xref: /freebsd/contrib/tcpdump/print-l2tp.c (revision 6f63e88c0166ed3e5f2805a9e667c7d24d304cf1)
1 /*
2  * Copyright (c) 1991, 1993, 1994, 1995, 1996, 1997
3  *      The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that: (1) source code distributions
7  * retain the above copyright notice and this paragraph in its entirety, (2)
8  * distributions including binary code include the above copyright notice and
9  * this paragraph in its entirety in the documentation or other materials
10  * provided with the distribution, and (3) all advertising materials mentioning
11  * features or use of this software display the following acknowledgement:
12  * ``This product includes software developed by the University of California,
13  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14  * the University nor the names of its contributors may be used to endorse
15  * or promote products derived from this software without specific prior
16  * written permission.
17  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20  *
21  * L2TP support contributed by Motonori Shindo (mshindo@mshindo.net)
22  */
23 
24 /* \summary: Layer Two Tunneling Protocol (L2TP) printer */
25 
26 /* specification: RFC 2661 */
27 
28 #ifdef HAVE_CONFIG_H
29 #include "config.h"
30 #endif
31 
32 #include <netdissect-stdinc.h>
33 
34 #include "netdissect.h"
35 #include "extract.h"
36 
37 #define L2TP_FLAG_TYPE		0x8000	/* Type (0=Data, 1=Control) */
38 #define L2TP_FLAG_LENGTH	0x4000	/* Length */
39 #define L2TP_FLAG_SEQUENCE	0x0800	/* Sequence */
40 #define L2TP_FLAG_OFFSET	0x0200	/* Offset */
41 #define L2TP_FLAG_PRIORITY	0x0100	/* Priority */
42 
43 #define L2TP_VERSION_MASK	0x000f	/* Version Mask */
44 #define L2TP_VERSION_L2F	0x0001	/* L2F */
45 #define L2TP_VERSION_L2TP	0x0002	/* L2TP */
46 
47 #define L2TP_AVP_HDR_FLAG_MANDATORY	0x8000	/* Mandatory Flag */
48 #define L2TP_AVP_HDR_FLAG_HIDDEN	0x4000	/* Hidden Flag */
49 #define L2TP_AVP_HDR_LEN_MASK		0x03ff	/* Length Mask */
50 
51 #define L2TP_FRAMING_CAP_SYNC_MASK	0x00000001	/* Synchronous */
52 #define L2TP_FRAMING_CAP_ASYNC_MASK	0x00000002	/* Asynchronous */
53 
54 #define L2TP_FRAMING_TYPE_SYNC_MASK	0x00000001	/* Synchronous */
55 #define L2TP_FRAMING_TYPE_ASYNC_MASK	0x00000002	/* Asynchronous */
56 
57 #define L2TP_BEARER_CAP_DIGITAL_MASK	0x00000001	/* Digital */
58 #define L2TP_BEARER_CAP_ANALOG_MASK	0x00000002	/* Analog */
59 
60 #define L2TP_BEARER_TYPE_DIGITAL_MASK	0x00000001	/* Digital */
61 #define L2TP_BEARER_TYPE_ANALOG_MASK	0x00000002	/* Analog */
62 
63 /* Authen Type */
64 #define L2TP_AUTHEN_TYPE_RESERVED	0x0000	/* Reserved */
65 #define L2TP_AUTHEN_TYPE_TEXTUAL	0x0001	/* Textual username/password exchange */
66 #define L2TP_AUTHEN_TYPE_CHAP		0x0002	/* PPP CHAP */
67 #define L2TP_AUTHEN_TYPE_PAP		0x0003	/* PPP PAP */
68 #define L2TP_AUTHEN_TYPE_NO_AUTH	0x0004	/* No Authentication */
69 #define L2TP_AUTHEN_TYPE_MSCHAPv1	0x0005	/* MSCHAPv1 */
70 
71 #define L2TP_PROXY_AUTH_ID_MASK		0x00ff
72 
73 static const char tstr[] = " [|l2tp]";
74 
75 #define	L2TP_MSGTYPE_SCCRQ	1  /* Start-Control-Connection-Request */
76 #define	L2TP_MSGTYPE_SCCRP	2  /* Start-Control-Connection-Reply */
77 #define	L2TP_MSGTYPE_SCCCN	3  /* Start-Control-Connection-Connected */
78 #define	L2TP_MSGTYPE_STOPCCN	4  /* Stop-Control-Connection-Notification */
79 #define	L2TP_MSGTYPE_HELLO	6  /* Hello */
80 #define	L2TP_MSGTYPE_OCRQ	7  /* Outgoing-Call-Request */
81 #define	L2TP_MSGTYPE_OCRP	8  /* Outgoing-Call-Reply */
82 #define	L2TP_MSGTYPE_OCCN	9  /* Outgoing-Call-Connected */
83 #define	L2TP_MSGTYPE_ICRQ	10 /* Incoming-Call-Request */
84 #define	L2TP_MSGTYPE_ICRP	11 /* Incoming-Call-Reply */
85 #define	L2TP_MSGTYPE_ICCN	12 /* Incoming-Call-Connected */
86 #define	L2TP_MSGTYPE_CDN	14 /* Call-Disconnect-Notify */
87 #define	L2TP_MSGTYPE_WEN	15 /* WAN-Error-Notify */
88 #define	L2TP_MSGTYPE_SLI	16 /* Set-Link-Info */
89 
90 static const struct tok l2tp_msgtype2str[] = {
91 	{ L2TP_MSGTYPE_SCCRQ, 	"SCCRQ" },
92 	{ L2TP_MSGTYPE_SCCRP,	"SCCRP" },
93 	{ L2TP_MSGTYPE_SCCCN,	"SCCCN" },
94 	{ L2TP_MSGTYPE_STOPCCN,	"StopCCN" },
95 	{ L2TP_MSGTYPE_HELLO,	"HELLO" },
96 	{ L2TP_MSGTYPE_OCRQ,	"OCRQ" },
97 	{ L2TP_MSGTYPE_OCRP,	"OCRP" },
98 	{ L2TP_MSGTYPE_OCCN,	"OCCN" },
99 	{ L2TP_MSGTYPE_ICRQ,	"ICRQ" },
100 	{ L2TP_MSGTYPE_ICRP,	"ICRP" },
101 	{ L2TP_MSGTYPE_ICCN,	"ICCN" },
102 	{ L2TP_MSGTYPE_CDN,	"CDN" },
103 	{ L2TP_MSGTYPE_WEN,	"WEN" },
104 	{ L2TP_MSGTYPE_SLI,	"SLI" },
105 	{ 0,			NULL }
106 };
107 
108 #define L2TP_AVP_MSGTYPE		0  /* Message Type */
109 #define L2TP_AVP_RESULT_CODE		1  /* Result Code */
110 #define L2TP_AVP_PROTO_VER		2  /* Protocol Version */
111 #define L2TP_AVP_FRAMING_CAP		3  /* Framing Capabilities */
112 #define L2TP_AVP_BEARER_CAP		4  /* Bearer Capabilities */
113 #define L2TP_AVP_TIE_BREAKER		5  /* Tie Breaker */
114 #define L2TP_AVP_FIRM_VER		6  /* Firmware Revision */
115 #define L2TP_AVP_HOST_NAME		7  /* Host Name */
116 #define L2TP_AVP_VENDOR_NAME		8  /* Vendor Name */
117 #define L2TP_AVP_ASSND_TUN_ID 		9  /* Assigned Tunnel ID */
118 #define L2TP_AVP_RECV_WIN_SIZE		10 /* Receive Window Size */
119 #define L2TP_AVP_CHALLENGE		11 /* Challenge */
120 #define L2TP_AVP_Q931_CC		12 /* Q.931 Cause Code */
121 #define L2TP_AVP_CHALLENGE_RESP		13 /* Challenge Response */
122 #define L2TP_AVP_ASSND_SESS_ID  	14 /* Assigned Session ID */
123 #define L2TP_AVP_CALL_SER_NUM 		15 /* Call Serial Number */
124 #define L2TP_AVP_MINIMUM_BPS		16 /* Minimum BPS */
125 #define L2TP_AVP_MAXIMUM_BPS		17 /* Maximum BPS */
126 #define L2TP_AVP_BEARER_TYPE		18 /* Bearer Type */
127 #define L2TP_AVP_FRAMING_TYPE 		19 /* Framing Type */
128 #define L2TP_AVP_PACKET_PROC_DELAY	20 /* Packet Processing Delay (OBSOLETE) */
129 #define L2TP_AVP_CALLED_NUMBER		21 /* Called Number */
130 #define L2TP_AVP_CALLING_NUMBER		22 /* Calling Number */
131 #define L2TP_AVP_SUB_ADDRESS		23 /* Sub-Address */
132 #define L2TP_AVP_TX_CONN_SPEED		24 /* (Tx) Connect Speed */
133 #define L2TP_AVP_PHY_CHANNEL_ID		25 /* Physical Channel ID */
134 #define L2TP_AVP_INI_RECV_LCP		26 /* Initial Received LCP CONFREQ */
135 #define L2TP_AVP_LAST_SENT_LCP		27 /* Last Sent LCP CONFREQ */
136 #define L2TP_AVP_LAST_RECV_LCP		28 /* Last Received LCP CONFREQ */
137 #define L2TP_AVP_PROXY_AUTH_TYPE	29 /* Proxy Authen Type */
138 #define L2TP_AVP_PROXY_AUTH_NAME	30 /* Proxy Authen Name */
139 #define L2TP_AVP_PROXY_AUTH_CHAL	31 /* Proxy Authen Challenge */
140 #define L2TP_AVP_PROXY_AUTH_ID		32 /* Proxy Authen ID */
141 #define L2TP_AVP_PROXY_AUTH_RESP	33 /* Proxy Authen Response */
142 #define L2TP_AVP_CALL_ERRORS		34 /* Call Errors */
143 #define L2TP_AVP_ACCM			35 /* ACCM */
144 #define L2TP_AVP_RANDOM_VECTOR		36 /* Random Vector */
145 #define L2TP_AVP_PRIVATE_GRP_ID		37 /* Private Group ID */
146 #define L2TP_AVP_RX_CONN_SPEED		38 /* (Rx) Connect Speed */
147 #define L2TP_AVP_SEQ_REQUIRED 		39 /* Sequencing Required */
148 #define L2TP_AVP_PPP_DISCON_CC		46 /* PPP Disconnect Cause Code - RFC 3145 */
149 
150 static const struct tok l2tp_avp2str[] = {
151 	{ L2TP_AVP_MSGTYPE,		"MSGTYPE" },
152 	{ L2TP_AVP_RESULT_CODE,		"RESULT_CODE" },
153 	{ L2TP_AVP_PROTO_VER,		"PROTO_VER" },
154 	{ L2TP_AVP_FRAMING_CAP,		"FRAMING_CAP" },
155 	{ L2TP_AVP_BEARER_CAP,		"BEARER_CAP" },
156 	{ L2TP_AVP_TIE_BREAKER,		"TIE_BREAKER" },
157 	{ L2TP_AVP_FIRM_VER,		"FIRM_VER" },
158 	{ L2TP_AVP_HOST_NAME,		"HOST_NAME" },
159 	{ L2TP_AVP_VENDOR_NAME,		"VENDOR_NAME" },
160 	{ L2TP_AVP_ASSND_TUN_ID,	"ASSND_TUN_ID" },
161 	{ L2TP_AVP_RECV_WIN_SIZE,	"RECV_WIN_SIZE" },
162 	{ L2TP_AVP_CHALLENGE,		"CHALLENGE" },
163 	{ L2TP_AVP_Q931_CC,		"Q931_CC", },
164 	{ L2TP_AVP_CHALLENGE_RESP,	"CHALLENGE_RESP" },
165 	{ L2TP_AVP_ASSND_SESS_ID,	"ASSND_SESS_ID" },
166 	{ L2TP_AVP_CALL_SER_NUM,	"CALL_SER_NUM" },
167 	{ L2TP_AVP_MINIMUM_BPS,		"MINIMUM_BPS" },
168 	{ L2TP_AVP_MAXIMUM_BPS,		"MAXIMUM_BPS" },
169 	{ L2TP_AVP_BEARER_TYPE,		"BEARER_TYPE" },
170 	{ L2TP_AVP_FRAMING_TYPE,	"FRAMING_TYPE" },
171 	{ L2TP_AVP_PACKET_PROC_DELAY,	"PACKET_PROC_DELAY" },
172 	{ L2TP_AVP_CALLED_NUMBER,	"CALLED_NUMBER" },
173 	{ L2TP_AVP_CALLING_NUMBER,	"CALLING_NUMBER" },
174 	{ L2TP_AVP_SUB_ADDRESS,		"SUB_ADDRESS" },
175 	{ L2TP_AVP_TX_CONN_SPEED,	"TX_CONN_SPEED" },
176 	{ L2TP_AVP_PHY_CHANNEL_ID,	"PHY_CHANNEL_ID" },
177 	{ L2TP_AVP_INI_RECV_LCP,	"INI_RECV_LCP" },
178 	{ L2TP_AVP_LAST_SENT_LCP,	"LAST_SENT_LCP" },
179 	{ L2TP_AVP_LAST_RECV_LCP,	"LAST_RECV_LCP" },
180 	{ L2TP_AVP_PROXY_AUTH_TYPE,	"PROXY_AUTH_TYPE" },
181 	{ L2TP_AVP_PROXY_AUTH_NAME,	"PROXY_AUTH_NAME" },
182 	{ L2TP_AVP_PROXY_AUTH_CHAL,	"PROXY_AUTH_CHAL" },
183 	{ L2TP_AVP_PROXY_AUTH_ID,	"PROXY_AUTH_ID" },
184 	{ L2TP_AVP_PROXY_AUTH_RESP,	"PROXY_AUTH_RESP" },
185 	{ L2TP_AVP_CALL_ERRORS,		"CALL_ERRORS" },
186 	{ L2TP_AVP_ACCM,		"ACCM" },
187 	{ L2TP_AVP_RANDOM_VECTOR,	"RANDOM_VECTOR" },
188 	{ L2TP_AVP_PRIVATE_GRP_ID,	"PRIVATE_GRP_ID" },
189 	{ L2TP_AVP_RX_CONN_SPEED,	"RX_CONN_SPEED" },
190 	{ L2TP_AVP_SEQ_REQUIRED,	"SEQ_REQUIRED" },
191 	{ L2TP_AVP_PPP_DISCON_CC,	"PPP_DISCON_CC" },
192 	{ 0,				NULL }
193 };
194 
195 static const struct tok l2tp_authentype2str[] = {
196 	{ L2TP_AUTHEN_TYPE_RESERVED,	"Reserved" },
197 	{ L2TP_AUTHEN_TYPE_TEXTUAL,	"Textual" },
198 	{ L2TP_AUTHEN_TYPE_CHAP,	"CHAP" },
199 	{ L2TP_AUTHEN_TYPE_PAP,		"PAP" },
200 	{ L2TP_AUTHEN_TYPE_NO_AUTH,	"No Auth" },
201 	{ L2TP_AUTHEN_TYPE_MSCHAPv1,	"MS-CHAPv1" },
202 	{ 0,				NULL }
203 };
204 
205 #define L2TP_PPP_DISCON_CC_DIRECTION_GLOBAL	0
206 #define L2TP_PPP_DISCON_CC_DIRECTION_AT_PEER	1
207 #define L2TP_PPP_DISCON_CC_DIRECTION_AT_LOCAL	2
208 
209 static const struct tok l2tp_cc_direction2str[] = {
210 	{ L2TP_PPP_DISCON_CC_DIRECTION_GLOBAL,	"global error" },
211 	{ L2TP_PPP_DISCON_CC_DIRECTION_AT_PEER,	"at peer" },
212 	{ L2TP_PPP_DISCON_CC_DIRECTION_AT_LOCAL,"at local" },
213 	{ 0,					NULL }
214 };
215 
216 #if 0
217 static char *l2tp_result_code_StopCCN[] = {
218          "Reserved",
219          "General request to clear control connection",
220          "General error--Error Code indicates the problem",
221          "Control channel already exists",
222          "Requester is not authorized to establish a control channel",
223          "The protocol version of the requester is not supported",
224          "Requester is being shut down",
225          "Finite State Machine error"
226 #define L2TP_MAX_RESULT_CODE_STOPCC_INDEX	8
227 };
228 #endif
229 
230 #if 0
231 static char *l2tp_result_code_CDN[] = {
232 	"Reserved",
233 	"Call disconnected due to loss of carrier",
234 	"Call disconnected for the reason indicated in error code",
235 	"Call disconnected for administrative reasons",
236 	"Call failed due to lack of appropriate facilities being " \
237 	"available (temporary condition)",
238 	"Call failed due to lack of appropriate facilities being " \
239 	"available (permanent condition)",
240 	"Invalid destination",
241 	"Call failed due to no carrier detected",
242 	"Call failed due to detection of a busy signal",
243 	"Call failed due to lack of a dial tone",
244 	"Call was not established within time allotted by LAC",
245 	"Call was connected but no appropriate framing was detected"
246 #define L2TP_MAX_RESULT_CODE_CDN_INDEX	12
247 };
248 #endif
249 
250 #if 0
251 static char *l2tp_error_code_general[] = {
252 	"No general error",
253 	"No control connection exists yet for this LAC-LNS pair",
254 	"Length is wrong",
255 	"One of the field values was out of range or " \
256 	"reserved field was non-zero"
257 	"Insufficient resources to handle this operation now",
258 	"The Session ID is invalid in this context",
259 	"A generic vendor-specific error occurred in the LAC",
260 	"Try another"
261 #define L2TP_MAX_ERROR_CODE_GENERAL_INDEX	8
262 };
263 #endif
264 
265 /******************************/
266 /* generic print out routines */
267 /******************************/
268 static void
269 print_string(netdissect_options *ndo, const u_char *dat, u_int length)
270 {
271 	u_int i;
272 	for (i=0; i<length; i++) {
273 		ND_PRINT((ndo, "%c", *dat++));
274 	}
275 }
276 
277 static void
278 print_octets(netdissect_options *ndo, const u_char *dat, u_int length)
279 {
280 	u_int i;
281 	for (i=0; i<length; i++) {
282 		ND_PRINT((ndo, "%02x", *dat++));
283 	}
284 }
285 
286 static void
287 print_16bits_val(netdissect_options *ndo, const uint8_t *dat)
288 {
289 	ND_PRINT((ndo, "%u", EXTRACT_16BITS(dat)));
290 }
291 
292 static void
293 print_32bits_val(netdissect_options *ndo, const uint8_t *dat)
294 {
295 	ND_PRINT((ndo, "%u", EXTRACT_32BITS(dat)));
296 }
297 
298 /***********************************/
299 /* AVP-specific print out routines */
300 /***********************************/
301 static void
302 l2tp_msgtype_print(netdissect_options *ndo, const u_char *dat, u_int length)
303 {
304 	if (length < 2) {
305 		ND_PRINT((ndo, "AVP too short"));
306 		return;
307 	}
308 	ND_PRINT((ndo, "%s", tok2str(l2tp_msgtype2str, "MSGTYPE-#%u",
309 	    EXTRACT_16BITS(dat))));
310 }
311 
312 static void
313 l2tp_result_code_print(netdissect_options *ndo, const u_char *dat, u_int length)
314 {
315 	/* Result Code */
316 	if (length < 2) {
317 		ND_PRINT((ndo, "AVP too short"));
318 		return;
319 	}
320 	ND_PRINT((ndo, "%u", EXTRACT_16BITS(dat)));
321 	dat += 2;
322 	length -= 2;
323 
324 	/* Error Code (opt) */
325 	if (length == 0)
326 		return;
327 	if (length < 2) {
328 		ND_PRINT((ndo, " AVP too short"));
329 		return;
330 	}
331 	ND_PRINT((ndo, "/%u", EXTRACT_16BITS(dat)));
332 	dat += 2;
333 	length -= 2;
334 
335 	/* Error Message (opt) */
336 	if (length == 0)
337 		return;
338 	ND_PRINT((ndo, " "));
339 	print_string(ndo, dat, length);
340 }
341 
342 static void
343 l2tp_proto_ver_print(netdissect_options *ndo, const u_char *dat, u_int length)
344 {
345 	if (length < 2) {
346 		ND_PRINT((ndo, "AVP too short"));
347 		return;
348 	}
349 	ND_PRINT((ndo, "%u.%u", (EXTRACT_16BITS(dat) >> 8),
350 	    (EXTRACT_16BITS(dat) & 0xff)));
351 }
352 
353 static void
354 l2tp_framing_cap_print(netdissect_options *ndo, const u_char *dat, u_int length)
355 {
356 	if (length < 4) {
357 		ND_PRINT((ndo, "AVP too short"));
358 		return;
359 	}
360 	if (EXTRACT_32BITS(dat) &  L2TP_FRAMING_CAP_ASYNC_MASK) {
361 		ND_PRINT((ndo, "A"));
362 	}
363 	if (EXTRACT_32BITS(dat) &  L2TP_FRAMING_CAP_SYNC_MASK) {
364 		ND_PRINT((ndo, "S"));
365 	}
366 }
367 
368 static void
369 l2tp_bearer_cap_print(netdissect_options *ndo, const u_char *dat, u_int length)
370 {
371 	if (length < 4) {
372 		ND_PRINT((ndo, "AVP too short"));
373 		return;
374 	}
375 	if (EXTRACT_32BITS(dat) &  L2TP_BEARER_CAP_ANALOG_MASK) {
376 		ND_PRINT((ndo, "A"));
377 	}
378 	if (EXTRACT_32BITS(dat) &  L2TP_BEARER_CAP_DIGITAL_MASK) {
379 		ND_PRINT((ndo, "D"));
380 	}
381 }
382 
383 static void
384 l2tp_q931_cc_print(netdissect_options *ndo, const u_char *dat, u_int length)
385 {
386 	if (length < 3) {
387 		ND_PRINT((ndo, "AVP too short"));
388 		return;
389 	}
390 	print_16bits_val(ndo, dat);
391 	ND_PRINT((ndo, ", %02x", EXTRACT_8BITS(dat + 2)));
392 	dat += 3;
393 	length -= 3;
394 	if (length != 0) {
395 		ND_PRINT((ndo, " "));
396 		print_string(ndo, dat, length);
397 	}
398 }
399 
400 static void
401 l2tp_bearer_type_print(netdissect_options *ndo, const u_char *dat, u_int length)
402 {
403 	if (length < 4) {
404 		ND_PRINT((ndo, "AVP too short"));
405 		return;
406 	}
407 	if (EXTRACT_32BITS(dat) &  L2TP_BEARER_TYPE_ANALOG_MASK) {
408 		ND_PRINT((ndo, "A"));
409 	}
410 	if (EXTRACT_32BITS(dat) &  L2TP_BEARER_TYPE_DIGITAL_MASK) {
411 		ND_PRINT((ndo, "D"));
412 	}
413 }
414 
415 static void
416 l2tp_framing_type_print(netdissect_options *ndo, const u_char *dat, u_int length)
417 {
418 	if (length < 4) {
419 		ND_PRINT((ndo, "AVP too short"));
420 		return;
421 	}
422 	if (EXTRACT_32BITS(dat) &  L2TP_FRAMING_TYPE_ASYNC_MASK) {
423 		ND_PRINT((ndo, "A"));
424 	}
425 	if (EXTRACT_32BITS(dat) &  L2TP_FRAMING_TYPE_SYNC_MASK) {
426 		ND_PRINT((ndo, "S"));
427 	}
428 }
429 
430 static void
431 l2tp_packet_proc_delay_print(netdissect_options *ndo)
432 {
433 	ND_PRINT((ndo, "obsolete"));
434 }
435 
436 static void
437 l2tp_proxy_auth_type_print(netdissect_options *ndo, const u_char *dat, u_int length)
438 {
439 	if (length < 2) {
440 		ND_PRINT((ndo, "AVP too short"));
441 		return;
442 	}
443 	ND_PRINT((ndo, "%s", tok2str(l2tp_authentype2str,
444 			     "AuthType-#%u", EXTRACT_16BITS(dat))));
445 }
446 
447 static void
448 l2tp_proxy_auth_id_print(netdissect_options *ndo, const u_char *dat, u_int length)
449 {
450 	if (length < 2) {
451 		ND_PRINT((ndo, "AVP too short"));
452 		return;
453 	}
454 	ND_PRINT((ndo, "%u", EXTRACT_16BITS(dat) & L2TP_PROXY_AUTH_ID_MASK));
455 }
456 
457 static void
458 l2tp_call_errors_print(netdissect_options *ndo, const u_char *dat, u_int length)
459 {
460 	uint32_t val;
461 
462 	if (length < 2) {
463 		ND_PRINT((ndo, "AVP too short"));
464 		return;
465 	}
466 	dat += 2;	/* skip "Reserved" */
467 	length -= 2;
468 
469 	if (length < 4) {
470 		ND_PRINT((ndo, "AVP too short"));
471 		return;
472 	}
473 	val = EXTRACT_32BITS(dat); dat += 4; length -= 4;
474 	ND_PRINT((ndo, "CRCErr=%u ", val));
475 
476 	if (length < 4) {
477 		ND_PRINT((ndo, "AVP too short"));
478 		return;
479 	}
480 	val = EXTRACT_32BITS(dat); dat += 4; length -= 4;
481 	ND_PRINT((ndo, "FrameErr=%u ", val));
482 
483 	if (length < 4) {
484 		ND_PRINT((ndo, "AVP too short"));
485 		return;
486 	}
487 	val = EXTRACT_32BITS(dat); dat += 4; length -= 4;
488 	ND_PRINT((ndo, "HardOver=%u ", val));
489 
490 	if (length < 4) {
491 		ND_PRINT((ndo, "AVP too short"));
492 		return;
493 	}
494 	val = EXTRACT_32BITS(dat); dat += 4; length -= 4;
495 	ND_PRINT((ndo, "BufOver=%u ", val));
496 
497 	if (length < 4) {
498 		ND_PRINT((ndo, "AVP too short"));
499 		return;
500 	}
501 	val = EXTRACT_32BITS(dat); dat += 4; length -= 4;
502 	ND_PRINT((ndo, "Timeout=%u ", val));
503 
504 	if (length < 4) {
505 		ND_PRINT((ndo, "AVP too short"));
506 		return;
507 	}
508 	val = EXTRACT_32BITS(dat); dat += 4; length -= 4;
509 	ND_PRINT((ndo, "AlignErr=%u ", val));
510 }
511 
512 static void
513 l2tp_accm_print(netdissect_options *ndo, const u_char *dat, u_int length)
514 {
515 	uint32_t val;
516 
517 	if (length < 2) {
518 		ND_PRINT((ndo, "AVP too short"));
519 		return;
520 	}
521 	dat += 2;	/* skip "Reserved" */
522 	length -= 2;
523 
524 	if (length < 4) {
525 		ND_PRINT((ndo, "AVP too short"));
526 		return;
527 	}
528 	val = EXTRACT_32BITS(dat); dat += 4; length -= 4;
529 	ND_PRINT((ndo, "send=%08x ", val));
530 
531 	if (length < 4) {
532 		ND_PRINT((ndo, "AVP too short"));
533 		return;
534 	}
535 	val = EXTRACT_32BITS(dat); dat += 4; length -= 4;
536 	ND_PRINT((ndo, "recv=%08x ", val));
537 }
538 
539 static void
540 l2tp_ppp_discon_cc_print(netdissect_options *ndo, const u_char *dat, u_int length)
541 {
542 	if (length < 5) {
543 		ND_PRINT((ndo, "AVP too short"));
544 		return;
545 	}
546 	/* Disconnect Code */
547 	ND_PRINT((ndo, "%04x, ", EXTRACT_16BITS(dat)));
548 	dat += 2;
549 	length -= 2;
550 	/* Control Protocol Number */
551 	ND_PRINT((ndo, "%04x ",  EXTRACT_16BITS(dat)));
552 	dat += 2;
553 	length -= 2;
554 	/* Direction */
555 	ND_PRINT((ndo, "%s", tok2str(l2tp_cc_direction2str,
556 			     "Direction-#%u", EXTRACT_8BITS(dat))));
557 	dat++;
558 	length--;
559 
560 	if (length != 0) {
561 		ND_PRINT((ndo, " "));
562 		print_string(ndo, (const u_char *)dat, length);
563 	}
564 }
565 
566 static u_int
567 l2tp_avp_print(netdissect_options *ndo, const u_char *dat, u_int length)
568 {
569 	u_int len;
570 	uint16_t attr_type;
571 	int hidden = FALSE;
572 
573 	ND_PRINT((ndo, " "));
574 
575 	ND_TCHECK_16BITS(dat);	/* Flags & Length */
576 	len = EXTRACT_16BITS(dat) & L2TP_AVP_HDR_LEN_MASK;
577 
578 	/* If it is not long enough to contain the header, we'll give up. */
579 	if (len < 6)
580 		goto trunc;
581 
582 	/* If it goes past the end of the remaining length of the packet,
583 	   we'll give up. */
584 	if (len > (u_int)length)
585 		goto trunc;
586 
587 	/* If it goes past the end of the remaining length of the captured
588 	   data, we'll give up. */
589 	ND_TCHECK2(*dat, len);
590 
591 	/*
592 	 * After this point, we don't need to check whether we go past
593 	 * the length of the captured data; however, we *do* need to
594 	 * check whether we go past the end of the AVP.
595 	 */
596 
597 	if (EXTRACT_16BITS(dat) & L2TP_AVP_HDR_FLAG_MANDATORY) {
598 		ND_PRINT((ndo, "*"));
599 	}
600 	if (EXTRACT_16BITS(dat) & L2TP_AVP_HDR_FLAG_HIDDEN) {
601 		hidden = TRUE;
602 		ND_PRINT((ndo, "?"));
603 	}
604 	dat += 2;
605 
606 	if (EXTRACT_16BITS(dat)) {
607 		/* Vendor Specific Attribute */
608 	        ND_PRINT((ndo, "VENDOR%04x:", EXTRACT_16BITS(dat))); dat += 2;
609 		ND_PRINT((ndo, "ATTR%04x", EXTRACT_16BITS(dat))); dat += 2;
610 		ND_PRINT((ndo, "("));
611 		print_octets(ndo, dat, len-6);
612 		ND_PRINT((ndo, ")"));
613 	} else {
614 		/* IETF-defined Attributes */
615 		dat += 2;
616 		attr_type = EXTRACT_16BITS(dat); dat += 2;
617 		ND_PRINT((ndo, "%s", tok2str(l2tp_avp2str, "AVP-#%u", attr_type)));
618 		ND_PRINT((ndo, "("));
619 		if (hidden) {
620 			ND_PRINT((ndo, "???"));
621 		} else {
622 			switch (attr_type) {
623 			case L2TP_AVP_MSGTYPE:
624 				l2tp_msgtype_print(ndo, dat, len-6);
625 				break;
626 			case L2TP_AVP_RESULT_CODE:
627 				l2tp_result_code_print(ndo, dat, len-6);
628 				break;
629 			case L2TP_AVP_PROTO_VER:
630 				l2tp_proto_ver_print(ndo, dat, len-6);
631 				break;
632 			case L2TP_AVP_FRAMING_CAP:
633 				l2tp_framing_cap_print(ndo, dat, len-6);
634 				break;
635 			case L2TP_AVP_BEARER_CAP:
636 				l2tp_bearer_cap_print(ndo, dat, len-6);
637 				break;
638 			case L2TP_AVP_TIE_BREAKER:
639 				if (len-6 < 8) {
640 					ND_PRINT((ndo, "AVP too short"));
641 					break;
642 				}
643 				print_octets(ndo, dat, 8);
644 				break;
645 			case L2TP_AVP_FIRM_VER:
646 			case L2TP_AVP_ASSND_TUN_ID:
647 			case L2TP_AVP_RECV_WIN_SIZE:
648 			case L2TP_AVP_ASSND_SESS_ID:
649 				if (len-6 < 2) {
650 					ND_PRINT((ndo, "AVP too short"));
651 					break;
652 				}
653 				print_16bits_val(ndo, dat);
654 				break;
655 			case L2TP_AVP_HOST_NAME:
656 			case L2TP_AVP_VENDOR_NAME:
657 			case L2TP_AVP_CALLING_NUMBER:
658 			case L2TP_AVP_CALLED_NUMBER:
659 			case L2TP_AVP_SUB_ADDRESS:
660 			case L2TP_AVP_PROXY_AUTH_NAME:
661 			case L2TP_AVP_PRIVATE_GRP_ID:
662 				print_string(ndo, dat, len-6);
663 				break;
664 			case L2TP_AVP_CHALLENGE:
665 			case L2TP_AVP_INI_RECV_LCP:
666 			case L2TP_AVP_LAST_SENT_LCP:
667 			case L2TP_AVP_LAST_RECV_LCP:
668 			case L2TP_AVP_PROXY_AUTH_CHAL:
669 			case L2TP_AVP_PROXY_AUTH_RESP:
670 			case L2TP_AVP_RANDOM_VECTOR:
671 				print_octets(ndo, dat, len-6);
672 				break;
673 			case L2TP_AVP_Q931_CC:
674 				l2tp_q931_cc_print(ndo, dat, len-6);
675 				break;
676 			case L2TP_AVP_CHALLENGE_RESP:
677 				if (len-6 < 16) {
678 					ND_PRINT((ndo, "AVP too short"));
679 					break;
680 				}
681 				print_octets(ndo, dat, 16);
682 				break;
683 			case L2TP_AVP_CALL_SER_NUM:
684 			case L2TP_AVP_MINIMUM_BPS:
685 			case L2TP_AVP_MAXIMUM_BPS:
686 			case L2TP_AVP_TX_CONN_SPEED:
687 			case L2TP_AVP_PHY_CHANNEL_ID:
688 			case L2TP_AVP_RX_CONN_SPEED:
689 				if (len-6 < 4) {
690 					ND_PRINT((ndo, "AVP too short"));
691 					break;
692 				}
693 				print_32bits_val(ndo, dat);
694 				break;
695 			case L2TP_AVP_BEARER_TYPE:
696 				l2tp_bearer_type_print(ndo, dat, len-6);
697 				break;
698 			case L2TP_AVP_FRAMING_TYPE:
699 				l2tp_framing_type_print(ndo, dat, len-6);
700 				break;
701 			case L2TP_AVP_PACKET_PROC_DELAY:
702 				l2tp_packet_proc_delay_print(ndo);
703 				break;
704 			case L2TP_AVP_PROXY_AUTH_TYPE:
705 				l2tp_proxy_auth_type_print(ndo, dat, len-6);
706 				break;
707 			case L2TP_AVP_PROXY_AUTH_ID:
708 				l2tp_proxy_auth_id_print(ndo, dat, len-6);
709 				break;
710 			case L2TP_AVP_CALL_ERRORS:
711 				l2tp_call_errors_print(ndo, dat, len-6);
712 				break;
713 			case L2TP_AVP_ACCM:
714 				l2tp_accm_print(ndo, dat, len-6);
715 				break;
716 			case L2TP_AVP_SEQ_REQUIRED:
717 				break;	/* No Attribute Value */
718 			case L2TP_AVP_PPP_DISCON_CC:
719 				l2tp_ppp_discon_cc_print(ndo, dat, len-6);
720 				break;
721 			default:
722 				break;
723 			}
724 		}
725 		ND_PRINT((ndo, ")"));
726 	}
727 
728 	return (len);
729 
730  trunc:
731 	ND_PRINT((ndo, "|..."));
732 	return (0);
733 }
734 
735 
736 void
737 l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length)
738 {
739 	const u_char *ptr = dat;
740 	u_int cnt = 0;			/* total octets consumed */
741 	uint16_t pad;
742 	int flag_t, flag_l, flag_s, flag_o;
743 	uint16_t l2tp_len;
744 
745 	flag_t = flag_l = flag_s = flag_o = FALSE;
746 
747 	ND_TCHECK2(*ptr, 2);	/* Flags & Version */
748 	if ((EXTRACT_16BITS(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2TP) {
749 		ND_PRINT((ndo, " l2tp:"));
750 	} else if ((EXTRACT_16BITS(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2F) {
751 		ND_PRINT((ndo, " l2f:"));
752 		return;		/* nothing to do */
753 	} else {
754 		ND_PRINT((ndo, " Unknown Version, neither L2F(1) nor L2TP(2)"));
755 		return;		/* nothing we can do */
756 	}
757 
758 	ND_PRINT((ndo, "["));
759 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_TYPE) {
760 		flag_t = TRUE;
761 		ND_PRINT((ndo, "T"));
762 	}
763 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_LENGTH) {
764 		flag_l = TRUE;
765 		ND_PRINT((ndo, "L"));
766 	}
767 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_SEQUENCE) {
768 		flag_s = TRUE;
769 		ND_PRINT((ndo, "S"));
770 	}
771 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_OFFSET) {
772 		flag_o = TRUE;
773 		ND_PRINT((ndo, "O"));
774 	}
775 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_PRIORITY)
776 		ND_PRINT((ndo, "P"));
777 	ND_PRINT((ndo, "]"));
778 
779 	ptr += 2;
780 	cnt += 2;
781 
782 	if (flag_l) {
783 		ND_TCHECK2(*ptr, 2);	/* Length */
784 		l2tp_len = EXTRACT_16BITS(ptr);
785 		ptr += 2;
786 		cnt += 2;
787 	} else {
788 		l2tp_len = 0;
789 	}
790 
791 	ND_TCHECK2(*ptr, 2);		/* Tunnel ID */
792 	ND_PRINT((ndo, "(%u/", EXTRACT_16BITS(ptr)));
793 	ptr += 2;
794 	cnt += 2;
795 	ND_TCHECK2(*ptr, 2);		/* Session ID */
796 	ND_PRINT((ndo, "%u)",  EXTRACT_16BITS(ptr)));
797 	ptr += 2;
798 	cnt += 2;
799 
800 	if (flag_s) {
801 		ND_TCHECK2(*ptr, 2);	/* Ns */
802 		ND_PRINT((ndo, "Ns=%u,", EXTRACT_16BITS(ptr)));
803 		ptr += 2;
804 		cnt += 2;
805 		ND_TCHECK2(*ptr, 2);	/* Nr */
806 		ND_PRINT((ndo, "Nr=%u",  EXTRACT_16BITS(ptr)));
807 		ptr += 2;
808 		cnt += 2;
809 	}
810 
811 	if (flag_o) {
812 		ND_TCHECK2(*ptr, 2);	/* Offset Size */
813 		pad =  EXTRACT_16BITS(ptr);
814 		ptr += (2 + pad);
815 		cnt += (2 + pad);
816 	}
817 
818 	if (flag_l) {
819 		if (length < l2tp_len) {
820 			ND_PRINT((ndo, " Length %u larger than packet", l2tp_len));
821 			return;
822 		}
823 		length = l2tp_len;
824 	}
825 	if (length < cnt) {
826 		ND_PRINT((ndo, " Length %u smaller than header length", length));
827 		return;
828 	}
829 	if (flag_t) {
830 		if (!flag_l) {
831 			ND_PRINT((ndo, " No length"));
832 			return;
833 		}
834 		if (length - cnt == 0) {
835 			ND_PRINT((ndo, " ZLB"));
836 		} else {
837 			/*
838 			 * Print AVPs.
839 			 */
840 			while (length - cnt != 0) {
841 				u_int avp_length;
842 
843 				avp_length = l2tp_avp_print(ndo, ptr, length - cnt);
844 				if (avp_length == 0) {
845 					/*
846 					 * Truncated.
847 					 */
848 					break;
849 				}
850 				cnt += avp_length;
851 				ptr += avp_length;
852 			}
853 		}
854 	} else {
855 		ND_PRINT((ndo, " {"));
856 		ppp_print(ndo, ptr, length - cnt);
857 		ND_PRINT((ndo, "}"));
858 	}
859 
860 	return;
861 
862  trunc:
863 	ND_PRINT((ndo, "%s", tstr));
864 }
865