1 /*
2 * Copyright (c) 1991, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * L2TP support contributed by Motonori Shindo (mshindo@mshindo.net)
22 */
23
24 /* \summary: Layer Two Tunneling Protocol (L2TP) printer */
25
26 /* specification: RFC 2661 */
27
28 #include <config.h>
29
30 #include "netdissect-stdinc.h"
31
32 #include "netdissect.h"
33 #include "extract.h"
34
35 #define L2TP_FLAG_TYPE 0x8000 /* Type (0=Data, 1=Control) */
36 #define L2TP_FLAG_LENGTH 0x4000 /* Length */
37 #define L2TP_FLAG_SEQUENCE 0x0800 /* Sequence */
38 #define L2TP_FLAG_OFFSET 0x0200 /* Offset */
39 #define L2TP_FLAG_PRIORITY 0x0100 /* Priority */
40
41 #define L2TP_VERSION_MASK 0x000f /* Version Mask */
42 #define L2TP_VERSION_L2F 0x0001 /* L2F */
43 #define L2TP_VERSION_L2TP 0x0002 /* L2TP */
44
45 #define L2TP_AVP_HDR_FLAG_MANDATORY 0x8000 /* Mandatory Flag */
46 #define L2TP_AVP_HDR_FLAG_HIDDEN 0x4000 /* Hidden Flag */
47 #define L2TP_AVP_HDR_LEN_MASK 0x03ff /* Length Mask */
48
49 #define L2TP_FRAMING_CAP_SYNC_MASK 0x00000001 /* Synchronous */
50 #define L2TP_FRAMING_CAP_ASYNC_MASK 0x00000002 /* Asynchronous */
51
52 #define L2TP_FRAMING_TYPE_SYNC_MASK 0x00000001 /* Synchronous */
53 #define L2TP_FRAMING_TYPE_ASYNC_MASK 0x00000002 /* Asynchronous */
54
55 #define L2TP_BEARER_CAP_DIGITAL_MASK 0x00000001 /* Digital */
56 #define L2TP_BEARER_CAP_ANALOG_MASK 0x00000002 /* Analog */
57
58 #define L2TP_BEARER_TYPE_DIGITAL_MASK 0x00000001 /* Digital */
59 #define L2TP_BEARER_TYPE_ANALOG_MASK 0x00000002 /* Analog */
60
61 /* Authen Type */
62 #define L2TP_AUTHEN_TYPE_RESERVED 0x0000 /* Reserved */
63 #define L2TP_AUTHEN_TYPE_TEXTUAL 0x0001 /* Textual username/password exchange */
64 #define L2TP_AUTHEN_TYPE_CHAP 0x0002 /* PPP CHAP */
65 #define L2TP_AUTHEN_TYPE_PAP 0x0003 /* PPP PAP */
66 #define L2TP_AUTHEN_TYPE_NO_AUTH 0x0004 /* No Authentication */
67 #define L2TP_AUTHEN_TYPE_MSCHAPv1 0x0005 /* MSCHAPv1 */
68
69 #define L2TP_PROXY_AUTH_ID_MASK 0x00ff
70
71
72 #define L2TP_MSGTYPE_SCCRQ 1 /* Start-Control-Connection-Request */
73 #define L2TP_MSGTYPE_SCCRP 2 /* Start-Control-Connection-Reply */
74 #define L2TP_MSGTYPE_SCCCN 3 /* Start-Control-Connection-Connected */
75 #define L2TP_MSGTYPE_STOPCCN 4 /* Stop-Control-Connection-Notification */
76 #define L2TP_MSGTYPE_HELLO 6 /* Hello */
77 #define L2TP_MSGTYPE_OCRQ 7 /* Outgoing-Call-Request */
78 #define L2TP_MSGTYPE_OCRP 8 /* Outgoing-Call-Reply */
79 #define L2TP_MSGTYPE_OCCN 9 /* Outgoing-Call-Connected */
80 #define L2TP_MSGTYPE_ICRQ 10 /* Incoming-Call-Request */
81 #define L2TP_MSGTYPE_ICRP 11 /* Incoming-Call-Reply */
82 #define L2TP_MSGTYPE_ICCN 12 /* Incoming-Call-Connected */
83 #define L2TP_MSGTYPE_CDN 14 /* Call-Disconnect-Notify */
84 #define L2TP_MSGTYPE_WEN 15 /* WAN-Error-Notify */
85 #define L2TP_MSGTYPE_SLI 16 /* Set-Link-Info */
86
87 static const struct tok l2tp_msgtype2str[] = {
88 { L2TP_MSGTYPE_SCCRQ, "SCCRQ" },
89 { L2TP_MSGTYPE_SCCRP, "SCCRP" },
90 { L2TP_MSGTYPE_SCCCN, "SCCCN" },
91 { L2TP_MSGTYPE_STOPCCN, "StopCCN" },
92 { L2TP_MSGTYPE_HELLO, "HELLO" },
93 { L2TP_MSGTYPE_OCRQ, "OCRQ" },
94 { L2TP_MSGTYPE_OCRP, "OCRP" },
95 { L2TP_MSGTYPE_OCCN, "OCCN" },
96 { L2TP_MSGTYPE_ICRQ, "ICRQ" },
97 { L2TP_MSGTYPE_ICRP, "ICRP" },
98 { L2TP_MSGTYPE_ICCN, "ICCN" },
99 { L2TP_MSGTYPE_CDN, "CDN" },
100 { L2TP_MSGTYPE_WEN, "WEN" },
101 { L2TP_MSGTYPE_SLI, "SLI" },
102 { 0, NULL }
103 };
104
105 #define L2TP_AVP_MSGTYPE 0 /* Message Type */
106 #define L2TP_AVP_RESULT_CODE 1 /* Result Code */
107 #define L2TP_AVP_PROTO_VER 2 /* Protocol Version */
108 #define L2TP_AVP_FRAMING_CAP 3 /* Framing Capabilities */
109 #define L2TP_AVP_BEARER_CAP 4 /* Bearer Capabilities */
110 #define L2TP_AVP_TIE_BREAKER 5 /* Tie Breaker */
111 #define L2TP_AVP_FIRM_VER 6 /* Firmware Revision */
112 #define L2TP_AVP_HOST_NAME 7 /* Host Name */
113 #define L2TP_AVP_VENDOR_NAME 8 /* Vendor Name */
114 #define L2TP_AVP_ASSND_TUN_ID 9 /* Assigned Tunnel ID */
115 #define L2TP_AVP_RECV_WIN_SIZE 10 /* Receive Window Size */
116 #define L2TP_AVP_CHALLENGE 11 /* Challenge */
117 #define L2TP_AVP_Q931_CC 12 /* Q.931 Cause Code */
118 #define L2TP_AVP_CHALLENGE_RESP 13 /* Challenge Response */
119 #define L2TP_AVP_ASSND_SESS_ID 14 /* Assigned Session ID */
120 #define L2TP_AVP_CALL_SER_NUM 15 /* Call Serial Number */
121 #define L2TP_AVP_MINIMUM_BPS 16 /* Minimum BPS */
122 #define L2TP_AVP_MAXIMUM_BPS 17 /* Maximum BPS */
123 #define L2TP_AVP_BEARER_TYPE 18 /* Bearer Type */
124 #define L2TP_AVP_FRAMING_TYPE 19 /* Framing Type */
125 #define L2TP_AVP_PACKET_PROC_DELAY 20 /* Packet Processing Delay (OBSOLETE) */
126 #define L2TP_AVP_CALLED_NUMBER 21 /* Called Number */
127 #define L2TP_AVP_CALLING_NUMBER 22 /* Calling Number */
128 #define L2TP_AVP_SUB_ADDRESS 23 /* Sub-Address */
129 #define L2TP_AVP_TX_CONN_SPEED 24 /* (Tx) Connect Speed */
130 #define L2TP_AVP_PHY_CHANNEL_ID 25 /* Physical Channel ID */
131 #define L2TP_AVP_INI_RECV_LCP 26 /* Initial Received LCP CONFREQ */
132 #define L2TP_AVP_LAST_SENT_LCP 27 /* Last Sent LCP CONFREQ */
133 #define L2TP_AVP_LAST_RECV_LCP 28 /* Last Received LCP CONFREQ */
134 #define L2TP_AVP_PROXY_AUTH_TYPE 29 /* Proxy Authen Type */
135 #define L2TP_AVP_PROXY_AUTH_NAME 30 /* Proxy Authen Name */
136 #define L2TP_AVP_PROXY_AUTH_CHAL 31 /* Proxy Authen Challenge */
137 #define L2TP_AVP_PROXY_AUTH_ID 32 /* Proxy Authen ID */
138 #define L2TP_AVP_PROXY_AUTH_RESP 33 /* Proxy Authen Response */
139 #define L2TP_AVP_CALL_ERRORS 34 /* Call Errors */
140 #define L2TP_AVP_ACCM 35 /* ACCM */
141 #define L2TP_AVP_RANDOM_VECTOR 36 /* Random Vector */
142 #define L2TP_AVP_PRIVATE_GRP_ID 37 /* Private Group ID */
143 #define L2TP_AVP_RX_CONN_SPEED 38 /* (Rx) Connect Speed */
144 #define L2TP_AVP_SEQ_REQUIRED 39 /* Sequencing Required */
145 #define L2TP_AVP_PPP_DISCON_CC 46 /* PPP Disconnect Cause Code - RFC 3145 */
146
147 static const struct tok l2tp_avp2str[] = {
148 { L2TP_AVP_MSGTYPE, "MSGTYPE" },
149 { L2TP_AVP_RESULT_CODE, "RESULT_CODE" },
150 { L2TP_AVP_PROTO_VER, "PROTO_VER" },
151 { L2TP_AVP_FRAMING_CAP, "FRAMING_CAP" },
152 { L2TP_AVP_BEARER_CAP, "BEARER_CAP" },
153 { L2TP_AVP_TIE_BREAKER, "TIE_BREAKER" },
154 { L2TP_AVP_FIRM_VER, "FIRM_VER" },
155 { L2TP_AVP_HOST_NAME, "HOST_NAME" },
156 { L2TP_AVP_VENDOR_NAME, "VENDOR_NAME" },
157 { L2TP_AVP_ASSND_TUN_ID, "ASSND_TUN_ID" },
158 { L2TP_AVP_RECV_WIN_SIZE, "RECV_WIN_SIZE" },
159 { L2TP_AVP_CHALLENGE, "CHALLENGE" },
160 { L2TP_AVP_Q931_CC, "Q931_CC", },
161 { L2TP_AVP_CHALLENGE_RESP, "CHALLENGE_RESP" },
162 { L2TP_AVP_ASSND_SESS_ID, "ASSND_SESS_ID" },
163 { L2TP_AVP_CALL_SER_NUM, "CALL_SER_NUM" },
164 { L2TP_AVP_MINIMUM_BPS, "MINIMUM_BPS" },
165 { L2TP_AVP_MAXIMUM_BPS, "MAXIMUM_BPS" },
166 { L2TP_AVP_BEARER_TYPE, "BEARER_TYPE" },
167 { L2TP_AVP_FRAMING_TYPE, "FRAMING_TYPE" },
168 { L2TP_AVP_PACKET_PROC_DELAY, "PACKET_PROC_DELAY" },
169 { L2TP_AVP_CALLED_NUMBER, "CALLED_NUMBER" },
170 { L2TP_AVP_CALLING_NUMBER, "CALLING_NUMBER" },
171 { L2TP_AVP_SUB_ADDRESS, "SUB_ADDRESS" },
172 { L2TP_AVP_TX_CONN_SPEED, "TX_CONN_SPEED" },
173 { L2TP_AVP_PHY_CHANNEL_ID, "PHY_CHANNEL_ID" },
174 { L2TP_AVP_INI_RECV_LCP, "INI_RECV_LCP" },
175 { L2TP_AVP_LAST_SENT_LCP, "LAST_SENT_LCP" },
176 { L2TP_AVP_LAST_RECV_LCP, "LAST_RECV_LCP" },
177 { L2TP_AVP_PROXY_AUTH_TYPE, "PROXY_AUTH_TYPE" },
178 { L2TP_AVP_PROXY_AUTH_NAME, "PROXY_AUTH_NAME" },
179 { L2TP_AVP_PROXY_AUTH_CHAL, "PROXY_AUTH_CHAL" },
180 { L2TP_AVP_PROXY_AUTH_ID, "PROXY_AUTH_ID" },
181 { L2TP_AVP_PROXY_AUTH_RESP, "PROXY_AUTH_RESP" },
182 { L2TP_AVP_CALL_ERRORS, "CALL_ERRORS" },
183 { L2TP_AVP_ACCM, "ACCM" },
184 { L2TP_AVP_RANDOM_VECTOR, "RANDOM_VECTOR" },
185 { L2TP_AVP_PRIVATE_GRP_ID, "PRIVATE_GRP_ID" },
186 { L2TP_AVP_RX_CONN_SPEED, "RX_CONN_SPEED" },
187 { L2TP_AVP_SEQ_REQUIRED, "SEQ_REQUIRED" },
188 { L2TP_AVP_PPP_DISCON_CC, "PPP_DISCON_CC" },
189 { 0, NULL }
190 };
191
192 static const struct tok l2tp_authentype2str[] = {
193 { L2TP_AUTHEN_TYPE_RESERVED, "Reserved" },
194 { L2TP_AUTHEN_TYPE_TEXTUAL, "Textual" },
195 { L2TP_AUTHEN_TYPE_CHAP, "CHAP" },
196 { L2TP_AUTHEN_TYPE_PAP, "PAP" },
197 { L2TP_AUTHEN_TYPE_NO_AUTH, "No Auth" },
198 { L2TP_AUTHEN_TYPE_MSCHAPv1, "MS-CHAPv1" },
199 { 0, NULL }
200 };
201
202 #define L2TP_PPP_DISCON_CC_DIRECTION_GLOBAL 0
203 #define L2TP_PPP_DISCON_CC_DIRECTION_AT_PEER 1
204 #define L2TP_PPP_DISCON_CC_DIRECTION_AT_LOCAL 2
205
206 static const struct tok l2tp_cc_direction2str[] = {
207 { L2TP_PPP_DISCON_CC_DIRECTION_GLOBAL, "global error" },
208 { L2TP_PPP_DISCON_CC_DIRECTION_AT_PEER, "at peer" },
209 { L2TP_PPP_DISCON_CC_DIRECTION_AT_LOCAL,"at local" },
210 { 0, NULL }
211 };
212
213 #if 0
214 static char *l2tp_result_code_StopCCN[] = {
215 "Reserved",
216 "General request to clear control connection",
217 "General error--Error Code indicates the problem",
218 "Control channel already exists",
219 "Requester is not authorized to establish a control channel",
220 "The protocol version of the requester is not supported",
221 "Requester is being shut down",
222 "Finite State Machine error"
223 #define L2TP_MAX_RESULT_CODE_STOPCC_INDEX 8
224 };
225 #endif
226
227 #if 0
228 static char *l2tp_result_code_CDN[] = {
229 "Reserved",
230 "Call disconnected due to loss of carrier",
231 "Call disconnected for the reason indicated in error code",
232 "Call disconnected for administrative reasons",
233 "Call failed due to lack of appropriate facilities being "
234 "available (temporary condition)",
235 "Call failed due to lack of appropriate facilities being "
236 "available (permanent condition)",
237 "Invalid destination",
238 "Call failed due to no carrier detected",
239 "Call failed due to detection of a busy signal",
240 "Call failed due to lack of a dial tone",
241 "Call was not established within time allotted by LAC",
242 "Call was connected but no appropriate framing was detected"
243 #define L2TP_MAX_RESULT_CODE_CDN_INDEX 12
244 };
245 #endif
246
247 #if 0
248 static char *l2tp_error_code_general[] = {
249 "No general error",
250 "No control connection exists yet for this LAC-LNS pair",
251 "Length is wrong",
252 "One of the field values was out of range or "
253 "reserved field was non-zero"
254 "Insufficient resources to handle this operation now",
255 "The Session ID is invalid in this context",
256 "A generic vendor-specific error occurred in the LAC",
257 "Try another"
258 #define L2TP_MAX_ERROR_CODE_GENERAL_INDEX 8
259 };
260 #endif
261
262 /******************************/
263 /* generic print out routines */
264 /******************************/
265 static void
print_string(netdissect_options * ndo,const u_char * dat,u_int length)266 print_string(netdissect_options *ndo, const u_char *dat, u_int length)
267 {
268 u_int i;
269 for (i=0; i<length; i++) {
270 fn_print_char(ndo, GET_U_1(dat));
271 dat++;
272 }
273 }
274
275 static void
print_octets(netdissect_options * ndo,const u_char * dat,u_int length)276 print_octets(netdissect_options *ndo, const u_char *dat, u_int length)
277 {
278 u_int i;
279 for (i=0; i<length; i++) {
280 ND_PRINT("%02x", GET_U_1(dat));
281 dat++;
282 }
283 }
284
285 static void
print_16bits_val(netdissect_options * ndo,const uint8_t * dat)286 print_16bits_val(netdissect_options *ndo, const uint8_t *dat)
287 {
288 ND_PRINT("%u", GET_BE_U_2(dat));
289 }
290
291 static void
print_32bits_val(netdissect_options * ndo,const uint8_t * dat)292 print_32bits_val(netdissect_options *ndo, const uint8_t *dat)
293 {
294 ND_PRINT("%u", GET_BE_U_4(dat));
295 }
296
297 /***********************************/
298 /* AVP-specific print out routines */
299 /***********************************/
300 static void
l2tp_msgtype_print(netdissect_options * ndo,const u_char * dat,u_int length)301 l2tp_msgtype_print(netdissect_options *ndo, const u_char *dat, u_int length)
302 {
303 if (length < 2) {
304 ND_PRINT("AVP too short");
305 return;
306 }
307 ND_PRINT("%s", tok2str(l2tp_msgtype2str, "MSGTYPE-#%u",
308 GET_BE_U_2(dat)));
309 }
310
311 static void
l2tp_result_code_print(netdissect_options * ndo,const u_char * dat,u_int length)312 l2tp_result_code_print(netdissect_options *ndo, const u_char *dat, u_int length)
313 {
314 /* Result Code */
315 if (length < 2) {
316 ND_PRINT("AVP too short");
317 return;
318 }
319 ND_PRINT("%u", GET_BE_U_2(dat));
320 dat += 2;
321 length -= 2;
322
323 /* Error Code (opt) */
324 if (length == 0)
325 return;
326 if (length < 2) {
327 ND_PRINT(" AVP too short");
328 return;
329 }
330 ND_PRINT("/%u", GET_BE_U_2(dat));
331 dat += 2;
332 length -= 2;
333
334 /* Error Message (opt) */
335 if (length == 0)
336 return;
337 ND_PRINT(" ");
338 print_string(ndo, dat, length);
339 }
340
341 static void
l2tp_proto_ver_print(netdissect_options * ndo,const u_char * dat,u_int length)342 l2tp_proto_ver_print(netdissect_options *ndo, const u_char *dat, u_int length)
343 {
344 if (length < 2) {
345 ND_PRINT("AVP too short");
346 return;
347 }
348 ND_PRINT("%u.%u", (GET_BE_U_2(dat) >> 8),
349 (GET_BE_U_2(dat) & 0xff));
350 }
351
352 static void
l2tp_framing_cap_print(netdissect_options * ndo,const u_char * dat,u_int length)353 l2tp_framing_cap_print(netdissect_options *ndo, const u_char *dat, u_int length)
354 {
355 if (length < 4) {
356 ND_PRINT("AVP too short");
357 return;
358 }
359 if (GET_BE_U_4(dat) & L2TP_FRAMING_CAP_ASYNC_MASK) {
360 ND_PRINT("A");
361 }
362 if (GET_BE_U_4(dat) & L2TP_FRAMING_CAP_SYNC_MASK) {
363 ND_PRINT("S");
364 }
365 }
366
367 static void
l2tp_bearer_cap_print(netdissect_options * ndo,const u_char * dat,u_int length)368 l2tp_bearer_cap_print(netdissect_options *ndo, const u_char *dat, u_int length)
369 {
370 if (length < 4) {
371 ND_PRINT("AVP too short");
372 return;
373 }
374 if (GET_BE_U_4(dat) & L2TP_BEARER_CAP_ANALOG_MASK) {
375 ND_PRINT("A");
376 }
377 if (GET_BE_U_4(dat) & L2TP_BEARER_CAP_DIGITAL_MASK) {
378 ND_PRINT("D");
379 }
380 }
381
382 static void
l2tp_q931_cc_print(netdissect_options * ndo,const u_char * dat,u_int length)383 l2tp_q931_cc_print(netdissect_options *ndo, const u_char *dat, u_int length)
384 {
385 if (length < 3) {
386 ND_PRINT("AVP too short");
387 return;
388 }
389 print_16bits_val(ndo, dat);
390 ND_PRINT(", %02x", GET_U_1(dat + 2));
391 dat += 3;
392 length -= 3;
393 if (length != 0) {
394 ND_PRINT(" ");
395 print_string(ndo, dat, length);
396 }
397 }
398
399 static void
l2tp_bearer_type_print(netdissect_options * ndo,const u_char * dat,u_int length)400 l2tp_bearer_type_print(netdissect_options *ndo, const u_char *dat, u_int length)
401 {
402 if (length < 4) {
403 ND_PRINT("AVP too short");
404 return;
405 }
406 if (GET_BE_U_4(dat) & L2TP_BEARER_TYPE_ANALOG_MASK) {
407 ND_PRINT("A");
408 }
409 if (GET_BE_U_4(dat) & L2TP_BEARER_TYPE_DIGITAL_MASK) {
410 ND_PRINT("D");
411 }
412 }
413
414 static void
l2tp_framing_type_print(netdissect_options * ndo,const u_char * dat,u_int length)415 l2tp_framing_type_print(netdissect_options *ndo, const u_char *dat, u_int length)
416 {
417 if (length < 4) {
418 ND_PRINT("AVP too short");
419 return;
420 }
421 if (GET_BE_U_4(dat) & L2TP_FRAMING_TYPE_ASYNC_MASK) {
422 ND_PRINT("A");
423 }
424 if (GET_BE_U_4(dat) & L2TP_FRAMING_TYPE_SYNC_MASK) {
425 ND_PRINT("S");
426 }
427 }
428
429 static void
l2tp_packet_proc_delay_print(netdissect_options * ndo)430 l2tp_packet_proc_delay_print(netdissect_options *ndo)
431 {
432 ND_PRINT("obsolete");
433 }
434
435 static void
l2tp_proxy_auth_type_print(netdissect_options * ndo,const u_char * dat,u_int length)436 l2tp_proxy_auth_type_print(netdissect_options *ndo, const u_char *dat, u_int length)
437 {
438 if (length < 2) {
439 ND_PRINT("AVP too short");
440 return;
441 }
442 ND_PRINT("%s", tok2str(l2tp_authentype2str,
443 "AuthType-#%u", GET_BE_U_2(dat)));
444 }
445
446 static void
l2tp_proxy_auth_id_print(netdissect_options * ndo,const u_char * dat,u_int length)447 l2tp_proxy_auth_id_print(netdissect_options *ndo, const u_char *dat, u_int length)
448 {
449 if (length < 2) {
450 ND_PRINT("AVP too short");
451 return;
452 }
453 ND_PRINT("%u", GET_BE_U_2(dat) & L2TP_PROXY_AUTH_ID_MASK);
454 }
455
456 static void
l2tp_call_errors_print(netdissect_options * ndo,const u_char * dat,u_int length)457 l2tp_call_errors_print(netdissect_options *ndo, const u_char *dat, u_int length)
458 {
459 uint32_t val;
460
461 if (length < 2) {
462 ND_PRINT("AVP too short");
463 return;
464 }
465 dat += 2; /* skip "Reserved" */
466 length -= 2;
467
468 if (length < 4) {
469 ND_PRINT("AVP too short");
470 return;
471 }
472 val = GET_BE_U_4(dat); dat += 4; length -= 4;
473 ND_PRINT("CRCErr=%u ", val);
474
475 if (length < 4) {
476 ND_PRINT("AVP too short");
477 return;
478 }
479 val = GET_BE_U_4(dat); dat += 4; length -= 4;
480 ND_PRINT("FrameErr=%u ", val);
481
482 if (length < 4) {
483 ND_PRINT("AVP too short");
484 return;
485 }
486 val = GET_BE_U_4(dat); dat += 4; length -= 4;
487 ND_PRINT("HardOver=%u ", val);
488
489 if (length < 4) {
490 ND_PRINT("AVP too short");
491 return;
492 }
493 val = GET_BE_U_4(dat); dat += 4; length -= 4;
494 ND_PRINT("BufOver=%u ", val);
495
496 if (length < 4) {
497 ND_PRINT("AVP too short");
498 return;
499 }
500 val = GET_BE_U_4(dat); dat += 4; length -= 4;
501 ND_PRINT("Timeout=%u ", val);
502
503 if (length < 4) {
504 ND_PRINT("AVP too short");
505 return;
506 }
507 val = GET_BE_U_4(dat); dat += 4; length -= 4;
508 ND_PRINT("AlignErr=%u ", val);
509 }
510
511 static void
l2tp_accm_print(netdissect_options * ndo,const u_char * dat,u_int length)512 l2tp_accm_print(netdissect_options *ndo, const u_char *dat, u_int length)
513 {
514 uint32_t val;
515
516 if (length < 2) {
517 ND_PRINT("AVP too short");
518 return;
519 }
520 dat += 2; /* skip "Reserved" */
521 length -= 2;
522
523 if (length < 4) {
524 ND_PRINT("AVP too short");
525 return;
526 }
527 val = GET_BE_U_4(dat); dat += 4; length -= 4;
528 ND_PRINT("send=%08x ", val);
529
530 if (length < 4) {
531 ND_PRINT("AVP too short");
532 return;
533 }
534 val = GET_BE_U_4(dat); dat += 4; length -= 4;
535 ND_PRINT("recv=%08x ", val);
536 }
537
538 static void
l2tp_ppp_discon_cc_print(netdissect_options * ndo,const u_char * dat,u_int length)539 l2tp_ppp_discon_cc_print(netdissect_options *ndo, const u_char *dat, u_int length)
540 {
541 if (length < 5) {
542 ND_PRINT("AVP too short");
543 return;
544 }
545 /* Disconnect Code */
546 ND_PRINT("%04x, ", GET_BE_U_2(dat));
547 dat += 2;
548 length -= 2;
549 /* Control Protocol Number */
550 ND_PRINT("%04x ", GET_BE_U_2(dat));
551 dat += 2;
552 length -= 2;
553 /* Direction */
554 ND_PRINT("%s", tok2str(l2tp_cc_direction2str,
555 "Direction-#%u", GET_U_1(dat)));
556 dat++;
557 length--;
558
559 if (length != 0) {
560 ND_PRINT(" ");
561 print_string(ndo, (const u_char *)dat, length);
562 }
563 }
564
565 static u_int
l2tp_avp_print(netdissect_options * ndo,const u_char * dat,u_int length)566 l2tp_avp_print(netdissect_options *ndo, const u_char *dat, u_int length)
567 {
568 u_int len;
569 uint16_t attr_type;
570 int hidden = FALSE;
571
572 ND_PRINT(" ");
573 /* Flags & Length */
574 len = GET_BE_U_2(dat) & L2TP_AVP_HDR_LEN_MASK;
575
576 /* If it is not long enough to contain the header, we'll give up. */
577 if (len < 6)
578 goto trunc;
579
580 /* If it goes past the end of the remaining length of the packet,
581 we'll give up. */
582 if (len > (u_int)length)
583 goto trunc;
584
585 /* If it goes past the end of the remaining length of the captured
586 data, we'll give up. */
587 ND_TCHECK_LEN(dat, len);
588
589 /*
590 * After this point, we don't need to check whether we go past
591 * the length of the captured data; however, we *do* need to
592 * check whether we go past the end of the AVP.
593 */
594
595 if (GET_BE_U_2(dat) & L2TP_AVP_HDR_FLAG_MANDATORY) {
596 ND_PRINT("*");
597 }
598 if (GET_BE_U_2(dat) & L2TP_AVP_HDR_FLAG_HIDDEN) {
599 hidden = TRUE;
600 ND_PRINT("?");
601 }
602 dat += 2;
603
604 if (GET_BE_U_2(dat)) {
605 /* Vendor Specific Attribute */
606 ND_PRINT("VENDOR%04x:", GET_BE_U_2(dat)); dat += 2;
607 ND_PRINT("ATTR%04x", GET_BE_U_2(dat)); dat += 2;
608 ND_PRINT("(");
609 print_octets(ndo, dat, len-6);
610 ND_PRINT(")");
611 } else {
612 /* IETF-defined Attributes */
613 dat += 2;
614 attr_type = GET_BE_U_2(dat); dat += 2;
615 ND_PRINT("%s", tok2str(l2tp_avp2str, "AVP-#%u", attr_type));
616 ND_PRINT("(");
617 if (hidden) {
618 ND_PRINT("???");
619 } else {
620 switch (attr_type) {
621 case L2TP_AVP_MSGTYPE:
622 l2tp_msgtype_print(ndo, dat, len-6);
623 break;
624 case L2TP_AVP_RESULT_CODE:
625 l2tp_result_code_print(ndo, dat, len-6);
626 break;
627 case L2TP_AVP_PROTO_VER:
628 l2tp_proto_ver_print(ndo, dat, len-6);
629 break;
630 case L2TP_AVP_FRAMING_CAP:
631 l2tp_framing_cap_print(ndo, dat, len-6);
632 break;
633 case L2TP_AVP_BEARER_CAP:
634 l2tp_bearer_cap_print(ndo, dat, len-6);
635 break;
636 case L2TP_AVP_TIE_BREAKER:
637 if (len-6 < 8) {
638 ND_PRINT("AVP too short");
639 break;
640 }
641 print_octets(ndo, dat, 8);
642 break;
643 case L2TP_AVP_FIRM_VER:
644 case L2TP_AVP_ASSND_TUN_ID:
645 case L2TP_AVP_RECV_WIN_SIZE:
646 case L2TP_AVP_ASSND_SESS_ID:
647 if (len-6 < 2) {
648 ND_PRINT("AVP too short");
649 break;
650 }
651 print_16bits_val(ndo, dat);
652 break;
653 case L2TP_AVP_HOST_NAME:
654 case L2TP_AVP_VENDOR_NAME:
655 case L2TP_AVP_CALLING_NUMBER:
656 case L2TP_AVP_CALLED_NUMBER:
657 case L2TP_AVP_SUB_ADDRESS:
658 case L2TP_AVP_PROXY_AUTH_NAME:
659 case L2TP_AVP_PRIVATE_GRP_ID:
660 print_string(ndo, dat, len-6);
661 break;
662 case L2TP_AVP_CHALLENGE:
663 case L2TP_AVP_INI_RECV_LCP:
664 case L2TP_AVP_LAST_SENT_LCP:
665 case L2TP_AVP_LAST_RECV_LCP:
666 case L2TP_AVP_PROXY_AUTH_CHAL:
667 case L2TP_AVP_PROXY_AUTH_RESP:
668 case L2TP_AVP_RANDOM_VECTOR:
669 print_octets(ndo, dat, len-6);
670 break;
671 case L2TP_AVP_Q931_CC:
672 l2tp_q931_cc_print(ndo, dat, len-6);
673 break;
674 case L2TP_AVP_CHALLENGE_RESP:
675 if (len-6 < 16) {
676 ND_PRINT("AVP too short");
677 break;
678 }
679 print_octets(ndo, dat, 16);
680 break;
681 case L2TP_AVP_CALL_SER_NUM:
682 case L2TP_AVP_MINIMUM_BPS:
683 case L2TP_AVP_MAXIMUM_BPS:
684 case L2TP_AVP_TX_CONN_SPEED:
685 case L2TP_AVP_PHY_CHANNEL_ID:
686 case L2TP_AVP_RX_CONN_SPEED:
687 if (len-6 < 4) {
688 ND_PRINT("AVP too short");
689 break;
690 }
691 print_32bits_val(ndo, dat);
692 break;
693 case L2TP_AVP_BEARER_TYPE:
694 l2tp_bearer_type_print(ndo, dat, len-6);
695 break;
696 case L2TP_AVP_FRAMING_TYPE:
697 l2tp_framing_type_print(ndo, dat, len-6);
698 break;
699 case L2TP_AVP_PACKET_PROC_DELAY:
700 l2tp_packet_proc_delay_print(ndo);
701 break;
702 case L2TP_AVP_PROXY_AUTH_TYPE:
703 l2tp_proxy_auth_type_print(ndo, dat, len-6);
704 break;
705 case L2TP_AVP_PROXY_AUTH_ID:
706 l2tp_proxy_auth_id_print(ndo, dat, len-6);
707 break;
708 case L2TP_AVP_CALL_ERRORS:
709 l2tp_call_errors_print(ndo, dat, len-6);
710 break;
711 case L2TP_AVP_ACCM:
712 l2tp_accm_print(ndo, dat, len-6);
713 break;
714 case L2TP_AVP_SEQ_REQUIRED:
715 break; /* No Attribute Value */
716 case L2TP_AVP_PPP_DISCON_CC:
717 l2tp_ppp_discon_cc_print(ndo, dat, len-6);
718 break;
719 default:
720 break;
721 }
722 }
723 ND_PRINT(")");
724 }
725
726 return (len);
727
728 trunc:
729 nd_print_trunc(ndo);
730 return (0);
731 }
732
733
734 void
l2tp_print(netdissect_options * ndo,const u_char * dat,u_int length)735 l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length)
736 {
737 const u_char *ptr = dat;
738 u_int cnt = 0; /* total octets consumed */
739 uint16_t pad;
740 int flag_t, flag_l, flag_s, flag_o;
741 uint16_t l2tp_len;
742
743 ndo->ndo_protocol = "l2tp";
744 flag_t = flag_l = flag_s = flag_o = FALSE;
745
746 if ((GET_BE_U_2(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2TP) {
747 ND_PRINT(" l2tp:");
748 } else if ((GET_BE_U_2(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2F) {
749 ND_PRINT(" l2f:");
750 return; /* nothing to do */
751 } else {
752 ND_PRINT(" Unknown Version, neither L2F(1) nor L2TP(2)");
753 return; /* nothing we can do */
754 }
755
756 ND_PRINT("[");
757 if (GET_BE_U_2(ptr) & L2TP_FLAG_TYPE) {
758 flag_t = TRUE;
759 ND_PRINT("T");
760 }
761 if (GET_BE_U_2(ptr) & L2TP_FLAG_LENGTH) {
762 flag_l = TRUE;
763 ND_PRINT("L");
764 }
765 if (GET_BE_U_2(ptr) & L2TP_FLAG_SEQUENCE) {
766 flag_s = TRUE;
767 ND_PRINT("S");
768 }
769 if (GET_BE_U_2(ptr) & L2TP_FLAG_OFFSET) {
770 flag_o = TRUE;
771 ND_PRINT("O");
772 }
773 if (GET_BE_U_2(ptr) & L2TP_FLAG_PRIORITY)
774 ND_PRINT("P");
775 ND_PRINT("]");
776
777 ptr += 2;
778 cnt += 2;
779
780 if (flag_l) {
781 l2tp_len = GET_BE_U_2(ptr);
782 ptr += 2;
783 cnt += 2;
784 } else {
785 l2tp_len = 0;
786 }
787 /* Tunnel ID */
788 ND_PRINT("(%u/", GET_BE_U_2(ptr));
789 ptr += 2;
790 cnt += 2;
791 /* Session ID */
792 ND_PRINT("%u)", GET_BE_U_2(ptr));
793 ptr += 2;
794 cnt += 2;
795
796 if (flag_s) {
797 ND_PRINT("Ns=%u,", GET_BE_U_2(ptr));
798 ptr += 2;
799 cnt += 2;
800 ND_PRINT("Nr=%u", GET_BE_U_2(ptr));
801 ptr += 2;
802 cnt += 2;
803 }
804
805 if (flag_o) { /* Offset Size */
806 pad = GET_BE_U_2(ptr);
807 /* Offset padding octets in packet buffer? */
808 ND_TCHECK_LEN(ptr + 2, pad);
809 ptr += (2 + pad);
810 cnt += (2 + pad);
811 }
812
813 if (flag_l) {
814 if (length < l2tp_len) {
815 ND_PRINT(" Length %u larger than packet", l2tp_len);
816 return;
817 }
818 length = l2tp_len;
819 }
820 if (length < cnt) {
821 ND_PRINT(" Length %u smaller than header length", length);
822 return;
823 }
824 if (flag_t) {
825 if (!flag_l) {
826 ND_PRINT(" No length");
827 return;
828 }
829 if (length - cnt == 0) {
830 ND_PRINT(" ZLB");
831 } else {
832 /*
833 * Print AVPs.
834 */
835 while (length - cnt != 0) {
836 u_int avp_length;
837
838 avp_length = l2tp_avp_print(ndo, ptr, length - cnt);
839 if (avp_length == 0) {
840 /*
841 * Truncated.
842 */
843 break;
844 }
845 cnt += avp_length;
846 ptr += avp_length;
847 }
848 }
849 } else {
850 ND_PRINT(" {");
851 ppp_print(ndo, ptr, length - cnt);
852 ND_PRINT("}");
853 }
854 return;
855 trunc:
856 nd_print_trunc(ndo);
857 }
858