// L2TPNS Global Stuff
-// $Id: l2tpns.h,v 1.79 2005-06-24 07:05:04 bodea Exp $
+// $Id: l2tpns.h,v 1.81 2005-07-31 10:04:10 bodea Exp $
#ifndef __L2TPNS_H__
#define __L2TPNS_H__
#define CONFIGFILE FLASHDIR "/startup-config" // Configuration file
#define CLIUSERS FLASHDIR "/users" // CLI Users file
#define IPPOOLFILE FLASHDIR "/ip_pool" // Address pool configuration
-#define ACCT_TIME 3000 // 5 minute accounting interval
-#define ACCT_SHUT_TIME 600 // 1 minute for counters of shutdown sessions
-#define L2TPPORT 1701 // L2TP port
-#define RADPORT 1645 // old radius port...
-#define PKTARP 0x0806 // ARP packet type
-#define PKTIP 0x0800 // IPv4 packet type
-#define PKTIPV6 0x86DD // IPv6 packet type
+#define ACCT_TIME 3000 // 5 minute accounting interval
+#define ACCT_SHUT_TIME 600 // 1 minute for counters of shutdown sessions
+#define L2TPPORT 1701 // L2TP port
+#define RADPORT 1645 // old radius port...
+#define DAEPORT 3799 // DAE port
+#define PKTARP 0x0806 // ARP packet type
+#define PKTIP 0x0800 // IPv4 packet type
+#define PKTIPV6 0x86DD // IPv6 packet type
#define PPPPAP 0xC023
#define PPPCHAP 0xC223
#define PPPLCP 0xC021
AccessReject,
AccountingRequest,
AccountingResponse,
- AccessChallenge = 11
+ AccessChallenge = 11,
+ DisconnectRequest = 40,
+ DisconnectACK,
+ DisconnectNAK,
+ CoARequest,
+ CoAACK,
+ CoANAK
};
+// PPP phases
+enum {
+ Dead,
+ Establish,
+ Authenticate,
+ Network,
+ Terminate
+};
+
+// PPP states
+enum {
+ Initial,
+ Starting,
+ Closed,
+ Stopped,
+ Closing,
+ Stopping,
+ RequestSent,
+ AckReceived,
+ AckSent,
+ Opened
+};
+
+// reset state machine counters
+#define initialise_restart_count(_s, _fsm) \
+ sess_local[_s]._fsm.conf_sent = sess_local[_s]._fsm.nak_sent
+
+// stop timer on change to state where timer does not run
+#define change_state(_s, _fsm, _new) ({ \
+ if (_new != session[_s].ppp._fsm) \
+ { \
+ switch (_new) \
+ { \
+ case Initial: \
+ case Starting: \
+ case Closed: \
+ case Stopped: \
+ case Opened: \
+ sess_local[_s]._fsm.restart = 0; \
+ initialise_restart_count(_s, _fsm); \
+ } \
+ session[_s].ppp._fsm = _new; \
+ cluster_send_session(_s); \
+ } \
+})
+
// Types
typedef uint16_t sessionidt;
typedef uint16_t tunnelidt;
sessionidt far; // far end session ID
tunnelidt tunnel; // near end tunnel ID
uint8_t l2tp_flags; // various bit flags from the ICCN on the l2tp tunnel.
- uint8_t flags; // Various session flags.
+ struct {
+ uint8_t phase; // PPP phase
+ uint8_t lcp:4; // LCP state
+ uint8_t ipcp:4; // IPCP state
+ uint8_t ipv6cp:4; // IPV6CP state
+ uint8_t ccp:4; // CCP state
+ uint8_t pad; // unused
+ } ppp;
in_addr_t ip; // IP of session set by RADIUS response (host byte order).
int ip_pool_index; // index to IP pool
uint32_t unique_id; // unique session id
uint16_t tbf_in; // filter bucket for throttling in from the user.
uint16_t tbf_out; // filter bucket for throttling out to the user.
int random_vector_length;
- char random_vector[MAXTEL];
+ uint8_t random_vector[MAXTEL];
char user[MAXUSER]; // user (needed in seesion for radius stop messages)
char called[MAXTEL]; // called number
char calling[MAXTEL]; // calling number
uint8_t walled_garden; // is this session gardened?
uint8_t ipv6prefixlen; // IPv6 route prefix length
struct in6_addr ipv6route; // Static IPv6 route
- char reserved[16]; // Space to expand structure without changing HB_VERSION
+ char reserved[11]; // Space to expand structure without changing HB_VERSION
}
sessiont;
-#define SF_IPCP_ACKED 1 // Has this session seen an IPCP Ack?
-#define SF_LCP_ACKED 2 // LCP negotiated
-#define SF_CCP_ACKED 4 // CCP negotiated
-#define SF_IPV6CP_ACKED 8 // IPv6 negotiated
-#define SF_IPV6_NACKED 16 // IPv6 rejected
-#define SF_IPV6_ROUTED 32 // advertised v6 route
-
#define AUTHPAP 1 // allow PAP
#define AUTHCHAP 2 // allow CHAP
uint32_t cin;
uint32_t cout;
+ // PPP restart timer/counters
+ struct {
+ time_t restart;
+ int conf_sent;
+ int nak_sent;
+ } lcp, ipcp, ipv6cp, ccp;
+
+ // authentication to use
+ int lcp_authtype;
+
// DoS prevention
clockt last_packet_out;
uint32_t packets_out;
}
tunnelt;
-// 180 bytes per radius session
+// 160 bytes per radius session
typedef struct // outstanding RADIUS requests
{
sessionidt session; // which session this applies to
hasht auth; // request authenticator
clockt retry; // when to try next
- char calling[MAXTEL]; // calling number
char pass[129]; // password
uint8_t id; // ID for PPP response
uint8_t try; // which try we are on
RADIUSNULL, // Not in use
RADIUSCHAP, // sending CHAP down PPP
RADIUSAUTH, // sending auth to RADIUS server
- RADIUSIPCP, // sending IPCP to end user
RADIUSSTART, // sending start accounting to RADIUS server
RADIUSSTOP, // sending stop accounting to RADIUS server
RADIUSINTERIM, // sending interim accounting to RADIUS server
uint32_t call_sessionbyuser;
uint32_t call_sendarp;
uint32_t call_sendipcp;
+ uint32_t call_sendipv6cp;
uint32_t call_processipv6cp;
uint32_t call_tunnelsend;
uint32_t call_sessionkill;
char random_device[256]; // random device path, defaults to RANDOMDEVICE
+ int ppp_restart_time; // timeout for PPP restart
+ int ppp_max_configure; // max lcp configure requests to send
+ int ppp_max_failure; // max lcp configure naks to send
+
char radiussecret[64];
int radius_accounting;
int radius_interim;
uint16_t radiusport[MAXRADSERVER]; // radius base ports
uint8_t numradiusservers; // radius server count
+ uint16_t radius_dae_port; // local port for radius dae
+
char radius_authtypes_s[32]; // list of valid authentication types (chap, pap) in order of preference
int radius_authtypes;
int radius_authprefer;
// ppp.c
void processpap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l);
void processchap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l);
+void lcp_open(tunnelidt t, sessionidt s);
void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l);
void processipcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l);
void processipv6cp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l);
uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, tunnelidt t, sessionidt s, uint16_t mtype);
void sendlcp(tunnelidt t, sessionidt s, int authtype);
void send_ipin(sessionidt s, uint8_t *buf, int len);
+void sendccp(tunnelidt t, sessionidt s);
// radius.c
void radiusretry(uint16_t r);
uint16_t radiusnew(sessionidt s);
void radiusclear(uint16_t r, sessionidt s);
+void processdae(uint8_t *buf, int len, struct sockaddr_in *addr, int alen);
// l2tpns.c
void random_data(uint8_t *buf, int len);
void sessionkill(sessionidt s, char *reason);
void sessionshutdown(sessionidt s, char *reason, int result, int error);
+void filter_session(sessionidt s, int filter_in, int filter_out);
void send_garp(in_addr_t ip);
void tunnelsend(uint8_t *buf, uint16_t l, tunnelidt t);
void sendipcp(tunnelidt t, sessionidt s);
+void sendipv6cp(tunnelidt t, sessionidt s);
void processudp(uint8_t *buf, int len, struct sockaddr_in *addr);
-void snoop_send_packet(char *packet, uint16_t size, in_addr_t destination, uint16_t port);
+void snoop_send_packet(uint8_t *packet, uint16_t size, in_addr_t destination, uint16_t port);
+int find_filter(char const *name, size_t len);
int ip_filter(uint8_t *buf, int len, uint8_t filter);
int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc);
int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc);
#define LOG_HEX(D, t, d, s) ({ if (D <= config->debug) _log_hex(D, t, d, s); })
void _log(int level, sessionidt s, tunnelidt t, const char *format, ...) __attribute__((format (printf, 4, 5)));
-void _log_hex(int level, const char *title, const char *data, int maxsize);
+void _log_hex(int level, const char *title, const uint8_t *data, int maxsize);
int sessionsetup(tunnelidt t, sessionidt s);
int run_plugins(int plugin_type, void *data);
// icmp.c
-void host_unreachable(in_addr_t destination, uint16_t id, in_addr_t source, char *packet, int packet_len);
+void host_unreachable(in_addr_t destination, uint16_t id, in_addr_t source, uint8_t *packet, int packet_len);
extern tunnelt *tunnel;
struct event_data {
enum {
- FD_TYPE_CONTROL,
FD_TYPE_CLI,
- FD_TYPE_UDP,
- FD_TYPE_TUN,
FD_TYPE_CLUSTER,
+ FD_TYPE_TUN,
+ FD_TYPE_UDP,
+ FD_TYPE_CONTROL,
+ FD_TYPE_DAE,
FD_TYPE_RADIUS,
FD_TYPE_BGP,
} type;