problems with L2TP

problems with L2TP

[Sam Protsenko]

Hi,

I'm having issues running user-space code, which uses net/l2tp/l2tp_ppp.c.
The code is supposed to be running in LAC mode (which is I believe is default).
My server configuration described here: https://wiki.linaro.org/LMG/Kernel/PPP

I was trying to use next code snippets as user-space part:
  1. Code example from comments in net/l2tp/l2tp_ppp.c
  2. Code examples from Documentation/networking/l2tp.txt
  3. Code from this project: http://www.kvack.org/~bcrl/pppol2tp/multihop.c

Basically, I was trying two options for user-space code:
  1. Creating only one sockaddr_pppol2tp, like this:

    <<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>
    session_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
    session_sa.sa_family = AF_PPPOX;
    session_sa.sa_protocol = PX_PROTO_OL2TP;
    session_sa.pppol2tp.fd = udp_fd;
    session_sa.pppol2tp.s_tunnel = local_tunnel;
    session_sa.pppol2tp.s_session = local_session;
    session_sa.pppol2tp.d_tunnel = remote_tunnel;
    session_sa.pppol2tp.d_session = remote_session;
    connect(session_fd, (struct sockaddr *)&session_sa,
            sizeof(session_sa));
    <<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>

    In that case user-space tool was failing on connect() call.

  2. Creating two sockaddr_pppol2tp, like this:

    <<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>

    tunnel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
    tunnel_sa.sa_family = AF_PPPOX;
    tunnel_sa.sa_protocol = PX_PROTO_OL2TP;
    tunnel_sa.pppol2tp.fd = the_socket; /* UDP socket */
    tunnel_sa.pppol2tp.s_tunnel = local_tunnel;
    tunnel_sa.pppol2tp.s_session = 0; /* special case: mgmt socket */
    tunnel_sa.pppol2tp.d_tunnel = remote_tunnel;
    tunnel_sa.pppol2tp.d_session = 0; /* special case: mgmt socket */
    connect(tunnel_fd, (struct sockaddr *)&tunnel_sa,
            sizeof(tunnel_sa));

    session_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
    session_sa.sa_family = AF_PPPOX;
    session_sa.sa_protocol = PX_PROTO_OL2TP;
    session_sa.pppol2tp.fd = udp_fd;
    session_sa.pppol2tp.s_tunnel = local_tunnel;
    session_sa.pppol2tp.s_session = local_session;
    session_sa.pppol2tp.d_tunnel = remote_tunnel;
    session_sa.pppol2tp.d_session = remote_session;
    connect(session_fd, (struct sockaddr *)&session_sa,
            sizeof(session_sa));
    <<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>

    In this case my user-space tool works fine, but my server shows
next errors in /var/log/syslog:

    <<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>
    Jul  3 16:32:49 joe-laptop xl2tpd[2978]: Can not find tunnel 25061
(refhim=0)
    Jul  3 16:32:49 joe-laptop xl2tpd[2978]: network_thread: unable to
find call or tunnel to handle packet.  call = 48566, tunnel = 25061
Dumping.
    <<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>

UDP socket was created next way (for both cases):
https://android.googlesource.com/platform/external/mtpd/+/0269612ac00a0700997dda333faf0a3c33a388b8/mtpd.c#253

(see the_socket variable in create_socket() function).

So my questions are:
1. Am I doing something wrong in userspace part? Because my server
part is working fine with Android kernel implementation of LAC
(drivers/net/ppp/pppolac.c). When I'm trying to do the same with
mainline kernel implementation of LAC -- I'm having issues described
above.
2. Do we have some testing code for L2TP (particularly LAC)? Or maybe
just some working user-space code sample?

Thanks!

Re: problems with L2TP

[Tom Parkin]

[-- Attachment #1: Type: text/plain, Size: 4520 bytes --]

Hi Sam,

On Fri, Jul 03, 2015 at 04:49:51PM +0300, Sam Protsenko wrote:
> Hi,
> 
> I'm having issues running user-space code, which uses net/l2tp/l2tp_ppp.c.
> The code is supposed to be running in LAC mode (which is I believe is default).
> My server configuration described here: https://wiki.linaro.org/LMG/Kernel/PPP
> 
> I was trying to use next code snippets as user-space part:
>   1. Code example from comments in net/l2tp/l2tp_ppp.c
>   2. Code examples from Documentation/networking/l2tp.txt
>   3. Code from this project: http://www.kvack.org/~bcrl/pppol2tp/multihop.c
> 
> Basically, I was trying two options for user-space code:
>   1. Creating only one sockaddr_pppol2tp, like this:
> 
>     <<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>
>     session_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
>     session_sa.sa_family = AF_PPPOX;
>     session_sa.sa_protocol = PX_PROTO_OL2TP;
>     session_sa.pppol2tp.fd = udp_fd;
>     session_sa.pppol2tp.s_tunnel = local_tunnel;
>     session_sa.pppol2tp.s_session = local_session;
>     session_sa.pppol2tp.d_tunnel = remote_tunnel;
>     session_sa.pppol2tp.d_session = remote_session;
>     connect(session_fd, (struct sockaddr *)&session_sa,
>             sizeof(session_sa));
>     <<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>
> 
>     In that case user-space tool was failing on connect() call.
> 
>   2. Creating two sockaddr_pppol2tp, like this:
> 
>     <<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>
> 
>     tunnel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
>     tunnel_sa.sa_family = AF_PPPOX;
>     tunnel_sa.sa_protocol = PX_PROTO_OL2TP;
>     tunnel_sa.pppol2tp.fd = the_socket; /* UDP socket */
>     tunnel_sa.pppol2tp.s_tunnel = local_tunnel;
>     tunnel_sa.pppol2tp.s_session = 0; /* special case: mgmt socket */
>     tunnel_sa.pppol2tp.d_tunnel = remote_tunnel;
>     tunnel_sa.pppol2tp.d_session = 0; /* special case: mgmt socket */
>     connect(tunnel_fd, (struct sockaddr *)&tunnel_sa,
>             sizeof(tunnel_sa));
> 
>     session_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
>     session_sa.sa_family = AF_PPPOX;
>     session_sa.sa_protocol = PX_PROTO_OL2TP;
>     session_sa.pppol2tp.fd = udp_fd;
>     session_sa.pppol2tp.s_tunnel = local_tunnel;
>     session_sa.pppol2tp.s_session = local_session;
>     session_sa.pppol2tp.d_tunnel = remote_tunnel;
>     session_sa.pppol2tp.d_session = remote_session;
>     connect(session_fd, (struct sockaddr *)&session_sa,
>             sizeof(session_sa));
>     <<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>
> 
>     In this case my user-space tool works fine, but my server shows
> next errors in /var/log/syslog:
> 
>     <<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>
>     Jul  3 16:32:49 joe-laptop xl2tpd[2978]: Can not find tunnel 25061
> (refhim=0)
>     Jul  3 16:32:49 joe-laptop xl2tpd[2978]: network_thread: unable to
> find call or tunnel to handle packet.  call = 48566, tunnel = 25061
> Dumping.
>     <<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>
> 
> UDP socket was created next way (for both cases):
> https://android.googlesource.com/platform/external/mtpd/+/0269612ac00a0700997dda333faf0a3c33a388b8/mtpd.c#253
> 
> (see the_socket variable in create_socket() function).
> 
> So my questions are:
> 1. Am I doing something wrong in userspace part? Because my server
> part is working fine with Android kernel implementation of LAC
> (drivers/net/ppp/pppolac.c). When I'm trying to do the same with
> mainline kernel implementation of LAC -- I'm having issues described
> above.

The second approach looks good to me.  Note that the session only
stays up as long as session_fd is open.

How is the tunnel/session being created on the server side?  How are
you deriving the session and tunnel IDs?  The fact that xl2tp is
complaining about being unable to find tunnel IDs suggests that data
is arriving there but that something isn't correctly configured at
that end.

> 2. Do we have some testing code for L2TP (particularly LAC)? Or maybe
> just some working user-space code sample?
> 
> Thanks!
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

-- 
Tom Parkin
Katalix Systems Ltd
http://www.katalix.com
Catalysts for your Embedded Linux software development

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: problems with L2TP

[Sam Protsenko]

Thanks for your reply, Tom!

> How is the tunnel/session being created on the server side?

My server is xl2tpd. If I understand correctly, session and tunnel are
being created in start_pppd() function, see [1].
Judging from xl2tpd logs (see [2]), start_pppd() function is executed,
in turn, from control_finish() (see [3]), when "c->msgtype" switch is
in "case ICCN:" (marked as "Incoming-Call-Connected" in log).
Tunnel ID and call ID for server side are generated in new_tunnel()
and new_call() functions, accordingly.
Tunnel ID and call ID for client side, I believe, are being received
from client in this code: [4] (see get_call() and get_tunnel()
functions calls).

> How are you deriving the session and tunnel IDs?

If you mean how they are generated at client side -- they are
basically random values (I'm using modified "mtpd" tool from Android):
 - session ID -- see "local_session" variable at [5]
 - tunnel ID -- see "local_tunnel" variable at [6].

I will try to play with tunnel_id/session_id values for both tunnel
and session sockets (in code from my first message) and see if it
helps.

Thanks!

References:

[1] https://github.com/xelerance/xl2tpd/blob/master/xl2tpd.c#L421
[2] xl2tpd log (with debug options enabled): http://pastebin.com/f0kfz37E
[3] https://github.com/xelerance/xl2tpd/blob/master/control.c#L998
[4] https://github.com/xelerance/xl2tpd/blob/master/network.c#L597
[5] https://android.googlesource.com/platform/external/mtpd/+/0269612ac00a0700997dda333faf0a3c33a388b8/l2tp.c#479
[6] https://android.googlesource.com/platform/external/mtpd/+/0269612ac00a0700997dda333faf0a3c33a388b8/l2tp.c#319

Re: problems with L2TP

[James Chapman]

On 06/07/15 17:16, Sam Protsenko wrote:
> Thanks for your reply, Tom!
>
>> How are you deriving the session and tunnel IDs?
> If you mean how they are generated at client side -- they are
> basically random values (I'm using modified "mtpd" tool from Android):
>  - session ID -- see "local_session" variable at [5]
>  - tunnel ID -- see "local_tunnel" variable at [6].
>
> I will try to play with tunnel_id/session_id values for both tunnel
> and session sockets (in code from my first message) and see if it
> helps.
>
> Thanks!
>
> References:
>
> [1] https://github.com/xelerance/xl2tpd/blob/master/xl2tpd.c#L421
> [2] xl2tpd log (with debug options enabled): http://pastebin.com/f0kfz37E
> [3] https://github.com/xelerance/xl2tpd/blob/master/control.c#L998
> [4] https://github.com/xelerance/xl2tpd/blob/master/network.c#L597
> [5] https://android.googlesource.com/platform/external/mtpd/+/0269612ac00a0700997dda333faf0a3c33a388b8/l2tp.c#479
> [6] https://android.googlesource.com/platform/external/mtpd/+/0269612ac00a0700997dda333faf0a3c33a388b8/l2tp.c#319

Tom and I discussed this and we're not clear what you are running. Have
you changed create_pppox() in mtpd with the code fragment from your
original mail? Are you sure that your modified mtpd gets the correct
local/remote tunnel-id and session-id to make its connect() call?

Use l2tp_debugfs to get information from debugfs about the l2tp state in
the kernel. Check that this matches what your app has configured.

Several open source projects use the l2tp driver so these might be
useful as a reference:

[a] pppd's pppol2tp plugin - http://download.samba.org/pub/ppp/
[b] accel-ppp - http://accel-ppp.org

-- 
James Chapman
Katalix Systems Ltd
http://www.katalix.com
Catalysts for your Embedded Linux software development

Re: problems with L2TP

[Sam Protsenko]

> Tom and I discussed this and we're not clear what you are running. Have
> you changed create_pppox() in mtpd with the code fragment from your
> original mail?

Here is the commit for mtpd where I'm changing Android L2TP
implementation to mainline implementation:
http://git.linaro.org/people/semen.protsenko/mtpd.git/blobdiff/27a25e28b7c84d3f49c50a3e7b1fc3a46ac4ff51..01265f20617e7f3ca041e55dbf557912a0ecebd5:/l2tp_up.c

> Are you sure that your modified mtpd gets the correct
> local/remote tunnel-id and session-id to make its connect() call?

Judging from xl2tpd and mtpd logs, they are actually different. Seems
like this is actual issue. But I still didn't figured why it's
happening.
As I understand, mtpd should have the same values for remote
tunnel-id/session-id as xl2tpd has for local ones, but it's not the
case for my code.

Re: problems with L2TP

[James Chapman]

On 09/07/15 10:16, Sam Protsenko wrote:
>> Tom and I discussed this and we're not clear what you are running. Have
>> you changed create_pppox() in mtpd with the code fragment from your
>> original mail?
> Here is the commit for mtpd where I'm changing Android L2TP
> implementation to mainline implementation:
> http://git.linaro.org/people/semen.protsenko/mtpd.git/blobdiff/27a25e28b7c84d3f49c50a3e7b1fc3a46ac4ff51..01265f20617e7f3ca041e55dbf557912a0ecebd5:/l2tp_up.c
>
>> Are you sure that your modified mtpd gets the correct
>> local/remote tunnel-id and session-id to make its connect() call?
> Judging from xl2tpd and mtpd logs, they are actually different. Seems
> like this is actual issue. But I still didn't figured why it's
> happening.
> As I understand, mtpd should have the same values for remote
> tunnel-id/session-id as xl2tpd has for local ones, but it's not the
> case for my code.
That's correct. This is a control protocol implementation issue, not a
kernel issue.

-- 
James Chapman
Katalix Systems Ltd
http://www.katalix.com
Catalysts for your Embedded Linux software development