Fix cluster group update
[l2tpns.git] / l2tpns.c
index 71d5857..17c440b 100644 (file)
--- a/l2tpns.c
+++ b/l2tpns.c
 #include "bgp.h"
 #endif
 
 #include "bgp.h"
 #endif
 
-#ifdef LAC
 #include "l2tplac.h"
 #include "l2tplac.h"
-#endif
 #include "pppoe.h"
 
 #include "pppoe.h"
 
-#ifdef LAC
 char * Vendor_name = "Linux L2TPNS";
 uint32_t call_serial_number = 0;
 char * Vendor_name = "Linux L2TPNS";
 uint32_t call_serial_number = 0;
-#endif
 
 // Globals
 configt *config = NULL;                // all configuration
 int nlfd = -1;                 // netlink socket
 int tunfd = -1;                        // tun interface file handle. (network device)
 
 // Globals
 configt *config = NULL;                // all configuration
 int nlfd = -1;                 // netlink socket
 int tunfd = -1;                        // tun interface file handle. (network device)
-int udpfd = -1;                        // UDP file handle
-#ifdef LAC
+int udpfd[MAX_UDPFD + 1] = INIT_TABUDPFD;              // array UDP file handle + 1 for lac udp
 int udplacfd = -1;             // UDP LAC file handle
 int udplacfd = -1;             // UDP LAC file handle
-#endif
 int controlfd = -1;            // Control signal handle
 int clifd = -1;                        // Socket listening for CLI connections.
 int daefd = -1;                        // Socket listening for DAE connections.
 int controlfd = -1;            // Control signal handle
 int clifd = -1;                        // Socket listening for CLI connections.
 int daefd = -1;                        // Socket listening for DAE connections.
@@ -81,7 +75,7 @@ int cluster_sockfd = -1;      // Intra-cluster communications socket.
 int epollfd = -1;              // event polling
 time_t basetime = 0;           // base clock
 char hostname[MAXHOSTNAME] = "";       // us.
 int epollfd = -1;              // event polling
 time_t basetime = 0;           // base clock
 char hostname[MAXHOSTNAME] = "";       // us.
-static int tunidx;             // ifr_ifindex of tun device
+int tunidx;                            // ifr_ifindex of tun device
 int nlseqnum = 0;              // netlink sequence number
 int min_initok_nlseqnum = 0;   // minimun seq number for messages after init is ok
 static int syslog_log = 0;     // are we logging to syslog
 int nlseqnum = 0;              // netlink sequence number
 int min_initok_nlseqnum = 0;   // minimun seq number for messages after init is ok
 static int syslog_log = 0;     // are we logging to syslog
@@ -98,10 +92,7 @@ uint16_t MSS = 0;            // TCP MSS
 struct cli_session_actions *cli_session_actions = NULL;        // Pending session changes requested by CLI
 struct cli_tunnel_actions *cli_tunnel_actions = NULL;  // Pending tunnel changes required by CLI
 
 struct cli_session_actions *cli_session_actions = NULL;        // Pending session changes requested by CLI
 struct cli_tunnel_actions *cli_tunnel_actions = NULL;  // Pending tunnel changes required by CLI
 
-union iphash {
-       sessionidt sess;
-       union iphash *idx;
-} ip_hash[256];                        // Mapping from IP address to session structures.
+union iphash ip_hash[256];     // Mapping from IP address to session structures.
 
 struct ipv6radix {
        sessionidt sess;
 
 struct ipv6radix {
        sessionidt sess;
@@ -181,16 +172,18 @@ config_descriptt config_values[] = {
        CONFIG("idle_echo_timeout", idle_echo_timeout, INT),
        CONFIG("iftun_address", iftun_address, IPv4),
        CONFIG("tundevicename", tundevicename, STRING),
        CONFIG("idle_echo_timeout", idle_echo_timeout, INT),
        CONFIG("iftun_address", iftun_address, IPv4),
        CONFIG("tundevicename", tundevicename, STRING),
-#ifdef LAC
        CONFIG("disable_lac_func", disable_lac_func, BOOL),
        CONFIG("auth_tunnel_change_addr_src", auth_tunnel_change_addr_src, BOOL),
        CONFIG("bind_address_remotelns", bind_address_remotelns, IPv4),
        CONFIG("bind_portremotelns", bind_portremotelns, SHORT),
        CONFIG("disable_lac_func", disable_lac_func, BOOL),
        CONFIG("auth_tunnel_change_addr_src", auth_tunnel_change_addr_src, BOOL),
        CONFIG("bind_address_remotelns", bind_address_remotelns, IPv4),
        CONFIG("bind_portremotelns", bind_portremotelns, SHORT),
-#endif
-       CONFIG("pppoe_if_name", pppoe_if_name, STRING),
+       CONFIG("pppoe_if_to_bind", pppoe_if_to_bind, STRING),
        CONFIG("pppoe_service_name", pppoe_service_name, STRING),
        CONFIG("pppoe_ac_name", pppoe_ac_name, STRING),
        CONFIG("pppoe_service_name", pppoe_service_name, STRING),
        CONFIG("pppoe_ac_name", pppoe_ac_name, STRING),
-       { NULL, 0, 0, 0 },
+       CONFIG("disable_sending_hello", disable_sending_hello, BOOL),
+       CONFIG("disable_no_spoof", disable_no_spoof, BOOL),
+       CONFIG("bind_multi_address", bind_multi_address, STRING),
+       CONFIG("grp_txrate_average_time", grp_txrate_average_time, INT),
+       { NULL, 0, 0, 0 }
 };
 
 static char *plugin_functions[] = {
 };
 
 static char *plugin_functions[] = {
@@ -218,6 +211,7 @@ tunnelt *tunnel = NULL;                     // Array of tunnel structures.
 bundlet *bundle = NULL;                        // Array of bundle structures.
 fragmentationt *frag = NULL;           // Array of fragmentation structures.
 sessiont *session = NULL;              // Array of session structures.
 bundlet *bundle = NULL;                        // Array of bundle structures.
 fragmentationt *frag = NULL;           // Array of fragmentation structures.
 sessiont *session = NULL;              // Array of session structures.
+groupsesst *grpsession = NULL;         // Array of groupsesst structures.
 sessionlocalt *sess_local = NULL;      // Array of local per-session counters.
 radiust *radius = NULL;                        // Array of radius structures.
 ippoolt *ip_address_pool = NULL;       // Array of dynamic IP addresses.
 sessionlocalt *sess_local = NULL;      // Array of local per-session counters.
 radiust *radius = NULL;                        // Array of radius structures.
 ippoolt *ip_address_pool = NULL;       // Array of dynamic IP addresses.
@@ -228,9 +222,6 @@ struct Tstats *_statistics = NULL;
 struct Tringbuffer *ringbuffer = NULL;
 #endif
 
 struct Tringbuffer *ringbuffer = NULL;
 #endif
 
-static ssize_t netlink_send(struct nlmsghdr *nh);
-static void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen);
-static void cache_ipmap(in_addr_t ip, sessionidt s);
 static void uncache_ipmap(in_addr_t ip);
 static void cache_ipv6map(struct in6_addr ip, int prefixlen, sessionidt s);
 static void free_ip_address(sessionidt s);
 static void uncache_ipmap(in_addr_t ip);
 static void cache_ipv6map(struct in6_addr ip, int prefixlen, sessionidt s);
 static void free_ip_address(sessionidt s);
@@ -259,8 +250,9 @@ static clockt now(double *f)
        if (f) *f = t.tv_sec + t.tv_usec / 1000000.0;
        if (t.tv_sec != time_now)
        {
        if (f) *f = t.tv_sec + t.tv_usec / 1000000.0;
        if (t.tv_sec != time_now)
        {
-           time_now = t.tv_sec;
-           time_changed++;
+               time_now = t.tv_sec;
+               time_changed++;
+               grp_time_changed();
        }
 
        // Time in milliseconds
        }
 
        // Time in milliseconds
@@ -619,7 +611,7 @@ static void initnetlink(void)
        }
 }
 
        }
 }
 
-static ssize_t netlink_send(struct nlmsghdr *nh)
+ssize_t netlink_send(struct nlmsghdr *nh)
 {
        struct sockaddr_nl nladdr;
        struct iovec iov;
 {
        struct sockaddr_nl nladdr;
        struct iovec iov;
@@ -655,7 +647,7 @@ static ssize_t netlink_recv(void *buf, ssize_t len)
 }
 
 /* adapted from iproute2 */
 }
 
 /* adapted from iproute2 */
-static void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen)
+void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen)
 {
        int len = RTA_LENGTH(alen);
        struct rtattr *rta;
 {
        int len = RTA_LENGTH(alen);
        struct rtattr *rta;
@@ -698,7 +690,7 @@ static void inittun(void)
        }
 
    if (*config->tundevicename)
        }
 
    if (*config->tundevicename)
-         strncpy(ifr.ifr_name, config->tundevicename, IFNAMSIZ);
+               strncpy(ifr.ifr_name, config->tundevicename, IFNAMSIZ);
 
        if (ioctl(tunfd, TUNSETIFF, (void *) &ifr) < 0)
        {
 
        if (ioctl(tunfd, TUNSETIFF, (void *) &ifr) < 0)
        {
@@ -760,14 +752,30 @@ static void inittun(void)
                req.ifmsg.ifaddr.ifa_scope = RT_SCOPE_UNIVERSE;
                req.ifmsg.ifaddr.ifa_index = tunidx;
 
                req.ifmsg.ifaddr.ifa_scope = RT_SCOPE_UNIVERSE;
                req.ifmsg.ifaddr.ifa_index = tunidx;
 
-               if (config->iftun_address)
-                       ip = config->iftun_address;
+               if (config->nbmultiaddress > 1)
+               {
+                       int i;
+                       for (i = 0; i < config->nbmultiaddress ; i++)
+                       {
+                               ip = config->iftun_n_address[i];
+                               netlink_addattr(&req.nh, IFA_LOCAL, &ip, sizeof(ip));
+                               if (netlink_send(&req.nh) < 0)
+                                       goto senderror;
+                       }
+               }
                else
                else
-                       ip = 0x01010101; // 1.1.1.1
-               netlink_addattr(&req.nh, IFA_LOCAL, &ip, sizeof(ip));
+               {
+                       if (config->iftun_address)
+                               ip = config->iftun_address;
+                       else
+                               ip = 0x01010101; // 1.1.1.1
+                       netlink_addattr(&req.nh, IFA_LOCAL, &ip, sizeof(ip));
+
+                       if (netlink_send(&req.nh) < 0)
+                               goto senderror;
+               }
+
 
 
-               if (netlink_send(&req.nh) < 0)
-                       goto senderror;
 
                // Only setup IPv6 on the tun device if we have a configured prefix
                if (config->ipv6_prefix.s6_addr[0]) {
 
                // Only setup IPv6 on the tun device if we have a configured prefix
                if (config->ipv6_prefix.s6_addr[0]) {
@@ -837,28 +845,35 @@ senderror:
        exit(1);
 }
 
        exit(1);
 }
 
-// set up UDP ports
-static void initudp(void)
+// set up LAC UDP ports
+static void initlacudp(void)
 {
        int on = 1;
        struct sockaddr_in addr;
 
 {
        int on = 1;
        struct sockaddr_in addr;
 
-       // Tunnel
+       // Tunnel to Remote LNS
        memset(&addr, 0, sizeof(addr));
        addr.sin_family = AF_INET;
        memset(&addr, 0, sizeof(addr));
        addr.sin_family = AF_INET;
-       addr.sin_port = htons(L2TPPORT);
-       addr.sin_addr.s_addr = config->bind_address;
-       udpfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
-       setsockopt(udpfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
+       addr.sin_port = htons(config->bind_portremotelns);
+       addr.sin_addr.s_addr = config->bind_address_remotelns;
+       udplacfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+       setsockopt(udplacfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
        {
        {
-               int flags = fcntl(udpfd, F_GETFL, 0);
-               fcntl(udpfd, F_SETFL, flags | O_NONBLOCK);
+               int flags = fcntl(udplacfd, F_GETFL, 0);
+               fcntl(udplacfd, F_SETFL, flags | O_NONBLOCK);
        }
        }
-       if (bind(udpfd, (struct sockaddr *) &addr, sizeof(addr)) < 0)
+       if (bind(udplacfd, (struct sockaddr *) &addr, sizeof(addr)) < 0)
        {
        {
-               LOG(0, 0, 0, "Error in UDP bind: %s\n", strerror(errno));
+               LOG(0, 0, 0, "Error in UDP REMOTE LNS bind: %s\n", strerror(errno));
                exit(1);
        }
                exit(1);
        }
+}
+
+// set up control ports
+static void initcontrol(void)
+{
+       int on = 1;
+       struct sockaddr_in addr;
 
        // Control
        memset(&addr, 0, sizeof(addr));
 
        // Control
        memset(&addr, 0, sizeof(addr));
@@ -872,6 +887,13 @@ static void initudp(void)
                LOG(0, 0, 0, "Error in control bind: %s\n", strerror(errno));
                exit(1);
        }
                LOG(0, 0, 0, "Error in control bind: %s\n", strerror(errno));
                exit(1);
        }
+}
+
+// set up Dynamic Authorization Extensions to RADIUS port
+static void initdae(void)
+{
+       int on = 1;
+       struct sockaddr_in addr;
 
        // Dynamic Authorization Extensions to RADIUS
        memset(&addr, 0, sizeof(addr));
 
        // Dynamic Authorization Extensions to RADIUS
        memset(&addr, 0, sizeof(addr));
@@ -885,28 +907,30 @@ static void initudp(void)
                LOG(0, 0, 0, "Error in DAE bind: %s\n", strerror(errno));
                exit(1);
        }
                LOG(0, 0, 0, "Error in DAE bind: %s\n", strerror(errno));
                exit(1);
        }
+}
 
 
-#ifdef LAC
-       // Tunnel to Remote LNS
+// set up UDP ports
+static void initudp(int * pudpfd, in_addr_t ip_bind)
+{
+       int on = 1;
+       struct sockaddr_in addr;
+
+       // Tunnel
        memset(&addr, 0, sizeof(addr));
        addr.sin_family = AF_INET;
        memset(&addr, 0, sizeof(addr));
        addr.sin_family = AF_INET;
-       addr.sin_port = htons(config->bind_portremotelns);
-       addr.sin_addr.s_addr = config->bind_address_remotelns;
-       udplacfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
-       setsockopt(udplacfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
+       addr.sin_port = htons(L2TPPORT);
+       addr.sin_addr.s_addr = ip_bind;
+       (*pudpfd) = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+       setsockopt((*pudpfd), SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
        {
        {
-               int flags = fcntl(udplacfd, F_GETFL, 0);
-               fcntl(udplacfd, F_SETFL, flags | O_NONBLOCK);
+               int flags = fcntl((*pudpfd), F_GETFL, 0);
+               fcntl((*pudpfd), F_SETFL, flags | O_NONBLOCK);
        }
        }
-       if (bind(udplacfd, (struct sockaddr *) &addr, sizeof(addr)) < 0)
+       if (bind((*pudpfd), (struct sockaddr *) &addr, sizeof(addr)) < 0)
        {
        {
-               LOG(0, 0, 0, "Error in UDP REMOTE LNS bind: %s\n", strerror(errno));
+               LOG(0, 0, 0, "Error in UDP bind: %s\n", strerror(errno));
                exit(1);
        }
                exit(1);
        }
-#endif
-
-       // Intercept
-       snoopfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
 }
 
 //
 }
 
 //
@@ -1001,7 +1025,7 @@ sessionidt sessionbyipv6(struct in6_addr ip)
 //
 // (It's actually cached in network order)
 //
 //
 // (It's actually cached in network order)
 //
-static void cache_ipmap(in_addr_t ip, sessionidt s)
+void cache_ipmap(in_addr_t ip, sessionidt s)
 {
        in_addr_t nip = htonl(ip);      // MUST be in network order. I.e. MSB must in be ((char *) (&ip))[0]
        uint8_t *a = (uint8_t *) &nip;
 {
        in_addr_t nip = htonl(ip);      // MUST be in network order. I.e. MSB must in be ((char *) (&ip))[0]
        uint8_t *a = (uint8_t *) &nip;
@@ -1231,14 +1255,11 @@ void tunnelsend(uint8_t * buf, uint16_t l, tunnelidt t)
                        LOG(3, 0, t, "Control message resend try %d\n", tunnel[t].try);
                }
        }
                        LOG(3, 0, t, "Control message resend try %d\n", tunnel[t].try);
                }
        }
-#ifdef LAC
-       if (sendto((tunnel[t].isremotelns?udplacfd:udpfd), buf, l, 0, (void *) &addr, sizeof(addr)) < 0)
-#else
-       if (sendto(udpfd, buf, l, 0, (void *) &addr, sizeof(addr)) < 0)
-#endif
+
+       if (sendto(udpfd[tunnel[t].indexudp], buf, l, 0, (void *) &addr, sizeof(addr)) < 0)
        {
                LOG(0, ntohs((*(uint16_t *) (buf + 6))), t, "Error sending data out tunnel: %s (udpfd=%d, buf=%p, len=%d, dest=%s)\n",
        {
                LOG(0, ntohs((*(uint16_t *) (buf + 6))), t, "Error sending data out tunnel: %s (udpfd=%d, buf=%p, len=%d, dest=%s)\n",
-                               strerror(errno), udpfd, buf, l, inet_ntoa(addr.sin_addr));
+                               strerror(errno), udpfd[tunnel[t].indexudp], buf, l, inet_ntoa(addr.sin_addr));
                STAT(tunnel_tx_errors);
                return;
        }
                STAT(tunnel_tx_errors);
                return;
        }
@@ -1386,6 +1407,7 @@ static void update_session_out_stat(sessionidt s, sessiont *sp, int len)
 void processipout(uint8_t *buf, int len)
 {
        sessionidt s;
 void processipout(uint8_t *buf, int len)
 {
        sessionidt s;
+       groupidt g;
        sessiont *sp;
        tunnelidt t;
        in_addr_t ip;
        sessiont *sp;
        tunnelidt t;
        in_addr_t ip;
@@ -1422,7 +1444,31 @@ void processipout(uint8_t *buf, int len)
        }
 
        ip = *(uint32_t *)(buf + 16);
        }
 
        ip = *(uint32_t *)(buf + 16);
-       if (!(s = sessionbyip(ip)))
+       if ((g = grp_groupbyip(ip)))
+       {
+               s = grp_getnextsession(g, ip);
+               if (!s)
+               {
+                       // Is this a packet for a session that doesn't exist?
+                       static int rate = 0;    // Number of ICMP packets we've sent this second.
+                       static int last = 0;    // Last time we reset the ICMP packet counter 'rate'.
+
+                       if (last != time_now)
+                       {
+                               last = time_now;
+                               rate = 0;
+                       }
+
+                       if (rate++ < config->icmp_rate) // Only send a max of icmp_rate per second.
+                       {
+                               LOG(4, 0, 0, "IP: Sending ICMP host unreachable to %s\n", fmtaddr(*(in_addr_t *)(buf + 12), 0));
+                               host_unreachable(*(in_addr_t *)(buf + 12), *(uint16_t *)(buf + 4),
+                                       config->bind_address ? config->bind_address : my_address, buf, len);
+                       }
+                       return;
+               }
+       }
+       else if (!(s = sessionbyip(ip)))
        {
                // Is this a packet for a session that doesn't exist?
                static int rate = 0;    // Number of ICMP packets we've sent this second.
        {
                // Is this a packet for a session that doesn't exist?
                static int rate = 0;    // Number of ICMP packets we've sent this second.
@@ -1624,17 +1670,15 @@ void processipout(uint8_t *buf, int len)
                else
                {
                        // Send it as one frame (NO MPPP Frame)
                else
                {
                        // Send it as one frame (NO MPPP Frame)
-                       uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0);
-                       if (!p) return;
-                       tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+                       uint8_t *p = opt_makeppp(buf, len, s, t, PPPIP, 0, 0, 0);
+                       tunnelsend(p, len + (buf-p), t); // send it...
                        update_session_out_stat(s, sp, len);
                }
        }
        else
        {
                        update_session_out_stat(s, sp, len);
                }
        }
        else
        {
-               uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0);
-               if (!p) return;
-               tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+               uint8_t *p = opt_makeppp(buf, len, s, t, PPPIP, 0, 0, 0);
+               tunnelsend(p, len + (buf-p), t); // send it...
                update_session_out_stat(s, sp, len);
        }
 
                update_session_out_stat(s, sp, len);
        }
 
@@ -1819,10 +1863,10 @@ static void send_ipout(sessionidt s, uint8_t *buf, int len)
 static void control16(controlt * c, uint16_t avp, uint16_t val, uint8_t m)
 {
        uint16_t l = (m ? 0x8008 : 0x0008);
 static void control16(controlt * c, uint16_t avp, uint16_t val, uint8_t m)
 {
        uint16_t l = (m ? 0x8008 : 0x0008);
-       c->buf16[c->length/2 + 0] = htons(l);
-       c->buf16[c->length/2 + 1] = htons(0);
-       c->buf16[c->length/2 + 2] = htons(avp);
-       c->buf16[c->length/2 + 3] = htons(val);
+       *(uint16_t *) (c->buf + c->length + 0) = htons(l);
+       *(uint16_t *) (c->buf + c->length + 2) = htons(0);
+       *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
+       *(uint16_t *) (c->buf + c->length + 6) = htons(val);
        c->length += 8;
 }
 
        c->length += 8;
 }
 
@@ -1830,10 +1874,10 @@ static void control16(controlt * c, uint16_t avp, uint16_t val, uint8_t m)
 static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m)
 {
        uint16_t l = (m ? 0x800A : 0x000A);
 static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m)
 {
        uint16_t l = (m ? 0x800A : 0x000A);
-       c->buf16[c->length/2 + 0] = htons(l);
-       c->buf16[c->length/2 + 1] = htons(0);
-       c->buf16[c->length/2 + 2] = htons(avp);
-       *(uint32_t *) &c->buf[c->length + 6] = htonl(val);
+       *(uint16_t *) (c->buf + c->length + 0) = htons(l);
+       *(uint16_t *) (c->buf + c->length + 2) = htons(0);
+       *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
+       *(uint32_t *) (c->buf + c->length + 6) = htonl(val);
        c->length += 10;
 }
 
        c->length += 10;
 }
 
@@ -1841,10 +1885,10 @@ static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m)
 static void controls(controlt * c, uint16_t avp, char *val, uint8_t m)
 {
        uint16_t l = ((m ? 0x8000 : 0) + strlen(val) + 6);
 static void controls(controlt * c, uint16_t avp, char *val, uint8_t m)
 {
        uint16_t l = ((m ? 0x8000 : 0) + strlen(val) + 6);
-       c->buf16[c->length/2 + 0] = htons(l);
-       c->buf16[c->length/2 + 1] = htons(0);
-       c->buf16[c->length/2 + 2] = htons(avp);
-       memcpy(&c->buf[c->length + 6], val, strlen(val));
+       *(uint16_t *) (c->buf + c->length + 0) = htons(l);
+       *(uint16_t *) (c->buf + c->length + 2) = htons(0);
+       *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
+       memcpy(c->buf + c->length + 6, val, strlen(val));
        c->length += 6 + strlen(val);
 }
 
        c->length += 6 + strlen(val);
 }
 
@@ -1852,10 +1896,10 @@ static void controls(controlt * c, uint16_t avp, char *val, uint8_t m)
 static void controlb(controlt * c, uint16_t avp, uint8_t *val, unsigned int len, uint8_t m)
 {
        uint16_t l = ((m ? 0x8000 : 0) + len + 6);
 static void controlb(controlt * c, uint16_t avp, uint8_t *val, unsigned int len, uint8_t m)
 {
        uint16_t l = ((m ? 0x8000 : 0) + len + 6);
-       c->buf16[c->length/2 + 0] = htons(l);
-       c->buf16[c->length/2 + 1] = htons(0);
-       c->buf16[c->length/2 + 2] = htons(avp);
-       memcpy(&c->buf[c->length + 6], val, len);
+       *(uint16_t *) (c->buf + c->length + 0) = htons(l);
+       *(uint16_t *) (c->buf + c->length + 2) = htons(0);
+       *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
+       memcpy(c->buf + c->length + 6, val, len);
        c->length += 6 + len;
 }
 
        c->length += 6 + len;
 }
 
@@ -1872,7 +1916,8 @@ static controlt *controlnew(uint16_t mtype)
        }
        assert(c);
        c->next = 0;
        }
        assert(c);
        c->next = 0;
-       c->buf16[0] = htons(0xC802); // flags/ver
+       c->buf[0] = 0xC8; // flags
+       c->buf[1] = 0x02; // ver
        c->length = 12;
        control16(c, 0, mtype, 1);
        return c;
        c->length = 12;
        control16(c, 0, mtype, 1);
        return c;
@@ -1898,10 +1943,10 @@ static void controlnull(tunnelidt t)
 // add a control message to a tunnel, and send if within window
 static void controladd(controlt *c, sessionidt far, tunnelidt t)
 {
 // add a control message to a tunnel, and send if within window
 static void controladd(controlt *c, sessionidt far, tunnelidt t)
 {
-       c->buf16[1] = htons(c->length); // length
-       c->buf16[2] = htons(tunnel[t].far); // tunnel
-       c->buf16[3] = htons(far); // session
-       c->buf16[4] = htons(tunnel[t].ns); // sequence
+       *(uint16_t *) (c->buf + 2) = htons(c->length); // length
+       *(uint16_t *) (c->buf + 4) = htons(tunnel[t].far); // tunnel
+       *(uint16_t *) (c->buf + 6) = htons(far); // session
+       *(uint16_t *) (c->buf + 8) = htons(tunnel[t].ns); // sequence
        tunnel[t].ns++;              // advance sequence
        // link in message in to queue
        if (tunnel[t].controlc)
        tunnel[t].ns++;              // advance sequence
        // link in message in to queue
        if (tunnel[t].controlc)
@@ -2026,7 +2071,6 @@ void sessionshutdown(sessionidt s, char const *reason, int cdn_result, int cdn_e
                struct param_kill_session data = { &tunnel[session[s].tunnel], &session[s] };
                LOG(2, s, session[s].tunnel, "Shutting down session %u: %s\n", s, reason);
                run_plugins(PLUGIN_KILL_SESSION, &data);
                struct param_kill_session data = { &tunnel[session[s].tunnel], &session[s] };
                LOG(2, s, session[s].tunnel, "Shutting down session %u: %s\n", s, reason);
                run_plugins(PLUGIN_KILL_SESSION, &data);
-               session[s].die = TIME + 150; // Clean up in 15 seconds
        }
 
        if (session[s].ip && !walled_garden && !session[s].die)
        }
 
        if (session[s].ip && !walled_garden && !session[s].die)
@@ -2051,8 +2095,11 @@ void sessionshutdown(sessionidt s, char const *reason, int cdn_result, int cdn_e
                        memcpy(&shut_acct[shut_acct_n++], &session[s], sizeof(session[s]));
        }
 
                        memcpy(&shut_acct[shut_acct_n++], &session[s], sizeof(session[s]));
        }
 
+       if (!session[s].die)
+               session[s].die = TIME + 150; // Clean up in 15 seconds
+
        if (session[s].ip)
        if (session[s].ip)
-       {                          // IP allocated, clear and unroute
+       {       // IP allocated, clear and unroute
                int r;
                int routed = 0;
                for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
                int r;
                int routed = 0;
                for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
@@ -2205,7 +2252,7 @@ void sendipcp(sessionidt s, tunnelidt t)
        q[4] = 3;                               // ip address option
        q[5] = 6;                               // option length
        *(in_addr_t *) (q + 6) = config->peer_address ? config->peer_address :
        q[4] = 3;                               // ip address option
        q[5] = 6;                               // option length
        *(in_addr_t *) (q + 6) = config->peer_address ? config->peer_address :
-                                config->iftun_address ? config->iftun_address :
+                                config->iftun_n_address[tunnel[t].indexudp] ? config->iftun_n_address[tunnel[t].indexudp] :
                                 my_address; // send my IP
 
        tunnelsend(buf, 10 + (q - buf), t); // send it
                                 my_address; // send my IP
 
        tunnelsend(buf, 10 + (q - buf), t); // send it
@@ -2252,6 +2299,8 @@ static void sessionclear(sessionidt s)
 // kill a session now
 void sessionkill(sessionidt s, char *reason)
 {
 // kill a session now
 void sessionkill(sessionidt s, char *reason)
 {
+       groupidt g;
+
        CSTAT(sessionkill);
 
        if (!session[s].opened) // not alive
        CSTAT(sessionkill);
 
        if (!session[s].opened) // not alive
@@ -2269,7 +2318,6 @@ void sessionkill(sessionidt s, char *reason)
        if (sess_local[s].radius)
                radiusclear(sess_local[s].radius, s); // cant send clean accounting data, session is killed
 
        if (sess_local[s].radius)
                radiusclear(sess_local[s].radius, s); // cant send clean accounting data, session is killed
 
-#ifdef LAC
        if (session[s].forwardtosession)
        {
                sessionidt sess = session[s].forwardtosession;
        if (session[s].forwardtosession)
        {
                sessionidt sess = session[s].forwardtosession;
@@ -2279,9 +2327,14 @@ void sessionkill(sessionidt s, char *reason)
                        sessionshutdown(sess, reason, CDN_ADMIN_DISC, TERM_ADMIN_RESET);
                }
        }
                        sessionshutdown(sess, reason, CDN_ADMIN_DISC, TERM_ADMIN_RESET);
                }
        }
-#endif
 
        LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason);
 
        LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason);
+
+       if ((g = grp_groupbysession(s)))
+       {
+               grp_removesession(g, s);
+       }
+
        sessionclear(s);
        cluster_send_session(s);
 }
        sessionclear(s);
        cluster_send_session(s);
 }
@@ -2385,7 +2438,7 @@ static void tunnelshutdown(tunnelidt t, char *reason, int result, int error, cha
 }
 
 // read and process packet on tunnel (UDP)
 }
 
 // read and process packet on tunnel (UDP)
-void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
+void processudp(uint8_t *buf, int len, struct sockaddr_in *addr, uint16_t indexudpfd)
 {
        uint8_t *chapresponse = NULL;
        uint16_t l = len, t = 0, s = 0, ns = 0, nr = 0;
 {
        uint8_t *chapresponse = NULL;
        uint16_t l = len, t = 0, s = 0, ns = 0, nr = 0;
@@ -2476,7 +2529,7 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
 
                if (!config->cluster_iam_master)
                {
 
                if (!config->cluster_iam_master)
                {
-                       master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
+                       master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port, indexudpfd);
                        return;
                }
 
                        return;
                }
 
@@ -2526,6 +2579,7 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                        tunnel[t].ip = ntohl(*(in_addr_t *) & addr->sin_addr);
                        tunnel[t].port = ntohs(addr->sin_port);
                        tunnel[t].window = 4; // default window
                        tunnel[t].ip = ntohl(*(in_addr_t *) & addr->sin_addr);
                        tunnel[t].port = ntohs(addr->sin_port);
                        tunnel[t].window = 4; // default window
+                       tunnel[t].indexudp = indexudpfd;
                        STAT(tunnel_created);
                        LOG(1, 0, t, "   New tunnel from %s:%u ID %u\n",
                                fmtaddr(htonl(tunnel[t].ip), 0), tunnel[t].port, t);
                        STAT(tunnel_created);
                        LOG(1, 0, t, "   New tunnel from %s:%u ID %u\n",
                                fmtaddr(htonl(tunnel[t].ip), 0), tunnel[t].port, t);
@@ -2797,7 +2851,6 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                                        }
                                        break;
                                case 13:    // Response
                                        }
                                        break;
                                case 13:    // Response
-#ifdef LAC
                                        if (tunnel[t].isremotelns)
                                        {
                                                chapresponse = calloc(17, 1);
                                        if (tunnel[t].isremotelns)
                                        {
                                                chapresponse = calloc(17, 1);
@@ -2805,7 +2858,6 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                                                LOG(3, s, t, "received challenge response from REMOTE LNS\n");
                                        }
                                        else
                                                LOG(3, s, t, "received challenge response from REMOTE LNS\n");
                                        }
                                        else
-#endif /* LAC */
                                        // Why did they send a response? We never challenge.
                                        LOG(2, s, t, "   received unexpected challenge response\n");
                                        break;
                                        // Why did they send a response? We never challenge.
                                        LOG(2, s, t, "   received unexpected challenge response\n");
                                        break;
@@ -3051,7 +3103,6 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                                case 2:       // SCCRP
                                        tunnel[t].state = TUNNELOPEN;
                                        tunnel[t].lastrec = time_now;
                                case 2:       // SCCRP
                                        tunnel[t].state = TUNNELOPEN;
                                        tunnel[t].lastrec = time_now;
-#ifdef LAC
                                        LOG(3, s, t, "Received SCCRP\n");
                                        if (main_quit != QUIT_SHUTDOWN)
                                        {
                                        LOG(3, s, t, "Received SCCRP\n");
                                        if (main_quit != QUIT_SHUTDOWN)
                                        {
@@ -3082,7 +3133,6 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                                        {
                                                tunnelshutdown(t, "Shutting down", 6, 0, 0);
                                        }
                                        {
                                                tunnelshutdown(t, "Shutting down", 6, 0, 0);
                                        }
-#endif /* LAC */
                                        break;
                                case 3:       // SCCN
                                        LOG(3, s, t, "Received SCCN\n");
                                        break;
                                case 3:       // SCCN
                                        LOG(3, s, t, "Received SCCN\n");
@@ -3160,7 +3210,6 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                                        }
                                        return;
                                case 11:      // ICRP
                                        }
                                        return;
                                case 11:      // ICRP
-#ifdef LAC
                                LOG(3, s, t, "Received ICRP\n");
                                if (session[s].forwardtosession)
                                {
                                LOG(3, s, t, "Received ICRP\n");
                                if (session[s].forwardtosession)
                                {
@@ -3176,7 +3225,6 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                                        controladd(c, asession, t); // send the message
                                        LOG(3, s, t, "Sending ICCN\n");
                                }
                                        controladd(c, asession, t); // send the message
                                        LOG(3, s, t, "Sending ICCN\n");
                                }
-#endif /* LAC */
                                        break;
                                case 12:      // ICCN
                                        LOG(3, s, t, "Received ICCN\n");
                                        break;
                                case 12:      // ICCN
                                        LOG(3, s, t, "Received ICCN\n");
@@ -3192,7 +3240,7 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
 
                                        // Set multilink options before sending initial LCP packet
                                        sess_local[s].mp_mrru = 1614;
 
                                        // Set multilink options before sending initial LCP packet
                                        sess_local[s].mp_mrru = 1614;
-                                       sess_local[s].mp_epdis = ntohl(config->iftun_address ? config->iftun_address : my_address);
+                                       sess_local[s].mp_epdis = ntohl(config->iftun_n_address[tunnel[t].indexudp] ? config->iftun_n_address[tunnel[t].indexudp] : my_address);
 
                                        sendlcp(s, t);
                                        change_state(s, lcp, RequestSent);
 
                                        sendlcp(s, t);
                                        change_state(s, lcp, RequestSent);
@@ -3250,12 +3298,11 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                        l -= 2;
                }
 
                        l -= 2;
                }
 
-#ifdef LAC
                if (session[s].forwardtosession)
                {
                        LOG(5, s, t, "Forwarding data session to session %u\n", session[s].forwardtosession);
                        // Forward to LAC/BAS or Remote LNS session
                if (session[s].forwardtosession)
                {
                        LOG(5, s, t, "Forwarding data session to session %u\n", session[s].forwardtosession);
                        // Forward to LAC/BAS or Remote LNS session
-                       lac_session_forward(buf, len, s, proto, addr->sin_addr.s_addr, addr->sin_port);
+                       lac_session_forward(buf, len, s, proto, addr->sin_addr.s_addr, addr->sin_port, indexudpfd);
                        return;
                }
                else if (config->auth_tunnel_change_addr_src)
                        return;
                }
                else if (config->auth_tunnel_change_addr_src)
@@ -3270,14 +3317,13 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                                tunnel[t].ip = ntohl(addr->sin_addr.s_addr);
                        }
                }
                                tunnel[t].ip = ntohl(addr->sin_addr.s_addr);
                        }
                }
-#endif /* LAC */
 
                if (s && !session[s].opened)    // Is something wrong??
                {
                        if (!config->cluster_iam_master)
                        {
                                // Pass it off to the master to deal with..
 
                if (s && !session[s].opened)    // Is something wrong??
                {
                        if (!config->cluster_iam_master)
                        {
                                // Pass it off to the master to deal with..
-                               master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
+                               master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port, indexudpfd);
                                return;
                        }
 
                                return;
                        }
 
@@ -3289,37 +3335,37 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                if (proto == PPPPAP)
                {
                        session[s].last_packet = time_now;
                if (proto == PPPPAP)
                {
                        session[s].last_packet = time_now;
-                       if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
+                       if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port, indexudpfd); return; }
                        processpap(s, t, p, l);
                }
                else if (proto == PPPCHAP)
                {
                        session[s].last_packet = time_now;
                        processpap(s, t, p, l);
                }
                else if (proto == PPPCHAP)
                {
                        session[s].last_packet = time_now;
-                       if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
+                       if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port, indexudpfd); return; }
                        processchap(s, t, p, l);
                }
                else if (proto == PPPLCP)
                {
                        session[s].last_packet = time_now;
                        processchap(s, t, p, l);
                }
                else if (proto == PPPLCP)
                {
                        session[s].last_packet = time_now;
-                       if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
+                       if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port, indexudpfd); return; }
                        processlcp(s, t, p, l);
                }
                else if (proto == PPPIPCP)
                {
                        session[s].last_packet = time_now;
                        processlcp(s, t, p, l);
                }
                else if (proto == PPPIPCP)
                {
                        session[s].last_packet = time_now;
-                       if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
+                       if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port, indexudpfd); return; }
                        processipcp(s, t, p, l);
                }
                else if (proto == PPPIPV6CP && config->ipv6_prefix.s6_addr[0])
                {
                        session[s].last_packet = time_now;
                        processipcp(s, t, p, l);
                }
                else if (proto == PPPIPV6CP && config->ipv6_prefix.s6_addr[0])
                {
                        session[s].last_packet = time_now;
-                       if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
+                       if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port, indexudpfd); return; }
                        processipv6cp(s, t, p, l);
                }
                else if (proto == PPPCCP)
                {
                        session[s].last_packet = time_now;
                        processipv6cp(s, t, p, l);
                }
                else if (proto == PPPCCP)
                {
                        session[s].last_packet = time_now;
-                       if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
+                       if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port, indexudpfd); return; }
                        processccp(s, t, p, l);
                }
                else if (proto == PPPIP)
                        processccp(s, t, p, l);
                }
                else if (proto == PPPIP)
@@ -3333,7 +3379,7 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                        session[s].last_packet = session[s].last_data = time_now;
                        if (session[s].walled_garden && !config->cluster_iam_master)
                        {
                        session[s].last_packet = session[s].last_data = time_now;
                        if (session[s].walled_garden && !config->cluster_iam_master)
                        {
-                               master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
+                               master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port, indexudpfd);
                                return;
                        }
 
                                return;
                        }
 
@@ -3351,7 +3397,7 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                        if (!config->cluster_iam_master)
                        {
                                // The fragments reconstruction is managed by the Master.
                        if (!config->cluster_iam_master)
                        {
                                // The fragments reconstruction is managed by the Master.
-                               master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
+                               master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port, indexudpfd);
                                return;
                        }
 
                                return;
                        }
 
@@ -3368,7 +3414,7 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                        session[s].last_packet = session[s].last_data = time_now;
                        if (session[s].walled_garden && !config->cluster_iam_master)
                        {
                        session[s].last_packet = session[s].last_data = time_now;
                        if (session[s].walled_garden && !config->cluster_iam_master)
                        {
-                               master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
+                               master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port, indexudpfd);
                                return;
                        }
 
                                return;
                        }
 
@@ -3377,7 +3423,7 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                else if (session[s].ppp.lcp == Opened)
                {
                        session[s].last_packet = time_now;
                else if (session[s].ppp.lcp == Opened)
                {
                        session[s].last_packet = time_now;
-                       if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
+                       if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port, indexudpfd); return; }
                        protoreject(s, t, p, l, proto);
                }
                else
                        protoreject(s, t, p, l, proto);
                }
                else
@@ -3500,10 +3546,13 @@ static void regular_cleanups(double period)
                // Send hello
                if (tunnel[t].state == TUNNELOPEN && !tunnel[t].controlc && (time_now - tunnel[t].lastrec) > 60)
                {
                // Send hello
                if (tunnel[t].state == TUNNELOPEN && !tunnel[t].controlc && (time_now - tunnel[t].lastrec) > 60)
                {
-                       controlt *c = controlnew(6); // sending HELLO
-                       controladd(c, 0, t); // send the message
-                       LOG(3, 0, t, "Sending HELLO message\n");
-                       t_actions++;
+                       if (!config->disable_sending_hello)
+                       {
+                               controlt *c = controlnew(6); // sending HELLO
+                               controladd(c, 0, t); // send the message
+                               LOG(3, 0, t, "Sending HELLO message\n");
+                               t_actions++;
+                       }
                }
 
                // Check for tunnel changes requested from the CLI
                }
 
                // Check for tunnel changes requested from the CLI
@@ -3677,7 +3726,7 @@ static void regular_cleanups(double period)
 
                // No data in ECHO_TIMEOUT seconds, send LCP ECHO
                if (session[s].ppp.phase >= Establish && (time_now - session[s].last_packet >= config->echo_timeout) &&
 
                // No data in ECHO_TIMEOUT seconds, send LCP ECHO
                if (session[s].ppp.phase >= Establish && (time_now - session[s].last_packet >= config->echo_timeout) &&
-                       (time_now - sess_local[s].last_echo >= ECHO_TIMEOUT))
+                       (time_now - sess_local[s].last_echo >= config->echo_timeout))
                {
                        uint8_t b[MAXETHER];
 
                {
                        uint8_t b[MAXETHER];
 
@@ -3943,13 +3992,8 @@ static int still_busy(void)
 # include "fake_epoll.h"
 #endif
 
 # include "fake_epoll.h"
 #endif
 
-#ifdef LAC
-// the base set of fds polled: cli, cluster, tun, udp, control, dae, netlink, udplac, pppoedisc, pppoesess
-#define BASE_FDS       10
-#else
-// the base set of fds polled: cli, cluster, tun, udp, control, dae, netlink, pppoedisc, pppoesess
-#define BASE_FDS       9
-#endif
+// the base set of fds polled: cli, cluster, tun, udp (MAX_UDPFD), control, dae, netlink, udplac, pppoedisc, pppoesess
+#define BASE_FDS       (9 + MAX_UDPFD)
 
 // additional polled fds
 #ifdef BGP
 
 // additional polled fds
 #ifdef BGP
@@ -3961,11 +4005,11 @@ static int still_busy(void)
 // main loop - gets packets on tun or udp and processes them
 static void mainloop(void)
 {
 // main loop - gets packets on tun or udp and processes them
 static void mainloop(void)
 {
-       int i;
+       int i, j;
        uint8_t buf[65536];
        uint8_t buf[65536];
-       uint8_t *p = buf + 24; // for the hearder of the forwarded MPPP packet (see C_MPPP_FORWARD)
+       uint8_t *p = buf + 32; // for the hearder of the forwarded MPPP packet (see C_MPPP_FORWARD)
                                                // and the forwarded pppoe session
                                                // and the forwarded pppoe session
-       int size_bufp = sizeof(buf) - 24;
+       int size_bufp = sizeof(buf) - 32;
        clockt next_cluster_ping = 0;   // send initial ping immediately
        struct epoll_event events[BASE_FDS + RADIUS_FDS + EXTRA_FDS];
        int maxevent = sizeof(events)/sizeof(*events);
        clockt next_cluster_ping = 0;   // send initial ping immediately
        struct epoll_event events[BASE_FDS + RADIUS_FDS + EXTRA_FDS];
        int maxevent = sizeof(events)/sizeof(*events);
@@ -3976,13 +4020,8 @@ static void mainloop(void)
                exit(1);
        }
 
                exit(1);
        }
 
-#ifdef LAC
        LOG(4, 0, 0, "Beginning of main loop.  clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d, nlfd=%d , udplacfd=%d, pppoefd=%d, pppoesessfd=%d\n",
        LOG(4, 0, 0, "Beginning of main loop.  clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d, nlfd=%d , udplacfd=%d, pppoefd=%d, pppoesessfd=%d\n",
-               clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd, nlfd, udplacfd, pppoediscfd, pppoesessfd);
-#else
-       LOG(4, 0, 0, "Beginning of main loop.  clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d, nlfd=%d, pppoefd=%d, pppoesessfd=%d\n",
-               clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd, nlfd, pppoediscfd, pppoesessfd);
-#endif
+               clifd, cluster_sockfd, tunfd, udpfd[0], controlfd, daefd, nlfd, udplacfd, pppoediscfd, pppoesessfd);
 
        /* setup our fds to poll for input */
        {
 
        /* setup our fds to poll for input */
        {
@@ -4007,10 +4046,6 @@ static void mainloop(void)
                e.data.ptr = &d[i++];
                epoll_ctl(epollfd, EPOLL_CTL_ADD, tunfd, &e);
 
                e.data.ptr = &d[i++];
                epoll_ctl(epollfd, EPOLL_CTL_ADD, tunfd, &e);
 
-               d[i].type = FD_TYPE_UDP;
-               e.data.ptr = &d[i++];
-               epoll_ctl(epollfd, EPOLL_CTL_ADD, udpfd, &e);
-
                d[i].type = FD_TYPE_CONTROL;
                e.data.ptr = &d[i++];
                epoll_ctl(epollfd, EPOLL_CTL_ADD, controlfd, &e);
                d[i].type = FD_TYPE_CONTROL;
                e.data.ptr = &d[i++];
                epoll_ctl(epollfd, EPOLL_CTL_ADD, controlfd, &e);
@@ -4023,12 +4058,6 @@ static void mainloop(void)
                e.data.ptr = &d[i++];
                epoll_ctl(epollfd, EPOLL_CTL_ADD, nlfd, &e);
 
                e.data.ptr = &d[i++];
                epoll_ctl(epollfd, EPOLL_CTL_ADD, nlfd, &e);
 
-#ifdef LAC
-               d[i].type = FD_TYPE_UDPLAC;
-               e.data.ptr = &d[i++];
-               epoll_ctl(epollfd, EPOLL_CTL_ADD, udplacfd, &e);
-#endif
-
                d[i].type = FD_TYPE_PPPOEDISC;
                e.data.ptr = &d[i++];
                epoll_ctl(epollfd, EPOLL_CTL_ADD, pppoediscfd, &e);
                d[i].type = FD_TYPE_PPPOEDISC;
                e.data.ptr = &d[i++];
                epoll_ctl(epollfd, EPOLL_CTL_ADD, pppoediscfd, &e);
@@ -4036,6 +4065,14 @@ static void mainloop(void)
                d[i].type = FD_TYPE_PPPOESESS;
                e.data.ptr = &d[i++];
                epoll_ctl(epollfd, EPOLL_CTL_ADD, pppoesessfd, &e);
                d[i].type = FD_TYPE_PPPOESESS;
                e.data.ptr = &d[i++];
                epoll_ctl(epollfd, EPOLL_CTL_ADD, pppoesessfd, &e);
+
+               for (j = 0; j < config->nbudpfd; j++)
+               {
+                       d[i].type = FD_TYPE_UDP;
+                       d[i].index = j;
+                       e.data.ptr = &d[i++];
+                       epoll_ctl(epollfd, EPOLL_CTL_ADD, udpfd[j], &e);
+               }
        }
 
 #ifdef BGP
        }
 
 #ifdef BGP
@@ -4097,16 +4134,12 @@ static void mainloop(void)
                        struct in_addr local;
                        socklen_t alen;
                        int c, s;
                        struct in_addr local;
                        socklen_t alen;
                        int c, s;
-                       int udp_ready = 0;
-#ifdef LAC
-                       int udplac_ready = 0;
-                       int udplac_pkts = 0;
-#endif
+                       int udp_ready[MAX_UDPFD + 1] = INIT_TABUDPVAR;
                        int pppoesess_ready = 0;
                        int pppoesess_pkts = 0;
                        int tun_ready = 0;
                        int cluster_ready = 0;
                        int pppoesess_ready = 0;
                        int pppoesess_pkts = 0;
                        int tun_ready = 0;
                        int cluster_ready = 0;
-                       int udp_pkts = 0;
+                       int udp_pkts[MAX_UDPFD + 1] = INIT_TABUDPVAR;
                        int tun_pkts = 0;
                        int cluster_pkts = 0;
 #ifdef BGP
                        int tun_pkts = 0;
                        int cluster_pkts = 0;
 #ifdef BGP
@@ -4140,10 +4173,7 @@ static void mainloop(void)
                                // these are handled below, with multiple interleaved reads
                                case FD_TYPE_CLUSTER:   cluster_ready++; break;
                                case FD_TYPE_TUN:       tun_ready++; break;
                                // these are handled below, with multiple interleaved reads
                                case FD_TYPE_CLUSTER:   cluster_ready++; break;
                                case FD_TYPE_TUN:       tun_ready++; break;
-                               case FD_TYPE_UDP:       udp_ready++; break;
-#ifdef LAC
-                               case FD_TYPE_UDPLAC:    udplac_ready++; break;
-#endif
+                               case FD_TYPE_UDP:       udp_ready[d->index]++; break;
                                case FD_TYPE_PPPOESESS: pppoesess_ready++; break;
 
                                case FD_TYPE_PPPOEDISC: // pppoe discovery
                                case FD_TYPE_PPPOESESS: pppoesess_ready++; break;
 
                                case FD_TYPE_PPPOEDISC: // pppoe discovery
@@ -4154,26 +4184,26 @@ static void mainloop(void)
 
                                case FD_TYPE_CONTROL: // nsctl commands
                                        alen = sizeof(addr);
 
                                case FD_TYPE_CONTROL: // nsctl commands
                                        alen = sizeof(addr);
-                                       s = recvfromto(controlfd, buf, sizeof(buf), MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local);
-                                       if (s > 0) processcontrol(buf, s, &addr, alen, &local);
+                                       s = recvfromto(controlfd, p, size_bufp, MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local);
+                                       if (s > 0) processcontrol(p, s, &addr, alen, &local);
                                        n--;
                                        break;
 
                                case FD_TYPE_DAE: // DAE requests
                                        alen = sizeof(addr);
                                        n--;
                                        break;
 
                                case FD_TYPE_DAE: // DAE requests
                                        alen = sizeof(addr);
-                                       s = recvfromto(daefd, buf, sizeof(buf), MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local);
-                                       if (s > 0) processdae(buf, s, &addr, alen, &local);
+                                       s = recvfromto(daefd, p, size_bufp, MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local);
+                                       if (s > 0) processdae(p, s, &addr, alen, &local);
                                        n--;
                                        break;
 
                                case FD_TYPE_RADIUS: // RADIUS response
                                        alen = sizeof(addr);
                                        n--;
                                        break;
 
                                case FD_TYPE_RADIUS: // RADIUS response
                                        alen = sizeof(addr);
-                                       s = recvfrom(radfds[d->index], buf, sizeof(buf), MSG_WAITALL, (struct sockaddr *) &addr, &alen);
+                                       s = recvfrom(radfds[d->index], p, size_bufp, MSG_WAITALL, (struct sockaddr *) &addr, &alen);
                                        if (s >= 0 && config->cluster_iam_master)
                                        {
                                                if (addr.sin_addr.s_addr == config->radiusserver[0] ||
                                                    addr.sin_addr.s_addr == config->radiusserver[1])
                                        if (s >= 0 && config->cluster_iam_master)
                                        {
                                                if (addr.sin_addr.s_addr == config->radiusserver[0] ||
                                                    addr.sin_addr.s_addr == config->radiusserver[1])
-                                                       processrad(buf, s, d->index);
+                                                       processrad(p, s, d->index);
                                                else
                                                        LOG(3, 0, 0, "Dropping RADIUS packet from unknown source %s\n",
                                                                fmtaddr(addr.sin_addr.s_addr, 0));
                                                else
                                                        LOG(3, 0, 0, "Dropping RADIUS packet from unknown source %s\n",
                                                                fmtaddr(addr.sin_addr.s_addr, 0));
@@ -4184,15 +4214,15 @@ static void mainloop(void)
 
 #ifdef BGP
                                case FD_TYPE_BGP:
 
 #ifdef BGP
                                case FD_TYPE_BGP:
-                                       bgp_events[d->index] = events[i].events;
-                                       n--;
+                                       bgp_events[d->index] = events[i].events;
+                                       n--;
                                        break;
 #endif /* BGP */
 
                                case FD_TYPE_NETLINK:
                                {
                                        break;
 #endif /* BGP */
 
                                case FD_TYPE_NETLINK:
                                {
-                                       struct nlmsghdr *nh = (struct nlmsghdr *)buf;
-                                       s = netlink_recv(buf, sizeof(buf));
+                                       struct nlmsghdr *nh = (struct nlmsghdr *)p;
+                                       s = netlink_recv(p, size_bufp);
                                        if (nh->nlmsg_type == NLMSG_ERROR)
                                        {
                                                struct nlmsgerr *errmsg = NLMSG_DATA(nh);
                                        if (nh->nlmsg_type == NLMSG_ERROR)
                                        {
                                                struct nlmsgerr *errmsg = NLMSG_DATA(nh);
@@ -4204,7 +4234,6 @@ static void mainloop(void)
                                                                exit(1);
                                                        }
                                                        else
                                                                exit(1);
                                                        }
                                                        else
-
                                                                LOG(0, 0, 0, "Got a netlink error: %s\n", strerror(-errmsg->error));
                                                }
                                                // else it's a ack
                                                                LOG(0, 0, 0, "Got a netlink error: %s\n", strerror(-errmsg->error));
                                                }
                                                // else it's a ack
@@ -4216,7 +4245,7 @@ static void mainloop(void)
                                }
 
                                default:
                                }
 
                                default:
-                                       LOG(0, 0, 0, "Unexpected fd type returned from epoll_wait: %d\n", d->type);
+                                       LOG(0, 0, 0, "Unexpected fd type returned from epoll_wait: %d\n", d->type);
                                }
                        }
 
                                }
                        }
 
@@ -4226,40 +4255,25 @@ static void mainloop(void)
 
                        for (c = 0; n && c < config->multi_read_count; c++)
                        {
 
                        for (c = 0; n && c < config->multi_read_count; c++)
                        {
-                               // L2TP
-                               if (udp_ready)
+                               for (j = 0; j < config->nbudpfd; j++)
                                {
                                {
-                                       alen = sizeof(addr);
-                                       if ((s = recvfrom(udpfd, p, size_bufp, 0, (void *) &addr, &alen)) > 0)
+                                       // L2TP and L2TP REMOTE LNS
+                                       if (udp_ready[j])
                                        {
                                        {
-                                               processudp(p, s, &addr);
-                                               udp_pkts++;
-                                       }
-                                       else
-                                       {
-                                               udp_ready = 0;
-                                               n--;
+                                               alen = sizeof(addr);
+                                               if ((s = recvfrom(udpfd[j], p, size_bufp, 0, (void *) &addr, &alen)) > 0)
+                                               {
+                                                       processudp(p, s, &addr, j);
+                                                       udp_pkts[j]++;
+                                               }
+                                               else
+                                               {
+                                                       udp_ready[j] = 0;
+                                                       n--;
+                                               }
                                        }
                                }
                                        }
                                }
-#ifdef LAC
-                               // L2TP REMOTE LNS
-                               if (udplac_ready)
-                               {
-                                       alen = sizeof(addr);
-                                       if ((s = recvfrom(udplacfd, p, size_bufp, 0, (void *) &addr, &alen)) > 0)
-                                       {
-                                               if (!config->disable_lac_func)
-                                                       processudp(p, s, &addr);
 
 
-                                               udplac_pkts++;
-                                       }
-                                       else
-                                       {
-                                               udplac_ready = 0;
-                                               n--;
-                                       }
-                               }
-#endif
                                // incoming IP
                                if (tun_ready)
                                {
                                // incoming IP
                                if (tun_ready)
                                {
@@ -4307,18 +4321,13 @@ static void mainloop(void)
                                }
                        }
 
                                }
                        }
 
-                       if (udp_pkts > 1 || tun_pkts > 1 || cluster_pkts > 1)
+                       if (udp_pkts[0] > 1 || tun_pkts > 1 || cluster_pkts > 1)
                                STAT(multi_read_used);
 
                        if (c >= config->multi_read_count)
                        {
                                STAT(multi_read_used);
 
                        if (c >= config->multi_read_count)
                        {
-#ifdef LAC
-                               LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun %d cluster and %d rmlns packets\n",
-                                       config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts, udplac_pkts);
-#else
-                               LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun and %d cluster packets\n",
-                                       config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts);
-#endif
+                               LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun %d cluster and %d pppoe packets\n",
+                                       config->multi_read_count, udp_pkts[0], tun_pkts, cluster_pkts, pppoesess_pkts);
                                STAT(multi_read_exceeded);
                                more++;
                        }
                                STAT(multi_read_exceeded);
                                more++;
                        }
@@ -4653,9 +4662,9 @@ static void initdata(int optdebug, char *optconfig)
        }
 #endif /* BGP */
 
        }
 #endif /* BGP */
 
-#ifdef LAC
        lac_initremotelnsdata();
        lac_initremotelnsdata();
-#endif
+
+       grp_initdata();
 }
 
 static int assign_ip_address(sessionidt s)
 }
 
 static int assign_ip_address(sessionidt s)
@@ -4942,11 +4951,7 @@ void snoop_send_packet(uint8_t *packet, uint16_t size, in_addr_t destination, ui
 
 static int dump_session(FILE **f, sessiont *s)
 {
 
 static int dump_session(FILE **f, sessiont *s)
 {
-#ifdef LAC
        if (!s->opened || (!s->ip && !s->forwardtosession) || !(s->cin_delta || s->cout_delta) || !*s->user || s->walled_garden)
        if (!s->opened || (!s->ip && !s->forwardtosession) || !(s->cin_delta || s->cout_delta) || !*s->user || s->walled_garden)
-#else
-       if (!s->opened || !s->ip || !(s->cin_delta || s->cout_delta) || !*s->user || s->walled_garden)
-#endif
                return 1;
 
        if (!*f)
                return 1;
 
        if (!*f)
@@ -4972,7 +4977,7 @@ static int dump_session(FILE **f, sessiont *s)
                        "# uptime: %ld\n"
                        "# format: username ip qos uptxoctets downrxoctets\n",
                        hostname,
                        "# uptime: %ld\n"
                        "# format: username ip qos uptxoctets downrxoctets\n",
                        hostname,
-                       fmtaddr(config->iftun_address ? config->iftun_address : my_address, 0),
+                       fmtaddr(config->iftun_n_address[tunnel[s->tunnel].indexudp] ? config->iftun_n_address[tunnel[s->tunnel].indexudp] : my_address, 0),
                        now,
                        now - basetime);
        }
                        now,
                        now - basetime);
        }
@@ -5121,12 +5126,31 @@ int main(int argc, char *argv[])
        inittun();
        LOG(1, 0, 0, "Set up on interface %s\n", config->tundevicename);
 
        inittun();
        LOG(1, 0, 0, "Set up on interface %s\n", config->tundevicename);
 
-       if (*config->pppoe_if_name)
+       if (*config->pppoe_if_to_bind)
        {
                init_pppoe();
        {
                init_pppoe();
-               LOG(1, 0, 0, "Set up on pppoe interface %s\n", config->pppoe_if_name);
+               LOG(1, 0, 0, "Set up on pppoe interface %s\n", config->pppoe_if_to_bind);
+       }
+
+       if (!config->nbmultiaddress)
+       {
+               config->bind_n_address[0] = config->bind_address;
+               config->nbmultiaddress++;
        }
        }
-       initudp();
+       config->nbudpfd = config->nbmultiaddress;
+       for (i = 0; i < config->nbudpfd; i++)
+               initudp(&udpfd[i], config->bind_n_address[i]);
+       initlacudp();
+       config->indexlacudpfd = config->nbudpfd;
+       udpfd[config->indexlacudpfd] = udplacfd;
+       config->nbudpfd++;
+
+       initcontrol();
+       initdae();
+
+       // Intercept
+       snoopfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+
        initrad();
        initippool();
 
        initrad();
        initippool();
 
@@ -5152,6 +5176,9 @@ int main(int argc, char *argv[])
                        LOG(0, 0, 0, "Can't lock pages: %s\n", strerror(errno));
        }
 
                        LOG(0, 0, 0, "Can't lock pages: %s\n", strerror(errno));
        }
 
+       //LOG(3, 0, 0, "Debug sizeof struct: sessiont %lu, tunnelt %lu, bundlet %lu, groupsesst %lu\n",
+       //      sizeof(sessiont), sizeof(tunnelt), sizeof(bundlet), sizeof(groupsesst));
+
        mainloop();
 
        /* remove plugins (so cleanup code gets run) */
        mainloop();
 
        /* remove plugins (so cleanup code gets run) */
@@ -5358,14 +5385,62 @@ static void update_config()
        if (!config->radius_dae_port)
                config->radius_dae_port = DAEPORT;
 
        if (!config->radius_dae_port)
                config->radius_dae_port = DAEPORT;
 
-#ifdef LAC
        if(!config->bind_portremotelns)
                config->bind_portremotelns = L2TPLACPORT;
        if(!config->bind_address_remotelns)
                config->bind_address_remotelns = INADDR_ANY;
        if(!config->bind_portremotelns)
                config->bind_portremotelns = L2TPLACPORT;
        if(!config->bind_address_remotelns)
                config->bind_address_remotelns = INADDR_ANY;
-#endif
+
+       if (*config->bind_multi_address)
+       {
+               char *sip = config->bind_multi_address;
+               char *n = sip;
+               char *e = config->bind_multi_address + strlen(config->bind_multi_address);
+               config->nbmultiaddress = 0;
+
+               while (*sip && (sip < e))
+               {
+                       in_addr_t ip = 0;
+                       uint8_t u = 0;
+
+                       while (n < e && (*n == ',' || *n == ' ')) n++;
+
+                       while (n < e && (isdigit(*n) || *n == '.'))
+                       {
+                                if (*n == '.')
+                                {
+                                        ip = (ip << 8) + u;
+                                        u = 0;
+                                }
+                                else
+                                       u = u * 10 + *n - '0';
+                                n++;
+                       }
+                       ip = (ip << 8) + u;
+                       n++;
+
+                       if (ip)
+                       {
+                               config->bind_n_address[config->nbmultiaddress] = htonl(ip);
+                               config->iftun_n_address[config->nbmultiaddress] = htonl(ip);
+                               config->nbmultiaddress++;
+                               LOG(1, 0, 0, "Bind address %s\n", fmtaddr(htonl(ip), 0));
+                       }
+
+                       sip = n;
+               }
+
+               if (config->nbmultiaddress >= 1)
+               {
+                       config->bind_address = config->bind_n_address[0];
+                       config->iftun_address = config->bind_address;
+               }
+       }
+
        if(!config->iftun_address)
        if(!config->iftun_address)
+       {
                config->iftun_address = config->bind_address;
                config->iftun_address = config->bind_address;
+               config->iftun_n_address[0] = config->iftun_address;
+       }
 
        if (!*config->pppoe_ac_name)
                strncpy(config->pppoe_ac_name, DEFAULT_PPPOE_AC_NAME, sizeof(config->pppoe_ac_name) - 1);
 
        if (!*config->pppoe_ac_name)
                strncpy(config->pppoe_ac_name, DEFAULT_PPPOE_AC_NAME, sizeof(config->pppoe_ac_name) - 1);
@@ -5548,8 +5623,7 @@ int sessionsetup(sessionidt s, tunnelidt t)
 
                        if (ip == session[i].ip)
                        {
 
                        if (ip == session[i].ip)
                        {
-                               sessionkill(i, "Duplicate IP address");
-                               cluster_listinvert_session(s, i);
+                               sessionshutdown(i, "Duplicate IP address", CDN_ADMIN_DISC, TERM_ADMIN_RESET);  // close radius/routes, etc.
                                continue;
                        }
 
                                continue;
                        }
 
@@ -5570,7 +5644,7 @@ int sessionsetup(sessionidt s, tunnelidt t)
 
                        // Drop the new session in case of duplicate sessionss, not the old one.
                        if (!strcasecmp(user, session[i].user))
 
                        // Drop the new session in case of duplicate sessionss, not the old one.
                        if (!strcasecmp(user, session[i].user))
-                               sessionkill(i, "Duplicate session for users");
+                               sessionshutdown(i, "Duplicate session for users", CDN_ADMIN_DISC, TERM_ADMIN_RESET);  // close radius/routes, etc.
                }
        }
 
                }
        }
 
@@ -5578,6 +5652,7 @@ int sessionsetup(sessionidt s, tunnelidt t)
        if (!session[s].bundle || (bundle[session[s].bundle].num_of_links == 1))
        {
                int routed = 0;
        if (!session[s].bundle || (bundle[session[s].bundle].num_of_links == 1))
        {
                int routed = 0;
+               groupidt g;
 
                // Add the route for this session.
                for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
 
                // Add the route for this session.
                for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
@@ -5600,6 +5675,12 @@ int sessionsetup(sessionidt s, tunnelidt t)
                }
                else
                        cache_ipmap(session[s].ip, s);
                }
                else
                        cache_ipmap(session[s].ip, s);
+
+               if ((g = grp_groupbysession(s)))
+               {
+                       grp_setgrouproute(g, 1);
+                       cluster_send_groupe(g);
+               }
        }
 
        sess_local[s].lcp_authtype = 0; // RADIUS authentication complete
        }
 
        sess_local[s].lcp_authtype = 0; // RADIUS authentication complete
@@ -6424,8 +6505,6 @@ int ip_filter(uint8_t *buf, int len, uint8_t filter)
        return 0;
 }
 
        return 0;
 }
 
-#ifdef LAC
-
 tunnelidt lac_new_tunnel()
 {
        return new_tunnel();
 tunnelidt lac_new_tunnel()
 {
        return new_tunnel();
@@ -6471,4 +6550,3 @@ void lac_tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *
        tunnelshutdown(t, reason, result, error, msg);
 }
 
        tunnelshutdown(t, reason, result, error, msg);
 }
 
-#endif