projects / l2tpns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Use multiple radius sockets to allow more concurrent authentication requests
[l2tpns.git] / l2tpns.h
1 // L2TPNS Global Stuff
2 // $Id: l2tpns.h,v 1.5 2004-05-24 04:24:06 fred_nerk Exp $
3
4 #include <netinet/in.h>
5 #include <stdio.h>
6 #include <config.h>
7
8 #define VERSION "1.2.0"
9
10 // Limits
11 #define MAXTUNNEL 500 // could be up to 65535
12 #define MAXSESSION 50000 // could be up to 65535
13 #define RADIUS_SHIFT 5
14 #define RADIUS_MASK ((unsigned short)(((unsigned short)~0) >> (16 - RADIUS_SHIFT)))
15 #define MAXRADIUS ((2 << (RADIUS_SHIFT - 1)) * 255)
16
17 #define MAXCONTROL 1000 // max length control message we ever send...
18 #define MAXETHER (1500+18) // max packet we try sending to tap
19 #define MAXTEL 96 // telephone number
20 #define MAXPLUGINS 20 // maximum number of plugins to load
21 #define MAXRADSERVER 10 // max radius servers
22 #define MAXROUTE 10 // max static routes per session
23 #define MAXIPPOOL 131072 // max number of ip addresses in pool
24 #define RINGBUFFER_SIZE 10000 // Number of ringbuffer entries to allocate
25 #define MAX_LOG_LENGTH 512 // Maximum size of log message
26 #define ECHO_TIMEOUT 60 // Time between last packet sent and LCP ECHO generation
27 #define IDLE_TIMEOUT 240 // Time between last packet sent and LCP ECHO generation
28
29 // Constants
30 #define STATISTICS
31 #define STAT_CALLS
32 #define RINGBUFFER
33 #define TAPDEVICE "/dev/net/tun"
34 #define UDP 17
35 #define HOMEDIR "/home/l2tpns/" // Base dir for data
36 #define STATEFILE "/tmp/l2tpns.dump" // State dump file
37 #define NOSTATEFILE "/tmp/l2tpns.no_state_reload" // If exists, state will not be reloaded
38 #define CONFIGFILE ETCDIR "/l2tpns.cfg" // Configuration file
39 #define CLIUSERS ETCDIR "/l2tpns.users" // CLI Users file
40 #define IPPOOLFILE ETCDIR "/l2tpns.ip_pool" // Address pool configuration
41 #ifndef LIBDIR
42 #define LIBDIR "/usr/lib/l2tpns"
43 #endif
44 #define ACCT_TIME 3000 // 5 minute accounting interval
45 #define L2TPPORT 1701 // L2TP port
46 #define RADPORT 1645 // old radius port...
47 #define RADAPORT 1646 // old radius accounting port
48 #define PKTARP 0x0806 // ARP packet type
49 #define PKTIP 0x0800 // IP packet type
50 #define PSEUDOMAC 0x0200 // pseudo MAC prefix (local significant MAC)
51 #define PPPPAP 0xC023
52 #define PPPCHAP 0xC223
53 #define PPPLCP 0xC021
54 #define PPPIPCP 0x8021
55 #define PPPCCP 0x80FD
56 #define PPPIP 0x0021
57 #define PPPMP 0x003D
58 #define MIN_IP_SIZE 0x20
59 enum
60 {
61 ConfigReq = 1,
62 ConfigAck,
63 ConfigNak,
64 ConfigRej,
65 TerminateReq,
66 TerminateAck,
67 CodeRej,
68 ProtocolRej,
69 EchoReq,
70 EchoReply,
71 DiscardRequest
72 };
73
74 // Types
75 typedef unsigned short u16;
76 typedef unsigned int u32;
77 typedef unsigned char u8;
78 typedef u32 ipt;
79 typedef u16 portt;
80 typedef u16 sessionidt;
81 typedef u16 tunnelidt;
82 typedef u32 clockt;
83 typedef u8 hasht[16];
84
85 // dump header: update number if internal format changes
86 #define DUMP_MAGIC "L2TPNS#" VERSION "#"
87
88 // structures
89 typedef struct routes // route
90 {
91 ipt ip;
92 ipt mask;
93 }
94 routet;
95
96 typedef struct controls // control message
97 {
98 struct controls *next; // next in queue
99 u16 length; // length
100 u8 buf[MAXCONTROL];
101 }
102 controlt;
103
104 typedef struct stbft
105 {
106 char handle[10];
107 char in_use;
108 } tbft;
109
110
111 // 336 bytes per session
112 typedef struct sessions
113 {
114 sessionidt next; // next session in linked list
115 sessionidt far; // far end session ID
116 tunnelidt tunnel; // tunnel ID
117 ipt ip; // IP of session set by RADIUS response
118 int ip_pool_index; // index to IP pool
119 unsigned long sid; // session id for hsddb
120 u16 nr; // next receive
121 u16 ns; // next send
122 u32 magic; // ppp magic number
123 u32 cin, cout; // byte counts
124 u32 pin, pout; // packet counts
125 u32 total_cin; // This counter is never reset while a session is open
126 u32 total_cout; // This counter is never reset while a session is open
127 u32 id; // session id
128 clockt opened; // when started
129 clockt die; // being closed, when to finally free
130 time_t last_packet; // Last packet from the user (used for idle timeouts)
131 ipt dns1, dns2; // DNS servers
132 routet route[MAXROUTE]; // static routes
133 u16 radius; // which radius session is being used (0 for not waiting on authentication)
134 u8 flags; // various bit flags
135 u8 snoop; // are we snooping this session?
136 u8 throttle; // is this session throttled?
137 u8 walled_garden; // is this session gardened?
138 u16 mru; // maximum receive unit
139 u16 tbf; // filter bucket for throttling
140 char random_vector[MAXTEL];
141 int random_vector_length;
142 char user[129]; // user (needed in seesion for radius stop messages)
143 char called[MAXTEL]; // called number
144 char calling[MAXTEL]; // calling number
145 unsigned long tx_connect_speed;
146 unsigned long rx_connect_speed;
147 }
148 sessiont;
149
150 #define SESSIONPFC 1 // PFC negotiated flags
151 #define SESSIONACFC 2 // ACFC negotiated flags
152
153 // 168 bytes per tunnel
154 typedef struct tunnels
155 {
156 tunnelidt far; // far end tunnel ID
157 ipt ip; // Ip for far end
158 portt port; // port for far end
159 u16 window; // Rx window
160 u16 nr; // next receive
161 u16 ns; // next send
162 int state; // current state (tunnelstate enum)
163 clockt last; // when last control message sent (used for resend timeout)
164 clockt retry; // when to try resenting pending control
165 clockt die; // being closed, when to finally free
166 clockt lastrec; // when the last control message was received
167 char hostname[128]; // tunnel hostname
168 char vendor[128]; // LAC vendor
169 u8 try; // number of retrys on a control message
170 u16 controlc; // outstaind messages in queue
171 controlt *controls; // oldest message
172 controlt *controle; // newest message
173 }
174 tunnelt;
175
176 // 180 bytes per radius session
177 typedef struct radiuss // outstanding RADIUS requests
178 {
179 sessionidt session; // which session this applies to
180 hasht auth; // request authenticator
181 clockt retry; // when to try next
182 char calling[MAXTEL]; // calling number
183 char pass[129]; // password
184 u8 id; // ID for PPP response
185 u8 try; // which try we are on
186 u8 state; // state of radius requests
187 u8 chap; // set if CHAP used (is CHAP identifier)
188 }
189 radiust;
190
191 typedef struct
192 {
193 ipt address;
194 char assigned; // 1 if assigned, 0 if free
195 sessionidt session;
196 clockt last; // last used
197 char user[129]; // user (try to have ip addresses persistent)
198 }
199 ippoolt;
200
201 #ifdef RINGBUFFER
202 struct Tringbuffer
203 {
204 struct {
205 char level;
206 sessionidt session;
207 tunnelidt tunnel;
208 ipt address;
209 char message[MAX_LOG_LENGTH];
210 } buffer[RINGBUFFER_SIZE];
211 int head;
212 int tail;
213 };
214 #endif
215
216 /*
217 * Possible tunnel states
218 * TUNNELFREE -> TUNNELOPEN -> TUNNELDIE -> TUNNELFREE
219 */
220 enum
221 {
222 TUNNELFREE, // Not in use
223 TUNNELOPEN, // Active tunnel
224 TUNNELDIE, // Currently closing
225 TUNNELOPENING // Busy opening
226 };
227
228 enum
229 {
230 RADIUSNULL, // Not in use
231 RADIUSCHAP, // sending CHAP down PPP
232 RADIUSAUTH, // sending auth to RADIUS server
233 RADIUSIPCP, // sending IPCP to end user
234 RADIUSSTART, // sending start accounting to RADIUS server
235 RADIUSSTOP, // sending stop accounting to RADIUS server
236 RADIUSWAIT // waiting timeout before available, in case delayed replies
237 };
238
239 struct Tstats
240 {
241 time_t start_time;
242 time_t last_reset;
243
244 unsigned long tap_rx_packets;
245 unsigned long tap_tx_packets;
246 unsigned long tap_rx_bytes;
247 unsigned long tap_tx_bytes;
248 unsigned long tap_rx_errors;
249 unsigned long tap_tx_errors;
250
251 unsigned long tunnel_rx_packets;
252 unsigned long tunnel_tx_packets;
253 unsigned long tunnel_rx_bytes;
254 unsigned long tunnel_tx_bytes;
255 unsigned long tunnel_rx_errors;
256 unsigned long tunnel_tx_errors;
257
258 unsigned long tunnel_retries;
259 unsigned long radius_retries;
260
261 unsigned long arp_errors;
262 unsigned long arp_replies;
263 unsigned long arp_discarded;
264 unsigned long arp_sent;
265 unsigned long arp_recv;
266
267 unsigned long packets_snooped;
268
269 unsigned long tunnel_created;
270 unsigned long session_created;
271 unsigned long tunnel_timeout;
272 unsigned long session_timeout;
273 unsigned long radius_timeout;
274 unsigned long radius_overflow;
275 unsigned long tunnel_overflow;
276 unsigned long session_overflow;
277
278 unsigned long ip_allocated;
279 unsigned long ip_freed;
280 #ifdef STAT_CALLS
281 unsigned long call_processtap;
282 unsigned long call_processarp;
283 unsigned long call_processipout;
284 unsigned long call_processudp;
285 unsigned long call_sessionbyip;
286 unsigned long call_sessionbyuser;
287 unsigned long call_sendarp;
288 unsigned long call_sendipcp;
289 unsigned long call_tunnelsend;
290 unsigned long call_sessionkill;
291 unsigned long call_sessionshutdown;
292 unsigned long call_tunnelkill;
293 unsigned long call_tunnelshutdown;
294 unsigned long call_assign_ip_address;
295 unsigned long call_free_ip_address;
296 unsigned long call_dump_acct_info;
297 unsigned long call_sessionsetup;
298 unsigned long call_processpap;
299 unsigned long call_processchap;
300 unsigned long call_processlcp;
301 unsigned long call_processipcp;
302 unsigned long call_processipin;
303 unsigned long call_processccp;
304 unsigned long call_sendchap;
305 unsigned long call_processrad;
306 unsigned long call_radiussend;
307 unsigned long call_radiusretry;
308 #endif
309 };
310
311 #ifdef STATISTICS
312 #define STAT(x) _statistics->x++
313 #define INC_STAT(x,y) _statistics->x += y
314 #define GET_STAT(x) _statistics->x
315 #define SET_STAT(x, y) _statistics->x = y
316 #else
317 #define STAT(x)
318 #define INC_STAT(x,y)
319 #define GET_STAT(x) 0
320 #define SET_STAT(x, y)
321 #endif
322
323 struct configt
324 {
325 int debug; // debugging level
326 time_t start_time; // time when l2tpns was started
327 char bandwidth[256]; // current bandwidth
328
329 char config_file[128];
330 int reload_config; // flag to re-read config (set by cli)
331 int cleanup_interval; // interval between regular cleanups (in seconds)
332 int multi_read_count; // amount of packets to read per fd in processing loop
333
334 char tapdevice[10]; // tap device name
335 char log_filename[128];
336 char l2tpsecret[64];
337
338 char radiussecret[64];
339 int radius_accounting;
340 ipt radiusserver[MAXRADSERVER]; // radius servers
341 u8 numradiusservers; // radius server count
342 short num_radfds; // Number of radius filehandles allocated
343
344 ipt default_dns1, default_dns2;
345
346 ipt snoop_destination_host;
347 u16 snoop_destination_port;
348
349 unsigned long rl_rate;
350 int save_state;
351 uint32_t cluster_address;
352 int ignore_cluster_updates;
353 char accounting_dir[128];
354 ipt bind_address;
355 int target_uid;
356 int dump_speed;
357 char plugins[64][MAXPLUGINS];
358 char old_plugins[64][MAXPLUGINS];
359
360 int next_tbf; // Next HTB id available to use
361 };
362
363 struct config_descriptt
364 {
365 char *key;
366 int offset;
367 int size;
368 enum { INT, STRING, UNSIGNED_LONG, SHORT, BOOL, IP } type;
369 };
370
371 // arp.c
372 void sendarp(int ifr_idx, const unsigned char* mac, ipt ip);
373
374
375 // ppp.c
376 void processpap(tunnelidt t, sessionidt s, u8 * p, u16 l);
377 void processchap(tunnelidt t, sessionidt s, u8 * p, u16 l);
378 void processlcp(tunnelidt t, sessionidt s, u8 * p, u16 l);
379 void processipcp(tunnelidt t, sessionidt s, u8 * p, u16 l);
380 void processipin(tunnelidt t, sessionidt s, u8 * p, u16 l);
381 void processccp(tunnelidt t, sessionidt s, u8 * p, u16 l);
382 void sendchap(tunnelidt t, sessionidt s);
383 u8 *makeppp(u8 * b, u8 * p, int l, tunnelidt t, sessionidt s, u16 mtype);
384 u8 *findppp(u8 * b, u8 mtype);
385 void initlcp(tunnelidt t, sessionidt s);
386 void dumplcp(char *p, int l);
387
388
389 // radius.c
390 void initrad(void);
391 void radiussend(u16 r, u8 state);
392 void processrad(u8 *buf, int len, char socket_index);
393 void radiusretry(u16 r);
394 u16 radiusnew(sessionidt s);
395 void radiusclear(u16 r, sessionidt s);
396
397 // throttle.c
398 int throttle_session(sessionidt s, int throttle);
399
400
401 // rl.c
402 void init_rl();
403 u16 rl_create_tbf();
404 u16 rl_get_tbf();
405 void rl_done_tbf(u16 t);
406 void rl_destroy_tbf(u16 t);
407
408
409 // l2tpns.c
410 clockt now(void);
411 clockt backoff(u8 try);
412 void routeset(ipt ip, ipt mask, ipt gw, u8 add);
413 void inittap(void);
414 void initudp(void);
415 void initdata(void);
416 void initippool();
417 sessionidt sessionbyip(ipt ip);
418 sessionidt sessionbyuser(char *username);
419 void sessionshutdown(sessionidt s, char *reason);
420 void sessionsendarp(sessionidt s);
421 void send_garp(ipt ip);
422 void sessionkill(sessionidt s, char *reason);
423 void control16(controlt * c, u16 avp, u16 val, u8 m);
424 void control32(controlt * c, u16 avp, u32 val, u8 m);
425 void controls(controlt * c, u16 avp, char *val, u8 m);
426 void controlb(controlt * c, u16 avp, char *val, unsigned int len, u8 m);
427 controlt *controlnew(u16 mtype);
428 void controlnull(tunnelidt t);
429 void controladd(controlt * c, tunnelidt t, sessionidt s);
430 void tunnelsend(u8 * buf, u16 l, tunnelidt t);
431 void tunnelkill(tunnelidt t, char *reason);
432 void tunnelshutdown(tunnelidt t, char *reason);
433 void sendipcp(tunnelidt t, sessionidt s);
434 void processipout(u8 * buf, int len);
435 void processarp(u8 * buf, int len);
436 void processudp(u8 * buf, int len, struct sockaddr_in *addr);
437 void processtap(u8 * buf, int len);
438 void processcontrol(u8 * buf, int len, struct sockaddr_in *addr);
439 int assign_ip_address(sessionidt s);
440 void free_ip_address(sessionidt s);
441 void snoop_send_packet(char *packet, u16 size);
442 void dump_acct_info();
443 void mainloop(void);
444 #define log _log
445 #ifndef log_hex
446 #define log_hex(a,b,c,d) do{if (a <= config->debug) _log_hex(a,0,0,0,b,c,d);}while (0)
447 #endif
448 void _log(int level, ipt address, sessionidt s, tunnelidt t, const char *format, ...) __attribute__((format (printf, 5, 6)));
449 void _log_hex(int level, ipt address, sessionidt s, tunnelidt t, const char *title, const char *data, int maxsize);
450 void build_chap_response(char *challenge, u8 id, u16 challenge_length, char **challenge_response);
451 int sessionsetup(tunnelidt t, sessionidt s, u8 routes);
452 int cluster_send_session(int s);
453 int cluster_send_tunnel(int t);
454 int cluster_send_goodbye();
455 void init_cli();
456 void cli_do_file(FILE *fh);
457 void cli_do(int sockfd);
458 #ifdef RINGBUFFER
459 void ringbuffer_dump(FILE *stream);
460 #endif
461 void initplugins();
462 int run_plugins(int plugin_type, void *data);
463 void add_plugin(char *plugin_name);
464 void remove_plugin(char *plugin_name);
465 void tunnelclear(tunnelidt t);
466 void host_unreachable(ipt destination, u16 id, ipt source, char *packet, int packet_len);
467
468 extern tunnelt *tunnel;
469 extern sessiont *session;
470 #define sessionfree (session[0].next)
471
472 #define log_backtrace(count, max) \
473 if (count++ < max) { \
474 void *array[20]; \
475 char **strings; \
476 int size, i; \
477 log(0, 0, 0, t, "Backtrace follows"); \
478 size = backtrace(array, 10); \
479 strings = backtrace_symbols(array, size); \
480 if (strings) for (i = 0; i < size; i++) \
481 { \
482 log(0, 0, 0, t, "%s\n", strings[i]); \
483 } \
484 free(strings); \
485 }
486
for cloning use: "git clone git://git.sameswireless.fr/l2tpns.git" ; For add to your sources.list: "deb http://package.sameswifi.fr/ jessie main"