u16 rws)
3027 -{
3028 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3029 - raw[0] = htons (0x8 | MBIT);
3030 - raw[1] = htons (VENDOR_ID);
3031 - raw[2] = htons (0xA);
3032 - raw[3] = htons (rws);
3033 - buf->len += 8;
3034 - return 0;
3035 -}
3036 -
3037 -int add_challenge_avp (struct buffer *buf, char *c, int len)
3038 -{
3039 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3040 - raw[0] = htons ((0x6 + len) | MBIT);
3041 - raw[1] = htons (VENDOR_ID);
3042 - raw[2] = htons (0xB);
3043 - bcopy (c, (char *) (&raw[3]), len);
3044 - buf->len += 6 + len;
3045 - return 0;
3046 -}
3047 -
3048 -int add_chalresp_avp (struct buffer *buf, char *c, int len)
3049 -{
3050 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3051 - raw[0] = htons ((0x6 + len) | MBIT);
3052 - raw[1] = htons (VENDOR_ID);
3053 - raw[2] = htons (0xD);
3054 - bcopy (c, (char *) (&raw[3]), len);
3055 - buf->len += 6 + len;
3056 - return 0;
3057 -}
3058 -
3059 -int add_randvect_avp (struct buffer *buf, char *c, int len)
3060 -{
3061 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3062 - raw[0] = htons ((0x6 + len) | MBIT);
3063 - raw[1] = htons (VENDOR_ID);
3064 - raw[2] = htons (0x24);
3065 - bcopy (c, (char *) (&raw[3]), len);
3066 - buf->len += 6 + len;
3067 - return 0;
3068 -}
3069 -
3070 -int add_result_code_avp (struct buffer *buf, _u16 result, _u16 error,
3071 - char *msg, int len)
3072 -{
3073 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3074 - raw[0] = htons ((0xA + len) | MBIT);
3075 - raw[1] = htons (VENDOR_ID);
3076 - raw[2] = htons (0x1);
3077 - raw[3] = htons (result);
3078 - raw[4] = htons (error);
3079 - bcopy (msg, (char *) &raw[5], len);
3080 - buf->len += (10 + len);
3081 +/*****************************************************************************/
3082 +int add_tunnelid_avp(struct buffer *buf, _u16 tid) {
3083 + u_int8_t t[2];
3084 + set16(t, tid);
3085 + if(add_avp(buf, ASSIGNED_TUN_ID_AVP, t, 2, 1))
3086 + return 1;
3087 return 0;
3088 }
3089
3090 +/*****************************************************************************/
3091 +int add_avp_rws(struct buffer *buf, _u16 rws) {
3092 + u_int8_t t[2];
3093 + set16(t, rws);
3094 + if(add_avp(buf, RX_WIN_SIZE_AVP, t, 2, 1))
3095 + return 1;
3096 + return 0;
3097 +}
3098 +
3099 +/*****************************************************************************/
3100 +int add_challenge_avp(struct buffer *buf, char *c, int len) {
3101 + if(add_avp(buf, CHALLENGE_AVP, c, len, 1))
3102 + return 1;
3103 + return 0;
3104 +}
3105 +
3106 +/*****************************************************************************/
3107 +int add_chalresp_avp(struct buffer *buf, char *c, int len) {
3108 + if(add_avp(buf, CHALLENGE_RESP_AVP, c, len, 1))
3109 + return 1;
3110 + return 0;
3111 +}
3112 +
3113 +/*****************************************************************************/
3114 +int add_randvect_avp(struct buffer *buf, char *c, int len) {
3115 + if(add_avp(buf, RANDOM_VECTOR_AVP, c, len, 1))
3116 + return 1;
3117 + return 0;
3118 +}
3119 +
3120 +/*****************************************************************************/
3121 +int add_result_code_avp(struct buffer *buf, _u16 result, _u16 error,
3122 + char *msg, int len) {
3123 + u_int8_t t[4];
3124 + set16(t, result);
3125 + set16(&t[2], error);
3126 + memcpy((u_int8_t*)(buf->start + buf->len + 10), msg, len);
3127 + memcpy((u_int8_t*)(buf->start + buf->len + 6), t, 4);
3128 + if(add_avp(buf, RESULT_CODE_AVP, 0, 4 + len, 0))
3129 + return 1;
3130 + return 0;
3131 +}
3132 +
3133 +/*****************************************************************************/
3134 #ifdef TEST_HIDDEN
3135 -int add_callid_avp (struct buffer *buf, _u16 callid, struct tunnel *t)
3136 -{
3137 -#else
3138 -int add_callid_avp (struct buffer *buf, _u16 callid)
3139 -{
3140 -#endif
3141 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3142 -#ifdef TEST_HIDDEN
3143 +int add_callid_avp(struct buffer *buf, _u16 callid, struct tunnel *t) {
3144 + u_int8_t t[2];
3145 if (t->hbit)
3146 raw++;
3147 -#endif
3148 - raw[0] = htons (0x8 | MBIT);
3149 - raw[1] = htons (VENDOR_ID);
3150 - raw[2] = htons (0xE);
3151 - raw[3] = htons (callid);
3152 - buf->len += 8;
3153 -#ifdef TEST_HIDDEN
3154 + set16(t, callid);
3155 + if(add_avp(buf, ASSIGNED_SES_ID_AVP, t, 2, 1))
3156 + return 1;
3157 if (t->hbit)
3158 encrypt_avp (buf, 8, t);
3159 + return 0;
3160 +}
3161 +#else
3162 +int add_callid_avp(struct buffer *buf, _u16 callid) {
3163 + u_int8_t t[2];
3164 + set16(t, callid);
3165 + if(add_avp(buf, ASSIGNED_SES_ID_AVP, t, 2, 1))
3166 + return 1;
3167 + return 0;
3168 +}
3169 #endif
3170 +
3171 +/*****************************************************************************/
3172 +int add_serno_avp(struct buffer *buf, unsigned int serno) {
3173 + u_int8_t t[4];
3174 + set32(t, serno);
3175 + if(add_avp(buf, SERIAL_NUMBER_AVP, t, 4, 1))
3176 + return 1;
3177 + return 0;
3178 +}
3179 +
3180 +/*****************************************************************************/
3181 +int add_bearer_avp(struct buffer *buf, int bearer) {
3182 + u_int8_t t[4];
3183 + set32(t, bearer);
3184 + if(add_avp(buf, BEARER_TYPE_AVP, t, 4, 1))
3185 + return 1;
3186 + return 0;
3187 +}
3188 +
3189 +/*****************************************************************************/
3190 +int add_frame_avp(struct buffer *buf, int frame) {
3191 + u_int8_t t[4];
3192 + set32(t, frame);
3193 + if(add_avp(buf, FRAMING_TYPE_AVP, t, 4, 1))
3194 + return 1;
3195 + return 0;
3196 +}
3197 +
3198 +/*****************************************************************************/
3199 +int add_txspeed_avp(struct buffer *buf, int speed) {
3200 + u_int8_t t[4];
3201 + set32(t, speed);
3202 + if(add_avp(buf, TX_CONNECT_SPEED_AVP, t, 4, 1))
3203 + return 1;
3204 + return 0;
3205 +}
3206 +
3207 +/*****************************************************************************/
3208 +int add_rxspeed_avp(struct buffer *buf, int speed) {
3209 + u_int8_t t[4];
3210 + set32(t, speed);
3211 + if(add_avp(buf, RX_CONNECT_SPEED_AVP, t, 4, 1))
3212 + return 1;
3213 + return 0;
3214 +}
3215 +
3216 +/*****************************************************************************/
3217 +int add_physchan_avp(struct buffer *buf, unsigned int physchan) {
3218 + u_int8_t t[4];
3219 + set32(t, physchan);
3220 + if(add_avp(buf, PHYS_CHAN_ID_AVP, t, 4, 1))
3221 + return 1;
3222 + return 0;
3223 +}
3224 +
3225 +/*****************************************************************************/
3226 +int add_ppd_avp(struct buffer *buf, _u16 ppd) {
3227 + u_int8_t t[2];
3228 + set16(t, ppd);
3229 + if(add_avp(buf, PACKET_DELAY_AVP, t, 2, 1))
3230 + return 1;
3231 + return 0;
3232 +}
3233 +
3234 +/*****************************************************************************/
3235 +int add_seqreqd_avp(struct buffer *buf) {
3236 + if(add_avp(buf, SEQ_REQUIRED_AVP, 0, 0, 0))
3237 + return 1;
3238 + return 0;
3239 +}
3240 +
3241 +/*****************************************************************************/
3242 +int add_minbps_avp(struct buffer *buf, int speed) {
3243 + u_int8_t t[4];
3244 + set32(t, speed);
3245 + if(add_avp(buf, MIN_BPS_AVP, t, 4, 1))
3246 + return 1;
3247 return 0;
3248 }
3249
3250 -int add_serno_avp (struct buffer *buf, unsigned int serno)
3251 -{
3252 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3253 - raw[0] = htons (0xA | MBIT);
3254 - raw[1] = htons (VENDOR_ID);
3255 - raw[2] = htons (0xF);
3256 - raw[3] = htons ((serno >> 16) & 0xFFFF);
3257 - raw[4] = htons (serno & 0xFFFF);
3258 - buf->len += 10;
3259 - return 0;
3260 -}
3261 -
3262 -int add_bearer_avp (struct buffer *buf, int bearer)
3263 -{
3264 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3265 - raw[0] = htons (0xA | MBIT);
3266 - raw[1] = htons (VENDOR_ID);
3267 - raw[2] = htons (0x12);
3268 - raw[3] = htons ((bearer >> 16) & 0xFFFF);
3269 - raw[4] = htons (bearer & 0xFFFF);
3270 - buf->len += 10;
3271 - return 0;
3272 -}
3273 -
3274 -int add_frame_avp (struct buffer *buf, int frame)
3275 -{
3276 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3277 - raw[0] = htons (0xA | MBIT);
3278 - raw[1] = htons (VENDOR_ID);
3279 - raw[2] = htons (0x13);
3280 - raw[3] = htons ((frame >> 16) & 0xFFFF);
3281 - raw[4] = htons (frame & 0xFFFF);
3282 - buf->len += 10;
3283 - return 0;
3284 -}
3285 -
3286 -int add_txspeed_avp (struct buffer *buf, int speed)
3287 -{
3288 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3289 - raw[0] = htons (0xA | MBIT);
3290 - raw[1] = htons (VENDOR_ID);
3291 - raw[2] = htons (0x18);
3292 - raw[3] = htons ((speed >> 16) & 0xFFFF);
3293 - raw[4] = htons (speed & 0xFFFF);
3294 - buf->len += 10;
3295 - return 0;
3296 -}
3297 -
3298 -int add_rxspeed_avp (struct buffer *buf, int speed)
3299 -{
3300 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3301 - raw[0] = htons (0xA | MBIT);
3302 - raw[1] = htons (VENDOR_ID);
3303 - raw[2] = htons (0x26);
3304 - raw[3] = htons ((speed >> 16) & 0xFFFF);
3305 - raw[4] = htons (speed & 0xFFFF);
3306 - buf->len += 10;
3307 - return 0;
3308 -}
3309 -
3310 -int add_physchan_avp (struct buffer *buf, unsigned int physchan)
3311 -{
3312 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3313 - raw[0] = htons (0x8 | MBIT);
3314 - raw[1] = htons (VENDOR_ID);
3315 - raw[2] = htons (0x19);
3316 - raw[3] = htons ((physchan >> 16) & 0xFFFF);
3317 - raw[4] = htons (physchan & 0xFFFF);
3318 - buf->len += 10;
3319 - return 0;
3320 -}
3321 -
3322 -int add_ppd_avp (struct buffer *buf, _u16 ppd)
3323 -{
3324 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3325 - raw[0] = htons (0x8 | MBIT);
3326 - raw[1] = htons (VENDOR_ID);
3327 - raw[2] = htons (0x14);
3328 - raw[3] = htons (ppd);
3329 - buf->len += 8;
3330 - return 0;
3331 -}
3332 -
3333 -int add_seqreqd_avp (struct buffer *buf)
3334 -{
3335 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3336 - raw[0] = htons (0x6 | MBIT);
3337 - raw[1] = htons (VENDOR_ID);
3338 - raw[2] = htons (0x27);
3339 - buf->len += 6;
3340 - return 0;
3341 -}
3342 -
3343 -/* jz: options dor the outgoing call */
3344 -
3345 -/* jz: Minimum BPS - 16 */
3346 -int add_minbps_avp (struct buffer *buf, int speed)
3347 -{
3348 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3349 - raw[0] = htons (0xA | MBIT);
3350 - raw[1] = htons (VENDOR_ID);
3351 - raw[2] = htons (0x10);
3352 - raw[3] = htons ((speed >> 16) & 0xFFFF);
3353 - raw[4] = htons (speed & 0xFFFF);
3354 - buf->len += 10;
3355 - return 0;
3356 -}
3357 -
3358 -/* jz: Maximum BPS - 17 */
3359 -int add_maxbps_avp (struct buffer *buf, int speed)
3360 -{
3361 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3362 - raw[0] = htons (0xA | MBIT);
3363 - raw[1] = htons (VENDOR_ID);
3364 - raw[2] = htons (0x11);
3365 - raw[3] = htons ((speed >> 16) & 0xFFFF);
3366 - raw[4] = htons (speed & 0xFFFF);
3367 - buf->len += 10;
3368 - return 0;
3369 -}
3370 -
3371 -/* jz: Dialed Number 21 */
3372 -int add_number_avp (struct buffer *buf, char *no)
3373 -{
3374 - _u16 *raw = (_u16 *) (buf->start + buf->len);
3375 - raw[0] = htons ((0x6 + strlen (no)) | MBIT);
3376 - raw[1] = htons (VENDOR_ID);
3377 - raw[2] = htons (0x15);
3378 - strncpy ((char *) (&(raw[3])), no, strlen (no));
3379 - buf->len += 6 + strlen (no);
3380 +/*****************************************************************************/
3381 +int add_maxbps_avp(struct buffer *buf, int speed) {
3382 + u_int8_t t[4];
3383 + set32(t, speed);
3384 + if(add_avp(buf, MAX_BPS_AVP, t, 4, 1))
3385 + return 1;
3386 return 0;
3387 }
3388 +
3389 +/*****************************************************************************/
3390 +int add_number_avp(struct buffer *buf, char *no) {
3391 + if(add_avp(buf, CALLED_NUMBER_AVP, no, strlen(no), 1))
3392 + return 1;
3393 + return 0;
3394 +}