#include "bgp.h"
#endif
+#ifdef LAC
+#include "l2tplac.h"
+#endif
+
+#ifdef LAC
+char * Vendor_name = "Linux L2TPNS";
+uint32_t call_serial_number = 0;
+#endif
+
// Globals
configt *config = NULL; // all configuration
int nlfd = -1; // netlink socket
int tunfd = -1; // tun interface file handle. (network device)
int udpfd = -1; // UDP file handle
+#ifdef LAC
+int udplacfd = -1; // UDP LAC file handle
+#endif
int controlfd = -1; // Control signal handle
int clifd = -1; // Socket listening for CLI connections.
int daefd = -1; // Socket listening for DAE connections.
CONFIG("ipv6_prefix", ipv6_prefix, IPv6),
CONFIG("cli_bind_address", cli_bind_address, IPv4),
CONFIG("hostname", hostname, STRING),
+#ifdef BGP
CONFIG("nexthop_address", nexthop_address, IPv4),
CONFIG("nexthop6_address", nexthop6_address, IPv6),
+#endif
CONFIG("echo_timeout", echo_timeout, INT),
CONFIG("idle_echo_timeout", idle_echo_timeout, INT),
+ CONFIG("iftun_address", iftun_address, IPv4),
+#ifdef LAC
+ CONFIG("disable_lac_func", disable_lac_func, BOOL),
+ CONFIG("bind_address_remotelns", bind_address_remotelns, IPv4),
+ CONFIG("bind_portremotelns", bind_portremotelns, SHORT),
+#endif
{ NULL, 0, 0, 0 },
};
static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len);
static void bundleclear(bundleidt b);
-// on slaves, alow BGP to withdraw cleanly before exiting
-#define QUIT_DELAY 5
-
-// quit actions (master)
-#define QUIT_FAILOVER 1 // SIGTERM: exit when all control messages have been acked (for cluster failover)
-#define QUIT_SHUTDOWN 2 // SIGQUIT: shutdown sessions/tunnels, reject new connections
-
// return internal time (10ths since process startup), set f if given
// as a side-effect sets time_now, and time_changed
static clockt now(double *f)
ringbuffer->buffer[ringbuffer->tail].session = s;
ringbuffer->buffer[ringbuffer->tail].tunnel = t;
va_start(ap, format);
- vsnprintf(ringbuffer->buffer[ringbuffer->tail].message, 4095, format, ap);
+ vsnprintf(ringbuffer->buffer[ringbuffer->tail].message, MAX_LOG_LENGTH, format, ap);
va_end(ap);
}
#endif
req.ifmsg.ifaddr.ifa_scope = RT_SCOPE_UNIVERSE;
req.ifmsg.ifaddr.ifa_index = tunidx;
- if (config->bind_address)
- ip = config->bind_address;
+ if (config->iftun_address)
+ ip = config->iftun_address;
else
ip = 0x01010101; // 1.1.1.1
netlink_addattr(&req.nh, IFA_LOCAL, &ip, sizeof(ip));
exit(1);
}
+#ifdef LAC
+ // Tunnel to Remote LNS
+ memset(&addr, 0, sizeof(addr));
+ addr.sin_family = AF_INET;
+ addr.sin_port = htons(config->bind_portremotelns);
+ addr.sin_addr.s_addr = config->bind_address_remotelns;
+ udplacfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ setsockopt(udplacfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
+ {
+ int flags = fcntl(udplacfd, F_GETFL, 0);
+ fcntl(udplacfd, F_SETFL, flags | O_NONBLOCK);
+ }
+ if (bind(udplacfd, (struct sockaddr *) &addr, sizeof(addr)) < 0)
+ {
+ LOG(0, 0, 0, "Error in UDP REMOTE LNS bind: %s\n", strerror(errno));
+ exit(1);
+ }
+#endif
+
// Intercept
snoopfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
}
LOG(3, 0, t, "Control message resend try %d\n", tunnel[t].try);
}
}
-
+#ifdef LAC
+ if (sendto((tunnel[t].isremotelns?udplacfd:udpfd), buf, l, 0, (void *) &addr, sizeof(addr)) < 0)
+#else
if (sendto(udpfd, buf, l, 0, (void *) &addr, sizeof(addr)) < 0)
+#endif
{
LOG(0, ntohs((*(uint16_t *) (buf + 6))), t, "Error sending data out tunnel: %s (udpfd=%d, buf=%p, len=%d, dest=%s)\n",
strerror(errno), udpfd, buf, l, inet_ntoa(addr.sin_addr));
q[4] = 3; // ip address option
q[5] = 6; // option length
*(in_addr_t *) (q + 6) = config->peer_address ? config->peer_address :
- config->bind_address ? config->bind_address :
+ config->iftun_address ? config->iftun_address :
my_address; // send my IP
tunnelsend(buf, 10 + (q - buf), t); // send it
if (sess_local[s].radius)
radiusclear(sess_local[s].radius, s); // cant send clean accounting data, session is killed
+#ifdef LAC
+ if (session[s].forwardtosession)
+ {
+ sessionidt sess = session[s].forwardtosession;
+ if (session[sess].forwardtosession == s)
+ {
+ // Shutdown the linked session also.
+ sessionshutdown(sess, reason, CDN_ADMIN_DISC, TERM_ADMIN_RESET);
+ }
+ }
+#endif
+
LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason);
sessionclear(s);
cluster_send_session(s);
}
break;
case 13: // Response
+#ifdef LAC
+ if (tunnel[t].isremotelns)
+ {
+ chapresponse = calloc(17, 1);
+ memcpy(chapresponse, b, (n < 17) ? n : 16);
+ LOG(3, s, t, "received challenge response from REMOTE LNS\n");
+ }
+ else
+#endif /* LAC */
// Why did they send a response? We never challenge.
LOG(2, s, t, " received unexpected challenge response\n");
break;
{
case 1: // SCCRQ - Start Control Connection Request
tunnel[t].state = TUNNELOPENING;
+ LOG(3, s, t, "Received SCCRQ\n");
if (main_quit != QUIT_SHUTDOWN)
{
+ LOG(3, s, t, "sending SCCRP\n");
controlt *c = controlnew(2); // sending SCCRP
control16(c, 2, version, 1); // protocol version
control32(c, 3, 3, 1); // framing
case 2: // SCCRP
tunnel[t].state = TUNNELOPEN;
tunnel[t].lastrec = time_now;
+#ifdef LAC
+ LOG(3, s, t, "Received SCCRP\n");
+ if (main_quit != QUIT_SHUTDOWN)
+ {
+ if (tunnel[t].isremotelns && chapresponse)
+ {
+ hasht hash;
+
+ lac_calc_rlns_auth(t, 2, hash); // id = 2 (SCCRP)
+ // check authenticator
+ if (memcmp(hash, chapresponse, 16) == 0)
+ {
+ LOG(3, s, t, "sending SCCCN to REMOTE LNS\n");
+ controlt *c = controlnew(3); // sending SCCCN
+ controls(c, 7, hostname, 1); // host name
+ controls(c, 8, Vendor_name, 1); // Vendor name
+ control16(c, 2, version, 1); // protocol version
+ control32(c, 3, 3, 1); // framing Capabilities
+ control16(c, 9, t, 1); // assigned tunnel
+ controladd(c, 0, t); // send
+ }
+ else
+ {
+ tunnelshutdown(t, "Bad chap response from REMOTE LNS", 4, 0, 0);
+ }
+ }
+ }
+ else
+ {
+ tunnelshutdown(t, "Shutting down", 6, 0, 0);
+ }
+#endif /* LAC */
break;
case 3: // SCCN
+ LOG(3, s, t, "Received SCCN\n");
tunnel[t].state = TUNNELOPEN;
tunnel[t].lastrec = time_now;
controlnull(t); // ack
break;
case 4: // StopCCN
+ LOG(3, s, t, "Received StopCCN\n");
controlnull(t); // ack
tunnelshutdown(t, "Stopped", 0, 0, 0); // Shut down cleanly
break;
case 6: // HELLO
+ LOG(3, s, t, "Received HELLO\n");
controlnull(t); // simply ACK
break;
case 7: // OCRQ
// TBA
+ LOG(3, s, t, "Received OCRQ\n");
break;
case 8: // OCRO
// TBA
+ LOG(3, s, t, "Received OCRO\n");
break;
case 9: // OCCN
// TBA
+ LOG(3, s, t, "Received OCCN\n");
break;
case 10: // ICRQ
+ LOG(3, s, t, "Received ICRQ\n");
if (sessionfree && main_quit != QUIT_SHUTDOWN)
{
controlt *c = controlnew(11); // ICRP
+ LOG(3, s, t, "Sending ICRP\n");
+
s = sessionfree;
sessionfree = session[s].next;
memset(&session[s], 0, sizeof(session[s]));
{
controlt *c = controlnew(14); // CDN
+ LOG(3, s, t, "Sending CDN\n");
if (!sessionfree)
{
STAT(session_overflow);
}
return;
case 11: // ICRP
- // TBA
+#ifdef LAC
+ LOG(3, s, t, "Received ICRP\n");
+ if (session[s].forwardtosession)
+ {
+ controlt *c = controlnew(12); // ICCN
+
+ session[s].opened = time_now;
+ session[s].tunnel = t;
+ session[s].far = asession;
+ session[s].last_packet = session[s].last_data = time_now;
+
+ control32(c, 19, 1, 1); // Framing Type
+ control32(c, 24, 10000000, 1); // Tx Connect Speed
+ controladd(c, asession, t); // send the message
+ LOG(3, s, t, "Sending ICCN\n");
+ }
+#endif /* LAC */
break;
case 12: // ICCN
+ LOG(3, s, t, "Received ICCN\n");
if (amagic == 0) amagic = time_now;
session[s].magic = amagic; // set magic number
session[s].flags = aflags; // set flags received
// Set multilink options before sending initial LCP packet
sess_local[s].mp_mrru = 1614;
- sess_local[s].mp_epdis = ntohl(config->bind_address ? config->bind_address : my_address);
+ sess_local[s].mp_epdis = ntohl(config->iftun_address ? config->iftun_address : my_address);
sendlcp(s, t);
change_state(s, lcp, RequestSent);
break;
case 14: // CDN
+ LOG(3, s, t, "Received CDN\n");
controlnull(t); // ack
sessionshutdown(s, disc_reason, CDN_NONE, disc_cause);
break;
l -= 2;
}
+#ifdef LAC
+ if (session[s].forwardtosession)
+ {
+ LOG(5, s, t, "Forwarding data session to session %u\n", session[s].forwardtosession);
+ // Forward to LAC or Remote LNS session
+ lac_session_forward(buf, len, s, proto);
+ return;
+ }
+#endif /* LAC */
+
if (s && !session[s].opened) // Is something wrong??
{
if (!config->cluster_iam_master)
return;
}
-
LOG(1, s, t, "UDP packet contains session which is not opened. Dropping packet.\n");
STAT(tunnel_rx_errors);
return;
# include "fake_epoll.h"
#endif
+#ifdef LAC
+// the base set of fds polled: cli, cluster, tun, udp, control, dae, netlink, udplac
+#define BASE_FDS 8
+#else
// the base set of fds polled: cli, cluster, tun, udp, control, dae, netlink
#define BASE_FDS 7
+#endif
// additional polled fds
#ifdef BGP
exit(1);
}
+#ifdef LAC
+ LOG(4, 0, 0, "Beginning of main loop. clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d, nlfd=%d , udplacfd=%d\n",
+ clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd, nlfd, udplacfd);
+#else
LOG(4, 0, 0, "Beginning of main loop. clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d, nlfd=%d\n",
clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd, nlfd);
+#endif
/* setup our fds to poll for input */
{
d[i].type = FD_TYPE_NETLINK;
e.data.ptr = &d[i++];
epoll_ctl(epollfd, EPOLL_CTL_ADD, nlfd, &e);
+
+#ifdef LAC
+ d[i].type = FD_TYPE_UDPLAC;
+ e.data.ptr = &d[i++];
+ epoll_ctl(epollfd, EPOLL_CTL_ADD, udplacfd, &e);
+#endif
}
#ifdef BGP
socklen_t alen;
int c, s;
int udp_ready = 0;
+#ifdef LAC
+ int udplac_ready = 0;
+ int udplac_pkts = 0;
+#endif
int tun_ready = 0;
int cluster_ready = 0;
int udp_pkts = 0;
case FD_TYPE_CLUSTER: cluster_ready++; break;
case FD_TYPE_TUN: tun_ready++; break;
case FD_TYPE_UDP: udp_ready++; break;
-
+#ifdef LAC
+ case FD_TYPE_UDPLAC: udplac_ready++; break;
+#endif
case FD_TYPE_CONTROL: // nsctl commands
alen = sizeof(addr);
s = recvfromto(controlfd, buf, sizeof(buf), MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local);
n--;
}
}
+#ifdef LAC
+ // L2TP REMOTE LNS
+ if (udplac_ready)
+ {
+ alen = sizeof(addr);
+ if ((s = recvfrom(udplacfd, buf, sizeof(buf), 0, (void *) &addr, &alen)) > 0)
+ {
+ if (!config->disable_lac_func)
+ processudp(buf, s, &addr);
+ udplac_pkts++;
+ }
+ else
+ {
+ udplac_ready = 0;
+ n--;
+ }
+ }
+#endif
// incoming IP
if (tun_ready)
{
if ((s = read(tunfd, p, size_bufp)) > 0)
{
processtun(p, s);
- tun_pkts++;
+ tun_pkts++;
}
else
{
if (c >= config->multi_read_count)
{
+#ifdef LAC
+ LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun %d cluster and %d rmlns packets\n",
+ config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts, udplac_pkts);
+#else
LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun and %d cluster packets\n",
config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts);
-
+#endif
STAT(multi_read_exceeded);
more++;
}
exit(1);
}
#endif /* BGP */
+
+#ifdef LAC
+ lac_initremotelnsdata();
+#endif
}
static int assign_ip_address(sessionidt s)
static int dump_session(FILE **f, sessiont *s)
{
+#ifdef LAC
+ if (!s->opened || (!s->ip && !s->forwardtosession) || !(s->cin_delta || s->cout_delta) || !*s->user || s->walled_garden)
+#else
if (!s->opened || !s->ip || !(s->cin_delta || s->cout_delta) || !*s->user || s->walled_garden)
+#endif
return 1;
if (!*f)
"# uptime: %ld\n"
"# format: username ip qos uptxoctets downrxoctets\n",
hostname,
- fmtaddr(config->bind_address ? config->bind_address : my_address, 0),
+ fmtaddr(config->iftun_address ? config->iftun_address : my_address, 0),
now,
now - basetime);
}
if (!config->radius_dae_port)
config->radius_dae_port = DAEPORT;
+#ifdef LAC
+ if(!config->bind_portremotelns)
+ config->bind_portremotelns = L2TPLACPORT;
+ if(!config->bind_address_remotelns)
+ config->bind_address_remotelns = INADDR_ANY;
+#endif
+ if(!config->iftun_address)
+ config->iftun_address = config->bind_address;
+
// re-initialise the random number source
initrandom(config->random_device);
LOG(3, s, t, "Doing session setup for session\n");
// Join a bundle if the MRRU option is accepted
- if(session[s].mrru > 0 && session[s].bundle == 0)
- {
- LOG(3, s, t, "This session can be part of multilink bundle\n");
- if (join_bundle(s) > 0)
- cluster_send_bundle(session[s].bundle);
+ if(session[s].mrru > 0 && session[s].bundle == 0)
+ {
+ LOG(3, s, t, "This session can be part of multilink bundle\n");
+ if (join_bundle(s) > 0)
+ cluster_send_bundle(session[s].bundle);
else
{
LOG(0, s, t, "MPPP: Mismaching mssf option with other sessions in bundle\n");
sessionshutdown(s, "Mismaching mssf option.", CDN_NONE, TERM_SERVICE_UNAVAILABLE);
return 0;
}
- }
+ }
if (!session[s].ip)
{
fmtaddr(htonl(session[s].ip), 0));
}
-
// Make sure this is right
session[s].tunnel = t;
for (i = 1; i <= config->cluster_highest_sessionid; i++)
{
if (i == s) continue;
- if (!session[s].opened) continue;
+ if (!session[s].opened) break;
// Allow duplicate sessions for multilink ones of the same bundle.
- if (session[s].bundle && session[i].bundle && session[s].bundle == session[i].bundle)
- continue;
+ if (session[s].bundle && session[i].bundle && session[s].bundle == session[i].bundle) continue;
+
if (ip == session[i].ip)
{
sessionkill(i, "Duplicate IP address");
+ cluster_listinvert_session(s, i);
continue;
}
if (session[s].walled_garden || session[i].walled_garden) continue;
// Guest change
int found = 0;
- int gu;
- for (gu = 0; gu < guest_accounts_num; gu++)
- {
- if (!strcasecmp(user, guest_users[gu]))
- {
- found = 1;
- break;
- }
- }
- if (found) continue;
+ int gu;
+ for (gu = 0; gu < guest_accounts_num; gu++)
+ {
+ if (!strcasecmp(user, guest_users[gu]))
+ {
+ found = 1;
+ break;
+ }
+ }
+ if (found) continue;
// Drop the new session in case of duplicate sessionss, not the old one.
if (!strcasecmp(user, session[i].user))
// no need to set a route for the same IP address of the bundle
if (!session[s].bundle || (bundle[session[s].bundle].num_of_links == 1))
{
- int routed = 0;
+ int routed = 0;
// Add the route for this session.
for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
// default deny
return 0;
}
+
+#ifdef LAC
+
+tunnelidt lac_new_tunnel()
+{
+ return new_tunnel();
+}
+
+void lac_tunnelclear(tunnelidt t)
+{
+ tunnelclear(t);
+}
+
+void lac_send_SCCRQ(tunnelidt t, uint8_t * auth, unsigned int auth_len)
+{
+ uint16_t version = 0x0100; // protocol version
+
+ tunnel[t].state = TUNNELOPENING;
+
+ // Sent SCCRQ - Start Control Connection Request
+ controlt *c = controlnew(1); // sending SCCRQ
+ controls(c, 7, hostname, 1); // host name
+ controls(c, 8, Vendor_name, 1); // Vendor name
+ control16(c, 2, version, 1); // protocol version
+ control32(c, 3, 3, 1); // framing Capabilities
+ control16(c, 9, t, 1); // assigned tunnel
+ controlb(c, 11, (uint8_t *) auth, auth_len, 1); // CHAP Challenge
+ LOG(3, 0, t, "Sent SCCRQ to REMOTE LNS\n");
+ controladd(c, 0, t); // send
+}
+
+void lac_send_ICRQ(tunnelidt t, sessionidt s)
+{
+ // Sent ICRQ Incoming-call-request
+ controlt *c = controlnew(10); // ICRQ
+
+ control16(c, 14, s, 1); // assigned sesion
+ call_serial_number++;
+ control32(c, 15, call_serial_number, 1); // call serial number
+ LOG(3, s, t, "Sent ICRQ to REMOTE LNS (far ID %u)\n", tunnel[t].far);
+ controladd(c, 0, t); // send
+}
+
+void lac_tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg)
+{
+ tunnelshutdown(t, reason, result, error, msg);
+}
+
+#endif