• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 1991, 1993, 1994, 1995, 1996, 1997
3  *      The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that: (1) source code distributions
7  * retain the above copyright notice and this paragraph in its entirety, (2)
8  * distributions including binary code include the above copyright notice and
9  * this paragraph in its entirety in the documentation or other materials
10  * provided with the distribution, and (3) all advertising materials mentioning
11  * features or use of this software display the following acknowledgement:
12  * ``This product includes software developed by the University of California,
13  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14  * the University nor the names of its contributors may be used to endorse
15  * or promote products derived from this software without specific prior
16  * written permission.
17  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20  *
21  * L2TP support contributed by Motonori Shindo (mshindo@mshindo.net)
22  */
23 
24 /* \summary: Layer Two Tunneling Protocol (L2TP) printer */
25 
26 #ifdef HAVE_CONFIG_H
27 #include "config.h"
28 #endif
29 
30 #include <netdissect-stdinc.h>
31 
32 #include "netdissect.h"
33 #include "extract.h"
34 
35 #define L2TP_FLAG_TYPE		0x8000	/* Type (0=Data, 1=Control) */
36 #define L2TP_FLAG_LENGTH	0x4000	/* Length */
37 #define L2TP_FLAG_SEQUENCE	0x0800	/* Sequence */
38 #define L2TP_FLAG_OFFSET	0x0200	/* Offset */
39 #define L2TP_FLAG_PRIORITY	0x0100	/* Priority */
40 
41 #define L2TP_VERSION_MASK	0x000f	/* Version Mask */
42 #define L2TP_VERSION_L2F	0x0001	/* L2F */
43 #define L2TP_VERSION_L2TP	0x0002	/* L2TP */
44 
45 #define L2TP_AVP_HDR_FLAG_MANDATORY	0x8000	/* Mandatory Flag */
46 #define L2TP_AVP_HDR_FLAG_HIDDEN	0x4000	/* Hidden Flag */
47 #define L2TP_AVP_HDR_LEN_MASK		0x03ff	/* Length Mask */
48 
49 #define L2TP_FRAMING_CAP_SYNC_MASK	0x00000001	/* Synchronous */
50 #define L2TP_FRAMING_CAP_ASYNC_MASK	0x00000002	/* Asynchronous */
51 
52 #define L2TP_FRAMING_TYPE_SYNC_MASK	0x00000001	/* Synchronous */
53 #define L2TP_FRAMING_TYPE_ASYNC_MASK	0x00000002	/* Asynchronous */
54 
55 #define L2TP_BEARER_CAP_DIGITAL_MASK	0x00000001	/* Digital */
56 #define L2TP_BEARER_CAP_ANALOG_MASK	0x00000002	/* Analog */
57 
58 #define L2TP_BEARER_TYPE_DIGITAL_MASK	0x00000001	/* Digital */
59 #define L2TP_BEARER_TYPE_ANALOG_MASK	0x00000002	/* Analog */
60 
61 /* Authen Type */
62 #define L2TP_AUTHEN_TYPE_RESERVED	0x0000	/* Reserved */
63 #define L2TP_AUTHEN_TYPE_TEXTUAL	0x0001	/* Textual username/password exchange */
64 #define L2TP_AUTHEN_TYPE_CHAP		0x0002	/* PPP CHAP */
65 #define L2TP_AUTHEN_TYPE_PAP		0x0003	/* PPP PAP */
66 #define L2TP_AUTHEN_TYPE_NO_AUTH	0x0004	/* No Authentication */
67 #define L2TP_AUTHEN_TYPE_MSCHAPv1	0x0005	/* MSCHAPv1 */
68 
69 #define L2TP_PROXY_AUTH_ID_MASK		0x00ff
70 
71 static const char tstr[] = " [|l2tp]";
72 
73 #define	L2TP_MSGTYPE_SCCRQ	1  /* Start-Control-Connection-Request */
74 #define	L2TP_MSGTYPE_SCCRP	2  /* Start-Control-Connection-Reply */
75 #define	L2TP_MSGTYPE_SCCCN	3  /* Start-Control-Connection-Connected */
76 #define	L2TP_MSGTYPE_STOPCCN	4  /* Stop-Control-Connection-Notification */
77 #define	L2TP_MSGTYPE_HELLO	6  /* Hello */
78 #define	L2TP_MSGTYPE_OCRQ	7  /* Outgoing-Call-Request */
79 #define	L2TP_MSGTYPE_OCRP	8  /* Outgoing-Call-Reply */
80 #define	L2TP_MSGTYPE_OCCN	9  /* Outgoing-Call-Connected */
81 #define	L2TP_MSGTYPE_ICRQ	10 /* Incoming-Call-Request */
82 #define	L2TP_MSGTYPE_ICRP	11 /* Incoming-Call-Reply */
83 #define	L2TP_MSGTYPE_ICCN	12 /* Incoming-Call-Connected */
84 #define	L2TP_MSGTYPE_CDN	14 /* Call-Disconnect-Notify */
85 #define	L2TP_MSGTYPE_WEN	15 /* WAN-Error-Notify */
86 #define	L2TP_MSGTYPE_SLI	16 /* Set-Link-Info */
87 
88 static const struct tok l2tp_msgtype2str[] = {
89 	{ L2TP_MSGTYPE_SCCRQ, 	"SCCRQ" },
90 	{ L2TP_MSGTYPE_SCCRP,	"SCCRP" },
91 	{ L2TP_MSGTYPE_SCCCN,	"SCCCN" },
92 	{ L2TP_MSGTYPE_STOPCCN,	"StopCCN" },
93 	{ L2TP_MSGTYPE_HELLO,	"HELLO" },
94 	{ L2TP_MSGTYPE_OCRQ,	"OCRQ" },
95 	{ L2TP_MSGTYPE_OCRP,	"OCRP" },
96 	{ L2TP_MSGTYPE_OCCN,	"OCCN" },
97 	{ L2TP_MSGTYPE_ICRQ,	"ICRQ" },
98 	{ L2TP_MSGTYPE_ICRP,	"ICRP" },
99 	{ L2TP_MSGTYPE_ICCN,	"ICCN" },
100 	{ L2TP_MSGTYPE_CDN,	"CDN" },
101 	{ L2TP_MSGTYPE_WEN,	"WEN" },
102 	{ L2TP_MSGTYPE_SLI,	"SLI" },
103 	{ 0,			NULL }
104 };
105 
106 #define L2TP_AVP_MSGTYPE		0  /* Message Type */
107 #define L2TP_AVP_RESULT_CODE		1  /* Result Code */
108 #define L2TP_AVP_PROTO_VER		2  /* Protocol Version */
109 #define L2TP_AVP_FRAMING_CAP		3  /* Framing Capabilities */
110 #define L2TP_AVP_BEARER_CAP		4  /* Bearer Capabilities */
111 #define L2TP_AVP_TIE_BREAKER		5  /* Tie Breaker */
112 #define L2TP_AVP_FIRM_VER		6  /* Firmware Revision */
113 #define L2TP_AVP_HOST_NAME		7  /* Host Name */
114 #define L2TP_AVP_VENDOR_NAME		8  /* Vendor Name */
115 #define L2TP_AVP_ASSND_TUN_ID 		9  /* Assigned Tunnel ID */
116 #define L2TP_AVP_RECV_WIN_SIZE		10 /* Receive Window Size */
117 #define L2TP_AVP_CHALLENGE		11 /* Challenge */
118 #define L2TP_AVP_Q931_CC		12 /* Q.931 Cause Code */
119 #define L2TP_AVP_CHALLENGE_RESP		13 /* Challenge Response */
120 #define L2TP_AVP_ASSND_SESS_ID  	14 /* Assigned Session ID */
121 #define L2TP_AVP_CALL_SER_NUM 		15 /* Call Serial Number */
122 #define L2TP_AVP_MINIMUM_BPS		16 /* Minimum BPS */
123 #define L2TP_AVP_MAXIMUM_BPS		17 /* Maximum BPS */
124 #define L2TP_AVP_BEARER_TYPE		18 /* Bearer Type */
125 #define L2TP_AVP_FRAMING_TYPE 		19 /* Framing Type */
126 #define L2TP_AVP_PACKET_PROC_DELAY	20 /* Packet Processing Delay (OBSOLETE) */
127 #define L2TP_AVP_CALLED_NUMBER		21 /* Called Number */
128 #define L2TP_AVP_CALLING_NUMBER		22 /* Calling Number */
129 #define L2TP_AVP_SUB_ADDRESS		23 /* Sub-Address */
130 #define L2TP_AVP_TX_CONN_SPEED		24 /* (Tx) Connect Speed */
131 #define L2TP_AVP_PHY_CHANNEL_ID		25 /* Physical Channel ID */
132 #define L2TP_AVP_INI_RECV_LCP		26 /* Initial Received LCP CONFREQ */
133 #define L2TP_AVP_LAST_SENT_LCP		27 /* Last Sent LCP CONFREQ */
134 #define L2TP_AVP_LAST_RECV_LCP		28 /* Last Received LCP CONFREQ */
135 #define L2TP_AVP_PROXY_AUTH_TYPE	29 /* Proxy Authen Type */
136 #define L2TP_AVP_PROXY_AUTH_NAME	30 /* Proxy Authen Name */
137 #define L2TP_AVP_PROXY_AUTH_CHAL	31 /* Proxy Authen Challenge */
138 #define L2TP_AVP_PROXY_AUTH_ID		32 /* Proxy Authen ID */
139 #define L2TP_AVP_PROXY_AUTH_RESP	33 /* Proxy Authen Response */
140 #define L2TP_AVP_CALL_ERRORS		34 /* Call Errors */
141 #define L2TP_AVP_ACCM			35 /* ACCM */
142 #define L2TP_AVP_RANDOM_VECTOR		36 /* Random Vector */
143 #define L2TP_AVP_PRIVATE_GRP_ID		37 /* Private Group ID */
144 #define L2TP_AVP_RX_CONN_SPEED		38 /* (Rx) Connect Speed */
145 #define L2TP_AVP_SEQ_REQUIRED 		39 /* Sequencing Required */
146 #define L2TP_AVP_PPP_DISCON_CC		46 /* PPP Disconnect Cause Code */
147 
148 static const struct tok l2tp_avp2str[] = {
149 	{ L2TP_AVP_MSGTYPE,		"MSGTYPE" },
150 	{ L2TP_AVP_RESULT_CODE,		"RESULT_CODE" },
151 	{ L2TP_AVP_PROTO_VER,		"PROTO_VER" },
152 	{ L2TP_AVP_FRAMING_CAP,		"FRAMING_CAP" },
153 	{ L2TP_AVP_BEARER_CAP,		"BEARER_CAP" },
154 	{ L2TP_AVP_TIE_BREAKER,		"TIE_BREAKER" },
155 	{ L2TP_AVP_FIRM_VER,		"FIRM_VER" },
156 	{ L2TP_AVP_HOST_NAME,		"HOST_NAME" },
157 	{ L2TP_AVP_VENDOR_NAME,		"VENDOR_NAME" },
158 	{ L2TP_AVP_ASSND_TUN_ID,	"ASSND_TUN_ID" },
159 	{ L2TP_AVP_RECV_WIN_SIZE,	"RECV_WIN_SIZE" },
160 	{ L2TP_AVP_CHALLENGE,		"CHALLENGE" },
161 	{ L2TP_AVP_Q931_CC,		"Q931_CC", },
162 	{ L2TP_AVP_CHALLENGE_RESP,	"CHALLENGE_RESP" },
163 	{ L2TP_AVP_ASSND_SESS_ID,	"ASSND_SESS_ID" },
164 	{ L2TP_AVP_CALL_SER_NUM,	"CALL_SER_NUM" },
165 	{ L2TP_AVP_MINIMUM_BPS,		"MINIMUM_BPS" },
166 	{ L2TP_AVP_MAXIMUM_BPS,		"MAXIMUM_BPS" },
167 	{ L2TP_AVP_BEARER_TYPE,		"BEARER_TYPE" },
168 	{ L2TP_AVP_FRAMING_TYPE,	"FRAMING_TYPE" },
169 	{ L2TP_AVP_PACKET_PROC_DELAY,	"PACKET_PROC_DELAY" },
170 	{ L2TP_AVP_CALLED_NUMBER,	"CALLED_NUMBER" },
171 	{ L2TP_AVP_CALLING_NUMBER,	"CALLING_NUMBER" },
172 	{ L2TP_AVP_SUB_ADDRESS,		"SUB_ADDRESS" },
173 	{ L2TP_AVP_TX_CONN_SPEED,	"TX_CONN_SPEED" },
174 	{ L2TP_AVP_PHY_CHANNEL_ID,	"PHY_CHANNEL_ID" },
175 	{ L2TP_AVP_INI_RECV_LCP,	"INI_RECV_LCP" },
176 	{ L2TP_AVP_LAST_SENT_LCP,	"LAST_SENT_LCP" },
177 	{ L2TP_AVP_LAST_RECV_LCP,	"LAST_RECV_LCP" },
178 	{ L2TP_AVP_PROXY_AUTH_TYPE,	"PROXY_AUTH_TYPE" },
179 	{ L2TP_AVP_PROXY_AUTH_NAME,	"PROXY_AUTH_NAME" },
180 	{ L2TP_AVP_PROXY_AUTH_CHAL,	"PROXY_AUTH_CHAL" },
181 	{ L2TP_AVP_PROXY_AUTH_ID,	"PROXY_AUTH_ID" },
182 	{ L2TP_AVP_PROXY_AUTH_RESP,	"PROXY_AUTH_RESP" },
183 	{ L2TP_AVP_CALL_ERRORS,		"CALL_ERRORS" },
184 	{ L2TP_AVP_ACCM,		"ACCM" },
185 	{ L2TP_AVP_RANDOM_VECTOR,	"RANDOM_VECTOR" },
186 	{ L2TP_AVP_PRIVATE_GRP_ID,	"PRIVATE_GRP_ID" },
187 	{ L2TP_AVP_RX_CONN_SPEED,	"RX_CONN_SPEED" },
188 	{ L2TP_AVP_SEQ_REQUIRED,	"SEQ_REQUIRED" },
189 	{ L2TP_AVP_PPP_DISCON_CC,	"PPP_DISCON_CC" },
190 	{ 0,				NULL }
191 };
192 
193 static const struct tok l2tp_authentype2str[] = {
194 	{ L2TP_AUTHEN_TYPE_RESERVED,	"Reserved" },
195 	{ L2TP_AUTHEN_TYPE_TEXTUAL,	"Textual" },
196 	{ L2TP_AUTHEN_TYPE_CHAP,	"CHAP" },
197 	{ L2TP_AUTHEN_TYPE_PAP,		"PAP" },
198 	{ L2TP_AUTHEN_TYPE_NO_AUTH,	"No Auth" },
199 	{ L2TP_AUTHEN_TYPE_MSCHAPv1,	"MS-CHAPv1" },
200 	{ 0,				NULL }
201 };
202 
203 #define L2TP_PPP_DISCON_CC_DIRECTION_GLOBAL	0
204 #define L2TP_PPP_DISCON_CC_DIRECTION_AT_PEER	1
205 #define L2TP_PPP_DISCON_CC_DIRECTION_AT_LOCAL	2
206 
207 static const struct tok l2tp_cc_direction2str[] = {
208 	{ L2TP_PPP_DISCON_CC_DIRECTION_GLOBAL,	"global error" },
209 	{ L2TP_PPP_DISCON_CC_DIRECTION_AT_PEER,	"at peer" },
210 	{ L2TP_PPP_DISCON_CC_DIRECTION_AT_LOCAL,"at local" },
211 	{ 0,					NULL }
212 };
213 
214 #if 0
215 static char *l2tp_result_code_StopCCN[] = {
216          "Reserved",
217          "General request to clear control connection",
218          "General error--Error Code indicates the problem",
219          "Control channel already exists",
220          "Requester is not authorized to establish a control channel",
221          "The protocol version of the requester is not supported",
222          "Requester is being shut down",
223          "Finite State Machine error"
224 #define L2TP_MAX_RESULT_CODE_STOPCC_INDEX	8
225 };
226 #endif
227 
228 #if 0
229 static char *l2tp_result_code_CDN[] = {
230 	"Reserved",
231 	"Call disconnected due to loss of carrier",
232 	"Call disconnected for the reason indicated in error code",
233 	"Call disconnected for administrative reasons",
234 	"Call failed due to lack of appropriate facilities being " \
235 	"available (temporary condition)",
236 	"Call failed due to lack of appropriate facilities being " \
237 	"available (permanent condition)",
238 	"Invalid destination",
239 	"Call failed due to no carrier detected",
240 	"Call failed due to detection of a busy signal",
241 	"Call failed due to lack of a dial tone",
242 	"Call was not established within time allotted by LAC",
243 	"Call was connected but no appropriate framing was detected"
244 #define L2TP_MAX_RESULT_CODE_CDN_INDEX	12
245 };
246 #endif
247 
248 #if 0
249 static char *l2tp_error_code_general[] = {
250 	"No general error",
251 	"No control connection exists yet for this LAC-LNS pair",
252 	"Length is wrong",
253 	"One of the field values was out of range or " \
254 	"reserved field was non-zero"
255 	"Insufficient resources to handle this operation now",
256 	"The Session ID is invalid in this context",
257 	"A generic vendor-specific error occurred in the LAC",
258 	"Try another"
259 #define L2TP_MAX_ERROR_CODE_GENERAL_INDEX	8
260 };
261 #endif
262 
263 /******************************/
264 /* generic print out routines */
265 /******************************/
266 static void
print_string(netdissect_options * ndo,const u_char * dat,u_int length)267 print_string(netdissect_options *ndo, const u_char *dat, u_int length)
268 {
269 	u_int i;
270 	for (i=0; i<length; i++) {
271 		ND_PRINT((ndo, "%c", *dat++));
272 	}
273 }
274 
275 static void
print_octets(netdissect_options * ndo,const u_char * dat,u_int length)276 print_octets(netdissect_options *ndo, const u_char *dat, u_int length)
277 {
278 	u_int i;
279 	for (i=0; i<length; i++) {
280 		ND_PRINT((ndo, "%02x", *dat++));
281 	}
282 }
283 
284 static void
print_16bits_val(netdissect_options * ndo,const uint16_t * dat)285 print_16bits_val(netdissect_options *ndo, const uint16_t *dat)
286 {
287 	ND_PRINT((ndo, "%u", EXTRACT_16BITS(dat)));
288 }
289 
290 static void
print_32bits_val(netdissect_options * ndo,const uint32_t * dat)291 print_32bits_val(netdissect_options *ndo, const uint32_t *dat)
292 {
293 	ND_PRINT((ndo, "%lu", (u_long)EXTRACT_32BITS(dat)));
294 }
295 
296 /***********************************/
297 /* AVP-specific print out routines */
298 /***********************************/
299 static void
l2tp_msgtype_print(netdissect_options * ndo,const u_char * dat,u_int length)300 l2tp_msgtype_print(netdissect_options *ndo, const u_char *dat, u_int length)
301 {
302 	const uint16_t *ptr = (const uint16_t *)dat;
303 
304 	if (length < 2) {
305 		ND_PRINT((ndo, "AVP too short"));
306 		return;
307 	}
308 	ND_PRINT((ndo, "%s", tok2str(l2tp_msgtype2str, "MSGTYPE-#%u",
309 	    EXTRACT_16BITS(ptr))));
310 }
311 
312 static void
l2tp_result_code_print(netdissect_options * ndo,const u_char * dat,u_int length)313 l2tp_result_code_print(netdissect_options *ndo, const u_char *dat, u_int length)
314 {
315 	const uint16_t *ptr = (const uint16_t *)dat;
316 
317 	/* Result Code */
318 	if (length < 2) {
319 		ND_PRINT((ndo, "AVP too short"));
320 		return;
321 	}
322 	ND_PRINT((ndo, "%u", EXTRACT_16BITS(ptr)));
323 	ptr++;
324 	length -= 2;
325 
326 	/* Error Code (opt) */
327 	if (length == 0)
328 		return;
329 	if (length < 2) {
330 		ND_PRINT((ndo, " AVP too short"));
331 		return;
332 	}
333 	ND_PRINT((ndo, "/%u", EXTRACT_16BITS(ptr)));
334 	ptr++;
335 	length -= 2;
336 
337 	/* Error Message (opt) */
338 	if (length == 0)
339 		return;
340 	ND_PRINT((ndo, " "));
341 	print_string(ndo, (const u_char *)ptr, length);
342 }
343 
344 static void
l2tp_proto_ver_print(netdissect_options * ndo,const uint16_t * dat,u_int length)345 l2tp_proto_ver_print(netdissect_options *ndo, const uint16_t *dat, u_int length)
346 {
347 	if (length < 2) {
348 		ND_PRINT((ndo, "AVP too short"));
349 		return;
350 	}
351 	ND_PRINT((ndo, "%u.%u", (EXTRACT_16BITS(dat) >> 8),
352 	    (EXTRACT_16BITS(dat) & 0xff)));
353 }
354 
355 static void
l2tp_framing_cap_print(netdissect_options * ndo,const u_char * dat,u_int length)356 l2tp_framing_cap_print(netdissect_options *ndo, const u_char *dat, u_int length)
357 {
358 	const uint32_t *ptr = (const uint32_t *)dat;
359 
360 	if (length < 4) {
361 		ND_PRINT((ndo, "AVP too short"));
362 		return;
363 	}
364 	if (EXTRACT_32BITS(ptr) &  L2TP_FRAMING_CAP_ASYNC_MASK) {
365 		ND_PRINT((ndo, "A"));
366 	}
367 	if (EXTRACT_32BITS(ptr) &  L2TP_FRAMING_CAP_SYNC_MASK) {
368 		ND_PRINT((ndo, "S"));
369 	}
370 }
371 
372 static void
l2tp_bearer_cap_print(netdissect_options * ndo,const u_char * dat,u_int length)373 l2tp_bearer_cap_print(netdissect_options *ndo, const u_char *dat, u_int length)
374 {
375 	const uint32_t *ptr = (const uint32_t *)dat;
376 
377 	if (length < 4) {
378 		ND_PRINT((ndo, "AVP too short"));
379 		return;
380 	}
381 	if (EXTRACT_32BITS(ptr) &  L2TP_BEARER_CAP_ANALOG_MASK) {
382 		ND_PRINT((ndo, "A"));
383 	}
384 	if (EXTRACT_32BITS(ptr) &  L2TP_BEARER_CAP_DIGITAL_MASK) {
385 		ND_PRINT((ndo, "D"));
386 	}
387 }
388 
389 static void
l2tp_q931_cc_print(netdissect_options * ndo,const u_char * dat,u_int length)390 l2tp_q931_cc_print(netdissect_options *ndo, const u_char *dat, u_int length)
391 {
392 	if (length < 3) {
393 		ND_PRINT((ndo, "AVP too short"));
394 		return;
395 	}
396 	print_16bits_val(ndo, (const uint16_t *)dat);
397 	ND_PRINT((ndo, ", %02x", dat[2]));
398 	dat += 3;
399 	length -= 3;
400 	if (length != 0) {
401 		ND_PRINT((ndo, " "));
402 		print_string(ndo, dat, length);
403 	}
404 }
405 
406 static void
l2tp_bearer_type_print(netdissect_options * ndo,const u_char * dat,u_int length)407 l2tp_bearer_type_print(netdissect_options *ndo, const u_char *dat, u_int length)
408 {
409 	const uint32_t *ptr = (const uint32_t *)dat;
410 
411 	if (length < 4) {
412 		ND_PRINT((ndo, "AVP too short"));
413 		return;
414 	}
415 	if (EXTRACT_32BITS(ptr) &  L2TP_BEARER_TYPE_ANALOG_MASK) {
416 		ND_PRINT((ndo, "A"));
417 	}
418 	if (EXTRACT_32BITS(ptr) &  L2TP_BEARER_TYPE_DIGITAL_MASK) {
419 		ND_PRINT((ndo, "D"));
420 	}
421 }
422 
423 static void
l2tp_framing_type_print(netdissect_options * ndo,const u_char * dat,u_int length)424 l2tp_framing_type_print(netdissect_options *ndo, const u_char *dat, u_int length)
425 {
426 	const uint32_t *ptr = (const uint32_t *)dat;
427 
428 	if (length < 4) {
429 		ND_PRINT((ndo, "AVP too short"));
430 		return;
431 	}
432 	if (EXTRACT_32BITS(ptr) &  L2TP_FRAMING_TYPE_ASYNC_MASK) {
433 		ND_PRINT((ndo, "A"));
434 	}
435 	if (EXTRACT_32BITS(ptr) &  L2TP_FRAMING_TYPE_SYNC_MASK) {
436 		ND_PRINT((ndo, "S"));
437 	}
438 }
439 
440 static void
l2tp_packet_proc_delay_print(netdissect_options * ndo)441 l2tp_packet_proc_delay_print(netdissect_options *ndo)
442 {
443 	ND_PRINT((ndo, "obsolete"));
444 }
445 
446 static void
l2tp_proxy_auth_type_print(netdissect_options * ndo,const u_char * dat,u_int length)447 l2tp_proxy_auth_type_print(netdissect_options *ndo, const u_char *dat, u_int length)
448 {
449 	const uint16_t *ptr = (const uint16_t *)dat;
450 
451 	if (length < 2) {
452 		ND_PRINT((ndo, "AVP too short"));
453 		return;
454 	}
455 	ND_PRINT((ndo, "%s", tok2str(l2tp_authentype2str,
456 			     "AuthType-#%u", EXTRACT_16BITS(ptr))));
457 }
458 
459 static void
l2tp_proxy_auth_id_print(netdissect_options * ndo,const u_char * dat,u_int length)460 l2tp_proxy_auth_id_print(netdissect_options *ndo, const u_char *dat, u_int length)
461 {
462 	const uint16_t *ptr = (const uint16_t *)dat;
463 
464 	if (length < 2) {
465 		ND_PRINT((ndo, "AVP too short"));
466 		return;
467 	}
468 	ND_PRINT((ndo, "%u", EXTRACT_16BITS(ptr) & L2TP_PROXY_AUTH_ID_MASK));
469 }
470 
471 static void
l2tp_call_errors_print(netdissect_options * ndo,const u_char * dat,u_int length)472 l2tp_call_errors_print(netdissect_options *ndo, const u_char *dat, u_int length)
473 {
474 	const uint16_t *ptr = (const uint16_t *)dat;
475 	uint16_t val_h, val_l;
476 
477 	if (length < 2) {
478 		ND_PRINT((ndo, "AVP too short"));
479 		return;
480 	}
481 	ptr++;		/* skip "Reserved" */
482 	length -= 2;
483 
484 	if (length < 4) {
485 		ND_PRINT((ndo, "AVP too short"));
486 		return;
487 	}
488 	val_h = EXTRACT_16BITS(ptr); ptr++; length -= 2;
489 	val_l = EXTRACT_16BITS(ptr); ptr++; length -= 2;
490 	ND_PRINT((ndo, "CRCErr=%u ", (val_h<<16) + val_l));
491 
492 	if (length < 4) {
493 		ND_PRINT((ndo, "AVP too short"));
494 		return;
495 	}
496 	val_h = EXTRACT_16BITS(ptr); ptr++; length -= 2;
497 	val_l = EXTRACT_16BITS(ptr); ptr++; length -= 2;
498 	ND_PRINT((ndo, "FrameErr=%u ", (val_h<<16) + val_l));
499 
500 	if (length < 4) {
501 		ND_PRINT((ndo, "AVP too short"));
502 		return;
503 	}
504 	val_h = EXTRACT_16BITS(ptr); ptr++; length -= 2;
505 	val_l = EXTRACT_16BITS(ptr); ptr++; length -= 2;
506 	ND_PRINT((ndo, "HardOver=%u ", (val_h<<16) + val_l));
507 
508 	if (length < 4) {
509 		ND_PRINT((ndo, "AVP too short"));
510 		return;
511 	}
512 	val_h = EXTRACT_16BITS(ptr); ptr++; length -= 2;
513 	val_l = EXTRACT_16BITS(ptr); ptr++; length -= 2;
514 	ND_PRINT((ndo, "BufOver=%u ", (val_h<<16) + val_l));
515 
516 	if (length < 4) {
517 		ND_PRINT((ndo, "AVP too short"));
518 		return;
519 	}
520 	val_h = EXTRACT_16BITS(ptr); ptr++; length -= 2;
521 	val_l = EXTRACT_16BITS(ptr); ptr++; length -= 2;
522 	ND_PRINT((ndo, "Timeout=%u ", (val_h<<16) + val_l));
523 
524 	if (length < 4) {
525 		ND_PRINT((ndo, "AVP too short"));
526 		return;
527 	}
528 	val_h = EXTRACT_16BITS(ptr); ptr++;
529 	val_l = EXTRACT_16BITS(ptr); ptr++;
530 	ND_PRINT((ndo, "AlignErr=%u ", (val_h<<16) + val_l));
531 }
532 
533 static void
l2tp_accm_print(netdissect_options * ndo,const u_char * dat,u_int length)534 l2tp_accm_print(netdissect_options *ndo, const u_char *dat, u_int length)
535 {
536 	const uint16_t *ptr = (const uint16_t *)dat;
537 	uint16_t val_h, val_l;
538 
539 	if (length < 2) {
540 		ND_PRINT((ndo, "AVP too short"));
541 		return;
542 	}
543 	ptr++;		/* skip "Reserved" */
544 	length -= 2;
545 
546 	if (length < 4) {
547 		ND_PRINT((ndo, "AVP too short"));
548 		return;
549 	}
550 	val_h = EXTRACT_16BITS(ptr); ptr++; length -= 2;
551 	val_l = EXTRACT_16BITS(ptr); ptr++; length -= 2;
552 	ND_PRINT((ndo, "send=%08x ", (val_h<<16) + val_l));
553 
554 	if (length < 4) {
555 		ND_PRINT((ndo, "AVP too short"));
556 		return;
557 	}
558 	val_h = EXTRACT_16BITS(ptr); ptr++;
559 	val_l = EXTRACT_16BITS(ptr); ptr++;
560 	ND_PRINT((ndo, "recv=%08x ", (val_h<<16) + val_l));
561 }
562 
563 static void
l2tp_ppp_discon_cc_print(netdissect_options * ndo,const u_char * dat,u_int length)564 l2tp_ppp_discon_cc_print(netdissect_options *ndo, const u_char *dat, u_int length)
565 {
566 	const uint16_t *ptr = (const uint16_t *)dat;
567 
568 	if (length < 5) {
569 		ND_PRINT((ndo, "AVP too short"));
570 		return;
571 	}
572 	/* Disconnect Code */
573 	ND_PRINT((ndo, "%04x, ", EXTRACT_16BITS(dat)));
574 	dat += 2;
575 	length -= 2;
576 	/* Control Protocol Number */
577 	ND_PRINT((ndo, "%04x ",  EXTRACT_16BITS(dat)));
578 	dat += 2;
579 	length -= 2;
580 	/* Direction */
581 	ND_PRINT((ndo, "%s", tok2str(l2tp_cc_direction2str,
582 			     "Direction-#%u", EXTRACT_8BITS(ptr))));
583 	ptr++;
584 	length--;
585 
586 	if (length != 0) {
587 		ND_PRINT((ndo, " "));
588 		print_string(ndo, (const u_char *)ptr, length);
589 	}
590 }
591 
592 static void
l2tp_avp_print(netdissect_options * ndo,const u_char * dat,int length)593 l2tp_avp_print(netdissect_options *ndo, const u_char *dat, int length)
594 {
595 	u_int len;
596 	const uint16_t *ptr = (const uint16_t *)dat;
597 	uint16_t attr_type;
598 	int hidden = FALSE;
599 
600 	if (length <= 0) {
601 		return;
602 	}
603 
604 	ND_PRINT((ndo, " "));
605 
606 	ND_TCHECK(*ptr);	/* Flags & Length */
607 	len = EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_LEN_MASK;
608 
609 	/* If it is not long enough to contain the header, we'll give up. */
610 	if (len < 6)
611 		goto trunc;
612 
613 	/* If it goes past the end of the remaining length of the packet,
614 	   we'll give up. */
615 	if (len > (u_int)length)
616 		goto trunc;
617 
618 	/* If it goes past the end of the remaining length of the captured
619 	   data, we'll give up. */
620 	ND_TCHECK2(*ptr, len);
621 
622 	/*
623 	 * After this point, we don't need to check whether we go past
624 	 * the length of the captured data; however, we *do* need to
625 	 * check whether we go past the end of the AVP.
626 	 */
627 
628 	if (EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_FLAG_MANDATORY) {
629 		ND_PRINT((ndo, "*"));
630 	}
631 	if (EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_FLAG_HIDDEN) {
632 		hidden = TRUE;
633 		ND_PRINT((ndo, "?"));
634 	}
635 	ptr++;
636 
637 	if (EXTRACT_16BITS(ptr)) {
638 		/* Vendor Specific Attribute */
639 	        ND_PRINT((ndo, "VENDOR%04x:", EXTRACT_16BITS(ptr))); ptr++;
640 		ND_PRINT((ndo, "ATTR%04x", EXTRACT_16BITS(ptr))); ptr++;
641 		ND_PRINT((ndo, "("));
642 		print_octets(ndo, (const u_char *)ptr, len-6);
643 		ND_PRINT((ndo, ")"));
644 	} else {
645 		/* IETF-defined Attributes */
646 		ptr++;
647 		attr_type = EXTRACT_16BITS(ptr); ptr++;
648 		ND_PRINT((ndo, "%s", tok2str(l2tp_avp2str, "AVP-#%u", attr_type)));
649 		ND_PRINT((ndo, "("));
650 		if (hidden) {
651 			ND_PRINT((ndo, "???"));
652 		} else {
653 			switch (attr_type) {
654 			case L2TP_AVP_MSGTYPE:
655 				l2tp_msgtype_print(ndo, (const u_char *)ptr, len-6);
656 				break;
657 			case L2TP_AVP_RESULT_CODE:
658 				l2tp_result_code_print(ndo, (const u_char *)ptr, len-6);
659 				break;
660 			case L2TP_AVP_PROTO_VER:
661 				l2tp_proto_ver_print(ndo, ptr, len-6);
662 				break;
663 			case L2TP_AVP_FRAMING_CAP:
664 				l2tp_framing_cap_print(ndo, (const u_char *)ptr, len-6);
665 				break;
666 			case L2TP_AVP_BEARER_CAP:
667 				l2tp_bearer_cap_print(ndo, (const u_char *)ptr, len-6);
668 				break;
669 			case L2TP_AVP_TIE_BREAKER:
670 				if (len-6 < 8) {
671 					ND_PRINT((ndo, "AVP too short"));
672 					break;
673 				}
674 				print_octets(ndo, (const u_char *)ptr, 8);
675 				break;
676 			case L2TP_AVP_FIRM_VER:
677 			case L2TP_AVP_ASSND_TUN_ID:
678 			case L2TP_AVP_RECV_WIN_SIZE:
679 			case L2TP_AVP_ASSND_SESS_ID:
680 				if (len-6 < 2) {
681 					ND_PRINT((ndo, "AVP too short"));
682 					break;
683 				}
684 				print_16bits_val(ndo, ptr);
685 				break;
686 			case L2TP_AVP_HOST_NAME:
687 			case L2TP_AVP_VENDOR_NAME:
688 			case L2TP_AVP_CALLING_NUMBER:
689 			case L2TP_AVP_CALLED_NUMBER:
690 			case L2TP_AVP_SUB_ADDRESS:
691 			case L2TP_AVP_PROXY_AUTH_NAME:
692 			case L2TP_AVP_PRIVATE_GRP_ID:
693 				print_string(ndo, (const u_char *)ptr, len-6);
694 				break;
695 			case L2TP_AVP_CHALLENGE:
696 			case L2TP_AVP_INI_RECV_LCP:
697 			case L2TP_AVP_LAST_SENT_LCP:
698 			case L2TP_AVP_LAST_RECV_LCP:
699 			case L2TP_AVP_PROXY_AUTH_CHAL:
700 			case L2TP_AVP_PROXY_AUTH_RESP:
701 			case L2TP_AVP_RANDOM_VECTOR:
702 				print_octets(ndo, (const u_char *)ptr, len-6);
703 				break;
704 			case L2TP_AVP_Q931_CC:
705 				l2tp_q931_cc_print(ndo, (const u_char *)ptr, len-6);
706 				break;
707 			case L2TP_AVP_CHALLENGE_RESP:
708 				if (len-6 < 16) {
709 					ND_PRINT((ndo, "AVP too short"));
710 					break;
711 				}
712 				print_octets(ndo, (const u_char *)ptr, 16);
713 				break;
714 			case L2TP_AVP_CALL_SER_NUM:
715 			case L2TP_AVP_MINIMUM_BPS:
716 			case L2TP_AVP_MAXIMUM_BPS:
717 			case L2TP_AVP_TX_CONN_SPEED:
718 			case L2TP_AVP_PHY_CHANNEL_ID:
719 			case L2TP_AVP_RX_CONN_SPEED:
720 				if (len-6 < 4) {
721 					ND_PRINT((ndo, "AVP too short"));
722 					break;
723 				}
724 				print_32bits_val(ndo, (const uint32_t *)ptr);
725 				break;
726 			case L2TP_AVP_BEARER_TYPE:
727 				l2tp_bearer_type_print(ndo, (const u_char *)ptr, len-6);
728 				break;
729 			case L2TP_AVP_FRAMING_TYPE:
730 				l2tp_framing_type_print(ndo, (const u_char *)ptr, len-6);
731 				break;
732 			case L2TP_AVP_PACKET_PROC_DELAY:
733 				l2tp_packet_proc_delay_print(ndo);
734 				break;
735 			case L2TP_AVP_PROXY_AUTH_TYPE:
736 				l2tp_proxy_auth_type_print(ndo, (const u_char *)ptr, len-6);
737 				break;
738 			case L2TP_AVP_PROXY_AUTH_ID:
739 				l2tp_proxy_auth_id_print(ndo, (const u_char *)ptr, len-6);
740 				break;
741 			case L2TP_AVP_CALL_ERRORS:
742 				l2tp_call_errors_print(ndo, (const u_char *)ptr, len-6);
743 				break;
744 			case L2TP_AVP_ACCM:
745 				l2tp_accm_print(ndo, (const u_char *)ptr, len-6);
746 				break;
747 			case L2TP_AVP_SEQ_REQUIRED:
748 				break;	/* No Attribute Value */
749 			case L2TP_AVP_PPP_DISCON_CC:
750 				l2tp_ppp_discon_cc_print(ndo, (const u_char *)ptr, len-6);
751 				break;
752 			default:
753 				break;
754 			}
755 		}
756 		ND_PRINT((ndo, ")"));
757 	}
758 
759 	l2tp_avp_print(ndo, dat+len, length-len);
760 	return;
761 
762  trunc:
763 	ND_PRINT((ndo, "|..."));
764 }
765 
766 
767 void
l2tp_print(netdissect_options * ndo,const u_char * dat,u_int length)768 l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length)
769 {
770 	const u_char *ptr = dat;
771 	u_int cnt = 0;			/* total octets consumed */
772 	uint16_t pad;
773 	int flag_t, flag_l, flag_s, flag_o;
774 	uint16_t l2tp_len;
775 
776 	flag_t = flag_l = flag_s = flag_o = FALSE;
777 
778 	ND_TCHECK2(*ptr, 2);	/* Flags & Version */
779 	if ((EXTRACT_16BITS(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2TP) {
780 		ND_PRINT((ndo, " l2tp:"));
781 	} else if ((EXTRACT_16BITS(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2F) {
782 		ND_PRINT((ndo, " l2f:"));
783 		return;		/* nothing to do */
784 	} else {
785 		ND_PRINT((ndo, " Unknown Version, neither L2F(1) nor L2TP(2)"));
786 		return;		/* nothing we can do */
787 	}
788 
789 	ND_PRINT((ndo, "["));
790 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_TYPE) {
791 		flag_t = TRUE;
792 		ND_PRINT((ndo, "T"));
793 	}
794 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_LENGTH) {
795 		flag_l = TRUE;
796 		ND_PRINT((ndo, "L"));
797 	}
798 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_SEQUENCE) {
799 		flag_s = TRUE;
800 		ND_PRINT((ndo, "S"));
801 	}
802 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_OFFSET) {
803 		flag_o = TRUE;
804 		ND_PRINT((ndo, "O"));
805 	}
806 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_PRIORITY)
807 		ND_PRINT((ndo, "P"));
808 	ND_PRINT((ndo, "]"));
809 
810 	ptr += 2;
811 	cnt += 2;
812 
813 	if (flag_l) {
814 		ND_TCHECK2(*ptr, 2);	/* Length */
815 		l2tp_len = EXTRACT_16BITS(ptr);
816 		ptr += 2;
817 		cnt += 2;
818 	} else {
819 		l2tp_len = 0;
820 	}
821 
822 	ND_TCHECK2(*ptr, 2);		/* Tunnel ID */
823 	ND_PRINT((ndo, "(%u/", EXTRACT_16BITS(ptr)));
824 	ptr += 2;
825 	cnt += 2;
826 	ND_TCHECK2(*ptr, 2);		/* Session ID */
827 	ND_PRINT((ndo, "%u)",  EXTRACT_16BITS(ptr)));
828 	ptr += 2;
829 	cnt += 2;
830 
831 	if (flag_s) {
832 		ND_TCHECK2(*ptr, 2);	/* Ns */
833 		ND_PRINT((ndo, "Ns=%u,", EXTRACT_16BITS(ptr)));
834 		ptr += 2;
835 		cnt += 2;
836 		ND_TCHECK2(*ptr, 2);	/* Nr */
837 		ND_PRINT((ndo, "Nr=%u",  EXTRACT_16BITS(ptr)));
838 		ptr += 2;
839 		cnt += 2;
840 	}
841 
842 	if (flag_o) {
843 		ND_TCHECK2(*ptr, 2);	/* Offset Size */
844 		pad =  EXTRACT_16BITS(ptr);
845 		ptr += (2 + pad);
846 		cnt += (2 + pad);
847 	}
848 
849 	if (flag_l) {
850 		if (length < l2tp_len) {
851 			ND_PRINT((ndo, " Length %u larger than packet", l2tp_len));
852 			return;
853 		}
854 		length = l2tp_len;
855 	}
856 	if (length < cnt) {
857 		ND_PRINT((ndo, " Length %u smaller than header length", length));
858 		return;
859 	}
860 	if (flag_t) {
861 		if (!flag_l) {
862 			ND_PRINT((ndo, " No length"));
863 			return;
864 		}
865 		if (length - cnt == 0) {
866 			ND_PRINT((ndo, " ZLB"));
867 		} else {
868 			l2tp_avp_print(ndo, ptr, length - cnt);
869 		}
870 	} else {
871 		ND_PRINT((ndo, " {"));
872 		ppp_print(ndo, ptr, length - cnt);
873 		ND_PRINT((ndo, "}"));
874 	}
875 
876 	return;
877 
878  trunc:
879 	ND_PRINT((ndo, "%s", tstr));
880 }
881