• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 1991, 1993, 1994, 1995, 1996, 1997
3  *      The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that: (1) source code distributions
7  * retain the above copyright notice and this paragraph in its entirety, (2)
8  * distributions including binary code include the above copyright notice and
9  * this paragraph in its entirety in the documentation or other materials
10  * provided with the distribution, and (3) all advertising materials mentioning
11  * features or use of this software display the following acknowledgement:
12  * ``This product includes software developed by the University of California,
13  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14  * the University nor the names of its contributors may be used to endorse
15  * or promote products derived from this software without specific prior
16  * written permission.
17  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20  *
21  * L2TP support contributed by Motonori Shindo (mshindo@mshindo.net)
22  */
23 
24 /* \summary: Layer Two Tunneling Protocol (L2TP) printer */
25 
26 #ifdef HAVE_CONFIG_H
27 #include "config.h"
28 #endif
29 
30 #include <netdissect-stdinc.h>
31 
32 #include "netdissect.h"
33 #include "extract.h"
34 
35 #define L2TP_FLAG_TYPE		0x8000	/* Type (0=Data, 1=Control) */
36 #define L2TP_FLAG_LENGTH	0x4000	/* Length */
37 #define L2TP_FLAG_SEQUENCE	0x0800	/* Sequence */
38 #define L2TP_FLAG_OFFSET	0x0200	/* Offset */
39 #define L2TP_FLAG_PRIORITY	0x0100	/* Priority */
40 
41 #define L2TP_VERSION_MASK	0x000f	/* Version Mask */
42 #define L2TP_VERSION_L2F	0x0001	/* L2F */
43 #define L2TP_VERSION_L2TP	0x0002	/* L2TP */
44 
45 #define L2TP_AVP_HDR_FLAG_MANDATORY	0x8000	/* Mandatory Flag */
46 #define L2TP_AVP_HDR_FLAG_HIDDEN	0x4000	/* Hidden Flag */
47 #define L2TP_AVP_HDR_LEN_MASK		0x03ff	/* Length Mask */
48 
49 #define L2TP_FRAMING_CAP_SYNC_MASK	0x00000001	/* Synchronous */
50 #define L2TP_FRAMING_CAP_ASYNC_MASK	0x00000002	/* Asynchronous */
51 
52 #define L2TP_FRAMING_TYPE_SYNC_MASK	0x00000001	/* Synchronous */
53 #define L2TP_FRAMING_TYPE_ASYNC_MASK	0x00000002	/* Asynchronous */
54 
55 #define L2TP_BEARER_CAP_DIGITAL_MASK	0x00000001	/* Digital */
56 #define L2TP_BEARER_CAP_ANALOG_MASK	0x00000002	/* Analog */
57 
58 #define L2TP_BEARER_TYPE_DIGITAL_MASK	0x00000001	/* Digital */
59 #define L2TP_BEARER_TYPE_ANALOG_MASK	0x00000002	/* Analog */
60 
61 /* Authen Type */
62 #define L2TP_AUTHEN_TYPE_RESERVED	0x0000	/* Reserved */
63 #define L2TP_AUTHEN_TYPE_TEXTUAL	0x0001	/* Textual username/password exchange */
64 #define L2TP_AUTHEN_TYPE_CHAP		0x0002	/* PPP CHAP */
65 #define L2TP_AUTHEN_TYPE_PAP		0x0003	/* PPP PAP */
66 #define L2TP_AUTHEN_TYPE_NO_AUTH	0x0004	/* No Authentication */
67 #define L2TP_AUTHEN_TYPE_MSCHAPv1	0x0005	/* MSCHAPv1 */
68 
69 #define L2TP_PROXY_AUTH_ID_MASK		0x00ff
70 
71 static const char tstr[] = " [|l2tp]";
72 
73 #define	L2TP_MSGTYPE_SCCRQ	1  /* Start-Control-Connection-Request */
74 #define	L2TP_MSGTYPE_SCCRP	2  /* Start-Control-Connection-Reply */
75 #define	L2TP_MSGTYPE_SCCCN	3  /* Start-Control-Connection-Connected */
76 #define	L2TP_MSGTYPE_STOPCCN	4  /* Stop-Control-Connection-Notification */
77 #define	L2TP_MSGTYPE_HELLO	6  /* Hello */
78 #define	L2TP_MSGTYPE_OCRQ	7  /* Outgoing-Call-Request */
79 #define	L2TP_MSGTYPE_OCRP	8  /* Outgoing-Call-Reply */
80 #define	L2TP_MSGTYPE_OCCN	9  /* Outgoing-Call-Connected */
81 #define	L2TP_MSGTYPE_ICRQ	10 /* Incoming-Call-Request */
82 #define	L2TP_MSGTYPE_ICRP	11 /* Incoming-Call-Reply */
83 #define	L2TP_MSGTYPE_ICCN	12 /* Incoming-Call-Connected */
84 #define	L2TP_MSGTYPE_CDN	14 /* Call-Disconnect-Notify */
85 #define	L2TP_MSGTYPE_WEN	15 /* WAN-Error-Notify */
86 #define	L2TP_MSGTYPE_SLI	16 /* Set-Link-Info */
87 
88 static const struct tok l2tp_msgtype2str[] = {
89 	{ L2TP_MSGTYPE_SCCRQ, 	"SCCRQ" },
90 	{ L2TP_MSGTYPE_SCCRP,	"SCCRP" },
91 	{ L2TP_MSGTYPE_SCCCN,	"SCCCN" },
92 	{ L2TP_MSGTYPE_STOPCCN,	"StopCCN" },
93 	{ L2TP_MSGTYPE_HELLO,	"HELLO" },
94 	{ L2TP_MSGTYPE_OCRQ,	"OCRQ" },
95 	{ L2TP_MSGTYPE_OCRP,	"OCRP" },
96 	{ L2TP_MSGTYPE_OCCN,	"OCCN" },
97 	{ L2TP_MSGTYPE_ICRQ,	"ICRQ" },
98 	{ L2TP_MSGTYPE_ICRP,	"ICRP" },
99 	{ L2TP_MSGTYPE_ICCN,	"ICCN" },
100 	{ L2TP_MSGTYPE_CDN,	"CDN" },
101 	{ L2TP_MSGTYPE_WEN,	"WEN" },
102 	{ L2TP_MSGTYPE_SLI,	"SLI" },
103 	{ 0,			NULL }
104 };
105 
106 #define L2TP_AVP_MSGTYPE		0  /* Message Type */
107 #define L2TP_AVP_RESULT_CODE		1  /* Result Code */
108 #define L2TP_AVP_PROTO_VER		2  /* Protocol Version */
109 #define L2TP_AVP_FRAMING_CAP		3  /* Framing Capabilities */
110 #define L2TP_AVP_BEARER_CAP		4  /* Bearer Capabilities */
111 #define L2TP_AVP_TIE_BREAKER		5  /* Tie Breaker */
112 #define L2TP_AVP_FIRM_VER		6  /* Firmware Revision */
113 #define L2TP_AVP_HOST_NAME		7  /* Host Name */
114 #define L2TP_AVP_VENDOR_NAME		8  /* Vendor Name */
115 #define L2TP_AVP_ASSND_TUN_ID 		9  /* Assigned Tunnel ID */
116 #define L2TP_AVP_RECV_WIN_SIZE		10 /* Receive Window Size */
117 #define L2TP_AVP_CHALLENGE		11 /* Challenge */
118 #define L2TP_AVP_Q931_CC		12 /* Q.931 Cause Code */
119 #define L2TP_AVP_CHALLENGE_RESP		13 /* Challenge Response */
120 #define L2TP_AVP_ASSND_SESS_ID  	14 /* Assigned Session ID */
121 #define L2TP_AVP_CALL_SER_NUM 		15 /* Call Serial Number */
122 #define L2TP_AVP_MINIMUM_BPS		16 /* Minimum BPS */
123 #define L2TP_AVP_MAXIMUM_BPS		17 /* Maximum BPS */
124 #define L2TP_AVP_BEARER_TYPE		18 /* Bearer Type */
125 #define L2TP_AVP_FRAMING_TYPE 		19 /* Framing Type */
126 #define L2TP_AVP_PACKET_PROC_DELAY	20 /* Packet Processing Delay (OBSOLETE) */
127 #define L2TP_AVP_CALLED_NUMBER		21 /* Called Number */
128 #define L2TP_AVP_CALLING_NUMBER		22 /* Calling Number */
129 #define L2TP_AVP_SUB_ADDRESS		23 /* Sub-Address */
130 #define L2TP_AVP_TX_CONN_SPEED		24 /* (Tx) Connect Speed */
131 #define L2TP_AVP_PHY_CHANNEL_ID		25 /* Physical Channel ID */
132 #define L2TP_AVP_INI_RECV_LCP		26 /* Initial Received LCP CONFREQ */
133 #define L2TP_AVP_LAST_SENT_LCP		27 /* Last Sent LCP CONFREQ */
134 #define L2TP_AVP_LAST_RECV_LCP		28 /* Last Received LCP CONFREQ */
135 #define L2TP_AVP_PROXY_AUTH_TYPE	29 /* Proxy Authen Type */
136 #define L2TP_AVP_PROXY_AUTH_NAME	30 /* Proxy Authen Name */
137 #define L2TP_AVP_PROXY_AUTH_CHAL	31 /* Proxy Authen Challenge */
138 #define L2TP_AVP_PROXY_AUTH_ID		32 /* Proxy Authen ID */
139 #define L2TP_AVP_PROXY_AUTH_RESP	33 /* Proxy Authen Response */
140 #define L2TP_AVP_CALL_ERRORS		34 /* Call Errors */
141 #define L2TP_AVP_ACCM			35 /* ACCM */
142 #define L2TP_AVP_RANDOM_VECTOR		36 /* Random Vector */
143 #define L2TP_AVP_PRIVATE_GRP_ID		37 /* Private Group ID */
144 #define L2TP_AVP_RX_CONN_SPEED		38 /* (Rx) Connect Speed */
145 #define L2TP_AVP_SEQ_REQUIRED 		39 /* Sequencing Required */
146 #define L2TP_AVP_PPP_DISCON_CC		46 /* PPP Disconnect Cause Code */
147 
148 static const struct tok l2tp_avp2str[] = {
149 	{ L2TP_AVP_MSGTYPE,		"MSGTYPE" },
150 	{ L2TP_AVP_RESULT_CODE,		"RESULT_CODE" },
151 	{ L2TP_AVP_PROTO_VER,		"PROTO_VER" },
152 	{ L2TP_AVP_FRAMING_CAP,		"FRAMING_CAP" },
153 	{ L2TP_AVP_BEARER_CAP,		"BEARER_CAP" },
154 	{ L2TP_AVP_TIE_BREAKER,		"TIE_BREAKER" },
155 	{ L2TP_AVP_FIRM_VER,		"FIRM_VER" },
156 	{ L2TP_AVP_HOST_NAME,		"HOST_NAME" },
157 	{ L2TP_AVP_VENDOR_NAME,		"VENDOR_NAME" },
158 	{ L2TP_AVP_ASSND_TUN_ID,	"ASSND_TUN_ID" },
159 	{ L2TP_AVP_RECV_WIN_SIZE,	"RECV_WIN_SIZE" },
160 	{ L2TP_AVP_CHALLENGE,		"CHALLENGE" },
161 	{ L2TP_AVP_Q931_CC,		"Q931_CC", },
162 	{ L2TP_AVP_CHALLENGE_RESP,	"CHALLENGE_RESP" },
163 	{ L2TP_AVP_ASSND_SESS_ID,	"ASSND_SESS_ID" },
164 	{ L2TP_AVP_CALL_SER_NUM,	"CALL_SER_NUM" },
165 	{ L2TP_AVP_MINIMUM_BPS,		"MINIMUM_BPS" },
166 	{ L2TP_AVP_MAXIMUM_BPS,		"MAXIMUM_BPS" },
167 	{ L2TP_AVP_BEARER_TYPE,		"BEARER_TYPE" },
168 	{ L2TP_AVP_FRAMING_TYPE,	"FRAMING_TYPE" },
169 	{ L2TP_AVP_PACKET_PROC_DELAY,	"PACKET_PROC_DELAY" },
170 	{ L2TP_AVP_CALLED_NUMBER,	"CALLED_NUMBER" },
171 	{ L2TP_AVP_CALLING_NUMBER,	"CALLING_NUMBER" },
172 	{ L2TP_AVP_SUB_ADDRESS,		"SUB_ADDRESS" },
173 	{ L2TP_AVP_TX_CONN_SPEED,	"TX_CONN_SPEED" },
174 	{ L2TP_AVP_PHY_CHANNEL_ID,	"PHY_CHANNEL_ID" },
175 	{ L2TP_AVP_INI_RECV_LCP,	"INI_RECV_LCP" },
176 	{ L2TP_AVP_LAST_SENT_LCP,	"LAST_SENT_LCP" },
177 	{ L2TP_AVP_LAST_RECV_LCP,	"LAST_RECV_LCP" },
178 	{ L2TP_AVP_PROXY_AUTH_TYPE,	"PROXY_AUTH_TYPE" },
179 	{ L2TP_AVP_PROXY_AUTH_NAME,	"PROXY_AUTH_NAME" },
180 	{ L2TP_AVP_PROXY_AUTH_CHAL,	"PROXY_AUTH_CHAL" },
181 	{ L2TP_AVP_PROXY_AUTH_ID,	"PROXY_AUTH_ID" },
182 	{ L2TP_AVP_PROXY_AUTH_RESP,	"PROXY_AUTH_RESP" },
183 	{ L2TP_AVP_CALL_ERRORS,		"CALL_ERRORS" },
184 	{ L2TP_AVP_ACCM,		"ACCM" },
185 	{ L2TP_AVP_RANDOM_VECTOR,	"RANDOM_VECTOR" },
186 	{ L2TP_AVP_PRIVATE_GRP_ID,	"PRIVATE_GRP_ID" },
187 	{ L2TP_AVP_RX_CONN_SPEED,	"RX_CONN_SPEED" },
188 	{ L2TP_AVP_SEQ_REQUIRED,	"SEQ_REQUIRED" },
189 	{ L2TP_AVP_PPP_DISCON_CC,	"PPP_DISCON_CC" },
190 	{ 0,				NULL }
191 };
192 
193 static const struct tok l2tp_authentype2str[] = {
194 	{ L2TP_AUTHEN_TYPE_RESERVED,	"Reserved" },
195 	{ L2TP_AUTHEN_TYPE_TEXTUAL,	"Textual" },
196 	{ L2TP_AUTHEN_TYPE_CHAP,	"CHAP" },
197 	{ L2TP_AUTHEN_TYPE_PAP,		"PAP" },
198 	{ L2TP_AUTHEN_TYPE_NO_AUTH,	"No Auth" },
199 	{ L2TP_AUTHEN_TYPE_MSCHAPv1,	"MS-CHAPv1" },
200 	{ 0,				NULL }
201 };
202 
203 #define L2TP_PPP_DISCON_CC_DIRECTION_GLOBAL	0
204 #define L2TP_PPP_DISCON_CC_DIRECTION_AT_PEER	1
205 #define L2TP_PPP_DISCON_CC_DIRECTION_AT_LOCAL	2
206 
207 static const struct tok l2tp_cc_direction2str[] = {
208 	{ L2TP_PPP_DISCON_CC_DIRECTION_GLOBAL,	"global error" },
209 	{ L2TP_PPP_DISCON_CC_DIRECTION_AT_PEER,	"at peer" },
210 	{ L2TP_PPP_DISCON_CC_DIRECTION_AT_LOCAL,"at local" },
211 	{ 0,					NULL }
212 };
213 
214 #if 0
215 static char *l2tp_result_code_StopCCN[] = {
216          "Reserved",
217          "General request to clear control connection",
218          "General error--Error Code indicates the problem",
219          "Control channel already exists",
220          "Requester is not authorized to establish a control channel",
221          "The protocol version of the requester is not supported",
222          "Requester is being shut down",
223          "Finite State Machine error"
224 #define L2TP_MAX_RESULT_CODE_STOPCC_INDEX	8
225 };
226 #endif
227 
228 #if 0
229 static char *l2tp_result_code_CDN[] = {
230 	"Reserved",
231 	"Call disconnected due to loss of carrier",
232 	"Call disconnected for the reason indicated in error code",
233 	"Call disconnected for administrative reasons",
234 	"Call failed due to lack of appropriate facilities being " \
235 	"available (temporary condition)",
236 	"Call failed due to lack of appropriate facilities being " \
237 	"available (permanent condition)",
238 	"Invalid destination",
239 	"Call failed due to no carrier detected",
240 	"Call failed due to detection of a busy signal",
241 	"Call failed due to lack of a dial tone",
242 	"Call was not established within time allotted by LAC",
243 	"Call was connected but no appropriate framing was detected"
244 #define L2TP_MAX_RESULT_CODE_CDN_INDEX	12
245 };
246 #endif
247 
248 #if 0
249 static char *l2tp_error_code_general[] = {
250 	"No general error",
251 	"No control connection exists yet for this LAC-LNS pair",
252 	"Length is wrong",
253 	"One of the field values was out of range or " \
254 	"reserved field was non-zero"
255 	"Insufficient resources to handle this operation now",
256 	"The Session ID is invalid in this context",
257 	"A generic vendor-specific error occurred in the LAC",
258 	"Try another"
259 #define L2TP_MAX_ERROR_CODE_GENERAL_INDEX	8
260 };
261 #endif
262 
263 /******************************/
264 /* generic print out routines */
265 /******************************/
266 static void
print_string(netdissect_options * ndo,const u_char * dat,u_int length)267 print_string(netdissect_options *ndo, const u_char *dat, u_int length)
268 {
269 	u_int i;
270 	for (i=0; i<length; i++) {
271 		ND_PRINT((ndo, "%c", *dat++));
272 	}
273 }
274 
275 static void
print_octets(netdissect_options * ndo,const u_char * dat,u_int length)276 print_octets(netdissect_options *ndo, const u_char *dat, u_int length)
277 {
278 	u_int i;
279 	for (i=0; i<length; i++) {
280 		ND_PRINT((ndo, "%02x", *dat++));
281 	}
282 }
283 
284 static void
print_16bits_val(netdissect_options * ndo,const uint16_t * dat)285 print_16bits_val(netdissect_options *ndo, const uint16_t *dat)
286 {
287 	ND_PRINT((ndo, "%u", EXTRACT_16BITS(dat)));
288 }
289 
290 static void
print_32bits_val(netdissect_options * ndo,const uint32_t * dat)291 print_32bits_val(netdissect_options *ndo, const uint32_t *dat)
292 {
293 	ND_PRINT((ndo, "%lu", (u_long)EXTRACT_32BITS(dat)));
294 }
295 
296 /***********************************/
297 /* AVP-specific print out routines */
298 /***********************************/
299 static void
l2tp_msgtype_print(netdissect_options * ndo,const u_char * dat)300 l2tp_msgtype_print(netdissect_options *ndo, const u_char *dat)
301 {
302 	const uint16_t *ptr = (const uint16_t *)dat;
303 
304 	ND_PRINT((ndo, "%s", tok2str(l2tp_msgtype2str, "MSGTYPE-#%u",
305 	    EXTRACT_16BITS(ptr))));
306 }
307 
308 static void
l2tp_result_code_print(netdissect_options * ndo,const u_char * dat,u_int length)309 l2tp_result_code_print(netdissect_options *ndo, const u_char *dat, u_int length)
310 {
311 	const uint16_t *ptr = (const uint16_t *)dat;
312 
313 	ND_PRINT((ndo, "%u", EXTRACT_16BITS(ptr))); ptr++;	/* Result Code */
314 	if (length > 2) {				/* Error Code (opt) */
315 	        ND_PRINT((ndo, "/%u", EXTRACT_16BITS(ptr))); ptr++;
316 	}
317 	if (length > 4) {				/* Error Message (opt) */
318 		ND_PRINT((ndo, " "));
319 		print_string(ndo, (const u_char *)ptr, length - 4);
320 	}
321 }
322 
323 static void
l2tp_proto_ver_print(netdissect_options * ndo,const uint16_t * dat)324 l2tp_proto_ver_print(netdissect_options *ndo, const uint16_t *dat)
325 {
326 	ND_PRINT((ndo, "%u.%u", (EXTRACT_16BITS(dat) >> 8),
327 	    (EXTRACT_16BITS(dat) & 0xff)));
328 }
329 
330 static void
l2tp_framing_cap_print(netdissect_options * ndo,const u_char * dat)331 l2tp_framing_cap_print(netdissect_options *ndo, const u_char *dat)
332 {
333 	const uint32_t *ptr = (const uint32_t *)dat;
334 
335 	if (EXTRACT_32BITS(ptr) &  L2TP_FRAMING_CAP_ASYNC_MASK) {
336 		ND_PRINT((ndo, "A"));
337 	}
338 	if (EXTRACT_32BITS(ptr) &  L2TP_FRAMING_CAP_SYNC_MASK) {
339 		ND_PRINT((ndo, "S"));
340 	}
341 }
342 
343 static void
l2tp_bearer_cap_print(netdissect_options * ndo,const u_char * dat)344 l2tp_bearer_cap_print(netdissect_options *ndo, const u_char *dat)
345 {
346 	const uint32_t *ptr = (const uint32_t *)dat;
347 
348 	if (EXTRACT_32BITS(ptr) &  L2TP_BEARER_CAP_ANALOG_MASK) {
349 		ND_PRINT((ndo, "A"));
350 	}
351 	if (EXTRACT_32BITS(ptr) &  L2TP_BEARER_CAP_DIGITAL_MASK) {
352 		ND_PRINT((ndo, "D"));
353 	}
354 }
355 
356 static void
l2tp_q931_cc_print(netdissect_options * ndo,const u_char * dat,u_int length)357 l2tp_q931_cc_print(netdissect_options *ndo, const u_char *dat, u_int length)
358 {
359 	print_16bits_val(ndo, (const uint16_t *)dat);
360 	ND_PRINT((ndo, ", %02x", dat[2]));
361 	if (length > 3) {
362 		ND_PRINT((ndo, " "));
363 		print_string(ndo, dat+3, length-3);
364 	}
365 }
366 
367 static void
l2tp_bearer_type_print(netdissect_options * ndo,const u_char * dat)368 l2tp_bearer_type_print(netdissect_options *ndo, const u_char *dat)
369 {
370 	const uint32_t *ptr = (const uint32_t *)dat;
371 
372 	if (EXTRACT_32BITS(ptr) &  L2TP_BEARER_TYPE_ANALOG_MASK) {
373 		ND_PRINT((ndo, "A"));
374 	}
375 	if (EXTRACT_32BITS(ptr) &  L2TP_BEARER_TYPE_DIGITAL_MASK) {
376 		ND_PRINT((ndo, "D"));
377 	}
378 }
379 
380 static void
l2tp_framing_type_print(netdissect_options * ndo,const u_char * dat)381 l2tp_framing_type_print(netdissect_options *ndo, const u_char *dat)
382 {
383 	const uint32_t *ptr = (const uint32_t *)dat;
384 
385 	if (EXTRACT_32BITS(ptr) &  L2TP_FRAMING_TYPE_ASYNC_MASK) {
386 		ND_PRINT((ndo, "A"));
387 	}
388 	if (EXTRACT_32BITS(ptr) &  L2TP_FRAMING_TYPE_SYNC_MASK) {
389 		ND_PRINT((ndo, "S"));
390 	}
391 }
392 
393 static void
l2tp_packet_proc_delay_print(netdissect_options * ndo)394 l2tp_packet_proc_delay_print(netdissect_options *ndo)
395 {
396 	ND_PRINT((ndo, "obsolete"));
397 }
398 
399 static void
l2tp_proxy_auth_type_print(netdissect_options * ndo,const u_char * dat)400 l2tp_proxy_auth_type_print(netdissect_options *ndo, const u_char *dat)
401 {
402 	const uint16_t *ptr = (const uint16_t *)dat;
403 
404 	ND_PRINT((ndo, "%s", tok2str(l2tp_authentype2str,
405 			     "AuthType-#%u", EXTRACT_16BITS(ptr))));
406 }
407 
408 static void
l2tp_proxy_auth_id_print(netdissect_options * ndo,const u_char * dat)409 l2tp_proxy_auth_id_print(netdissect_options *ndo, const u_char *dat)
410 {
411 	const uint16_t *ptr = (const uint16_t *)dat;
412 
413 	ND_PRINT((ndo, "%u", EXTRACT_16BITS(ptr) & L2TP_PROXY_AUTH_ID_MASK));
414 }
415 
416 static void
l2tp_call_errors_print(netdissect_options * ndo,const u_char * dat)417 l2tp_call_errors_print(netdissect_options *ndo, const u_char *dat)
418 {
419 	const uint16_t *ptr = (const uint16_t *)dat;
420 	uint16_t val_h, val_l;
421 
422 	ptr++;		/* skip "Reserved" */
423 
424 	val_h = EXTRACT_16BITS(ptr); ptr++;
425 	val_l = EXTRACT_16BITS(ptr); ptr++;
426 	ND_PRINT((ndo, "CRCErr=%u ", (val_h<<16) + val_l));
427 
428 	val_h = EXTRACT_16BITS(ptr); ptr++;
429 	val_l = EXTRACT_16BITS(ptr); ptr++;
430 	ND_PRINT((ndo, "FrameErr=%u ", (val_h<<16) + val_l));
431 
432 	val_h = EXTRACT_16BITS(ptr); ptr++;
433 	val_l = EXTRACT_16BITS(ptr); ptr++;
434 	ND_PRINT((ndo, "HardOver=%u ", (val_h<<16) + val_l));
435 
436 	val_h = EXTRACT_16BITS(ptr); ptr++;
437 	val_l = EXTRACT_16BITS(ptr); ptr++;
438 	ND_PRINT((ndo, "BufOver=%u ", (val_h<<16) + val_l));
439 
440 	val_h = EXTRACT_16BITS(ptr); ptr++;
441 	val_l = EXTRACT_16BITS(ptr); ptr++;
442 	ND_PRINT((ndo, "Timeout=%u ", (val_h<<16) + val_l));
443 
444 	val_h = EXTRACT_16BITS(ptr); ptr++;
445 	val_l = EXTRACT_16BITS(ptr); ptr++;
446 	ND_PRINT((ndo, "AlignErr=%u ", (val_h<<16) + val_l));
447 }
448 
449 static void
l2tp_accm_print(netdissect_options * ndo,const u_char * dat)450 l2tp_accm_print(netdissect_options *ndo, const u_char *dat)
451 {
452 	const uint16_t *ptr = (const uint16_t *)dat;
453 	uint16_t val_h, val_l;
454 
455 	ptr++;		/* skip "Reserved" */
456 
457 	val_h = EXTRACT_16BITS(ptr); ptr++;
458 	val_l = EXTRACT_16BITS(ptr); ptr++;
459 	ND_PRINT((ndo, "send=%08x ", (val_h<<16) + val_l));
460 
461 	val_h = EXTRACT_16BITS(ptr); ptr++;
462 	val_l = EXTRACT_16BITS(ptr); ptr++;
463 	ND_PRINT((ndo, "recv=%08x ", (val_h<<16) + val_l));
464 }
465 
466 static void
l2tp_ppp_discon_cc_print(netdissect_options * ndo,const u_char * dat,u_int length)467 l2tp_ppp_discon_cc_print(netdissect_options *ndo, const u_char *dat, u_int length)
468 {
469 	const uint16_t *ptr = (const uint16_t *)dat;
470 
471 	ND_PRINT((ndo, "%04x, ", EXTRACT_16BITS(ptr))); ptr++;	/* Disconnect Code */
472 	ND_PRINT((ndo, "%04x ",  EXTRACT_16BITS(ptr))); ptr++;	/* Control Protocol Number */
473 	ND_PRINT((ndo, "%s", tok2str(l2tp_cc_direction2str,
474 			     "Direction-#%u", *((const u_char *)ptr++))));
475 
476 	if (length > 5) {
477 		ND_PRINT((ndo, " "));
478 		print_string(ndo, (const u_char *)ptr, length-5);
479 	}
480 }
481 
482 static void
l2tp_avp_print(netdissect_options * ndo,const u_char * dat,int length)483 l2tp_avp_print(netdissect_options *ndo, const u_char *dat, int length)
484 {
485 	u_int len;
486 	const uint16_t *ptr = (const uint16_t *)dat;
487 	uint16_t attr_type;
488 	int hidden = FALSE;
489 
490 	if (length <= 0) {
491 		return;
492 	}
493 
494 	ND_PRINT((ndo, " "));
495 
496 	ND_TCHECK(*ptr);	/* Flags & Length */
497 	len = EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_LEN_MASK;
498 
499 	/* If it is not long enough to contain the header, we'll give up. */
500 	if (len < 6)
501 		goto trunc;
502 
503 	/* If it goes past the end of the remaining length of the packet,
504 	   we'll give up. */
505 	if (len > (u_int)length)
506 		goto trunc;
507 
508 	/* If it goes past the end of the remaining length of the captured
509 	   data, we'll give up. */
510 	ND_TCHECK2(*ptr, len);
511 	/* After this point, no need to worry about truncation */
512 
513 	if (EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_FLAG_MANDATORY) {
514 		ND_PRINT((ndo, "*"));
515 	}
516 	if (EXTRACT_16BITS(ptr) & L2TP_AVP_HDR_FLAG_HIDDEN) {
517 		hidden = TRUE;
518 		ND_PRINT((ndo, "?"));
519 	}
520 	ptr++;
521 
522 	if (EXTRACT_16BITS(ptr)) {
523 		/* Vendor Specific Attribute */
524 	        ND_PRINT((ndo, "VENDOR%04x:", EXTRACT_16BITS(ptr))); ptr++;
525 		ND_PRINT((ndo, "ATTR%04x", EXTRACT_16BITS(ptr))); ptr++;
526 		ND_PRINT((ndo, "("));
527 		print_octets(ndo, (const u_char *)ptr, len-6);
528 		ND_PRINT((ndo, ")"));
529 	} else {
530 		/* IETF-defined Attributes */
531 		ptr++;
532 		attr_type = EXTRACT_16BITS(ptr); ptr++;
533 		ND_PRINT((ndo, "%s", tok2str(l2tp_avp2str, "AVP-#%u", attr_type)));
534 		ND_PRINT((ndo, "("));
535 		if (hidden) {
536 			ND_PRINT((ndo, "???"));
537 		} else {
538 			switch (attr_type) {
539 			case L2TP_AVP_MSGTYPE:
540 				l2tp_msgtype_print(ndo, (const u_char *)ptr);
541 				break;
542 			case L2TP_AVP_RESULT_CODE:
543 				l2tp_result_code_print(ndo, (const u_char *)ptr, len-6);
544 				break;
545 			case L2TP_AVP_PROTO_VER:
546 				l2tp_proto_ver_print(ndo, ptr);
547 				break;
548 			case L2TP_AVP_FRAMING_CAP:
549 				l2tp_framing_cap_print(ndo, (const u_char *)ptr);
550 				break;
551 			case L2TP_AVP_BEARER_CAP:
552 				l2tp_bearer_cap_print(ndo, (const u_char *)ptr);
553 				break;
554 			case L2TP_AVP_TIE_BREAKER:
555 				print_octets(ndo, (const u_char *)ptr, 8);
556 				break;
557 			case L2TP_AVP_FIRM_VER:
558 			case L2TP_AVP_ASSND_TUN_ID:
559 			case L2TP_AVP_RECV_WIN_SIZE:
560 			case L2TP_AVP_ASSND_SESS_ID:
561 				print_16bits_val(ndo, ptr);
562 				break;
563 			case L2TP_AVP_HOST_NAME:
564 			case L2TP_AVP_VENDOR_NAME:
565 			case L2TP_AVP_CALLING_NUMBER:
566 			case L2TP_AVP_CALLED_NUMBER:
567 			case L2TP_AVP_SUB_ADDRESS:
568 			case L2TP_AVP_PROXY_AUTH_NAME:
569 			case L2TP_AVP_PRIVATE_GRP_ID:
570 				print_string(ndo, (const u_char *)ptr, len-6);
571 				break;
572 			case L2TP_AVP_CHALLENGE:
573 			case L2TP_AVP_INI_RECV_LCP:
574 			case L2TP_AVP_LAST_SENT_LCP:
575 			case L2TP_AVP_LAST_RECV_LCP:
576 			case L2TP_AVP_PROXY_AUTH_CHAL:
577 			case L2TP_AVP_PROXY_AUTH_RESP:
578 			case L2TP_AVP_RANDOM_VECTOR:
579 				print_octets(ndo, (const u_char *)ptr, len-6);
580 				break;
581 			case L2TP_AVP_Q931_CC:
582 				l2tp_q931_cc_print(ndo, (const u_char *)ptr, len-6);
583 				break;
584 			case L2TP_AVP_CHALLENGE_RESP:
585 				print_octets(ndo, (const u_char *)ptr, 16);
586 				break;
587 			case L2TP_AVP_CALL_SER_NUM:
588 			case L2TP_AVP_MINIMUM_BPS:
589 			case L2TP_AVP_MAXIMUM_BPS:
590 			case L2TP_AVP_TX_CONN_SPEED:
591 			case L2TP_AVP_PHY_CHANNEL_ID:
592 			case L2TP_AVP_RX_CONN_SPEED:
593 				print_32bits_val(ndo, (const uint32_t *)ptr);
594 				break;
595 			case L2TP_AVP_BEARER_TYPE:
596 				l2tp_bearer_type_print(ndo, (const u_char *)ptr);
597 				break;
598 			case L2TP_AVP_FRAMING_TYPE:
599 				l2tp_framing_type_print(ndo, (const u_char *)ptr);
600 				break;
601 			case L2TP_AVP_PACKET_PROC_DELAY:
602 				l2tp_packet_proc_delay_print(ndo);
603 				break;
604 			case L2TP_AVP_PROXY_AUTH_TYPE:
605 				l2tp_proxy_auth_type_print(ndo, (const u_char *)ptr);
606 				break;
607 			case L2TP_AVP_PROXY_AUTH_ID:
608 				l2tp_proxy_auth_id_print(ndo, (const u_char *)ptr);
609 				break;
610 			case L2TP_AVP_CALL_ERRORS:
611 				l2tp_call_errors_print(ndo, (const u_char *)ptr);
612 				break;
613 			case L2TP_AVP_ACCM:
614 				l2tp_accm_print(ndo, (const u_char *)ptr);
615 				break;
616 			case L2TP_AVP_SEQ_REQUIRED:
617 				break;	/* No Attribute Value */
618 			case L2TP_AVP_PPP_DISCON_CC:
619 				l2tp_ppp_discon_cc_print(ndo, (const u_char *)ptr, len-6);
620 				break;
621 			default:
622 				break;
623 			}
624 		}
625 		ND_PRINT((ndo, ")"));
626 	}
627 
628 	l2tp_avp_print(ndo, dat+len, length-len);
629 	return;
630 
631  trunc:
632 	ND_PRINT((ndo, "|..."));
633 }
634 
635 
636 void
l2tp_print(netdissect_options * ndo,const u_char * dat,u_int length)637 l2tp_print(netdissect_options *ndo, const u_char *dat, u_int length)
638 {
639 	const u_char *ptr = dat;
640 	u_int cnt = 0;			/* total octets consumed */
641 	uint16_t pad;
642 	int flag_t, flag_l, flag_s, flag_o;
643 	uint16_t l2tp_len;
644 
645 	flag_t = flag_l = flag_s = flag_o = FALSE;
646 
647 	ND_TCHECK2(*ptr, 2);	/* Flags & Version */
648 	if ((EXTRACT_16BITS(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2TP) {
649 		ND_PRINT((ndo, " l2tp:"));
650 	} else if ((EXTRACT_16BITS(ptr) & L2TP_VERSION_MASK) == L2TP_VERSION_L2F) {
651 		ND_PRINT((ndo, " l2f:"));
652 		return;		/* nothing to do */
653 	} else {
654 		ND_PRINT((ndo, " Unknown Version, neither L2F(1) nor L2TP(2)"));
655 		return;		/* nothing we can do */
656 	}
657 
658 	ND_PRINT((ndo, "["));
659 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_TYPE) {
660 		flag_t = TRUE;
661 		ND_PRINT((ndo, "T"));
662 	}
663 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_LENGTH) {
664 		flag_l = TRUE;
665 		ND_PRINT((ndo, "L"));
666 	}
667 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_SEQUENCE) {
668 		flag_s = TRUE;
669 		ND_PRINT((ndo, "S"));
670 	}
671 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_OFFSET) {
672 		flag_o = TRUE;
673 		ND_PRINT((ndo, "O"));
674 	}
675 	if (EXTRACT_16BITS(ptr) & L2TP_FLAG_PRIORITY)
676 		ND_PRINT((ndo, "P"));
677 	ND_PRINT((ndo, "]"));
678 
679 	ptr += 2;
680 	cnt += 2;
681 
682 	if (flag_l) {
683 		ND_TCHECK2(*ptr, 2);	/* Length */
684 		l2tp_len = EXTRACT_16BITS(ptr);
685 		ptr += 2;
686 		cnt += 2;
687 	} else {
688 		l2tp_len = 0;
689 	}
690 
691 	ND_TCHECK2(*ptr, 2);		/* Tunnel ID */
692 	ND_PRINT((ndo, "(%u/", EXTRACT_16BITS(ptr)));
693 	ptr += 2;
694 	cnt += 2;
695 	ND_TCHECK2(*ptr, 2);		/* Session ID */
696 	ND_PRINT((ndo, "%u)",  EXTRACT_16BITS(ptr)));
697 	ptr += 2;
698 	cnt += 2;
699 
700 	if (flag_s) {
701 		ND_TCHECK2(*ptr, 2);	/* Ns */
702 		ND_PRINT((ndo, "Ns=%u,", EXTRACT_16BITS(ptr)));
703 		ptr += 2;
704 		cnt += 2;
705 		ND_TCHECK2(*ptr, 2);	/* Nr */
706 		ND_PRINT((ndo, "Nr=%u",  EXTRACT_16BITS(ptr)));
707 		ptr += 2;
708 		cnt += 2;
709 	}
710 
711 	if (flag_o) {
712 		ND_TCHECK2(*ptr, 2);	/* Offset Size */
713 		pad =  EXTRACT_16BITS(ptr);
714 		ptr += (2 + pad);
715 		cnt += (2 + pad);
716 	}
717 
718 	if (flag_l) {
719 		if (length < l2tp_len) {
720 			ND_PRINT((ndo, " Length %u larger than packet", l2tp_len));
721 			return;
722 		}
723 		length = l2tp_len;
724 	}
725 	if (length < cnt) {
726 		ND_PRINT((ndo, " Length %u smaller than header length", length));
727 		return;
728 	}
729 	if (flag_t) {
730 		if (!flag_l) {
731 			ND_PRINT((ndo, " No length"));
732 			return;
733 		}
734 		if (length - cnt == 0) {
735 			ND_PRINT((ndo, " ZLB"));
736 		} else {
737 			l2tp_avp_print(ndo, ptr, length - cnt);
738 		}
739 	} else {
740 		ND_PRINT((ndo, " {"));
741 		ppp_print(ndo, ptr, length - cnt);
742 		ND_PRINT((ndo, "}"));
743 	}
744 
745 	return;
746 
747  trunc:
748 	ND_PRINT((ndo, "%s", tstr));
749 }
750