9671a694b8f1ec2c024ce69a5d6d03a3e7820c92
[l2tpns.git] / l2tpns.c
1 // L2TP Network Server
2 // Adrian Kennard 2002
3 // Copyright (c) 2003, 2004, 2005 Optus Internet Engineering
4 // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
5 // vim: sw=8 ts=8
6
7 char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.132 2005-09-15 09:34:48 bodea Exp $";
8
9 #include <arpa/inet.h>
10 #include <assert.h>
11 #include <errno.h>
12 #include <fcntl.h>
13 #include <linux/if_tun.h>
14 #define SYSLOG_NAMES
15 #include <syslog.h>
16 #include <malloc.h>
17 #include <math.h>
18 #include <net/route.h>
19 #include <sys/mman.h>
20 #include <netdb.h>
21 #include <netinet/in.h>
22 #include <netinet/ip6.h>
23 #include <stdarg.h>
24 #include <stdlib.h>
25 #include <stdio.h>
26 #include <string.h>
27 #include <ctype.h>
28 #include <sys/ioctl.h>
29 #include <sys/socket.h>
30 #include <sys/stat.h>
31 #include <sys/time.h>
32 #include <sys/resource.h>
33 #include <sys/wait.h>
34 #include <linux/if.h>
35 #include <stddef.h>
36 #include <time.h>
37 #include <dlfcn.h>
38 #include <unistd.h>
39 #include <sched.h>
40 #include <sys/sysinfo.h>
41 #include <libcli.h>
42
43 #include "md5.h"
44 #include "l2tpns.h"
45 #include "cluster.h"
46 #include "plugin.h"
47 #include "ll.h"
48 #include "constants.h"
49 #include "control.h"
50 #include "util.h"
51 #include "tbf.h"
52
53 #ifdef BGP
54 #include "bgp.h"
55 #endif
56
57 // Globals
58 configt *config = NULL; // all configuration
59 int tunfd = -1; // tun interface file handle. (network device)
60 int udpfd = -1; // UDP file handle
61 int controlfd = -1; // Control signal handle
62 int clifd = -1; // Socket listening for CLI connections.
63 int daefd = -1; // Socket listening for DAE connections.
64 int snoopfd = -1; // UDP file handle for sending out intercept data
65 int *radfds = NULL; // RADIUS requests file handles
66 int ifrfd = -1; // File descriptor for routing, etc
67 int ifr6fd = -1; // File descriptor for IPv6 routing, etc
68 int rand_fd = -1; // Random data source
69 int cluster_sockfd = -1; // Intra-cluster communications socket.
70 int epollfd = -1; // event polling
71 time_t basetime = 0; // base clock
72 char hostname[1000] = ""; // us.
73 static int tunidx; // ifr_ifindex of tun device
74 static int syslog_log = 0; // are we logging to syslog
75 static FILE *log_stream = 0; // file handle for direct logging (i.e. direct into file, not via syslog).
76 uint32_t last_id = 0; // Unique ID for radius accounting
77
78 struct cli_session_actions *cli_session_actions = NULL; // Pending session changes requested by CLI
79 struct cli_tunnel_actions *cli_tunnel_actions = NULL; // Pending tunnel changes required by CLI
80
81 static void *ip_hash[256]; // Mapping from IP address to session structures.
82 struct ipv6radix {
83 int sess;
84 struct ipv6radix *branch;
85 } ipv6_hash[256]; // Mapping from IPv6 address to session structures.
86
87 // Traffic counters.
88 static uint32_t udp_rx = 0, udp_rx_pkt = 0, udp_tx = 0;
89 static uint32_t eth_rx = 0, eth_rx_pkt = 0;
90 uint32_t eth_tx = 0;
91
92 static uint32_t ip_pool_size = 1; // Size of the pool of addresses used for dynamic address allocation.
93 time_t time_now = 0; // Current time in seconds since epoch.
94 static char time_now_string[64] = {0}; // Current time as a string.
95 char main_quit = 0; // True if we're in the process of exiting.
96 linked_list *loaded_plugins;
97 linked_list *plugins[MAX_PLUGIN_TYPES];
98
99 #define membersize(STRUCT, MEMBER) sizeof(((STRUCT *)0)->MEMBER)
100 #define CONFIG(NAME, MEMBER, TYPE) { NAME, offsetof(configt, MEMBER), membersize(configt, MEMBER), TYPE }
101
102 config_descriptt config_values[] = {
103 CONFIG("debug", debug, INT),
104 CONFIG("log_file", log_filename, STRING),
105 CONFIG("pid_file", pid_file, STRING),
106 CONFIG("random_device", random_device, STRING),
107 CONFIG("l2tp_secret", l2tpsecret, STRING),
108 CONFIG("ppp_restart_time", ppp_restart_time, INT),
109 CONFIG("ppp_max_configure", ppp_max_configure, INT),
110 CONFIG("ppp_max_failure", ppp_max_failure, INT),
111 CONFIG("ppp_mru", ppp_mru, INT),
112 CONFIG("primary_dns", default_dns1, IPv4),
113 CONFIG("secondary_dns", default_dns2, IPv4),
114 CONFIG("primary_radius", radiusserver[0], IPv4),
115 CONFIG("secondary_radius", radiusserver[1], IPv4),
116 CONFIG("primary_radius_port", radiusport[0], SHORT),
117 CONFIG("secondary_radius_port", radiusport[1], SHORT),
118 CONFIG("radius_accounting", radius_accounting, BOOL),
119 CONFIG("radius_interim", radius_interim, INT),
120 CONFIG("radius_secret", radiussecret, STRING),
121 CONFIG("radius_authtypes", radius_authtypes_s, STRING),
122 CONFIG("radius_dae_port", radius_dae_port, SHORT),
123 CONFIG("allow_duplicate_users", allow_duplicate_users, BOOL),
124 CONFIG("bind_address", bind_address, IPv4),
125 CONFIG("peer_address", peer_address, IPv4),
126 CONFIG("send_garp", send_garp, BOOL),
127 CONFIG("throttle_speed", rl_rate, UNSIGNED_LONG),
128 CONFIG("throttle_buckets", num_tbfs, INT),
129 CONFIG("accounting_dir", accounting_dir, STRING),
130 CONFIG("setuid", target_uid, INT),
131 CONFIG("dump_speed", dump_speed, BOOL),
132 CONFIG("multi_read_count", multi_read_count, INT),
133 CONFIG("scheduler_fifo", scheduler_fifo, BOOL),
134 CONFIG("lock_pages", lock_pages, BOOL),
135 CONFIG("icmp_rate", icmp_rate, INT),
136 CONFIG("packet_limit", max_packets, INT),
137 CONFIG("cluster_address", cluster_address, IPv4),
138 CONFIG("cluster_interface", cluster_interface, STRING),
139 CONFIG("cluster_mcast_ttl", cluster_mcast_ttl, INT),
140 CONFIG("cluster_hb_interval", cluster_hb_interval, INT),
141 CONFIG("cluster_hb_timeout", cluster_hb_timeout, INT),
142 CONFIG("cluster_master_min_adv", cluster_master_min_adv, INT),
143 CONFIG("ipv6_prefix", ipv6_prefix, IPv6),
144 { NULL, 0, 0, 0 },
145 };
146
147 static char *plugin_functions[] = {
148 NULL,
149 "plugin_pre_auth",
150 "plugin_post_auth",
151 "plugin_packet_rx",
152 "plugin_packet_tx",
153 "plugin_timer",
154 "plugin_new_session",
155 "plugin_kill_session",
156 "plugin_control",
157 "plugin_radius_response",
158 "plugin_radius_reset",
159 "plugin_become_master",
160 "plugin_new_session_master",
161 };
162
163 #define max_plugin_functions (sizeof(plugin_functions) / sizeof(char *))
164
165 // Counters for shutdown sessions
166 static sessiont shut_acct[8192];
167 static sessionidt shut_acct_n = 0;
168
169 tunnelt *tunnel = NULL; // Array of tunnel structures.
170 sessiont *session = NULL; // Array of session structures.
171 sessionlocalt *sess_local = NULL; // Array of local per-session counters.
172 radiust *radius = NULL; // Array of radius structures.
173 ippoolt *ip_address_pool = NULL; // Array of dynamic IP addresses.
174 ip_filtert *ip_filters = NULL; // Array of named filters.
175 static controlt *controlfree = 0;
176 struct Tstats *_statistics = NULL;
177 #ifdef RINGBUFFER
178 struct Tringbuffer *ringbuffer = NULL;
179 #endif
180
181 static void cache_ipmap(in_addr_t ip, int s);
182 static void uncache_ipmap(in_addr_t ip);
183 static void cache_ipv6map(struct in6_addr ip, int prefixlen, int s);
184 static void free_ip_address(sessionidt s);
185 static void dump_acct_info(int all);
186 static void sighup_handler(int sig);
187 static void sigalrm_handler(int sig);
188 static void shutdown_handler(int sig);
189 static void sigchild_handler(int sig);
190 static void build_chap_response(uint8_t *challenge, uint8_t id, uint16_t challenge_length, uint8_t **challenge_response);
191 static void update_config(void);
192 static void read_config_file(void);
193 static void initplugins(void);
194 static int add_plugin(char *plugin_name);
195 static int remove_plugin(char *plugin_name);
196 static void plugins_done(void);
197 static void processcontrol(uint8_t *buf, int len, struct sockaddr_in *addr, int alen);
198 static tunnelidt new_tunnel(void);
199 static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len);
200
201 // on slaves, alow BGP to withdraw cleanly before exiting
202 #define QUIT_DELAY 5
203
204 // quit actions (master)
205 #define QUIT_FAILOVER 1 // SIGTERM: exit when all control messages have been acked (for cluster failover)
206 #define QUIT_SHUTDOWN 2 // SIGQUIT: shutdown sessions/tunnels, reject new connections
207
208 // return internal time (10ths since process startup), set f if given
209 static clockt now(double *f)
210 {
211 struct timeval t;
212 gettimeofday(&t, 0);
213 if (f) *f = t.tv_sec + t.tv_usec / 1000000.0;
214 return (t.tv_sec - basetime) * 10 + t.tv_usec / 100000 + 1;
215 }
216
217 // work out a retry time based on try number
218 // This is a straight bounded exponential backoff.
219 // Maximum re-try time is 32 seconds. (2^5).
220 clockt backoff(uint8_t try)
221 {
222 if (try > 5) try = 5; // max backoff
223 return now(NULL) + 10 * (1 << try);
224 }
225
226
227 //
228 // Log a debug message. Typically called via the LOG macro
229 //
230 void _log(int level, sessionidt s, tunnelidt t, const char *format, ...)
231 {
232 static char message[65536] = {0};
233 va_list ap;
234
235 #ifdef RINGBUFFER
236 if (ringbuffer)
237 {
238 if (++ringbuffer->tail >= RINGBUFFER_SIZE)
239 ringbuffer->tail = 0;
240 if (ringbuffer->tail == ringbuffer->head)
241 if (++ringbuffer->head >= RINGBUFFER_SIZE)
242 ringbuffer->head = 0;
243
244 ringbuffer->buffer[ringbuffer->tail].level = level;
245 ringbuffer->buffer[ringbuffer->tail].session = s;
246 ringbuffer->buffer[ringbuffer->tail].tunnel = t;
247 va_start(ap, format);
248 vsnprintf(ringbuffer->buffer[ringbuffer->tail].message, 4095, format, ap);
249 va_end(ap);
250 }
251 #endif
252
253 if (config->debug < level) return;
254
255 va_start(ap, format);
256 vsnprintf(message, sizeof(message), format, ap);
257
258 if (log_stream)
259 fprintf(log_stream, "%s %02d/%02d %s", time_now_string, t, s, message);
260 else if (syslog_log)
261 syslog(level + 2, "%02d/%02d %s", t, s, message); // We don't need LOG_EMERG or LOG_ALERT
262
263 va_end(ap);
264 }
265
266 void _log_hex(int level, const char *title, const uint8_t *data, int maxsize)
267 {
268 int i, j;
269 const uint8_t *d = data;
270
271 if (config->debug < level) return;
272
273 // No support for _log_hex to syslog
274 if (log_stream)
275 {
276 _log(level, 0, 0, "%s (%d bytes):\n", title, maxsize);
277 setvbuf(log_stream, NULL, _IOFBF, 16384);
278
279 for (i = 0; i < maxsize; )
280 {
281 fprintf(log_stream, "%4X: ", i);
282 for (j = i; j < maxsize && j < (i + 16); j++)
283 {
284 fprintf(log_stream, "%02X ", d[j]);
285 if (j == i + 7)
286 fputs(": ", log_stream);
287 }
288
289 for (; j < i + 16; j++)
290 {
291 fputs(" ", log_stream);
292 if (j == i + 7)
293 fputs(": ", log_stream);
294 }
295
296 fputs(" ", log_stream);
297 for (j = i; j < maxsize && j < (i + 16); j++)
298 {
299 if (d[j] >= 0x20 && d[j] < 0x7f && d[j] != 0x20)
300 fputc(d[j], log_stream);
301 else
302 fputc('.', log_stream);
303
304 if (j == i + 7)
305 fputs(" ", log_stream);
306 }
307
308 i = j;
309 fputs("\n", log_stream);
310 }
311
312 fflush(log_stream);
313 setbuf(log_stream, NULL);
314 }
315 }
316
317 // update a counter, accumulating 2^32 wraps
318 void increment_counter(uint32_t *counter, uint32_t *wrap, uint32_t delta)
319 {
320 uint32_t new = *counter + delta;
321 if (new < *counter)
322 (*wrap)++;
323
324 *counter = new;
325 }
326
327 // initialise the random generator
328 static void initrandom(char *source)
329 {
330 static char path[sizeof(config->random_device)] = "*undefined*";
331
332 // reinitialise only if we are forced to do so or if the config has changed
333 if (source && !strncmp(path, source, sizeof(path)))
334 return;
335
336 // close previous source, if any
337 if (rand_fd >= 0)
338 close(rand_fd);
339
340 rand_fd = -1;
341
342 if (source)
343 {
344 // register changes
345 snprintf(path, sizeof(path), "%s", source);
346
347 if (*path == '/')
348 {
349 rand_fd = open(path, O_RDONLY|O_NONBLOCK);
350 if (rand_fd < 0)
351 LOG(0, 0, 0, "Error opening the random device %s: %s\n",
352 path, strerror(errno));
353 }
354 }
355 }
356
357 // fill buffer with random data
358 void random_data(uint8_t *buf, int len)
359 {
360 int n = 0;
361
362 CSTAT(random_data);
363 if (rand_fd >= 0)
364 {
365 n = read(rand_fd, buf, len);
366 if (n >= len) return;
367 if (n < 0)
368 {
369 if (errno != EAGAIN)
370 {
371 LOG(0, 0, 0, "Error reading from random source: %s\n",
372 strerror(errno));
373
374 // fall back to rand()
375 initrandom(NULL);
376 }
377
378 n = 0;
379 }
380 }
381
382 // append missing data
383 while (n < len)
384 // not using the low order bits from the prng stream
385 buf[n++] = (rand() >> 4) & 0xff;
386 }
387
388 // Add a route
389 //
390 // This adds it to the routing table, advertises it
391 // via BGP if enabled, and stuffs it into the
392 // 'sessionbyip' cache.
393 //
394 // 'ip' and 'mask' must be in _host_ order.
395 //
396 static void routeset(sessionidt s, in_addr_t ip, in_addr_t mask, in_addr_t gw, int add)
397 {
398 struct rtentry r;
399 int i;
400
401 if (!mask) mask = 0xffffffff;
402
403 ip &= mask; // Force the ip to be the first one in the route.
404
405 memset(&r, 0, sizeof(r));
406 r.rt_dev = config->tundevice;
407 r.rt_dst.sa_family = AF_INET;
408 *(uint32_t *) & (((struct sockaddr_in *) &r.rt_dst)->sin_addr.s_addr) = htonl(ip);
409 r.rt_gateway.sa_family = AF_INET;
410 *(uint32_t *) & (((struct sockaddr_in *) &r.rt_gateway)->sin_addr.s_addr) = htonl(gw);
411 r.rt_genmask.sa_family = AF_INET;
412 *(uint32_t *) & (((struct sockaddr_in *) &r.rt_genmask)->sin_addr.s_addr) = htonl(mask);
413 r.rt_flags = (RTF_UP | RTF_STATIC);
414 if (gw)
415 r.rt_flags |= RTF_GATEWAY;
416 else if (mask == 0xffffffff)
417 r.rt_flags |= RTF_HOST;
418
419 LOG(1, s, 0, "Route %s %s/%s%s%s\n", add ? "add" : "del",
420 fmtaddr(htonl(ip), 0), fmtaddr(htonl(mask), 1),
421 gw ? " via" : "", gw ? fmtaddr(htonl(gw), 2) : "");
422
423 if (ioctl(ifrfd, add ? SIOCADDRT : SIOCDELRT, (void *) &r) < 0)
424 LOG(0, 0, 0, "routeset() error in ioctl: %s\n", strerror(errno));
425
426 #ifdef BGP
427 if (add)
428 bgp_add_route(htonl(ip), htonl(mask));
429 else
430 bgp_del_route(htonl(ip), htonl(mask));
431 #endif /* BGP */
432
433 // Add/Remove the IPs to the 'sessionbyip' cache.
434 // Note that we add the zero address in the case of
435 // a network route. Roll on CIDR.
436
437 // Note that 's == 0' implies this is the address pool.
438 // We still cache it here, because it will pre-fill
439 // the malloc'ed tree.
440
441 if (s)
442 {
443 if (!add) // Are we deleting a route?
444 s = 0; // Caching the session as '0' is the same as uncaching.
445
446 for (i = ip; (i&mask) == (ip&mask) ; ++i)
447 cache_ipmap(i, s);
448 }
449 }
450
451 void route6set(sessionidt s, struct in6_addr ip, int prefixlen, int add)
452 {
453 struct in6_rtmsg rt;
454 char ipv6addr[INET6_ADDRSTRLEN];
455
456 if (ifr6fd < 0)
457 {
458 LOG(0, 0, 0, "Asked to set IPv6 route, but IPv6 not setup.\n");
459 return;
460 }
461
462 memset(&rt, 0, sizeof(rt));
463
464 memcpy(&rt.rtmsg_dst, &ip, sizeof(struct in6_addr));
465 rt.rtmsg_dst_len = prefixlen;
466 rt.rtmsg_metric = 1;
467 rt.rtmsg_flags = RTF_UP;
468 rt.rtmsg_ifindex = tunidx;
469
470 LOG(1, 0, 0, "Route %s %s/%d\n",
471 add ? "add" : "del",
472 inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN),
473 prefixlen);
474
475 if (ioctl(ifr6fd, add ? SIOCADDRT : SIOCDELRT, (void *) &rt) < 0)
476 LOG(0, 0, 0, "route6set() error in ioctl: %s\n",
477 strerror(errno));
478
479 // FIXME: need to add BGP routing (RFC2858)
480
481 if (s)
482 {
483 if (!add) // Are we deleting a route?
484 s = 0; // Caching the session as '0' is the same as uncaching.
485
486 cache_ipv6map(ip, prefixlen, s);
487 }
488
489 return;
490 }
491
492 // defined in linux/ipv6.h, but tricky to include from user-space
493 // TODO: move routing to use netlink rather than ioctl
494 struct in6_ifreq {
495 struct in6_addr ifr6_addr;
496 __u32 ifr6_prefixlen;
497 unsigned int ifr6_ifindex;
498 };
499
500 //
501 // Set up TUN interface
502 static void inittun(void)
503 {
504 struct ifreq ifr;
505 struct in6_ifreq ifr6;
506 struct sockaddr_in sin = {0};
507 memset(&ifr, 0, sizeof(ifr));
508 ifr.ifr_flags = IFF_TUN;
509
510 tunfd = open(TUNDEVICE, O_RDWR);
511 if (tunfd < 0)
512 { // fatal
513 LOG(0, 0, 0, "Can't open %s: %s\n", TUNDEVICE, strerror(errno));
514 exit(1);
515 }
516 {
517 int flags = fcntl(tunfd, F_GETFL, 0);
518 fcntl(tunfd, F_SETFL, flags | O_NONBLOCK);
519 }
520 if (ioctl(tunfd, TUNSETIFF, (void *) &ifr) < 0)
521 {
522 LOG(0, 0, 0, "Can't set tun interface: %s\n", strerror(errno));
523 exit(1);
524 }
525 assert(strlen(ifr.ifr_name) < sizeof(config->tundevice));
526 strncpy(config->tundevice, ifr.ifr_name, sizeof(config->tundevice) - 1);
527 ifrfd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
528
529 sin.sin_family = AF_INET;
530 sin.sin_addr.s_addr = config->bind_address ? config->bind_address : 0x01010101; // 1.1.1.1
531 memcpy(&ifr.ifr_addr, &sin, sizeof(struct sockaddr));
532
533 if (ioctl(ifrfd, SIOCSIFADDR, (void *) &ifr) < 0)
534 {
535 LOG(0, 0, 0, "Error setting tun address: %s\n", strerror(errno));
536 exit(1);
537 }
538 /* Bump up the qlen to deal with bursts from the network */
539 ifr.ifr_qlen = 1000;
540 if (ioctl(ifrfd, SIOCSIFTXQLEN, (void *) &ifr) < 0)
541 {
542 LOG(0, 0, 0, "Error setting tun queue length: %s\n", strerror(errno));
543 exit(1);
544 }
545 ifr.ifr_flags = IFF_UP;
546 if (ioctl(ifrfd, SIOCSIFFLAGS, (void *) &ifr) < 0)
547 {
548 LOG(0, 0, 0, "Error setting tun flags: %s\n", strerror(errno));
549 exit(1);
550 }
551 if (ioctl(ifrfd, SIOCGIFINDEX, (void *) &ifr) < 0)
552 {
553 LOG(0, 0, 0, "Error getting tun ifindex: %s\n", strerror(errno));
554 exit(1);
555 }
556 tunidx = ifr.ifr_ifindex;
557
558 // Only setup IPv6 on the tun device if we have a configured prefix
559 if (config->ipv6_prefix.s6_addr[0]) {
560 ifr6fd = socket(PF_INET6, SOCK_DGRAM, 0);
561
562 // Link local address is FE80::1
563 memset(&ifr6.ifr6_addr, 0, sizeof(ifr6.ifr6_addr));
564 ifr6.ifr6_addr.s6_addr[0] = 0xFE;
565 ifr6.ifr6_addr.s6_addr[1] = 0x80;
566 ifr6.ifr6_addr.s6_addr[15] = 1;
567 ifr6.ifr6_prefixlen = 64;
568 ifr6.ifr6_ifindex = ifr.ifr_ifindex;
569 if (ioctl(ifr6fd, SIOCSIFADDR, (void *) &ifr6) < 0)
570 {
571 LOG(0, 0, 0, "Error setting tun IPv6 link local address:"
572 " %s\n", strerror(errno));
573 }
574
575 // Global address is prefix::1
576 memset(&ifr6.ifr6_addr, 0, sizeof(ifr6.ifr6_addr));
577 ifr6.ifr6_addr = config->ipv6_prefix;
578 ifr6.ifr6_addr.s6_addr[15] = 1;
579 ifr6.ifr6_prefixlen = 64;
580 ifr6.ifr6_ifindex = ifr.ifr_ifindex;
581 if (ioctl(ifr6fd, SIOCSIFADDR, (void *) &ifr6) < 0)
582 {
583 LOG(0, 0, 0, "Error setting tun IPv6 global address: %s\n",
584 strerror(errno));
585 }
586 }
587 }
588
589 // set up UDP ports
590 static void initudp(void)
591 {
592 int on = 1;
593 struct sockaddr_in addr;
594
595 // Tunnel
596 memset(&addr, 0, sizeof(addr));
597 addr.sin_family = AF_INET;
598 addr.sin_port = htons(L2TPPORT);
599 addr.sin_addr.s_addr = config->bind_address;
600 udpfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
601 setsockopt(udpfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
602 {
603 int flags = fcntl(udpfd, F_GETFL, 0);
604 fcntl(udpfd, F_SETFL, flags | O_NONBLOCK);
605 }
606 if (bind(udpfd, (void *) &addr, sizeof(addr)) < 0)
607 {
608 LOG(0, 0, 0, "Error in UDP bind: %s\n", strerror(errno));
609 exit(1);
610 }
611
612 // Control
613 memset(&addr, 0, sizeof(addr));
614 addr.sin_family = AF_INET;
615 addr.sin_port = htons(NSCTL_PORT);
616 controlfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
617 setsockopt(controlfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
618 if (bind(controlfd, (void *) &addr, sizeof(addr)) < 0)
619 {
620 LOG(0, 0, 0, "Error in control bind: %s\n", strerror(errno));
621 exit(1);
622 }
623
624 // Dynamic Authorization Extensions to RADIUS
625 memset(&addr, 0, sizeof(addr));
626 addr.sin_family = AF_INET;
627 addr.sin_port = htons(config->radius_dae_port);
628 daefd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
629 setsockopt(daefd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
630 if (bind(daefd, (void *) &addr, sizeof(addr)) < 0)
631 {
632 LOG(0, 0, 0, "Error in DAE bind: %s\n", strerror(errno));
633 exit(1);
634 }
635
636 // Intercept
637 snoopfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
638 }
639
640 //
641 // Find session by IP, < 1 for not found
642 //
643 // Confusingly enough, this 'ip' must be
644 // in _network_ order. This being the common
645 // case when looking it up from IP packet headers.
646 //
647 // We actually use this cache for two things.
648 // #1. For used IP addresses, this maps to the
649 // session ID that it's used by.
650 // #2. For un-used IP addresses, this maps to the
651 // index into the pool table that contains that
652 // IP address.
653 //
654
655 static int lookup_ipmap(in_addr_t ip)
656 {
657 uint8_t *a = (uint8_t *) &ip;
658 uint8_t **d = (uint8_t **) ip_hash;
659
660 if (!(d = (uint8_t **) d[(size_t) *a++])) return 0;
661 if (!(d = (uint8_t **) d[(size_t) *a++])) return 0;
662 if (!(d = (uint8_t **) d[(size_t) *a++])) return 0;
663
664 return (int) (intptr_t) d[(size_t) *a];
665 }
666
667 static int lookup_ipv6map(struct in6_addr ip)
668 {
669 struct ipv6radix *curnode;
670 int i;
671 int s;
672 char ipv6addr[INET6_ADDRSTRLEN];
673
674 curnode = &ipv6_hash[ip.s6_addr[0]];
675 i = 1;
676 s = curnode->sess;
677
678 while (s == 0 && i < 15 && curnode->branch != NULL)
679 {
680 curnode = &curnode->branch[ip.s6_addr[i]];
681 s = curnode->sess;
682 i++;
683 }
684
685 LOG(4, s, session[s].tunnel, "Looking up address %s and got %d\n",
686 inet_ntop(AF_INET6, &ip, ipv6addr,
687 INET6_ADDRSTRLEN),
688 s);
689
690 return s;
691 }
692
693 sessionidt sessionbyip(in_addr_t ip)
694 {
695 int s = lookup_ipmap(ip);
696 CSTAT(sessionbyip);
697
698 if (s > 0 && s < MAXSESSION && session[s].opened)
699 return (sessionidt) s;
700
701 return 0;
702 }
703
704 sessionidt sessionbyipv6(struct in6_addr ip)
705 {
706 int s;
707 CSTAT(sessionbyipv6);
708
709 if (!memcmp(&config->ipv6_prefix, &ip, 8) ||
710 (ip.s6_addr[0] == 0xFE &&
711 ip.s6_addr[1] == 0x80 &&
712 ip.s6_addr16[1] == 0 &&
713 ip.s6_addr16[2] == 0 &&
714 ip.s6_addr16[3] == 0)) {
715 s = lookup_ipmap(*(in_addr_t *) &ip.s6_addr[8]);
716 } else {
717 s = lookup_ipv6map(ip);
718 }
719
720 if (s > 0 && s < MAXSESSION && session[s].opened)
721 return s;
722
723 return 0;
724 }
725
726 //
727 // Take an IP address in HOST byte order and
728 // add it to the sessionid by IP cache.
729 //
730 // (It's actually cached in network order)
731 //
732 static void cache_ipmap(in_addr_t ip, int s)
733 {
734 in_addr_t nip = htonl(ip); // MUST be in network order. I.e. MSB must in be ((char *) (&ip))[0]
735 uint8_t *a = (uint8_t *) &nip;
736 uint8_t **d = (uint8_t **) ip_hash;
737 int i;
738
739 for (i = 0; i < 3; i++)
740 {
741 if (!d[(size_t) a[i]])
742 {
743 if (!(d[(size_t) a[i]] = calloc(256, sizeof(void *))))
744 return;
745 }
746
747 d = (uint8_t **) d[(size_t) a[i]];
748 }
749
750 d[(size_t) a[3]] = (uint8_t *) (intptr_t) s;
751
752 if (s > 0)
753 LOG(4, s, session[s].tunnel, "Caching ip address %s\n", fmtaddr(nip, 0));
754
755 else if (s == 0)
756 LOG(4, 0, 0, "Un-caching ip address %s\n", fmtaddr(nip, 0));
757 // else a map to an ip pool index.
758 }
759
760 static void uncache_ipmap(in_addr_t ip)
761 {
762 cache_ipmap(ip, 0); // Assign it to the NULL session.
763 }
764
765 static void cache_ipv6map(struct in6_addr ip, int prefixlen, int s)
766 {
767 int i;
768 int bytes;
769 struct ipv6radix *curnode;
770 char ipv6addr[INET6_ADDRSTRLEN];
771
772 curnode = &ipv6_hash[ip.s6_addr[0]];
773
774 bytes = prefixlen >> 3;
775 i = 1;
776 while (i < bytes) {
777 if (curnode->branch == NULL)
778 {
779 if (!(curnode->branch = calloc(256,
780 sizeof (struct ipv6radix))))
781 return;
782 }
783 curnode = &curnode->branch[ip.s6_addr[i]];
784 i++;
785 }
786
787 curnode->sess = s;
788
789 if (s > 0)
790 LOG(4, s, session[s].tunnel, "Caching ip address %s/%d\n",
791 inet_ntop(AF_INET6, &ip, ipv6addr,
792 INET6_ADDRSTRLEN),
793 prefixlen);
794 else if (s == 0)
795 LOG(4, 0, 0, "Un-caching ip address %s/%d\n",
796 inet_ntop(AF_INET6, &ip, ipv6addr,
797 INET6_ADDRSTRLEN),
798 prefixlen);
799 }
800
801 //
802 // CLI list to dump current ipcache.
803 //
804 int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc)
805 {
806 char **d = (char **) ip_hash, **e, **f, **g;
807 int i, j, k, l;
808 int count = 0;
809
810 if (CLI_HELP_REQUESTED)
811 return CLI_HELP_NO_ARGS;
812
813 cli_print(cli, "%7s %s", "Sess#", "IP Address");
814
815 for (i = 0; i < 256; ++i)
816 {
817 if (!d[i])
818 continue;
819 e = (char **) d[i];
820 for (j = 0; j < 256; ++j)
821 {
822 if (!e[j])
823 continue;
824 f = (char **) e[j];
825 for (k = 0; k < 256; ++k)
826 {
827 if (!f[k])
828 continue;
829 g = (char **)f[k];
830 for (l = 0; l < 256; ++l)
831 {
832 if (!g[l])
833 continue;
834 cli_print(cli, "%7d %d.%d.%d.%d", (int) (intptr_t) g[l], i, j, k, l);
835 ++count;
836 }
837 }
838 }
839 }
840 cli_print(cli, "%d entries in cache", count);
841 return CLI_OK;
842 }
843
844
845 // Find session by username, 0 for not found
846 // walled garden users aren't authenticated, so the username is
847 // reasonably useless. Ignore them to avoid incorrect actions
848 //
849 // This is VERY inefficent. Don't call it often. :)
850 //
851 sessionidt sessionbyuser(char *username)
852 {
853 int s;
854 CSTAT(sessionbyuser);
855
856 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
857 {
858 if (!session[s].opened)
859 continue;
860
861 if (session[s].walled_garden)
862 continue; // Skip walled garden users.
863
864 if (!strncmp(session[s].user, username, 128))
865 return s;
866
867 }
868 return 0; // Not found.
869 }
870
871 void send_garp(in_addr_t ip)
872 {
873 int s;
874 struct ifreq ifr;
875 uint8_t mac[6];
876
877 s = socket(PF_INET, SOCK_DGRAM, 0);
878 if (s < 0)
879 {
880 LOG(0, 0, 0, "Error creating socket for GARP: %s\n", strerror(errno));
881 return;
882 }
883 memset(&ifr, 0, sizeof(ifr));
884 strncpy(ifr.ifr_name, "eth0", sizeof(ifr.ifr_name) - 1);
885 if (ioctl(s, SIOCGIFHWADDR, &ifr) < 0)
886 {
887 LOG(0, 0, 0, "Error getting eth0 hardware address for GARP: %s\n", strerror(errno));
888 close(s);
889 return;
890 }
891 memcpy(mac, &ifr.ifr_hwaddr.sa_data, 6*sizeof(char));
892 if (ioctl(s, SIOCGIFINDEX, &ifr) < 0)
893 {
894 LOG(0, 0, 0, "Error getting eth0 interface index for GARP: %s\n", strerror(errno));
895 close(s);
896 return;
897 }
898 close(s);
899 sendarp(ifr.ifr_ifindex, mac, ip);
900 }
901
902 static sessiont *sessiontbysessionidt(sessionidt s)
903 {
904 if (!s || s >= MAXSESSION) return NULL;
905 return &session[s];
906 }
907
908 static sessionidt sessionidtbysessiont(sessiont *s)
909 {
910 sessionidt val = s-session;
911 if (s < session || val >= MAXSESSION) return 0;
912 return val;
913 }
914
915 // actually send a control message for a specific tunnel
916 void tunnelsend(uint8_t * buf, uint16_t l, tunnelidt t)
917 {
918 struct sockaddr_in addr;
919
920 CSTAT(tunnelsend);
921
922 if (!t)
923 {
924 static int backtrace_count = 0;
925 LOG(0, 0, t, "tunnelsend called with 0 as tunnel id\n");
926 STAT(tunnel_tx_errors);
927 log_backtrace(backtrace_count, 5)
928 return;
929 }
930
931 if (!tunnel[t].ip)
932 {
933 static int backtrace_count = 0;
934 LOG(1, 0, t, "Error sending data out tunnel: no remote endpoint (tunnel not set up)\n");
935 log_backtrace(backtrace_count, 5)
936 STAT(tunnel_tx_errors);
937 return;
938 }
939
940 memset(&addr, 0, sizeof(addr));
941 addr.sin_family = AF_INET;
942 *(uint32_t *) & addr.sin_addr = htonl(tunnel[t].ip);
943 addr.sin_port = htons(tunnel[t].port);
944
945 // sequence expected, if sequence in message
946 if (*buf & 0x08) *(uint16_t *) (buf + ((*buf & 0x40) ? 10 : 8)) = htons(tunnel[t].nr);
947
948 // If this is a control message, deal with retries
949 if (*buf & 0x80)
950 {
951 tunnel[t].last = time_now; // control message sent
952 tunnel[t].retry = backoff(tunnel[t].try); // when to resend
953 if (tunnel[t].try > 1)
954 {
955 STAT(tunnel_retries);
956 LOG(3, 0, t, "Control message resend try %d\n", tunnel[t].try);
957 }
958 }
959
960 if (sendto(udpfd, buf, l, 0, (void *) &addr, sizeof(addr)) < 0)
961 {
962 LOG(0, ntohs((*(uint16_t *) (buf + 6))), t, "Error sending data out tunnel: %s (udpfd=%d, buf=%p, len=%d, dest=%s)\n",
963 strerror(errno), udpfd, buf, l, inet_ntoa(addr.sin_addr));
964 STAT(tunnel_tx_errors);
965 return;
966 }
967
968 LOG_HEX(5, "Send Tunnel Data", buf, l);
969 STAT(tunnel_tx_packets);
970 INC_STAT(tunnel_tx_bytes, l);
971 }
972
973 //
974 // Tiny helper function to write data to
975 // the 'tun' device.
976 //
977 int tun_write(uint8_t * data, int size)
978 {
979 return write(tunfd, data, size);
980 }
981
982 // process outgoing (to tunnel) IP
983 //
984 static void processipout(uint8_t *buf, int len)
985 {
986 sessionidt s;
987 sessiont *sp;
988 tunnelidt t;
989 in_addr_t ip;
990
991 uint8_t *data = buf; // Keep a copy of the originals.
992 int size = len;
993
994 uint8_t b[MAXETHER + 20];
995
996 CSTAT(processipout);
997
998 if (len < MIN_IP_SIZE)
999 {
1000 LOG(1, 0, 0, "Short IP, %d bytes\n", len);
1001 STAT(tun_rx_errors);
1002 return;
1003 }
1004 if (len >= MAXETHER)
1005 {
1006 LOG(1, 0, 0, "Oversize IP packet %d bytes\n", len);
1007 STAT(tun_rx_errors);
1008 return;
1009 }
1010
1011 // Skip the tun header
1012 buf += 4;
1013 len -= 4;
1014
1015 // Got an IP header now
1016 if (*(uint8_t *)(buf) >> 4 != 4)
1017 {
1018 LOG(1, 0, 0, "IP: Don't understand anything except IPv4\n");
1019 return;
1020 }
1021
1022 ip = *(uint32_t *)(buf + 16);
1023 if (!(s = sessionbyip(ip)))
1024 {
1025 // Is this a packet for a session that doesn't exist?
1026 static int rate = 0; // Number of ICMP packets we've sent this second.
1027 static int last = 0; // Last time we reset the ICMP packet counter 'rate'.
1028
1029 if (last != time_now)
1030 {
1031 last = time_now;
1032 rate = 0;
1033 }
1034
1035 if (rate++ < config->icmp_rate) // Only send a max of icmp_rate per second.
1036 {
1037 LOG(4, 0, 0, "IP: Sending ICMP host unreachable to %s\n", fmtaddr(*(in_addr_t *)(buf + 12), 0));
1038 host_unreachable(*(in_addr_t *)(buf + 12), *(uint16_t *)(buf + 4),
1039 config->bind_address ? config->bind_address : my_address, buf, len);
1040 }
1041 return;
1042 }
1043 t = session[s].tunnel;
1044 sp = &session[s];
1045
1046 // DoS prevention: enforce a maximum number of packets per 0.1s for a session
1047 if (config->max_packets > 0)
1048 {
1049 if (sess_local[s].last_packet_out == TIME)
1050 {
1051 int max = config->max_packets;
1052
1053 // All packets for throttled sessions are handled by the
1054 // master, so further limit by using the throttle rate.
1055 // A bit of a kludge, since throttle rate is in kbps,
1056 // but should still be generous given our average DSL
1057 // packet size is 200 bytes: a limit of 28kbps equates
1058 // to around 180 packets per second.
1059 if (!config->cluster_iam_master && sp->throttle_out && sp->throttle_out < max)
1060 max = sp->throttle_out;
1061
1062 if (++sess_local[s].packets_out > max)
1063 {
1064 sess_local[s].packets_dropped++;
1065 return;
1066 }
1067 }
1068 else
1069 {
1070 if (sess_local[s].packets_dropped)
1071 {
1072 INC_STAT(tun_rx_dropped, sess_local[s].packets_dropped);
1073 LOG(3, s, t, "Dropped %u/%u packets to %s for %suser %s\n",
1074 sess_local[s].packets_dropped, sess_local[s].packets_out,
1075 fmtaddr(ip, 0), sp->throttle_out ? "throttled " : "",
1076 sp->user);
1077 }
1078
1079 sess_local[s].last_packet_out = TIME;
1080 sess_local[s].packets_out = 1;
1081 sess_local[s].packets_dropped = 0;
1082 }
1083 }
1084
1085 // run access-list if any
1086 if (session[s].filter_out && !ip_filter(buf, len, session[s].filter_out - 1))
1087 return;
1088
1089 if (sp->tbf_out)
1090 {
1091 // Are we throttling this session?
1092 if (config->cluster_iam_master)
1093 tbf_queue_packet(sp->tbf_out, data, size);
1094 else
1095 master_throttle_packet(sp->tbf_out, data, size);
1096 return;
1097 }
1098 else if (sp->walled_garden && !config->cluster_iam_master)
1099 {
1100 // We are walled-gardening this
1101 master_garden_packet(s, data, size);
1102 return;
1103 }
1104
1105 LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
1106
1107 // Add on L2TP header
1108 {
1109 uint8_t *p = makeppp(b, sizeof(b), buf, len, s, t, PPPIP);
1110 if (!p) return;
1111 tunnelsend(b, len + (p-b), t); // send it...
1112 }
1113
1114 // Snooping this session, send it to intercept box
1115 if (sp->snoop_ip && sp->snoop_port)
1116 snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
1117
1118 increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
1119 sp->cout_delta += len;
1120 sp->pout++;
1121 udp_tx += len;
1122
1123 sess_local[s].cout += len; // To send to master..
1124 sess_local[s].pout++;
1125 }
1126
1127 // process outgoing (to tunnel) IPv6
1128 //
1129 static void processipv6out(uint8_t * buf, int len)
1130 {
1131 sessionidt s;
1132 sessiont *sp;
1133 tunnelidt t;
1134 in_addr_t ip;
1135 struct in6_addr ip6;
1136
1137 uint8_t *data = buf; // Keep a copy of the originals.
1138 int size = len;
1139
1140 uint8_t b[MAXETHER + 20];
1141
1142 CSTAT(processipv6out);
1143
1144 if (len < MIN_IP_SIZE)
1145 {
1146 LOG(1, 0, 0, "Short IPv6, %d bytes\n", len);
1147 STAT(tunnel_tx_errors);
1148 return;
1149 }
1150 if (len >= MAXETHER)
1151 {
1152 LOG(1, 0, 0, "Oversize IPv6 packet %d bytes\n", len);
1153 STAT(tunnel_tx_errors);
1154 return;
1155 }
1156
1157 // Skip the tun header
1158 buf += 4;
1159 len -= 4;
1160
1161 // Got an IP header now
1162 if (*(uint8_t *)(buf) >> 4 != 6)
1163 {
1164 LOG(1, 0, 0, "IP: Don't understand anything except IPv6\n");
1165 return;
1166 }
1167
1168 ip6 = *(struct in6_addr *)(buf+24);
1169 s = sessionbyipv6(ip6);
1170
1171 if (s == 0)
1172 {
1173 ip = *(uint32_t *)(buf + 32);
1174 s = sessionbyip(ip);
1175 }
1176
1177 if (s == 0)
1178 {
1179 // Is this a packet for a session that doesn't exist?
1180 static int rate = 0; // Number of ICMP packets we've sent this second.
1181 static int last = 0; // Last time we reset the ICMP packet counter 'rate'.
1182
1183 if (last != time_now)
1184 {
1185 last = time_now;
1186 rate = 0;
1187 }
1188
1189 if (rate++ < config->icmp_rate) // Only send a max of icmp_rate per second.
1190 {
1191 // FIXME: Should send icmp6 host unreachable
1192 }
1193 return;
1194 }
1195 t = session[s].tunnel;
1196 sp = &session[s];
1197
1198 // FIXME: add DoS prevention/filters?
1199
1200 if (sp->tbf_out)
1201 {
1202 // Are we throttling this session?
1203 if (config->cluster_iam_master)
1204 tbf_queue_packet(sp->tbf_out, data, size);
1205 else
1206 master_throttle_packet(sp->tbf_out, data, size);
1207 return;
1208 }
1209 else if (sp->walled_garden && !config->cluster_iam_master)
1210 {
1211 // We are walled-gardening this
1212 master_garden_packet(s, data, size);
1213 return;
1214 }
1215
1216 LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
1217
1218 // Add on L2TP header
1219 {
1220 uint8_t *p = makeppp(b, sizeof(b), buf, len, s, t, PPPIPV6);
1221 if (!p) return;
1222 tunnelsend(b, len + (p-b), t); // send it...
1223 }
1224
1225 // Snooping this session, send it to intercept box
1226 if (sp->snoop_ip && sp->snoop_port)
1227 snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
1228
1229 increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
1230 sp->cout_delta += len;
1231 sp->pout++;
1232 udp_tx += len;
1233
1234 sess_local[s].cout += len; // To send to master..
1235 sess_local[s].pout++;
1236 }
1237
1238 //
1239 // Helper routine for the TBF filters.
1240 // Used to send queued data in to the user!
1241 //
1242 static void send_ipout(sessionidt s, uint8_t *buf, int len)
1243 {
1244 sessiont *sp;
1245 tunnelidt t;
1246 in_addr_t ip;
1247
1248 uint8_t b[MAXETHER + 20];
1249
1250 if (len < 0 || len > MAXETHER)
1251 {
1252 LOG(1, 0, 0, "Odd size IP packet: %d bytes\n", len);
1253 return;
1254 }
1255
1256 // Skip the tun header
1257 buf += 4;
1258 len -= 4;
1259
1260 ip = *(in_addr_t *)(buf + 16);
1261
1262 if (!session[s].ip)
1263 return;
1264
1265 t = session[s].tunnel;
1266 sp = &session[s];
1267
1268 LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
1269
1270 // Add on L2TP header
1271 {
1272 uint8_t *p = makeppp(b, sizeof(b), buf, len, s, t, PPPIP);
1273 if (!p) return;
1274 tunnelsend(b, len + (p-b), t); // send it...
1275 }
1276
1277 // Snooping this session.
1278 if (sp->snoop_ip && sp->snoop_port)
1279 snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
1280
1281 increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
1282 sp->cout_delta += len;
1283 sp->pout++;
1284 udp_tx += len;
1285
1286 sess_local[s].cout += len; // To send to master..
1287 sess_local[s].pout++;
1288 }
1289
1290 // add an AVP (16 bit)
1291 static void control16(controlt * c, uint16_t avp, uint16_t val, uint8_t m)
1292 {
1293 uint16_t l = (m ? 0x8008 : 0x0008);
1294 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1295 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1296 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1297 *(uint16_t *) (c->buf + c->length + 6) = htons(val);
1298 c->length += 8;
1299 }
1300
1301 // add an AVP (32 bit)
1302 static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m)
1303 {
1304 uint16_t l = (m ? 0x800A : 0x000A);
1305 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1306 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1307 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1308 *(uint32_t *) (c->buf + c->length + 6) = htonl(val);
1309 c->length += 10;
1310 }
1311
1312 // add an AVP (string)
1313 static void controls(controlt * c, uint16_t avp, char *val, uint8_t m)
1314 {
1315 uint16_t l = ((m ? 0x8000 : 0) + strlen(val) + 6);
1316 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1317 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1318 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1319 memcpy(c->buf + c->length + 6, val, strlen(val));
1320 c->length += 6 + strlen(val);
1321 }
1322
1323 // add a binary AVP
1324 static void controlb(controlt * c, uint16_t avp, uint8_t *val, unsigned int len, uint8_t m)
1325 {
1326 uint16_t l = ((m ? 0x8000 : 0) + len + 6);
1327 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1328 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1329 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1330 memcpy(c->buf + c->length + 6, val, len);
1331 c->length += 6 + len;
1332 }
1333
1334 // new control connection
1335 static controlt *controlnew(uint16_t mtype)
1336 {
1337 controlt *c;
1338 if (!controlfree)
1339 c = malloc(sizeof(controlt));
1340 else
1341 {
1342 c = controlfree;
1343 controlfree = c->next;
1344 }
1345 assert(c);
1346 c->next = 0;
1347 *(uint16_t *) (c->buf + 0) = htons(0xC802); // flags/ver
1348 c->length = 12;
1349 control16(c, 0, mtype, 1);
1350 return c;
1351 }
1352
1353 // send zero block if nothing is waiting
1354 // (ZLB send).
1355 static void controlnull(tunnelidt t)
1356 {
1357 uint8_t buf[12];
1358 if (tunnel[t].controlc) // Messages queued; They will carry the ack.
1359 return;
1360
1361 *(uint16_t *) (buf + 0) = htons(0xC802); // flags/ver
1362 *(uint16_t *) (buf + 2) = htons(12); // length
1363 *(uint16_t *) (buf + 4) = htons(tunnel[t].far); // tunnel
1364 *(uint16_t *) (buf + 6) = htons(0); // session
1365 *(uint16_t *) (buf + 8) = htons(tunnel[t].ns); // sequence
1366 *(uint16_t *) (buf + 10) = htons(tunnel[t].nr); // sequence
1367 tunnelsend(buf, 12, t);
1368 }
1369
1370 // add a control message to a tunnel, and send if within window
1371 static void controladd(controlt *c, sessionidt far, tunnelidt t)
1372 {
1373 *(uint16_t *) (c->buf + 2) = htons(c->length); // length
1374 *(uint16_t *) (c->buf + 4) = htons(tunnel[t].far); // tunnel
1375 *(uint16_t *) (c->buf + 6) = htons(far); // session
1376 *(uint16_t *) (c->buf + 8) = htons(tunnel[t].ns); // sequence
1377 tunnel[t].ns++; // advance sequence
1378 // link in message in to queue
1379 if (tunnel[t].controlc)
1380 tunnel[t].controle->next = c;
1381 else
1382 tunnel[t].controls = c;
1383
1384 tunnel[t].controle = c;
1385 tunnel[t].controlc++;
1386
1387 // send now if space in window
1388 if (tunnel[t].controlc <= tunnel[t].window)
1389 {
1390 tunnel[t].try = 0; // first send
1391 tunnelsend(c->buf, c->length, t);
1392 }
1393 }
1394
1395 //
1396 // Throttle or Unthrottle a session
1397 //
1398 // Throttle the data from/to through a session to no more than
1399 // 'rate_in' kbit/sec in (from user) or 'rate_out' kbit/sec out (to
1400 // user).
1401 //
1402 // If either value is -1, the current value is retained for that
1403 // direction.
1404 //
1405 void throttle_session(sessionidt s, int rate_in, int rate_out)
1406 {
1407 if (!session[s].opened)
1408 return; // No-one home.
1409
1410 if (!*session[s].user)
1411 return; // User not logged in
1412
1413 if (rate_in >= 0)
1414 {
1415 int bytes = rate_in * 1024 / 8; // kbits to bytes
1416 if (session[s].tbf_in)
1417 free_tbf(session[s].tbf_in);
1418
1419 if (rate_in > 0)
1420 session[s].tbf_in = new_tbf(s, bytes * 2, bytes, send_ipin);
1421 else
1422 session[s].tbf_in = 0;
1423
1424 session[s].throttle_in = rate_in;
1425 }
1426
1427 if (rate_out >= 0)
1428 {
1429 int bytes = rate_out * 1024 / 8;
1430 if (session[s].tbf_out)
1431 free_tbf(session[s].tbf_out);
1432
1433 if (rate_out > 0)
1434 session[s].tbf_out = new_tbf(s, bytes * 2, bytes, send_ipout);
1435 else
1436 session[s].tbf_out = 0;
1437
1438 session[s].throttle_out = rate_out;
1439 }
1440 }
1441
1442 // add/remove filters from session (-1 = no change)
1443 void filter_session(sessionidt s, int filter_in, int filter_out)
1444 {
1445 if (!session[s].opened)
1446 return; // No-one home.
1447
1448 if (!*session[s].user)
1449 return; // User not logged in
1450
1451 // paranoia
1452 if (filter_in > MAXFILTER) filter_in = -1;
1453 if (filter_out > MAXFILTER) filter_out = -1;
1454 if (session[s].filter_in > MAXFILTER) session[s].filter_in = 0;
1455 if (session[s].filter_out > MAXFILTER) session[s].filter_out = 0;
1456
1457 if (filter_in >= 0)
1458 {
1459 if (session[s].filter_in)
1460 ip_filters[session[s].filter_in - 1].used--;
1461
1462 if (filter_in > 0)
1463 ip_filters[filter_in - 1].used++;
1464
1465 session[s].filter_in = filter_in;
1466 }
1467
1468 if (filter_out >= 0)
1469 {
1470 if (session[s].filter_out)
1471 ip_filters[session[s].filter_out - 1].used--;
1472
1473 if (filter_out > 0)
1474 ip_filters[filter_out - 1].used++;
1475
1476 session[s].filter_out = filter_out;
1477 }
1478 }
1479
1480 // start tidy shutdown of session
1481 void sessionshutdown(sessionidt s, char *reason, int result, int error)
1482 {
1483 int walled_garden = session[s].walled_garden;
1484
1485
1486 CSTAT(sessionshutdown);
1487
1488 if (!session[s].opened)
1489 {
1490 LOG(3, s, session[s].tunnel, "Called sessionshutdown on an unopened session.\n");
1491 return; // not a live session
1492 }
1493
1494 if (!session[s].die)
1495 {
1496 struct param_kill_session data = { &tunnel[session[s].tunnel], &session[s] };
1497 LOG(2, s, session[s].tunnel, "Shutting down session %d: %s\n", s, reason);
1498 run_plugins(PLUGIN_KILL_SESSION, &data);
1499 }
1500
1501 if (session[s].ip && !walled_garden && !session[s].die)
1502 {
1503 // RADIUS Stop message
1504 uint16_t r = radiusnew(s);
1505 if (r)
1506 {
1507 // stop, if not already trying
1508 if (radius[r].state != RADIUSSTOP)
1509 radiussend(r, RADIUSSTOP);
1510 }
1511 else
1512 LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Stop message\n");
1513
1514 // Save counters to dump to accounting file
1515 if (*config->accounting_dir && shut_acct_n < sizeof(shut_acct) / sizeof(*shut_acct))
1516 memcpy(&shut_acct[shut_acct_n++], &session[s], sizeof(session[s]));
1517 }
1518
1519 if (session[s].ip)
1520 { // IP allocated, clear and unroute
1521 int r;
1522 int routed = 0;
1523 for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
1524 {
1525 if ((session[s].ip & session[s].route[r].mask) ==
1526 (session[s].route[r].ip & session[s].route[r].mask))
1527 routed++;
1528
1529 routeset(s, session[s].route[r].ip, session[s].route[r].mask, 0, 0);
1530 session[s].route[r].ip = 0;
1531 }
1532
1533 if (session[s].ip_pool_index == -1) // static ip
1534 {
1535 if (!routed) routeset(s, session[s].ip, 0, 0, 0);
1536 session[s].ip = 0;
1537 }
1538 else
1539 free_ip_address(s);
1540
1541 // unroute IPv6, if setup
1542 if (session[s].ppp.ipv6cp == Opened && session[s].ipv6prefixlen)
1543 route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 0);
1544 }
1545
1546 if (session[s].throttle_in || session[s].throttle_out) // Unthrottle if throttled.
1547 throttle_session(s, 0, 0);
1548
1549 if (result)
1550 { // Send CDN
1551 controlt *c = controlnew(14); // sending CDN
1552 if (error)
1553 {
1554 uint8_t buf[4];
1555 *(uint16_t *) buf = htons(result);
1556 *(uint16_t *) (buf+2) = htons(error);
1557 controlb(c, 1, buf, 4, 1);
1558 }
1559 else
1560 control16(c, 1, result, 1);
1561
1562 control16(c, 14, s, 1); // assigned session (our end)
1563 controladd(c, session[s].far, session[s].tunnel); // send the message
1564 }
1565
1566 if (!session[s].die)
1567 session[s].die = TIME + 150; // Clean up in 15 seconds
1568
1569 // update filter refcounts
1570 if (session[s].filter_in) ip_filters[session[s].filter_in - 1].used--;
1571 if (session[s].filter_out) ip_filters[session[s].filter_out - 1].used--;
1572
1573 // clear PPP state
1574 memset(&session[s].ppp, 0, sizeof(session[s].ppp));
1575 sess_local[s].lcp.restart = 0;
1576 sess_local[s].ipcp.restart = 0;
1577 sess_local[s].ipv6cp.restart = 0;
1578 sess_local[s].ccp.restart = 0;
1579
1580 cluster_send_session(s);
1581 }
1582
1583 void sendipcp(sessionidt s, tunnelidt t)
1584 {
1585 uint8_t buf[MAXETHER];
1586 uint8_t *q;
1587
1588 CSTAT(sendipcp);
1589 LOG(3, s, t, "IPCP: send ConfigReq\n");
1590
1591 if (!session[s].unique_id)
1592 {
1593 if (!++last_id) ++last_id; // skip zero
1594 session[s].unique_id = last_id;
1595 }
1596
1597 q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPIPCP);
1598 if (!q) return;
1599
1600 *q = ConfigReq;
1601 q[1] = session[s].unique_id & 0xf; // ID, dont care, we only send one type of request
1602 *(uint16_t *) (q + 2) = htons(10); // packet length
1603 q[4] = 3; // ip address option
1604 q[5] = 6; // option length
1605 *(in_addr_t *) (q + 6) = config->peer_address ? config->peer_address :
1606 config->bind_address ? config->bind_address :
1607 my_address; // send my IP
1608
1609 tunnelsend(buf, 10 + (q - buf), t); // send it
1610 }
1611
1612 void sendipv6cp(sessionidt s, tunnelidt t)
1613 {
1614 uint8_t buf[MAXETHER];
1615 uint8_t *q;
1616
1617 CSTAT(sendipv6cp);
1618 LOG(3, s, t, "IPV6CP: send ConfigReq\n");
1619
1620 q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPIPV6CP);
1621 if (!q) return;
1622
1623 *q = ConfigReq;
1624 q[1] = session[s].unique_id & 0xf; // ID, don't care, we
1625 // only send one type
1626 // of request
1627 *(uint16_t *) (q + 2) = htons(14);
1628 q[4] = 1; // interface identifier option
1629 q[5] = 10; // option length
1630 *(uint32_t *) (q + 6) = 0; // We'll be prefix::1
1631 *(uint32_t *) (q + 10) = 0;
1632 q[13] = 1;
1633
1634 tunnelsend(buf, 14 + (q - buf), t); // send it
1635 }
1636
1637 static void sessionclear(sessionidt s)
1638 {
1639 memset(&session[s], 0, sizeof(session[s]));
1640 memset(&sess_local[s], 0, sizeof(sess_local[s]));
1641 memset(&cli_session_actions[s], 0, sizeof(cli_session_actions[s]));
1642
1643 session[s].tunnel = T_FREE; // Mark it as free.
1644 session[s].next = sessionfree;
1645 sessionfree = s;
1646 }
1647
1648 // kill a session now
1649 void sessionkill(sessionidt s, char *reason)
1650 {
1651
1652 CSTAT(sessionkill);
1653
1654 if (!session[s].opened) // not alive
1655 return;
1656
1657 if (session[s].next)
1658 {
1659 LOG(0, s, session[s].tunnel, "Tried to kill a session with next pointer set (%d)\n", session[s].next);
1660 return;
1661 }
1662
1663 session[s].die = TIME;
1664 sessionshutdown(s, reason, 3, 0); // close radius/routes, etc.
1665 if (sess_local[s].radius)
1666 radiusclear(sess_local[s].radius, s); // cant send clean accounting data, session is killed
1667
1668 LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason);
1669 sessionclear(s);
1670 cluster_send_session(s);
1671 }
1672
1673 static void tunnelclear(tunnelidt t)
1674 {
1675 if (!t) return;
1676 memset(&tunnel[t], 0, sizeof(tunnel[t]));
1677 tunnel[t].state = TUNNELFREE;
1678 }
1679
1680 // kill a tunnel now
1681 static void tunnelkill(tunnelidt t, char *reason)
1682 {
1683 sessionidt s;
1684 controlt *c;
1685
1686 CSTAT(tunnelkill);
1687
1688 tunnel[t].state = TUNNELDIE;
1689
1690 // free control messages
1691 while ((c = tunnel[t].controls))
1692 {
1693 controlt * n = c->next;
1694 tunnel[t].controls = n;
1695 tunnel[t].controlc--;
1696 c->next = controlfree;
1697 controlfree = c;
1698 }
1699 // kill sessions
1700 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
1701 if (session[s].tunnel == t)
1702 sessionkill(s, reason);
1703
1704 // free tunnel
1705 tunnelclear(t);
1706 LOG(1, 0, t, "Kill tunnel %d: %s\n", t, reason);
1707 cli_tunnel_actions[t].action = 0;
1708 cluster_send_tunnel(t);
1709 }
1710
1711 // shut down a tunnel cleanly
1712 static void tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg)
1713 {
1714 sessionidt s;
1715
1716 CSTAT(tunnelshutdown);
1717
1718 if (!tunnel[t].last || !tunnel[t].far || tunnel[t].state == TUNNELFREE)
1719 {
1720 // never set up, can immediately kill
1721 tunnelkill(t, reason);
1722 return;
1723 }
1724 LOG(1, 0, t, "Shutting down tunnel %d (%s)\n", t, reason);
1725
1726 // close session
1727 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
1728 if (session[s].tunnel == t)
1729 sessionshutdown(s, reason, 0, 0);
1730
1731 tunnel[t].state = TUNNELDIE;
1732 tunnel[t].die = TIME + 700; // Clean up in 70 seconds
1733 cluster_send_tunnel(t);
1734 // TBA - should we wait for sessions to stop?
1735 if (result)
1736 {
1737 controlt *c = controlnew(4); // sending StopCCN
1738 if (error)
1739 {
1740 uint8_t buf[64];
1741 int l = 4;
1742 *(uint16_t *) buf = htons(result);
1743 *(uint16_t *) (buf+2) = htons(error);
1744 if (msg)
1745 {
1746 int m = strlen(msg);
1747 if (m + 4 > sizeof(buf))
1748 m = sizeof(buf) - 4;
1749
1750 memcpy(buf+4, msg, m);
1751 l += m;
1752 }
1753
1754 controlb(c, 1, buf, l, 1);
1755 }
1756 else
1757 control16(c, 1, result, 1);
1758
1759 control16(c, 9, t, 1); // assigned tunnel (our end)
1760 controladd(c, 0, t); // send the message
1761 }
1762 }
1763
1764 // read and process packet on tunnel (UDP)
1765 void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
1766 {
1767 uint8_t *chapresponse = NULL;
1768 uint16_t l = len, t = 0, s = 0, ns = 0, nr = 0;
1769 uint8_t *p = buf + 2;
1770
1771
1772 CSTAT(processudp);
1773
1774 udp_rx += len;
1775 udp_rx_pkt++;
1776 LOG_HEX(5, "UDP Data", buf, len);
1777 STAT(tunnel_rx_packets);
1778 INC_STAT(tunnel_rx_bytes, len);
1779 if (len < 6)
1780 {
1781 LOG(1, 0, 0, "Short UDP, %d bytes\n", len);
1782 STAT(tunnel_rx_errors);
1783 return;
1784 }
1785 if ((buf[1] & 0x0F) != 2)
1786 {
1787 LOG(1, 0, 0, "Bad L2TP ver %d\n", (buf[1] & 0x0F) != 2);
1788 STAT(tunnel_rx_errors);
1789 return;
1790 }
1791 if (*buf & 0x40)
1792 { // length
1793 l = ntohs(*(uint16_t *) p);
1794 p += 2;
1795 }
1796 t = ntohs(*(uint16_t *) p);
1797 p += 2;
1798 s = ntohs(*(uint16_t *) p);
1799 p += 2;
1800 if (s >= MAXSESSION)
1801 {
1802 LOG(1, s, t, "Received UDP packet with invalid session ID\n");
1803 STAT(tunnel_rx_errors);
1804 return;
1805 }
1806 if (t >= MAXTUNNEL)
1807 {
1808 LOG(1, s, t, "Received UDP packet with invalid tunnel ID\n");
1809 STAT(tunnel_rx_errors);
1810 return;
1811 }
1812 if (*buf & 0x08)
1813 { // ns/nr
1814 ns = ntohs(*(uint16_t *) p);
1815 p += 2;
1816 nr = ntohs(*(uint16_t *) p);
1817 p += 2;
1818 }
1819 if (*buf & 0x02)
1820 { // offset
1821 uint16_t o = ntohs(*(uint16_t *) p);
1822 p += o + 2;
1823 }
1824 if ((p - buf) > l)
1825 {
1826 LOG(1, s, t, "Bad length %d>%d\n", (int) (p - buf), l);
1827 STAT(tunnel_rx_errors);
1828 return;
1829 }
1830 l -= (p - buf);
1831
1832 // used to time out old tunnels
1833 if (t && tunnel[t].state == TUNNELOPEN)
1834 tunnel[t].lastrec = time_now;
1835
1836 if (*buf & 0x80)
1837 { // control
1838 uint16_t message = 0xFFFF; // message type
1839 uint8_t fatal = 0;
1840 uint8_t mandatory = 0;
1841 uint16_t asession = 0; // assigned session
1842 uint32_t amagic = 0; // magic number
1843 uint8_t aflags = 0; // flags from last LCF
1844 uint16_t version = 0x0100; // protocol version (we handle 0.0 as well and send that back just in case)
1845 char called[MAXTEL] = ""; // called number
1846 char calling[MAXTEL] = ""; // calling number
1847
1848 if (!config->cluster_iam_master)
1849 {
1850 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
1851 return;
1852 }
1853
1854 // control messages must have bits 0x80|0x40|0x08
1855 // (type, length and sequence) set, and bits 0x02|0x01
1856 // (offset and priority) clear
1857 if ((*buf & 0xCB) != 0xC8)
1858 {
1859 LOG(1, s, t, "Bad control header %02X\n", *buf);
1860 STAT(tunnel_rx_errors);
1861 return;
1862 }
1863
1864 // check for duplicate tunnel open message
1865 if (!t && ns == 0)
1866 {
1867 int i;
1868
1869 //
1870 // Is this a duplicate of the first packet? (SCCRQ)
1871 //
1872 for (i = 1; i <= config->cluster_highest_tunnelid ; ++i)
1873 {
1874 if (tunnel[i].state != TUNNELOPENING ||
1875 tunnel[i].ip != ntohl(*(in_addr_t *) & addr->sin_addr) ||
1876 tunnel[i].port != ntohs(addr->sin_port) )
1877 continue;
1878 t = i;
1879 LOG(3, s, t, "Duplicate SCCRQ?\n");
1880 break;
1881 }
1882 }
1883
1884 LOG(3, s, t, "Control message (%d bytes): (unacked %d) l-ns %d l-nr %d r-ns %d r-nr %d\n",
1885 l, tunnel[t].controlc, tunnel[t].ns, tunnel[t].nr, ns, nr);
1886
1887 // if no tunnel specified, assign one
1888 if (!t)
1889 {
1890 if (!(t = new_tunnel()))
1891 {
1892 LOG(1, 0, 0, "No more tunnels\n");
1893 STAT(tunnel_overflow);
1894 return;
1895 }
1896 tunnelclear(t);
1897 tunnel[t].ip = ntohl(*(in_addr_t *) & addr->sin_addr);
1898 tunnel[t].port = ntohs(addr->sin_port);
1899 tunnel[t].window = 4; // default window
1900 STAT(tunnel_created);
1901 LOG(1, 0, t, " New tunnel from %s:%u ID %d\n",
1902 fmtaddr(htonl(tunnel[t].ip), 0), tunnel[t].port, t);
1903 }
1904
1905 // If the 'ns' just received is not the 'nr' we're
1906 // expecting, just send an ack and drop it.
1907 //
1908 // if 'ns' is less, then we got a retransmitted packet.
1909 // if 'ns' is greater than missed a packet. Either way
1910 // we should ignore it.
1911 if (ns != tunnel[t].nr)
1912 {
1913 // is this the sequence we were expecting?
1914 STAT(tunnel_rx_errors);
1915 LOG(1, 0, t, " Out of sequence tunnel %d, (%d is not the expected %d)\n",
1916 t, ns, tunnel[t].nr);
1917
1918 if (l) // Is this not a ZLB?
1919 controlnull(t);
1920 return;
1921 }
1922
1923 // check sequence of this message
1924 {
1925 int skip = tunnel[t].window; // track how many in-window packets are still in queue
1926 // some to clear maybe?
1927 while (tunnel[t].controlc > 0 && (((tunnel[t].ns - tunnel[t].controlc) - nr) & 0x8000))
1928 {
1929 controlt *c = tunnel[t].controls;
1930 tunnel[t].controls = c->next;
1931 tunnel[t].controlc--;
1932 c->next = controlfree;
1933 controlfree = c;
1934 skip--;
1935 tunnel[t].try = 0; // we have progress
1936 }
1937
1938 // receiver advance (do here so quoted correctly in any sends below)
1939 if (l) tunnel[t].nr = (ns + 1);
1940 if (skip < 0) skip = 0;
1941 if (skip < tunnel[t].controlc)
1942 {
1943 // some control packets can now be sent that were previous stuck out of window
1944 int tosend = tunnel[t].window - skip;
1945 controlt *c = tunnel[t].controls;
1946 while (c && skip)
1947 {
1948 c = c->next;
1949 skip--;
1950 }
1951 while (c && tosend)
1952 {
1953 tunnel[t].try = 0; // first send
1954 tunnelsend(c->buf, c->length, t);
1955 c = c->next;
1956 tosend--;
1957 }
1958 }
1959 if (!tunnel[t].controlc)
1960 tunnel[t].retry = 0; // caught up
1961 }
1962 if (l)
1963 { // if not a null message
1964 int result = 0;
1965 int error = 0;
1966 char *msg = 0;
1967
1968 // process AVPs
1969 while (l && !(fatal & 0x80)) // 0x80 = mandatory AVP
1970 {
1971 uint16_t n = (ntohs(*(uint16_t *) p) & 0x3FF);
1972 uint8_t *b = p;
1973 uint8_t flags = *p;
1974 uint16_t mtype;
1975 if (n > l)
1976 {
1977 LOG(1, s, t, "Invalid length in AVP\n");
1978 STAT(tunnel_rx_errors);
1979 return;
1980 }
1981 p += n; // next
1982 l -= n;
1983 if (flags & 0x3C) // reserved bits, should be clear
1984 {
1985 LOG(1, s, t, "Unrecognised AVP flags %02X\n", *b);
1986 fatal = flags;
1987 result = 2; // general error
1988 error = 3; // reserved field non-zero
1989 msg = 0;
1990 continue; // next
1991 }
1992 b += 2;
1993 if (*(uint16_t *) (b))
1994 {
1995 LOG(2, s, t, "Unknown AVP vendor %d\n", ntohs(*(uint16_t *) (b)));
1996 fatal = flags;
1997 result = 2; // general error
1998 error = 6; // generic vendor-specific error
1999 msg = "unsupported vendor-specific";
2000 continue; // next
2001 }
2002 b += 2;
2003 mtype = ntohs(*(uint16_t *) (b));
2004 b += 2;
2005 n -= 6;
2006
2007 if (flags & 0x40)
2008 {
2009 uint16_t orig_len;
2010
2011 // handle hidden AVPs
2012 if (!*config->l2tpsecret)
2013 {
2014 LOG(1, s, t, "Hidden AVP requested, but no L2TP secret.\n");
2015 fatal = flags;
2016 result = 2; // general error
2017 error = 6; // generic vendor-specific error
2018 msg = "secret not specified";
2019 continue;
2020 }
2021 if (!session[s].random_vector_length)
2022 {
2023 LOG(1, s, t, "Hidden AVP requested, but no random vector.\n");
2024 fatal = flags;
2025 result = 2; // general error
2026 error = 6; // generic
2027 msg = "no random vector";
2028 continue;
2029 }
2030 if (n < 8)
2031 {
2032 LOG(2, s, t, "Short hidden AVP.\n");
2033 fatal = flags;
2034 result = 2; // general error
2035 error = 2; // length is wrong
2036 msg = 0;
2037 continue;
2038 }
2039
2040 // Unhide the AVP
2041 unhide_value(b, n, mtype, session[s].random_vector, session[s].random_vector_length);
2042
2043 orig_len = ntohs(*(uint16_t *) b);
2044 if (orig_len > n + 2)
2045 {
2046 LOG(1, s, t, "Original length %d too long in hidden AVP of length %d; wrong secret?\n",
2047 orig_len, n);
2048
2049 fatal = flags;
2050 result = 2; // general error
2051 error = 2; // length is wrong
2052 msg = 0;
2053 continue;
2054 }
2055
2056 b += 2;
2057 n = orig_len;
2058 }
2059
2060 LOG(4, s, t, " AVP %d (%s) len %d%s%s\n", mtype, l2tp_avp_name(mtype), n,
2061 flags & 0x40 ? ", hidden" : "", flags & 0x80 ? ", mandatory" : "");
2062
2063 switch (mtype)
2064 {
2065 case 0: // message type
2066 message = ntohs(*(uint16_t *) b);
2067 mandatory = flags & 0x80;
2068 LOG(4, s, t, " Message type = %d (%s)\n", *b, l2tp_code(message));
2069 break;
2070 case 1: // result code
2071 {
2072 uint16_t rescode = ntohs(*(uint16_t *) b);
2073 const char* resdesc = "(unknown)";
2074 if (message == 4)
2075 { /* StopCCN */
2076 resdesc = l2tp_stopccn_result_code(rescode);
2077 }
2078 else if (message == 14)
2079 { /* CDN */
2080 resdesc = l2tp_cdn_result_code(rescode);
2081 }
2082
2083 LOG(4, s, t, " Result Code %d: %s\n", rescode, resdesc);
2084 if (n >= 4)
2085 {
2086 uint16_t errcode = ntohs(*(uint16_t *)(b + 2));
2087 LOG(4, s, t, " Error Code %d: %s\n", errcode, l2tp_error_code(errcode));
2088 }
2089 if (n > 4)
2090 LOG(4, s, t, " Error String: %.*s\n", n-4, b+4);
2091
2092 break;
2093 }
2094 break;
2095 case 2: // protocol version
2096 {
2097 version = ntohs(*(uint16_t *) (b));
2098 LOG(4, s, t, " Protocol version = %d\n", version);
2099 if (version && version != 0x0100)
2100 { // allow 0.0 and 1.0
2101 LOG(1, s, t, " Bad protocol version %04X\n", version);
2102 fatal = flags;
2103 result = 5; // unspported protocol version
2104 error = 0x0100; // supported version
2105 msg = 0;
2106 continue; // next
2107 }
2108 }
2109 break;
2110 case 3: // framing capabilities
2111 // LOG(4, s, t, "Framing capabilities\n");
2112 break;
2113 case 4: // bearer capabilities
2114 // LOG(4, s, t, "Bearer capabilities\n");
2115 break;
2116 case 5: // tie breaker
2117 // We never open tunnels, so we don't care about tie breakers
2118 // LOG(4, s, t, "Tie breaker\n");
2119 continue;
2120 case 6: // firmware revision
2121 // LOG(4, s, t, "Firmware revision\n");
2122 break;
2123 case 7: // host name
2124 memset(tunnel[t].hostname, 0, sizeof(tunnel[t].hostname));
2125 memcpy(tunnel[t].hostname, b, (n < sizeof(tunnel[t].hostname)) ? n : sizeof(tunnel[t].hostname) - 1);
2126 LOG(4, s, t, " Tunnel hostname = \"%s\"\n", tunnel[t].hostname);
2127 // TBA - to send to RADIUS
2128 break;
2129 case 8: // vendor name
2130 memset(tunnel[t].vendor, 0, sizeof(tunnel[t].vendor));
2131 memcpy(tunnel[t].vendor, b, (n < sizeof(tunnel[t].vendor)) ? n : sizeof(tunnel[t].vendor) - 1);
2132 LOG(4, s, t, " Vendor name = \"%s\"\n", tunnel[t].vendor);
2133 break;
2134 case 9: // assigned tunnel
2135 tunnel[t].far = ntohs(*(uint16_t *) (b));
2136 LOG(4, s, t, " Remote tunnel id = %d\n", tunnel[t].far);
2137 break;
2138 case 10: // rx window
2139 tunnel[t].window = ntohs(*(uint16_t *) (b));
2140 if (!tunnel[t].window)
2141 tunnel[t].window = 1; // window of 0 is silly
2142 LOG(4, s, t, " rx window = %d\n", tunnel[t].window);
2143 break;
2144 case 11: // Challenge
2145 {
2146 LOG(4, s, t, " LAC requested CHAP authentication for tunnel\n");
2147 build_chap_response(b, 2, n, &chapresponse);
2148 }
2149 break;
2150 case 13: // Response
2151 // Why did they send a response? We never challenge.
2152 LOG(2, s, t, " received unexpected challenge response\n");
2153 break;
2154
2155 case 14: // assigned session
2156 asession = session[s].far = ntohs(*(uint16_t *) (b));
2157 LOG(4, s, t, " assigned session = %d\n", asession);
2158 break;
2159 case 15: // call serial number
2160 LOG(4, s, t, " call serial number = %d\n", ntohl(*(uint32_t *)b));
2161 break;
2162 case 18: // bearer type
2163 LOG(4, s, t, " bearer type = %d\n", ntohl(*(uint32_t *)b));
2164 // TBA - for RADIUS
2165 break;
2166 case 19: // framing type
2167 LOG(4, s, t, " framing type = %d\n", ntohl(*(uint32_t *)b));
2168 // TBA
2169 break;
2170 case 21: // called number
2171 memset(called, 0, sizeof(called));
2172 memcpy(called, b, (n < sizeof(called)) ? n : sizeof(called) - 1);
2173 LOG(4, s, t, " Called <%s>\n", called);
2174 break;
2175 case 22: // calling number
2176 memset(calling, 0, sizeof(calling));
2177 memcpy(calling, b, (n < sizeof(calling)) ? n : sizeof(calling) - 1);
2178 LOG(4, s, t, " Calling <%s>\n", calling);
2179 break;
2180 case 23: // subtype
2181 break;
2182 case 24: // tx connect speed
2183 if (n == 4)
2184 {
2185 session[s].tx_connect_speed = ntohl(*(uint32_t *)b);
2186 }
2187 else
2188 {
2189 // AS5300s send connect speed as a string
2190 char tmp[30];
2191 memset(tmp, 0, sizeof(tmp));
2192 memcpy(tmp, b, (n < sizeof(tmp)) ? n : sizeof(tmp) - 1);
2193 session[s].tx_connect_speed = atol(tmp);
2194 }
2195 LOG(4, s, t, " TX connect speed <%u>\n", session[s].tx_connect_speed);
2196 break;
2197 case 38: // rx connect speed
2198 if (n == 4)
2199 {
2200 session[s].rx_connect_speed = ntohl(*(uint32_t *)b);
2201 }
2202 else
2203 {
2204 // AS5300s send connect speed as a string
2205 char tmp[30];
2206 memset(tmp, 0, sizeof(tmp));
2207 memcpy(tmp, b, (n < sizeof(tmp)) ? n : sizeof(tmp) - 1);
2208 session[s].rx_connect_speed = atol(tmp);
2209 }
2210 LOG(4, s, t, " RX connect speed <%u>\n", session[s].rx_connect_speed);
2211 break;
2212 case 25: // Physical Channel ID
2213 {
2214 uint32_t tmp = ntohl(*(uint32_t *) b);
2215 LOG(4, s, t, " Physical Channel ID <%X>\n", tmp);
2216 break;
2217 }
2218 case 29: // Proxy Authentication Type
2219 {
2220 uint16_t atype = ntohs(*(uint16_t *)b);
2221 LOG(4, s, t, " Proxy Auth Type %d (%s)\n", atype, ppp_auth_type(atype));
2222 break;
2223 }
2224 case 30: // Proxy Authentication Name
2225 {
2226 char authname[64];
2227 memset(authname, 0, sizeof(authname));
2228 memcpy(authname, b, (n < sizeof(authname)) ? n : sizeof(authname) - 1);
2229 LOG(4, s, t, " Proxy Auth Name (%s)\n",
2230 authname);
2231 break;
2232 }
2233 case 31: // Proxy Authentication Challenge
2234 {
2235 LOG(4, s, t, " Proxy Auth Challenge\n");
2236 break;
2237 }
2238 case 32: // Proxy Authentication ID
2239 {
2240 uint16_t authid = ntohs(*(uint16_t *)(b));
2241 LOG(4, s, t, " Proxy Auth ID (%d)\n", authid);
2242 break;
2243 }
2244 case 33: // Proxy Authentication Response
2245 LOG(4, s, t, " Proxy Auth Response\n");
2246 break;
2247 case 27: // last sent lcp
2248 { // find magic number
2249 uint8_t *p = b, *e = p + n;
2250 while (p + 1 < e && p[1] && p + p[1] <= e)
2251 {
2252 if (*p == 5 && p[1] == 6) // Magic-Number
2253 amagic = ntohl(*(uint32_t *) (p + 2));
2254 else if (*p == 7) // Protocol-Field-Compression
2255 aflags |= SESSIONPFC;
2256 else if (*p == 8) // Address-and-Control-Field-Compression
2257 aflags |= SESSIONACFC;
2258 p += p[1];
2259 }
2260 }
2261 break;
2262 case 28: // last recv lcp confreq
2263 break;
2264 case 26: // Initial Received LCP CONFREQ
2265 break;
2266 case 39: // seq required - we control it as an LNS anyway...
2267 break;
2268 case 36: // Random Vector
2269 LOG(4, s, t, " Random Vector received. Enabled AVP Hiding.\n");
2270 memset(session[s].random_vector, 0, sizeof(session[s].random_vector));
2271 if (n > sizeof(session[s].random_vector))
2272 n = sizeof(session[s].random_vector);
2273 memcpy(session[s].random_vector, b, n);
2274 session[s].random_vector_length = n;
2275 break;
2276 default:
2277 {
2278 static char e[] = "unknown AVP 0xXXXX";
2279 LOG(2, s, t, " Unknown AVP type %d\n", mtype);
2280 fatal = flags;
2281 result = 2; // general error
2282 error = 8; // unknown mandatory AVP
2283 sprintf((msg = e) + 14, "%04x", mtype);
2284 continue; // next
2285 }
2286 }
2287 }
2288 // process message
2289 if (fatal & 0x80)
2290 tunnelshutdown(t, "Invalid mandatory AVP", result, error, msg);
2291 else
2292 switch (message)
2293 {
2294 case 1: // SCCRQ - Start Control Connection Request
2295 tunnel[t].state = TUNNELOPENING;
2296 if (main_quit != QUIT_SHUTDOWN)
2297 {
2298 controlt *c = controlnew(2); // sending SCCRP
2299 control16(c, 2, version, 1); // protocol version
2300 control32(c, 3, 3, 1); // framing
2301 controls(c, 7, hostname, 1); // host name
2302 if (chapresponse) controlb(c, 13, chapresponse, 16, 1); // Challenge response
2303 control16(c, 9, t, 1); // assigned tunnel
2304 controladd(c, 0, t); // send the resply
2305 }
2306 else
2307 {
2308 tunnelshutdown(t, "Shutting down", 6, 0, 0);
2309 }
2310 break;
2311 case 2: // SCCRP
2312 tunnel[t].state = TUNNELOPEN;
2313 break;
2314 case 3: // SCCN
2315 tunnel[t].state = TUNNELOPEN;
2316 controlnull(t); // ack
2317 break;
2318 case 4: // StopCCN
2319 controlnull(t); // ack
2320 tunnelshutdown(t, "Stopped", 0, 0, 0); // Shut down cleanly
2321 break;
2322 case 6: // HELLO
2323 controlnull(t); // simply ACK
2324 break;
2325 case 7: // OCRQ
2326 // TBA
2327 break;
2328 case 8: // OCRO
2329 // TBA
2330 break;
2331 case 9: // OCCN
2332 // TBA
2333 break;
2334 case 10: // ICRQ
2335 if (sessionfree && main_quit != QUIT_SHUTDOWN)
2336 {
2337 controlt *c = controlnew(11); // ICRP
2338
2339 s = sessionfree;
2340 sessionfree = session[s].next;
2341 memset(&session[s], 0, sizeof(session[s]));
2342
2343 if (s > config->cluster_highest_sessionid)
2344 config->cluster_highest_sessionid = s;
2345
2346 session[s].opened = time_now;
2347 session[s].tunnel = t;
2348 session[s].far = asession;
2349 session[s].last_packet = time_now;
2350 LOG(3, s, t, "New session (%d/%d)\n", tunnel[t].far, session[s].far);
2351 control16(c, 14, s, 1); // assigned session
2352 controladd(c, asession, t); // send the reply
2353
2354 strncpy(session[s].called, called, sizeof(session[s].called) - 1);
2355 strncpy(session[s].calling, calling, sizeof(session[s].calling) - 1);
2356
2357 session[s].ppp.phase = Establish;
2358 session[s].ppp.lcp = Starting;
2359
2360 STAT(session_created);
2361 break;
2362 }
2363
2364 {
2365 controlt *c = controlnew(14); // CDN
2366 if (!sessionfree)
2367 {
2368 STAT(session_overflow);
2369 LOG(1, 0, t, "No free sessions\n");
2370 control16(c, 1, 4, 0); // temporary lack of resources
2371 }
2372 else
2373 control16(c, 1, 2, 7); // shutting down, try another
2374
2375 controladd(c, asession, t); // send the message
2376 }
2377 return;
2378 case 11: // ICRP
2379 // TBA
2380 break;
2381 case 12: // ICCN
2382 if (amagic == 0) amagic = time_now;
2383 session[s].magic = amagic; // set magic number
2384 session[s].l2tp_flags = aflags; // set flags received
2385 session[s].mru = config->ppp_mru;
2386 controlnull(t); // ack
2387
2388 // start LCP
2389 sess_local[s].lcp.restart = time_now + config->ppp_restart_time;
2390 sess_local[s].lcp.conf_sent = 1;
2391 sess_local[s].lcp.nak_sent = 0;
2392 sess_local[s].lcp_authtype = config->radius_authprefer;
2393 session[s].ppp.lcp = RequestSent;
2394 sendlcp(s, t);
2395
2396 break;
2397 case 14: // CDN
2398 controlnull(t); // ack
2399 sessionshutdown(s, "Closed (Received CDN).", 0, 0);
2400 break;
2401 case 0xFFFF:
2402 LOG(1, s, t, "Missing message type\n");
2403 break;
2404 default:
2405 STAT(tunnel_rx_errors);
2406 if (mandatory)
2407 tunnelshutdown(t, "Unknown message type", 2, 6, "unknown message type");
2408 else
2409 LOG(1, s, t, "Unknown message type %d\n", message);
2410 break;
2411 }
2412 if (chapresponse) free(chapresponse);
2413 cluster_send_tunnel(t);
2414 }
2415 else
2416 {
2417 LOG(4, s, t, " Got a ZLB ack\n");
2418 }
2419 }
2420 else
2421 { // data
2422 uint16_t proto;
2423
2424 LOG_HEX(5, "Receive Tunnel Data", p, l);
2425 if (l > 2 && p[0] == 0xFF && p[1] == 0x03)
2426 { // HDLC address header, discard
2427 p += 2;
2428 l -= 2;
2429 }
2430 if (l < 2)
2431 {
2432 LOG(1, s, t, "Short ppp length %d\n", l);
2433 STAT(tunnel_rx_errors);
2434 return;
2435 }
2436 if (*p & 1)
2437 {
2438 proto = *p++;
2439 l--;
2440 }
2441 else
2442 {
2443 proto = ntohs(*(uint16_t *) p);
2444 p += 2;
2445 l -= 2;
2446 }
2447
2448 if (s && !session[s].opened) // Is something wrong??
2449 {
2450 if (!config->cluster_iam_master)
2451 {
2452 // Pass it off to the master to deal with..
2453 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
2454 return;
2455 }
2456
2457
2458 LOG(1, s, t, "UDP packet contains session which is not opened. Dropping packet.\n");
2459 STAT(tunnel_rx_errors);
2460 return;
2461 }
2462
2463 if (proto == PPPPAP)
2464 {
2465 session[s].last_packet = time_now;
2466 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2467 processpap(s, t, p, l);
2468 }
2469 else if (proto == PPPCHAP)
2470 {
2471 session[s].last_packet = time_now;
2472 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2473 processchap(s, t, p, l);
2474 }
2475 else if (proto == PPPLCP)
2476 {
2477 session[s].last_packet = time_now;
2478 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2479 processlcp(s, t, p, l);
2480 }
2481 else if (proto == PPPIPCP)
2482 {
2483 session[s].last_packet = time_now;
2484 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2485 processipcp(s, t, p, l);
2486 }
2487 else if (proto == PPPIPV6CP && config->ipv6_prefix.s6_addr[0])
2488 {
2489 session[s].last_packet = time_now;
2490 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2491 processipv6cp(s, t, p, l);
2492 }
2493 else if (proto == PPPCCP)
2494 {
2495 session[s].last_packet = time_now;
2496 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2497 processccp(s, t, p, l);
2498 }
2499 else if (proto == PPPIP)
2500 {
2501 if (session[s].die)
2502 {
2503 LOG(4, s, t, "Session %d is closing. Don't process PPP packets\n", s);
2504 return; // closing session, PPP not processed
2505 }
2506
2507 session[s].last_packet = time_now;
2508 if (session[s].walled_garden && !config->cluster_iam_master)
2509 {
2510 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
2511 return;
2512 }
2513
2514 processipin(s, t, p, l);
2515 }
2516 else if (proto == PPPIPV6 && config->ipv6_prefix.s6_addr[0])
2517 {
2518 if (session[s].die)
2519 {
2520 LOG(4, s, t, "Session %d is closing. Don't process PPP packets\n", s);
2521 return; // closing session, PPP not processed
2522 }
2523
2524 session[s].last_packet = time_now;
2525 if (session[s].walled_garden && !config->cluster_iam_master)
2526 {
2527 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
2528 return;
2529 }
2530
2531 processipv6in(s, t, p, l);
2532 }
2533 else if (session[s].ppp.lcp == Opened)
2534 {
2535 uint8_t buf[MAXETHER];
2536 uint8_t *q;
2537 int mru = session[s].mru;
2538
2539 if (!mru) mru = MAXMRU;
2540 if (mru > sizeof(buf)) mru = sizeof(buf);
2541
2542 l += 6;
2543 if (l > mru) l = mru;
2544
2545 q = makeppp(buf, sizeof(buf), 0, 0, s, t, proto);
2546 if (!q) return;
2547
2548 *q = CodeRej;
2549 *(q + 1) = ++sess_local[s].lcp_ident;
2550 *(uint16_t *)(q + 2) = l;
2551 *(uint16_t *)(q + 4) = htons(proto);
2552 memcpy(q + 6, p, l - 6);
2553
2554 if (proto == PPPIPV6CP)
2555 LOG(3, s, t, "LCP: send ProtocolRej (IPV6CP: not configured)\n");
2556 else
2557 LOG(2, s, t, "LCP: sent ProtocolRej (0x%04X: unsupported)\n", proto);
2558
2559 tunnelsend(buf, l + (q - buf), t);
2560 }
2561 else
2562 {
2563 LOG(2, s, t, "Unknown PPP protocol 0x%04X received in LCP %s state\n",
2564 proto, ppp_state(session[s].ppp.lcp));
2565 }
2566 }
2567 }
2568
2569 // read and process packet on tun
2570 static void processtun(uint8_t * buf, int len)
2571 {
2572 LOG_HEX(5, "Receive TUN Data", buf, len);
2573 STAT(tun_rx_packets);
2574 INC_STAT(tun_rx_bytes, len);
2575
2576 CSTAT(processtun);
2577
2578 eth_rx_pkt++;
2579 eth_rx += len;
2580 if (len < 22)
2581 {
2582 LOG(1, 0, 0, "Short tun packet %d bytes\n", len);
2583 STAT(tun_rx_errors);
2584 return;
2585 }
2586
2587 if (*(uint16_t *) (buf + 2) == htons(PKTIP)) // IPv4
2588 processipout(buf, len);
2589 else if (*(uint16_t *) (buf + 2) == htons(PKTIPV6) // IPV6
2590 && config->ipv6_prefix.s6_addr[0])
2591 processipv6out(buf, len);
2592
2593 // Else discard.
2594 }
2595
2596 // Handle retries, timeouts. Runs every 1/10th sec, want to ensure
2597 // that we look at the whole of the tunnel, radius and session tables
2598 // every second
2599 static void regular_cleanups(double period)
2600 {
2601 // Next tunnel, radius and session to check for actions on.
2602 static tunnelidt t = 0;
2603 static int r = 0;
2604 static sessionidt s = 0;
2605
2606 int t_actions = 0;
2607 int r_actions = 0;
2608 int s_actions = 0;
2609
2610 int t_slice;
2611 int r_slice;
2612 int s_slice;
2613
2614 int i;
2615 int a;
2616
2617 // divide up tables into slices based on the last run
2618 t_slice = config->cluster_highest_tunnelid * period;
2619 r_slice = (MAXRADIUS - 1) * period;
2620 s_slice = config->cluster_highest_sessionid * period;
2621
2622 if (t_slice < 1)
2623 t_slice = 1;
2624 else if (t_slice > config->cluster_highest_tunnelid)
2625 t_slice = config->cluster_highest_tunnelid;
2626
2627 if (r_slice < 1)
2628 r_slice = 1;
2629 else if (r_slice > (MAXRADIUS - 1))
2630 r_slice = MAXRADIUS - 1;
2631
2632 if (s_slice < 1)
2633 s_slice = 1;
2634 else if (s_slice > config->cluster_highest_sessionid)
2635 s_slice = config->cluster_highest_sessionid;
2636
2637 LOG(4, 0, 0, "Begin regular cleanup (last %f seconds ago)\n", period);
2638
2639 for (i = 0; i < t_slice; i++)
2640 {
2641 t++;
2642 if (t > config->cluster_highest_tunnelid)
2643 t = 1;
2644
2645 // check for expired tunnels
2646 if (tunnel[t].die && tunnel[t].die <= TIME)
2647 {
2648 STAT(tunnel_timeout);
2649 tunnelkill(t, "Expired");
2650 t_actions++;
2651 continue;
2652 }
2653 // check for message resend
2654 if (tunnel[t].retry && tunnel[t].controlc)
2655 {
2656 // resend pending messages as timeout on reply
2657 if (tunnel[t].retry <= TIME)
2658 {
2659 controlt *c = tunnel[t].controls;
2660 uint8_t w = tunnel[t].window;
2661 tunnel[t].try++; // another try
2662 if (tunnel[t].try > 5)
2663 tunnelkill(t, "Timeout on control message"); // game over
2664 else
2665 while (c && w--)
2666 {
2667 tunnelsend(c->buf, c->length, t);
2668 c = c->next;
2669 }
2670
2671 t_actions++;
2672 }
2673 }
2674 // Send hello
2675 if (tunnel[t].state == TUNNELOPEN && (time_now - tunnel[t].lastrec) > 60)
2676 {
2677 controlt *c = controlnew(6); // sending HELLO
2678 controladd(c, 0, t); // send the message
2679 LOG(3, 0, t, "Sending HELLO message\n");
2680 t_actions++;
2681 }
2682
2683 // Check for tunnel changes requested from the CLI
2684 if ((a = cli_tunnel_actions[t].action))
2685 {
2686 cli_tunnel_actions[t].action = 0;
2687 if (a & CLI_TUN_KILL)
2688 {
2689 LOG(2, 0, t, "Dropping tunnel by CLI\n");
2690 tunnelshutdown(t, "Requested by administrator", 1, 0, 0);
2691 t_actions++;
2692 }
2693 }
2694 }
2695
2696 for (i = 0; i < r_slice; i++)
2697 {
2698 r++;
2699 if (r >= MAXRADIUS)
2700 r = 1;
2701
2702 if (!radius[r].state)
2703 continue;
2704
2705 if (radius[r].retry <= TIME)
2706 {
2707 radiusretry(r);
2708 r_actions++;
2709 }
2710 }
2711
2712 for (i = 0; i < s_slice; i++)
2713 {
2714 s++;
2715 if (s > config->cluster_highest_sessionid)
2716 s = 1;
2717
2718 if (!session[s].opened) // Session isn't in use
2719 continue;
2720
2721 // check for expired sessions
2722 if (session[s].die)
2723 {
2724 if (session[s].die <= TIME)
2725 {
2726 sessionkill(s, "Expired");
2727 s_actions++;
2728 }
2729 continue;
2730 }
2731
2732 // PPP timeouts
2733 if (sess_local[s].lcp.restart <= time_now)
2734 {
2735 int next_state = session[s].ppp.lcp;
2736 switch (session[s].ppp.lcp)
2737 {
2738 case RequestSent:
2739 case AckReceived:
2740 next_state = RequestSent;
2741
2742 case AckSent:
2743 if (sess_local[s].lcp.conf_sent < config->ppp_max_configure)
2744 {
2745 LOG(3, s, session[s].tunnel, "No ACK for LCP ConfigReq... resending\n");
2746 sess_local[s].lcp.restart = time_now + config->ppp_restart_time;
2747 sess_local[s].lcp.conf_sent++;
2748 sendlcp(s, session[s].tunnel);
2749 change_state(s, lcp, next_state);
2750 }
2751 else
2752 {
2753 sessionshutdown(s, "No response to LCP ConfigReq.", 3, 0);
2754 STAT(session_timeout);
2755 }
2756
2757 s_actions++;
2758 }
2759
2760 if (session[s].die)
2761 continue;
2762 }
2763
2764 if (sess_local[s].ipcp.restart <= time_now)
2765 {
2766 int next_state = session[s].ppp.ipcp;
2767 switch (session[s].ppp.ipcp)
2768 {
2769 case RequestSent:
2770 case AckReceived:
2771 next_state = RequestSent;
2772
2773 case AckSent:
2774 if (sess_local[s].ipcp.conf_sent < config->ppp_max_configure)
2775 {
2776 LOG(3, s, session[s].tunnel, "No ACK for IPCP ConfigReq... resending\n");
2777 sess_local[s].ipcp.restart = time_now + config->ppp_restart_time;
2778 sess_local[s].ipcp.conf_sent++;
2779 sendipcp(s, session[s].tunnel);
2780 change_state(s, ipcp, next_state);
2781 }
2782 else
2783 {
2784 sessionshutdown(s, "No response to IPCP ConfigReq.", 3, 0);
2785 STAT(session_timeout);
2786 }
2787
2788 s_actions++;
2789 }
2790
2791 if (session[s].die)
2792 continue;
2793 }
2794
2795 if (sess_local[s].ipv6cp.restart <= time_now)
2796 {
2797 int next_state = session[s].ppp.ipv6cp;
2798 switch (session[s].ppp.ipv6cp)
2799 {
2800 case RequestSent:
2801 case AckReceived:
2802 next_state = RequestSent;
2803
2804 case AckSent:
2805 if (sess_local[s].ipv6cp.conf_sent < config->ppp_max_configure)
2806 {
2807 LOG(3, s, session[s].tunnel, "No ACK for IPV6CP ConfigReq... resending\n");
2808 sess_local[s].ipv6cp.restart = time_now + config->ppp_restart_time;
2809 sess_local[s].ipv6cp.conf_sent++;
2810 sendipv6cp(s, session[s].tunnel);
2811 change_state(s, ipv6cp, next_state);
2812 }
2813 else
2814 {
2815 LOG(3, s, session[s].tunnel, "No ACK for IPV6CP ConfigReq\n");
2816 change_state(s, ipv6cp, Stopped);
2817 }
2818
2819 s_actions++;
2820 }
2821 }
2822
2823 if (sess_local[s].ccp.restart <= time_now)
2824 {
2825 int next_state = session[s].ppp.ccp;
2826 switch (session[s].ppp.ccp)
2827 {
2828 case RequestSent:
2829 case AckReceived:
2830 next_state = RequestSent;
2831
2832 case AckSent:
2833 if (sess_local[s].ccp.conf_sent < config->ppp_max_configure)
2834 {
2835 LOG(3, s, session[s].tunnel, "No ACK for CCP ConfigReq... resending\n");
2836 sess_local[s].ccp.restart = time_now + config->ppp_restart_time;
2837 sess_local[s].ccp.conf_sent++;
2838 sendccp(s, session[s].tunnel);
2839 change_state(s, ccp, next_state);
2840 }
2841 else
2842 {
2843 LOG(3, s, session[s].tunnel, "No ACK for CCP ConfigReq\n");
2844 change_state(s, ccp, Stopped);
2845 }
2846
2847 s_actions++;
2848 }
2849 }
2850
2851 // Drop sessions who have not responded within IDLE_TIMEOUT seconds
2852 if (session[s].last_packet && (time_now - session[s].last_packet >= IDLE_TIMEOUT))
2853 {
2854 sessionshutdown(s, "No response to LCP ECHO requests.", 3, 0);
2855 STAT(session_timeout);
2856 s_actions++;
2857 continue;
2858 }
2859
2860 // No data in ECHO_TIMEOUT seconds, send LCP ECHO
2861 if (session[s].ppp.phase >= Establish && (time_now - session[s].last_packet >= ECHO_TIMEOUT))
2862 {
2863 uint8_t b[MAXETHER];
2864
2865 uint8_t *q = makeppp(b, sizeof(b), 0, 0, s, session[s].tunnel, PPPLCP);
2866 if (!q) continue;
2867
2868 *q = EchoReq;
2869 *(uint8_t *)(q + 1) = (time_now % 255); // ID
2870 *(uint16_t *)(q + 2) = htons(8); // Length
2871 *(uint32_t *)(q + 4) = 0; // Magic Number (not supported)
2872
2873 LOG(4, s, session[s].tunnel, "No data in %d seconds, sending LCP ECHO\n",
2874 (int)(time_now - session[s].last_packet));
2875 tunnelsend(b, 24, session[s].tunnel); // send it
2876 s_actions++;
2877 }
2878
2879 // Check for actions requested from the CLI
2880 if ((a = cli_session_actions[s].action))
2881 {
2882 int send = 0;
2883
2884 cli_session_actions[s].action = 0;
2885 if (a & CLI_SESS_KILL)
2886 {
2887 LOG(2, s, session[s].tunnel, "Dropping session by CLI\n");
2888 sessionshutdown(s, "Requested by administrator.", 3, 0);
2889 a = 0; // dead, no need to check for other actions
2890 s_actions++;
2891 }
2892
2893 if (a & CLI_SESS_NOSNOOP)
2894 {
2895 LOG(2, s, session[s].tunnel, "Unsnooping session by CLI\n");
2896 session[s].snoop_ip = 0;
2897 session[s].snoop_port = 0;
2898 s_actions++;
2899 send++;
2900 }
2901 else if (a & CLI_SESS_SNOOP)
2902 {
2903 LOG(2, s, session[s].tunnel, "Snooping session by CLI (to %s:%d)\n",
2904 fmtaddr(cli_session_actions[s].snoop_ip, 0),
2905 cli_session_actions[s].snoop_port);
2906
2907 session[s].snoop_ip = cli_session_actions[s].snoop_ip;
2908 session[s].snoop_port = cli_session_actions[s].snoop_port;
2909 s_actions++;
2910 send++;
2911 }
2912
2913 if (a & CLI_SESS_NOTHROTTLE)
2914 {
2915 LOG(2, s, session[s].tunnel, "Un-throttling session by CLI\n");
2916 throttle_session(s, 0, 0);
2917 s_actions++;
2918 send++;
2919 }
2920 else if (a & CLI_SESS_THROTTLE)
2921 {
2922 LOG(2, s, session[s].tunnel, "Throttling session by CLI (to %dkb/s up and %dkb/s down)\n",
2923 cli_session_actions[s].throttle_in,
2924 cli_session_actions[s].throttle_out);
2925
2926 throttle_session(s, cli_session_actions[s].throttle_in, cli_session_actions[s].throttle_out);
2927 s_actions++;
2928 send++;
2929 }
2930
2931 if (a & CLI_SESS_NOFILTER)
2932 {
2933 LOG(2, s, session[s].tunnel, "Un-filtering session by CLI\n");
2934 filter_session(s, 0, 0);
2935 s_actions++;
2936 send++;
2937 }
2938 else if (a & CLI_SESS_FILTER)
2939 {
2940 LOG(2, s, session[s].tunnel, "Filtering session by CLI (in=%d, out=%d)\n",
2941 cli_session_actions[s].filter_in,
2942 cli_session_actions[s].filter_out);
2943
2944 filter_session(s, cli_session_actions[s].filter_in, cli_session_actions[s].filter_out);
2945 s_actions++;
2946 send++;
2947 }
2948
2949 if (send)
2950 cluster_send_session(s);
2951 }
2952
2953 // RADIUS interim accounting
2954 if (config->radius_accounting && config->radius_interim > 0
2955 && session[s].ip && !session[s].walled_garden
2956 && !sess_local[s].radius // RADIUS already in progress
2957 && time_now - sess_local[s].last_interim >= config->radius_interim)
2958 {
2959 int rad = radiusnew(s);
2960 if (!rad)
2961 {
2962 LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Interim message\n");
2963 STAT(radius_overflow);
2964 continue;
2965 }
2966
2967 LOG(3, s, session[s].tunnel, "Sending RADIUS Interim for %s (%u)\n",
2968 session[s].user, session[s].unique_id);
2969
2970 radiussend(rad, RADIUSINTERIM);
2971 sess_local[s].last_interim = time_now;
2972 s_actions++;
2973 }
2974 }
2975
2976 LOG(4, 0, 0, "End regular cleanup: checked %d/%d/%d tunnels/radius/sessions; %d/%d/%d actions\n",
2977 t_slice, r_slice, s_slice, t_actions, r_actions, s_actions);
2978 }
2979
2980 //
2981 // Are we in the middle of a tunnel update, or radius
2982 // requests??
2983 //
2984 static int still_busy(void)
2985 {
2986 int i;
2987 static clockt last_talked = 0;
2988 static clockt start_busy_wait = 0;
2989
2990 if (!config->cluster_iam_master)
2991 {
2992 #ifdef BGP
2993 static time_t stopped_bgp = 0;
2994 if (bgp_configured)
2995 {
2996 if (!stopped_bgp)
2997 {
2998 LOG(1, 0, 0, "Shutting down in %d seconds, stopping BGP...\n", QUIT_DELAY);
2999
3000 for (i = 0; i < BGP_NUM_PEERS; i++)
3001 if (bgp_peers[i].state == Established)
3002 bgp_stop(&bgp_peers[i]);
3003
3004 stopped_bgp = time_now;
3005
3006 // we don't want to become master
3007 cluster_send_ping(0);
3008
3009 return 1;
3010 }
3011
3012 if (time_now < (stopped_bgp + QUIT_DELAY))
3013 return 1;
3014 }
3015 #endif /* BGP */
3016
3017 return 0;
3018 }
3019
3020 if (main_quit == QUIT_SHUTDOWN)
3021 {
3022 static int dropped = 0;
3023 if (!dropped)
3024 {
3025 int i;
3026
3027 LOG(1, 0, 0, "Dropping sessions and tunnels\n");
3028 for (i = 1; i < MAXTUNNEL; i++)
3029 if (tunnel[i].ip || tunnel[i].state)
3030 tunnelshutdown(i, "L2TPNS Closing", 6, 0, 0);
3031
3032 dropped = 1;
3033 }
3034 }
3035
3036 if (start_busy_wait == 0)
3037 start_busy_wait = TIME;
3038
3039 for (i = config->cluster_highest_tunnelid ; i > 0 ; --i)
3040 {
3041 if (!tunnel[i].controlc)
3042 continue;
3043
3044 if (last_talked != TIME)
3045 {
3046 LOG(2, 0, 0, "Tunnel %d still has un-acked control messages.\n", i);
3047 last_talked = TIME;
3048 }
3049 return 1;
3050 }
3051
3052 // We stop waiting for radius after BUSY_WAIT_TIME 1/10th seconds
3053 if (abs(TIME - start_busy_wait) > BUSY_WAIT_TIME)
3054 {
3055 LOG(1, 0, 0, "Giving up waiting for RADIUS to be empty. Shutting down anyway.\n");
3056 return 0;
3057 }
3058
3059 for (i = 1; i < MAXRADIUS; i++)
3060 {
3061 if (radius[i].state == RADIUSNULL)
3062 continue;
3063 if (radius[i].state == RADIUSWAIT)
3064 continue;
3065
3066 if (last_talked != TIME)
3067 {
3068 LOG(2, 0, 0, "Radius session %d is still busy (sid %d)\n", i, radius[i].session);
3069 last_talked = TIME;
3070 }
3071 return 1;
3072 }
3073
3074 return 0;
3075 }
3076
3077 #ifdef HAVE_EPOLL
3078 # include <sys/epoll.h>
3079 #else
3080 # define FAKE_EPOLL_IMPLEMENTATION /* include the functions */
3081 # include "fake_epoll.h"
3082 #endif
3083
3084 // the base set of fds polled: cli, cluster, tun, udp, control, dae
3085 #define BASE_FDS 6
3086
3087 // additional polled fds
3088 #ifdef BGP
3089 # define EXTRA_FDS BGP_NUM_PEERS
3090 #else
3091 # define EXTRA_FDS 0
3092 #endif
3093
3094 // main loop - gets packets on tun or udp and processes them
3095 static void mainloop(void)
3096 {
3097 int i;
3098 uint8_t buf[65536];
3099 clockt next_cluster_ping = 0; // send initial ping immediately
3100 struct epoll_event events[BASE_FDS + RADIUS_FDS + EXTRA_FDS];
3101 int maxevent = sizeof(events)/sizeof(*events);
3102
3103 if ((epollfd = epoll_create(maxevent)) < 0)
3104 {
3105 LOG(0, 0, 0, "epoll_create failed: %s\n", strerror(errno));
3106 exit(1);
3107 }
3108
3109 LOG(4, 0, 0, "Beginning of main loop. clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d\n",
3110 clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd);
3111
3112 /* setup our fds to poll for input */
3113 {
3114 static struct event_data d[BASE_FDS];
3115 struct epoll_event e;
3116
3117 e.events = EPOLLIN;
3118 i = 0;
3119
3120 d[i].type = FD_TYPE_CLI;
3121 e.data.ptr = &d[i++];
3122 epoll_ctl(epollfd, EPOLL_CTL_ADD, clifd, &e);
3123
3124 d[i].type = FD_TYPE_CLUSTER;
3125 e.data.ptr = &d[i++];
3126 epoll_ctl(epollfd, EPOLL_CTL_ADD, cluster_sockfd, &e);
3127
3128 d[i].type = FD_TYPE_TUN;
3129 e.data.ptr = &d[i++];
3130 epoll_ctl(epollfd, EPOLL_CTL_ADD, tunfd, &e);
3131
3132 d[i].type = FD_TYPE_UDP;
3133 e.data.ptr = &d[i++];
3134 epoll_ctl(epollfd, EPOLL_CTL_ADD, udpfd, &e);
3135
3136 d[i].type = FD_TYPE_CONTROL;
3137 e.data.ptr = &d[i++];
3138 epoll_ctl(epollfd, EPOLL_CTL_ADD, controlfd, &e);
3139
3140 d[i].type = FD_TYPE_DAE;
3141 e.data.ptr = &d[i++];
3142 epoll_ctl(epollfd, EPOLL_CTL_ADD, daefd, &e);
3143 }
3144
3145 #ifdef BGP
3146 signal(SIGPIPE, SIG_IGN);
3147 bgp_setup(config->as_number);
3148 if (config->bind_address)
3149 bgp_add_route(config->bind_address, 0xffffffff);
3150
3151 for (i = 0; i < BGP_NUM_PEERS; i++)
3152 {
3153 if (config->neighbour[i].name[0])
3154 bgp_start(&bgp_peers[i], config->neighbour[i].name,
3155 config->neighbour[i].as, config->neighbour[i].keepalive,
3156 config->neighbour[i].hold, 0); /* 0 = routing disabled */
3157 }
3158 #endif /* BGP */
3159
3160 while (!main_quit || still_busy())
3161 {
3162 int more = 0;
3163 int n;
3164
3165 if (config->reload_config)
3166 {
3167 // Update the config state based on config settings
3168 update_config();
3169 }
3170
3171 #ifdef BGP
3172 bgp_set_poll();
3173 #endif /* BGP */
3174
3175 n = epoll_wait(epollfd, events, maxevent, 100); // timeout 100ms (1/10th sec)
3176 STAT(select_called);
3177
3178 TIME = now(NULL);
3179 if (n < 0)
3180 {
3181 if (errno == EINTR ||
3182 errno == ECHILD) // EINTR was clobbered by sigchild_handler()
3183 continue;
3184
3185 LOG(0, 0, 0, "Error returned from select(): %s\n", strerror(errno));
3186 break; // exit
3187 }
3188
3189 if (n)
3190 {
3191 struct sockaddr_in addr;
3192 socklen_t alen;
3193 int c, s;
3194 int udp_ready = 0;
3195 int tun_ready = 0;
3196 int cluster_ready = 0;
3197 int udp_pkts = 0;
3198 int tun_pkts = 0;
3199 int cluster_pkts = 0;
3200 #ifdef BGP
3201 uint32_t bgp_events[BGP_NUM_PEERS];
3202 memset(bgp_events, 0, sizeof(bgp_events));
3203 #endif /* BGP */
3204
3205 for (c = n, i = 0; i < c; i++)
3206 {
3207 struct event_data *d = events[i].data.ptr;
3208 switch (d->type)
3209 {
3210 case FD_TYPE_CLI: // CLI connections
3211 {
3212 int cli;
3213
3214 alen = sizeof(addr);
3215 if ((cli = accept(clifd, (struct sockaddr *)&addr, &alen)) >= 0)
3216 {
3217 cli_do(cli);
3218 close(cli);
3219 }
3220 else
3221 LOG(0, 0, 0, "accept error: %s\n", strerror(errno));
3222
3223 n--;
3224 break;
3225 }
3226
3227 // these are handled below, with multiple interleaved reads
3228 case FD_TYPE_CLUSTER: cluster_ready++; break;
3229 case FD_TYPE_TUN: tun_ready++; break;
3230 case FD_TYPE_UDP: udp_ready++; break;
3231
3232 case FD_TYPE_CONTROL: // nsctl commands
3233 alen = sizeof(addr);
3234 processcontrol(buf, recvfrom(controlfd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen), &addr, alen);
3235 n--;
3236 break;
3237
3238 case FD_TYPE_DAE: // DAE requests
3239 alen = sizeof(addr);
3240 processdae(buf, recvfrom(daefd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen), &addr, alen);
3241 n--;
3242 break;
3243
3244 case FD_TYPE_RADIUS: // RADIUS response
3245 s = recv(radfds[d->index], buf, sizeof(buf), 0);
3246 if (s >= 0 && config->cluster_iam_master)
3247 processrad(buf, s, d->index);
3248
3249 n--;
3250 break;
3251
3252 #ifdef BGP
3253 case FD_TYPE_BGP:
3254 bgp_events[d->index] = events[i].events;
3255 n--;
3256 break;
3257 #endif /* BGP */
3258
3259 default:
3260 LOG(0, 0, 0, "Unexpected fd type returned from epoll_wait: %d\n", d->type);
3261 }
3262 }
3263
3264 #ifdef BGP
3265 bgp_process(bgp_events);
3266 #endif /* BGP */
3267
3268 for (c = 0; n && c < config->multi_read_count; c++)
3269 {
3270 // L2TP
3271 if (udp_ready)
3272 {
3273 alen = sizeof(addr);
3274 if ((s = recvfrom(udpfd, buf, sizeof(buf), 0, (void *) &addr, &alen)) > 0)
3275 {
3276 processudp(buf, s, &addr);
3277 udp_pkts++;
3278 }
3279 else
3280 {
3281 udp_ready = 0;
3282 n--;
3283 }
3284 }
3285
3286 // incoming IP
3287 if (tun_ready)
3288 {
3289 if ((s = read(tunfd, buf, sizeof(buf))) > 0)
3290 {
3291 processtun(buf, s);
3292 tun_pkts++;
3293 }
3294 else
3295 {
3296 tun_ready = 0;
3297 n--;
3298 }
3299 }
3300
3301 // cluster
3302 if (cluster_ready)
3303 {
3304 alen = sizeof(addr);
3305 if ((s = recvfrom(cluster_sockfd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen)) > 0)
3306 {
3307 processcluster(buf, s, addr.sin_addr.s_addr);
3308 cluster_pkts++;
3309 }
3310 else
3311 {
3312 cluster_ready = 0;
3313 n--;
3314 }
3315 }
3316 }
3317
3318 if (udp_pkts > 1 || tun_pkts > 1 || cluster_pkts > 1)
3319 STAT(multi_read_used);
3320
3321 if (c >= config->multi_read_count)
3322 {
3323 LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun and %d cluster packets\n",
3324 config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts);
3325
3326 STAT(multi_read_exceeded);
3327 more++;
3328 }
3329 }
3330
3331 // Runs on every machine (master and slaves).
3332 if (next_cluster_ping <= TIME)
3333 {
3334 // Check to see which of the cluster is still alive..
3335
3336 cluster_send_ping(basetime); // Only does anything if we're a slave
3337 cluster_check_master(); // ditto.
3338
3339 cluster_heartbeat(); // Only does anything if we're a master.
3340 cluster_check_slaves(); // ditto.
3341
3342 master_update_counts(); // If we're a slave, send our byte counters to our master.
3343
3344 if (config->cluster_iam_master && !config->cluster_iam_uptodate)
3345 next_cluster_ping = TIME + 1; // out-of-date slaves, do fast updates
3346 else
3347 next_cluster_ping = TIME + config->cluster_hb_interval;
3348 }
3349
3350 if (!config->cluster_iam_master)
3351 continue;
3352
3353 // Run token bucket filtering queue..
3354 // Only run it every 1/10th of a second.
3355 {
3356 static clockt last_run = 0;
3357 if (last_run != TIME)
3358 {
3359 last_run = TIME;
3360 tbf_run_timer();
3361 }
3362 }
3363
3364 // Handle timeouts, retries etc.
3365 {
3366 static double last_clean = 0;
3367 double this_clean;
3368 double diff;
3369
3370 TIME = now(&this_clean);
3371 diff = this_clean - last_clean;
3372
3373 // Run during idle time (after we've handled
3374 // all incoming packets) or every 1/10th sec
3375 if (!more || diff > 0.1)
3376 {
3377 regular_cleanups(diff);
3378 last_clean = this_clean;
3379 }
3380 }
3381
3382 if (*config->accounting_dir)
3383 {
3384 static clockt next_acct = 0;
3385 static clockt next_shut_acct = 0;
3386
3387 if (next_acct <= TIME)
3388 {
3389 // Dump accounting data
3390 next_acct = TIME + ACCT_TIME;
3391 next_shut_acct = TIME + ACCT_SHUT_TIME;
3392 dump_acct_info(1);
3393 }
3394 else if (next_shut_acct <= TIME)
3395 {
3396 // Dump accounting data for shutdown sessions
3397 next_shut_acct = TIME + ACCT_SHUT_TIME;
3398 if (shut_acct_n)
3399 dump_acct_info(0);
3400 }
3401 }
3402 }
3403
3404 // Are we the master and shutting down??
3405 if (config->cluster_iam_master)
3406 cluster_heartbeat(); // Flush any queued changes..
3407
3408 // Ok. Notify everyone we're shutting down. If we're
3409 // the master, this will force an election.
3410 cluster_send_ping(0);
3411
3412 //
3413 // Important!!! We MUST not process any packets past this point!
3414 LOG(1, 0, 0, "Shutdown complete\n");
3415 }
3416
3417 static void stripdomain(char *host)
3418 {
3419 char *p;
3420
3421 if ((p = strchr(host, '.')))
3422 {
3423 char *domain = 0;
3424 char _domain[1024];
3425
3426 // strip off domain
3427 FILE *resolv = fopen("/etc/resolv.conf", "r");
3428 if (resolv)
3429 {
3430 char buf[1024];
3431 char *b;
3432
3433 while (fgets(buf, sizeof(buf), resolv))
3434 {
3435 if (strncmp(buf, "domain", 6) && strncmp(buf, "search", 6))
3436 continue;
3437
3438 if (!isspace(buf[6]))
3439 continue;
3440
3441 b = buf + 7;
3442 while (isspace(*b)) b++;
3443
3444 if (*b)
3445 {
3446 char *d = b;
3447 while (*b && !isspace(*b)) b++;
3448 *b = 0;
3449 if (buf[0] == 'd') // domain is canonical
3450 {
3451 domain = d;
3452 break;
3453 }
3454
3455 // first search line
3456 if (!domain)
3457 {
3458 // hold, may be subsequent domain line
3459 strncpy(_domain, d, sizeof(_domain))[sizeof(_domain)-1] = 0;
3460 domain = _domain;
3461 }
3462 }
3463 }
3464
3465 fclose(resolv);
3466 }
3467
3468 if (domain)
3469 {
3470 int hl = strlen(host);
3471 int dl = strlen(domain);
3472 if (dl < hl && host[hl - dl - 1] == '.' && !strcmp(host + hl - dl, domain))
3473 host[hl -dl - 1] = 0;
3474 }
3475 else
3476 {
3477 *p = 0; // everything after first dot
3478 }
3479 }
3480 }
3481
3482 // Init data structures
3483 static void initdata(int optdebug, char *optconfig)
3484 {
3485 int i;
3486
3487 if (!(config = shared_malloc(sizeof(configt))))
3488 {
3489 fprintf(stderr, "Error doing malloc for configuration: %s\n", strerror(errno));
3490 exit(1);
3491 }
3492
3493 memset(config, 0, sizeof(configt));
3494 time(&config->start_time);
3495 strncpy(config->config_file, optconfig, strlen(optconfig));
3496 config->debug = optdebug;
3497 config->num_tbfs = MAXTBFS;
3498 config->rl_rate = 28; // 28kbps
3499 config->cluster_mcast_ttl = 1;
3500 config->cluster_master_min_adv = 1;
3501 config->ppp_restart_time = 3;
3502 config->ppp_max_configure = 10;
3503 config->ppp_max_failure = 5;
3504 config->ppp_mru = DEFAULT_MRU;
3505 strcpy(config->random_device, RANDOMDEVICE);
3506
3507 log_stream = stderr;
3508
3509 #ifdef RINGBUFFER
3510 if (!(ringbuffer = shared_malloc(sizeof(struct Tringbuffer))))
3511 {
3512 LOG(0, 0, 0, "Error doing malloc for ringbuffer: %s\n", strerror(errno));
3513 exit(1);
3514 }
3515 memset(ringbuffer, 0, sizeof(struct Tringbuffer));
3516 #endif
3517
3518 if (!(_statistics = shared_malloc(sizeof(struct Tstats))))
3519 {
3520 LOG(0, 0, 0, "Error doing malloc for _statistics: %s\n", strerror(errno));
3521 exit(1);
3522 }
3523 if (!(tunnel = shared_malloc(sizeof(tunnelt) * MAXTUNNEL)))
3524 {
3525 LOG(0, 0, 0, "Error doing malloc for tunnels: %s\n", strerror(errno));
3526 exit(1);
3527 }
3528 if (!(session = shared_malloc(sizeof(sessiont) * MAXSESSION)))
3529 {
3530 LOG(0, 0, 0, "Error doing malloc for sessions: %s\n", strerror(errno));
3531 exit(1);
3532 }
3533
3534 if (!(sess_local = shared_malloc(sizeof(sessionlocalt) * MAXSESSION)))
3535 {
3536 LOG(0, 0, 0, "Error doing malloc for sess_local: %s\n", strerror(errno));
3537 exit(1);
3538 }
3539
3540 if (!(radius = shared_malloc(sizeof(radiust) * MAXRADIUS)))
3541 {
3542 LOG(0, 0, 0, "Error doing malloc for radius: %s\n", strerror(errno));
3543 exit(1);
3544 }
3545
3546 if (!(ip_address_pool = shared_malloc(sizeof(ippoolt) * MAXIPPOOL)))
3547 {
3548 LOG(0, 0, 0, "Error doing malloc for ip_address_pool: %s\n", strerror(errno));
3549 exit(1);
3550 }
3551
3552 if (!(ip_filters = shared_malloc(sizeof(ip_filtert) * MAXFILTER)))
3553 {
3554 LOG(0, 0, 0, "Error doing malloc for ip_filters: %s\n", strerror(errno));
3555 exit(1);
3556 }
3557 memset(ip_filters, 0, sizeof(ip_filtert) * MAXFILTER);
3558
3559 if (!(cli_session_actions = shared_malloc(sizeof(struct cli_session_actions) * MAXSESSION)))
3560 {
3561 LOG(0, 0, 0, "Error doing malloc for cli session actions: %s\n", strerror(errno));
3562 exit(1);
3563 }
3564 memset(cli_session_actions, 0, sizeof(struct cli_session_actions) * MAXSESSION);
3565
3566 if (!(cli_tunnel_actions = shared_malloc(sizeof(struct cli_tunnel_actions) * MAXSESSION)))
3567 {
3568 LOG(0, 0, 0, "Error doing malloc for cli tunnel actions: %s\n", strerror(errno));
3569 exit(1);
3570 }
3571 memset(cli_tunnel_actions, 0, sizeof(struct cli_tunnel_actions) * MAXSESSION);
3572
3573 memset(tunnel, 0, sizeof(tunnelt) * MAXTUNNEL);
3574 memset(session, 0, sizeof(sessiont) * MAXSESSION);
3575 memset(radius, 0, sizeof(radiust) * MAXRADIUS);
3576 memset(ip_address_pool, 0, sizeof(ippoolt) * MAXIPPOOL);
3577
3578 // Put all the sessions on the free list marked as undefined.
3579 for (i = 1; i < MAXSESSION; i++)
3580 {
3581 session[i].next = i + 1;
3582 session[i].tunnel = T_UNDEF; // mark it as not filled in.
3583 }
3584 session[MAXSESSION - 1].next = 0;
3585 sessionfree = 1;
3586
3587 // Mark all the tunnels as undefined (waiting to be filled in by a download).
3588 for (i = 1; i < MAXTUNNEL; i++)
3589 tunnel[i].state = TUNNELUNDEF; // mark it as not filled in.
3590
3591 if (!*hostname)
3592 {
3593 // Grab my hostname unless it's been specified
3594 gethostname(hostname, sizeof(hostname));
3595 stripdomain(hostname);
3596 }
3597
3598 _statistics->start_time = _statistics->last_reset = time(NULL);
3599
3600 #ifdef BGP
3601 if (!(bgp_peers = shared_malloc(sizeof(struct bgp_peer) * BGP_NUM_PEERS)))
3602 {
3603 LOG(0, 0, 0, "Error doing malloc for bgp: %s\n", strerror(errno));
3604 exit(1);
3605 }
3606 #endif /* BGP */
3607 }
3608
3609 static int assign_ip_address(sessionidt s)
3610 {
3611 uint32_t i;
3612 int best = -1;
3613 time_t best_time = time_now;
3614 char *u = session[s].user;
3615 char reuse = 0;
3616
3617
3618 CSTAT(assign_ip_address);
3619
3620 for (i = 1; i < ip_pool_size; i++)
3621 {
3622 if (!ip_address_pool[i].address || ip_address_pool[i].assigned)
3623 continue;
3624
3625 if (!session[s].walled_garden && ip_address_pool[i].user[0] && !strcmp(u, ip_address_pool[i].user))
3626 {
3627 best = i;
3628 reuse = 1;
3629 break;
3630 }
3631
3632 if (ip_address_pool[i].last < best_time)
3633 {
3634 best = i;
3635 if (!(best_time = ip_address_pool[i].last))
3636 break; // never used, grab this one
3637 }
3638 }
3639
3640 if (best < 0)
3641 {
3642 LOG(0, s, session[s].tunnel, "assign_ip_address(): out of addresses\n");
3643 return 0;
3644 }
3645
3646 session[s].ip = ip_address_pool[best].address;
3647 session[s].ip_pool_index = best;
3648 ip_address_pool[best].assigned = 1;
3649 ip_address_pool[best].last = time_now;
3650 ip_address_pool[best].session = s;
3651 if (session[s].walled_garden)
3652 /* Don't track addresses of users in walled garden (note: this
3653 means that their address isn't "sticky" even if they get
3654 un-gardened). */
3655 ip_address_pool[best].user[0] = 0;
3656 else
3657 strncpy(ip_address_pool[best].user, u, sizeof(ip_address_pool[best].user) - 1);
3658
3659 STAT(ip_allocated);
3660 LOG(4, s, session[s].tunnel, "assign_ip_address(): %s ip address %d from pool\n",
3661 reuse ? "Reusing" : "Allocating", best);
3662
3663 return 1;
3664 }
3665
3666 static void free_ip_address(sessionidt s)
3667 {
3668 int i = session[s].ip_pool_index;
3669
3670
3671 CSTAT(free_ip_address);
3672
3673 if (!session[s].ip)
3674 return; // what the?
3675
3676 if (i < 0) // Is this actually part of the ip pool?
3677 i = 0;
3678
3679 STAT(ip_freed);
3680 cache_ipmap(session[s].ip, -i); // Change the mapping to point back to the ip pool index.
3681 session[s].ip = 0;
3682 ip_address_pool[i].assigned = 0;
3683 ip_address_pool[i].session = 0;
3684 ip_address_pool[i].last = time_now;
3685 }
3686
3687 //
3688 // Fsck the address pool against the session table.
3689 // Normally only called when we become a master.
3690 //
3691 // This isn't perfect: We aren't keep tracking of which
3692 // users used to have an IP address.
3693 //
3694 void rebuild_address_pool(void)
3695 {
3696 int i;
3697
3698 //
3699 // Zero the IP pool allocation, and build
3700 // a map from IP address to pool index.
3701 for (i = 1; i < MAXIPPOOL; ++i)
3702 {
3703 ip_address_pool[i].assigned = 0;
3704 ip_address_pool[i].session = 0;
3705 if (!ip_address_pool[i].address)
3706 continue;
3707
3708 cache_ipmap(ip_address_pool[i].address, -i); // Map pool IP to pool index.
3709 }
3710
3711 for (i = 0; i < MAXSESSION; ++i)
3712 {
3713 int ipid;
3714 if (!(session[i].opened && session[i].ip))
3715 continue;
3716
3717 ipid = - lookup_ipmap(htonl(session[i].ip));
3718
3719 if (session[i].ip_pool_index < 0)
3720 {
3721 // Not allocated out of the pool.
3722 if (ipid < 1) // Not found in the pool either? good.
3723 continue;
3724
3725 LOG(0, i, 0, "Session %d has an IP address (%s) that was marked static, but is in the pool (%d)!\n",
3726 i, fmtaddr(session[i].ip, 0), ipid);
3727
3728 // Fall through and process it as part of the pool.
3729 }
3730
3731
3732 if (ipid > MAXIPPOOL || ipid < 0)
3733 {
3734 LOG(0, i, 0, "Session %d has a pool IP that's not found in the pool! (%d)\n", i, ipid);
3735 ipid = -1;
3736 session[i].ip_pool_index = ipid;
3737 continue;
3738 }
3739
3740 ip_address_pool[ipid].assigned = 1;
3741 ip_address_pool[ipid].session = i;
3742 ip_address_pool[ipid].last = time_now;
3743 strncpy(ip_address_pool[ipid].user, session[i].user, sizeof(ip_address_pool[ipid].user) - 1);
3744 session[i].ip_pool_index = ipid;
3745 cache_ipmap(session[i].ip, i); // Fix the ip map.
3746 }
3747 }
3748
3749 //
3750 // Fix the address pool to match a changed session.
3751 // (usually when the master sends us an update).
3752 static void fix_address_pool(int sid)
3753 {
3754 int ipid;
3755
3756 ipid = session[sid].ip_pool_index;
3757
3758 if (ipid > ip_pool_size)
3759 return; // Ignore it. rebuild_address_pool will fix it up.
3760
3761 if (ip_address_pool[ipid].address != session[sid].ip)
3762 return; // Just ignore it. rebuild_address_pool will take care of it.
3763
3764 ip_address_pool[ipid].assigned = 1;
3765 ip_address_pool[ipid].session = sid;
3766 ip_address_pool[ipid].last = time_now;
3767 strncpy(ip_address_pool[ipid].user, session[sid].user, sizeof(ip_address_pool[ipid].user) - 1);
3768 }
3769
3770 //
3771 // Add a block of addresses to the IP pool to hand out.
3772 //
3773 static void add_to_ip_pool(in_addr_t addr, in_addr_t mask)
3774 {
3775 int i;
3776 if (mask == 0)
3777 mask = 0xffffffff; // Host route only.
3778
3779 addr &= mask;
3780
3781 if (ip_pool_size >= MAXIPPOOL) // Pool is full!
3782 return ;
3783
3784 for (i = addr ;(i & mask) == addr; ++i)
3785 {
3786 if ((i & 0xff) == 0 || (i&0xff) == 255)
3787 continue; // Skip 0 and broadcast addresses.
3788
3789 ip_address_pool[ip_pool_size].address = i;
3790 ip_address_pool[ip_pool_size].assigned = 0;
3791 ++ip_pool_size;
3792 if (ip_pool_size >= MAXIPPOOL)
3793 {
3794 LOG(0, 0, 0, "Overflowed IP pool adding %s\n", fmtaddr(htonl(addr), 0));
3795 return;
3796 }
3797 }
3798 }
3799
3800 // Initialize the IP address pool
3801 static void initippool()
3802 {
3803 FILE *f;
3804 char *p;
3805 char buf[4096];
3806 memset(ip_address_pool, 0, sizeof(ip_address_pool));
3807
3808 if (!(f = fopen(IPPOOLFILE, "r")))
3809 {
3810 LOG(0, 0, 0, "Can't load pool file " IPPOOLFILE ": %s\n", strerror(errno));
3811 exit(1);
3812 }
3813
3814 while (ip_pool_size < MAXIPPOOL && fgets(buf, 4096, f))
3815 {
3816 char *pool = buf;
3817 buf[4095] = 0; // Force it to be zero terminated/
3818
3819 if (*buf == '#' || *buf == '\n')
3820 continue; // Skip comments / blank lines
3821 if ((p = (char *)strrchr(buf, '\n'))) *p = 0;
3822 if ((p = (char *)strchr(buf, ':')))
3823 {
3824 in_addr_t src;
3825 *p = '\0';
3826 src = inet_addr(buf);
3827 if (src == INADDR_NONE)
3828 {
3829 LOG(0, 0, 0, "Invalid address pool IP %s\n", buf);
3830 exit(1);
3831 }
3832 // This entry is for a specific IP only
3833 if (src != config->bind_address)
3834 continue;
3835 *p = ':';
3836 pool = p+1;
3837 }
3838 if ((p = (char *)strchr(pool, '/')))
3839 {
3840 // It's a range
3841 int numbits = 0;
3842 in_addr_t start = 0, mask = 0;
3843
3844 LOG(2, 0, 0, "Adding IP address range %s\n", buf);
3845 *p++ = 0;
3846 if (!*p || !(numbits = atoi(p)))
3847 {
3848 LOG(0, 0, 0, "Invalid pool range %s\n", buf);
3849 continue;
3850 }
3851 start = ntohl(inet_addr(pool));
3852 mask = (in_addr_t) (pow(2, numbits) - 1) << (32 - numbits);
3853
3854 // Add a static route for this pool
3855 LOG(5, 0, 0, "Adding route for address pool %s/%u\n",
3856 fmtaddr(htonl(start), 0), 32 + mask);
3857
3858 routeset(0, start, mask, 0, 1);
3859
3860 add_to_ip_pool(start, mask);
3861 }
3862 else
3863 {
3864 // It's a single ip address
3865 add_to_ip_pool(inet_addr(pool), 0);
3866 }
3867 }
3868 fclose(f);
3869 LOG(1, 0, 0, "IP address pool is %d addresses\n", ip_pool_size - 1);
3870 }
3871
3872 void snoop_send_packet(uint8_t *packet, uint16_t size, in_addr_t destination, uint16_t port)
3873 {
3874 struct sockaddr_in snoop_addr = {0};
3875 if (!destination || !port || snoopfd <= 0 || size <= 0 || !packet)
3876 return;
3877
3878 snoop_addr.sin_family = AF_INET;
3879 snoop_addr.sin_addr.s_addr = destination;
3880 snoop_addr.sin_port = ntohs(port);
3881
3882 LOG(5, 0, 0, "Snooping %d byte packet to %s:%d\n", size,
3883 fmtaddr(snoop_addr.sin_addr.s_addr, 0),
3884 htons(snoop_addr.sin_port));
3885
3886 if (sendto(snoopfd, packet, size, MSG_DONTWAIT | MSG_NOSIGNAL, (void *) &snoop_addr, sizeof(snoop_addr)) < 0)
3887 LOG(0, 0, 0, "Error sending intercept packet: %s\n", strerror(errno));
3888
3889 STAT(packets_snooped);
3890 }
3891
3892 static int dump_session(FILE **f, sessiont *s)
3893 {
3894 if (!s->opened || !s->ip || !(s->cin_delta || s->cout_delta) || !*s->user || s->walled_garden)
3895 return 1;
3896
3897 if (!*f)
3898 {
3899 char filename[1024];
3900 char timestr[64];
3901 time_t now = time(NULL);
3902
3903 strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", localtime(&now));
3904 snprintf(filename, sizeof(filename), "%s/%s", config->accounting_dir, timestr);
3905
3906 if (!(*f = fopen(filename, "w")))
3907 {
3908 LOG(0, 0, 0, "Can't write accounting info to %s: %s\n", filename, strerror(errno));
3909 return 0;
3910 }
3911
3912 LOG(3, 0, 0, "Dumping accounting information to %s\n", filename);
3913 fprintf(*f, "# dslwatch.pl dump file V1.01\n"
3914 "# host: %s\n"
3915 "# endpoint: %s\n"
3916 "# time: %ld\n"
3917 "# uptime: %ld\n"
3918 "# format: username ip qos uptxoctets downrxoctets\n",
3919 hostname,
3920 fmtaddr(config->bind_address ? config->bind_address : my_address, 0),
3921 now,
3922 now - basetime);
3923 }
3924
3925 LOG(4, 0, 0, "Dumping accounting information for %s\n", s->user);
3926 fprintf(*f, "%s %s %d %u %u\n",
3927 s->user, // username
3928 fmtaddr(htonl(s->ip), 0), // ip
3929 (s->throttle_in || s->throttle_out) ? 2 : 1, // qos
3930 (uint32_t) s->cin_delta, // uptxoctets
3931 (uint32_t) s->cout_delta); // downrxoctets
3932
3933 s->cin_delta = s->cout_delta = 0;
3934
3935 return 1;
3936 }
3937
3938 static void dump_acct_info(int all)
3939 {
3940 int i;
3941 FILE *f = NULL;
3942
3943
3944 CSTAT(dump_acct_info);
3945
3946 if (shut_acct_n)
3947 {
3948 for (i = 0; i < shut_acct_n; i++)
3949 dump_session(&f, &shut_acct[i]);
3950
3951 shut_acct_n = 0;
3952 }
3953
3954 if (all)
3955 for (i = 1; i <= config->cluster_highest_sessionid; i++)
3956 dump_session(&f, &session[i]);
3957
3958 if (f)
3959 fclose(f);
3960 }
3961
3962 // Main program
3963 int main(int argc, char *argv[])
3964 {
3965 int i;
3966 int optdebug = 0;
3967 char *optconfig = CONFIGFILE;
3968
3969 time(&basetime); // start clock
3970
3971 // scan args
3972 while ((i = getopt(argc, argv, "dvc:h:")) >= 0)
3973 {
3974 switch (i)
3975 {
3976 case 'd':
3977 if (fork()) exit(0);
3978 setsid();
3979 freopen("/dev/null", "r", stdin);
3980 freopen("/dev/null", "w", stdout);
3981 freopen("/dev/null", "w", stderr);
3982 break;
3983 case 'v':
3984 optdebug++;
3985 break;
3986 case 'c':
3987 optconfig = optarg;
3988 break;
3989 case 'h':
3990 snprintf(hostname, sizeof(hostname), "%s", optarg);
3991 break;
3992 default:
3993 printf("Args are:\n"
3994 "\t-d\t\tDetach from terminal\n"
3995 "\t-c <file>\tConfig file\n"
3996 "\t-h <hostname>\tForce hostname\n"
3997 "\t-v\t\tDebug\n");
3998
3999 return (0);
4000 break;
4001 }
4002 }
4003
4004 // Start the timer routine off
4005 time(&time_now);
4006 strftime(time_now_string, sizeof(time_now_string), "%Y-%m-%d %H:%M:%S", localtime(&time_now));
4007 signal(SIGALRM, sigalrm_handler);
4008 siginterrupt(SIGALRM, 0);
4009
4010 initplugins();
4011 initdata(optdebug, optconfig);
4012
4013 init_cli(hostname);
4014 read_config_file();
4015 init_tbf(config->num_tbfs);
4016
4017 LOG(0, 0, 0, "L2TPNS version " VERSION "\n");
4018 LOG(0, 0, 0, "Copyright (c) 2003, 2004, 2005 Optus Internet Engineering\n");
4019 LOG(0, 0, 0, "Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced\n");
4020 {
4021 struct rlimit rlim;
4022 rlim.rlim_cur = RLIM_INFINITY;
4023 rlim.rlim_max = RLIM_INFINITY;
4024 // Remove the maximum core size
4025 if (setrlimit(RLIMIT_CORE, &rlim) < 0)
4026 LOG(0, 0, 0, "Can't set ulimit: %s\n", strerror(errno));
4027
4028 // Make core dumps go to /tmp
4029 chdir("/tmp");
4030 }
4031
4032 if (config->scheduler_fifo)
4033 {
4034 int ret;
4035 struct sched_param params = {0};
4036 params.sched_priority = 1;
4037
4038 if (get_nprocs() < 2)
4039 {
4040 LOG(0, 0, 0, "Not using FIFO scheduler, there is only 1 processor in the system.\n");
4041 config->scheduler_fifo = 0;
4042 }
4043 else
4044 {
4045 if ((ret = sched_setscheduler(0, SCHED_FIFO, &params)) == 0)
4046 {
4047 LOG(1, 0, 0, "Using FIFO scheduler. Say goodbye to any other processes running\n");
4048 }
4049 else
4050 {
4051 LOG(0, 0, 0, "Error setting scheduler to FIFO: %s\n", strerror(errno));
4052 config->scheduler_fifo = 0;
4053 }
4054 }
4055 }
4056
4057 /* Set up the cluster communications port. */
4058 if (cluster_init() < 0)
4059 exit(1);
4060
4061 inittun();
4062 LOG(1, 0, 0, "Set up on interface %s\n", config->tundevice);
4063
4064 initudp();
4065 initrad();
4066 initippool();
4067
4068 // seed prng
4069 {
4070 unsigned seed = time_now ^ getpid();
4071 LOG(4, 0, 0, "Seeding the pseudo random generator: %u\n", seed);
4072 srand(seed);
4073 }
4074
4075 signal(SIGHUP, sighup_handler);
4076 signal(SIGCHLD, sigchild_handler);
4077 signal(SIGTERM, shutdown_handler);
4078 signal(SIGINT, shutdown_handler);
4079 signal(SIGQUIT, shutdown_handler);
4080
4081 // Prevent us from getting paged out
4082 if (config->lock_pages)
4083 {
4084 if (!mlockall(MCL_CURRENT))
4085 LOG(1, 0, 0, "Locking pages into memory\n");
4086 else
4087 LOG(0, 0, 0, "Can't lock pages: %s\n", strerror(errno));
4088 }
4089
4090 alarm(1);
4091
4092 // Drop privileges here
4093 if (config->target_uid > 0 && geteuid() == 0)
4094 setuid(config->target_uid);
4095
4096 mainloop();
4097
4098 /* remove plugins (so cleanup code gets run) */
4099 plugins_done();
4100
4101 // Remove the PID file if we wrote it
4102 if (config->wrote_pid && *config->pid_file == '/')
4103 unlink(config->pid_file);
4104
4105 /* kill CLI children */
4106 signal(SIGTERM, SIG_IGN);
4107 kill(0, SIGTERM);
4108 return 0;
4109 }
4110
4111 static void sighup_handler(int sig)
4112 {
4113 if (log_stream)
4114 {
4115 if (log_stream != stderr)
4116 fclose(log_stream);
4117
4118 log_stream = NULL;
4119 }
4120
4121 read_config_file();
4122 }
4123
4124 static void sigalrm_handler(int sig)
4125 {
4126 // Log current traffic stats
4127
4128 snprintf(config->bandwidth, sizeof(config->bandwidth),
4129 "UDP-ETH:%1.0f/%1.0f ETH-UDP:%1.0f/%1.0f TOTAL:%0.1f IN:%u OUT:%u",
4130 (udp_rx / 1024.0 / 1024.0 * 8),
4131 (eth_tx / 1024.0 / 1024.0 * 8),
4132 (eth_rx / 1024.0 / 1024.0 * 8),
4133 (udp_tx / 1024.0 / 1024.0 * 8),
4134 ((udp_tx + udp_rx + eth_tx + eth_rx) / 1024.0 / 1024.0 * 8),
4135 udp_rx_pkt, eth_rx_pkt);
4136
4137 udp_tx = udp_rx = 0;
4138 udp_rx_pkt = eth_rx_pkt = 0;
4139 eth_tx = eth_rx = 0;
4140
4141 if (config->dump_speed)
4142 printf("%s\n", config->bandwidth);
4143
4144 // Update the internal time counter
4145 time(&time_now);
4146 strftime(time_now_string, sizeof(time_now_string), "%Y-%m-%d %H:%M:%S", localtime(&time_now));
4147 alarm(1);
4148
4149 {
4150 // Run timer hooks
4151 struct param_timer p = { time_now };
4152 run_plugins(PLUGIN_TIMER, &p);
4153 }
4154
4155 }
4156
4157 static void shutdown_handler(int sig)
4158 {
4159 LOG(1, 0, 0, "Shutting down\n");
4160 main_quit = (sig == SIGQUIT) ? QUIT_SHUTDOWN : QUIT_FAILOVER;
4161 }
4162
4163 static void sigchild_handler(int sig)
4164 {
4165 while (waitpid(-1, NULL, WNOHANG) > 0)
4166 ;
4167 }
4168
4169 static void build_chap_response(uint8_t *challenge, uint8_t id, uint16_t challenge_length, uint8_t **challenge_response)
4170 {
4171 MD5_CTX ctx;
4172 *challenge_response = NULL;
4173
4174 if (!*config->l2tpsecret)
4175 {
4176 LOG(0, 0, 0, "LNS requested CHAP authentication, but no l2tp secret is defined\n");
4177 return;
4178 }
4179
4180 LOG(4, 0, 0, " Building challenge response for CHAP request\n");
4181
4182 *challenge_response = calloc(17, 1);
4183
4184 MD5_Init(&ctx);
4185 MD5_Update(&ctx, &id, 1);
4186 MD5_Update(&ctx, config->l2tpsecret, strlen(config->l2tpsecret));
4187 MD5_Update(&ctx, challenge, challenge_length);
4188 MD5_Final(*challenge_response, &ctx);
4189
4190 return;
4191 }
4192
4193 static int facility_value(char *name)
4194 {
4195 int i;
4196 for (i = 0; facilitynames[i].c_name; i++)
4197 {
4198 if (strcmp(facilitynames[i].c_name, name) == 0)
4199 return facilitynames[i].c_val;
4200 }
4201 return 0;
4202 }
4203
4204 static void update_config()
4205 {
4206 int i;
4207 char *p;
4208 static int timeout = 0;
4209 static int interval = 0;
4210
4211 // Update logging
4212 closelog();
4213 syslog_log = 0;
4214 if (log_stream)
4215 {
4216 if (log_stream != stderr)
4217 fclose(log_stream);
4218
4219 log_stream = NULL;
4220 }
4221
4222 if (*config->log_filename)
4223 {
4224 if (strstr(config->log_filename, "syslog:") == config->log_filename)
4225 {
4226 char *p = config->log_filename + 7;
4227 if (*p)
4228 {
4229 openlog("l2tpns", LOG_PID, facility_value(p));
4230 syslog_log = 1;
4231 }
4232 }
4233 else if (strchr(config->log_filename, '/') == config->log_filename)
4234 {
4235 if ((log_stream = fopen((char *)(config->log_filename), "a")))
4236 {
4237 fseek(log_stream, 0, SEEK_END);
4238 setbuf(log_stream, NULL);
4239 }
4240 else
4241 {
4242 log_stream = stderr;
4243 setbuf(log_stream, NULL);
4244 }
4245 }
4246 }
4247 else
4248 {
4249 log_stream = stderr;
4250 setbuf(log_stream, NULL);
4251 }
4252
4253 if (config->ppp_mru < 0) config->ppp_mru = 0;
4254
4255 // Update radius
4256 config->numradiusservers = 0;
4257 for (i = 0; i < MAXRADSERVER; i++)
4258 if (config->radiusserver[i])
4259 {
4260 config->numradiusservers++;
4261 // Set radius port: if not set, take the port from the
4262 // first radius server. For the first radius server,
4263 // take the #defined default value from l2tpns.h
4264
4265 // test twice, In case someone works with
4266 // a secondary radius server without defining
4267 // a primary one, this will work even then.
4268 if (i > 0 && !config->radiusport[i])
4269 config->radiusport[i] = config->radiusport[i-1];
4270 if (!config->radiusport[i])
4271 config->radiusport[i] = RADPORT;
4272 }
4273
4274 if (!config->numradiusservers)
4275 LOG(0, 0, 0, "No RADIUS servers defined!\n");
4276
4277 // parse radius_authtypes_s
4278 config->radius_authtypes = config->radius_authprefer = 0;
4279 p = config->radius_authtypes_s;
4280 while (p && *p)
4281 {
4282 char *s = strpbrk(p, " \t,");
4283 int type = 0;
4284
4285 if (s)
4286 {
4287 *s++ = 0;
4288 while (*s == ' ' || *s == '\t')
4289 s++;
4290
4291 if (!*s)
4292 s = 0;
4293 }
4294
4295 if (!strncasecmp("chap", p, strlen(p)))
4296 type = AUTHCHAP;
4297 else if (!strncasecmp("pap", p, strlen(p)))
4298 type = AUTHPAP;
4299 else
4300 LOG(0, 0, 0, "Invalid RADIUS authentication type \"%s\"\n", p);
4301
4302 config->radius_authtypes |= type;
4303 if (!config->radius_authprefer)
4304 config->radius_authprefer = type;
4305
4306 p = s;
4307 }
4308
4309 if (!config->radius_authtypes)
4310 {
4311 LOG(0, 0, 0, "Defaulting to PAP authentication\n");
4312 config->radius_authtypes = config->radius_authprefer = AUTHPAP;
4313 }
4314
4315 // normalise radius_authtypes_s
4316 if (config->radius_authprefer == AUTHPAP)
4317 {
4318 strcpy(config->radius_authtypes_s, "pap");
4319 if (config->radius_authtypes & AUTHCHAP)
4320 strcat(config->radius_authtypes_s, ", chap");
4321 }
4322 else
4323 {
4324 strcpy(config->radius_authtypes_s, "chap");
4325 if (config->radius_authtypes & AUTHPAP)
4326 strcat(config->radius_authtypes_s, ", pap");
4327 }
4328
4329 if (!config->radius_dae_port)
4330 config->radius_dae_port = DAEPORT;
4331
4332 // re-initialise the random number source
4333 initrandom(config->random_device);
4334
4335 // Update plugins
4336 for (i = 0; i < MAXPLUGINS; i++)
4337 {
4338 if (strcmp(config->plugins[i], config->old_plugins[i]) == 0)
4339 continue;
4340
4341 if (*config->plugins[i])
4342 {
4343 // Plugin added
4344 add_plugin(config->plugins[i]);
4345 }
4346 else if (*config->old_plugins[i])
4347 {
4348 // Plugin removed
4349 remove_plugin(config->old_plugins[i]);
4350 }
4351 }
4352
4353 memcpy(config->old_plugins, config->plugins, sizeof(config->plugins));
4354 if (!config->multi_read_count) config->multi_read_count = 10;
4355 if (!config->cluster_address) config->cluster_address = inet_addr(DEFAULT_MCAST_ADDR);
4356 if (!*config->cluster_interface)
4357 strncpy(config->cluster_interface, DEFAULT_MCAST_INTERFACE, sizeof(config->cluster_interface) - 1);
4358
4359 if (!config->cluster_hb_interval)
4360 config->cluster_hb_interval = PING_INTERVAL; // Heartbeat every 0.5 seconds.
4361
4362 if (!config->cluster_hb_timeout)
4363 config->cluster_hb_timeout = HB_TIMEOUT; // 10 missed heartbeat triggers an election.
4364
4365 if (interval != config->cluster_hb_interval || timeout != config->cluster_hb_timeout)
4366 {
4367 // Paranoia: cluster_check_master() treats 2 x interval + 1 sec as
4368 // late, ensure we're sufficiently larger than that
4369 int t = 4 * config->cluster_hb_interval + 11;
4370
4371 if (config->cluster_hb_timeout < t)
4372 {
4373 LOG(0, 0, 0, "Heartbeat timeout %d too low, adjusting to %d\n", config->cluster_hb_timeout, t);
4374 config->cluster_hb_timeout = t;
4375 }
4376
4377 // Push timing changes to the slaves immediately if we're the master
4378 if (config->cluster_iam_master)
4379 cluster_heartbeat();
4380
4381 interval = config->cluster_hb_interval;
4382 timeout = config->cluster_hb_timeout;
4383 }
4384
4385 // Write PID file
4386 if (*config->pid_file == '/' && !config->wrote_pid)
4387 {
4388 FILE *f;
4389 if ((f = fopen(config->pid_file, "w")))
4390 {
4391 fprintf(f, "%d\n", getpid());
4392 fclose(f);
4393 config->wrote_pid = 1;
4394 }
4395 else
4396 {
4397 LOG(0, 0, 0, "Can't write to PID file %s: %s\n", config->pid_file, strerror(errno));
4398 }
4399 }
4400
4401 config->reload_config = 0;
4402 }
4403
4404 static void read_config_file()
4405 {
4406 FILE *f;
4407
4408 if (!config->config_file) return;
4409 if (!(f = fopen(config->config_file, "r")))
4410 {
4411 fprintf(stderr, "Can't open config file %s: %s\n", config->config_file, strerror(errno));
4412 return;
4413 }
4414
4415 LOG(3, 0, 0, "Reading config file %s\n", config->config_file);
4416 cli_do_file(f);
4417 LOG(3, 0, 0, "Done reading config file\n");
4418 fclose(f);
4419 update_config();
4420 }
4421
4422 int sessionsetup(sessionidt s, tunnelidt t)
4423 {
4424 // A session now exists, set it up
4425 in_addr_t ip;
4426 char *user;
4427 sessionidt i;
4428 int r;
4429
4430 CSTAT(sessionsetup);
4431
4432 LOG(3, s, t, "Doing session setup for session\n");
4433
4434 if (!session[s].ip)
4435 {
4436 assign_ip_address(s);
4437 if (!session[s].ip)
4438 {
4439 LOG(0, s, t, " No IP allocated. The IP address pool is FULL!\n");
4440 sessionshutdown(s, "No IP addresses available.", 2, 7); // try another
4441 return 0;
4442 }
4443 LOG(3, s, t, " No IP allocated. Assigned %s from pool\n",
4444 fmtaddr(htonl(session[s].ip), 0));
4445 }
4446
4447
4448 // Make sure this is right
4449 session[s].tunnel = t;
4450
4451 // zap old sessions with same IP and/or username
4452 // Don't kill gardened sessions - doing so leads to a DoS
4453 // from someone who doesn't need to know the password
4454 {
4455 ip = session[s].ip;
4456 user = session[s].user;
4457 for (i = 1; i <= config->cluster_highest_sessionid; i++)
4458 {
4459 if (i == s) continue;
4460 if (!session[s].opened) continue;
4461 if (ip == session[i].ip)
4462 {
4463 sessionkill(i, "Duplicate IP address");
4464 continue;
4465 }
4466
4467 if (config->allow_duplicate_users) continue;
4468 if (session[s].walled_garden || session[i].walled_garden) continue;
4469 if (!strcasecmp(user, session[i].user))
4470 sessionkill(i, "Duplicate session for users");
4471 }
4472 }
4473
4474 {
4475 int routed = 0;
4476
4477 // Add the route for this session.
4478 for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
4479 {
4480 if ((session[s].ip & session[s].route[r].mask) ==
4481 (session[s].route[r].ip & session[s].route[r].mask))
4482 routed++;
4483
4484 routeset(s, session[s].route[r].ip, session[s].route[r].mask, 0, 1);
4485 }
4486
4487 // Static IPs need to be routed if not already
4488 // convered by a Framed-Route. Anything else is part
4489 // of the IP address pool and is already routed, it
4490 // just needs to be added to the IP cache.
4491 // IPv6 route setup is done in ppp.c, when IPV6CP is acked.
4492 if (session[s].ip_pool_index == -1) // static ip
4493 {
4494 if (!routed) routeset(s, session[s].ip, 0, 0, 1);
4495 }
4496 else
4497 cache_ipmap(session[s].ip, s);
4498 }
4499
4500 sess_local[s].lcp_authtype = 0; // RADIUS authentication complete
4501 lcp_open(s, t); // transition to Network phase and send initial IPCP
4502
4503 // Run the plugin's against this new session.
4504 {
4505 struct param_new_session data = { &tunnel[t], &session[s] };
4506 run_plugins(PLUGIN_NEW_SESSION, &data);
4507 }
4508
4509 // Allocate TBFs if throttled
4510 if (session[s].throttle_in || session[s].throttle_out)
4511 throttle_session(s, session[s].throttle_in, session[s].throttle_out);
4512
4513 session[s].last_packet = time_now;
4514
4515 LOG(2, s, t, "Login by %s at %s from %s (%s)\n", session[s].user,
4516 fmtaddr(htonl(session[s].ip), 0),
4517 fmtaddr(htonl(tunnel[t].ip), 1), tunnel[t].hostname);
4518
4519 cluster_send_session(s); // Mark it as dirty, and needing to the flooded to the cluster.
4520
4521 return 1; // RADIUS OK and IP allocated, done...
4522 }
4523
4524 //
4525 // This session just got dropped on us by the master or something.
4526 // Make sure our tables up up to date...
4527 //
4528 int load_session(sessionidt s, sessiont *new)
4529 {
4530 int i;
4531 int newip = 0;
4532
4533 // Sanity checks.
4534 if (new->ip_pool_index >= MAXIPPOOL ||
4535 new->tunnel >= MAXTUNNEL)
4536 {
4537 LOG(0, s, 0, "Strange session update received!\n");
4538 // FIXME! What to do here?
4539 return 0;
4540 }
4541
4542 //
4543 // Ok. All sanity checks passed. Now we're committed to
4544 // loading the new session.
4545 //
4546
4547 session[s].tunnel = new->tunnel; // For logging in cache_ipmap
4548
4549 // See if routes/ip cache need updating
4550 if (new->ip != session[s].ip)
4551 newip++;
4552
4553 for (i = 0; !newip && i < MAXROUTE && (session[s].route[i].ip || new->route[i].ip); i++)
4554 if (new->route[i].ip != session[s].route[i].ip ||
4555 new->route[i].mask != session[s].route[i].mask)
4556 newip++;
4557
4558 // needs update
4559 if (newip)
4560 {
4561 int routed = 0;
4562
4563 // remove old routes...
4564 for (i = 0; i < MAXROUTE && session[s].route[i].ip; i++)
4565 {
4566 if ((session[s].ip & session[s].route[i].mask) ==
4567 (session[s].route[i].ip & session[s].route[i].mask))
4568 routed++;
4569
4570 routeset(s, session[s].route[i].ip, session[s].route[i].mask, 0, 0);
4571 }
4572
4573 // ...ip
4574 if (session[s].ip)
4575 {
4576 if (session[s].ip_pool_index == -1) // static IP
4577 {
4578 if (!routed) routeset(s, session[s].ip, 0, 0, 0);
4579 }
4580 else // It's part of the IP pool, remove it manually.
4581 uncache_ipmap(session[s].ip);
4582 }
4583
4584 routed = 0;
4585
4586 // add new routes...
4587 for (i = 0; i < MAXROUTE && new->route[i].ip; i++)
4588 {
4589 if ((new->ip & new->route[i].mask) ==
4590 (new->route[i].ip & new->route[i].mask))
4591 routed++;
4592
4593 routeset(s, new->route[i].ip, new->route[i].mask, 0, 1);
4594 }
4595
4596 // ...ip
4597 if (new->ip)
4598 {
4599 // If there's a new one, add it.
4600 if (new->ip_pool_index == -1)
4601 {
4602 if (!routed) routeset(s, new->ip, 0, 0, 1);
4603 }
4604 else
4605 cache_ipmap(new->ip, s);
4606 }
4607 }
4608
4609 // check v6 routing
4610 if (new->ipv6prefixlen && new->ppp.ipv6cp == Opened && session[s].ppp.ipv6cp != Opened)
4611 route6set(s, new->ipv6route, new->ipv6prefixlen, 1);
4612
4613 // check filters
4614 if (new->filter_in && (new->filter_in > MAXFILTER || !ip_filters[new->filter_in - 1].name[0]))
4615 {
4616 LOG(2, s, session[s].tunnel, "Dropping invalid input filter %d\n", (int) new->filter_in);
4617 new->filter_in = 0;
4618 }
4619
4620 if (new->filter_out && (new->filter_out > MAXFILTER || !ip_filters[new->filter_out - 1].name[0]))
4621 {
4622 LOG(2, s, session[s].tunnel, "Dropping invalid output filter %d\n", (int) new->filter_out);
4623 new->filter_out = 0;
4624 }
4625
4626 if (new->filter_in != session[s].filter_in)
4627 {
4628 if (session[s].filter_in) ip_filters[session[s].filter_in - 1].used--;
4629 if (new->filter_in) ip_filters[new->filter_in - 1].used++;
4630 }
4631
4632 if (new->filter_out != session[s].filter_out)
4633 {
4634 if (session[s].filter_out) ip_filters[session[s].filter_out - 1].used--;
4635 if (new->filter_out) ip_filters[new->filter_out - 1].used++;
4636 }
4637
4638 if (new->tunnel && s > config->cluster_highest_sessionid) // Maintain this in the slave. It's used
4639 // for walking the sessions to forward byte counts to the master.
4640 config->cluster_highest_sessionid = s;
4641
4642 memcpy(&session[s], new, sizeof(session[s])); // Copy over..
4643
4644 // Do fixups into address pool.
4645 if (new->ip_pool_index != -1)
4646 fix_address_pool(s);
4647
4648 return 1;
4649 }
4650
4651 static void initplugins()
4652 {
4653 int i;
4654
4655 loaded_plugins = ll_init();
4656 // Initialize the plugins to nothing
4657 for (i = 0; i < MAX_PLUGIN_TYPES; i++)
4658 plugins[i] = ll_init();
4659 }
4660
4661 static void *open_plugin(char *plugin_name, int load)
4662 {
4663 char path[256] = "";
4664
4665 snprintf(path, 256, PLUGINDIR "/%s.so", plugin_name);
4666 LOG(2, 0, 0, "%soading plugin from %s\n", load ? "L" : "Un-l", path);
4667 return dlopen(path, RTLD_NOW);
4668 }
4669
4670 // plugin callback to get a config value
4671 static void *getconfig(char *key, enum config_typet type)
4672 {
4673 int i;
4674
4675 for (i = 0; config_values[i].key; i++)
4676 {
4677 if (!strcmp(config_values[i].key, key))
4678 {
4679 if (config_values[i].type == type)
4680 return ((void *) config) + config_values[i].offset;
4681
4682 LOG(1, 0, 0, "plugin requested config item \"%s\" expecting type %d, have type %d\n",
4683 key, type, config_values[i].type);
4684
4685 return 0;
4686 }
4687 }
4688
4689 LOG(1, 0, 0, "plugin requested unknown config item \"%s\"\n", key);
4690 return 0;
4691 }
4692
4693 static int add_plugin(char *plugin_name)
4694 {
4695 static struct pluginfuncs funcs = {
4696 _log,
4697 _log_hex,
4698 fmtaddr,
4699 sessionbyuser,
4700 sessiontbysessionidt,
4701 sessionidtbysessiont,
4702 radiusnew,
4703 radiussend,
4704 getconfig,
4705 sessionshutdown,
4706 sessionkill,
4707 throttle_session,
4708 cluster_send_session,
4709 };
4710
4711 void *p = open_plugin(plugin_name, 1);
4712 int (*initfunc)(struct pluginfuncs *);
4713 int i;
4714
4715 if (!p)
4716 {
4717 LOG(1, 0, 0, " Plugin load failed: %s\n", dlerror());
4718 return -1;
4719 }
4720
4721 if (ll_contains(loaded_plugins, p))
4722 {
4723 dlclose(p);
4724 return 0; // already loaded
4725 }
4726
4727 {
4728 int *v = dlsym(p, "plugin_api_version");
4729 if (!v || *v != PLUGIN_API_VERSION)
4730 {
4731 LOG(1, 0, 0, " Plugin load failed: API version mismatch: %s\n", dlerror());
4732 dlclose(p);
4733 return -1;
4734 }
4735 }
4736
4737 if ((initfunc = dlsym(p, "plugin_init")))
4738 {
4739 if (!initfunc(&funcs))
4740 {
4741 LOG(1, 0, 0, " Plugin load failed: plugin_init() returned FALSE: %s\n", dlerror());
4742 dlclose(p);
4743 return -1;
4744 }
4745 }
4746
4747 ll_push(loaded_plugins, p);
4748
4749 for (i = 0; i < max_plugin_functions; i++)
4750 {
4751 void *x;
4752 if (plugin_functions[i] && (x = dlsym(p, plugin_functions[i])))
4753 {
4754 LOG(3, 0, 0, " Supports function \"%s\"\n", plugin_functions[i]);
4755 ll_push(plugins[i], x);
4756 }
4757 }
4758
4759 LOG(2, 0, 0, " Loaded plugin %s\n", plugin_name);
4760 return 1;
4761 }
4762
4763 static void run_plugin_done(void *plugin)
4764 {
4765 int (*donefunc)(void) = dlsym(plugin, "plugin_done");
4766
4767 if (donefunc)
4768 donefunc();
4769 }
4770
4771 static int remove_plugin(char *plugin_name)
4772 {
4773 void *p = open_plugin(plugin_name, 0);
4774 int loaded = 0;
4775
4776 if (!p)
4777 return -1;
4778
4779 if (ll_contains(loaded_plugins, p))
4780 {
4781 int i;
4782 for (i = 0; i < max_plugin_functions; i++)
4783 {
4784 void *x;
4785 if (plugin_functions[i] && (x = dlsym(p, plugin_functions[i])))
4786 ll_delete(plugins[i], x);
4787 }
4788
4789 ll_delete(loaded_plugins, p);
4790 run_plugin_done(p);
4791 loaded = 1;
4792 }
4793
4794 dlclose(p);
4795 LOG(2, 0, 0, "Removed plugin %s\n", plugin_name);
4796 return loaded;
4797 }
4798
4799 int run_plugins(int plugin_type, void *data)
4800 {
4801 int (*func)(void *data);
4802
4803 if (!plugins[plugin_type] || plugin_type > max_plugin_functions)
4804 return PLUGIN_RET_ERROR;
4805
4806 ll_reset(plugins[plugin_type]);
4807 while ((func = ll_next(plugins[plugin_type])))
4808 {
4809 int r = func(data);
4810
4811 if (r != PLUGIN_RET_OK)
4812 return r; // stop here
4813 }
4814
4815 return PLUGIN_RET_OK;
4816 }
4817
4818 static void plugins_done()
4819 {
4820 void *p;
4821
4822 ll_reset(loaded_plugins);
4823 while ((p = ll_next(loaded_plugins)))
4824 run_plugin_done(p);
4825 }
4826
4827 static void processcontrol(uint8_t *buf, int len, struct sockaddr_in *addr, int alen)
4828 {
4829 struct nsctl request;
4830 struct nsctl response;
4831 int type = unpack_control(&request, buf, len);
4832 int r;
4833 void *p;
4834
4835 if (log_stream && config->debug >= 4)
4836 {
4837 if (type < 0)
4838 {
4839 LOG(4, 0, 0, "Bogus control message from %s (%d)\n",
4840 fmtaddr(addr->sin_addr.s_addr, 0), type);
4841 }
4842 else
4843 {
4844 LOG(4, 0, 0, "Received [%s] ", fmtaddr(addr->sin_addr.s_addr, 0));
4845 dump_control(&request, log_stream);
4846 }
4847 }
4848
4849 switch (type)
4850 {
4851 case NSCTL_REQ_LOAD:
4852 if (request.argc != 1)
4853 {
4854 response.type = NSCTL_RES_ERR;
4855 response.argc = 1;
4856 response.argv[0] = "name of plugin required";
4857 }
4858 else if ((r = add_plugin(request.argv[0])) < 1)
4859 {
4860 response.type = NSCTL_RES_ERR;
4861 response.argc = 1;
4862 response.argv[0] = !r
4863 ? "plugin already loaded"
4864 : "error loading plugin";
4865 }
4866 else
4867 {
4868 response.type = NSCTL_RES_OK;
4869 response.argc = 0;
4870 }
4871
4872 break;
4873
4874 case NSCTL_REQ_UNLOAD:
4875 if (request.argc != 1)
4876 {
4877 response.type = NSCTL_RES_ERR;
4878 response.argc = 1;
4879 response.argv[0] = "name of plugin required";
4880 }
4881 else if ((r = remove_plugin(request.argv[0])) < 1)
4882 {
4883 response.type = NSCTL_RES_ERR;
4884 response.argc = 1;
4885 response.argv[0] = !r
4886 ? "plugin not loaded"
4887 : "plugin not found";
4888 }
4889 else
4890 {
4891 response.type = NSCTL_RES_OK;
4892 response.argc = 0;
4893 }
4894
4895 break;
4896
4897 case NSCTL_REQ_HELP:
4898 response.type = NSCTL_RES_OK;
4899 response.argc = 0;
4900
4901 ll_reset(loaded_plugins);
4902 while ((p = ll_next(loaded_plugins)))
4903 {
4904 char **help = dlsym(p, "plugin_control_help");
4905 while (response.argc < 0xff && help && *help)
4906 response.argv[response.argc++] = *help++;
4907 }
4908
4909 break;
4910
4911 case NSCTL_REQ_CONTROL:
4912 {
4913 struct param_control param = {
4914 config->cluster_iam_master,
4915 request.argc,
4916 request.argv,
4917 0,
4918 NULL,
4919 };
4920
4921 int r = run_plugins(PLUGIN_CONTROL, &param);
4922
4923 if (r == PLUGIN_RET_ERROR)
4924 {
4925 response.type = NSCTL_RES_ERR;
4926 response.argc = 1;
4927 response.argv[0] = param.additional
4928 ? param.additional
4929 : "error returned by plugin";
4930 }
4931 else if (r == PLUGIN_RET_NOTMASTER)
4932 {
4933 static char msg[] = "must be run on master: 000.000.000.000";
4934
4935 response.type = NSCTL_RES_ERR;
4936 response.argc = 1;
4937 if (config->cluster_master_address)
4938 {
4939 strcpy(msg + 23, fmtaddr(config->cluster_master_address, 0));
4940 response.argv[0] = msg;
4941 }
4942 else
4943 {
4944 response.argv[0] = "must be run on master: none elected";
4945 }
4946 }
4947 else if (!(param.response & NSCTL_RESPONSE))
4948 {
4949 response.type = NSCTL_RES_ERR;
4950 response.argc = 1;
4951 response.argv[0] = param.response
4952 ? "unrecognised response value from plugin"
4953 : "unhandled action";
4954 }
4955 else
4956 {
4957 response.type = param.response;
4958 response.argc = 0;
4959 if (param.additional)
4960 {
4961 response.argc = 1;
4962 response.argv[0] = param.additional;
4963 }
4964 }
4965 }
4966
4967 break;
4968
4969 default:
4970 response.type = NSCTL_RES_ERR;
4971 response.argc = 1;
4972 response.argv[0] = "error unpacking control packet";
4973 }
4974
4975 buf = calloc(NSCTL_MAX_PKT_SZ, 1);
4976 if (!buf)
4977 {
4978 LOG(2, 0, 0, "Failed to allocate nsctl response\n");
4979 return;
4980 }
4981
4982 r = pack_control(buf, NSCTL_MAX_PKT_SZ, response.type, response.argc, response.argv);
4983 if (r > 0)
4984 {
4985 sendto(controlfd, buf, r, 0, (const struct sockaddr *) addr, alen);
4986 if (log_stream && config->debug >= 4)
4987 {
4988 LOG(4, 0, 0, "Sent [%s] ", fmtaddr(addr->sin_addr.s_addr, 0));
4989 dump_control(&response, log_stream);
4990 }
4991 }
4992 else
4993 LOG(2, 0, 0, "Failed to pack nsctl response for %s (%d)\n",
4994 fmtaddr(addr->sin_addr.s_addr, 0), r);
4995
4996 free(buf);
4997 }
4998
4999 static tunnelidt new_tunnel()
5000 {
5001 tunnelidt i;
5002 for (i = 1; i < MAXTUNNEL; i++)
5003 {
5004 if (tunnel[i].state == TUNNELFREE)
5005 {
5006 LOG(4, 0, i, "Assigning tunnel ID %d\n", i);
5007 if (i > config->cluster_highest_tunnelid)
5008 config->cluster_highest_tunnelid = i;
5009 return i;
5010 }
5011 }
5012 LOG(0, 0, 0, "Can't find a free tunnel! There shouldn't be this many in use!\n");
5013 return 0;
5014 }
5015
5016 //
5017 // We're becoming the master. Do any required setup..
5018 //
5019 // This is principally telling all the plugins that we're
5020 // now a master, and telling them about all the sessions
5021 // that are active too..
5022 //
5023 void become_master(void)
5024 {
5025 int s, i;
5026 static struct event_data d[RADIUS_FDS];
5027 struct epoll_event e;
5028
5029 run_plugins(PLUGIN_BECOME_MASTER, NULL);
5030
5031 // running a bunch of iptables commands is slow and can cause
5032 // the master to drop tunnels on takeover--kludge around the
5033 // problem by forking for the moment (note: race)
5034 if (!fork_and_close())
5035 {
5036 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
5037 {
5038 if (!session[s].opened) // Not an in-use session.
5039 continue;
5040
5041 run_plugins(PLUGIN_NEW_SESSION_MASTER, &session[s]);
5042 }
5043 exit(0);
5044 }
5045
5046 // add radius fds
5047 e.events = EPOLLIN;
5048 for (i = 0; i < RADIUS_FDS; i++)
5049 {
5050 d[i].type = FD_TYPE_RADIUS;
5051 d[i].index = i;
5052 e.data.ptr = &d[i];
5053
5054 epoll_ctl(epollfd, EPOLL_CTL_ADD, radfds[i], &e);
5055 }
5056 }
5057
5058 int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc)
5059 {
5060 int s, i;
5061 int count = 0;
5062 int buckets[64];
5063
5064 if (CLI_HELP_REQUESTED)
5065 return CLI_HELP_NO_ARGS;
5066
5067 time(&time_now);
5068 for (i = 0; i < 64;++i) buckets[i] = 0;
5069
5070 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
5071 {
5072 int idle;
5073 if (!session[s].opened)
5074 continue;
5075
5076 idle = time_now - session[s].last_packet;
5077 idle /= 5 ; // In multiples of 5 seconds.
5078 if (idle < 0)
5079 idle = 0;
5080 if (idle > 63)
5081 idle = 63;
5082
5083 ++count;
5084 ++buckets[idle];
5085 }
5086
5087 for (i = 0; i < 63; ++i)
5088 {
5089 cli_print(cli, "%3d seconds : %7.2f%% (%6d)", i * 5, (double) buckets[i] * 100.0 / count , buckets[i]);
5090 }
5091 cli_print(cli, "lots of secs : %7.2f%% (%6d)", (double) buckets[63] * 100.0 / count , buckets[i]);
5092 cli_print(cli, "%d total sessions open.", count);
5093 return CLI_OK;
5094 }
5095
5096 int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc)
5097 {
5098 int s, i;
5099 int count = 0;
5100 int buckets[64];
5101
5102 if (CLI_HELP_REQUESTED)
5103 return CLI_HELP_NO_ARGS;
5104
5105 time(&time_now);
5106 for (i = 0; i < 64;++i) buckets[i] = 0;
5107
5108 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
5109 {
5110 int open = 0, d;
5111 if (!session[s].opened)
5112 continue;
5113
5114 d = time_now - session[s].opened;
5115 if (d < 0)
5116 d = 0;
5117 while (d > 1 && open < 32)
5118 {
5119 ++open;
5120 d >>= 1; // half.
5121 }
5122 ++count;
5123 ++buckets[open];
5124 }
5125
5126 s = 1;
5127 for (i = 0; i < 30; ++i)
5128 {
5129 cli_print(cli, " < %8d seconds : %7.2f%% (%6d)", s, (double) buckets[i] * 100.0 / count , buckets[i]);
5130 s <<= 1;
5131 }
5132 cli_print(cli, "%d total sessions open.", count);
5133 return CLI_OK;
5134 }
5135
5136 /* Unhide an avp.
5137 *
5138 * This unencodes the AVP using the L2TP secret and the previously
5139 * stored random vector. It overwrites the hidden data with the
5140 * unhidden AVP subformat.
5141 */
5142 static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len)
5143 {
5144 MD5_CTX ctx;
5145 uint8_t digest[16];
5146 uint8_t *last;
5147 size_t d = 0;
5148 uint16_t m = htons(type);
5149
5150 // Compute initial pad
5151 MD5_Init(&ctx);
5152 MD5_Update(&ctx, (unsigned char *) &m, 2);
5153 MD5_Update(&ctx, config->l2tpsecret, strlen(config->l2tpsecret));
5154 MD5_Update(&ctx, vector, vec_len);
5155 MD5_Final(digest, &ctx);
5156
5157 // pointer to last decoded 16 octets
5158 last = value;
5159
5160 while (len > 0)
5161 {
5162 // calculate a new pad based on the last decoded block
5163 if (d >= sizeof(digest))
5164 {
5165 MD5_Init(&ctx);
5166 MD5_Update(&ctx, config->l2tpsecret, strlen(config->l2tpsecret));
5167 MD5_Update(&ctx, last, sizeof(digest));
5168 MD5_Final(digest, &ctx);
5169
5170 d = 0;
5171 last = value;
5172 }
5173
5174 *value++ ^= digest[d++];
5175 len--;
5176 }
5177 }
5178
5179 int find_filter(char const *name, size_t len)
5180 {
5181 int free = -1;
5182 int i;
5183
5184 for (i = 0; i < MAXFILTER; i++)
5185 {
5186 if (!*ip_filters[i].name)
5187 {
5188 if (free < 0)
5189 free = i;
5190
5191 continue;
5192 }
5193
5194 if (strlen(ip_filters[i].name) != len)
5195 continue;
5196
5197 if (!strncmp(ip_filters[i].name, name, len))
5198 return i;
5199 }
5200
5201 return free;
5202 }
5203
5204 static int ip_filter_port(ip_filter_portt *p, uint16_t port)
5205 {
5206 switch (p->op)
5207 {
5208 case FILTER_PORT_OP_EQ: return port == p->port;
5209 case FILTER_PORT_OP_NEQ: return port != p->port;
5210 case FILTER_PORT_OP_GT: return port > p->port;
5211 case FILTER_PORT_OP_LT: return port < p->port;
5212 case FILTER_PORT_OP_RANGE: return port >= p->port && port <= p->port2;
5213 }
5214
5215 return 0;
5216 }
5217
5218 static int ip_filter_flag(uint8_t op, uint8_t sflags, uint8_t cflags, uint8_t flags)
5219 {
5220 switch (op)
5221 {
5222 case FILTER_FLAG_OP_ANY:
5223 return (flags & sflags) || (~flags & cflags);
5224
5225 case FILTER_FLAG_OP_ALL:
5226 return (flags & sflags) == sflags && (~flags & cflags) == cflags;
5227
5228 case FILTER_FLAG_OP_EST:
5229 return (flags & (TCP_FLAG_ACK|TCP_FLAG_RST)) && (~flags & TCP_FLAG_SYN);
5230 }
5231
5232 return 0;
5233 }
5234
5235 int ip_filter(uint8_t *buf, int len, uint8_t filter)
5236 {
5237 uint16_t frag_offset;
5238 uint8_t proto;
5239 in_addr_t src_ip;
5240 in_addr_t dst_ip;
5241 uint16_t src_port = 0;
5242 uint16_t dst_port = 0;
5243 uint8_t flags = 0;
5244 ip_filter_rulet *rule;
5245
5246 if (len < 20) // up to end of destination address
5247 return 0;
5248
5249 if ((*buf >> 4) != 4) // IPv4
5250 return 0;
5251
5252 frag_offset = ntohs(*(uint16_t *) (buf + 6)) & 0x1fff;
5253 proto = buf[9];
5254 src_ip = *(in_addr_t *) (buf + 12);
5255 dst_ip = *(in_addr_t *) (buf + 16);
5256
5257 if (frag_offset == 0 && (proto == IPPROTO_TCP || proto == IPPROTO_UDP))
5258 {
5259 int l = (buf[0] & 0xf) * 4; // length of IP header
5260 if (len < l + 4) // ports
5261 return 0;
5262
5263 src_port = ntohs(*(uint16_t *) (buf + l));
5264 dst_port = ntohs(*(uint16_t *) (buf + l + 2));
5265 if (proto == IPPROTO_TCP)
5266 {
5267 if (len < l + 14) // flags
5268 return 0;
5269
5270 flags = buf[l + 13] & 0x3f;
5271 }
5272 }
5273
5274 for (rule = ip_filters[filter].rules; rule->action; rule++)
5275 {
5276 if (rule->proto != IPPROTO_IP && proto != rule->proto)
5277 continue;
5278
5279 if (rule->src_wild != INADDR_BROADCAST &&
5280 (src_ip & ~rule->src_wild) != (rule->src_ip & ~rule->src_wild))
5281 continue;
5282
5283 if (rule->dst_wild != INADDR_BROADCAST &&
5284 (dst_ip & ~rule->dst_wild) != (rule->dst_ip & ~rule->dst_wild))
5285 continue;
5286
5287 if (frag_offset)
5288 {
5289 if (!rule->frag || rule->action == FILTER_ACTION_DENY)
5290 continue;
5291 }
5292 else
5293 {
5294 if (rule->frag)
5295 continue;
5296
5297 if (proto == IPPROTO_TCP || proto == IPPROTO_UDP)
5298 {
5299 if (rule->src_ports.op && !ip_filter_port(&rule->src_ports, src_port))
5300 continue;
5301
5302 if (rule->dst_ports.op && !ip_filter_port(&rule->dst_ports, dst_port))
5303 continue;
5304
5305 if (proto == IPPROTO_TCP && rule->tcp_flag_op &&
5306 !ip_filter_flag(rule->tcp_flag_op, rule->tcp_sflags, rule->tcp_cflags, flags))
5307 continue;
5308 }
5309 }
5310
5311 // matched
5312 rule->counter++;
5313 return rule->action == FILTER_ACTION_PERMIT;
5314 }
5315
5316 // default deny
5317 return 0;
5318 }