1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-10 03:30:39 +03:00
SoftEtherVPN/src/Cedar/IPsec_L2TP.c

2562 lines
55 KiB
C
Raw Normal View History

2014-01-04 17:00:08 +04:00
// SoftEther VPN Source Code
// Cedar Communication Module
//
// SoftEther VPN Server, Client and Bridge are free software under GPLv2.
//
// Copyright (c) 2012-2014 Daiyuu Nobori.
// Copyright (c) 2012-2014 SoftEther VPN Project, University of Tsukuba, Japan.
// Copyright (c) 2012-2014 SoftEther Corporation.
//
// All Rights Reserved.
//
// http://www.softether.org/
//
// Author: Daiyuu Nobori
// Comments: Tetsuo Sugiyama, Ph.D.
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// version 2 as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License version 2
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
// THE LICENSE AGREEMENT IS ATTACHED ON THE SOURCE-CODE PACKAGE
// AS "LICENSE.TXT" FILE. READ THE TEXT FILE IN ADVANCE TO USE THE SOFTWARE.
//
//
// THIS SOFTWARE IS DEVELOPED IN JAPAN, AND DISTRIBUTED FROM JAPAN,
// UNDER JAPANESE LAWS. YOU MUST AGREE IN ADVANCE TO USE, COPY, MODIFY,
// MERGE, PUBLISH, DISTRIBUTE, SUBLICENSE, AND/OR SELL COPIES OF THIS
// SOFTWARE, THAT ANY JURIDICAL DISPUTES WHICH ARE CONCERNED TO THIS
// SOFTWARE OR ITS CONTENTS, AGAINST US (SOFTETHER PROJECT, SOFTETHER
// CORPORATION, DAIYUU NOBORI OR OTHER SUPPLIERS), OR ANY JURIDICAL
// DISPUTES AGAINST US WHICH ARE CAUSED BY ANY KIND OF USING, COPYING,
// MODIFYING, MERGING, PUBLISHING, DISTRIBUTING, SUBLICENSING, AND/OR
// SELLING COPIES OF THIS SOFTWARE SHALL BE REGARDED AS BE CONSTRUED AND
// CONTROLLED BY JAPANESE LAWS, AND YOU MUST FURTHER CONSENT TO
// EXCLUSIVE JURISDICTION AND VENUE IN THE COURTS SITTING IN TOKYO,
// JAPAN. YOU MUST WAIVE ALL DEFENSES OF LACK OF PERSONAL JURISDICTION
// AND FORUM NON CONVENIENS. PROCESS MAY BE SERVED ON EITHER PARTY IN
// THE MANNER AUTHORIZED BY APPLICABLE LAW OR COURT RULE.
//
2014-07-11 21:06:20 +04:00
// USE ONLY IN JAPAN. DO NOT USE THIS SOFTWARE IN ANOTHER COUNTRY UNLESS
// YOU HAVE A CONFIRMATION THAT THIS SOFTWARE DOES NOT VIOLATE ANY
// CRIMINAL LAWS OR CIVIL RIGHTS IN THAT PARTICULAR COUNTRY. USING THIS
// SOFTWARE IN OTHER COUNTRIES IS COMPLETELY AT YOUR OWN RISK. THE
// SOFTETHER VPN PROJECT HAS DEVELOPED AND DISTRIBUTED THIS SOFTWARE TO
// COMPLY ONLY WITH THE JAPANESE LAWS AND EXISTING CIVIL RIGHTS INCLUDING
// PATENTS WHICH ARE SUBJECTS APPLY IN JAPAN. OTHER COUNTRIES' LAWS OR
// CIVIL RIGHTS ARE NONE OF OUR CONCERNS NOR RESPONSIBILITIES. WE HAVE
// NEVER INVESTIGATED ANY CRIMINAL REGULATIONS, CIVIL LAWS OR
// INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENTS IN ANY OF OTHER 200+
// COUNTRIES AND TERRITORIES. BY NATURE, THERE ARE 200+ REGIONS IN THE
// WORLD, WITH DIFFERENT LAWS. IT IS IMPOSSIBLE TO VERIFY EVERY
// COUNTRIES' LAWS, REGULATIONS AND CIVIL RIGHTS TO MAKE THE SOFTWARE
// COMPLY WITH ALL COUNTRIES' LAWS BY THE PROJECT. EVEN IF YOU WILL BE
// SUED BY A PRIVATE ENTITY OR BE DAMAGED BY A PUBLIC SERVANT IN YOUR
// COUNTRY, THE DEVELOPERS OF THIS SOFTWARE WILL NEVER BE LIABLE TO
// RECOVER OR COMPENSATE SUCH DAMAGES, CRIMINAL OR CIVIL
// RESPONSIBILITIES. NOTE THAT THIS LINE IS NOT LICENSE RESTRICTION BUT
// JUST A STATEMENT FOR WARNING AND DISCLAIMER.
2014-01-04 17:00:08 +04:00
//
//
2014-01-15 13:01:42 +04:00
// SOURCE CODE CONTRIBUTION
// ------------------------
//
// Your contribution to SoftEther VPN Project is much appreciated.
// Please send patches to us through GitHub.
// Read the SoftEther VPN Patch Acceptance Policy in advance:
// http://www.softether.org/5-download/src/9.patch
//
//
2014-01-04 17:00:08 +04:00
// DEAR SECURITY EXPERTS
// ---------------------
//
// If you find a bug or a security vulnerability please kindly inform us
// about the problem immediately so that we can fix the security problem
// to protect a lot of users around the world as soon as possible.
//
// Our e-mail address for security reports is:
// softether-vpn-security [at] softether.org
//
// Please note that the above e-mail address is not a technical support
// inquiry address. If you need technical assistance, please visit
// http://www.softether.org/ and ask your question on the users forum.
//
// Thank you for your cooperation.
2014-03-20 00:45:05 +04:00
//
//
// NO MEMORY OR RESOURCE LEAKS
// ---------------------------
//
// The memory-leaks and resource-leaks verification under the stress
// test has been passed before release this source code.
2014-01-04 17:00:08 +04:00
// IPsec_L2TP.c
// L2TP protocol stack
#include "CedarPch.h"
// Release the L2TP AVP value
void FreeL2TPAVP(L2TP_AVP *a)
{
// Validate arguments
if (a == NULL)
{
return;
}
if (a->Data != NULL)
{
Free(a->Data);
}
Free(a);
}
// Release the L2TP packet
void FreeL2TPPacket(L2TP_PACKET *p)
{
UINT i;
// Validate arguments
if (p == NULL)
{
return;
}
if (p->AvpList != NULL)
{
for (i = 0;i < LIST_NUM(p->AvpList);i++)
{
L2TP_AVP *a = LIST_DATA(p->AvpList, i);
FreeL2TPAVP(a);
}
ReleaseList(p->AvpList);
}
if (p->Data != NULL)
{
Free(p->Data);
}
Free(p);
}
// Send an L2TP control packet
void SendL2TPControlPacket(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, UINT session_id, L2TP_PACKET *p)
{
BUF *buf;
L2TP_QUEUE *q;
// Validate arguments
if (l2tp == NULL || t == NULL || p == NULL)
{
return;
}
p->IsControl = true;
p->TunnelId = t->TunnelId1;
p->SessionId = session_id;
p->Ns = t->NextNs;
t->NextNs++;
p->Nr = t->LastNr + 1;
buf = BuildL2TPPacketData(p);
q = ZeroMalloc(sizeof(L2TP_QUEUE));
q->Buf = buf;
q->Ns = p->Ns;
q->NextSendTick = l2tp->Now + (UINT64)L2TP_PACKET_RESEND_INTERVAL;
SendL2TPControlPacketMain(l2tp, t, q);
L2TPAddInterrupt(l2tp, q->NextSendTick);
Add(t->SendQueue, q);
}
// Specify the interrupt occurrence time of the next
void L2TPAddInterrupt(L2TP_SERVER *l2tp, UINT64 next_tick)
{
// Validate arguments
if (l2tp == NULL || next_tick == 0)
{
return;
}
AddInterrupt(l2tp->Interrupts, next_tick);
}
// Send a L2TP data packet
void SendL2TPDataPacket(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s, void *data, UINT size)
{
UDPPACKET *p;
UCHAR *buf;
UINT buf_size;
// Validate arguments
if (l2tp == NULL || t == NULL || s == NULL || (size != 0 && data == NULL))
{
return;
}
// Build a L2TP data packet
if (s->IsV3 == false)
{
// L2TP Ver 2
buf_size = 8 + size;
buf = Malloc(buf_size);
buf[0] = 0x40;
buf[1] = 0x02;
WRITE_USHORT(buf + 2, buf_size);
WRITE_USHORT(buf + 4, t->TunnelId1);
WRITE_USHORT(buf + 6, s->SessionId1);
Copy(buf + 8, data, size);
// Transmission
p = NewUdpPacket(&t->ServerIp, t->ServerPort, &t->ClientIp, t->ClientPort, buf, buf_size);
}
else
{
// L2TPv3
buf_size = 4 + size;
buf = Malloc(buf_size);
WRITE_UINT(buf, s->SessionId1);
Copy(buf + 4, data, size);
// Transmission
p = NewUdpPacket(&t->ServerIp, IPSEC_PORT_L2TPV3_VIRTUAL, &t->ClientIp, IPSEC_PORT_L2TPV3_VIRTUAL, buf, buf_size);
}
L2TPSendUDP(l2tp, p);
}
// L2TP packet transmission main
void SendL2TPControlPacketMain(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_QUEUE *q)
{
UDPPACKET *p;
// Validate arguments
if (l2tp == NULL || t == NULL || q == NULL)
{
return;
}
p = NewUdpPacket(&t->ServerIp, t->ServerPort, &t->ClientIp, t->ClientPort,
Clone(q->Buf->Buf, q->Buf->Size), q->Buf->Size);
// Update the received sequence number
WRITE_USHORT(((UCHAR *)p->Data) + (p->SrcPort == IPSEC_PORT_L2TPV3_VIRTUAL ? 14 : 10), t->LastNr + 1);
L2TPSendUDP(l2tp, p);
}
// Send a UDP packet
void L2TPSendUDP(L2TP_SERVER *l2tp, UDPPACKET *p)
{
// Validate arguments
if (l2tp == NULL || p == NULL)
{
return;
}
Add(l2tp->SendPacketList, p);
}
// Build a L2TP packet
BUF *BuildL2TPPacketData(L2TP_PACKET *pp)
{
BUF *ret;
UCHAR c;
USHORT us;
UINT ui;
// Validate arguments
if (pp == NULL)
{
return NULL;
}
ret = NewBuf();
c = 0;
if (pp->Ver == 3)
{
if (pp->SessionId != 0)
{
// Add the Remote Session ID AVP
L2TP_AVP *a = GetAVPValue(pp, L2TP_AVP_TYPE_V3_SESSION_ID_REMOTE);
if (a == NULL || a->DataSize != sizeof(UINT))
{
UINT ui = Endian32(pp->SessionId);
Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_V3_SESSION_ID_REMOTE, true, 0, &ui, sizeof(UINT)));
if (GetAVPValueEx(pp, L2TPV3_CISCO_AVP_SESSION_ID_LOCAL, L2TP_AVP_VENDOR_ID_CISCO) != NULL)
{
Add(pp->AvpList, NewAVP(L2TPV3_CISCO_AVP_SESSION_ID_REMOTE, true, L2TP_AVP_VENDOR_ID_CISCO, &ui, sizeof(UINT)));
}
}
}
}
if (pp->Ver == 3)
{
// Zero as Session ID
ui = 0;
WriteBuf(ret, &ui, sizeof(UINT));
}
// Flags
if (pp->IsControl)
{
c |= L2TP_HEADER_BIT_TYPE;
c |= L2TP_HEADER_BIT_LENGTH;
c |= L2TP_HEADER_BIT_SEQUENCE;
}
else
{
c |= L2TP_HEADER_BIT_OFFSET;
}
WriteBuf(ret, &c, 1);
// Ver
c = 2;
if (pp->Ver == 3)
{
c = 3;
}
WriteBuf(ret, &c, 1);
// Length
if (pp->IsControl)
{
us = 0;
WriteBuf(ret, &us, sizeof(USHORT));
}
// Tunnel ID
if (pp->Ver != 3)
{
us = Endian16((USHORT)pp->TunnelId);
WriteBuf(ret, &us, sizeof(USHORT));
}
else
{
ui = Endian32(pp->TunnelId);
WriteBuf(ret, &ui, sizeof(UINT));
}
// Session ID
if (pp->Ver != 3)
{
us = Endian16((USHORT)pp->SessionId);
WriteBuf(ret, &us, sizeof(USHORT));
}
if (pp->IsControl)
{
// Ns
us = Endian16(pp->Ns);
WriteBuf(ret, &us, sizeof(USHORT));
// Nr
us = Endian16(pp->Nr);
WriteBuf(ret, &us, sizeof(USHORT));
}
else
{
// Offset Size = 0
us = 0;
WriteBuf(ret, &us, sizeof(USHORT));
}
if (pp->IsControl)
{
// AVP
UINT i;
for (i = 0;i < LIST_NUM(pp->AvpList);i++)
{
L2TP_AVP *a = LIST_DATA(pp->AvpList, i);
// Length and Flags
us = Endian16(a->DataSize + 6);
if (a->Mandatory)
{
*((UCHAR *)&us) |= L2TP_AVP_BIT_MANDATORY;
}
WriteBuf(ret, &us, sizeof(USHORT));
// Vendor ID
us = Endian16(a->VendorID);
WriteBuf(ret, &us, sizeof(USHORT));
// Type
us = Endian16(a->Type);
WriteBuf(ret, &us, sizeof(USHORT));
// Data
WriteBuf(ret, a->Data, a->DataSize);
}
}
else
{
// Payload
WriteBuf(ret, pp->Data, pp->DataSize);
}
if (pp->IsControl)
{
// Update Length
WRITE_USHORT(((UCHAR *)ret->Buf) + 2 + (pp->Ver == 3 ? sizeof(UINT) : 0), (USHORT)(ret->Size - (pp->Ver == 3 ? sizeof(UINT) : 0)));
}
SeekBuf(ret, 0, 0);
return ret;
}
// Parse the L2TP packet
L2TP_PACKET *ParseL2TPPacket(UDPPACKET *p)
{
L2TP_PACKET *ret;
UCHAR *buf;
UINT size;
bool is_l2tpv3 = false;
// Validate arguments
if (p == NULL)
{
return NULL;
}
ret = ZeroMalloc(sizeof(L2TP_PACKET));
if (p->SrcPort == IPSEC_PORT_L2TPV3_VIRTUAL)
{
// It is L2TPv3
is_l2tpv3 = true;
}
buf = p->Data;
size = p->Size;
if (is_l2tpv3)
{
UINT session_id;
// In the case of L2TPv3
if (size < 4)
{
goto LABEL_ERROR;
}
session_id = READ_UINT(buf);
if (session_id != 0)
{
// L2TPv3 data packet reception
ret->SessionId = session_id;
buf += sizeof(UINT);
size -= sizeof(UINT);
ret->Data = Clone(buf, size);
ret->DataSize = size;
ret->Ver = 3;
return ret;
}
else
{
// L2TPv3 control packet reception
buf += sizeof(UINT);
size -= sizeof(UINT);
}
}
// L2TP
if (size < 6)
{
goto LABEL_ERROR;
}
if (*buf & L2TP_HEADER_BIT_TYPE)
{
ret->IsControl = true;
}
if (*buf & L2TP_HEADER_BIT_LENGTH)
{
ret->HasLength = true;
}
if (*buf & L2TP_HEADER_BIT_SEQUENCE)
{
ret->HasSequence = true;
}
if (is_l2tpv3 == false)
{
if (*buf & L2TP_HEADER_BIT_OFFSET)
{
ret->HasOffset = true;
}
if (*buf & L2TP_HEADER_BIT_PRIORITY)
{
ret->IsPriority = true;
}
}
buf++;
size--;
ret->Ver = *buf & L2TP_HEADER_BIT_VER;
buf++;
size--;
if (is_l2tpv3 == false)
{
// L2TP
if (ret->Ver != 2)
{
goto LABEL_ERROR;
}
}
else
{
// L2TPv3
if (ret->Ver != 3)
{
goto LABEL_ERROR;
}
}
if (ret->IsControl)
{
if (ret->HasLength == false || ret->HasSequence == false)
{
goto LABEL_ERROR;
}
}
else
{
/*if (ret->HasSequence)
{
goto LABEL_ERROR;
}*/
}
if (ret->HasLength)
{
// Length
if (size < 2)
{
goto LABEL_ERROR;
}
ret->Length = READ_USHORT(buf);
buf += 2;
size -= 2;
if (size < (ret->Length - 4))
{
goto LABEL_ERROR;
}
size = ret->Length - 4;
}
// Tunnel ID, Session ID
if (size < 4)
{
goto LABEL_ERROR;
}
if (is_l2tpv3 == false)
{
// L2TP
ret->TunnelId = READ_USHORT(buf);
buf += 2;
size -= 2;
ret->SessionId = READ_USHORT(buf);
buf += 2;
size -= 2;
}
else
{
// L2TPv3: Only tunnel ID is written in the header
ret->TunnelId = READ_UINT(buf);
buf += 4;
size -= 4;
// The session ID is not written in the header
ret->SessionId = 0;
}
if (ret->HasSequence)
{
// Ns, Nr
if (size < 4)
{
goto LABEL_ERROR;
}
ret->Ns = READ_USHORT(buf);
buf += 2;
size -= 2;
ret->Nr = READ_USHORT(buf);
buf += 2;
size -= 2;
}
if (ret->HasOffset)
{
// Offset
if (size < 2)
{
goto LABEL_ERROR;
}
ret->OffsetSize = READ_USHORT(buf);
buf += 2;
size -= 2;
if (size < ret->OffsetSize)
{
goto LABEL_ERROR;
}
buf += ret->OffsetSize;
size -= ret->OffsetSize;
}
ret->DataSize = size;
ret->Data = Clone(buf, ret->DataSize);
if (ret->IsControl == false)
{
if (ret->DataSize == 0)
{
goto LABEL_ERROR;
}
}
if (ret->IsControl)
{
if (ret->DataSize == 0)
{
ret->IsZLB = true;
}
}
if (ret->IsControl)
{
ret->AvpList = NewListFast(NULL);
// Parse the AVP field
while (size != 0)
{
L2TP_AVP a;
Zero(&a, sizeof(a));
// Header
if (size < 6)
{
goto LABEL_ERROR;
}
if (*buf & L2TP_AVP_BIT_MANDATORY)
{
a.Mandatory = true;
}
if (*buf & L2TP_AVP_BIT_HIDDEN)
{
goto LABEL_ERROR;
}
a.Length = READ_USHORT(buf) & L2TP_AVP_LENGTH;
if (a.Length < 6)
{
goto LABEL_ERROR;
}
buf += 2;
size -= 2;
a.VendorID = READ_USHORT(buf);
buf += 2;
size -= 2;
a.Type = READ_USHORT(buf);
buf += 2;
size -= 2;
a.DataSize = a.Length - 6;
a.Data = Clone(buf, a.DataSize);
buf += a.DataSize;
size -= a.DataSize;
Add(ret->AvpList, Clone(&a, sizeof(a)));
}
}
if (ret->IsControl && ret->IsZLB == false)
{
// Get the MessageType in the case of Control packet
L2TP_AVP *a = GetAVPValue(ret, L2TP_AVP_TYPE_MESSAGE_TYPE);
if (a == NULL || a->DataSize != 2)
{
goto LABEL_ERROR;
}
ret->MessageType = READ_USHORT(a->Data);
}
if (ret->Ver == 3)
{
// Get the Remote Session ID in the case of L2TPv3
L2TP_AVP *a = GetAVPValue(ret, L2TP_AVP_TYPE_V3_SESSION_ID_REMOTE);
if (a != NULL && a->DataSize == sizeof(UINT))
{
ret->SessionId = READ_UINT(a->Data);
}
}
return ret;
LABEL_ERROR:
FreeL2TPPacket(ret);
return NULL;
}
// Get the AVP value
L2TP_AVP *GetAVPValue(L2TP_PACKET *p, UINT type)
{
return GetAVPValueEx(p, type, 0);
}
L2TP_AVP *GetAVPValueEx(L2TP_PACKET *p, UINT type, UINT vendor_id)
{
UINT i;
// Validate arguments
if (p == NULL)
{
return NULL;
}
for (i = 0;i < LIST_NUM(p->AvpList);i++)
{
L2TP_AVP *a = LIST_DATA(p->AvpList, i);
if (a->Type == type && a->VendorID == vendor_id)
{
return a;
}
}
return NULL;
}
// Release the L2TP transmission queue
void FreeL2TPQueue(L2TP_QUEUE *q)
{
// Validate arguments
if (q == NULL)
{
return;
}
FreeBuf(q->Buf);
FreeL2TPPacket(q->L2TPPacket);
Free(q);
}
// Sort function of L2TP reception queue
int CmpL2TPQueueForRecv(void *p1, void *p2)
{
L2TP_QUEUE *q1, *q2;
// Validate arguments
if (p1 == NULL || p2 == NULL)
{
return 0;
}
q1 = *(L2TP_QUEUE **)p1;
q2 = *(L2TP_QUEUE **)p2;
if (q1 == NULL || q2 == NULL)
{
return 0;
}
if (L2TP_SEQ_LT(q1->Ns, q2->Ns))
{
return -1;
}
else if (q1->Ns == q2->Ns)
{
return 0;
}
else
{
return 1;
}
}
// Create a L2TP tunnel
L2TP_TUNNEL *NewL2TPTunnel(L2TP_SERVER *l2tp, L2TP_PACKET *p, UDPPACKET *udp)
{
L2TP_TUNNEL *t;
L2TP_AVP *a;
// Validate arguments
if (l2tp == NULL || p == NULL || udp == NULL)
{
return NULL;
}
t = ZeroMalloc(sizeof(L2TP_TUNNEL));
if (p->Ver == 3)
{
t->IsV3 = true;
}
t->SessionList = NewList(NULL);
Copy(&t->ClientIp, &udp->SrcIP, sizeof(IP));
t->ClientPort = udp->SrcPort;
Copy(&t->ServerIp, &udp->DstIP, sizeof(IP));
t->ServerPort = udp->DestPort;
// Hostname
a = GetAVPValue(p, L2TP_AVP_TYPE_HOST_NAME);
if (a != NULL && a->DataSize >= 1 && a->DataSize < sizeof(t->HostName))
{
Copy(t->HostName, a->Data, a->DataSize);
}
else
{
IPToStr(t->HostName, sizeof(t->HostName), &t->ClientIp);
}
// Vendor Name
a = GetAVPValue(p, L2TP_AVP_TYPE_VENDOR_NAME);
if (a != NULL && a->DataSize >= 1 && a->DataSize < sizeof(t->VendorName))
{
Copy(t->VendorName, a->Data, a->DataSize);
}
// Assigned Tunnel ID
a = GetAVPValue(p, (p->Ver == 3 ? L2TP_AVP_TYPE_V3_TUNNEL_ID : L2TP_AVP_TYPE_ASSIGNED_TUNNEL));
if (a == NULL || a->DataSize != (t->IsV3 ? sizeof(UINT) : sizeof(USHORT)))
{
goto LABEL_ERROR;
}
t->TunnelId1 = (t->IsV3 ? READ_UINT(a->Data) : READ_USHORT(a->Data));
t->TunnelId2 = GenerateNewTunnelIdEx(l2tp, &t->ClientIp, t->IsV3);
if (t->TunnelId2 == 0)
{
goto LABEL_ERROR;
}
if (p->Ver == 3)
{
// Identify whether it's Cisco
a = GetAVPValueEx(p, L2TPV3_CISCO_AVP_TUNNEL_ID, L2TP_AVP_VENDOR_ID_CISCO);
if (a != NULL)
{
t->IsCiscoV3 = true;
}
}
// Transmission queue
t->SendQueue = NewList(NULL);
// Reception queue
t->RecvQueue = NewList(CmpL2TPQueueForRecv);
t->LastRecvTick = l2tp->Now;
t->LastHelloSent = l2tp->Now;
return t;
LABEL_ERROR:
FreeL2TPTunnel(t);
return NULL;
}
// Search a tunnel
L2TP_TUNNEL *GetTunnelFromId(L2TP_SERVER *l2tp, IP *client_ip, UINT tunnel_id, bool is_v3)
{
UINT i;
// Validate arguments
if (l2tp == NULL || client_ip == 0 || tunnel_id == 0)
{
return NULL;
}
for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
{
L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
if (t->TunnelId2 == tunnel_id && CmpIpAddr(&t->ClientIp, client_ip) == 0)
{
if (EQUAL_BOOL(t->IsV3, is_v3))
{
return t;
}
}
}
return NULL;
}
// Search the tunnel by the tunnel ID that is assigned by the client
L2TP_TUNNEL *GetTunnelFromIdOfAssignedByClient(L2TP_SERVER *l2tp, IP *client_ip, UINT tunnel_id)
{
UINT i;
// Validate arguments
if (l2tp == NULL || client_ip == 0 || tunnel_id == 0)
{
return NULL;
}
for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
{
L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
if (t->TunnelId1 == tunnel_id && CmpIpAddr(&t->ClientIp, client_ip) == 0)
{
return t;
}
}
return NULL;
}
// Create a new tunnel ID
UINT GenerateNewTunnelId(L2TP_SERVER *l2tp, IP *client_ip)
{
return GenerateNewTunnelIdEx(l2tp, client_ip, false);
}
UINT GenerateNewTunnelIdEx(L2TP_SERVER *l2tp, IP *client_ip, bool is_32bit)
{
UINT id;
UINT max_number = 0xffff;
// Validate arguments
if (l2tp == NULL || client_ip == NULL)
{
return 0;
}
if (is_32bit)
{
max_number = 0xfffffffe;
}
for (id = 1;id <= max_number;id++)
{
if (GetTunnelFromId(l2tp, client_ip, id, is_32bit) == NULL)
{
return id;
}
}
return 0;
}
// Release the L2TP tunnel
void FreeL2TPTunnel(L2TP_TUNNEL *t)
{
UINT i;
// Validate arguments
if (t == NULL)
{
return;
}
for (i = 0;i < LIST_NUM(t->SessionList);i++)
{
L2TP_SESSION *s = LIST_DATA(t->SessionList, i);
FreeL2TPSession(s);
}
ReleaseList(t->SessionList);
for (i = 0;i < LIST_NUM(t->SendQueue);i++)
{
L2TP_QUEUE *q = LIST_DATA(t->SendQueue, i);
FreeL2TPQueue(q);
}
ReleaseList(t->SendQueue);
for (i = 0;i < LIST_NUM(t->RecvQueue);i++)
{
L2TP_QUEUE *q = LIST_DATA(t->RecvQueue, i);
FreeL2TPQueue(q);
}
ReleaseList(t->RecvQueue);
Free(t);
}
// Generate a new L2TP control packet
L2TP_PACKET *NewL2TPControlPacket(UINT message_type, bool is_v3)
{
L2TP_PACKET *p = ZeroMalloc(sizeof(L2TP_PACKET));
p->IsControl = true;
p->HasLength = true;
p->HasSequence = true;
p->Ver = (is_v3 ? 3 : 2);
p->MessageType = message_type;
p->AvpList = NewListFast(NULL);
if (message_type != 0)
{
L2TP_AVP *a;
USHORT us;
a = ZeroMalloc(sizeof(L2TP_AVP));
a->Type = L2TP_AVP_TYPE_MESSAGE_TYPE;
a->Mandatory = true;
us = Endian16(message_type);
a->Data = Clone(&us, sizeof(USHORT));
a->DataSize = sizeof(USHORT);
Add(p->AvpList, a);
}
return p;
}
// Create a new AVP value
L2TP_AVP *NewAVP(USHORT type, bool mandatory, USHORT vendor_id, void *data, UINT data_size)
{
L2TP_AVP *a;
// Validate arguments
if (data_size != 0 && data == NULL)
{
return NULL;
}
a = ZeroMalloc(sizeof(L2TP_AVP));
a->Type = type;
a->Mandatory = mandatory;
a->VendorID = vendor_id;
a->Data = Clone(data, data_size);
a->DataSize = data_size;
return a;
}
// Process a received L2TP packet
void L2TPProcessRecvControlPacket(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_PACKET *p)
{
// Validate arguments
if (l2tp == NULL || t == NULL || p == NULL)
{
return;
}
if (p->SessionId == 0)
{
if (p->MessageType == L2TP_MESSAGE_TYPE_SCCCN && l2tp->Halt == false)
{
// Tunnel establishment completed
if (t->Established == false)
{
if (t->Disconnecting == false)
{
t->Established = true;
t->LastHelloSent = l2tp->Now;
}
}
}
if (t->Established)
{
if (p->MessageType == L2TP_MESSAGE_TYPE_ICRQ && t->WantToDisconnect == false && l2tp->Halt == false)
{
// Request to establish a new session arrives
L2TP_AVP *a = GetAVPValue(p,
(t->IsV3 ? L2TP_AVP_TYPE_V3_SESSION_ID_LOCAL : L2TP_AVP_TYPE_ASSIGNED_SESSION));
if (a != NULL && a->DataSize == (t->IsV3 ? sizeof(UINT) : sizeof(USHORT)) && IsZero(a->Data, (t->IsV3 ? sizeof(UINT) : sizeof(USHORT))) == false)
{
UINT session_id = (t->IsV3 ? READ_UINT(a->Data) : READ_USHORT(a->Data));
// Check whether there is other same session ID
if (GetSessionFromIdAssignedByClient(t, session_id) == NULL)
{
// Create a session
L2TP_SESSION *s = NewL2TPSession(l2tp, t, session_id);
if (s != NULL)
{
L2TP_PACKET *pp;
USHORT us;
UINT ui;
// Get the PseudowireType
if (t->IsV3)
{
s->PseudowireType = L2TPV3_PW_TYPE_ETHERNET;
a = GetAVPValue(p, L2TP_AVP_TYPE_V3_PW_TYPE);
if (a != NULL && a->DataSize == sizeof(USHORT))
{
ui = READ_USHORT(a->Data);
s->PseudowireType = ui;
}
}
Add(t->SessionList, s);
Debug("L2TP New Session: ID = %u/%u on Tunnel %u/%u\n", s->SessionId1, s->SessionId2,
t->TunnelId1, t->TunnelId2);
// Respond the session creation completion notice
pp = NewL2TPControlPacket(L2TP_MESSAGE_TYPE_ICRP, s->IsV3);
// Assigned Session AVP
if (s->IsV3 == false)
{
us = Endian16(s->SessionId2);
Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_ASSIGNED_SESSION, true, 0, &us, sizeof(USHORT)));
}
else
{
ui = Endian32(s->SessionId2);
Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_V3_SESSION_ID_LOCAL, true, 0, &ui, sizeof(UINT)));
if (s->IsCiscoV3)
{
Add(pp->AvpList, NewAVP(L2TPV3_CISCO_AVP_SESSION_ID_LOCAL, true, L2TP_AVP_VENDOR_ID_CISCO, &ui, sizeof(UINT)));
}
}
if (s->IsV3)
{
// Pseudowire AVP
us = Endian16(s->PseudowireType);
Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_V3_PW_TYPE, true, 0, &us, sizeof(USHORT)));
if (s->IsCiscoV3)
{
Add(pp->AvpList, NewAVP(L2TPV3_CISCO_AVP_PW_TYPE, true, L2TP_AVP_VENDOR_ID_CISCO, &us, sizeof(USHORT)));
}
}
SendL2TPControlPacket(l2tp, t, session_id, pp);
FreeL2TPPacket(pp);
}
}
}
}
else if (p->MessageType == L2TP_MESSAGE_TYPE_STOPCCN)
{
// Tunnel disconnect request arrives
L2TP_AVP *a = GetAVPValue(p, (t->IsV3 ? L2TP_AVP_TYPE_V3_TUNNEL_ID : L2TP_AVP_TYPE_ASSIGNED_TUNNEL));
if (a != NULL && a->DataSize == (t->IsV3 ? sizeof(UINT) : sizeof(USHORT)))
{
UINT ui = (t->IsV3 ? READ_UINT(a->Data) : READ_USHORT(a->Data));
if (ui == t->TunnelId1)
{
// Disconnect the tunnel
DisconnectL2TPTunnel(t);
}
}
}
}
}
else
{
// Search a session
L2TP_SESSION *s = GetSessionFromId(t, p->SessionId);
if (s != NULL)
{
if (s->Established == false)
{
if (p->MessageType == L2TP_MESSAGE_TYPE_ICCN)
{
// Session establishment completed
if (s->Disconnecting == false)
{
s->Established = true;
}
}
}
else
{
if (p->MessageType == L2TP_MESSAGE_TYPE_CDN)
{
// Received a session disconnection request
L2TP_AVP *a = GetAVPValue(p,
(t->IsV3 ? L2TP_AVP_TYPE_V3_SESSION_ID_LOCAL : L2TP_AVP_TYPE_ASSIGNED_SESSION));
if (a != NULL && a->DataSize == (t->IsV3 ? sizeof(UINT) : sizeof(USHORT)))
{
UINT ui = (t->IsV3 ? READ_UINT(a->Data) : READ_USHORT(a->Data));
if (ui == s->SessionId1)
{
// Disconnect the session
DisconnectL2TPSession(t, s);
}
}
}
}
}
else
{
Debug("Session ID %u not found in Tunnel ID %u/%u\n", p->SessionId, t->TunnelId1, t->TunnelId2);
}
}
}
// Disconnect the L2TP tunnel
void DisconnectL2TPTunnel(L2TP_TUNNEL *t)
{
// Validate arguments
if (t == NULL)
{
return;
}
if (/*t->Established && */t->Disconnecting == false && t->WantToDisconnect == false)
{
UINT i;
Debug("Trying to Disconnect Tunnel ID %u/%u\n", t->TunnelId1, t->TunnelId2);
t->WantToDisconnect = true;
// Disconnect all sessions within the tunnel
for (i = 0;i < LIST_NUM(t->SessionList);i++)
{
L2TP_SESSION *s = LIST_DATA(t->SessionList, i);
DisconnectL2TPSession(t, s);
}
}
}
// Disconnect the L2TP session
void DisconnectL2TPSession(L2TP_TUNNEL *t, L2TP_SESSION *s)
{
// Validate arguments
if (t == NULL || s == NULL)
{
return;
}
if (s->Established && s->Disconnecting == false && s->WantToDisconnect == false)
{
Debug("Trying to Disconnect Session ID %u/%u on Tunnel %u/%u\n", s->SessionId1, s->SessionId2,
t->TunnelId1, t->TunnelId2);
s->WantToDisconnect = true;
}
}
// Create a new session
L2TP_SESSION *NewL2TPSession(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, UINT session_id_by_client)
{
L2TP_SESSION *s;
UINT session_id_by_server;
// Validate arguments
if (l2tp == NULL || t == NULL || session_id_by_client == 0)
{
return NULL;
}
2015-01-30 16:30:34 +03:00
if (LIST_NUM(t->SessionList) >= L2TP_QUOTA_MAX_NUM_SESSIONS_PER_TUNNEL)
{
return NULL;
}
2014-01-04 17:00:08 +04:00
if (t->IsV3 == false)
{
session_id_by_server = GenerateNewSessionIdEx(t, t->IsV3);
}
else
{
session_id_by_server = GenerateNewSessionIdForL2TPv3(l2tp);
}
if (session_id_by_server == 0)
{
return NULL;
}
s = ZeroMalloc(sizeof(L2TP_SESSION));
s->SessionId1 = session_id_by_client;
s->SessionId2 = session_id_by_server;
s->IsV3 = t->IsV3;
s->IsCiscoV3 = t->IsCiscoV3;
s->Tunnel = t;
return s;
}
// Retrieve a session from L2TP session ID
L2TP_SESSION *SearchL2TPSessionById(L2TP_SERVER *l2tp, bool is_v3, UINT id)
{
UINT i, j;
// Validate arguments
if (l2tp == NULL || id == 0)
{
return NULL;
}
for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
{
L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
for (j = 0;j < LIST_NUM(t->SessionList);j++)
{
L2TP_SESSION *s = LIST_DATA(t->SessionList, j);
if (s->SessionId2 == id)
{
if (EQUAL_BOOL(s->IsV3, is_v3))
{
return s;
}
}
}
}
return NULL;
}
// Create a new session ID
UINT GenerateNewSessionId(L2TP_TUNNEL *t)
{
return GenerateNewSessionIdEx(t, false);
}
UINT GenerateNewSessionIdEx(L2TP_TUNNEL *t, bool is_32bit)
{
UINT i;
UINT max_number = 0xffff;
// Validate arguments
if (t == NULL)
{
return 0;
}
if (is_32bit)
{
max_number = 0xfffffffe;
}
for (i = 1;i <= max_number;i++)
{
if (GetSessionFromId(t, i) == NULL)
{
return i;
}
}
return 0;
}
UINT GenerateNewSessionIdForL2TPv3(L2TP_SERVER *l2tp)
{
// Validate arguments
if (l2tp == NULL)
{
return 0;
}
while (true)
{
UINT id = Rand32();
if (id == 0 || id == 0xffffffff)
{
continue;
}
if (SearchL2TPSessionById(l2tp, true, id) == false)
{
return id;
}
}
}
// Release the session
void FreeL2TPSession(L2TP_SESSION *s)
{
// Validate arguments
if (s == NULL)
{
return;
}
Free(s);
}
// Search a session from the session ID
L2TP_SESSION *GetSessionFromId(L2TP_TUNNEL *t, UINT session_id)
{
UINT i;
// Validate arguments
if (t == NULL || session_id == 0)
{
return NULL;
}
for (i = 0;i < LIST_NUM(t->SessionList);i++)
{
L2TP_SESSION *s = LIST_DATA(t->SessionList, i);
if (s->SessionId2 == session_id)
{
return s;
}
}
return NULL;
}
// Search a session from the session ID (Search by ID assigned from the client side)
L2TP_SESSION *GetSessionFromIdAssignedByClient(L2TP_TUNNEL *t, UINT session_id)
{
UINT i;
// Validate arguments
if (t == NULL || session_id == 0)
{
return NULL;
}
for (i = 0;i < LIST_NUM(t->SessionList);i++)
{
L2TP_SESSION *s = LIST_DATA(t->SessionList, i);
if (s->SessionId1 == session_id)
{
return s;
}
}
return NULL;
}
2015-01-30 16:30:34 +03:00
// Get the number of L2TP sessions connected from the client IP address
UINT GetNumL2TPTunnelsByClientIP(L2TP_SERVER *l2tp, IP *client_ip)
{
UINT i, ret;
// Validate arguments
if (l2tp == NULL || client_ip == NULL)
{
return 0;
}
ret = 0;
for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
{
L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
if (CmpIpAddr(&t->ClientIp, client_ip) == 0)
{
ret++;
}
}
return ret;
}
2014-01-04 17:00:08 +04:00
// Performs processing L2TP received packets.
void ProcL2TPPacketRecv(L2TP_SERVER *l2tp, UDPPACKET *p)
{
L2TP_PACKET *pp;
bool no_free = false;
// Validate arguments
if (l2tp == NULL || p == NULL)
{
return;
}
// Parse a packet.
pp = ParseL2TPPacket(p);
if (pp == NULL)
{
return;
}
if (pp->MessageType == L2TP_MESSAGE_TYPE_SCCRQ && pp->SessionId == 0 && pp->TunnelId == 0 &&
pp->Nr == 0 && pp->Ns == 0 && l2tp->Halt == false)
{
{
L2TP_AVP *a = GetAVPValue(pp, (pp->Ver == 3 ? L2TP_AVP_TYPE_V3_TUNNEL_ID : L2TP_AVP_TYPE_ASSIGNED_TUNNEL));
if (a != NULL && a->DataSize == (pp->Ver == 3 ? sizeof(UINT) : sizeof(USHORT)))
{
UINT client_assigned_id = (pp->Ver == 3 ? READ_UINT(a->Data) : READ_USHORT(a->Data));
if (GetTunnelFromIdOfAssignedByClient(l2tp, &p->SrcIP, client_assigned_id) == NULL)
{
2015-02-02 12:54:00 +03:00
if (LIST_NUM(l2tp->TunnelList) < L2TP_QUOTA_MAX_NUM_TUNNELS && GetNumL2TPTunnelsByClientIP(l2tp, &p->SrcIP) < L2TP_QUOTA_MAX_NUM_TUNNELS_PER_IP)
2014-01-04 17:00:08 +04:00
{
2015-01-30 16:30:34 +03:00
char ipstr[MAX_SIZE];
L2TP_PACKET *pp2;
UCHAR protocol_version[2];
UCHAR caps_data[4];
USHORT us;
char hostname[MAX_SIZE];
2014-01-04 17:00:08 +04:00
2015-01-30 16:30:34 +03:00
// Begin Tunneling
L2TP_TUNNEL *t = NewL2TPTunnel(l2tp, pp, p);
2014-01-04 17:00:08 +04:00
2015-01-30 16:30:34 +03:00
if (t != NULL)
{
IPToStr(ipstr, sizeof(ipstr), &t->ClientIp);
Debug("L2TP New Tunnel From %s (%s, %s): New Tunnel ID = %u/%u\n", ipstr, t->HostName, t->VendorName,
t->TunnelId1, t->TunnelId2);
2014-01-04 17:00:08 +04:00
2015-01-30 16:30:34 +03:00
// Add the tunnel to the list
Add(l2tp->TunnelList, t);
2014-01-04 17:00:08 +04:00
2015-01-30 16:30:34 +03:00
// Respond with SCCEP to SCCRQ
pp2 = NewL2TPControlPacket(L2TP_MESSAGE_TYPE_SCCRP, t->IsV3);
2014-01-04 17:00:08 +04:00
2015-01-30 16:30:34 +03:00
// Protocol Version
protocol_version[0] = 1;
protocol_version[1] = 0;
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_PROTOCOL_VERSION, true, 0, protocol_version, sizeof(protocol_version)));
// Framing Capabilities
2014-01-04 17:00:08 +04:00
Zero(caps_data, sizeof(caps_data));
2015-01-30 16:30:34 +03:00
if (t->IsV3 == false)
{
caps_data[3] = 3;
}
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_FRAME_CAP, false, 0, caps_data, sizeof(caps_data)));
2014-01-04 17:00:08 +04:00
2015-01-30 16:30:34 +03:00
if (t->IsV3 == false)
{
// Bearer Capabilities
Zero(caps_data, sizeof(caps_data));
caps_data[3] = 3;
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_BEARER_CAP, false, 0, caps_data, sizeof(caps_data)));
}
2014-01-04 17:00:08 +04:00
2015-01-30 16:30:34 +03:00
// Host Name
GetMachineHostName(hostname, sizeof(hostname));
if (IsEmptyStr(hostname))
{
StrCpy(hostname, sizeof(hostname), "vpn");
}
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_HOST_NAME, true, 0, hostname, StrLen(hostname)));
2014-01-04 17:00:08 +04:00
2015-01-30 16:30:34 +03:00
// Vendor Name
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_VENDOR_NAME, false, 0, L2TP_VENDOR_NAME, StrLen(L2TP_VENDOR_NAME)));
2014-01-04 17:00:08 +04:00
2015-01-30 16:30:34 +03:00
// Assigned Tunnel ID
if (t->IsV3 == false)
2014-01-04 17:00:08 +04:00
{
2015-01-30 16:30:34 +03:00
us = Endian16(t->TunnelId2);
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_ASSIGNED_TUNNEL, true, 0, &us, sizeof(USHORT)));
2014-01-04 17:00:08 +04:00
}
2015-01-30 16:30:34 +03:00
else
{
UINT ui = Endian32(t->TunnelId2);
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_V3_TUNNEL_ID, true, 0, &ui, sizeof(UINT)));
2014-01-04 17:00:08 +04:00
2015-01-30 16:30:34 +03:00
if (t->IsCiscoV3)
{
Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_TUNNEL_ID, true, L2TP_AVP_VENDOR_ID_CISCO, &ui, sizeof(UINT)));
}
}
2014-01-04 17:00:08 +04:00
2015-01-30 16:30:34 +03:00
// Pseudowire Capabilities List
if (t->IsV3)
2014-01-04 17:00:08 +04:00
{
2015-01-30 16:30:34 +03:00
// Only Ethernet
USHORT cap_list[2];
cap_list[0] = Endian16(L2TPV3_PW_TYPE_ETHERNET);
cap_list[1] = Endian16(L2TPV3_PW_TYPE_ETHERNET_VLAN);
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_V3_PW_CAP_LIST, true, 0, cap_list, sizeof(cap_list)));
if (t->IsCiscoV3)
{
Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_PW_CAP_LIST, true, L2TP_AVP_VENDOR_ID_CISCO, cap_list, sizeof(cap_list)));
}
2014-01-04 17:00:08 +04:00
}
2015-01-30 16:30:34 +03:00
// Cisco AVP
if (t->IsCiscoV3)
{
USHORT us = Endian16(1);
Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_DRAFT_AVP_VERSION, true, L2TP_AVP_VENDOR_ID_CISCO, &us, sizeof(USHORT)));
}
2014-01-04 17:00:08 +04:00
2015-01-30 16:30:34 +03:00
// Recv Window Size
us = Endian16(L2TP_WINDOW_SIZE);
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_RECV_WINDOW_SIZE, false, 0, &us, sizeof(USHORT)));
2014-01-04 17:00:08 +04:00
2015-01-30 16:30:34 +03:00
SendL2TPControlPacket(l2tp, t, 0, pp2);
2014-01-04 17:00:08 +04:00
2015-01-30 16:30:34 +03:00
FreeL2TPPacket(pp2);
}
2014-01-04 17:00:08 +04:00
}
}
}
}
}
else
{
// Process related to the existing tunnel
// Find the tunnel
L2TP_TUNNEL *t = NULL;
L2TP_SESSION *l2tpv3_session = NULL;
if (pp->Ver != 3 || pp->IsControl)
{
t = GetTunnelFromId(l2tp, &p->SrcIP, pp->TunnelId, pp->Ver == 3);
}
else
{
l2tpv3_session = SearchL2TPSessionById(l2tp, true, pp->SessionId);
if (l2tpv3_session != NULL)
{
t = l2tpv3_session->Tunnel;
pp->TunnelId = t->TunnelId2;
}
}
if (t == NULL)
{
char ipstr[MAX_SIZE];
IPToStr(ipstr, sizeof(ipstr), &p->SrcIP);
Debug("L2TP Tunnel From %s ID=%u Not Found on the Table.\n", ipstr, pp->TunnelId);
}
else
{
// Update last reception time
t->LastRecvTick = l2tp->Now;
if (pp->IsControl)
{
// Control packet
UINT i;
LIST *o = NULL;
L2TP_QUEUE *q;
L2TP_QUEUE tt;
// Delete the queue that the other party has already received from the retransmission queue
for (i = 0;i < LIST_NUM(t->SendQueue);i++)
{
L2TP_QUEUE *q = LIST_DATA(t->SendQueue, i);
if (L2TP_SEQ_LT(q->Ns, pp->Nr))
{
if (o == NULL)
{
o = NewListFast(NULL);
}
Add(o, q);
}
}
if (o != NULL)
{
for (i = 0;i < LIST_NUM(o);i++)
{
L2TP_QUEUE *q = LIST_DATA(o, i);
Delete(t->SendQueue, q);
FreeL2TPQueue(q);
}
ReleaseList(o);
}
if ((!L2TP_SEQ_LT(pp->Ns, t->LastNr)) && (pp->Ns != t->LastNr))
{
// Add the packet received from the opposite to the queue
if (LIST_NUM(t->RecvQueue) < L2TP_WINDOW_SIZE)
{
Zero(&tt, sizeof(tt));
tt.Ns = pp->Ns;
if (Search(t->RecvQueue, &tt) == NULL)
{
q = ZeroMalloc(sizeof(L2TP_QUEUE));
q->Ns = pp->Ns;
q->L2TPPacket = pp;
no_free = true;
Insert(t->RecvQueue, q);
// Read to the end of completed part from the head of the queue
while (TRUE)
{
L2TP_QUEUE *q;
if (LIST_NUM(t->RecvQueue) == 0)
{
break;
}
q = LIST_DATA(t->RecvQueue, 0);
if (!L2TP_SEQ_EQ(q->Ns, t->LastNr + 1))
{
break;
}
if (q->L2TPPacket->IsZLB == false)
{
t->LastNr = q->Ns;
// The packet other than ZLB is treated
t->StateChanged = true;
}
Delete(t->RecvQueue, q);
// Process the received packet
L2TPProcessRecvControlPacket(l2tp, t, q->L2TPPacket);
FreeL2TPQueue(q);
}
}
}
}
}
else
{
// Data packet
L2TP_SESSION *s = GetSessionFromId(t, pp->SessionId);
if (s != NULL && s->Established)
{
if (s->IsV3 == false)
{
// Start the L2TP thread (If not already started)
StartL2TPThread(l2tp, t, s);
// Pass the data
TubeSendEx(s->TubeRecv, pp->Data, pp->DataSize, NULL, true);
AddTubeToFlushList(l2tp->FlushList, s->TubeRecv);
}
else
{
BLOCK *b;
// Start the EtherIP session (If it's not have yet started)
L2TPSessionManageEtherIPServer(l2tp, s);
// Pass the data
b = NewBlock(pp->Data, pp->DataSize, 0);
EtherIPProcRecvPackets(s->EtherIP, b);
Free(b);
}
}
}
}
}
if (no_free == false)
{
FreeL2TPPacket(pp);
}
}
// Manage the EtherIP server that is associated with the L2TP session
void L2TPSessionManageEtherIPServer(L2TP_SERVER *l2tp, L2TP_SESSION *s)
{
IKE_SERVER *ike;
IKE_CLIENT *c;
// Validate arguments
if (l2tp == NULL || s == NULL)
{
return;
}
if (l2tp->IkeClient == NULL || l2tp->IkeServer == NULL)
{
return;
}
ike = l2tp->IkeServer;
c = l2tp->IkeClient;
if (s->EtherIP == NULL)
{
char crypt_name[MAX_SIZE];
UINT crypt_block_size = IKE_MAX_BLOCK_SIZE;
Zero(crypt_name, sizeof(crypt_name));
if (c->CurrentIpSecSaRecv != NULL)
{
Format(crypt_name, sizeof(crypt_name),
"IPsec - %s (%u bits)",
c->CurrentIpSecSaRecv->TransformSetting.Crypto->Name,
c->CurrentIpSecSaRecv->TransformSetting.CryptoKeySize * 8);
crypt_block_size = c->CurrentIpSecSaRecv->TransformSetting.Crypto->BlockSize;
}
s->EtherIP = NewEtherIPServer(ike->Cedar, ike->IPsec, ike,
&c->ClientIP, c->ClientPort,
&c->ServerIP, c->ServerPort, crypt_name,
c->IsL2TPOnIPsecTunnelMode, crypt_block_size, c->ClientId,
++ike->CurrentEtherId);
StrCpy(s->EtherIP->VendorName, sizeof(s->EtherIP->VendorName), s->Tunnel->VendorName);
s->EtherIP->L2TPv3 = true;
Debug("IKE_CLIENT 0x%X: EtherIP Server Started.\n", c);
IPsecLog(ike, c, NULL, NULL, NULL, "LI_ETHERIP_SERVER_STARTED", ike->CurrentEtherId);
}
else
{
StrCpy(s->EtherIP->ClientId, sizeof(s->EtherIP->ClientId), c->ClientId);
}
if (s->EtherIP->Interrupts == NULL)
{
s->EtherIP->Interrupts = l2tp->Interrupts;
}
if (s->EtherIP->SockEvent == NULL)
{
SetEtherIPServerSockEvent(s->EtherIP, l2tp->SockEvent);
}
s->EtherIP->Now = l2tp->Now;
}
// Calculate the appropriate MSS of the L2TP
UINT CalcL2TPMss(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s)
{
UINT ret;
// Validate arguments
if (l2tp == NULL || t == NULL || s == NULL)
{
return 0;
}
ret = MTU_FOR_PPPOE;
if (l2tp->IkeServer != NULL)
{
// On IPsec
if (l2tp->IsIPsecIPv6)
{
ret -= 40;
}
else
{
ret -= 20;
}
// UDP
ret -= 8;
// ESP
ret -= 20 + l2tp->CryptBlockSize * 2;
}
else
{
// Raw L2TP
if (IsIP6(&t->ClientIp))
{
ret -= 40;
}
else
{
ret -= 20;
}
}
// L2TP UDP
ret -= 8;
// L2TP
ret -= 8;
// PPP
ret -= 4;
// Target communication
ret -= 20;
// TCP header
ret -= 20;
return ret;
}
// Start the L2TP thread
void StartL2TPThread(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s)
{
// Validate arguments
if (l2tp == NULL || t == NULL || s == NULL)
{
return;
}
if (s->HasThread == false)
{
char tmp[MAX_SIZE];
Debug("Thread Created for Session %u/%u on Tunnel %u/%u\n",
s->SessionId1, s->SessionId2, t->TunnelId1, t->TunnelId2);
s->HasThread = true;
NewTubePair(&s->TubeSend, &s->TubeRecv, 0);
SetTubeSockEvent(s->TubeSend, l2tp->SockEvent);
if (IsEmptyStr(t->VendorName) == false)
{
Format(tmp, sizeof(tmp), L2TP_IPC_CLIENT_NAME_TAG, t->VendorName);
}
else
{
StrCpy(tmp, sizeof(tmp), L2TP_IPC_CLIENT_NAME_NO_TAG);
}
// Create a PPP thread
s->Thread = NewPPPSession(l2tp->Cedar, &t->ClientIp, t->ClientPort, &t->ServerIp, t->ServerPort,
s->TubeSend, s->TubeRecv, L2TP_IPC_POSTFIX, tmp, t->HostName, l2tp->CryptName,
CalcL2TPMss(l2tp, t, s));
}
}
// Stop the L2TP thread
void StopL2TPThread(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, L2TP_SESSION *s)
{
THREAD *thread;
// Validate arguments
if (l2tp == NULL || t == NULL || s == NULL)
{
return;
}
if (s->IsV3)
{
// Process the L2TPv3
if (s->EtherIP != NULL)
{
// Release the EtherIP server
ReleaseEtherIPServer(s->EtherIP);
s->EtherIP = NULL;
}
return;
}
if (s->HasThread == false)
{
return;
}
thread = s->Thread;
s->Thread = NULL;
s->HasThread = false;
// Disconnect the tube
TubeDisconnect(s->TubeRecv);
TubeDisconnect(s->TubeSend);
// Release the tube
ReleaseTube(s->TubeRecv);
ReleaseTube(s->TubeSend);
s->TubeRecv = NULL;
s->TubeSend = NULL;
// Pass the thread to termination list
if (l2tp->IkeServer == NULL)
{
AddThreadToThreadList(l2tp->ThreadList, thread);
}
else
{
AddThreadToThreadList(l2tp->IkeServer->ThreadList, thread);
}
Debug("Thread Stopped for Session %u/%u on Tunnel %u/%u\n",
s->SessionId1, s->SessionId2, t->TunnelId1, t->TunnelId2);
// Release the thread
ReleaseThread(thread);
}
// Interrupt processing of L2TP server
void L2TPProcessInterrupts(L2TP_SERVER *l2tp)
{
UINT i, j;
LIST *delete_tunnel_list = NULL;
// Validate arguments
if (l2tp == NULL)
{
return;
}
if (l2tp->Halt)
{
if (l2tp->Halting == false)
{
l2tp->Halting = true;
// Disconnect all tunnels
for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
{
L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
DisconnectL2TPTunnel(t);
}
}
}
// Flush
FlushTubeFlushList(l2tp->FlushList);
// Enumerate all tunnels
for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
{
L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
LIST *delete_session_list = NULL;
if ((l2tp->Now >= (t->LastRecvTick + (UINT64)L2TP_TUNNEL_TIMEOUT)) && t->Timedout == false)
{
// Disconnect the tunnel forcibly if data can not be received for a certain period of time
t->Timedout = true;
Debug("L2TP Tunnel %u/%u Timed out.\n", t->TunnelId1, t->TunnelId2);
DisconnectL2TPTunnel(t);
}
if (t->Established && (l2tp->Now >= (t->LastHelloSent + (UINT64)L2TP_HELLO_INTERVAL)))
{
if (LIST_NUM(t->SendQueue) <= L2TP_HELLO_SUPRESS_MAX_THRETHORD_NUM_SEND_QUEUE)
{
L2TP_PACKET *pp = NewL2TPControlPacket(L2TP_MESSAGE_TYPE_HELLO, t->IsV3);
// Send a Hello message
t->LastHelloSent = l2tp->Now;
//Debug("L2TP Sending Hello %u/%u: tick=%I64u\n", t->TunnelId1, t->TunnelId2, l2tp->Now);
SendL2TPControlPacket(l2tp, t, 0, pp);
FreeL2TPPacket(pp);
L2TPAddInterrupt(l2tp, t->LastHelloSent + (UINT64)L2TP_HELLO_INTERVAL);
}
}
// Enumerate all sessions
for (j = 0;j < LIST_NUM(t->SessionList);j++)
{
L2TP_SESSION *s = LIST_DATA(t->SessionList, j);
if (s->HasThread)
{
// Send packet data
while (true)
{
TUBEDATA *d = TubeRecvAsync(s->TubeSend);
if (d == NULL)
{
break;
}
SendL2TPDataPacket(l2tp, t, s, d->Data, d->DataSize);
FreeTubeData(d);
}
if (IsTubeConnected(s->TubeSend) == false)
{
// Disconnect the this session because the PPP thread ends
DisconnectL2TPSession(t, s);
}
}
if (s->IsV3)
{
if (s->EtherIP != NULL)
{
UINT k;
L2TPSessionManageEtherIPServer(l2tp, s);
// Notify an interrupt to the EtherIP module
EtherIPProcInterrupts(s->EtherIP);
// Send an EtherIP packet data
for (k = 0;k < LIST_NUM(s->EtherIP->SendPacketList);k++)
{
BLOCK *b = LIST_DATA(s->EtherIP->SendPacketList, k);
SendL2TPDataPacket(l2tp, t, s, b->Buf, b->Size);
FreeBlock(b);
}
DeleteAll(s->EtherIP->SendPacketList);
}
}
if (s->WantToDisconnect && s->Disconnecting == false)
{
// Disconnect the session
UCHAR error_data[4];
USHORT us;
UINT ui;
UINT ppp_error_1 = 0, ppp_error_2 = 0;
// Send the session disconnection response
L2TP_PACKET *pp = NewL2TPControlPacket(L2TP_MESSAGE_TYPE_CDN, s->IsV3);
if (s->TubeRecv != NULL)
{
ppp_error_1 = s->TubeRecv->IntParam1;
ppp_error_2 = s->TubeRecv->IntParam2;
}
// Assigned Session ID
if (s->IsV3 == false)
{
us = Endian16(s->SessionId2);
Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_ASSIGNED_SESSION, true, 0,
&us, sizeof(USHORT)));
}
else
{
ui = Endian16(s->SessionId2);
Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_V3_SESSION_ID_LOCAL, true, 0,
&ui, sizeof(UINT)));
if (t->IsCiscoV3)
{
Add(pp->AvpList, NewAVP(L2TPV3_CISCO_AVP_SESSION_ID_LOCAL, true, L2TP_AVP_VENDOR_ID_CISCO,
&ui, sizeof(UINT)));
}
}
// Result-Error Code
Zero(error_data, sizeof(error_data));
error_data[1] = 0x03;
Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_RESULT_CODE, true, 0,
error_data, sizeof(error_data)));
if (ppp_error_1 != 0)
{
// PPP Disconnect Cause Code AVP
BUF *b = NewBuf();
UCHAR uc;
USHORT us;
// Disconnect Code
us = Endian16(ppp_error_1);
WriteBuf(b, &us, sizeof(USHORT));
// Control Protocol Number
us = Endian16(0xc021);
WriteBuf(b, &us, sizeof(USHORT));
// Direction
uc = (UCHAR)ppp_error_2;
WriteBuf(b, &uc, sizeof(UCHAR));
Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_PPP_DISCONNECT_CAUSE, false, 0,
b->Buf, b->Size));
FreeBuf(b);
}
SendL2TPControlPacket(l2tp, t, s->SessionId1, pp);
FreeL2TPPacket(pp);
// Disconnect the session
Debug("L2TP Session %u/%u on Tunnel %u/%u Disconnected.\n", s->SessionId1, s->SessionId2,
t->TunnelId1, t->TunnelId2);
s->Disconnecting = true;
s->Established = false;
s->DisconnectTimeout = l2tp->Now + (UINT64)L2TP_TUNNEL_DISCONNECT_TIMEOUT;
// Stop the thread
StopL2TPThread(l2tp, t, s);
L2TPAddInterrupt(l2tp, s->DisconnectTimeout);
}
if (s->Disconnecting && ((l2tp->Now >= s->DisconnectTimeout) || LIST_NUM(t->SendQueue) == 0))
{
// Delete the session if synchronization between the client
// and the server is complete or a time-out occurs
if (delete_session_list == NULL)
{
delete_session_list = NewListFast(NULL);
}
Add(delete_session_list, s);
}
}
if (delete_session_list != NULL)
{
// Session deletion process
for (j = 0;j < LIST_NUM(delete_session_list);j++)
{
L2TP_SESSION *s = LIST_DATA(delete_session_list, j);
Debug("L2TP Session %u/%u on Tunnel %u/%u Cleaned up.\n", s->SessionId1, s->SessionId2,
t->TunnelId1, t->TunnelId2);
FreeL2TPSession(s);
Delete(t->SessionList, s);
}
ReleaseList(delete_session_list);
}
if (t->WantToDisconnect && t->Disconnecting == false)
{
// Disconnect the tunnel
USHORT error_data[4];
USHORT us;
UINT ui;
// Reply the tunnel disconnection response
L2TP_PACKET *pp = NewL2TPControlPacket(L2TP_MESSAGE_TYPE_STOPCCN, t->IsV3);
// Assigned Tunnel ID
if (t->IsV3 == false)
{
us = Endian16(t->TunnelId2);
Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_ASSIGNED_TUNNEL, true, 0,
&us, sizeof(USHORT)));
}
else
{
ui = Endian32(t->TunnelId2);
Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_V3_TUNNEL_ID, true, 0,
&ui, sizeof(UINT)));
if (t->IsCiscoV3)
{
Add(pp->AvpList, NewAVP(L2TPV3_CISCO_AVP_TUNNEL_ID, true, L2TP_AVP_VENDOR_ID_CISCO,
&ui, sizeof(UINT)));
}
}
// Result-Error Code
Zero(error_data, sizeof(error_data));
error_data[1] = 0x06;
Add(pp->AvpList, NewAVP(L2TP_AVP_TYPE_RESULT_CODE, true, 0,
error_data, sizeof(error_data)));
SendL2TPControlPacket(l2tp, t, 0, pp);
FreeL2TPPacket(pp);
Debug("L2TP Tunnel %u/%u is Disconnected.\n", t->TunnelId1, t->TunnelId2);
t->Disconnecting = true;
t->Established = false;
t->DisconnectTimeout = l2tp->Now + (UINT64)L2TP_TUNNEL_DISCONNECT_TIMEOUT;
L2TPAddInterrupt(l2tp, t->DisconnectTimeout);
}
if (t->Disconnecting && (((LIST_NUM(t->SendQueue) == 0) && LIST_NUM(t->SessionList) == 0) || (l2tp->Now >= t->DisconnectTimeout)))
{
// Delete the tunnel if there is no session in the tunnel when synchronization
// between the client and the server has been completed or a time-out occurs
if (delete_tunnel_list == NULL)
{
delete_tunnel_list = NewListFast(NULL);
}
Add(delete_tunnel_list, t);
}
}
if (delete_tunnel_list != NULL)
{
for (i = 0;i < LIST_NUM(delete_tunnel_list);i++)
{
L2TP_TUNNEL *t = LIST_DATA(delete_tunnel_list, i);
Debug("L2TP Tunnel %u/%u Cleaned up.\n", t->TunnelId1, t->TunnelId2);
FreeL2TPTunnel(t);
Delete(l2tp->TunnelList, t);
}
ReleaseList(delete_tunnel_list);
}
// Re-transmit packets
for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
{
L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
UINT j;
if (LIST_NUM(t->SendQueue) >= 1)
{
// Packet to be transmitted exists one or more
for (j = 0;j < LIST_NUM(t->SendQueue);j++)
{
L2TP_QUEUE *q = LIST_DATA(t->SendQueue, j);
if (l2tp->Now >= q->NextSendTick)
{
q->NextSendTick = l2tp->Now + (UINT64)L2TP_PACKET_RESEND_INTERVAL;
L2TPAddInterrupt(l2tp, q->NextSendTick);
SendL2TPControlPacketMain(l2tp, t, q);
}
}
}
else
{
// There is no packet to be transmitted, but the state of the tunnel is changed
if (t->StateChanged)
{
// Send a ZLB
L2TP_QUEUE *q = ZeroMalloc(sizeof(L2TP_QUEUE));
L2TP_PACKET *pp = NewL2TPControlPacket(0, t->IsV3);
pp->TunnelId = t->TunnelId1;
pp->Ns = t->NextNs;
q->Buf = BuildL2TPPacketData(pp);
SendL2TPControlPacketMain(l2tp, t, q);
FreeL2TPQueue(q);
FreeL2TPPacket(pp);
}
}
t->StateChanged = false;
}
if (l2tp->Halting)
{
if (LIST_NUM(l2tp->TunnelList) == 0)
{
// Stop all the L2TP tunnel completed
if (l2tp->HaltCompleted == false)
{
l2tp->HaltCompleted = true;
Set(l2tp->HaltCompletedEvent);
}
}
}
// Maintenance the thread list
if (l2tp->IkeServer == NULL)
{
MainteThreadList(l2tp->ThreadList);
//Debug("l2tp->ThreadList: %u\n", LIST_NUM(l2tp->ThreadList));
}
}
// Create a new L2TP server
L2TP_SERVER *NewL2TPServer(CEDAR *cedar)
{
return NewL2TPServerEx(cedar, NULL, false, 0);
}
L2TP_SERVER *NewL2TPServerEx(CEDAR *cedar, IKE_SERVER *ike, bool is_ipv6, UINT crypt_block_size)
{
L2TP_SERVER *l2tp;
// Validate arguments
if (cedar == NULL)
{
return NULL;
}
l2tp = ZeroMalloc(sizeof(L2TP_SERVER));
l2tp->FlushList = NewTubeFlushList();
l2tp->Cedar = cedar;
AddRef(l2tp->Cedar->ref);
l2tp->SendPacketList = NewList(NULL);
l2tp->TunnelList = NewList(NULL);
l2tp->HaltCompletedEvent = NewEvent();
l2tp->ThreadList = NewThreadList();
l2tp->IkeServer = ike;
l2tp->IsIPsecIPv6 = is_ipv6;
l2tp->CryptBlockSize = crypt_block_size;
return l2tp;
}
// Stop the L2TP server
void StopL2TPServer(L2TP_SERVER *l2tp, bool no_wait)
{
// Validate arguments
if (l2tp == NULL)
{
return;
}
if (l2tp->Halt)
{
return;
}
// Begin to shut down
l2tp->Halt = true;
Debug("Shutting down L2TP Server...\n");
// Hit the event
SetSockEvent(l2tp->SockEvent);
if (no_wait == false)
{
// Wait until complete stopping all tunnels
Wait(l2tp->HaltCompletedEvent, INFINITE);
}
else
{
UINT i, j;
// Kill the thread of all sessions
for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
{
L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
for (j = 0;j < LIST_NUM(t->SessionList);j++)
{
L2TP_SESSION *s = LIST_DATA(t->SessionList, j);
StopL2TPThread(l2tp, t, s);
}
}
}
// Thread stop
Debug("Stopping all L2TP PPP Threads...\n");
StopThreadList(l2tp->ThreadList);
Debug("L2TP Server Shutdown Completed.\n");
}
// Release the L2TP server
void FreeL2TPServer(L2TP_SERVER *l2tp)
{
UINT i;
// Validate arguments
if (l2tp == NULL)
{
return;
}
FreeThreadList(l2tp->ThreadList);
for (i = 0;i < LIST_NUM(l2tp->SendPacketList);i++)
{
UDPPACKET *p = LIST_DATA(l2tp->SendPacketList, i);
FreeUdpPacket(p);
}
ReleaseList(l2tp->SendPacketList);
for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
{
L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
FreeL2TPTunnel(t);
}
ReleaseList(l2tp->TunnelList);
ReleaseSockEvent(l2tp->SockEvent);
ReleaseEvent(l2tp->HaltCompletedEvent);
ReleaseCedar(l2tp->Cedar);
FreeTubeFlushList(l2tp->FlushList);
Free(l2tp);
}
// Set a SockEvent to the L2TP server
void SetL2TPServerSockEvent(L2TP_SERVER *l2tp, SOCK_EVENT *e)
{
// Validate arguments
if (l2tp == NULL)
{
return;
}
if (e != NULL)
{
AddRef(e->ref);
}
if (l2tp->SockEvent != NULL)
{
ReleaseSockEvent(l2tp->SockEvent);
l2tp->SockEvent = NULL;
}
l2tp->SockEvent = e;
}
// Developed by SoftEther VPN Project at University of Tsukuba in Japan.
// Department of Computer Science has dozens of overly-enthusiastic geeks.
// Join us: http://www.tsukuba.ac.jp/english/admission/