projects / l2tpns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
drop backtrace
[l2tpns.git] / l2tpns.c
1 // L2TP Network Server
2 // Adrian Kennard 2002
3 // Copyright (c) 2003, 2004, 2005 Optus Internet Engineering
4 // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
5 // vim: sw=8 ts=8
6
7 char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.152 2005/12/14 02:19:15 bodea Exp $";
8
9 #include <arpa/inet.h>
10 #include <assert.h>
11 #include <errno.h>
12 #include <fcntl.h>
13 #include <linux/if_tun.h>
14 #define SYSLOG_NAMES
15 #include <syslog.h>
16 #include <malloc.h>
17 #include <math.h>
18 #include <net/route.h>
19 #include <sys/mman.h>
20 #include <netdb.h>
21 #include <netinet/in.h>
22 #include <netinet/ip6.h>
23 #include <stdarg.h>
24 #include <stdlib.h>
25 #include <stdio.h>
26 #include <string.h>
27 #include <ctype.h>
28 #include <sys/ioctl.h>
29 #include <sys/socket.h>
30 #include <sys/stat.h>
31 #include <sys/time.h>
32 #include <sys/resource.h>
33 #include <sys/wait.h>
34 #include <linux/if.h>
35 #include <stddef.h>
36 #include <time.h>
37 #include <dlfcn.h>
38 #include <unistd.h>
39 #include <sched.h>
40 #include <sys/sysinfo.h>
41 #include <libcli.h>
42
43 #include "md5.h"
44 #include "l2tpns.h"
45 #include "cluster.h"
46 #include "plugin.h"
47 #include "ll.h"
48 #include "constants.h"
49 #include "control.h"
50 #include "util.h"
51 #include "tbf.h"
52
53 #ifdef BGP
54 #include "bgp.h"
55 #endif
56
57 // Globals
58 configt *config = NULL; // all configuration
59 int tunfd = -1; // tun interface file handle. (network device)
60 int udpfd = -1; // UDP file handle
61 int controlfd = -1; // Control signal handle
62 int clifd = -1; // Socket listening for CLI connections.
63 int daefd = -1; // Socket listening for DAE connections.
64 int snoopfd = -1; // UDP file handle for sending out intercept data
65 int *radfds = NULL; // RADIUS requests file handles
66 int ifrfd = -1; // File descriptor for routing, etc
67 int ifr6fd = -1; // File descriptor for IPv6 routing, etc
68 int rand_fd = -1; // Random data source
69 int cluster_sockfd = -1; // Intra-cluster communications socket.
70 int epollfd = -1; // event polling
71 time_t basetime = 0; // base clock
72 char hostname[1000] = ""; // us.
73 static int tunidx; // ifr_ifindex of tun device
74 static int syslog_log = 0; // are we logging to syslog
75 static FILE *log_stream = 0; // file handle for direct logging (i.e. direct into file, not via syslog).
76 uint32_t last_id = 0; // Unique ID for radius accounting
77
78 // calculated from config->l2tp_mtu
79 uint16_t MRU = 0; // PPP MRU
80 uint16_t MSS = 0; // TCP MSS
81
82 struct cli_session_actions *cli_session_actions = NULL; // Pending session changes requested by CLI
83 struct cli_tunnel_actions *cli_tunnel_actions = NULL; // Pending tunnel changes required by CLI
84
85 static void *ip_hash[256]; // Mapping from IP address to session structures.
86 struct ipv6radix {
87 int sess;
88 struct ipv6radix *branch;
89 } ipv6_hash[256]; // Mapping from IPv6 address to session structures.
90
91 // Traffic counters.
92 static uint32_t udp_rx = 0, udp_rx_pkt = 0, udp_tx = 0;
93 static uint32_t eth_rx = 0, eth_rx_pkt = 0;
94 uint32_t eth_tx = 0;
95
96 static uint32_t ip_pool_size = 1; // Size of the pool of addresses used for dynamic address allocation.
97 time_t time_now = 0; // Current time in seconds since epoch.
98 static char time_now_string[64] = {0}; // Current time as a string.
99 static int time_changed = 0; // time_now changed
100 char main_quit = 0; // True if we're in the process of exiting.
101 static char main_reload = 0; // Re-load pending
102 linked_list *loaded_plugins;
103 linked_list *plugins[MAX_PLUGIN_TYPES];
104
105 #define membersize(STRUCT, MEMBER) sizeof(((STRUCT *)0)->MEMBER)
106 #define CONFIG(NAME, MEMBER, TYPE) { NAME, offsetof(configt, MEMBER), membersize(configt, MEMBER), TYPE }
107
108 config_descriptt config_values[] = {
109 CONFIG("debug", debug, INT),
110 CONFIG("log_file", log_filename, STRING),
111 CONFIG("pid_file", pid_file, STRING),
112 CONFIG("random_device", random_device, STRING),
113 CONFIG("l2tp_secret", l2tp_secret, STRING),
114 CONFIG("l2tp_mtu", l2tp_mtu, INT),
115 CONFIG("ppp_restart_time", ppp_restart_time, INT),
116 CONFIG("ppp_max_configure", ppp_max_configure, INT),
117 CONFIG("ppp_max_failure", ppp_max_failure, INT),
118 CONFIG("primary_dns", default_dns1, IPv4),
119 CONFIG("secondary_dns", default_dns2, IPv4),
120 CONFIG("primary_radius", radiusserver[0], IPv4),
121 CONFIG("secondary_radius", radiusserver[1], IPv4),
122 CONFIG("primary_radius_port", radiusport[0], SHORT),
123 CONFIG("secondary_radius_port", radiusport[1], SHORT),
124 CONFIG("radius_accounting", radius_accounting, BOOL),
125 CONFIG("radius_interim", radius_interim, INT),
126 CONFIG("radius_secret", radiussecret, STRING),
127 CONFIG("radius_authtypes", radius_authtypes_s, STRING),
128 CONFIG("radius_dae_port", radius_dae_port, SHORT),
129 CONFIG("allow_duplicate_users", allow_duplicate_users, BOOL),
130 CONFIG("bind_address", bind_address, IPv4),
131 CONFIG("peer_address", peer_address, IPv4),
132 CONFIG("send_garp", send_garp, BOOL),
133 CONFIG("throttle_speed", rl_rate, UNSIGNED_LONG),
134 CONFIG("throttle_buckets", num_tbfs, INT),
135 CONFIG("accounting_dir", accounting_dir, STRING),
136 CONFIG("setuid", target_uid, INT),
137 CONFIG("dump_speed", dump_speed, BOOL),
138 CONFIG("multi_read_count", multi_read_count, INT),
139 CONFIG("scheduler_fifo", scheduler_fifo, BOOL),
140 CONFIG("lock_pages", lock_pages, BOOL),
141 CONFIG("icmp_rate", icmp_rate, INT),
142 CONFIG("packet_limit", max_packets, INT),
143 CONFIG("cluster_address", cluster_address, IPv4),
144 CONFIG("cluster_interface", cluster_interface, STRING),
145 CONFIG("cluster_mcast_ttl", cluster_mcast_ttl, INT),
146 CONFIG("cluster_hb_interval", cluster_hb_interval, INT),
147 CONFIG("cluster_hb_timeout", cluster_hb_timeout, INT),
148 CONFIG("cluster_master_min_adv", cluster_master_min_adv, INT),
149 CONFIG("ipv6_prefix", ipv6_prefix, IPv6),
150 { NULL, 0, 0, 0 },
151 };
152
153 static char *plugin_functions[] = {
154 NULL,
155 "plugin_pre_auth",
156 "plugin_post_auth",
157 "plugin_packet_rx",
158 "plugin_packet_tx",
159 "plugin_timer",
160 "plugin_new_session",
161 "plugin_kill_session",
162 "plugin_control",
163 "plugin_radius_response",
164 "plugin_radius_reset",
165 "plugin_radius_account",
166 "plugin_become_master",
167 "plugin_new_session_master",
168 };
169
170 #define max_plugin_functions (sizeof(plugin_functions) / sizeof(char *))
171
172 // Counters for shutdown sessions
173 static sessiont shut_acct[8192];
174 static sessionidt shut_acct_n = 0;
175
176 tunnelt *tunnel = NULL; // Array of tunnel structures.
177 sessiont *session = NULL; // Array of session structures.
178 sessionlocalt *sess_local = NULL; // Array of local per-session counters.
179 radiust *radius = NULL; // Array of radius structures.
180 ippoolt *ip_address_pool = NULL; // Array of dynamic IP addresses.
181 ip_filtert *ip_filters = NULL; // Array of named filters.
182 static controlt *controlfree = 0;
183 struct Tstats *_statistics = NULL;
184 #ifdef RINGBUFFER
185 struct Tringbuffer *ringbuffer = NULL;
186 #endif
187
188 static void cache_ipmap(in_addr_t ip, int s);
189 static void uncache_ipmap(in_addr_t ip);
190 static void cache_ipv6map(struct in6_addr ip, int prefixlen, int s);
191 static void free_ip_address(sessionidt s);
192 static void dump_acct_info(int all);
193 static void sighup_handler(int sig);
194 static void shutdown_handler(int sig);
195 static void sigchild_handler(int sig);
196 static void build_chap_response(uint8_t *challenge, uint8_t id, uint16_t challenge_length, uint8_t **challenge_response);
197 static void update_config(void);
198 static void read_config_file(void);
199 static void initplugins(void);
200 static int add_plugin(char *plugin_name);
201 static int remove_plugin(char *plugin_name);
202 static void plugins_done(void);
203 static void processcontrol(uint8_t *buf, int len, struct sockaddr_in *addr, int alen);
204 static tunnelidt new_tunnel(void);
205 static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len);
206
207 // on slaves, alow BGP to withdraw cleanly before exiting
208 #define QUIT_DELAY 5
209
210 // quit actions (master)
211 #define QUIT_FAILOVER 1 // SIGTERM: exit when all control messages have been acked (for cluster failover)
212 #define QUIT_SHUTDOWN 2 // SIGQUIT: shutdown sessions/tunnels, reject new connections
213
214 // return internal time (10ths since process startup), set f if given
215 // as a side-effect sets time_now, and time_changed
216 static clockt now(double *f)
217 {
218 struct timeval t;
219 gettimeofday(&t, 0);
220 if (f) *f = t.tv_sec + t.tv_usec / 1000000.0;
221 if (t.tv_sec != time_now)
222 {
223 time_now = t.tv_sec;
224 time_changed++;
225 }
226 return (t.tv_sec - basetime) * 10 + t.tv_usec / 100000 + 1;
227 }
228
229 // work out a retry time based on try number
230 // This is a straight bounded exponential backoff.
231 // Maximum re-try time is 32 seconds. (2^5).
232 clockt backoff(uint8_t try)
233 {
234 if (try > 5) try = 5; // max backoff
235 return now(NULL) + 10 * (1 << try);
236 }
237
238
239 //
240 // Log a debug message. Typically called via the LOG macro
241 //
242 void _log(int level, sessionidt s, tunnelidt t, const char *format, ...)
243 {
244 static char message[65536] = {0};
245 va_list ap;
246
247 #ifdef RINGBUFFER
248 if (ringbuffer)
249 {
250 if (++ringbuffer->tail >= RINGBUFFER_SIZE)
251 ringbuffer->tail = 0;
252 if (ringbuffer->tail == ringbuffer->head)
253 if (++ringbuffer->head >= RINGBUFFER_SIZE)
254 ringbuffer->head = 0;
255
256 ringbuffer->buffer[ringbuffer->tail].level = level;
257 ringbuffer->buffer[ringbuffer->tail].session = s;
258 ringbuffer->buffer[ringbuffer->tail].tunnel = t;
259 va_start(ap, format);
260 vsnprintf(ringbuffer->buffer[ringbuffer->tail].message, 4095, format, ap);
261 va_end(ap);
262 }
263 #endif
264
265 if (config->debug < level) return;
266
267 va_start(ap, format);
268 vsnprintf(message, sizeof(message), format, ap);
269
270 if (log_stream)
271 fprintf(log_stream, "%s %02d/%02d %s", time_now_string, t, s, message);
272 else if (syslog_log)
273 syslog(level + 2, "%02d/%02d %s", t, s, message); // We don't need LOG_EMERG or LOG_ALERT
274
275 va_end(ap);
276 }
277
278 void _log_hex(int level, const char *title, const uint8_t *data, int maxsize)
279 {
280 int i, j;
281 const uint8_t *d = data;
282
283 if (config->debug < level) return;
284
285 // No support for _log_hex to syslog
286 if (log_stream)
287 {
288 _log(level, 0, 0, "%s (%d bytes):\n", title, maxsize);
289 setvbuf(log_stream, NULL, _IOFBF, 16384);
290
291 for (i = 0; i < maxsize; )
292 {
293 fprintf(log_stream, "%4X: ", i);
294 for (j = i; j < maxsize && j < (i + 16); j++)
295 {
296 fprintf(log_stream, "%02X ", d[j]);
297 if (j == i + 7)
298 fputs(": ", log_stream);
299 }
300
301 for (; j < i + 16; j++)
302 {
303 fputs(" ", log_stream);
304 if (j == i + 7)
305 fputs(": ", log_stream);
306 }
307
308 fputs(" ", log_stream);
309 for (j = i; j < maxsize && j < (i + 16); j++)
310 {
311 if (d[j] >= 0x20 && d[j] < 0x7f && d[j] != 0x20)
312 fputc(d[j], log_stream);
313 else
314 fputc('.', log_stream);
315
316 if (j == i + 7)
317 fputs(" ", log_stream);
318 }
319
320 i = j;
321 fputs("\n", log_stream);
322 }
323
324 fflush(log_stream);
325 setbuf(log_stream, NULL);
326 }
327 }
328
329 // update a counter, accumulating 2^32 wraps
330 void increment_counter(uint32_t *counter, uint32_t *wrap, uint32_t delta)
331 {
332 uint32_t new = *counter + delta;
333 if (new < *counter)
334 (*wrap)++;
335
336 *counter = new;
337 }
338
339 // initialise the random generator
340 static void initrandom(char *source)
341 {
342 static char path[sizeof(config->random_device)] = "*undefined*";
343
344 // reinitialise only if we are forced to do so or if the config has changed
345 if (source && !strncmp(path, source, sizeof(path)))
346 return;
347
348 // close previous source, if any
349 if (rand_fd >= 0)
350 close(rand_fd);
351
352 rand_fd = -1;
353
354 if (source)
355 {
356 // register changes
357 snprintf(path, sizeof(path), "%s", source);
358
359 if (*path == '/')
360 {
361 rand_fd = open(path, O_RDONLY|O_NONBLOCK);
362 if (rand_fd < 0)
363 LOG(0, 0, 0, "Error opening the random device %s: %s\n",
364 path, strerror(errno));
365 }
366 }
367 }
368
369 // fill buffer with random data
370 void random_data(uint8_t *buf, int len)
371 {
372 int n = 0;
373
374 CSTAT(random_data);
375 if (rand_fd >= 0)
376 {
377 n = read(rand_fd, buf, len);
378 if (n >= len) return;
379 if (n < 0)
380 {
381 if (errno != EAGAIN)
382 {
383 LOG(0, 0, 0, "Error reading from random source: %s\n",
384 strerror(errno));
385
386 // fall back to rand()
387 initrandom(NULL);
388 }
389
390 n = 0;
391 }
392 }
393
394 // append missing data
395 while (n < len)
396 // not using the low order bits from the prng stream
397 buf[n++] = (rand() >> 4) & 0xff;
398 }
399
400 // Add a route
401 //
402 // This adds it to the routing table, advertises it
403 // via BGP if enabled, and stuffs it into the
404 // 'sessionbyip' cache.
405 //
406 // 'ip' and 'mask' must be in _host_ order.
407 //
408 static void routeset(sessionidt s, in_addr_t ip, in_addr_t mask, in_addr_t gw, int add)
409 {
410 struct rtentry r;
411 int i;
412
413 if (!mask) mask = 0xffffffff;
414
415 ip &= mask; // Force the ip to be the first one in the route.
416
417 memset(&r, 0, sizeof(r));
418 r.rt_dev = config->tundevice;
419 r.rt_dst.sa_family = AF_INET;
420 *(uint32_t *) & (((struct sockaddr_in *) &r.rt_dst)->sin_addr.s_addr) = htonl(ip);
421 r.rt_gateway.sa_family = AF_INET;
422 *(uint32_t *) & (((struct sockaddr_in *) &r.rt_gateway)->sin_addr.s_addr) = htonl(gw);
423 r.rt_genmask.sa_family = AF_INET;
424 *(uint32_t *) & (((struct sockaddr_in *) &r.rt_genmask)->sin_addr.s_addr) = htonl(mask);
425 r.rt_flags = (RTF_UP | RTF_STATIC);
426 if (gw)
427 r.rt_flags |= RTF_GATEWAY;
428 else if (mask == 0xffffffff)
429 r.rt_flags |= RTF_HOST;
430
431 LOG(1, s, 0, "Route %s %s/%s%s%s\n", add ? "add" : "del",
432 fmtaddr(htonl(ip), 0), fmtaddr(htonl(mask), 1),
433 gw ? " via" : "", gw ? fmtaddr(htonl(gw), 2) : "");
434
435 if (ioctl(ifrfd, add ? SIOCADDRT : SIOCDELRT, (void *) &r) < 0)
436 LOG(0, 0, 0, "routeset() error in ioctl: %s\n", strerror(errno));
437
438 #ifdef BGP
439 if (add)
440 bgp_add_route(htonl(ip), htonl(mask));
441 else
442 bgp_del_route(htonl(ip), htonl(mask));
443 #endif /* BGP */
444
445 // Add/Remove the IPs to the 'sessionbyip' cache.
446 // Note that we add the zero address in the case of
447 // a network route. Roll on CIDR.
448
449 // Note that 's == 0' implies this is the address pool.
450 // We still cache it here, because it will pre-fill
451 // the malloc'ed tree.
452
453 if (s)
454 {
455 if (!add) // Are we deleting a route?
456 s = 0; // Caching the session as '0' is the same as uncaching.
457
458 for (i = ip; (i&mask) == (ip&mask) ; ++i)
459 cache_ipmap(i, s);
460 }
461 }
462
463 void route6set(sessionidt s, struct in6_addr ip, int prefixlen, int add)
464 {
465 struct in6_rtmsg rt;
466 char ipv6addr[INET6_ADDRSTRLEN];
467
468 if (ifr6fd < 0)
469 {
470 LOG(0, 0, 0, "Asked to set IPv6 route, but IPv6 not setup.\n");
471 return;
472 }
473
474 memset(&rt, 0, sizeof(rt));
475
476 memcpy(&rt.rtmsg_dst, &ip, sizeof(struct in6_addr));
477 rt.rtmsg_dst_len = prefixlen;
478 rt.rtmsg_metric = 1;
479 rt.rtmsg_flags = RTF_UP;
480 rt.rtmsg_ifindex = tunidx;
481
482 LOG(1, 0, 0, "Route %s %s/%d\n",
483 add ? "add" : "del",
484 inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN),
485 prefixlen);
486
487 if (ioctl(ifr6fd, add ? SIOCADDRT : SIOCDELRT, (void *) &rt) < 0)
488 LOG(0, 0, 0, "route6set() error in ioctl: %s\n",
489 strerror(errno));
490
491 // FIXME: need to add BGP routing (RFC2858)
492
493 if (s)
494 {
495 if (!add) // Are we deleting a route?
496 s = 0; // Caching the session as '0' is the same as uncaching.
497
498 cache_ipv6map(ip, prefixlen, s);
499 }
500
501 return;
502 }
503
504 // defined in linux/ipv6.h, but tricky to include from user-space
505 // TODO: move routing to use netlink rather than ioctl
506 struct in6_ifreq {
507 struct in6_addr ifr6_addr;
508 __u32 ifr6_prefixlen;
509 unsigned int ifr6_ifindex;
510 };
511
512 //
513 // Set up TUN interface
514 static void inittun(void)
515 {
516 struct ifreq ifr;
517 struct in6_ifreq ifr6;
518 struct sockaddr_in sin = {0};
519 memset(&ifr, 0, sizeof(ifr));
520 ifr.ifr_flags = IFF_TUN;
521
522 tunfd = open(TUNDEVICE, O_RDWR);
523 if (tunfd < 0)
524 { // fatal
525 LOG(0, 0, 0, "Can't open %s: %s\n", TUNDEVICE, strerror(errno));
526 exit(1);
527 }
528 {
529 int flags = fcntl(tunfd, F_GETFL, 0);
530 fcntl(tunfd, F_SETFL, flags | O_NONBLOCK);
531 }
532 if (ioctl(tunfd, TUNSETIFF, (void *) &ifr) < 0)
533 {
534 LOG(0, 0, 0, "Can't set tun interface: %s\n", strerror(errno));
535 exit(1);
536 }
537 assert(strlen(ifr.ifr_name) < sizeof(config->tundevice));
538 strncpy(config->tundevice, ifr.ifr_name, sizeof(config->tundevice) - 1);
539 ifrfd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
540
541 sin.sin_family = AF_INET;
542 sin.sin_addr.s_addr = config->bind_address ? config->bind_address : 0x01010101; // 1.1.1.1
543 memcpy(&ifr.ifr_addr, &sin, sizeof(struct sockaddr));
544
545 if (ioctl(ifrfd, SIOCSIFADDR, (void *) &ifr) < 0)
546 {
547 LOG(0, 0, 0, "Error setting tun address: %s\n", strerror(errno));
548 exit(1);
549 }
550 /* Bump up the qlen to deal with bursts from the network */
551 ifr.ifr_qlen = 1000;
552 if (ioctl(ifrfd, SIOCSIFTXQLEN, (void *) &ifr) < 0)
553 {
554 LOG(0, 0, 0, "Error setting tun queue length: %s\n", strerror(errno));
555 exit(1);
556 }
557 /* set MTU to modem MRU + 4 (tun header) */
558 ifr.ifr_mtu = MRU + 4;
559 if (ioctl(ifrfd, SIOCSIFMTU, (void *) &ifr) < 0)
560 {
561 LOG(0, 0, 0, "Error setting tun MTU: %s\n", strerror(errno));
562 exit(1);
563 }
564 ifr.ifr_flags = IFF_UP;
565 if (ioctl(ifrfd, SIOCSIFFLAGS, (void *) &ifr) < 0)
566 {
567 LOG(0, 0, 0, "Error setting tun flags: %s\n", strerror(errno));
568 exit(1);
569 }
570 if (ioctl(ifrfd, SIOCGIFINDEX, (void *) &ifr) < 0)
571 {
572 LOG(0, 0, 0, "Error getting tun ifindex: %s\n", strerror(errno));
573 exit(1);
574 }
575 tunidx = ifr.ifr_ifindex;
576
577 // Only setup IPv6 on the tun device if we have a configured prefix
578 if (config->ipv6_prefix.s6_addr[0]) {
579 ifr6fd = socket(PF_INET6, SOCK_DGRAM, 0);
580
581 // Link local address is FE80::1
582 memset(&ifr6.ifr6_addr, 0, sizeof(ifr6.ifr6_addr));
583 ifr6.ifr6_addr.s6_addr[0] = 0xFE;
584 ifr6.ifr6_addr.s6_addr[1] = 0x80;
585 ifr6.ifr6_addr.s6_addr[15] = 1;
586 ifr6.ifr6_prefixlen = 64;
587 ifr6.ifr6_ifindex = ifr.ifr_ifindex;
588 if (ioctl(ifr6fd, SIOCSIFADDR, (void *) &ifr6) < 0)
589 {
590 LOG(0, 0, 0, "Error setting tun IPv6 link local address:"
591 " %s\n", strerror(errno));
592 }
593
594 // Global address is prefix::1
595 memset(&ifr6.ifr6_addr, 0, sizeof(ifr6.ifr6_addr));
596 ifr6.ifr6_addr = config->ipv6_prefix;
597 ifr6.ifr6_addr.s6_addr[15] = 1;
598 ifr6.ifr6_prefixlen = 64;
599 ifr6.ifr6_ifindex = ifr.ifr_ifindex;
600 if (ioctl(ifr6fd, SIOCSIFADDR, (void *) &ifr6) < 0)
601 {
602 LOG(0, 0, 0, "Error setting tun IPv6 global address: %s\n",
603 strerror(errno));
604 }
605 }
606 }
607
608 // set up UDP ports
609 static void initudp(void)
610 {
611 int on = 1;
612 struct sockaddr_in addr;
613
614 // Tunnel
615 memset(&addr, 0, sizeof(addr));
616 addr.sin_family = AF_INET;
617 addr.sin_port = htons(L2TPPORT);
618 addr.sin_addr.s_addr = config->bind_address;
619 udpfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
620 setsockopt(udpfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
621 {
622 int flags = fcntl(udpfd, F_GETFL, 0);
623 fcntl(udpfd, F_SETFL, flags | O_NONBLOCK);
624 }
625 if (bind(udpfd, (void *) &addr, sizeof(addr)) < 0)
626 {
627 LOG(0, 0, 0, "Error in UDP bind: %s\n", strerror(errno));
628 exit(1);
629 }
630
631 // Control
632 memset(&addr, 0, sizeof(addr));
633 addr.sin_family = AF_INET;
634 addr.sin_port = htons(NSCTL_PORT);
635 controlfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
636 setsockopt(controlfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
637 if (bind(controlfd, (void *) &addr, sizeof(addr)) < 0)
638 {
639 LOG(0, 0, 0, "Error in control bind: %s\n", strerror(errno));
640 exit(1);
641 }
642
643 // Dynamic Authorization Extensions to RADIUS
644 memset(&addr, 0, sizeof(addr));
645 addr.sin_family = AF_INET;
646 addr.sin_port = htons(config->radius_dae_port);
647 daefd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
648 setsockopt(daefd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
649 if (bind(daefd, (void *) &addr, sizeof(addr)) < 0)
650 {
651 LOG(0, 0, 0, "Error in DAE bind: %s\n", strerror(errno));
652 exit(1);
653 }
654
655 // Intercept
656 snoopfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
657 }
658
659 //
660 // Find session by IP, < 1 for not found
661 //
662 // Confusingly enough, this 'ip' must be
663 // in _network_ order. This being the common
664 // case when looking it up from IP packet headers.
665 //
666 // We actually use this cache for two things.
667 // #1. For used IP addresses, this maps to the
668 // session ID that it's used by.
669 // #2. For un-used IP addresses, this maps to the
670 // index into the pool table that contains that
671 // IP address.
672 //
673
674 static int lookup_ipmap(in_addr_t ip)
675 {
676 uint8_t *a = (uint8_t *) &ip;
677 uint8_t **d = (uint8_t **) ip_hash;
678
679 if (!(d = (uint8_t **) d[(size_t) *a++])) return 0;
680 if (!(d = (uint8_t **) d[(size_t) *a++])) return 0;
681 if (!(d = (uint8_t **) d[(size_t) *a++])) return 0;
682
683 return (int) (intptr_t) d[(size_t) *a];
684 }
685
686 static int lookup_ipv6map(struct in6_addr ip)
687 {
688 struct ipv6radix *curnode;
689 int i;
690 int s;
691 char ipv6addr[INET6_ADDRSTRLEN];
692
693 curnode = &ipv6_hash[ip.s6_addr[0]];
694 i = 1;
695 s = curnode->sess;
696
697 while (s == 0 && i < 15 && curnode->branch != NULL)
698 {
699 curnode = &curnode->branch[ip.s6_addr[i]];
700 s = curnode->sess;
701 i++;
702 }
703
704 LOG(4, s, session[s].tunnel, "Looking up address %s and got %d\n",
705 inet_ntop(AF_INET6, &ip, ipv6addr,
706 INET6_ADDRSTRLEN),
707 s);
708
709 return s;
710 }
711
712 sessionidt sessionbyip(in_addr_t ip)
713 {
714 int s = lookup_ipmap(ip);
715 CSTAT(sessionbyip);
716
717 if (s > 0 && s < MAXSESSION && session[s].opened)
718 return (sessionidt) s;
719
720 return 0;
721 }
722
723 sessionidt sessionbyipv6(struct in6_addr ip)
724 {
725 int s;
726 CSTAT(sessionbyipv6);
727
728 if (!memcmp(&config->ipv6_prefix, &ip, 8) ||
729 (ip.s6_addr[0] == 0xFE &&
730 ip.s6_addr[1] == 0x80 &&
731 ip.s6_addr16[1] == 0 &&
732 ip.s6_addr16[2] == 0 &&
733 ip.s6_addr16[3] == 0)) {
734 s = lookup_ipmap(*(in_addr_t *) &ip.s6_addr[8]);
735 } else {
736 s = lookup_ipv6map(ip);
737 }
738
739 if (s > 0 && s < MAXSESSION && session[s].opened)
740 return s;
741
742 return 0;
743 }
744
745 //
746 // Take an IP address in HOST byte order and
747 // add it to the sessionid by IP cache.
748 //
749 // (It's actually cached in network order)
750 //
751 static void cache_ipmap(in_addr_t ip, int s)
752 {
753 in_addr_t nip = htonl(ip); // MUST be in network order. I.e. MSB must in be ((char *) (&ip))[0]
754 uint8_t *a = (uint8_t *) &nip;
755 uint8_t **d = (uint8_t **) ip_hash;
756 int i;
757
758 for (i = 0; i < 3; i++)
759 {
760 if (!d[(size_t) a[i]])
761 {
762 if (!(d[(size_t) a[i]] = calloc(256, sizeof(void *))))
763 return;
764 }
765
766 d = (uint8_t **) d[(size_t) a[i]];
767 }
768
769 d[(size_t) a[3]] = (uint8_t *) (intptr_t) s;
770
771 if (s > 0)
772 LOG(4, s, session[s].tunnel, "Caching ip address %s\n", fmtaddr(nip, 0));
773
774 else if (s == 0)
775 LOG(4, 0, 0, "Un-caching ip address %s\n", fmtaddr(nip, 0));
776 // else a map to an ip pool index.
777 }
778
779 static void uncache_ipmap(in_addr_t ip)
780 {
781 cache_ipmap(ip, 0); // Assign it to the NULL session.
782 }
783
784 static void cache_ipv6map(struct in6_addr ip, int prefixlen, int s)
785 {
786 int i;
787 int bytes;
788 struct ipv6radix *curnode;
789 char ipv6addr[INET6_ADDRSTRLEN];
790
791 curnode = &ipv6_hash[ip.s6_addr[0]];
792
793 bytes = prefixlen >> 3;
794 i = 1;
795 while (i < bytes) {
796 if (curnode->branch == NULL)
797 {
798 if (!(curnode->branch = calloc(256,
799 sizeof (struct ipv6radix))))
800 return;
801 }
802 curnode = &curnode->branch[ip.s6_addr[i]];
803 i++;
804 }
805
806 curnode->sess = s;
807
808 if (s > 0)
809 LOG(4, s, session[s].tunnel, "Caching ip address %s/%d\n",
810 inet_ntop(AF_INET6, &ip, ipv6addr,
811 INET6_ADDRSTRLEN),
812 prefixlen);
813 else if (s == 0)
814 LOG(4, 0, 0, "Un-caching ip address %s/%d\n",
815 inet_ntop(AF_INET6, &ip, ipv6addr,
816 INET6_ADDRSTRLEN),
817 prefixlen);
818 }
819
820 //
821 // CLI list to dump current ipcache.
822 //
823 int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc)
824 {
825 char **d = (char **) ip_hash, **e, **f, **g;
826 int i, j, k, l;
827 int count = 0;
828
829 if (CLI_HELP_REQUESTED)
830 return CLI_HELP_NO_ARGS;
831
832 cli_print(cli, "%7s %s", "Sess#", "IP Address");
833
834 for (i = 0; i < 256; ++i)
835 {
836 if (!d[i])
837 continue;
838 e = (char **) d[i];
839 for (j = 0; j < 256; ++j)
840 {
841 if (!e[j])
842 continue;
843 f = (char **) e[j];
844 for (k = 0; k < 256; ++k)
845 {
846 if (!f[k])
847 continue;
848 g = (char **)f[k];
849 for (l = 0; l < 256; ++l)
850 {
851 if (!g[l])
852 continue;
853 cli_print(cli, "%7d %d.%d.%d.%d", (int) (intptr_t) g[l], i, j, k, l);
854 ++count;
855 }
856 }
857 }
858 }
859 cli_print(cli, "%d entries in cache", count);
860 return CLI_OK;
861 }
862
863
864 // Find session by username, 0 for not found
865 // walled garden users aren't authenticated, so the username is
866 // reasonably useless. Ignore them to avoid incorrect actions
867 //
868 // This is VERY inefficent. Don't call it often. :)
869 //
870 sessionidt sessionbyuser(char *username)
871 {
872 int s;
873 CSTAT(sessionbyuser);
874
875 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
876 {
877 if (!session[s].opened)
878 continue;
879
880 if (session[s].walled_garden)
881 continue; // Skip walled garden users.
882
883 if (!strncmp(session[s].user, username, 128))
884 return s;
885
886 }
887 return 0; // Not found.
888 }
889
890 void send_garp(in_addr_t ip)
891 {
892 int s;
893 struct ifreq ifr;
894 uint8_t mac[6];
895
896 s = socket(PF_INET, SOCK_DGRAM, 0);
897 if (s < 0)
898 {
899 LOG(0, 0, 0, "Error creating socket for GARP: %s\n", strerror(errno));
900 return;
901 }
902 memset(&ifr, 0, sizeof(ifr));
903 strncpy(ifr.ifr_name, "eth0", sizeof(ifr.ifr_name) - 1);
904 if (ioctl(s, SIOCGIFHWADDR, &ifr) < 0)
905 {
906 LOG(0, 0, 0, "Error getting eth0 hardware address for GARP: %s\n", strerror(errno));
907 close(s);
908 return;
909 }
910 memcpy(mac, &ifr.ifr_hwaddr.sa_data, 6*sizeof(char));
911 if (ioctl(s, SIOCGIFINDEX, &ifr) < 0)
912 {
913 LOG(0, 0, 0, "Error getting eth0 interface index for GARP: %s\n", strerror(errno));
914 close(s);
915 return;
916 }
917 close(s);
918 sendarp(ifr.ifr_ifindex, mac, ip);
919 }
920
921 static sessiont *sessiontbysessionidt(sessionidt s)
922 {
923 if (!s || s >= MAXSESSION) return NULL;
924 return &session[s];
925 }
926
927 static sessionidt sessionidtbysessiont(sessiont *s)
928 {
929 sessionidt val = s-session;
930 if (s < session || val >= MAXSESSION) return 0;
931 return val;
932 }
933
934 // actually send a control message for a specific tunnel
935 void tunnelsend(uint8_t * buf, uint16_t l, tunnelidt t)
936 {
937 struct sockaddr_in addr;
938
939 CSTAT(tunnelsend);
940
941 if (!t)
942 {
943 LOG(0, 0, t, "tunnelsend called with 0 as tunnel id\n");
944 STAT(tunnel_tx_errors);
945 return;
946 }
947
948 if (!tunnel[t].ip)
949 {
950 LOG(1, 0, t, "Error sending data out tunnel: no remote endpoint (tunnel not set up)\n");
951 STAT(tunnel_tx_errors);
952 return;
953 }
954
955 memset(&addr, 0, sizeof(addr));
956 addr.sin_family = AF_INET;
957 *(uint32_t *) & addr.sin_addr = htonl(tunnel[t].ip);
958 addr.sin_port = htons(tunnel[t].port);
959
960 // sequence expected, if sequence in message
961 if (*buf & 0x08) *(uint16_t *) (buf + ((*buf & 0x40) ? 10 : 8)) = htons(tunnel[t].nr);
962
963 // If this is a control message, deal with retries
964 if (*buf & 0x80)
965 {
966 tunnel[t].last = time_now; // control message sent
967 tunnel[t].retry = backoff(tunnel[t].try); // when to resend
968 if (tunnel[t].try)
969 {
970 STAT(tunnel_retries);
971 LOG(3, 0, t, "Control message resend try %d\n", tunnel[t].try);
972 }
973 }
974
975 if (sendto(udpfd, buf, l, 0, (void *) &addr, sizeof(addr)) < 0)
976 {
977 LOG(0, ntohs((*(uint16_t *) (buf + 6))), t, "Error sending data out tunnel: %s (udpfd=%d, buf=%p, len=%d, dest=%s)\n",
978 strerror(errno), udpfd, buf, l, inet_ntoa(addr.sin_addr));
979 STAT(tunnel_tx_errors);
980 return;
981 }
982
983 LOG_HEX(5, "Send Tunnel Data", buf, l);
984 STAT(tunnel_tx_packets);
985 INC_STAT(tunnel_tx_bytes, l);
986 }
987
988 //
989 // Tiny helper function to write data to
990 // the 'tun' device.
991 //
992 int tun_write(uint8_t * data, int size)
993 {
994 return write(tunfd, data, size);
995 }
996
997 // adjust tcp mss to avoid fragmentation (called only for tcp packets with syn set)
998 void adjust_tcp_mss(sessionidt s, tunnelidt t, uint8_t *buf, int len, uint8_t *tcp)
999 {
1000 int d = (tcp[12] >> 4) * 4;
1001 uint8_t *mss = 0;
1002 uint8_t *opts;
1003 uint8_t *data;
1004 uint16_t orig;
1005 uint32_t sum;
1006
1007 if ((tcp[13] & 0x3f) & ~(TCP_FLAG_SYN|TCP_FLAG_ACK)) // only want SYN and SYN,ACK
1008 return;
1009
1010 if (tcp + d > buf + len) // short?
1011 return;
1012
1013 opts = tcp + 20;
1014 data = tcp + d;
1015
1016 while (opts < data)
1017 {
1018 if (*opts == 2 && opts[1] == 4) // mss option (2), length 4
1019 {
1020 mss = opts + 2;
1021 if (mss + 2 > data) return; // short?
1022 break;
1023 }
1024
1025 if (*opts == 0) return; // end of options
1026 if (*opts == 1 || !opts[1]) // no op (one byte), or no length (prevent loop)
1027 opts++;
1028 else
1029 opts += opts[1]; // skip over option
1030 }
1031
1032 if (!mss) return; // not found
1033 orig = ntohs(*(uint16_t *) mss);
1034
1035 if (orig <= MSS) return; // mss OK
1036
1037 LOG(5, s, t, "TCP: %s:%u -> %s:%u SYN%s: adjusted mss from %u to %u\n",
1038 fmtaddr(*(in_addr_t *) (buf + 12), 0), ntohs(*(uint16_t *) tcp),
1039 fmtaddr(*(in_addr_t *) (buf + 16), 1), ntohs(*(uint16_t *) (tcp + 2)),
1040 (tcp[13] & TCP_FLAG_ACK) ? ",ACK" : "", orig, MSS);
1041
1042 // set mss
1043 *(int16_t *) mss = htons(MSS);
1044
1045 // adjust checksum (see rfc1141)
1046 sum = orig + (~MSS & 0xffff);
1047 sum += ntohs(*(uint16_t *) (tcp + 16));
1048 sum = (sum & 0xffff) + (sum >> 16);
1049 *(uint16_t *) (tcp + 16) = htons(sum + (sum >> 16));
1050 }
1051
1052 // process outgoing (to tunnel) IP
1053 //
1054 static void processipout(uint8_t *buf, int len)
1055 {
1056 sessionidt s;
1057 sessiont *sp;
1058 tunnelidt t;
1059 in_addr_t ip;
1060
1061 uint8_t *data = buf; // Keep a copy of the originals.
1062 int size = len;
1063
1064 uint8_t b[MAXETHER + 20];
1065
1066 CSTAT(processipout);
1067
1068 if (len < MIN_IP_SIZE)
1069 {
1070 LOG(1, 0, 0, "Short IP, %d bytes\n", len);
1071 STAT(tun_rx_errors);
1072 return;
1073 }
1074 if (len >= MAXETHER)
1075 {
1076 LOG(1, 0, 0, "Oversize IP packet %d bytes\n", len);
1077 STAT(tun_rx_errors);
1078 return;
1079 }
1080
1081 // Skip the tun header
1082 buf += 4;
1083 len -= 4;
1084
1085 // Got an IP header now
1086 if (*(uint8_t *)(buf) >> 4 != 4)
1087 {
1088 LOG(1, 0, 0, "IP: Don't understand anything except IPv4\n");
1089 return;
1090 }
1091
1092 ip = *(uint32_t *)(buf + 16);
1093 if (!(s = sessionbyip(ip)))
1094 {
1095 // Is this a packet for a session that doesn't exist?
1096 static int rate = 0; // Number of ICMP packets we've sent this second.
1097 static int last = 0; // Last time we reset the ICMP packet counter 'rate'.
1098
1099 if (last != time_now)
1100 {
1101 last = time_now;
1102 rate = 0;
1103 }
1104
1105 if (rate++ < config->icmp_rate) // Only send a max of icmp_rate per second.
1106 {
1107 LOG(4, 0, 0, "IP: Sending ICMP host unreachable to %s\n", fmtaddr(*(in_addr_t *)(buf + 12), 0));
1108 host_unreachable(*(in_addr_t *)(buf + 12), *(uint16_t *)(buf + 4),
1109 config->bind_address ? config->bind_address : my_address, buf, len);
1110 }
1111 return;
1112 }
1113 t = session[s].tunnel;
1114 sp = &session[s];
1115
1116 // DoS prevention: enforce a maximum number of packets per 0.1s for a session
1117 if (config->max_packets > 0)
1118 {
1119 if (sess_local[s].last_packet_out == TIME)
1120 {
1121 int max = config->max_packets;
1122
1123 // All packets for throttled sessions are handled by the
1124 // master, so further limit by using the throttle rate.
1125 // A bit of a kludge, since throttle rate is in kbps,
1126 // but should still be generous given our average DSL
1127 // packet size is 200 bytes: a limit of 28kbps equates
1128 // to around 180 packets per second.
1129 if (!config->cluster_iam_master && sp->throttle_out && sp->throttle_out < max)
1130 max = sp->throttle_out;
1131
1132 if (++sess_local[s].packets_out > max)
1133 {
1134 sess_local[s].packets_dropped++;
1135 return;
1136 }
1137 }
1138 else
1139 {
1140 if (sess_local[s].packets_dropped)
1141 {
1142 INC_STAT(tun_rx_dropped, sess_local[s].packets_dropped);
1143 LOG(3, s, t, "Dropped %u/%u packets to %s for %suser %s\n",
1144 sess_local[s].packets_dropped, sess_local[s].packets_out,
1145 fmtaddr(ip, 0), sp->throttle_out ? "throttled " : "",
1146 sp->user);
1147 }
1148
1149 sess_local[s].last_packet_out = TIME;
1150 sess_local[s].packets_out = 1;
1151 sess_local[s].packets_dropped = 0;
1152 }
1153 }
1154
1155 // run access-list if any
1156 if (session[s].filter_out && !ip_filter(buf, len, session[s].filter_out - 1))
1157 return;
1158
1159 // adjust MSS on SYN and SYN,ACK packets with options
1160 if ((ntohs(*(uint16_t *) (buf + 6)) & 0x1fff) == 0 && buf[9] == IPPROTO_TCP) // first tcp fragment
1161 {
1162 int ihl = (buf[0] & 0xf) * 4; // length of IP header
1163 if (len >= ihl + 20 && (buf[ihl + 13] & TCP_FLAG_SYN) && ((buf[ihl + 12] >> 4) > 5))
1164 adjust_tcp_mss(s, t, buf, len, buf + ihl);
1165 }
1166
1167 if (sp->tbf_out)
1168 {
1169 // Are we throttling this session?
1170 if (config->cluster_iam_master)
1171 tbf_queue_packet(sp->tbf_out, data, size);
1172 else
1173 master_throttle_packet(sp->tbf_out, data, size);
1174 return;
1175 }
1176
1177 if (sp->walled_garden && !config->cluster_iam_master)
1178 {
1179 // We are walled-gardening this
1180 master_garden_packet(s, data, size);
1181 return;
1182 }
1183
1184 LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
1185
1186 // Add on L2TP header
1187 {
1188 uint8_t *p = makeppp(b, sizeof(b), buf, len, s, t, PPPIP);
1189 if (!p) return;
1190 tunnelsend(b, len + (p-b), t); // send it...
1191 }
1192
1193 // Snooping this session, send it to intercept box
1194 if (sp->snoop_ip && sp->snoop_port)
1195 snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
1196
1197 increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
1198 sp->cout_delta += len;
1199 sp->pout++;
1200 udp_tx += len;
1201
1202 sess_local[s].cout += len; // To send to master..
1203 sess_local[s].pout++;
1204 }
1205
1206 // process outgoing (to tunnel) IPv6
1207 //
1208 static void processipv6out(uint8_t * buf, int len)
1209 {
1210 sessionidt s;
1211 sessiont *sp;
1212 tunnelidt t;
1213 in_addr_t ip;
1214 struct in6_addr ip6;
1215
1216 uint8_t *data = buf; // Keep a copy of the originals.
1217 int size = len;
1218
1219 uint8_t b[MAXETHER + 20];
1220
1221 CSTAT(processipv6out);
1222
1223 if (len < MIN_IP_SIZE)
1224 {
1225 LOG(1, 0, 0, "Short IPv6, %d bytes\n", len);
1226 STAT(tunnel_tx_errors);
1227 return;
1228 }
1229 if (len >= MAXETHER)
1230 {
1231 LOG(1, 0, 0, "Oversize IPv6 packet %d bytes\n", len);
1232 STAT(tunnel_tx_errors);
1233 return;
1234 }
1235
1236 // Skip the tun header
1237 buf += 4;
1238 len -= 4;
1239
1240 // Got an IP header now
1241 if (*(uint8_t *)(buf) >> 4 != 6)
1242 {
1243 LOG(1, 0, 0, "IP: Don't understand anything except IPv6\n");
1244 return;
1245 }
1246
1247 ip6 = *(struct in6_addr *)(buf+24);
1248 s = sessionbyipv6(ip6);
1249
1250 if (s == 0)
1251 {
1252 ip = *(uint32_t *)(buf + 32);
1253 s = sessionbyip(ip);
1254 }
1255
1256 if (s == 0)
1257 {
1258 // Is this a packet for a session that doesn't exist?
1259 static int rate = 0; // Number of ICMP packets we've sent this second.
1260 static int last = 0; // Last time we reset the ICMP packet counter 'rate'.
1261
1262 if (last != time_now)
1263 {
1264 last = time_now;
1265 rate = 0;
1266 }
1267
1268 if (rate++ < config->icmp_rate) // Only send a max of icmp_rate per second.
1269 {
1270 // FIXME: Should send icmp6 host unreachable
1271 }
1272 return;
1273 }
1274 t = session[s].tunnel;
1275 sp = &session[s];
1276
1277 // FIXME: add DoS prevention/filters?
1278
1279 if (sp->tbf_out)
1280 {
1281 // Are we throttling this session?
1282 if (config->cluster_iam_master)
1283 tbf_queue_packet(sp->tbf_out, data, size);
1284 else
1285 master_throttle_packet(sp->tbf_out, data, size);
1286 return;
1287 }
1288 else if (sp->walled_garden && !config->cluster_iam_master)
1289 {
1290 // We are walled-gardening this
1291 master_garden_packet(s, data, size);
1292 return;
1293 }
1294
1295 LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
1296
1297 // Add on L2TP header
1298 {
1299 uint8_t *p = makeppp(b, sizeof(b), buf, len, s, t, PPPIPV6);
1300 if (!p) return;
1301 tunnelsend(b, len + (p-b), t); // send it...
1302 }
1303
1304 // Snooping this session, send it to intercept box
1305 if (sp->snoop_ip && sp->snoop_port)
1306 snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
1307
1308 increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
1309 sp->cout_delta += len;
1310 sp->pout++;
1311 udp_tx += len;
1312
1313 sess_local[s].cout += len; // To send to master..
1314 sess_local[s].pout++;
1315 }
1316
1317 //
1318 // Helper routine for the TBF filters.
1319 // Used to send queued data in to the user!
1320 //
1321 static void send_ipout(sessionidt s, uint8_t *buf, int len)
1322 {
1323 sessiont *sp;
1324 tunnelidt t;
1325 in_addr_t ip;
1326
1327 uint8_t b[MAXETHER + 20];
1328
1329 if (len < 0 || len > MAXETHER)
1330 {
1331 LOG(1, 0, 0, "Odd size IP packet: %d bytes\n", len);
1332 return;
1333 }
1334
1335 // Skip the tun header
1336 buf += 4;
1337 len -= 4;
1338
1339 ip = *(in_addr_t *)(buf + 16);
1340
1341 if (!session[s].ip)
1342 return;
1343
1344 t = session[s].tunnel;
1345 sp = &session[s];
1346
1347 LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
1348
1349 // Add on L2TP header
1350 {
1351 uint8_t *p = makeppp(b, sizeof(b), buf, len, s, t, PPPIP);
1352 if (!p) return;
1353 tunnelsend(b, len + (p-b), t); // send it...
1354 }
1355
1356 // Snooping this session.
1357 if (sp->snoop_ip && sp->snoop_port)
1358 snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
1359
1360 increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
1361 sp->cout_delta += len;
1362 sp->pout++;
1363 udp_tx += len;
1364
1365 sess_local[s].cout += len; // To send to master..
1366 sess_local[s].pout++;
1367 }
1368
1369 // add an AVP (16 bit)
1370 static void control16(controlt * c, uint16_t avp, uint16_t val, uint8_t m)
1371 {
1372 uint16_t l = (m ? 0x8008 : 0x0008);
1373 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1374 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1375 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1376 *(uint16_t *) (c->buf + c->length + 6) = htons(val);
1377 c->length += 8;
1378 }
1379
1380 // add an AVP (32 bit)
1381 static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m)
1382 {
1383 uint16_t l = (m ? 0x800A : 0x000A);
1384 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1385 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1386 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1387 *(uint32_t *) (c->buf + c->length + 6) = htonl(val);
1388 c->length += 10;
1389 }
1390
1391 // add an AVP (string)
1392 static void controls(controlt * c, uint16_t avp, char *val, uint8_t m)
1393 {
1394 uint16_t l = ((m ? 0x8000 : 0) + strlen(val) + 6);
1395 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1396 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1397 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1398 memcpy(c->buf + c->length + 6, val, strlen(val));
1399 c->length += 6 + strlen(val);
1400 }
1401
1402 // add a binary AVP
1403 static void controlb(controlt * c, uint16_t avp, uint8_t *val, unsigned int len, uint8_t m)
1404 {
1405 uint16_t l = ((m ? 0x8000 : 0) + len + 6);
1406 *(uint16_t *) (c->buf + c->length + 0) = htons(l);
1407 *(uint16_t *) (c->buf + c->length + 2) = htons(0);
1408 *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
1409 memcpy(c->buf + c->length + 6, val, len);
1410 c->length += 6 + len;
1411 }
1412
1413 // new control connection
1414 static controlt *controlnew(uint16_t mtype)
1415 {
1416 controlt *c;
1417 if (!controlfree)
1418 c = malloc(sizeof(controlt));
1419 else
1420 {
1421 c = controlfree;
1422 controlfree = c->next;
1423 }
1424 assert(c);
1425 c->next = 0;
1426 *(uint16_t *) (c->buf + 0) = htons(0xC802); // flags/ver
1427 c->length = 12;
1428 control16(c, 0, mtype, 1);
1429 return c;
1430 }
1431
1432 // send zero block if nothing is waiting
1433 // (ZLB send).
1434 static void controlnull(tunnelidt t)
1435 {
1436 uint8_t buf[12];
1437 if (tunnel[t].controlc) // Messages queued; They will carry the ack.
1438 return;
1439
1440 *(uint16_t *) (buf + 0) = htons(0xC802); // flags/ver
1441 *(uint16_t *) (buf + 2) = htons(12); // length
1442 *(uint16_t *) (buf + 4) = htons(tunnel[t].far); // tunnel
1443 *(uint16_t *) (buf + 6) = htons(0); // session
1444 *(uint16_t *) (buf + 8) = htons(tunnel[t].ns); // sequence
1445 *(uint16_t *) (buf + 10) = htons(tunnel[t].nr); // sequence
1446 tunnelsend(buf, 12, t);
1447 }
1448
1449 // add a control message to a tunnel, and send if within window
1450 static void controladd(controlt *c, sessionidt far, tunnelidt t)
1451 {
1452 *(uint16_t *) (c->buf + 2) = htons(c->length); // length
1453 *(uint16_t *) (c->buf + 4) = htons(tunnel[t].far); // tunnel
1454 *(uint16_t *) (c->buf + 6) = htons(far); // session
1455 *(uint16_t *) (c->buf + 8) = htons(tunnel[t].ns); // sequence
1456 tunnel[t].ns++; // advance sequence
1457 // link in message in to queue
1458 if (tunnel[t].controlc)
1459 tunnel[t].controle->next = c;
1460 else
1461 tunnel[t].controls = c;
1462
1463 tunnel[t].controle = c;
1464 tunnel[t].controlc++;
1465
1466 // send now if space in window
1467 if (tunnel[t].controlc <= tunnel[t].window)
1468 {
1469 tunnel[t].try = 0; // first send
1470 tunnelsend(c->buf, c->length, t);
1471 }
1472 }
1473
1474 //
1475 // Throttle or Unthrottle a session
1476 //
1477 // Throttle the data from/to through a session to no more than
1478 // 'rate_in' kbit/sec in (from user) or 'rate_out' kbit/sec out (to
1479 // user).
1480 //
1481 // If either value is -1, the current value is retained for that
1482 // direction.
1483 //
1484 void throttle_session(sessionidt s, int rate_in, int rate_out)
1485 {
1486 if (!session[s].opened)
1487 return; // No-one home.
1488
1489 if (!*session[s].user)
1490 return; // User not logged in
1491
1492 if (rate_in >= 0)
1493 {
1494 int bytes = rate_in * 1024 / 8; // kbits to bytes
1495 if (session[s].tbf_in)
1496 free_tbf(session[s].tbf_in);
1497
1498 if (rate_in > 0)
1499 session[s].tbf_in = new_tbf(s, bytes * 2, bytes, send_ipin);
1500 else
1501 session[s].tbf_in = 0;
1502
1503 session[s].throttle_in = rate_in;
1504 }
1505
1506 if (rate_out >= 0)
1507 {
1508 int bytes = rate_out * 1024 / 8;
1509 if (session[s].tbf_out)
1510 free_tbf(session[s].tbf_out);
1511
1512 if (rate_out > 0)
1513 session[s].tbf_out = new_tbf(s, bytes * 2, bytes, send_ipout);
1514 else
1515 session[s].tbf_out = 0;
1516
1517 session[s].throttle_out = rate_out;
1518 }
1519 }
1520
1521 // add/remove filters from session (-1 = no change)
1522 void filter_session(sessionidt s, int filter_in, int filter_out)
1523 {
1524 if (!session[s].opened)
1525 return; // No-one home.
1526
1527 if (!*session[s].user)
1528 return; // User not logged in
1529
1530 // paranoia
1531 if (filter_in > MAXFILTER) filter_in = -1;
1532 if (filter_out > MAXFILTER) filter_out = -1;
1533 if (session[s].filter_in > MAXFILTER) session[s].filter_in = 0;
1534 if (session[s].filter_out > MAXFILTER) session[s].filter_out = 0;
1535
1536 if (filter_in >= 0)
1537 {
1538 if (session[s].filter_in)
1539 ip_filters[session[s].filter_in - 1].used--;
1540
1541 if (filter_in > 0)
1542 ip_filters[filter_in - 1].used++;
1543
1544 session[s].filter_in = filter_in;
1545 }
1546
1547 if (filter_out >= 0)
1548 {
1549 if (session[s].filter_out)
1550 ip_filters[session[s].filter_out - 1].used--;
1551
1552 if (filter_out > 0)
1553 ip_filters[filter_out - 1].used++;
1554
1555 session[s].filter_out = filter_out;
1556 }
1557 }
1558
1559 // start tidy shutdown of session
1560 void sessionshutdown(sessionidt s, char *reason, int result, int error)
1561 {
1562 int walled_garden = session[s].walled_garden;
1563
1564
1565 CSTAT(sessionshutdown);
1566
1567 if (!session[s].opened)
1568 {
1569 LOG(3, s, session[s].tunnel, "Called sessionshutdown on an unopened session.\n");
1570 return; // not a live session
1571 }
1572
1573 if (!session[s].die)
1574 {
1575 struct param_kill_session data = { &tunnel[session[s].tunnel], &session[s] };
1576 LOG(2, s, session[s].tunnel, "Shutting down session %d: %s\n", s, reason);
1577 run_plugins(PLUGIN_KILL_SESSION, &data);
1578 }
1579
1580 if (session[s].ip && !walled_garden && !session[s].die)
1581 {
1582 // RADIUS Stop message
1583 uint16_t r = radiusnew(s);
1584 if (r)
1585 {
1586 // stop, if not already trying
1587 if (radius[r].state != RADIUSSTOP)
1588 radiussend(r, RADIUSSTOP);
1589 }
1590 else
1591 LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Stop message\n");
1592
1593 // Save counters to dump to accounting file
1594 if (*config->accounting_dir && shut_acct_n < sizeof(shut_acct) / sizeof(*shut_acct))
1595 memcpy(&shut_acct[shut_acct_n++], &session[s], sizeof(session[s]));
1596 }
1597
1598 if (session[s].ip)
1599 { // IP allocated, clear and unroute
1600 int r;
1601 int routed = 0;
1602 for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
1603 {
1604 if ((session[s].ip & session[s].route[r].mask) ==
1605 (session[s].route[r].ip & session[s].route[r].mask))
1606 routed++;
1607
1608 routeset(s, session[s].route[r].ip, session[s].route[r].mask, 0, 0);
1609 session[s].route[r].ip = 0;
1610 }
1611
1612 if (session[s].ip_pool_index == -1) // static ip
1613 {
1614 if (!routed) routeset(s, session[s].ip, 0, 0, 0);
1615 session[s].ip = 0;
1616 }
1617 else
1618 free_ip_address(s);
1619
1620 // unroute IPv6, if setup
1621 if (session[s].ppp.ipv6cp == Opened && session[s].ipv6prefixlen)
1622 route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 0);
1623 }
1624
1625 if (session[s].throttle_in || session[s].throttle_out) // Unthrottle if throttled.
1626 throttle_session(s, 0, 0);
1627
1628 if (result)
1629 { // Send CDN
1630 controlt *c = controlnew(14); // sending CDN
1631 if (error)
1632 {
1633 uint8_t buf[4];
1634 *(uint16_t *) buf = htons(result);
1635 *(uint16_t *) (buf+2) = htons(error);
1636 controlb(c, 1, buf, 4, 1);
1637 }
1638 else
1639 control16(c, 1, result, 1);
1640
1641 control16(c, 14, s, 1); // assigned session (our end)
1642 controladd(c, session[s].far, session[s].tunnel); // send the message
1643 }
1644
1645 if (!session[s].die)
1646 session[s].die = TIME + 150; // Clean up in 15 seconds
1647
1648 // update filter refcounts
1649 if (session[s].filter_in) ip_filters[session[s].filter_in - 1].used--;
1650 if (session[s].filter_out) ip_filters[session[s].filter_out - 1].used--;
1651
1652 // clear PPP state
1653 memset(&session[s].ppp, 0, sizeof(session[s].ppp));
1654 sess_local[s].lcp.restart = 0;
1655 sess_local[s].ipcp.restart = 0;
1656 sess_local[s].ipv6cp.restart = 0;
1657 sess_local[s].ccp.restart = 0;
1658
1659 cluster_send_session(s);
1660 }
1661
1662 void sendipcp(sessionidt s, tunnelidt t)
1663 {
1664 uint8_t buf[MAXETHER];
1665 uint8_t *q;
1666
1667 CSTAT(sendipcp);
1668 LOG(3, s, t, "IPCP: send ConfigReq\n");
1669
1670 if (!session[s].unique_id)
1671 {
1672 if (!++last_id) ++last_id; // skip zero
1673 session[s].unique_id = last_id;
1674 }
1675
1676 q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPIPCP);
1677 if (!q) return;
1678
1679 *q = ConfigReq;
1680 q[1] = session[s].unique_id & 0xf; // ID, dont care, we only send one type of request
1681 *(uint16_t *) (q + 2) = htons(10); // packet length
1682 q[4] = 3; // ip address option
1683 q[5] = 6; // option length
1684 *(in_addr_t *) (q + 6) = config->peer_address ? config->peer_address :
1685 config->bind_address ? config->bind_address :
1686 my_address; // send my IP
1687
1688 tunnelsend(buf, 10 + (q - buf), t); // send it
1689 restart_timer(s, ipcp);
1690 }
1691
1692 void sendipv6cp(sessionidt s, tunnelidt t)
1693 {
1694 uint8_t buf[MAXETHER];
1695 uint8_t *q;
1696
1697 CSTAT(sendipv6cp);
1698 LOG(3, s, t, "IPV6CP: send ConfigReq\n");
1699
1700 q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPIPV6CP);
1701 if (!q) return;
1702
1703 *q = ConfigReq;
1704 q[1] = session[s].unique_id & 0xf; // ID, don't care, we
1705 // only send one type
1706 // of request
1707 *(uint16_t *) (q + 2) = htons(14);
1708 q[4] = 1; // interface identifier option
1709 q[5] = 10; // option length
1710 *(uint32_t *) (q + 6) = 0; // We'll be prefix::1
1711 *(uint32_t *) (q + 10) = 0;
1712 q[13] = 1;
1713
1714 tunnelsend(buf, 14 + (q - buf), t); // send it
1715 restart_timer(s, ipv6cp);
1716 }
1717
1718 static void sessionclear(sessionidt s)
1719 {
1720 memset(&session[s], 0, sizeof(session[s]));
1721 memset(&sess_local[s], 0, sizeof(sess_local[s]));
1722 memset(&cli_session_actions[s], 0, sizeof(cli_session_actions[s]));
1723
1724 session[s].tunnel = T_FREE; // Mark it as free.
1725 session[s].next = sessionfree;
1726 sessionfree = s;
1727 }
1728
1729 // kill a session now
1730 void sessionkill(sessionidt s, char *reason)
1731 {
1732
1733 CSTAT(sessionkill);
1734
1735 if (!session[s].opened) // not alive
1736 return;
1737
1738 if (session[s].next)
1739 {
1740 LOG(0, s, session[s].tunnel, "Tried to kill a session with next pointer set (%d)\n", session[s].next);
1741 return;
1742 }
1743
1744 session[s].die = TIME;
1745 sessionshutdown(s, reason, 3, 0); // close radius/routes, etc.
1746 if (sess_local[s].radius)
1747 radiusclear(sess_local[s].radius, s); // cant send clean accounting data, session is killed
1748
1749 LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason);
1750 sessionclear(s);
1751 cluster_send_session(s);
1752 }
1753
1754 static void tunnelclear(tunnelidt t)
1755 {
1756 if (!t) return;
1757 memset(&tunnel[t], 0, sizeof(tunnel[t]));
1758 tunnel[t].state = TUNNELFREE;
1759 }
1760
1761 // kill a tunnel now
1762 static void tunnelkill(tunnelidt t, char *reason)
1763 {
1764 sessionidt s;
1765 controlt *c;
1766
1767 CSTAT(tunnelkill);
1768
1769 tunnel[t].state = TUNNELDIE;
1770
1771 // free control messages
1772 while ((c = tunnel[t].controls))
1773 {
1774 controlt * n = c->next;
1775 tunnel[t].controls = n;
1776 tunnel[t].controlc--;
1777 c->next = controlfree;
1778 controlfree = c;
1779 }
1780 // kill sessions
1781 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
1782 if (session[s].tunnel == t)
1783 sessionkill(s, reason);
1784
1785 // free tunnel
1786 tunnelclear(t);
1787 LOG(1, 0, t, "Kill tunnel %d: %s\n", t, reason);
1788 cli_tunnel_actions[t].action = 0;
1789 cluster_send_tunnel(t);
1790 }
1791
1792 // shut down a tunnel cleanly
1793 static void tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg)
1794 {
1795 sessionidt s;
1796
1797 CSTAT(tunnelshutdown);
1798
1799 if (!tunnel[t].last || !tunnel[t].far || tunnel[t].state == TUNNELFREE)
1800 {
1801 // never set up, can immediately kill
1802 tunnelkill(t, reason);
1803 return;
1804 }
1805 LOG(1, 0, t, "Shutting down tunnel %d (%s)\n", t, reason);
1806
1807 // close session
1808 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
1809 if (session[s].tunnel == t)
1810 sessionshutdown(s, reason, 0, 0);
1811
1812 tunnel[t].state = TUNNELDIE;
1813 tunnel[t].die = TIME + 700; // Clean up in 70 seconds
1814 cluster_send_tunnel(t);
1815 // TBA - should we wait for sessions to stop?
1816 if (result)
1817 {
1818 controlt *c = controlnew(4); // sending StopCCN
1819 if (error)
1820 {
1821 uint8_t buf[64];
1822 int l = 4;
1823 *(uint16_t *) buf = htons(result);
1824 *(uint16_t *) (buf+2) = htons(error);
1825 if (msg)
1826 {
1827 int m = strlen(msg);
1828 if (m + 4 > sizeof(buf))
1829 m = sizeof(buf) - 4;
1830
1831 memcpy(buf+4, msg, m);
1832 l += m;
1833 }
1834
1835 controlb(c, 1, buf, l, 1);
1836 }
1837 else
1838 control16(c, 1, result, 1);
1839
1840 control16(c, 9, t, 1); // assigned tunnel (our end)
1841 controladd(c, 0, t); // send the message
1842 }
1843 }
1844
1845 // read and process packet on tunnel (UDP)
1846 void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
1847 {
1848 uint8_t *chapresponse = NULL;
1849 uint16_t l = len, t = 0, s = 0, ns = 0, nr = 0;
1850 uint8_t *p = buf + 2;
1851
1852
1853 CSTAT(processudp);
1854
1855 udp_rx += len;
1856 udp_rx_pkt++;
1857 LOG_HEX(5, "UDP Data", buf, len);
1858 STAT(tunnel_rx_packets);
1859 INC_STAT(tunnel_rx_bytes, len);
1860 if (len < 6)
1861 {
1862 LOG(1, 0, 0, "Short UDP, %d bytes\n", len);
1863 STAT(tunnel_rx_errors);
1864 return;
1865 }
1866 if ((buf[1] & 0x0F) != 2)
1867 {
1868 LOG(1, 0, 0, "Bad L2TP ver %d\n", (buf[1] & 0x0F) != 2);
1869 STAT(tunnel_rx_errors);
1870 return;
1871 }
1872 if (*buf & 0x40)
1873 { // length
1874 l = ntohs(*(uint16_t *) p);
1875 p += 2;
1876 }
1877 t = ntohs(*(uint16_t *) p);
1878 p += 2;
1879 s = ntohs(*(uint16_t *) p);
1880 p += 2;
1881 if (s >= MAXSESSION)
1882 {
1883 LOG(1, s, t, "Received UDP packet with invalid session ID\n");
1884 STAT(tunnel_rx_errors);
1885 return;
1886 }
1887 if (t >= MAXTUNNEL)
1888 {
1889 LOG(1, s, t, "Received UDP packet with invalid tunnel ID\n");
1890 STAT(tunnel_rx_errors);
1891 return;
1892 }
1893 if (*buf & 0x08)
1894 { // ns/nr
1895 ns = ntohs(*(uint16_t *) p);
1896 p += 2;
1897 nr = ntohs(*(uint16_t *) p);
1898 p += 2;
1899 }
1900 if (*buf & 0x02)
1901 { // offset
1902 uint16_t o = ntohs(*(uint16_t *) p);
1903 p += o + 2;
1904 }
1905 if ((p - buf) > l)
1906 {
1907 LOG(1, s, t, "Bad length %d>%d\n", (int) (p - buf), l);
1908 STAT(tunnel_rx_errors);
1909 return;
1910 }
1911 l -= (p - buf);
1912
1913 // used to time out old tunnels
1914 if (t && tunnel[t].state == TUNNELOPEN)
1915 tunnel[t].lastrec = time_now;
1916
1917 if (*buf & 0x80)
1918 { // control
1919 uint16_t message = 0xFFFF; // message type
1920 uint8_t fatal = 0;
1921 uint8_t mandatory = 0;
1922 uint16_t asession = 0; // assigned session
1923 uint32_t amagic = 0; // magic number
1924 uint8_t aflags = 0; // flags from last LCF
1925 uint16_t version = 0x0100; // protocol version (we handle 0.0 as well and send that back just in case)
1926 char called[MAXTEL] = ""; // called number
1927 char calling[MAXTEL] = ""; // calling number
1928
1929 if (!config->cluster_iam_master)
1930 {
1931 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
1932 return;
1933 }
1934
1935 // control messages must have bits 0x80|0x40|0x08
1936 // (type, length and sequence) set, and bits 0x02|0x01
1937 // (offset and priority) clear
1938 if ((*buf & 0xCB) != 0xC8)
1939 {
1940 LOG(1, s, t, "Bad control header %02X\n", *buf);
1941 STAT(tunnel_rx_errors);
1942 return;
1943 }
1944
1945 // check for duplicate tunnel open message
1946 if (!t && ns == 0)
1947 {
1948 int i;
1949
1950 //
1951 // Is this a duplicate of the first packet? (SCCRQ)
1952 //
1953 for (i = 1; i <= config->cluster_highest_tunnelid ; ++i)
1954 {
1955 if (tunnel[i].state != TUNNELOPENING ||
1956 tunnel[i].ip != ntohl(*(in_addr_t *) & addr->sin_addr) ||
1957 tunnel[i].port != ntohs(addr->sin_port) )
1958 continue;
1959 t = i;
1960 LOG(3, s, t, "Duplicate SCCRQ?\n");
1961 break;
1962 }
1963 }
1964
1965 LOG(3, s, t, "Control message (%d bytes): (unacked %d) l-ns %d l-nr %d r-ns %d r-nr %d\n",
1966 l, tunnel[t].controlc, tunnel[t].ns, tunnel[t].nr, ns, nr);
1967
1968 // if no tunnel specified, assign one
1969 if (!t)
1970 {
1971 if (!(t = new_tunnel()))
1972 {
1973 LOG(1, 0, 0, "No more tunnels\n");
1974 STAT(tunnel_overflow);
1975 return;
1976 }
1977 tunnelclear(t);
1978 tunnel[t].ip = ntohl(*(in_addr_t *) & addr->sin_addr);
1979 tunnel[t].port = ntohs(addr->sin_port);
1980 tunnel[t].window = 4; // default window
1981 STAT(tunnel_created);
1982 LOG(1, 0, t, " New tunnel from %s:%u ID %d\n",
1983 fmtaddr(htonl(tunnel[t].ip), 0), tunnel[t].port, t);
1984 }
1985
1986 // If the 'ns' just received is not the 'nr' we're
1987 // expecting, just send an ack and drop it.
1988 //
1989 // if 'ns' is less, then we got a retransmitted packet.
1990 // if 'ns' is greater than missed a packet. Either way
1991 // we should ignore it.
1992 if (ns != tunnel[t].nr)
1993 {
1994 // is this the sequence we were expecting?
1995 STAT(tunnel_rx_errors);
1996 LOG(1, 0, t, " Out of sequence tunnel %d, (%d is not the expected %d)\n",
1997 t, ns, tunnel[t].nr);
1998
1999 if (l) // Is this not a ZLB?
2000 controlnull(t);
2001 return;
2002 }
2003
2004 // check sequence of this message
2005 {
2006 int skip = tunnel[t].window; // track how many in-window packets are still in queue
2007 // some to clear maybe?
2008 while (tunnel[t].controlc > 0 && (((tunnel[t].ns - tunnel[t].controlc) - nr) & 0x8000))
2009 {
2010 controlt *c = tunnel[t].controls;
2011 tunnel[t].controls = c->next;
2012 tunnel[t].controlc--;
2013 c->next = controlfree;
2014 controlfree = c;
2015 skip--;
2016 tunnel[t].try = 0; // we have progress
2017 }
2018
2019 // receiver advance (do here so quoted correctly in any sends below)
2020 if (l) tunnel[t].nr = (ns + 1);
2021 if (skip < 0) skip = 0;
2022 if (skip < tunnel[t].controlc)
2023 {
2024 // some control packets can now be sent that were previous stuck out of window
2025 int tosend = tunnel[t].window - skip;
2026 controlt *c = tunnel[t].controls;
2027 while (c && skip)
2028 {
2029 c = c->next;
2030 skip--;
2031 }
2032 while (c && tosend)
2033 {
2034 tunnel[t].try = 0; // first send
2035 tunnelsend(c->buf, c->length, t);
2036 c = c->next;
2037 tosend--;
2038 }
2039 }
2040 if (!tunnel[t].controlc)
2041 tunnel[t].retry = 0; // caught up
2042 }
2043 if (l)
2044 { // if not a null message
2045 int result = 0;
2046 int error = 0;
2047 char *msg = 0;
2048
2049 // process AVPs
2050 while (l && !(fatal & 0x80)) // 0x80 = mandatory AVP
2051 {
2052 uint16_t n = (ntohs(*(uint16_t *) p) & 0x3FF);
2053 uint8_t *b = p;
2054 uint8_t flags = *p;
2055 uint16_t mtype;
2056 if (n > l)
2057 {
2058 LOG(1, s, t, "Invalid length in AVP\n");
2059 STAT(tunnel_rx_errors);
2060 return;
2061 }
2062 p += n; // next
2063 l -= n;
2064 if (flags & 0x3C) // reserved bits, should be clear
2065 {
2066 LOG(1, s, t, "Unrecognised AVP flags %02X\n", *b);
2067 fatal = flags;
2068 result = 2; // general error
2069 error = 3; // reserved field non-zero
2070 msg = 0;
2071 continue; // next
2072 }
2073 b += 2;
2074 if (*(uint16_t *) (b))
2075 {
2076 LOG(2, s, t, "Unknown AVP vendor %d\n", ntohs(*(uint16_t *) (b)));
2077 fatal = flags;
2078 result = 2; // general error
2079 error = 6; // generic vendor-specific error
2080 msg = "unsupported vendor-specific";
2081 continue; // next
2082 }
2083 b += 2;
2084 mtype = ntohs(*(uint16_t *) (b));
2085 b += 2;
2086 n -= 6;
2087
2088 if (flags & 0x40)
2089 {
2090 uint16_t orig_len;
2091
2092 // handle hidden AVPs
2093 if (!*config->l2tp_secret)
2094 {
2095 LOG(1, s, t, "Hidden AVP requested, but no L2TP secret.\n");
2096 fatal = flags;
2097 result = 2; // general error
2098 error = 6; // generic vendor-specific error
2099 msg = "secret not specified";
2100 continue;
2101 }
2102 if (!session[s].random_vector_length)
2103 {
2104 LOG(1, s, t, "Hidden AVP requested, but no random vector.\n");
2105 fatal = flags;
2106 result = 2; // general error
2107 error = 6; // generic
2108 msg = "no random vector";
2109 continue;
2110 }
2111 if (n < 8)
2112 {
2113 LOG(2, s, t, "Short hidden AVP.\n");
2114 fatal = flags;
2115 result = 2; // general error
2116 error = 2; // length is wrong
2117 msg = 0;
2118 continue;
2119 }
2120
2121 // Unhide the AVP
2122 unhide_value(b, n, mtype, session[s].random_vector, session[s].random_vector_length);
2123
2124 orig_len = ntohs(*(uint16_t *) b);
2125 if (orig_len > n + 2)
2126 {
2127 LOG(1, s, t, "Original length %d too long in hidden AVP of length %d; wrong secret?\n",
2128 orig_len, n);
2129
2130 fatal = flags;
2131 result = 2; // general error
2132 error = 2; // length is wrong
2133 msg = 0;
2134 continue;
2135 }
2136
2137 b += 2;
2138 n = orig_len;
2139 }
2140
2141 LOG(4, s, t, " AVP %d (%s) len %d%s%s\n", mtype, l2tp_avp_name(mtype), n,
2142 flags & 0x40 ? ", hidden" : "", flags & 0x80 ? ", mandatory" : "");
2143
2144 switch (mtype)
2145 {
2146 case 0: // message type
2147 message = ntohs(*(uint16_t *) b);
2148 mandatory = flags & 0x80;
2149 LOG(4, s, t, " Message type = %d (%s)\n", *b, l2tp_code(message));
2150 break;
2151 case 1: // result code
2152 {
2153 uint16_t rescode = ntohs(*(uint16_t *) b);
2154 const char* resdesc = "(unknown)";
2155 if (message == 4)
2156 { /* StopCCN */
2157 resdesc = l2tp_stopccn_result_code(rescode);
2158 }
2159 else if (message == 14)
2160 { /* CDN */
2161 resdesc = l2tp_cdn_result_code(rescode);
2162 }
2163
2164 LOG(4, s, t, " Result Code %d: %s\n", rescode, resdesc);
2165 if (n >= 4)
2166 {
2167 uint16_t errcode = ntohs(*(uint16_t *)(b + 2));
2168 LOG(4, s, t, " Error Code %d: %s\n", errcode, l2tp_error_code(errcode));
2169 }
2170 if (n > 4)
2171 LOG(4, s, t, " Error String: %.*s\n", n-4, b+4);
2172
2173 break;
2174 }
2175 break;
2176 case 2: // protocol version
2177 {
2178 version = ntohs(*(uint16_t *) (b));
2179 LOG(4, s, t, " Protocol version = %d\n", version);
2180 if (version && version != 0x0100)
2181 { // allow 0.0 and 1.0
2182 LOG(1, s, t, " Bad protocol version %04X\n", version);
2183 fatal = flags;
2184 result = 5; // unspported protocol version
2185 error = 0x0100; // supported version
2186 msg = 0;
2187 continue; // next
2188 }
2189 }
2190 break;
2191 case 3: // framing capabilities
2192 // LOG(4, s, t, "Framing capabilities\n");
2193 break;
2194 case 4: // bearer capabilities
2195 // LOG(4, s, t, "Bearer capabilities\n");
2196 break;
2197 case 5: // tie breaker
2198 // We never open tunnels, so we don't care about tie breakers
2199 // LOG(4, s, t, "Tie breaker\n");
2200 continue;
2201 case 6: // firmware revision
2202 // LOG(4, s, t, "Firmware revision\n");
2203 break;
2204 case 7: // host name
2205 memset(tunnel[t].hostname, 0, sizeof(tunnel[t].hostname));
2206 memcpy(tunnel[t].hostname, b, (n < sizeof(tunnel[t].hostname)) ? n : sizeof(tunnel[t].hostname) - 1);
2207 LOG(4, s, t, " Tunnel hostname = \"%s\"\n", tunnel[t].hostname);
2208 // TBA - to send to RADIUS
2209 break;
2210 case 8: // vendor name
2211 memset(tunnel[t].vendor, 0, sizeof(tunnel[t].vendor));
2212 memcpy(tunnel[t].vendor, b, (n < sizeof(tunnel[t].vendor)) ? n : sizeof(tunnel[t].vendor) - 1);
2213 LOG(4, s, t, " Vendor name = \"%s\"\n", tunnel[t].vendor);
2214 break;
2215 case 9: // assigned tunnel
2216 tunnel[t].far = ntohs(*(uint16_t *) (b));
2217 LOG(4, s, t, " Remote tunnel id = %d\n", tunnel[t].far);
2218 break;
2219 case 10: // rx window
2220 tunnel[t].window = ntohs(*(uint16_t *) (b));
2221 if (!tunnel[t].window)
2222 tunnel[t].window = 1; // window of 0 is silly
2223 LOG(4, s, t, " rx window = %d\n", tunnel[t].window);
2224 break;
2225 case 11: // Challenge
2226 {
2227 LOG(4, s, t, " LAC requested CHAP authentication for tunnel\n");
2228 build_chap_response(b, 2, n, &chapresponse);
2229 }
2230 break;
2231 case 13: // Response
2232 // Why did they send a response? We never challenge.
2233 LOG(2, s, t, " received unexpected challenge response\n");
2234 break;
2235
2236 case 14: // assigned session
2237 asession = session[s].far = ntohs(*(uint16_t *) (b));
2238 LOG(4, s, t, " assigned session = %d\n", asession);
2239 break;
2240 case 15: // call serial number
2241 LOG(4, s, t, " call serial number = %d\n", ntohl(*(uint32_t *)b));
2242 break;
2243 case 18: // bearer type
2244 LOG(4, s, t, " bearer type = %d\n", ntohl(*(uint32_t *)b));
2245 // TBA - for RADIUS
2246 break;
2247 case 19: // framing type
2248 LOG(4, s, t, " framing type = %d\n", ntohl(*(uint32_t *)b));
2249 // TBA
2250 break;
2251 case 21: // called number
2252 memset(called, 0, sizeof(called));
2253 memcpy(called, b, (n < sizeof(called)) ? n : sizeof(called) - 1);
2254 LOG(4, s, t, " Called <%s>\n", called);
2255 break;
2256 case 22: // calling number
2257 memset(calling, 0, sizeof(calling));
2258 memcpy(calling, b, (n < sizeof(calling)) ? n : sizeof(calling) - 1);
2259 LOG(4, s, t, " Calling <%s>\n", calling);
2260 break;
2261 case 23: // subtype
2262 break;
2263 case 24: // tx connect speed
2264 if (n == 4)
2265 {
2266 session[s].tx_connect_speed = ntohl(*(uint32_t *)b);
2267 }
2268 else
2269 {
2270 // AS5300s send connect speed as a string
2271 char tmp[30];
2272 memset(tmp, 0, sizeof(tmp));
2273 memcpy(tmp, b, (n < sizeof(tmp)) ? n : sizeof(tmp) - 1);
2274 session[s].tx_connect_speed = atol(tmp);
2275 }
2276 LOG(4, s, t, " TX connect speed <%u>\n", session[s].tx_connect_speed);
2277 break;
2278 case 38: // rx connect speed
2279 if (n == 4)
2280 {
2281 session[s].rx_connect_speed = ntohl(*(uint32_t *)b);
2282 }
2283 else
2284 {
2285 // AS5300s send connect speed as a string
2286 char tmp[30];
2287 memset(tmp, 0, sizeof(tmp));
2288 memcpy(tmp, b, (n < sizeof(tmp)) ? n : sizeof(tmp) - 1);
2289 session[s].rx_connect_speed = atol(tmp);
2290 }
2291 LOG(4, s, t, " RX connect speed <%u>\n", session[s].rx_connect_speed);
2292 break;
2293 case 25: // Physical Channel ID
2294 {
2295 uint32_t tmp = ntohl(*(uint32_t *) b);
2296 LOG(4, s, t, " Physical Channel ID <%X>\n", tmp);
2297 break;
2298 }
2299 case 29: // Proxy Authentication Type
2300 {
2301 uint16_t atype = ntohs(*(uint16_t *)b);
2302 LOG(4, s, t, " Proxy Auth Type %d (%s)\n", atype, ppp_auth_type(atype));
2303 break;
2304 }
2305 case 30: // Proxy Authentication Name
2306 {
2307 char authname[64];
2308 memset(authname, 0, sizeof(authname));
2309 memcpy(authname, b, (n < sizeof(authname)) ? n : sizeof(authname) - 1);
2310 LOG(4, s, t, " Proxy Auth Name (%s)\n",
2311 authname);
2312 break;
2313 }
2314 case 31: // Proxy Authentication Challenge
2315 {
2316 LOG(4, s, t, " Proxy Auth Challenge\n");
2317 break;
2318 }
2319 case 32: // Proxy Authentication ID
2320 {
2321 uint16_t authid = ntohs(*(uint16_t *)(b));
2322 LOG(4, s, t, " Proxy Auth ID (%d)\n", authid);
2323 break;
2324 }
2325 case 33: // Proxy Authentication Response
2326 LOG(4, s, t, " Proxy Auth Response\n");
2327 break;
2328 case 27: // last sent lcp
2329 { // find magic number
2330 uint8_t *p = b, *e = p + n;
2331 while (p + 1 < e && p[1] && p + p[1] <= e)
2332 {
2333 if (*p == 5 && p[1] == 6) // Magic-Number
2334 amagic = ntohl(*(uint32_t *) (p + 2));
2335 else if (*p == 7) // Protocol-Field-Compression
2336 aflags |= SESSION_PFC;
2337 else if (*p == 8) // Address-and-Control-Field-Compression
2338 aflags |= SESSION_ACFC;
2339 p += p[1];
2340 }
2341 }
2342 break;
2343 case 28: // last recv lcp confreq
2344 break;
2345 case 26: // Initial Received LCP CONFREQ
2346 break;
2347 case 39: // seq required - we control it as an LNS anyway...
2348 break;
2349 case 36: // Random Vector
2350 LOG(4, s, t, " Random Vector received. Enabled AVP Hiding.\n");
2351 memset(session[s].random_vector, 0, sizeof(session[s].random_vector));
2352 if (n > sizeof(session[s].random_vector))
2353 n = sizeof(session[s].random_vector);
2354 memcpy(session[s].random_vector, b, n);
2355 session[s].random_vector_length = n;
2356 break;
2357 default:
2358 {
2359 static char e[] = "unknown AVP 0xXXXX";
2360 LOG(2, s, t, " Unknown AVP type %d\n", mtype);
2361 fatal = flags;
2362 result = 2; // general error
2363 error = 8; // unknown mandatory AVP
2364 sprintf((msg = e) + 14, "%04x", mtype);
2365 continue; // next
2366 }
2367 }
2368 }
2369 // process message
2370 if (fatal & 0x80)
2371 tunnelshutdown(t, "Invalid mandatory AVP", result, error, msg);
2372 else
2373 switch (message)
2374 {
2375 case 1: // SCCRQ - Start Control Connection Request
2376 tunnel[t].state = TUNNELOPENING;
2377 if (main_quit != QUIT_SHUTDOWN)
2378 {
2379 controlt *c = controlnew(2); // sending SCCRP
2380 control16(c, 2, version, 1); // protocol version
2381 control32(c, 3, 3, 1); // framing
2382 controls(c, 7, hostname, 1); // host name
2383 if (chapresponse) controlb(c, 13, chapresponse, 16, 1); // Challenge response
2384 control16(c, 9, t, 1); // assigned tunnel
2385 controladd(c, 0, t); // send the resply
2386 }
2387 else
2388 {
2389 tunnelshutdown(t, "Shutting down", 6, 0, 0);
2390 }
2391 break;
2392 case 2: // SCCRP
2393 tunnel[t].state = TUNNELOPEN;
2394 break;
2395 case 3: // SCCN
2396 tunnel[t].state = TUNNELOPEN;
2397 controlnull(t); // ack
2398 break;
2399 case 4: // StopCCN
2400 controlnull(t); // ack
2401 tunnelshutdown(t, "Stopped", 0, 0, 0); // Shut down cleanly
2402 break;
2403 case 6: // HELLO
2404 controlnull(t); // simply ACK
2405 break;
2406 case 7: // OCRQ
2407 // TBA
2408 break;
2409 case 8: // OCRO
2410 // TBA
2411 break;
2412 case 9: // OCCN
2413 // TBA
2414 break;
2415 case 10: // ICRQ
2416 if (sessionfree && main_quit != QUIT_SHUTDOWN)
2417 {
2418 controlt *c = controlnew(11); // ICRP
2419
2420 s = sessionfree;
2421 sessionfree = session[s].next;
2422 memset(&session[s], 0, sizeof(session[s]));
2423
2424 if (s > config->cluster_highest_sessionid)
2425 config->cluster_highest_sessionid = s;
2426
2427 session[s].opened = time_now;
2428 session[s].tunnel = t;
2429 session[s].far = asession;
2430 session[s].last_packet = time_now;
2431 LOG(3, s, t, "New session (%d/%d)\n", tunnel[t].far, session[s].far);
2432 control16(c, 14, s, 1); // assigned session
2433 controladd(c, asession, t); // send the reply
2434
2435 strncpy(session[s].called, called, sizeof(session[s].called) - 1);
2436 strncpy(session[s].calling, calling, sizeof(session[s].calling) - 1);
2437
2438 session[s].ppp.phase = Establish;
2439 session[s].ppp.lcp = Starting;
2440
2441 STAT(session_created);
2442 break;
2443 }
2444
2445 {
2446 controlt *c = controlnew(14); // CDN
2447 if (!sessionfree)
2448 {
2449 STAT(session_overflow);
2450 LOG(1, 0, t, "No free sessions\n");
2451 control16(c, 1, 4, 0); // temporary lack of resources
2452 }
2453 else
2454 control16(c, 1, 2, 7); // shutting down, try another
2455
2456 controladd(c, asession, t); // send the message
2457 }
2458 return;
2459 case 11: // ICRP
2460 // TBA
2461 break;
2462 case 12: // ICCN
2463 if (amagic == 0) amagic = time_now;
2464 session[s].magic = amagic; // set magic number
2465 session[s].flags = aflags; // set flags received
2466 session[s].mru = PPPMTU; // default
2467 controlnull(t); // ack
2468
2469 // start LCP
2470 sess_local[s].lcp_authtype = config->radius_authprefer;
2471 sess_local[s].ppp_mru = MRU;
2472 sendlcp(s, t);
2473 change_state(s, lcp, RequestSent);
2474 break;
2475
2476 case 14: // CDN
2477 controlnull(t); // ack
2478 sessionshutdown(s, "Closed (Received CDN).", 0, 0);
2479 break;
2480 case 0xFFFF:
2481 LOG(1, s, t, "Missing message type\n");
2482 break;
2483 default:
2484 STAT(tunnel_rx_errors);
2485 if (mandatory)
2486 tunnelshutdown(t, "Unknown message type", 2, 6, "unknown message type");
2487 else
2488 LOG(1, s, t, "Unknown message type %d\n", message);
2489 break;
2490 }
2491 if (chapresponse) free(chapresponse);
2492 cluster_send_tunnel(t);
2493 }
2494 else
2495 {
2496 LOG(4, s, t, " Got a ZLB ack\n");
2497 }
2498 }
2499 else
2500 { // data
2501 uint16_t proto;
2502
2503 LOG_HEX(5, "Receive Tunnel Data", p, l);
2504 if (l > 2 && p[0] == 0xFF && p[1] == 0x03)
2505 { // HDLC address header, discard
2506 p += 2;
2507 l -= 2;
2508 }
2509 if (l < 2)
2510 {
2511 LOG(1, s, t, "Short ppp length %d\n", l);
2512 STAT(tunnel_rx_errors);
2513 return;
2514 }
2515 if (*p & 1)
2516 {
2517 proto = *p++;
2518 l--;
2519 }
2520 else
2521 {
2522 proto = ntohs(*(uint16_t *) p);
2523 p += 2;
2524 l -= 2;
2525 }
2526
2527 if (s && !session[s].opened) // Is something wrong??
2528 {
2529 if (!config->cluster_iam_master)
2530 {
2531 // Pass it off to the master to deal with..
2532 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
2533 return;
2534 }
2535
2536
2537 LOG(1, s, t, "UDP packet contains session which is not opened. Dropping packet.\n");
2538 STAT(tunnel_rx_errors);
2539 return;
2540 }
2541
2542 if (proto == PPPPAP)
2543 {
2544 session[s].last_packet = time_now;
2545 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2546 processpap(s, t, p, l);
2547 }
2548 else if (proto == PPPCHAP)
2549 {
2550 session[s].last_packet = time_now;
2551 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2552 processchap(s, t, p, l);
2553 }
2554 else if (proto == PPPLCP)
2555 {
2556 session[s].last_packet = time_now;
2557 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2558 processlcp(s, t, p, l);
2559 }
2560 else if (proto == PPPIPCP)
2561 {
2562 session[s].last_packet = time_now;
2563 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2564 processipcp(s, t, p, l);
2565 }
2566 else if (proto == PPPIPV6CP && config->ipv6_prefix.s6_addr[0])
2567 {
2568 session[s].last_packet = time_now;
2569 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2570 processipv6cp(s, t, p, l);
2571 }
2572 else if (proto == PPPCCP)
2573 {
2574 session[s].last_packet = time_now;
2575 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2576 processccp(s, t, p, l);
2577 }
2578 else if (proto == PPPIP)
2579 {
2580 if (session[s].die)
2581 {
2582 LOG(4, s, t, "Session %d is closing. Don't process PPP packets\n", s);
2583 return; // closing session, PPP not processed
2584 }
2585
2586 session[s].last_packet = time_now;
2587 if (session[s].walled_garden && !config->cluster_iam_master)
2588 {
2589 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
2590 return;
2591 }
2592
2593 processipin(s, t, p, l);
2594 }
2595 else if (proto == PPPIPV6 && config->ipv6_prefix.s6_addr[0])
2596 {
2597 if (session[s].die)
2598 {
2599 LOG(4, s, t, "Session %d is closing. Don't process PPP packets\n", s);
2600 return; // closing session, PPP not processed
2601 }
2602
2603 session[s].last_packet = time_now;
2604 if (session[s].walled_garden && !config->cluster_iam_master)
2605 {
2606 master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
2607 return;
2608 }
2609
2610 processipv6in(s, t, p, l);
2611 }
2612 else if (session[s].ppp.lcp == Opened)
2613 {
2614 session[s].last_packet = time_now;
2615 if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
2616 protoreject(s, t, p, l, proto);
2617 }
2618 else
2619 {
2620 LOG(2, s, t, "Unknown PPP protocol 0x%04X received in LCP %s state\n",
2621 proto, ppp_state(session[s].ppp.lcp));
2622 }
2623 }
2624 }
2625
2626 // read and process packet on tun
2627 static void processtun(uint8_t * buf, int len)
2628 {
2629 LOG_HEX(5, "Receive TUN Data", buf, len);
2630 STAT(tun_rx_packets);
2631 INC_STAT(tun_rx_bytes, len);
2632
2633 CSTAT(processtun);
2634
2635 eth_rx_pkt++;
2636 eth_rx += len;
2637 if (len < 22)
2638 {
2639 LOG(1, 0, 0, "Short tun packet %d bytes\n", len);
2640 STAT(tun_rx_errors);
2641 return;
2642 }
2643
2644 if (*(uint16_t *) (buf + 2) == htons(PKTIP)) // IPv4
2645 processipout(buf, len);
2646 else if (*(uint16_t *) (buf + 2) == htons(PKTIPV6) // IPV6
2647 && config->ipv6_prefix.s6_addr[0])
2648 processipv6out(buf, len);
2649
2650 // Else discard.
2651 }
2652
2653 // Handle retries, timeouts. Runs every 1/10th sec, want to ensure
2654 // that we look at the whole of the tunnel, radius and session tables
2655 // every second
2656 static void regular_cleanups(double period)
2657 {
2658 // Next tunnel, radius and session to check for actions on.
2659 static tunnelidt t = 0;
2660 static int r = 0;
2661 static sessionidt s = 0;
2662
2663 int t_actions = 0;
2664 int r_actions = 0;
2665 int s_actions = 0;
2666
2667 int t_slice;
2668 int r_slice;
2669 int s_slice;
2670
2671 int i;
2672 int a;
2673
2674 // divide up tables into slices based on the last run
2675 t_slice = config->cluster_highest_tunnelid * period;
2676 r_slice = (MAXRADIUS - 1) * period;
2677 s_slice = config->cluster_highest_sessionid * period;
2678
2679 if (t_slice < 1)
2680 t_slice = 1;
2681 else if (t_slice > config->cluster_highest_tunnelid)
2682 t_slice = config->cluster_highest_tunnelid;
2683
2684 if (r_slice < 1)
2685 r_slice = 1;
2686 else if (r_slice > (MAXRADIUS - 1))
2687 r_slice = MAXRADIUS - 1;
2688
2689 if (s_slice < 1)
2690 s_slice = 1;
2691 else if (s_slice > config->cluster_highest_sessionid)
2692 s_slice = config->cluster_highest_sessionid;
2693
2694 LOG(4, 0, 0, "Begin regular cleanup (last %f seconds ago)\n", period);
2695
2696 for (i = 0; i < t_slice; i++)
2697 {
2698 t++;
2699 if (t > config->cluster_highest_tunnelid)
2700 t = 1;
2701
2702 // check for expired tunnels
2703 if (tunnel[t].die && tunnel[t].die <= TIME)
2704 {
2705 STAT(tunnel_timeout);
2706 tunnelkill(t, "Expired");
2707 t_actions++;
2708 continue;
2709 }
2710 // check for message resend
2711 if (tunnel[t].retry && tunnel[t].controlc)
2712 {
2713 // resend pending messages as timeout on reply
2714 if (tunnel[t].retry <= TIME)
2715 {
2716 controlt *c = tunnel[t].controls;
2717 uint8_t w = tunnel[t].window;
2718 tunnel[t].try++; // another try
2719 if (tunnel[t].try > 5)
2720 tunnelkill(t, "Timeout on control message"); // game over
2721 else
2722 while (c && w--)
2723 {
2724 tunnelsend(c->buf, c->length, t);
2725 c = c->next;
2726 }
2727
2728 t_actions++;
2729 }
2730 }
2731 // Send hello
2732 if (tunnel[t].state == TUNNELOPEN && !tunnel[t].controlc && (time_now - tunnel[t].lastrec) > 60)
2733 {
2734 controlt *c = controlnew(6); // sending HELLO
2735 controladd(c, 0, t); // send the message
2736 LOG(3, 0, t, "Sending HELLO message\n");
2737 t_actions++;
2738 }
2739
2740 // Check for tunnel changes requested from the CLI
2741 if ((a = cli_tunnel_actions[t].action))
2742 {
2743 cli_tunnel_actions[t].action = 0;
2744 if (a & CLI_TUN_KILL)
2745 {
2746 LOG(2, 0, t, "Dropping tunnel by CLI\n");
2747 tunnelshutdown(t, "Requested by administrator", 1, 0, 0);
2748 t_actions++;
2749 }
2750 }
2751 }
2752
2753 for (i = 0; i < r_slice; i++)
2754 {
2755 r++;
2756 if (r >= MAXRADIUS)
2757 r = 1;
2758
2759 if (!radius[r].state)
2760 continue;
2761
2762 if (radius[r].retry <= TIME)
2763 {
2764 radiusretry(r);
2765 r_actions++;
2766 }
2767 }
2768
2769 for (i = 0; i < s_slice; i++)
2770 {
2771 s++;
2772 if (s > config->cluster_highest_sessionid)
2773 s = 1;
2774
2775 if (!session[s].opened) // Session isn't in use
2776 continue;
2777
2778 // check for expired sessions
2779 if (session[s].die)
2780 {
2781 if (session[s].die <= TIME)
2782 {
2783 sessionkill(s, "Expired");
2784 s_actions++;
2785 }
2786 continue;
2787 }
2788
2789 // PPP timeouts
2790 if (sess_local[s].lcp.restart <= time_now)
2791 {
2792 int next_state = session[s].ppp.lcp;
2793 switch (session[s].ppp.lcp)
2794 {
2795 case RequestSent:
2796 case AckReceived:
2797 next_state = RequestSent;
2798
2799 case AckSent:
2800 if (sess_local[s].lcp.conf_sent < config->ppp_max_configure)
2801 {
2802 LOG(3, s, session[s].tunnel, "No ACK for LCP ConfigReq... resending\n");
2803 sendlcp(s, session[s].tunnel);
2804 change_state(s, lcp, next_state);
2805 }
2806 else
2807 {
2808 sessionshutdown(s, "No response to LCP ConfigReq.", 3, 0);
2809 STAT(session_timeout);
2810 }
2811
2812 s_actions++;
2813 }
2814
2815 if (session[s].die)
2816 continue;
2817 }
2818
2819 if (sess_local[s].ipcp.restart <= time_now)
2820 {
2821 int next_state = session[s].ppp.ipcp;
2822 switch (session[s].ppp.ipcp)
2823 {
2824 case RequestSent:
2825 case AckReceived:
2826 next_state = RequestSent;
2827
2828 case AckSent:
2829 if (sess_local[s].ipcp.conf_sent < config->ppp_max_configure)
2830 {
2831 LOG(3, s, session[s].tunnel, "No ACK for IPCP ConfigReq... resending\n");
2832 sendipcp(s, session[s].tunnel);
2833 change_state(s, ipcp, next_state);
2834 }
2835 else
2836 {
2837 sessionshutdown(s, "No response to IPCP ConfigReq.", 3, 0);
2838 STAT(session_timeout);
2839 }
2840
2841 s_actions++;
2842 }
2843
2844 if (session[s].die)
2845 continue;
2846 }
2847
2848 if (sess_local[s].ipv6cp.restart <= time_now)
2849 {
2850 int next_state = session[s].ppp.ipv6cp;
2851 switch (session[s].ppp.ipv6cp)
2852 {
2853 case RequestSent:
2854 case AckReceived:
2855 next_state = RequestSent;
2856
2857 case AckSent:
2858 if (sess_local[s].ipv6cp.conf_sent < config->ppp_max_configure)
2859 {
2860 LOG(3, s, session[s].tunnel, "No ACK for IPV6CP ConfigReq... resending\n");
2861 sendipv6cp(s, session[s].tunnel);
2862 change_state(s, ipv6cp, next_state);
2863 }
2864 else
2865 {
2866 LOG(3, s, session[s].tunnel, "No ACK for IPV6CP ConfigReq\n");
2867 change_state(s, ipv6cp, Stopped);
2868 }
2869
2870 s_actions++;
2871 }
2872 }
2873
2874 if (sess_local[s].ccp.restart <= time_now)
2875 {
2876 int next_state = session[s].ppp.ccp;
2877 switch (session[s].ppp.ccp)
2878 {
2879 case RequestSent:
2880 case AckReceived:
2881 next_state = RequestSent;
2882
2883 case AckSent:
2884 if (sess_local[s].ccp.conf_sent < config->ppp_max_configure)
2885 {
2886 LOG(3, s, session[s].tunnel, "No ACK for CCP ConfigReq... resending\n");
2887 sendccp(s, session[s].tunnel);
2888 change_state(s, ccp, next_state);
2889 }
2890 else
2891 {
2892 LOG(3, s, session[s].tunnel, "No ACK for CCP ConfigReq\n");
2893 change_state(s, ccp, Stopped);
2894 }
2895
2896 s_actions++;
2897 }
2898 }
2899
2900 // Drop sessions who have not responded within IDLE_TIMEOUT seconds
2901 if (session[s].last_packet && (time_now - session[s].last_packet >= IDLE_TIMEOUT))
2902 {
2903 sessionshutdown(s, "No response to LCP ECHO requests.", 3, 0);
2904 STAT(session_timeout);
2905 s_actions++;
2906 continue;
2907 }
2908
2909 // No data in ECHO_TIMEOUT seconds, send LCP ECHO
2910 if (session[s].ppp.phase >= Establish && (time_now - session[s].last_packet >= ECHO_TIMEOUT) &&
2911 (time_now - sess_local[s].last_echo >= ECHO_TIMEOUT))
2912 {
2913 uint8_t b[MAXETHER];
2914
2915 uint8_t *q = makeppp(b, sizeof(b), 0, 0, s, session[s].tunnel, PPPLCP);
2916 if (!q) continue;
2917
2918 *q = EchoReq;
2919 *(uint8_t *)(q + 1) = (time_now % 255); // ID
2920 *(uint16_t *)(q + 2) = htons(8); // Length
2921 *(uint32_t *)(q + 4) = 0; // Magic Number (not supported)
2922
2923 LOG(4, s, session[s].tunnel, "No data in %d seconds, sending LCP ECHO\n",
2924 (int)(time_now - session[s].last_packet));
2925 tunnelsend(b, 24, session[s].tunnel); // send it
2926 sess_local[s].last_echo = time_now;
2927 s_actions++;
2928 }
2929
2930 // Check for actions requested from the CLI
2931 if ((a = cli_session_actions[s].action))
2932 {
2933 int send = 0;
2934
2935 cli_session_actions[s].action = 0;
2936 if (a & CLI_SESS_KILL)
2937 {
2938 LOG(2, s, session[s].tunnel, "Dropping session by CLI\n");
2939 sessionshutdown(s, "Requested by administrator.", 3, 0);
2940 a = 0; // dead, no need to check for other actions
2941 s_actions++;
2942 }
2943
2944 if (a & CLI_SESS_NOSNOOP)
2945 {
2946 LOG(2, s, session[s].tunnel, "Unsnooping session by CLI\n");
2947 session[s].snoop_ip = 0;
2948 session[s].snoop_port = 0;
2949 s_actions++;
2950 send++;
2951 }
2952 else if (a & CLI_SESS_SNOOP)
2953 {
2954 LOG(2, s, session[s].tunnel, "Snooping session by CLI (to %s:%d)\n",
2955 fmtaddr(cli_session_actions[s].snoop_ip, 0),
2956 cli_session_actions[s].snoop_port);
2957
2958 session[s].snoop_ip = cli_session_actions[s].snoop_ip;
2959 session[s].snoop_port = cli_session_actions[s].snoop_port;
2960 s_actions++;
2961 send++;
2962 }
2963
2964 if (a & CLI_SESS_NOTHROTTLE)
2965 {
2966 LOG(2, s, session[s].tunnel, "Un-throttling session by CLI\n");
2967 throttle_session(s, 0, 0);
2968 s_actions++;
2969 send++;
2970 }
2971 else if (a & CLI_SESS_THROTTLE)
2972 {
2973 LOG(2, s, session[s].tunnel, "Throttling session by CLI (to %dkb/s up and %dkb/s down)\n",
2974 cli_session_actions[s].throttle_in,
2975 cli_session_actions[s].throttle_out);
2976
2977 throttle_session(s, cli_session_actions[s].throttle_in, cli_session_actions[s].throttle_out);
2978 s_actions++;
2979 send++;
2980 }
2981
2982 if (a & CLI_SESS_NOFILTER)
2983 {
2984 LOG(2, s, session[s].tunnel, "Un-filtering session by CLI\n");
2985 filter_session(s, 0, 0);
2986 s_actions++;
2987 send++;
2988 }
2989 else if (a & CLI_SESS_FILTER)
2990 {
2991 LOG(2, s, session[s].tunnel, "Filtering session by CLI (in=%d, out=%d)\n",
2992 cli_session_actions[s].filter_in,
2993 cli_session_actions[s].filter_out);
2994
2995 filter_session(s, cli_session_actions[s].filter_in, cli_session_actions[s].filter_out);
2996 s_actions++;
2997 send++;
2998 }
2999
3000 if (send)
3001 cluster_send_session(s);
3002 }
3003
3004 // RADIUS interim accounting
3005 if (config->radius_accounting && config->radius_interim > 0
3006 && session[s].ip && !session[s].walled_garden
3007 && !sess_local[s].radius // RADIUS already in progress
3008 && time_now - sess_local[s].last_interim >= config->radius_interim)
3009 {
3010 int rad = radiusnew(s);
3011 if (!rad)
3012 {
3013 LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Interim message\n");
3014 STAT(radius_overflow);
3015 continue;
3016 }
3017
3018 LOG(3, s, session[s].tunnel, "Sending RADIUS Interim for %s (%u)\n",
3019 session[s].user, session[s].unique_id);
3020
3021 radiussend(rad, RADIUSINTERIM);
3022 sess_local[s].last_interim = time_now;
3023 s_actions++;
3024 }
3025 }
3026
3027 LOG(4, 0, 0, "End regular cleanup: checked %d/%d/%d tunnels/radius/sessions; %d/%d/%d actions\n",
3028 t_slice, r_slice, s_slice, t_actions, r_actions, s_actions);
3029 }
3030
3031 //
3032 // Are we in the middle of a tunnel update, or radius
3033 // requests??
3034 //
3035 static int still_busy(void)
3036 {
3037 int i;
3038 static clockt last_talked = 0;
3039 static clockt start_busy_wait = 0;
3040
3041 if (!config->cluster_iam_master)
3042 {
3043 #ifdef BGP
3044 static time_t stopped_bgp = 0;
3045 if (bgp_configured)
3046 {
3047 if (!stopped_bgp)
3048 {
3049 LOG(1, 0, 0, "Shutting down in %d seconds, stopping BGP...\n", QUIT_DELAY);
3050
3051 for (i = 0; i < BGP_NUM_PEERS; i++)
3052 if (bgp_peers[i].state == Established)
3053 bgp_stop(&bgp_peers[i]);
3054
3055 stopped_bgp = time_now;
3056
3057 // we don't want to become master
3058 cluster_send_ping(0);
3059
3060 return 1;
3061 }
3062
3063 if (time_now < (stopped_bgp + QUIT_DELAY))
3064 return 1;
3065 }
3066 #endif /* BGP */
3067
3068 return 0;
3069 }
3070
3071 if (main_quit == QUIT_SHUTDOWN)
3072 {
3073 static int dropped = 0;
3074 if (!dropped)
3075 {
3076 int i;
3077
3078 LOG(1, 0, 0, "Dropping sessions and tunnels\n");
3079 for (i = 1; i < MAXTUNNEL; i++)
3080 if (tunnel[i].ip || tunnel[i].state)
3081 tunnelshutdown(i, "L2TPNS Closing", 6, 0, 0);
3082
3083 dropped = 1;
3084 }
3085 }
3086
3087 if (start_busy_wait == 0)
3088 start_busy_wait = TIME;
3089
3090 for (i = config->cluster_highest_tunnelid ; i > 0 ; --i)
3091 {
3092 if (!tunnel[i].controlc)
3093 continue;
3094
3095 if (last_talked != TIME)
3096 {
3097 LOG(2, 0, 0, "Tunnel %d still has un-acked control messages.\n", i);
3098 last_talked = TIME;
3099 }
3100 return 1;
3101 }
3102
3103 // We stop waiting for radius after BUSY_WAIT_TIME 1/10th seconds
3104 if (abs(TIME - start_busy_wait) > BUSY_WAIT_TIME)
3105 {
3106 LOG(1, 0, 0, "Giving up waiting for RADIUS to be empty. Shutting down anyway.\n");
3107 return 0;
3108 }
3109
3110 for (i = 1; i < MAXRADIUS; i++)
3111 {
3112 if (radius[i].state == RADIUSNULL)
3113 continue;
3114 if (radius[i].state == RADIUSWAIT)
3115 continue;
3116
3117 if (last_talked != TIME)
3118 {
3119 LOG(2, 0, 0, "Radius session %d is still busy (sid %d)\n", i, radius[i].session);
3120 last_talked = TIME;
3121 }
3122 return 1;
3123 }
3124
3125 return 0;
3126 }
3127
3128 #ifdef HAVE_EPOLL
3129 # include <sys/epoll.h>
3130 #else
3131 # define FAKE_EPOLL_IMPLEMENTATION /* include the functions */
3132 # include "fake_epoll.h"
3133 #endif
3134
3135 // the base set of fds polled: cli, cluster, tun, udp, control, dae
3136 #define BASE_FDS 6
3137
3138 // additional polled fds
3139 #ifdef BGP
3140 # define EXTRA_FDS BGP_NUM_PEERS
3141 #else
3142 # define EXTRA_FDS 0
3143 #endif
3144
3145 // main loop - gets packets on tun or udp and processes them
3146 static void mainloop(void)
3147 {
3148 int i;
3149 uint8_t buf[65536];
3150 clockt next_cluster_ping = 0; // send initial ping immediately
3151 struct epoll_event events[BASE_FDS + RADIUS_FDS + EXTRA_FDS];
3152 int maxevent = sizeof(events)/sizeof(*events);
3153
3154 if ((epollfd = epoll_create(maxevent)) < 0)
3155 {
3156 LOG(0, 0, 0, "epoll_create failed: %s\n", strerror(errno));
3157 exit(1);
3158 }
3159
3160 LOG(4, 0, 0, "Beginning of main loop. clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d\n",
3161 clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd);
3162
3163 /* setup our fds to poll for input */
3164 {
3165 static struct event_data d[BASE_FDS];
3166 struct epoll_event e;
3167
3168 e.events = EPOLLIN;
3169 i = 0;
3170
3171 d[i].type = FD_TYPE_CLI;
3172 e.data.ptr = &d[i++];
3173 epoll_ctl(epollfd, EPOLL_CTL_ADD, clifd, &e);
3174
3175 d[i].type = FD_TYPE_CLUSTER;
3176 e.data.ptr = &d[i++];
3177 epoll_ctl(epollfd, EPOLL_CTL_ADD, cluster_sockfd, &e);
3178
3179 d[i].type = FD_TYPE_TUN;
3180 e.data.ptr = &d[i++];
3181 epoll_ctl(epollfd, EPOLL_CTL_ADD, tunfd, &e);
3182
3183 d[i].type = FD_TYPE_UDP;
3184 e.data.ptr = &d[i++];
3185 epoll_ctl(epollfd, EPOLL_CTL_ADD, udpfd, &e);
3186
3187 d[i].type = FD_TYPE_CONTROL;
3188 e.data.ptr = &d[i++];
3189 epoll_ctl(epollfd, EPOLL_CTL_ADD, controlfd, &e);
3190
3191 d[i].type = FD_TYPE_DAE;
3192 e.data.ptr = &d[i++];
3193 epoll_ctl(epollfd, EPOLL_CTL_ADD, daefd, &e);
3194 }
3195
3196 #ifdef BGP
3197 signal(SIGPIPE, SIG_IGN);
3198 bgp_setup(config->as_number);
3199 if (config->bind_address)
3200 bgp_add_route(config->bind_address, 0xffffffff);
3201
3202 for (i = 0; i < BGP_NUM_PEERS; i++)
3203 {
3204 if (config->neighbour[i].name[0])
3205 bgp_start(&bgp_peers[i], config->neighbour[i].name,
3206 config->neighbour[i].as, config->neighbour[i].keepalive,
3207 config->neighbour[i].hold, 0); /* 0 = routing disabled */
3208 }
3209 #endif /* BGP */
3210
3211 while (!main_quit || still_busy())
3212 {
3213 int more = 0;
3214 int n;
3215
3216
3217 if (main_reload)
3218 {
3219 main_reload = 0;
3220 read_config_file();
3221 config->reload_config++;
3222 }
3223
3224 if (config->reload_config)
3225 {
3226 config->reload_config = 0;
3227 update_config();
3228 }
3229
3230 #ifdef BGP
3231 bgp_set_poll();
3232 #endif /* BGP */
3233
3234 n = epoll_wait(epollfd, events, maxevent, 100); // timeout 100ms (1/10th sec)
3235 STAT(select_called);
3236
3237 TIME = now(NULL);
3238 if (n < 0)
3239 {
3240 if (errno == EINTR ||
3241 errno == ECHILD) // EINTR was clobbered by sigchild_handler()
3242 continue;
3243
3244 LOG(0, 0, 0, "Error returned from select(): %s\n", strerror(errno));
3245 break; // exit
3246 }
3247
3248 if (n)
3249 {
3250 struct sockaddr_in addr;
3251 socklen_t alen;
3252 int c, s;
3253 int udp_ready = 0;
3254 int tun_ready = 0;
3255 int cluster_ready = 0;
3256 int udp_pkts = 0;
3257 int tun_pkts = 0;
3258 int cluster_pkts = 0;
3259 #ifdef BGP
3260 uint32_t bgp_events[BGP_NUM_PEERS];
3261 memset(bgp_events, 0, sizeof(bgp_events));
3262 #endif /* BGP */
3263
3264 for (c = n, i = 0; i < c; i++)
3265 {
3266 struct event_data *d = events[i].data.ptr;
3267 switch (d->type)
3268 {
3269 case FD_TYPE_CLI: // CLI connections
3270 {
3271 int cli;
3272
3273 alen = sizeof(addr);
3274 if ((cli = accept(clifd, (struct sockaddr *)&addr, &alen)) >= 0)
3275 {
3276 cli_do(cli);
3277 close(cli);
3278 }
3279 else
3280 LOG(0, 0, 0, "accept error: %s\n", strerror(errno));
3281
3282 n--;
3283 break;
3284 }
3285
3286 // these are handled below, with multiple interleaved reads
3287 case FD_TYPE_CLUSTER: cluster_ready++; break;
3288 case FD_TYPE_TUN: tun_ready++; break;
3289 case FD_TYPE_UDP: udp_ready++; break;
3290
3291 case FD_TYPE_CONTROL: // nsctl commands
3292 alen = sizeof(addr);
3293 processcontrol(buf, recvfrom(controlfd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen), &addr, alen);
3294 n--;
3295 break;
3296
3297 case FD_TYPE_DAE: // DAE requests
3298 alen = sizeof(addr);
3299 processdae(buf, recvfrom(daefd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen), &addr, alen);
3300 n--;
3301 break;
3302
3303 case FD_TYPE_RADIUS: // RADIUS response
3304 s = recv(radfds[d->index], buf, sizeof(buf), 0);
3305 if (s >= 0 && config->cluster_iam_master)
3306 processrad(buf, s, d->index);
3307
3308 n--;
3309 break;
3310
3311 #ifdef BGP
3312 case FD_TYPE_BGP:
3313 bgp_events[d->index] = events[i].events;
3314 n--;
3315 break;
3316 #endif /* BGP */
3317
3318 default:
3319 LOG(0, 0, 0, "Unexpected fd type returned from epoll_wait: %d\n", d->type);
3320 }
3321 }
3322
3323 #ifdef BGP
3324 bgp_process(bgp_events);
3325 #endif /* BGP */
3326
3327 for (c = 0; n && c < config->multi_read_count; c++)
3328 {
3329 // L2TP
3330 if (udp_ready)
3331 {
3332 alen = sizeof(addr);
3333 if ((s = recvfrom(udpfd, buf, sizeof(buf), 0, (void *) &addr, &alen)) > 0)
3334 {
3335 processudp(buf, s, &addr);
3336 udp_pkts++;
3337 }
3338 else
3339 {
3340 udp_ready = 0;
3341 n--;
3342 }
3343 }
3344
3345 // incoming IP
3346 if (tun_ready)
3347 {
3348 if ((s = read(tunfd, buf, sizeof(buf))) > 0)
3349 {
3350 processtun(buf, s);
3351 tun_pkts++;
3352 }
3353 else
3354 {
3355 tun_ready = 0;
3356 n--;
3357 }
3358 }
3359
3360 // cluster
3361 if (cluster_ready)
3362 {
3363 alen = sizeof(addr);
3364 if ((s = recvfrom(cluster_sockfd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen)) > 0)
3365 {
3366 processcluster(buf, s, addr.sin_addr.s_addr);
3367 cluster_pkts++;
3368 }
3369 else
3370 {
3371 cluster_ready = 0;
3372 n--;
3373 }
3374 }
3375 }
3376
3377 if (udp_pkts > 1 || tun_pkts > 1 || cluster_pkts > 1)
3378 STAT(multi_read_used);
3379
3380 if (c >= config->multi_read_count)
3381 {
3382 LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun and %d cluster packets\n",
3383 config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts);
3384
3385 STAT(multi_read_exceeded);
3386 more++;
3387 }
3388 }
3389
3390 if (time_changed)
3391 {
3392 double Mbps = 1024.0 * 1024.0 / 8 * time_changed;
3393
3394 // Log current traffic stats
3395 snprintf(config->bandwidth, sizeof(config->bandwidth),
3396 "UDP-ETH:%1.0f/%1.0f ETH-UDP:%1.0f/%1.0f TOTAL:%0.1f IN:%u OUT:%u",
3397 (udp_rx / Mbps), (eth_tx / Mbps), (eth_rx / Mbps), (udp_tx / Mbps),
3398 ((udp_tx + udp_rx + eth_tx + eth_rx) / Mbps),
3399 udp_rx_pkt / time_changed, eth_rx_pkt / time_changed);
3400
3401 udp_tx = udp_rx = 0;
3402 udp_rx_pkt = eth_rx_pkt = 0;
3403 eth_tx = eth_rx = 0;
3404 time_changed = 0;
3405
3406 if (config->dump_speed)
3407 printf("%s\n", config->bandwidth);
3408
3409 // Update the internal time counter
3410 strftime(time_now_string, sizeof(time_now_string), "%Y-%m-%d %H:%M:%S", localtime(&time_now));
3411
3412 {
3413 // Run timer hooks
3414 struct param_timer p = { time_now };
3415 run_plugins(PLUGIN_TIMER, &p);
3416 }
3417 }
3418
3419 // Runs on every machine (master and slaves).
3420 if (next_cluster_ping <= TIME)
3421 {
3422 // Check to see which of the cluster is still alive..
3423
3424 cluster_send_ping(basetime); // Only does anything if we're a slave
3425 cluster_check_master(); // ditto.
3426
3427 cluster_heartbeat(); // Only does anything if we're a master.
3428 cluster_check_slaves(); // ditto.
3429
3430 master_update_counts(); // If we're a slave, send our byte counters to our master.
3431
3432 if (config->cluster_iam_master && !config->cluster_iam_uptodate)
3433 next_cluster_ping = TIME + 1; // out-of-date slaves, do fast updates
3434 else
3435 next_cluster_ping = TIME + config->cluster_hb_interval;
3436 }
3437
3438 if (!config->cluster_iam_master)
3439 continue;
3440
3441 // Run token bucket filtering queue..
3442 // Only run it every 1/10th of a second.
3443 {
3444 static clockt last_run = 0;
3445 if (last_run != TIME)
3446 {
3447 last_run = TIME;
3448 tbf_run_timer();
3449 }
3450 }
3451
3452 // Handle timeouts, retries etc.
3453 {
3454 static double last_clean = 0;
3455 double this_clean;
3456 double diff;
3457
3458 TIME = now(&this_clean);
3459 diff = this_clean - last_clean;
3460
3461 // Run during idle time (after we've handled
3462 // all incoming packets) or every 1/10th sec
3463 if (!more || diff > 0.1)
3464 {
3465 regular_cleanups(diff);
3466 last_clean = this_clean;
3467 }
3468 }
3469
3470 if (*config->accounting_dir)
3471 {
3472 static clockt next_acct = 0;
3473 static clockt next_shut_acct = 0;
3474
3475 if (next_acct <= TIME)
3476 {
3477 // Dump accounting data
3478 next_acct = TIME + ACCT_TIME;
3479 next_shut_acct = TIME + ACCT_SHUT_TIME;
3480 dump_acct_info(1);
3481 }
3482 else if (next_shut_acct <= TIME)
3483 {
3484 // Dump accounting data for shutdown sessions
3485 next_shut_acct = TIME + ACCT_SHUT_TIME;
3486 if (shut_acct_n)
3487 dump_acct_info(0);
3488 }
3489 }
3490 }
3491
3492 // Are we the master and shutting down??
3493 if (config->cluster_iam_master)
3494 cluster_heartbeat(); // Flush any queued changes..
3495
3496 // Ok. Notify everyone we're shutting down. If we're
3497 // the master, this will force an election.
3498 cluster_send_ping(0);
3499
3500 //
3501 // Important!!! We MUST not process any packets past this point!
3502 LOG(1, 0, 0, "Shutdown complete\n");
3503 }
3504
3505 static void stripdomain(char *host)
3506 {
3507 char *p;
3508
3509 if ((p = strchr(host, '.')))
3510 {
3511 char *domain = 0;
3512 char _domain[1024];
3513
3514 // strip off domain
3515 FILE *resolv = fopen("/etc/resolv.conf", "r");
3516 if (resolv)
3517 {
3518 char buf[1024];
3519 char *b;
3520
3521 while (fgets(buf, sizeof(buf), resolv))
3522 {
3523 if (strncmp(buf, "domain", 6) && strncmp(buf, "search", 6))
3524 continue;
3525
3526 if (!isspace(buf[6]))
3527 continue;
3528
3529 b = buf + 7;
3530 while (isspace(*b)) b++;
3531
3532 if (*b)
3533 {
3534 char *d = b;
3535 while (*b && !isspace(*b)) b++;
3536 *b = 0;
3537 if (buf[0] == 'd') // domain is canonical
3538 {
3539 domain = d;
3540 break;
3541 }
3542
3543 // first search line
3544 if (!domain)
3545 {
3546 // hold, may be subsequent domain line
3547 strncpy(_domain, d, sizeof(_domain))[sizeof(_domain)-1] = 0;
3548 domain = _domain;
3549 }
3550 }
3551 }
3552
3553 fclose(resolv);
3554 }
3555
3556 if (domain)
3557 {
3558 int hl = strlen(host);
3559 int dl = strlen(domain);
3560 if (dl < hl && host[hl - dl - 1] == '.' && !strcmp(host + hl - dl, domain))
3561 host[hl -dl - 1] = 0;
3562 }
3563 else
3564 {
3565 *p = 0; // everything after first dot
3566 }
3567 }
3568 }
3569
3570 // Init data structures
3571 static void initdata(int optdebug, char *optconfig)
3572 {
3573 int i;
3574
3575 if (!(config = shared_malloc(sizeof(configt))))
3576 {
3577 fprintf(stderr, "Error doing malloc for configuration: %s\n", strerror(errno));
3578 exit(1);
3579 }
3580
3581 memset(config, 0, sizeof(configt));
3582 time(&config->start_time);
3583 strncpy(config->config_file, optconfig, strlen(optconfig));
3584 config->debug = optdebug;
3585 config->num_tbfs = MAXTBFS;
3586 config->rl_rate = 28; // 28kbps
3587 config->cluster_mcast_ttl = 1;
3588 config->cluster_master_min_adv = 1;
3589 config->ppp_restart_time = 3;
3590 config->ppp_max_configure = 10;
3591 config->ppp_max_failure = 5;
3592 strcpy(config->random_device, RANDOMDEVICE);
3593
3594 log_stream = stderr;
3595
3596 #ifdef RINGBUFFER
3597 if (!(ringbuffer = shared_malloc(sizeof(struct Tringbuffer))))
3598 {
3599 LOG(0, 0, 0, "Error doing malloc for ringbuffer: %s\n", strerror(errno));
3600 exit(1);
3601 }
3602 memset(ringbuffer, 0, sizeof(struct Tringbuffer));
3603 #endif
3604
3605 if (!(_statistics = shared_malloc(sizeof(struct Tstats))))
3606 {
3607 LOG(0, 0, 0, "Error doing malloc for _statistics: %s\n", strerror(errno));
3608 exit(1);
3609 }
3610 if (!(tunnel = shared_malloc(sizeof(tunnelt) * MAXTUNNEL)))
3611 {
3612 LOG(0, 0, 0, "Error doing malloc for tunnels: %s\n", strerror(errno));
3613 exit(1);
3614 }
3615 if (!(session = shared_malloc(sizeof(sessiont) * MAXSESSION)))
3616 {
3617 LOG(0, 0, 0, "Error doing malloc for sessions: %s\n", strerror(errno));
3618 exit(1);
3619 }
3620
3621 if (!(sess_local = shared_malloc(sizeof(sessionlocalt) * MAXSESSION)))
3622 {
3623 LOG(0, 0, 0, "Error doing malloc for sess_local: %s\n", strerror(errno));
3624 exit(1);
3625 }
3626
3627 if (!(radius = shared_malloc(sizeof(radiust) * MAXRADIUS)))
3628 {
3629 LOG(0, 0, 0, "Error doing malloc for radius: %s\n", strerror(errno));
3630 exit(1);
3631 }
3632
3633 if (!(ip_address_pool = shared_malloc(sizeof(ippoolt) * MAXIPPOOL)))
3634 {
3635 LOG(0, 0, 0, "Error doing malloc for ip_address_pool: %s\n", strerror(errno));
3636 exit(1);
3637 }
3638
3639 if (!(ip_filters = shared_malloc(sizeof(ip_filtert) * MAXFILTER)))
3640 {
3641 LOG(0, 0, 0, "Error doing malloc for ip_filters: %s\n", strerror(errno));
3642 exit(1);
3643 }
3644 memset(ip_filters, 0, sizeof(ip_filtert) * MAXFILTER);
3645
3646 if (!(cli_session_actions = shared_malloc(sizeof(struct cli_session_actions) * MAXSESSION)))
3647 {
3648 LOG(0, 0, 0, "Error doing malloc for cli session actions: %s\n", strerror(errno));
3649 exit(1);
3650 }
3651 memset(cli_session_actions, 0, sizeof(struct cli_session_actions) * MAXSESSION);
3652
3653 if (!(cli_tunnel_actions = shared_malloc(sizeof(struct cli_tunnel_actions) * MAXSESSION)))
3654 {
3655 LOG(0, 0, 0, "Error doing malloc for cli tunnel actions: %s\n", strerror(errno));
3656 exit(1);
3657 }
3658 memset(cli_tunnel_actions, 0, sizeof(struct cli_tunnel_actions) * MAXSESSION);
3659
3660 memset(tunnel, 0, sizeof(tunnelt) * MAXTUNNEL);
3661 memset(session, 0, sizeof(sessiont) * MAXSESSION);
3662 memset(radius, 0, sizeof(radiust) * MAXRADIUS);
3663 memset(ip_address_pool, 0, sizeof(ippoolt) * MAXIPPOOL);
3664
3665 // Put all the sessions on the free list marked as undefined.
3666 for (i = 1; i < MAXSESSION; i++)
3667 {
3668 session[i].next = i + 1;
3669 session[i].tunnel = T_UNDEF; // mark it as not filled in.
3670 }
3671 session[MAXSESSION - 1].next = 0;
3672 sessionfree = 1;
3673
3674 // Mark all the tunnels as undefined (waiting to be filled in by a download).
3675 for (i = 1; i < MAXTUNNEL; i++)
3676 tunnel[i].state = TUNNELUNDEF; // mark it as not filled in.
3677
3678 if (!*hostname)
3679 {
3680 // Grab my hostname unless it's been specified
3681 gethostname(hostname, sizeof(hostname));
3682 stripdomain(hostname);
3683 }
3684
3685 _statistics->start_time = _statistics->last_reset = time(NULL);
3686
3687 #ifdef BGP
3688 if (!(bgp_peers = shared_malloc(sizeof(struct bgp_peer) * BGP_NUM_PEERS)))
3689 {
3690 LOG(0, 0, 0, "Error doing malloc for bgp: %s\n", strerror(errno));
3691 exit(1);
3692 }
3693 #endif /* BGP */
3694 }
3695
3696 static int assign_ip_address(sessionidt s)
3697 {
3698 uint32_t i;
3699 int best = -1;
3700 time_t best_time = time_now;
3701 char *u = session[s].user;
3702 char reuse = 0;
3703
3704
3705 CSTAT(assign_ip_address);
3706
3707 for (i = 1; i < ip_pool_size; i++)
3708 {
3709 if (!ip_address_pool[i].address || ip_address_pool[i].assigned)
3710 continue;
3711
3712 if (!session[s].walled_garden && ip_address_pool[i].user[0] && !strcmp(u, ip_address_pool[i].user))
3713 {
3714 best = i;
3715 reuse = 1;
3716 break;
3717 }
3718
3719 if (ip_address_pool[i].last < best_time)
3720 {
3721 best = i;
3722 if (!(best_time = ip_address_pool[i].last))
3723 break; // never used, grab this one
3724 }
3725 }
3726
3727 if (best < 0)
3728 {
3729 LOG(0, s, session[s].tunnel, "assign_ip_address(): out of addresses\n");
3730 return 0;
3731 }
3732
3733 session[s].ip = ip_address_pool[best].address;
3734 session[s].ip_pool_index = best;
3735 ip_address_pool[best].assigned = 1;
3736 ip_address_pool[best].last = time_now;
3737 ip_address_pool[best].session = s;
3738 if (session[s].walled_garden)
3739 /* Don't track addresses of users in walled garden (note: this
3740 means that their address isn't "sticky" even if they get
3741 un-gardened). */
3742 ip_address_pool[best].user[0] = 0;
3743 else
3744 strncpy(ip_address_pool[best].user, u, sizeof(ip_address_pool[best].user) - 1);
3745
3746 STAT(ip_allocated);
3747 LOG(4, s, session[s].tunnel, "assign_ip_address(): %s ip address %d from pool\n",
3748 reuse ? "Reusing" : "Allocating", best);
3749
3750 return 1;
3751 }
3752
3753 static void free_ip_address(sessionidt s)
3754 {
3755 int i = session[s].ip_pool_index;
3756
3757
3758 CSTAT(free_ip_address);
3759
3760 if (!session[s].ip)
3761 return; // what the?
3762
3763 if (i < 0) // Is this actually part of the ip pool?
3764 i = 0;
3765
3766 STAT(ip_freed);
3767 cache_ipmap(session[s].ip, -i); // Change the mapping to point back to the ip pool index.
3768 session[s].ip = 0;
3769 ip_address_pool[i].assigned = 0;
3770 ip_address_pool[i].session = 0;
3771 ip_address_pool[i].last = time_now;
3772 }
3773
3774 //
3775 // Fsck the address pool against the session table.
3776 // Normally only called when we become a master.
3777 //
3778 // This isn't perfect: We aren't keep tracking of which
3779 // users used to have an IP address.
3780 //
3781 void rebuild_address_pool(void)
3782 {
3783 int i;
3784
3785 //
3786 // Zero the IP pool allocation, and build
3787 // a map from IP address to pool index.
3788 for (i = 1; i < MAXIPPOOL; ++i)
3789 {
3790 ip_address_pool[i].assigned = 0;
3791 ip_address_pool[i].session = 0;
3792 if (!ip_address_pool[i].address)
3793 continue;
3794
3795 cache_ipmap(ip_address_pool[i].address, -i); // Map pool IP to pool index.
3796 }
3797
3798 for (i = 0; i < MAXSESSION; ++i)
3799 {
3800 int ipid;
3801 if (!(session[i].opened && session[i].ip))
3802 continue;
3803
3804 ipid = - lookup_ipmap(htonl(session[i].ip));
3805
3806 if (session[i].ip_pool_index < 0)
3807 {
3808 // Not allocated out of the pool.
3809 if (ipid < 1) // Not found in the pool either? good.
3810 continue;
3811
3812 LOG(0, i, 0, "Session %d has an IP address (%s) that was marked static, but is in the pool (%d)!\n",
3813 i, fmtaddr(session[i].ip, 0), ipid);
3814
3815 // Fall through and process it as part of the pool.
3816 }
3817
3818
3819 if (ipid > MAXIPPOOL || ipid < 0)
3820 {
3821 LOG(0, i, 0, "Session %d has a pool IP that's not found in the pool! (%d)\n", i, ipid);
3822 ipid = -1;
3823 session[i].ip_pool_index = ipid;
3824 continue;
3825 }
3826
3827 ip_address_pool[ipid].assigned = 1;
3828 ip_address_pool[ipid].session = i;
3829 ip_address_pool[ipid].last = time_now;
3830 strncpy(ip_address_pool[ipid].user, session[i].user, sizeof(ip_address_pool[ipid].user) - 1);
3831 session[i].ip_pool_index = ipid;
3832 cache_ipmap(session[i].ip, i); // Fix the ip map.
3833 }
3834 }
3835
3836 //
3837 // Fix the address pool to match a changed session.
3838 // (usually when the master sends us an update).
3839 static void fix_address_pool(int sid)
3840 {
3841 int ipid;
3842
3843 ipid = session[sid].ip_pool_index;
3844
3845 if (ipid > ip_pool_size)
3846 return; // Ignore it. rebuild_address_pool will fix it up.
3847
3848 if (ip_address_pool[ipid].address != session[sid].ip)
3849 return; // Just ignore it. rebuild_address_pool will take care of it.
3850
3851 ip_address_pool[ipid].assigned = 1;
3852 ip_address_pool[ipid].session = sid;
3853 ip_address_pool[ipid].last = time_now;
3854 strncpy(ip_address_pool[ipid].user, session[sid].user, sizeof(ip_address_pool[ipid].user) - 1);
3855 }
3856
3857 //
3858 // Add a block of addresses to the IP pool to hand out.
3859 //
3860 static void add_to_ip_pool(in_addr_t addr, in_addr_t mask)
3861 {
3862 int i;
3863 if (mask == 0)
3864 mask = 0xffffffff; // Host route only.
3865
3866 addr &= mask;
3867
3868 if (ip_pool_size >= MAXIPPOOL) // Pool is full!
3869 return ;
3870
3871 for (i = addr ;(i & mask) == addr; ++i)
3872 {
3873 if ((i & 0xff) == 0 || (i&0xff) == 255)
3874 continue; // Skip 0 and broadcast addresses.
3875
3876 ip_address_pool[ip_pool_size].address = i;
3877 ip_address_pool[ip_pool_size].assigned = 0;
3878 ++ip_pool_size;
3879 if (ip_pool_size >= MAXIPPOOL)
3880 {
3881 LOG(0, 0, 0, "Overflowed IP pool adding %s\n", fmtaddr(htonl(addr), 0));
3882 return;
3883 }
3884 }
3885 }
3886
3887 // Initialize the IP address pool
3888 static void initippool()
3889 {
3890 FILE *f;
3891 char *p;
3892 char buf[4096];
3893 memset(ip_address_pool, 0, sizeof(ip_address_pool));
3894
3895 if (!(f = fopen(IPPOOLFILE, "r")))
3896 {
3897 LOG(0, 0, 0, "Can't load pool file " IPPOOLFILE ": %s\n", strerror(errno));
3898 exit(1);
3899 }
3900
3901 while (ip_pool_size < MAXIPPOOL && fgets(buf, 4096, f))
3902 {
3903 char *pool = buf;
3904 buf[4095] = 0; // Force it to be zero terminated/
3905
3906 if (*buf == '#' || *buf == '\n')
3907 continue; // Skip comments / blank lines
3908 if ((p = (char *)strrchr(buf, '\n'))) *p = 0;
3909 if ((p = (char *)strchr(buf, ':')))
3910 {
3911 in_addr_t src;
3912 *p = '\0';
3913 src = inet_addr(buf);
3914 if (src == INADDR_NONE)
3915 {
3916 LOG(0, 0, 0, "Invalid address pool IP %s\n", buf);
3917 exit(1);
3918 }
3919 // This entry is for a specific IP only
3920 if (src != config->bind_address)
3921 continue;
3922 *p = ':';
3923 pool = p+1;
3924 }
3925 if ((p = (char *)strchr(pool, '/')))
3926 {
3927 // It's a range
3928 int numbits = 0;
3929 in_addr_t start = 0, mask = 0;
3930
3931 LOG(2, 0, 0, "Adding IP address range %s\n", buf);
3932 *p++ = 0;
3933 if (!*p || !(numbits = atoi(p)))
3934 {
3935 LOG(0, 0, 0, "Invalid pool range %s\n", buf);
3936 continue;
3937 }
3938 start = ntohl(inet_addr(pool));
3939 mask = (in_addr_t) (pow(2, numbits) - 1) << (32 - numbits);
3940
3941 // Add a static route for this pool
3942 LOG(5, 0, 0, "Adding route for address pool %s/%u\n",
3943 fmtaddr(htonl(start), 0), 32 + mask);
3944
3945 routeset(0, start, mask, 0, 1);
3946
3947 add_to_ip_pool(start, mask);
3948 }
3949 else
3950 {
3951 // It's a single ip address
3952 add_to_ip_pool(inet_addr(pool), 0);
3953 }
3954 }
3955 fclose(f);
3956 LOG(1, 0, 0, "IP address pool is %d addresses\n", ip_pool_size - 1);
3957 }
3958
3959 void snoop_send_packet(uint8_t *packet, uint16_t size, in_addr_t destination, uint16_t port)
3960 {
3961 struct sockaddr_in snoop_addr = {0};
3962 if (!destination || !port || snoopfd <= 0 || size <= 0 || !packet)
3963 return;
3964
3965 snoop_addr.sin_family = AF_INET;
3966 snoop_addr.sin_addr.s_addr = destination;
3967 snoop_addr.sin_port = ntohs(port);
3968
3969 LOG(5, 0, 0, "Snooping %d byte packet to %s:%d\n", size,
3970 fmtaddr(snoop_addr.sin_addr.s_addr, 0),
3971 htons(snoop_addr.sin_port));
3972
3973 if (sendto(snoopfd, packet, size, MSG_DONTWAIT | MSG_NOSIGNAL, (void *) &snoop_addr, sizeof(snoop_addr)) < 0)
3974 LOG(0, 0, 0, "Error sending intercept packet: %s\n", strerror(errno));
3975
3976 STAT(packets_snooped);
3977 }
3978
3979 static int dump_session(FILE **f, sessiont *s)
3980 {
3981 if (!s->opened || !s->ip || !(s->cin_delta || s->cout_delta) || !*s->user || s->walled_garden)
3982 return 1;
3983
3984 if (!*f)
3985 {
3986 char filename[1024];
3987 char timestr[64];
3988 time_t now = time(NULL);
3989
3990 strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", localtime(&now));
3991 snprintf(filename, sizeof(filename), "%s/%s", config->accounting_dir, timestr);
3992
3993 if (!(*f = fopen(filename, "w")))
3994 {
3995 LOG(0, 0, 0, "Can't write accounting info to %s: %s\n", filename, strerror(errno));
3996 return 0;
3997 }
3998
3999 LOG(3, 0, 0, "Dumping accounting information to %s\n", filename);
4000 fprintf(*f, "# dslwatch.pl dump file V1.01\n"
4001 "# host: %s\n"
4002 "# endpoint: %s\n"
4003 "# time: %ld\n"
4004 "# uptime: %ld\n"
4005 "# format: username ip qos uptxoctets downrxoctets\n",
4006 hostname,
4007 fmtaddr(config->bind_address ? config->bind_address : my_address, 0),
4008 now,
4009 now - basetime);
4010 }
4011
4012 LOG(4, 0, 0, "Dumping accounting information for %s\n", s->user);
4013 fprintf(*f, "%s %s %d %u %u\n",
4014 s->user, // username
4015 fmtaddr(htonl(s->ip), 0), // ip
4016 (s->throttle_in || s->throttle_out) ? 2 : 1, // qos
4017 (uint32_t) s->cin_delta, // uptxoctets
4018 (uint32_t) s->cout_delta); // downrxoctets
4019
4020 s->cin_delta = s->cout_delta = 0;
4021
4022 return 1;
4023 }
4024
4025 static void dump_acct_info(int all)
4026 {
4027 int i;
4028 FILE *f = NULL;
4029
4030
4031 CSTAT(dump_acct_info);
4032
4033 if (shut_acct_n)
4034 {
4035 for (i = 0; i < shut_acct_n; i++)
4036 dump_session(&f, &shut_acct[i]);
4037
4038 shut_acct_n = 0;
4039 }
4040
4041 if (all)
4042 for (i = 1; i <= config->cluster_highest_sessionid; i++)
4043 dump_session(&f, &session[i]);
4044
4045 if (f)
4046 fclose(f);
4047 }
4048
4049 // Main program
4050 int main(int argc, char *argv[])
4051 {
4052 int i;
4053 int optdebug = 0;
4054 char *optconfig = CONFIGFILE;
4055
4056 time(&basetime); // start clock
4057
4058 // scan args
4059 while ((i = getopt(argc, argv, "dvc:h:")) >= 0)
4060 {
4061 switch (i)
4062 {
4063 case 'd':
4064 if (fork()) exit(0);
4065 setsid();
4066 freopen("/dev/null", "r", stdin);
4067 freopen("/dev/null", "w", stdout);
4068 freopen("/dev/null", "w", stderr);
4069 break;
4070 case 'v':
4071 optdebug++;
4072 break;
4073 case 'c':
4074 optconfig = optarg;
4075 break;
4076 case 'h':
4077 snprintf(hostname, sizeof(hostname), "%s", optarg);
4078 break;
4079 default:
4080 printf("Args are:\n"
4081 "\t-d\t\tDetach from terminal\n"
4082 "\t-c <file>\tConfig file\n"
4083 "\t-h <hostname>\tForce hostname\n"
4084 "\t-v\t\tDebug\n");
4085
4086 return (0);
4087 break;
4088 }
4089 }
4090
4091 // Start the timer routine off
4092 time(&time_now);
4093 strftime(time_now_string, sizeof(time_now_string), "%Y-%m-%d %H:%M:%S", localtime(&time_now));
4094
4095 initplugins();
4096 initdata(optdebug, optconfig);
4097
4098 init_cli(hostname);
4099 read_config_file();
4100 update_config();
4101 init_tbf(config->num_tbfs);
4102
4103 LOG(0, 0, 0, "L2TPNS version " VERSION "\n");
4104 LOG(0, 0, 0, "Copyright (c) 2003, 2004, 2005 Optus Internet Engineering\n");
4105 LOG(0, 0, 0, "Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced\n");
4106 {
4107 struct rlimit rlim;
4108 rlim.rlim_cur = RLIM_INFINITY;
4109 rlim.rlim_max = RLIM_INFINITY;
4110 // Remove the maximum core size
4111 if (setrlimit(RLIMIT_CORE, &rlim) < 0)
4112 LOG(0, 0, 0, "Can't set ulimit: %s\n", strerror(errno));
4113
4114 // Make core dumps go to /tmp
4115 chdir("/tmp");
4116 }
4117
4118 if (config->scheduler_fifo)
4119 {
4120 int ret;
4121 struct sched_param params = {0};
4122 params.sched_priority = 1;
4123
4124 if (get_nprocs() < 2)
4125 {
4126 LOG(0, 0, 0, "Not using FIFO scheduler, there is only 1 processor in the system.\n");
4127 config->scheduler_fifo = 0;
4128 }
4129 else
4130 {
4131 if ((ret = sched_setscheduler(0, SCHED_FIFO, &params)) == 0)
4132 {
4133 LOG(1, 0, 0, "Using FIFO scheduler. Say goodbye to any other processes running\n");
4134 }
4135 else
4136 {
4137 LOG(0, 0, 0, "Error setting scheduler to FIFO: %s\n", strerror(errno));
4138 config->scheduler_fifo = 0;
4139 }
4140 }
4141 }
4142
4143 /* Set up the cluster communications port. */
4144 if (cluster_init() < 0)
4145 exit(1);
4146
4147 inittun();
4148 LOG(1, 0, 0, "Set up on interface %s\n", config->tundevice);
4149
4150 initudp();
4151 initrad();
4152 initippool();
4153
4154 // seed prng
4155 {
4156 unsigned seed = time_now ^ getpid();
4157 LOG(4, 0, 0, "Seeding the pseudo random generator: %u\n", seed);
4158 srand(seed);
4159 }
4160
4161 signal(SIGHUP, sighup_handler);
4162 signal(SIGCHLD, sigchild_handler);
4163 signal(SIGTERM, shutdown_handler);
4164 signal(SIGINT, shutdown_handler);
4165 signal(SIGQUIT, shutdown_handler);
4166
4167 // Prevent us from getting paged out
4168 if (config->lock_pages)
4169 {
4170 if (!mlockall(MCL_CURRENT))
4171 LOG(1, 0, 0, "Locking pages into memory\n");
4172 else
4173 LOG(0, 0, 0, "Can't lock pages: %s\n", strerror(errno));
4174 }
4175
4176 // Drop privileges here
4177 if (config->target_uid > 0 && geteuid() == 0)
4178 setuid(config->target_uid);
4179
4180 mainloop();
4181
4182 /* remove plugins (so cleanup code gets run) */
4183 plugins_done();
4184
4185 // Remove the PID file if we wrote it
4186 if (config->wrote_pid && *config->pid_file == '/')
4187 unlink(config->pid_file);
4188
4189 /* kill CLI children */
4190 signal(SIGTERM, SIG_IGN);
4191 kill(0, SIGTERM);
4192 return 0;
4193 }
4194
4195 static void sighup_handler(int sig)
4196 {
4197 main_reload++;
4198 }
4199
4200 static void shutdown_handler(int sig)
4201 {
4202 main_quit = (sig == SIGQUIT) ? QUIT_SHUTDOWN : QUIT_FAILOVER;
4203 }
4204
4205 static void sigchild_handler(int sig)
4206 {
4207 while (waitpid(-1, NULL, WNOHANG) > 0)
4208 ;
4209 }
4210
4211 static void build_chap_response(uint8_t *challenge, uint8_t id, uint16_t challenge_length, uint8_t **challenge_response)
4212 {
4213 MD5_CTX ctx;
4214 *challenge_response = NULL;
4215
4216 if (!*config->l2tp_secret)
4217 {
4218 LOG(0, 0, 0, "LNS requested CHAP authentication, but no l2tp secret is defined\n");
4219 return;
4220 }
4221
4222 LOG(4, 0, 0, " Building challenge response for CHAP request\n");
4223
4224 *challenge_response = calloc(17, 1);
4225
4226 MD5_Init(&ctx);
4227 MD5_Update(&ctx, &id, 1);
4228 MD5_Update(&ctx, config->l2tp_secret, strlen(config->l2tp_secret));
4229 MD5_Update(&ctx, challenge, challenge_length);
4230 MD5_Final(*challenge_response, &ctx);
4231
4232 return;
4233 }
4234
4235 static int facility_value(char *name)
4236 {
4237 int i;
4238 for (i = 0; facilitynames[i].c_name; i++)
4239 {
4240 if (strcmp(facilitynames[i].c_name, name) == 0)
4241 return facilitynames[i].c_val;
4242 }
4243 return 0;
4244 }
4245
4246 static void update_config()
4247 {
4248 int i;
4249 char *p;
4250 static int timeout = 0;
4251 static int interval = 0;
4252
4253 // Update logging
4254 closelog();
4255 syslog_log = 0;
4256 if (log_stream)
4257 {
4258 if (log_stream != stderr)
4259 fclose(log_stream);
4260
4261 log_stream = NULL;
4262 }
4263
4264 if (*config->log_filename)
4265 {
4266 if (strstr(config->log_filename, "syslog:") == config->log_filename)
4267 {
4268 char *p = config->log_filename + 7;
4269 if (*p)
4270 {
4271 openlog("l2tpns", LOG_PID, facility_value(p));
4272 syslog_log = 1;
4273 }
4274 }
4275 else if (strchr(config->log_filename, '/') == config->log_filename)
4276 {
4277 if ((log_stream = fopen((char *)(config->log_filename), "a")))
4278 {
4279 fseek(log_stream, 0, SEEK_END);
4280 setbuf(log_stream, NULL);
4281 }
4282 else
4283 {
4284 log_stream = stderr;
4285 setbuf(log_stream, NULL);
4286 }
4287 }
4288 }
4289 else
4290 {
4291 log_stream = stderr;
4292 setbuf(log_stream, NULL);
4293 }
4294
4295 #define L2TP_HDRS (20+8+6+4) // L2TP data encaptulation: ip + udp + l2tp (data) + ppp (inc hdlc)
4296 #define TCP_HDRS (20+20) // TCP encapsulation: ip + tcp
4297
4298 if (config->l2tp_mtu <= 0) config->l2tp_mtu = PPPMTU;
4299 else if (config->l2tp_mtu < MINMTU) config->l2tp_mtu = MINMTU;
4300 else if (config->l2tp_mtu > MAXMTU) config->l2tp_mtu = MAXMTU;
4301
4302 // reset MRU/MSS globals
4303 MRU = config->l2tp_mtu - L2TP_HDRS;
4304 MSS = MRU - TCP_HDRS;
4305
4306 // Update radius
4307 config->numradiusservers = 0;
4308 for (i = 0; i < MAXRADSERVER; i++)
4309 if (config->radiusserver[i])
4310 {
4311 config->numradiusservers++;
4312 // Set radius port: if not set, take the port from the
4313 // first radius server. For the first radius server,
4314 // take the #defined default value from l2tpns.h
4315
4316 // test twice, In case someone works with
4317 // a secondary radius server without defining
4318 // a primary one, this will work even then.
4319 if (i > 0 && !config->radiusport[i])
4320 config->radiusport[i] = config->radiusport[i-1];
4321 if (!config->radiusport[i])
4322 config->radiusport[i] = RADPORT;
4323 }
4324
4325 if (!config->numradiusservers)
4326 LOG(0, 0, 0, "No RADIUS servers defined!\n");
4327
4328 // parse radius_authtypes_s
4329 config->radius_authtypes = config->radius_authprefer = 0;
4330 p = config->radius_authtypes_s;
4331 while (p && *p)
4332 {
4333 char *s = strpbrk(p, " \t,");
4334 int type = 0;
4335
4336 if (s)
4337 {
4338 *s++ = 0;
4339 while (*s == ' ' || *s == '\t')
4340 s++;
4341
4342 if (!*s)
4343 s = 0;
4344 }
4345
4346 if (!strncasecmp("chap", p, strlen(p)))
4347 type = AUTHCHAP;
4348 else if (!strncasecmp("pap", p, strlen(p)))
4349 type = AUTHPAP;
4350 else
4351 LOG(0, 0, 0, "Invalid RADIUS authentication type \"%s\"\n", p);
4352
4353 config->radius_authtypes |= type;
4354 if (!config->radius_authprefer)
4355 config->radius_authprefer = type;
4356
4357 p = s;
4358 }
4359
4360 if (!config->radius_authtypes)
4361 {
4362 LOG(0, 0, 0, "Defaulting to PAP authentication\n");
4363 config->radius_authtypes = config->radius_authprefer = AUTHPAP;
4364 }
4365
4366 // normalise radius_authtypes_s
4367 if (config->radius_authprefer == AUTHPAP)
4368 {
4369 strcpy(config->radius_authtypes_s, "pap");
4370 if (config->radius_authtypes & AUTHCHAP)
4371 strcat(config->radius_authtypes_s, ", chap");
4372 }
4373 else
4374 {
4375 strcpy(config->radius_authtypes_s, "chap");
4376 if (config->radius_authtypes & AUTHPAP)
4377 strcat(config->radius_authtypes_s, ", pap");
4378 }
4379
4380 if (!config->radius_dae_port)
4381 config->radius_dae_port = DAEPORT;
4382
4383 // re-initialise the random number source
4384 initrandom(config->random_device);
4385
4386 // Update plugins
4387 for (i = 0; i < MAXPLUGINS; i++)
4388 {
4389 if (strcmp(config->plugins[i], config->old_plugins[i]) == 0)
4390 continue;
4391
4392 if (*config->plugins[i])
4393 {
4394 // Plugin added
4395 add_plugin(config->plugins[i]);
4396 }
4397 else if (*config->old_plugins[i])
4398 {
4399 // Plugin removed
4400 remove_plugin(config->old_plugins[i]);
4401 }
4402 }
4403
4404 memcpy(config->old_plugins, config->plugins, sizeof(config->plugins));
4405 if (!config->multi_read_count) config->multi_read_count = 10;
4406 if (!config->cluster_address) config->cluster_address = inet_addr(DEFAULT_MCAST_ADDR);
4407 if (!*config->cluster_interface)
4408 strncpy(config->cluster_interface, DEFAULT_MCAST_INTERFACE, sizeof(config->cluster_interface) - 1);
4409
4410 if (!config->cluster_hb_interval)
4411 config->cluster_hb_interval = PING_INTERVAL; // Heartbeat every 0.5 seconds.
4412
4413 if (!config->cluster_hb_timeout)
4414 config->cluster_hb_timeout = HB_TIMEOUT; // 10 missed heartbeat triggers an election.
4415
4416 if (interval != config->cluster_hb_interval || timeout != config->cluster_hb_timeout)
4417 {
4418 // Paranoia: cluster_check_master() treats 2 x interval + 1 sec as
4419 // late, ensure we're sufficiently larger than that
4420 int t = 4 * config->cluster_hb_interval + 11;
4421
4422 if (config->cluster_hb_timeout < t)
4423 {
4424 LOG(0, 0, 0, "Heartbeat timeout %d too low, adjusting to %d\n", config->cluster_hb_timeout, t);
4425 config->cluster_hb_timeout = t;
4426 }
4427
4428 // Push timing changes to the slaves immediately if we're the master
4429 if (config->cluster_iam_master)
4430 cluster_heartbeat();
4431
4432 interval = config->cluster_hb_interval;
4433 timeout = config->cluster_hb_timeout;
4434 }
4435
4436 // Write PID file
4437 if (*config->pid_file == '/' && !config->wrote_pid)
4438 {
4439 FILE *f;
4440 if ((f = fopen(config->pid_file, "w")))
4441 {
4442 fprintf(f, "%d\n", getpid());
4443 fclose(f);
4444 config->wrote_pid = 1;
4445 }
4446 else
4447 {
4448 LOG(0, 0, 0, "Can't write to PID file %s: %s\n", config->pid_file, strerror(errno));
4449 }
4450 }
4451 }
4452
4453 static void read_config_file()
4454 {
4455 FILE *f;
4456
4457 if (!config->config_file) return;
4458 if (!(f = fopen(config->config_file, "r")))
4459 {
4460 fprintf(stderr, "Can't open config file %s: %s\n", config->config_file, strerror(errno));
4461 return;
4462 }
4463
4464 LOG(3, 0, 0, "Reading config file %s\n", config->config_file);
4465 cli_do_file(f);
4466 LOG(3, 0, 0, "Done reading config file\n");
4467 fclose(f);
4468 }
4469
4470 int sessionsetup(sessionidt s, tunnelidt t)
4471 {
4472 // A session now exists, set it up
4473 in_addr_t ip;
4474 char *user;
4475 sessionidt i;
4476 int r;
4477
4478 CSTAT(sessionsetup);
4479
4480 LOG(3, s, t, "Doing session setup for session\n");
4481
4482 if (!session[s].ip)
4483 {
4484 assign_ip_address(s);
4485 if (!session[s].ip)
4486 {
4487 LOG(0, s, t, " No IP allocated. The IP address pool is FULL!\n");
4488 sessionshutdown(s, "No IP addresses available.", 2, 7); // try another
4489 return 0;
4490 }
4491 LOG(3, s, t, " No IP allocated. Assigned %s from pool\n",
4492 fmtaddr(htonl(session[s].ip), 0));
4493 }
4494
4495
4496 // Make sure this is right
4497 session[s].tunnel = t;
4498
4499 // zap old sessions with same IP and/or username
4500 // Don't kill gardened sessions - doing so leads to a DoS
4501 // from someone who doesn't need to know the password
4502 {
4503 ip = session[s].ip;
4504 user = session[s].user;
4505 for (i = 1; i <= config->cluster_highest_sessionid; i++)
4506 {
4507 if (i == s) continue;
4508 if (!session[s].opened) continue;
4509 if (ip == session[i].ip)
4510 {
4511 sessionkill(i, "Duplicate IP address");
4512 continue;
4513 }
4514
4515 if (config->allow_duplicate_users) continue;
4516 if (session[s].walled_garden || session[i].walled_garden) continue;
4517 if (!strcasecmp(user, session[i].user))
4518 sessionkill(i, "Duplicate session for users");
4519 }
4520 }
4521
4522 {
4523 int routed = 0;
4524
4525 // Add the route for this session.
4526 for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
4527 {
4528 if ((session[s].ip & session[s].route[r].mask) ==
4529 (session[s].route[r].ip & session[s].route[r].mask))
4530 routed++;
4531
4532 routeset(s, session[s].route[r].ip, session[s].route[r].mask, 0, 1);
4533 }
4534
4535 // Static IPs need to be routed if not already
4536 // convered by a Framed-Route. Anything else is part
4537 // of the IP address pool and is already routed, it
4538 // just needs to be added to the IP cache.
4539 // IPv6 route setup is done in ppp.c, when IPV6CP is acked.
4540 if (session[s].ip_pool_index == -1) // static ip
4541 {
4542 if (!routed) routeset(s, session[s].ip, 0, 0, 1);
4543 }
4544 else
4545 cache_ipmap(session[s].ip, s);
4546 }
4547
4548 sess_local[s].lcp_authtype = 0; // RADIUS authentication complete
4549 lcp_open(s, t); // transition to Network phase and send initial IPCP
4550
4551 // Run the plugin's against this new session.
4552 {
4553 struct param_new_session data = { &tunnel[t], &session[s] };
4554 run_plugins(PLUGIN_NEW_SESSION, &data);
4555 }
4556
4557 // Allocate TBFs if throttled
4558 if (session[s].throttle_in || session[s].throttle_out)
4559 throttle_session(s, session[s].throttle_in, session[s].throttle_out);
4560
4561 session[s].last_packet = time_now;
4562
4563 LOG(2, s, t, "Login by %s at %s from %s (%s)\n", session[s].user,
4564 fmtaddr(htonl(session[s].ip), 0),
4565 fmtaddr(htonl(tunnel[t].ip), 1), tunnel[t].hostname);
4566
4567 cluster_send_session(s); // Mark it as dirty, and needing to the flooded to the cluster.
4568
4569 return 1; // RADIUS OK and IP allocated, done...
4570 }
4571
4572 //
4573 // This session just got dropped on us by the master or something.
4574 // Make sure our tables up up to date...
4575 //
4576 int load_session(sessionidt s, sessiont *new)
4577 {
4578 int i;
4579 int newip = 0;
4580
4581 // Sanity checks.
4582 if (new->ip_pool_index >= MAXIPPOOL ||
4583 new->tunnel >= MAXTUNNEL)
4584 {
4585 LOG(0, s, 0, "Strange session update received!\n");
4586 // FIXME! What to do here?
4587 return 0;
4588 }
4589
4590 //
4591 // Ok. All sanity checks passed. Now we're committed to
4592 // loading the new session.
4593 //
4594
4595 session[s].tunnel = new->tunnel; // For logging in cache_ipmap
4596
4597 // See if routes/ip cache need updating
4598 if (new->ip != session[s].ip)
4599 newip++;
4600
4601 for (i = 0; !newip && i < MAXROUTE && (session[s].route[i].ip || new->route[i].ip); i++)
4602 if (new->route[i].ip != session[s].route[i].ip ||
4603 new->route[i].mask != session[s].route[i].mask)
4604 newip++;
4605
4606 // needs update
4607 if (newip)
4608 {
4609 int routed = 0;
4610
4611 // remove old routes...
4612 for (i = 0; i < MAXROUTE && session[s].route[i].ip; i++)
4613 {
4614 if ((session[s].ip & session[s].route[i].mask) ==
4615 (session[s].route[i].ip & session[s].route[i].mask))
4616 routed++;
4617
4618 routeset(s, session[s].route[i].ip, session[s].route[i].mask, 0, 0);
4619 }
4620
4621 // ...ip
4622 if (session[s].ip)
4623 {
4624 if (session[s].ip_pool_index == -1) // static IP
4625 {
4626 if (!routed) routeset(s, session[s].ip, 0, 0, 0);
4627 }
4628 else // It's part of the IP pool, remove it manually.
4629 uncache_ipmap(session[s].ip);
4630 }
4631
4632 routed = 0;
4633
4634 // add new routes...
4635 for (i = 0; i < MAXROUTE && new->route[i].ip; i++)
4636 {
4637 if ((new->ip & new->route[i].mask) ==
4638 (new->route[i].ip & new->route[i].mask))
4639 routed++;
4640
4641 routeset(s, new->route[i].ip, new->route[i].mask, 0, 1);
4642 }
4643
4644 // ...ip
4645 if (new->ip)
4646 {
4647 // If there's a new one, add it.
4648 if (new->ip_pool_index == -1)
4649 {
4650 if (!routed) routeset(s, new->ip, 0, 0, 1);
4651 }
4652 else
4653 cache_ipmap(new->ip, s);
4654 }
4655 }
4656
4657 // check v6 routing
4658 if (new->ipv6prefixlen && new->ppp.ipv6cp == Opened && session[s].ppp.ipv6cp != Opened)
4659 route6set(s, new->ipv6route, new->ipv6prefixlen, 1);
4660
4661 // check filters
4662 if (new->filter_in && (new->filter_in > MAXFILTER || !ip_filters[new->filter_in - 1].name[0]))
4663 {
4664 LOG(2, s, session[s].tunnel, "Dropping invalid input filter %d\n", (int) new->filter_in);
4665 new->filter_in = 0;
4666 }
4667
4668 if (new->filter_out && (new->filter_out > MAXFILTER || !ip_filters[new->filter_out - 1].name[0]))
4669 {
4670 LOG(2, s, session[s].tunnel, "Dropping invalid output filter %d\n", (int) new->filter_out);
4671 new->filter_out = 0;
4672 }
4673
4674 if (new->filter_in != session[s].filter_in)
4675 {
4676 if (session[s].filter_in) ip_filters[session[s].filter_in - 1].used--;
4677 if (new->filter_in) ip_filters[new->filter_in - 1].used++;
4678 }
4679
4680 if (new->filter_out != session[s].filter_out)
4681 {
4682 if (session[s].filter_out) ip_filters[session[s].filter_out - 1].used--;
4683 if (new->filter_out) ip_filters[new->filter_out - 1].used++;
4684 }
4685
4686 if (new->tunnel && s > config->cluster_highest_sessionid) // Maintain this in the slave. It's used
4687 // for walking the sessions to forward byte counts to the master.
4688 config->cluster_highest_sessionid = s;
4689
4690 memcpy(&session[s], new, sizeof(session[s])); // Copy over..
4691
4692 // Do fixups into address pool.
4693 if (new->ip_pool_index != -1)
4694 fix_address_pool(s);
4695
4696 return 1;
4697 }
4698
4699 static void initplugins()
4700 {
4701 int i;
4702
4703 loaded_plugins = ll_init();
4704 // Initialize the plugins to nothing
4705 for (i = 0; i < MAX_PLUGIN_TYPES; i++)
4706 plugins[i] = ll_init();
4707 }
4708
4709 static void *open_plugin(char *plugin_name, int load)
4710 {
4711 char path[256] = "";
4712
4713 snprintf(path, 256, PLUGINDIR "/%s.so", plugin_name);
4714 LOG(2, 0, 0, "%soading plugin from %s\n", load ? "L" : "Un-l", path);
4715 return dlopen(path, RTLD_NOW);
4716 }
4717
4718 // plugin callback to get a config value
4719 static void *getconfig(char *key, enum config_typet type)
4720 {
4721 int i;
4722
4723 for (i = 0; config_values[i].key; i++)
4724 {
4725 if (!strcmp(config_values[i].key, key))
4726 {
4727 if (config_values[i].type == type)
4728 return ((void *) config) + config_values[i].offset;
4729
4730 LOG(1, 0, 0, "plugin requested config item \"%s\" expecting type %d, have type %d\n",
4731 key, type, config_values[i].type);
4732
4733 return 0;
4734 }
4735 }
4736
4737 LOG(1, 0, 0, "plugin requested unknown config item \"%s\"\n", key);
4738 return 0;
4739 }
4740
4741 static int add_plugin(char *plugin_name)
4742 {
4743 static struct pluginfuncs funcs = {
4744 _log,
4745 _log_hex,
4746 fmtaddr,
4747 sessionbyuser,
4748 sessiontbysessionidt,
4749 sessionidtbysessiont,
4750 radiusnew,
4751 radiussend,
4752 getconfig,
4753 sessionshutdown,
4754 sessionkill,
4755 throttle_session,
4756 cluster_send_session,
4757 };
4758
4759 void *p = open_plugin(plugin_name, 1);
4760 int (*initfunc)(struct pluginfuncs *);
4761 int i;
4762
4763 if (!p)
4764 {
4765 LOG(1, 0, 0, " Plugin load failed: %s\n", dlerror());
4766 return -1;
4767 }
4768
4769 if (ll_contains(loaded_plugins, p))
4770 {
4771 dlclose(p);
4772 return 0; // already loaded
4773 }
4774
4775 {
4776 int *v = dlsym(p, "plugin_api_version");
4777 if (!v || *v != PLUGIN_API_VERSION)
4778 {
4779 LOG(1, 0, 0, " Plugin load failed: API version mismatch: %s\n", dlerror());
4780 dlclose(p);
4781 return -1;
4782 }
4783 }
4784
4785 if ((initfunc = dlsym(p, "plugin_init")))
4786 {
4787 if (!initfunc(&funcs))
4788 {
4789 LOG(1, 0, 0, " Plugin load failed: plugin_init() returned FALSE: %s\n", dlerror());
4790 dlclose(p);
4791 return -1;
4792 }
4793 }
4794
4795 ll_push(loaded_plugins, p);
4796
4797 for (i = 0; i < max_plugin_functions; i++)
4798 {
4799 void *x;
4800 if (plugin_functions[i] && (x = dlsym(p, plugin_functions[i])))
4801 {
4802 LOG(3, 0, 0, " Supports function \"%s\"\n", plugin_functions[i]);
4803 ll_push(plugins[i], x);
4804 }
4805 }
4806
4807 LOG(2, 0, 0, " Loaded plugin %s\n", plugin_name);
4808 return 1;
4809 }
4810
4811 static void run_plugin_done(void *plugin)
4812 {
4813 int (*donefunc)(void) = dlsym(plugin, "plugin_done");
4814
4815 if (donefunc)
4816 donefunc();
4817 }
4818
4819 static int remove_plugin(char *plugin_name)
4820 {
4821 void *p = open_plugin(plugin_name, 0);
4822 int loaded = 0;
4823
4824 if (!p)
4825 return -1;
4826
4827 if (ll_contains(loaded_plugins, p))
4828 {
4829 int i;
4830 for (i = 0; i < max_plugin_functions; i++)
4831 {
4832 void *x;
4833 if (plugin_functions[i] && (x = dlsym(p, plugin_functions[i])))
4834 ll_delete(plugins[i], x);
4835 }
4836
4837 ll_delete(loaded_plugins, p);
4838 run_plugin_done(p);
4839 loaded = 1;
4840 }
4841
4842 dlclose(p);
4843 LOG(2, 0, 0, "Removed plugin %s\n", plugin_name);
4844 return loaded;
4845 }
4846
4847 int run_plugins(int plugin_type, void *data)
4848 {
4849 int (*func)(void *data);
4850
4851 if (!plugins[plugin_type] || plugin_type > max_plugin_functions)
4852 return PLUGIN_RET_ERROR;
4853
4854 ll_reset(plugins[plugin_type]);
4855 while ((func = ll_next(plugins[plugin_type])))
4856 {
4857 int r = func(data);
4858
4859 if (r != PLUGIN_RET_OK)
4860 return r; // stop here
4861 }
4862
4863 return PLUGIN_RET_OK;
4864 }
4865
4866 static void plugins_done()
4867 {
4868 void *p;
4869
4870 ll_reset(loaded_plugins);
4871 while ((p = ll_next(loaded_plugins)))
4872 run_plugin_done(p);
4873 }
4874
4875 static void processcontrol(uint8_t *buf, int len, struct sockaddr_in *addr, int alen)
4876 {
4877 struct nsctl request;
4878 struct nsctl response;
4879 int type = unpack_control(&request, buf, len);
4880 int r;
4881 void *p;
4882
4883 if (log_stream && config->debug >= 4)
4884 {
4885 if (type < 0)
4886 {
4887 LOG(4, 0, 0, "Bogus control message from %s (%d)\n",
4888 fmtaddr(addr->sin_addr.s_addr, 0), type);
4889 }
4890 else
4891 {
4892 LOG(4, 0, 0, "Received [%s] ", fmtaddr(addr->sin_addr.s_addr, 0));
4893 dump_control(&request, log_stream);
4894 }
4895 }
4896
4897 switch (type)
4898 {
4899 case NSCTL_REQ_LOAD:
4900 if (request.argc != 1)
4901 {
4902 response.type = NSCTL_RES_ERR;
4903 response.argc = 1;
4904 response.argv[0] = "name of plugin required";
4905 }
4906 else if ((r = add_plugin(request.argv[0])) < 1)
4907 {
4908 response.type = NSCTL_RES_ERR;
4909 response.argc = 1;
4910 response.argv[0] = !r
4911 ? "plugin already loaded"
4912 : "error loading plugin";
4913 }
4914 else
4915 {
4916 response.type = NSCTL_RES_OK;
4917 response.argc = 0;
4918 }
4919
4920 break;
4921
4922 case NSCTL_REQ_UNLOAD:
4923 if (request.argc != 1)
4924 {
4925 response.type = NSCTL_RES_ERR;
4926 response.argc = 1;
4927 response.argv[0] = "name of plugin required";
4928 }
4929 else if ((r = remove_plugin(request.argv[0])) < 1)
4930 {
4931 response.type = NSCTL_RES_ERR;
4932 response.argc = 1;
4933 response.argv[0] = !r
4934 ? "plugin not loaded"
4935 : "plugin not found";
4936 }
4937 else
4938 {
4939 response.type = NSCTL_RES_OK;
4940 response.argc = 0;
4941 }
4942
4943 break;
4944
4945 case NSCTL_REQ_HELP:
4946 response.type = NSCTL_RES_OK;
4947 response.argc = 0;
4948
4949 ll_reset(loaded_plugins);
4950 while ((p = ll_next(loaded_plugins)))
4951 {
4952 char **help = dlsym(p, "plugin_control_help");
4953 while (response.argc < 0xff && help && *help)
4954 response.argv[response.argc++] = *help++;
4955 }
4956
4957 break;
4958
4959 case NSCTL_REQ_CONTROL:
4960 {
4961 struct param_control param = {
4962 config->cluster_iam_master,
4963 request.argc,
4964 request.argv,
4965 0,
4966 NULL,
4967 };
4968
4969 int r = run_plugins(PLUGIN_CONTROL, &param);
4970
4971 if (r == PLUGIN_RET_ERROR)
4972 {
4973 response.type = NSCTL_RES_ERR;
4974 response.argc = 1;
4975 response.argv[0] = param.additional
4976 ? param.additional
4977 : "error returned by plugin";
4978 }
4979 else if (r == PLUGIN_RET_NOTMASTER)
4980 {
4981 static char msg[] = "must be run on master: 000.000.000.000";
4982
4983 response.type = NSCTL_RES_ERR;
4984 response.argc = 1;
4985 if (config->cluster_master_address)
4986 {
4987 strcpy(msg + 23, fmtaddr(config->cluster_master_address, 0));
4988 response.argv[0] = msg;
4989 }
4990 else
4991 {
4992 response.argv[0] = "must be run on master: none elected";
4993 }
4994 }
4995 else if (!(param.response & NSCTL_RESPONSE))
4996 {
4997 response.type = NSCTL_RES_ERR;
4998 response.argc = 1;
4999 response.argv[0] = param.response
5000 ? "unrecognised response value from plugin"
5001 : "unhandled action";
5002 }
5003 else
5004 {
5005 response.type = param.response;
5006 response.argc = 0;
5007 if (param.additional)
5008 {
5009 response.argc = 1;
5010 response.argv[0] = param.additional;
5011 }
5012 }
5013 }
5014
5015 break;
5016
5017 default:
5018 response.type = NSCTL_RES_ERR;
5019 response.argc = 1;
5020 response.argv[0] = "error unpacking control packet";
5021 }
5022
5023 buf = calloc(NSCTL_MAX_PKT_SZ, 1);
5024 if (!buf)
5025 {
5026 LOG(2, 0, 0, "Failed to allocate nsctl response\n");
5027 return;
5028 }
5029
5030 r = pack_control(buf, NSCTL_MAX_PKT_SZ, response.type, response.argc, response.argv);
5031 if (r > 0)
5032 {
5033 sendto(controlfd, buf, r, 0, (const struct sockaddr *) addr, alen);
5034 if (log_stream && config->debug >= 4)
5035 {
5036 LOG(4, 0, 0, "Sent [%s] ", fmtaddr(addr->sin_addr.s_addr, 0));
5037 dump_control(&response, log_stream);
5038 }
5039 }
5040 else
5041 LOG(2, 0, 0, "Failed to pack nsctl response for %s (%d)\n",
5042 fmtaddr(addr->sin_addr.s_addr, 0), r);
5043
5044 free(buf);
5045 }
5046
5047 static tunnelidt new_tunnel()
5048 {
5049 tunnelidt i;
5050 for (i = 1; i < MAXTUNNEL; i++)
5051 {
5052 if (tunnel[i].state == TUNNELFREE)
5053 {
5054 LOG(4, 0, i, "Assigning tunnel ID %d\n", i);
5055 if (i > config->cluster_highest_tunnelid)
5056 config->cluster_highest_tunnelid = i;
5057 return i;
5058 }
5059 }
5060 LOG(0, 0, 0, "Can't find a free tunnel! There shouldn't be this many in use!\n");
5061 return 0;
5062 }
5063
5064 //
5065 // We're becoming the master. Do any required setup..
5066 //
5067 // This is principally telling all the plugins that we're
5068 // now a master, and telling them about all the sessions
5069 // that are active too..
5070 //
5071 void become_master(void)
5072 {
5073 int s, i;
5074 static struct event_data d[RADIUS_FDS];
5075 struct epoll_event e;
5076
5077 run_plugins(PLUGIN_BECOME_MASTER, NULL);
5078
5079 // running a bunch of iptables commands is slow and can cause
5080 // the master to drop tunnels on takeover--kludge around the
5081 // problem by forking for the moment (note: race)
5082 if (!fork_and_close())
5083 {
5084 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
5085 {
5086 if (!session[s].opened) // Not an in-use session.
5087 continue;
5088
5089 run_plugins(PLUGIN_NEW_SESSION_MASTER, &session[s]);
5090 }
5091 exit(0);
5092 }
5093
5094 // add radius fds
5095 e.events = EPOLLIN;
5096 for (i = 0; i < RADIUS_FDS; i++)
5097 {
5098 d[i].type = FD_TYPE_RADIUS;
5099 d[i].index = i;
5100 e.data.ptr = &d[i];
5101
5102 epoll_ctl(epollfd, EPOLL_CTL_ADD, radfds[i], &e);
5103 }
5104 }
5105
5106 int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc)
5107 {
5108 int s, i;
5109 int count = 0;
5110 int buckets[64];
5111
5112 if (CLI_HELP_REQUESTED)
5113 return CLI_HELP_NO_ARGS;
5114
5115 time(&time_now);
5116 for (i = 0; i < 64;++i) buckets[i] = 0;
5117
5118 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
5119 {
5120 int idle;
5121 if (!session[s].opened)
5122 continue;
5123
5124 idle = time_now - session[s].last_packet;
5125 idle /= 5 ; // In multiples of 5 seconds.
5126 if (idle < 0)
5127 idle = 0;
5128 if (idle > 63)
5129 idle = 63;
5130
5131 ++count;
5132 ++buckets[idle];
5133 }
5134
5135 for (i = 0; i < 63; ++i)
5136 {
5137 cli_print(cli, "%3d seconds : %7.2f%% (%6d)", i * 5, (double) buckets[i] * 100.0 / count , buckets[i]);
5138 }
5139 cli_print(cli, "lots of secs : %7.2f%% (%6d)", (double) buckets[63] * 100.0 / count , buckets[i]);
5140 cli_print(cli, "%d total sessions open.", count);
5141 return CLI_OK;
5142 }
5143
5144 int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc)
5145 {
5146 int s, i;
5147 int count = 0;
5148 int buckets[64];
5149
5150 if (CLI_HELP_REQUESTED)
5151 return CLI_HELP_NO_ARGS;
5152
5153 time(&time_now);
5154 for (i = 0; i < 64;++i) buckets[i] = 0;
5155
5156 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
5157 {
5158 int open = 0, d;
5159 if (!session[s].opened)
5160 continue;
5161
5162 d = time_now - session[s].opened;
5163 if (d < 0)
5164 d = 0;
5165 while (d > 1 && open < 32)
5166 {
5167 ++open;
5168 d >>= 1; // half.
5169 }
5170 ++count;
5171 ++buckets[open];
5172 }
5173
5174 s = 1;
5175 for (i = 0; i < 30; ++i)
5176 {
5177 cli_print(cli, " < %8d seconds : %7.2f%% (%6d)", s, (double) buckets[i] * 100.0 / count , buckets[i]);
5178 s <<= 1;
5179 }
5180 cli_print(cli, "%d total sessions open.", count);
5181 return CLI_OK;
5182 }
5183
5184 /* Unhide an avp.
5185 *
5186 * This unencodes the AVP using the L2TP secret and the previously
5187 * stored random vector. It overwrites the hidden data with the
5188 * unhidden AVP subformat.
5189 */
5190 static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len)
5191 {
5192 MD5_CTX ctx;
5193 uint8_t digest[16];
5194 uint8_t *last;
5195 size_t d = 0;
5196 uint16_t m = htons(type);
5197
5198 // Compute initial pad
5199 MD5_Init(&ctx);
5200 MD5_Update(&ctx, (unsigned char *) &m, 2);
5201 MD5_Update(&ctx, config->l2tp_secret, strlen(config->l2tp_secret));
5202 MD5_Update(&ctx, vector, vec_len);
5203 MD5_Final(digest, &ctx);
5204
5205 // pointer to last decoded 16 octets
5206 last = value;
5207
5208 while (len > 0)
5209 {
5210 // calculate a new pad based on the last decoded block
5211 if (d >= sizeof(digest))
5212 {
5213 MD5_Init(&ctx);
5214 MD5_Update(&ctx, config->l2tp_secret, strlen(config->l2tp_secret));
5215 MD5_Update(&ctx, last, sizeof(digest));
5216 MD5_Final(digest, &ctx);
5217
5218 d = 0;
5219 last = value;
5220 }
5221
5222 *value++ ^= digest[d++];
5223 len--;
5224 }
5225 }
5226
5227 int find_filter(char const *name, size_t len)
5228 {
5229 int free = -1;
5230 int i;
5231
5232 for (i = 0; i < MAXFILTER; i++)
5233 {
5234 if (!*ip_filters[i].name)
5235 {
5236 if (free < 0)
5237 free = i;
5238
5239 continue;
5240 }
5241
5242 if (strlen(ip_filters[i].name) != len)
5243 continue;
5244
5245 if (!strncmp(ip_filters[i].name, name, len))
5246 return i;
5247 }
5248
5249 return free;
5250 }
5251
5252 static int ip_filter_port(ip_filter_portt *p, uint16_t port)
5253 {
5254 switch (p->op)
5255 {
5256 case FILTER_PORT_OP_EQ: return port == p->port;
5257 case FILTER_PORT_OP_NEQ: return port != p->port;
5258 case FILTER_PORT_OP_GT: return port > p->port;
5259 case FILTER_PORT_OP_LT: return port < p->port;
5260 case FILTER_PORT_OP_RANGE: return port >= p->port && port <= p->port2;
5261 }
5262
5263 return 0;
5264 }
5265
5266 static int ip_filter_flag(uint8_t op, uint8_t sflags, uint8_t cflags, uint8_t flags)
5267 {
5268 switch (op)
5269 {
5270 case FILTER_FLAG_OP_ANY:
5271 return (flags & sflags) || (~flags & cflags);
5272
5273 case FILTER_FLAG_OP_ALL:
5274 return (flags & sflags) == sflags && (~flags & cflags) == cflags;
5275
5276 case FILTER_FLAG_OP_EST:
5277 return (flags & (TCP_FLAG_ACK|TCP_FLAG_RST)) && (~flags & TCP_FLAG_SYN);
5278 }
5279
5280 return 0;
5281 }
5282
5283 int ip_filter(uint8_t *buf, int len, uint8_t filter)
5284 {
5285 uint16_t frag_offset;
5286 uint8_t proto;
5287 in_addr_t src_ip;
5288 in_addr_t dst_ip;
5289 uint16_t src_port = 0;
5290 uint16_t dst_port = 0;
5291 uint8_t flags = 0;
5292 ip_filter_rulet *rule;
5293
5294 if (len < 20) // up to end of destination address
5295 return 0;
5296
5297 if ((*buf >> 4) != 4) // IPv4
5298 return 0;
5299
5300 frag_offset = ntohs(*(uint16_t *) (buf + 6)) & 0x1fff;
5301 proto = buf[9];
5302 src_ip = *(in_addr_t *) (buf + 12);
5303 dst_ip = *(in_addr_t *) (buf + 16);
5304
5305 if (frag_offset == 0 && (proto == IPPROTO_TCP || proto == IPPROTO_UDP))
5306 {
5307 int l = (buf[0] & 0xf) * 4; // length of IP header
5308 if (len < l + 4) // ports
5309 return 0;
5310
5311 src_port = ntohs(*(uint16_t *) (buf + l));
5312 dst_port = ntohs(*(uint16_t *) (buf + l + 2));
5313 if (proto == IPPROTO_TCP)
5314 {
5315 if (len < l + 14) // flags
5316 return 0;
5317
5318 flags = buf[l + 13] & 0x3f;
5319 }
5320 }
5321
5322 for (rule = ip_filters[filter].rules; rule->action; rule++)
5323 {
5324 if (rule->proto != IPPROTO_IP && proto != rule->proto)
5325 continue;
5326
5327 if (rule->src_wild != INADDR_BROADCAST &&
5328 (src_ip & ~rule->src_wild) != (rule->src_ip & ~rule->src_wild))
5329 continue;
5330
5331 if (rule->dst_wild != INADDR_BROADCAST &&
5332 (dst_ip & ~rule->dst_wild) != (rule->dst_ip & ~rule->dst_wild))
5333 continue;
5334
5335 if (frag_offset)
5336 {
5337 // layer 4 deny rules are skipped
5338 if (rule->action == FILTER_ACTION_DENY &&
5339 (rule->src_ports.op || rule->dst_ports.op || rule->tcp_flag_op))
5340 continue;
5341 }
5342 else
5343 {
5344 if (rule->frag)
5345 continue;
5346
5347 if (proto == IPPROTO_TCP || proto == IPPROTO_UDP)
5348 {
5349 if (rule->src_ports.op && !ip_filter_port(&rule->src_ports, src_port))
5350 continue;
5351
5352 if (rule->dst_ports.op && !ip_filter_port(&rule->dst_ports, dst_port))
5353 continue;
5354
5355 if (proto == IPPROTO_TCP && rule->tcp_flag_op &&
5356 !ip_filter_flag(rule->tcp_flag_op, rule->tcp_sflags, rule->tcp_cflags, flags))
5357 continue;
5358 }
5359 }
5360
5361 // matched
5362 rule->counter++;
5363 return rule->action == FILTER_ACTION_PERMIT;
5364 }
5365
5366 // default deny
5367 return 0;
5368 }
for cloning use: "git clone git://git.sameswireless.fr/l2tpns.git" ; For add to your sources.list: "deb http://package.sameswifi.fr/ jessie main"