validate source of RADIUS packets
[l2tpns.git] / autothrottle.c
index 46823c3..cd42365 100644 (file)
 
 /* set up throttling based on RADIUS reply */
 
 
 /* set up throttling based on RADIUS reply */
 
-char const *cvs_id = "$Id: autothrottle.c,v 1.8 2004/11/09 08:05:02 bodea Exp $";
+/*
+ * lcp:interface-config#1=service-policy input N
+ * lcp:interface-config#2=service-policy output N
+ *
+ * throttle=N
+ * throttle=yes (use throttle_rate from config)
+ * throttle=no
+ */
 
 
-int __plugin_api_version = PLUGIN_API_VERSION;
-struct pluginfuncs *p;
+char const *cvs_id = "$Id: autothrottle.c,v 1.16 2005/10/11 09:04:53 bodea Exp $";
+
+int plugin_api_version = PLUGIN_API_VERSION;
+static struct pluginfuncs *f = 0;
 
 #define THROTTLE_KEY "lcp:interface-config"
 
 int plugin_radius_response(struct param_radius_response *data)
 {
 
 #define THROTTLE_KEY "lcp:interface-config"
 
 int plugin_radius_response(struct param_radius_response *data)
 {
-       char *t;
-       int i = 0;
+    if (!strncmp(data->key, THROTTLE_KEY, sizeof(THROTTLE_KEY) - 1))
+    {
+       char *sp = strchr(data->value, ' ');
+       char type;
        int rate;
 
        int rate;
 
-       if (strncmp(data->key, THROTTLE_KEY, strlen(THROTTLE_KEY)) == 0)
+       if (!sp || sp - data->value < 4 ||
+           strncmp("service-policy", data->value, sp - data->value))
+           return PLUGIN_RET_OK;
+
+       while (*sp == ' ') sp++;
+       data->value = sp;
+
+       if (!(sp = strchr(data->value, ' ')) ||
+           (strncmp("input", data->value, sp - data->value) &&
+           strncmp("output", data->value, sp - data->value)))
+       {
+           f->log(3, f->get_id_by_session(data->s), data->s->tunnel,
+               "         Not throttling user (invalid type %.*s)\n",
+               sp - data->value, data->value);
+
+           return PLUGIN_RET_OK;
+       }
+
+       type = *data->value;
+
+       while (*sp == ' ') sp++;
+       data->value = sp;
+
+       if ((rate = strtol(data->value, &sp, 10)) < 0 || *sp)
        {
        {
-               char *pt = strdup(data->value);
-               while ((t = strsep(&pt, " ")) != NULL)
-               {
-                       if (strcmp(t, "serv") == 0)
-                               i = 1;
-                       else if (strcmp(t, "o") && i == 1)
-                               i = 2;
-                       else if (strcmp(t, "i") && i == 1)
-                               i = 3;
-                       else if (i > 1 && (rate = atoi(t)) > 0)
-                       {
-                               switch (i)
-                               {
-                                       case 2: // output
-                                               data->s->throttle_out = rate;
-                                               free(pt);
-                                               p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, "      Set output throttle rate %dkb/s\n", rate);
-                                               return PLUGIN_RET_OK;
-
-                                       case 3: //input
-                                               data->s->throttle_in = rate;
-                                               free(pt);
-                                               p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, "      Set input throttle rate %dkb/s\n", rate);
-                                               return PLUGIN_RET_OK;
-
-                                       default:
-                                               p->log(1, 0, p->get_id_by_session(data->s), data->s->tunnel, "Syntax error in rate limit AV pair: %s=%s\n", data->key, data->value);
-                                               free(pt);
-                                               return PLUGIN_RET_OK;
-                               }
-                       }
-                       else
-                       {
-                               free(pt);
-                               p->log(1, 0, p->get_id_by_session(data->s), data->s->tunnel, "Syntax error in rate limit AV pair: %s=%s\n",
-                                       data->key, data->value);
-                               return PLUGIN_RET_OK;
-                       }
-               }
-               free(pt);
+           f->log(3, f->get_id_by_session(data->s), data->s->tunnel,
+               "         Not throttling user (invalid rate %s)\n",
+               data->value);
+
+           return PLUGIN_RET_OK;
        }
        }
-       else if (strcmp(data->key, "throttle") == 0)
+
+       if (type == 'i')
        {
        {
-               if (strcmp(data->value, "yes") == 0)
-               {
-                       unsigned long *rate = p->getconfig("throttle_speed", UNSIGNED_LONG);
-                       if (rate)
-                       {
-                               if (*rate)
-                                       p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, "         Throttling user to %dkb/s\n", *rate);
-                               else
-                                       p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, "         Not throttling user (throttle_speed=0)\n");
-
-                               data->s->throttle_in = data->s->throttle_out = *rate;
-                       }
-                       else
-                               p->log(1, 0, p->get_id_by_session(data->s), data->s->tunnel, "Not throttling user (can't get throttle_speed)\n");
-               }
-               else if (strcmp(data->value, "no") == 0)
-               {
-                       p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, "         Not throttling user\n");
-                       data->s->throttle_in = data->s->throttle_out = 0;
-               }
+           data->s->throttle_in = rate;
+           f->log(3, f->get_id_by_session(data->s), data->s->tunnel,
+               "         Throttling user input to %dkb/s\n", rate);
+       }
+       else
+       {
+           data->s->throttle_out = rate;
+           f->log(3, f->get_id_by_session(data->s), data->s->tunnel,
+                   "         Throttling user output to %dkb/s\n", rate);
+       }
+    }
+    else if (!strcmp(data->key, "throttle"))
+    {
+       char *e;
+       int rate;
+
+       if ((rate = strtol(data->value, &e, 10)) < 0 || *e)
+       {
+           rate = -1;
+           if (!strcmp(data->value, "yes"))
+           {
+               unsigned long *ts = f->getconfig("throttle_speed", UNSIGNED_LONG);
+               if (ts)
+                   rate = *ts;
+           }
+           else if (!strcmp(data->value, "no"))
+               rate = 0;
+       }
+
+       if (rate < 0)
+           return PLUGIN_RET_OK;
+
+       if (rate)
+           f->log(3, f->get_id_by_session(data->s), data->s->tunnel,
+               "         Throttling user to %dkb/s\n", rate);
+       else
+           f->log(3, f->get_id_by_session(data->s), data->s->tunnel,
+               "         Not throttling user\n");
+
+       data->s->throttle_in = data->s->throttle_out = rate;
+    }
+
+    return PLUGIN_RET_OK;
+}
+
+int plugin_radius_reset(struct param_radius_reset *data)
+{
+    f->throttle(f->get_id_by_session(data->s), 0, 0);
+    return PLUGIN_RET_OK;
+}
+
+int plugin_radius_account(struct param_radius_account *data)
+{
+    if (data->s->throttle_in || data->s->throttle_out)
+    {
+       uint8_t *p = *data->packet;
+       int i = 1;
+
+       if (data->s->throttle_in)
+       {
+           *p = 26;                            // vendor-specific
+           *(uint32_t *) (p + 2) = htonl(9);   // Cisco
+           p[6] = 1;                           // Cisco-AVPair
+           p[7] = 2 + sprintf((char *) p + 8,
+               "lcp:interface-config#%d=service-policy input %d", i++,
+               data->s->throttle_in);
+
+           p[1] = p[7] + 6;
+           p += p[1];
+       }
+
+       if (data->s->throttle_out)
+       {
+           *p = 26;                            // vendor-specific
+           *(uint32_t *) (p + 2) = htonl(9);   // Cisco
+           p[6] = 1;                           // Cisco-AVPair
+           p[7] = 2 + sprintf((char *) p + 8,
+               "lcp:interface-config#%d=service-policy output %d", i++,
+               data->s->throttle_out);
+
+           p[1] = p[7] + 6;
+           p += p[1];
        }
 
        }
 
-       p->log(4, 0, p->get_id_by_session(data->s), data->s->tunnel, "autothrottle module ignoring AV pair %s=%s\n",
-               data->key, data->value);
+       *data->packet = p;
+    }
 
 
-       return PLUGIN_RET_OK;
+    return PLUGIN_RET_OK;
 }
 
 int plugin_init(struct pluginfuncs *funcs)
 {
 }
 
 int plugin_init(struct pluginfuncs *funcs)
 {
-       return ((p = funcs)) ? 1 : 0;
+    return ((f = funcs)) ? 1 : 0;
 }
 }