l2tp: Full hidden AVPs support

Add option "hide-avps" in the "l2tp" section for hiding attributes
sent to peer. This same option is also made available on accel-ppp's
command line interface:
  accel-ppp# tunnel create tunnel peer-addr 192.0.2.1 hide-avps 1

Attribute hiding is performed upon attribute creation (in the
l2tp_packet_add_*() functions family) rather than upon packet sending.
This avoid running the cipher for every retransmission; the counterpart
is that l2tp_packet_print() can't dump original attributes of hidden
AVPs.

Currently, only one random vector is used for all hidden AVPs in a
packet. This is easily extensible though, as the 'last_RV' field in
struct l2tp_packet_t may be overridden to use new vectors for next
AVPs.

Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>

1 files changed, 6 insertions, 1 deletions

diff --git a/accel-pppd/ctrl/l2tp/l2tp.h b/accel-pppd/ctrl/l2tp/l2tp.h
index 82dafd72..566212a3 100644
--- a/accel-pppd/ctrl/l2tp/l2tp.h
+++ b/accel-pppd/ctrl/l2tp/l2tp.h
@@ -63,6 +63,10 @@ struct l2tp_packet_t
 	struct sockaddr_in addr;
 	struct l2tp_hdr_t hdr;
 	struct list_head attrs;
+	struct l2tp_attr_t *last_RV;
+	const char *secret;
+	size_t secret_len;
+	int hide_avps;
 };
 
 extern int conf_verbose;
@@ -79,7 +83,8 @@ void l2tp_packet_free(struct l2tp_packet_t *);
 void l2tp_packet_print(const struct l2tp_packet_t *,
 		       void (*print)(const char *fmt, ...));
 struct l2tp_packet_t *l2tp_packet_alloc(int ver, int msg_type,
-					const struct sockaddr_in *addr);
+					const struct sockaddr_in *addr, int H,
+					const char *secret, size_t secret_len);
 int l2tp_packet_send(int sock, struct l2tp_packet_t *);
 int l2tp_packet_add_int16(struct l2tp_packet_t *pack, int id, int16_t val, int M);
 int l2tp_packet_add_int32(struct l2tp_packet_t *pack, int id, int32_t val, int M);