*** empty log message ***
[l2tpns.git] / l2tpns.c
1 // L2TP Network Server
2 // Adrian Kennard 2002
3 // Copyright (c) 2003, 2004, 2005 Optus Internet Engineering
4 // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
5 // vim: sw=8 ts=8
6
7 char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.134 2005-09-16 05:30:30 bodea Exp $";
8
9 #include <arpa/inet.h>
10 #include <assert.h>
11 #include <errno.h>
12 #include <fcntl.h>
13 #include <linux/if_tun.h>
14 #define SYSLOG_NAMES
15 #include <syslog.h>
16 #include <malloc.h>
17 #include <math.h>
18 #include <net/route.h>
19 #include <sys/mman.h>
20 #include <netdb.h>
21 #include <netinet/in.h>
22 #include <netinet/ip6.h>
23 #include <stdarg.h>
24 #include <stdlib.h>
25 #include <stdio.h>
26 #include <string.h>
27 #include <ctype.h>
28 #include <sys/ioctl.h>
29 #include <sys/socket.h>
30 #include <sys/stat.h>
31 #include <sys/time.h>
32 #include <sys/resource.h>
33 #include <sys/wait.h>
34 #include <linux/if.h>
35 #include <stddef.h>
36 #include <time.h>
37 #include <dlfcn.h>
38 #include <unistd.h>
39 #include <sched.h>
40 #include <sys/sysinfo.h>
41 #include <libcli.h>
42
43 #include "md5.h"
44 #include "l2tpns.h"
45 #include "cluster.h"
46 #include "plugin.h"
47 #include "ll.h"
48 #include "constants.h"
49 #include "control.h"
50 #include "util.h"
51 #include "tbf.h"
52
53 #ifdef BGP
54 #include "bgp.h"
55 #endif
56
57 // Globals
58 configt *config = NULL; // all configuration
59 int tunfd = -1; // tun interface file handle. (network device)
60 int udpfd = -1; // UDP file handle
61 int controlfd = -1; // Control signal handle
62 int clifd = -1; // Socket listening for CLI connections.
63 int daefd = -1; // Socket listening for DAE connections.
64 int snoopfd = -1; // UDP file handle for sending out intercept data
65 int *radfds = NULL; // RADIUS requests file handles
66 int ifrfd = -1; // File descriptor for routing, etc
67 int ifr6fd = -1; // File descriptor for IPv6 routing, etc
68 int rand_fd = -1; // Random data source
69 int cluster_sockfd = -1; // Intra-cluster communications socket.
70 int epollfd = -1; // event polling
71 time_t basetime = 0; // base clock
72 char hostname[1000] = ""; // us.
73 static int tunidx; // ifr_ifindex of tun device
74 static int syslog_log = 0; // are we logging to syslog
75 static FILE *log_stream = 0; // file handle for direct logging (i.e. direct into file, not via syslog).
76 uint32_t last_id = 0; // Unique ID for radius accounting
77
78 // calculated from config->l2tp_mtu
79 uint16_t MRU = 0; // PPP MRU
80 uint16_t MSS = 0; // TCP MSS
81
82 struct cli_session_actions *cli_session_actions = NULL; // Pending session changes requested by CLI
83 struct cli_tunnel_actions *cli_tunnel_actions = NULL; // Pending tunnel changes required by CLI
84
85 static void *ip_hash[256]; // Mapping from IP address to session structures.
86 struct ipv6radix {
87 int sess;
88 struct ipv6radix *branch;
89 } ipv6_hash[256]; // Mapping from IPv6 address to session structures.
90
91 // Traffic counters.
92 static uint32_t udp_rx = 0, udp_rx_pkt = 0, udp_tx = 0;
93 static uint32_t eth_rx = 0, eth_rx_pkt = 0;
94 uint32_t eth_tx = 0;
95
96 static uint32_t ip_pool_size = 1; // Size of the pool of addresses used for dynamic address allocation.
97 time_t time_now = 0; // Current time in seconds since epoch.
98 static char time_now_string[64] = {0}; // Current time as a string.
99 char main_quit = 0; // True if we're in the process of exiting.
100 linked_list *loaded_plugins;
101 linked_list *plugins[MAX_PLUGIN_TYPES];
102
103 #define membersize(STRUCT, MEMBER) sizeof(((STRUCT *)0)->MEMBER)
104 #define CONFIG(NAME, MEMBER, TYPE) { NAME, offsetof(configt, MEMBER), membersize(configt, MEMBER), TYPE }
105
106 config_descriptt config_values[] = {
107 CONFIG("debug", debug, INT),
108 CONFIG("log_file", log_filename, STRING),
109 CONFIG("pid_file", pid_file, STRING),
110 CONFIG("random_device", random_device, STRING),
111 CONFIG("l2tp_secret", l2tp_secret, STRING),
112 CONFIG("l2tp_mtu", l2tp_mtu, INT),
113 CONFIG("ppp_restart_time", ppp_restart_time, INT),
114 CONFIG("ppp_max_configure", ppp_max_configure, INT),
115 CONFIG("ppp_max_failure", ppp_max_failure, INT),
116 CONFIG("primary_dns", default_dns1, IPv4),
117 CONFIG("secondary_dns", default_dns2, IPv4),
118 CONFIG("primary_radius", radiusserver[0], IPv4),
119 CONFIG("secondary_radius", radiusserver[1], IPv4),
120 CONFIG("primary_radius_port", radiusport[0], SHORT),
121 CONFIG("secondary_radius_port", radiusport[1], SHORT),
122 CONFIG("radius_accounting", radius_accounting, BOOL),
123 CONFIG("radius_interim", radius_interim, INT),
124 CONFIG("radius_secret", radiussecret, STRING),
125 CONFIG("radius_authtypes", radius_authtypes_s, STRING),
126 CONFIG("radius_dae_port", radius_dae_port, SHORT),
127 CONFIG("allow_duplicate_users", allow_duplicate_users, BOOL),
128 CONFIG("bind_address", bind_address, IPv4),
129 CONFIG("peer_address", peer_address, IPv4),
130 CONFIG("send_garp", send_garp, BOOL),
131 CONFIG("throttle_speed", rl_rate, UNSIGNED_LONG),
132 CONFIG("throttle_buckets", num_tbfs, INT),
133 CONFIG("accounting_dir", accounting_dir, STRING),
134 CONFIG("setuid", target_uid, INT),
135 CONFIG("dump_speed", dump_speed, BOOL),
136 CONFIG("multi_read_count", multi_read_count, INT),
137 CONFIG("scheduler_fifo", scheduler_fifo, BOOL),
138 CONFIG("lock_pages", lock_pages, BOOL),
139 CONFIG("icmp_rate", icmp_rate, INT),
140 CONFIG("packet_limit", max_packets, INT),
141 CONFIG("cluster_address", cluster_address, IPv4),
142 CONFIG("cluster_interface", cluster_interface, STRING),
143 CONFIG("cluster_mcast_ttl", cluster_mcast_ttl, INT),
144 CONFIG("cluster_hb_interval", cluster_hb_interval, INT),
145 CONFIG("cluster_hb_timeout", cluster_hb_timeout, INT),
146 CONFIG("cluster_master_min_adv", cluster_master_min_adv, INT),
147 CONFIG("ipv6_prefix", ipv6_prefix, IPv6),
148 { NULL, 0, 0, 0 },
149 };
150
151 static char *plugin_functions[] = {
152 NULL,
153 "plugin_pre_auth",
154 "plugin_post_auth",
155 "plugin_packet_rx",
156 "plugin_packet_tx",
157 "plugin_timer",
158 "plugin_new_session",
159 "plugin_kill_session",
160 "plugin_control",
161 "plugin_radius_response",
162 "plugin_radius_reset",
163 "plugin_become_master",
164 "plugin_new_session_master",
165 };
166
167 #define max_plugin_functions (sizeof(plugin_functions) / sizeof(char *))
168
169 // Counters for shutdown sessions
170 static sessiont shut_acct[8192];
171 static sessionidt shut_acct_n = 0;
172
173 tunnelt *tunnel = NULL; // Array of tunnel structures.
174 sessiont *session = NULL; // Array of session structures.
175 sessionlocalt *sess_local = NULL; // Array of local per-session counters.
176 radiust *radius = NULL; // Array of radius structures.
177 ippoolt *ip_address_pool = NULL; // Array of dynamic IP addresses.
178 ip_filtert *ip_filters = NULL; // Array of named filters.
179 static controlt *controlfree = 0;
180 struct Tstats *_statistics = NULL;
181 #ifdef RINGBUFFER
182 struct Tringbuffer *ringbuffer = NULL;
183 #endif
184
185 static void cache_ipmap(in_addr_t ip, int s);
186 static void uncache_ipmap(in_addr_t ip);
187 static void cache_ipv6map(struct in6_addr ip, int prefixlen, int s);
188 static void free_ip_address(sessionidt s);
189 static void dump_acct_info(int all);
190 static void sighup_handler(int sig);
191 static void sigalrm_handler(int sig);
192 static void shutdown_handler(int sig);
193 static void sigchild_handler(int sig);
194 static void build_chap_response(uint8_t *challenge, uint8_t id, uint16_t challenge_length, uint8_t **challenge_response);
195 static void update_config(void);
196 static void read_config_file(void);
197 static void initplugins(void);
198 static int add_plugin(char *plugin_name);
199 static int remove_plugin(char *plugin_name);
200 static void plugins_done(void);
201 static void processcontrol(uint8_t *buf, int len, struct sockaddr_in *addr, int alen);
202 static tunnelidt new_tunnel(void);
203 static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len);
204
205 // on slaves, alow BGP to withdraw cleanly before exiting
206 #define QUIT_DELAY 5
207
208 // quit actions (master)
209 #define QUIT_FAILOVER 1 // SIGTERM: exit when all control messages have been acked (for cluster failover)
210 #define QUIT_SHUTDOWN 2 // SIGQUIT: shutdown sessions/tunnels, reject new connections
211
212 // return internal time (10ths since process startup), set f if given
213 static clockt now(double *f)
214 {
215 struct timeval t;
216 gettimeofday(&t, 0);
217 if (f) *f = t.tv_sec + t.tv_usec / 1000000.0;
218 return (t.tv_sec - basetime) * 10 + t.tv_usec / 100000 + 1;
219 }
220
221 // work out a retry time based on try number
222 // This is a straight bounded exponential backoff.
223 // Maximum re-try time is 32 seconds. (2^5).
224 clockt backoff(uint8_t try)
225 {
226 if (try > 5) try = 5; // max backoff
227 return now(NULL) + 10 * (1 << try);
228 }
229
230
231 //
232 // Log a debug message. Typically called via the LOG macro
233 //
234 void _log(int level, sessionidt s, tunnelidt t, const char *format, ...)
235 {
236 static char message[65536] = {0};
237 va_list ap;
238
239 #ifdef RINGBUFFER
240 if (ringbuffer)
241 {
242 if (++ringbuffer->tail >= RINGBUFFER_SIZE)
243 ringbuffer->tail = 0;
244 if (ringbuffer->tail == ringbuffer->head)
245 if (++ringbuffer->head >= RINGBUFFER_SIZE)
246 ringbuffer->head = 0;
247
248 ringbuffer->buffer[ringbuffer->tail].level = level;
249 ringbuffer->buffer[ringbuffer->tail].session = s;
250 ringbuffer->buffer[ringbuffer->tail].tunnel = t;
251 va_start(ap, format);
252 vsnprintf(ringbuffer->buffer[ringbuffer->tail].message, 4095, format, ap);
253 va_end(ap);
254 }
255 #endif
256
257 if (config->debug < level) return;
258
259 va_start(ap, format);
260 vsnprintf(message, sizeof(message), format, ap);
261
262 if (log_stream)
263 fprintf(log_stream, "%s %02d/%02d %s", time_now_string, t, s, message);
264 else if (syslog_log)
265 syslog(level + 2, "%02d/%02d %s", t, s, message); // We don't need LOG_EMERG or LOG_ALERT
266
267 va_end(ap);
268 }
269
270 void _log_hex(int level, const char *title, const uint8_t *data, int maxsize)
271 {
272 int i, j;
273 const uint8_t *d = data;
274
275 if (config->debug < level) return;
276
277 // No support for _log_hex to syslog
278 if (log_stream)
279 {
280 _log(level, 0, 0, "%s (%d bytes):\n", title, maxsize);
281 setvbuf(log_stream, NULL, _IOFBF, 16384);
282
283 for (i = 0; i < maxsize; )
284 {
285 fprintf(log_stream, "%4X: ", i);
286 for (j = i; j < maxsize && j < (i + 16); j++)
287 {
288 fprintf(log_stream, "%02X ", d[j]);
289 if (j == i + 7)
290 fputs(": ", log_stream);
291 }
292
293 for (; j < i + 16; j++)
294 {
295 fputs(" ", log_stream);
296 if (j == i + 7)
297 fputs(": ", log_stream);
298 }
299
300 fputs(" ", log_stream);
301 for (j = i; j < maxsize && j < (i + 16); j++)
302 {
303 if (d[j] >= 0x20 && d[j] < 0x7f && d[j] != 0x20)
304 fputc(d[j], log_stream);
305 else
306 fputc('.', log_stream);
307
308 if (j == i + 7)
309 fputs(" ", log_stream);
310 }
311
312 i = j;
313 fputs("\n", log_stream);
314 }
315
316 fflush(log_stream);
317 setbuf(log_stream, NULL);
318 }
319 }
320
321 // update a counter, accumulating 2^32 wraps
322 void increment_counter(uint32_t *counter, uint32_t *wrap, uint32_t delta)
323 {
324 uint32_t new = *counter + delta;
325 if (new < *counter)
326 (*wrap)++;
327
328 *counter = new;
329 }
330
331 // initialise the random generator
332 static void initrandom(char *source)
333 {
334 static char path[sizeof(config->random_device)] = "*undefined*";
335
336 // reinitialise only if we are forced to do so or if the config has changed
337 if (source && !strncmp(path, source, sizeof(path)))
338 return;
339
340 // close previous source, if any
341 if (rand_fd >= 0)
342 close(rand_fd);
343
344 rand_fd = -1;
345
346 if (source)
347 {
348 // register changes
349 snprintf(path, sizeof(path), "%s", source);
350
351 if (*path == '/')
352 {
353 rand_fd = open(path, O_RDONLY|O_NONBLOCK);
354 if (rand_fd < 0)
355 LOG(0, 0, 0, "Error opening the random device %s: %s\n",
356 path, strerror(errno));
357 }
358 }
359 }
360
361 // fill buffer with random data
362 void random_data(uint8_t *buf, int len)
363 {
364 int n = 0;
365
366 CSTAT(random_data);
367 if (rand_fd >= 0)
368 {
369 n = read(rand_fd, buf, len);
370 if (n >= len) return;
371 if (n < 0)
372 {
373 if (errno != EAGAIN)
374 {
375 LOG(0, 0, 0, "Error reading from random source: %s\n",
376 strerror(errno));
377
378 // fall back to rand()
379 initrandom(NULL);
380 }
381
382 n = 0;
383 }
384 }
385
386 // append missing data
387 while (n < len)
388 // not using the low order bits from the prng stream
389 buf[n++] = (rand() >> 4) & 0xff;
390 }
391
392 // Add a route
393 //
394 // This adds it to the routing table, advertises it
395 // via BGP if enabled, and stuffs it into the
396 // 'sessionbyip' cache.
397 //
398 // 'ip' and 'mask' must be in _host_ order.
399 //
400 static void routeset(sessionidt s, in_addr_t ip, in_addr_t mask, in_addr_t gw, int add)
401 {
402 struct rtentry r;
403 int i;
404
405 if (!mask) mask = 0xffffffff;
406
407 ip &= mask; // Force the ip to be the first one in the route.
408
409 memset(&r, 0, sizeof(r));
410 r.rt_dev = config->tundevice;
411 r.rt_dst.sa_family = AF_INET;
412 *(uint32_t *) & (((struct sockaddr_in *) &r.rt_dst)->sin_addr.s_addr) = htonl(ip);
413 r.rt_gateway.sa_family = AF_INET;
414 *(uint32_t *) & (((struct sockaddr_in *) &r.rt_gateway)->sin_addr.s_addr) = htonl(gw);
415 r.rt_genmask.sa_family = AF_INET;
416 *(uint32_t *) & (((struct sockaddr_in *) &r.rt_genmask)->sin_addr.s_addr) = htonl(mask);
417 r.rt_flags = (RTF_UP | RTF_STATIC);
418 if (gw)
419 r.rt_flags |= RTF_GATEWAY;
420 else if (mask == 0xffffffff)
421 r.rt_flags |= RTF_HOST;
422
423 LOG(1, s, 0, "Route %s %s/%s%s%s\n", add ? "add" : "del",
424 fmtaddr(htonl(ip), 0), fmtaddr(htonl(mask), 1),
425 gw ? " via" : "", gw ? fmtaddr(htonl(gw), 2) : "");
426
427 if (ioctl(ifrfd, add ? SIOCADDRT : SIOCDELRT, (void *) &r) < 0)
428 LOG(0, 0, 0, "routeset() error in ioctl: %s\n", strerror(errno));
429
430 #ifdef BGP
431 if (add)
432 bgp_add_route(htonl(ip), htonl(mask));
433 else
434 bgp_del_route(htonl(ip), htonl(mask));
435 #endif /* BGP */
436
437 // Add/Remove the IPs to the 'sessionbyip' cache.
438 // Note that we add the zero address in the case of
439 // a network route. Roll on CIDR.
440
441 // Note that 's == 0' implies this is the address pool.
442 // We still cache it here, because it will pre-fill
443 // the malloc'ed tree.
444
445 if (s)
446 {
447 if (!add) // Are we deleting a route?
448 s = 0; // Caching the session as '0' is the same as uncaching.
449
450 for (i = ip; (i&mask) == (ip&mask) ; ++i)
451 cache_ipmap(i, s);
452 }
453 }
454
455 void route6set(sessionidt s, struct in6_addr ip, int prefixlen, int add)
456 {
457 struct in6_rtmsg rt;
458 char ipv6addr[INET6_ADDRSTRLEN];
459
460 if (ifr6fd < 0)
461 {
462 LOG(0, 0, 0, "Asked to set IPv6 route, but IPv6 not setup.\n");
463 return;
464 }
465
466 memset(&rt, 0, sizeof(rt));
467
468 memcpy(&rt.rtmsg_dst, &ip, sizeof(struct in6_addr));
469 rt.rtmsg_dst_len = prefixlen;
470 rt.rtmsg_metric = 1;
471 rt.rtmsg_flags = RTF_UP;
472 rt.rtmsg_ifindex = tunidx;
473
474 LOG(1, 0, 0, "Route %s %s/%d\n",
475 add ? "add" : "del",
476 inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN),
477 prefixlen);
478
479 if (ioctl(ifr6fd, add ? SIOCADDRT : SIOCDELRT, (void *) &rt) < 0)
480 LOG(0, 0, 0, "route6set() error in ioctl: %s\n",
481 strerror(errno));
482
483 // FIXME: need to add BGP routing (RFC2858)
484
485 if (s)
486 {
487 if (!add) // Are we deleting a route?
488 s = 0; // Caching the session as '0' is the same as uncaching.
489
490 cache_ipv6map(ip, prefixlen, s);
491 }
492
493 return;
494 }
495
496 // defined in linux/ipv6.h, but tricky to include from user-space
497 // TODO: move routing to use netlink rather than ioctl
498 struct in6_ifreq {
499 struct in6_addr ifr6_addr;
500 __u32 ifr6_prefixlen;
501 unsigned int ifr6_ifindex;
502 };
503
504 //
505 // Set up TUN interface
506 static void inittun(void)
507 {
508 struct ifreq ifr;
509 struct in6_ifreq ifr6;
510 struct sockaddr_in sin = {0};
511 memset(&ifr, 0, sizeof(ifr));
512 ifr.ifr_flags = IFF_TUN;
513
514 tunfd = open(TUNDEVICE, O_RDWR);
515 if (tunfd < 0)
516 { // fatal
517 LOG(0, 0, 0, "Can't open %s: %s\n", TUNDEVICE, strerror(errno));
518 exit(1);
519 }
520 {
521 int flags = fcntl(tunfd, F_GETFL, 0);
522 fcntl(tunfd, F_SETFL, flags | O_NONBLOCK);
523 }
524 if (ioctl(tunfd, TUNSETIFF, (void *) &ifr) < 0)
525 {
526 LOG(0, 0, 0, "Can't set tun interface: %s\n", strerror(errno));
527 exit(1);
528 }
529 assert(strlen(ifr.ifr_name) < sizeof(config->tundevice));
530 strncpy(config->tundevice, ifr.ifr_name, sizeof(config->tundevice) - 1);
531 ifrfd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
532
533 sin.sin_family = AF_INET;
534 sin.sin_addr.s_addr = config->bind_address ? config->bind_address : 0x01010101; // 1.1.1.1
535 memcpy(&ifr.ifr_addr, &sin, sizeof(struct sockaddr));
536
537 if (ioctl(ifrfd, SIOCSIFADDR, (void *) &ifr) < 0)
538 {
539 LOG(0, 0, 0, "Error setting tun address: %s\n", strerror(errno));
540 exit(1);
541 }
542 /* Bump up the qlen to deal with bursts from the network */
543 ifr.ifr_qlen = 1000;
544 if (ioctl(ifrfd, SIOCSIFTXQLEN, (void *) &ifr) < 0)
545 {
546 LOG(0, 0, 0, "Error setting tun queue length: %s\n", strerror(errno));
547 exit(1);
548 }
549 ifr.ifr_flags = IFF_UP;
550 if (ioctl(ifrfd, SIOCSIFFLAGS, (void *) &ifr) < 0)
551 {
552 LOG(0, 0, 0, "Error setting tun flags: %s\n", strerror(errno));
553 exit(1);
554 }
555 if (ioctl(ifrfd, SIOCGIFINDEX, (void *) &ifr) < 0)
556 {
557 LOG(0, 0, 0, "Error getting tun ifindex: %s\n", strerror(errno));
558 exit(1);
559 }
560 tunidx = ifr.ifr_ifindex;
561
562 // Only setup IPv6 on the tun device if we have a configured prefix
563 if (config->ipv6_prefix.s6_addr[0]) {
564 ifr6fd = socket(PF_INET6, SOCK_DGRAM, 0);
565
566 // Link local address is FE80::1
567 memset(&ifr6.ifr6_addr, 0, sizeof(ifr6.ifr6_addr));
568 ifr6.ifr6_addr.s6_addr[0] = 0xFE;
569 ifr6.ifr6_addr.s6_addr[1] = 0x80;
570 ifr6.ifr6_addr.s6_addr[15] = 1;
571 ifr6.ifr6_prefixlen = 64;
572 ifr6.ifr6_ifindex = ifr.ifr_ifindex;
573 if (ioctl(ifr6fd, SIOCSIFADDR, (void *) &ifr6) < 0)
574 {
575 LOG(0, 0, 0, "Error setting tun IPv6 link local address:"
576 " %s\n", strerror(errno));
577 }
578
579 // Global address is prefix::1
580 memset(&ifr6.ifr6_addr, 0, sizeof(ifr6.ifr6_addr));
581 ifr6.ifr6_addr = config->ipv6_prefix;
582 ifr6.ifr6_addr.s6_addr[15] = 1;
583 ifr6.ifr6_prefixlen = 64;
584 ifr6.ifr6_ifindex = ifr.ifr_ifindex;
585 if (ioctl(ifr6fd, SIOCSIFADDR, (void *) &ifr6) < 0)
586 {
587 LOG(0, 0, 0, "Error setting tun IPv6 global address: %s\n",
588 strerror(errno));
589 }
590 }
591 }
592
593 // set up UDP ports
594 static void initudp(void)
595 {
596 int on = 1;
597 struct sockaddr_in addr;
598
599 // Tunnel
600 memset(&addr, 0, sizeof(addr));
601 addr.sin_family = AF_INET;
602 addr.sin_port = htons(L2TPPORT);
603 addr.sin_addr.s_addr = config->bind_address;
604 udpfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
605 setsockopt(udpfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
606 {
607 int flags = fcntl(udpfd, F_GETFL, 0);
608 fcntl(udpfd, F_SETFL, flags | O_NONBLOCK);
609 }
610 if (bind(udpfd, (void *) &addr, sizeof(addr)) < 0)
611 {
612 LOG(0, 0, 0, "Error in UDP bind: %s\n", strerror(errno));
613 exit(1);
614 }
615
616 // Control
617 memset(&addr, 0, sizeof(addr));
618 addr.sin_family = AF_INET;
619 addr.sin_port = htons(NSCTL_PORT);
620 controlfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
621 setsockopt(controlfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
622 if (bind(controlfd, (void *) &addr, sizeof(addr)) < 0)
623 {
624 LOG(0, 0, 0, "Error in control bind: %s\n", strerror(errno));
625 exit(1);
626 }
627
628 // Dynamic Authorization Extensions to RADIUS
629 memset(&addr, 0, sizeof(addr));
630 addr.sin_family = AF_INET;
631 addr.sin_port = htons(config->radius_dae_port);
632 daefd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
633 setsockopt(daefd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
634 if (bind(daefd, (void *) &addr, sizeof(addr)) < 0)
635 {
636 LOG(0, 0, 0, "Error in DAE bind: %s\n", strerror(errno));
637 exit(1);
638 }
639
640 // Intercept
641 snoopfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
642 }
643
644 //
645 // Find session by IP, < 1 for not found
646 //
647 // Confusingly enough, this 'ip' must be
648 // in _network_ order. This being the common
649 // case when looking it up from IP packet headers.
650 //
651 // We actually use this cache for two things.
652 // #1. For used IP addresses, this maps to the
653 // session ID that it's used by.
654 // #2. For un-used IP addresses, this maps to the
655 // index into the pool table that contains that
656 // IP address.
657 //
658
659 static int lookup_ipmap(in_addr_t ip)
660 {
661 uint8_t *a = (uint8_t *) &ip;
662 uint8_t **d = (uint8_t **) ip_hash;
663
664 if (!(d = (uint8_t **) d[(size_t) *a++])) return 0;
665 if (!(d = (uint8_t **) d[(size_t) *a++])) return 0;
666 if (!(d = (uint8_t **) d[(size_t) *a++])) return 0;
667
668 return (int) (intptr_t) d[(size_t) *a];
669 }
670
671 static int lookup_ipv6map(struct in6_addr ip)
672 {
673 struct ipv6radix *curnode;
674 int i;
675 int s;
676 char ipv6addr[INET6_ADDRSTRLEN];
677
678 curnode = &ipv6_hash[ip.s6_addr[0]];
679 i = 1;
680 s = curnode->sess;
681
682 while (s == 0 && i < 15 && curnode->branch != NULL)
683 {
684 curnode = &curnode->branch[ip.s6_addr[i]];
685 s = curnode->sess;
686 i++;
687 }
688
689 LOG(4, s, session[s].tunnel, "Looking up address %s and got %d\n",
690 inet_ntop(AF_INET6, &ip, ipv6addr,
691 INET6_ADDRSTRLEN),
692 s);
693
694 return s;
695 }
696
697 sessionidt sessionbyip(in_addr_t ip)
698 {
699 int s = lookup_ipmap(ip);
700 CSTAT(sessionbyip);
701
702 if (s > 0 && s < MAXSESSION && session[s].opened)
703 return (sessionidt) s;
704
705 return 0;
706 }
707
708 sessionidt sessionbyipv6(struct in6_addr ip)
709 {
710 int s;
711 CSTAT(sessionbyipv6);
712
713 if (!memcmp(&config->ipv6_prefix, &ip, 8) ||
714 (ip.s6_addr[0] == 0xFE &&
715 ip.s6_addr[1] == 0x80 &&
716 ip.s6_addr16[1] == 0 &&
717 ip.s6_addr16[2] == 0 &&
718 ip.s6_addr16[3] == 0)) {
719 s = lookup_ipmap(*(in_addr_t *) &ip.s6_addr[8]);
720 } else {
721 s = lookup_ipv6map(ip);
722 }
723
724 if (s > 0 && s < MAXSESSION && session[s].opened)
725 return s;
726
727 return 0;
728 }
729
730 //
731 // Take an IP address in HOST byte order and
732 // add it to the sessionid by IP cache.
733 //
734 // (It's actually cached in network order)
735 //
736 static void cache_ipmap(in_addr_t ip, int s)
737 {
738 in_addr_t nip = htonl(ip); // MUST be in network order. I.e. MSB must in be ((char *) (&ip))[0]
739 uint8_t *a = (uint8_t *) &nip;
740 uint8_t **d = (uint8_t **) ip_hash;
741 int i;
742
743 for (i = 0; i < 3; i++)
744 {
745 if (!d[(size_t) a[i]])
746 {
747 if (!(d[(size_t) a[i]] = calloc(256, sizeof(void *))))
748 return;
749 }
750
751 d = (uint8_t **) d[(size_t) a[i]];
752 }
753
754 d[(size_t) a[3]] = (uint8_t *) (intptr_t) s;
755
756 if (s > 0)
757 LOG(4, s, session[s].tunnel, "Caching ip address %s\n", fmtaddr(nip, 0));
758
759 else if (s == 0)
760 LOG(4, 0, 0, "Un-caching ip address %s\n", fmtaddr(nip, 0));
761 // else a map to an ip pool index.
762 }
763
764 static void uncache_ipmap(in_addr_t ip)
765 {
766 cache_ipmap(ip, 0); // Assign it to the NULL session.
767 }
768
769 static void cache_ipv6map(struct in6_addr ip, int prefixlen, int s)
770 {
771 int i;
772 int bytes;
773 struct ipv6radix *curnode;
774 char ipv6addr[INET6_ADDRSTRLEN];
775
776 curnode = &ipv6_hash[ip.s6_addr[0]];
777
778 bytes = prefixlen >> 3;
779 i = 1;
780 while (i < bytes) {
781 if (curnode->branch == NULL)
782 {
783 if (!(curnode->branch = calloc(256,
784 sizeof (struct ipv6radix))))
785 return;
786 }
787 curnode = &curnode->branch[ip.s6_addr[i]];
788 i++;
789 }
790
791 curnode->sess = s;
792
793 if (s > 0)
794 LOG(4, s, session[s].tunnel, "Caching ip address %s/%d\n",
795 inet_ntop(AF_INET6, &ip, ipv6addr,
796 INET6_ADDRSTRLEN),
797 prefixlen);
798 else if (s == 0)
799 LOG(4, 0, 0, "Un-caching ip address %s/%d\n",
800 inet_ntop(AF_INET6, &ip, ipv6addr,
801 INET6_ADDRSTRLEN),
802 prefixlen);
803 }
804
805 //
806 // CLI list to dump current ipcache.
807 //
808 int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc)
809 {
810 char **d = (char **) ip_hash, **e, **f, **g;
811 int i, j, k, l;
812 int count = 0;
813
814 if (CLI_HELP_REQUESTED)
815 return CLI_HELP_NO_ARGS;
816
817 cli_print(cli, "%7s %s", "Sess#", "IP Address");
818
819 for (i = 0; i < 256; ++i)
820 {
821 if (!d[i])
822 continue;
823 e = (char **) d[i];
824 for (j = 0; j < 256; ++j)
825 {
826 if (!e[j])
827 continue;
828 f = (char **) e[j];
829 for (k = 0; k < 256; ++k)
830 {
831 if (!f[k])
832 continue;
833 g = (char **)f[k];
834 for (l = 0; l < 256; ++l)
835 {
836 if (!g[l])
837 continue;
838 cli_print(cli, "%7d %d.%d.%d.%d", (int) (intptr_t) g[l], i, j, k, l);
839 ++count;
840 }
841 }
842 }
843 }
844 cli_print(cli, "%d entries in cache", count);
845 return CLI_OK;
846 }
847
848
849 // Find session by username, 0 for not found
850 // walled garden users aren't authenticated, so the username is
851 // reasonably useless. Ignore them to avoid incorrect actions
852 //
853 // This is VERY inefficent. Don't call it often. :)
854 //
855 sessionidt sessionbyuser(char *username)
856 {
857 int s;
858 CSTAT(sessionbyuser);
859
860 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
861 {
862 if (!session[s].opened)
863 continue;
864
865 if (session[s].walled_garden)
866 continue; // Skip walled garden users.
867
868 if (!strncmp(session[s].user, username, 128))
869 return s;
870
871 }
872 return 0; // Not found.
873 }
874
875 void send_garp(in_addr_t ip)
876 {
877 int s;
878 struct ifreq ifr;
879 uint8_t mac[6];
880
881 s = socket(PF_INET, SOCK_DGRAM, 0);
882 if (s < 0)
883 {
884 LOG(0, 0, 0, "Error creating socket for GARP: %s\n", strerror(errno));
885 return;
886 }
887 memset(&ifr, 0, sizeof(ifr));
888 strncpy(ifr.ifr_name, "eth0", sizeof(ifr.ifr_name) - 1);
889 if (ioctl(s, SIOCGIFHWADDR, &ifr) < 0)
890 {
891 LOG(0, 0, 0, "Error getting eth0 hardware address for GARP: %s\n", strerror(errno));
892 close(s);
893 return;
894 }
895 memcpy(mac, &ifr.ifr_hwaddr.sa_data, 6*sizeof(char));
896 if (ioctl(s, SIOCGIFINDEX, &ifr) < 0)
897 {
898 LOG(0, 0, 0, "Error getting eth0 interface index for GARP: %s\n", strerror(errno));
899 close(s);
900 return;
901 }
902 close(s);
903 sendarp(ifr.ifr_ifindex, mac, ip);
904 }
905
906 static sessiont *sessiontbysessionidt(sessionidt s)
907 {
908 if (!s || s >= MAXSESSION) return NULL;
909 return &session[s];
910 }
911
912 static sessionidt sessionidtbysessiont(sessiont *s)
913 {
914 sessionidt val = s-session;
915 if (s < session || val >= MAXSESSION) return 0;
916 return val;
917 }
918
919 // actually send a control message for a specific tunnel
920 void tunnelsend(uint8_t * buf, uint16_t l, tunnelidt t)
921 {
922 struct sockaddr_in addr;
923
924 CSTAT(tunnelsend);
925
926 if (!t)
927 {
928 static int backtrace_count = 0;
929 LOG(0, 0, t, "tunnelsend called with 0 as tunnel id\n");
930 STAT(tunnel_tx_errors);
931 log_backtrace(backtrace_count, 5)
932 return;
933 }
934
935 if (!tunnel[t].ip)
936 {
937 static int backtrace_count = 0;
938 LOG(1, 0, t, "Error sending data out tunnel: no remote endpoint (tunnel not set up)\n");
939 log_backtrace(backtrace_count, 5)
940 STAT(tunnel_tx_errors);
941 return;
942 }
943
944 memset(&addr, 0, sizeof(addr));
945 addr.sin_family = AF_INET;
946 *(uint32_t *) & addr.sin_addr = htonl(tunnel[t].ip);
947 addr.sin_port = htons(tunnel[t].port);
948
949 // sequence expected, if sequence in message
950 if (*buf & 0x08) *(uint16_t *) (buf + ((*buf & 0x40) ? 10 : 8)) = htons(tunnel[t].nr);
951
952 // If this is a control message, deal with retries
953 if (*buf & 0x80)
954 {
955 tunnel[t].last = time_now; // control message sent
956 tunnel[t].retry = backoff(tunnel[t].try); // when to resend
957 if (tunnel[t].try > 1)
958 {
959 STAT(tunnel_retries);
960 LOG(3, 0, t, "Control message resend try %d\n", tunnel[t].try);
961 }
962 }
963
964 if (sendto(udpfd, buf, l, 0, (void *) &addr, sizeof(addr)) < 0)
965 {
966 LOG(0, ntohs((*(uint16_t *) (buf + 6))), t, "Error sending data out tunnel: %s (udpfd=%d, buf=%p, len=%d, dest=%s)\n",
967 strerror(errno), udpfd, buf, l, inet_ntoa(addr.sin_addr));
968 STAT(tunnel_tx_errors);
969 return;
970 }
971
972 LOG_HEX(5, "Send Tunnel Data", buf, l);
973 STAT(tunnel_tx_packets);
974 INC_STAT(tunnel_tx_bytes, l);
975 }
976
977 //
978 // Tiny helper function to write data to
979 // the 'tun' device.
980 //
981 int tun_write(uint8_t * data, int size)
982 {
983 return write(tunfd, data, size);
984 }
985
986 // adjust tcp mss to avoid fragmentation (called only for tcp packets with syn set)
987 void adjust_tcp_mss(sessionidt s, tunnelidt t, uint8_t *buf, int len, uint8_t *tcp)
988 {
989 int d = (tcp[12] >> 4) * 4;
990 uint8_t *mss = 0;
991 uint8_t *data;
992
993 if ((tcp[13] & 0x3f) & ~(TCP_FLAG_SYN|TCP_FLAG_ACK)) // only want SYN and SYN,ACK
994 return;
995
996 if (tcp + d > buf + len) // short?
997 return;
998
999 data = tcp + d;
1000 tcp += 20;
1001
1002 while (tcp < data)
1003 {
1004 if (*tcp == 2 && tcp[1] == 4) // mss option (2), length 4
1005 {
1006 mss = tcp + 2;
1007 if (mss + 2 > data) return; // short?
1008 break;
1009 }
1010
1011 if (*tcp == 0) return; // end of options
1012 if (*tcp == 1 || !tcp[1]) // no op (one byte), or no length (prevent loop)
1013 tcp++;
1014 else
1015 tcp += tcp[1]; // skip over option
1016 }
1017
1018 if (!mss) return; // not found
1019 if (ntohs(*(uint16_t *) mss) <= MSS) return; // mss OK
1020
1021 LOG(5, s, t, "TCP: %s:%u -> %s:%u SYN%s, adjusted mss from %u to %u\n",
1022 fmtaddr(*(in_addr_t *)(buf + 12), 0), ntohs(*(uint16_t *)tcp),
1023 fmtaddr(*(in_addr_t *)(buf + 16), 1), ntohs(*(uint16_t *)(tcp + 2)),
1024 (tcp[13] & TCP_FLAG_ACK) ? ",ACK" : "",
1025 ntohs(*(uint16_t *) mss), MSS);
1026
1027 // FIXME
1028 }
1029
1030 // process outgoing (to tunnel) IP
1031 //
1032 static void processipout(uint8_t *buf, int len)
1033 {
1034 sessionidt s;
1035 sessiont *sp;
1036 tunnelidt t;
1037 in_addr_t ip;
1038
1039 uint8_t *data = buf; // Keep a copy of the originals.
1040 int size = len;
1041
1042 uint8_t b[MAXETHER + 20];
1043
1044 CSTAT(processipout);
1045
1046 if (len < MIN_IP_SIZE)
1047 {
1048 LOG(1, 0, 0, "Short IP, %d bytes\n", len);
1049 STAT(tun_rx_errors);
1050 return;
1051 }
1052 if (len >= MAXETHER)
1053 {
1054 LOG(1, 0, 0, "Oversize IP packet %d bytes\n", len);
1055 STAT(tun_rx_errors);
1056 return;
1057 }
1058
1059 // Skip the tun header
1060 buf += 4;
1061 len -= 4;
1062
1063 // Got an IP header now
1064 if (*(uint8_t *)(buf) >> 4 != 4)
1065 {
1066 LOG(1, 0, 0, "IP: Don't understand anything except IPv4\n");
1067 return;
1068 }
1069
1070 ip = *(uint32_t *)(buf + 16);
1071 if (!(s = sessionbyip(ip)))
1072 {
1073 // Is this a packet for a session that doesn't exist?
1074 static int rate = 0; // Number of ICMP packets we've sent this second.
1075 static int last = 0; // Last time we reset the ICMP packet counter 'rate'.
1076
1077 if (last != time_now)
1078 {
1079 last = time_now;
1080 rate = 0;
1081 }
1082
1083 if (rate++ < config->icmp_rate) // Only send a max of icmp_rate per second.
1084 {
1085 LOG(4, 0, 0, "IP: Sending ICMP host unreachable to %s\n", fmtaddr(*(in_addr_t *)(buf + 12), 0));
1086 host_unreachable(*(in_addr_t *)(buf + 12), *(uint16_t *)(buf + 4),
1087 config->bind_address ? config->bind_address : my_address, buf, len);
1088 }
1089 return;
1090 }
1091 t = session[s].tunnel;
1092 sp = &session[s];
1093
1094 // DoS prevention: enforce a maximum number of packets per 0.1s for a session
1095 if (config->max_packets > 0)
1096 {
1097 if (sess_local[s].last_packet_out == TIME)
1098 {
1099 int max = config->max_packets;
1100
1101 // All packets for throttled sessions are handled by the
1102 // master, so further limit by using the throttle rate.
1103 // A bit of a kludge, since throttle rate is in kbps,
1104 // but should still be generous given our average DSL
1105 // packet size is 200 bytes: a limit of 28kbps equates
1106 // to around 180 packets per second.
1107 if (!config->cluster_iam_master && sp->throttle_out && sp->throttle_out < max)
1108 max = sp->throttle_out;
1109
1110 if (++sess_local[s].packets_out > max)
1111 {
1112 sess_local[s].packets_dropped++;
1113 return;
1114 }
1115 }
1116 else
1117 {
1118 if (sess_local[s].packets_dropped)
1119 {
1120 INC_STAT(tun_rx_dropped, sess_local[s].packets_dropped);
1121 LOG(3, s, t, "Dropped %u/%u packets to %s for %suser %s\n",
1122 sess_local[s].packets_dropped, sess_local[s].packets_out,
1123 fmtaddr(ip, 0), sp->throttle_out ? "throttled " : "",
1124 sp->user);
1125 }
1126
1127 sess_local[s].last_packet_out = TIME;
1128 sess_local[s].packets_out = 1;
1129 sess_local[s].packets_dropped = 0;
1130 }
1131 }
1132
1133 // run access-list if any
1134 if (session[s].filter_out && !ip_filter(buf, len, session[s].filter_out - 1))
1135 return;
1136
1137 // adjust MSS on SYN and SYN,ACK packets with options
1138 if ((ntohs(*(uint16_t *) (buf + 6)) & 0x1fff) == 0 && buf[9] == IPPROTO_TCP) // first tcp fragment
1139 {
1140 int ihl = (buf[0] & 0xf) * 4; // length of IP header
1141 if (len >= ihl + 20 && (buf[ihl + 13] & TCP_FLAG_SYN) && ((buf[ihl + 12] >> 4) > 5))
1142 adjust_tcp_mss(s, t, buf, len, buf + ihl);
1143 }
1144
1145 if (sp->tbf_out)
1146 {
1147 // Are we throttling this session?
1148 if (config->cluster_iam_master)
1149 tbf_queue_packet(sp->tbf_out, data, size);
1150 else
1151 master_throttle_packet(sp->tbf_out, data, size);
1152 return;
1153 }
1154 else if (sp->walled_garden && !config->cluster_iam_master)
1155 {
1156 // We are walled-gardening this
1157 master_garden_packet(s, data, size);
1158 return;
1159 }
1160
1161 LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
1162
1163 // Add on L2TP header
1164 {
1165 uint8_t *p = makeppp(b, sizeof(b), buf, len, s, t, PPPIP);
1166 if (!p) return;
1167 tunnelsend(b, len + (p-b), t); // send it...
1168 }
1169
1170 // Snooping this session, send it to intercept box
1171 if (sp->snoop_ip && sp->snoop_port)
1172 snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
1173
1174 increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
1175 sp->cout_delta += len;
1176 sp->pout++;
1177 udp_tx += len;
1178
1179 sess_local[s].cout += len; // To send to master..
1180 sess_local[s].pout++;
1181 }
1182
1183 // process outgoing (to tunnel) IPv6
1184 //
1185 static void processipv6out(uint8_t * buf, int len)
1186 {
1187 sessionidt s;
1188 sessiont *sp;
1189 tunnelidt t;
1190 in_addr_t ip;
1191 struct in6_addr ip6;
1192
1193 uint8_t *data = buf; // Keep a copy of the originals.
1194 int size = len;
1195
1196 uint8_t b[MAXETHER + 20];
1197
1198 CSTAT(processipv6out);
1199
1200 if (len < MIN_IP_SIZE)
1201 {
1202 LOG(1, 0, 0, "Short IPv6, %d bytes\n", len);
1203 STAT(tunnel_tx_errors);
1204 return;
1205 }
1206 if (len >= MAXETHER)
1207 {
1208 LOG(1, 0, 0, "Oversize IPv6 packet %d bytes\n", len);
1209 STAT(tunnel_tx_errors);
1210 return;
1211 }
1212
1213 // Skip the tun header
1214 buf += 4;
1215 len -= 4;
1216
1217 // Got an IP header now
1218 if (*(uint8_t *)(buf) >> 4 != 6)
1219 {
1220 LOG(1, 0, 0, "IP: Don't understand anything except IPv6\n");
1221 return;
1222 }
1223
1224 ip6 = *(struct in6_addr *)(buf+24);
1225 s = sessionbyipv6(ip6);
1226
1227 if (s == 0)
1228 {
1229 ip = *(uint32_t *)(buf + 32);
1230 s = sessionbyip(ip);
1231 }
1232
1233 if (s == 0)
1234 {
1235 // Is this a packet for a session that doesn't exist?
1236 static int rate = 0; // Number of ICMP packets we've sent this second.
1237 static int last = 0; // Last time we reset the ICMP packet counter 'rate'.
1238
1239 if (last != time_now)
1240 {
1241 last = time_now;
1242 rate = 0;
1243 }
1244
1245 if (rate++ < config->icmp_rate) // Only send a max of icmp_rate per second.
1246 {
1247 // FIXME: Should send icmp6 host unreachable
1248 }
1249 return;
1250 }
1251 t = session[s].tunnel;
1252 sp = &session[s];
1253
1254 // FIXME: add DoS prevention/filters?
1255
1256 if (sp->tbf_out)
1257 {
1258 // Are we throttling this session?
1259 if (config->cluster_iam_master)
1260 tbf_queue_packet(sp->tbf_out, data, size);
1261 else
1262 master_throttle_packet(sp->tbf_out, data, size);
1263 return;
1264 }
1265 else if (sp->walled_garden && !config->cluster_iam_master)
1266 {
1267 // We are walled-gardening this
1268 master_garden_packet(s, data, size);
1269 return;
1270 }
1271
1272 LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
1273
1274 // Add on L2TP header
1275 {
1276 uint8_t *p = makeppp(b, sizeof(b), buf, len, s, t, PPPIPV6);
1277 if (!p) return;
1278 tunnelsend(b, len + (p-b), t); // send it...
1279 }
1280
1281 // Snooping this session, send it to intercept box
1282 if (sp->snoop_ip && sp->snoop_port)
1283 snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
1284
1285 increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
1286 sp->cout_delta += len;
1287 sp->pout++;
1288 udp_tx += len;
1289
1290 sess_local[s].cout += len; // To send to master..
1291 sess_local[s].pout++;
1292 }
1293
1294 //
1295 // Helper routine for the TBF filters.
1296 // Used to send queued data in to the user!
1297 //
1298 static void send_ipout(sessionidt s, uint8_t *buf, int len)
1299 {
1300 sessiont *sp;
1301 tunnelidt t;
1302 in_addr_t ip;
1303
1304 uint8_t b[MAXETHER + 20];
1305
1306 if (len < 0 || len > MAXETHER)
1307 {
1308 LOG(1, 0, 0, "Odd size IP packet: %d bytes\n", len);
1309 return;
1310 }
1311
1312 // Skip the tun header
1313 buf += 4;
1314 len -= 4;
1315
1316 ip = *(in_addr_t *)(buf + 16);
1317
1318 if (!session[s].ip)
1319 return;
1320
1321 t = session[s].tunnel;
1322 sp = &session[s];
1323
1324 LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
1325
1326 // Add on L2TP header
1327 {
1328 uint8_t *p = makeppp(b, sizeof(b), buf, len, s, t, PPPIP);
1329 if (!p) return;
1330 tunnelsend(b, len + (p-b), t); // send it...
1331 }
1332
1333 // Snooping this session.
1334 if (sp->snoop_ip && sp->snoop_port)
1335 snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
1336
1337 increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
1338 sp->cout_delta += len;
1339 sp->pout++;
1340 udp_tx += len;
1341
1342 sess_local[s].cout += len; // To send to master..
1343 sess_local[s].pout++;
1344 }
1345
1346 // add an AVP (16 bit)
1347 static void control16(controlt * c, uint16_t avp, uint16_t val, uint8_t m)
1348 {
1349 uint16_t l = (m ? 0x8008 : 0x0008);
1350 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1351 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1352 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1353 *(uint16_t *) (c->buf + c->length + 6) = htons(val);
1354 c->length += 8;
1355 }
1356
1357 // add an AVP (32 bit)
1358 static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m)
1359 {
1360 uint16_t l = (m ? 0x800A : 0x000A);
1361 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1362 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1363 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1364 *(uint32_t *) (c->buf + c->length + 6) = htonl(val);
1365 c->length += 10;
1366 }
1367
1368 // add an AVP (string)
1369 static void controls(controlt * c, uint16_t avp, char *val, uint8_t m)
1370 {
1371 uint16_t l = ((m ? 0x8000 : 0) + strlen(val) + 6);
1372 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1373 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1374 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1375 memcpy(c->buf + c->length + 6, val, strlen(val));
1376 c->length += 6 + strlen(val);
1377 }
1378
1379 // add a binary AVP
1380 static void controlb(controlt * c, uint16_t avp, uint8_t *val, unsigned int len, uint8_t m)
1381 {
1382 uint16_t l = ((m ? 0x8000 : 0) + len + 6);
1383 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1384 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1385 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1386 memcpy(c->buf + c->length + 6, val, len);
1387 c->length += 6 + len;
1388 }
1389
1390 // new control connection
1391 static controlt *controlnew(uint16_t mtype)
1392 {
1393 controlt *c;
1394 if (!controlfree)
1395 c = malloc(sizeof(controlt));
1396 else
1397 {
1398 c = controlfree;
1399 controlfree = c->next;
1400 }
1401 assert(c);
1402 c->next = 0;
1403 *(uint16_t *) (c->buf + 0) = htons(0xC802); // flags/ver
1404 c->length = 12;
1405 control16(c, 0, mtype, 1);
1406 return c;
1407 }
1408
1409 // send zero block if nothing is waiting
1410 // (ZLB send).
1411 static void controlnull(tunnelidt t)
1412 {
1413 uint8_t buf[12];
1414 if (tunnel[t].controlc) // Messages queued; They will carry the ack.
1415 return;
1416
1417 *(uint16_t *) (buf + 0) = htons(0xC802); // flags/ver
1418 *(uint16_t *) (buf + 2) = htons(12); // length
1419 *(uint16_t *) (buf + 4) = htons(tunnel[t].far); // tunnel
1420 *(uint16_t *) (buf + 6) = htons(0); // session
1421 *(uint16_t *) (buf + 8) = htons(tunnel[t].ns); // sequence
1422 *(uint16_t *) (buf + 10) = htons(tunnel[t].nr); // sequence
1423 tunnelsend(buf, 12, t);
1424 }
1425
1426 // add a control message to a tunnel, and send if within window
1427 static void controladd(controlt *c, sessionidt far, tunnelidt t)
1428 {
1429 *(uint16_t *) (c->buf + 2) = htons(c->length); // length
1430 *(uint16_t *) (c->buf + 4) = htons(tunnel[t].far); // tunnel
1431 *(uint16_t *) (c->buf + 6) = htons(far); // session
1432 *(uint16_t *) (c->buf + 8) = htons(tunnel[t].ns); // sequence
1433 tunnel[t].ns++; // advance sequence
1434 // link in message in to queue
1435 if (tunnel[t].controlc)
1436 tunnel[t].controle->next = c;
1437 else
1438 tunnel[t].controls = c;
1439
1440 tunnel[t].controle = c;
1441 tunnel[t].controlc++;
1442
1443 // send now if space in window
1444 if (tunnel[t].controlc <= tunnel[t].window)
1445 {
1446 tunnel[t].try = 0; // first send
1447 tunnelsend(c->buf, c->length, t);
1448 }
1449 }
1450
1451 //
1452 // Throttle or Unthrottle a session
1453 //
1454 // Throttle the data from/to through a session to no more than
1455 // 'rate_in' kbit/sec in (from user) or 'rate_out' kbit/sec out (to
1456 // user).
1457 //
1458 // If either value is -1, the current value is retained for that
1459 // direction.
1460 //
1461 void throttle_session(sessionidt s, int rate_in, int rate_out)
1462 {
1463 if (!session[s].opened)
1464 return; // No-one home.
1465
1466 if (!*session[s].user)
1467 return; // User not logged in
1468
1469 if (rate_in >= 0)
1470 {
1471 int bytes = rate_in * 1024 / 8; // kbits to bytes
1472 if (session[s].tbf_in)
1473 free_tbf(session[s].tbf_in);
1474
1475 if (rate_in > 0)
1476 session[s].tbf_in = new_tbf(s, bytes * 2, bytes, send_ipin);
1477 else
1478 session[s].tbf_in = 0;
1479
1480 session[s].throttle_in = rate_in;
1481 }
1482
1483 if (rate_out >= 0)
1484 {
1485 int bytes = rate_out * 1024 / 8;
1486 if (session[s].tbf_out)
1487 free_tbf(session[s].tbf_out);
1488
1489 if (rate_out > 0)
1490 session[s].tbf_out = new_tbf(s, bytes * 2, bytes, send_ipout);
1491 else
1492 session[s].tbf_out = 0;
1493
1494 session[s].throttle_out = rate_out;
1495 }
1496 }
1497
1498 // add/remove filters from session (-1 = no change)
1499 void filter_session(sessionidt s, int filter_in, int filter_out)
1500 {
1501 if (!session[s].opened)
1502 return; // No-one home.
1503
1504 if (!*session[s].user)
1505 return; // User not logged in
1506
1507 // paranoia
1508 if (filter_in > MAXFILTER) filter_in = -1;
1509 if (filter_out > MAXFILTER) filter_out = -1;
1510 if (session[s].filter_in > MAXFILTER) session[s].filter_in = 0;
1511 if (session[s].filter_out > MAXFILTER) session[s].filter_out = 0;
1512
1513 if (filter_in >= 0)
1514 {
1515 if (session[s].filter_in)
1516 ip_filters[session[s].filter_in - 1].used--;
1517
1518 if (filter_in > 0)
1519 ip_filters[filter_in - 1].used++;
1520
1521 session[s].filter_in = filter_in;
1522 }
1523
1524 if (filter_out >= 0)
1525 {
1526 if (session[s].filter_out)
1527 ip_filters[session[s].filter_out - 1].used--;
1528
1529 if (filter_out > 0)
1530 ip_filters[filter_out - 1].used++;
1531
1532 session[s].filter_out = filter_out;
1533 }
1534 }
1535
1536 // start tidy shutdown of session
1537 void sessionshutdown(sessionidt s, char *reason, int result, int error)
1538 {
1539 int walled_garden = session[s].walled_garden;
1540
1541
1542 CSTAT(sessionshutdown);
1543
1544 if (!session[s].opened)
1545 {
1546 LOG(3, s, session[s].tunnel, "Called sessionshutdown on an unopened session.\n");
1547 return; // not a live session
1548 }
1549
1550 if (!session[s].die)
1551 {
1552 struct param_kill_session data = { &tunnel[session[s].tunnel], &session[s] };
1553 LOG(2, s, session[s].tunnel, "Shutting down session %d: %s\n", s, reason);
1554 run_plugins(PLUGIN_KILL_SESSION, &data);
1555 }
1556
1557 if (session[s].ip && !walled_garden && !session[s].die)
1558 {
1559 // RADIUS Stop message
1560 uint16_t r = radiusnew(s);
1561 if (r)
1562 {
1563 // stop, if not already trying
1564 if (radius[r].state != RADIUSSTOP)
1565 radiussend(r, RADIUSSTOP);
1566 }
1567 else
1568 LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Stop message\n");
1569
1570 // Save counters to dump to accounting file
1571 if (*config->accounting_dir && shut_acct_n < sizeof(shut_acct) / sizeof(*shut_acct))
1572 memcpy(&shut_acct[shut_acct_n++], &session[s], sizeof(session[s]));
1573 }
1574
1575 if (session[s].ip)
1576 { // IP allocated, clear and unroute
1577 int r;
1578 int routed = 0;
1579 for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
1580 {
1581 if ((session[s].ip & session[s].route[r].mask) ==
1582 (session[s].route[r].ip & session[s].route[r].mask))
1583 routed++;
1584
1585 routeset(s, session[s].route[r].ip, session[s].route[r].mask, 0, 0);
1586 session[s].route[r].ip = 0;
1587 }
1588
1589 if (session[s].ip_pool_index == -1) // static ip
1590 {
1591 if (!routed) routeset(s, session[s].ip, 0, 0, 0);
1592 session[s].ip = 0;
1593 }
1594 else
1595 free_ip_address(s);
1596
1597 // unroute IPv6, if setup
1598 if (session[s].ppp.ipv6cp == Opened && session[s].ipv6prefixlen)
1599 route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 0);
1600 }
1601
1602 if (session[s].throttle_in || session[s].throttle_out) // Unthrottle if throttled.
1603 throttle_session(s, 0, 0);
1604
1605 if (result)
1606 { // Send CDN
1607 controlt *c = controlnew(14); // sending CDN
1608 if (error)
1609 {
1610 uint8_t buf[4];
1611 *(uint16_t *) buf = htons(result);
1612 *(uint16_t *) (buf+2) = htons(error);
1613 controlb(c, 1, buf, 4, 1);
1614 }
1615 else
1616 control16(c, 1, result, 1);
1617
1618 control16(c, 14, s, 1); // assigned session (our end)
1619 controladd(c, session[s].far, session[s].tunnel); // send the message
1620 }
1621
1622 if (!session[s].die)
1623 session[s].die = TIME + 150; // Clean up in 15 seconds
1624
1625 // update filter refcounts
1626 if (session[s].filter_in) ip_filters[session[s].filter_in - 1].used--;
1627 if (session[s].filter_out) ip_filters[session[s].filter_out - 1].used--;
1628
1629 // clear PPP state
1630 memset(&session[s].ppp, 0, sizeof(session[s].ppp));
1631 sess_local[s].lcp.restart = 0;
1632 sess_local[s].ipcp.restart = 0;
1633 sess_local[s].ipv6cp.restart = 0;
1634 sess_local[s].ccp.restart = 0;
1635
1636 cluster_send_session(s);
1637 }
1638
1639 void sendipcp(sessionidt s, tunnelidt t)
1640 {
1641 uint8_t buf[MAXETHER];
1642 uint8_t *q;
1643
1644 CSTAT(sendipcp);
1645 LOG(3, s, t, "IPCP: send ConfigReq\n");
1646
1647 if (!session[s].unique_id)
1648 {
1649 if (!++last_id) ++last_id; // skip zero
1650 session[s].unique_id = last_id;
1651 }
1652
1653 q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPIPCP);
1654 if (!q) return;
1655
1656 *q = ConfigReq;
1657 q[1] = session[s].unique_id & 0xf; // ID, dont care, we only send one type of request
1658 *(uint16_t *) (q + 2) = htons(10); // packet length
1659 q[4] = 3; // ip address option
1660 q[5] = 6; // option length
1661 *(in_addr_t *) (q + 6) = config->peer_address ? config->peer_address :
1662 config->bind_address ? config->bind_address :
1663 my_address; // send my IP
1664
1665 tunnelsend(buf, 10 + (q - buf), t); // send it
1666 }
1667
1668 void sendipv6cp(sessionidt s, tunnelidt t)
1669 {
1670 uint8_t buf[MAXETHER];
1671 uint8_t *q;
1672
1673 CSTAT(sendipv6cp);
1674 LOG(3, s, t, "IPV6CP: send ConfigReq\n");
1675
1676 q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPIPV6CP);
1677 if (!q) return;
1678
1679 *q = ConfigReq;
1680 q[1] = session[s].unique_id & 0xf; // ID, don't care, we
1681 // only send one type
1682 // of request
1683 *(uint16_t *) (q + 2) = htons(14);
1684 q[4] = 1; // interface identifier option
1685 q[5] = 10; // option length
1686 *(uint32_t *) (q + 6) = 0; // We'll be prefix::1
1687 *(uint32_t *) (q + 10) = 0;
1688 q[13] = 1;
1689
1690 tunnelsend(buf, 14 + (q - buf), t); // send it
1691 }
1692
1693 static void sessionclear(sessionidt s)
1694 {
1695 memset(&session[s], 0, sizeof(session[s]));
1696 memset(&sess_local[s], 0, sizeof(sess_local[s]));
1697 memset(&cli_session_actions[s], 0, sizeof(cli_session_actions[s]));
1698
1699 session[s].tunnel = T_FREE; // Mark it as free.
1700 session[s].next = sessionfree;
1701 sessionfree = s;
1702 }
1703
1704 // kill a session now
1705 void sessionkill(sessionidt s, char *reason)
1706 {
1707
1708 CSTAT(sessionkill);
1709
1710 if (!session[s].opened) // not alive
1711 return;
1712
1713 if (session[s].next)
1714 {
1715 LOG(0, s, session[s].tunnel, "Tried to kill a session with next pointer set (%d)\n", session[s].next);
1716 return;
1717 }
1718
1719 session[s].die = TIME;
1720 sessionshutdown(s, reason, 3, 0); // close radius/routes, etc.
1721 if (sess_local[s].radius)
1722 radiusclear(sess_local[s].radius, s); // cant send clean accounting data, session is killed
1723
1724 LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason);
1725 sessionclear(s);
1726 cluster_send_session(s);
1727 }
1728
1729 static void tunnelclear(tunnelidt t)
1730 {
1731 if (!t) return;
1732 memset(&tunnel[t], 0, sizeof(tunnel[t]));
1733 tunnel[t].state = TUNNELFREE;
1734 }
1735
1736 // kill a tunnel now
1737 static void tunnelkill(tunnelidt t, char *reason)
1738 {
1739 sessionidt s;
1740 controlt *c;
1741
1742 CSTAT(tunnelkill);
1743
1744 tunnel[t].state = TUNNELDIE;
1745
1746 // free control messages
1747 while ((c = tunnel[t].controls))
1748 {
1749 controlt * n = c->next;
1750 tunnel[t].controls = n;
1751 tunnel[t].controlc--;
1752 c->next = controlfree;
1753 controlfree = c;
1754 }
1755 // kill sessions
1756 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
1757 if (session[s].tunnel == t)
1758 sessionkill(s, reason);
1759
1760 // free tunnel
1761 tunnelclear(t);
1762 LOG(1, 0, t, "Kill tunnel %d: %s\n", t, reason);
1763 cli_tunnel_actions[t].action = 0;
1764 cluster_send_tunnel(t);
1765 }
1766
1767 // shut down a tunnel cleanly
1768 static void tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg)
1769 {
1770 sessionidt s;
1771
1772 CSTAT(tunnelshutdown);
1773
1774 if (!tunnel[t].last || !tunnel[t].far || tunnel[t].state == TUNNELFREE)
1775 {
1776 // never set up, can immediately kill
1777 tunnelkill(t, reason);
1778 return;
1779 }
1780 LOG(1, 0, t, "Shutting down tunnel %d (%s)\n", t, reason);
1781
1782 // close session
1783 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
1784 if (session[s].tunnel == t)
1785 sessionshutdown(s, reason, 0, 0);
1786
1787 tunnel[t].state = TUNNELDIE;
1788 tunnel[t].die = TIME + 700; // Clean up in 70 seconds
1789 cluster_send_tunnel(t);
1790 // TBA - should we wait for sessions to stop?
1791 if (result)
1792 {
1793 controlt *c = controlnew(4); // sending StopCCN
1794 if (error)
1795 {
1796 uint8_t buf[64];
1797 int l = 4;
1798 *(uint16_t *) buf = htons(result);
1799 *(uint16_t *) (buf+2) = htons(error);
1800 if (msg)
1801 {
1802 int m = strlen(msg);
1803 if (m + 4 > sizeof(buf))
1804 m = sizeof(buf) - 4;
1805
1806 memcpy(buf+4, msg, m);
1807 l += m;
1808 }
1809
1810 controlb(c, 1, buf, l, 1);
1811 }
1812 else
1813 control16(c, 1, result, 1);
1814
1815 control16(c, 9, t, 1); // assigned tunnel (our end)
1816 controladd(c, 0, t); // send the message
1817 }
1818 }
1819
1820 // read and process packet on tunnel (UDP)
1821 void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
1822 {
1823 uint8_t *chapresponse = NULL;
1824 uint16_t l = len, t = 0, s = 0, ns = 0, nr = 0;
1825 uint8_t *p = buf + 2;
1826
1827
1828 CSTAT(processudp);
1829
1830 udp_rx += len;
1831 udp_rx_pkt++;
1832 LOG_HEX(5, "UDP Data", buf, len);
1833 STAT(tunnel_rx_packets);
1834 INC_STAT(tunnel_rx_bytes, len);
1835 if (len < 6)
1836 {
1837 LOG(1, 0, 0, "Short UDP, %d bytes\n", len);
1838 STAT(tunnel_rx_errors);
1839 return;
1840 }
1841 if ((buf[1] & 0x0F) != 2)
1842 {
1843 LOG(1, 0, 0, "Bad L2TP ver %d\n", (buf[1] & 0x0F) != 2);
1844 STAT(tunnel_rx_errors);
1845 return;
1846 }
1847 if (*buf & 0x40)
1848 { // length
1849 l = ntohs(*(uint16_t *) p);
1850 p += 2;
1851 }
1852 t = ntohs(*(uint16_t *) p);
1853 p += 2;
1854 s = ntohs(*(uint16_t *) p);
1855 p += 2;
1856 if (s >= MAXSESSION)
1857 {
1858 LOG(1, s, t, "Received UDP packet with invalid session ID\n");
1859 STAT(tunnel_rx_errors);
1860 return;
1861 }
1862 if (t >= MAXTUNNEL)
1863 {
1864 LOG(1, s, t, "Received UDP packet with invalid tunnel ID\n");
1865 STAT(tunnel_rx_errors);
1866 return;
1867 }
1868 if (*buf & 0x08)
1869 { // ns/nr
1870 ns = ntohs(*(uint16_t *) p);
1871 p += 2;
1872 nr = ntohs(*(uint16_t *) p);
1873 p += 2;
1874 }
1875 if (*buf & 0x02)
1876 { // offset
1877 uint16_t o = ntohs(*(uint16_t *) p);
1878 p += o + 2;
1879 }
1880 if ((p - buf) > l)
1881 {
1882 LOG(1, s, t, "Bad length %d>%d\n", (int) (p - buf), l);
1883 STAT(tunnel_rx_errors);
1884 return;
1885 }
1886 l -= (p - buf);
1887
1888 // used to time out old tunnels
1889 if (t && tunnel[t].state == TUNNELOPEN)
1890 tunnel[t].lastrec = time_now;
1891
1892 if (*buf & 0x80)
1893 { // control
1894 uint16_t message = 0xFFFF; // message type
1895 uint8_t fatal = 0;
1896 uint8_t mandatory = 0;
1897 uint16_t asession = 0; // assigned session
1898 uint32_t amagic = 0; // magic number
1899 uint8_t aflags = 0; // flags from last LCF
1900 uint16_t version = 0x0100; // protocol version (we handle 0.0 as well and send that back just in case)
1901 char called[MAXTEL] = ""; // called number
1902 char calling[MAXTEL] = ""; // calling number
1903
1904 if (!config->cluster_iam_master)
1905 {
1906 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
1907 return;
1908 }
1909
1910 // control messages must have bits 0x80|0x40|0x08
1911 // (type, length and sequence) set, and bits 0x02|0x01
1912 // (offset and priority) clear
1913 if ((*buf & 0xCB) != 0xC8)
1914 {
1915 LOG(1, s, t, "Bad control header %02X\n", *buf);
1916 STAT(tunnel_rx_errors);
1917 return;
1918 }
1919
1920 // check for duplicate tunnel open message
1921 if (!t && ns == 0)
1922 {
1923 int i;
1924
1925 //
1926 // Is this a duplicate of the first packet? (SCCRQ)
1927 //
1928 for (i = 1; i <= config->cluster_highest_tunnelid ; ++i)
1929 {
1930 if (tunnel[i].state != TUNNELOPENING ||
1931 tunnel[i].ip != ntohl(*(in_addr_t *) & addr->sin_addr) ||
1932 tunnel[i].port != ntohs(addr->sin_port) )
1933 continue;
1934 t = i;
1935 LOG(3, s, t, "Duplicate SCCRQ?\n");
1936 break;
1937 }
1938 }
1939
1940 LOG(3, s, t, "Control message (%d bytes): (unacked %d) l-ns %d l-nr %d r-ns %d r-nr %d\n",
1941 l, tunnel[t].controlc, tunnel[t].ns, tunnel[t].nr, ns, nr);
1942
1943 // if no tunnel specified, assign one
1944 if (!t)
1945 {
1946 if (!(t = new_tunnel()))
1947 {
1948 LOG(1, 0, 0, "No more tunnels\n");
1949 STAT(tunnel_overflow);
1950 return;
1951 }
1952 tunnelclear(t);
1953 tunnel[t].ip = ntohl(*(in_addr_t *) & addr->sin_addr);
1954 tunnel[t].port = ntohs(addr->sin_port);
1955 tunnel[t].window = 4; // default window
1956 STAT(tunnel_created);
1957 LOG(1, 0, t, " New tunnel from %s:%u ID %d\n",
1958 fmtaddr(htonl(tunnel[t].ip), 0), tunnel[t].port, t);
1959 }
1960
1961 // If the 'ns' just received is not the 'nr' we're
1962 // expecting, just send an ack and drop it.
1963 //
1964 // if 'ns' is less, then we got a retransmitted packet.
1965 // if 'ns' is greater than missed a packet. Either way
1966 // we should ignore it.
1967 if (ns != tunnel[t].nr)
1968 {
1969 // is this the sequence we were expecting?
1970 STAT(tunnel_rx_errors);
1971 LOG(1, 0, t, " Out of sequence tunnel %d, (%d is not the expected %d)\n",
1972 t, ns, tunnel[t].nr);
1973
1974 if (l) // Is this not a ZLB?
1975 controlnull(t);
1976 return;
1977 }
1978
1979 // check sequence of this message
1980 {
1981 int skip = tunnel[t].window; // track how many in-window packets are still in queue
1982 // some to clear maybe?
1983 while (tunnel[t].controlc > 0 && (((tunnel[t].ns - tunnel[t].controlc) - nr) & 0x8000))
1984 {
1985 controlt *c = tunnel[t].controls;
1986 tunnel[t].controls = c->next;
1987 tunnel[t].controlc--;
1988 c->next = controlfree;
1989 controlfree = c;
1990 skip--;
1991 tunnel[t].try = 0; // we have progress
1992 }
1993
1994 // receiver advance (do here so quoted correctly in any sends below)
1995 if (l) tunnel[t].nr = (ns + 1);
1996 if (skip < 0) skip = 0;
1997 if (skip < tunnel[t].controlc)
1998 {
1999 // some control packets can now be sent that were previous stuck out of window
2000 int tosend = tunnel[t].window - skip;
2001 controlt *c = tunnel[t].controls;
2002 while (c && skip)
2003 {
2004 c = c->next;
2005 skip--;
2006 }
2007 while (c && tosend)
2008 {
2009 tunnel[t].try = 0; // first send
2010 tunnelsend(c->buf, c->length, t);
2011 c = c->next;
2012 tosend--;
2013 }
2014 }
2015 if (!tunnel[t].controlc)
2016 tunnel[t].retry = 0; // caught up
2017 }
2018 if (l)
2019 { // if not a null message
2020 int result = 0;
2021 int error = 0;
2022 char *msg = 0;
2023
2024 // process AVPs
2025 while (l && !(fatal & 0x80)) // 0x80 = mandatory AVP
2026 {
2027 uint16_t n = (ntohs(*(uint16_t *) p) & 0x3FF);
2028 uint8_t *b = p;
2029 uint8_t flags = *p;
2030 uint16_t mtype;
2031 if (n > l)
2032 {
2033 LOG(1, s, t, "Invalid length in AVP\n");
2034 STAT(tunnel_rx_errors);
2035 return;
2036 }
2037 p += n; // next
2038 l -= n;
2039 if (flags & 0x3C) // reserved bits, should be clear
2040 {
2041 LOG(1, s, t, "Unrecognised AVP flags %02X\n", *b);
2042 fatal = flags;
2043 result = 2; // general error
2044 error = 3; // reserved field non-zero
2045 msg = 0;
2046 continue; // next
2047 }
2048 b += 2;
2049 if (*(uint16_t *) (b))
2050 {
2051 LOG(2, s, t, "Unknown AVP vendor %d\n", ntohs(*(uint16_t *) (b)));
2052 fatal = flags;
2053 result = 2; // general error
2054 error = 6; // generic vendor-specific error
2055 msg = "unsupported vendor-specific";
2056 continue; // next
2057 }
2058 b += 2;
2059 mtype = ntohs(*(uint16_t *) (b));
2060 b += 2;
2061 n -= 6;
2062
2063 if (flags & 0x40)
2064 {
2065 uint16_t orig_len;
2066
2067 // handle hidden AVPs
2068 if (!*config->l2tp_secret)
2069 {
2070 LOG(1, s, t, "Hidden AVP requested, but no L2TP secret.\n");
2071 fatal = flags;
2072 result = 2; // general error
2073 error = 6; // generic vendor-specific error
2074 msg = "secret not specified";
2075 continue;
2076 }
2077 if (!session[s].random_vector_length)
2078 {
2079 LOG(1, s, t, "Hidden AVP requested, but no random vector.\n");
2080 fatal = flags;
2081 result = 2; // general error
2082 error = 6; // generic
2083 msg = "no random vector";
2084 continue;
2085 }
2086 if (n < 8)
2087 {
2088 LOG(2, s, t, "Short hidden AVP.\n");
2089 fatal = flags;
2090 result = 2; // general error
2091 error = 2; // length is wrong
2092 msg = 0;
2093 continue;
2094 }
2095
2096 // Unhide the AVP
2097 unhide_value(b, n, mtype, session[s].random_vector, session[s].random_vector_length);
2098
2099 orig_len = ntohs(*(uint16_t *) b);
2100 if (orig_len > n + 2)
2101 {
2102 LOG(1, s, t, "Original length %d too long in hidden AVP of length %d; wrong secret?\n",
2103 orig_len, n);
2104
2105 fatal = flags;
2106 result = 2; // general error
2107 error = 2; // length is wrong
2108 msg = 0;
2109 continue;
2110 }
2111
2112 b += 2;
2113 n = orig_len;
2114 }
2115
2116 LOG(4, s, t, " AVP %d (%s) len %d%s%s\n", mtype, l2tp_avp_name(mtype), n,
2117 flags & 0x40 ? ", hidden" : "", flags & 0x80 ? ", mandatory" : "");
2118
2119 switch (mtype)
2120 {
2121 case 0: // message type
2122 message = ntohs(*(uint16_t *) b);
2123 mandatory = flags & 0x80;
2124 LOG(4, s, t, " Message type = %d (%s)\n", *b, l2tp_code(message));
2125 break;
2126 case 1: // result code
2127 {
2128 uint16_t rescode = ntohs(*(uint16_t *) b);
2129 const char* resdesc = "(unknown)";
2130 if (message == 4)
2131 { /* StopCCN */
2132 resdesc = l2tp_stopccn_result_code(rescode);
2133 }
2134 else if (message == 14)
2135 { /* CDN */
2136 resdesc = l2tp_cdn_result_code(rescode);
2137 }
2138
2139 LOG(4, s, t, " Result Code %d: %s\n", rescode, resdesc);
2140 if (n >= 4)
2141 {
2142 uint16_t errcode = ntohs(*(uint16_t *)(b + 2));
2143 LOG(4, s, t, " Error Code %d: %s\n", errcode, l2tp_error_code(errcode));
2144 }
2145 if (n > 4)
2146 LOG(4, s, t, " Error String: %.*s\n", n-4, b+4);
2147
2148 break;
2149 }
2150 break;
2151 case 2: // protocol version
2152 {
2153 version = ntohs(*(uint16_t *) (b));
2154 LOG(4, s, t, " Protocol version = %d\n", version);
2155 if (version && version != 0x0100)
2156 { // allow 0.0 and 1.0
2157 LOG(1, s, t, " Bad protocol version %04X\n", version);
2158 fatal = flags;
2159 result = 5; // unspported protocol version
2160 error = 0x0100; // supported version
2161 msg = 0;
2162 continue; // next
2163 }
2164 }
2165 break;
2166 case 3: // framing capabilities
2167 // LOG(4, s, t, "Framing capabilities\n");
2168 break;
2169 case 4: // bearer capabilities
2170 // LOG(4, s, t, "Bearer capabilities\n");
2171 break;
2172 case 5: // tie breaker
2173 // We never open tunnels, so we don't care about tie breakers
2174 // LOG(4, s, t, "Tie breaker\n");
2175 continue;
2176 case 6: // firmware revision
2177 // LOG(4, s, t, "Firmware revision\n");
2178 break;
2179 case 7: // host name
2180 memset(tunnel[t].hostname, 0, sizeof(tunnel[t].hostname));
2181 memcpy(tunnel[t].hostname, b, (n < sizeof(tunnel[t].hostname)) ? n : sizeof(tunnel[t].hostname) - 1);
2182 LOG(4, s, t, " Tunnel hostname = \"%s\"\n", tunnel[t].hostname);
2183 // TBA - to send to RADIUS
2184 break;
2185 case 8: // vendor name
2186 memset(tunnel[t].vendor, 0, sizeof(tunnel[t].vendor));
2187 memcpy(tunnel[t].vendor, b, (n < sizeof(tunnel[t].vendor)) ? n : sizeof(tunnel[t].vendor) - 1);
2188 LOG(4, s, t, " Vendor name = \"%s\"\n", tunnel[t].vendor);
2189 break;
2190 case 9: // assigned tunnel
2191 tunnel[t].far = ntohs(*(uint16_t *) (b));
2192 LOG(4, s, t, " Remote tunnel id = %d\n", tunnel[t].far);
2193 break;
2194 case 10: // rx window
2195 tunnel[t].window = ntohs(*(uint16_t *) (b));
2196 if (!tunnel[t].window)
2197 tunnel[t].window = 1; // window of 0 is silly
2198 LOG(4, s, t, " rx window = %d\n", tunnel[t].window);
2199 break;
2200 case 11: // Challenge
2201 {
2202 LOG(4, s, t, " LAC requested CHAP authentication for tunnel\n");
2203 build_chap_response(b, 2, n, &chapresponse);
2204 }
2205 break;
2206 case 13: // Response
2207 // Why did they send a response? We never challenge.
2208 LOG(2, s, t, " received unexpected challenge response\n");
2209 break;
2210
2211 case 14: // assigned session
2212 asession = session[s].far = ntohs(*(uint16_t *) (b));
2213 LOG(4, s, t, " assigned session = %d\n", asession);
2214 break;
2215 case 15: // call serial number
2216 LOG(4, s, t, " call serial number = %d\n", ntohl(*(uint32_t *)b));
2217 break;
2218 case 18: // bearer type
2219 LOG(4, s, t, " bearer type = %d\n", ntohl(*(uint32_t *)b));
2220 // TBA - for RADIUS
2221 break;
2222 case 19: // framing type
2223 LOG(4, s, t, " framing type = %d\n", ntohl(*(uint32_t *)b));
2224 // TBA
2225 break;
2226 case 21: // called number
2227 memset(called, 0, sizeof(called));
2228 memcpy(called, b, (n < sizeof(called)) ? n : sizeof(called) - 1);
2229 LOG(4, s, t, " Called <%s>\n", called);
2230 break;
2231 case 22: // calling number
2232 memset(calling, 0, sizeof(calling));
2233 memcpy(calling, b, (n < sizeof(calling)) ? n : sizeof(calling) - 1);
2234 LOG(4, s, t, " Calling <%s>\n", calling);
2235 break;
2236 case 23: // subtype
2237 break;
2238 case 24: // tx connect speed
2239 if (n == 4)
2240 {
2241 session[s].tx_connect_speed = ntohl(*(uint32_t *)b);
2242 }
2243 else
2244 {
2245 // AS5300s send connect speed as a string
2246 char tmp[30];
2247 memset(tmp, 0, sizeof(tmp));
2248 memcpy(tmp, b, (n < sizeof(tmp)) ? n : sizeof(tmp) - 1);
2249 session[s].tx_connect_speed = atol(tmp);
2250 }
2251 LOG(4, s, t, " TX connect speed <%u>\n", session[s].tx_connect_speed);
2252 break;
2253 case 38: // rx connect speed
2254 if (n == 4)
2255 {
2256 session[s].rx_connect_speed = ntohl(*(uint32_t *)b);
2257 }
2258 else
2259 {
2260 // AS5300s send connect speed as a string
2261 char tmp[30];
2262 memset(tmp, 0, sizeof(tmp));
2263 memcpy(tmp, b, (n < sizeof(tmp)) ? n : sizeof(tmp) - 1);
2264 session[s].rx_connect_speed = atol(tmp);
2265 }
2266 LOG(4, s, t, " RX connect speed <%u>\n", session[s].rx_connect_speed);
2267 break;
2268 case 25: // Physical Channel ID
2269 {
2270 uint32_t tmp = ntohl(*(uint32_t *) b);
2271 LOG(4, s, t, " Physical Channel ID <%X>\n", tmp);
2272 break;
2273 }
2274 case 29: // Proxy Authentication Type
2275 {
2276 uint16_t atype = ntohs(*(uint16_t *)b);
2277 LOG(4, s, t, " Proxy Auth Type %d (%s)\n", atype, ppp_auth_type(atype));
2278 break;
2279 }
2280 case 30: // Proxy Authentication Name
2281 {
2282 char authname[64];
2283 memset(authname, 0, sizeof(authname));
2284 memcpy(authname, b, (n < sizeof(authname)) ? n : sizeof(authname) - 1);
2285 LOG(4, s, t, " Proxy Auth Name (%s)\n",
2286 authname);
2287 break;
2288 }
2289 case 31: // Proxy Authentication Challenge
2290 {
2291 LOG(4, s, t, " Proxy Auth Challenge\n");
2292 break;
2293 }
2294 case 32: // Proxy Authentication ID
2295 {
2296 uint16_t authid = ntohs(*(uint16_t *)(b));
2297 LOG(4, s, t, " Proxy Auth ID (%d)\n", authid);
2298 break;
2299 }
2300 case 33: // Proxy Authentication Response
2301 LOG(4, s, t, " Proxy Auth Response\n");
2302 break;
2303 case 27: // last sent lcp
2304 { // find magic number
2305 uint8_t *p = b, *e = p + n;
2306 while (p + 1 < e && p[1] && p + p[1] <= e)
2307 {
2308 if (*p == 5 && p[1] == 6) // Magic-Number
2309 amagic = ntohl(*(uint32_t *) (p + 2));
2310 else if (*p == 7) // Protocol-Field-Compression
2311 aflags |= SESSIONPFC;
2312 else if (*p == 8) // Address-and-Control-Field-Compression
2313 aflags |= SESSIONACFC;
2314 p += p[1];
2315 }
2316 }
2317 break;
2318 case 28: // last recv lcp confreq
2319 break;
2320 case 26: // Initial Received LCP CONFREQ
2321 break;
2322 case 39: // seq required - we control it as an LNS anyway...
2323 break;
2324 case 36: // Random Vector
2325 LOG(4, s, t, " Random Vector received. Enabled AVP Hiding.\n");
2326 memset(session[s].random_vector, 0, sizeof(session[s].random_vector));
2327 if (n > sizeof(session[s].random_vector))
2328 n = sizeof(session[s].random_vector);
2329 memcpy(session[s].random_vector, b, n);
2330 session[s].random_vector_length = n;
2331 break;
2332 default:
2333 {
2334 static char e[] = "unknown AVP 0xXXXX";
2335 LOG(2, s, t, " Unknown AVP type %d\n", mtype);
2336 fatal = flags;
2337 result = 2; // general error
2338 error = 8; // unknown mandatory AVP
2339 sprintf((msg = e) + 14, "%04x", mtype);
2340 continue; // next
2341 }
2342 }
2343 }
2344 // process message
2345 if (fatal & 0x80)
2346 tunnelshutdown(t, "Invalid mandatory AVP", result, error, msg);
2347 else
2348 switch (message)
2349 {
2350 case 1: // SCCRQ - Start Control Connection Request
2351 tunnel[t].state = TUNNELOPENING;
2352 if (main_quit != QUIT_SHUTDOWN)
2353 {
2354 controlt *c = controlnew(2); // sending SCCRP
2355 control16(c, 2, version, 1); // protocol version
2356 control32(c, 3, 3, 1); // framing
2357 controls(c, 7, hostname, 1); // host name
2358 if (chapresponse) controlb(c, 13, chapresponse, 16, 1); // Challenge response
2359 control16(c, 9, t, 1); // assigned tunnel
2360 controladd(c, 0, t); // send the resply
2361 }
2362 else
2363 {
2364 tunnelshutdown(t, "Shutting down", 6, 0, 0);
2365 }
2366 break;
2367 case 2: // SCCRP
2368 tunnel[t].state = TUNNELOPEN;
2369 break;
2370 case 3: // SCCN
2371 tunnel[t].state = TUNNELOPEN;
2372 controlnull(t); // ack
2373 break;
2374 case 4: // StopCCN
2375 controlnull(t); // ack
2376 tunnelshutdown(t, "Stopped", 0, 0, 0); // Shut down cleanly
2377 break;
2378 case 6: // HELLO
2379 controlnull(t); // simply ACK
2380 break;
2381 case 7: // OCRQ
2382 // TBA
2383 break;
2384 case 8: // OCRO
2385 // TBA
2386 break;
2387 case 9: // OCCN
2388 // TBA
2389 break;
2390 case 10: // ICRQ
2391 if (sessionfree && main_quit != QUIT_SHUTDOWN)
2392 {
2393 controlt *c = controlnew(11); // ICRP
2394
2395 s = sessionfree;
2396 sessionfree = session[s].next;
2397 memset(&session[s], 0, sizeof(session[s]));
2398
2399 if (s > config->cluster_highest_sessionid)
2400 config->cluster_highest_sessionid = s;
2401
2402 session[s].opened = time_now;
2403 session[s].tunnel = t;
2404 session[s].far = asession;
2405 session[s].last_packet = time_now;
2406 LOG(3, s, t, "New session (%d/%d)\n", tunnel[t].far, session[s].far);
2407 control16(c, 14, s, 1); // assigned session
2408 controladd(c, asession, t); // send the reply
2409
2410 strncpy(session[s].called, called, sizeof(session[s].called) - 1);
2411 strncpy(session[s].calling, calling, sizeof(session[s].calling) - 1);
2412
2413 session[s].ppp.phase = Establish;
2414 session[s].ppp.lcp = Starting;
2415
2416 STAT(session_created);
2417 break;
2418 }
2419
2420 {
2421 controlt *c = controlnew(14); // CDN
2422 if (!sessionfree)
2423 {
2424 STAT(session_overflow);
2425 LOG(1, 0, t, "No free sessions\n");
2426 control16(c, 1, 4, 0); // temporary lack of resources
2427 }
2428 else
2429 control16(c, 1, 2, 7); // shutting down, try another
2430
2431 controladd(c, asession, t); // send the message
2432 }
2433 return;
2434 case 11: // ICRP
2435 // TBA
2436 break;
2437 case 12: // ICCN
2438 if (amagic == 0) amagic = time_now;
2439 session[s].magic = amagic; // set magic number
2440 session[s].l2tp_flags = aflags; // set flags received
2441 session[s].mru = PPPMTU; // default
2442 controlnull(t); // ack
2443
2444 // start LCP
2445 sess_local[s].lcp.restart = time_now + config->ppp_restart_time;
2446 sess_local[s].lcp.conf_sent = 1;
2447 sess_local[s].lcp.nak_sent = 0;
2448 sess_local[s].lcp_authtype = config->radius_authprefer;
2449 sess_local[s].ppp_mru = MRU;
2450 session[s].ppp.lcp = RequestSent;
2451 sendlcp(s, t);
2452
2453 break;
2454 case 14: // CDN
2455 controlnull(t); // ack
2456 sessionshutdown(s, "Closed (Received CDN).", 0, 0);
2457 break;
2458 case 0xFFFF:
2459 LOG(1, s, t, "Missing message type\n");
2460 break;
2461 default:
2462 STAT(tunnel_rx_errors);
2463 if (mandatory)
2464 tunnelshutdown(t, "Unknown message type", 2, 6, "unknown message type");
2465 else
2466 LOG(1, s, t, "Unknown message type %d\n", message);
2467 break;
2468 }
2469 if (chapresponse) free(chapresponse);
2470 cluster_send_tunnel(t);
2471 }
2472 else
2473 {
2474 LOG(4, s, t, " Got a ZLB ack\n");
2475 }
2476 }
2477 else
2478 { // data
2479 uint16_t proto;
2480
2481 LOG_HEX(5, "Receive Tunnel Data", p, l);
2482 if (l > 2 && p[0] == 0xFF && p[1] == 0x03)
2483 { // HDLC address header, discard
2484 p += 2;
2485 l -= 2;
2486 }
2487 if (l < 2)
2488 {
2489 LOG(1, s, t, "Short ppp length %d\n", l);
2490 STAT(tunnel_rx_errors);
2491 return;
2492 }
2493 if (*p & 1)
2494 {
2495 proto = *p++;
2496 l--;
2497 }
2498 else
2499 {
2500 proto = ntohs(*(uint16_t *) p);
2501 p += 2;
2502 l -= 2;
2503 }
2504
2505 if (s && !session[s].opened) // Is something wrong??
2506 {
2507 if (!config->cluster_iam_master)
2508 {
2509 // Pass it off to the master to deal with..
2510 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
2511 return;
2512 }
2513
2514
2515 LOG(1, s, t, "UDP packet contains session which is not opened. Dropping packet.\n");
2516 STAT(tunnel_rx_errors);
2517 return;
2518 }
2519
2520 if (proto == PPPPAP)
2521 {
2522 session[s].last_packet = time_now;
2523 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2524 processpap(s, t, p, l);
2525 }
2526 else if (proto == PPPCHAP)
2527 {
2528 session[s].last_packet = time_now;
2529 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2530 processchap(s, t, p, l);
2531 }
2532 else if (proto == PPPLCP)
2533 {
2534 session[s].last_packet = time_now;
2535 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2536 processlcp(s, t, p, l);
2537 }
2538 else if (proto == PPPIPCP)
2539 {
2540 session[s].last_packet = time_now;
2541 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2542 processipcp(s, t, p, l);
2543 }
2544 else if (proto == PPPIPV6CP && config->ipv6_prefix.s6_addr[0])
2545 {
2546 session[s].last_packet = time_now;
2547 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2548 processipv6cp(s, t, p, l);
2549 }
2550 else if (proto == PPPCCP)
2551 {
2552 session[s].last_packet = time_now;
2553 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2554 processccp(s, t, p, l);
2555 }
2556 else if (proto == PPPIP)
2557 {
2558 if (session[s].die)
2559 {
2560 LOG(4, s, t, "Session %d is closing. Don't process PPP packets\n", s);
2561 return; // closing session, PPP not processed
2562 }
2563
2564 session[s].last_packet = time_now;
2565 if (session[s].walled_garden && !config->cluster_iam_master)
2566 {
2567 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
2568 return;
2569 }
2570
2571 processipin(s, t, p, l);
2572 }
2573 else if (proto == PPPIPV6 && config->ipv6_prefix.s6_addr[0])
2574 {
2575 if (session[s].die)
2576 {
2577 LOG(4, s, t, "Session %d is closing. Don't process PPP packets\n", s);
2578 return; // closing session, PPP not processed
2579 }
2580
2581 session[s].last_packet = time_now;
2582 if (session[s].walled_garden && !config->cluster_iam_master)
2583 {
2584 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
2585 return;
2586 }
2587
2588 processipv6in(s, t, p, l);
2589 }
2590 else if (session[s].ppp.lcp == Opened)
2591 {
2592 uint8_t buf[MAXETHER];
2593 uint8_t *q;
2594 int mru = session[s].mru;
2595 if (mru > sizeof(buf)) mru = sizeof(buf);
2596
2597 l += 6;
2598 if (l > mru) l = mru;
2599
2600 q = makeppp(buf, sizeof(buf), 0, 0, s, t, proto);
2601 if (!q) return;
2602
2603 *q = CodeRej;
2604 *(q + 1) = ++sess_local[s].lcp_ident;
2605 *(uint16_t *)(q + 2) = l;
2606 *(uint16_t *)(q + 4) = htons(proto);
2607 memcpy(q + 6, p, l - 6);
2608
2609 if (proto == PPPIPV6CP)
2610 LOG(3, s, t, "LCP: send ProtocolRej (IPV6CP: not configured)\n");
2611 else
2612 LOG(2, s, t, "LCP: sent ProtocolRej (0x%04X: unsupported)\n", proto);
2613
2614 tunnelsend(buf, l + (q - buf), t);
2615 }
2616 else
2617 {
2618 LOG(2, s, t, "Unknown PPP protocol 0x%04X received in LCP %s state\n",
2619 proto, ppp_state(session[s].ppp.lcp));
2620 }
2621 }
2622 }
2623
2624 // read and process packet on tun
2625 static void processtun(uint8_t * buf, int len)
2626 {
2627 LOG_HEX(5, "Receive TUN Data", buf, len);
2628 STAT(tun_rx_packets);
2629 INC_STAT(tun_rx_bytes, len);
2630
2631 CSTAT(processtun);
2632
2633 eth_rx_pkt++;
2634 eth_rx += len;
2635 if (len < 22)
2636 {
2637 LOG(1, 0, 0, "Short tun packet %d bytes\n", len);
2638 STAT(tun_rx_errors);
2639 return;
2640 }
2641
2642 if (*(uint16_t *) (buf + 2) == htons(PKTIP)) // IPv4
2643 processipout(buf, len);
2644 else if (*(uint16_t *) (buf + 2) == htons(PKTIPV6) // IPV6
2645 && config->ipv6_prefix.s6_addr[0])
2646 processipv6out(buf, len);
2647
2648 // Else discard.
2649 }
2650
2651 // Handle retries, timeouts. Runs every 1/10th sec, want to ensure
2652 // that we look at the whole of the tunnel, radius and session tables
2653 // every second
2654 static void regular_cleanups(double period)
2655 {
2656 // Next tunnel, radius and session to check for actions on.
2657 static tunnelidt t = 0;
2658 static int r = 0;
2659 static sessionidt s = 0;
2660
2661 int t_actions = 0;
2662 int r_actions = 0;
2663 int s_actions = 0;
2664
2665 int t_slice;
2666 int r_slice;
2667 int s_slice;
2668
2669 int i;
2670 int a;
2671
2672 // divide up tables into slices based on the last run
2673 t_slice = config->cluster_highest_tunnelid * period;
2674 r_slice = (MAXRADIUS - 1) * period;
2675 s_slice = config->cluster_highest_sessionid * period;
2676
2677 if (t_slice < 1)
2678 t_slice = 1;
2679 else if (t_slice > config->cluster_highest_tunnelid)
2680 t_slice = config->cluster_highest_tunnelid;
2681
2682 if (r_slice < 1)
2683 r_slice = 1;
2684 else if (r_slice > (MAXRADIUS - 1))
2685 r_slice = MAXRADIUS - 1;
2686
2687 if (s_slice < 1)
2688 s_slice = 1;
2689 else if (s_slice > config->cluster_highest_sessionid)
2690 s_slice = config->cluster_highest_sessionid;
2691
2692 LOG(4, 0, 0, "Begin regular cleanup (last %f seconds ago)\n", period);
2693
2694 for (i = 0; i < t_slice; i++)
2695 {
2696 t++;
2697 if (t > config->cluster_highest_tunnelid)
2698 t = 1;
2699
2700 // check for expired tunnels
2701 if (tunnel[t].die && tunnel[t].die <= TIME)
2702 {
2703 STAT(tunnel_timeout);
2704 tunnelkill(t, "Expired");
2705 t_actions++;
2706 continue;
2707 }
2708 // check for message resend
2709 if (tunnel[t].retry && tunnel[t].controlc)
2710 {
2711 // resend pending messages as timeout on reply
2712 if (tunnel[t].retry <= TIME)
2713 {
2714 controlt *c = tunnel[t].controls;
2715 uint8_t w = tunnel[t].window;
2716 tunnel[t].try++; // another try
2717 if (tunnel[t].try > 5)
2718 tunnelkill(t, "Timeout on control message"); // game over
2719 else
2720 while (c && w--)
2721 {
2722 tunnelsend(c->buf, c->length, t);
2723 c = c->next;
2724 }
2725
2726 t_actions++;
2727 }
2728 }
2729 // Send hello
2730 if (tunnel[t].state == TUNNELOPEN && (time_now - tunnel[t].lastrec) > 60)
2731 {
2732 controlt *c = controlnew(6); // sending HELLO
2733 controladd(c, 0, t); // send the message
2734 LOG(3, 0, t, "Sending HELLO message\n");
2735 t_actions++;
2736 }
2737
2738 // Check for tunnel changes requested from the CLI
2739 if ((a = cli_tunnel_actions[t].action))
2740 {
2741 cli_tunnel_actions[t].action = 0;
2742 if (a & CLI_TUN_KILL)
2743 {
2744 LOG(2, 0, t, "Dropping tunnel by CLI\n");
2745 tunnelshutdown(t, "Requested by administrator", 1, 0, 0);
2746 t_actions++;
2747 }
2748 }
2749 }
2750
2751 for (i = 0; i < r_slice; i++)
2752 {
2753 r++;
2754 if (r >= MAXRADIUS)
2755 r = 1;
2756
2757 if (!radius[r].state)
2758 continue;
2759
2760 if (radius[r].retry <= TIME)
2761 {
2762 radiusretry(r);
2763 r_actions++;
2764 }
2765 }
2766
2767 for (i = 0; i < s_slice; i++)
2768 {
2769 s++;
2770 if (s > config->cluster_highest_sessionid)
2771 s = 1;
2772
2773 if (!session[s].opened) // Session isn't in use
2774 continue;
2775
2776 // check for expired sessions
2777 if (session[s].die)
2778 {
2779 if (session[s].die <= TIME)
2780 {
2781 sessionkill(s, "Expired");
2782 s_actions++;
2783 }
2784 continue;
2785 }
2786
2787 // PPP timeouts
2788 if (sess_local[s].lcp.restart <= time_now)
2789 {
2790 int next_state = session[s].ppp.lcp;
2791 switch (session[s].ppp.lcp)
2792 {
2793 case RequestSent:
2794 case AckReceived:
2795 next_state = RequestSent;
2796
2797 case AckSent:
2798 if (sess_local[s].lcp.conf_sent < config->ppp_max_configure)
2799 {
2800 LOG(3, s, session[s].tunnel, "No ACK for LCP ConfigReq... resending\n");
2801 sess_local[s].lcp.restart = time_now + config->ppp_restart_time;
2802 sess_local[s].lcp.conf_sent++;
2803 sendlcp(s, session[s].tunnel);
2804 change_state(s, lcp, next_state);
2805 }
2806 else
2807 {
2808 sessionshutdown(s, "No response to LCP ConfigReq.", 3, 0);
2809 STAT(session_timeout);
2810 }
2811
2812 s_actions++;
2813 }
2814
2815 if (session[s].die)
2816 continue;
2817 }
2818
2819 if (sess_local[s].ipcp.restart <= time_now)
2820 {
2821 int next_state = session[s].ppp.ipcp;
2822 switch (session[s].ppp.ipcp)
2823 {
2824 case RequestSent:
2825 case AckReceived:
2826 next_state = RequestSent;
2827
2828 case AckSent:
2829 if (sess_local[s].ipcp.conf_sent < config->ppp_max_configure)
2830 {
2831 LOG(3, s, session[s].tunnel, "No ACK for IPCP ConfigReq... resending\n");
2832 sess_local[s].ipcp.restart = time_now + config->ppp_restart_time;
2833 sess_local[s].ipcp.conf_sent++;
2834 sendipcp(s, session[s].tunnel);
2835 change_state(s, ipcp, next_state);
2836 }
2837 else
2838 {
2839 sessionshutdown(s, "No response to IPCP ConfigReq.", 3, 0);
2840 STAT(session_timeout);
2841 }
2842
2843 s_actions++;
2844 }
2845
2846 if (session[s].die)
2847 continue;
2848 }
2849
2850 if (sess_local[s].ipv6cp.restart <= time_now)
2851 {
2852 int next_state = session[s].ppp.ipv6cp;
2853 switch (session[s].ppp.ipv6cp)
2854 {
2855 case RequestSent:
2856 case AckReceived:
2857 next_state = RequestSent;
2858
2859 case AckSent:
2860 if (sess_local[s].ipv6cp.conf_sent < config->ppp_max_configure)
2861 {
2862 LOG(3, s, session[s].tunnel, "No ACK for IPV6CP ConfigReq... resending\n");
2863 sess_local[s].ipv6cp.restart = time_now + config->ppp_restart_time;
2864 sess_local[s].ipv6cp.conf_sent++;
2865 sendipv6cp(s, session[s].tunnel);
2866 change_state(s, ipv6cp, next_state);
2867 }
2868 else
2869 {
2870 LOG(3, s, session[s].tunnel, "No ACK for IPV6CP ConfigReq\n");
2871 change_state(s, ipv6cp, Stopped);
2872 }
2873
2874 s_actions++;
2875 }
2876 }
2877
2878 if (sess_local[s].ccp.restart <= time_now)
2879 {
2880 int next_state = session[s].ppp.ccp;
2881 switch (session[s].ppp.ccp)
2882 {
2883 case RequestSent:
2884 case AckReceived:
2885 next_state = RequestSent;
2886
2887 case AckSent:
2888 if (sess_local[s].ccp.conf_sent < config->ppp_max_configure)
2889 {
2890 LOG(3, s, session[s].tunnel, "No ACK for CCP ConfigReq... resending\n");
2891 sess_local[s].ccp.restart = time_now + config->ppp_restart_time;
2892 sess_local[s].ccp.conf_sent++;
2893 sendccp(s, session[s].tunnel);
2894 change_state(s, ccp, next_state);
2895 }
2896 else
2897 {
2898 LOG(3, s, session[s].tunnel, "No ACK for CCP ConfigReq\n");
2899 change_state(s, ccp, Stopped);
2900 }
2901
2902 s_actions++;
2903 }
2904 }
2905
2906 // Drop sessions who have not responded within IDLE_TIMEOUT seconds
2907 if (session[s].last_packet && (time_now - session[s].last_packet >= IDLE_TIMEOUT))
2908 {
2909 sessionshutdown(s, "No response to LCP ECHO requests.", 3, 0);
2910 STAT(session_timeout);
2911 s_actions++;
2912 continue;
2913 }
2914
2915 // No data in ECHO_TIMEOUT seconds, send LCP ECHO
2916 if (session[s].ppp.phase >= Establish && (time_now - session[s].last_packet >= ECHO_TIMEOUT))
2917 {
2918 uint8_t b[MAXETHER];
2919
2920 uint8_t *q = makeppp(b, sizeof(b), 0, 0, s, session[s].tunnel, PPPLCP);
2921 if (!q) continue;
2922
2923 *q = EchoReq;
2924 *(uint8_t *)(q + 1) = (time_now % 255); // ID
2925 *(uint16_t *)(q + 2) = htons(8); // Length
2926 *(uint32_t *)(q + 4) = 0; // Magic Number (not supported)
2927
2928 LOG(4, s, session[s].tunnel, "No data in %d seconds, sending LCP ECHO\n",
2929 (int)(time_now - session[s].last_packet));
2930 tunnelsend(b, 24, session[s].tunnel); // send it
2931 s_actions++;
2932 }
2933
2934 // Check for actions requested from the CLI
2935 if ((a = cli_session_actions[s].action))
2936 {
2937 int send = 0;
2938
2939 cli_session_actions[s].action = 0;
2940 if (a & CLI_SESS_KILL)
2941 {
2942 LOG(2, s, session[s].tunnel, "Dropping session by CLI\n");
2943 sessionshutdown(s, "Requested by administrator.", 3, 0);
2944 a = 0; // dead, no need to check for other actions
2945 s_actions++;
2946 }
2947
2948 if (a & CLI_SESS_NOSNOOP)
2949 {
2950 LOG(2, s, session[s].tunnel, "Unsnooping session by CLI\n");
2951 session[s].snoop_ip = 0;
2952 session[s].snoop_port = 0;
2953 s_actions++;
2954 send++;
2955 }
2956 else if (a & CLI_SESS_SNOOP)
2957 {
2958 LOG(2, s, session[s].tunnel, "Snooping session by CLI (to %s:%d)\n",
2959 fmtaddr(cli_session_actions[s].snoop_ip, 0),
2960 cli_session_actions[s].snoop_port);
2961
2962 session[s].snoop_ip = cli_session_actions[s].snoop_ip;
2963 session[s].snoop_port = cli_session_actions[s].snoop_port;
2964 s_actions++;
2965 send++;
2966 }
2967
2968 if (a & CLI_SESS_NOTHROTTLE)
2969 {
2970 LOG(2, s, session[s].tunnel, "Un-throttling session by CLI\n");
2971 throttle_session(s, 0, 0);
2972 s_actions++;
2973 send++;
2974 }
2975 else if (a & CLI_SESS_THROTTLE)
2976 {
2977 LOG(2, s, session[s].tunnel, "Throttling session by CLI (to %dkb/s up and %dkb/s down)\n",
2978 cli_session_actions[s].throttle_in,
2979 cli_session_actions[s].throttle_out);
2980
2981 throttle_session(s, cli_session_actions[s].throttle_in, cli_session_actions[s].throttle_out);
2982 s_actions++;
2983 send++;
2984 }
2985
2986 if (a & CLI_SESS_NOFILTER)
2987 {
2988 LOG(2, s, session[s].tunnel, "Un-filtering session by CLI\n");
2989 filter_session(s, 0, 0);
2990 s_actions++;
2991 send++;
2992 }
2993 else if (a & CLI_SESS_FILTER)
2994 {
2995 LOG(2, s, session[s].tunnel, "Filtering session by CLI (in=%d, out=%d)\n",
2996 cli_session_actions[s].filter_in,
2997 cli_session_actions[s].filter_out);
2998
2999 filter_session(s, cli_session_actions[s].filter_in, cli_session_actions[s].filter_out);
3000 s_actions++;
3001 send++;
3002 }
3003
3004 if (send)
3005 cluster_send_session(s);
3006 }
3007
3008 // RADIUS interim accounting
3009 if (config->radius_accounting && config->radius_interim > 0
3010 && session[s].ip && !session[s].walled_garden
3011 && !sess_local[s].radius // RADIUS already in progress
3012 && time_now - sess_local[s].last_interim >= config->radius_interim)
3013 {
3014 int rad = radiusnew(s);
3015 if (!rad)
3016 {
3017 LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Interim message\n");
3018 STAT(radius_overflow);
3019 continue;
3020 }
3021
3022 LOG(3, s, session[s].tunnel, "Sending RADIUS Interim for %s (%u)\n",
3023 session[s].user, session[s].unique_id);
3024
3025 radiussend(rad, RADIUSINTERIM);
3026 sess_local[s].last_interim = time_now;
3027 s_actions++;
3028 }
3029 }
3030
3031 LOG(4, 0, 0, "End regular cleanup: checked %d/%d/%d tunnels/radius/sessions; %d/%d/%d actions\n",
3032 t_slice, r_slice, s_slice, t_actions, r_actions, s_actions);
3033 }
3034
3035 //
3036 // Are we in the middle of a tunnel update, or radius
3037 // requests??
3038 //
3039 static int still_busy(void)
3040 {
3041 int i;
3042 static clockt last_talked = 0;
3043 static clockt start_busy_wait = 0;
3044
3045 if (!config->cluster_iam_master)
3046 {
3047 #ifdef BGP
3048 static time_t stopped_bgp = 0;
3049 if (bgp_configured)
3050 {
3051 if (!stopped_bgp)
3052 {
3053 LOG(1, 0, 0, "Shutting down in %d seconds, stopping BGP...\n", QUIT_DELAY);
3054
3055 for (i = 0; i < BGP_NUM_PEERS; i++)
3056 if (bgp_peers[i].state == Established)
3057 bgp_stop(&bgp_peers[i]);
3058
3059 stopped_bgp = time_now;
3060
3061 // we don't want to become master
3062 cluster_send_ping(0);
3063
3064 return 1;
3065 }
3066
3067 if (time_now < (stopped_bgp + QUIT_DELAY))
3068 return 1;
3069 }
3070 #endif /* BGP */
3071
3072 return 0;
3073 }
3074
3075 if (main_quit == QUIT_SHUTDOWN)
3076 {
3077 static int dropped = 0;
3078 if (!dropped)
3079 {
3080 int i;
3081
3082 LOG(1, 0, 0, "Dropping sessions and tunnels\n");
3083 for (i = 1; i < MAXTUNNEL; i++)
3084 if (tunnel[i].ip || tunnel[i].state)
3085 tunnelshutdown(i, "L2TPNS Closing", 6, 0, 0);
3086
3087 dropped = 1;
3088 }
3089 }
3090
3091 if (start_busy_wait == 0)
3092 start_busy_wait = TIME;
3093
3094 for (i = config->cluster_highest_tunnelid ; i > 0 ; --i)
3095 {
3096 if (!tunnel[i].controlc)
3097 continue;
3098
3099 if (last_talked != TIME)
3100 {
3101 LOG(2, 0, 0, "Tunnel %d still has un-acked control messages.\n", i);
3102 last_talked = TIME;
3103 }
3104 return 1;
3105 }
3106
3107 // We stop waiting for radius after BUSY_WAIT_TIME 1/10th seconds
3108 if (abs(TIME - start_busy_wait) > BUSY_WAIT_TIME)
3109 {
3110 LOG(1, 0, 0, "Giving up waiting for RADIUS to be empty. Shutting down anyway.\n");
3111 return 0;
3112 }
3113
3114 for (i = 1; i < MAXRADIUS; i++)
3115 {
3116 if (radius[i].state == RADIUSNULL)
3117 continue;
3118 if (radius[i].state == RADIUSWAIT)
3119 continue;
3120
3121 if (last_talked != TIME)
3122 {
3123 LOG(2, 0, 0, "Radius session %d is still busy (sid %d)\n", i, radius[i].session);
3124 last_talked = TIME;
3125 }
3126 return 1;
3127 }
3128
3129 return 0;
3130 }
3131
3132 #ifdef HAVE_EPOLL
3133 # include <sys/epoll.h>
3134 #else
3135 # define FAKE_EPOLL_IMPLEMENTATION /* include the functions */
3136 # include "fake_epoll.h"
3137 #endif
3138
3139 // the base set of fds polled: cli, cluster, tun, udp, control, dae
3140 #define BASE_FDS 6
3141
3142 // additional polled fds
3143 #ifdef BGP
3144 # define EXTRA_FDS BGP_NUM_PEERS
3145 #else
3146 # define EXTRA_FDS 0
3147 #endif
3148
3149 // main loop - gets packets on tun or udp and processes them
3150 static void mainloop(void)
3151 {
3152 int i;
3153 uint8_t buf[65536];
3154 clockt next_cluster_ping = 0; // send initial ping immediately
3155 struct epoll_event events[BASE_FDS + RADIUS_FDS + EXTRA_FDS];
3156 int maxevent = sizeof(events)/sizeof(*events);
3157
3158 if ((epollfd = epoll_create(maxevent)) < 0)
3159 {
3160 LOG(0, 0, 0, "epoll_create failed: %s\n", strerror(errno));
3161 exit(1);
3162 }
3163
3164 LOG(4, 0, 0, "Beginning of main loop. clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d\n",
3165 clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd);
3166
3167 /* setup our fds to poll for input */
3168 {
3169 static struct event_data d[BASE_FDS];
3170 struct epoll_event e;
3171
3172 e.events = EPOLLIN;
3173 i = 0;
3174
3175 d[i].type = FD_TYPE_CLI;
3176 e.data.ptr = &d[i++];
3177 epoll_ctl(epollfd, EPOLL_CTL_ADD, clifd, &e);
3178
3179 d[i].type = FD_TYPE_CLUSTER;
3180 e.data.ptr = &d[i++];
3181 epoll_ctl(epollfd, EPOLL_CTL_ADD, cluster_sockfd, &e);
3182
3183 d[i].type = FD_TYPE_TUN;
3184 e.data.ptr = &d[i++];
3185 epoll_ctl(epollfd, EPOLL_CTL_ADD, tunfd, &e);
3186
3187 d[i].type = FD_TYPE_UDP;
3188 e.data.ptr = &d[i++];
3189 epoll_ctl(epollfd, EPOLL_CTL_ADD, udpfd, &e);
3190
3191 d[i].type = FD_TYPE_CONTROL;
3192 e.data.ptr = &d[i++];
3193 epoll_ctl(epollfd, EPOLL_CTL_ADD, controlfd, &e);
3194
3195 d[i].type = FD_TYPE_DAE;
3196 e.data.ptr = &d[i++];
3197 epoll_ctl(epollfd, EPOLL_CTL_ADD, daefd, &e);
3198 }
3199
3200 #ifdef BGP
3201 signal(SIGPIPE, SIG_IGN);
3202 bgp_setup(config->as_number);
3203 if (config->bind_address)
3204 bgp_add_route(config->bind_address, 0xffffffff);
3205
3206 for (i = 0; i < BGP_NUM_PEERS; i++)
3207 {
3208 if (config->neighbour[i].name[0])
3209 bgp_start(&bgp_peers[i], config->neighbour[i].name,
3210 config->neighbour[i].as, config->neighbour[i].keepalive,
3211 config->neighbour[i].hold, 0); /* 0 = routing disabled */
3212 }
3213 #endif /* BGP */
3214
3215 while (!main_quit || still_busy())
3216 {
3217 int more = 0;
3218 int n;
3219
3220 if (config->reload_config)
3221 {
3222 // Update the config state based on config settings
3223 update_config();
3224 }
3225
3226 #ifdef BGP
3227 bgp_set_poll();
3228 #endif /* BGP */
3229
3230 n = epoll_wait(epollfd, events, maxevent, 100); // timeout 100ms (1/10th sec)
3231 STAT(select_called);
3232
3233 TIME = now(NULL);
3234 if (n < 0)
3235 {
3236 if (errno == EINTR ||
3237 errno == ECHILD) // EINTR was clobbered by sigchild_handler()
3238 continue;
3239
3240 LOG(0, 0, 0, "Error returned from select(): %s\n", strerror(errno));
3241 break; // exit
3242 }
3243
3244 if (n)
3245 {
3246 struct sockaddr_in addr;
3247 socklen_t alen;
3248 int c, s;
3249 int udp_ready = 0;
3250 int tun_ready = 0;
3251 int cluster_ready = 0;
3252 int udp_pkts = 0;
3253 int tun_pkts = 0;
3254 int cluster_pkts = 0;
3255 #ifdef BGP
3256 uint32_t bgp_events[BGP_NUM_PEERS];
3257 memset(bgp_events, 0, sizeof(bgp_events));
3258 #endif /* BGP */
3259
3260 for (c = n, i = 0; i < c; i++)
3261 {
3262 struct event_data *d = events[i].data.ptr;
3263 switch (d->type)
3264 {
3265 case FD_TYPE_CLI: // CLI connections
3266 {
3267 int cli;
3268
3269 alen = sizeof(addr);
3270 if ((cli = accept(clifd, (struct sockaddr *)&addr, &alen)) >= 0)
3271 {
3272 cli_do(cli);
3273 close(cli);
3274 }
3275 else
3276 LOG(0, 0, 0, "accept error: %s\n", strerror(errno));
3277
3278 n--;
3279 break;
3280 }
3281
3282 // these are handled below, with multiple interleaved reads
3283 case FD_TYPE_CLUSTER: cluster_ready++; break;
3284 case FD_TYPE_TUN: tun_ready++; break;
3285 case FD_TYPE_UDP: udp_ready++; break;
3286
3287 case FD_TYPE_CONTROL: // nsctl commands
3288 alen = sizeof(addr);
3289 processcontrol(buf, recvfrom(controlfd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen), &addr, alen);
3290 n--;
3291 break;
3292
3293 case FD_TYPE_DAE: // DAE requests
3294 alen = sizeof(addr);
3295 processdae(buf, recvfrom(daefd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen), &addr, alen);
3296 n--;
3297 break;
3298
3299 case FD_TYPE_RADIUS: // RADIUS response
3300 s = recv(radfds[d->index], buf, sizeof(buf), 0);
3301 if (s >= 0 && config->cluster_iam_master)
3302 processrad(buf, s, d->index);
3303
3304 n--;
3305 break;
3306
3307 #ifdef BGP
3308 case FD_TYPE_BGP:
3309 bgp_events[d->index] = events[i].events;
3310 n--;
3311 break;
3312 #endif /* BGP */
3313
3314 default:
3315 LOG(0, 0, 0, "Unexpected fd type returned from epoll_wait: %d\n", d->type);
3316 }
3317 }
3318
3319 #ifdef BGP
3320 bgp_process(bgp_events);
3321 #endif /* BGP */
3322
3323 for (c = 0; n && c < config->multi_read_count; c++)
3324 {
3325 // L2TP
3326 if (udp_ready)
3327 {
3328 alen = sizeof(addr);
3329 if ((s = recvfrom(udpfd, buf, sizeof(buf), 0, (void *) &addr, &alen)) > 0)
3330 {
3331 processudp(buf, s, &addr);
3332 udp_pkts++;
3333 }
3334 else
3335 {
3336 udp_ready = 0;
3337 n--;
3338 }
3339 }
3340
3341 // incoming IP
3342 if (tun_ready)
3343 {
3344 if ((s = read(tunfd, buf, sizeof(buf))) > 0)
3345 {
3346 processtun(buf, s);
3347 tun_pkts++;
3348 }
3349 else
3350 {
3351 tun_ready = 0;
3352 n--;
3353 }
3354 }
3355
3356 // cluster
3357 if (cluster_ready)
3358 {
3359 alen = sizeof(addr);
3360 if ((s = recvfrom(cluster_sockfd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen)) > 0)
3361 {
3362 processcluster(buf, s, addr.sin_addr.s_addr);
3363 cluster_pkts++;
3364 }
3365 else
3366 {
3367 cluster_ready = 0;
3368 n--;
3369 }
3370 }
3371 }
3372
3373 if (udp_pkts > 1 || tun_pkts > 1 || cluster_pkts > 1)
3374 STAT(multi_read_used);
3375
3376 if (c >= config->multi_read_count)
3377 {
3378 LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun and %d cluster packets\n",
3379 config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts);
3380
3381 STAT(multi_read_exceeded);
3382 more++;
3383 }
3384 }
3385
3386 // Runs on every machine (master and slaves).
3387 if (next_cluster_ping <= TIME)
3388 {
3389 // Check to see which of the cluster is still alive..
3390
3391 cluster_send_ping(basetime); // Only does anything if we're a slave
3392 cluster_check_master(); // ditto.
3393
3394 cluster_heartbeat(); // Only does anything if we're a master.
3395 cluster_check_slaves(); // ditto.
3396
3397 master_update_counts(); // If we're a slave, send our byte counters to our master.
3398
3399 if (config->cluster_iam_master && !config->cluster_iam_uptodate)
3400 next_cluster_ping = TIME + 1; // out-of-date slaves, do fast updates
3401 else
3402 next_cluster_ping = TIME + config->cluster_hb_interval;
3403 }
3404
3405 if (!config->cluster_iam_master)
3406 continue;
3407
3408 // Run token bucket filtering queue..
3409 // Only run it every 1/10th of a second.
3410 {
3411 static clockt last_run = 0;
3412 if (last_run != TIME)
3413 {
3414 last_run = TIME;
3415 tbf_run_timer();
3416 }
3417 }
3418
3419 // Handle timeouts, retries etc.
3420 {
3421 static double last_clean = 0;
3422 double this_clean;
3423 double diff;
3424
3425 TIME = now(&this_clean);
3426 diff = this_clean - last_clean;
3427
3428 // Run during idle time (after we've handled
3429 // all incoming packets) or every 1/10th sec
3430 if (!more || diff > 0.1)
3431 {
3432 regular_cleanups(diff);
3433 last_clean = this_clean;
3434 }
3435 }
3436
3437 if (*config->accounting_dir)
3438 {
3439 static clockt next_acct = 0;
3440 static clockt next_shut_acct = 0;
3441
3442 if (next_acct <= TIME)
3443 {
3444 // Dump accounting data
3445 next_acct = TIME + ACCT_TIME;
3446 next_shut_acct = TIME + ACCT_SHUT_TIME;
3447 dump_acct_info(1);
3448 }
3449 else if (next_shut_acct <= TIME)
3450 {
3451 // Dump accounting data for shutdown sessions
3452 next_shut_acct = TIME + ACCT_SHUT_TIME;
3453 if (shut_acct_n)
3454 dump_acct_info(0);
3455 }
3456 }
3457 }
3458
3459 // Are we the master and shutting down??
3460 if (config->cluster_iam_master)
3461 cluster_heartbeat(); // Flush any queued changes..
3462
3463 // Ok. Notify everyone we're shutting down. If we're
3464 // the master, this will force an election.
3465 cluster_send_ping(0);
3466
3467 //
3468 // Important!!! We MUST not process any packets past this point!
3469 LOG(1, 0, 0, "Shutdown complete\n");
3470 }
3471
3472 static void stripdomain(char *host)
3473 {
3474 char *p;
3475
3476 if ((p = strchr(host, '.')))
3477 {
3478 char *domain = 0;
3479 char _domain[1024];
3480
3481 // strip off domain
3482 FILE *resolv = fopen("/etc/resolv.conf", "r");
3483 if (resolv)
3484 {
3485 char buf[1024];
3486 char *b;
3487
3488 while (fgets(buf, sizeof(buf), resolv))
3489 {
3490 if (strncmp(buf, "domain", 6) && strncmp(buf, "search", 6))
3491 continue;
3492
3493 if (!isspace(buf[6]))
3494 continue;
3495
3496 b = buf + 7;
3497 while (isspace(*b)) b++;
3498
3499 if (*b)
3500 {
3501 char *d = b;
3502 while (*b && !isspace(*b)) b++;
3503 *b = 0;
3504 if (buf[0] == 'd') // domain is canonical
3505 {
3506 domain = d;
3507 break;
3508 }
3509
3510 // first search line
3511 if (!domain)
3512 {
3513 // hold, may be subsequent domain line
3514 strncpy(_domain, d, sizeof(_domain))[sizeof(_domain)-1] = 0;
3515 domain = _domain;
3516 }
3517 }
3518 }
3519
3520 fclose(resolv);
3521 }
3522
3523 if (domain)
3524 {
3525 int hl = strlen(host);
3526 int dl = strlen(domain);
3527 if (dl < hl && host[hl - dl - 1] == '.' && !strcmp(host + hl - dl, domain))
3528 host[hl -dl - 1] = 0;
3529 }
3530 else
3531 {
3532 *p = 0; // everything after first dot
3533 }
3534 }
3535 }
3536
3537 // Init data structures
3538 static void initdata(int optdebug, char *optconfig)
3539 {
3540 int i;
3541
3542 if (!(config = shared_malloc(sizeof(configt))))
3543 {
3544 fprintf(stderr, "Error doing malloc for configuration: %s\n", strerror(errno));
3545 exit(1);
3546 }
3547
3548 memset(config, 0, sizeof(configt));
3549 time(&config->start_time);
3550 strncpy(config->config_file, optconfig, strlen(optconfig));
3551 config->debug = optdebug;
3552 config->num_tbfs = MAXTBFS;
3553 config->rl_rate = 28; // 28kbps
3554 config->cluster_mcast_ttl = 1;
3555 config->cluster_master_min_adv = 1;
3556 config->ppp_restart_time = 3;
3557 config->ppp_max_configure = 10;
3558 config->ppp_max_failure = 5;
3559 strcpy(config->random_device, RANDOMDEVICE);
3560
3561 log_stream = stderr;
3562
3563 #ifdef RINGBUFFER
3564 if (!(ringbuffer = shared_malloc(sizeof(struct Tringbuffer))))
3565 {
3566 LOG(0, 0, 0, "Error doing malloc for ringbuffer: %s\n", strerror(errno));
3567 exit(1);
3568 }
3569 memset(ringbuffer, 0, sizeof(struct Tringbuffer));
3570 #endif
3571
3572 if (!(_statistics = shared_malloc(sizeof(struct Tstats))))
3573 {
3574 LOG(0, 0, 0, "Error doing malloc for _statistics: %s\n", strerror(errno));
3575 exit(1);
3576 }
3577 if (!(tunnel = shared_malloc(sizeof(tunnelt) * MAXTUNNEL)))
3578 {
3579 LOG(0, 0, 0, "Error doing malloc for tunnels: %s\n", strerror(errno));
3580 exit(1);
3581 }
3582 if (!(session = shared_malloc(sizeof(sessiont) * MAXSESSION)))
3583 {
3584 LOG(0, 0, 0, "Error doing malloc for sessions: %s\n", strerror(errno));
3585 exit(1);
3586 }
3587
3588 if (!(sess_local = shared_malloc(sizeof(sessionlocalt) * MAXSESSION)))
3589 {
3590 LOG(0, 0, 0, "Error doing malloc for sess_local: %s\n", strerror(errno));
3591 exit(1);
3592 }
3593
3594 if (!(radius = shared_malloc(sizeof(radiust) * MAXRADIUS)))
3595 {
3596 LOG(0, 0, 0, "Error doing malloc for radius: %s\n", strerror(errno));
3597 exit(1);
3598 }
3599
3600 if (!(ip_address_pool = shared_malloc(sizeof(ippoolt) * MAXIPPOOL)))
3601 {
3602 LOG(0, 0, 0, "Error doing malloc for ip_address_pool: %s\n", strerror(errno));
3603 exit(1);
3604 }
3605
3606 if (!(ip_filters = shared_malloc(sizeof(ip_filtert) * MAXFILTER)))
3607 {
3608 LOG(0, 0, 0, "Error doing malloc for ip_filters: %s\n", strerror(errno));
3609 exit(1);
3610 }
3611 memset(ip_filters, 0, sizeof(ip_filtert) * MAXFILTER);
3612
3613 if (!(cli_session_actions = shared_malloc(sizeof(struct cli_session_actions) * MAXSESSION)))
3614 {
3615 LOG(0, 0, 0, "Error doing malloc for cli session actions: %s\n", strerror(errno));
3616 exit(1);
3617 }
3618 memset(cli_session_actions, 0, sizeof(struct cli_session_actions) * MAXSESSION);
3619
3620 if (!(cli_tunnel_actions = shared_malloc(sizeof(struct cli_tunnel_actions) * MAXSESSION)))
3621 {
3622 LOG(0, 0, 0, "Error doing malloc for cli tunnel actions: %s\n", strerror(errno));
3623 exit(1);
3624 }
3625 memset(cli_tunnel_actions, 0, sizeof(struct cli_tunnel_actions) * MAXSESSION);
3626
3627 memset(tunnel, 0, sizeof(tunnelt) * MAXTUNNEL);
3628 memset(session, 0, sizeof(sessiont) * MAXSESSION);
3629 memset(radius, 0, sizeof(radiust) * MAXRADIUS);
3630 memset(ip_address_pool, 0, sizeof(ippoolt) * MAXIPPOOL);
3631
3632 // Put all the sessions on the free list marked as undefined.
3633 for (i = 1; i < MAXSESSION; i++)
3634 {
3635 session[i].next = i + 1;
3636 session[i].tunnel = T_UNDEF; // mark it as not filled in.
3637 }
3638 session[MAXSESSION - 1].next = 0;
3639 sessionfree = 1;
3640
3641 // Mark all the tunnels as undefined (waiting to be filled in by a download).
3642 for (i = 1; i < MAXTUNNEL; i++)
3643 tunnel[i].state = TUNNELUNDEF; // mark it as not filled in.
3644
3645 if (!*hostname)
3646 {
3647 // Grab my hostname unless it's been specified
3648 gethostname(hostname, sizeof(hostname));
3649 stripdomain(hostname);
3650 }
3651
3652 _statistics->start_time = _statistics->last_reset = time(NULL);
3653
3654 #ifdef BGP
3655 if (!(bgp_peers = shared_malloc(sizeof(struct bgp_peer) * BGP_NUM_PEERS)))
3656 {
3657 LOG(0, 0, 0, "Error doing malloc for bgp: %s\n", strerror(errno));
3658 exit(1);
3659 }
3660 #endif /* BGP */
3661 }
3662
3663 static int assign_ip_address(sessionidt s)
3664 {
3665 uint32_t i;
3666 int best = -1;
3667 time_t best_time = time_now;
3668 char *u = session[s].user;
3669 char reuse = 0;
3670
3671
3672 CSTAT(assign_ip_address);
3673
3674 for (i = 1; i < ip_pool_size; i++)
3675 {
3676 if (!ip_address_pool[i].address || ip_address_pool[i].assigned)
3677 continue;
3678
3679 if (!session[s].walled_garden && ip_address_pool[i].user[0] && !strcmp(u, ip_address_pool[i].user))
3680 {
3681 best = i;
3682 reuse = 1;
3683 break;
3684 }
3685
3686 if (ip_address_pool[i].last < best_time)
3687 {
3688 best = i;
3689 if (!(best_time = ip_address_pool[i].last))
3690 break; // never used, grab this one
3691 }
3692 }
3693
3694 if (best < 0)
3695 {
3696 LOG(0, s, session[s].tunnel, "assign_ip_address(): out of addresses\n");
3697 return 0;
3698 }
3699
3700 session[s].ip = ip_address_pool[best].address;
3701 session[s].ip_pool_index = best;
3702 ip_address_pool[best].assigned = 1;
3703 ip_address_pool[best].last = time_now;
3704 ip_address_pool[best].session = s;
3705 if (session[s].walled_garden)
3706 /* Don't track addresses of users in walled garden (note: this
3707 means that their address isn't "sticky" even if they get
3708 un-gardened). */
3709 ip_address_pool[best].user[0] = 0;
3710 else
3711 strncpy(ip_address_pool[best].user, u, sizeof(ip_address_pool[best].user) - 1);
3712
3713 STAT(ip_allocated);
3714 LOG(4, s, session[s].tunnel, "assign_ip_address(): %s ip address %d from pool\n",
3715 reuse ? "Reusing" : "Allocating", best);
3716
3717 return 1;
3718 }
3719
3720 static void free_ip_address(sessionidt s)
3721 {
3722 int i = session[s].ip_pool_index;
3723
3724
3725 CSTAT(free_ip_address);
3726
3727 if (!session[s].ip)
3728 return; // what the?
3729
3730 if (i < 0) // Is this actually part of the ip pool?
3731 i = 0;
3732
3733 STAT(ip_freed);
3734 cache_ipmap(session[s].ip, -i); // Change the mapping to point back to the ip pool index.
3735 session[s].ip = 0;
3736 ip_address_pool[i].assigned = 0;
3737 ip_address_pool[i].session = 0;
3738 ip_address_pool[i].last = time_now;
3739 }
3740
3741 //
3742 // Fsck the address pool against the session table.
3743 // Normally only called when we become a master.
3744 //
3745 // This isn't perfect: We aren't keep tracking of which
3746 // users used to have an IP address.
3747 //
3748 void rebuild_address_pool(void)
3749 {
3750 int i;
3751
3752 //
3753 // Zero the IP pool allocation, and build
3754 // a map from IP address to pool index.
3755 for (i = 1; i < MAXIPPOOL; ++i)
3756 {
3757 ip_address_pool[i].assigned = 0;
3758 ip_address_pool[i].session = 0;
3759 if (!ip_address_pool[i].address)
3760 continue;
3761
3762 cache_ipmap(ip_address_pool[i].address, -i); // Map pool IP to pool index.
3763 }
3764
3765 for (i = 0; i < MAXSESSION; ++i)
3766 {
3767 int ipid;
3768 if (!(session[i].opened && session[i].ip))
3769 continue;
3770
3771 ipid = - lookup_ipmap(htonl(session[i].ip));
3772
3773 if (session[i].ip_pool_index < 0)
3774 {
3775 // Not allocated out of the pool.
3776 if (ipid < 1) // Not found in the pool either? good.
3777 continue;
3778
3779 LOG(0, i, 0, "Session %d has an IP address (%s) that was marked static, but is in the pool (%d)!\n",
3780 i, fmtaddr(session[i].ip, 0), ipid);
3781
3782 // Fall through and process it as part of the pool.
3783 }
3784
3785
3786 if (ipid > MAXIPPOOL || ipid < 0)
3787 {
3788 LOG(0, i, 0, "Session %d has a pool IP that's not found in the pool! (%d)\n", i, ipid);
3789 ipid = -1;
3790 session[i].ip_pool_index = ipid;
3791 continue;
3792 }
3793
3794 ip_address_pool[ipid].assigned = 1;
3795 ip_address_pool[ipid].session = i;
3796 ip_address_pool[ipid].last = time_now;
3797 strncpy(ip_address_pool[ipid].user, session[i].user, sizeof(ip_address_pool[ipid].user) - 1);
3798 session[i].ip_pool_index = ipid;
3799 cache_ipmap(session[i].ip, i); // Fix the ip map.
3800 }
3801 }
3802
3803 //
3804 // Fix the address pool to match a changed session.
3805 // (usually when the master sends us an update).
3806 static void fix_address_pool(int sid)
3807 {
3808 int ipid;
3809
3810 ipid = session[sid].ip_pool_index;
3811
3812 if (ipid > ip_pool_size)
3813 return; // Ignore it. rebuild_address_pool will fix it up.
3814
3815 if (ip_address_pool[ipid].address != session[sid].ip)
3816 return; // Just ignore it. rebuild_address_pool will take care of it.
3817
3818 ip_address_pool[ipid].assigned = 1;
3819 ip_address_pool[ipid].session = sid;
3820 ip_address_pool[ipid].last = time_now;
3821 strncpy(ip_address_pool[ipid].user, session[sid].user, sizeof(ip_address_pool[ipid].user) - 1);
3822 }
3823
3824 //
3825 // Add a block of addresses to the IP pool to hand out.
3826 //
3827 static void add_to_ip_pool(in_addr_t addr, in_addr_t mask)
3828 {
3829 int i;
3830 if (mask == 0)
3831 mask = 0xffffffff; // Host route only.
3832
3833 addr &= mask;
3834
3835 if (ip_pool_size >= MAXIPPOOL) // Pool is full!
3836 return ;
3837
3838 for (i = addr ;(i & mask) == addr; ++i)
3839 {
3840 if ((i & 0xff) == 0 || (i&0xff) == 255)
3841 continue; // Skip 0 and broadcast addresses.
3842
3843 ip_address_pool[ip_pool_size].address = i;
3844 ip_address_pool[ip_pool_size].assigned = 0;
3845 ++ip_pool_size;
3846 if (ip_pool_size >= MAXIPPOOL)
3847 {
3848 LOG(0, 0, 0, "Overflowed IP pool adding %s\n", fmtaddr(htonl(addr), 0));
3849 return;
3850 }
3851 }
3852 }
3853
3854 // Initialize the IP address pool
3855 static void initippool()
3856 {
3857 FILE *f;
3858 char *p;
3859 char buf[4096];
3860 memset(ip_address_pool, 0, sizeof(ip_address_pool));
3861
3862 if (!(f = fopen(IPPOOLFILE, "r")))
3863 {
3864 LOG(0, 0, 0, "Can't load pool file " IPPOOLFILE ": %s\n", strerror(errno));
3865 exit(1);
3866 }
3867
3868 while (ip_pool_size < MAXIPPOOL && fgets(buf, 4096, f))
3869 {
3870 char *pool = buf;
3871 buf[4095] = 0; // Force it to be zero terminated/
3872
3873 if (*buf == '#' || *buf == '\n')
3874 continue; // Skip comments / blank lines
3875 if ((p = (char *)strrchr(buf, '\n'))) *p = 0;
3876 if ((p = (char *)strchr(buf, ':')))
3877 {
3878 in_addr_t src;
3879 *p = '\0';
3880 src = inet_addr(buf);
3881 if (src == INADDR_NONE)
3882 {
3883 LOG(0, 0, 0, "Invalid address pool IP %s\n", buf);
3884 exit(1);
3885 }
3886 // This entry is for a specific IP only
3887 if (src != config->bind_address)
3888 continue;
3889 *p = ':';
3890 pool = p+1;
3891 }
3892 if ((p = (char *)strchr(pool, '/')))
3893 {
3894 // It's a range
3895 int numbits = 0;
3896 in_addr_t start = 0, mask = 0;
3897
3898 LOG(2, 0, 0, "Adding IP address range %s\n", buf);
3899 *p++ = 0;
3900 if (!*p || !(numbits = atoi(p)))
3901 {
3902 LOG(0, 0, 0, "Invalid pool range %s\n", buf);
3903 continue;
3904 }
3905 start = ntohl(inet_addr(pool));
3906 mask = (in_addr_t) (pow(2, numbits) - 1) << (32 - numbits);
3907
3908 // Add a static route for this pool
3909 LOG(5, 0, 0, "Adding route for address pool %s/%u\n",
3910 fmtaddr(htonl(start), 0), 32 + mask);
3911
3912 routeset(0, start, mask, 0, 1);
3913
3914 add_to_ip_pool(start, mask);
3915 }
3916 else
3917 {
3918 // It's a single ip address
3919 add_to_ip_pool(inet_addr(pool), 0);
3920 }
3921 }
3922 fclose(f);
3923 LOG(1, 0, 0, "IP address pool is %d addresses\n", ip_pool_size - 1);
3924 }
3925
3926 void snoop_send_packet(uint8_t *packet, uint16_t size, in_addr_t destination, uint16_t port)
3927 {
3928 struct sockaddr_in snoop_addr = {0};
3929 if (!destination || !port || snoopfd <= 0 || size <= 0 || !packet)
3930 return;
3931
3932 snoop_addr.sin_family = AF_INET;
3933 snoop_addr.sin_addr.s_addr = destination;
3934 snoop_addr.sin_port = ntohs(port);
3935
3936 LOG(5, 0, 0, "Snooping %d byte packet to %s:%d\n", size,
3937 fmtaddr(snoop_addr.sin_addr.s_addr, 0),
3938 htons(snoop_addr.sin_port));
3939
3940 if (sendto(snoopfd, packet, size, MSG_DONTWAIT | MSG_NOSIGNAL, (void *) &snoop_addr, sizeof(snoop_addr)) < 0)
3941 LOG(0, 0, 0, "Error sending intercept packet: %s\n", strerror(errno));
3942
3943 STAT(packets_snooped);
3944 }
3945
3946 static int dump_session(FILE **f, sessiont *s)
3947 {
3948 if (!s->opened || !s->ip || !(s->cin_delta || s->cout_delta) || !*s->user || s->walled_garden)
3949 return 1;
3950
3951 if (!*f)
3952 {
3953 char filename[1024];
3954 char timestr[64];
3955 time_t now = time(NULL);
3956
3957 strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", localtime(&now));
3958 snprintf(filename, sizeof(filename), "%s/%s", config->accounting_dir, timestr);
3959
3960 if (!(*f = fopen(filename, "w")))
3961 {
3962 LOG(0, 0, 0, "Can't write accounting info to %s: %s\n", filename, strerror(errno));
3963 return 0;
3964 }
3965
3966 LOG(3, 0, 0, "Dumping accounting information to %s\n", filename);
3967 fprintf(*f, "# dslwatch.pl dump file V1.01\n"
3968 "# host: %s\n"
3969 "# endpoint: %s\n"
3970 "# time: %ld\n"
3971 "# uptime: %ld\n"
3972 "# format: username ip qos uptxoctets downrxoctets\n",
3973 hostname,
3974 fmtaddr(config->bind_address ? config->bind_address : my_address, 0),
3975 now,
3976 now - basetime);
3977 }
3978
3979 LOG(4, 0, 0, "Dumping accounting information for %s\n", s->user);
3980 fprintf(*f, "%s %s %d %u %u\n",
3981 s->user, // username
3982 fmtaddr(htonl(s->ip), 0), // ip
3983 (s->throttle_in || s->throttle_out) ? 2 : 1, // qos
3984 (uint32_t) s->cin_delta, // uptxoctets
3985 (uint32_t) s->cout_delta); // downrxoctets
3986
3987 s->cin_delta = s->cout_delta = 0;
3988
3989 return 1;
3990 }
3991
3992 static void dump_acct_info(int all)
3993 {
3994 int i;
3995 FILE *f = NULL;
3996
3997
3998 CSTAT(dump_acct_info);
3999
4000 if (shut_acct_n)
4001 {
4002 for (i = 0; i < shut_acct_n; i++)
4003 dump_session(&f, &shut_acct[i]);
4004
4005 shut_acct_n = 0;
4006 }
4007
4008 if (all)
4009 for (i = 1; i <= config->cluster_highest_sessionid; i++)
4010 dump_session(&f, &session[i]);
4011
4012 if (f)
4013 fclose(f);
4014 }
4015
4016 // Main program
4017 int main(int argc, char *argv[])
4018 {
4019 int i;
4020 int optdebug = 0;
4021 char *optconfig = CONFIGFILE;
4022
4023 time(&basetime); // start clock
4024
4025 // scan args
4026 while ((i = getopt(argc, argv, "dvc:h:")) >= 0)
4027 {
4028 switch (i)
4029 {
4030 case 'd':
4031 if (fork()) exit(0);
4032 setsid();
4033 freopen("/dev/null", "r", stdin);
4034 freopen("/dev/null", "w", stdout);
4035 freopen("/dev/null", "w", stderr);
4036 break;
4037 case 'v':
4038 optdebug++;
4039 break;
4040 case 'c':
4041 optconfig = optarg;
4042 break;
4043 case 'h':
4044 snprintf(hostname, sizeof(hostname), "%s", optarg);
4045 break;
4046 default:
4047 printf("Args are:\n"
4048 "\t-d\t\tDetach from terminal\n"
4049 "\t-c <file>\tConfig file\n"
4050 "\t-h <hostname>\tForce hostname\n"
4051 "\t-v\t\tDebug\n");
4052
4053 return (0);
4054 break;
4055 }
4056 }
4057
4058 // Start the timer routine off
4059 time(&time_now);
4060 strftime(time_now_string, sizeof(time_now_string), "%Y-%m-%d %H:%M:%S", localtime(&time_now));
4061 signal(SIGALRM, sigalrm_handler);
4062 siginterrupt(SIGALRM, 0);
4063
4064 initplugins();
4065 initdata(optdebug, optconfig);
4066
4067 init_cli(hostname);
4068 read_config_file();
4069 init_tbf(config->num_tbfs);
4070
4071 LOG(0, 0, 0, "L2TPNS version " VERSION "\n");
4072 LOG(0, 0, 0, "Copyright (c) 2003, 2004, 2005 Optus Internet Engineering\n");
4073 LOG(0, 0, 0, "Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced\n");
4074 {
4075 struct rlimit rlim;
4076 rlim.rlim_cur = RLIM_INFINITY;
4077 rlim.rlim_max = RLIM_INFINITY;
4078 // Remove the maximum core size
4079 if (setrlimit(RLIMIT_CORE, &rlim) < 0)
4080 LOG(0, 0, 0, "Can't set ulimit: %s\n", strerror(errno));
4081
4082 // Make core dumps go to /tmp
4083 chdir("/tmp");
4084 }
4085
4086 if (config->scheduler_fifo)
4087 {
4088 int ret;
4089 struct sched_param params = {0};
4090 params.sched_priority = 1;
4091
4092 if (get_nprocs() < 2)
4093 {
4094 LOG(0, 0, 0, "Not using FIFO scheduler, there is only 1 processor in the system.\n");
4095 config->scheduler_fifo = 0;
4096 }
4097 else
4098 {
4099 if ((ret = sched_setscheduler(0, SCHED_FIFO, &params)) == 0)
4100 {
4101 LOG(1, 0, 0, "Using FIFO scheduler. Say goodbye to any other processes running\n");
4102 }
4103 else
4104 {
4105 LOG(0, 0, 0, "Error setting scheduler to FIFO: %s\n", strerror(errno));
4106 config->scheduler_fifo = 0;
4107 }
4108 }
4109 }
4110
4111 /* Set up the cluster communications port. */
4112 if (cluster_init() < 0)
4113 exit(1);
4114
4115 inittun();
4116 LOG(1, 0, 0, "Set up on interface %s\n", config->tundevice);
4117
4118 initudp();
4119 initrad();
4120 initippool();
4121
4122 // seed prng
4123 {
4124 unsigned seed = time_now ^ getpid();
4125 LOG(4, 0, 0, "Seeding the pseudo random generator: %u\n", seed);
4126 srand(seed);
4127 }
4128
4129 signal(SIGHUP, sighup_handler);
4130 signal(SIGCHLD, sigchild_handler);
4131 signal(SIGTERM, shutdown_handler);
4132 signal(SIGINT, shutdown_handler);
4133 signal(SIGQUIT, shutdown_handler);
4134
4135 // Prevent us from getting paged out
4136 if (config->lock_pages)
4137 {
4138 if (!mlockall(MCL_CURRENT))
4139 LOG(1, 0, 0, "Locking pages into memory\n");
4140 else
4141 LOG(0, 0, 0, "Can't lock pages: %s\n", strerror(errno));
4142 }
4143
4144 alarm(1);
4145
4146 // Drop privileges here
4147 if (config->target_uid > 0 && geteuid() == 0)
4148 setuid(config->target_uid);
4149
4150 mainloop();
4151
4152 /* remove plugins (so cleanup code gets run) */
4153 plugins_done();
4154
4155 // Remove the PID file if we wrote it
4156 if (config->wrote_pid && *config->pid_file == '/')
4157 unlink(config->pid_file);
4158
4159 /* kill CLI children */
4160 signal(SIGTERM, SIG_IGN);
4161 kill(0, SIGTERM);
4162 return 0;
4163 }
4164
4165 static void sighup_handler(int sig)
4166 {
4167 if (log_stream)
4168 {
4169 if (log_stream != stderr)
4170 fclose(log_stream);
4171
4172 log_stream = NULL;
4173 }
4174
4175 read_config_file();
4176 }
4177
4178 static void sigalrm_handler(int sig)
4179 {
4180 // Log current traffic stats
4181
4182 snprintf(config->bandwidth, sizeof(config->bandwidth),
4183 "UDP-ETH:%1.0f/%1.0f ETH-UDP:%1.0f/%1.0f TOTAL:%0.1f IN:%u OUT:%u",
4184 (udp_rx / 1024.0 / 1024.0 * 8),
4185 (eth_tx / 1024.0 / 1024.0 * 8),
4186 (eth_rx / 1024.0 / 1024.0 * 8),
4187 (udp_tx / 1024.0 / 1024.0 * 8),
4188 ((udp_tx + udp_rx + eth_tx + eth_rx) / 1024.0 / 1024.0 * 8),
4189 udp_rx_pkt, eth_rx_pkt);
4190
4191 udp_tx = udp_rx = 0;
4192 udp_rx_pkt = eth_rx_pkt = 0;
4193 eth_tx = eth_rx = 0;
4194
4195 if (config->dump_speed)
4196 printf("%s\n", config->bandwidth);
4197
4198 // Update the internal time counter
4199 time(&time_now);
4200 strftime(time_now_string, sizeof(time_now_string), "%Y-%m-%d %H:%M:%S", localtime(&time_now));
4201 alarm(1);
4202
4203 {
4204 // Run timer hooks
4205 struct param_timer p = { time_now };
4206 run_plugins(PLUGIN_TIMER, &p);
4207 }
4208
4209 }
4210
4211 static void shutdown_handler(int sig)
4212 {
4213 LOG(1, 0, 0, "Shutting down\n");
4214 main_quit = (sig == SIGQUIT) ? QUIT_SHUTDOWN : QUIT_FAILOVER;
4215 }
4216
4217 static void sigchild_handler(int sig)
4218 {
4219 while (waitpid(-1, NULL, WNOHANG) > 0)
4220 ;
4221 }
4222
4223 static void build_chap_response(uint8_t *challenge, uint8_t id, uint16_t challenge_length, uint8_t **challenge_response)
4224 {
4225 MD5_CTX ctx;
4226 *challenge_response = NULL;
4227
4228 if (!*config->l2tp_secret)
4229 {
4230 LOG(0, 0, 0, "LNS requested CHAP authentication, but no l2tp secret is defined\n");
4231 return;
4232 }
4233
4234 LOG(4, 0, 0, " Building challenge response for CHAP request\n");
4235
4236 *challenge_response = calloc(17, 1);
4237
4238 MD5_Init(&ctx);
4239 MD5_Update(&ctx, &id, 1);
4240 MD5_Update(&ctx, config->l2tp_secret, strlen(config->l2tp_secret));
4241 MD5_Update(&ctx, challenge, challenge_length);
4242 MD5_Final(*challenge_response, &ctx);
4243
4244 return;
4245 }
4246
4247 static int facility_value(char *name)
4248 {
4249 int i;
4250 for (i = 0; facilitynames[i].c_name; i++)
4251 {
4252 if (strcmp(facilitynames[i].c_name, name) == 0)
4253 return facilitynames[i].c_val;
4254 }
4255 return 0;
4256 }
4257
4258 static void update_config()
4259 {
4260 int i;
4261 char *p;
4262 static int timeout = 0;
4263 static int interval = 0;
4264
4265 // Update logging
4266 closelog();
4267 syslog_log = 0;
4268 if (log_stream)
4269 {
4270 if (log_stream != stderr)
4271 fclose(log_stream);
4272
4273 log_stream = NULL;
4274 }
4275
4276 if (*config->log_filename)
4277 {
4278 if (strstr(config->log_filename, "syslog:") == config->log_filename)
4279 {
4280 char *p = config->log_filename + 7;
4281 if (*p)
4282 {
4283 openlog("l2tpns", LOG_PID, facility_value(p));
4284 syslog_log = 1;
4285 }
4286 }
4287 else if (strchr(config->log_filename, '/') == config->log_filename)
4288 {
4289 if ((log_stream = fopen((char *)(config->log_filename), "a")))
4290 {
4291 fseek(log_stream, 0, SEEK_END);
4292 setbuf(log_stream, NULL);
4293 }
4294 else
4295 {
4296 log_stream = stderr;
4297 setbuf(log_stream, NULL);
4298 }
4299 }
4300 }
4301 else
4302 {
4303 log_stream = stderr;
4304 setbuf(log_stream, NULL);
4305 }
4306
4307 #define L2TP_HDRS (20+8+6+4) // L2TP data encaptulation: ip + udp + l2tp (data) + ppp (inc hdlc)
4308 #define TCP_HDRS (20+20) // TCP encapsulation: ip + tcp
4309
4310 if (config->l2tp_mtu <= 0) config->l2tp_mtu = PPPMTU;
4311 else if (config->l2tp_mtu < MINMTU) config->l2tp_mtu = MINMTU;
4312 else if (config->l2tp_mtu > MAXMTU) config->l2tp_mtu = MAXMTU;
4313
4314 // reset MRU/MSS globals
4315 MRU = config->l2tp_mtu - L2TP_HDRS;
4316 MSS = MRU - TCP_HDRS;
4317
4318 // Update radius
4319 config->numradiusservers = 0;
4320 for (i = 0; i < MAXRADSERVER; i++)
4321 if (config->radiusserver[i])
4322 {
4323 config->numradiusservers++;
4324 // Set radius port: if not set, take the port from the
4325 // first radius server. For the first radius server,
4326 // take the #defined default value from l2tpns.h
4327
4328 // test twice, In case someone works with
4329 // a secondary radius server without defining
4330 // a primary one, this will work even then.
4331 if (i > 0 && !config->radiusport[i])
4332 config->radiusport[i] = config->radiusport[i-1];
4333 if (!config->radiusport[i])
4334 config->radiusport[i] = RADPORT;
4335 }
4336
4337 if (!config->numradiusservers)
4338 LOG(0, 0, 0, "No RADIUS servers defined!\n");
4339
4340 // parse radius_authtypes_s
4341 config->radius_authtypes = config->radius_authprefer = 0;
4342 p = config->radius_authtypes_s;
4343 while (p && *p)
4344 {
4345 char *s = strpbrk(p, " \t,");
4346 int type = 0;
4347
4348 if (s)
4349 {
4350 *s++ = 0;
4351 while (*s == ' ' || *s == '\t')
4352 s++;
4353
4354 if (!*s)
4355 s = 0;
4356 }
4357
4358 if (!strncasecmp("chap", p, strlen(p)))
4359 type = AUTHCHAP;
4360 else if (!strncasecmp("pap", p, strlen(p)))
4361 type = AUTHPAP;
4362 else
4363 LOG(0, 0, 0, "Invalid RADIUS authentication type \"%s\"\n", p);
4364
4365 config->radius_authtypes |= type;
4366 if (!config->radius_authprefer)
4367 config->radius_authprefer = type;
4368
4369 p = s;
4370 }
4371
4372 if (!config->radius_authtypes)
4373 {
4374 LOG(0, 0, 0, "Defaulting to PAP authentication\n");
4375 config->radius_authtypes = config->radius_authprefer = AUTHPAP;
4376 }
4377
4378 // normalise radius_authtypes_s
4379 if (config->radius_authprefer == AUTHPAP)
4380 {
4381 strcpy(config->radius_authtypes_s, "pap");
4382 if (config->radius_authtypes & AUTHCHAP)
4383 strcat(config->radius_authtypes_s, ", chap");
4384 }
4385 else
4386 {
4387 strcpy(config->radius_authtypes_s, "chap");
4388 if (config->radius_authtypes & AUTHPAP)
4389 strcat(config->radius_authtypes_s, ", pap");
4390 }
4391
4392 if (!config->radius_dae_port)
4393 config->radius_dae_port = DAEPORT;
4394
4395 // re-initialise the random number source
4396 initrandom(config->random_device);
4397
4398 // Update plugins
4399 for (i = 0; i < MAXPLUGINS; i++)
4400 {
4401 if (strcmp(config->plugins[i], config->old_plugins[i]) == 0)
4402 continue;
4403
4404 if (*config->plugins[i])
4405 {
4406 // Plugin added
4407 add_plugin(config->plugins[i]);
4408 }
4409 else if (*config->old_plugins[i])
4410 {
4411 // Plugin removed
4412 remove_plugin(config->old_plugins[i]);
4413 }
4414 }
4415
4416 memcpy(config->old_plugins, config->plugins, sizeof(config->plugins));
4417 if (!config->multi_read_count) config->multi_read_count = 10;
4418 if (!config->cluster_address) config->cluster_address = inet_addr(DEFAULT_MCAST_ADDR);
4419 if (!*config->cluster_interface)
4420 strncpy(config->cluster_interface, DEFAULT_MCAST_INTERFACE, sizeof(config->cluster_interface) - 1);
4421
4422 if (!config->cluster_hb_interval)
4423 config->cluster_hb_interval = PING_INTERVAL; // Heartbeat every 0.5 seconds.
4424
4425 if (!config->cluster_hb_timeout)
4426 config->cluster_hb_timeout = HB_TIMEOUT; // 10 missed heartbeat triggers an election.
4427
4428 if (interval != config->cluster_hb_interval || timeout != config->cluster_hb_timeout)
4429 {
4430 // Paranoia: cluster_check_master() treats 2 x interval + 1 sec as
4431 // late, ensure we're sufficiently larger than that
4432 int t = 4 * config->cluster_hb_interval + 11;
4433
4434 if (config->cluster_hb_timeout < t)
4435 {
4436 LOG(0, 0, 0, "Heartbeat timeout %d too low, adjusting to %d\n", config->cluster_hb_timeout, t);
4437 config->cluster_hb_timeout = t;
4438 }
4439
4440 // Push timing changes to the slaves immediately if we're the master
4441 if (config->cluster_iam_master)
4442 cluster_heartbeat();
4443
4444 interval = config->cluster_hb_interval;
4445 timeout = config->cluster_hb_timeout;
4446 }
4447
4448 // Write PID file
4449 if (*config->pid_file == '/' && !config->wrote_pid)
4450 {
4451 FILE *f;
4452 if ((f = fopen(config->pid_file, "w")))
4453 {
4454 fprintf(f, "%d\n", getpid());
4455 fclose(f);
4456 config->wrote_pid = 1;
4457 }
4458 else
4459 {
4460 LOG(0, 0, 0, "Can't write to PID file %s: %s\n", config->pid_file, strerror(errno));
4461 }
4462 }
4463
4464 config->reload_config = 0;
4465 }
4466
4467 static void read_config_file()
4468 {
4469 FILE *f;
4470
4471 if (!config->config_file) return;
4472 if (!(f = fopen(config->config_file, "r")))
4473 {
4474 fprintf(stderr, "Can't open config file %s: %s\n", config->config_file, strerror(errno));
4475 return;
4476 }
4477
4478 LOG(3, 0, 0, "Reading config file %s\n", config->config_file);
4479 cli_do_file(f);
4480 LOG(3, 0, 0, "Done reading config file\n");
4481 fclose(f);
4482 update_config();
4483 }
4484
4485 int sessionsetup(sessionidt s, tunnelidt t)
4486 {
4487 // A session now exists, set it up
4488 in_addr_t ip;
4489 char *user;
4490 sessionidt i;
4491 int r;
4492
4493 CSTAT(sessionsetup);
4494
4495 LOG(3, s, t, "Doing session setup for session\n");
4496
4497 if (!session[s].ip)
4498 {
4499 assign_ip_address(s);
4500 if (!session[s].ip)
4501 {
4502 LOG(0, s, t, " No IP allocated. The IP address pool is FULL!\n");
4503 sessionshutdown(s, "No IP addresses available.", 2, 7); // try another
4504 return 0;
4505 }
4506 LOG(3, s, t, " No IP allocated. Assigned %s from pool\n",
4507 fmtaddr(htonl(session[s].ip), 0));
4508 }
4509
4510
4511 // Make sure this is right
4512 session[s].tunnel = t;
4513
4514 // zap old sessions with same IP and/or username
4515 // Don't kill gardened sessions - doing so leads to a DoS
4516 // from someone who doesn't need to know the password
4517 {
4518 ip = session[s].ip;
4519 user = session[s].user;
4520 for (i = 1; i <= config->cluster_highest_sessionid; i++)
4521 {
4522 if (i == s) continue;
4523 if (!session[s].opened) continue;
4524 if (ip == session[i].ip)
4525 {
4526 sessionkill(i, "Duplicate IP address");
4527 continue;
4528 }
4529
4530 if (config->allow_duplicate_users) continue;
4531 if (session[s].walled_garden || session[i].walled_garden) continue;
4532 if (!strcasecmp(user, session[i].user))
4533 sessionkill(i, "Duplicate session for users");
4534 }
4535 }
4536
4537 {
4538 int routed = 0;
4539
4540 // Add the route for this session.
4541 for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
4542 {
4543 if ((session[s].ip & session[s].route[r].mask) ==
4544 (session[s].route[r].ip & session[s].route[r].mask))
4545 routed++;
4546
4547 routeset(s, session[s].route[r].ip, session[s].route[r].mask, 0, 1);
4548 }
4549
4550 // Static IPs need to be routed if not already
4551 // convered by a Framed-Route. Anything else is part
4552 // of the IP address pool and is already routed, it
4553 // just needs to be added to the IP cache.
4554 // IPv6 route setup is done in ppp.c, when IPV6CP is acked.
4555 if (session[s].ip_pool_index == -1) // static ip
4556 {
4557 if (!routed) routeset(s, session[s].ip, 0, 0, 1);
4558 }
4559 else
4560 cache_ipmap(session[s].ip, s);
4561 }
4562
4563 sess_local[s].lcp_authtype = 0; // RADIUS authentication complete
4564 lcp_open(s, t); // transition to Network phase and send initial IPCP
4565
4566 // Run the plugin's against this new session.
4567 {
4568 struct param_new_session data = { &tunnel[t], &session[s] };
4569 run_plugins(PLUGIN_NEW_SESSION, &data);
4570 }
4571
4572 // Allocate TBFs if throttled
4573 if (session[s].throttle_in || session[s].throttle_out)
4574 throttle_session(s, session[s].throttle_in, session[s].throttle_out);
4575
4576 session[s].last_packet = time_now;
4577
4578 LOG(2, s, t, "Login by %s at %s from %s (%s)\n", session[s].user,
4579 fmtaddr(htonl(session[s].ip), 0),
4580 fmtaddr(htonl(tunnel[t].ip), 1), tunnel[t].hostname);
4581
4582 cluster_send_session(s); // Mark it as dirty, and needing to the flooded to the cluster.
4583
4584 return 1; // RADIUS OK and IP allocated, done...
4585 }
4586
4587 //
4588 // This session just got dropped on us by the master or something.
4589 // Make sure our tables up up to date...
4590 //
4591 int load_session(sessionidt s, sessiont *new)
4592 {
4593 int i;
4594 int newip = 0;
4595
4596 // Sanity checks.
4597 if (new->ip_pool_index >= MAXIPPOOL ||
4598 new->tunnel >= MAXTUNNEL)
4599 {
4600 LOG(0, s, 0, "Strange session update received!\n");
4601 // FIXME! What to do here?
4602 return 0;
4603 }
4604
4605 //
4606 // Ok. All sanity checks passed. Now we're committed to
4607 // loading the new session.
4608 //
4609
4610 session[s].tunnel = new->tunnel; // For logging in cache_ipmap
4611
4612 // See if routes/ip cache need updating
4613 if (new->ip != session[s].ip)
4614 newip++;
4615
4616 for (i = 0; !newip && i < MAXROUTE && (session[s].route[i].ip || new->route[i].ip); i++)
4617 if (new->route[i].ip != session[s].route[i].ip ||
4618 new->route[i].mask != session[s].route[i].mask)
4619 newip++;
4620
4621 // needs update
4622 if (newip)
4623 {
4624 int routed = 0;
4625
4626 // remove old routes...
4627 for (i = 0; i < MAXROUTE && session[s].route[i].ip; i++)
4628 {
4629 if ((session[s].ip & session[s].route[i].mask) ==
4630 (session[s].route[i].ip & session[s].route[i].mask))
4631 routed++;
4632
4633 routeset(s, session[s].route[i].ip, session[s].route[i].mask, 0, 0);
4634 }
4635
4636 // ...ip
4637 if (session[s].ip)
4638 {
4639 if (session[s].ip_pool_index == -1) // static IP
4640 {
4641 if (!routed) routeset(s, session[s].ip, 0, 0, 0);
4642 }
4643 else // It's part of the IP pool, remove it manually.
4644 uncache_ipmap(session[s].ip);
4645 }
4646
4647 routed = 0;
4648
4649 // add new routes...
4650 for (i = 0; i < MAXROUTE && new->route[i].ip; i++)
4651 {
4652 if ((new->ip & new->route[i].mask) ==
4653 (new->route[i].ip & new->route[i].mask))
4654 routed++;
4655
4656 routeset(s, new->route[i].ip, new->route[i].mask, 0, 1);
4657 }
4658
4659 // ...ip
4660 if (new->ip)
4661 {
4662 // If there's a new one, add it.
4663 if (new->ip_pool_index == -1)
4664 {
4665 if (!routed) routeset(s, new->ip, 0, 0, 1);
4666 }
4667 else
4668 cache_ipmap(new->ip, s);
4669 }
4670 }
4671
4672 // check v6 routing
4673 if (new->ipv6prefixlen && new->ppp.ipv6cp == Opened && session[s].ppp.ipv6cp != Opened)
4674 route6set(s, new->ipv6route, new->ipv6prefixlen, 1);
4675
4676 // check filters
4677 if (new->filter_in && (new->filter_in > MAXFILTER || !ip_filters[new->filter_in - 1].name[0]))
4678 {
4679 LOG(2, s, session[s].tunnel, "Dropping invalid input filter %d\n", (int) new->filter_in);
4680 new->filter_in = 0;
4681 }
4682
4683 if (new->filter_out && (new->filter_out > MAXFILTER || !ip_filters[new->filter_out - 1].name[0]))
4684 {
4685 LOG(2, s, session[s].tunnel, "Dropping invalid output filter %d\n", (int) new->filter_out);
4686 new->filter_out = 0;
4687 }
4688
4689 if (new->filter_in != session[s].filter_in)
4690 {
4691 if (session[s].filter_in) ip_filters[session[s].filter_in - 1].used--;
4692 if (new->filter_in) ip_filters[new->filter_in - 1].used++;
4693 }
4694
4695 if (new->filter_out != session[s].filter_out)
4696 {
4697 if (session[s].filter_out) ip_filters[session[s].filter_out - 1].used--;
4698 if (new->filter_out) ip_filters[new->filter_out - 1].used++;
4699 }
4700
4701 if (new->tunnel && s > config->cluster_highest_sessionid) // Maintain this in the slave. It's used
4702 // for walking the sessions to forward byte counts to the master.
4703 config->cluster_highest_sessionid = s;
4704
4705 memcpy(&session[s], new, sizeof(session[s])); // Copy over..
4706
4707 // Do fixups into address pool.
4708 if (new->ip_pool_index != -1)
4709 fix_address_pool(s);
4710
4711 return 1;
4712 }
4713
4714 static void initplugins()
4715 {
4716 int i;
4717
4718 loaded_plugins = ll_init();
4719 // Initialize the plugins to nothing
4720 for (i = 0; i < MAX_PLUGIN_TYPES; i++)
4721 plugins[i] = ll_init();
4722 }
4723
4724 static void *open_plugin(char *plugin_name, int load)
4725 {
4726 char path[256] = "";
4727
4728 snprintf(path, 256, PLUGINDIR "/%s.so", plugin_name);
4729 LOG(2, 0, 0, "%soading plugin from %s\n", load ? "L" : "Un-l", path);
4730 return dlopen(path, RTLD_NOW);
4731 }
4732
4733 // plugin callback to get a config value
4734 static void *getconfig(char *key, enum config_typet type)
4735 {
4736 int i;
4737
4738 for (i = 0; config_values[i].key; i++)
4739 {
4740 if (!strcmp(config_values[i].key, key))
4741 {
4742 if (config_values[i].type == type)
4743 return ((void *) config) + config_values[i].offset;
4744
4745 LOG(1, 0, 0, "plugin requested config item \"%s\" expecting type %d, have type %d\n",
4746 key, type, config_values[i].type);
4747
4748 return 0;
4749 }
4750 }
4751
4752 LOG(1, 0, 0, "plugin requested unknown config item \"%s\"\n", key);
4753 return 0;
4754 }
4755
4756 static int add_plugin(char *plugin_name)
4757 {
4758 static struct pluginfuncs funcs = {
4759 _log,
4760 _log_hex,
4761 fmtaddr,
4762 sessionbyuser,
4763 sessiontbysessionidt,
4764 sessionidtbysessiont,
4765 radiusnew,
4766 radiussend,
4767 getconfig,
4768 sessionshutdown,
4769 sessionkill,
4770 throttle_session,
4771 cluster_send_session,
4772 };
4773
4774 void *p = open_plugin(plugin_name, 1);
4775 int (*initfunc)(struct pluginfuncs *);
4776 int i;
4777
4778 if (!p)
4779 {
4780 LOG(1, 0, 0, " Plugin load failed: %s\n", dlerror());
4781 return -1;
4782 }
4783
4784 if (ll_contains(loaded_plugins, p))
4785 {
4786 dlclose(p);
4787 return 0; // already loaded
4788 }
4789
4790 {
4791 int *v = dlsym(p, "plugin_api_version");
4792 if (!v || *v != PLUGIN_API_VERSION)
4793 {
4794 LOG(1, 0, 0, " Plugin load failed: API version mismatch: %s\n", dlerror());
4795 dlclose(p);
4796 return -1;
4797 }
4798 }
4799
4800 if ((initfunc = dlsym(p, "plugin_init")))
4801 {
4802 if (!initfunc(&funcs))
4803 {
4804 LOG(1, 0, 0, " Plugin load failed: plugin_init() returned FALSE: %s\n", dlerror());
4805 dlclose(p);
4806 return -1;
4807 }
4808 }
4809
4810 ll_push(loaded_plugins, p);
4811
4812 for (i = 0; i < max_plugin_functions; i++)
4813 {
4814 void *x;
4815 if (plugin_functions[i] && (x = dlsym(p, plugin_functions[i])))
4816 {
4817 LOG(3, 0, 0, " Supports function \"%s\"\n", plugin_functions[i]);
4818 ll_push(plugins[i], x);
4819 }
4820 }
4821
4822 LOG(2, 0, 0, " Loaded plugin %s\n", plugin_name);
4823 return 1;
4824 }
4825
4826 static void run_plugin_done(void *plugin)
4827 {
4828 int (*donefunc)(void) = dlsym(plugin, "plugin_done");
4829
4830 if (donefunc)
4831 donefunc();
4832 }
4833
4834 static int remove_plugin(char *plugin_name)
4835 {
4836 void *p = open_plugin(plugin_name, 0);
4837 int loaded = 0;
4838
4839 if (!p)
4840 return -1;
4841
4842 if (ll_contains(loaded_plugins, p))
4843 {
4844 int i;
4845 for (i = 0; i < max_plugin_functions; i++)
4846 {
4847 void *x;
4848 if (plugin_functions[i] && (x = dlsym(p, plugin_functions[i])))
4849 ll_delete(plugins[i], x);
4850 }
4851
4852 ll_delete(loaded_plugins, p);
4853 run_plugin_done(p);
4854 loaded = 1;
4855 }
4856
4857 dlclose(p);
4858 LOG(2, 0, 0, "Removed plugin %s\n", plugin_name);
4859 return loaded;
4860 }
4861
4862 int run_plugins(int plugin_type, void *data)
4863 {
4864 int (*func)(void *data);
4865
4866 if (!plugins[plugin_type] || plugin_type > max_plugin_functions)
4867 return PLUGIN_RET_ERROR;
4868
4869 ll_reset(plugins[plugin_type]);
4870 while ((func = ll_next(plugins[plugin_type])))
4871 {
4872 int r = func(data);
4873
4874 if (r != PLUGIN_RET_OK)
4875 return r; // stop here
4876 }
4877
4878 return PLUGIN_RET_OK;
4879 }
4880
4881 static void plugins_done()
4882 {
4883 void *p;
4884
4885 ll_reset(loaded_plugins);
4886 while ((p = ll_next(loaded_plugins)))
4887 run_plugin_done(p);
4888 }
4889
4890 static void processcontrol(uint8_t *buf, int len, struct sockaddr_in *addr, int alen)
4891 {
4892 struct nsctl request;
4893 struct nsctl response;
4894 int type = unpack_control(&request, buf, len);
4895 int r;
4896 void *p;
4897
4898 if (log_stream && config->debug >= 4)
4899 {
4900 if (type < 0)
4901 {
4902 LOG(4, 0, 0, "Bogus control message from %s (%d)\n",
4903 fmtaddr(addr->sin_addr.s_addr, 0), type);
4904 }
4905 else
4906 {
4907 LOG(4, 0, 0, "Received [%s] ", fmtaddr(addr->sin_addr.s_addr, 0));
4908 dump_control(&request, log_stream);
4909 }
4910 }
4911
4912 switch (type)
4913 {
4914 case NSCTL_REQ_LOAD:
4915 if (request.argc != 1)
4916 {
4917 response.type = NSCTL_RES_ERR;
4918 response.argc = 1;
4919 response.argv[0] = "name of plugin required";
4920 }
4921 else if ((r = add_plugin(request.argv[0])) < 1)
4922 {
4923 response.type = NSCTL_RES_ERR;
4924 response.argc = 1;
4925 response.argv[0] = !r
4926 ? "plugin already loaded"
4927 : "error loading plugin";
4928 }
4929 else
4930 {
4931 response.type = NSCTL_RES_OK;
4932 response.argc = 0;
4933 }
4934
4935 break;
4936
4937 case NSCTL_REQ_UNLOAD:
4938 if (request.argc != 1)
4939 {
4940 response.type = NSCTL_RES_ERR;
4941 response.argc = 1;
4942 response.argv[0] = "name of plugin required";
4943 }
4944 else if ((r = remove_plugin(request.argv[0])) < 1)
4945 {
4946 response.type = NSCTL_RES_ERR;
4947 response.argc = 1;
4948 response.argv[0] = !r
4949 ? "plugin not loaded"
4950 : "plugin not found";
4951 }
4952 else
4953 {
4954 response.type = NSCTL_RES_OK;
4955 response.argc = 0;
4956 }
4957
4958 break;
4959
4960 case NSCTL_REQ_HELP:
4961 response.type = NSCTL_RES_OK;
4962 response.argc = 0;
4963
4964 ll_reset(loaded_plugins);
4965 while ((p = ll_next(loaded_plugins)))
4966 {
4967 char **help = dlsym(p, "plugin_control_help");
4968 while (response.argc < 0xff && help && *help)
4969 response.argv[response.argc++] = *help++;
4970 }
4971
4972 break;
4973
4974 case NSCTL_REQ_CONTROL:
4975 {
4976 struct param_control param = {
4977 config->cluster_iam_master,
4978 request.argc,
4979 request.argv,
4980 0,
4981 NULL,
4982 };
4983
4984 int r = run_plugins(PLUGIN_CONTROL, &param);
4985
4986 if (r == PLUGIN_RET_ERROR)
4987 {
4988 response.type = NSCTL_RES_ERR;
4989 response.argc = 1;
4990 response.argv[0] = param.additional
4991 ? param.additional
4992 : "error returned by plugin";
4993 }
4994 else if (r == PLUGIN_RET_NOTMASTER)
4995 {
4996 static char msg[] = "must be run on master: 000.000.000.000";
4997
4998 response.type = NSCTL_RES_ERR;
4999 response.argc = 1;
5000 if (config->cluster_master_address)
5001 {
5002 strcpy(msg + 23, fmtaddr(config->cluster_master_address, 0));
5003 response.argv[0] = msg;
5004 }
5005 else
5006 {
5007 response.argv[0] = "must be run on master: none elected";
5008 }
5009 }
5010 else if (!(param.response & NSCTL_RESPONSE))
5011 {
5012 response.type = NSCTL_RES_ERR;
5013 response.argc = 1;
5014 response.argv[0] = param.response
5015 ? "unrecognised response value from plugin"
5016 : "unhandled action";
5017 }
5018 else
5019 {
5020 response.type = param.response;
5021 response.argc = 0;
5022 if (param.additional)
5023 {
5024 response.argc = 1;
5025 response.argv[0] = param.additional;
5026 }
5027 }
5028 }
5029
5030 break;
5031
5032 default:
5033 response.type = NSCTL_RES_ERR;
5034 response.argc = 1;
5035 response.argv[0] = "error unpacking control packet";
5036 }
5037
5038 buf = calloc(NSCTL_MAX_PKT_SZ, 1);
5039 if (!buf)
5040 {
5041 LOG(2, 0, 0, "Failed to allocate nsctl response\n");
5042 return;
5043 }
5044
5045 r = pack_control(buf, NSCTL_MAX_PKT_SZ, response.type, response.argc, response.argv);
5046 if (r > 0)
5047 {
5048 sendto(controlfd, buf, r, 0, (const struct sockaddr *) addr, alen);
5049 if (log_stream && config->debug >= 4)
5050 {
5051 LOG(4, 0, 0, "Sent [%s] ", fmtaddr(addr->sin_addr.s_addr, 0));
5052 dump_control(&response, log_stream);
5053 }
5054 }
5055 else
5056 LOG(2, 0, 0, "Failed to pack nsctl response for %s (%d)\n",
5057 fmtaddr(addr->sin_addr.s_addr, 0), r);
5058
5059 free(buf);
5060 }
5061
5062 static tunnelidt new_tunnel()
5063 {
5064 tunnelidt i;
5065 for (i = 1; i < MAXTUNNEL; i++)
5066 {
5067 if (tunnel[i].state == TUNNELFREE)
5068 {
5069 LOG(4, 0, i, "Assigning tunnel ID %d\n", i);
5070 if (i > config->cluster_highest_tunnelid)
5071 config->cluster_highest_tunnelid = i;
5072 return i;
5073 }
5074 }
5075 LOG(0, 0, 0, "Can't find a free tunnel! There shouldn't be this many in use!\n");
5076 return 0;
5077 }
5078
5079 //
5080 // We're becoming the master. Do any required setup..
5081 //
5082 // This is principally telling all the plugins that we're
5083 // now a master, and telling them about all the sessions
5084 // that are active too..
5085 //
5086 void become_master(void)
5087 {
5088 int s, i;
5089 static struct event_data d[RADIUS_FDS];
5090 struct epoll_event e;
5091
5092 run_plugins(PLUGIN_BECOME_MASTER, NULL);
5093
5094 // running a bunch of iptables commands is slow and can cause
5095 // the master to drop tunnels on takeover--kludge around the
5096 // problem by forking for the moment (note: race)
5097 if (!fork_and_close())
5098 {
5099 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
5100 {
5101 if (!session[s].opened) // Not an in-use session.
5102 continue;
5103
5104 run_plugins(PLUGIN_NEW_SESSION_MASTER, &session[s]);
5105 }
5106 exit(0);
5107 }
5108
5109 // add radius fds
5110 e.events = EPOLLIN;
5111 for (i = 0; i < RADIUS_FDS; i++)
5112 {
5113 d[i].type = FD_TYPE_RADIUS;
5114 d[i].index = i;
5115 e.data.ptr = &d[i];
5116
5117 epoll_ctl(epollfd, EPOLL_CTL_ADD, radfds[i], &e);
5118 }
5119 }
5120
5121 int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc)
5122 {
5123 int s, i;
5124 int count = 0;
5125 int buckets[64];
5126
5127 if (CLI_HELP_REQUESTED)
5128 return CLI_HELP_NO_ARGS;
5129
5130 time(&time_now);
5131 for (i = 0; i < 64;++i) buckets[i] = 0;
5132
5133 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
5134 {
5135 int idle;
5136 if (!session[s].opened)
5137 continue;
5138
5139 idle = time_now - session[s].last_packet;
5140 idle /= 5 ; // In multiples of 5 seconds.
5141 if (idle < 0)
5142 idle = 0;
5143 if (idle > 63)
5144 idle = 63;
5145
5146 ++count;
5147 ++buckets[idle];
5148 }
5149
5150 for (i = 0; i < 63; ++i)
5151 {
5152 cli_print(cli, "%3d seconds : %7.2f%% (%6d)", i * 5, (double) buckets[i] * 100.0 / count , buckets[i]);
5153 }
5154 cli_print(cli, "lots of secs : %7.2f%% (%6d)", (double) buckets[63] * 100.0 / count , buckets[i]);
5155 cli_print(cli, "%d total sessions open.", count);
5156 return CLI_OK;
5157 }
5158
5159 int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc)
5160 {
5161 int s, i;
5162 int count = 0;
5163 int buckets[64];
5164
5165 if (CLI_HELP_REQUESTED)
5166 return CLI_HELP_NO_ARGS;
5167
5168 time(&time_now);
5169 for (i = 0; i < 64;++i) buckets[i] = 0;
5170
5171 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
5172 {
5173 int open = 0, d;
5174 if (!session[s].opened)
5175 continue;
5176
5177 d = time_now - session[s].opened;
5178 if (d < 0)
5179 d = 0;
5180 while (d > 1 && open < 32)
5181 {
5182 ++open;
5183 d >>= 1; // half.
5184 }
5185 ++count;
5186 ++buckets[open];
5187 }
5188
5189 s = 1;
5190 for (i = 0; i < 30; ++i)
5191 {
5192 cli_print(cli, " < %8d seconds : %7.2f%% (%6d)", s, (double) buckets[i] * 100.0 / count , buckets[i]);
5193 s <<= 1;
5194 }
5195 cli_print(cli, "%d total sessions open.", count);
5196 return CLI_OK;
5197 }
5198
5199 /* Unhide an avp.
5200 *
5201 * This unencodes the AVP using the L2TP secret and the previously
5202 * stored random vector. It overwrites the hidden data with the
5203 * unhidden AVP subformat.
5204 */
5205 static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len)
5206 {
5207 MD5_CTX ctx;
5208 uint8_t digest[16];
5209 uint8_t *last;
5210 size_t d = 0;
5211 uint16_t m = htons(type);
5212
5213 // Compute initial pad
5214 MD5_Init(&ctx);
5215 MD5_Update(&ctx, (unsigned char *) &m, 2);
5216 MD5_Update(&ctx, config->l2tp_secret, strlen(config->l2tp_secret));
5217 MD5_Update(&ctx, vector, vec_len);
5218 MD5_Final(digest, &ctx);
5219
5220 // pointer to last decoded 16 octets
5221 last = value;
5222
5223 while (len > 0)
5224 {
5225 // calculate a new pad based on the last decoded block
5226 if (d >= sizeof(digest))
5227 {
5228 MD5_Init(&ctx);
5229 MD5_Update(&ctx, config->l2tp_secret, strlen(config->l2tp_secret));
5230 MD5_Update(&ctx, last, sizeof(digest));
5231 MD5_Final(digest, &ctx);
5232
5233 d = 0;
5234 last = value;
5235 }
5236
5237 *value++ ^= digest[d++];
5238 len--;
5239 }
5240 }
5241
5242 int find_filter(char const *name, size_t len)
5243 {
5244 int free = -1;
5245 int i;
5246
5247 for (i = 0; i < MAXFILTER; i++)
5248 {
5249 if (!*ip_filters[i].name)
5250 {
5251 if (free < 0)
5252 free = i;
5253
5254 continue;
5255 }
5256
5257 if (strlen(ip_filters[i].name) != len)
5258 continue;
5259
5260 if (!strncmp(ip_filters[i].name, name, len))
5261 return i;
5262 }
5263
5264 return free;
5265 }
5266
5267 static int ip_filter_port(ip_filter_portt *p, uint16_t port)
5268 {
5269 switch (p->op)
5270 {
5271 case FILTER_PORT_OP_EQ: return port == p->port;
5272 case FILTER_PORT_OP_NEQ: return port != p->port;
5273 case FILTER_PORT_OP_GT: return port > p->port;
5274 case FILTER_PORT_OP_LT: return port < p->port;
5275 case FILTER_PORT_OP_RANGE: return port >= p->port && port <= p->port2;
5276 }
5277
5278 return 0;
5279 }
5280
5281 static int ip_filter_flag(uint8_t op, uint8_t sflags, uint8_t cflags, uint8_t flags)
5282 {
5283 switch (op)
5284 {
5285 case FILTER_FLAG_OP_ANY:
5286 return (flags & sflags) || (~flags & cflags);
5287
5288 case FILTER_FLAG_OP_ALL:
5289 return (flags & sflags) == sflags && (~flags & cflags) == cflags;
5290
5291 case FILTER_FLAG_OP_EST:
5292 return (flags & (TCP_FLAG_ACK|TCP_FLAG_RST)) && (~flags & TCP_FLAG_SYN);
5293 }
5294
5295 return 0;
5296 }
5297
5298 int ip_filter(uint8_t *buf, int len, uint8_t filter)
5299 {
5300 uint16_t frag_offset;
5301 uint8_t proto;
5302 in_addr_t src_ip;
5303 in_addr_t dst_ip;
5304 uint16_t src_port = 0;
5305 uint16_t dst_port = 0;
5306 uint8_t flags = 0;
5307 ip_filter_rulet *rule;
5308
5309 if (len < 20) // up to end of destination address
5310 return 0;
5311
5312 if ((*buf >> 4) != 4) // IPv4
5313 return 0;
5314
5315 frag_offset = ntohs(*(uint16_t *) (buf + 6)) & 0x1fff;
5316 proto = buf[9];
5317 src_ip = *(in_addr_t *) (buf + 12);
5318 dst_ip = *(in_addr_t *) (buf + 16);
5319
5320 if (frag_offset == 0 && (proto == IPPROTO_TCP || proto == IPPROTO_UDP))
5321 {
5322 int l = (buf[0] & 0xf) * 4; // length of IP header
5323 if (len < l + 4) // ports
5324 return 0;
5325
5326 src_port = ntohs(*(uint16_t *) (buf + l));
5327 dst_port = ntohs(*(uint16_t *) (buf + l + 2));
5328 if (proto == IPPROTO_TCP)
5329 {
5330 if (len < l + 14) // flags
5331 return 0;
5332
5333 flags = buf[l + 13] & 0x3f;
5334 }
5335 }
5336
5337 for (rule = ip_filters[filter].rules; rule->action; rule++)
5338 {
5339 if (rule->proto != IPPROTO_IP && proto != rule->proto)
5340 continue;
5341
5342 if (rule->src_wild != INADDR_BROADCAST &&
5343 (src_ip & ~rule->src_wild) != (rule->src_ip & ~rule->src_wild))
5344 continue;
5345
5346 if (rule->dst_wild != INADDR_BROADCAST &&
5347 (dst_ip & ~rule->dst_wild) != (rule->dst_ip & ~rule->dst_wild))
5348 continue;
5349
5350 if (frag_offset)
5351 {
5352 if (!rule->frag || rule->action == FILTER_ACTION_DENY)
5353 continue;
5354 }
5355 else
5356 {
5357 if (rule->frag)
5358 continue;
5359
5360 if (proto == IPPROTO_TCP || proto == IPPROTO_UDP)
5361 {
5362 if (rule->src_ports.op && !ip_filter_port(&rule->src_ports, src_port))
5363 continue;
5364
5365 if (rule->dst_ports.op && !ip_filter_port(&rule->dst_ports, dst_port))
5366 continue;
5367
5368 if (proto == IPPROTO_TCP && rule->tcp_flag_op &&
5369 !ip_filter_flag(rule->tcp_flag_op, rule->tcp_sflags, rule->tcp_cflags, flags))
5370 continue;
5371 }
5372 }
5373
5374 // matched
5375 rule->counter++;
5376 return rule->action == FILTER_ACTION_PERMIT;
5377 }
5378
5379 // default deny
5380 return 0;
5381 }