// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
// vim: sw=8 ts=8
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.85 2005-03-10 03:08:08 bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.90 2005-04-18 05:07:20 bodea Exp $";
#include <arpa/inet.h>
#include <assert.h>
time_t basetime = 0; // base clock
char hostname[1000] = ""; // us.
static int tunidx; // ifr_ifindex of tun device
-static uint32_t sessionid = 0; // session id for radius accounting
static int syslog_log = 0; // are we logging to syslog
static FILE *log_stream = NULL; // file handle for direct logging (i.e. direct into file, not via syslog).
extern int cluster_sockfd; // Intra-cluster communications socket.
-uint32_t last_id = 0; // Last used PPP SID. Can I kill this?? -- mo
+uint32_t last_id = 0; // Unique ID for radius accounting
struct cli_session_actions *cli_session_actions = NULL; // Pending session changes requested by CLI
struct cli_tunnel_actions *cli_tunnel_actions = NULL; // Pending tunnel changes required by CLI
c->length += 10;
}
-// add an AVP (32 bit)
+// add an AVP (string)
static void controls(controlt * c, uint16_t avp, char *val, uint8_t m)
{
uint16_t l = ((m ? 0x8000 : 0) + strlen(val) + 6);
}
// start tidy shutdown of session
-void sessionshutdown(sessionidt s, char *reason)
+void sessionshutdown(sessionidt s, char *reason, int result, int error)
{
int walled_garden = session[s].walled_garden;
run_plugins(PLUGIN_KILL_SESSION, &data);
}
- if (!walled_garden && !session[s].die)
+ if (session[s].ip && !walled_garden && !session[s].die)
{
// RADIUS Stop message
uint16_t r = session[s].radius;
if (session[s].throttle_in || session[s].throttle_out) // Unthrottle if throttled.
throttle_session(s, 0, 0);
+ if (result)
{ // Send CDN
controlt *c = controlnew(14); // sending CDN
- control16(c, 1, 3, 1); // result code (admin reasons - TBA make error, general error, add message
+ if (error)
+ {
+ char buf[4];
+ *(uint16_t *) buf = htons(result);
+ *(uint16_t *) (buf+2) = htons(error);
+ controlb(c, 1, buf, 4, 1);
+ }
+ else
+ control16(c, 1, result, 1);
+
control16(c, 14, s, 1); // assigned session (our end)
controladd(c, session[s].tunnel, s); // send the message
}
if (radius[r].try > 10)
{
radiusclear(r, s); // Clear radius session.
- sessionshutdown(s, "No reply on IPCP");
+ sessionshutdown(s, "No reply on IPCP", 3, 0);
return;
}
}
session[s].die = TIME;
- sessionshutdown(s, reason); // close radius/routes, etc.
+ sessionshutdown(s, reason, 3, 0); // close radius/routes, etc.
if (session[s].radius)
radiusclear(session[s].radius, s); // cant send clean accounting data, session is killed
// free tunnel
tunnelclear(t);
LOG(1, 0, t, "Kill tunnel %d: %s\n", t, reason);
- cli_tunnel_actions[s].action = 0;
+ cli_tunnel_actions[t].action = 0;
cluster_send_tunnel(t);
}
// shut down a tunnel cleanly
-static void tunnelshutdown(tunnelidt t, char *reason)
+static void tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg)
{
sessionidt s;
// close session
for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
if (session[s].tunnel == t)
- sessionshutdown(s, reason);
+ sessionshutdown(s, reason, 3, 0);
tunnel[t].state = TUNNELDIE;
tunnel[t].die = TIME + 700; // Clean up in 70 seconds
cluster_send_tunnel(t);
// TBA - should we wait for sessions to stop?
- { // Send StopCCN
- controlt *c = controlnew(4); // sending StopCCN
- control16(c, 1, 1, 1); // result code (admin reasons - TBA make error, general error, add message)
- control16(c, 9, t, 1); // assigned tunnel (our end)
- controladd(c, t, 0); // send the message
+ if (result)
+ {
+ controlt *c = controlnew(4); // sending StopCCN
+ if (error)
+ {
+ char buf[64];
+ int l = 4;
+ *(uint16_t *) buf = htons(result);
+ *(uint16_t *) (buf+2) = htons(error);
+ if (msg)
+ {
+ int m = strlen(msg);
+ if (m + 4 > sizeof(buf))
+ m = sizeof(buf) - 4;
+
+ memcpy(buf+4, msg, m);
+ l += m;
+ }
+
+ controlb(c, 1, buf, l, 1);
+ }
+ else
+ control16(c, 1, result, 1);
+
+ control16(c, 9, t, 1); // assigned tunnel (our end)
+ controladd(c, t, 0); // send the message
}
}
}
if (l)
{ // if not a null message
+ int result = 0;
+ int error = 0;
+ char *msg = 0;
+
// process AVPs
while (l && !(fatal & 0x80)) // 0x80 = mandatory AVP
{
{
LOG(1, s, t, "Unrecognised AVP flags %02X\n", *b);
fatal = flags;
+ result = 2; // general error
+ error = 3; // reserved field non-zero
+ msg = 0;
continue; // next
}
b += 2;
{
LOG(2, s, t, "Unknown AVP vendor %d\n", ntohs(*(uint16_t *) (b)));
fatal = flags;
+ result = 2; // general error
+ error = 6; // generic vendor-specific error
+ msg = "unsupported vendor-specific";
continue; // next
}
b += 2;
{
LOG(1, s, t, "Hidden AVP requested, but no L2TP secret.\n");
fatal = flags;
+ result = 2; // general error
+ error = 6; // generic vendor-specific error
+ msg = "secret not specified";
continue;
}
if (!session[s].random_vector_length)
{
LOG(1, s, t, "Hidden AVP requested, but no random vector.\n");
fatal = flags;
+ result = 2; // general error
+ error = 6; // generic
+ msg = "no random vector";
continue;
}
if (n < 8)
{
LOG(2, s, t, "Short hidden AVP.\n");
fatal = flags;
+ result = 2; // general error
+ error = 2; // length is wrong
+ msg = 0;
continue;
}
orig_len = ntohs(*(uint16_t *) b);
if (orig_len > n + 2)
{
+ LOG(1, s, t, "Original length %d too long in hidden AVP of length %d; wrong secret?\n",
+ orig_len, n);
+
fatal = flags;
+ result = 2; // general error
+ error = 2; // length is wrong
+ msg = 0;
continue;
}
{ // allow 0.0 and 1.0
LOG(1, s, t, " Bad protocol version %04X\n", version);
fatal = flags;
+ result = 5; // unspported protocol version
+ error = 0x0100; // supported version
+ msg = 0;
continue; // next
}
}
session[s].random_vector_length = n;
break;
default:
- LOG(2, s, t, " Unknown AVP type %d\n", mtype);
- fatal = flags;
- continue; // next
+ {
+ static char e[] = "unknown AVP 0xXXXX";
+ LOG(2, s, t, " Unknown AVP type %d\n", mtype);
+ fatal = flags;
+ result = 2; // general error
+ error = 8; // unknown mandatory AVP
+ sprintf((msg = e) + 14, "%04x", mtype);
+ continue; // next
+ }
}
}
// process message
if (fatal & 0x80)
- tunnelshutdown(t, "Unknown Mandatory AVP");
+ tunnelshutdown(t, "Invalid mandatory AVP", result, error, msg);
else
switch (message)
{
break;
case 4: // StopCCN
controlnull(t); // ack
- tunnelshutdown(t, "Stopped"); // Shut down cleanly
- tunnelkill(t, "Stopped"); // Immediately force everything dead
+ tunnelshutdown(t, "Stopped", 0, 0, 0); // Shut down cleanly
break;
case 6: // HELLO
controlnull(t); // simply ACK
}
c = controlnew(11); // sending ICRP
- session[s].id = sessionid++;
session[s].opened = time_now;
session[s].tunnel = t;
session[s].far = asession;
break;
case 14: // CDN
controlnull(t); // ack
- sessionshutdown(s, "Closed (Received CDN)");
+ sessionshutdown(s, "Closed (Received CDN)", 0, 0);
break;
case 0xFFFF:
LOG(1, s, t, "Missing message type\n");
default:
STAT(tunnel_rx_errors);
if (mandatory)
- tunnelshutdown(t, "Unknown message type");
+ tunnelshutdown(t, "Unknown message type", 2, 6, "unknown message type");
else
LOG(1, s, t, "Unknown message type %d\n", message);
break;
if (a & CLI_TUN_KILL)
{
LOG(2, 0, t, "Dropping tunnel by CLI\n");
- tunnelshutdown(t, "Requested by administrator");
+ tunnelshutdown(t, "Requested by administrator", 1, 0, 0);
}
}
// Drop sessions who have not responded within IDLE_TIMEOUT seconds
if (session[s].last_packet && (time_now - session[s].last_packet >= IDLE_TIMEOUT))
{
- sessionshutdown(s, "No response to LCP ECHO requests");
+ sessionshutdown(s, "No response to LCP ECHO requests", 3, 0);
STAT(session_timeout);
if (++count >= MAX_ACTIONS) break;
continue;
}
- // No data in IDLE_TIMEOUT seconds, send LCP ECHO
+ // No data in ECHO_TIMEOUT seconds, send LCP ECHO
if (session[s].user[0] && (time_now - session[s].last_packet >= ECHO_TIMEOUT))
{
uint8_t b[MAXCONTROL] = {0};
if (a & CLI_SESS_KILL)
{
LOG(2, s, session[s].tunnel, "Dropping session by CLI\n");
- sessionshutdown(s, "Requested by administrator");
+ sessionshutdown(s, "Requested by administrator", 3, 0);
a = 0; // dead, no need to check for other actions
}
for (i = 1; i < MAXTUNNEL; i++)
{
if (tunnel[i].ip || tunnel[i].state)
- tunnelshutdown(i, "L2TPNS Closing");
+ tunnelshutdown(i, "L2TPNS Closing", 6, 0, 0);
}
}
if (!session[s].ip)
{
LOG(0, s, t, " No IP allocated. The IP address pool is FULL!\n");
- sessionshutdown(s, "No IP addresses available");
+ sessionshutdown(s, "No IP addresses available", 2, 7);
return 0;
}
LOG(3, s, t, " No IP allocated. Assigned %s from pool\n",
projects / l2tpns.git / blobdiff