GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.sbin/npppd/npppd/../l2tp/l2tp_ctrl.c Lines: 0 622 0.0 %
Date: 2017-11-13 Branches: 0 352 0.0 %

Line Branch Exec Source
1
/*	$OpenBSD: l2tp_ctrl.c,v 1.21 2015/12/05 18:43:36 mmcc Exp $	*/
2
3
/*-
4
 * Copyright (c) 2009 Internet Initiative Japan Inc.
5
 * All rights reserved.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted provided that the following conditions
9
 * are met:
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 * 2. Redistributions in binary form must reproduce the above copyright
13
 *    notice, this list of conditions and the following disclaimer in the
14
 *    documentation and/or other materials provided with the distribution.
15
 *
16
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26
 * SUCH DAMAGE.
27
 */
28
/**@file Control connection processing functions for L2TP LNS */
29
/* $Id: l2tp_ctrl.c,v 1.21 2015/12/05 18:43:36 mmcc Exp $ */
30
#include <sys/types.h>
31
#include <sys/time.h>
32
#include <sys/socket.h>
33
#include <netinet/in.h>
34
#include <net/if.h>
35
#include <arpa/inet.h>
36
#include <endian.h>
37
#include <errno.h>
38
#include <event.h>
39
#include <ifaddrs.h>
40
#include <netdb.h>
41
#include <stdarg.h>
42
#include <stddef.h>
43
#include <stdio.h>
44
#include <stdlib.h>
45
#include <string.h>
46
#include <syslog.h>
47
#include <time.h>
48
#include <unistd.h>
49
#include <limits.h>
50
51
#ifdef USE_LIBSOCKUTIL
52
#include <seil/sockfromto.h>
53
#endif
54
55
#include "time_utils.h"
56
#include "ipsec_util.h"
57
#include "bytebuf.h"
58
#include "hash.h"
59
#include "debugutil.h"
60
#include "slist.h"
61
#include "l2tp.h"
62
#include "l2tp_local.h"
63
#include "l2tp_subr.h"
64
#include "net_utils.h"
65
#include "version.h"
66
#include "recvfromto.h"
67
68
#define MINIMUM(a, b)	(((a) < (b)) ? (a) : (b))
69
70
static int                l2tp_ctrl_init (l2tp_ctrl *, l2tpd *, struct sockaddr *, struct sockaddr *, void *);
71
static void               l2tp_ctrl_reload (l2tp_ctrl *);
72
static int                l2tp_ctrl_send_disconnect_notify (l2tp_ctrl *);
73
#if 0
74
static void               l2tp_ctrl_purge_ipsec_sa (l2tp_ctrl *);
75
#endif
76
static void               l2tp_ctrl_timeout (int, short, void *);
77
static int                l2tp_ctrl_resend_una_packets (l2tp_ctrl *);
78
static void               l2tp_ctrl_destroy_all_calls (l2tp_ctrl *);
79
static int                l2tp_ctrl_disconnect_all_calls (l2tp_ctrl *, int);
80
static void               l2tp_ctrl_reset_timeout (l2tp_ctrl *);
81
static inline int         l2tp_ctrl_txwin_size (l2tp_ctrl *);
82
static inline int         l2tp_ctrl_txwin_is_full (l2tp_ctrl *);
83
static int                l2tp_ctrl_recv_SCCRQ (l2tp_ctrl *, u_char *, int, l2tpd *, struct sockaddr *);
84
static int                l2tp_ctrl_send_StopCCN (l2tp_ctrl *, int);
85
static int                l2tp_ctrl_recv_StopCCN (l2tp_ctrl *, u_char *, int);
86
static void               l2tp_ctrl_send_SCCRP (l2tp_ctrl *);
87
static int                l2tp_ctrl_send_HELLO (l2tp_ctrl *);
88
static int                l2tp_ctrl_send_ZLB (l2tp_ctrl *);
89
static inline const char  *l2tp_ctrl_state_string (l2tp_ctrl *);
90
91
#ifdef	L2TP_CTRL_DEBUG
92
#define	L2TP_CTRL_ASSERT(x)	ASSERT(x)
93
#define	L2TP_CTRL_DBG(x)	l2tp_ctrl_log x
94
#else
95
#define	L2TP_CTRL_ASSERT(x)
96
#define	L2TP_CTRL_DBG(x)
97
#endif
98
99
/* Sequence # of l2tp_ctrl ID */
100
static u_int l2tp_ctrl_id_seq = 0;
101
102
#define SEQ_LT(a,b)	((int16_t)((a) - (b)) <  0)
103
#define SEQ_GT(a,b)	((int16_t)((a) - (b)) >  0)
104
105
/**
106
 * Build instance of {@link ::_l2tp_ctrl L2TP LNS control connection}
107
 */
108
l2tp_ctrl *
109
l2tp_ctrl_create(void)
110
{
111
112
	return calloc(1, sizeof(l2tp_ctrl));
113
}
114
115
/**
116
 * initialize and startup of {@link ::_l2tp_ctrl L2TP LNS control connection}
117
 * instance
118
 */
119
static int
120
l2tp_ctrl_init(l2tp_ctrl *_this, l2tpd *_l2tpd, struct sockaddr *peer,
121
    struct sockaddr *sock, void *nat_t_ctx)
122
{
123
	int tunid, i;
124
	bytebuffer *bytebuf;
125
	time_t curr_time;
126
127
	memset(_this, 0, sizeof(l2tp_ctrl));
128
129
	curr_time = get_monosec();
130
	_this->l2tpd = _l2tpd;
131
	_this->state = L2TP_CTRL_STATE_IDLE;
132
	_this->last_snd_ctrl = curr_time;
133
134
	slist_init(&_this->call_list);
135
136
	/* seek a free tunnel ID */
137
	i = 0;
138
	_this->id = ++l2tp_ctrl_id_seq;
139
	for (i = 0, tunid = _this->id; ; i++, tunid++) {
140
		tunid &= 0xffff;
141
		_this->tunnel_id = l2tp_ctrl_id_seq & 0xffff;
142
		if (tunid == 0)
143
			continue;
144
		if (l2tpd_get_ctrl(_l2tpd, tunid) == NULL)
145
			break;
146
		if (i > 80000) {
147
			/* this must be happen, just log it. */
148
			l2tpd_log(_l2tpd, LOG_ERR, "Too many l2tp controls");
149
			return -1;
150
		}
151
	}
152
153
	_this->tunnel_id = tunid;
154
155
	L2TP_CTRL_ASSERT(peer != NULL);
156
	L2TP_CTRL_ASSERT(sock != NULL);
157
	memcpy(&_this->peer, peer, peer->sa_len);
158
	memcpy(&_this->sock, sock, sock->sa_len);
159
160
	/* prepare send buffer */
161
	_this->winsz = L2TPD_DEFAULT_SEND_WINSZ;
162
	if ((_this->snd_buffers = calloc(_this->winsz, sizeof(bytebuffer *)))
163
	    == NULL) {
164
		l2tpd_log(_l2tpd, LOG_ERR,
165
		    "calloc() failed in %s(): %m", __func__);
166
		goto fail;
167
	}
168
	for (i = 0; i < _this->winsz; i++) {
169
		if ((bytebuf = bytebuffer_create(L2TPD_SND_BUFSIZ)) == NULL) {
170
			l2tpd_log(_l2tpd, LOG_ERR,
171
			    "bytebuffer_create() failed in %s(): %m", __func__);
172
			goto fail;
173
		}
174
		_this->snd_buffers[i] = bytebuf;
175
	}
176
	if ((_this->zlb_buffer = bytebuffer_create(sizeof(struct l2tp_header)
177
	    + 128)) == NULL) {
178
		l2tpd_log(_l2tpd, LOG_ERR,
179
		    "bytebuffer_create() failed in %s(): %m", __func__);
180
		goto fail;
181
	}
182
#if defined(USE_LIBSOCKUTIL) || defined(USE_SA_COOKIE)
183
	if (nat_t_ctx != NULL) {
184
		if ((_this->sa_cookie = malloc(
185
		    sizeof(struct in_ipsec_sa_cookie))) != NULL) {
186
			*(struct in_ipsec_sa_cookie *)_this->sa_cookie =
187
			    *(struct in_ipsec_sa_cookie *)nat_t_ctx;
188
		} else {
189
			l2tpd_log(_l2tpd, LOG_ERR,
190
			    "creating sa_cookie failed: %m");
191
			goto fail;
192
		}
193
	}
194
#endif
195
	_this->hello_interval = L2TP_CTRL_DEFAULT_HELLO_INTERVAL;
196
	_this->hello_timeout = L2TP_CTRL_DEFAULT_HELLO_TIMEOUT;
197
	_this->hello_io_time = curr_time;
198
199
	/* initialize timeout timer */
200
	l2tp_ctrl_reset_timeout(_this);
201
202
	/* register l2tp context */
203
	l2tpd_add_ctrl(_l2tpd, _this);
204
	return 0;
205
fail:
206
	l2tp_ctrl_stop(_this, 0);
207
	return -1;
208
}
209
210
/*
211
 * setup {@link ::_l2tp_ctrl L2TP LNS control connection} instance
212
 */
213
static void
214
l2tp_ctrl_reload(l2tp_ctrl *_this)
215
{
216
	_this->data_use_seq = L2TP_CTRL_CONF(_this)->data_use_seq;
217
	if (L2TP_CTRL_CONF(_this)->hello_interval != 0)
218
		_this->hello_interval =  L2TP_CTRL_CONF(_this)->hello_interval;
219
	if (L2TP_CTRL_CONF(_this)->hello_timeout != 0)
220
		_this->hello_timeout = L2TP_CTRL_CONF(_this)->hello_timeout;
221
}
222
223
/*
224
 * free {@link ::_l2tp_ctrl L2TP LNS control connection} instance
225
 */
226
void
227
l2tp_ctrl_destroy(l2tp_ctrl *_this)
228
{
229
	L2TP_CTRL_ASSERT(_this != NULL);
230
#if defined(USE_LIBSOCKUTIL) || defined(USE_SA_COOKIE)
231
	free(_this->sa_cookie);
232
#endif
233
	free(_this);
234
}
235
236
/*
237
 * nortify disconnection to peer
238
 *
239
 * @return 	0: all CDN and StopCCN have been sent.
240
 *		N: if the remaining calls which still not sent CDN exist,
241
 *		   return # of the calls.
242
 *		-1: when try to send of StopCCN failed.
243
 */
244
static int
245
l2tp_ctrl_send_disconnect_notify(l2tp_ctrl *_this)
246
{
247
	int ncalls;
248
249
	L2TP_CTRL_ASSERT(_this != NULL)
250
	L2TP_CTRL_ASSERT(_this->state == L2TP_CTRL_STATE_ESTABLISHED ||
251
	    _this->state == L2TP_CTRL_STATE_CLEANUP_WAIT);
252
253
	/* this control is not actively closing or StopCCN have been sent */
254
	if (_this->active_closing == 0)
255
		return 0;
256
257
	/* Send CDN all Calls */
258
	ncalls = 0;
259
	if (slist_length(&_this->call_list) != 0) {
260
		ncalls = l2tp_ctrl_disconnect_all_calls(_this, 0);
261
		if (ncalls > 0) {
262
			/*
263
			 * Call the function again to check whether the
264
			 * sending window is fulled.  In case ncalls == 0,
265
			 * it means we've sent CDN for all calls.
266
			 */
267
			ncalls = l2tp_ctrl_disconnect_all_calls(_this, 0);
268
		}
269
	}
270
	if (ncalls > 0)
271
		return ncalls;
272
273
	if (l2tp_ctrl_send_StopCCN(_this, _this->active_closing) != 0)
274
		return -1;
275
	_this->active_closing = 0;
276
277
	return 0;
278
}
279
280
/*
281
 * Terminate the control connection
282
 *
283
 * <p>
284
 * please specify an appropriate value to result( >0 ) for
285
 * StopCCN ResultCode AVP, when to sent Active Close (which
286
 * require StopCCN sent).</p>
287
 * <p>
288
 * When the return value of this function is zero, the _this
289
 * is already released. The lt2p_ctrl process that was bound to it
290
 * could not contine.
291
 * When the return value of this function is one, the timer
292
 * is reset.</p>
293
 *
294
 * @return	return 0 if terminate process was completed.
295
 */
296
int
297
l2tp_ctrl_stop(l2tp_ctrl *_this, int result)
298
{
299
	int i;
300
	l2tpd *_l2tpd;
301
302
	L2TP_CTRL_ASSERT(_this != NULL);
303
304
	switch (_this->state) {
305
	case L2TP_CTRL_STATE_ESTABLISHED:
306
		_this->state = L2TP_CTRL_STATE_CLEANUP_WAIT;
307
		if (result > 0) {
308
			_this->active_closing = result;
309
			l2tp_ctrl_send_disconnect_notify(_this);
310
			break;
311
		}
312
		goto cleanup;
313
	default:
314
		l2tp_ctrl_log(_this, LOG_DEBUG, "%s() unexpected state=%s",
315
		    __func__, l2tp_ctrl_state_string(_this));
316
		/* FALLTHROUGH */
317
	case L2TP_CTRL_STATE_WAIT_CTL_CONN:
318
		/* FALLTHROUGH */
319
	case L2TP_CTRL_STATE_CLEANUP_WAIT:
320
cleanup:
321
		if (slist_length(&_this->call_list) != 0) {
322
			if (l2tp_ctrl_disconnect_all_calls(_this, 1) > 0)
323
				break;
324
		}
325
#if 0
326
		if (L2TP_CTRL_CONF(_this)e_ipsec_sa != 0)
327
			l2tp_ctrl_purge_ipsec_sa(_this);
328
#endif
329
330
		l2tp_ctrl_log(_this, LOG_NOTICE, "logtype=Finished");
331
332
		evtimer_del(&_this->ev_timeout);
333
334
		/* free send buffer */
335
		if (_this->snd_buffers != NULL) {
336
			for (i = 0; i < _this->winsz; i++)
337
				bytebuffer_destroy(_this->snd_buffers[i]);
338
			free(_this->snd_buffers);
339
			_this->snd_buffers = NULL;
340
		}
341
		if (_this->zlb_buffer != NULL) {
342
			bytebuffer_destroy(_this->zlb_buffer);
343
			_this->zlb_buffer = NULL;
344
		}
345
346
		/* free l2tp_call */
347
		l2tp_ctrl_destroy_all_calls(_this);
348
		slist_fini(&_this->call_list);
349
350
		l2tpd_remove_ctrl(_this->l2tpd, _this->tunnel_id);
351
352
		_l2tpd = _this->l2tpd;
353
		l2tp_ctrl_destroy(_this);
354
355
		l2tpd_ctrl_finished_notify(_l2tpd);
356
		return 0;	/* stopped */
357
	}
358
	l2tp_ctrl_reset_timeout(_this);
359
360
	return 1;
361
}
362
363
#if 0
364
/** Delete the IPsec SA for disconnection */
365
static void
366
l2tp_ctrl_purge_ipsec_sa(l2tp_ctrl *_this)
367
{
368
	int is_natt, proto;
369
	struct sockaddr_storage peer, sock;
370
	hash_link *hl;
371
#ifdef USE_LIBSOCKUTIL
372
	struct in_ipsec_sa_cookie *ipsec_sa_cookie;
373
#endif
374
	l2tp_ctrl *anot;
375
376
	/*
377
	 * Search another tunnel that uses the same IPsec SA
378
	 * by lineer.
379
	 */
380
	for (hl = hash_first(_this->l2tpd->ctrl_map);
381
	    hl != NULL; hl = hash_next(_this->l2tpd->ctrl_map)) {
382
		anot = hl->item;
383
		if (anot == _this)
384
			continue;
385
386
		if (_this->peer.ss_family != anot->peer.ss_family)
387
			continue;
388
		if (_this->peer.ss_family == AF_INET) {
389
			if (SIN(&_this->peer)->sin_addr.s_addr !=
390
			    SIN(&anot->peer)->sin_addr.s_addr)
391
				continue;
392
		} else if (_this->peer.ss_family == AF_INET6) {
393
			if (!IN6_ARE_ADDR_EQUAL(
394
			    &(SIN6(&_this->peer)->sin6_addr),
395
			    &(SIN6(&anot->peer)->sin6_addr)))
396
				continue;
397
		}
398
#ifdef USE_LIBSOCKUTIL
399
		if (_this->sa_cookie != NULL && anot->sa_cookie != NULL) {
400
			/* Both tunnels belong the same NAT box.  */
401
402
			if (memcmp(_this->sa_cookie, anot->sa_cookie,
403
			    sizeof(struct in_ipsec_sa_cookie)) != 0)
404
				/* Different hosts behind the NAT box.  */
405
				continue;
406
407
			/* The SA is shared by another tunnels by one host. */
408
			return;	/* don't purge the sa */
409
410
		} else if (_this->sa_cookie != NULL || anot->sa_cookie != NULL)
411
			/* Only one is behind the NAT */
412
			continue;
413
#endif
414
		return;	/* don't purge the sa */
415
	}
416
417
#if defined(USE_LIBSOCKUTIL)  && defined(IP_IPSEC_SA_COOKIE)
418
	is_natt = (_this->sa_cookie != NULL)? 1 : 0;
419
#else
420
	is_natt = 0;
421
#endif
422
	proto = 0;
423
	memcpy(&peer, &_this->peer, _this->peer.ss_len);
424
	memcpy(&sock, &_this->sock, _this->sock.ss_len);
425
	if (!is_natt)
426
		SIN(&peer)->sin_port = SIN(&sock)->sin_port = 0;
427
#if defined(USE_LIBSOCKUTIL)  && defined(IP_IPSEC_SA_COOKIE)
428
	else {
429
		ipsec_sa_cookie = _this->sa_cookie;
430
		SIN(&peer)->sin_port = ipsec_sa_cookie->remote_port;
431
		SIN(&sock)->sin_port = ipsec_sa_cookie->local_port;
432
#if 1
433
		/*
434
		 * XXX: As RFC 2367, protocol sould be specified if the port
435
		 * XXX: number is non-zero.
436
		 */
437
		proto = 0;
438
#else
439
		proto = IPPROTO_UDP;
440
#endif
441
	}
442
#endif
443
	if (ipsec_util_purge_transport_sa((struct sockaddr *)&peer,
444
	    (struct sockaddr *)&sock, proto, IPSEC_UTIL_DIRECTION_BOTH) != 0)
445
		l2tp_ctrl_log(_this, LOG_NOTICE, "failed to purge IPSec SA");
446
}
447
#endif
448
449
/* timeout processing */
450
static void
451
l2tp_ctrl_timeout(int fd, short evtype, void *ctx)
452
{
453
	int next_timeout, need_resend;
454
	time_t curr_time;
455
	l2tp_ctrl *_this;
456
	l2tp_call *call;
457
458
	/*
459
	 * the timer must be reset, when leave this function.
460
	 * MEMO: l2tp_ctrl_stop() will reset the timer in it.
461
	 * and please remember that the l2tp_ctrl_stop() may free _this.
462
	 */
463
	_this = ctx;
464
	L2TP_CTRL_ASSERT(_this != NULL);
465
466
	curr_time = get_monosec();
467
468
	next_timeout = 2;
469
	need_resend = 0;
470
471
	if (l2tp_ctrl_txwin_size(_this) > 0)  {
472
		if (_this->state == L2TP_CTRL_STATE_ESTABLISHED) {
473
			if (_this->hello_wait_ack != 0) {
474
				/* wait Hello reply */
475
				if (curr_time - _this->hello_io_time >=
476
				    _this->hello_timeout) {
477
					l2tp_ctrl_log(_this, LOG_NOTICE,
478
					    "timeout waiting ack for hello "
479
					    "packets.");
480
					l2tp_ctrl_stop(_this,
481
					    L2TP_STOP_CCN_RCODE_GENERAL);
482
					return;
483
				}
484
			}
485
		} else if (curr_time - _this->last_snd_ctrl >=
486
		    L2TP_CTRL_CTRL_PKT_TIMEOUT) {
487
			l2tp_ctrl_log(_this, LOG_NOTICE,
488
			    "timeout waiting ack for ctrl packets.");
489
			l2tp_ctrl_stop(_this,
490
			    L2TP_STOP_CCN_RCODE_GENERAL);
491
			return;
492
		}
493
		need_resend = 1;
494
	} else {
495
		for (slist_itr_first(&_this->call_list);
496
		    slist_itr_has_next(&_this->call_list);) {
497
			call = slist_itr_next(&_this->call_list);
498
			if (call->state == L2TP_CALL_STATE_CLEANUP_WAIT) {
499
				l2tp_call_destroy(call, 1);
500
				slist_itr_remove(&_this->call_list);
501
			}
502
		}
503
	}
504
505
	switch (_this->state) {
506
	case L2TP_CTRL_STATE_IDLE:
507
		/*
508
		 * idle:
509
		 * XXX: never happen in current implementation
510
		 */
511
		l2tp_ctrl_log(_this, LOG_ERR,
512
		    "Internal error, timeout on illegal state=idle");
513
		l2tp_ctrl_stop(_this, L2TP_STOP_CCN_RCODE_GENERAL);
514
		break;
515
	case L2TP_CTRL_STATE_WAIT_CTL_CONN:
516
		/*
517
		 * wait-ctrl-conn:
518
		 * 	if there is no ack for SCCRP, the peer will
519
		 * 	resend SCCRQ. however this implementation can
520
		 *	not recognize that the SCCRQ was resent or not.
521
		 *	Therefore, never resent from this side.
522
		 */
523
		need_resend = 0;
524
		break;
525
	case L2TP_CTRL_STATE_ESTABLISHED:
526
		if (slist_length(&_this->call_list) == 0 &&
527
		    curr_time - _this->last_snd_ctrl >=
528
			    L2TP_CTRL_WAIT_CALL_TIMEOUT) {
529
			if (_this->ncalls == 0)
530
				/* fail to receive first call */
531
				l2tp_ctrl_log(_this, LOG_WARNING,
532
				    "timeout waiting call");
533
			l2tp_ctrl_stop(_this,
534
			    L2TP_STOP_CCN_RCODE_GENERAL);
535
			return;
536
		}
537
		if (_this->hello_wait_ack == 0 && _this->hello_interval > 0) {
538
			/* send Hello */
539
			if (curr_time - _this->hello_interval >=
540
			    _this->hello_io_time) {
541
				if (l2tp_ctrl_send_HELLO(_this) == 0)
542
					/* success */
543
					_this->hello_wait_ack = 1;
544
				_this->hello_io_time = curr_time;
545
				need_resend = 0;
546
			}
547
		}
548
		break;
549
	case L2TP_CTRL_STATE_CLEANUP_WAIT:
550
		if (curr_time - _this->last_snd_ctrl >=
551
		    L2TP_CTRL_CLEANUP_WAIT_TIME) {
552
			l2tp_ctrl_log(_this, LOG_NOTICE,
553
			    "Cleanup timeout state=%d", _this->state);
554
			l2tp_ctrl_stop(_this, 0);
555
			return;
556
		}
557
		if (_this->active_closing != 0)
558
			l2tp_ctrl_send_disconnect_notify(_this);
559
		break;
560
	default:
561
		l2tp_ctrl_log(_this, LOG_ERR,
562
		    "Internal error, timeout on illegal state=%d",
563
			_this->state);
564
		l2tp_ctrl_stop(_this, L2TP_STOP_CCN_RCODE_GENERAL);
565
		return;
566
	}
567
	/* resend if required */
568
	if (need_resend)
569
		l2tp_ctrl_resend_una_packets(_this);
570
	l2tp_ctrl_reset_timeout(_this);
571
}
572
573
int
574
l2tp_ctrl_send(l2tp_ctrl *_this, const void *msg, int len)
575
{
576
	int rval;
577
578
#ifdef USE_LIBSOCKUTIL
579
	if (_this->sa_cookie != NULL)
580
		rval = sendfromto_nat_t(LISTENER_SOCK(_this), msg, len, 0,
581
		    (struct sockaddr *)&_this->sock,
582
		    (struct sockaddr *)&_this->peer, _this->sa_cookie);
583
	else
584
		rval = sendfromto(LISTENER_SOCK(_this), msg, len, 0,
585
		    (struct sockaddr *)&_this->sock,
586
		    (struct sockaddr *)&_this->peer);
587
#else
588
#ifdef USE_SA_COOKIE
589
	if (_this->sa_cookie != NULL)
590
		rval = sendto_nat_t(LISTENER_SOCK(_this), msg, len, 0,
591
		    (struct sockaddr *)&_this->peer, _this->peer.ss_len,
592
		    _this->sa_cookie);
593
	else
594
#endif
595
	rval = sendto(LISTENER_SOCK(_this), msg, len, 0,
596
	    (struct sockaddr *)&_this->peer, _this->peer.ss_len);
597
#endif
598
	return rval;
599
}
600
601
/* resend una packets */
602
static int
603
l2tp_ctrl_resend_una_packets(l2tp_ctrl *_this)
604
{
605
	uint16_t seq;
606
	bytebuffer *bytebuf;
607
	struct l2tp_header *header;
608
	int nsend;
609
610
	nsend = 0;
611
	for (seq = _this->snd_una; SEQ_LT(seq, _this->snd_nxt); seq++) {
612
		bytebuf = _this->snd_buffers[seq % _this->winsz];
613
		header = bytebuffer_pointer(bytebuf);
614
		header->nr = htons(_this->rcv_nxt);
615
#ifdef L2TP_CTRL_DEBUG
616
		if (debuglevel >= 3) {
617
			l2tp_ctrl_log(_this, DEBUG_LEVEL_3, "RESEND seq=%u",
618
			    ntohs(header->ns));
619
			show_hd(debug_get_debugfp(),
620
			    bytebuffer_pointer(bytebuf),
621
			    bytebuffer_remaining(bytebuf));
622
		}
623
#endif
624
		if (l2tp_ctrl_send(_this, bytebuffer_pointer(bytebuf),
625
		    bytebuffer_remaining(bytebuf)) < 0) {
626
			l2tp_ctrl_log(_this, LOG_ERR,
627
			    "sendto() failed in %s: %m", __func__);
628
			return -1;
629
		}
630
		nsend++;
631
	}
632
	return nsend;
633
}
634
635
/* free all calls */
636
static void
637
l2tp_ctrl_destroy_all_calls(l2tp_ctrl *_this)
638
{
639
	l2tp_call *call;
640
641
	L2TP_CTRL_ASSERT(_this != NULL);
642
643
	while ((call = slist_remove_first(&_this->call_list)) != NULL)
644
		l2tp_call_destroy(call, 1);
645
}
646
647
648
/* disconnect all calls on the control context
649
 * @return return # of calls that is not waiting cleanup.
650
 */
651
static int
652
l2tp_ctrl_disconnect_all_calls(l2tp_ctrl *_this, int drop)
653
{
654
	int i, len, ncalls;
655
	l2tp_call *call;
656
657
	L2TP_CTRL_ASSERT(_this != NULL);
658
659
	ncalls = 0;
660
	len = slist_length(&_this->call_list);
661
	for (i = 0; i < len; i++) {
662
		call = slist_get(&_this->call_list, i);
663
		if (call->state != L2TP_CALL_STATE_CLEANUP_WAIT) {
664
			ncalls++;
665
			if (l2tp_ctrl_txwin_is_full(_this)) {
666
				L2TP_CTRL_DBG((_this, LOG_INFO,
667
				    "Too many calls.  Sending window is not "
668
				    "enough to send CDN to all clients."));
669
				if (drop)
670
					l2tp_call_drop(call);
671
			} else
672
				l2tp_call_admin_disconnect(call);
673
		}
674
	}
675
	return ncalls;
676
}
677
678
/* reset timeout */
679
static void
680
l2tp_ctrl_reset_timeout(l2tp_ctrl *_this)
681
{
682
	int intvl;
683
	struct timeval tv0;
684
685
	L2TP_CTRL_ASSERT(_this != NULL);
686
687
	if (evtimer_initialized(&_this->ev_timeout))
688
		evtimer_del(&_this->ev_timeout);
689
690
	switch (_this->state) {
691
	case L2TP_CTRL_STATE_CLEANUP_WAIT:
692
		intvl = 1;
693
		break;
694
	default:
695
		intvl = 2;
696
		break;
697
	}
698
	tv0.tv_usec = 0;
699
	tv0.tv_sec = intvl;
700
	if (!evtimer_initialized(&_this->ev_timeout))
701
		evtimer_set(&_this->ev_timeout, l2tp_ctrl_timeout, _this);
702
	evtimer_add(&_this->ev_timeout, &tv0);
703
}
704
705
/*
706
 * protocols / send and receive
707
 */
708
/* Receive packet */
709
void
710
l2tp_ctrl_input(l2tpd *_this, int listener_index, struct sockaddr *peer,
711
    struct sockaddr *sock, void *nat_t_ctx, u_char *pkt, int pktlen)
712
{
713
	int i, len, offsiz, reqlen, is_ctrl;
714
	uint16_t mestype;
715
	struct l2tp_avp *avp, *avp0;
716
	l2tp_ctrl *ctrl;
717
	l2tp_call *call;
718
	char buf[L2TP_AVP_MAXSIZ], errmsg[256];
719
	time_t curr_time;
720
	u_char *pkt0;
721
	struct l2tp_header hdr;
722
	char hbuf[NI_MAXHOST + NI_MAXSERV + 16];
723
724
	ctrl = NULL;
725
	curr_time = get_monosec();
726
	pkt0 = pkt;
727
728
	L2TP_CTRL_ASSERT(peer->sa_family == sock->sa_family);
729
	L2TP_CTRL_ASSERT(peer->sa_family == AF_INET ||
730
	    peer->sa_family == AF_INET6)
731
    /*
732
     * Parse L2TP Header
733
     */
734
	memset(&hdr, 0, sizeof(hdr));
735
	if (pktlen < 2) {
736
		snprintf(errmsg, sizeof(errmsg), "a short packet.  "
737
		    "length=%d", pktlen);
738
		goto bad_packet;
739
	}
740
	memcpy(&hdr, pkt, 2);
741
	pkt += 2;
742
	if (hdr.ver != L2TP_HEADER_VERSION_RFC2661) {
743
		/* XXX: only RFC2661 is supported */
744
		snprintf(errmsg, sizeof(errmsg),
745
		    "Unsupported version at header = %d", hdr.ver);
746
		goto bad_packet;
747
	}
748
	is_ctrl = (hdr.t != 0)? 1 : 0;
749
750
	/* calc required length */
751
	reqlen = 6;		/* for Flags, Tunnel-Id, Session-Id field */
752
	if (hdr.l) reqlen += 2;	/* for Length field (opt) */
753
	if (hdr.s) reqlen += 4;	/* for Ns, Nr field (opt) */
754
	if (hdr.o) reqlen += 2;	/* for Offset Size field (opt) */
755
	if (reqlen > pktlen) {
756
		snprintf(errmsg, sizeof(errmsg),
757
		    "a short packet. length=%d", pktlen);
758
		goto bad_packet;
759
	}
760
761
	if (hdr.l != 0) {
762
		GETSHORT(hdr.length, pkt);
763
		if (hdr.length > pktlen) {
764
			snprintf(errmsg, sizeof(errmsg),
765
			    "Actual packet size is smaller than the length "
766
			    "field %d < %d", pktlen, hdr.length);
767
			goto bad_packet;
768
		}
769
		pktlen = hdr.length;	/* remove trailing trash */
770
	}
771
	GETSHORT(hdr.tunnel_id, pkt);
772
	GETSHORT(hdr.session_id, pkt);
773
	if (hdr.s != 0) {
774
		GETSHORT(hdr.ns, pkt);
775
		GETSHORT(hdr.nr, pkt);
776
	}
777
	if (hdr.o != 0) {
778
		GETSHORT(offsiz, pkt);
779
		if (pktlen < offsiz) {
780
			snprintf(errmsg, sizeof(errmsg),
781
			    "offset field is bigger than remaining packet "
782
			    "length %d > %d", offsiz, pktlen);
783
			goto bad_packet;
784
		}
785
		pkt += offsiz;
786
	}
787
	L2TP_CTRL_ASSERT(pkt - pkt0 == reqlen);
788
	pktlen -= (pkt - pkt0);	/* cut down the length of header */
789
790
	ctrl = NULL;
791
	memset(buf, 0, sizeof(buf));
792
	mestype = 0;
793
	avp = NULL;
794
795
	if (is_ctrl) {
796
		avp0 = (struct l2tp_avp *)buf;
797
		avp = avp_find_message_type_avp(avp0, pkt, pktlen);
798
		if (avp != NULL)
799
			mestype = avp->attr_value[0] << 8 | avp->attr_value[1];
800
	}
801
	ctrl = l2tpd_get_ctrl(_this, hdr.tunnel_id);
802
803
	if (ctrl == NULL) {
804
		/* new control */
805
		if (!is_ctrl) {
806
			snprintf(errmsg, sizeof(errmsg),
807
			    "bad data message: tunnelId=%d is not "
808
			    "found.", hdr.tunnel_id);
809
			goto bad_packet;
810
		}
811
		if (mestype != L2TP_AVP_MESSAGE_TYPE_SCCRQ) {
812
			snprintf(errmsg, sizeof(errmsg),
813
			    "bad control message: tunnelId=%d is not "
814
			    "found.  mestype=%s", hdr.tunnel_id,
815
			    avp_mes_type_string(mestype));
816
			goto bad_packet;
817
		}
818
819
		if ((ctrl = l2tp_ctrl_create()) == NULL) {
820
			l2tp_ctrl_log(ctrl, LOG_ERR,
821
			    "l2tp_ctrl_create() failed: %m");
822
			goto fail;
823
		}
824
825
		if (l2tp_ctrl_init(ctrl, _this, peer, sock, nat_t_ctx) != 0) {
826
			l2tp_ctrl_log(ctrl, LOG_ERR,
827
			    "l2tp_ctrl_start() failed: %m");
828
			goto fail;
829
		}
830
831
		ctrl->listener_index = listener_index;
832
		l2tp_ctrl_reload(ctrl);
833
	} else {
834
		/*
835
		 * treat as an error if src address and port is not
836
		 * match. (because it is potentially DoS attach)
837
		 */
838
		int notmatch = 0;
839
840
		if (ctrl->peer.ss_family != peer->sa_family)
841
			notmatch = 1;
842
		else if (peer->sa_family == AF_INET) {
843
			if (SIN(peer)->sin_addr.s_addr !=
844
			    SIN(&ctrl->peer)->sin_addr.s_addr ||
845
			    SIN(peer)->sin_port != SIN(&ctrl->peer)->sin_port)
846
				notmatch = 1;
847
		} else if (peer->sa_family == AF_INET6) {
848
			if (!IN6_ARE_ADDR_EQUAL(&(SIN6(peer)->sin6_addr),
849
				    &(SIN6(&ctrl->peer)->sin6_addr)) ||
850
			    SIN6(peer)->sin6_port !=
851
				    SIN6(&ctrl->peer)->sin6_port)
852
				notmatch = 1;
853
 		}
854
		if (notmatch) {
855
			snprintf(errmsg, sizeof(errmsg),
856
			    "tunnelId=%u is already assigned for %s",
857
			    hdr.tunnel_id, addrport_tostring(
858
				(struct sockaddr *)&ctrl->peer,
859
				ctrl->peer.ss_len, hbuf, sizeof(hbuf)));
860
			goto bad_packet;
861
		}
862
	}
863
	ctrl->last_rcv = curr_time;
864
	call = NULL;
865
	if (hdr.session_id != 0) {
866
		/* search l2tp_call by Session ID */
867
		/* linear search is enough for this purpose */
868
		len = slist_length(&ctrl->call_list);
869
		for (i = 0; i < len; i++) {
870
			call = slist_get(&ctrl->call_list, i);
871
			if (call->session_id == hdr.session_id)
872
				break;
873
			call = NULL;
874
		}
875
	}
876
	if (!is_ctrl) {
877
		int delayed = 0;
878
879
		/* L2TP data */
880
		if (ctrl->state != L2TP_CTRL_STATE_ESTABLISHED) {
881
			l2tp_ctrl_log(ctrl, LOG_WARNING,
882
			    "Received Data packet in '%s'",
883
			    l2tp_ctrl_state_string(ctrl));
884
			goto fail;
885
		}
886
		if (call == NULL) {
887
			l2tp_ctrl_log(ctrl, LOG_WARNING,
888
			    "Received a data packet but it has no call.  "
889
			    "session_id=%u",  hdr.session_id);
890
			goto fail;
891
		}
892
		L2TP_CTRL_DBG((ctrl, DEBUG_LEVEL_2,
893
		    "call=%u RECV   ns=%u nr=%u snd_nxt=%u rcv_nxt=%u len=%d",
894
		    call->id, hdr.ns, hdr.nr, call->snd_nxt, call->rcv_nxt,
895
		    pktlen));
896
		if (call->state != L2TP_CALL_STATE_ESTABLISHED){
897
			l2tp_ctrl_log(ctrl, LOG_WARNING,
898
			    "Received a data packet but call is not "
899
			    "established");
900
			goto fail;
901
		}
902
903
		if (hdr.s != 0) {
904
			if (SEQ_LT(hdr.ns, call->rcv_nxt)) {
905
				if (SEQ_LT(hdr.ns,
906
				    call->rcv_nxt - L2TP_CALL_DELAY_LIMIT)) {
907
					/* sequence number seems to be delayed */
908
					/* XXX: need to log? */
909
					L2TP_CTRL_DBG((ctrl, LOG_DEBUG,
910
					    "receive a out of sequence "
911
					    "data packet: %u < %u.",
912
					    hdr.ns, call->rcv_nxt));
913
					return;
914
				}
915
				delayed = 1;
916
			} else {
917
				call->rcv_nxt = hdr.ns + 1;
918
			}
919
		}
920
921
		l2tp_call_ppp_input(call, pkt, pktlen, delayed);
922
923
		return;
924
	}
925
	if (hdr.s != 0) {
926
		L2TP_CTRL_DBG((ctrl, DEBUG_LEVEL_2,
927
		    "RECV %s ns=%u nr=%u snd_nxt=%u snd_una=%u rcv_nxt=%u "
928
		    "len=%d", (is_ctrl)? "C" : "", hdr.ns, hdr.nr,
929
		    ctrl->snd_nxt, ctrl->snd_una, ctrl->rcv_nxt, pktlen));
930
931
		if (pktlen <= 0)
932
			l2tp_ctrl_log(ctrl, LOG_INFO, "RecvZLB");
933
934
		if (SEQ_GT(hdr.nr, ctrl->snd_una)) {
935
			if (hdr.nr == ctrl->snd_nxt ||
936
			    SEQ_LT(hdr.nr, ctrl->snd_nxt))
937
				ctrl->snd_una = hdr.nr;
938
			else {
939
				l2tp_ctrl_log(ctrl, LOG_INFO,
940
				    "Received message has bad Nr field: "
941
				    "%u < %u.", hdr.ns, ctrl->snd_nxt);
942
				/* XXX Drop with ZLB? */
943
				goto fail;
944
			}
945
		}
946
		if (l2tp_ctrl_txwin_size(ctrl) <= 0) {
947
			/* no waiting ack */
948
			if (ctrl->hello_wait_ack != 0) {
949
				/*
950
				 * Reset Hello state, as an ack for the Hello
951
				 * is recived.
952
				 */
953
				ctrl->hello_wait_ack = 0;
954
				ctrl->hello_io_time = curr_time;
955
			}
956
			switch (ctrl->state) {
957
			case L2TP_CTRL_STATE_CLEANUP_WAIT:
958
				l2tp_ctrl_stop(ctrl, 0);
959
				return;
960
			}
961
		}
962
		if (hdr.ns != ctrl->rcv_nxt) {
963
			/* there are remaining packet */
964
			if (l2tp_ctrl_resend_una_packets(ctrl) <= 0) {
965
				/* resend or sent ZLB */
966
				l2tp_ctrl_send_ZLB(ctrl);
967
			}
968
#ifdef	L2TP_CTRL_DEBUG
969
			if (pktlen != 0) {	/* not ZLB */
970
				L2TP_CTRL_DBG((ctrl, LOG_DEBUG,
971
				    "receive out of sequence %u must be %u.  "
972
				    "mestype=%s", hdr.ns, ctrl->rcv_nxt,
973
				    avp_mes_type_string(mestype)));
974
			}
975
#endif
976
			return;
977
		}
978
		if (pktlen <= 0)
979
			return;		/* ZLB */
980
981
		if (l2tp_ctrl_txwin_is_full(ctrl)) {
982
			L2TP_CTRL_DBG((ctrl, LOG_DEBUG,
983
			    "Received message cannot be handled. "
984
			    "Transmission window is full."));
985
			l2tp_ctrl_send_ZLB(ctrl);
986
			return;
987
		}
988
989
		ctrl->rcv_nxt++;
990
		if (avp == NULL) {
991
			l2tpd_log(_this, LOG_WARNING,
992
			    "bad control message: no message-type AVP.");
993
			goto fail;
994
		}
995
	}
996
997
    /*
998
     * state machine (RFC2661 pp. 56-57)
999
     */
1000
	switch (ctrl->state) {
1001
	case L2TP_CTRL_STATE_IDLE:
1002
		switch (mestype) {
1003
		case L2TP_AVP_MESSAGE_TYPE_SCCRQ:
1004
			if (l2tp_ctrl_recv_SCCRQ(ctrl, pkt, pktlen, _this,
1005
			    peer) == 0) {
1006
				/* acceptable */
1007
				l2tp_ctrl_send_SCCRP(ctrl);
1008
				ctrl->state = L2TP_CTRL_STATE_WAIT_CTL_CONN;
1009
				return;
1010
			}
1011
			/*
1012
			 * in case un-acceptable, it was already processed
1013
			 * at l2tcp_ctrl_recv_SCCRQ
1014
			 */
1015
			return;
1016
		case L2TP_AVP_MESSAGE_TYPE_SCCRP:
1017
			/*
1018
			 * RFC specifies that sent of StopCCN in the state,
1019
			 * However as this implementation only support Passive
1020
			 * open, this packet will not received.
1021
			 */
1022
			/* FALLTHROUGH */
1023
		case L2TP_AVP_MESSAGE_TYPE_SCCCN:
1024
		default:
1025
			break;
1026
		}
1027
		goto fsm_fail;
1028
1029
	case L2TP_CTRL_STATE_WAIT_CTL_CONN:
1030
	    /* Wait-Ctl-Conn */
1031
		switch (mestype) {
1032
		case L2TP_AVP_MESSAGE_TYPE_SCCCN:
1033
			l2tp_ctrl_log(ctrl, LOG_INFO, "RecvSCCN");
1034
			if (l2tp_ctrl_send_ZLB(ctrl) == 0) {
1035
				ctrl->state = L2TP_CTRL_STATE_ESTABLISHED;
1036
			}
1037
			return;
1038
		case L2TP_AVP_MESSAGE_TYPE_StopCCN:
1039
			goto receive_stop_ccn;
1040
		case L2TP_AVP_MESSAGE_TYPE_SCCRQ:
1041
		case L2TP_AVP_MESSAGE_TYPE_SCCRP:
1042
		default:
1043
			break;
1044
		}
1045
		break;	/* fsm_fail */
1046
	case L2TP_CTRL_STATE_ESTABLISHED:
1047
	    /* Established */
1048
		switch (mestype) {
1049
		case L2TP_AVP_MESSAGE_TYPE_SCCCN:
1050
		case L2TP_AVP_MESSAGE_TYPE_SCCRQ:
1051
		case L2TP_AVP_MESSAGE_TYPE_SCCRP:
1052
			break;
1053
receive_stop_ccn:
1054
		case L2TP_AVP_MESSAGE_TYPE_StopCCN:
1055
			if (l2tp_ctrl_recv_StopCCN(ctrl, pkt, pktlen) == 0) {
1056
				if (l2tp_ctrl_resend_una_packets(ctrl) <= 0)
1057
					l2tp_ctrl_send_ZLB(ctrl);
1058
				l2tp_ctrl_stop(ctrl, 0);
1059
				return;
1060
			}
1061
			l2tp_ctrl_log(ctrl, LOG_ERR, "Received bad StopCCN");
1062
			l2tp_ctrl_send_ZLB(ctrl);
1063
			l2tp_ctrl_stop(ctrl, 0);
1064
			return;
1065
1066
		case L2TP_AVP_MESSAGE_TYPE_HELLO:
1067
			if (l2tp_ctrl_resend_una_packets(ctrl) <= 0)
1068
				l2tp_ctrl_send_ZLB(ctrl);
1069
			return;
1070
		case L2TP_AVP_MESSAGE_TYPE_CDN:
1071
		case L2TP_AVP_MESSAGE_TYPE_ICRP:
1072
		case L2TP_AVP_MESSAGE_TYPE_ICCN:
1073
			if (call == NULL) {
1074
				l2tp_ctrl_log(ctrl, LOG_INFO,
1075
				    "Unknown call message: %s",
1076
				    avp_mes_type_string(mestype));
1077
				goto fail;
1078
			}
1079
			/* FALLTHROUGH */
1080
		case L2TP_AVP_MESSAGE_TYPE_ICRQ:
1081
			l2tp_call_recv_packet(ctrl, call, mestype, pkt,
1082
			    pktlen);
1083
			return;
1084
		default:
1085
			break;
1086
		}
1087
		break;	/* fsm_fail */
1088
	case L2TP_CTRL_STATE_CLEANUP_WAIT:
1089
		if (mestype == L2TP_AVP_MESSAGE_TYPE_StopCCN) {
1090
			/*
1091
			 * We left ESTABLISHED state, but the peer sent StopCCN.
1092
			 */
1093
			goto receive_stop_ccn;
1094
		}
1095
		break;	/* fsm_fail */
1096
	}
1097
1098
fsm_fail:
1099
	/* state machine error */
1100
	l2tp_ctrl_log(ctrl, LOG_WARNING, "Received %s in '%s' state",
1101
	    avp_mes_type_string(mestype), l2tp_ctrl_state_string(ctrl));
1102
	l2tp_ctrl_stop(ctrl, L2TP_STOP_CCN_RCODE_FSM_ERROR);
1103
1104
	return;
1105
fail:
1106
	if (ctrl != NULL && mestype != 0) {
1107
		l2tp_ctrl_log(ctrl, LOG_WARNING, "Received %s in '%s' state",
1108
		    avp_mes_type_string(mestype), l2tp_ctrl_state_string(ctrl));
1109
		l2tp_ctrl_stop(ctrl, L2TP_STOP_CCN_RCODE_GENERAL_ERROR);
1110
	}
1111
	return;
1112
1113
bad_packet:
1114
	l2tpd_log(_this, LOG_INFO, "Received from=%s: %s",
1115
	    addrport_tostring(peer, peer->sa_len, hbuf, sizeof(hbuf)), errmsg);
1116
1117
	return;
1118
}
1119
1120
static inline int
1121
l2tp_ctrl_txwin_size(l2tp_ctrl *_this)
1122
{
1123
	uint16_t sz;
1124
1125
	sz = _this->snd_nxt - _this->snd_una;
1126
1127
	L2TP_CTRL_ASSERT(sz <= _this->winsz);
1128
1129
	return sz;
1130
}
1131
1132
static inline int
1133
l2tp_ctrl_txwin_is_full(l2tp_ctrl *_this)
1134
{
1135
	return (l2tp_ctrl_txwin_size(_this) >= _this->winsz)? 1 : 0;
1136
}
1137
1138
/* send control packet */
1139
int
1140
l2tp_ctrl_send_packet(l2tp_ctrl *_this, int call_id, bytebuffer *bytebuf)
1141
{
1142
	struct l2tp_header *hdr;
1143
	int rval;
1144
	time_t curr_time;
1145
1146
	curr_time = get_monosec();
1147
1148
	bytebuffer_flip(bytebuf);
1149
	hdr = (struct l2tp_header *)bytebuffer_pointer(bytebuf);
1150
	memset(hdr, 0, sizeof(*hdr));
1151
1152
	hdr->t = 1;
1153
	hdr->ver = L2TP_HEADER_VERSION_RFC2661;
1154
	hdr->l = 1;
1155
	hdr->length = htons(bytebuffer_remaining(bytebuf));
1156
	hdr->tunnel_id = htons(_this->peer_tunnel_id);
1157
	hdr->session_id = htons(call_id);
1158
1159
	hdr->s = 1;
1160
	hdr->ns = htons(_this->snd_nxt);
1161
	hdr->nr = htons(_this->rcv_nxt);
1162
1163
	if (bytebuffer_remaining(bytebuf) > sizeof(struct l2tp_header))
1164
		/* Not ZLB */
1165
		_this->snd_nxt++;
1166
1167
	L2TP_CTRL_DBG((_this, DEBUG_LEVEL_2,
1168
	    "SEND C ns=%u nr=%u snd_nxt=%u snd_una=%u rcv_nxt=%u ",
1169
	    ntohs(hdr->ns), htons(hdr->nr),
1170
	    _this->snd_nxt, _this->snd_una, _this->rcv_nxt));
1171
1172
	if (L2TP_CTRL_CONF(_this)->ctrl_out_pktdump  != 0) {
1173
		l2tpd_log(_this->l2tpd, LOG_DEBUG,
1174
		    "L2TP Control output packet dump");
1175
		show_hd(debug_get_debugfp(), bytebuffer_pointer(bytebuf),
1176
		    bytebuffer_remaining(bytebuf));
1177
	}
1178
1179
	if ((rval = l2tp_ctrl_send(_this, bytebuffer_pointer(bytebuf),
1180
	    bytebuffer_remaining(bytebuf))) < 0) {
1181
		L2TP_CTRL_DBG((_this, LOG_DEBUG, "sendto() failed: %m"));
1182
	}
1183
1184
	_this->last_snd_ctrl = curr_time;
1185
1186
	return (rval == bytebuffer_remaining(bytebuf))? 0 : 1;
1187
}
1188
1189
/*
1190
 * receiver SCCRQ
1191
 */
1192
static int
1193
l2tp_ctrl_recv_SCCRQ(l2tp_ctrl *_this, u_char *pkt, int pktlen, l2tpd *_l2tpd,
1194
    struct sockaddr *peer)
1195
{
1196
	int avpsz, len, protover, protorev, firmrev, result;
1197
	struct l2tp_avp *avp;
1198
	char host[NI_MAXHOST], serv[NI_MAXSERV];
1199
	char buf[L2TP_AVP_MAXSIZ], emes[256], hostname[256], vendorname[256];
1200
1201
	result = L2TP_STOP_CCN_RCODE_GENERAL_ERROR;
1202
	strlcpy(hostname, "(no hostname)", sizeof(hostname));
1203
	strlcpy(vendorname, "(no vendorname)", sizeof(vendorname));
1204
1205
	firmrev = 0;
1206
	protover = 0;
1207
	protorev = 0;
1208
	avp = (struct l2tp_avp *)buf;
1209
	while (pktlen >= 6 && (avpsz = avp_enum(avp, pkt, pktlen, 1)) > 0) {
1210
		pkt += avpsz;
1211
		pktlen -= avpsz;
1212
		if (avp->vendor_id != 0) {
1213
			L2TP_CTRL_DBG((_this, LOG_DEBUG,
1214
			    "Received a Vendor-specific AVP vendor-id=%d "
1215
			    "type=%d", avp->vendor_id, avp->attr_type));
1216
			continue;
1217
		}
1218
		switch (avp->attr_type) {
1219
		case L2TP_AVP_TYPE_MESSAGE_TYPE:
1220
			AVP_SIZE_CHECK(avp, ==, 8);
1221
			continue;
1222
		case L2TP_AVP_TYPE_PROTOCOL_VERSION:
1223
			AVP_SIZE_CHECK(avp, ==, 8);
1224
			protover = avp->attr_value[0];
1225
			protorev = avp->attr_value[1];
1226
1227
			if (protover != L2TP_RFC2661_VERSION ||
1228
			    protorev != L2TP_RFC2661_REVISION) {
1229
				result = L2TP_STOP_CCN_RCODE_GENERAL_ERROR;
1230
				snprintf(emes, sizeof(emes),
1231
				    "Peer's protocol version is not supported:"
1232
				    " %d.%d", protover, protorev);
1233
				goto not_acceptable;
1234
			}
1235
			continue;
1236
		case L2TP_AVP_TYPE_FRAMING_CAPABILITIES:
1237
			AVP_SIZE_CHECK(avp, ==, 10);
1238
			if ((avp_get_val32(avp) & L2TP_FRAMING_CAP_FLAGS_SYNC)
1239
			    == 0) {
1240
				L2TP_CTRL_DBG((_this, LOG_DEBUG, "Peer doesn't "
1241
				    "support synchronous framing"));
1242
			}
1243
			continue;
1244
		case L2TP_AVP_TYPE_BEARER_CAPABILITIES:
1245
			AVP_SIZE_CHECK(avp, ==, 10);
1246
			continue;
1247
		case L2TP_AVP_TYPE_TIE_BREAKER:
1248
			AVP_SIZE_CHECK(avp, ==, 14);
1249
			/*
1250
			 * As the implementation never send SCCRQ,
1251
			 * the peer is always winner
1252
			 */
1253
			continue;
1254
		case L2TP_AVP_TYPE_FIRMWARE_REVISION:
1255
			AVP_SIZE_CHECK(avp, >=, 6);
1256
			firmrev = avp_get_val16(avp);
1257
			continue;
1258
		case L2TP_AVP_TYPE_HOST_NAME:
1259
			AVP_SIZE_CHECK(avp, >, 4);
1260
			len = MINIMUM(sizeof(hostname) - 1, avp->length - 6);
1261
			memcpy(hostname, avp->attr_value, len);
1262
			hostname[len] = '\0';
1263
			continue;
1264
		case L2TP_AVP_TYPE_VENDOR_NAME:
1265
			AVP_SIZE_CHECK(avp, >, 4);
1266
			len = MINIMUM(sizeof(vendorname) - 1, avp->length - 6);
1267
			memcpy(vendorname, avp->attr_value, len);
1268
			vendorname[len] = '\0';
1269
			continue;
1270
		case L2TP_AVP_TYPE_ASSINGED_TUNNEL_ID:
1271
			AVP_SIZE_CHECK(avp, ==, 8);
1272
			_this->peer_tunnel_id = avp_get_val16(avp);
1273
			continue;
1274
		case L2TP_AVP_TYPE_RECV_WINDOW_SIZE:
1275
			AVP_SIZE_CHECK(avp, ==, 8);
1276
			_this->peer_winsz = avp_get_val16(avp);
1277
			continue;
1278
		}
1279
		if (avp->is_mandatory) {
1280
			l2tp_ctrl_log(_this, LOG_WARNING,
1281
			    "Received AVP (%s/%d) is not supported, but it's "
1282
			    "mandatory", avp_attr_type_string(avp->attr_type),
1283
			    avp->attr_type);
1284
#ifdef L2TP_CTRL_DEBUG
1285
		} else {
1286
			L2TP_CTRL_DBG((_this, LOG_DEBUG,
1287
			    "AVP (%s/%d) is not handled",
1288
			    avp_attr_type_string(avp->attr_type),
1289
			    avp->attr_type));
1290
#endif
1291
		}
1292
	}
1293
	if (getnameinfo((struct sockaddr *)&_this->peer, _this->peer.ss_len,
1294
	    host, sizeof(host), serv, sizeof(serv),
1295
	    NI_NUMERICHOST | NI_NUMERICSERV | NI_DGRAM) != 0) {
1296
		l2tp_ctrl_log(_this, LOG_ERR,
1297
		    "getnameinfo() failed at %s(): %m", __func__);
1298
		strlcpy(host, "error", sizeof(host));
1299
		strlcpy(serv, "error", sizeof(serv));
1300
	}
1301
	l2tp_ctrl_log(_this, LOG_NOTICE, "logtype=Started RecvSCCRQ "
1302
	    "from=%s:%s/udp tunnel_id=%u/%u protocol=%d.%d winsize=%d "
1303
	    "hostname=%s vendor=%s firm=%04X", host, serv, _this->tunnel_id,
1304
	    _this->peer_tunnel_id, protover, protorev, _this->peer_winsz,
1305
	    hostname, vendorname, firmrev);
1306
1307
	return 0;
1308
not_acceptable:
1309
size_check_failed:
1310
	l2tp_ctrl_log(_this, LOG_ERR, "Received bad SCCRQ: %s", emes);
1311
	l2tp_ctrl_stop(_this, result);
1312
1313
	return 1;
1314
}
1315
1316
/*
1317
 * send StopCCN
1318
 */
1319
static int
1320
l2tp_ctrl_send_StopCCN(l2tp_ctrl *_this, int result)
1321
{
1322
	struct l2tp_avp *avp;
1323
	char buf[L2TP_AVP_MAXSIZ];
1324
	bytebuffer *bytebuf;
1325
1326
	if ((bytebuf = l2tp_ctrl_prepare_snd_buffer(_this, 1)) == NULL) {
1327
		l2tp_ctrl_log(_this, LOG_ERR,
1328
		    "sending StopCCN failed: no buffer.");
1329
		return -1;
1330
	}
1331
	avp = (struct l2tp_avp *)buf;
1332
1333
	/* Message Type = StopCCN */
1334
	memset(avp, 0, sizeof(*avp));
1335
	avp->is_mandatory = 1;
1336
	avp->attr_type = L2TP_AVP_TYPE_MESSAGE_TYPE;
1337
	avp_set_val16(avp, L2TP_AVP_MESSAGE_TYPE_StopCCN);
1338
	bytebuf_add_avp(bytebuf, avp, 2);
1339
1340
	/* Assigned Tunnel Id */
1341
	memset(avp, 0, sizeof(*avp));
1342
	avp->is_mandatory = 1;
1343
	avp->attr_type = L2TP_AVP_TYPE_ASSINGED_TUNNEL_ID;
1344
	avp_set_val16(avp, _this->tunnel_id);
1345
	bytebuf_add_avp(bytebuf, avp, 2);
1346
1347
	/* Result Code */
1348
	memset(avp, 0, sizeof(*avp));
1349
	avp->is_mandatory = 1;
1350
	avp->attr_type = L2TP_AVP_TYPE_RESULT_CODE;
1351
	avp_set_val16(avp, result);
1352
	bytebuf_add_avp(bytebuf, avp, 2);
1353
1354
	if (l2tp_ctrl_send_packet(_this, 0, bytebuf) != 0) {
1355
		l2tp_ctrl_log(_this, LOG_ERR, "sending StopCCN failed");
1356
		return - 1;
1357
	}
1358
	l2tp_ctrl_log(_this, LOG_INFO, "SendStopCCN result=%d", result);
1359
1360
	return 0;
1361
}
1362
1363
/*
1364
 * Receiver StopCCN
1365
 */
1366
static int
1367
l2tp_ctrl_recv_StopCCN(l2tp_ctrl *_this, u_char *pkt, int pktlen)
1368
{
1369
	int result, error, avpsz, len;
1370
	uint16_t tunid;
1371
	struct l2tp_avp *avp;
1372
	char buf[L2TP_AVP_MAXSIZ + 16], emes[256], pmes[256];
1373
1374
	result = 0;
1375
	error = 0;
1376
	tunid = 0;
1377
	pmes[0] = '\0';
1378
	avp = (struct l2tp_avp *)buf;
1379
	while (pktlen >= 6 && (avpsz = avp_enum(avp, pkt, pktlen, 1)) > 0) {
1380
		pkt += avpsz;
1381
		pktlen -= avpsz;
1382
		if (avp->vendor_id != 0) {
1383
			L2TP_CTRL_DBG((_this, LOG_DEBUG,
1384
			    "Received a Vendor-specific AVP vendor-id=%d "
1385
			    "type=%d", avp->vendor_id, avp->attr_type));
1386
			continue;
1387
		}
1388
		if (avp->is_hidden != 0) {
1389
			l2tp_ctrl_log(_this, LOG_WARNING,
1390
			    "Received AVP (%s/%d) is hidden.  But we don't "
1391
			    "share secret.",
1392
			    avp_attr_type_string(avp->attr_type),
1393
			    avp->attr_type);
1394
			if (avp->is_mandatory != 0) {
1395
				l2tp_ctrl_stop(_this,
1396
				    L2TP_STOP_CCN_RCODE_GENERAL_ERROR |
1397
				    L2TP_ECODE_UNKNOWN_MANDATORY_AVP);
1398
				return 1;
1399
			}
1400
			continue;
1401
		}
1402
		switch (avp->attr_type) {
1403
		case L2TP_AVP_TYPE_MESSAGE_TYPE:
1404
			AVP_SIZE_CHECK(avp, ==, 8);
1405
			continue;
1406
		case L2TP_AVP_TYPE_RESULT_CODE:
1407
			AVP_SIZE_CHECK(avp, >=, 8);
1408
			result = avp->attr_value[0] << 8 | avp->attr_value[1];
1409
			if (avp->length >= 10) {
1410
				error = avp->attr_value[2] << 8 |
1411
				    avp->attr_value[3];
1412
				len = avp->length - 12;
1413
				if (len > 0) {
1414
					len = MINIMUM(len, sizeof(pmes) - 1);
1415
					memcpy(pmes, &avp->attr_value[4], len);
1416
					pmes[len] = '\0';
1417
				}
1418
			}
1419
			continue;
1420
		case L2TP_AVP_TYPE_ASSINGED_TUNNEL_ID:
1421
			AVP_SIZE_CHECK(avp, ==, 8);
1422
			tunid = avp_get_val16(avp);
1423
			continue;
1424
		default:
1425
			if (avp->is_mandatory != 0) {
1426
				l2tp_ctrl_log(_this, LOG_WARNING,
1427
				    "Received AVP (%s/%d) is not supported, "
1428
				    "but it's mandatory",
1429
				    avp_attr_type_string(avp->attr_type),
1430
				    avp->attr_type);
1431
#ifdef L2TP_CTRL_DEBUG
1432
			} else {
1433
				L2TP_CTRL_DBG((_this, LOG_DEBUG,
1434
				    "AVP (%s/%d) is not handled",
1435
				    avp_attr_type_string(avp->attr_type),
1436
				    avp->attr_type));
1437
#endif
1438
			}
1439
		}
1440
	}
1441
1442
	if (result == L2TP_CDN_RCODE_ERROR_CODE &&
1443
	    error == L2TP_ECODE_NO_RESOURCE) {
1444
		/*
1445
		 * Memo:
1446
		 * This state may be happen in following state.
1447
		 * - lots of connect/disconect by long-running
1448
		 *   windows2000, sometimes it fall to this state.
1449
		 *   Once it fall to here, connection will fail till
1450
		 *   the windows rebooted
1451
		 */
1452
		l2tp_ctrl_log(_this, LOG_WARNING,
1453
		    "Peer indicates \"No Resource\" error.");
1454
	}
1455
1456
	l2tp_ctrl_log(_this, LOG_INFO, "RecvStopCCN result=%s/%u "
1457
	    "error=%s/%u tunnel_id=%u message=\"%s\"",
1458
	    l2tp_stopccn_rcode_string(result), result,
1459
	    l2tp_ecode_string(error), error, tunid, pmes);
1460
1461
	return 0;
1462
1463
size_check_failed:
1464
	l2tp_ctrl_log(_this, LOG_ERR, "Received bad StopCCN: %s", emes);
1465
1466
	return -1;
1467
}
1468
1469
/*
1470
 * send SCCRP
1471
 */
1472
static void
1473
l2tp_ctrl_send_SCCRP(l2tp_ctrl *_this)
1474
{
1475
	int len;
1476
	struct l2tp_avp *avp;
1477
	char buf[L2TP_AVP_MAXSIZ], hbuf[HOST_NAME_MAX+1];
1478
	const char *val;
1479
	bytebuffer *bytebuf;
1480
1481
	if ((bytebuf = l2tp_ctrl_prepare_snd_buffer(_this, 1)) == NULL) {
1482
		l2tp_ctrl_log(_this, LOG_ERR,
1483
		    "sending SCCRP failed: no buffer.");
1484
		return;
1485
	}
1486
	avp = (struct l2tp_avp *)buf;
1487
1488
	/* Message Type = SCCRP */
1489
	memset(avp, 0, sizeof(*avp));
1490
	avp->is_mandatory = 1;
1491
	avp->attr_type = L2TP_AVP_TYPE_MESSAGE_TYPE;
1492
	avp_set_val16(avp, L2TP_AVP_MESSAGE_TYPE_SCCRP);
1493
	bytebuf_add_avp(bytebuf, avp, 2);
1494
1495
	/* Protocol Version = 1.0 */
1496
	memset(avp, 0, sizeof(*avp));
1497
	avp->is_mandatory = 1;
1498
	avp->attr_type = L2TP_AVP_TYPE_PROTOCOL_VERSION;
1499
	avp->attr_value[0] = L2TP_RFC2661_VERSION;
1500
	avp->attr_value[1] = L2TP_RFC2661_REVISION;
1501
	bytebuf_add_avp(bytebuf, avp, 2);
1502
1503
	/* Framing Capability = Async */
1504
	memset(avp, 0, sizeof(*avp));
1505
	avp->is_mandatory = 1;
1506
	avp->attr_type = L2TP_AVP_TYPE_FRAMING_CAPABILITIES;
1507
	avp_set_val32(avp, L2TP_FRAMING_CAP_FLAGS_SYNC);
1508
	bytebuf_add_avp(bytebuf, avp, 4);
1509
1510
	/* Host Name */
1511
	memset(avp, 0, sizeof(*avp));
1512
	avp->is_mandatory = 1;
1513
	avp->attr_type = L2TP_AVP_TYPE_HOST_NAME;
1514
	if ((val = L2TP_CTRL_CONF(_this)->hostname) == NULL) {
1515
		gethostname(hbuf, sizeof(hbuf));
1516
		val = hbuf;
1517
	}
1518
	len = strlen(val);
1519
	memcpy(avp->attr_value, val, len);
1520
	bytebuf_add_avp(bytebuf, avp, len);
1521
1522
	/* Assigned Tunnel Id */
1523
	memset(avp, 0, sizeof(*avp));
1524
	avp->is_mandatory = 1;
1525
	avp->attr_type = L2TP_AVP_TYPE_ASSINGED_TUNNEL_ID;
1526
	avp_set_val16(avp, _this->tunnel_id);
1527
	bytebuf_add_avp(bytebuf, avp, 2);
1528
1529
	/* Bearer Capability
1530
	 * This implementation never act as LAC.
1531
	 *
1532
	memset(avp, 0, sizeof(*avp));
1533
	avp->is_mandatory = 1;
1534
	avp->attr_type = L2TP_AVP_TYPE_BEARER_CAPABILITIES;
1535
	avp_set_val32(avp, 0);
1536
	bytebuf_add_avp(bytebuf, avp, 4);
1537
	 */
1538
1539
	/* Firmware Revision */
1540
	memset(avp, 0, sizeof(*avp));
1541
	avp->is_mandatory = 0;
1542
	avp->attr_type = L2TP_AVP_TYPE_FIRMWARE_REVISION;
1543
	avp->attr_value[0] = MAJOR_VERSION;
1544
	avp->attr_value[1] = MINOR_VERSION;
1545
	bytebuf_add_avp(bytebuf, avp, 2);
1546
1547
	/* Vendor Name */
1548
	if ((val = L2TP_CTRL_CONF(_this)->vendor_name) != NULL) {
1549
		memset(avp, 0, sizeof(*avp));
1550
		avp->is_mandatory = 0;
1551
		avp->attr_type = L2TP_AVP_TYPE_VENDOR_NAME;
1552
1553
		len = strlen(val);
1554
		memcpy(avp->attr_value, val, len);
1555
		bytebuf_add_avp(bytebuf, avp, len);
1556
	}
1557
1558
	/* Window Size */
1559
	memset(avp, 0, sizeof(*avp));
1560
	avp->is_mandatory = 1;
1561
	avp->attr_type = L2TP_AVP_TYPE_RECV_WINDOW_SIZE;
1562
	avp_set_val16(avp, _this->winsz);
1563
	bytebuf_add_avp(bytebuf, avp, 2);
1564
1565
	if ((l2tp_ctrl_send_packet(_this, 0, bytebuf)) != 0) {
1566
		l2tp_ctrl_log(_this, LOG_ERR, "sending SCCRP failed");
1567
		l2tp_ctrl_stop(_this, L2TP_STOP_CCN_RCODE_GENERAL);
1568
		return;
1569
	}
1570
	l2tp_ctrl_log(_this, LOG_INFO, "SendSCCRP");
1571
}
1572
1573
static int
1574
l2tp_ctrl_send_HELLO(l2tp_ctrl *_this)
1575
{
1576
	struct l2tp_avp *avp;
1577
	char buf[L2TP_AVP_MAXSIZ];
1578
	bytebuffer *bytebuf;
1579
1580
	if ((bytebuf = l2tp_ctrl_prepare_snd_buffer(_this, 1)) == NULL) {
1581
		l2tp_ctrl_log(_this, LOG_ERR,
1582
		    "sending SCCRP failed: no buffer.");
1583
		return 1;
1584
	}
1585
	avp = (struct l2tp_avp *)buf;
1586
1587
	/* Message Type = HELLO */
1588
	memset(avp, 0, sizeof(*avp));
1589
	avp->is_mandatory = 1;
1590
	avp->attr_type = L2TP_AVP_TYPE_MESSAGE_TYPE;
1591
	avp_set_val16(avp, L2TP_AVP_MESSAGE_TYPE_HELLO);
1592
	bytebuf_add_avp(bytebuf, avp, 2);
1593
1594
	if ((l2tp_ctrl_send_packet(_this, 0, bytebuf)) != 0) {
1595
		l2tp_ctrl_log(_this, LOG_ERR, "sending HELLO failed");
1596
		l2tp_ctrl_stop(_this, L2TP_STOP_CCN_RCODE_GENERAL);
1597
		return 1;
1598
	}
1599
	l2tp_ctrl_log(_this, LOG_DEBUG, "SendHELLO");
1600
1601
	return 0;
1602
}
1603
1604
/* Send  ZLB */
1605
static int
1606
l2tp_ctrl_send_ZLB(l2tp_ctrl *_this)
1607
{
1608
	int loglevel;
1609
1610
	loglevel = (_this->state == L2TP_CTRL_STATE_ESTABLISHED)
1611
	    ? LOG_DEBUG : LOG_INFO;
1612
	l2tp_ctrl_log(_this, loglevel, "SendZLB");
1613
	bytebuffer_clear(_this->zlb_buffer);
1614
	bytebuffer_put(_this->zlb_buffer, BYTEBUFFER_PUT_DIRECT,
1615
	    sizeof(struct l2tp_header));
1616
1617
	return l2tp_ctrl_send_packet(_this, 0, _this->zlb_buffer);
1618
}
1619
1620
/*
1621
 * Utitlity
1622
 */
1623
1624
/**
1625
 * Prepare send buffer
1626
 * @return return Null when the send buffer exceed Window.
1627
 */
1628
bytebuffer *
1629
l2tp_ctrl_prepare_snd_buffer(l2tp_ctrl *_this, int with_seq)
1630
{
1631
	bytebuffer *bytebuf;
1632
1633
	L2TP_CTRL_ASSERT(_this != NULL);
1634
1635
	if (l2tp_ctrl_txwin_is_full(_this)) {
1636
		l2tp_ctrl_log(_this, LOG_INFO, "sending buffer is full.");
1637
		return NULL;
1638
	}
1639
	bytebuf = _this->snd_buffers[_this->snd_nxt % _this->winsz];
1640
	bytebuffer_clear(bytebuf);
1641
	if (with_seq)
1642
		bytebuffer_put(bytebuf, BYTEBUFFER_PUT_DIRECT,
1643
		    sizeof(struct l2tp_header));
1644
	else
1645
		bytebuffer_put(bytebuf, BYTEBUFFER_PUT_DIRECT,
1646
		    offsetof(struct l2tp_header, ns));
1647
1648
	return bytebuf;
1649
}
1650
1651
/**
1652
 * return current state as strings
1653
 */
1654
static inline const char *
1655
l2tp_ctrl_state_string(l2tp_ctrl *_this)
1656
{
1657
	switch (_this->state) {
1658
	case L2TP_CTRL_STATE_IDLE:		return "idle";
1659
	case L2TP_CTRL_STATE_WAIT_CTL_CONN:	return "wait-ctl-conn";
1660
	case L2TP_CTRL_STATE_WAIT_CTL_REPLY:	return "wait-ctl-reply";
1661
	case L2TP_CTRL_STATE_ESTABLISHED:	return "established";
1662
	case L2TP_CTRL_STATE_CLEANUP_WAIT:	return "cleanup-wait";
1663
	}
1664
	return "unknown";
1665
}
1666
1667
/* logging with the label of the l2tp instance. */
1668
void
1669
l2tp_ctrl_log(l2tp_ctrl *_this, int prio, const char *fmt, ...)
1670
{
1671
	char logbuf[BUFSIZ];
1672
	va_list ap;
1673
1674
	va_start(ap, fmt);
1675
#ifdef	L2TPD_MULTIPLE
1676
	snprintf(logbuf, sizeof(logbuf), "l2tpd id=%u ctrl=%u %s",
1677
	    _this->l2tpd->id, _this->id, fmt);
1678
#else
1679
	snprintf(logbuf, sizeof(logbuf), "l2tpd ctrl=%u %s", _this->id, fmt);
1680
#endif
1681
	vlog_printf(prio, logbuf, ap);
1682
	va_end(ap);
1683
}