2 // $Id: l2tpns.h,v 1.4 2004/04/16 02:33:32 fred_nerk Exp $
4 #include <netinet/in.h>
8 #define VERSION "1.1.2"
11 #define MAXTUNNEL 500 // could be up to 65535
12 #define MAXSESSION 50000 // could be up to 65535
14 #define MAXCONTROL 1000 // max length control message we ever send...
15 #define MAXETHER (1500+18) // max packet we try sending to tap
16 #define MAXTEL 96 // telephone number
17 #define MAXPLUGINS 20 // maximum number of plugins to load
18 #define MAXRADSERVER 10 // max radius servers
19 #define MAXROUTE 10 // max static routes per session
20 #define MAXIPPOOL 131072 // max number of ip addresses in pool
21 #define RINGBUFFER_SIZE 10000 // Number of ringbuffer entries to allocate
22 #define MAX_LOG_LENGTH 512 // Maximum size of log message
23 #define ECHO_TIMEOUT 60 // Time between last packet sent and LCP ECHO generation
24 #define IDLE_TIMEOUT 240 // Time between last packet sent and LCP ECHO generation
30 #define TAPDEVICE "/dev/net/tun"
32 #define HOMEDIR "/home/l2tpns/" // Base dir for data
33 #define STATEFILE "/tmp/l2tpns.dump" // State dump file
34 #define NOSTATEFILE "/tmp/l2tpns.no_state_reload" // If exists, state will not be reloaded
35 #define CONFIGFILE ETCDIR "/l2tpns.cfg" // Configuration file
36 #define CLIUSERS ETCDIR "/l2tpns.users" // CLI Users file
37 #define IPPOOLFILE ETCDIR "/l2tpns.ip_pool" // Address pool configuration
39 #define LIBDIR "/usr/lib/l2tpns"
41 #define ACCT_TIME 3000 // 5 minute accounting interval
42 #define L2TPPORT 1701 // L2TP port
43 #define RADPORT 1645 // old radius port...
44 #define RADAPORT 1646 // old radius accounting port
45 #define PKTARP 0x0806 // ARP packet type
46 #define PKTIP 0x0800 // IP packet type
47 #define PSEUDOMAC 0x0200 // pseudo MAC prefix (local significant MAC)
49 #define PPPCHAP 0xC223
51 #define PPPIPCP 0x8021
71 typedef unsigned short u16
;
72 typedef unsigned int u32
;
73 typedef unsigned char u8
;
76 typedef u16 sessionidt
;
77 typedef u16 tunnelidt
;
81 // dump header: update number if internal format changes
82 #define DUMP_MAGIC "L2TPNS#" VERSION "#"
85 typedef struct routes
// route
92 typedef struct controls
// control message
94 struct controls
*next
; // next in queue
109 // 336 bytes per session
110 typedef struct sessions
112 sessionidt next
; // next session in linked list
113 sessionidt far
; // far end session ID
114 tunnelidt tunnel
; // tunnel ID
115 ipt ip
; // IP of session set by RADIUS response
116 int ip_pool_index
; // index to IP pool
117 unsigned long sid
; // session id for hsddb
118 u16 nr
; // next receive
120 u32 magic
; // ppp magic number
121 u32 cin
, cout
; // byte counts
122 u32 pin
, pout
; // packet counts
123 u32 total_cin
; // This counter is never reset while a session is open
124 u32 total_cout
; // This counter is never reset while a session is open
125 u32 id
; // session id
126 clockt opened
; // when started
127 clockt die
; // being closed, when to finally free
128 time_t last_packet
; // Last packet from the user (used for idle timeouts)
129 ipt dns1
, dns2
; // DNS servers
130 routet route
[MAXROUTE
]; // static routes
131 u8 radius
; // which radius session is being used (0 for not waiting on authentication)
132 u8 flags
; // various bit flags
133 u8 snoop
; // are we snooping this session?
134 u8 throttle
; // is this session throttled?
135 u8 walled_garden
; // is this session gardened?
136 u16 mru
; // maximum receive unit
137 u16 tbf
; // filter bucket for throttling
138 char random_vector
[MAXTEL
];
139 int random_vector_length
;
140 char user
[129]; // user (needed in seesion for radius stop messages)
141 char called
[MAXTEL
]; // called number
142 char calling
[MAXTEL
]; // calling number
143 unsigned long tx_connect_speed
;
144 unsigned long rx_connect_speed
;
148 #define SESSIONPFC 1 // PFC negotiated flags
149 #define SESSIONACFC 2 // ACFC negotiated flags
151 // 168 bytes per tunnel
152 typedef struct tunnels
154 tunnelidt far
; // far end tunnel ID
155 ipt ip
; // Ip for far end
156 portt port
; // port for far end
157 u16 window
; // Rx window
158 u16 nr
; // next receive
160 int state
; // current state (tunnelstate enum)
161 clockt last
; // when last control message sent (used for resend timeout)
162 clockt retry
; // when to try resenting pending control
163 clockt die
; // being closed, when to finally free
164 clockt lastrec
; // when the last control message was received
165 char hostname
[128]; // tunnel hostname
166 char vendor
[128]; // LAC vendor
167 u8
try; // number of retrys on a control message
168 u16 controlc
; // outstaind messages in queue
169 controlt
*controls
; // oldest message
170 controlt
*controle
; // newest message
174 // 180 bytes per radius session
175 typedef struct radiuss
// outstanding RADIUS requests
177 sessionidt session
; // which session this applies to
178 hasht auth
; // request authenticator
179 clockt retry
; // when to try next
180 char calling
[MAXTEL
]; // calling number
181 char pass
[129]; // password
182 u8 id
; // ID for PPP response
183 u8
try; // which try we are on
184 u8 state
; // state of radius requests
185 u8 chap
; // set if CHAP used (is CHAP identifier)
192 char assigned
; // 1 if assigned, 0 if free
193 clockt last
; // last used
194 char user
[129]; // user (try to have ip addresses persistent)
206 char message
[MAX_LOG_LENGTH
];
207 } buffer
[RINGBUFFER_SIZE
];
214 * Possible tunnel states
215 * TUNNELFREE -> TUNNELOPEN -> TUNNELDIE -> TUNNELFREE
219 TUNNELFREE
, // Not in use
220 TUNNELOPEN
, // Active tunnel
221 TUNNELDIE
, // Currently closing
222 TUNNELOPENING
// Busy opening
227 RADIUSNULL
, // Not in use
228 RADIUSCHAP
, // sending CHAP down PPP
229 RADIUSAUTH
, // sending auth to RADIUS server
230 RADIUSIPCP
, // sending IPCP to end user
231 RADIUSSTART
, // sending start accounting to RADIUS server
232 RADIUSSTOP
, // sending stop accounting to RADIUS server
233 RADIUSWAIT
// waiting timeout before available, in case delayed replies
241 unsigned long tap_rx_packets
;
242 unsigned long tap_tx_packets
;
243 unsigned long tap_rx_bytes
;
244 unsigned long tap_tx_bytes
;
245 unsigned long tap_rx_errors
;
246 unsigned long tap_tx_errors
;
248 unsigned long tunnel_rx_packets
;
249 unsigned long tunnel_tx_packets
;
250 unsigned long tunnel_rx_bytes
;
251 unsigned long tunnel_tx_bytes
;
252 unsigned long tunnel_rx_errors
;
253 unsigned long tunnel_tx_errors
;
255 unsigned long tunnel_retries
;
256 unsigned long radius_retries
;
258 unsigned long arp_errors
;
259 unsigned long arp_replies
;
260 unsigned long arp_discarded
;
261 unsigned long arp_sent
;
262 unsigned long arp_recv
;
264 unsigned long packets_snooped
;
266 unsigned long tunnel_created
;
267 unsigned long session_created
;
268 unsigned long tunnel_timeout
;
269 unsigned long session_timeout
;
270 unsigned long radius_timeout
;
271 unsigned long radius_overflow
;
272 unsigned long tunnel_overflow
;
273 unsigned long session_overflow
;
275 unsigned long ip_allocated
;
276 unsigned long ip_freed
;
278 unsigned long call_processtap
;
279 unsigned long call_processarp
;
280 unsigned long call_processipout
;
281 unsigned long call_processudp
;
282 unsigned long call_sessionbyip
;
283 unsigned long call_sessionbyuser
;
284 unsigned long call_sendarp
;
285 unsigned long call_sendipcp
;
286 unsigned long call_tunnelsend
;
287 unsigned long call_sessionkill
;
288 unsigned long call_sessionshutdown
;
289 unsigned long call_tunnelkill
;
290 unsigned long call_tunnelshutdown
;
291 unsigned long call_assign_ip_address
;
292 unsigned long call_free_ip_address
;
293 unsigned long call_dump_acct_info
;
294 unsigned long call_sessionsetup
;
295 unsigned long call_processpap
;
296 unsigned long call_processchap
;
297 unsigned long call_processlcp
;
298 unsigned long call_processipcp
;
299 unsigned long call_processipin
;
300 unsigned long call_processccp
;
301 unsigned long call_sendchap
;
302 unsigned long call_processrad
;
303 unsigned long call_radiussend
;
304 unsigned long call_radiusretry
;
309 #define STAT(x) _statistics->x++
310 #define INC_STAT(x,y) _statistics->x += y
311 #define GET_STAT(x) _statistics->x
312 #define SET_STAT(x, y) _statistics->x = y
315 #define INC_STAT(x,y)
316 #define GET_STAT(x) 0
317 #define SET_STAT(x, y)
322 int debug
; // debugging level
323 time_t start_time
; // time when l2tpns was started
324 char bandwidth
[256]; // current bandwidth
326 char config_file
[128];
327 int reload_config
; // flag to re-read config (set by cli)
329 char tapdevice
[10]; // tap device name
330 char log_filename
[128];
333 char radiussecret
[64];
334 int radius_accounting
;
335 ipt radiusserver
[MAXRADSERVER
]; // radius servers
336 u8 numradiusservers
; // radius server count
338 ipt default_dns1
, default_dns2
;
340 ipt snoop_destination_host
;
341 u16 snoop_destination_port
;
343 unsigned long rl_rate
;
345 uint32_t cluster_address
;
346 int ignore_cluster_updates
;
347 char accounting_dir
[128];
351 char plugins
[64][MAXPLUGINS
];
352 char old_plugins
[64][MAXPLUGINS
];
355 struct config_descriptt
360 enum { INT
, STRING
, UNSIGNED_LONG
, SHORT
, BOOL
, IP
} type
;
364 void sendarp(int ifr_idx
, const unsigned char* mac
, ipt ip
);
368 void processpap(tunnelidt t
, sessionidt s
, u8
* p
, u16 l
);
369 void processchap(tunnelidt t
, sessionidt s
, u8
* p
, u16 l
);
370 void processlcp(tunnelidt t
, sessionidt s
, u8
* p
, u16 l
);
371 void processipcp(tunnelidt t
, sessionidt s
, u8
* p
, u16 l
);
372 void processipin(tunnelidt t
, sessionidt s
, u8
* p
, u16 l
);
373 void processccp(tunnelidt t
, sessionidt s
, u8
* p
, u16 l
);
374 void sendchap(tunnelidt t
, sessionidt s
);
375 u8
*makeppp(u8
* b
, u8
* p
, int l
, tunnelidt t
, sessionidt s
, u16 mtype
);
376 u8
*findppp(u8
* b
, u8 mtype
);
377 void initlcp(tunnelidt t
, sessionidt s
);
378 void dumplcp(char *p
, int l
);
383 void radiussend(u8 r
, u8 state
);
384 void processrad(u8
*buf
, int len
);
385 void radiusretry(u8 r
);
386 u8
radiusnew(sessionidt s
);
387 void radiusclear(u8 r
, sessionidt s
);
390 int throttle_session(sessionidt s
, int throttle
);
397 void rl_done_tbf(u16 t
);
398 void rl_destroy_tbf(u16 t
);
403 clockt
backoff(u8
try);
404 void routeset(ipt ip
, ipt mask
, ipt gw
, u8 add
);
409 sessionidt
sessionbyip(ipt ip
);
410 sessionidt
sessionbyuser(char *username
);
411 void sessionshutdown(sessionidt s
, char *reason
);
412 void sessionsendarp(sessionidt s
);
413 void send_garp(ipt ip
);
414 void sessionkill(sessionidt s
, char *reason
);
415 void control16(controlt
* c
, u16 avp
, u16 val
, u8 m
);
416 void control32(controlt
* c
, u16 avp
, u32 val
, u8 m
);
417 void controls(controlt
* c
, u16 avp
, char *val
, u8 m
);
418 void controlb(controlt
* c
, u16 avp
, char *val
, unsigned int len
, u8 m
);
419 controlt
*controlnew(u16 mtype
);
420 void controlnull(tunnelidt t
);
421 void controladd(controlt
* c
, tunnelidt t
, sessionidt s
);
422 void tunnelsend(u8
* buf
, u16 l
, tunnelidt t
);
423 void tunnelkill(tunnelidt t
, char *reason
);
424 void tunnelshutdown(tunnelidt t
, char *reason
);
425 void sendipcp(tunnelidt t
, sessionidt s
);
426 void processipout(u8
* buf
, int len
);
427 void processarp(u8
* buf
, int len
);
428 void processudp(u8
* buf
, int len
, struct sockaddr_in
*addr
);
429 void processtap(u8
* buf
, int len
);
430 void processcontrol(u8
* buf
, int len
, struct sockaddr_in
*addr
);
431 int assign_ip_address(sessionidt s
);
432 void free_ip_address(sessionidt s
);
433 void snoop_send_packet(char *packet
, u16 size
);
434 void dump_acct_info();
438 #define log_hex(a,b,c,d) do{if (a <= config->debug) _log_hex(a,0,0,0,b,c,d);}while (0)
440 void _log(int level
, ipt address
, sessionidt s
, tunnelidt t
, const char *format
, ...);
441 void _log_hex(int level
, ipt address
, sessionidt s
, tunnelidt t
, const char *title
, const char *data
, int maxsize
);
442 void build_chap_response(char *challenge
, u8 id
, u16 challenge_length
, char **challenge_response
);
443 int sessionsetup(tunnelidt t
, sessionidt s
, u8 routes
);
444 int cluster_send_session(int s
);
445 int cluster_send_tunnel(int t
);
446 int cluster_send_goodbye();
448 void cli_do_file(FILE *fh
);
449 void cli_do(int sockfd
);
451 void ringbuffer_dump(FILE *stream
);
454 int run_plugins(int plugin_type
, void *data
);
455 void add_plugin(char *plugin_name
);
456 void remove_plugin(char *plugin_name
);
457 void tunnelclear(tunnelidt t
);
458 void host_unreachable(ipt destination
, u16 id
, ipt source
, char *packet
, int packet_len
);
460 extern tunnelt
*tunnel
;
461 extern sessiont
*session
;
462 #define sessionfree (session[0].next)