Session group update rate calculation
[l2tpns.git] / l2tpns.c
index 0da9a24..34e4a7a 100644 (file)
--- a/l2tpns.c
+++ b/l2tpns.c
@@ -81,7 +81,7 @@ int cluster_sockfd = -1;      // Intra-cluster communications socket.
 int epollfd = -1;              // event polling
 time_t basetime = 0;           // base clock
 char hostname[MAXHOSTNAME] = "";       // us.
-static int tunidx;             // ifr_ifindex of tun device
+int tunidx;                            // ifr_ifindex of tun device
 int nlseqnum = 0;              // netlink sequence number
 int min_initok_nlseqnum = 0;   // minimun seq number for messages after init is ok
 static int syslog_log = 0;     // are we logging to syslog
@@ -98,10 +98,7 @@ uint16_t MSS = 0;            // TCP MSS
 struct cli_session_actions *cli_session_actions = NULL;        // Pending session changes requested by CLI
 struct cli_tunnel_actions *cli_tunnel_actions = NULL;  // Pending tunnel changes required by CLI
 
-union iphash {
-       sessionidt sess;
-       union iphash *idx;
-} ip_hash[256];                        // Mapping from IP address to session structures.
+union iphash ip_hash[256];     // Mapping from IP address to session structures.
 
 struct ipv6radix {
        sessionidt sess;
@@ -190,7 +187,10 @@ config_descriptt config_values[] = {
        CONFIG("pppoe_if_to_bind", pppoe_if_to_bind, STRING),
        CONFIG("pppoe_service_name", pppoe_service_name, STRING),
        CONFIG("pppoe_ac_name", pppoe_ac_name, STRING),
-       { NULL, 0, 0, 0 },
+       CONFIG("disable_sending_hello", disable_sending_hello, BOOL),
+       CONFIG("disable_no_spoof", disable_no_spoof, BOOL),
+       CONFIG("grp_txrate_average_time", grp_txrate_average_time, INT),
+       { NULL, 0, 0, 0 }
 };
 
 static char *plugin_functions[] = {
@@ -218,6 +218,7 @@ tunnelt *tunnel = NULL;                     // Array of tunnel structures.
 bundlet *bundle = NULL;                        // Array of bundle structures.
 fragmentationt *frag = NULL;           // Array of fragmentation structures.
 sessiont *session = NULL;              // Array of session structures.
+groupsesst *grpsession = NULL;         // Array of groupsesst structures.
 sessionlocalt *sess_local = NULL;      // Array of local per-session counters.
 radiust *radius = NULL;                        // Array of radius structures.
 ippoolt *ip_address_pool = NULL;       // Array of dynamic IP addresses.
@@ -228,9 +229,6 @@ struct Tstats *_statistics = NULL;
 struct Tringbuffer *ringbuffer = NULL;
 #endif
 
-static ssize_t netlink_send(struct nlmsghdr *nh);
-static void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen);
-static void cache_ipmap(in_addr_t ip, sessionidt s);
 static void uncache_ipmap(in_addr_t ip);
 static void cache_ipv6map(struct in6_addr ip, int prefixlen, sessionidt s);
 static void free_ip_address(sessionidt s);
@@ -259,8 +257,9 @@ static clockt now(double *f)
        if (f) *f = t.tv_sec + t.tv_usec / 1000000.0;
        if (t.tv_sec != time_now)
        {
-           time_now = t.tv_sec;
-           time_changed++;
+               time_now = t.tv_sec;
+               time_changed++;
+               grp_time_changed();
        }
 
        // Time in milliseconds
@@ -619,7 +618,7 @@ static void initnetlink(void)
        }
 }
 
-static ssize_t netlink_send(struct nlmsghdr *nh)
+ssize_t netlink_send(struct nlmsghdr *nh)
 {
        struct sockaddr_nl nladdr;
        struct iovec iov;
@@ -655,7 +654,7 @@ static ssize_t netlink_recv(void *buf, ssize_t len)
 }
 
 /* adapted from iproute2 */
-static void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen)
+void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen)
 {
        int len = RTA_LENGTH(alen);
        struct rtattr *rta;
@@ -1001,7 +1000,7 @@ sessionidt sessionbyipv6(struct in6_addr ip)
 //
 // (It's actually cached in network order)
 //
-static void cache_ipmap(in_addr_t ip, sessionidt s)
+void cache_ipmap(in_addr_t ip, sessionidt s)
 {
        in_addr_t nip = htonl(ip);      // MUST be in network order. I.e. MSB must in be ((char *) (&ip))[0]
        uint8_t *a = (uint8_t *) &nip;
@@ -1373,6 +1372,7 @@ static void update_session_out_stat(sessionidt s, sessiont *sp, int len)
 {
        increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
        sp->cout_delta += len;
+       sp->coutgrp_delta += len;
        sp->pout++;
        sp->last_data = time_now;
 
@@ -1386,6 +1386,7 @@ static void update_session_out_stat(sessionidt s, sessiont *sp, int len)
 void processipout(uint8_t *buf, int len)
 {
        sessionidt s;
+       groupidt g;
        sessiont *sp;
        tunnelidt t;
        in_addr_t ip;
@@ -1422,7 +1423,31 @@ void processipout(uint8_t *buf, int len)
        }
 
        ip = *(uint32_t *)(buf + 16);
-       if (!(s = sessionbyip(ip)))
+       if ((g = grp_groupbyip(ip)))
+       {
+               s = grp_getnextsession(g, ip);
+               if (!s)
+               {
+                       // Is this a packet for a session that doesn't exist?
+                       static int rate = 0;    // Number of ICMP packets we've sent this second.
+                       static int last = 0;    // Last time we reset the ICMP packet counter 'rate'.
+
+                       if (last != time_now)
+                       {
+                               last = time_now;
+                               rate = 0;
+                       }
+
+                       if (rate++ < config->icmp_rate) // Only send a max of icmp_rate per second.
+                       {
+                               LOG(4, 0, 0, "IP: Sending ICMP host unreachable to %s\n", fmtaddr(*(in_addr_t *)(buf + 12), 0));
+                               host_unreachable(*(in_addr_t *)(buf + 12), *(uint16_t *)(buf + 4),
+                                       config->bind_address ? config->bind_address : my_address, buf, len);
+                       }
+                       return;
+               }
+       }
+       else if (!(s = sessionbyip(ip)))
        {
                // Is this a packet for a session that doesn't exist?
                static int rate = 0;    // Number of ICMP packets we've sent this second.
@@ -1624,17 +1649,15 @@ void processipout(uint8_t *buf, int len)
                else
                {
                        // Send it as one frame (NO MPPP Frame)
-                       uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0);
-                       if (!p) return;
-                       tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+                       uint8_t *p = opt_makeppp(buf, len, s, t, PPPIP, 0, 0, 0);
+                       tunnelsend(p, len + (buf-p), t); // send it...
                        update_session_out_stat(s, sp, len);
                }
        }
        else
        {
-               uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0);
-               if (!p) return;
-               tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+               uint8_t *p = opt_makeppp(buf, len, s, t, PPPIP, 0, 0, 0);
+               tunnelsend(p, len + (buf-p), t); // send it...
                update_session_out_stat(s, sp, len);
        }
 
@@ -1759,6 +1782,7 @@ static void processipv6out(uint8_t * buf, int len)
 
        increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
        sp->cout_delta += len;
+       sp->coutgrp_delta += len;
        sp->pout++;
        udp_tx += len;
 
@@ -1808,6 +1832,7 @@ static void send_ipout(sessionidt s, uint8_t *buf, int len)
 
        increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count
        sp->cout_delta += len;
+       sp->coutgrp_delta += len;
        sp->pout++;
        udp_tx += len;
 
@@ -2026,7 +2051,6 @@ void sessionshutdown(sessionidt s, char const *reason, int cdn_result, int cdn_e
                struct param_kill_session data = { &tunnel[session[s].tunnel], &session[s] };
                LOG(2, s, session[s].tunnel, "Shutting down session %u: %s\n", s, reason);
                run_plugins(PLUGIN_KILL_SESSION, &data);
-               session[s].die = TIME + 150; // Clean up in 15 seconds
        }
 
        if (session[s].ip && !walled_garden && !session[s].die)
@@ -2051,8 +2075,11 @@ void sessionshutdown(sessionidt s, char const *reason, int cdn_result, int cdn_e
                        memcpy(&shut_acct[shut_acct_n++], &session[s], sizeof(session[s]));
        }
 
+       if (!session[s].die)
+               session[s].die = TIME + 150; // Clean up in 15 seconds
+
        if (session[s].ip)
-       {                          // IP allocated, clear and unroute
+       {       // IP allocated, clear and unroute
                int r;
                int routed = 0;
                for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
@@ -2252,6 +2279,8 @@ static void sessionclear(sessionidt s)
 // kill a session now
 void sessionkill(sessionidt s, char *reason)
 {
+       groupidt g;
+
        CSTAT(sessionkill);
 
        if (!session[s].opened) // not alive
@@ -2282,6 +2311,12 @@ void sessionkill(sessionidt s, char *reason)
 #endif
 
        LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason);
+
+       if ((g = grp_groupbysession(s)))
+       {
+               grp_removesession(g, s);
+       }
+
        sessionclear(s);
        cluster_send_session(s);
 }
@@ -3500,10 +3535,13 @@ static void regular_cleanups(double period)
                // Send hello
                if (tunnel[t].state == TUNNELOPEN && !tunnel[t].controlc && (time_now - tunnel[t].lastrec) > 60)
                {
-                       controlt *c = controlnew(6); // sending HELLO
-                       controladd(c, 0, t); // send the message
-                       LOG(3, 0, t, "Sending HELLO message\n");
-                       t_actions++;
+                       if (!config->disable_sending_hello)
+                       {
+                               controlt *c = controlnew(6); // sending HELLO
+                               controladd(c, 0, t); // send the message
+                               LOG(3, 0, t, "Sending HELLO message\n");
+                               t_actions++;
+                       }
                }
 
                // Check for tunnel changes requested from the CLI
@@ -3677,7 +3715,7 @@ static void regular_cleanups(double period)
 
                // No data in ECHO_TIMEOUT seconds, send LCP ECHO
                if (session[s].ppp.phase >= Establish && (time_now - session[s].last_packet >= config->echo_timeout) &&
-                       (time_now - sess_local[s].last_echo >= ECHO_TIMEOUT))
+                       (time_now - sess_local[s].last_echo >= config->echo_timeout))
                {
                        uint8_t b[MAXETHER];
 
@@ -3963,9 +4001,9 @@ static void mainloop(void)
 {
        int i;
        uint8_t buf[65536];
-       uint8_t *p = buf + 24; // for the hearder of the forwarded MPPP packet (see C_MPPP_FORWARD)
+       uint8_t *p = buf + 32; // for the hearder of the forwarded MPPP packet (see C_MPPP_FORWARD)
                                                // and the forwarded pppoe session
-       int size_bufp = sizeof(buf) - 24;
+       int size_bufp = sizeof(buf) - 32;
        clockt next_cluster_ping = 0;   // send initial ping immediately
        struct epoll_event events[BASE_FDS + RADIUS_FDS + EXTRA_FDS];
        int maxevent = sizeof(events)/sizeof(*events);
@@ -4154,26 +4192,26 @@ static void mainloop(void)
 
                                case FD_TYPE_CONTROL: // nsctl commands
                                        alen = sizeof(addr);
-                                       s = recvfromto(controlfd, buf, sizeof(buf), MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local);
-                                       if (s > 0) processcontrol(buf, s, &addr, alen, &local);
+                                       s = recvfromto(controlfd, p, size_bufp, MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local);
+                                       if (s > 0) processcontrol(p, s, &addr, alen, &local);
                                        n--;
                                        break;
 
                                case FD_TYPE_DAE: // DAE requests
                                        alen = sizeof(addr);
-                                       s = recvfromto(daefd, buf, sizeof(buf), MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local);
-                                       if (s > 0) processdae(buf, s, &addr, alen, &local);
+                                       s = recvfromto(daefd, p, size_bufp, MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local);
+                                       if (s > 0) processdae(p, s, &addr, alen, &local);
                                        n--;
                                        break;
 
                                case FD_TYPE_RADIUS: // RADIUS response
                                        alen = sizeof(addr);
-                                       s = recvfrom(radfds[d->index], buf, sizeof(buf), MSG_WAITALL, (struct sockaddr *) &addr, &alen);
+                                       s = recvfrom(radfds[d->index], p, size_bufp, MSG_WAITALL, (struct sockaddr *) &addr, &alen);
                                        if (s >= 0 && config->cluster_iam_master)
                                        {
                                                if (addr.sin_addr.s_addr == config->radiusserver[0] ||
                                                    addr.sin_addr.s_addr == config->radiusserver[1])
-                                                       processrad(buf, s, d->index);
+                                                       processrad(p, s, d->index);
                                                else
                                                        LOG(3, 0, 0, "Dropping RADIUS packet from unknown source %s\n",
                                                                fmtaddr(addr.sin_addr.s_addr, 0));
@@ -4191,8 +4229,8 @@ static void mainloop(void)
 
                                case FD_TYPE_NETLINK:
                                {
-                                       struct nlmsghdr *nh = (struct nlmsghdr *)buf;
-                                       s = netlink_recv(buf, sizeof(buf));
+                                       struct nlmsghdr *nh = (struct nlmsghdr *)p;
+                                       s = netlink_recv(p, size_bufp);
                                        if (nh->nlmsg_type == NLMSG_ERROR)
                                        {
                                                struct nlmsgerr *errmsg = NLMSG_DATA(nh);
@@ -4313,11 +4351,11 @@ static void mainloop(void)
                        if (c >= config->multi_read_count)
                        {
 #ifdef LAC
-                               LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun %d cluster and %d rmlns packets\n",
-                                       config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts, udplac_pkts);
+                               LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun %d cluster %d rmlns and %d pppoe packets\n",
+                                       config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts, udplac_pkts, pppoesess_pkts);
 #else
-                               LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun and %d cluster packets\n",
-                                       config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts);
+                               LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun %d cluster and %d pppoe packets\n",
+                                       config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts, pppoesess_pkts);
 #endif
                                STAT(multi_read_exceeded);
                                more++;
@@ -4656,6 +4694,8 @@ static void initdata(int optdebug, char *optconfig)
 #ifdef LAC
        lac_initremotelnsdata();
 #endif
+
+       grp_initdata();
 }
 
 static int assign_ip_address(sessionidt s)
@@ -5548,8 +5588,7 @@ int sessionsetup(sessionidt s, tunnelidt t)
 
                        if (ip == session[i].ip)
                        {
-                               sessionkill(i, "Duplicate IP address");
-                               cluster_listinvert_session(s, i);
+                               sessionshutdown(i, "Duplicate IP address", CDN_ADMIN_DISC, TERM_ADMIN_RESET);  // close radius/routes, etc.
                                continue;
                        }
 
@@ -5570,7 +5609,7 @@ int sessionsetup(sessionidt s, tunnelidt t)
 
                        // Drop the new session in case of duplicate sessionss, not the old one.
                        if (!strcasecmp(user, session[i].user))
-                               sessionkill(i, "Duplicate session for users");
+                               sessionshutdown(i, "Duplicate session for users", CDN_ADMIN_DISC, TERM_ADMIN_RESET);  // close radius/routes, etc.
                }
        }
 
@@ -5578,6 +5617,7 @@ int sessionsetup(sessionidt s, tunnelidt t)
        if (!session[s].bundle || (bundle[session[s].bundle].num_of_links == 1))
        {
                int routed = 0;
+               groupidt g;
 
                // Add the route for this session.
                for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
@@ -5600,6 +5640,11 @@ int sessionsetup(sessionidt s, tunnelidt t)
                }
                else
                        cache_ipmap(session[s].ip, s);
+
+               if ((g = grp_groupbysession(s)))
+               {
+                       grp_setgrouproute(g, 1);
+               }
        }
 
        sess_local[s].lcp_authtype = 0; // RADIUS authentication complete