projects / l2tpns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
correct addition of single IP to pool
[l2tpns.git] / l2tpns.c
1 // L2TP Network Server
2 // Adrian Kennard 2002
3 // Copyright (c) 2003, 2004, 2005 Optus Internet Engineering
4 // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
5 // vim: sw=8 ts=8
6
7 char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.155 2006/01/19 20:55:03 bodea Exp $";
8
9 #include <arpa/inet.h>
10 #include <assert.h>
11 #include <errno.h>
12 #include <fcntl.h>
13 #include <linux/if_tun.h>
14 #define SYSLOG_NAMES
15 #include <syslog.h>
16 #include <malloc.h>
17 #include <math.h>
18 #include <net/route.h>
19 #include <sys/mman.h>
20 #include <netdb.h>
21 #include <netinet/in.h>
22 #include <netinet/ip6.h>
23 #include <stdarg.h>
24 #include <stdlib.h>
25 #include <stdio.h>
26 #include <string.h>
27 #include <ctype.h>
28 #include <sys/ioctl.h>
29 #include <sys/socket.h>
30 #include <sys/stat.h>
31 #include <sys/time.h>
32 #include <sys/resource.h>
33 #include <sys/wait.h>
34 #include <linux/if.h>
35 #include <stddef.h>
36 #include <time.h>
37 #include <dlfcn.h>
38 #include <unistd.h>
39 #include <sched.h>
40 #include <sys/sysinfo.h>
41 #include <libcli.h>
42
43 #include "md5.h"
44 #include "l2tpns.h"
45 #include "cluster.h"
46 #include "plugin.h"
47 #include "ll.h"
48 #include "constants.h"
49 #include "control.h"
50 #include "util.h"
51 #include "tbf.h"
52
53 #ifdef BGP
54 #include "bgp.h"
55 #endif
56
57 // Globals
58 configt *config = NULL; // all configuration
59 int tunfd = -1; // tun interface file handle. (network device)
60 int udpfd = -1; // UDP file handle
61 int controlfd = -1; // Control signal handle
62 int clifd = -1; // Socket listening for CLI connections.
63 int daefd = -1; // Socket listening for DAE connections.
64 int snoopfd = -1; // UDP file handle for sending out intercept data
65 int *radfds = NULL; // RADIUS requests file handles
66 int ifrfd = -1; // File descriptor for routing, etc
67 int ifr6fd = -1; // File descriptor for IPv6 routing, etc
68 int rand_fd = -1; // Random data source
69 int cluster_sockfd = -1; // Intra-cluster communications socket.
70 int epollfd = -1; // event polling
71 time_t basetime = 0; // base clock
72 char hostname[1000] = ""; // us.
73 static int tunidx; // ifr_ifindex of tun device
74 static int syslog_log = 0; // are we logging to syslog
75 static FILE *log_stream = 0; // file handle for direct logging (i.e. direct into file, not via syslog).
76 uint32_t last_id = 0; // Unique ID for radius accounting
77
78 // calculated from config->l2tp_mtu
79 uint16_t MRU = 0; // PPP MRU
80 uint16_t MSS = 0; // TCP MSS
81
82 struct cli_session_actions *cli_session_actions = NULL; // Pending session changes requested by CLI
83 struct cli_tunnel_actions *cli_tunnel_actions = NULL; // Pending tunnel changes required by CLI
84
85 static void *ip_hash[256]; // Mapping from IP address to session structures.
86 struct ipv6radix {
87 int sess;
88 struct ipv6radix *branch;
89 } ipv6_hash[256]; // Mapping from IPv6 address to session structures.
90
91 // Traffic counters.
92 static uint32_t udp_rx = 0, udp_rx_pkt = 0, udp_tx = 0;
93 static uint32_t eth_rx = 0, eth_rx_pkt = 0;
94 uint32_t eth_tx = 0;
95
96 static uint32_t ip_pool_size = 1; // Size of the pool of addresses used for dynamic address allocation.
97 time_t time_now = 0; // Current time in seconds since epoch.
98 static char time_now_string[64] = {0}; // Current time as a string.
99 static int time_changed = 0; // time_now changed
100 char main_quit = 0; // True if we're in the process of exiting.
101 static char main_reload = 0; // Re-load pending
102 linked_list *loaded_plugins;
103 linked_list *plugins[MAX_PLUGIN_TYPES];
104
105 #define membersize(STRUCT, MEMBER) sizeof(((STRUCT *)0)->MEMBER)
106 #define CONFIG(NAME, MEMBER, TYPE) { NAME, offsetof(configt, MEMBER), membersize(configt, MEMBER), TYPE }
107
108 config_descriptt config_values[] = {
109 CONFIG("debug", debug, INT),
110 CONFIG("log_file", log_filename, STRING),
111 CONFIG("pid_file", pid_file, STRING),
112 CONFIG("random_device", random_device, STRING),
113 CONFIG("l2tp_secret", l2tp_secret, STRING),
114 CONFIG("l2tp_mtu", l2tp_mtu, INT),
115 CONFIG("ppp_restart_time", ppp_restart_time, INT),
116 CONFIG("ppp_max_configure", ppp_max_configure, INT),
117 CONFIG("ppp_max_failure", ppp_max_failure, INT),
118 CONFIG("primary_dns", default_dns1, IPv4),
119 CONFIG("secondary_dns", default_dns2, IPv4),
120 CONFIG("primary_radius", radiusserver[0], IPv4),
121 CONFIG("secondary_radius", radiusserver[1], IPv4),
122 CONFIG("primary_radius_port", radiusport[0], SHORT),
123 CONFIG("secondary_radius_port", radiusport[1], SHORT),
124 CONFIG("radius_accounting", radius_accounting, BOOL),
125 CONFIG("radius_interim", radius_interim, INT),
126 CONFIG("radius_secret", radiussecret, STRING),
127 CONFIG("radius_authtypes", radius_authtypes_s, STRING),
128 CONFIG("radius_dae_port", radius_dae_port, SHORT),
129 CONFIG("allow_duplicate_users", allow_duplicate_users, BOOL),
130 CONFIG("bind_address", bind_address, IPv4),
131 CONFIG("peer_address", peer_address, IPv4),
132 CONFIG("send_garp", send_garp, BOOL),
133 CONFIG("throttle_speed", rl_rate, UNSIGNED_LONG),
134 CONFIG("throttle_buckets", num_tbfs, INT),
135 CONFIG("accounting_dir", accounting_dir, STRING),
136 CONFIG("setuid", target_uid, INT),
137 CONFIG("dump_speed", dump_speed, BOOL),
138 CONFIG("multi_read_count", multi_read_count, INT),
139 CONFIG("scheduler_fifo", scheduler_fifo, BOOL),
140 CONFIG("lock_pages", lock_pages, BOOL),
141 CONFIG("icmp_rate", icmp_rate, INT),
142 CONFIG("packet_limit", max_packets, INT),
143 CONFIG("cluster_address", cluster_address, IPv4),
144 CONFIG("cluster_interface", cluster_interface, STRING),
145 CONFIG("cluster_mcast_ttl", cluster_mcast_ttl, INT),
146 CONFIG("cluster_hb_interval", cluster_hb_interval, INT),
147 CONFIG("cluster_hb_timeout", cluster_hb_timeout, INT),
148 CONFIG("cluster_master_min_adv", cluster_master_min_adv, INT),
149 CONFIG("ipv6_prefix", ipv6_prefix, IPv6),
150 { NULL, 0, 0, 0 },
151 };
152
153 static char *plugin_functions[] = {
154 NULL,
155 "plugin_pre_auth",
156 "plugin_post_auth",
157 "plugin_packet_rx",
158 "plugin_packet_tx",
159 "plugin_timer",
160 "plugin_new_session",
161 "plugin_kill_session",
162 "plugin_control",
163 "plugin_radius_response",
164 "plugin_radius_reset",
165 "plugin_radius_account",
166 "plugin_become_master",
167 "plugin_new_session_master",
168 };
169
170 #define max_plugin_functions (sizeof(plugin_functions) / sizeof(char *))
171
172 // Counters for shutdown sessions
173 static sessiont shut_acct[8192];
174 static sessionidt shut_acct_n = 0;
175
176 tunnelt *tunnel = NULL; // Array of tunnel structures.
177 sessiont *session = NULL; // Array of session structures.
178 sessionlocalt *sess_local = NULL; // Array of local per-session counters.
179 radiust *radius = NULL; // Array of radius structures.
180 ippoolt *ip_address_pool = NULL; // Array of dynamic IP addresses.
181 ip_filtert *ip_filters = NULL; // Array of named filters.
182 static controlt *controlfree = 0;
183 struct Tstats *_statistics = NULL;
184 #ifdef RINGBUFFER
185 struct Tringbuffer *ringbuffer = NULL;
186 #endif
187
188 static void cache_ipmap(in_addr_t ip, int s);
189 static void uncache_ipmap(in_addr_t ip);
190 static void cache_ipv6map(struct in6_addr ip, int prefixlen, int s);
191 static void free_ip_address(sessionidt s);
192 static void dump_acct_info(int all);
193 static void sighup_handler(int sig);
194 static void shutdown_handler(int sig);
195 static void sigchild_handler(int sig);
196 static void build_chap_response(uint8_t *challenge, uint8_t id, uint16_t challenge_length, uint8_t **challenge_response);
197 static void update_config(void);
198 static void read_config_file(void);
199 static void initplugins(void);
200 static int add_plugin(char *plugin_name);
201 static int remove_plugin(char *plugin_name);
202 static void plugins_done(void);
203 static void processcontrol(uint8_t *buf, int len, struct sockaddr_in *addr, int alen);
204 static tunnelidt new_tunnel(void);
205 static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len);
206
207 // on slaves, alow BGP to withdraw cleanly before exiting
208 #define QUIT_DELAY 5
209
210 // quit actions (master)
211 #define QUIT_FAILOVER 1 // SIGTERM: exit when all control messages have been acked (for cluster failover)
212 #define QUIT_SHUTDOWN 2 // SIGQUIT: shutdown sessions/tunnels, reject new connections
213
214 // return internal time (10ths since process startup), set f if given
215 // as a side-effect sets time_now, and time_changed
216 static clockt now(double *f)
217 {
218 struct timeval t;
219 gettimeofday(&t, 0);
220 if (f) *f = t.tv_sec + t.tv_usec / 1000000.0;
221 if (t.tv_sec != time_now)
222 {
223 time_now = t.tv_sec;
224 time_changed++;
225 }
226 return (t.tv_sec - basetime) * 10 + t.tv_usec / 100000 + 1;
227 }
228
229 // work out a retry time based on try number
230 // This is a straight bounded exponential backoff.
231 // Maximum re-try time is 32 seconds. (2^5).
232 clockt backoff(uint8_t try)
233 {
234 if (try > 5) try = 5; // max backoff
235 return now(NULL) + 10 * (1 << try);
236 }
237
238
239 //
240 // Log a debug message. Typically called via the LOG macro
241 //
242 void _log(int level, sessionidt s, tunnelidt t, const char *format, ...)
243 {
244 static char message[65536] = {0};
245 va_list ap;
246
247 #ifdef RINGBUFFER
248 if (ringbuffer)
249 {
250 if (++ringbuffer->tail >= RINGBUFFER_SIZE)
251 ringbuffer->tail = 0;
252 if (ringbuffer->tail == ringbuffer->head)
253 if (++ringbuffer->head >= RINGBUFFER_SIZE)
254 ringbuffer->head = 0;
255
256 ringbuffer->buffer[ringbuffer->tail].level = level;
257 ringbuffer->buffer[ringbuffer->tail].session = s;
258 ringbuffer->buffer[ringbuffer->tail].tunnel = t;
259 va_start(ap, format);
260 vsnprintf(ringbuffer->buffer[ringbuffer->tail].message, 4095, format, ap);
261 va_end(ap);
262 }
263 #endif
264
265 if (config->debug < level) return;
266
267 va_start(ap, format);
268 vsnprintf(message, sizeof(message), format, ap);
269
270 if (log_stream)
271 fprintf(log_stream, "%s %02d/%02d %s", time_now_string, t, s, message);
272 else if (syslog_log)
273 syslog(level + 2, "%02d/%02d %s", t, s, message); // We don't need LOG_EMERG or LOG_ALERT
274
275 va_end(ap);
276 }
277
278 void _log_hex(int level, const char *title, const uint8_t *data, int maxsize)
279 {
280 int i, j;
281 const uint8_t *d = data;
282
283 if (config->debug < level) return;
284
285 // No support for _log_hex to syslog
286 if (log_stream)
287 {
288 _log(level, 0, 0, "%s (%d bytes):\n", title, maxsize);
289 setvbuf(log_stream, NULL, _IOFBF, 16384);
290
291 for (i = 0; i < maxsize; )
292 {
293 fprintf(log_stream, "%4X: ", i);
294 for (j = i; j < maxsize && j < (i + 16); j++)
295 {
296 fprintf(log_stream, "%02X ", d[j]);
297 if (j == i + 7)
298 fputs(": ", log_stream);
299 }
300
301 for (; j < i + 16; j++)
302 {
303 fputs(" ", log_stream);
304 if (j == i + 7)
305 fputs(": ", log_stream);
306 }
307
308 fputs(" ", log_stream);
309 for (j = i; j < maxsize && j < (i + 16); j++)
310 {
311 if (d[j] >= 0x20 && d[j] < 0x7f && d[j] != 0x20)
312 fputc(d[j], log_stream);
313 else
314 fputc('.', log_stream);
315
316 if (j == i + 7)
317 fputs(" ", log_stream);
318 }
319
320 i = j;
321 fputs("\n", log_stream);
322 }
323
324 fflush(log_stream);
325 setbuf(log_stream, NULL);
326 }
327 }
328
329 // update a counter, accumulating 2^32 wraps
330 void increment_counter(uint32_t *counter, uint32_t *wrap, uint32_t delta)
331 {
332 uint32_t new = *counter + delta;
333 if (new < *counter)
334 (*wrap)++;
335
336 *counter = new;
337 }
338
339 // initialise the random generator
340 static void initrandom(char *source)
341 {
342 static char path[sizeof(config->random_device)] = "*undefined*";
343
344 // reinitialise only if we are forced to do so or if the config has changed
345 if (source && !strncmp(path, source, sizeof(path)))
346 return;
347
348 // close previous source, if any
349 if (rand_fd >= 0)
350 close(rand_fd);
351
352 rand_fd = -1;
353
354 if (source)
355 {
356 // register changes
357 snprintf(path, sizeof(path), "%s", source);
358
359 if (*path == '/')
360 {
361 rand_fd = open(path, O_RDONLY|O_NONBLOCK);
362 if (rand_fd < 0)
363 LOG(0, 0, 0, "Error opening the random device %s: %s\n",
364 path, strerror(errno));
365 }
366 }
367 }
368
369 // fill buffer with random data
370 void random_data(uint8_t *buf, int len)
371 {
372 int n = 0;
373
374 CSTAT(random_data);
375 if (rand_fd >= 0)
376 {
377 n = read(rand_fd, buf, len);
378 if (n >= len) return;
379 if (n < 0)
380 {
381 if (errno != EAGAIN)
382 {
383 LOG(0, 0, 0, "Error reading from random source: %s\n",
384 strerror(errno));
385
386 // fall back to rand()
387 initrandom(NULL);
388 }
389
390 n = 0;
391 }
392 }
393
394 // append missing data
395 while (n < len)
396 // not using the low order bits from the prng stream
397 buf[n++] = (rand() >> 4) & 0xff;
398 }
399
400 // Add a route
401 //
402 // This adds it to the routing table, advertises it
403 // via BGP if enabled, and stuffs it into the
404 // 'sessionbyip' cache.
405 //
406 // 'ip' and 'mask' must be in _host_ order.
407 //
408 static void routeset(sessionidt s, in_addr_t ip, in_addr_t mask, in_addr_t gw, int add)
409 {
410 struct rtentry r;
411 int i;
412
413 if (!mask) mask = 0xffffffff;
414
415 ip &= mask; // Force the ip to be the first one in the route.
416
417 memset(&r, 0, sizeof(r));
418 r.rt_dev = config->tundevice;
419 r.rt_dst.sa_family = AF_INET;
420 *(uint32_t *) & (((struct sockaddr_in *) &r.rt_dst)->sin_addr.s_addr) = htonl(ip);
421 r.rt_gateway.sa_family = AF_INET;
422 *(uint32_t *) & (((struct sockaddr_in *) &r.rt_gateway)->sin_addr.s_addr) = htonl(gw);
423 r.rt_genmask.sa_family = AF_INET;
424 *(uint32_t *) & (((struct sockaddr_in *) &r.rt_genmask)->sin_addr.s_addr) = htonl(mask);
425 r.rt_flags = (RTF_UP | RTF_STATIC);
426 if (gw)
427 r.rt_flags |= RTF_GATEWAY;
428 else if (mask == 0xffffffff)
429 r.rt_flags |= RTF_HOST;
430
431 LOG(1, s, 0, "Route %s %s/%s%s%s\n", add ? "add" : "del",
432 fmtaddr(htonl(ip), 0), fmtaddr(htonl(mask), 1),
433 gw ? " via" : "", gw ? fmtaddr(htonl(gw), 2) : "");
434
435 if (ioctl(ifrfd, add ? SIOCADDRT : SIOCDELRT, (void *) &r) < 0)
436 LOG(0, 0, 0, "routeset() error in ioctl: %s\n", strerror(errno));
437
438 #ifdef BGP
439 if (add)
440 bgp_add_route(htonl(ip), htonl(mask));
441 else
442 bgp_del_route(htonl(ip), htonl(mask));
443 #endif /* BGP */
444
445 // Add/Remove the IPs to the 'sessionbyip' cache.
446 // Note that we add the zero address in the case of
447 // a network route. Roll on CIDR.
448
449 // Note that 's == 0' implies this is the address pool.
450 // We still cache it here, because it will pre-fill
451 // the malloc'ed tree.
452
453 if (s)
454 {
455 if (!add) // Are we deleting a route?
456 s = 0; // Caching the session as '0' is the same as uncaching.
457
458 for (i = ip; (i&mask) == (ip&mask) ; ++i)
459 cache_ipmap(i, s);
460 }
461 }
462
463 void route6set(sessionidt s, struct in6_addr ip, int prefixlen, int add)
464 {
465 struct in6_rtmsg rt;
466 char ipv6addr[INET6_ADDRSTRLEN];
467
468 if (ifr6fd < 0)
469 {
470 LOG(0, 0, 0, "Asked to set IPv6 route, but IPv6 not setup.\n");
471 return;
472 }
473
474 memset(&rt, 0, sizeof(rt));
475
476 memcpy(&rt.rtmsg_dst, &ip, sizeof(struct in6_addr));
477 rt.rtmsg_dst_len = prefixlen;
478 rt.rtmsg_metric = 1;
479 rt.rtmsg_flags = RTF_UP;
480 rt.rtmsg_ifindex = tunidx;
481
482 LOG(1, 0, 0, "Route %s %s/%d\n",
483 add ? "add" : "del",
484 inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN),
485 prefixlen);
486
487 if (ioctl(ifr6fd, add ? SIOCADDRT : SIOCDELRT, (void *) &rt) < 0)
488 LOG(0, 0, 0, "route6set() error in ioctl: %s\n",
489 strerror(errno));
490
491 // FIXME: need to add BGP routing (RFC2858)
492
493 if (s)
494 {
495 if (!add) // Are we deleting a route?
496 s = 0; // Caching the session as '0' is the same as uncaching.
497
498 cache_ipv6map(ip, prefixlen, s);
499 }
500
501 return;
502 }
503
504 // defined in linux/ipv6.h, but tricky to include from user-space
505 // TODO: move routing to use netlink rather than ioctl
506 struct in6_ifreq {
507 struct in6_addr ifr6_addr;
508 __u32 ifr6_prefixlen;
509 unsigned int ifr6_ifindex;
510 };
511
512 //
513 // Set up TUN interface
514 static void inittun(void)
515 {
516 struct ifreq ifr;
517 struct in6_ifreq ifr6;
518 struct sockaddr_in sin = {0};
519 memset(&ifr, 0, sizeof(ifr));
520 ifr.ifr_flags = IFF_TUN;
521
522 tunfd = open(TUNDEVICE, O_RDWR);
523 if (tunfd < 0)
524 { // fatal
525 LOG(0, 0, 0, "Can't open %s: %s\n", TUNDEVICE, strerror(errno));
526 exit(1);
527 }
528 {
529 int flags = fcntl(tunfd, F_GETFL, 0);
530 fcntl(tunfd, F_SETFL, flags | O_NONBLOCK);
531 }
532 if (ioctl(tunfd, TUNSETIFF, (void *) &ifr) < 0)
533 {
534 LOG(0, 0, 0, "Can't set tun interface: %s\n", strerror(errno));
535 exit(1);
536 }
537 assert(strlen(ifr.ifr_name) < sizeof(config->tundevice));
538 strncpy(config->tundevice, ifr.ifr_name, sizeof(config->tundevice) - 1);
539 ifrfd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
540
541 sin.sin_family = AF_INET;
542 sin.sin_addr.s_addr = config->bind_address ? config->bind_address : 0x01010101; // 1.1.1.1
543 memcpy(&ifr.ifr_addr, &sin, sizeof(struct sockaddr));
544
545 if (ioctl(ifrfd, SIOCSIFADDR, (void *) &ifr) < 0)
546 {
547 LOG(0, 0, 0, "Error setting tun address: %s\n", strerror(errno));
548 exit(1);
549 }
550 /* Bump up the qlen to deal with bursts from the network */
551 ifr.ifr_qlen = 1000;
552 if (ioctl(ifrfd, SIOCSIFTXQLEN, (void *) &ifr) < 0)
553 {
554 LOG(0, 0, 0, "Error setting tun queue length: %s\n", strerror(errno));
555 exit(1);
556 }
557 /* set MTU to modem MRU */
558 ifr.ifr_mtu = MRU;
559 if (ioctl(ifrfd, SIOCSIFMTU, (void *) &ifr) < 0)
560 {
561 LOG(0, 0, 0, "Error setting tun MTU: %s\n", strerror(errno));
562 exit(1);
563 }
564 ifr.ifr_flags = IFF_UP;
565 if (ioctl(ifrfd, SIOCSIFFLAGS, (void *) &ifr) < 0)
566 {
567 LOG(0, 0, 0, "Error setting tun flags: %s\n", strerror(errno));
568 exit(1);
569 }
570 if (ioctl(ifrfd, SIOCGIFINDEX, (void *) &ifr) < 0)
571 {
572 LOG(0, 0, 0, "Error getting tun ifindex: %s\n", strerror(errno));
573 exit(1);
574 }
575 tunidx = ifr.ifr_ifindex;
576
577 // Only setup IPv6 on the tun device if we have a configured prefix
578 if (config->ipv6_prefix.s6_addr[0]) {
579 ifr6fd = socket(PF_INET6, SOCK_DGRAM, 0);
580
581 // Link local address is FE80::1
582 memset(&ifr6.ifr6_addr, 0, sizeof(ifr6.ifr6_addr));
583 ifr6.ifr6_addr.s6_addr[0] = 0xFE;
584 ifr6.ifr6_addr.s6_addr[1] = 0x80;
585 ifr6.ifr6_addr.s6_addr[15] = 1;
586 ifr6.ifr6_prefixlen = 64;
587 ifr6.ifr6_ifindex = ifr.ifr_ifindex;
588 if (ioctl(ifr6fd, SIOCSIFADDR, (void *) &ifr6) < 0)
589 {
590 LOG(0, 0, 0, "Error setting tun IPv6 link local address:"
591 " %s\n", strerror(errno));
592 }
593
594 // Global address is prefix::1
595 memset(&ifr6.ifr6_addr, 0, sizeof(ifr6.ifr6_addr));
596 ifr6.ifr6_addr = config->ipv6_prefix;
597 ifr6.ifr6_addr.s6_addr[15] = 1;
598 ifr6.ifr6_prefixlen = 64;
599 ifr6.ifr6_ifindex = ifr.ifr_ifindex;
600 if (ioctl(ifr6fd, SIOCSIFADDR, (void *) &ifr6) < 0)
601 {
602 LOG(0, 0, 0, "Error setting tun IPv6 global address: %s\n",
603 strerror(errno));
604 }
605 }
606 }
607
608 // set up UDP ports
609 static void initudp(void)
610 {
611 int on = 1;
612 struct sockaddr_in addr;
613
614 // Tunnel
615 memset(&addr, 0, sizeof(addr));
616 addr.sin_family = AF_INET;
617 addr.sin_port = htons(L2TPPORT);
618 addr.sin_addr.s_addr = config->bind_address;
619 udpfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
620 setsockopt(udpfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
621 {
622 int flags = fcntl(udpfd, F_GETFL, 0);
623 fcntl(udpfd, F_SETFL, flags | O_NONBLOCK);
624 }
625 if (bind(udpfd, (void *) &addr, sizeof(addr)) < 0)
626 {
627 LOG(0, 0, 0, "Error in UDP bind: %s\n", strerror(errno));
628 exit(1);
629 }
630
631 // Control
632 memset(&addr, 0, sizeof(addr));
633 addr.sin_family = AF_INET;
634 addr.sin_port = htons(NSCTL_PORT);
635 controlfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
636 setsockopt(controlfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
637 if (bind(controlfd, (void *) &addr, sizeof(addr)) < 0)
638 {
639 LOG(0, 0, 0, "Error in control bind: %s\n", strerror(errno));
640 exit(1);
641 }
642
643 // Dynamic Authorization Extensions to RADIUS
644 memset(&addr, 0, sizeof(addr));
645 addr.sin_family = AF_INET;
646 addr.sin_port = htons(config->radius_dae_port);
647 daefd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
648 setsockopt(daefd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
649 if (bind(daefd, (void *) &addr, sizeof(addr)) < 0)
650 {
651 LOG(0, 0, 0, "Error in DAE bind: %s\n", strerror(errno));
652 exit(1);
653 }
654
655 // Intercept
656 snoopfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
657 }
658
659 //
660 // Find session by IP, < 1 for not found
661 //
662 // Confusingly enough, this 'ip' must be
663 // in _network_ order. This being the common
664 // case when looking it up from IP packet headers.
665 //
666 // We actually use this cache for two things.
667 // #1. For used IP addresses, this maps to the
668 // session ID that it's used by.
669 // #2. For un-used IP addresses, this maps to the
670 // index into the pool table that contains that
671 // IP address.
672 //
673
674 static int lookup_ipmap(in_addr_t ip)
675 {
676 uint8_t *a = (uint8_t *) &ip;
677 uint8_t **d = (uint8_t **) ip_hash;
678
679 if (!(d = (uint8_t **) d[(size_t) *a++])) return 0;
680 if (!(d = (uint8_t **) d[(size_t) *a++])) return 0;
681 if (!(d = (uint8_t **) d[(size_t) *a++])) return 0;
682
683 return (int) (intptr_t) d[(size_t) *a];
684 }
685
686 static int lookup_ipv6map(struct in6_addr ip)
687 {
688 struct ipv6radix *curnode;
689 int i;
690 int s;
691 char ipv6addr[INET6_ADDRSTRLEN];
692
693 curnode = &ipv6_hash[ip.s6_addr[0]];
694 i = 1;
695 s = curnode->sess;
696
697 while (s == 0 && i < 15 && curnode->branch != NULL)
698 {
699 curnode = &curnode->branch[ip.s6_addr[i]];
700 s = curnode->sess;
701 i++;
702 }
703
704 LOG(4, s, session[s].tunnel, "Looking up address %s and got %d\n",
705 inet_ntop(AF_INET6, &ip, ipv6addr,
706 INET6_ADDRSTRLEN),
707 s);
708
709 return s;
710 }
711
712 sessionidt sessionbyip(in_addr_t ip)
713 {
714 int s = lookup_ipmap(ip);
715 CSTAT(sessionbyip);
716
717 if (s > 0 && s < MAXSESSION && session[s].opened)
718 return (sessionidt) s;
719
720 return 0;
721 }
722
723 sessionidt sessionbyipv6(struct in6_addr ip)
724 {
725 int s;
726 CSTAT(sessionbyipv6);
727
728 if (!memcmp(&config->ipv6_prefix, &ip, 8) ||
729 (ip.s6_addr[0] == 0xFE &&
730 ip.s6_addr[1] == 0x80 &&
731 ip.s6_addr16[1] == 0 &&
732 ip.s6_addr16[2] == 0 &&
733 ip.s6_addr16[3] == 0)) {
734 s = lookup_ipmap(*(in_addr_t *) &ip.s6_addr[8]);
735 } else {
736 s = lookup_ipv6map(ip);
737 }
738
739 if (s > 0 && s < MAXSESSION && session[s].opened)
740 return s;
741
742 return 0;
743 }
744
745 //
746 // Take an IP address in HOST byte order and
747 // add it to the sessionid by IP cache.
748 //
749 // (It's actually cached in network order)
750 //
751 static void cache_ipmap(in_addr_t ip, int s)
752 {
753 in_addr_t nip = htonl(ip); // MUST be in network order. I.e. MSB must in be ((char *) (&ip))[0]
754 uint8_t *a = (uint8_t *) &nip;
755 uint8_t **d = (uint8_t **) ip_hash;
756 int i;
757
758 for (i = 0; i < 3; i++)
759 {
760 if (!d[(size_t) a[i]])
761 {
762 if (!(d[(size_t) a[i]] = calloc(256, sizeof(void *))))
763 return;
764 }
765
766 d = (uint8_t **) d[(size_t) a[i]];
767 }
768
769 d[(size_t) a[3]] = (uint8_t *) (intptr_t) s;
770
771 if (s > 0)
772 LOG(4, s, session[s].tunnel, "Caching ip address %s\n", fmtaddr(nip, 0));
773
774 else if (s == 0)
775 LOG(4, 0, 0, "Un-caching ip address %s\n", fmtaddr(nip, 0));
776 // else a map to an ip pool index.
777 }
778
779 static void uncache_ipmap(in_addr_t ip)
780 {
781 cache_ipmap(ip, 0); // Assign it to the NULL session.
782 }
783
784 static void cache_ipv6map(struct in6_addr ip, int prefixlen, int s)
785 {
786 int i;
787 int bytes;
788 struct ipv6radix *curnode;
789 char ipv6addr[INET6_ADDRSTRLEN];
790
791 curnode = &ipv6_hash[ip.s6_addr[0]];
792
793 bytes = prefixlen >> 3;
794 i = 1;
795 while (i < bytes) {
796 if (curnode->branch == NULL)
797 {
798 if (!(curnode->branch = calloc(256,
799 sizeof (struct ipv6radix))))
800 return;
801 }
802 curnode = &curnode->branch[ip.s6_addr[i]];
803 i++;
804 }
805
806 curnode->sess = s;
807
808 if (s > 0)
809 LOG(4, s, session[s].tunnel, "Caching ip address %s/%d\n",
810 inet_ntop(AF_INET6, &ip, ipv6addr,
811 INET6_ADDRSTRLEN),
812 prefixlen);
813 else if (s == 0)
814 LOG(4, 0, 0, "Un-caching ip address %s/%d\n",
815 inet_ntop(AF_INET6, &ip, ipv6addr,
816 INET6_ADDRSTRLEN),
817 prefixlen);
818 }
819
820 //
821 // CLI list to dump current ipcache.
822 //
823 int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc)
824 {
825 char **d = (char **) ip_hash, **e, **f, **g;
826 int i, j, k, l;
827 int count = 0;
828
829 if (CLI_HELP_REQUESTED)
830 return CLI_HELP_NO_ARGS;
831
832 cli_print(cli, "%7s %s", "Sess#", "IP Address");
833
834 for (i = 0; i < 256; ++i)
835 {
836 if (!d[i])
837 continue;
838 e = (char **) d[i];
839 for (j = 0; j < 256; ++j)
840 {
841 if (!e[j])
842 continue;
843 f = (char **) e[j];
844 for (k = 0; k < 256; ++k)
845 {
846 if (!f[k])
847 continue;
848 g = (char **)f[k];
849 for (l = 0; l < 256; ++l)
850 {
851 if (!g[l])
852 continue;
853 cli_print(cli, "%7d %d.%d.%d.%d", (int) (intptr_t) g[l], i, j, k, l);
854 ++count;
855 }
856 }
857 }
858 }
859 cli_print(cli, "%d entries in cache", count);
860 return CLI_OK;
861 }
862
863
864 // Find session by username, 0 for not found
865 // walled garden users aren't authenticated, so the username is
866 // reasonably useless. Ignore them to avoid incorrect actions
867 //
868 // This is VERY inefficent. Don't call it often. :)
869 //
870 sessionidt sessionbyuser(char *username)
871 {
872 int s;
873 CSTAT(sessionbyuser);
874
875 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
876 {
877 if (!session[s].opened)
878 continue;
879
880 if (session[s].walled_garden)
881 continue; // Skip walled garden users.
882
883 if (!strncmp(session[s].user, username, 128))
884 return s;
885
886 }
887 return 0; // Not found.
888 }
889
890 void send_garp(in_addr_t ip)
891 {
892 int s;
893 struct ifreq ifr;
894 uint8_t mac[6];
895
896 s = socket(PF_INET, SOCK_DGRAM, 0);
897 if (s < 0)
898 {
899 LOG(0, 0, 0, "Error creating socket for GARP: %s\n", strerror(errno));
900 return;
901 }
902 memset(&ifr, 0, sizeof(ifr));
903 strncpy(ifr.ifr_name, "eth0", sizeof(ifr.ifr_name) - 1);
904 if (ioctl(s, SIOCGIFHWADDR, &ifr) < 0)
905 {
906 LOG(0, 0, 0, "Error getting eth0 hardware address for GARP: %s\n", strerror(errno));
907 close(s);
908 return;
909 }
910 memcpy(mac, &ifr.ifr_hwaddr.sa_data, 6*sizeof(char));
911 if (ioctl(s, SIOCGIFINDEX, &ifr) < 0)
912 {
913 LOG(0, 0, 0, "Error getting eth0 interface index for GARP: %s\n", strerror(errno));
914 close(s);
915 return;
916 }
917 close(s);
918 sendarp(ifr.ifr_ifindex, mac, ip);
919 }
920
921 static sessiont *sessiontbysessionidt(sessionidt s)
922 {
923 if (!s || s >= MAXSESSION) return NULL;
924 return &session[s];
925 }
926
927 static sessionidt sessionidtbysessiont(sessiont *s)
928 {
929 sessionidt val = s-session;
930 if (s < session || val >= MAXSESSION) return 0;
931 return val;
932 }
933
934 // actually send a control message for a specific tunnel
935 void tunnelsend(uint8_t * buf, uint16_t l, tunnelidt t)
936 {
937 struct sockaddr_in addr;
938
939 CSTAT(tunnelsend);
940
941 if (!t)
942 {
943 LOG(0, 0, t, "tunnelsend called with 0 as tunnel id\n");
944 STAT(tunnel_tx_errors);
945 return;
946 }
947
948 if (!tunnel[t].ip)
949 {
950 LOG(1, 0, t, "Error sending data out tunnel: no remote endpoint (tunnel not set up)\n");
951 STAT(tunnel_tx_errors);
952 return;
953 }
954
955 memset(&addr, 0, sizeof(addr));
956 addr.sin_family = AF_INET;
957 *(uint32_t *) & addr.sin_addr = htonl(tunnel[t].ip);
958 addr.sin_port = htons(tunnel[t].port);
959
960 // sequence expected, if sequence in message
961 if (*buf & 0x08) *(uint16_t *) (buf + ((*buf & 0x40) ? 10 : 8)) = htons(tunnel[t].nr);
962
963 // If this is a control message, deal with retries
964 if (*buf & 0x80)
965 {
966 tunnel[t].last = time_now; // control message sent
967 tunnel[t].retry = backoff(tunnel[t].try); // when to resend
968 if (tunnel[t].try)
969 {
970 STAT(tunnel_retries);
971 LOG(3, 0, t, "Control message resend try %d\n", tunnel[t].try);
972 }
973 }
974
975 if (sendto(udpfd, buf, l, 0, (void *) &addr, sizeof(addr)) < 0)
976 {
977 LOG(0, ntohs((*(uint16_t *) (buf + 6))), t, "Error sending data out tunnel: %s (udpfd=%d, buf=%p, len=%d, dest=%s)\n",
978 strerror(errno), udpfd, buf, l, inet_ntoa(addr.sin_addr));
979 STAT(tunnel_tx_errors);
980 return;
981 }
982
983 LOG_HEX(5, "Send Tunnel Data", buf, l);
984 STAT(tunnel_tx_packets);
985 INC_STAT(tunnel_tx_bytes, l);
986 }
987
988 //
989 // Tiny helper function to write data to
990 // the 'tun' device.
991 //
992 int tun_write(uint8_t * data, int size)
993 {
994 return write(tunfd, data, size);
995 }
996
997 // adjust tcp mss to avoid fragmentation (called only for tcp packets with syn set)
998 void adjust_tcp_mss(sessionidt s, tunnelidt t, uint8_t *buf, int len, uint8_t *tcp)
999 {
1000 int d = (tcp[12] >> 4) * 4;
1001 uint8_t *mss = 0;
1002 uint8_t *opts;
1003 uint8_t *data;
1004 uint16_t orig;
1005 uint32_t sum;
1006
1007 if ((tcp[13] & 0x3f) & ~(TCP_FLAG_SYN|TCP_FLAG_ACK)) // only want SYN and SYN,ACK
1008 return;
1009
1010 if (tcp + d > buf + len) // short?
1011 return;
1012
1013 opts = tcp + 20;
1014 data = tcp + d;
1015
1016 while (opts < data)
1017 {
1018 if (*opts == 2 && opts[1] == 4) // mss option (2), length 4
1019 {
1020 mss = opts + 2;
1021 if (mss + 2 > data) return; // short?
1022 break;
1023 }
1024
1025 if (*opts == 0) return; // end of options
1026 if (*opts == 1 || !opts[1]) // no op (one byte), or no length (prevent loop)
1027 opts++;
1028 else
1029 opts += opts[1]; // skip over option
1030 }
1031
1032 if (!mss) return; // not found
1033 orig = ntohs(*(uint16_t *) mss);
1034
1035 if (orig <= MSS) return; // mss OK
1036
1037 LOG(5, s, t, "TCP: %s:%u -> %s:%u SYN%s: adjusted mss from %u to %u\n",
1038 fmtaddr(*(in_addr_t *) (buf + 12), 0), ntohs(*(uint16_t *) tcp),
1039 fmtaddr(*(in_addr_t *) (buf + 16), 1), ntohs(*(uint16_t *) (tcp + 2)),
1040 (tcp[13] & TCP_FLAG_ACK) ? ",ACK" : "", orig, MSS);
1041
1042 // set mss
1043 *(int16_t *) mss = htons(MSS);
1044
1045 // adjust checksum (see rfc1141)
1046 sum = orig + (~MSS & 0xffff);
1047 sum += ntohs(*(uint16_t *) (tcp + 16));
1048 sum = (sum & 0xffff) + (sum >> 16);
1049 *(uint16_t *) (tcp + 16) = htons(sum + (sum >> 16));
1050 }
1051
1052 // process outgoing (to tunnel) IP
1053 //
1054 static void processipout(uint8_t *buf, int len)
1055 {
1056 sessionidt s;
1057 sessiont *sp;
1058 tunnelidt t;
1059 in_addr_t ip;
1060
1061 uint8_t *data = buf; // Keep a copy of the originals.
1062 int size = len;
1063
1064 uint8_t b[MAXETHER + 20];
1065
1066 CSTAT(processipout);
1067
1068 if (len < MIN_IP_SIZE)
1069 {
1070 LOG(1, 0, 0, "Short IP, %d bytes\n", len);
1071 STAT(tun_rx_errors);
1072 return;
1073 }
1074 if (len >= MAXETHER)
1075 {
1076 LOG(1, 0, 0, "Oversize IP packet %d bytes\n", len);
1077 STAT(tun_rx_errors);
1078 return;
1079 }
1080
1081 // Skip the tun header
1082 buf += 4;
1083 len -= 4;
1084
1085 // Got an IP header now
1086 if (*(uint8_t *)(buf) >> 4 != 4)
1087 {
1088 LOG(1, 0, 0, "IP: Don't understand anything except IPv4\n");
1089 return;
1090 }
1091
1092 ip = *(uint32_t *)(buf + 16);
1093 if (!(s = sessionbyip(ip)))
1094 {
1095 // Is this a packet for a session that doesn't exist?
1096 static int rate = 0; // Number of ICMP packets we've sent this second.
1097 static int last = 0; // Last time we reset the ICMP packet counter 'rate'.
1098
1099 if (last != time_now)
1100 {
1101 last = time_now;
1102 rate = 0;
1103 }
1104
1105 if (rate++ < config->icmp_rate) // Only send a max of icmp_rate per second.
1106 {
1107 LOG(4, 0, 0, "IP: Sending ICMP host unreachable to %s\n", fmtaddr(*(in_addr_t *)(buf + 12), 0));
1108 host_unreachable(*(in_addr_t *)(buf + 12), *(uint16_t *)(buf + 4),
1109 config->bind_address ? config->bind_address : my_address, buf, len);
1110 }
1111 return;
1112 }
1113 t = session[s].tunnel;
1114 sp = &session[s];
1115
1116 // DoS prevention: enforce a maximum number of packets per 0.1s for a session
1117 if (config->max_packets > 0)
1118 {
1119 if (sess_local[s].last_packet_out == TIME)
1120 {
1121 int max = config->max_packets;
1122
1123 // All packets for throttled sessions are handled by the
1124 // master, so further limit by using the throttle rate.
1125 // A bit of a kludge, since throttle rate is in kbps,
1126 // but should still be generous given our average DSL
1127 // packet size is 200 bytes: a limit of 28kbps equates
1128 // to around 180 packets per second.
1129 if (!config->cluster_iam_master && sp->throttle_out && sp->throttle_out < max)
1130 max = sp->throttle_out;
1131
1132 if (++sess_local[s].packets_out > max)
1133 {
1134 sess_local[s].packets_dropped++;
1135 return;
1136 }
1137 }
1138 else
1139 {
1140 if (sess_local[s].packets_dropped)
1141 {
1142 INC_STAT(tun_rx_dropped, sess_local[s].packets_dropped);
1143 LOG(3, s, t, "Dropped %u/%u packets to %s for %suser %s\n",
1144 sess_local[s].packets_dropped, sess_local[s].packets_out,
1145 fmtaddr(ip, 0), sp->throttle_out ? "throttled " : "",
1146 sp->user);
1147 }
1148
1149 sess_local[s].last_packet_out = TIME;
1150 sess_local[s].packets_out = 1;
1151 sess_local[s].packets_dropped = 0;
1152 }
1153 }
1154
1155 // run access-list if any
1156 if (session[s].filter_out && !ip_filter(buf, len, session[s].filter_out - 1))
1157 return;
1158
1159 // adjust MSS on SYN and SYN,ACK packets with options
1160 if ((ntohs(*(uint16_t *) (buf + 6)) & 0x1fff) == 0 && buf[9] == IPPROTO_TCP) // first tcp fragment
1161 {
1162 int ihl = (buf[0] & 0xf) * 4; // length of IP header
1163 if (len >= ihl + 20 && (buf[ihl + 13] & TCP_FLAG_SYN) && ((buf[ihl + 12] >> 4) > 5))
1164 adjust_tcp_mss(s, t, buf, len, buf + ihl);
1165 }
1166
1167 if (sp->tbf_out)
1168 {
1169 // Are we throttling this session?
1170 if (config->cluster_iam_master)
1171 tbf_queue_packet(sp->tbf_out, data, size);
1172 else
1173 master_throttle_packet(sp->tbf_out, data, size);
1174 return;
1175 }
1176
1177 if (sp->walled_garden && !config->cluster_iam_master)
1178 {
1179 // We are walled-gardening this
1180 master_garden_packet(s, data, size);
1181 return;
1182 }
1183
1184 LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
1185
1186 // Add on L2TP header
1187 {
1188 uint8_t *p = makeppp(b, sizeof(b), buf, len, s, t, PPPIP);
1189 if (!p) return;
1190 tunnelsend(b, len + (p-b), t); // send it...
1191 }
1192
1193 // Snooping this session, send it to intercept box
1194 if (sp->snoop_ip && sp->snoop_port)
1195 snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
1196
1197 increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
1198 sp->cout_delta += len;
1199 sp->pout++;
1200 udp_tx += len;
1201
1202 sess_local[s].cout += len; // To send to master..
1203 sess_local[s].pout++;
1204 }
1205
1206 // process outgoing (to tunnel) IPv6
1207 //
1208 static void processipv6out(uint8_t * buf, int len)
1209 {
1210 sessionidt s;
1211 sessiont *sp;
1212 tunnelidt t;
1213 in_addr_t ip;
1214 struct in6_addr ip6;
1215
1216 uint8_t *data = buf; // Keep a copy of the originals.
1217 int size = len;
1218
1219 uint8_t b[MAXETHER + 20];
1220
1221 CSTAT(processipv6out);
1222
1223 if (len < MIN_IP_SIZE)
1224 {
1225 LOG(1, 0, 0, "Short IPv6, %d bytes\n", len);
1226 STAT(tunnel_tx_errors);
1227 return;
1228 }
1229 if (len >= MAXETHER)
1230 {
1231 LOG(1, 0, 0, "Oversize IPv6 packet %d bytes\n", len);
1232 STAT(tunnel_tx_errors);
1233 return;
1234 }
1235
1236 // Skip the tun header
1237 buf += 4;
1238 len -= 4;
1239
1240 // Got an IP header now
1241 if (*(uint8_t *)(buf) >> 4 != 6)
1242 {
1243 LOG(1, 0, 0, "IP: Don't understand anything except IPv6\n");
1244 return;
1245 }
1246
1247 ip6 = *(struct in6_addr *)(buf+24);
1248 s = sessionbyipv6(ip6);
1249
1250 if (s == 0)
1251 {
1252 ip = *(uint32_t *)(buf + 32);
1253 s = sessionbyip(ip);
1254 }
1255
1256 if (s == 0)
1257 {
1258 // Is this a packet for a session that doesn't exist?
1259 static int rate = 0; // Number of ICMP packets we've sent this second.
1260 static int last = 0; // Last time we reset the ICMP packet counter 'rate'.
1261
1262 if (last != time_now)
1263 {
1264 last = time_now;
1265 rate = 0;
1266 }
1267
1268 if (rate++ < config->icmp_rate) // Only send a max of icmp_rate per second.
1269 {
1270 // FIXME: Should send icmp6 host unreachable
1271 }
1272 return;
1273 }
1274 t = session[s].tunnel;
1275 sp = &session[s];
1276
1277 // FIXME: add DoS prevention/filters?
1278
1279 if (sp->tbf_out)
1280 {
1281 // Are we throttling this session?
1282 if (config->cluster_iam_master)
1283 tbf_queue_packet(sp->tbf_out, data, size);
1284 else
1285 master_throttle_packet(sp->tbf_out, data, size);
1286 return;
1287 }
1288 else if (sp->walled_garden && !config->cluster_iam_master)
1289 {
1290 // We are walled-gardening this
1291 master_garden_packet(s, data, size);
1292 return;
1293 }
1294
1295 LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
1296
1297 // Add on L2TP header
1298 {
1299 uint8_t *p = makeppp(b, sizeof(b), buf, len, s, t, PPPIPV6);
1300 if (!p) return;
1301 tunnelsend(b, len + (p-b), t); // send it...
1302 }
1303
1304 // Snooping this session, send it to intercept box
1305 if (sp->snoop_ip && sp->snoop_port)
1306 snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
1307
1308 increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
1309 sp->cout_delta += len;
1310 sp->pout++;
1311 udp_tx += len;
1312
1313 sess_local[s].cout += len; // To send to master..
1314 sess_local[s].pout++;
1315 }
1316
1317 //
1318 // Helper routine for the TBF filters.
1319 // Used to send queued data in to the user!
1320 //
1321 static void send_ipout(sessionidt s, uint8_t *buf, int len)
1322 {
1323 sessiont *sp;
1324 tunnelidt t;
1325 in_addr_t ip;
1326
1327 uint8_t b[MAXETHER + 20];
1328
1329 if (len < 0 || len > MAXETHER)
1330 {
1331 LOG(1, 0, 0, "Odd size IP packet: %d bytes\n", len);
1332 return;
1333 }
1334
1335 // Skip the tun header
1336 buf += 4;
1337 len -= 4;
1338
1339 ip = *(in_addr_t *)(buf + 16);
1340
1341 if (!session[s].ip)
1342 return;
1343
1344 t = session[s].tunnel;
1345 sp = &session[s];
1346
1347 LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
1348
1349 // Add on L2TP header
1350 {
1351 uint8_t *p = makeppp(b, sizeof(b), buf, len, s, t, PPPIP);
1352 if (!p) return;
1353 tunnelsend(b, len + (p-b), t); // send it...
1354 }
1355
1356 // Snooping this session.
1357 if (sp->snoop_ip && sp->snoop_port)
1358 snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
1359
1360 increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
1361 sp->cout_delta += len;
1362 sp->pout++;
1363 udp_tx += len;
1364
1365 sess_local[s].cout += len; // To send to master..
1366 sess_local[s].pout++;
1367 }
1368
1369 // add an AVP (16 bit)
1370 static void control16(controlt * c, uint16_t avp, uint16_t val, uint8_t m)
1371 {
1372 uint16_t l = (m ? 0x8008 : 0x0008);
1373 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1374 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1375 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1376 *(uint16_t *) (c->buf + c->length + 6) = htons(val);
1377 c->length += 8;
1378 }
1379
1380 // add an AVP (32 bit)
1381 static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m)
1382 {
1383 uint16_t l = (m ? 0x800A : 0x000A);
1384 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1385 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1386 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1387 *(uint32_t *) (c->buf + c->length + 6) = htonl(val);
1388 c->length += 10;
1389 }
1390
1391 // add an AVP (string)
1392 static void controls(controlt * c, uint16_t avp, char *val, uint8_t m)
1393 {
1394 uint16_t l = ((m ? 0x8000 : 0) + strlen(val) + 6);
1395 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1396 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1397 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1398 memcpy(c->buf + c->length + 6, val, strlen(val));
1399 c->length += 6 + strlen(val);
1400 }
1401
1402 // add a binary AVP
1403 static void controlb(controlt * c, uint16_t avp, uint8_t *val, unsigned int len, uint8_t m)
1404 {
1405 uint16_t l = ((m ? 0x8000 : 0) + len + 6);
1406 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1407 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1408 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1409 memcpy(c->buf + c->length + 6, val, len);
1410 c->length += 6 + len;
1411 }
1412
1413 // new control connection
1414 static controlt *controlnew(uint16_t mtype)
1415 {
1416 controlt *c;
1417 if (!controlfree)
1418 c = malloc(sizeof(controlt));
1419 else
1420 {
1421 c = controlfree;
1422 controlfree = c->next;
1423 }
1424 assert(c);
1425 c->next = 0;
1426 *(uint16_t *) (c->buf + 0) = htons(0xC802); // flags/ver
1427 c->length = 12;
1428 control16(c, 0, mtype, 1);
1429 return c;
1430 }
1431
1432 // send zero block if nothing is waiting
1433 // (ZLB send).
1434 static void controlnull(tunnelidt t)
1435 {
1436 uint8_t buf[12];
1437 if (tunnel[t].controlc) // Messages queued; They will carry the ack.
1438 return;
1439
1440 *(uint16_t *) (buf + 0) = htons(0xC802); // flags/ver
1441 *(uint16_t *) (buf + 2) = htons(12); // length
1442 *(uint16_t *) (buf + 4) = htons(tunnel[t].far); // tunnel
1443 *(uint16_t *) (buf + 6) = htons(0); // session
1444 *(uint16_t *) (buf + 8) = htons(tunnel[t].ns); // sequence
1445 *(uint16_t *) (buf + 10) = htons(tunnel[t].nr); // sequence
1446 tunnelsend(buf, 12, t);
1447 }
1448
1449 // add a control message to a tunnel, and send if within window
1450 static void controladd(controlt *c, sessionidt far, tunnelidt t)
1451 {
1452 *(uint16_t *) (c->buf + 2) = htons(c->length); // length
1453 *(uint16_t *) (c->buf + 4) = htons(tunnel[t].far); // tunnel
1454 *(uint16_t *) (c->buf + 6) = htons(far); // session
1455 *(uint16_t *) (c->buf + 8) = htons(tunnel[t].ns); // sequence
1456 tunnel[t].ns++; // advance sequence
1457 // link in message in to queue
1458 if (tunnel[t].controlc)
1459 tunnel[t].controle->next = c;
1460 else
1461 tunnel[t].controls = c;
1462
1463 tunnel[t].controle = c;
1464 tunnel[t].controlc++;
1465
1466 // send now if space in window
1467 if (tunnel[t].controlc <= tunnel[t].window)
1468 {
1469 tunnel[t].try = 0; // first send
1470 tunnelsend(c->buf, c->length, t);
1471 }
1472 }
1473
1474 //
1475 // Throttle or Unthrottle a session
1476 //
1477 // Throttle the data from/to through a session to no more than
1478 // 'rate_in' kbit/sec in (from user) or 'rate_out' kbit/sec out (to
1479 // user).
1480 //
1481 // If either value is -1, the current value is retained for that
1482 // direction.
1483 //
1484 void throttle_session(sessionidt s, int rate_in, int rate_out)
1485 {
1486 if (!session[s].opened)
1487 return; // No-one home.
1488
1489 if (!*session[s].user)
1490 return; // User not logged in
1491
1492 if (rate_in >= 0)
1493 {
1494 int bytes = rate_in * 1024 / 8; // kbits to bytes
1495 if (session[s].tbf_in)
1496 free_tbf(session[s].tbf_in);
1497
1498 if (rate_in > 0)
1499 session[s].tbf_in = new_tbf(s, bytes * 2, bytes, send_ipin);
1500 else
1501 session[s].tbf_in = 0;
1502
1503 session[s].throttle_in = rate_in;
1504 }
1505
1506 if (rate_out >= 0)
1507 {
1508 int bytes = rate_out * 1024 / 8;
1509 if (session[s].tbf_out)
1510 free_tbf(session[s].tbf_out);
1511
1512 if (rate_out > 0)
1513 session[s].tbf_out = new_tbf(s, bytes * 2, bytes, send_ipout);
1514 else
1515 session[s].tbf_out = 0;
1516
1517 session[s].throttle_out = rate_out;
1518 }
1519 }
1520
1521 // add/remove filters from session (-1 = no change)
1522 void filter_session(sessionidt s, int filter_in, int filter_out)
1523 {
1524 if (!session[s].opened)
1525 return; // No-one home.
1526
1527 if (!*session[s].user)
1528 return; // User not logged in
1529
1530 // paranoia
1531 if (filter_in > MAXFILTER) filter_in = -1;
1532 if (filter_out > MAXFILTER) filter_out = -1;
1533 if (session[s].filter_in > MAXFILTER) session[s].filter_in = 0;
1534 if (session[s].filter_out > MAXFILTER) session[s].filter_out = 0;
1535
1536 if (filter_in >= 0)
1537 {
1538 if (session[s].filter_in)
1539 ip_filters[session[s].filter_in - 1].used--;
1540
1541 if (filter_in > 0)
1542 ip_filters[filter_in - 1].used++;
1543
1544 session[s].filter_in = filter_in;
1545 }
1546
1547 if (filter_out >= 0)
1548 {
1549 if (session[s].filter_out)
1550 ip_filters[session[s].filter_out - 1].used--;
1551
1552 if (filter_out > 0)
1553 ip_filters[filter_out - 1].used++;
1554
1555 session[s].filter_out = filter_out;
1556 }
1557 }
1558
1559 // start tidy shutdown of session
1560 void sessionshutdown(sessionidt s, char *reason, int result, int error)
1561 {
1562 int walled_garden = session[s].walled_garden;
1563
1564
1565 CSTAT(sessionshutdown);
1566
1567 if (!session[s].opened)
1568 {
1569 LOG(3, s, session[s].tunnel, "Called sessionshutdown on an unopened session.\n");
1570 return; // not a live session
1571 }
1572
1573 if (!session[s].die)
1574 {
1575 struct param_kill_session data = { &tunnel[session[s].tunnel], &session[s] };
1576 LOG(2, s, session[s].tunnel, "Shutting down session %d: %s\n", s, reason);
1577 run_plugins(PLUGIN_KILL_SESSION, &data);
1578 }
1579
1580 if (session[s].ip && !walled_garden && !session[s].die)
1581 {
1582 // RADIUS Stop message
1583 uint16_t r = radiusnew(s);
1584 if (r)
1585 {
1586 // stop, if not already trying
1587 if (radius[r].state != RADIUSSTOP)
1588 radiussend(r, RADIUSSTOP);
1589 }
1590 else
1591 LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Stop message\n");
1592
1593 // Save counters to dump to accounting file
1594 if (*config->accounting_dir && shut_acct_n < sizeof(shut_acct) / sizeof(*shut_acct))
1595 memcpy(&shut_acct[shut_acct_n++], &session[s], sizeof(session[s]));
1596 }
1597
1598 if (session[s].ip)
1599 { // IP allocated, clear and unroute
1600 int r;
1601 int routed = 0;
1602 for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
1603 {
1604 if ((session[s].ip & session[s].route[r].mask) ==
1605 (session[s].route[r].ip & session[s].route[r].mask))
1606 routed++;
1607
1608 routeset(s, session[s].route[r].ip, session[s].route[r].mask, 0, 0);
1609 session[s].route[r].ip = 0;
1610 }
1611
1612 if (session[s].ip_pool_index == -1) // static ip
1613 {
1614 if (!routed) routeset(s, session[s].ip, 0, 0, 0);
1615 session[s].ip = 0;
1616 }
1617 else
1618 free_ip_address(s);
1619
1620 // unroute IPv6, if setup
1621 if (session[s].ppp.ipv6cp == Opened && session[s].ipv6prefixlen)
1622 route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 0);
1623 }
1624
1625 if (session[s].throttle_in || session[s].throttle_out) // Unthrottle if throttled.
1626 throttle_session(s, 0, 0);
1627
1628 if (result)
1629 { // Send CDN
1630 controlt *c = controlnew(14); // sending CDN
1631 if (error)
1632 {
1633 uint8_t buf[4];
1634 *(uint16_t *) buf = htons(result);
1635 *(uint16_t *) (buf+2) = htons(error);
1636 controlb(c, 1, buf, 4, 1);
1637 }
1638 else
1639 control16(c, 1, result, 1);
1640
1641 control16(c, 14, s, 1); // assigned session (our end)
1642 controladd(c, session[s].far, session[s].tunnel); // send the message
1643 }
1644
1645 if (!session[s].die)
1646 session[s].die = TIME + 150; // Clean up in 15 seconds
1647
1648 // update filter refcounts
1649 if (session[s].filter_in) ip_filters[session[s].filter_in - 1].used--;
1650 if (session[s].filter_out) ip_filters[session[s].filter_out - 1].used--;
1651
1652 // clear PPP state
1653 memset(&session[s].ppp, 0, sizeof(session[s].ppp));
1654 sess_local[s].lcp.restart = 0;
1655 sess_local[s].ipcp.restart = 0;
1656 sess_local[s].ipv6cp.restart = 0;
1657 sess_local[s].ccp.restart = 0;
1658
1659 cluster_send_session(s);
1660 }
1661
1662 void sendipcp(sessionidt s, tunnelidt t)
1663 {
1664 uint8_t buf[MAXETHER];
1665 uint8_t *q;
1666
1667 CSTAT(sendipcp);
1668 LOG(3, s, t, "IPCP: send ConfigReq\n");
1669
1670 if (!session[s].unique_id)
1671 {
1672 if (!++last_id) ++last_id; // skip zero
1673 session[s].unique_id = last_id;
1674 }
1675
1676 q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPIPCP);
1677 if (!q) return;
1678
1679 *q = ConfigReq;
1680 q[1] = session[s].unique_id & 0xf; // ID, dont care, we only send one type of request
1681 *(uint16_t *) (q + 2) = htons(10); // packet length
1682 q[4] = 3; // ip address option
1683 q[5] = 6; // option length
1684 *(in_addr_t *) (q + 6) = config->peer_address ? config->peer_address :
1685 config->bind_address ? config->bind_address :
1686 my_address; // send my IP
1687
1688 tunnelsend(buf, 10 + (q - buf), t); // send it
1689 restart_timer(s, ipcp);
1690 }
1691
1692 void sendipv6cp(sessionidt s, tunnelidt t)
1693 {
1694 uint8_t buf[MAXETHER];
1695 uint8_t *q;
1696
1697 CSTAT(sendipv6cp);
1698 LOG(3, s, t, "IPV6CP: send ConfigReq\n");
1699
1700 q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPIPV6CP);
1701 if (!q) return;
1702
1703 *q = ConfigReq;
1704 q[1] = session[s].unique_id & 0xf; // ID, don't care, we
1705 // only send one type
1706 // of request
1707 *(uint16_t *) (q + 2) = htons(14);
1708 q[4] = 1; // interface identifier option
1709 q[5] = 10; // option length
1710 *(uint32_t *) (q + 6) = 0; // We'll be prefix::1
1711 *(uint32_t *) (q + 10) = 0;
1712 q[13] = 1;
1713
1714 tunnelsend(buf, 14 + (q - buf), t); // send it
1715 restart_timer(s, ipv6cp);
1716 }
1717
1718 static void sessionclear(sessionidt s)
1719 {
1720 memset(&session[s], 0, sizeof(session[s]));
1721 memset(&sess_local[s], 0, sizeof(sess_local[s]));
1722 memset(&cli_session_actions[s], 0, sizeof(cli_session_actions[s]));
1723
1724 session[s].tunnel = T_FREE; // Mark it as free.
1725 session[s].next = sessionfree;
1726 sessionfree = s;
1727 }
1728
1729 // kill a session now
1730 void sessionkill(sessionidt s, char *reason)
1731 {
1732
1733 CSTAT(sessionkill);
1734
1735 if (!session[s].opened) // not alive
1736 return;
1737
1738 if (session[s].next)
1739 {
1740 LOG(0, s, session[s].tunnel, "Tried to kill a session with next pointer set (%d)\n", session[s].next);
1741 return;
1742 }
1743
1744 session[s].die = TIME;
1745 sessionshutdown(s, reason, 3, 0); // close radius/routes, etc.
1746 if (sess_local[s].radius)
1747 radiusclear(sess_local[s].radius, s); // cant send clean accounting data, session is killed
1748
1749 LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason);
1750 sessionclear(s);
1751 cluster_send_session(s);
1752 }
1753
1754 static void tunnelclear(tunnelidt t)
1755 {
1756 if (!t) return;
1757 memset(&tunnel[t], 0, sizeof(tunnel[t]));
1758 tunnel[t].state = TUNNELFREE;
1759 }
1760
1761 // kill a tunnel now
1762 static void tunnelkill(tunnelidt t, char *reason)
1763 {
1764 sessionidt s;
1765 controlt *c;
1766
1767 CSTAT(tunnelkill);
1768
1769 tunnel[t].state = TUNNELDIE;
1770
1771 // free control messages
1772 while ((c = tunnel[t].controls))
1773 {
1774 controlt * n = c->next;
1775 tunnel[t].controls = n;
1776 tunnel[t].controlc--;
1777 c->next = controlfree;
1778 controlfree = c;
1779 }
1780 // kill sessions
1781 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
1782 if (session[s].tunnel == t)
1783 sessionkill(s, reason);
1784
1785 // free tunnel
1786 tunnelclear(t);
1787 LOG(1, 0, t, "Kill tunnel %d: %s\n", t, reason);
1788 cli_tunnel_actions[t].action = 0;
1789 cluster_send_tunnel(t);
1790 }
1791
1792 // shut down a tunnel cleanly
1793 static void tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg)
1794 {
1795 sessionidt s;
1796
1797 CSTAT(tunnelshutdown);
1798
1799 if (!tunnel[t].last || !tunnel[t].far || tunnel[t].state == TUNNELFREE)
1800 {
1801 // never set up, can immediately kill
1802 tunnelkill(t, reason);
1803 return;
1804 }
1805 LOG(1, 0, t, "Shutting down tunnel %d (%s)\n", t, reason);
1806
1807 // close session
1808 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
1809 if (session[s].tunnel == t)
1810 sessionshutdown(s, reason, 0, 0);
1811
1812 tunnel[t].state = TUNNELDIE;
1813 tunnel[t].die = TIME + 700; // Clean up in 70 seconds
1814 cluster_send_tunnel(t);
1815 // TBA - should we wait for sessions to stop?
1816 if (result)
1817 {
1818 controlt *c = controlnew(4); // sending StopCCN
1819 if (error)
1820 {
1821 uint8_t buf[64];
1822 int l = 4;
1823 *(uint16_t *) buf = htons(result);
1824 *(uint16_t *) (buf+2) = htons(error);
1825 if (msg)
1826 {
1827 int m = strlen(msg);
1828 if (m + 4 > sizeof(buf))
1829 m = sizeof(buf) - 4;
1830
1831 memcpy(buf+4, msg, m);
1832 l += m;
1833 }
1834
1835 controlb(c, 1, buf, l, 1);
1836 }
1837 else
1838 control16(c, 1, result, 1);
1839
1840 control16(c, 9, t, 1); // assigned tunnel (our end)
1841 controladd(c, 0, t); // send the message
1842 }
1843 }
1844
1845 // read and process packet on tunnel (UDP)
1846 void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
1847 {
1848 uint8_t *chapresponse = NULL;
1849 uint16_t l = len, t = 0, s = 0, ns = 0, nr = 0;
1850 uint8_t *p = buf + 2;
1851
1852
1853 CSTAT(processudp);
1854
1855 udp_rx += len;
1856 udp_rx_pkt++;
1857 LOG_HEX(5, "UDP Data", buf, len);
1858 STAT(tunnel_rx_packets);
1859 INC_STAT(tunnel_rx_bytes, len);
1860 if (len < 6)
1861 {
1862 LOG(1, 0, 0, "Short UDP, %d bytes\n", len);
1863 STAT(tunnel_rx_errors);
1864 return;
1865 }
1866 if ((buf[1] & 0x0F) != 2)
1867 {
1868 LOG(1, 0, 0, "Bad L2TP ver %d\n", (buf[1] & 0x0F) != 2);
1869 STAT(tunnel_rx_errors);
1870 return;
1871 }
1872 if (*buf & 0x40)
1873 { // length
1874 l = ntohs(*(uint16_t *) p);
1875 p += 2;
1876 }
1877 t = ntohs(*(uint16_t *) p);
1878 p += 2;
1879 s = ntohs(*(uint16_t *) p);
1880 p += 2;
1881 if (s >= MAXSESSION)
1882 {
1883 LOG(1, s, t, "Received UDP packet with invalid session ID\n");
1884 STAT(tunnel_rx_errors);
1885 return;
1886 }
1887 if (t >= MAXTUNNEL)
1888 {
1889 LOG(1, s, t, "Received UDP packet with invalid tunnel ID\n");
1890 STAT(tunnel_rx_errors);
1891 return;
1892 }
1893 if (*buf & 0x08)
1894 { // ns/nr
1895 ns = ntohs(*(uint16_t *) p);
1896 p += 2;
1897 nr = ntohs(*(uint16_t *) p);
1898 p += 2;
1899 }
1900 if (*buf & 0x02)
1901 { // offset
1902 uint16_t o = ntohs(*(uint16_t *) p);
1903 p += o + 2;
1904 }
1905 if ((p - buf) > l)
1906 {
1907 LOG(1, s, t, "Bad length %d>%d\n", (int) (p - buf), l);
1908 STAT(tunnel_rx_errors);
1909 return;
1910 }
1911 l -= (p - buf);
1912
1913 // used to time out old tunnels
1914 if (t && tunnel[t].state == TUNNELOPEN)
1915 tunnel[t].lastrec = time_now;
1916
1917 if (*buf & 0x80)
1918 { // control
1919 uint16_t message = 0xFFFF; // message type
1920 uint8_t fatal = 0;
1921 uint8_t mandatory = 0;
1922 uint16_t asession = 0; // assigned session
1923 uint32_t amagic = 0; // magic number
1924 uint8_t aflags = 0; // flags from last LCF
1925 uint16_t version = 0x0100; // protocol version (we handle 0.0 as well and send that back just in case)
1926 char called[MAXTEL] = ""; // called number
1927 char calling[MAXTEL] = ""; // calling number
1928
1929 if (!config->cluster_iam_master)
1930 {
1931 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
1932 return;
1933 }
1934
1935 // control messages must have bits 0x80|0x40|0x08
1936 // (type, length and sequence) set, and bits 0x02|0x01
1937 // (offset and priority) clear
1938 if ((*buf & 0xCB) != 0xC8)
1939 {
1940 LOG(1, s, t, "Bad control header %02X\n", *buf);
1941 STAT(tunnel_rx_errors);
1942 return;
1943 }
1944
1945 // check for duplicate tunnel open message
1946 if (!t && ns == 0)
1947 {
1948 int i;
1949
1950 //
1951 // Is this a duplicate of the first packet? (SCCRQ)
1952 //
1953 for (i = 1; i <= config->cluster_highest_tunnelid ; ++i)
1954 {
1955 if (tunnel[i].state != TUNNELOPENING ||
1956 tunnel[i].ip != ntohl(*(in_addr_t *) & addr->sin_addr) ||
1957 tunnel[i].port != ntohs(addr->sin_port) )
1958 continue;
1959 t = i;
1960 LOG(3, s, t, "Duplicate SCCRQ?\n");
1961 break;
1962 }
1963 }
1964
1965 LOG(3, s, t, "Control message (%d bytes): (unacked %d) l-ns %d l-nr %d r-ns %d r-nr %d\n",
1966 l, tunnel[t].controlc, tunnel[t].ns, tunnel[t].nr, ns, nr);
1967
1968 // if no tunnel specified, assign one
1969 if (!t)
1970 {
1971 if (!(t = new_tunnel()))
1972 {
1973 LOG(1, 0, 0, "No more tunnels\n");
1974 STAT(tunnel_overflow);
1975 return;
1976 }
1977 tunnelclear(t);
1978 tunnel[t].ip = ntohl(*(in_addr_t *) & addr->sin_addr);
1979 tunnel[t].port = ntohs(addr->sin_port);
1980 tunnel[t].window = 4; // default window
1981 STAT(tunnel_created);
1982 LOG(1, 0, t, " New tunnel from %s:%u ID %d\n",
1983 fmtaddr(htonl(tunnel[t].ip), 0), tunnel[t].port, t);
1984 }
1985
1986 // If the 'ns' just received is not the 'nr' we're
1987 // expecting, just send an ack and drop it.
1988 //
1989 // if 'ns' is less, then we got a retransmitted packet.
1990 // if 'ns' is greater than missed a packet. Either way
1991 // we should ignore it.
1992 if (ns != tunnel[t].nr)
1993 {
1994 // is this the sequence we were expecting?
1995 STAT(tunnel_rx_errors);
1996 LOG(1, 0, t, " Out of sequence tunnel %d, (%d is not the expected %d)\n",
1997 t, ns, tunnel[t].nr);
1998
1999 if (l) // Is this not a ZLB?
2000 controlnull(t);
2001 return;
2002 }
2003
2004 // check sequence of this message
2005 {
2006 int skip = tunnel[t].window; // track how many in-window packets are still in queue
2007 // some to clear maybe?
2008 while (tunnel[t].controlc > 0 && (((tunnel[t].ns - tunnel[t].controlc) - nr) & 0x8000))
2009 {
2010 controlt *c = tunnel[t].controls;
2011 tunnel[t].controls = c->next;
2012 tunnel[t].controlc--;
2013 c->next = controlfree;
2014 controlfree = c;
2015 skip--;
2016 tunnel[t].try = 0; // we have progress
2017 }
2018
2019 // receiver advance (do here so quoted correctly in any sends below)
2020 if (l) tunnel[t].nr = (ns + 1);
2021 if (skip < 0) skip = 0;
2022 if (skip < tunnel[t].controlc)
2023 {
2024 // some control packets can now be sent that were previous stuck out of window
2025 int tosend = tunnel[t].window - skip;
2026 controlt *c = tunnel[t].controls;
2027 while (c && skip)
2028 {
2029 c = c->next;
2030 skip--;
2031 }
2032 while (c && tosend)
2033 {
2034 tunnel[t].try = 0; // first send
2035 tunnelsend(c->buf, c->length, t);
2036 c = c->next;
2037 tosend--;
2038 }
2039 }
2040 if (!tunnel[t].controlc)
2041 tunnel[t].retry = 0; // caught up
2042 }
2043 if (l)
2044 { // if not a null message
2045 int result = 0;
2046 int error = 0;
2047 char *msg = 0;
2048
2049 // process AVPs
2050 while (l && !(fatal & 0x80)) // 0x80 = mandatory AVP
2051 {
2052 uint16_t n = (ntohs(*(uint16_t *) p) & 0x3FF);
2053 uint8_t *b = p;
2054 uint8_t flags = *p;
2055 uint16_t mtype;
2056 if (n > l)
2057 {
2058 LOG(1, s, t, "Invalid length in AVP\n");
2059 STAT(tunnel_rx_errors);
2060 return;
2061 }
2062 p += n; // next
2063 l -= n;
2064 if (flags & 0x3C) // reserved bits, should be clear
2065 {
2066 LOG(1, s, t, "Unrecognised AVP flags %02X\n", *b);
2067 fatal = flags;
2068 result = 2; // general error
2069 error = 3; // reserved field non-zero
2070 msg = 0;
2071 continue; // next
2072 }
2073 b += 2;
2074 if (*(uint16_t *) (b))
2075 {
2076 LOG(2, s, t, "Unknown AVP vendor %d\n", ntohs(*(uint16_t *) (b)));
2077 fatal = flags;
2078 result = 2; // general error
2079 error = 6; // generic vendor-specific error
2080 msg = "unsupported vendor-specific";
2081 continue; // next
2082 }
2083 b += 2;
2084 mtype = ntohs(*(uint16_t *) (b));
2085 b += 2;
2086 n -= 6;
2087
2088 if (flags & 0x40)
2089 {
2090 uint16_t orig_len;
2091
2092 // handle hidden AVPs
2093 if (!*config->l2tp_secret)
2094 {
2095 LOG(1, s, t, "Hidden AVP requested, but no L2TP secret.\n");
2096 fatal = flags;
2097 result = 2; // general error
2098 error = 6; // generic vendor-specific error
2099 msg = "secret not specified";
2100 continue;
2101 }
2102 if (!session[s].random_vector_length)
2103 {
2104 LOG(1, s, t, "Hidden AVP requested, but no random vector.\n");
2105 fatal = flags;
2106 result = 2; // general error
2107 error = 6; // generic
2108 msg = "no random vector";
2109 continue;
2110 }
2111 if (n < 8)
2112 {
2113 LOG(2, s, t, "Short hidden AVP.\n");
2114 fatal = flags;
2115 result = 2; // general error
2116 error = 2; // length is wrong
2117 msg = 0;
2118 continue;
2119 }
2120
2121 // Unhide the AVP
2122 unhide_value(b, n, mtype, session[s].random_vector, session[s].random_vector_length);
2123
2124 orig_len = ntohs(*(uint16_t *) b);
2125 if (orig_len > n + 2)
2126 {
2127 LOG(1, s, t, "Original length %d too long in hidden AVP of length %d; wrong secret?\n",
2128 orig_len, n);
2129
2130 fatal = flags;
2131 result = 2; // general error
2132 error = 2; // length is wrong
2133 msg = 0;
2134 continue;
2135 }
2136
2137 b += 2;
2138 n = orig_len;
2139 }
2140
2141 LOG(4, s, t, " AVP %d (%s) len %d%s%s\n", mtype, l2tp_avp_name(mtype), n,
2142 flags & 0x40 ? ", hidden" : "", flags & 0x80 ? ", mandatory" : "");
2143
2144 switch (mtype)
2145 {
2146 case 0: // message type
2147 message = ntohs(*(uint16_t *) b);
2148 mandatory = flags & 0x80;
2149 LOG(4, s, t, " Message type = %d (%s)\n", *b, l2tp_code(message));
2150 break;
2151 case 1: // result code
2152 {
2153 uint16_t rescode = ntohs(*(uint16_t *) b);
2154 const char* resdesc = "(unknown)";
2155 if (message == 4)
2156 { /* StopCCN */
2157 resdesc = l2tp_stopccn_result_code(rescode);
2158 }
2159 else if (message == 14)
2160 { /* CDN */
2161 resdesc = l2tp_cdn_result_code(rescode);
2162 }
2163
2164 LOG(4, s, t, " Result Code %d: %s\n", rescode, resdesc);
2165 if (n >= 4)
2166 {
2167 uint16_t errcode = ntohs(*(uint16_t *)(b + 2));
2168 LOG(4, s, t, " Error Code %d: %s\n", errcode, l2tp_error_code(errcode));
2169 }
2170 if (n > 4)
2171 LOG(4, s, t, " Error String: %.*s\n", n-4, b+4);
2172
2173 break;
2174 }
2175 break;
2176 case 2: // protocol version
2177 {
2178 version = ntohs(*(uint16_t *) (b));
2179 LOG(4, s, t, " Protocol version = %d\n", version);
2180 if (version && version != 0x0100)
2181 { // allow 0.0 and 1.0
2182 LOG(1, s, t, " Bad protocol version %04X\n", version);
2183 fatal = flags;
2184 result = 5; // unspported protocol version
2185 error = 0x0100; // supported version
2186 msg = 0;
2187 continue; // next
2188 }
2189 }
2190 break;
2191 case 3: // framing capabilities
2192 // LOG(4, s, t, "Framing capabilities\n");
2193 break;
2194 case 4: // bearer capabilities
2195 // LOG(4, s, t, "Bearer capabilities\n");
2196 break;
2197 case 5: // tie breaker
2198 // We never open tunnels, so we don't care about tie breakers
2199 // LOG(4, s, t, "Tie breaker\n");
2200 continue;
2201 case 6: // firmware revision
2202 // LOG(4, s, t, "Firmware revision\n");
2203 break;
2204 case 7: // host name
2205 memset(tunnel[t].hostname, 0, sizeof(tunnel[t].hostname));
2206 memcpy(tunnel[t].hostname, b, (n < sizeof(tunnel[t].hostname)) ? n : sizeof(tunnel[t].hostname) - 1);
2207 LOG(4, s, t, " Tunnel hostname = \"%s\"\n", tunnel[t].hostname);
2208 // TBA - to send to RADIUS
2209 break;
2210 case 8: // vendor name
2211 memset(tunnel[t].vendor, 0, sizeof(tunnel[t].vendor));
2212 memcpy(tunnel[t].vendor, b, (n < sizeof(tunnel[t].vendor)) ? n : sizeof(tunnel[t].vendor) - 1);
2213 LOG(4, s, t, " Vendor name = \"%s\"\n", tunnel[t].vendor);
2214 break;
2215 case 9: // assigned tunnel
2216 tunnel[t].far = ntohs(*(uint16_t *) (b));
2217 LOG(4, s, t, " Remote tunnel id = %d\n", tunnel[t].far);
2218 break;
2219 case 10: // rx window
2220 tunnel[t].window = ntohs(*(uint16_t *) (b));
2221 if (!tunnel[t].window)
2222 tunnel[t].window = 1; // window of 0 is silly
2223 LOG(4, s, t, " rx window = %d\n", tunnel[t].window);
2224 break;
2225 case 11: // Challenge
2226 {
2227 LOG(4, s, t, " LAC requested CHAP authentication for tunnel\n");
2228 build_chap_response(b, 2, n, &chapresponse);
2229 }
2230 break;
2231 case 13: // Response
2232 // Why did they send a response? We never challenge.
2233 LOG(2, s, t, " received unexpected challenge response\n");
2234 break;
2235
2236 case 14: // assigned session
2237 asession = session[s].far = ntohs(*(uint16_t *) (b));
2238 LOG(4, s, t, " assigned session = %d\n", asession);
2239 break;
2240 case 15: // call serial number
2241 LOG(4, s, t, " call serial number = %d\n", ntohl(*(uint32_t *)b));
2242 break;
2243 case 18: // bearer type
2244 LOG(4, s, t, " bearer type = %d\n", ntohl(*(uint32_t *)b));
2245 // TBA - for RADIUS
2246 break;
2247 case 19: // framing type
2248 LOG(4, s, t, " framing type = %d\n", ntohl(*(uint32_t *)b));
2249 // TBA
2250 break;
2251 case 21: // called number
2252 memset(called, 0, sizeof(called));
2253 memcpy(called, b, (n < sizeof(called)) ? n : sizeof(called) - 1);
2254 LOG(4, s, t, " Called <%s>\n", called);
2255 break;
2256 case 22: // calling number
2257 memset(calling, 0, sizeof(calling));
2258 memcpy(calling, b, (n < sizeof(calling)) ? n : sizeof(calling) - 1);
2259 LOG(4, s, t, " Calling <%s>\n", calling);
2260 break;
2261 case 23: // subtype
2262 break;
2263 case 24: // tx connect speed
2264 if (n == 4)
2265 {
2266 session[s].tx_connect_speed = ntohl(*(uint32_t *)b);
2267 }
2268 else
2269 {
2270 // AS5300s send connect speed as a string
2271 char tmp[30];
2272 memset(tmp, 0, sizeof(tmp));
2273 memcpy(tmp, b, (n < sizeof(tmp)) ? n : sizeof(tmp) - 1);
2274 session[s].tx_connect_speed = atol(tmp);
2275 }
2276 LOG(4, s, t, " TX connect speed <%u>\n", session[s].tx_connect_speed);
2277 break;
2278 case 38: // rx connect speed
2279 if (n == 4)
2280 {
2281 session[s].rx_connect_speed = ntohl(*(uint32_t *)b);
2282 }
2283 else
2284 {
2285 // AS5300s send connect speed as a string
2286 char tmp[30];
2287 memset(tmp, 0, sizeof(tmp));
2288 memcpy(tmp, b, (n < sizeof(tmp)) ? n : sizeof(tmp) - 1);
2289 session[s].rx_connect_speed = atol(tmp);
2290 }
2291 LOG(4, s, t, " RX connect speed <%u>\n", session[s].rx_connect_speed);
2292 break;
2293 case 25: // Physical Channel ID
2294 {
2295 uint32_t tmp = ntohl(*(uint32_t *) b);
2296 LOG(4, s, t, " Physical Channel ID <%X>\n", tmp);
2297 break;
2298 }
2299 case 29: // Proxy Authentication Type
2300 {
2301 uint16_t atype = ntohs(*(uint16_t *)b);
2302 LOG(4, s, t, " Proxy Auth Type %d (%s)\n", atype, ppp_auth_type(atype));
2303 break;
2304 }
2305 case 30: // Proxy Authentication Name
2306 {
2307 char authname[64];
2308 memset(authname, 0, sizeof(authname));
2309 memcpy(authname, b, (n < sizeof(authname)) ? n : sizeof(authname) - 1);
2310 LOG(4, s, t, " Proxy Auth Name (%s)\n",
2311 authname);
2312 break;
2313 }
2314 case 31: // Proxy Authentication Challenge
2315 {
2316 LOG(4, s, t, " Proxy Auth Challenge\n");
2317 break;
2318 }
2319 case 32: // Proxy Authentication ID
2320 {
2321 uint16_t authid = ntohs(*(uint16_t *)(b));
2322 LOG(4, s, t, " Proxy Auth ID (%d)\n", authid);
2323 break;
2324 }
2325 case 33: // Proxy Authentication Response
2326 LOG(4, s, t, " Proxy Auth Response\n");
2327 break;
2328 case 27: // last sent lcp
2329 { // find magic number
2330 uint8_t *p = b, *e = p + n;
2331 while (p + 1 < e && p[1] && p + p[1] <= e)
2332 {
2333 if (*p == 5 && p[1] == 6) // Magic-Number
2334 amagic = ntohl(*(uint32_t *) (p + 2));
2335 else if (*p == 7) // Protocol-Field-Compression
2336 aflags |= SESSION_PFC;
2337 else if (*p == 8) // Address-and-Control-Field-Compression
2338 aflags |= SESSION_ACFC;
2339 p += p[1];
2340 }
2341 }
2342 break;
2343 case 28: // last recv lcp confreq
2344 break;
2345 case 26: // Initial Received LCP CONFREQ
2346 break;
2347 case 39: // seq required - we control it as an LNS anyway...
2348 break;
2349 case 36: // Random Vector
2350 LOG(4, s, t, " Random Vector received. Enabled AVP Hiding.\n");
2351 memset(session[s].random_vector, 0, sizeof(session[s].random_vector));
2352 if (n > sizeof(session[s].random_vector))
2353 n = sizeof(session[s].random_vector);
2354 memcpy(session[s].random_vector, b, n);
2355 session[s].random_vector_length = n;
2356 break;
2357 default:
2358 {
2359 static char e[] = "unknown AVP 0xXXXX";
2360 LOG(2, s, t, " Unknown AVP type %d\n", mtype);
2361 fatal = flags;
2362 result = 2; // general error
2363 error = 8; // unknown mandatory AVP
2364 sprintf((msg = e) + 14, "%04x", mtype);
2365 continue; // next
2366 }
2367 }
2368 }
2369 // process message
2370 if (fatal & 0x80)
2371 tunnelshutdown(t, "Invalid mandatory AVP", result, error, msg);
2372 else
2373 switch (message)
2374 {
2375 case 1: // SCCRQ - Start Control Connection Request
2376 tunnel[t].state = TUNNELOPENING;
2377 if (main_quit != QUIT_SHUTDOWN)
2378 {
2379 controlt *c = controlnew(2); // sending SCCRP
2380 control16(c, 2, version, 1); // protocol version
2381 control32(c, 3, 3, 1); // framing
2382 controls(c, 7, hostname, 1); // host name
2383 if (chapresponse) controlb(c, 13, chapresponse, 16, 1); // Challenge response
2384 control16(c, 9, t, 1); // assigned tunnel
2385 controladd(c, 0, t); // send the resply
2386 }
2387 else
2388 {
2389 tunnelshutdown(t, "Shutting down", 6, 0, 0);
2390 }
2391 break;
2392 case 2: // SCCRP
2393 tunnel[t].state = TUNNELOPEN;
2394 break;
2395 case 3: // SCCN
2396 tunnel[t].state = TUNNELOPEN;
2397 controlnull(t); // ack
2398 break;
2399 case 4: // StopCCN
2400 controlnull(t); // ack
2401 tunnelshutdown(t, "Stopped", 0, 0, 0); // Shut down cleanly
2402 break;
2403 case 6: // HELLO
2404 controlnull(t); // simply ACK
2405 break;
2406 case 7: // OCRQ
2407 // TBA
2408 break;
2409 case 8: // OCRO
2410 // TBA
2411 break;
2412 case 9: // OCCN
2413 // TBA
2414 break;
2415 case 10: // ICRQ
2416 if (sessionfree && main_quit != QUIT_SHUTDOWN)
2417 {
2418 controlt *c = controlnew(11); // ICRP
2419
2420 s = sessionfree;
2421 sessionfree = session[s].next;
2422 memset(&session[s], 0, sizeof(session[s]));
2423
2424 if (s > config->cluster_highest_sessionid)
2425 config->cluster_highest_sessionid = s;
2426
2427 session[s].opened = time_now;
2428 session[s].tunnel = t;
2429 session[s].far = asession;
2430 session[s].last_packet = time_now;
2431 LOG(3, s, t, "New session (%d/%d)\n", tunnel[t].far, session[s].far);
2432 control16(c, 14, s, 1); // assigned session
2433 controladd(c, asession, t); // send the reply
2434
2435 strncpy(session[s].called, called, sizeof(session[s].called) - 1);
2436 strncpy(session[s].calling, calling, sizeof(session[s].calling) - 1);
2437
2438 session[s].ppp.phase = Establish;
2439 session[s].ppp.lcp = Starting;
2440
2441 STAT(session_created);
2442 break;
2443 }
2444
2445 {
2446 controlt *c = controlnew(14); // CDN
2447 if (!sessionfree)
2448 {
2449 STAT(session_overflow);
2450 LOG(1, 0, t, "No free sessions\n");
2451 control16(c, 1, 4, 0); // temporary lack of resources
2452 }
2453 else
2454 control16(c, 1, 2, 7); // shutting down, try another
2455
2456 controladd(c, asession, t); // send the message
2457 }
2458 return;
2459 case 11: // ICRP
2460 // TBA
2461 break;
2462 case 12: // ICCN
2463 if (amagic == 0) amagic = time_now;
2464 session[s].magic = amagic; // set magic number
2465 session[s].flags = aflags; // set flags received
2466 session[s].mru = PPPoE_MRU; // default
2467 controlnull(t); // ack
2468
2469 // start LCP
2470 sess_local[s].lcp_authtype = config->radius_authprefer;
2471 sess_local[s].ppp_mru = MRU;
2472 sendlcp(s, t);
2473 change_state(s, lcp, RequestSent);
2474 break;
2475
2476 case 14: // CDN
2477 controlnull(t); // ack
2478 sessionshutdown(s, "Closed (Received CDN).", 0, 0);
2479 break;
2480 case 0xFFFF:
2481 LOG(1, s, t, "Missing message type\n");
2482 break;
2483 default:
2484 STAT(tunnel_rx_errors);
2485 if (mandatory)
2486 tunnelshutdown(t, "Unknown message type", 2, 6, "unknown message type");
2487 else
2488 LOG(1, s, t, "Unknown message type %d\n", message);
2489 break;
2490 }
2491 if (chapresponse) free(chapresponse);
2492 cluster_send_tunnel(t);
2493 }
2494 else
2495 {
2496 LOG(4, s, t, " Got a ZLB ack\n");
2497 }
2498 }
2499 else
2500 { // data
2501 uint16_t proto;
2502
2503 LOG_HEX(5, "Receive Tunnel Data", p, l);
2504 if (l > 2 && p[0] == 0xFF && p[1] == 0x03)
2505 { // HDLC address header, discard
2506 p += 2;
2507 l -= 2;
2508 }
2509 if (l < 2)
2510 {
2511 LOG(1, s, t, "Short ppp length %d\n", l);
2512 STAT(tunnel_rx_errors);
2513 return;
2514 }
2515 if (*p & 1)
2516 {
2517 proto = *p++;
2518 l--;
2519 }
2520 else
2521 {
2522 proto = ntohs(*(uint16_t *) p);
2523 p += 2;
2524 l -= 2;
2525 }
2526
2527 if (s && !session[s].opened) // Is something wrong??
2528 {
2529 if (!config->cluster_iam_master)
2530 {
2531 // Pass it off to the master to deal with..
2532 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
2533 return;
2534 }
2535
2536
2537 LOG(1, s, t, "UDP packet contains session which is not opened. Dropping packet.\n");
2538 STAT(tunnel_rx_errors);
2539 return;
2540 }
2541
2542 if (proto == PPPPAP)
2543 {
2544 session[s].last_packet = time_now;
2545 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2546 processpap(s, t, p, l);
2547 }
2548 else if (proto == PPPCHAP)
2549 {
2550 session[s].last_packet = time_now;
2551 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2552 processchap(s, t, p, l);
2553 }
2554 else if (proto == PPPLCP)
2555 {
2556 session[s].last_packet = time_now;
2557 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2558 processlcp(s, t, p, l);
2559 }
2560 else if (proto == PPPIPCP)
2561 {
2562 session[s].last_packet = time_now;
2563 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2564 processipcp(s, t, p, l);
2565 }
2566 else if (proto == PPPIPV6CP && config->ipv6_prefix.s6_addr[0])
2567 {
2568 session[s].last_packet = time_now;
2569 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2570 processipv6cp(s, t, p, l);
2571 }
2572 else if (proto == PPPCCP)
2573 {
2574 session[s].last_packet = time_now;
2575 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2576 processccp(s, t, p, l);
2577 }
2578 else if (proto == PPPIP)
2579 {
2580 if (session[s].die)
2581 {
2582 LOG(4, s, t, "Session %d is closing. Don't process PPP packets\n", s);
2583 return; // closing session, PPP not processed
2584 }
2585
2586 session[s].last_packet = time_now;
2587 if (session[s].walled_garden && !config->cluster_iam_master)
2588 {
2589 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
2590 return;
2591 }
2592
2593 processipin(s, t, p, l);
2594 }
2595 else if (proto == PPPIPV6 && config->ipv6_prefix.s6_addr[0])
2596 {
2597 if (session[s].die)
2598 {
2599 LOG(4, s, t, "Session %d is closing. Don't process PPP packets\n", s);
2600 return; // closing session, PPP not processed
2601 }
2602
2603 session[s].last_packet = time_now;
2604 if (session[s].walled_garden && !config->cluster_iam_master)
2605 {
2606 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
2607 return;
2608 }
2609
2610 processipv6in(s, t, p, l);
2611 }
2612 else if (session[s].ppp.lcp == Opened)
2613 {
2614 session[s].last_packet = time_now;
2615 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2616 protoreject(s, t, p, l, proto);
2617 }
2618 else
2619 {
2620 LOG(2, s, t, "Unknown PPP protocol 0x%04X received in LCP %s state\n",
2621 proto, ppp_state(session[s].ppp.lcp));
2622 }
2623 }
2624 }
2625
2626 // read and process packet on tun
2627 static void processtun(uint8_t * buf, int len)
2628 {
2629 LOG_HEX(5, "Receive TUN Data", buf, len);
2630 STAT(tun_rx_packets);
2631 INC_STAT(tun_rx_bytes, len);
2632
2633 CSTAT(processtun);
2634
2635 eth_rx_pkt++;
2636 eth_rx += len;
2637 if (len < 22)
2638 {
2639 LOG(1, 0, 0, "Short tun packet %d bytes\n", len);
2640 STAT(tun_rx_errors);
2641 return;
2642 }
2643
2644 if (*(uint16_t *) (buf + 2) == htons(PKTIP)) // IPv4
2645 processipout(buf, len);
2646 else if (*(uint16_t *) (buf + 2) == htons(PKTIPV6) // IPV6
2647 && config->ipv6_prefix.s6_addr[0])
2648 processipv6out(buf, len);
2649
2650 // Else discard.
2651 }
2652
2653 // Handle retries, timeouts. Runs every 1/10th sec, want to ensure
2654 // that we look at the whole of the tunnel, radius and session tables
2655 // every second
2656 static void regular_cleanups(double period)
2657 {
2658 // Next tunnel, radius and session to check for actions on.
2659 static tunnelidt t = 0;
2660 static int r = 0;
2661 static sessionidt s = 0;
2662
2663 int t_actions = 0;
2664 int r_actions = 0;
2665 int s_actions = 0;
2666
2667 int t_slice;
2668 int r_slice;
2669 int s_slice;
2670
2671 int i;
2672 int a;
2673
2674 // divide up tables into slices based on the last run
2675 t_slice = config->cluster_highest_tunnelid * period;
2676 r_slice = (MAXRADIUS - 1) * period;
2677 s_slice = config->cluster_highest_sessionid * period;
2678
2679 if (t_slice < 1)
2680 t_slice = 1;
2681 else if (t_slice > config->cluster_highest_tunnelid)
2682 t_slice = config->cluster_highest_tunnelid;
2683
2684 if (r_slice < 1)
2685 r_slice = 1;
2686 else if (r_slice > (MAXRADIUS - 1))
2687 r_slice = MAXRADIUS - 1;
2688
2689 if (s_slice < 1)
2690 s_slice = 1;
2691 else if (s_slice > config->cluster_highest_sessionid)
2692 s_slice = config->cluster_highest_sessionid;
2693
2694 LOG(4, 0, 0, "Begin regular cleanup (last %f seconds ago)\n", period);
2695
2696 for (i = 0; i < t_slice; i++)
2697 {
2698 t++;
2699 if (t > config->cluster_highest_tunnelid)
2700 t = 1;
2701
2702 // check for expired tunnels
2703 if (tunnel[t].die && tunnel[t].die <= TIME)
2704 {
2705 STAT(tunnel_timeout);
2706 tunnelkill(t, "Expired");
2707 t_actions++;
2708 continue;
2709 }
2710 // check for message resend
2711 if (tunnel[t].retry && tunnel[t].controlc)
2712 {
2713 // resend pending messages as timeout on reply
2714 if (tunnel[t].retry <= TIME)
2715 {
2716 controlt *c = tunnel[t].controls;
2717 uint8_t w = tunnel[t].window;
2718 tunnel[t].try++; // another try
2719 if (tunnel[t].try > 5)
2720 tunnelkill(t, "Timeout on control message"); // game over
2721 else
2722 while (c && w--)
2723 {
2724 tunnelsend(c->buf, c->length, t);
2725 c = c->next;
2726 }
2727
2728 t_actions++;
2729 }
2730 }
2731 // Send hello
2732 if (tunnel[t].state == TUNNELOPEN && !tunnel[t].controlc && (time_now - tunnel[t].lastrec) > 60)
2733 {
2734 controlt *c = controlnew(6); // sending HELLO
2735 controladd(c, 0, t); // send the message
2736 LOG(3, 0, t, "Sending HELLO message\n");
2737 t_actions++;
2738 }
2739
2740 // Check for tunnel changes requested from the CLI
2741 if ((a = cli_tunnel_actions[t].action))
2742 {
2743 cli_tunnel_actions[t].action = 0;
2744 if (a & CLI_TUN_KILL)
2745 {
2746 LOG(2, 0, t, "Dropping tunnel by CLI\n");
2747 tunnelshutdown(t, "Requested by administrator", 1, 0, 0);
2748 t_actions++;
2749 }
2750 }
2751 }
2752
2753 for (i = 0; i < r_slice; i++)
2754 {
2755 r++;
2756 if (r >= MAXRADIUS)
2757 r = 1;
2758
2759 if (!radius[r].state)
2760 continue;
2761
2762 if (radius[r].retry <= TIME)
2763 {
2764 radiusretry(r);
2765 r_actions++;
2766 }
2767 }
2768
2769 for (i = 0; i < s_slice; i++)
2770 {
2771 s++;
2772 if (s > config->cluster_highest_sessionid)
2773 s = 1;
2774
2775 if (!session[s].opened) // Session isn't in use
2776 continue;
2777
2778 // check for expired sessions
2779 if (session[s].die)
2780 {
2781 if (session[s].die <= TIME)
2782 {
2783 sessionkill(s, "Expired");
2784 s_actions++;
2785 }
2786 continue;
2787 }
2788
2789 // PPP timeouts
2790 if (sess_local[s].lcp.restart <= time_now)
2791 {
2792 int next_state = session[s].ppp.lcp;
2793 switch (session[s].ppp.lcp)
2794 {
2795 case RequestSent:
2796 case AckReceived:
2797 next_state = RequestSent;
2798
2799 case AckSent:
2800 if (sess_local[s].lcp.conf_sent < config->ppp_max_configure)
2801 {
2802 LOG(3, s, session[s].tunnel, "No ACK for LCP ConfigReq... resending\n");
2803 sendlcp(s, session[s].tunnel);
2804 change_state(s, lcp, next_state);
2805 }
2806 else
2807 {
2808 sessionshutdown(s, "No response to LCP ConfigReq.", 3, 0);
2809 STAT(session_timeout);
2810 }
2811
2812 s_actions++;
2813 }
2814
2815 if (session[s].die)
2816 continue;
2817 }
2818
2819 if (sess_local[s].ipcp.restart <= time_now)
2820 {
2821 int next_state = session[s].ppp.ipcp;
2822 switch (session[s].ppp.ipcp)
2823 {
2824 case RequestSent:
2825 case AckReceived:
2826 next_state = RequestSent;
2827
2828 case AckSent:
2829 if (sess_local[s].ipcp.conf_sent < config->ppp_max_configure)
2830 {
2831 LOG(3, s, session[s].tunnel, "No ACK for IPCP ConfigReq... resending\n");
2832 sendipcp(s, session[s].tunnel);
2833 change_state(s, ipcp, next_state);
2834 }
2835 else
2836 {
2837 sessionshutdown(s, "No response to IPCP ConfigReq.", 3, 0);
2838 STAT(session_timeout);
2839 }
2840
2841 s_actions++;
2842 }
2843
2844 if (session[s].die)
2845 continue;
2846 }
2847
2848 if (sess_local[s].ipv6cp.restart <= time_now)
2849 {
2850 int next_state = session[s].ppp.ipv6cp;
2851 switch (session[s].ppp.ipv6cp)
2852 {
2853 case RequestSent:
2854 case AckReceived:
2855 next_state = RequestSent;
2856
2857 case AckSent:
2858 if (sess_local[s].ipv6cp.conf_sent < config->ppp_max_configure)
2859 {
2860 LOG(3, s, session[s].tunnel, "No ACK for IPV6CP ConfigReq... resending\n");
2861 sendipv6cp(s, session[s].tunnel);
2862 change_state(s, ipv6cp, next_state);
2863 }
2864 else
2865 {
2866 LOG(3, s, session[s].tunnel, "No ACK for IPV6CP ConfigReq\n");
2867 change_state(s, ipv6cp, Stopped);
2868 }
2869
2870 s_actions++;
2871 }
2872 }
2873
2874 if (sess_local[s].ccp.restart <= time_now)
2875 {
2876 int next_state = session[s].ppp.ccp;
2877 switch (session[s].ppp.ccp)
2878 {
2879 case RequestSent:
2880 case AckReceived:
2881 next_state = RequestSent;
2882
2883 case AckSent:
2884 if (sess_local[s].ccp.conf_sent < config->ppp_max_configure)
2885 {
2886 LOG(3, s, session[s].tunnel, "No ACK for CCP ConfigReq... resending\n");
2887 sendccp(s, session[s].tunnel);
2888 change_state(s, ccp, next_state);
2889 }
2890 else
2891 {
2892 LOG(3, s, session[s].tunnel, "No ACK for CCP ConfigReq\n");
2893 change_state(s, ccp, Stopped);
2894 }
2895
2896 s_actions++;
2897 }
2898 }
2899
2900 // Drop sessions who have not responded within IDLE_TIMEOUT seconds
2901 if (session[s].last_packet && (time_now - session[s].last_packet >= IDLE_TIMEOUT))
2902 {
2903 sessionshutdown(s, "No response to LCP ECHO requests.", 3, 0);
2904 STAT(session_timeout);
2905 s_actions++;
2906 continue;
2907 }
2908
2909 // No data in ECHO_TIMEOUT seconds, send LCP ECHO
2910 if (session[s].ppp.phase >= Establish && (time_now - session[s].last_packet >= ECHO_TIMEOUT) &&
2911 (time_now - sess_local[s].last_echo >= ECHO_TIMEOUT))
2912 {
2913 uint8_t b[MAXETHER];
2914
2915 uint8_t *q = makeppp(b, sizeof(b), 0, 0, s, session[s].tunnel, PPPLCP);
2916 if (!q) continue;
2917
2918 *q = EchoReq;
2919 *(uint8_t *)(q + 1) = (time_now % 255); // ID
2920 *(uint16_t *)(q + 2) = htons(8); // Length
2921 *(uint32_t *)(q + 4) = session[s].ppp.lcp == Opened ? htonl(session[s].magic) : 0; // Magic Number
2922
2923 LOG(4, s, session[s].tunnel, "No data in %d seconds, sending LCP ECHO\n",
2924 (int)(time_now - session[s].last_packet));
2925 tunnelsend(b, 24, session[s].tunnel); // send it
2926 sess_local[s].last_echo = time_now;
2927 s_actions++;
2928 }
2929
2930 // Check for actions requested from the CLI
2931 if ((a = cli_session_actions[s].action))
2932 {
2933 int send = 0;
2934
2935 cli_session_actions[s].action = 0;
2936 if (a & CLI_SESS_KILL)
2937 {
2938 LOG(2, s, session[s].tunnel, "Dropping session by CLI\n");
2939 sessionshutdown(s, "Requested by administrator.", 3, 0);
2940 a = 0; // dead, no need to check for other actions
2941 s_actions++;
2942 }
2943
2944 if (a & CLI_SESS_NOSNOOP)
2945 {
2946 LOG(2, s, session[s].tunnel, "Unsnooping session by CLI\n");
2947 session[s].snoop_ip = 0;
2948 session[s].snoop_port = 0;
2949 s_actions++;
2950 send++;
2951 }
2952 else if (a & CLI_SESS_SNOOP)
2953 {
2954 LOG(2, s, session[s].tunnel, "Snooping session by CLI (to %s:%d)\n",
2955 fmtaddr(cli_session_actions[s].snoop_ip, 0),
2956 cli_session_actions[s].snoop_port);
2957
2958 session[s].snoop_ip = cli_session_actions[s].snoop_ip;
2959 session[s].snoop_port = cli_session_actions[s].snoop_port;
2960 s_actions++;
2961 send++;
2962 }
2963
2964 if (a & CLI_SESS_NOTHROTTLE)
2965 {
2966 LOG(2, s, session[s].tunnel, "Un-throttling session by CLI\n");
2967 throttle_session(s, 0, 0);
2968 s_actions++;
2969 send++;
2970 }
2971 else if (a & CLI_SESS_THROTTLE)
2972 {
2973 LOG(2, s, session[s].tunnel, "Throttling session by CLI (to %dkb/s up and %dkb/s down)\n",
2974 cli_session_actions[s].throttle_in,
2975 cli_session_actions[s].throttle_out);
2976
2977 throttle_session(s, cli_session_actions[s].throttle_in, cli_session_actions[s].throttle_out);
2978 s_actions++;
2979 send++;
2980 }
2981
2982 if (a & CLI_SESS_NOFILTER)
2983 {
2984 LOG(2, s, session[s].tunnel, "Un-filtering session by CLI\n");
2985 filter_session(s, 0, 0);
2986 s_actions++;
2987 send++;
2988 }
2989 else if (a & CLI_SESS_FILTER)
2990 {
2991 LOG(2, s, session[s].tunnel, "Filtering session by CLI (in=%d, out=%d)\n",
2992 cli_session_actions[s].filter_in,
2993 cli_session_actions[s].filter_out);
2994
2995 filter_session(s, cli_session_actions[s].filter_in, cli_session_actions[s].filter_out);
2996 s_actions++;
2997 send++;
2998 }
2999
3000 if (send)
3001 cluster_send_session(s);
3002 }
3003
3004 // RADIUS interim accounting
3005 if (config->radius_accounting && config->radius_interim > 0
3006 && session[s].ip && !session[s].walled_garden
3007 && !sess_local[s].radius // RADIUS already in progress
3008 && time_now - sess_local[s].last_interim >= config->radius_interim)
3009 {
3010 int rad = radiusnew(s);
3011 if (!rad)
3012 {
3013 LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Interim message\n");
3014 STAT(radius_overflow);
3015 continue;
3016 }
3017
3018 LOG(3, s, session[s].tunnel, "Sending RADIUS Interim for %s (%u)\n",
3019 session[s].user, session[s].unique_id);
3020
3021 radiussend(rad, RADIUSINTERIM);
3022 sess_local[s].last_interim = time_now;
3023 s_actions++;
3024 }
3025 }
3026
3027 LOG(4, 0, 0, "End regular cleanup: checked %d/%d/%d tunnels/radius/sessions; %d/%d/%d actions\n",
3028 t_slice, r_slice, s_slice, t_actions, r_actions, s_actions);
3029 }
3030
3031 //
3032 // Are we in the middle of a tunnel update, or radius
3033 // requests??
3034 //
3035 static int still_busy(void)
3036 {
3037 int i;
3038 static clockt last_talked = 0;
3039 static clockt start_busy_wait = 0;
3040
3041 if (!config->cluster_iam_master)
3042 {
3043 #ifdef BGP
3044 static time_t stopped_bgp = 0;
3045 if (bgp_configured)
3046 {
3047 if (!stopped_bgp)
3048 {
3049 LOG(1, 0, 0, "Shutting down in %d seconds, stopping BGP...\n", QUIT_DELAY);
3050
3051 for (i = 0; i < BGP_NUM_PEERS; i++)
3052 if (bgp_peers[i].state == Established)
3053 bgp_stop(&bgp_peers[i]);
3054
3055 stopped_bgp = time_now;
3056
3057 // we don't want to become master
3058 cluster_send_ping(0);
3059
3060 return 1;
3061 }
3062
3063 if (time_now < (stopped_bgp + QUIT_DELAY))
3064 return 1;
3065 }
3066 #endif /* BGP */
3067
3068 return 0;
3069 }
3070
3071 if (main_quit == QUIT_SHUTDOWN)
3072 {
3073 static int dropped = 0;
3074 if (!dropped)
3075 {
3076 int i;
3077
3078 LOG(1, 0, 0, "Dropping sessions and tunnels\n");
3079 for (i = 1; i < MAXTUNNEL; i++)
3080 if (tunnel[i].ip || tunnel[i].state)
3081 tunnelshutdown(i, "L2TPNS Closing", 6, 0, 0);
3082
3083 dropped = 1;
3084 }
3085 }
3086
3087 if (start_busy_wait == 0)
3088 start_busy_wait = TIME;
3089
3090 for (i = config->cluster_highest_tunnelid ; i > 0 ; --i)
3091 {
3092 if (!tunnel[i].controlc)
3093 continue;
3094
3095 if (last_talked != TIME)
3096 {
3097 LOG(2, 0, 0, "Tunnel %d still has un-acked control messages.\n", i);
3098 last_talked = TIME;
3099 }
3100 return 1;
3101 }
3102
3103 // We stop waiting for radius after BUSY_WAIT_TIME 1/10th seconds
3104 if (abs(TIME - start_busy_wait) > BUSY_WAIT_TIME)
3105 {
3106 LOG(1, 0, 0, "Giving up waiting for RADIUS to be empty. Shutting down anyway.\n");
3107 return 0;
3108 }
3109
3110 for (i = 1; i < MAXRADIUS; i++)
3111 {
3112 if (radius[i].state == RADIUSNULL)
3113 continue;
3114 if (radius[i].state == RADIUSWAIT)
3115 continue;
3116
3117 if (last_talked != TIME)
3118 {
3119 LOG(2, 0, 0, "Radius session %d is still busy (sid %d)\n", i, radius[i].session);
3120 last_talked = TIME;
3121 }
3122 return 1;
3123 }
3124
3125 return 0;
3126 }
3127
3128 #ifdef HAVE_EPOLL
3129 # include <sys/epoll.h>
3130 #else
3131 # define FAKE_EPOLL_IMPLEMENTATION /* include the functions */
3132 # include "fake_epoll.h"
3133 #endif
3134
3135 // the base set of fds polled: cli, cluster, tun, udp, control, dae
3136 #define BASE_FDS 6
3137
3138 // additional polled fds
3139 #ifdef BGP
3140 # define EXTRA_FDS BGP_NUM_PEERS
3141 #else
3142 # define EXTRA_FDS 0
3143 #endif
3144
3145 // main loop - gets packets on tun or udp and processes them
3146 static void mainloop(void)
3147 {
3148 int i;
3149 uint8_t buf[65536];
3150 clockt next_cluster_ping = 0; // send initial ping immediately
3151 struct epoll_event events[BASE_FDS + RADIUS_FDS + EXTRA_FDS];
3152 int maxevent = sizeof(events)/sizeof(*events);
3153
3154 if ((epollfd = epoll_create(maxevent)) < 0)
3155 {
3156 LOG(0, 0, 0, "epoll_create failed: %s\n", strerror(errno));
3157 exit(1);
3158 }
3159
3160 LOG(4, 0, 0, "Beginning of main loop. clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d\n",
3161 clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd);
3162
3163 /* setup our fds to poll for input */
3164 {
3165 static struct event_data d[BASE_FDS];
3166 struct epoll_event e;
3167
3168 e.events = EPOLLIN;
3169 i = 0;
3170
3171 d[i].type = FD_TYPE_CLI;
3172 e.data.ptr = &d[i++];
3173 epoll_ctl(epollfd, EPOLL_CTL_ADD, clifd, &e);
3174
3175 d[i].type = FD_TYPE_CLUSTER;
3176 e.data.ptr = &d[i++];
3177 epoll_ctl(epollfd, EPOLL_CTL_ADD, cluster_sockfd, &e);
3178
3179 d[i].type = FD_TYPE_TUN;
3180 e.data.ptr = &d[i++];
3181 epoll_ctl(epollfd, EPOLL_CTL_ADD, tunfd, &e);
3182
3183 d[i].type = FD_TYPE_UDP;
3184 e.data.ptr = &d[i++];
3185 epoll_ctl(epollfd, EPOLL_CTL_ADD, udpfd, &e);
3186
3187 d[i].type = FD_TYPE_CONTROL;
3188 e.data.ptr = &d[i++];
3189 epoll_ctl(epollfd, EPOLL_CTL_ADD, controlfd, &e);
3190
3191 d[i].type = FD_TYPE_DAE;
3192 e.data.ptr = &d[i++];
3193 epoll_ctl(epollfd, EPOLL_CTL_ADD, daefd, &e);
3194 }
3195
3196 #ifdef BGP
3197 signal(SIGPIPE, SIG_IGN);
3198 bgp_setup(config->as_number);
3199 if (config->bind_address)
3200 bgp_add_route(config->bind_address, 0xffffffff);
3201
3202 for (i = 0; i < BGP_NUM_PEERS; i++)
3203 {
3204 if (config->neighbour[i].name[0])
3205 bgp_start(&bgp_peers[i], config->neighbour[i].name,
3206 config->neighbour[i].as, config->neighbour[i].keepalive,
3207 config->neighbour[i].hold, 0); /* 0 = routing disabled */
3208 }
3209 #endif /* BGP */
3210
3211 while (!main_quit || still_busy())
3212 {
3213 int more = 0;
3214 int n;
3215
3216
3217 if (main_reload)
3218 {
3219 main_reload = 0;
3220 read_config_file();
3221 config->reload_config++;
3222 }
3223
3224 if (config->reload_config)
3225 {
3226 config->reload_config = 0;
3227 update_config();
3228 }
3229
3230 #ifdef BGP
3231 bgp_set_poll();
3232 #endif /* BGP */
3233
3234 n = epoll_wait(epollfd, events, maxevent, 100); // timeout 100ms (1/10th sec)
3235 STAT(select_called);
3236
3237 TIME = now(NULL);
3238 if (n < 0)
3239 {
3240 if (errno == EINTR ||
3241 errno == ECHILD) // EINTR was clobbered by sigchild_handler()
3242 continue;
3243
3244 LOG(0, 0, 0, "Error returned from select(): %s\n", strerror(errno));
3245 break; // exit
3246 }
3247
3248 if (n)
3249 {
3250 struct sockaddr_in addr;
3251 socklen_t alen;
3252 int c, s;
3253 int udp_ready = 0;
3254 int tun_ready = 0;
3255 int cluster_ready = 0;
3256 int udp_pkts = 0;
3257 int tun_pkts = 0;
3258 int cluster_pkts = 0;
3259 #ifdef BGP
3260 uint32_t bgp_events[BGP_NUM_PEERS];
3261 memset(bgp_events, 0, sizeof(bgp_events));
3262 #endif /* BGP */
3263
3264 for (c = n, i = 0; i < c; i++)
3265 {
3266 struct event_data *d = events[i].data.ptr;
3267 switch (d->type)
3268 {
3269 case FD_TYPE_CLI: // CLI connections
3270 {
3271 int cli;
3272
3273 alen = sizeof(addr);
3274 if ((cli = accept(clifd, (struct sockaddr *)&addr, &alen)) >= 0)
3275 {
3276 cli_do(cli);
3277 close(cli);
3278 }
3279 else
3280 LOG(0, 0, 0, "accept error: %s\n", strerror(errno));
3281
3282 n--;
3283 break;
3284 }
3285
3286 // these are handled below, with multiple interleaved reads
3287 case FD_TYPE_CLUSTER: cluster_ready++; break;
3288 case FD_TYPE_TUN: tun_ready++; break;
3289 case FD_TYPE_UDP: udp_ready++; break;
3290
3291 case FD_TYPE_CONTROL: // nsctl commands
3292 alen = sizeof(addr);
3293 processcontrol(buf, recvfrom(controlfd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen), &addr, alen);
3294 n--;
3295 break;
3296
3297 case FD_TYPE_DAE: // DAE requests
3298 alen = sizeof(addr);
3299 processdae(buf, recvfrom(daefd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen), &addr, alen);
3300 n--;
3301 break;
3302
3303 case FD_TYPE_RADIUS: // RADIUS response
3304 s = recv(radfds[d->index], buf, sizeof(buf), 0);
3305 if (s >= 0 && config->cluster_iam_master)
3306 processrad(buf, s, d->index);
3307
3308 n--;
3309 break;
3310
3311 #ifdef BGP
3312 case FD_TYPE_BGP:
3313 bgp_events[d->index] = events[i].events;
3314 n--;
3315 break;
3316 #endif /* BGP */
3317
3318 default:
3319 LOG(0, 0, 0, "Unexpected fd type returned from epoll_wait: %d\n", d->type);
3320 }
3321 }
3322
3323 #ifdef BGP
3324 bgp_process(bgp_events);
3325 #endif /* BGP */
3326
3327 for (c = 0; n && c < config->multi_read_count; c++)
3328 {
3329 // L2TP
3330 if (udp_ready)
3331 {
3332 alen = sizeof(addr);
3333 if ((s = recvfrom(udpfd, buf, sizeof(buf), 0, (void *) &addr, &alen)) > 0)
3334 {
3335 processudp(buf, s, &addr);
3336 udp_pkts++;
3337 }
3338 else
3339 {
3340 udp_ready = 0;
3341 n--;
3342 }
3343 }
3344
3345 // incoming IP
3346 if (tun_ready)
3347 {
3348 if ((s = read(tunfd, buf, sizeof(buf))) > 0)
3349 {
3350 processtun(buf, s);
3351 tun_pkts++;
3352 }
3353 else
3354 {
3355 tun_ready = 0;
3356 n--;
3357 }
3358 }
3359
3360 // cluster
3361 if (cluster_ready)
3362 {
3363 alen = sizeof(addr);
3364 if ((s = recvfrom(cluster_sockfd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen)) > 0)
3365 {
3366 processcluster(buf, s, addr.sin_addr.s_addr);
3367 cluster_pkts++;
3368 }
3369 else
3370 {
3371 cluster_ready = 0;
3372 n--;
3373 }
3374 }
3375 }
3376
3377 if (udp_pkts > 1 || tun_pkts > 1 || cluster_pkts > 1)
3378 STAT(multi_read_used);
3379
3380 if (c >= config->multi_read_count)
3381 {
3382 LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun and %d cluster packets\n",
3383 config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts);
3384
3385 STAT(multi_read_exceeded);
3386 more++;
3387 }
3388 }
3389
3390 if (time_changed)
3391 {
3392 double Mbps = 1024.0 * 1024.0 / 8 * time_changed;
3393
3394 // Log current traffic stats
3395 snprintf(config->bandwidth, sizeof(config->bandwidth),
3396 "UDP-ETH:%1.0f/%1.0f ETH-UDP:%1.0f/%1.0f TOTAL:%0.1f IN:%u OUT:%u",
3397 (udp_rx / Mbps), (eth_tx / Mbps), (eth_rx / Mbps), (udp_tx / Mbps),
3398 ((udp_tx + udp_rx + eth_tx + eth_rx) / Mbps),
3399 udp_rx_pkt / time_changed, eth_rx_pkt / time_changed);
3400
3401 udp_tx = udp_rx = 0;
3402 udp_rx_pkt = eth_rx_pkt = 0;
3403 eth_tx = eth_rx = 0;
3404 time_changed = 0;
3405
3406 if (config->dump_speed)
3407 printf("%s\n", config->bandwidth);
3408
3409 // Update the internal time counter
3410 strftime(time_now_string, sizeof(time_now_string), "%Y-%m-%d %H:%M:%S", localtime(&time_now));
3411
3412 {
3413 // Run timer hooks
3414 struct param_timer p = { time_now };
3415 run_plugins(PLUGIN_TIMER, &p);
3416 }
3417 }
3418
3419 // Runs on every machine (master and slaves).
3420 if (next_cluster_ping <= TIME)
3421 {
3422 // Check to see which of the cluster is still alive..
3423
3424 cluster_send_ping(basetime); // Only does anything if we're a slave
3425 cluster_check_master(); // ditto.
3426
3427 cluster_heartbeat(); // Only does anything if we're a master.
3428 cluster_check_slaves(); // ditto.
3429
3430 master_update_counts(); // If we're a slave, send our byte counters to our master.
3431
3432 if (config->cluster_iam_master && !config->cluster_iam_uptodate)
3433 next_cluster_ping = TIME + 1; // out-of-date slaves, do fast updates
3434 else
3435 next_cluster_ping = TIME + config->cluster_hb_interval;
3436 }
3437
3438 if (!config->cluster_iam_master)
3439 continue;
3440
3441 // Run token bucket filtering queue..
3442 // Only run it every 1/10th of a second.
3443 {
3444 static clockt last_run = 0;
3445 if (last_run != TIME)
3446 {
3447 last_run = TIME;
3448 tbf_run_timer();
3449 }
3450 }
3451
3452 // Handle timeouts, retries etc.
3453 {
3454 static double last_clean = 0;
3455 double this_clean;
3456 double diff;
3457
3458 TIME = now(&this_clean);
3459 diff = this_clean - last_clean;
3460
3461 // Run during idle time (after we've handled
3462 // all incoming packets) or every 1/10th sec
3463 if (!more || diff > 0.1)
3464 {
3465 regular_cleanups(diff);
3466 last_clean = this_clean;
3467 }
3468 }
3469
3470 if (*config->accounting_dir)
3471 {
3472 static clockt next_acct = 0;
3473 static clockt next_shut_acct = 0;
3474
3475 if (next_acct <= TIME)
3476 {
3477 // Dump accounting data
3478 next_acct = TIME + ACCT_TIME;
3479 next_shut_acct = TIME + ACCT_SHUT_TIME;
3480 dump_acct_info(1);
3481 }
3482 else if (next_shut_acct <= TIME)
3483 {
3484 // Dump accounting data for shutdown sessions
3485 next_shut_acct = TIME + ACCT_SHUT_TIME;
3486 if (shut_acct_n)
3487 dump_acct_info(0);
3488 }
3489 }
3490 }
3491
3492 // Are we the master and shutting down??
3493 if (config->cluster_iam_master)
3494 cluster_heartbeat(); // Flush any queued changes..
3495
3496 // Ok. Notify everyone we're shutting down. If we're
3497 // the master, this will force an election.
3498 cluster_send_ping(0);
3499
3500 //
3501 // Important!!! We MUST not process any packets past this point!
3502 LOG(1, 0, 0, "Shutdown complete\n");
3503 }
3504
3505 static void stripdomain(char *host)
3506 {
3507 char *p;
3508
3509 if ((p = strchr(host, '.')))
3510 {
3511 char *domain = 0;
3512 char _domain[1024];
3513
3514 // strip off domain
3515 FILE *resolv = fopen("/etc/resolv.conf", "r");
3516 if (resolv)
3517 {
3518 char buf[1024];
3519 char *b;
3520
3521 while (fgets(buf, sizeof(buf), resolv))
3522 {
3523 if (strncmp(buf, "domain", 6) && strncmp(buf, "search", 6))
3524 continue;
3525
3526 if (!isspace(buf[6]))
3527 continue;
3528
3529 b = buf + 7;
3530 while (isspace(*b)) b++;
3531
3532 if (*b)
3533 {
3534 char *d = b;
3535 while (*b && !isspace(*b)) b++;
3536 *b = 0;
3537 if (buf[0] == 'd') // domain is canonical
3538 {
3539 domain = d;
3540 break;
3541 }
3542
3543 // first search line
3544 if (!domain)
3545 {
3546 // hold, may be subsequent domain line
3547 strncpy(_domain, d, sizeof(_domain))[sizeof(_domain)-1] = 0;
3548 domain = _domain;
3549 }
3550 }
3551 }
3552
3553 fclose(resolv);
3554 }
3555
3556 if (domain)
3557 {
3558 int hl = strlen(host);
3559 int dl = strlen(domain);
3560 if (dl < hl && host[hl - dl - 1] == '.' && !strcmp(host + hl - dl, domain))
3561 host[hl -dl - 1] = 0;
3562 }
3563 else
3564 {
3565 *p = 0; // everything after first dot
3566 }
3567 }
3568 }
3569
3570 // Init data structures
3571 static void initdata(int optdebug, char *optconfig)
3572 {
3573 int i;
3574
3575 if (!(config = shared_malloc(sizeof(configt))))
3576 {
3577 fprintf(stderr, "Error doing malloc for configuration: %s\n", strerror(errno));
3578 exit(1);
3579 }
3580
3581 memset(config, 0, sizeof(configt));
3582 time(&config->start_time);
3583 strncpy(config->config_file, optconfig, strlen(optconfig));
3584 config->debug = optdebug;
3585 config->num_tbfs = MAXTBFS;
3586 config->rl_rate = 28; // 28kbps
3587 config->cluster_mcast_ttl = 1;
3588 config->cluster_master_min_adv = 1;
3589 config->ppp_restart_time = 3;
3590 config->ppp_max_configure = 10;
3591 config->ppp_max_failure = 5;
3592 strcpy(config->random_device, RANDOMDEVICE);
3593
3594 log_stream = stderr;
3595
3596 #ifdef RINGBUFFER
3597 if (!(ringbuffer = shared_malloc(sizeof(struct Tringbuffer))))
3598 {
3599 LOG(0, 0, 0, "Error doing malloc for ringbuffer: %s\n", strerror(errno));
3600 exit(1);
3601 }
3602 memset(ringbuffer, 0, sizeof(struct Tringbuffer));
3603 #endif
3604
3605 if (!(_statistics = shared_malloc(sizeof(struct Tstats))))
3606 {
3607 LOG(0, 0, 0, "Error doing malloc for _statistics: %s\n", strerror(errno));
3608 exit(1);
3609 }
3610 if (!(tunnel = shared_malloc(sizeof(tunnelt) * MAXTUNNEL)))
3611 {
3612 LOG(0, 0, 0, "Error doing malloc for tunnels: %s\n", strerror(errno));
3613 exit(1);
3614 }
3615 if (!(session = shared_malloc(sizeof(sessiont) * MAXSESSION)))
3616 {
3617 LOG(0, 0, 0, "Error doing malloc for sessions: %s\n", strerror(errno));
3618 exit(1);
3619 }
3620
3621 if (!(sess_local = shared_malloc(sizeof(sessionlocalt) * MAXSESSION)))
3622 {
3623 LOG(0, 0, 0, "Error doing malloc for sess_local: %s\n", strerror(errno));
3624 exit(1);
3625 }
3626
3627 if (!(radius = shared_malloc(sizeof(radiust) * MAXRADIUS)))
3628 {
3629 LOG(0, 0, 0, "Error doing malloc for radius: %s\n", strerror(errno));
3630 exit(1);
3631 }
3632
3633 if (!(ip_address_pool = shared_malloc(sizeof(ippoolt) * MAXIPPOOL)))
3634 {
3635 LOG(0, 0, 0, "Error doing malloc for ip_address_pool: %s\n", strerror(errno));
3636 exit(1);
3637 }
3638
3639 if (!(ip_filters = shared_malloc(sizeof(ip_filtert) * MAXFILTER)))
3640 {
3641 LOG(0, 0, 0, "Error doing malloc for ip_filters: %s\n", strerror(errno));
3642 exit(1);
3643 }
3644 memset(ip_filters, 0, sizeof(ip_filtert) * MAXFILTER);
3645
3646 if (!(cli_session_actions = shared_malloc(sizeof(struct cli_session_actions) * MAXSESSION)))
3647 {
3648 LOG(0, 0, 0, "Error doing malloc for cli session actions: %s\n", strerror(errno));
3649 exit(1);
3650 }
3651 memset(cli_session_actions, 0, sizeof(struct cli_session_actions) * MAXSESSION);
3652
3653 if (!(cli_tunnel_actions = shared_malloc(sizeof(struct cli_tunnel_actions) * MAXSESSION)))
3654 {
3655 LOG(0, 0, 0, "Error doing malloc for cli tunnel actions: %s\n", strerror(errno));
3656 exit(1);
3657 }
3658 memset(cli_tunnel_actions, 0, sizeof(struct cli_tunnel_actions) * MAXSESSION);
3659
3660 memset(tunnel, 0, sizeof(tunnelt) * MAXTUNNEL);
3661 memset(session, 0, sizeof(sessiont) * MAXSESSION);
3662 memset(radius, 0, sizeof(radiust) * MAXRADIUS);
3663 memset(ip_address_pool, 0, sizeof(ippoolt) * MAXIPPOOL);
3664
3665 // Put all the sessions on the free list marked as undefined.
3666 for (i = 1; i < MAXSESSION; i++)
3667 {
3668 session[i].next = i + 1;
3669 session[i].tunnel = T_UNDEF; // mark it as not filled in.
3670 }
3671 session[MAXSESSION - 1].next = 0;
3672 sessionfree = 1;
3673
3674 // Mark all the tunnels as undefined (waiting to be filled in by a download).
3675 for (i = 1; i < MAXTUNNEL; i++)
3676 tunnel[i].state = TUNNELUNDEF; // mark it as not filled in.
3677
3678 if (!*hostname)
3679 {
3680 // Grab my hostname unless it's been specified
3681 gethostname(hostname, sizeof(hostname));
3682 stripdomain(hostname);
3683 }
3684
3685 _statistics->start_time = _statistics->last_reset = time(NULL);
3686
3687 #ifdef BGP
3688 if (!(bgp_peers = shared_malloc(sizeof(struct bgp_peer) * BGP_NUM_PEERS)))
3689 {
3690 LOG(0, 0, 0, "Error doing malloc for bgp: %s\n", strerror(errno));
3691 exit(1);
3692 }
3693 #endif /* BGP */
3694 }
3695
3696 static int assign_ip_address(sessionidt s)
3697 {
3698 uint32_t i;
3699 int best = -1;
3700 time_t best_time = time_now;
3701 char *u = session[s].user;
3702 char reuse = 0;
3703
3704
3705 CSTAT(assign_ip_address);
3706
3707 for (i = 1; i < ip_pool_size; i++)
3708 {
3709 if (!ip_address_pool[i].address || ip_address_pool[i].assigned)
3710 continue;
3711
3712 if (!session[s].walled_garden && ip_address_pool[i].user[0] && !strcmp(u, ip_address_pool[i].user))
3713 {
3714 best = i;
3715 reuse = 1;
3716 break;
3717 }
3718
3719 if (ip_address_pool[i].last < best_time)
3720 {
3721 best = i;
3722 if (!(best_time = ip_address_pool[i].last))
3723 break; // never used, grab this one
3724 }
3725 }
3726
3727 if (best < 0)
3728 {
3729 LOG(0, s, session[s].tunnel, "assign_ip_address(): out of addresses\n");
3730 return 0;
3731 }
3732
3733 session[s].ip = ip_address_pool[best].address;
3734 session[s].ip_pool_index = best;
3735 ip_address_pool[best].assigned = 1;
3736 ip_address_pool[best].last = time_now;
3737 ip_address_pool[best].session = s;
3738 if (session[s].walled_garden)
3739 /* Don't track addresses of users in walled garden (note: this
3740 means that their address isn't "sticky" even if they get
3741 un-gardened). */
3742 ip_address_pool[best].user[0] = 0;
3743 else
3744 strncpy(ip_address_pool[best].user, u, sizeof(ip_address_pool[best].user) - 1);
3745
3746 STAT(ip_allocated);
3747 LOG(4, s, session[s].tunnel, "assign_ip_address(): %s ip address %d from pool\n",
3748 reuse ? "Reusing" : "Allocating", best);
3749
3750 return 1;
3751 }
3752
3753 static void free_ip_address(sessionidt s)
3754 {
3755 int i = session[s].ip_pool_index;
3756
3757
3758 CSTAT(free_ip_address);
3759
3760 if (!session[s].ip)
3761 return; // what the?
3762
3763 if (i < 0) // Is this actually part of the ip pool?
3764 i = 0;
3765
3766 STAT(ip_freed);
3767 cache_ipmap(session[s].ip, -i); // Change the mapping to point back to the ip pool index.
3768 session[s].ip = 0;
3769 ip_address_pool[i].assigned = 0;
3770 ip_address_pool[i].session = 0;
3771 ip_address_pool[i].last = time_now;
3772 }
3773
3774 //
3775 // Fsck the address pool against the session table.
3776 // Normally only called when we become a master.
3777 //
3778 // This isn't perfect: We aren't keep tracking of which
3779 // users used to have an IP address.
3780 //
3781 void rebuild_address_pool(void)
3782 {
3783 int i;
3784
3785 //
3786 // Zero the IP pool allocation, and build
3787 // a map from IP address to pool index.
3788 for (i = 1; i < MAXIPPOOL; ++i)
3789 {
3790 ip_address_pool[i].assigned = 0;
3791 ip_address_pool[i].session = 0;
3792 if (!ip_address_pool[i].address)
3793 continue;
3794
3795 cache_ipmap(ip_address_pool[i].address, -i); // Map pool IP to pool index.
3796 }
3797
3798 for (i = 0; i < MAXSESSION; ++i)
3799 {
3800 int ipid;
3801 if (!(session[i].opened && session[i].ip))
3802 continue;
3803
3804 ipid = - lookup_ipmap(htonl(session[i].ip));
3805
3806 if (session[i].ip_pool_index < 0)
3807 {
3808 // Not allocated out of the pool.
3809 if (ipid < 1) // Not found in the pool either? good.
3810 continue;
3811
3812 LOG(0, i, 0, "Session %d has an IP address (%s) that was marked static, but is in the pool (%d)!\n",
3813 i, fmtaddr(session[i].ip, 0), ipid);
3814
3815 // Fall through and process it as part of the pool.
3816 }
3817
3818
3819 if (ipid > MAXIPPOOL || ipid < 0)
3820 {
3821 LOG(0, i, 0, "Session %d has a pool IP that's not found in the pool! (%d)\n", i, ipid);
3822 ipid = -1;
3823 session[i].ip_pool_index = ipid;
3824 continue;
3825 }
3826
3827 ip_address_pool[ipid].assigned = 1;
3828 ip_address_pool[ipid].session = i;
3829 ip_address_pool[ipid].last = time_now;
3830 strncpy(ip_address_pool[ipid].user, session[i].user, sizeof(ip_address_pool[ipid].user) - 1);
3831 session[i].ip_pool_index = ipid;
3832 cache_ipmap(session[i].ip, i); // Fix the ip map.
3833 }
3834 }
3835
3836 //
3837 // Fix the address pool to match a changed session.
3838 // (usually when the master sends us an update).
3839 static void fix_address_pool(int sid)
3840 {
3841 int ipid;
3842
3843 ipid = session[sid].ip_pool_index;
3844
3845 if (ipid > ip_pool_size)
3846 return; // Ignore it. rebuild_address_pool will fix it up.
3847
3848 if (ip_address_pool[ipid].address != session[sid].ip)
3849 return; // Just ignore it. rebuild_address_pool will take care of it.
3850
3851 ip_address_pool[ipid].assigned = 1;
3852 ip_address_pool[ipid].session = sid;
3853 ip_address_pool[ipid].last = time_now;
3854 strncpy(ip_address_pool[ipid].user, session[sid].user, sizeof(ip_address_pool[ipid].user) - 1);
3855 }
3856
3857 //
3858 // Add a block of addresses to the IP pool to hand out.
3859 //
3860 static void add_to_ip_pool(in_addr_t addr, in_addr_t mask)
3861 {
3862 int i;
3863 if (mask == 0)
3864 mask = 0xffffffff; // Host route only.
3865
3866 addr &= mask;
3867
3868 if (ip_pool_size >= MAXIPPOOL) // Pool is full!
3869 return ;
3870
3871 for (i = addr ;(i & mask) == addr; ++i)
3872 {
3873 if ((i & 0xff) == 0 || (i&0xff) == 255)
3874 continue; // Skip 0 and broadcast addresses.
3875
3876 ip_address_pool[ip_pool_size].address = i;
3877 ip_address_pool[ip_pool_size].assigned = 0;
3878 ++ip_pool_size;
3879 if (ip_pool_size >= MAXIPPOOL)
3880 {
3881 LOG(0, 0, 0, "Overflowed IP pool adding %s\n", fmtaddr(htonl(addr), 0));
3882 return;
3883 }
3884 }
3885 }
3886
3887 // Initialize the IP address pool
3888 static void initippool()
3889 {
3890 FILE *f;
3891 char *p;
3892 char buf[4096];
3893 memset(ip_address_pool, 0, sizeof(ip_address_pool));
3894
3895 if (!(f = fopen(IPPOOLFILE, "r")))
3896 {
3897 LOG(0, 0, 0, "Can't load pool file " IPPOOLFILE ": %s\n", strerror(errno));
3898 exit(1);
3899 }
3900
3901 while (ip_pool_size < MAXIPPOOL && fgets(buf, 4096, f))
3902 {
3903 char *pool = buf;
3904 buf[4095] = 0; // Force it to be zero terminated/
3905
3906 if (*buf == '#' || *buf == '\n')
3907 continue; // Skip comments / blank lines
3908 if ((p = (char *)strrchr(buf, '\n'))) *p = 0;
3909 if ((p = (char *)strchr(buf, ':')))
3910 {
3911 in_addr_t src;
3912 *p = '\0';
3913 src = inet_addr(buf);
3914 if (src == INADDR_NONE)
3915 {
3916 LOG(0, 0, 0, "Invalid address pool IP %s\n", buf);
3917 exit(1);
3918 }
3919 // This entry is for a specific IP only
3920 if (src != config->bind_address)
3921 continue;
3922 *p = ':';
3923 pool = p+1;
3924 }
3925 if ((p = (char *)strchr(pool, '/')))
3926 {
3927 // It's a range
3928 int numbits = 0;
3929 in_addr_t start = 0, mask = 0;
3930
3931 LOG(2, 0, 0, "Adding IP address range %s\n", buf);
3932 *p++ = 0;
3933 if (!*p || !(numbits = atoi(p)))
3934 {
3935 LOG(0, 0, 0, "Invalid pool range %s\n", buf);
3936 continue;
3937 }
3938 start = ntohl(inet_addr(pool));
3939 mask = (in_addr_t) (pow(2, numbits) - 1) << (32 - numbits);
3940
3941 // Add a static route for this pool
3942 LOG(5, 0, 0, "Adding route for address pool %s/%u\n",
3943 fmtaddr(htonl(start), 0), 32 + mask);
3944
3945 routeset(0, start, mask, 0, 1);
3946
3947 add_to_ip_pool(start, mask);
3948 }
3949 else
3950 {
3951 // It's a single ip address
3952 add_to_ip_pool(ntohl(inet_addr(pool)), 0);
3953 }
3954 }
3955 fclose(f);
3956 LOG(1, 0, 0, "IP address pool is %d addresses\n", ip_pool_size - 1);
3957 }
3958
3959 void snoop_send_packet(uint8_t *packet, uint16_t size, in_addr_t destination, uint16_t port)
3960 {
3961 struct sockaddr_in snoop_addr = {0};
3962 if (!destination || !port || snoopfd <= 0 || size <= 0 || !packet)
3963 return;
3964
3965 snoop_addr.sin_family = AF_INET;
3966 snoop_addr.sin_addr.s_addr = destination;
3967 snoop_addr.sin_port = ntohs(port);
3968
3969 LOG(5, 0, 0, "Snooping %d byte packet to %s:%d\n", size,
3970 fmtaddr(snoop_addr.sin_addr.s_addr, 0),
3971 htons(snoop_addr.sin_port));
3972
3973 if (sendto(snoopfd, packet, size, MSG_DONTWAIT | MSG_NOSIGNAL, (void *) &snoop_addr, sizeof(snoop_addr)) < 0)
3974 LOG(0, 0, 0, "Error sending intercept packet: %s\n", strerror(errno));
3975
3976 STAT(packets_snooped);
3977 }
3978
3979 static int dump_session(FILE **f, sessiont *s)
3980 {
3981 if (!s->opened || !s->ip || !(s->cin_delta || s->cout_delta) || !*s->user || s->walled_garden)
3982 return 1;
3983
3984 if (!*f)
3985 {
3986 char filename[1024];
3987 char timestr[64];
3988 time_t now = time(NULL);
3989
3990 strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", localtime(&now));
3991 snprintf(filename, sizeof(filename), "%s/%s", config->accounting_dir, timestr);
3992
3993 if (!(*f = fopen(filename, "w")))
3994 {
3995 LOG(0, 0, 0, "Can't write accounting info to %s: %s\n", filename, strerror(errno));
3996 return 0;
3997 }
3998
3999 LOG(3, 0, 0, "Dumping accounting information to %s\n", filename);
4000 fprintf(*f, "# dslwatch.pl dump file V1.01\n"
4001 "# host: %s\n"
4002 "# endpoint: %s\n"
4003 "# time: %ld\n"
4004 "# uptime: %ld\n"
4005 "# format: username ip qos uptxoctets downrxoctets\n",
4006 hostname,
4007 fmtaddr(config->bind_address ? config->bind_address : my_address, 0),
4008 now,
4009 now - basetime);
4010 }
4011
4012 LOG(4, 0, 0, "Dumping accounting information for %s\n", s->user);
4013 fprintf(*f, "%s %s %d %u %u\n",
4014 s->user, // username
4015 fmtaddr(htonl(s->ip), 0), // ip
4016 (s->throttle_in || s->throttle_out) ? 2 : 1, // qos
4017 (uint32_t) s->cin_delta, // uptxoctets
4018 (uint32_t) s->cout_delta); // downrxoctets
4019
4020 s->cin_delta = s->cout_delta = 0;
4021
4022 return 1;
4023 }
4024
4025 static void dump_acct_info(int all)
4026 {
4027 int i;
4028 FILE *f = NULL;
4029
4030
4031 CSTAT(dump_acct_info);
4032
4033 if (shut_acct_n)
4034 {
4035 for (i = 0; i < shut_acct_n; i++)
4036 dump_session(&f, &shut_acct[i]);
4037
4038 shut_acct_n = 0;
4039 }
4040
4041 if (all)
4042 for (i = 1; i <= config->cluster_highest_sessionid; i++)
4043 dump_session(&f, &session[i]);
4044
4045 if (f)
4046 fclose(f);
4047 }
4048
4049 // Main program
4050 int main(int argc, char *argv[])
4051 {
4052 int i;
4053 int optdebug = 0;
4054 char *optconfig = CONFIGFILE;
4055
4056 time(&basetime); // start clock
4057
4058 // scan args
4059 while ((i = getopt(argc, argv, "dvc:h:")) >= 0)
4060 {
4061 switch (i)
4062 {
4063 case 'd':
4064 if (fork()) exit(0);
4065 setsid();
4066 freopen("/dev/null", "r", stdin);
4067 freopen("/dev/null", "w", stdout);
4068 freopen("/dev/null", "w", stderr);
4069 break;
4070 case 'v':
4071 optdebug++;
4072 break;
4073 case 'c':
4074 optconfig = optarg;
4075 break;
4076 case 'h':
4077 snprintf(hostname, sizeof(hostname), "%s", optarg);
4078 break;
4079 default:
4080 printf("Args are:\n"
4081 "\t-d\t\tDetach from terminal\n"
4082 "\t-c <file>\tConfig file\n"
4083 "\t-h <hostname>\tForce hostname\n"
4084 "\t-v\t\tDebug\n");
4085
4086 return (0);
4087 break;
4088 }
4089 }
4090
4091 // Start the timer routine off
4092 time(&time_now);
4093 strftime(time_now_string, sizeof(time_now_string), "%Y-%m-%d %H:%M:%S", localtime(&time_now));
4094
4095 initplugins();
4096 initdata(optdebug, optconfig);
4097
4098 init_cli(hostname);
4099 read_config_file();
4100 update_config();
4101 init_tbf(config->num_tbfs);
4102
4103 LOG(0, 0, 0, "L2TPNS version " VERSION "\n");
4104 LOG(0, 0, 0, "Copyright (c) 2003, 2004, 2005 Optus Internet Engineering\n");
4105 LOG(0, 0, 0, "Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced\n");
4106 {
4107 struct rlimit rlim;
4108 rlim.rlim_cur = RLIM_INFINITY;
4109 rlim.rlim_max = RLIM_INFINITY;
4110 // Remove the maximum core size
4111 if (setrlimit(RLIMIT_CORE, &rlim) < 0)
4112 LOG(0, 0, 0, "Can't set ulimit: %s\n", strerror(errno));
4113
4114 // Make core dumps go to /tmp
4115 chdir("/tmp");
4116 }
4117
4118 if (config->scheduler_fifo)
4119 {
4120 int ret;
4121 struct sched_param params = {0};
4122 params.sched_priority = 1;
4123
4124 if (get_nprocs() < 2)
4125 {
4126 LOG(0, 0, 0, "Not using FIFO scheduler, there is only 1 processor in the system.\n");
4127 config->scheduler_fifo = 0;
4128 }
4129 else
4130 {
4131 if ((ret = sched_setscheduler(0, SCHED_FIFO, &params)) == 0)
4132 {
4133 LOG(1, 0, 0, "Using FIFO scheduler. Say goodbye to any other processes running\n");
4134 }
4135 else
4136 {
4137 LOG(0, 0, 0, "Error setting scheduler to FIFO: %s\n", strerror(errno));
4138 config->scheduler_fifo = 0;
4139 }
4140 }
4141 }
4142
4143 /* Set up the cluster communications port. */
4144 if (cluster_init() < 0)
4145 exit(1);
4146
4147 inittun();
4148 LOG(1, 0, 0, "Set up on interface %s\n", config->tundevice);
4149
4150 initudp();
4151 initrad();
4152 initippool();
4153
4154 // seed prng
4155 {
4156 unsigned seed = time_now ^ getpid();
4157 LOG(4, 0, 0, "Seeding the pseudo random generator: %u\n", seed);
4158 srand(seed);
4159 }
4160
4161 signal(SIGHUP, sighup_handler);
4162 signal(SIGCHLD, sigchild_handler);
4163 signal(SIGTERM, shutdown_handler);
4164 signal(SIGINT, shutdown_handler);
4165 signal(SIGQUIT, shutdown_handler);
4166
4167 // Prevent us from getting paged out
4168 if (config->lock_pages)
4169 {
4170 if (!mlockall(MCL_CURRENT))
4171 LOG(1, 0, 0, "Locking pages into memory\n");
4172 else
4173 LOG(0, 0, 0, "Can't lock pages: %s\n", strerror(errno));
4174 }
4175
4176 // Drop privileges here
4177 if (config->target_uid > 0 && geteuid() == 0)
4178 setuid(config->target_uid);
4179
4180 mainloop();
4181
4182 /* remove plugins (so cleanup code gets run) */
4183 plugins_done();
4184
4185 // Remove the PID file if we wrote it
4186 if (config->wrote_pid && *config->pid_file == '/')
4187 unlink(config->pid_file);
4188
4189 /* kill CLI children */
4190 signal(SIGTERM, SIG_IGN);
4191 kill(0, SIGTERM);
4192 return 0;
4193 }
4194
4195 static void sighup_handler(int sig)
4196 {
4197 main_reload++;
4198 }
4199
4200 static void shutdown_handler(int sig)
4201 {
4202 main_quit = (sig == SIGQUIT) ? QUIT_SHUTDOWN : QUIT_FAILOVER;
4203 }
4204
4205 static void sigchild_handler(int sig)
4206 {
4207 while (waitpid(-1, NULL, WNOHANG) > 0)
4208 ;
4209 }
4210
4211 static void build_chap_response(uint8_t *challenge, uint8_t id, uint16_t challenge_length, uint8_t **challenge_response)
4212 {
4213 MD5_CTX ctx;
4214 *challenge_response = NULL;
4215
4216 if (!*config->l2tp_secret)
4217 {
4218 LOG(0, 0, 0, "LNS requested CHAP authentication, but no l2tp secret is defined\n");
4219 return;
4220 }
4221
4222 LOG(4, 0, 0, " Building challenge response for CHAP request\n");
4223
4224 *challenge_response = calloc(17, 1);
4225
4226 MD5_Init(&ctx);
4227 MD5_Update(&ctx, &id, 1);
4228 MD5_Update(&ctx, config->l2tp_secret, strlen(config->l2tp_secret));
4229 MD5_Update(&ctx, challenge, challenge_length);
4230 MD5_Final(*challenge_response, &ctx);
4231
4232 return;
4233 }
4234
4235 static int facility_value(char *name)
4236 {
4237 int i;
4238 for (i = 0; facilitynames[i].c_name; i++)
4239 {
4240 if (strcmp(facilitynames[i].c_name, name) == 0)
4241 return facilitynames[i].c_val;
4242 }
4243 return 0;
4244 }
4245
4246 static void update_config()
4247 {
4248 int i;
4249 char *p;
4250 static int timeout = 0;
4251 static int interval = 0;
4252
4253 // Update logging
4254 closelog();
4255 syslog_log = 0;
4256 if (log_stream)
4257 {
4258 if (log_stream != stderr)
4259 fclose(log_stream);
4260
4261 log_stream = NULL;
4262 }
4263
4264 if (*config->log_filename)
4265 {
4266 if (strstr(config->log_filename, "syslog:") == config->log_filename)
4267 {
4268 char *p = config->log_filename + 7;
4269 if (*p)
4270 {
4271 openlog("l2tpns", LOG_PID, facility_value(p));
4272 syslog_log = 1;
4273 }
4274 }
4275 else if (strchr(config->log_filename, '/') == config->log_filename)
4276 {
4277 if ((log_stream = fopen((char *)(config->log_filename), "a")))
4278 {
4279 fseek(log_stream, 0, SEEK_END);
4280 setbuf(log_stream, NULL);
4281 }
4282 else
4283 {
4284 log_stream = stderr;
4285 setbuf(log_stream, NULL);
4286 }
4287 }
4288 }
4289 else
4290 {
4291 log_stream = stderr;
4292 setbuf(log_stream, NULL);
4293 }
4294
4295 #define L2TP_HDRS (20+8+6+4) // L2TP data encaptulation: ip + udp + l2tp (data) + ppp (inc hdlc)
4296 #define TCP_HDRS (20+20) // TCP encapsulation: ip + tcp
4297
4298 if (config->l2tp_mtu <= 0) config->l2tp_mtu = 1500; // ethernet default
4299 else if (config->l2tp_mtu < MINMTU) config->l2tp_mtu = MINMTU;
4300 else if (config->l2tp_mtu > MAXMTU) config->l2tp_mtu = MAXMTU;
4301
4302 // reset MRU/MSS globals
4303 MRU = config->l2tp_mtu - L2TP_HDRS;
4304 if (MRU > PPPoE_MRU)
4305 MRU = PPPoE_MRU;
4306
4307 MSS = MRU - TCP_HDRS;
4308
4309 // Update radius
4310 config->numradiusservers = 0;
4311 for (i = 0; i < MAXRADSERVER; i++)
4312 if (config->radiusserver[i])
4313 {
4314 config->numradiusservers++;
4315 // Set radius port: if not set, take the port from the
4316 // first radius server. For the first radius server,
4317 // take the #defined default value from l2tpns.h
4318
4319 // test twice, In case someone works with
4320 // a secondary radius server without defining
4321 // a primary one, this will work even then.
4322 if (i > 0 && !config->radiusport[i])
4323 config->radiusport[i] = config->radiusport[i-1];
4324 if (!config->radiusport[i])
4325 config->radiusport[i] = RADPORT;
4326 }
4327
4328 if (!config->numradiusservers)
4329 LOG(0, 0, 0, "No RADIUS servers defined!\n");
4330
4331 // parse radius_authtypes_s
4332 config->radius_authtypes = config->radius_authprefer = 0;
4333 p = config->radius_authtypes_s;
4334 while (p && *p)
4335 {
4336 char *s = strpbrk(p, " \t,");
4337 int type = 0;
4338
4339 if (s)
4340 {
4341 *s++ = 0;
4342 while (*s == ' ' || *s == '\t')
4343 s++;
4344
4345 if (!*s)
4346 s = 0;
4347 }
4348
4349 if (!strncasecmp("chap", p, strlen(p)))
4350 type = AUTHCHAP;
4351 else if (!strncasecmp("pap", p, strlen(p)))
4352 type = AUTHPAP;
4353 else
4354 LOG(0, 0, 0, "Invalid RADIUS authentication type \"%s\"\n", p);
4355
4356 config->radius_authtypes |= type;
4357 if (!config->radius_authprefer)
4358 config->radius_authprefer = type;
4359
4360 p = s;
4361 }
4362
4363 if (!config->radius_authtypes)
4364 {
4365 LOG(0, 0, 0, "Defaulting to PAP authentication\n");
4366 config->radius_authtypes = config->radius_authprefer = AUTHPAP;
4367 }
4368
4369 // normalise radius_authtypes_s
4370 if (config->radius_authprefer == AUTHPAP)
4371 {
4372 strcpy(config->radius_authtypes_s, "pap");
4373 if (config->radius_authtypes & AUTHCHAP)
4374 strcat(config->radius_authtypes_s, ", chap");
4375 }
4376 else
4377 {
4378 strcpy(config->radius_authtypes_s, "chap");
4379 if (config->radius_authtypes & AUTHPAP)
4380 strcat(config->radius_authtypes_s, ", pap");
4381 }
4382
4383 if (!config->radius_dae_port)
4384 config->radius_dae_port = DAEPORT;
4385
4386 // re-initialise the random number source
4387 initrandom(config->random_device);
4388
4389 // Update plugins
4390 for (i = 0; i < MAXPLUGINS; i++)
4391 {
4392 if (strcmp(config->plugins[i], config->old_plugins[i]) == 0)
4393 continue;
4394
4395 if (*config->plugins[i])
4396 {
4397 // Plugin added
4398 add_plugin(config->plugins[i]);
4399 }
4400 else if (*config->old_plugins[i])
4401 {
4402 // Plugin removed
4403 remove_plugin(config->old_plugins[i]);
4404 }
4405 }
4406
4407 memcpy(config->old_plugins, config->plugins, sizeof(config->plugins));
4408 if (!config->multi_read_count) config->multi_read_count = 10;
4409 if (!config->cluster_address) config->cluster_address = inet_addr(DEFAULT_MCAST_ADDR);
4410 if (!*config->cluster_interface)
4411 strncpy(config->cluster_interface, DEFAULT_MCAST_INTERFACE, sizeof(config->cluster_interface) - 1);
4412
4413 if (!config->cluster_hb_interval)
4414 config->cluster_hb_interval = PING_INTERVAL; // Heartbeat every 0.5 seconds.
4415
4416 if (!config->cluster_hb_timeout)
4417 config->cluster_hb_timeout = HB_TIMEOUT; // 10 missed heartbeat triggers an election.
4418
4419 if (interval != config->cluster_hb_interval || timeout != config->cluster_hb_timeout)
4420 {
4421 // Paranoia: cluster_check_master() treats 2 x interval + 1 sec as
4422 // late, ensure we're sufficiently larger than that
4423 int t = 4 * config->cluster_hb_interval + 11;
4424
4425 if (config->cluster_hb_timeout < t)
4426 {
4427 LOG(0, 0, 0, "Heartbeat timeout %d too low, adjusting to %d\n", config->cluster_hb_timeout, t);
4428 config->cluster_hb_timeout = t;
4429 }
4430
4431 // Push timing changes to the slaves immediately if we're the master
4432 if (config->cluster_iam_master)
4433 cluster_heartbeat();
4434
4435 interval = config->cluster_hb_interval;
4436 timeout = config->cluster_hb_timeout;
4437 }
4438
4439 // Write PID file
4440 if (*config->pid_file == '/' && !config->wrote_pid)
4441 {
4442 FILE *f;
4443 if ((f = fopen(config->pid_file, "w")))
4444 {
4445 fprintf(f, "%d\n", getpid());
4446 fclose(f);
4447 config->wrote_pid = 1;
4448 }
4449 else
4450 {
4451 LOG(0, 0, 0, "Can't write to PID file %s: %s\n", config->pid_file, strerror(errno));
4452 }
4453 }
4454 }
4455
4456 static void read_config_file()
4457 {
4458 FILE *f;
4459
4460 if (!config->config_file) return;
4461 if (!(f = fopen(config->config_file, "r")))
4462 {
4463 fprintf(stderr, "Can't open config file %s: %s\n", config->config_file, strerror(errno));
4464 return;
4465 }
4466
4467 LOG(3, 0, 0, "Reading config file %s\n", config->config_file);
4468 cli_do_file(f);
4469 LOG(3, 0, 0, "Done reading config file\n");
4470 fclose(f);
4471 }
4472
4473 int sessionsetup(sessionidt s, tunnelidt t)
4474 {
4475 // A session now exists, set it up
4476 in_addr_t ip;
4477 char *user;
4478 sessionidt i;
4479 int r;
4480
4481 CSTAT(sessionsetup);
4482
4483 LOG(3, s, t, "Doing session setup for session\n");
4484
4485 if (!session[s].ip)
4486 {
4487 assign_ip_address(s);
4488 if (!session[s].ip)
4489 {
4490 LOG(0, s, t, " No IP allocated. The IP address pool is FULL!\n");
4491 sessionshutdown(s, "No IP addresses available.", 2, 7); // try another
4492 return 0;
4493 }
4494 LOG(3, s, t, " No IP allocated. Assigned %s from pool\n",
4495 fmtaddr(htonl(session[s].ip), 0));
4496 }
4497
4498
4499 // Make sure this is right
4500 session[s].tunnel = t;
4501
4502 // zap old sessions with same IP and/or username
4503 // Don't kill gardened sessions - doing so leads to a DoS
4504 // from someone who doesn't need to know the password
4505 {
4506 ip = session[s].ip;
4507 user = session[s].user;
4508 for (i = 1; i <= config->cluster_highest_sessionid; i++)
4509 {
4510 if (i == s) continue;
4511 if (!session[s].opened) continue;
4512 if (ip == session[i].ip)
4513 {
4514 sessionkill(i, "Duplicate IP address");
4515 continue;
4516 }
4517
4518 if (config->allow_duplicate_users) continue;
4519 if (session[s].walled_garden || session[i].walled_garden) continue;
4520 if (!strcasecmp(user, session[i].user))
4521 sessionkill(i, "Duplicate session for users");
4522 }
4523 }
4524
4525 {
4526 int routed = 0;
4527
4528 // Add the route for this session.
4529 for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
4530 {
4531 if ((session[s].ip & session[s].route[r].mask) ==
4532 (session[s].route[r].ip & session[s].route[r].mask))
4533 routed++;
4534
4535 routeset(s, session[s].route[r].ip, session[s].route[r].mask, 0, 1);
4536 }
4537
4538 // Static IPs need to be routed if not already
4539 // convered by a Framed-Route. Anything else is part
4540 // of the IP address pool and is already routed, it
4541 // just needs to be added to the IP cache.
4542 // IPv6 route setup is done in ppp.c, when IPV6CP is acked.
4543 if (session[s].ip_pool_index == -1) // static ip
4544 {
4545 if (!routed) routeset(s, session[s].ip, 0, 0, 1);
4546 }
4547 else
4548 cache_ipmap(session[s].ip, s);
4549 }
4550
4551 sess_local[s].lcp_authtype = 0; // RADIUS authentication complete
4552 lcp_open(s, t); // transition to Network phase and send initial IPCP
4553
4554 // Run the plugin's against this new session.
4555 {
4556 struct param_new_session data = { &tunnel[t], &session[s] };
4557 run_plugins(PLUGIN_NEW_SESSION, &data);
4558 }
4559
4560 // Allocate TBFs if throttled
4561 if (session[s].throttle_in || session[s].throttle_out)
4562 throttle_session(s, session[s].throttle_in, session[s].throttle_out);
4563
4564 session[s].last_packet = time_now;
4565
4566 LOG(2, s, t, "Login by %s at %s from %s (%s)\n", session[s].user,
4567 fmtaddr(htonl(session[s].ip), 0),
4568 fmtaddr(htonl(tunnel[t].ip), 1), tunnel[t].hostname);
4569
4570 cluster_send_session(s); // Mark it as dirty, and needing to the flooded to the cluster.
4571
4572 return 1; // RADIUS OK and IP allocated, done...
4573 }
4574
4575 //
4576 // This session just got dropped on us by the master or something.
4577 // Make sure our tables up up to date...
4578 //
4579 int load_session(sessionidt s, sessiont *new)
4580 {
4581 int i;
4582 int newip = 0;
4583
4584 // Sanity checks.
4585 if (new->ip_pool_index >= MAXIPPOOL ||
4586 new->tunnel >= MAXTUNNEL)
4587 {
4588 LOG(0, s, 0, "Strange session update received!\n");
4589 // FIXME! What to do here?
4590 return 0;
4591 }
4592
4593 //
4594 // Ok. All sanity checks passed. Now we're committed to
4595 // loading the new session.
4596 //
4597
4598 session[s].tunnel = new->tunnel; // For logging in cache_ipmap
4599
4600 // See if routes/ip cache need updating
4601 if (new->ip != session[s].ip)
4602 newip++;
4603
4604 for (i = 0; !newip && i < MAXROUTE && (session[s].route[i].ip || new->route[i].ip); i++)
4605 if (new->route[i].ip != session[s].route[i].ip ||
4606 new->route[i].mask != session[s].route[i].mask)
4607 newip++;
4608
4609 // needs update
4610 if (newip)
4611 {
4612 int routed = 0;
4613
4614 // remove old routes...
4615 for (i = 0; i < MAXROUTE && session[s].route[i].ip; i++)
4616 {
4617 if ((session[s].ip & session[s].route[i].mask) ==
4618 (session[s].route[i].ip & session[s].route[i].mask))
4619 routed++;
4620
4621 routeset(s, session[s].route[i].ip, session[s].route[i].mask, 0, 0);
4622 }
4623
4624 // ...ip
4625 if (session[s].ip)
4626 {
4627 if (session[s].ip_pool_index == -1) // static IP
4628 {
4629 if (!routed) routeset(s, session[s].ip, 0, 0, 0);
4630 }
4631 else // It's part of the IP pool, remove it manually.
4632 uncache_ipmap(session[s].ip);
4633 }
4634
4635 routed = 0;
4636
4637 // add new routes...
4638 for (i = 0; i < MAXROUTE && new->route[i].ip; i++)
4639 {
4640 if ((new->ip & new->route[i].mask) ==
4641 (new->route[i].ip & new->route[i].mask))
4642 routed++;
4643
4644 routeset(s, new->route[i].ip, new->route[i].mask, 0, 1);
4645 }
4646
4647 // ...ip
4648 if (new->ip)
4649 {
4650 // If there's a new one, add it.
4651 if (new->ip_pool_index == -1)
4652 {
4653 if (!routed) routeset(s, new->ip, 0, 0, 1);
4654 }
4655 else
4656 cache_ipmap(new->ip, s);
4657 }
4658 }
4659
4660 // check v6 routing
4661 if (new->ipv6prefixlen && new->ppp.ipv6cp == Opened && session[s].ppp.ipv6cp != Opened)
4662 route6set(s, new->ipv6route, new->ipv6prefixlen, 1);
4663
4664 // check filters
4665 if (new->filter_in && (new->filter_in > MAXFILTER || !ip_filters[new->filter_in - 1].name[0]))
4666 {
4667 LOG(2, s, session[s].tunnel, "Dropping invalid input filter %d\n", (int) new->filter_in);
4668 new->filter_in = 0;
4669 }
4670
4671 if (new->filter_out && (new->filter_out > MAXFILTER || !ip_filters[new->filter_out - 1].name[0]))
4672 {
4673 LOG(2, s, session[s].tunnel, "Dropping invalid output filter %d\n", (int) new->filter_out);
4674 new->filter_out = 0;
4675 }
4676
4677 if (new->filter_in != session[s].filter_in)
4678 {
4679 if (session[s].filter_in) ip_filters[session[s].filter_in - 1].used--;
4680 if (new->filter_in) ip_filters[new->filter_in - 1].used++;
4681 }
4682
4683 if (new->filter_out != session[s].filter_out)
4684 {
4685 if (session[s].filter_out) ip_filters[session[s].filter_out - 1].used--;
4686 if (new->filter_out) ip_filters[new->filter_out - 1].used++;
4687 }
4688
4689 if (new->tunnel && s > config->cluster_highest_sessionid) // Maintain this in the slave. It's used
4690 // for walking the sessions to forward byte counts to the master.
4691 config->cluster_highest_sessionid = s;
4692
4693 memcpy(&session[s], new, sizeof(session[s])); // Copy over..
4694
4695 // Do fixups into address pool.
4696 if (new->ip_pool_index != -1)
4697 fix_address_pool(s);
4698
4699 return 1;
4700 }
4701
4702 static void initplugins()
4703 {
4704 int i;
4705
4706 loaded_plugins = ll_init();
4707 // Initialize the plugins to nothing
4708 for (i = 0; i < MAX_PLUGIN_TYPES; i++)
4709 plugins[i] = ll_init();
4710 }
4711
4712 static void *open_plugin(char *plugin_name, int load)
4713 {
4714 char path[256] = "";
4715
4716 snprintf(path, 256, PLUGINDIR "/%s.so", plugin_name);
4717 LOG(2, 0, 0, "%soading plugin from %s\n", load ? "L" : "Un-l", path);
4718 return dlopen(path, RTLD_NOW);
4719 }
4720
4721 // plugin callback to get a config value
4722 static void *getconfig(char *key, enum config_typet type)
4723 {
4724 int i;
4725
4726 for (i = 0; config_values[i].key; i++)
4727 {
4728 if (!strcmp(config_values[i].key, key))
4729 {
4730 if (config_values[i].type == type)
4731 return ((void *) config) + config_values[i].offset;
4732
4733 LOG(1, 0, 0, "plugin requested config item \"%s\" expecting type %d, have type %d\n",
4734 key, type, config_values[i].type);
4735
4736 return 0;
4737 }
4738 }
4739
4740 LOG(1, 0, 0, "plugin requested unknown config item \"%s\"\n", key);
4741 return 0;
4742 }
4743
4744 static int add_plugin(char *plugin_name)
4745 {
4746 static struct pluginfuncs funcs = {
4747 _log,
4748 _log_hex,
4749 fmtaddr,
4750 sessionbyuser,
4751 sessiontbysessionidt,
4752 sessionidtbysessiont,
4753 radiusnew,
4754 radiussend,
4755 getconfig,
4756 sessionshutdown,
4757 sessionkill,
4758 throttle_session,
4759 cluster_send_session,
4760 };
4761
4762 void *p = open_plugin(plugin_name, 1);
4763 int (*initfunc)(struct pluginfuncs *);
4764 int i;
4765
4766 if (!p)
4767 {
4768 LOG(1, 0, 0, " Plugin load failed: %s\n", dlerror());
4769 return -1;
4770 }
4771
4772 if (ll_contains(loaded_plugins, p))
4773 {
4774 dlclose(p);
4775 return 0; // already loaded
4776 }
4777
4778 {
4779 int *v = dlsym(p, "plugin_api_version");
4780 if (!v || *v != PLUGIN_API_VERSION)
4781 {
4782 LOG(1, 0, 0, " Plugin load failed: API version mismatch: %s\n", dlerror());
4783 dlclose(p);
4784 return -1;
4785 }
4786 }
4787
4788 if ((initfunc = dlsym(p, "plugin_init")))
4789 {
4790 if (!initfunc(&funcs))
4791 {
4792 LOG(1, 0, 0, " Plugin load failed: plugin_init() returned FALSE: %s\n", dlerror());
4793 dlclose(p);
4794 return -1;
4795 }
4796 }
4797
4798 ll_push(loaded_plugins, p);
4799
4800 for (i = 0; i < max_plugin_functions; i++)
4801 {
4802 void *x;
4803 if (plugin_functions[i] && (x = dlsym(p, plugin_functions[i])))
4804 {
4805 LOG(3, 0, 0, " Supports function \"%s\"\n", plugin_functions[i]);
4806 ll_push(plugins[i], x);
4807 }
4808 }
4809
4810 LOG(2, 0, 0, " Loaded plugin %s\n", plugin_name);
4811 return 1;
4812 }
4813
4814 static void run_plugin_done(void *plugin)
4815 {
4816 int (*donefunc)(void) = dlsym(plugin, "plugin_done");
4817
4818 if (donefunc)
4819 donefunc();
4820 }
4821
4822 static int remove_plugin(char *plugin_name)
4823 {
4824 void *p = open_plugin(plugin_name, 0);
4825 int loaded = 0;
4826
4827 if (!p)
4828 return -1;
4829
4830 if (ll_contains(loaded_plugins, p))
4831 {
4832 int i;
4833 for (i = 0; i < max_plugin_functions; i++)
4834 {
4835 void *x;
4836 if (plugin_functions[i] && (x = dlsym(p, plugin_functions[i])))
4837 ll_delete(plugins[i], x);
4838 }
4839
4840 ll_delete(loaded_plugins, p);
4841 run_plugin_done(p);
4842 loaded = 1;
4843 }
4844
4845 dlclose(p);
4846 LOG(2, 0, 0, "Removed plugin %s\n", plugin_name);
4847 return loaded;
4848 }
4849
4850 int run_plugins(int plugin_type, void *data)
4851 {
4852 int (*func)(void *data);
4853
4854 if (!plugins[plugin_type] || plugin_type > max_plugin_functions)
4855 return PLUGIN_RET_ERROR;
4856
4857 ll_reset(plugins[plugin_type]);
4858 while ((func = ll_next(plugins[plugin_type])))
4859 {
4860 int r = func(data);
4861
4862 if (r != PLUGIN_RET_OK)
4863 return r; // stop here
4864 }
4865
4866 return PLUGIN_RET_OK;
4867 }
4868
4869 static void plugins_done()
4870 {
4871 void *p;
4872
4873 ll_reset(loaded_plugins);
4874 while ((p = ll_next(loaded_plugins)))
4875 run_plugin_done(p);
4876 }
4877
4878 static void processcontrol(uint8_t *buf, int len, struct sockaddr_in *addr, int alen)
4879 {
4880 struct nsctl request;
4881 struct nsctl response;
4882 int type = unpack_control(&request, buf, len);
4883 int r;
4884 void *p;
4885
4886 if (log_stream && config->debug >= 4)
4887 {
4888 if (type < 0)
4889 {
4890 LOG(4, 0, 0, "Bogus control message from %s (%d)\n",
4891 fmtaddr(addr->sin_addr.s_addr, 0), type);
4892 }
4893 else
4894 {
4895 LOG(4, 0, 0, "Received [%s] ", fmtaddr(addr->sin_addr.s_addr, 0));
4896 dump_control(&request, log_stream);
4897 }
4898 }
4899
4900 switch (type)
4901 {
4902 case NSCTL_REQ_LOAD:
4903 if (request.argc != 1)
4904 {
4905 response.type = NSCTL_RES_ERR;
4906 response.argc = 1;
4907 response.argv[0] = "name of plugin required";
4908 }
4909 else if ((r = add_plugin(request.argv[0])) < 1)
4910 {
4911 response.type = NSCTL_RES_ERR;
4912 response.argc = 1;
4913 response.argv[0] = !r
4914 ? "plugin already loaded"
4915 : "error loading plugin";
4916 }
4917 else
4918 {
4919 response.type = NSCTL_RES_OK;
4920 response.argc = 0;
4921 }
4922
4923 break;
4924
4925 case NSCTL_REQ_UNLOAD:
4926 if (request.argc != 1)
4927 {
4928 response.type = NSCTL_RES_ERR;
4929 response.argc = 1;
4930 response.argv[0] = "name of plugin required";
4931 }
4932 else if ((r = remove_plugin(request.argv[0])) < 1)
4933 {
4934 response.type = NSCTL_RES_ERR;
4935 response.argc = 1;
4936 response.argv[0] = !r
4937 ? "plugin not loaded"
4938 : "plugin not found";
4939 }
4940 else
4941 {
4942 response.type = NSCTL_RES_OK;
4943 response.argc = 0;
4944 }
4945
4946 break;
4947
4948 case NSCTL_REQ_HELP:
4949 response.type = NSCTL_RES_OK;
4950 response.argc = 0;
4951
4952 ll_reset(loaded_plugins);
4953 while ((p = ll_next(loaded_plugins)))
4954 {
4955 char **help = dlsym(p, "plugin_control_help");
4956 while (response.argc < 0xff && help && *help)
4957 response.argv[response.argc++] = *help++;
4958 }
4959
4960 break;
4961
4962 case NSCTL_REQ_CONTROL:
4963 {
4964 struct param_control param = {
4965 config->cluster_iam_master,
4966 request.argc,
4967 request.argv,
4968 0,
4969 NULL,
4970 };
4971
4972 int r = run_plugins(PLUGIN_CONTROL, &param);
4973
4974 if (r == PLUGIN_RET_ERROR)
4975 {
4976 response.type = NSCTL_RES_ERR;
4977 response.argc = 1;
4978 response.argv[0] = param.additional
4979 ? param.additional
4980 : "error returned by plugin";
4981 }
4982 else if (r == PLUGIN_RET_NOTMASTER)
4983 {
4984 static char msg[] = "must be run on master: 000.000.000.000";
4985
4986 response.type = NSCTL_RES_ERR;
4987 response.argc = 1;
4988 if (config->cluster_master_address)
4989 {
4990 strcpy(msg + 23, fmtaddr(config->cluster_master_address, 0));
4991 response.argv[0] = msg;
4992 }
4993 else
4994 {
4995 response.argv[0] = "must be run on master: none elected";
4996 }
4997 }
4998 else if (!(param.response & NSCTL_RESPONSE))
4999 {
5000 response.type = NSCTL_RES_ERR;
5001 response.argc = 1;
5002 response.argv[0] = param.response
5003 ? "unrecognised response value from plugin"
5004 : "unhandled action";
5005 }
5006 else
5007 {
5008 response.type = param.response;
5009 response.argc = 0;
5010 if (param.additional)
5011 {
5012 response.argc = 1;
5013 response.argv[0] = param.additional;
5014 }
5015 }
5016 }
5017
5018 break;
5019
5020 default:
5021 response.type = NSCTL_RES_ERR;
5022 response.argc = 1;
5023 response.argv[0] = "error unpacking control packet";
5024 }
5025
5026 buf = calloc(NSCTL_MAX_PKT_SZ, 1);
5027 if (!buf)
5028 {
5029 LOG(2, 0, 0, "Failed to allocate nsctl response\n");
5030 return;
5031 }
5032
5033 r = pack_control(buf, NSCTL_MAX_PKT_SZ, response.type, response.argc, response.argv);
5034 if (r > 0)
5035 {
5036 sendto(controlfd, buf, r, 0, (const struct sockaddr *) addr, alen);
5037 if (log_stream && config->debug >= 4)
5038 {
5039 LOG(4, 0, 0, "Sent [%s] ", fmtaddr(addr->sin_addr.s_addr, 0));
5040 dump_control(&response, log_stream);
5041 }
5042 }
5043 else
5044 LOG(2, 0, 0, "Failed to pack nsctl response for %s (%d)\n",
5045 fmtaddr(addr->sin_addr.s_addr, 0), r);
5046
5047 free(buf);
5048 }
5049
5050 static tunnelidt new_tunnel()
5051 {
5052 tunnelidt i;
5053 for (i = 1; i < MAXTUNNEL; i++)
5054 {
5055 if (tunnel[i].state == TUNNELFREE)
5056 {
5057 LOG(4, 0, i, "Assigning tunnel ID %d\n", i);
5058 if (i > config->cluster_highest_tunnelid)
5059 config->cluster_highest_tunnelid = i;
5060 return i;
5061 }
5062 }
5063 LOG(0, 0, 0, "Can't find a free tunnel! There shouldn't be this many in use!\n");
5064 return 0;
5065 }
5066
5067 //
5068 // We're becoming the master. Do any required setup..
5069 //
5070 // This is principally telling all the plugins that we're
5071 // now a master, and telling them about all the sessions
5072 // that are active too..
5073 //
5074 void become_master(void)
5075 {
5076 int s, i;
5077 static struct event_data d[RADIUS_FDS];
5078 struct epoll_event e;
5079
5080 run_plugins(PLUGIN_BECOME_MASTER, NULL);
5081
5082 // running a bunch of iptables commands is slow and can cause
5083 // the master to drop tunnels on takeover--kludge around the
5084 // problem by forking for the moment (note: race)
5085 if (!fork_and_close())
5086 {
5087 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
5088 {
5089 if (!session[s].opened) // Not an in-use session.
5090 continue;
5091
5092 run_plugins(PLUGIN_NEW_SESSION_MASTER, &session[s]);
5093 }
5094 exit(0);
5095 }
5096
5097 // add radius fds
5098 e.events = EPOLLIN;
5099 for (i = 0; i < RADIUS_FDS; i++)
5100 {
5101 d[i].type = FD_TYPE_RADIUS;
5102 d[i].index = i;
5103 e.data.ptr = &d[i];
5104
5105 epoll_ctl(epollfd, EPOLL_CTL_ADD, radfds[i], &e);
5106 }
5107 }
5108
5109 int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc)
5110 {
5111 int s, i;
5112 int count = 0;
5113 int buckets[64];
5114
5115 if (CLI_HELP_REQUESTED)
5116 return CLI_HELP_NO_ARGS;
5117
5118 time(&time_now);
5119 for (i = 0; i < 64;++i) buckets[i] = 0;
5120
5121 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
5122 {
5123 int idle;
5124 if (!session[s].opened)
5125 continue;
5126
5127 idle = time_now - session[s].last_packet;
5128 idle /= 5 ; // In multiples of 5 seconds.
5129 if (idle < 0)
5130 idle = 0;
5131 if (idle > 63)
5132 idle = 63;
5133
5134 ++count;
5135 ++buckets[idle];
5136 }
5137
5138 for (i = 0; i < 63; ++i)
5139 {
5140 cli_print(cli, "%3d seconds : %7.2f%% (%6d)", i * 5, (double) buckets[i] * 100.0 / count , buckets[i]);
5141 }
5142 cli_print(cli, "lots of secs : %7.2f%% (%6d)", (double) buckets[63] * 100.0 / count , buckets[i]);
5143 cli_print(cli, "%d total sessions open.", count);
5144 return CLI_OK;
5145 }
5146
5147 int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc)
5148 {
5149 int s, i;
5150 int count = 0;
5151 int buckets[64];
5152
5153 if (CLI_HELP_REQUESTED)
5154 return CLI_HELP_NO_ARGS;
5155
5156 time(&time_now);
5157 for (i = 0; i < 64;++i) buckets[i] = 0;
5158
5159 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
5160 {
5161 int open = 0, d;
5162 if (!session[s].opened)
5163 continue;
5164
5165 d = time_now - session[s].opened;
5166 if (d < 0)
5167 d = 0;
5168 while (d > 1 && open < 32)
5169 {
5170 ++open;
5171 d >>= 1; // half.
5172 }
5173 ++count;
5174 ++buckets[open];
5175 }
5176
5177 s = 1;
5178 for (i = 0; i < 30; ++i)
5179 {
5180 cli_print(cli, " < %8d seconds : %7.2f%% (%6d)", s, (double) buckets[i] * 100.0 / count , buckets[i]);
5181 s <<= 1;
5182 }
5183 cli_print(cli, "%d total sessions open.", count);
5184 return CLI_OK;
5185 }
5186
5187 /* Unhide an avp.
5188 *
5189 * This unencodes the AVP using the L2TP secret and the previously
5190 * stored random vector. It overwrites the hidden data with the
5191 * unhidden AVP subformat.
5192 */
5193 static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len)
5194 {
5195 MD5_CTX ctx;
5196 uint8_t digest[16];
5197 uint8_t *last;
5198 size_t d = 0;
5199 uint16_t m = htons(type);
5200
5201 // Compute initial pad
5202 MD5_Init(&ctx);
5203 MD5_Update(&ctx, (unsigned char *) &m, 2);
5204 MD5_Update(&ctx, config->l2tp_secret, strlen(config->l2tp_secret));
5205 MD5_Update(&ctx, vector, vec_len);
5206 MD5_Final(digest, &ctx);
5207
5208 // pointer to last decoded 16 octets
5209 last = value;
5210
5211 while (len > 0)
5212 {
5213 // calculate a new pad based on the last decoded block
5214 if (d >= sizeof(digest))
5215 {
5216 MD5_Init(&ctx);
5217 MD5_Update(&ctx, config->l2tp_secret, strlen(config->l2tp_secret));
5218 MD5_Update(&ctx, last, sizeof(digest));
5219 MD5_Final(digest, &ctx);
5220
5221 d = 0;
5222 last = value;
5223 }
5224
5225 *value++ ^= digest[d++];
5226 len--;
5227 }
5228 }
5229
5230 int find_filter(char const *name, size_t len)
5231 {
5232 int free = -1;
5233 int i;
5234
5235 for (i = 0; i < MAXFILTER; i++)
5236 {
5237 if (!*ip_filters[i].name)
5238 {
5239 if (free < 0)
5240 free = i;
5241
5242 continue;
5243 }
5244
5245 if (strlen(ip_filters[i].name) != len)
5246 continue;
5247
5248 if (!strncmp(ip_filters[i].name, name, len))
5249 return i;
5250 }
5251
5252 return free;
5253 }
5254
5255 static int ip_filter_port(ip_filter_portt *p, uint16_t port)
5256 {
5257 switch (p->op)
5258 {
5259 case FILTER_PORT_OP_EQ: return port == p->port;
5260 case FILTER_PORT_OP_NEQ: return port != p->port;
5261 case FILTER_PORT_OP_GT: return port > p->port;
5262 case FILTER_PORT_OP_LT: return port < p->port;
5263 case FILTER_PORT_OP_RANGE: return port >= p->port && port <= p->port2;
5264 }
5265
5266 return 0;
5267 }
5268
5269 static int ip_filter_flag(uint8_t op, uint8_t sflags, uint8_t cflags, uint8_t flags)
5270 {
5271 switch (op)
5272 {
5273 case FILTER_FLAG_OP_ANY:
5274 return (flags & sflags) || (~flags & cflags);
5275
5276 case FILTER_FLAG_OP_ALL:
5277 return (flags & sflags) == sflags && (~flags & cflags) == cflags;
5278
5279 case FILTER_FLAG_OP_EST:
5280 return (flags & (TCP_FLAG_ACK|TCP_FLAG_RST)) && (~flags & TCP_FLAG_SYN);
5281 }
5282
5283 return 0;
5284 }
5285
5286 int ip_filter(uint8_t *buf, int len, uint8_t filter)
5287 {
5288 uint16_t frag_offset;
5289 uint8_t proto;
5290 in_addr_t src_ip;
5291 in_addr_t dst_ip;
5292 uint16_t src_port = 0;
5293 uint16_t dst_port = 0;
5294 uint8_t flags = 0;
5295 ip_filter_rulet *rule;
5296
5297 if (len < 20) // up to end of destination address
5298 return 0;
5299
5300 if ((*buf >> 4) != 4) // IPv4
5301 return 0;
5302
5303 frag_offset = ntohs(*(uint16_t *) (buf + 6)) & 0x1fff;
5304 proto = buf[9];
5305 src_ip = *(in_addr_t *) (buf + 12);
5306 dst_ip = *(in_addr_t *) (buf + 16);
5307
5308 if (frag_offset == 0 && (proto == IPPROTO_TCP || proto == IPPROTO_UDP))
5309 {
5310 int l = (buf[0] & 0xf) * 4; // length of IP header
5311 if (len < l + 4) // ports
5312 return 0;
5313
5314 src_port = ntohs(*(uint16_t *) (buf + l));
5315 dst_port = ntohs(*(uint16_t *) (buf + l + 2));
5316 if (proto == IPPROTO_TCP)
5317 {
5318 if (len < l + 14) // flags
5319 return 0;
5320
5321 flags = buf[l + 13] & 0x3f;
5322 }
5323 }
5324
5325 for (rule = ip_filters[filter].rules; rule->action; rule++)
5326 {
5327 if (rule->proto != IPPROTO_IP && proto != rule->proto)
5328 continue;
5329
5330 if (rule->src_wild != INADDR_BROADCAST &&
5331 (src_ip & ~rule->src_wild) != (rule->src_ip & ~rule->src_wild))
5332 continue;
5333
5334 if (rule->dst_wild != INADDR_BROADCAST &&
5335 (dst_ip & ~rule->dst_wild) != (rule->dst_ip & ~rule->dst_wild))
5336 continue;
5337
5338 if (frag_offset)
5339 {
5340 // layer 4 deny rules are skipped
5341 if (rule->action == FILTER_ACTION_DENY &&
5342 (rule->src_ports.op || rule->dst_ports.op || rule->tcp_flag_op))
5343 continue;
5344 }
5345 else
5346 {
5347 if (rule->frag)
5348 continue;
5349
5350 if (proto == IPPROTO_TCP || proto == IPPROTO_UDP)
5351 {
5352 if (rule->src_ports.op && !ip_filter_port(&rule->src_ports, src_port))
5353 continue;
5354
5355 if (rule->dst_ports.op && !ip_filter_port(&rule->dst_ports, dst_port))
5356 continue;
5357
5358 if (proto == IPPROTO_TCP && rule->tcp_flag_op &&
5359 !ip_filter_flag(rule->tcp_flag_op, rule->tcp_sflags, rule->tcp_cflags, flags))
5360 continue;
5361 }
5362 }
5363
5364 // matched
5365 rule->counter++;
5366 return rule->action == FILTER_ACTION_PERMIT;
5367 }
5368
5369 // default deny
5370 return 0;
5371 }
for cloning use: "git clone git://git.sameswireless.fr/l2tpns.git" ; For add to your sources.list: "deb http://package.sameswifi.fr/ jessie main"