- Revise CCP, send ConfigReq once only.

[l2tpns.git] / l2tpns.h

diff --git a/l2tpns.h b/l2tpns.h
index b498fd1..eb575a3 100644 (file)
--- a/l2tpns.h
+++ b/l2tpns.h
@@ -1,22 +1,36 @@
 // L2TPNS Global Stuff
 // L2TPNS Global Stuff

-// $Id: l2tpns.h,v 1.6 2004/05/24 04:33:35 fred_nerk Exp $
+// $Id: l2tpns.h,v 1.38 2004/11/27 05:19:53 bodea Exp $
+
+#ifndef __L2TPNS_H__
+#define __L2TPNS_H__

 
 #include <netinet/in.h>
 
 #include <netinet/in.h>

-#include <stdio.h>

 #include <execinfo.h>
 #include <execinfo.h>

-#include "config.h"
+#include <stdio.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <sys/types.h>
+#include <libcli.h>

 
 

-#define VERSION        "1.2.0"
+#define VERSION        "2.0.9"

 
 // Limits
 #define MAXTUNNEL      500             // could be up to 65535
 #define MAXSESSION     50000           // could be up to 65535
 
 // Limits
 #define MAXTUNNEL      500             // could be up to 65535
 #define MAXSESSION     50000           // could be up to 65535

+#define MAXTBFS                6000            // Maximum token bucket filters. Might need up to 2 * session.
+

 #define RADIUS_SHIFT   5
 #define RADIUS_MASK    ((unsigned short)(((unsigned short)~0) >> (16 - RADIUS_SHIFT)))
 #define RADIUS_SHIFT   5
 #define RADIUS_MASK    ((unsigned short)(((unsigned short)~0) >> (16 - RADIUS_SHIFT)))

-#define        MAXRADIUS       ((2 << (RADIUS_SHIFT - 1)) * 255)
+#define        MAXRADIUS       ((unsigned long)(1L << RADIUS_SHIFT) * 255)
+
+#define T_UNDEF                (0xffff)        // A tunnel ID that won't ever be used. Mark session as undefined.
+#define T_FREE         (0)             // A tunnel ID that won't ever be used. Mark session as free.

 
 #define        MAXCONTROL      1000            // max length control message we ever send...
 
 #define        MAXCONTROL      1000            // max length control message we ever send...

-#define        MAXETHER        (1500+18)       // max packet we try sending to tap
+#define        MAXETHER        (1500+18)       // max packet we try sending to tun

 #define        MAXTEL          96              // telephone number
 #define MAXPLUGINS     20              // maximum number of plugins to load
 #define MAXRADSERVER   10              // max radius servers
 #define        MAXTEL          96              // telephone number
 #define MAXPLUGINS     20              // maximum number of plugins to load
 #define MAXRADSERVER   10              // max radius servers


@@ -26,26 +40,45 @@
 #define MAX_LOG_LENGTH 512             // Maximum size of log message
 #define ECHO_TIMEOUT   60              // Time between last packet sent and LCP ECHO generation
 #define IDLE_TIMEOUT   240             // Time between last packet sent and LCP ECHO generation
 #define MAX_LOG_LENGTH 512             // Maximum size of log message
 #define ECHO_TIMEOUT   60              // Time between last packet sent and LCP ECHO generation
 #define IDLE_TIMEOUT   240             // Time between last packet sent and LCP ECHO generation

+#define BUSY_WAIT_TIME 3000            // 5 minutes in 1/10th seconds to wait for radius to cleanup on shutdown

 
 // Constants
 
 // Constants

-#define STATISTICS
-#define STAT_CALLS
-#define RINGBUFFER
-#define TAPDEVICE      "/dev/net/tun"
-#define        UDP             17
-#define HOMEDIR                "/home/l2tpns/"                 // Base dir for data
-#define STATEFILE      "/tmp/l2tpns.dump"              // State dump file
-#define NOSTATEFILE    "/tmp/l2tpns.no_state_reload"   // If exists, state will not be reloaded
-#define CONFIGFILE     ETCDIR "/l2tpns.cfg"            // Configuration file
-#define CLIUSERS       ETCDIR "/l2tpns.users"          // CLI Users file
-#define IPPOOLFILE     ETCDIR "/l2tpns.ip_pool"        // Address pool configuration
+#ifndef ETCDIR
+#define ETCDIR         "/etc/l2tpns"
+#endif
+

 #ifndef LIBDIR
 #define LIBDIR         "/usr/lib/l2tpns"
 #endif
 #ifndef LIBDIR
 #define LIBDIR         "/usr/lib/l2tpns"
 #endif

+
+#ifndef STATEDIR
+#define STATEDIR       "/var/lib/l2tpns"
+#endif
+
+#ifndef PLUGINDIR
+#define PLUGINDIR      LIBDIR          // Plugins
+#endif
+
+#ifndef PLUGINCONF
+#define PLUGINCONF     ETCDIR          // Plugin config dir
+#endif
+
+#ifndef FLASHDIR
+#define FLASHDIR       ETCDIR
+#endif
+
+#ifndef DATADIR
+#define DATADIR                STATEDIR
+#endif
+
+#define TUNDEVICE      "/dev/net/tun"
+#define STATEFILE      DATADIR "/state.dump"           // State dump file
+#define CONFIGFILE     FLASHDIR "/startup-config"      // Configuration file
+#define CLIUSERS       FLASHDIR "/users"               // CLI Users file
+#define IPPOOLFILE     FLASHDIR "/ip_pool"             // Address pool configuration

 #define ACCT_TIME      3000            // 5 minute accounting interval
 #define        L2TPPORT        1701            // L2TP port
 #define RADPORT                1645            // old radius port...
 #define ACCT_TIME      3000            // 5 minute accounting interval
 #define        L2TPPORT        1701            // L2TP port
 #define RADPORT                1645            // old radius port...

-#define        RADAPORT        1646            // old radius accounting port

 #define        PKTARP          0x0806          // ARP packet type
 #define        PKTIP           0x0800          // IP packet type
 #define PSEUDOMAC      0x0200          // pseudo MAC prefix (local significant MAC)
 #define        PKTARP          0x0806          // ARP packet type
 #define        PKTIP           0x0800          // IP packet type
 #define PSEUDOMAC      0x0200          // pseudo MAC prefix (local significant MAC)


@@ -56,7 +89,7 @@
 #define        PPPCCP          0x80FD
 #define PPPIP          0x0021
 #define PPPMP          0x003D
 #define        PPPCCP          0x80FD
 #define PPPIP          0x0021
 #define PPPMP          0x003D

-#define MIN_IP_SIZE    0x20
+#define MIN_IP_SIZE    0x19

 enum
 {
        ConfigReq = 1,
 enum
 {
        ConfigReq = 1,


@@ -69,7 +102,8 @@ enum
        ProtocolRej,
        EchoReq,
        EchoReply,
        ProtocolRej,
        EchoReq,
        EchoReply,

-       DiscardRequest
+       DiscardRequest,
+       IdentRequest

 };
 
 // Types
 };
 
 // Types


@@ -83,11 +117,32 @@ typedef u16 tunnelidt;
 typedef u32 clockt;
 typedef u8 hasht[16];
 
 typedef u32 clockt;
 typedef u8 hasht[16];
 

+// CLI actions
+struct cli_session_actions {
+       char action;
+       ipt snoop_ip;
+       u16 snoop_port;
+       int throttle_in;
+       int throttle_out;
+};
+
+#define CLI_SESS_KILL          0x01
+#define CLI_SESS_SNOOP         0x02
+#define CLI_SESS_NOSNOOP       0x04
+#define CLI_SESS_THROTTLE      0x08
+#define CLI_SESS_NOTHROTTLE    0x10
+
+struct cli_tunnel_actions {
+       char action;
+};
+
+#define CLI_TUN_KILL           0x01
+

 // dump header: update number if internal format changes
 #define DUMP_MAGIC "L2TPNS#" VERSION "#"
 
 // structures
 // dump header: update number if internal format changes
 #define DUMP_MAGIC "L2TPNS#" VERSION "#"
 
 // structures

-typedef struct routes           // route
+typedef struct                 // route

 {
        ipt ip;
        ipt mask;
 {
        ipt ip;
        ipt mask;


@@ -102,22 +157,14 @@ typedef struct controls         // control message
 }
 controlt;
 
 }
 controlt;
 

-typedef struct stbft
-{
-    char handle[10];
-    char in_use;
-} tbft;
-
-
-// 336 bytes per session
-typedef struct sessions
+typedef struct

 {
        sessionidt next;                // next session in linked list
        sessionidt far;                 // far end session ID
 {
        sessionidt next;                // next session in linked list
        sessionidt far;                 // far end session ID

-       tunnelidt tunnel;               // tunnel ID
-       ipt ip;                         // IP of session set by RADIUS response
+       tunnelidt tunnel;               // near end tunnel ID
+       ipt ip;                         // IP of session set by RADIUS response (host byte order).

        int ip_pool_index;              // index to IP pool
        int ip_pool_index;              // index to IP pool

-       unsigned long sid;              // session id for hsddb
+       unsigned long unique_id;        // unique session id

        u16 nr;                         // next receive
        u16 ns;                         // next send
        u32 magic;                      // ppp magic number
        u16 nr;                         // next receive
        u16 ns;                         // next send
        u32 magic;                      // ppp magic number


@@ -126,33 +173,53 @@ typedef struct sessions
        u32 total_cin;                  // This counter is never reset while a session is open
        u32 total_cout;                 // This counter is never reset while a session is open
        u32 id;                         // session id
        u32 total_cin;                  // This counter is never reset while a session is open
        u32 total_cout;                 // This counter is never reset while a session is open
        u32 id;                         // session id

+       u16 throttle_in;                // upstream throttle rate (kbps)
+       u16 throttle_out;               // downstream throttle rate

        clockt opened;                  // when started
        clockt die;                     // being closed, when to finally free
        time_t last_packet;             // Last packet from the user (used for idle timeouts)
        ipt dns1, dns2;                 // DNS servers
        routet route[MAXROUTE];         // static routes
        u16 radius;                     // which radius session is being used (0 for not waiting on authentication)
        clockt opened;                  // when started
        clockt die;                     // being closed, when to finally free
        time_t last_packet;             // Last packet from the user (used for idle timeouts)
        ipt dns1, dns2;                 // DNS servers
        routet route[MAXROUTE];         // static routes
        u16 radius;                     // which radius session is being used (0 for not waiting on authentication)

-       u8 flags;                       // various bit flags
-       u8 snoop;                       // are we snooping this session?
-       u8 throttle;                    // is this session throttled?
-       u8 walled_garden;               // is this session gardened?

        u16 mru;                        // maximum receive unit
        u16 mru;                        // maximum receive unit

-       u16 tbf;                        // filter bucket for throttling
+       u16 tbf_in;                     // filter bucket for throttling in from the user.
+       u16 tbf_out;                    // filter bucket for throttling out to the user.
+       u8 l2tp_flags;                  // various bit flags from the ICCN on the l2tp tunnel.
+       u8 reserved_old_snoop;          // No longer used - remove at some time
+       u8 walled_garden;               // is this session gardened?
+       u8 flags1;                      // additional flags (currently unused);

        char random_vector[MAXTEL];
        int random_vector_length;
        char random_vector[MAXTEL];
        int random_vector_length;

-       char user[129];                 // user (needed in seesion for radius stop messages)
+       char user[129];                 // user (needed in seesion for radius stop messages) (can we reduce this? --mo)

        char called[MAXTEL];            // called number
        char calling[MAXTEL];           // calling number
        char called[MAXTEL];            // called number
        char calling[MAXTEL];           // calling number

-       unsigned long tx_connect_speed;
-       unsigned long rx_connect_speed;
+       u32 tx_connect_speed;
+       u32 rx_connect_speed;
+       u32 flags;                      // Various session flags.
+       ipt snoop_ip;                   // Interception destination IP
+       u16 snoop_port;                 // Interception destination port
+       u16 sid;                        // near end session id.
+       u8 filter_in;                   // input filter index (to ip_filters[N-1]; 0 if none)
+       u8 filter_out;                  // output filter index
+       char reserved[18];              // Space to expand structure without changing HB_VERSION

 }
 sessiont;
 
 }
 sessiont;
 

-#define        SESSIONPFC      1            // PFC negotiated flags
-#define        SESSIONACFC     2           // ACFC negotiated flags
+#define SF_IPCP_ACKED  1       // Has this session seen an IPCP Ack?
+#define SF_LCP_ACKED   2       // LCP negotiated
+#define SF_CCP_ACKED   4       // CCP negotiated
+
+typedef struct
+{
+       u32     cin;
+       u32     cout;
+} sessioncountt;
+
+#define        SESSIONPFC      1       // PFC negotiated flags
+#define        SESSIONACFC     2       // ACFC negotiated flags

 
 // 168 bytes per tunnel
 
 // 168 bytes per tunnel

-typedef struct tunnels
+typedef struct

 {
        tunnelidt far;          // far end tunnel ID
        ipt ip;                 // Ip for far end
 {
        tunnelidt far;          // far end tunnel ID
        ipt ip;                 // Ip for far end


@@ -175,7 +242,7 @@ typedef struct tunnels
 tunnelt;
 
 // 180 bytes per radius session
 tunnelt;
 
 // 180 bytes per radius session

-typedef struct radiuss         // outstanding RADIUS requests
+typedef struct                 // outstanding RADIUS requests

 {
        sessionidt session;     // which session this applies to
        hasht auth;             // request authenticator
 {
        sessionidt session;     // which session this applies to
        hasht auth;             // request authenticator


@@ -191,7 +258,7 @@ radiust;
 
 typedef struct
 {
 
 typedef struct
 {

-       ipt             address;
+       ipt             address;        // Host byte order..

        char            assigned;       // 1 if assigned, 0 if free
        sessionidt      session;
        clockt          last;           // last used
        char            assigned;       // 1 if assigned, 0 if free
        sessionidt      session;
        clockt          last;           // last used


@@ -223,7 +290,8 @@ enum
        TUNNELFREE,             // Not in use
        TUNNELOPEN,             // Active tunnel
        TUNNELDIE,              // Currently closing
        TUNNELFREE,             // Not in use
        TUNNELOPEN,             // Active tunnel
        TUNNELDIE,              // Currently closing

-       TUNNELOPENING           // Busy opening
+       TUNNELOPENING,          // Busy opening
+       TUNNELUNDEF,            // Undefined

 };
 
 enum
 };
 
 enum


@@ -234,7 +302,8 @@ enum
        RADIUSIPCP,             // sending IPCP to end user
        RADIUSSTART,            // sending start accounting to RADIUS server
        RADIUSSTOP,             // sending stop accounting to RADIUS server
        RADIUSIPCP,             // sending IPCP to end user
        RADIUSSTART,            // sending start accounting to RADIUS server
        RADIUSSTOP,             // sending stop accounting to RADIUS server

-       RADIUSWAIT              // waiting timeout before available, in case delayed replies
+       RADIUSWAIT,             // waiting timeout before available, in case delayed replies
+       RADIUSDEAD,             // errored while talking to radius server.

 };
 
 struct Tstats
 };
 
 struct Tstats


@@ -242,12 +311,12 @@ struct Tstats
     time_t             start_time;
     time_t             last_reset;
 
     time_t             start_time;
     time_t             last_reset;
 

-    unsigned long      tap_rx_packets;
-    unsigned long      tap_tx_packets;
-    unsigned long      tap_rx_bytes;
-    unsigned long      tap_tx_bytes;
-    unsigned long      tap_rx_errors;
-    unsigned long      tap_tx_errors;
+    unsigned long      tun_rx_packets;
+    unsigned long      tun_tx_packets;
+    unsigned long      tun_rx_bytes;
+    unsigned long      tun_tx_bytes;
+    unsigned long      tun_rx_errors;
+    unsigned long      tun_tx_errors;

 
     unsigned long      tunnel_rx_packets;
     unsigned long      tunnel_tx_packets;
 
     unsigned long      tunnel_rx_packets;
     unsigned long      tunnel_tx_packets;


@@ -259,11 +328,7 @@ struct Tstats
     unsigned long      tunnel_retries;
     unsigned long      radius_retries;
 
     unsigned long      tunnel_retries;
     unsigned long      radius_retries;
 

-    unsigned long      arp_errors;
-    unsigned long      arp_replies;
-    unsigned long      arp_discarded;

     unsigned long      arp_sent;
     unsigned long      arp_sent;

-    unsigned long      arp_recv;

 
     unsigned long      packets_snooped;
 
 
     unsigned long      packets_snooped;
 


@@ -278,9 +343,11 @@ struct Tstats
 
     unsigned long      ip_allocated;
     unsigned long      ip_freed;
 
     unsigned long      ip_allocated;
     unsigned long      ip_freed;

-#ifdef STAT_CALLS
-    unsigned long      call_processtap;
-    unsigned long      call_processarp;
+
+    unsigned long      c_forwarded;
+    unsigned long      recv_forward;
+#ifdef STATISTICS
+    unsigned long      call_processtun;

     unsigned long      call_processipout;
     unsigned long      call_processudp;
     unsigned long      call_sessionbyip;
     unsigned long      call_processipout;
     unsigned long      call_processudp;
     unsigned long      call_sessionbyip;


@@ -310,64 +377,161 @@ struct Tstats
 };
 
 #ifdef STATISTICS
 };
 
 #ifdef STATISTICS

-#define STAT(x)                _statistics->x++
-#define INC_STAT(x,y)  _statistics->x += y
-#define GET_STAT(x)    _statistics->x
-#define SET_STAT(x, y) _statistics->x = y
+
+#ifdef STAT_CALLS
+#define CSTAT(x)       STAT(x)
+#else
+#define CSTAT(x)
+#endif
+
+#define STAT(x)                (_statistics->x++)
+#define INC_STAT(x,y)  (_statistics->x += (y))
+#define GET_STAT(x)    (_statistics->x)
+#define SET_STAT(x, y) (_statistics->x = (y))

 #else
 #else

+#define CSTAT(x)

 #define STAT(x)
 #define INC_STAT(x,y)
 #define GET_STAT(x)    0
 #define SET_STAT(x, y)
 #endif
 
 #define STAT(x)
 #define INC_STAT(x,y)
 #define GET_STAT(x)    0
 #define SET_STAT(x, y)
 #endif
 

-struct configt
+typedef struct

 {
        int             debug;                          // debugging level
        time_t          start_time;                     // time when l2tpns was started
        char            bandwidth[256];                 // current bandwidth
 {
        int             debug;                          // debugging level
        time_t          start_time;                     // time when l2tpns was started
        char            bandwidth[256];                 // current bandwidth

+       char            pid_file[256];                  // file to write PID to on startup
+       int             wrote_pid;
+       clockt          current_time;                   // 1/10ths of a second since the process started.
+                                                       // means that we can only run a given process
+                                                       // for 13 years without re-starting!

 
        char            config_file[128];
        int             reload_config;                  // flag to re-read config (set by cli)
        int             cleanup_interval;               // interval between regular cleanups (in seconds)
        int             multi_read_count;               // amount of packets to read per fd in processing loop
 
 
        char            config_file[128];
        int             reload_config;                  // flag to re-read config (set by cli)
        int             cleanup_interval;               // interval between regular cleanups (in seconds)
        int             multi_read_count;               // amount of packets to read per fd in processing loop
 

-       char            tapdevice[10];                  // tap device name
+       char            tundevice[10];                  // tun device name

        char            log_filename[128];
        char            l2tpsecret[64];
 
        char            radiussecret[64];
        int             radius_accounting;
        ipt             radiusserver[MAXRADSERVER];     // radius servers
        char            log_filename[128];
        char            l2tpsecret[64];
 
        char            radiussecret[64];
        int             radius_accounting;
        ipt             radiusserver[MAXRADSERVER];     // radius servers

+       u16             radiusport[MAXRADSERVER];       // radius base ports

        u8              numradiusservers;               // radius server count
        short           num_radfds;                     // Number of radius filehandles allocated
 
        ipt             default_dns1, default_dns2;
 
        u8              numradiusservers;               // radius server count
        short           num_radfds;                     // Number of radius filehandles allocated
 
        ipt             default_dns1, default_dns2;
 

-       ipt             snoop_destination_host;
-       u16             snoop_destination_port;
+       unsigned long   rl_rate;                        // default throttle rate
+       int             num_tbfs;                       // number of throttle buckets

 
 

-       unsigned long   rl_rate;

        int             save_state;
        int             save_state;

-       uint32_t        cluster_address;
-       int             ignore_cluster_updates;

        char            accounting_dir[128];
        ipt             bind_address;
        char            accounting_dir[128];
        ipt             bind_address;

+       ipt             peer_address;
+       int             send_garp;                      // Set to true to garp for vip address on startup
+

        int             target_uid;
        int             dump_speed;
        char            plugins[64][MAXPLUGINS];
        char            old_plugins[64][MAXPLUGINS];
 
        int             next_tbf;                       // Next HTB id available to use
        int             target_uid;
        int             dump_speed;
        char            plugins[64][MAXPLUGINS];
        char            old_plugins[64][MAXPLUGINS];
 
        int             next_tbf;                       // Next HTB id available to use

-};
+       int             scheduler_fifo;                 // If the system has multiple CPUs, use FIFO scheduling policy for this process.
+       int             lock_pages;                     // Lock pages into memory.
+       int             icmp_rate;                      // Max number of ICMP unreachable per second to send>
+
+       u32             cluster_address;                // Multicast address of cluster.
+                                                       // Send to this address to have everyone hear.
+       char            cluster_interface[64];          // Which interface to listen for multicast on.
+       int             cluster_iam_master;             // Are we the cluster master???
+       int             cluster_iam_uptodate;           // Set if we've got a full set of state from the master.
+       u32             cluster_master_address;         // The network address of the cluster master.
+                                                       // Zero if i am the cluster master.
+       int             cluster_seq_number;             // Sequence number of the next heartbeat we'll send out
+                                                       // (or the seq number we're next expecting if we're a slave).
+       int             cluster_undefined_sessions;     // How many sessions we're yet to receive from the master.
+       int             cluster_undefined_tunnels;      // How many tunnels we're yet to receive from the master.
+       int             cluster_highest_sessionid;
+       int             cluster_highest_tunnelid;
+       clockt          cluster_last_hb;                // Last time we saw a heartbeat from the master.
+       int             cluster_num_changes;            // Number of changes queued.
+
+       int             cluster_hb_interval;            // How often to send a heartbeat.
+       int             cluster_hb_timeout;             // How many missed heartbeats trigger an election.
+
+#ifdef BGP
+#define BGP_NUM_PEERS  2
+       u16             as_number;
+       struct {
+               char    name[64];
+               u16     as;
+               int     keepalive;
+               int     hold;
+       }               neighbour[BGP_NUM_PEERS];
+#endif
+} configt;

 
 

-struct config_descriptt
+enum config_typet { INT, STRING, UNSIGNED_LONG, SHORT, BOOL, IP, MAC };
+typedef struct

 {
        char *key;
        int offset;
        int size;
 {
        char *key;
        int offset;
        int size;

-       enum { INT, STRING, UNSIGNED_LONG, SHORT, BOOL, IP } type;
-};
+       enum config_typet type;
+} config_descriptt;
+
+typedef struct
+{
+       u8 op;          // operation
+#define FILTER_PORT_OP_NONE    0 // all ports match
+#define FILTER_PORT_OP_EQ      1
+#define FILTER_PORT_OP_NEQ     2
+#define FILTER_PORT_OP_GT      3
+#define FILTER_PORT_OP_LT      4
+#define FILTER_PORT_OP_RANGE   5
+       portt port;
+       portt port2;    // for range
+} ip_filter_portt;
+
+typedef struct
+{
+       int action;             // permit/deny
+#define FILTER_ACTION_DENY     1
+#define FILTER_ACTION_PERMIT   2
+       int proto;              // protocol: IPPROTO_* (netinet/in.h)
+       ipt src_ip;             // source ip
+       ipt src_wild;
+       ip_filter_portt src_ports;
+       ipt dst_ip;             // dest ip
+       ipt dst_wild;
+       ip_filter_portt dst_ports;
+       u8 tcp_flag_op;         // match type: any, all
+#define FILTER_FLAG_OP_ANY     0
+#define FILTER_FLAG_OP_ALL     1
+       u8 tcp_sflags;          // flags set
+       u8 tcp_cflags;          // flags clear
+} ip_filter_rulet;
+
+#define TCP_FLAG_FIN   0x01
+#define TCP_FLAG_SYN   0x02
+#define TCP_FLAG_RST   0x04
+#define TCP_FLAG_PSH   0x08
+#define TCP_FLAG_ACK   0x10
+#define TCP_FLAG_URG   0x20
+
+#define MAXFILTER              32
+#define MAXFILTER_RULES                32
+typedef struct
+{
+       char name[32];          // ACL name
+       int extended;           // type: 0 = standard, 1 = extended
+       ip_filter_rulet rules[MAXFILTER_RULES];
+       int used;               // session ref count
+} ip_filtert;

 
 // arp.c
 void sendarp(int ifr_idx, const unsigned char* mac, ipt ip);
 
 // arp.c
 void sendarp(int ifr_idx, const unsigned char* mac, ipt ip);


@@ -381,10 +545,9 @@ void processipcp(tunnelidt t, sessionidt s, u8 * p, u16 l);
 void processipin(tunnelidt t, sessionidt s, u8 * p, u16 l);
 void processccp(tunnelidt t, sessionidt s, u8 * p, u16 l);
 void sendchap(tunnelidt t, sessionidt s);
 void processipin(tunnelidt t, sessionidt s, u8 * p, u16 l);
 void processccp(tunnelidt t, sessionidt s, u8 * p, u16 l);
 void sendchap(tunnelidt t, sessionidt s);

-u8 *makeppp(u8 * b, u8 * p, int l, tunnelidt t, sessionidt s, u16 mtype);
-u8 *findppp(u8 * b, u8 mtype);
+u8 *makeppp(u8 * b, int size, u8 * p, int l, tunnelidt t, sessionidt s, u16 mtype);

 void initlcp(tunnelidt t, sessionidt s);
 void initlcp(tunnelidt t, sessionidt s);

-void dumplcp(char *p, int l);
+void send_ipin(sessionidt s, u8 * buf, int len);

 
 
 // radius.c
 
 
 // radius.c


@@ -395,79 +558,52 @@ void radiusretry(u16 r);
 u16 radiusnew(sessionidt s);
 void radiusclear(u16 r, sessionidt s);
 
 u16 radiusnew(sessionidt s);
 void radiusclear(u16 r, sessionidt s);
 

-// throttle.c
-int throttle_session(sessionidt s, int throttle);
-
-
-// rl.c
-void init_rl();
-u16 rl_create_tbf();
-u16 rl_get_tbf();
-void rl_done_tbf(u16 t);
-void rl_destroy_tbf(u16 t);
-

 
 // l2tpns.c
 
 // l2tpns.c

-clockt now(void);

 clockt backoff(u8 try);
 clockt backoff(u8 try);

-void routeset(ipt ip, ipt mask, ipt gw, u8 add);
-void inittap(void);
-void initudp(void);
-void initdata(void);
-void initippool();

 sessionidt sessionbyip(ipt ip);
 sessionidt sessionbyuser(char *username);
 void sessionshutdown(sessionidt s, char *reason);
 sessionidt sessionbyip(ipt ip);
 sessionidt sessionbyuser(char *username);
 void sessionshutdown(sessionidt s, char *reason);

-void sessionsendarp(sessionidt s);

 void send_garp(ipt ip);
 void send_garp(ipt ip);

-void sessionkill(sessionidt s, char *reason);
-void control16(controlt * c, u16 avp, u16 val, u8 m);
-void control32(controlt * c, u16 avp, u32 val, u8 m);
-void controls(controlt * c, u16 avp, char *val, u8 m);
-void controlb(controlt * c, u16 avp, char *val, unsigned int len, u8 m);
-controlt *controlnew(u16 mtype);
-void controlnull(tunnelidt t);
-void controladd(controlt * c, tunnelidt t, sessionidt s);

 void tunnelsend(u8 * buf, u16 l, tunnelidt t);
 void tunnelsend(u8 * buf, u16 l, tunnelidt t);

-void tunnelkill(tunnelidt t, char *reason);
-void tunnelshutdown(tunnelidt t, char *reason);

 void sendipcp(tunnelidt t, sessionidt s);
 void sendipcp(tunnelidt t, sessionidt s);

-void processipout(u8 * buf, int len);
-void processarp(u8 * buf, int len);

 void processudp(u8 * buf, int len, struct sockaddr_in *addr);
 void processudp(u8 * buf, int len, struct sockaddr_in *addr);

-void processtap(u8 * buf, int len);
-void processcontrol(u8 * buf, int len, struct sockaddr_in *addr);
-int assign_ip_address(sessionidt s);
-void free_ip_address(sessionidt s);
-void snoop_send_packet(char *packet, u16 size);
-void dump_acct_info();
-void mainloop(void);
-#define log _log
-#ifndef log_hex
-#define log_hex(a,b,c,d) do{if (a <= config->debug) _log_hex(a,0,0,0,b,c,d);}while (0)
-#endif
+void snoop_send_packet(char *packet, u16 size, ipt destination, u16 port);
+int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc);
+int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc);
+int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc);
+
+#undef LOG
+#undef LOG_HEX
+#define LOG(D, a, s, t, f, ...)        ({ if (D <= config->debug) _log(D, a, s, t, f, ## __VA_ARGS__); })
+#define LOG_HEX(D, t, d, s)    ({ if (D <= config->debug) _log_hex(D, t, d, s); })
+

 void _log(int level, ipt address, sessionidt s, tunnelidt t, const char *format, ...) __attribute__((format (printf, 5, 6)));
 void _log(int level, ipt address, sessionidt s, tunnelidt t, const char *format, ...) __attribute__((format (printf, 5, 6)));

-void _log_hex(int level, ipt address, sessionidt s, tunnelidt t, const char *title, const char *data, int maxsize);
-void build_chap_response(char *challenge, u8 id, u16 challenge_length, char **challenge_response);
-int sessionsetup(tunnelidt t, sessionidt s, u8 routes);
-int cluster_send_session(int s);
-int cluster_send_tunnel(int t);
-int cluster_send_goodbye();
-void init_cli();
+void _log_hex(int level, const char *title, const char *data, int maxsize);
+
+int sessionsetup(tunnelidt t, sessionidt s);
+int run_plugins(int plugin_type, void *data);
+void rebuild_address_pool(void);
+void throttle_session(sessionidt s, int rate_in, int rate_out);
+int load_session(sessionidt, sessiont *);
+void become_master(void);      // We're the master; kick off any required master initializations.
+
+
+// cli.c
+void init_cli(char *hostname);

 void cli_do_file(FILE *fh);
 void cli_do(int sockfd);
 void cli_do_file(FILE *fh);
 void cli_do(int sockfd);

-#ifdef RINGBUFFER
-void ringbuffer_dump(FILE *stream);
-#endif
-void initplugins();
-int run_plugins(int plugin_type, void *data);
-void add_plugin(char *plugin_name);
-void remove_plugin(char *plugin_name);
-void tunnelclear(tunnelidt t);
+int cli_arg_help(struct cli_def *cli, int cr_ok, char *entry, ...);
+
+
+// icmp.c

 void host_unreachable(ipt destination, u16 id, ipt source, char *packet, int packet_len);
 
 void host_unreachable(ipt destination, u16 id, ipt source, char *packet, int packet_len);
 

+

 extern tunnelt *tunnel;
 extern sessiont *session;
 extern tunnelt *tunnel;
 extern sessiont *session;

+extern sessioncountt *sess_count;
+extern ippoolt *ip_address_pool;

 #define sessionfree (session[0].next)
 
 #define log_backtrace(count, max) \
 #define sessionfree (session[0].next)
 
 #define log_backtrace(count, max) \


@@ -475,13 +611,46 @@ if (count++ < max) { \
        void *array[20]; \
        char **strings; \
        int size, i; \
        void *array[20]; \
        char **strings; \
        int size, i; \

-       log(0, 0, 0, t, "Backtrace follows"); \
+       LOG(0, 0, 0, t, "Backtrace follows"); \

        size = backtrace(array, 10); \
        strings = backtrace_symbols(array, size); \
        if (strings) for (i = 0; i < size; i++) \
        { \
        size = backtrace(array, 10); \
        strings = backtrace_symbols(array, size); \
        if (strings) for (i = 0; i < size; i++) \
        { \

-               log(0, 0, 0, t, "%s\n", strings[i]); \
+               LOG(0, 0, 0, t, "%s\n", strings[i]); \

        } \
        free(strings); \
 }
 
        } \
        free(strings); \
 }
 

+
+extern configt *config;
+extern time_t basetime;                // Time when this process started.
+extern time_t time_now;                // Seconds since EPOCH.
+extern u32 last_id;
+extern struct Tstats *_statistics;
+extern ipt my_address;
+extern int tun_write(u8 *data, int size);
+extern int clifd;
+
+
+#define TIME (config->current_time)
+
+// macros for handling help in cli commands
+#define CLI_HELP_REQUESTED     (argc > 0 && argv[argc-1][strlen(argv[argc-1])-1] == '?')
+#define CLI_HELP_NO_ARGS       (argc > 1 || argv[0][1]) ? CLI_OK : cli_arg_help(cli, 1, NULL)
+
+// CVS identifiers (for "show version file")
+extern char const *cvs_id_arp;
+extern char const *cvs_id_cli;
+extern char const *cvs_id_cluster;
+extern char const *cvs_id_constants;
+extern char const *cvs_id_control;
+extern char const *cvs_id_icmp;
+extern char const *cvs_id_l2tpns;
+extern char const *cvs_id_ll;
+extern char const *cvs_id_md5;
+extern char const *cvs_id_ppp;
+extern char const *cvs_id_radius;
+extern char const *cvs_id_tbf;
+extern char const *cvs_id_util;
+
+#endif /* __L2TPNS_H__ */