// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
// vim: sw=8 ts=8
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.176 2011/01/20 12:48:40 bodea Exp $";
-
#include <arpa/inet.h>
#include <assert.h>
#include <errno.h>
#include "bgp.h"
#endif
+#ifdef LAC
+#include "l2tplac.h"
+#endif
+
+#ifdef LAC
+char * Vendor_name = "Linux L2TPNS";
+uint32_t call_serial_number = 0;
+#endif
+
// Globals
configt *config = NULL; // all configuration
int nlfd = -1; // netlink socket
int tunfd = -1; // tun interface file handle. (network device)
int udpfd = -1; // UDP file handle
+#ifdef LAC
+int udplacfd = -1; // UDP LAC file handle
+#endif
int controlfd = -1; // Control signal handle
int clifd = -1; // Socket listening for CLI connections.
int daefd = -1; // Socket listening for DAE connections.
static uint32_t ip_pool_size = 1; // Size of the pool of addresses used for dynamic address allocation.
time_t time_now = 0; // Current time in seconds since epoch.
+uint64_t time_now_ms = 0; // Current time in milliseconds since epoch.
static char time_now_string[64] = {0}; // Current time as a string.
static int time_changed = 0; // time_now changed
char main_quit = 0; // True if we're in the process of exiting.
CONFIG("ipv6_prefix", ipv6_prefix, IPv6),
CONFIG("cli_bind_address", cli_bind_address, IPv4),
CONFIG("hostname", hostname, STRING),
+#ifdef BGP
CONFIG("nexthop_address", nexthop_address, IPv4),
CONFIG("nexthop6_address", nexthop6_address, IPv6),
+#endif
+ CONFIG("echo_timeout", echo_timeout, INT),
+ CONFIG("idle_echo_timeout", idle_echo_timeout, INT),
+#ifdef LAC
+ CONFIG("disable_lac_func", disable_lac_func, BOOL),
+ CONFIG("bind_portremotelns", bind_portremotelns, SHORT),
+#endif
{ NULL, 0, 0, 0 },
};
static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len);
static void bundleclear(bundleidt b);
-// on slaves, alow BGP to withdraw cleanly before exiting
-#define QUIT_DELAY 5
-
-// quit actions (master)
-#define QUIT_FAILOVER 1 // SIGTERM: exit when all control messages have been acked (for cluster failover)
-#define QUIT_SHUTDOWN 2 // SIGQUIT: shutdown sessions/tunnels, reject new connections
-
// return internal time (10ths since process startup), set f if given
// as a side-effect sets time_now, and time_changed
static clockt now(double *f)
time_now = t.tv_sec;
time_changed++;
}
+
+ // Time in milliseconds
+ time_now_ms = (t.tv_sec * 1000) + (t.tv_usec/1000);
+
return (t.tv_sec - basetime) * 10 + t.tv_usec / 100000 + 1;
}
exit(1);
}
+#ifdef LAC
+ // Tunnel to Remote LNS
+ memset(&addr, 0, sizeof(addr));
+ addr.sin_family = AF_INET;
+ addr.sin_port = htons(config->bind_portremotelns);
+ udplacfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ setsockopt(udplacfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
+ {
+ int flags = fcntl(udplacfd, F_GETFL, 0);
+ fcntl(udplacfd, F_SETFL, flags | O_NONBLOCK);
+ }
+ if (bind(udplacfd, (struct sockaddr *) &addr, sizeof(addr)) < 0)
+ {
+ LOG(0, 0, 0, "Error in UDP REMOTE LNS bind: %s\n", strerror(errno));
+ exit(1);
+ }
+#endif
+
// Intercept
snoopfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
}
LOG(3, 0, t, "Control message resend try %d\n", tunnel[t].try);
}
}
-
+#ifdef LAC
+ if (sendto((tunnel[t].isremotelns?udplacfd:udpfd), buf, l, 0, (void *) &addr, sizeof(addr)) < 0)
+#else
if (sendto(udpfd, buf, l, 0, (void *) &addr, sizeof(addr)) < 0)
+#endif
{
LOG(0, ntohs((*(uint16_t *) (buf + 6))), t, "Error sending data out tunnel: %s (udpfd=%d, buf=%p, len=%d, dest=%s)\n",
strerror(errno), udpfd, buf, l, inet_ntoa(addr.sin_addr));
// process outgoing (to tunnel) IP
//
-static void processipout(uint8_t *buf, int len)
+// (i.e. this routine writes to data[-8]).
+void processipout(uint8_t *buf, int len)
{
sessionidt s;
sessiont *sp;
return;
}
- // Add on L2TP header
- {
- bundleidt bid = 0;
- if(session[s].bundle != 0 && bundle[session[s].bundle].num_of_links > 1)
- {
- bid = session[s].bundle;
- s = bundle[bid].members[bundle[bid].current_ses = ++bundle[bid].current_ses % bundle[bid].num_of_links];
- t = session[s].tunnel;
- sp = &session[s];
- LOG(4, s, t, "MPPP: (1)Session number becomes: %d\n", s);
- if(len > MINFRAGLEN)
- {
- // Partition the packet to "bundle[b].num_of_links" fragments
- bundlet *b = &bundle[bid];
- uint32_t num_of_links = b->num_of_links;
- uint32_t fraglen = len / num_of_links;
- fraglen = (fraglen > session[s].mru ? session[s].mru : fraglen);
- uint32_t last_fraglen = fraglen + len % num_of_links;
- last_fraglen = (last_fraglen > session[s].mru ? len % num_of_links : last_fraglen);
+ if(session[s].bundle != 0 && bundle[session[s].bundle].num_of_links > 1)
+ {
+
+ if (!config->cluster_iam_master)
+ {
+ // The MPPP packets must be managed by the Master.
+ master_forward_mppp_packet(s, data, size);
+ return;
+ }
+
+ // Add on L2TP header
+ sessionidt members[MAXBUNDLESES];
+ bundleidt bid = session[s].bundle;
+ bundlet *b = &bundle[bid];
+ uint32_t num_of_links, nb_opened;
+ int i;
+
+ num_of_links = b->num_of_links;
+ nb_opened = 0;
+ for (i = 0;i < num_of_links;i++)
+ {
+ s = b->members[i];
+ if (session[s].ppp.lcp == Opened)
+ {
+ members[nb_opened] = s;
+ nb_opened++;
+ }
+ }
+
+ if (nb_opened < 1)
+ {
+ LOG(3, s, t, "MPPP: PROCESSIPOUT ERROR, no session opened in bundle:%d\n", bid);
+ return;
+ }
+
+ num_of_links = nb_opened;
+ b->current_ses = (b->current_ses + 1) % num_of_links;
+ s = members[b->current_ses];
+ t = session[s].tunnel;
+ sp = &session[s];
+ LOG(4, s, t, "MPPP: (1)Session number becomes: %d\n", s);
+
+ if (num_of_links > 1)
+ {
+ if(len > MINFRAGLEN)
+ {
+ //for rotate traffic among the member links
+ uint32_t divisor = num_of_links;
+ if (divisor > 2)
+ divisor = divisor/2 + (divisor & 1);
+
+ // Partition the packet to "num_of_links" fragments
+ uint32_t fraglen = len / divisor;
+ uint32_t last_fraglen = fraglen + len % divisor;
uint32_t remain = len;
// send the first packet
- uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, fraglen, s, t, PPPIP, 0, bid, MP_BEGIN);
- if (!p) return;
- tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
+ uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, fraglen, s, t, PPPIP, 0, bid, MP_BEGIN);
+ if (!p) return;
+ tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
+
// statistics
update_session_out_stat(s, sp, fraglen);
+
remain -= fraglen;
while (remain > last_fraglen)
- {
- s = b->members[b->current_ses = ++b->current_ses % num_of_links];
+ {
+ b->current_ses = (b->current_ses + 1) % num_of_links;
+ s = members[b->current_ses];
t = session[s].tunnel;
sp = &session[s];
- LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
- p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), fraglen, s, t, PPPIP, 0, bid, 0);
- if (!p) return;
- tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
+ LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
+ p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), fraglen, s, t, PPPIP, 0, bid, 0);
+ if (!p) return;
+ tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
update_session_out_stat(s, sp, fraglen);
remain -= fraglen;
}
// send the last fragment
- s = b->members[b->current_ses = ++b->current_ses % num_of_links];
+ b->current_ses = (b->current_ses + 1) % num_of_links;
+ s = members[b->current_ses];
t = session[s].tunnel;
sp = &session[s];
- LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
- p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), remain, s, t, PPPIP, 0, bid, MP_END);
- if (!p) return;
- tunnelsend(fragbuf, remain + (p-fragbuf), t); // send it...
+ LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
+ p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), remain, s, t, PPPIP, 0, bid, MP_END);
+ if (!p) return;
+ tunnelsend(fragbuf, remain + (p-fragbuf), t); // send it...
update_session_out_stat(s, sp, remain);
if (remain != last_fraglen)
LOG(3, s, t, "PROCESSIPOUT ERROR REMAIN != LAST_FRAGLEN, %d != %d\n", remain, last_fraglen);
- }
- else {
- // Send it as one frame
- uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, bid, MP_BOTH_BITS);
- if (!p) return;
- tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+ }
+ else
+ {
+ // Send it as one frame
+ uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, bid, MP_BOTH_BITS);
+ if (!p) return;
+ tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
LOG(4, s, t, "MPPP: packet sent as one frame\n");
update_session_out_stat(s, sp, len);
- }
- }
- else
- {
- uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0);
- if (!p) return;
- tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+ }
+ }
+ else
+ {
+ // Send it as one frame (NO MPPP Frame)
+ uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0);
+ if (!p) return;
+ tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
update_session_out_stat(s, sp, len);
- }
- }
+ }
+ }
+ else
+ {
+ uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0);
+ if (!p) return;
+ tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+ update_session_out_stat(s, sp, len);
+ }
// Snooping this session, send it to intercept box
if (sp->snoop_ip && sp->snoop_port)
if (session[s].bundle && bundle[session[s].bundle].num_of_links > 1)
{
bundleidt bid = session[s].bundle;
- s = bundle[bid].members[bundle[bid].current_ses = ++bundle[bid].current_ses % bundle[bid].num_of_links];
+ bundlet *b = &bundle[bid];
+
+ b->current_ses = (b->current_ses + 1) % b->num_of_links;
+ s = b->members[b->current_ses];
LOG(3, s, session[s].tunnel, "MPPP: Session number becomes: %u\n", s);
}
t = session[s].tunnel;
static void control16(controlt * c, uint16_t avp, uint16_t val, uint8_t m)
{
uint16_t l = (m ? 0x8008 : 0x0008);
- *(uint16_t *) (c->buf + c->length + 0) = htons(l);
- *(uint16_t *) (c->buf + c->length + 2) = htons(0);
- *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
- *(uint16_t *) (c->buf + c->length + 6) = htons(val);
+ c->buf16[c->length/2 + 0] = htons(l);
+ c->buf16[c->length/2 + 1] = htons(0);
+ c->buf16[c->length/2 + 2] = htons(avp);
+ c->buf16[c->length/2 + 3] = htons(val);
c->length += 8;
}
static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m)
{
uint16_t l = (m ? 0x800A : 0x000A);
- *(uint16_t *) (c->buf + c->length + 0) = htons(l);
- *(uint16_t *) (c->buf + c->length + 2) = htons(0);
- *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
- *(uint32_t *) (c->buf + c->length + 6) = htonl(val);
+ c->buf16[c->length/2 + 0] = htons(l);
+ c->buf16[c->length/2 + 1] = htons(0);
+ c->buf16[c->length/2 + 2] = htons(avp);
+ *(uint32_t *) &c->buf[c->length + 6] = htonl(val);
c->length += 10;
}
static void controls(controlt * c, uint16_t avp, char *val, uint8_t m)
{
uint16_t l = ((m ? 0x8000 : 0) + strlen(val) + 6);
- *(uint16_t *) (c->buf + c->length + 0) = htons(l);
- *(uint16_t *) (c->buf + c->length + 2) = htons(0);
- *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
- memcpy(c->buf + c->length + 6, val, strlen(val));
+ c->buf16[c->length/2 + 0] = htons(l);
+ c->buf16[c->length/2 + 1] = htons(0);
+ c->buf16[c->length/2 + 2] = htons(avp);
+ memcpy(&c->buf[c->length + 6], val, strlen(val));
c->length += 6 + strlen(val);
}
static void controlb(controlt * c, uint16_t avp, uint8_t *val, unsigned int len, uint8_t m)
{
uint16_t l = ((m ? 0x8000 : 0) + len + 6);
- *(uint16_t *) (c->buf + c->length + 0) = htons(l);
- *(uint16_t *) (c->buf + c->length + 2) = htons(0);
- *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
- memcpy(c->buf + c->length + 6, val, len);
+ c->buf16[c->length/2 + 0] = htons(l);
+ c->buf16[c->length/2 + 1] = htons(0);
+ c->buf16[c->length/2 + 2] = htons(avp);
+ memcpy(&c->buf[c->length + 6], val, len);
c->length += 6 + len;
}
}
assert(c);
c->next = 0;
- *(uint16_t *) (c->buf + 0) = htons(0xC802); // flags/ver
+ c->buf16[0] = htons(0xC802); // flags/ver
c->length = 12;
control16(c, 0, mtype, 1);
return c;
// (ZLB send).
static void controlnull(tunnelidt t)
{
- uint8_t buf[12];
+ uint16_t buf[6];
if (tunnel[t].controlc) // Messages queued; They will carry the ack.
return;
- *(uint16_t *) (buf + 0) = htons(0xC802); // flags/ver
- *(uint16_t *) (buf + 2) = htons(12); // length
- *(uint16_t *) (buf + 4) = htons(tunnel[t].far); // tunnel
- *(uint16_t *) (buf + 6) = htons(0); // session
- *(uint16_t *) (buf + 8) = htons(tunnel[t].ns); // sequence
- *(uint16_t *) (buf + 10) = htons(tunnel[t].nr); // sequence
- tunnelsend(buf, 12, t);
+ buf[0] = htons(0xC802); // flags/ver
+ buf[1] = htons(12); // length
+ buf[2] = htons(tunnel[t].far); // tunnel
+ buf[3] = htons(0); // session
+ buf[4] = htons(tunnel[t].ns); // sequence
+ buf[5] = htons(tunnel[t].nr); // sequence
+ tunnelsend((uint8_t *)buf, 12, t);
}
// add a control message to a tunnel, and send if within window
static void controladd(controlt *c, sessionidt far, tunnelidt t)
{
- *(uint16_t *) (c->buf + 2) = htons(c->length); // length
- *(uint16_t *) (c->buf + 4) = htons(tunnel[t].far); // tunnel
- *(uint16_t *) (c->buf + 6) = htons(far); // session
- *(uint16_t *) (c->buf + 8) = htons(tunnel[t].ns); // sequence
+ c->buf16[1] = htons(c->length); // length
+ c->buf16[2] = htons(tunnel[t].far); // tunnel
+ c->buf16[3] = htons(far); // session
+ c->buf16[4] = htons(tunnel[t].ns); // sequence
tunnel[t].ns++; // advance sequence
// link in message in to queue
if (tunnel[t].controlc)
if (session[s].ppp.ipv6cp == Opened && session[s].ipv6prefixlen && del_routes)
route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 0);
- if (b)
+ if (b)
{
- // This session was part of a bundle
- bundle[b].num_of_links--;
- LOG(3, s, 0, "MPPP: Dropping member link: %d from bundle %d\n",s,b);
- if(bundle[b].num_of_links == 0)
+ // This session was part of a bundle
+ bundle[b].num_of_links--;
+ LOG(3, s, session[s].tunnel, "MPPP: Dropping member link: %d from bundle %d\n",s,b);
+ if(bundle[b].num_of_links == 0)
{
- bundleclear(b);
- LOG(3, s, 0, "MPPP: Kill bundle: %d (No remaing member links)\n",b);
- }
- else
+ bundleclear(b);
+ LOG(3, s, session[s].tunnel, "MPPP: Kill bundle: %d (No remaing member links)\n",b);
+ }
+ else
{
- // Adjust the members array to accomodate the new change
- uint8_t mem_num = 0;
- // It should be here num_of_links instead of num_of_links-1 (previous instruction "num_of_links--")
- if(bundle[b].members[bundle[b].num_of_links] != s)
+ // Adjust the members array to accomodate the new change
+ uint8_t mem_num = 0;
+ // It should be here num_of_links instead of num_of_links-1 (previous instruction "num_of_links--")
+ if(bundle[b].members[bundle[b].num_of_links] != s)
{
- uint8_t ml;
- for(ml = 0; ml<bundle[b].num_of_links; ml++)
- if(bundle[b].members[ml] == s)
- {
- mem_num = ml;
- break;
- }
- bundle[b].members[mem_num] = bundle[b].members[bundle[b].num_of_links];
- LOG(3, s, 0, "MPPP: Adjusted member links array\n");
- }
- }
- cluster_send_bundle(b);
- }
+ uint8_t ml;
+ for(ml = 0; ml<bundle[b].num_of_links; ml++)
+ if(bundle[b].members[ml] == s)
+ {
+ mem_num = ml;
+ break;
+ }
+ bundle[b].members[mem_num] = bundle[b].members[bundle[b].num_of_links];
+ LOG(3, s, session[s].tunnel, "MPPP: Adjusted member links array\n");
+
+ // If the killed session is the first of the bundle,
+ // the new first session must be stored in the cache_ipmap
+ // else the function sessionbyip return 0 and the sending not work any more (processipout).
+ if (mem_num == 0)
+ {
+ sessionidt new_s = bundle[b].members[0];
+
+ routed = 0;
+ // Add the route for this session.
+ for (r = 0; r < MAXROUTE && session[new_s].route[r].ip; r++)
+ {
+ int i, prefixlen;
+ in_addr_t ip;
+
+ prefixlen = session[new_s].route[r].prefixlen;
+ ip = session[new_s].route[r].ip;
+
+ if (!prefixlen) prefixlen = 32;
+ ip &= 0xffffffff << (32 - prefixlen); // Force the ip to be the first one in the route.
+
+ for (i = ip; i < ip+(1<<(32-prefixlen)) ; ++i)
+ cache_ipmap(i, new_s);
+ }
+ cache_ipmap(session[new_s].ip, new_s);
+
+ // IPV6 route
+ if (session[new_s].ipv6prefixlen)
+ cache_ipv6map(session[new_s].ipv6route, session[new_s].ipv6prefixlen, new_s);
+ }
+ }
+ }
+
+ cluster_send_bundle(b);
+ }
}
if (session[s].throttle_in || session[s].throttle_out) // Unthrottle if throttled.
controlt *c = controlnew(14); // sending CDN
if (cdn_error)
{
- uint8_t buf[4];
- *(uint16_t *) buf = htons(cdn_result);
- *(uint16_t *) (buf+2) = htons(cdn_error);
- controlb(c, 1, buf, 4, 1);
+ uint16_t buf[2];
+ buf[0] = htons(cdn_result);
+ buf[1] = htons(cdn_error);
+ controlb(c, 1, (uint8_t *)buf, 4, 1);
}
else
control16(c, 1, cdn_result, 1);
if (sess_local[s].radius)
radiusclear(sess_local[s].radius, s); // cant send clean accounting data, session is killed
+#ifdef LAC
+ if (session[s].forwardtosession)
+ {
+ sessionidt sess = session[s].forwardtosession;
+ if (session[sess].forwardtosession == s)
+ {
+ // Shutdown the linked session also.
+ sessionshutdown(sess, reason, CDN_ADMIN_DISC, TERM_ADMIN_RESET);
+ }
+ }
+#endif
+
LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason);
sessionclear(s);
cluster_send_session(s);
controlt *c = controlnew(4); // sending StopCCN
if (error)
{
- uint8_t buf[64];
+ uint16_t buf[32];
int l = 4;
- *(uint16_t *) buf = htons(result);
- *(uint16_t *) (buf+2) = htons(error);
+ buf[0] = htons(result);
+ buf[1] = htons(error);
if (msg)
{
int m = strlen(msg);
if (m + 4 > sizeof(buf))
m = sizeof(buf) - 4;
- memcpy(buf+4, msg, m);
+ memcpy(buf+2, msg, m);
l += m;
}
- controlb(c, 1, buf, l, 1);
+ controlb(c, 1, (uint8_t *)buf, l, 1);
}
else
control16(c, 1, result, 1);
case 0: // message type
message = ntohs(*(uint16_t *) b);
mandatory = flags & 0x80;
- LOG(4, s, t, " Message type = %u (%s)\n", *b, l2tp_code(message));
+ LOG(4, s, t, " Message type = %u (%s)\n", message, l2tp_code(message));
break;
case 1: // result code
{
}
break;
case 13: // Response
+#ifdef LAC
+ if (tunnel[t].isremotelns)
+ {
+ chapresponse = calloc(17, 1);
+ memcpy(chapresponse, b, (n < 17) ? n : 16);
+ LOG(3, s, t, "received challenge response from REMOTE LNS\n");
+ }
+ else
+#endif /* LAC */
// Why did they send a response? We never challenge.
LOG(2, s, t, " received unexpected challenge response\n");
break;
{
case 1: // SCCRQ - Start Control Connection Request
tunnel[t].state = TUNNELOPENING;
+ LOG(3, s, t, "Received SCCRQ\n");
if (main_quit != QUIT_SHUTDOWN)
{
+ LOG(3, s, t, "sending SCCRP\n");
controlt *c = controlnew(2); // sending SCCRP
control16(c, 2, version, 1); // protocol version
control32(c, 3, 3, 1); // framing
case 2: // SCCRP
tunnel[t].state = TUNNELOPEN;
tunnel[t].lastrec = time_now;
+#ifdef LAC
+ LOG(3, s, t, "Received SCCRP\n");
+ if (main_quit != QUIT_SHUTDOWN)
+ {
+ if (tunnel[t].isremotelns && chapresponse)
+ {
+ hasht hash;
+
+ lac_calc_rlns_auth(t, 2, hash); // id = 2 (SCCRP)
+ // check authenticator
+ if (memcmp(hash, chapresponse, 16) == 0)
+ {
+ LOG(3, s, t, "sending SCCCN to REMOTE LNS\n");
+ controlt *c = controlnew(3); // sending SCCCN
+ controls(c, 7, hostname, 1); // host name
+ controls(c, 8, Vendor_name, 1); // Vendor name
+ control16(c, 2, version, 1); // protocol version
+ control32(c, 3, 3, 1); // framing Capabilities
+ control16(c, 9, t, 1); // assigned tunnel
+ controladd(c, 0, t); // send
+ }
+ else
+ {
+ tunnelshutdown(t, "Bad chap response from REMOTE LNS", 4, 0, 0);
+ }
+ }
+ }
+ else
+ {
+ tunnelshutdown(t, "Shutting down", 6, 0, 0);
+ }
+#endif /* LAC */
break;
case 3: // SCCN
+ LOG(3, s, t, "Received SCCN\n");
tunnel[t].state = TUNNELOPEN;
tunnel[t].lastrec = time_now;
controlnull(t); // ack
break;
case 4: // StopCCN
+ LOG(3, s, t, "Received StopCCN\n");
controlnull(t); // ack
tunnelshutdown(t, "Stopped", 0, 0, 0); // Shut down cleanly
break;
break;
case 7: // OCRQ
// TBA
+ LOG(3, s, t, "Received OCRQ\n");
break;
case 8: // OCRO
// TBA
+ LOG(3, s, t, "Received OCRO\n");
break;
case 9: // OCCN
// TBA
+ LOG(3, s, t, "Received OCCN\n");
break;
case 10: // ICRQ
+ LOG(3, s, t, "Received ICRQ\n");
if (sessionfree && main_quit != QUIT_SHUTDOWN)
{
controlt *c = controlnew(11); // ICRP
+ LOG(3, s, t, "Sending ICRP\n");
+
s = sessionfree;
sessionfree = session[s].next;
memset(&session[s], 0, sizeof(session[s]));
{
controlt *c = controlnew(14); // CDN
+ LOG(3, s, t, "Sending CDN\n");
if (!sessionfree)
{
STAT(session_overflow);
}
return;
case 11: // ICRP
- // TBA
+#ifdef LAC
+ LOG(3, s, t, "Received ICRP\n");
+ if (session[s].forwardtosession)
+ {
+ controlt *c = controlnew(12); // ICCN
+
+ session[s].opened = time_now;
+ session[s].tunnel = t;
+ session[s].far = asession;
+ session[s].last_packet = session[s].last_data = time_now;
+
+ control32(c, 19, 1, 1); // Framing Type
+ control32(c, 24, 10000000, 1); // Tx Connect Speed
+ controladd(c, asession, t); // send the message
+ LOG(3, s, t, "Sending ICCN\n");
+ }
+#endif /* LAC */
break;
case 12: // ICCN
+ LOG(3, s, t, "Received ICCN\n");
if (amagic == 0) amagic = time_now;
session[s].magic = amagic; // set magic number
session[s].flags = aflags; // set flags received
break;
case 14: // CDN
+ LOG(3, s, t, "Received CDN\n");
controlnull(t); // ack
sessionshutdown(s, disc_reason, CDN_NONE, disc_cause);
break;
l -= 2;
}
+#ifdef LAC
+ if (session[s].forwardtosession)
+ {
+ LOG(5, s, t, "Forwarding data session to session %u\n", session[s].forwardtosession);
+ // Forward to LAC or Remote LNS session
+ lac_session_forward(buf, len, s, proto);
+ return;
+ }
+#endif /* LAC */
+
if (s && !session[s].opened) // Is something wrong??
{
if (!config->cluster_iam_master)
return;
}
-
LOG(1, s, t, "UDP packet contains session which is not opened. Dropping packet.\n");
STAT(tunnel_rx_errors);
return;
}
session[s].last_packet = session[s].last_data = time_now;
- if (session[s].walled_garden && !config->cluster_iam_master)
+ if (!config->cluster_iam_master)
{
+ // The fragments reconstruction is managed by the Master.
master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
return;
}
}
// read and process packet on tun
+// (i.e. this routine writes to buf[-8]).
static void processtun(uint8_t * buf, int len)
{
LOG_HEX(5, "Receive TUN Data", buf, len);
}
}
- // Drop sessions who have not responded within IDLE_TIMEOUT seconds
- if (session[s].last_packet && (time_now - session[s].last_packet >= IDLE_TIMEOUT))
+ // Drop sessions who have not responded within IDLE_ECHO_TIMEOUT seconds
+ if (session[s].last_packet && (time_now - session[s].last_packet >= config->idle_echo_timeout))
{
sessionshutdown(s, "No response to LCP ECHO requests.", CDN_ADMIN_DISC, TERM_LOST_SERVICE);
STAT(session_timeout);
}
// No data in ECHO_TIMEOUT seconds, send LCP ECHO
- if (session[s].ppp.phase >= Establish && (time_now - session[s].last_packet >= ECHO_TIMEOUT) &&
+ if (session[s].ppp.phase >= Establish && (time_now - session[s].last_packet >= config->echo_timeout) &&
(time_now - sess_local[s].last_echo >= ECHO_TIMEOUT))
{
uint8_t b[MAXETHER];
# include "fake_epoll.h"
#endif
+#ifdef LAC
+// the base set of fds polled: cli, cluster, tun, udp, control, dae, netlink, udplac
+#define BASE_FDS 8
+#else
// the base set of fds polled: cli, cluster, tun, udp, control, dae, netlink
#define BASE_FDS 7
+#endif
// additional polled fds
#ifdef BGP
{
int i;
uint8_t buf[65536];
+ uint8_t *p = buf + 8; // for the hearder of the forwarded MPPP packet (see C_MPPP_FORWARD)
+ int size_bufp = sizeof(buf) - 8;
clockt next_cluster_ping = 0; // send initial ping immediately
struct epoll_event events[BASE_FDS + RADIUS_FDS + EXTRA_FDS];
int maxevent = sizeof(events)/sizeof(*events);
exit(1);
}
+#ifdef LAC
+ LOG(4, 0, 0, "Beginning of main loop. clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d, nlfd=%d , udplacfd=%d\n",
+ clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd, nlfd, udplacfd);
+#else
LOG(4, 0, 0, "Beginning of main loop. clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d, nlfd=%d\n",
clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd, nlfd);
+#endif
/* setup our fds to poll for input */
{
d[i].type = FD_TYPE_NETLINK;
e.data.ptr = &d[i++];
epoll_ctl(epollfd, EPOLL_CTL_ADD, nlfd, &e);
+
+#ifdef LAC
+ d[i].type = FD_TYPE_UDPLAC;
+ e.data.ptr = &d[i++];
+ epoll_ctl(epollfd, EPOLL_CTL_ADD, udplacfd, &e);
+#endif
}
#ifdef BGP
socklen_t alen;
int c, s;
int udp_ready = 0;
+#ifdef LAC
+ int udplac_ready = 0;
+ int udplac_pkts = 0;
+#endif
int tun_ready = 0;
int cluster_ready = 0;
int udp_pkts = 0;
case FD_TYPE_CLUSTER: cluster_ready++; break;
case FD_TYPE_TUN: tun_ready++; break;
case FD_TYPE_UDP: udp_ready++; break;
-
+#ifdef LAC
+ case FD_TYPE_UDPLAC: udplac_ready++; break;
+#endif
case FD_TYPE_CONTROL: // nsctl commands
alen = sizeof(addr);
s = recvfromto(controlfd, buf, sizeof(buf), MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local);
n--;
}
}
+#ifdef LAC
+ // L2TP REMOTE LNS
+ if (udplac_ready)
+ {
+ alen = sizeof(addr);
+ if ((s = recvfrom(udplacfd, buf, sizeof(buf), 0, (void *) &addr, &alen)) > 0)
+ {
+ if (!config->disable_lac_func)
+ processudp(buf, s, &addr);
+ udplac_pkts++;
+ }
+ else
+ {
+ udplac_ready = 0;
+ n--;
+ }
+ }
+#endif
// incoming IP
if (tun_ready)
{
- if ((s = read(tunfd, buf, sizeof(buf))) > 0)
+ if ((s = read(tunfd, p, size_bufp)) > 0)
{
- processtun(buf, s);
+ processtun(p, s);
tun_pkts++;
}
else
if (c >= config->multi_read_count)
{
+#ifdef LAC
+ LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun and %d cluster %d rmlns packets\n",
+ config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts, udplac_pkts);
+#else
LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun and %d cluster packets\n",
config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts);
-
+#endif
STAT(multi_read_exceeded);
more++;
}
config->ppp_max_failure = 5;
config->kill_timedout_sessions = 1;
strcpy(config->random_device, RANDOMDEVICE);
+ // Set default value echo_timeout and idle_echo_timeout
+ config->echo_timeout = ECHO_TIMEOUT;
+ config->idle_echo_timeout = IDLE_ECHO_TIMEOUT;
log_stream = stderr;
exit(1);
}
#endif /* BGP */
+
+#ifdef LAC
+ lac_initremotelnsdata();
+#endif
}
static int assign_ip_address(sessionidt s)
static int dump_session(FILE **f, sessiont *s)
{
+#ifdef LAC
+ if (!s->opened || (!s->ip && !s->forwardtosession) || !(s->cin_delta || s->cout_delta) || !*s->user || s->walled_garden)
+#else
if (!s->opened || !s->ip || !(s->cin_delta || s->cout_delta) || !*s->user || s->walled_garden)
+#endif
return 1;
if (!*f)
/* set hostname /after/ having read the config file */
if (*config->hostname)
strcpy(hostname, config->hostname);
- cli_init_hostname(hostname);
+ cli_init_complete(hostname);
update_config();
init_tbf(config->num_tbfs);
if (!config->radius_dae_port)
config->radius_dae_port = DAEPORT;
+#ifdef LAC
+ if(!config->bind_portremotelns)
+ config->bind_portremotelns = L2TPLACPORT;
+#endif
+
// re-initialise the random number source
initrandom(config->random_device);
LOG(3, s, t, "Doing session setup for session\n");
// Join a bundle if the MRRU option is accepted
- if(session[s].mrru > 0 && session[s].bundle == 0)
- {
- LOG(3, s, t, "This session can be part of multilink bundle\n");
- if (join_bundle(s) > 0)
- cluster_send_bundle(session[s].bundle);
+ if(session[s].mrru > 0 && session[s].bundle == 0)
+ {
+ LOG(3, s, t, "This session can be part of multilink bundle\n");
+ if (join_bundle(s) > 0)
+ cluster_send_bundle(session[s].bundle);
else
{
LOG(0, s, t, "MPPP: Mismaching mssf option with other sessions in bundle\n");
sessionshutdown(s, "Mismaching mssf option.", CDN_NONE, TERM_SERVICE_UNAVAILABLE);
return 0;
}
- }
+ }
if (!session[s].ip)
{
fmtaddr(htonl(session[s].ip), 0));
}
-
// Make sure this is right
session[s].tunnel = t;
for (i = 1; i <= config->cluster_highest_sessionid; i++)
{
if (i == s) continue;
- if (!session[s].opened) continue;
+ if (!session[s].opened) break;
// Allow duplicate sessions for multilink ones of the same bundle.
- if (session[s].bundle && session[i].bundle && session[s].bundle == session[i].bundle)
- continue;
+ if (session[s].bundle && session[i].bundle && session[s].bundle == session[i].bundle) continue;
+
if (ip == session[i].ip)
{
sessionkill(i, "Duplicate IP address");
+ cluster_listinvert_session(s, i);
continue;
}
if (session[s].walled_garden || session[i].walled_garden) continue;
// Guest change
int found = 0;
- int gu;
- for (gu = 0; gu < guest_accounts_num; gu++)
- {
- if (!strcasecmp(user, guest_users[gu]))
- {
- found = 1;
- break;
- }
- }
- if (found) continue;
+ int gu;
+ for (gu = 0; gu < guest_accounts_num; gu++)
+ {
+ if (!strcasecmp(user, guest_users[gu]))
+ {
+ found = 1;
+ break;
+ }
+ }
+ if (found) continue;
// Drop the new session in case of duplicate sessionss, not the old one.
if (!strcasecmp(user, session[i].user))
// no need to set a route for the same IP address of the bundle
if (!session[s].bundle || (bundle[session[s].bundle].num_of_links == 1))
{
- int routed = 0;
+ int routed = 0;
// Add the route for this session.
for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
// default deny
return 0;
}
+
+#ifdef LAC
+
+tunnelidt lac_new_tunnel()
+{
+ return new_tunnel();
+}
+
+void lac_tunnelclear(tunnelidt t)
+{
+ tunnelclear(t);
+}
+
+void lac_send_SCCRQ(tunnelidt t, uint8_t * auth, unsigned int auth_len)
+{
+ uint16_t version = 0x0100; // protocol version
+
+ tunnel[t].state = TUNNELOPENING;
+
+ // Sent SCCRQ - Start Control Connection Request
+ controlt *c = controlnew(1); // sending SCCRQ
+ controls(c, 7, hostname, 1); // host name
+ controls(c, 8, Vendor_name, 1); // Vendor name
+ control16(c, 2, version, 1); // protocol version
+ control32(c, 3, 3, 1); // framing Capabilities
+ control16(c, 9, t, 1); // assigned tunnel
+ controlb(c, 11, (uint8_t *) auth, auth_len, 1); // CHAP Challenge
+ LOG(3, 0, t, "Sent SCCRQ to REMOTE LNS\n");
+ controladd(c, 0, t); // send
+}
+
+void lac_send_ICRQ(tunnelidt t, sessionidt s)
+{
+ // Sent ICRQ Incoming-call-request
+ controlt *c = controlnew(10); // ICRQ
+
+ control16(c, 14, s, 1); // assigned sesion
+ call_serial_number++;
+ control32(c, 15, call_serial_number, 1); // call serial number
+ LOG(3, s, t, "Sent ICRQ to REMOTE LNS (far ID %u)\n", tunnel[t].far);
+ controladd(c, 0, t); // send
+}
+
+void lac_tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg)
+{
+ tunnelshutdown(t, reason, result, error, msg);
+}
+
+#endif
projects / l2tpns.git / blobdiff