On Sun, Jul 24, 2016 at 07:25:30PM +0200, Pablo Neira Ayuso wrote:
> Hi James,
>
> I'm looking what is missing to add l2tp for nftables, after a quick
> glance this is what I found.
>
> The L2TPv3 over IP (after quick reading of the RFC) seems easy to add.
> I'm attaching a patch for the header layout definition (still parser
> side is missing, so this patch is incomplete).
Forgot attachment.
>From 33da2458d250cedb8e2f1bded636e2fcec86c7b5 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso
Date: Sun, 24 Jul 2016 19:10:02 +0200
Subject: [PATCH] proto: add support l2tp protocol
Signed-off-by: Pablo Neira Ayuso
---
Patch incomplete, parser side is missing.
include/headers.h | 15 +++
include/proto.h | 11 +++
src/proto.c | 23 +++
3 files changed, 49 insertions(+)
diff --git a/include/headers.h b/include/headers.h
index 469d674..8faff26 100644
--- a/include/headers.h
+++ b/include/headers.h
@@ -130,4 +130,19 @@ struct ip6_mh {
/* RFC 5142 */
#define IP6_MH_TYPE_HASM 12 /* Home Agent Switch Message */
+struct l2tphdr {
+ uint32_t sid;
+ uint16_t flags:12,
+ ver:4;
+ uint16_t length;
+ uint32_t cid;
+ uint16_t ns;
+ uint16_t nr;
+};
+
+/* RFC 3931 */
+#ifndef IPPROTO_L2TP
+# define IPPROTO_L2TP 115
+#endif
+
#endif /* NFTABLES_HEADERS_H */
diff --git a/include/proto.h b/include/proto.h
index 4fa54a7..dc250e6 100644
--- a/include/proto.h
+++ b/include/proto.h
@@ -293,6 +293,16 @@ enum sctp_hdr_fields {
SCTPHDR_CHECKSUM,
};
+enum l2tp_hdr_fields {
+ L2TPHDR_SID,
+ L2TPHDR_FLAGS,
+ L2TPHDR_VERSION,
+ L2TPHDR_LENGTH,
+ L2TPHDR_CID,
+ L2TPHDR_NS,
+ L2TPHDR_NR,
+};
+
extern const struct proto_desc proto_icmp;
extern const struct proto_desc proto_ah;
extern const struct proto_desc proto_esp;
@@ -303,6 +313,7 @@ extern const struct proto_desc proto_tcp;
extern const struct proto_desc proto_dccp;
extern const struct proto_desc proto_sctp;
extern const struct proto_desc proto_icmp6;
+extern const struct proto_desc proto_l2tp;
extern const struct proto_desc proto_ip;
extern const struct proto_desc proto_ip6;
diff --git a/src/proto.c b/src/proto.c
index 4c12977..1ee128b 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -508,6 +508,27 @@ const struct proto_desc proto_sctp = {
};
/*
+ * L2TPv3 (RFC3931)
+ */
+
+#define L2TPHDR_FIELD(__name, __member) \
+ HDR_FIELD(__name, struct l2tphdr, __member)
+
+const struct proto_desc proto_l2tp = {
+ .name = "l2tp",
+ .base = PROTO_BASE_TRANSPORT_HDR,
+ .templates = {
+ [L2TPHDR_SID] = L2TPHDR_FIELD("sid", sid),
+ [L2TPHDR_FLAGS] = HDR_BITFIELD("flags", &integer_type, 32, 44),
+ [L2TPHDR_VERSION] = HDR_BITFIELD("version", &integer_type, 44, 48),
+ [L2TPHDR_LENGTH] = L2TPHDR_FIELD("length", length),
+ [L2TPHDR_CID] = L2TPHDR_FIELD("cid", cid),
+ [L2TPHDR_NS] = L2TPHDR_FIELD("ns", ns),
+ [L2TPHDR_NR] = L2TPHDR_FIELD("nr", nr),
+ },
+};
+
+/*
* IPv4
*/
@@ -593,6 +614,7 @@ const struct proto_desc proto_ip = {
PROTO_LINK(IPPROTO_TCP, &proto_tcp),
PROTO_LINK(IPPROTO_DCCP, &proto_dccp),
PROTO_LINK(IPPROTO_SCTP, &proto_sctp),
+ PROTO_LINK(IPPROTO_L2TP, &proto_l2tp),
},
.templates = {
[IPHDR_VERSION] = HDR_BITFIELD("version", &integer_type, 0, 4),
@@ -701,6 +723,7 @@ const struct proto_desc proto_ip6 = {
PROTO_LINK(IPPROTO_DCCP, &proto_dccp),
PROTO_LINK(IPPROTO_SCTP, &proto_sctp),
PROTO_LINK(IPPROTO_ICMPV6, &proto_icmp6),
+ PROTO_LINK(IPPROTO_L2TP, &proto_l2tp),
},
.templates = {
[IP6HDR_VERSION] = HDR_BITFIELD("version", &integer_type, 0, 4),
--
2.1.4
