projects / l2tpns.git / blob
? search:


f0071544d37288ae7d3079a2fec0b778785aedc7
[l2tpns.git] / l2tpns.h
1 // L2TPNS Global Stuff
2 // $Id: l2tpns.h,v 1.6 2004-05-24 04:33:35 fred_nerk Exp $
3
4 #include <netinet/in.h>
5 #include <stdio.h>
6 #include <execinfo.h>
7 #include "config.h"
8
9 #define VERSION "1.2.0"
10
11 // Limits
12 #define MAXTUNNEL 500 // could be up to 65535
13 #define MAXSESSION 50000 // could be up to 65535
14 #define RADIUS_SHIFT 5
15 #define RADIUS_MASK ((unsigned short)(((unsigned short)~0) >> (16 - RADIUS_SHIFT)))
16 #define MAXRADIUS ((2 << (RADIUS_SHIFT - 1)) * 255)
17
18 #define MAXCONTROL 1000 // max length control message we ever send...
19 #define MAXETHER (1500+18) // max packet we try sending to tap
20 #define MAXTEL 96 // telephone number
21 #define MAXPLUGINS 20 // maximum number of plugins to load
22 #define MAXRADSERVER 10 // max radius servers
23 #define MAXROUTE 10 // max static routes per session
24 #define MAXIPPOOL 131072 // max number of ip addresses in pool
25 #define RINGBUFFER_SIZE 10000 // Number of ringbuffer entries to allocate
26 #define MAX_LOG_LENGTH 512 // Maximum size of log message
27 #define ECHO_TIMEOUT 60 // Time between last packet sent and LCP ECHO generation
28 #define IDLE_TIMEOUT 240 // Time between last packet sent and LCP ECHO generation
29
30 // Constants
31 #define STATISTICS
32 #define STAT_CALLS
33 #define RINGBUFFER
34 #define TAPDEVICE "/dev/net/tun"
35 #define UDP 17
36 #define HOMEDIR "/home/l2tpns/" // Base dir for data
37 #define STATEFILE "/tmp/l2tpns.dump" // State dump file
38 #define NOSTATEFILE "/tmp/l2tpns.no_state_reload" // If exists, state will not be reloaded
39 #define CONFIGFILE ETCDIR "/l2tpns.cfg" // Configuration file
40 #define CLIUSERS ETCDIR "/l2tpns.users" // CLI Users file
41 #define IPPOOLFILE ETCDIR "/l2tpns.ip_pool" // Address pool configuration
42 #ifndef LIBDIR
43 #define LIBDIR "/usr/lib/l2tpns"
44 #endif
45 #define ACCT_TIME 3000 // 5 minute accounting interval
46 #define L2TPPORT 1701 // L2TP port
47 #define RADPORT 1645 // old radius port...
48 #define RADAPORT 1646 // old radius accounting port
49 #define PKTARP 0x0806 // ARP packet type
50 #define PKTIP 0x0800 // IP packet type
51 #define PSEUDOMAC 0x0200 // pseudo MAC prefix (local significant MAC)
52 #define PPPPAP 0xC023
53 #define PPPCHAP 0xC223
54 #define PPPLCP 0xC021
55 #define PPPIPCP 0x8021
56 #define PPPCCP 0x80FD
57 #define PPPIP 0x0021
58 #define PPPMP 0x003D
59 #define MIN_IP_SIZE 0x20
60 enum
61 {
62 ConfigReq = 1,
63 ConfigAck,
64 ConfigNak,
65 ConfigRej,
66 TerminateReq,
67 TerminateAck,
68 CodeRej,
69 ProtocolRej,
70 EchoReq,
71 EchoReply,
72 DiscardRequest
73 };
74
75 // Types
76 typedef unsigned short u16;
77 typedef unsigned int u32;
78 typedef unsigned char u8;
79 typedef u32 ipt;
80 typedef u16 portt;
81 typedef u16 sessionidt;
82 typedef u16 tunnelidt;
83 typedef u32 clockt;
84 typedef u8 hasht[16];
85
86 // dump header: update number if internal format changes
87 #define DUMP_MAGIC "L2TPNS#" VERSION "#"
88
89 // structures
90 typedef struct routes // route
91 {
92 ipt ip;
93 ipt mask;
94 }
95 routet;
96
97 typedef struct controls // control message
98 {
99 struct controls *next; // next in queue
100 u16 length; // length
101 u8 buf[MAXCONTROL];
102 }
103 controlt;
104
105 typedef struct stbft
106 {
107 char handle[10];
108 char in_use;
109 } tbft;
110
111
112 // 336 bytes per session
113 typedef struct sessions
114 {
115 sessionidt next; // next session in linked list
116 sessionidt far; // far end session ID
117 tunnelidt tunnel; // tunnel ID
118 ipt ip; // IP of session set by RADIUS response
119 int ip_pool_index; // index to IP pool
120 unsigned long sid; // session id for hsddb
121 u16 nr; // next receive
122 u16 ns; // next send
123 u32 magic; // ppp magic number
124 u32 cin, cout; // byte counts
125 u32 pin, pout; // packet counts
126 u32 total_cin; // This counter is never reset while a session is open
127 u32 total_cout; // This counter is never reset while a session is open
128 u32 id; // session id
129 clockt opened; // when started
130 clockt die; // being closed, when to finally free
131 time_t last_packet; // Last packet from the user (used for idle timeouts)
132 ipt dns1, dns2; // DNS servers
133 routet route[MAXROUTE]; // static routes
134 u16 radius; // which radius session is being used (0 for not waiting on authentication)
135 u8 flags; // various bit flags
136 u8 snoop; // are we snooping this session?
137 u8 throttle; // is this session throttled?
138 u8 walled_garden; // is this session gardened?
139 u16 mru; // maximum receive unit
140 u16 tbf; // filter bucket for throttling
141 char random_vector[MAXTEL];
142 int random_vector_length;
143 char user[129]; // user (needed in seesion for radius stop messages)
144 char called[MAXTEL]; // called number
145 char calling[MAXTEL]; // calling number
146 unsigned long tx_connect_speed;
147 unsigned long rx_connect_speed;
148 }
149 sessiont;
150
151 #define SESSIONPFC 1 // PFC negotiated flags
152 #define SESSIONACFC 2 // ACFC negotiated flags
153
154 // 168 bytes per tunnel
155 typedef struct tunnels
156 {
157 tunnelidt far; // far end tunnel ID
158 ipt ip; // Ip for far end
159 portt port; // port for far end
160 u16 window; // Rx window
161 u16 nr; // next receive
162 u16 ns; // next send
163 int state; // current state (tunnelstate enum)
164 clockt last; // when last control message sent (used for resend timeout)
165 clockt retry; // when to try resenting pending control
166 clockt die; // being closed, when to finally free
167 clockt lastrec; // when the last control message was received
168 char hostname[128]; // tunnel hostname
169 char vendor[128]; // LAC vendor
170 u8 try; // number of retrys on a control message
171 u16 controlc; // outstaind messages in queue
172 controlt *controls; // oldest message
173 controlt *controle; // newest message
174 }
175 tunnelt;
176
177 // 180 bytes per radius session
178 typedef struct radiuss // outstanding RADIUS requests
179 {
180 sessionidt session; // which session this applies to
181 hasht auth; // request authenticator
182 clockt retry; // when to try next
183 char calling[MAXTEL]; // calling number
184 char pass[129]; // password
185 u8 id; // ID for PPP response
186 u8 try; // which try we are on
187 u8 state; // state of radius requests
188 u8 chap; // set if CHAP used (is CHAP identifier)
189 }
190 radiust;
191
192 typedef struct
193 {
194 ipt address;
195 char assigned; // 1 if assigned, 0 if free
196 sessionidt session;
197 clockt last; // last used
198 char user[129]; // user (try to have ip addresses persistent)
199 }
200 ippoolt;
201
202 #ifdef RINGBUFFER
203 struct Tringbuffer
204 {
205 struct {
206 char level;
207 sessionidt session;
208 tunnelidt tunnel;
209 ipt address;
210 char message[MAX_LOG_LENGTH];
211 } buffer[RINGBUFFER_SIZE];
212 int head;
213 int tail;
214 };
215 #endif
216
217 /*
218 * Possible tunnel states
219 * TUNNELFREE -> TUNNELOPEN -> TUNNELDIE -> TUNNELFREE
220 */
221 enum
222 {
223 TUNNELFREE, // Not in use
224 TUNNELOPEN, // Active tunnel
225 TUNNELDIE, // Currently closing
226 TUNNELOPENING // Busy opening
227 };
228
229 enum
230 {
231 RADIUSNULL, // Not in use
232 RADIUSCHAP, // sending CHAP down PPP
233 RADIUSAUTH, // sending auth to RADIUS server
234 RADIUSIPCP, // sending IPCP to end user
235 RADIUSSTART, // sending start accounting to RADIUS server
236 RADIUSSTOP, // sending stop accounting to RADIUS server
237 RADIUSWAIT // waiting timeout before available, in case delayed replies
238 };
239
240 struct Tstats
241 {
242 time_t start_time;
243 time_t last_reset;
244
245 unsigned long tap_rx_packets;
246 unsigned long tap_tx_packets;
247 unsigned long tap_rx_bytes;
248 unsigned long tap_tx_bytes;
249 unsigned long tap_rx_errors;
250 unsigned long tap_tx_errors;
251
252 unsigned long tunnel_rx_packets;
253 unsigned long tunnel_tx_packets;
254 unsigned long tunnel_rx_bytes;
255 unsigned long tunnel_tx_bytes;
256 unsigned long tunnel_rx_errors;
257 unsigned long tunnel_tx_errors;
258
259 unsigned long tunnel_retries;
260 unsigned long radius_retries;
261
262 unsigned long arp_errors;
263 unsigned long arp_replies;
264 unsigned long arp_discarded;
265 unsigned long arp_sent;
266 unsigned long arp_recv;
267
268 unsigned long packets_snooped;
269
270 unsigned long tunnel_created;
271 unsigned long session_created;
272 unsigned long tunnel_timeout;
273 unsigned long session_timeout;
274 unsigned long radius_timeout;
275 unsigned long radius_overflow;
276 unsigned long tunnel_overflow;
277 unsigned long session_overflow;
278
279 unsigned long ip_allocated;
280 unsigned long ip_freed;
281 #ifdef STAT_CALLS
282 unsigned long call_processtap;
283 unsigned long call_processarp;
284 unsigned long call_processipout;
285 unsigned long call_processudp;
286 unsigned long call_sessionbyip;
287 unsigned long call_sessionbyuser;
288 unsigned long call_sendarp;
289 unsigned long call_sendipcp;
290 unsigned long call_tunnelsend;
291 unsigned long call_sessionkill;
292 unsigned long call_sessionshutdown;
293 unsigned long call_tunnelkill;
294 unsigned long call_tunnelshutdown;
295 unsigned long call_assign_ip_address;
296 unsigned long call_free_ip_address;
297 unsigned long call_dump_acct_info;
298 unsigned long call_sessionsetup;
299 unsigned long call_processpap;
300 unsigned long call_processchap;
301 unsigned long call_processlcp;
302 unsigned long call_processipcp;
303 unsigned long call_processipin;
304 unsigned long call_processccp;
305 unsigned long call_sendchap;
306 unsigned long call_processrad;
307 unsigned long call_radiussend;
308 unsigned long call_radiusretry;
309 #endif
310 };
311
312 #ifdef STATISTICS
313 #define STAT(x) _statistics->x++
314 #define INC_STAT(x,y) _statistics->x += y
315 #define GET_STAT(x) _statistics->x
316 #define SET_STAT(x, y) _statistics->x = y
317 #else
318 #define STAT(x)
319 #define INC_STAT(x,y)
320 #define GET_STAT(x) 0
321 #define SET_STAT(x, y)
322 #endif
323
324 struct configt
325 {
326 int debug; // debugging level
327 time_t start_time; // time when l2tpns was started
328 char bandwidth[256]; // current bandwidth
329
330 char config_file[128];
331 int reload_config; // flag to re-read config (set by cli)
332 int cleanup_interval; // interval between regular cleanups (in seconds)
333 int multi_read_count; // amount of packets to read per fd in processing loop
334
335 char tapdevice[10]; // tap device name
336 char log_filename[128];
337 char l2tpsecret[64];
338
339 char radiussecret[64];
340 int radius_accounting;
341 ipt radiusserver[MAXRADSERVER]; // radius servers
342 u8 numradiusservers; // radius server count
343 short num_radfds; // Number of radius filehandles allocated
344
345 ipt default_dns1, default_dns2;
346
347 ipt snoop_destination_host;
348 u16 snoop_destination_port;
349
350 unsigned long rl_rate;
351 int save_state;
352 uint32_t cluster_address;
353 int ignore_cluster_updates;
354 char accounting_dir[128];
355 ipt bind_address;
356 int target_uid;
357 int dump_speed;
358 char plugins[64][MAXPLUGINS];
359 char old_plugins[64][MAXPLUGINS];
360
361 int next_tbf; // Next HTB id available to use
362 };
363
364 struct config_descriptt
365 {
366 char *key;
367 int offset;
368 int size;
369 enum { INT, STRING, UNSIGNED_LONG, SHORT, BOOL, IP } type;
370 };
371
372 // arp.c
373 void sendarp(int ifr_idx, const unsigned char* mac, ipt ip);
374
375
376 // ppp.c
377 void processpap(tunnelidt t, sessionidt s, u8 * p, u16 l);
378 void processchap(tunnelidt t, sessionidt s, u8 * p, u16 l);
379 void processlcp(tunnelidt t, sessionidt s, u8 * p, u16 l);
380 void processipcp(tunnelidt t, sessionidt s, u8 * p, u16 l);
381 void processipin(tunnelidt t, sessionidt s, u8 * p, u16 l);
382 void processccp(tunnelidt t, sessionidt s, u8 * p, u16 l);
383 void sendchap(tunnelidt t, sessionidt s);
384 u8 *makeppp(u8 * b, u8 * p, int l, tunnelidt t, sessionidt s, u16 mtype);
385 u8 *findppp(u8 * b, u8 mtype);
386 void initlcp(tunnelidt t, sessionidt s);
387 void dumplcp(char *p, int l);
388
389
390 // radius.c
391 void initrad(void);
392 void radiussend(u16 r, u8 state);
393 void processrad(u8 *buf, int len, char socket_index);
394 void radiusretry(u16 r);
395 u16 radiusnew(sessionidt s);
396 void radiusclear(u16 r, sessionidt s);
397
398 // throttle.c
399 int throttle_session(sessionidt s, int throttle);
400
401
402 // rl.c
403 void init_rl();
404 u16 rl_create_tbf();
405 u16 rl_get_tbf();
406 void rl_done_tbf(u16 t);
407 void rl_destroy_tbf(u16 t);
408
409
410 // l2tpns.c
411 clockt now(void);
412 clockt backoff(u8 try);
413 void routeset(ipt ip, ipt mask, ipt gw, u8 add);
414 void inittap(void);
415 void initudp(void);
416 void initdata(void);
417 void initippool();
418 sessionidt sessionbyip(ipt ip);
419 sessionidt sessionbyuser(char *username);
420 void sessionshutdown(sessionidt s, char *reason);
421 void sessionsendarp(sessionidt s);
422 void send_garp(ipt ip);
423 void sessionkill(sessionidt s, char *reason);
424 void control16(controlt * c, u16 avp, u16 val, u8 m);
425 void control32(controlt * c, u16 avp, u32 val, u8 m);
426 void controls(controlt * c, u16 avp, char *val, u8 m);
427 void controlb(controlt * c, u16 avp, char *val, unsigned int len, u8 m);
428 controlt *controlnew(u16 mtype);
429 void controlnull(tunnelidt t);
430 void controladd(controlt * c, tunnelidt t, sessionidt s);
431 void tunnelsend(u8 * buf, u16 l, tunnelidt t);
432 void tunnelkill(tunnelidt t, char *reason);
433 void tunnelshutdown(tunnelidt t, char *reason);
434 void sendipcp(tunnelidt t, sessionidt s);
435 void processipout(u8 * buf, int len);
436 void processarp(u8 * buf, int len);
437 void processudp(u8 * buf, int len, struct sockaddr_in *addr);
438 void processtap(u8 * buf, int len);
439 void processcontrol(u8 * buf, int len, struct sockaddr_in *addr);
440 int assign_ip_address(sessionidt s);
441 void free_ip_address(sessionidt s);
442 void snoop_send_packet(char *packet, u16 size);
443 void dump_acct_info();
444 void mainloop(void);
445 #define log _log
446 #ifndef log_hex
447 #define log_hex(a,b,c,d) do{if (a <= config->debug) _log_hex(a,0,0,0,b,c,d);}while (0)
448 #endif
449 void _log(int level, ipt address, sessionidt s, tunnelidt t, const char *format, ...) __attribute__((format (printf, 5, 6)));
450 void _log_hex(int level, ipt address, sessionidt s, tunnelidt t, const char *title, const char *data, int maxsize);
451 void build_chap_response(char *challenge, u8 id, u16 challenge_length, char **challenge_response);
452 int sessionsetup(tunnelidt t, sessionidt s, u8 routes);
453 int cluster_send_session(int s);
454 int cluster_send_tunnel(int t);
455 int cluster_send_goodbye();
456 void init_cli();
457 void cli_do_file(FILE *fh);
458 void cli_do(int sockfd);
459 #ifdef RINGBUFFER
460 void ringbuffer_dump(FILE *stream);
461 #endif
462 void initplugins();
463 int run_plugins(int plugin_type, void *data);
464 void add_plugin(char *plugin_name);
465 void remove_plugin(char *plugin_name);
466 void tunnelclear(tunnelidt t);
467 void host_unreachable(ipt destination, u16 id, ipt source, char *packet, int packet_len);
468
469 extern tunnelt *tunnel;
470 extern sessiont *session;
471 #define sessionfree (session[0].next)
472
473 #define log_backtrace(count, max) \
474 if (count++ < max) { \
475 void *array[20]; \
476 char **strings; \
477 int size, i; \
478 log(0, 0, 0, t, "Backtrace follows"); \
479 size = backtrace(array, 10); \
480 strings = backtrace_symbols(array, size); \
481 if (strings) for (i = 0; i < size; i++) \
482 { \
483 log(0, 0, 0, t, "%s\n", strings[i]); \
484 } \
485 free(strings); \
486 }
487
for cloning use: "git clone git://git.sameswireless.fr/l2tpns.git" ; For add to your sources.list: "deb http://package.sameswifi.fr/ jessie main"