• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2009 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 /*
18  * Implementation of L2TP Access Concentrator (RFC 2661). The following code
19  * only handles control packets. Data packets are handled by kernel driver:
20  *  - PX_PROTO_OL2TP (upstream impl.), if it's enabled in kernel
21  *  - or PX_PROTO_OLAC (Android impl.), if upstream implementation is not
22  *    available / not enabled. It will be removed in new Android kernels.
23  */
24 
25 #include <stdbool.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <errno.h>
30 #include <fcntl.h>
31 #include <sys/types.h>
32 #include <sys/socket.h>
33 #include <sys/stat.h>
34 #include <unistd.h>
35 #include <arpa/inet.h>
36 #include <linux/netdevice.h>
37 #include <linux/if_pppox.h>
38 #include <linux/types.h>
39 #include <openssl/md5.h>
40 
41 #include "mtpd.h"
42 
43 /* To avoid unnecessary endianness conversions, tunnels, sessions, attributes,
44  * and values are all accessed in network order. */
45 
46 /* 0 is reserved. We put ACK here just for convenience. */
47 enum l2tp_message {
48     ACK = 0,
49     SCCRQ = 1,
50     SCCRP = 2,
51     SCCCN = 3,
52     STOPCCN = 4,
53     HELLO = 6,
54     OCRQ = 7,
55     OCRP = 8,
56     OCCN = 9,
57     ICRQ = 10,
58     ICRP = 11,
59     ICCN = 12,
60     CDN = 14,
61     WEN = 15,
62     SLI = 16,
63     MESSAGE_MAX = 16,
64 };
65 
66 static char *messages[] = {
67     "ACK", "SCCRQ", "SCCRP", "SCCCN", "STOPCCN", NULL, "HELLO", "OCRQ",
68     "OCRP", "OCCN", "ICRQ", "ICRP", "ICCN", NULL, "CDN", "WEN", "SLI",
69 };
70 
71 /* This is incomplete. Only those we used are listed here. */
72 #define RESULT_CODE             htons(1)
73 #define PROTOCOL_VERSION        htons(2)
74 #define FRAMING_CAPABILITIES    htons(3)
75 #define HOST_NAME               htons(7)
76 #define ASSIGNED_TUNNEL         htons(9)
77 #define WINDOW_SIZE             htons(10)
78 #define CHALLENGE               htons(11)
79 #define CHALLENGE_RESPONSE      htons(13)
80 #define ASSIGNED_SESSION        htons(14)
81 #define CALL_SERIAL_NUMBER      htons(15)
82 #define FRAMING_TYPE            htons(19)
83 #define CONNECT_SPEED           htons(24)
84 #define RANDOM_VECTOR           htons(36)
85 
86 #define MESSAGE_FLAG            0xC802
87 #define MESSAGE_MASK            0xCB0F
88 #define ATTRIBUTE_FLAG(length)  (0x8006 + (length))
89 #define ATTRIBUTE_LENGTH(flag)  (0x03FF & (flag))
90 #define ATTRIBUTE_HIDDEN(flag)  (0x4000 & (flag))
91 
92 #define ACK_SIZE                12
93 #define MESSAGE_HEADER_SIZE     20
94 #define ATTRIBUTE_HEADER_SIZE   6
95 #define MAX_ATTRIBUTE_SIZE      1024
96 
97 static __be16 local_tunnel;
98 static __be16 local_session;
99 static uint16_t local_sequence;
100 static __be16 remote_tunnel;
101 static __be16 remote_session;
102 static uint16_t remote_sequence;
103 
104 static uint16_t state;
105 static int acknowledged;
106 
107 #define RANDOM_DEVICE   "/dev/urandom"
108 #define CHALLENGE_SIZE  32
109 
110 static char *secret;
111 static int secret_length;
112 static uint8_t challenge[CHALLENGE_SIZE];
113 
114 /* According to RFC 2661 page 46, an exponential backoff strategy is required
115  * for retransmission. However, it might waste too much time waiting for IPsec
116  * negotiation. Here we use the same interval to keep things simple. */
117 #define TIMEOUT_INTERVAL 2000
118 
119 #define MAX_PACKET_LENGTH 2048
120 
121 static struct packet {
122     int message;
123     int length;
124     uint8_t buffer[MAX_PACKET_LENGTH] __attribute__((aligned(4)));
125 } incoming, outgoing;
126 
127 struct attribute {
128     uint16_t flag;
129     uint16_t vendor;
130     uint16_t type;
131     uint8_t value[1];
132 } __attribute__((packed));
133 
set_message(uint16_t session,uint16_t message)134 static void set_message(uint16_t session, uint16_t message)
135 {
136     uint16_t *p = (uint16_t *)outgoing.buffer;
137     p[0] = htons(MESSAGE_FLAG);
138     /* p[1] will be filled in send_packet(). */
139     p[2] = remote_tunnel;
140     p[3] = session;
141     p[4] = htons(local_sequence);
142     p[5] = htons(remote_sequence);
143     p[6] = htons(ATTRIBUTE_FLAG(2));
144     p[7] = 0;
145     p[8] = 0;
146     p[9] = htons(message);
147     outgoing.message = message;
148     outgoing.length = MESSAGE_HEADER_SIZE;
149     ++local_sequence;
150 }
151 
add_attribute_raw(uint16_t type,void * value,int size)152 static void add_attribute_raw(uint16_t type, void *value, int size)
153 {
154     struct attribute *p = (struct attribute *)&outgoing.buffer[outgoing.length];
155     p->flag = htons(ATTRIBUTE_FLAG(size));
156     p->vendor = 0;
157     p->type = type;
158     memcpy(&p->value, value, size);
159     outgoing.length += ATTRIBUTE_HEADER_SIZE + size;
160 }
161 
add_attribute_u16(uint16_t attribute,uint16_t value)162 static void add_attribute_u16(uint16_t attribute, uint16_t value)
163 {
164     add_attribute_raw(attribute, &value, sizeof(uint16_t));
165 }
166 
add_attribute_u32(uint16_t attribute,uint32_t value)167 static void add_attribute_u32(uint16_t attribute, uint32_t value)
168 {
169     add_attribute_raw(attribute, &value, sizeof(uint32_t));
170 }
171 
send_packet()172 static void send_packet()
173 {
174     uint16_t *p = (uint16_t *)outgoing.buffer;
175     p[1] = htons(outgoing.length);
176     send(the_socket, outgoing.buffer, outgoing.length, 0);
177     acknowledged = 0;
178 }
179 
send_ack()180 static void send_ack()
181 {
182     uint16_t buffer[6] = {
183         htons(MESSAGE_FLAG), htons(ACK_SIZE), remote_tunnel, 0,
184         htons(local_sequence), htons(remote_sequence),
185     };
186     send(the_socket, buffer, ACK_SIZE, 0);
187 }
188 
recv_packet(uint16_t * session)189 static int recv_packet(uint16_t *session)
190 {
191     uint16_t *p = (uint16_t *)incoming.buffer;
192 
193     incoming.length = recv(the_socket, incoming.buffer, MAX_PACKET_LENGTH, 0);
194     if (incoming.length == -1) {
195         if (errno == EINTR) {
196             return 0;
197         }
198         log_print(FATAL, "Recv() %s", strerror(errno));
199         exit(NETWORK_ERROR);
200     }
201 
202     /* We only handle packets in our tunnel. */
203     if ((incoming.length != ACK_SIZE && incoming.length < MESSAGE_HEADER_SIZE)
204             || (p[0] & htons(MESSAGE_MASK)) != htons(MESSAGE_FLAG) ||
205             ntohs(p[1]) != incoming.length || p[2] != local_tunnel) {
206         return 0;
207     }
208 
209     if (incoming.length == ACK_SIZE) {
210         incoming.message = ACK;
211     } else if (p[6] == htons(ATTRIBUTE_FLAG(2)) && !p[7] && !p[8]) {
212         incoming.message = ntohs(p[9]);
213     } else {
214         return 0;
215     }
216 
217     /* Check if the packet is duplicated and send ACK if necessary. */
218     if ((uint16_t)(ntohs(p[4]) - remote_sequence) > 32767) {
219         if (incoming.message != ACK) {
220             send_ack();
221         }
222         return 0;
223     }
224 
225     if (ntohs(p[5]) == local_sequence) {
226         acknowledged = 1;
227     }
228 
229     /* Our sending and receiving window sizes are both 1. Thus we only handle
230      * this packet if it is their next one and they received our last one. */
231     if (ntohs(p[4]) != remote_sequence || !acknowledged) {
232         return 0;
233     }
234     *session = p[3];
235     if (incoming.message != ACK) {
236         ++remote_sequence;
237     }
238     return 1;
239 }
240 
get_attribute_raw(uint16_t type,void * value,int size)241 static int get_attribute_raw(uint16_t type, void *value, int size)
242 {
243     int offset = MESSAGE_HEADER_SIZE;
244     uint8_t *vector = NULL;
245     int vector_length = 0;
246 
247     while (incoming.length >= offset + ATTRIBUTE_HEADER_SIZE) {
248         struct attribute *p = (struct attribute *)&incoming.buffer[offset];
249         uint16_t flag = ntohs(p->flag);
250         int length = ATTRIBUTE_LENGTH(flag);
251 
252         offset += length;
253         length -= ATTRIBUTE_HEADER_SIZE;
254         if (length < 0 || offset > incoming.length) {
255             break;
256         }
257         if (p->vendor) {
258             continue;
259         }
260         if (p->type != type) {
261             if (p->type == RANDOM_VECTOR && !ATTRIBUTE_HIDDEN(flag)) {
262                 vector = p->value;
263                 vector_length = length;
264             }
265             continue;
266         }
267 
268         if (!ATTRIBUTE_HIDDEN(flag)) {
269             if (size > length) {
270                 size = length;
271             }
272             memcpy(value, p->value, size);
273             return size;
274         }
275 
276         if (!secret || !vector || length < 2) {
277             return 0;
278         } else {
279             uint8_t buffer[MAX_ATTRIBUTE_SIZE];
280             uint8_t hash[MD5_DIGEST_LENGTH];
281             MD5_CTX ctx;
282             int i;
283 
284             MD5_Init(&ctx);
285             MD5_Update(&ctx, &type, sizeof(uint16_t));
286             MD5_Update(&ctx, secret, secret_length);
287             MD5_Update(&ctx, vector, vector_length);
288             MD5_Final(hash, &ctx);
289 
290             for (i = 0; i < length; ++i) {
291                 int j = i % MD5_DIGEST_LENGTH;
292                 if (i && !j) {
293                     MD5_Init(&ctx);
294                     MD5_Update(&ctx, secret, secret_length);
295                     MD5_Update(&ctx, &p->value[i - MD5_DIGEST_LENGTH],
296                         MD5_DIGEST_LENGTH);
297                     MD5_Final(hash, &ctx);
298                 }
299                 buffer[i] = p->value[i] ^ hash[j];
300             }
301 
302             length = buffer[0] << 8 | buffer[1];
303             if (length > i - 2) {
304                 return 0;
305             }
306             if (size > length) {
307                 size = length;
308             }
309             memcpy(value, &buffer[2], size);
310             return size;
311         }
312     }
313     return 0;
314 }
315 
get_attribute_u16(uint16_t type,uint16_t * value)316 static int get_attribute_u16(uint16_t type, uint16_t *value)
317 {
318     return get_attribute_raw(type, value, sizeof(uint16_t)) == sizeof(uint16_t);
319 }
320 
l2tp_connect(char ** arguments)321 static int l2tp_connect(char **arguments)
322 {
323     create_socket(AF_INET, SOCK_DGRAM, arguments[0], arguments[1]);
324 
325     while (!local_tunnel) {
326         local_tunnel = random();
327     }
328 
329     log_print(DEBUG, "Sending SCCRQ (local_tunnel = %u)",
330               (unsigned)ntohs(local_tunnel));
331     state = SCCRQ;
332     set_message(0, SCCRQ);
333     add_attribute_u16(PROTOCOL_VERSION, htons(0x0100));
334     add_attribute_raw(HOST_NAME, "anonymous", 9);
335     add_attribute_u32(FRAMING_CAPABILITIES, htonl(3));
336     add_attribute_u16(ASSIGNED_TUNNEL, local_tunnel);
337     add_attribute_u16(WINDOW_SIZE, htons(1));
338 
339     if (arguments[2][0]) {
340         int fd = open(RANDOM_DEVICE, O_RDONLY);
341         if (fd == -1 || read(fd, challenge, CHALLENGE_SIZE) != CHALLENGE_SIZE) {
342             log_print(FATAL, "Cannot read %s", RANDOM_DEVICE);
343             exit(SYSTEM_ERROR);
344         }
345         close(fd);
346 
347         add_attribute_raw(CHALLENGE, challenge, CHALLENGE_SIZE);
348         secret = arguments[2];
349         secret_length = strlen(arguments[2]);
350     }
351 
352     send_packet();
353     return TIMEOUT_INTERVAL;
354 }
355 
356 /**
357  * Check if upstream kernel implementation of L2TP should be used.
358  *
359  * @return true If upstream L2TP should be used, which is the case if
360  *              the obsolete OLAC feature is not available.
361  */
check_ol2tp(void)362 static bool check_ol2tp(void)
363 {
364     int fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OLAC);
365 
366     if (fd < 0) {
367         return true;
368     } else {
369         close(fd);
370         return false;
371     }
372 }
373 
374 /**
375  * Create OLAC session.
376  *
377  * @deprecated It will be removed soon in favor of upstream OL2TP.
378  *
379  * @return PPPoX socket file descriptor
380  */
create_pppox_olac(void)381 static int create_pppox_olac(void)
382 {
383     int pppox;
384 
385     log_print(WARNING, "Using deprecated OLAC protocol. "
386                        "Its support will be removed soon. "
387                        "Please enable OL2TP support in your kernel");
388 
389     log_print(INFO, "Creating PPPoX socket");
390     pppox = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OLAC);
391 
392     if (pppox == -1) {
393         log_print(FATAL, "Socket() %s", strerror(errno));
394         exit(SYSTEM_ERROR);
395     } else {
396         struct sockaddr_pppolac address = {
397             .sa_family = AF_PPPOX,
398             .sa_protocol = PX_PROTO_OLAC,
399             .udp_socket = the_socket,
400             .local = {.tunnel = local_tunnel, .session = local_session},
401             .remote = {.tunnel = remote_tunnel, .session = remote_session},
402         };
403         if (connect(pppox, (struct sockaddr *)&address, sizeof(address))) {
404             log_print(FATAL, "Connect() %s", strerror(errno));
405             exit(SYSTEM_ERROR);
406         }
407     }
408     return pppox;
409 }
410 
411 /**
412  * Create OL2TP tunnel and session.
413  *
414  * @param[out] tfd Will contain tunnel socket file descriptor
415  * @param[out] sfd Will contain session socket file descriptor
416  */
create_pppox_ol2tp(int * tfd,int * sfd)417 static void create_pppox_ol2tp(int *tfd, int *sfd)
418 {
419     int tunnel_fd;
420     int session_fd;
421     struct sockaddr_pppol2tp tunnel_sa;
422     struct sockaddr_pppol2tp session_sa;
423 
424     log_print(INFO, "Creating PPPoX tunnel socket...");
425     tunnel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
426     if (tunnel_fd < 0) {
427         log_print(FATAL, "Tunnel socket(): %s", strerror(errno));
428         exit(SYSTEM_ERROR);
429     }
430 
431     memset(&tunnel_sa, 0, sizeof(tunnel_sa));
432     tunnel_sa.sa_family = AF_PPPOX;
433     tunnel_sa.sa_protocol = PX_PROTO_OL2TP;
434     tunnel_sa.pppol2tp.fd = the_socket; /* UDP socket */
435     tunnel_sa.pppol2tp.s_tunnel = ntohs(local_tunnel);
436     tunnel_sa.pppol2tp.s_session = 0;   /* special case: mgmt socket */
437     tunnel_sa.pppol2tp.d_tunnel = ntohs(remote_tunnel);
438     tunnel_sa.pppol2tp.d_session = 0;   /* special case: mgmt socket */
439 
440     log_print(INFO, "Connecting to tunnel socket...");
441     if (connect(tunnel_fd, (struct sockaddr *)&tunnel_sa,
442                 sizeof(tunnel_sa))) {
443         log_print(FATAL, "Tunnel connect(): %s", strerror(errno));
444         exit(SYSTEM_ERROR);
445     }
446 
447     log_print(INFO, "Creating PPPoX session socket...");
448     session_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
449     if (session_fd < 0) {
450         log_print(FATAL, "Session socket(): %s", strerror(errno));
451         exit(SYSTEM_ERROR);
452     }
453 
454     memset(&session_sa, 0, sizeof(session_sa));
455     session_sa.sa_family = AF_PPPOX;
456     session_sa.sa_protocol = PX_PROTO_OL2TP;
457     session_sa.pppol2tp.fd = the_socket;
458     session_sa.pppol2tp.s_tunnel = ntohs(local_tunnel);
459     session_sa.pppol2tp.s_session = ntohs(local_session);
460     session_sa.pppol2tp.d_tunnel = ntohs(remote_tunnel);
461     session_sa.pppol2tp.d_session = ntohs(remote_session);
462 
463     log_print(INFO, "Connecting to session socket...");
464     if (connect(session_fd, (struct sockaddr *)&session_sa,
465                 sizeof(session_sa))) {
466         log_print(FATAL, "Session connect(): %s", strerror(errno));
467         exit(SYSTEM_ERROR);
468     }
469 
470     *tfd = tunnel_fd;
471     *sfd = session_fd;
472 }
473 
compute_response(uint8_t type,void * challenge,int size)474 static uint8_t *compute_response(uint8_t type, void *challenge, int size)
475 {
476     static uint8_t response[MD5_DIGEST_LENGTH];
477     MD5_CTX ctx;
478     MD5_Init(&ctx);
479     MD5_Update(&ctx, &type, sizeof(uint8_t));
480     MD5_Update(&ctx, secret, secret_length);
481     MD5_Update(&ctx, challenge, size);
482     MD5_Final(response, &ctx);
483     return response;
484 }
485 
verify_challenge()486 static bool verify_challenge()
487 {
488     if (secret) {
489         uint8_t response[MD5_DIGEST_LENGTH];
490         if (get_attribute_raw(CHALLENGE_RESPONSE, response, MD5_DIGEST_LENGTH)
491                 != MD5_DIGEST_LENGTH) {
492             return false;
493         }
494         return !memcmp(compute_response(SCCRP, challenge, CHALLENGE_SIZE),
495                 response, MD5_DIGEST_LENGTH);
496     }
497     return true;
498 }
499 
answer_challenge()500 static void answer_challenge()
501 {
502     if (secret) {
503         uint8_t challenge[MAX_ATTRIBUTE_SIZE];
504         int size = get_attribute_raw(CHALLENGE, challenge, MAX_ATTRIBUTE_SIZE);
505         if (size > 0) {
506             uint8_t *response = compute_response(SCCCN, challenge, size);
507             add_attribute_raw(CHALLENGE_RESPONSE, response, MD5_DIGEST_LENGTH);
508         }
509     }
510 }
511 
l2tp_process()512 static int l2tp_process()
513 {
514     uint16_t sequence = local_sequence;
515     __be16 tunnel = 0;
516     __be16 session = 0;
517 
518     if (!recv_packet(&session)) {
519         return acknowledged ? 0 : TIMEOUT_INTERVAL;
520     }
521 
522     /* Here is the fun part. We always try to protect our tunnel and session
523      * from being closed even if we received unexpected messages. */
524     switch(incoming.message) {
525         case SCCRP:
526             if (state == SCCRQ) {
527                 if (get_attribute_u16(ASSIGNED_TUNNEL, &tunnel) && tunnel &&
528                         verify_challenge()) {
529                     remote_tunnel = tunnel;
530                     log_print(DEBUG, "Received SCCRP (remote_tunnel = %u) -> "
531                             "Sending SCCCN", (unsigned)ntohs(remote_tunnel));
532                     state = SCCCN;
533                     set_message(0, SCCCN);
534                     answer_challenge();
535                     break;
536                 }
537                 log_print(DEBUG, "Received SCCRP without %s", tunnel ?
538                         "valid challenge response" : "assigned tunnel");
539                 log_print(ERROR, "Protocol error");
540                 return tunnel ? -CHALLENGE_FAILED : -PROTOCOL_ERROR;
541             }
542             break;
543 
544         case ICRP:
545             if (state == ICRQ && session == local_session) {
546                 if (get_attribute_u16(ASSIGNED_SESSION, &session) && session) {
547                     remote_session = session;
548                     log_print(DEBUG, "Received ICRP (remote_session = %u) -> "
549                             "Sending ICCN", (unsigned)ntohs(remote_session));
550                     state = ICCN;
551                     set_message(remote_session, ICCN);
552                     add_attribute_u32(CONNECT_SPEED, htonl(100000000));
553                     add_attribute_u32(FRAMING_TYPE, htonl(3));
554                     break;
555                 }
556                 log_print(DEBUG, "Received ICRP without assigned session");
557                 log_print(ERROR, "Protocol error");
558                 return -PROTOCOL_ERROR;
559             }
560             break;
561 
562         case STOPCCN:
563             log_print(DEBUG, "Received STOPCCN");
564             log_print(INFO, "Remote server hung up");
565             state = STOPCCN;
566             return -REMOTE_REQUESTED;
567 
568         case CDN:
569             if (session && session == local_session) {
570                 log_print(DEBUG, "Received CDN (local_session = %u)",
571                         (unsigned)ntohs(local_session));
572                 log_print(INFO, "Remote server hung up");
573                 return -REMOTE_REQUESTED;
574             }
575             break;
576 
577         case ACK:
578         case HELLO:
579         case WEN:
580         case SLI:
581             /* These are harmless, so we just treat them in the same way. */
582             if (state == SCCCN) {
583                 while (!local_session) {
584                     local_session = random();
585                 }
586                 log_print(DEBUG, "Received %s -> Sending ICRQ (local_session = "
587                         "%u)", messages[incoming.message],
588                         (unsigned)ntohs(local_session));
589                 log_print(INFO, "Tunnel established");
590                 state = ICRQ;
591                 set_message(0, ICRQ);
592                 add_attribute_u16(ASSIGNED_SESSION, local_session);
593                 add_attribute_u32(CALL_SERIAL_NUMBER, random());
594                 break;
595             }
596 
597             if (incoming.message == ACK) {
598                 log_print(DEBUG, "Received ACK");
599             } else {
600                 log_print(DEBUG, "Received %s -> Sending ACK",
601                           messages[incoming.message]);
602                 send_ack();
603             }
604 
605             if (state == ICCN) {
606                 log_print(INFO, "Session established");
607                 state = ACK;
608 
609                 if (check_ol2tp()) {
610                     int tunnel_fd, session_fd;
611 
612                     create_pppox_ol2tp(&tunnel_fd, &session_fd);
613                     start_pppd_ol2tp(tunnel_fd, session_fd,
614                                      ntohs(remote_tunnel),
615                                      ntohs(remote_session));
616                 } else {
617                     start_pppd(create_pppox_olac());
618                 }
619             }
620             return 0;
621 
622         case ICRQ:
623         case OCRQ:
624             /* Since we run pppd as a client, it does not makes sense to
625              * accept ICRQ or OCRQ. Always send CDN with a proper error. */
626             if (get_attribute_u16(ASSIGNED_SESSION, &session) && session) {
627                 log_print(DEBUG, "Received %s (remote_session = %u) -> "
628                         "Sending CDN", messages[incoming.message],
629                         (unsigned)ntohs(session));
630                 set_message(session, CDN);
631                 add_attribute_u32(RESULT_CODE, htonl(0x00020006));
632                 add_attribute_u16(ASSIGNED_SESSION, 0);
633             }
634             break;
635     }
636 
637     if (sequence != local_sequence) {
638         send_packet();
639         return TIMEOUT_INTERVAL;
640     }
641 
642     /* We reach here if we got an unexpected message. Log it and send ACK. */
643     if (incoming.message > MESSAGE_MAX || !messages[incoming.message]) {
644         log_print(DEBUG, "Received UNKNOWN %d -> Sending ACK anyway",
645                 incoming.message);
646     } else {
647         log_print(DEBUG, "Received UNEXPECTED %s -> Sending ACK anyway",
648                 messages[incoming.message]);
649     }
650     send_ack();
651     return 0;
652 }
653 
l2tp_timeout()654 static int l2tp_timeout()
655 {
656     if (acknowledged) {
657         return 0;
658     }
659     log_print(DEBUG, "Timeout -> Sending %s", messages[outgoing.message]);
660     send(the_socket, outgoing.buffer, outgoing.length, 0);
661     return TIMEOUT_INTERVAL;
662 }
663 
l2tp_shutdown()664 static void l2tp_shutdown()
665 {
666     if (state != STOPCCN) {
667         log_print(DEBUG, "Sending STOPCCN");
668         set_message(0, STOPCCN);
669         add_attribute_u16(ASSIGNED_TUNNEL, local_tunnel);
670         add_attribute_u16(RESULT_CODE, htons(6));
671         send_packet();
672     }
673 }
674 
675 struct protocol l2tp = {
676     .name = "l2tp",
677     .arguments = 3,
678     .usage = "<server> <port> <secret>",
679     .connect = l2tp_connect,
680     .process = l2tp_process,
681     .timeout = l2tp_timeout,
682     .shutdown = l2tp_shutdown,
683 };
684