2 // $Id: l2tpns.h,v 1.6 2004-05-24 04:33:35 fred_nerk Exp $
4 #include <netinet/in.h>
9 #define VERSION "1.2.0"
12 #define MAXTUNNEL 500 // could be up to 65535
13 #define MAXSESSION 50000 // could be up to 65535
14 #define RADIUS_SHIFT 5
15 #define RADIUS_MASK ((unsigned short)(((unsigned short)~0) >> (16 - RADIUS_SHIFT)))
16 #define MAXRADIUS ((2 << (RADIUS_SHIFT - 1)) * 255)
18 #define MAXCONTROL 1000 // max length control message we ever send...
19 #define MAXETHER (1500+18) // max packet we try sending to tap
20 #define MAXTEL 96 // telephone number
21 #define MAXPLUGINS 20 // maximum number of plugins to load
22 #define MAXRADSERVER 10 // max radius servers
23 #define MAXROUTE 10 // max static routes per session
24 #define MAXIPPOOL 131072 // max number of ip addresses in pool
25 #define RINGBUFFER_SIZE 10000 // Number of ringbuffer entries to allocate
26 #define MAX_LOG_LENGTH 512 // Maximum size of log message
27 #define ECHO_TIMEOUT 60 // Time between last packet sent and LCP ECHO generation
28 #define IDLE_TIMEOUT 240 // Time between last packet sent and LCP ECHO generation
34 #define TAPDEVICE "/dev/net/tun"
36 #define HOMEDIR "/home/l2tpns/" // Base dir for data
37 #define STATEFILE "/tmp/l2tpns.dump" // State dump file
38 #define NOSTATEFILE "/tmp/l2tpns.no_state_reload" // If exists, state will not be reloaded
39 #define CONFIGFILE ETCDIR "/l2tpns.cfg" // Configuration file
40 #define CLIUSERS ETCDIR "/l2tpns.users" // CLI Users file
41 #define IPPOOLFILE ETCDIR "/l2tpns.ip_pool" // Address pool configuration
43 #define LIBDIR "/usr/lib/l2tpns"
45 #define ACCT_TIME 3000 // 5 minute accounting interval
46 #define L2TPPORT 1701 // L2TP port
47 #define RADPORT 1645 // old radius port...
48 #define RADAPORT 1646 // old radius accounting port
49 #define PKTARP 0x0806 // ARP packet type
50 #define PKTIP 0x0800 // IP packet type
51 #define PSEUDOMAC 0x0200 // pseudo MAC prefix (local significant MAC)
53 #define PPPCHAP 0xC223
55 #define PPPIPCP 0x8021
59 #define MIN_IP_SIZE 0x20
76 typedef unsigned short u16
;
77 typedef unsigned int u32
;
78 typedef unsigned char u8
;
81 typedef u16 sessionidt
;
82 typedef u16 tunnelidt
;
86 // dump header: update number if internal format changes
87 #define DUMP_MAGIC "L2TPNS#" VERSION "#"
90 typedef struct routes
// route
97 typedef struct controls
// control message
99 struct controls
*next
; // next in queue
100 u16 length
; // length
112 // 336 bytes per session
113 typedef struct sessions
115 sessionidt next
; // next session in linked list
116 sessionidt far
; // far end session ID
117 tunnelidt tunnel
; // tunnel ID
118 ipt ip
; // IP of session set by RADIUS response
119 int ip_pool_index
; // index to IP pool
120 unsigned long sid
; // session id for hsddb
121 u16 nr
; // next receive
123 u32 magic
; // ppp magic number
124 u32 cin
, cout
; // byte counts
125 u32 pin
, pout
; // packet counts
126 u32 total_cin
; // This counter is never reset while a session is open
127 u32 total_cout
; // This counter is never reset while a session is open
128 u32 id
; // session id
129 clockt opened
; // when started
130 clockt die
; // being closed, when to finally free
131 time_t last_packet
; // Last packet from the user (used for idle timeouts)
132 ipt dns1
, dns2
; // DNS servers
133 routet route
[MAXROUTE
]; // static routes
134 u16 radius
; // which radius session is being used (0 for not waiting on authentication)
135 u8 flags
; // various bit flags
136 u8 snoop
; // are we snooping this session?
137 u8 throttle
; // is this session throttled?
138 u8 walled_garden
; // is this session gardened?
139 u16 mru
; // maximum receive unit
140 u16 tbf
; // filter bucket for throttling
141 char random_vector
[MAXTEL
];
142 int random_vector_length
;
143 char user
[129]; // user (needed in seesion for radius stop messages)
144 char called
[MAXTEL
]; // called number
145 char calling
[MAXTEL
]; // calling number
146 unsigned long tx_connect_speed
;
147 unsigned long rx_connect_speed
;
151 #define SESSIONPFC 1 // PFC negotiated flags
152 #define SESSIONACFC 2 // ACFC negotiated flags
154 // 168 bytes per tunnel
155 typedef struct tunnels
157 tunnelidt far
; // far end tunnel ID
158 ipt ip
; // Ip for far end
159 portt port
; // port for far end
160 u16 window
; // Rx window
161 u16 nr
; // next receive
163 int state
; // current state (tunnelstate enum)
164 clockt last
; // when last control message sent (used for resend timeout)
165 clockt retry
; // when to try resenting pending control
166 clockt die
; // being closed, when to finally free
167 clockt lastrec
; // when the last control message was received
168 char hostname
[128]; // tunnel hostname
169 char vendor
[128]; // LAC vendor
170 u8
try; // number of retrys on a control message
171 u16 controlc
; // outstaind messages in queue
172 controlt
*controls
; // oldest message
173 controlt
*controle
; // newest message
177 // 180 bytes per radius session
178 typedef struct radiuss
// outstanding RADIUS requests
180 sessionidt session
; // which session this applies to
181 hasht auth
; // request authenticator
182 clockt retry
; // when to try next
183 char calling
[MAXTEL
]; // calling number
184 char pass
[129]; // password
185 u8 id
; // ID for PPP response
186 u8
try; // which try we are on
187 u8 state
; // state of radius requests
188 u8 chap
; // set if CHAP used (is CHAP identifier)
195 char assigned
; // 1 if assigned, 0 if free
197 clockt last
; // last used
198 char user
[129]; // user (try to have ip addresses persistent)
210 char message
[MAX_LOG_LENGTH
];
211 } buffer
[RINGBUFFER_SIZE
];
218 * Possible tunnel states
219 * TUNNELFREE -> TUNNELOPEN -> TUNNELDIE -> TUNNELFREE
223 TUNNELFREE
, // Not in use
224 TUNNELOPEN
, // Active tunnel
225 TUNNELDIE
, // Currently closing
226 TUNNELOPENING
// Busy opening
231 RADIUSNULL
, // Not in use
232 RADIUSCHAP
, // sending CHAP down PPP
233 RADIUSAUTH
, // sending auth to RADIUS server
234 RADIUSIPCP
, // sending IPCP to end user
235 RADIUSSTART
, // sending start accounting to RADIUS server
236 RADIUSSTOP
, // sending stop accounting to RADIUS server
237 RADIUSWAIT
// waiting timeout before available, in case delayed replies
245 unsigned long tap_rx_packets
;
246 unsigned long tap_tx_packets
;
247 unsigned long tap_rx_bytes
;
248 unsigned long tap_tx_bytes
;
249 unsigned long tap_rx_errors
;
250 unsigned long tap_tx_errors
;
252 unsigned long tunnel_rx_packets
;
253 unsigned long tunnel_tx_packets
;
254 unsigned long tunnel_rx_bytes
;
255 unsigned long tunnel_tx_bytes
;
256 unsigned long tunnel_rx_errors
;
257 unsigned long tunnel_tx_errors
;
259 unsigned long tunnel_retries
;
260 unsigned long radius_retries
;
262 unsigned long arp_errors
;
263 unsigned long arp_replies
;
264 unsigned long arp_discarded
;
265 unsigned long arp_sent
;
266 unsigned long arp_recv
;
268 unsigned long packets_snooped
;
270 unsigned long tunnel_created
;
271 unsigned long session_created
;
272 unsigned long tunnel_timeout
;
273 unsigned long session_timeout
;
274 unsigned long radius_timeout
;
275 unsigned long radius_overflow
;
276 unsigned long tunnel_overflow
;
277 unsigned long session_overflow
;
279 unsigned long ip_allocated
;
280 unsigned long ip_freed
;
282 unsigned long call_processtap
;
283 unsigned long call_processarp
;
284 unsigned long call_processipout
;
285 unsigned long call_processudp
;
286 unsigned long call_sessionbyip
;
287 unsigned long call_sessionbyuser
;
288 unsigned long call_sendarp
;
289 unsigned long call_sendipcp
;
290 unsigned long call_tunnelsend
;
291 unsigned long call_sessionkill
;
292 unsigned long call_sessionshutdown
;
293 unsigned long call_tunnelkill
;
294 unsigned long call_tunnelshutdown
;
295 unsigned long call_assign_ip_address
;
296 unsigned long call_free_ip_address
;
297 unsigned long call_dump_acct_info
;
298 unsigned long call_sessionsetup
;
299 unsigned long call_processpap
;
300 unsigned long call_processchap
;
301 unsigned long call_processlcp
;
302 unsigned long call_processipcp
;
303 unsigned long call_processipin
;
304 unsigned long call_processccp
;
305 unsigned long call_sendchap
;
306 unsigned long call_processrad
;
307 unsigned long call_radiussend
;
308 unsigned long call_radiusretry
;
313 #define STAT(x) _statistics->x++
314 #define INC_STAT(x,y) _statistics->x += y
315 #define GET_STAT(x) _statistics->x
316 #define SET_STAT(x, y) _statistics->x = y
319 #define INC_STAT(x,y)
320 #define GET_STAT(x) 0
321 #define SET_STAT(x, y)
326 int debug
; // debugging level
327 time_t start_time
; // time when l2tpns was started
328 char bandwidth
[256]; // current bandwidth
330 char config_file
[128];
331 int reload_config
; // flag to re-read config (set by cli)
332 int cleanup_interval
; // interval between regular cleanups (in seconds)
333 int multi_read_count
; // amount of packets to read per fd in processing loop
335 char tapdevice
[10]; // tap device name
336 char log_filename
[128];
339 char radiussecret
[64];
340 int radius_accounting
;
341 ipt radiusserver
[MAXRADSERVER
]; // radius servers
342 u8 numradiusservers
; // radius server count
343 short num_radfds
; // Number of radius filehandles allocated
345 ipt default_dns1
, default_dns2
;
347 ipt snoop_destination_host
;
348 u16 snoop_destination_port
;
350 unsigned long rl_rate
;
352 uint32_t cluster_address
;
353 int ignore_cluster_updates
;
354 char accounting_dir
[128];
358 char plugins
[64][MAXPLUGINS
];
359 char old_plugins
[64][MAXPLUGINS
];
361 int next_tbf
; // Next HTB id available to use
364 struct config_descriptt
369 enum { INT
, STRING
, UNSIGNED_LONG
, SHORT
, BOOL
, IP
} type
;
373 void sendarp(int ifr_idx
, const unsigned char* mac
, ipt ip
);
377 void processpap(tunnelidt t
, sessionidt s
, u8
* p
, u16 l
);
378 void processchap(tunnelidt t
, sessionidt s
, u8
* p
, u16 l
);
379 void processlcp(tunnelidt t
, sessionidt s
, u8
* p
, u16 l
);
380 void processipcp(tunnelidt t
, sessionidt s
, u8
* p
, u16 l
);
381 void processipin(tunnelidt t
, sessionidt s
, u8
* p
, u16 l
);
382 void processccp(tunnelidt t
, sessionidt s
, u8
* p
, u16 l
);
383 void sendchap(tunnelidt t
, sessionidt s
);
384 u8
*makeppp(u8
* b
, u8
* p
, int l
, tunnelidt t
, sessionidt s
, u16 mtype
);
385 u8
*findppp(u8
* b
, u8 mtype
);
386 void initlcp(tunnelidt t
, sessionidt s
);
387 void dumplcp(char *p
, int l
);
392 void radiussend(u16 r
, u8 state
);
393 void processrad(u8
*buf
, int len
, char socket_index
);
394 void radiusretry(u16 r
);
395 u16
radiusnew(sessionidt s
);
396 void radiusclear(u16 r
, sessionidt s
);
399 int throttle_session(sessionidt s
, int throttle
);
406 void rl_done_tbf(u16 t
);
407 void rl_destroy_tbf(u16 t
);
412 clockt
backoff(u8
try);
413 void routeset(ipt ip
, ipt mask
, ipt gw
, u8 add
);
418 sessionidt
sessionbyip(ipt ip
);
419 sessionidt
sessionbyuser(char *username
);
420 void sessionshutdown(sessionidt s
, char *reason
);
421 void sessionsendarp(sessionidt s
);
422 void send_garp(ipt ip
);
423 void sessionkill(sessionidt s
, char *reason
);
424 void control16(controlt
* c
, u16 avp
, u16 val
, u8 m
);
425 void control32(controlt
* c
, u16 avp
, u32 val
, u8 m
);
426 void controls(controlt
* c
, u16 avp
, char *val
, u8 m
);
427 void controlb(controlt
* c
, u16 avp
, char *val
, unsigned int len
, u8 m
);
428 controlt
*controlnew(u16 mtype
);
429 void controlnull(tunnelidt t
);
430 void controladd(controlt
* c
, tunnelidt t
, sessionidt s
);
431 void tunnelsend(u8
* buf
, u16 l
, tunnelidt t
);
432 void tunnelkill(tunnelidt t
, char *reason
);
433 void tunnelshutdown(tunnelidt t
, char *reason
);
434 void sendipcp(tunnelidt t
, sessionidt s
);
435 void processipout(u8
* buf
, int len
);
436 void processarp(u8
* buf
, int len
);
437 void processudp(u8
* buf
, int len
, struct sockaddr_in
*addr
);
438 void processtap(u8
* buf
, int len
);
439 void processcontrol(u8
* buf
, int len
, struct sockaddr_in
*addr
);
440 int assign_ip_address(sessionidt s
);
441 void free_ip_address(sessionidt s
);
442 void snoop_send_packet(char *packet
, u16 size
);
443 void dump_acct_info();
447 #define log_hex(a,b,c,d) do{if (a <= config->debug) _log_hex(a,0,0,0,b,c,d);}while (0)
449 void _log(int level
, ipt address
, sessionidt s
, tunnelidt t
, const char *format
, ...) __attribute__((format (printf
, 5, 6)));
450 void _log_hex(int level
, ipt address
, sessionidt s
, tunnelidt t
, const char *title
, const char *data
, int maxsize
);
451 void build_chap_response(char *challenge
, u8 id
, u16 challenge_length
, char **challenge_response
);
452 int sessionsetup(tunnelidt t
, sessionidt s
, u8 routes
);
453 int cluster_send_session(int s
);
454 int cluster_send_tunnel(int t
);
455 int cluster_send_goodbye();
457 void cli_do_file(FILE *fh
);
458 void cli_do(int sockfd
);
460 void ringbuffer_dump(FILE *stream
);
463 int run_plugins(int plugin_type
, void *data
);
464 void add_plugin(char *plugin_name
);
465 void remove_plugin(char *plugin_name
);
466 void tunnelclear(tunnelidt t
);
467 void host_unreachable(ipt destination
, u16 id
, ipt source
, char *packet
, int packet_len
);
469 extern tunnelt
*tunnel
;
470 extern sessiont
*session
;
471 #define sessionfree (session[0].next)
473 #define log_backtrace(count, max) \
474 if (count++ < max) { \
478 log(0, 0, 0, t, "Backtrace follows"); \
479 size = backtrace(array, 10); \
480 strings = backtrace_symbols(array, size); \
481 if (strings) for (i = 0; i < size; i++) \
483 log(0, 0, 0, t, "%s\n", strings[i]); \