1 /* 2 * Copyright (c) 1991, 1993, 1994, 1995, 1996, 1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * L2TP support contributed by Motonori Shindo (mshindo@mshindo.net) 22 */ 23 24 /* \summary: Layer Two Tunneling Protocol (L2TP) printer */ 25 26 #ifdef HAVE_CONFIG_H 27 #include "config.h" 28 #endif 29 30 #include <netdissect-stdinc.h> 31 32 #include "netdissect.h" 33 #include "extract.h" 34 35 #define L2TP_FLAG_TYPE 0x8000 /* Type (0=Data, 1=Control) */ 36 #define L2TP_FLAG_LENGTH 0x4000 /* Length */ 37 #define L2TP_FLAG_SEQUENCE 0x0800 /* Sequence */ 38 #define L2TP_FLAG_OFFSET 0x0200 /* Offset */ 39 #define L2TP_FLAG_PRIORITY 0x0100 /* Priority */ 40 41 #define L2TP_VERSION_MASK 0x000f /* Version Mask */ 42 #define L2TP_VERSION_L2F 0x0001 /* L2F */ 43 #define L2TP_VERSION_L2TP 0x0002 /* L2TP */ 44 45 #define L2TP_AVP_HDR_FLAG_MANDATORY 0x8000 /* Mandatory Flag */ 46 #define L2TP_AVP_HDR_FLAG_HIDDEN 0x4000 /* Hidden Flag */ 47 #define L2TP_AVP_HDR_LEN_MASK 0x03ff /* Length Mask */ 48 49 #define L2TP_FRAMING_CAP_SYNC_MASK 0x00000001 /* Synchronous */ 50 #define L2TP_FRAMING_CAP_ASYNC_MASK 0x00000002 /* Asynchronous */ 51 52 #define L2TP_FRAMING_TYPE_SYNC_MASK 0x00000001 /* Synchronous */ 53 #define L2TP_FRAMING_TYPE_ASYNC_MASK 0x00000002 /* Asynchronous */ 54 55 #define L2TP_BEARER_CAP_DIGITAL_MASK 0x00000001 /* Digital */ 56 #define L2TP_BEARER_CAP_ANALOG_MASK 0x00000002 /* Analog */ 57 58 #define L2TP_BEARER_TYPE_DIGITAL_MASK 0x00000001 /* Digital */ 59 #define L2TP_BEARER_TYPE_ANALOG_MASK 0x00000002 /* Analog */ 60 61 /* Authen Type */ 62 #define L2TP_AUTHEN_TYPE_RESERVED 0x0000 /* Reserved */ 63 #define L2TP_AUTHEN_TYPE_TEXTUAL 0x0001 /* Textual username/password exchange */ 64 #define L2TP_AUTHEN_TYPE_CHAP 0x0002 /* PPP CHAP */ 65 #define L2TP_AUTHEN_TYPE_PAP 0x0003 /* PPP PAP */ 66 #define L2TP_AUTHEN_TYPE_NO_AUTH 0x0004 /* No Authentication */ 67 #define L2TP_AUTHEN_TYPE_MSCHAPv1 0x0005 /* MSCHAPv1 */ 68 69 #define L2TP_PROXY_AUTH_ID_MASK 0x00ff 70 71 static const char tstr[] = " [|l2tp]"; 72 73 #define L2TP_MSGTYPE_SCCRQ 1 /* Start-Control-Connection-Request */ 74 #define L2TP_MSGTYPE_SCCRP 2 /* Start-Control-Connection-Reply */ 75 #define L2TP_MSGTYPE_SCCCN 3 /* Start-Control-Connection-Connected */ 76 #define L2TP_MSGTYPE_STOPCCN 4 /* Stop-Control-Connection-Notification */ 77 #define L2TP_MSGTYPE_HELLO 6 /* Hello */ 78 #define L2TP_MSGTYPE_OCRQ 7 /* Outgoing-Call-Request */ 79 #define L2TP_MSGTYPE_OCRP 8 /* Outgoing-Call-Reply */ 80 #define L2TP_MSGTYPE_OCCN 9 /* Outgoing-Call-Connected */ 81 #define L2TP_MSGTYPE_ICRQ 10 /* Incoming-Call-Request */ 82 #define L2TP_MSGTYPE_ICRP 11 /* Incoming-Call-Reply */ 83 #define L2TP_MSGTYPE_ICCN 12 /* Incoming-Call-Connected */ 84 #define L2TP_MSGTYPE_CDN 14 /* Call-Disconnect-Notify */ 85 #define L2TP_MSGTYPE_WEN 15 /* WAN-Error-Notify */ 86 #define L2TP_MSGTYPE_SLI 16 /* Set-Link-Info */ 87 88 static const struct tok l2tp_msgtype2str[] = { 89 { L2TP_MSGTYPE_SCCRQ, "SCCRQ" }, 90 { L2TP_MSGTYPE_SCCRP, "SCCRP" }, 91 { L2TP_MSGTYPE_SCCCN, "SCCCN" }, 92 { L2TP_MSGTYPE_STOPCCN, "StopCCN" }, 93 { L2TP_MSGTYPE_HELLO, "HELLO" }, 94 { L2TP_MSGTYPE_OCRQ, "OCRQ" }, 95 { L2TP_MSGTYPE_OCRP, "OCRP" }, 96 { L2TP_MSGTYPE_OCCN, "OCCN" }, 97 { L2TP_MSGTYPE_ICRQ, "ICRQ" }, 98 { L2TP_MSGTYPE_ICRP, "ICRP" }, 99 { L2TP_MSGTYPE_ICCN, "ICCN" }, 100 { L2TP_MSGTYPE_CDN, "CDN" }, 101 { L2TP_MSGTYPE_WEN, "WEN" }, 102 { L2TP_MSGTYPE_SLI, "SLI" }, 103 { 0, NULL } 104 }; 105 106 #define L2TP_AVP_MSGTYPE 0 /* Message Type */ 107 #define L2TP_AVP_RESULT_CODE 1 /* Result Code */ 108 #define L2TP_AVP_PROTO_VER 2 /* Protocol Version */ 109 #define L2TP_AVP_FRAMING_CAP 3 /* Framing Capabilities */ 110 #define L2TP_AVP_BEARER_CAP 4 /* Bearer Capabilities */ 111 #define L2TP_AVP_TIE_BREAKER 5 /* Tie Breaker */ 112 #define L2TP_AVP_FIRM_VER 6 /* Firmware Revision */ 113 #define L2TP_AVP_HOST_NAME 7 /* Host Name */ 114 #define L2TP_AVP_VENDOR_NAME 8 /* Vendor Name */ 115 #define L2TP_AVP_ASSND_TUN_ID 9 /* Assigned Tunnel ID */ 116 #define L2TP_AVP_RECV_WIN_SIZE 10 /* Receive Window Size */ 117 #define L2TP_AVP_CHALLENGE 11 /* Challenge */ 118 #define L2TP_AVP_Q931_CC 12 /* Q.931 Cause Code */ 119 #define L2TP_AVP_CHALLENGE_RESP 13 /* Challenge Response */ 120 #define L2TP_AVP_ASSND_SESS_ID 14 /* Assigned Session ID */ 121 #define L2TP_AVP_CALL_SER_NUM 15 /* Call Serial Number */ 122 #define L2TP_AVP_MINIMUM_BPS 16 /* Minimum BPS */ 123 #define L2TP_AVP_MAXIMUM_BPS 17 /* Maximum BPS */ 124 #define L2TP_AVP_BEARER_TYPE 18 /* Bearer Type */ 125 #define L2TP_AVP_FRAMING_TYPE 19 /* Framing Type */ 126 #define L2TP_AVP_PACKET_PROC_DELAY 20 /* Packet Processing Delay (OBSOLETE) */ 127 #define L2TP_AVP_CALLED_NUMBER 21 /* Called Number */ 128 #define L2TP_AVP_CALLING_NUMBER 22 /* Calling Number */ 129 #define L2TP_AVP_SUB_ADDRESS 23 /* Sub-Address */ 130 #define L2TP_AVP_TX_CONN_SPEED 24 /* (Tx) Connect Speed */ 131 #define L2TP_AVP_PHY_CHANNEL_ID 25 /* Physical Channel ID */ 132 #define L2TP_AVP_INI_RECV_LCP 26 /* Initial Received LCP CONFREQ */ 133 #define L2TP_AVP_LAST_SENT_LCP 27 /* Last Sent LCP CONFREQ */ 134 #define L2TP_AVP_LAST_RECV_LCP 28 /* Last Received LCP CONFREQ */ 135 #define L2TP_AVP_PROXY_AUTH_TYPE 29 /* Proxy Authen Type */ 136 #define L2TP_AVP_PROXY_AUTH_NAME 30 /* Proxy Authen Name */ 137 #define L2TP_AVP_PROXY_AUTH_CHAL 31 /* Proxy Authen Challenge */ 138 #define L2TP_AVP_PROXY_AUTH_ID 32 /* Proxy Authen ID */ 139 #define L2TP_AVP_PROXY_AUTH_RESP 33 /* Proxy Authen Response */ 140 #define L2TP_AVP_CALL_ERRORS 34 /* Call Errors */ 141 #define L2TP_AVP_ACCM 35 /* ACCM */ 142 #define L2TP_AVP_RANDOM_VECTOR 36 /* Random Vector */ 143 #define L2TP_AVP_PRIVATE_GRP_ID 37 /* Private Group ID */ 144 #define L2TP_AVP_RX_CONN_SPEED 38 /* (Rx) Connect Speed */ 145 #define L2TP_AVP_SEQ_REQUIRED 39 /* Sequencing Required */ 146 #define L2TP_AVP_PPP_DISCON_CC 46 /* PPP Disconnect Cause Code */ 147 148 static const struct tok l2tp_avp2str[] = { 149 { L2TP_AVP_MSGTYPE, "MSGTYPE" }, 150 { L2TP_AVP_RESULT_CODE, "RESULT_CODE" }, 151 { L2TP_AVP_PROTO_VER, "PROTO_VER" }, 152 { L2TP_AVP_FRAMING_CAP, "FRAMING_CAP" }, 153 { L2TP_AVP_BEARER_CAP, "BEARER_CAP" }, 154 { L2TP_AVP_TIE_BREAKER, "TIE_BREAKER" }, 155 { L2TP_AVP_FIRM_VER, "FIRM_VER" }, 156 { L2TP_AVP_HOST_NAME, "HOST_NAME" }, 157 { L2TP_AVP_VENDOR_NAME, "VENDOR_NAME" }, 158 { L2TP_AVP_ASSND_TUN_ID, "ASSND_TUN_ID" }, 159 { L2TP_AVP_RECV_WIN_SIZE, "RECV_WIN_SIZE" }, 160 { L2TP_AVP_CHALLENGE, "CHALLENGE" }, 161 { L2TP_AVP_Q931_CC, "Q931_CC", }, 162 { L2TP_AVP_CHALLENGE_RESP, "CHALLENGE_RESP" }, 163 { L2TP_AVP_ASSND_SESS_ID, "ASSND_SESS_ID" }, 164 { L2TP_AVP_CALL_SER_NUM, "CALL_SER_NUM" }, 165 { L2TP_AVP_MINIMUM_BPS, "MINIMUM_BPS" }, 166 { L2TP_AVP_MAXIMUM_BPS, "MAXIMUM_BPS" }, 167 { L2TP_AVP_BEARER_TYPE, "BEARER_TYPE" }, 168 { L2TP_AVP_FRAMING_TYPE, "FRAMING_TYPE" }, 169 { L2TP_AVP_PACKET_PROC_DELAY, "PACKET_PROC_DELAY" }, 170 { L2TP_AVP_CALLED_NUMBER, "CALLED_NUMBER" }, 171 { L2TP_AVP_CALLING_NUMBER, "CALLING_NUMBER" }, 172 { L2TP_AVP_SUB_ADDRESS, "SUB_ADDRESS" }, 173 { L2TP_AVP_TX_CONN_SPEED, "TX_CONN_SPEED" }, 174 { L2TP_AVP_PHY_CHANNEL_ID, "PHY_CHANNEL_ID" }, 175 { L2TP_AVP_INI_RECV_LCP, "INI_RECV_LCP" }, 176 { L2TP_AVP_LAST_SENT_LCP, "LAST_SENT_LCP" }, 177 { L2TP_AVP_LAST_RECV_LCP, "LAST_RECV_LCP" }, 178 { L2TP_AVP_PROXY_AUTH_TYPE, "PROXY_AUTH_TYPE" }, 179 { L2TP_AVP_PROXY_AUTH_NAME, "PROXY_AUTH_NAME" }, 180 { L2TP_AVP_PROXY_AUTH_CHAL, "PROXY_AUTH_CHAL" }, 181 { L2TP_AVP_PROXY_AUTH_ID, "PROXY_AUTH_ID" }, 182 { L2TP_AVP_PROXY_AUTH_RESP, "PROXY_AUTH_RESP" }, 183 { L2TP_AVP_CALL_ERRORS, "CALL_ERRORS" }, 184 { L2TP_AVP_ACCM, "ACCM" }, 185 { L2TP_AVP_RANDOM_VECTOR, "RANDOM_VECTOR" }, 186 { L2TP_AVP_PRIVATE_GRP_ID, "PRIVATE_GRP_ID" }, 187 { L2TP_AVP_RX_CONN_SPEED, "RX_CONN_SPEED" }, 188 { L2TP_AVP_SEQ_REQUIRED, "SEQ_REQUIRED" }, 189 { L2TP_AVP_PPP_DISCON_CC, "PPP_DISCON_CC" }, 190 { 0, NULL } 191 }; 192 193 static const struct tok l2tp_authentype2str[] = { 194 { L2TP_AUTHEN_TYPE_RESERVED, "Reserved" }, 195 { L2TP_AUTHEN_TYPE_TEXTUAL, "Textual" }, 196 { L2TP_AUTHEN_TYPE_CHAP, "CHAP" }, 197 { L2TP_AUTHEN_TYPE_PAP, "PAP" }, 198 { L2TP_AUTHEN_TYPE_NO_AUTH, "No Auth" }, 199 { L2TP_AUTHEN_TYPE_MSCHAPv1, "MS-CHAPv1" }, 200 { 0, NULL } 201 }; 202 203 #define L2TP_PPP_DISCON_CC_DIRECTION_GLOBAL 0 204 #define L2TP_PPP_DISCON_CC_DIRECTION_AT_PEER 1 205 #define L2TP_PPP_DISCON_CC_DIRECTION_AT_LOCAL 2 206 207 static const struct tok l2tp_cc_direction2str[] = { 208 { L2TP_PPP_DISCON_CC_DIRECTION_GLOBAL, "global error" }, 209 { L2TP_PPP_DISCON_CC_DIRECTION_AT_PEER, "at peer" }, 210 { L2TP_PPP_DISCON_CC_DIRECTION_AT_LOCAL,"at local" }, 211 { 0, NULL } 212 }; 213 214 #if 0 215 static char *l2tp_result_code_StopCCN[] = { 216 "Reserved", 217 "General request to clear control connection", 218 "General error--Error Code indicates the problem", 219 "Control channel already exists", 220 "Requester is not authorized to establish a control channel", 221 "The protocol version of the requester is not supported", 222 "Requester is being shut down", 223 "Finite State Machine error" 224 #define L2TP_MAX_RESULT_CODE_STOPCC_INDEX 8 225 }; 226 #endif 227 228 #if 0 229 static char *l2tp_result_code_CDN[] = { 230 "Reserved", 231 "Call disconnected due to loss of carrier", 232 "Call disconnected for the reason indicated in error code", 233 "Call disconnected for administrative reasons", 234 "Call failed due to lack of appropriate facilities being " \ 235 "available (temporary condition)", 236 "Call failed due to lack of appropriate facilities being " \ 237 "available (permanent condition)", 238 "Invalid destination", 239 "Call failed due to no carrier detected", 240 "Call failed due to detection of a busy signal", 241 "Call failed due to lack of a dial tone", 242 "Call was not established within time allotted by LAC", 243 "Call was connected but no appropriate framing was detected" 244 #define L2TP_MAX_RESULT_CODE_CDN_INDEX 12 245 }; 246 #endif 247 248 #if 0 249 static char *l2tp_error_code_general[] = { 250 "No general error", 251 "No control connection exists yet for this LAC-LNS pair", 252 "Length is wrong", 253 "One of the field values was out of range or " \ 254 "reserved field was non-zero" 255 "Insufficient resources to handle this operation now", 256 "The Session ID is invalid in this context", 257 "A generic vendor-specific error occurred in the LAC", 258 "Try another" 259 #define L2TP_MAX_ERROR_CODE_GENERAL_INDEX 8 260 }; 261 #endif 262 263 /******************************/ 264 /* generic print out routines */ 265 /******************************/ 266 static void 267 print_string(netdissect_options *ndo, const u_char *dat, u_int length) 268 { 269 u_int i; 270 for (i=0; i<length; i++) { 271 ND_PRINT((ndo, "%c", *dat++)); 272 } 273 } 274 275 static void 276 print_octets(netdissect_options *ndo, const u_char *dat, u_int length) 277 { 278 u_int i; 279 for (i=0; i<length; i++) { 280 ND_PRINT((ndo, "%02x", *dat++)); 281 } 282 } 283 284 static void 285 print_16bits_val(netdissect_options *ndo, const uint16_t *dat) 286 { 287 ND_PRINT((ndo, "%u", EXTRACT_16BITS(dat))); 288 } 289 290 static void 291 print_32bits_val(netdissect_options *ndo, const uint32_t *dat) 292 { 293 ND_PRINT((ndo, "%lu", (u_long)EXTRACT_32BITS(dat))); 294 } 295 296 /***********************************/ 297 /* AVP-specific print out routines */ 298 /***********************************/ 299 static void 300 l2tp_msgtype_print(netdissect_options *ndo, const u_char *dat, u_int length) 301 { 302 const uint16_t *ptr = (const uint16_t *)dat; 303 304 if (length < 2) { 305 ND_PRINT((ndo, "AVP too short")); 306 return; 307 } 308 ND_PRINT((ndo, "%s", tok2str(l2tp_msgtype2str, "MSGTYPE-#%u", 309 EXTRACT_16BITS(ptr)))); 310 } 311 312 static void 313 l2tp_result_code_print(netdissect_options *ndo, const u_char *dat, u_int length) 314 { 315 const uint16_t *ptr = (const uint16_t *)dat; 316 317 /* Result Code */ 318 if (length < 2) { 319 ND_PRINT((ndo, "AVP too short")); 320 return; 321 } 322 ND_PRINT((ndo, "%u", EXTRACT_16BITS(ptr))); 323 ptr++; 324 length -= 2; 325 326 /* Error Code (opt) */ 327 if (length == 0) 328 return; 329 if (length < 2) { 330 ND_PRINT((ndo, " AVP too short")); 331 return; 332 } 333 ND_PRINT((ndo, "/%u", EXTRACT_16BITS(ptr))); 334 ptr++; 335 length -= 2; 336 337 /* Error Message (opt) */ 338 if (length == 0) 339 return; 340 ND_PRINT((ndo, " ")); 341 print_string(ndo, (const u_char *)ptr, length); 342 } 343 344 static void 345 l2tp_proto_ver_print(netdissect_options *ndo, const uint16_t *dat, u_int length) 346 { 347 if (length < 2) { 348 ND_PRINT((ndo, "AVP too short")); 349 return; 350 } 351 ND_PRINT((ndo, "%u.%u", (EXTRACT_16BITS(dat) >> 8), 352 (EXTRACT_16BITS(dat) & 0xff))); 353 } 354 355 static void 356 l2tp_framing_cap_print(netdissect_options *ndo, const u_char *dat, u_int length) 357 { 358 const uint32_t *ptr = (const uint32_t *)dat; 359 360 if (length < 4) { 361 ND_PRINT((ndo, "AVP too short")); 362 return; 363 } 364 if (EXTRACT_32BITS(ptr) & L2TP_FRAMING_CAP_ASYNC_MASK) { 365 ND_PRINT((ndo, "A")); 366 } 367 if (EXTRACT_32BITS(ptr) & L2TP_FRAMING_CAP_SYNC_MASK) { 368 ND_PRINT((ndo, "S")); 369 } 370 } 371 372 static void 373 l2tp_bearer_cap_print(netdissect_options *ndo, const u_char *dat, u_int length) 374 { 375 const uint32_t *ptr = (const uint32_t *)dat; 376 377 if (length < 4) { 378 ND_PRINT((ndo, "AVP too short")); 379 return; 380 } 381 if (EXTRACT_32BITS(ptr) & L2TP_BEARER_CAP_ANALOG_MASK) { 382 ND_PRINT((ndo, "A")); 383 } 384 if (EXTRACT_32BITS(ptr) & L2TP_BEARER_CAP_DIGITAL_MASK) { 385 ND_PRINT((ndo, "D")); 386 } 387 } 388 389 static void 390 l2tp_q931_cc_print(netdissect_options *ndo, const u_char *dat, u_int length) 391 { 392 if (length < 3) { 393 ND_PRINT((ndo, "AVP too short")); 394 return; 395 } 396 print_16bits_val(ndo, (const uint16_t *)dat); 397 ND_PRINT((ndo, ", %02x", dat[2])); 398 dat += 3; 399 length -= 3; 400 if (length != 0) { 401 ND_PRINT((ndo, " ")); 402 print_string(ndo, dat, length); 403 } 404 } 405 406 static void 407 l2tp_bearer_type_print(netdissect_options *ndo, const u_char *dat, u_int length) 408 { 409 const uint32_t *ptr = (const uint32_t *)dat; 410 411 if (length < 4) { 412 ND_PRINT((ndo, "AVP too short")); 413 return; 414 } 415 if (EXTRACT_32BITS(ptr) & L2TP_BEARER_TYPE_ANALOG_MASK) { 416 ND_PRINT((ndo, "A")); 417 } 418 if (EXTRACT_32BITS(ptr) & L2TP_BEARER_TYPE_DIGITAL_MASK) { 419 ND_PRINT((ndo, "D")); 420 } 421 } 422 423 static void 424 l2tp_framing_type_print(netdissect_options *ndo, const u_char *dat, u_int length) 425 { 426 const uint32_t *ptr = (const uint32_t *)dat; 427 428 if (length < 4) { 429 ND_PRINT((ndo, "AVP too short")); 430 return; 431 } 432 if (EXTRACT_32BITS(ptr) & L2TP_FRAMING_TYPE_ASYNC_MASK) { 433 ND_PRINT((ndo, "A")); 434 } 435 if (EXTRACT_32BITS(ptr) & L2TP_FRAMING_TYPE_SYNC_MASK) { 436 ND_PRINT((ndo, "S")); 437 } 438 } 439 440 static void 441 l2tp_packet_proc_delay_print(netdissect_options *ndo) 442 { 443 ND_PRINT((ndo, "obsolete")); 444 } 445 446 static void 447 l2tp_proxy_auth_type_print(netdissect_options *ndo, const u_char *dat, u_int length) 448 { 449 const uint16_t *ptr = (const uint16_t *)dat; 450 451 if (length < 2) { 452 ND_PRINT((ndo, "AVP too short")); 453 return; 454 } 455 ND_PRINT((ndo, "%s", tok2str(l2tp_authentype2str, 456 "AuthType-#%u", EXTRACT_16BITS(ptr)))); 457 } 458 459 static void 460 l2tp_proxy_auth_id_print(netdissect_options *ndo, const u_char *dat, u_int length) 461 { 462 const uint16_t *ptr = (const uint16_t *)dat; 463 464 if (length < 2) { 465 ND_PRINT((ndo, "AVP too short")); 466 return; 467 } 468 ND_PRINT((ndo, "%u", EXTRACT_16BITS(ptr) & L2TP_PROXY_AUTH_ID_MASK)); 469 } 470 471 static void 472 l2tp_call_errors_print(netdissect_options *ndo, const u_char *dat, u_int length) 473 { 474 const uint16_t *ptr = (const uint16_t *)dat; 475 uint16_t val_h, val_l; 476 477 if (length < 2) { 478 ND_PRINT((ndo, "AVP too short")); 479 return; 480 } 481 ptr++; /* skip "Reserved" */ 482 length -= 2; 483 484 if (length < 4) { 485 ND_PRINT((ndo, "AVP too short")); 486 return; 487 } 488 val_h = EXTRACT_16BITS(ptr); ptr++; length -= 2; 489 val_l = EXTRACT_16BITS(ptr); ptr++; length -= 2; 490 ND_PRINT((ndo, "CRCErr=%u ", (val_h<<16) + val_l)); 491 492 if (length < 4) { 493 ND_PRINT((ndo, "AVP too short")); 494 return; 495 } 496 val_h = EXTRACT_16BITS(ptr); ptr++; length -= 2; 497 val_l = EXTRACT_16BITS(ptr); ptr++; length -= 2; 498 ND_PRINT((ndo, "FrameErr=%u ", (val_h<<16) + val_l)); 499 500 if (length < 4) { 501 ND_PRINT((ndo, "AVP too short")); 502 return; 503 } 504 val_h = EXTRACT_16BITS(ptr); ptr++; length -= 2; 505 val_l = EXTRACT_16BITS(ptr); ptr++; length -= 2; 506 ND_PRINT((ndo, "HardOver=%u ", (val_h<<16) + val_l)); 507 508 if (length < 4) { 509 ND_PRINT((ndo, "AVP too short")); 510 return; 511 } 512 val_h = EXTRACT_16BITS(ptr); ptr++; length -= 2; 513 val_l = EXTRACT_16BITS(ptr); ptr++; length -= 2; 514 ND_PRINT((ndo, "BufOver=%u ", (val_h<<16) + val_l)); 515 516 if (length < 4) { 517 ND_PRINT((ndo, "AVP too short")); 518 return; 519 } 520 val_h = EXTRACT_16BITS(ptr); ptr++; length -= 2; 521 val_l = EXTRACT_16BITS(ptr); ptr++; length -= 2; 522 ND_PRINT((ndo, "Timeout=%u ", (val_h<<16) + val_l)); 523 524 if (length < 4) { 525 ND_PRINT((ndo, "AVP too short")); 526 return; 527 } 528 val_h = EXTRACT_16BITS(ptr); ptr++; 529 val_l = EXTRACT_16BITS(ptr); ptr++; 530 ND_PRINT((ndo, "AlignErr=%u ", (val_h<<16) + val_l)); 531 } 532 533 static void 534 l2tp_accm_print(netdissect_options *ndo, const u_char *dat, u_int length) 535 { 536 const uint16_t *ptr = (const uint16_t *)dat; 537 uint16_t val_h, val_l; 538 539 if (length < 2) { 540 ND_PRINT((ndo, "AVP too short")); 541 return; 542 } 543 ptr++; /* skip "Reserved" */ 544 length -= 2; 545 546 if (length < 4) { 547 ND_PRINT((ndo, "AVP too short")); 548 return; 549 } 550 val_h = EXTRACT_16BITS(ptr); ptr++; length -= 2; 551 val_l = EXTRACT_16BITS(ptr); ptr++; length -= 2; 552 ND_PRINT((ndo, "send=%08x ", (val_h<<16) + val_l)); 553 554 if (length < 4) { 555 ND_PRINT((ndo, "AVP too short")); 556 return; 557 } 558 val_h = EXTRACT_16BITS(ptr); ptr++; 559 val_l = EXTRACT_16BITS(ptr); ptr++; 560 ND_PRINT((ndo, "recv=%08x ", (val_h<<16) + val_l)); 561 } 562 563 static void 564 l2tp_ppp_discon_cc_print(netdissect_options *ndo, const u_char *dat, u_int length) 565 { 566 const uint16_t *ptr = (const uint16_t *)dat; 567 568 if (length < 5) { 569 ND_PRINT((ndo, "AVP too short")); 570 return; 571 } 572 /* Disconnect Code */ 573 ND_PRINT((ndo, "%04x, ", EXTRACT_16BITS(dat))); 574 dat += 2; 575 length -= 2; 576 /* Control Protocol Number */ 577 ND_PRINT((ndo, "%04x ", EXTRACT_16BITS(dat))); 578 dat += 2; 579 length -= 2; 580 /* Direction */ 581 ND_PRINT((ndo, "%s", tok2str(l2tp_cc_direction2str, 582 "Direction-#%u", EXTRACT_8BITS(ptr)))); 583 ptr++; 584 length--; 585 586 if (length != 0) { 587 ND_PRINT((ndo, " ")); 588 print_string(ndo, (const u_char *)ptr, length); 589 } 590 } 591 592 static void 593 l2tp_avp_print(netdissect_options *ndo, const u_char *dat, int length) 594 { 595 u_int len; 596 const uint16_t *ptr = (const uint16_t *)dat; 597 uint16_t attr_type; 598 int hidden = FALSE; 599 600 if (length <= 0) { 601 return; 602 } 603 604 ND_PRINT((ndo, " ")); 605 606 ND_TCHECK(*ptr); /* Flags & Length */ 607 len = EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_LEN_MASK; 608 609 /* If it is not long enough to contain the header, we'll give up. */ 610 if (len < 6) 611 goto trunc; 612 613 /* If it goes past the end of the remaining length of the packet, 614 we'll give up. */ 615 if (len > (u_int)length) 616 goto trunc; 617 618 /* If it goes past the end of the remaining length of the captured 619 data, we'll give up. */ 620 ND_TCHECK2(*ptr, len); 621 622 /* 623 * After this point, we don't need to check whether we go past 624 * the length of the captured data; however, we *do* need to 625 * check whether we go past the end of the AVP. 626 */ 627 628 if (EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_FLAG_MANDATORY) { 629 ND_PRINT((ndo, "*")); 630 } 631 if (EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_FLAG_HIDDEN) { 632 hidden = TRUE; 633 ND_PRINT((ndo, "?")); 634 } 635 ptr++; 636 637 if (EXTRACT_16BITS(ptr)) { 638 /* Vendor Specific Attribute */ 639 ND_PRINT((ndo, "VENDOR%04x:", EXTRACT_16BITS(ptr))); ptr++; 640 ND_PRINT((ndo, "ATTR%04x", EXTRACT_16BITS(ptr))); ptr++; 641 ND_PRINT((ndo, "(")); 642 print_octets(ndo, (const u_char *)ptr, len-6); 643 ND_PRINT((ndo, ")")); 644 } else { 645 /* IETF-defined Attributes */ 646 ptr++; 647 attr_type = EXTRACT_16BITS(ptr); ptr++; 648 ND_PRINT((ndo, "%s", tok2str(l2tp_avp2str, "AVP-#%u", attr_type))); 649 ND_PRINT((ndo, "(")); 650 if (hidden) { 651 ND_PRINT((ndo, "???")); 652 } else { 653 switch (attr_type) { 654 case L2TP_AVP_MSGTYPE: 655 l2tp_msgtype_print(ndo, (const u_char *)ptr, len-6); 656 break; 657 case L2TP_AVP_RESULT_CODE: 658 l2tp_result_code_print(ndo, (const u_char *)ptr, len-6); 659 break; 660 case L2TP_AVP_PROTO_VER: 661 l2tp_proto_ver_print(ndo, ptr, len-6); 662 break; 663 case L2TP_AVP_FRAMING_CAP: 664 l2tp_framing_cap_print(ndo, (const u_char *)ptr, len-6); 665 break; 666 case L2TP_AVP_BEARER_CAP: 667 l2tp_bearer_cap_print(ndo, (const u_char *)ptr, len-6); 668 break; 669 case L2TP_AVP_TIE_BREAKER: 670 if (len-6 < 8) { 671 ND_PRINT((ndo, "AVP too short")); 672 break; 673 } 674 print_octets(ndo, (const u_char *)ptr, 8); 675 break; 676 case L2TP_AVP_FIRM_VER: 677 case L2TP_AVP_ASSND_TUN_ID: 678 case L2TP_AVP_RECV_WIN_SIZE: 679 case L2TP_AVP_ASSND_SESS_ID: 680 if (len-6 < 2) { 681 ND_PRINT((ndo, "AVP too short")); 682 break; 683 } 684 print_16bits_val(ndo, ptr); 685 break; 686 case L2TP_AVP_HOST_NAME: 687 case L2TP_AVP_VENDOR_NAME: 688 case L2TP_AVP_CALLING_NUMBER: 689 case L2TP_AVP_CALLED_NUMBER: 690 case L2TP_AVP_SUB_ADDRESS: 691 case L2TP_AVP_PROXY_AUTH_NAME: 692 case L2TP_AVP_PRIVATE_GRP_ID: 693 print_string(ndo, (const u_char *)ptr, len-6); 694 break; 695 case L2TP_AVP_CHALLENGE: 696 case L2TP_AVP_INI_RECV_LCP: 697 case L2TP_AVP_LAST_SENT_LCP: 698 case L2TP_AVP_LAST_RECV_LCP: 699 case L2TP_AVP_PROXY_AUTH_CHAL: 700 case L2TP_AVP_PROXY_AUTH_RESP: 701 case L2TP_AVP_RANDOM_VECTOR: 702 print_octets(ndo, (const u_char *)ptr, len-6); 703 break; 704 case L2TP_AVP_Q931_CC: 705 l2tp_q931_cc_print(ndo, (const u_char *)ptr, len-6); 706 break; 707 case L2TP_AVP_CHALLENGE_RESP: 708 if (len-6 < 16) { 709 ND_PRINT((ndo, "AVP too short")); 710 break; 711 } 712 print_octets(ndo, (const u_char *)ptr, 16); 713 break; 714 case L2TP_AVP_CALL_SER_NUM: 715 case L2TP_AVP_MINIMUM_BPS: 716 case L2TP_AVP_MAXIMUM_BPS: 717 case L2TP_AVP_TX_CONN_SPEED: 718 case L2TP_AVP_PHY_CHANNEL_ID: 719 case L2TP_AVP_RX_CONN_SPEED: 720 if (len-6 < 4) { 721 ND_PRINT((ndo, "AVP too short")); 722 break; 723 } 724 print_32bits_val(ndo, (const uint32_t *)ptr); 725 break; 726 case L2TP_AVP_BEARER_TYPE: 727 l2tp_bearer_type_print(ndo, (const u_char *)ptr, len-6); 728 break; 729 case L2TP_AVP_FRAMING_TYPE: 730 l2tp_framing_type_print(ndo, (const u_char *)ptr, len-6); 731 break; 732 case L2TP_AVP_PACKET_PROC_DELAY: 733 l2tp_packet_proc_delay_print(ndo); 734 break; 735 case L2TP_AVP_PROXY_AUTH_TYPE: 736 l2tp_proxy_auth_type_print(ndo, (const u_char *)ptr, len-6); 737 break; 738 case L2TP_AVP_PROXY_AUTH_ID: 739 l2tp_proxy_auth_id_print(ndo, (const u_char *)ptr, len-6); 740 break; 741 case L2TP_AVP_CALL_ERRORS: 742 l2tp_call_errors_print(ndo, (const u_char *)ptr, len-6); 743 break; 744 case L2TP_AVP_ACCM: 745 l2tp_accm_print(ndo, (const u_char *)ptr, len-6); 746 break; 747 case L2TP_AVP_SEQ_REQUIRED: 748 break; /* No Attribute Value */ 749 case L2TP_AVP_PPP_DISCON_CC: 750 l2tp_ppp_discon_cc_print(ndo, (const u_char *)ptr, len-6); 751 break; 752 default: 753 break; 754 } 755 } 756 ND_PRINT((ndo, ")")); 757 } 758 759 l2tp_avp_print(ndo, dat+len, length-len); 760 return; 761 762 trunc: 763 ND_PRINT((ndo, "|...")); 764 } 765 766 767 void 768 l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length) 769 { 770 const u_char *ptr = dat; 771 u_int cnt = 0; /* total octets consumed */ 772 uint16_t pad; 773 int flag_t, flag_l, flag_s, flag_o; 774 uint16_t l2tp_len; 775 776 flag_t = flag_l = flag_s = flag_o = FALSE; 777 778 ND_TCHECK2(*ptr, 2); /* Flags & Version */ 779 if ((EXTRACT_16BITS(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2TP) { 780 ND_PRINT((ndo, " l2tp:")); 781 } else if ((EXTRACT_16BITS(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2F) { 782 ND_PRINT((ndo, " l2f:")); 783 return; /* nothing to do */ 784 } else { 785 ND_PRINT((ndo, " Unknown Version, neither L2F(1) nor L2TP(2)")); 786 return; /* nothing we can do */ 787 } 788 789 ND_PRINT((ndo, "[")); 790 if (EXTRACT_16BITS(ptr) & L2TP_FLAG_TYPE) { 791 flag_t = TRUE; 792 ND_PRINT((ndo, "T")); 793 } 794 if (EXTRACT_16BITS(ptr) & L2TP_FLAG_LENGTH) { 795 flag_l = TRUE; 796 ND_PRINT((ndo, "L")); 797 } 798 if (EXTRACT_16BITS(ptr) & L2TP_FLAG_SEQUENCE) { 799 flag_s = TRUE; 800 ND_PRINT((ndo, "S")); 801 } 802 if (EXTRACT_16BITS(ptr) & L2TP_FLAG_OFFSET) { 803 flag_o = TRUE; 804 ND_PRINT((ndo, "O")); 805 } 806 if (EXTRACT_16BITS(ptr) & L2TP_FLAG_PRIORITY) 807 ND_PRINT((ndo, "P")); 808 ND_PRINT((ndo, "]")); 809 810 ptr += 2; 811 cnt += 2; 812 813 if (flag_l) { 814 ND_TCHECK2(*ptr, 2); /* Length */ 815 l2tp_len = EXTRACT_16BITS(ptr); 816 ptr += 2; 817 cnt += 2; 818 } else { 819 l2tp_len = 0; 820 } 821 822 ND_TCHECK2(*ptr, 2); /* Tunnel ID */ 823 ND_PRINT((ndo, "(%u/", EXTRACT_16BITS(ptr))); 824 ptr += 2; 825 cnt += 2; 826 ND_TCHECK2(*ptr, 2); /* Session ID */ 827 ND_PRINT((ndo, "%u)", EXTRACT_16BITS(ptr))); 828 ptr += 2; 829 cnt += 2; 830 831 if (flag_s) { 832 ND_TCHECK2(*ptr, 2); /* Ns */ 833 ND_PRINT((ndo, "Ns=%u,", EXTRACT_16BITS(ptr))); 834 ptr += 2; 835 cnt += 2; 836 ND_TCHECK2(*ptr, 2); /* Nr */ 837 ND_PRINT((ndo, "Nr=%u", EXTRACT_16BITS(ptr))); 838 ptr += 2; 839 cnt += 2; 840 } 841 842 if (flag_o) { 843 ND_TCHECK2(*ptr, 2); /* Offset Size */ 844 pad = EXTRACT_16BITS(ptr); 845 ptr += (2 + pad); 846 cnt += (2 + pad); 847 } 848 849 if (flag_l) { 850 if (length < l2tp_len) { 851 ND_PRINT((ndo, " Length %u larger than packet", l2tp_len)); 852 return; 853 } 854 length = l2tp_len; 855 } 856 if (length < cnt) { 857 ND_PRINT((ndo, " Length %u smaller than header length", length)); 858 return; 859 } 860 if (flag_t) { 861 if (!flag_l) { 862 ND_PRINT((ndo, " No length")); 863 return; 864 } 865 if (length - cnt == 0) { 866 ND_PRINT((ndo, " ZLB")); 867 } else { 868 l2tp_avp_print(ndo, ptr, length - cnt); 869 } 870 } else { 871 ND_PRINT((ndo, " {")); 872 ppp_print(ndo, ptr, length - cnt); 873 ND_PRINT((ndo, "}")); 874 } 875 876 return; 877 878 trunc: 879 ND_PRINT((ndo, "%s", tstr)); 880 } 881