// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
// vim: sw=8 ts=8
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.108 2005/06/04 15:42:35 bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.112 2005/06/24 07:05:04 bodea Exp $";
#include <arpa/inet.h>
#include <assert.h>
static void dump_acct_info(int all);
static void sighup_handler(int sig);
static void sigalrm_handler(int sig);
-static void sigterm_handler(int sig);
-static void sigquit_handler(int sig);
+static void shutdown_handler(int sig);
static void sigchild_handler(int sig);
static void build_chap_response(char *challenge, uint8_t id, uint16_t challenge_length, char **challenge_response);
static void update_config(void);
// on slaves, alow BGP to withdraw cleanly before exiting
#define QUIT_DELAY 5
+// quit actions (master)
+#define QUIT_FAILOVER 1 // SIGTERM: exit when all control messages have been acked (for cluster failover)
+#define QUIT_SHUTDOWN 2 // SIGQUIT: shutdown sessions/tunnels, reject new connections
+
// return internal time (10ths since process startup), set f if given
static clockt now(double *f)
{
return;
// close previous source, if any
- if (rand_fd >= 0) close(rand_fd);
+ if (rand_fd >= 0)
+ close(rand_fd);
rand_fd = -1;
path, strerror(errno));
}
}
-
- // no source: seed prng
- {
- unsigned seed = time_now ^ getpid();
- LOG(4, 0, 0, "Seeding the pseudo random generator: %u\n", seed);
- srand(seed);
- }
}
// fill buffer with random data
strerror(errno));
// fall back to rand()
- initrandom(0);
+ initrandom(NULL);
}
n = 0;
// close session
for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
if (session[s].tunnel == t)
- sessionshutdown(s, reason, 3, 0);
+ sessionshutdown(s, reason, 0, 0);
tunnel[t].state = TUNNELDIE;
tunnel[t].die = TIME + 700; // Clean up in 70 seconds
continue;
}
- LOG(4, s, t, "Hidden AVP\n");
-
// Unhide the AVP
unhide_value(b, n, mtype, session[s].random_vector, session[s].random_vector_length);
n = orig_len;
}
- LOG(4, s, t, " AVP %d (%s) len %d\n", mtype, avp_name(mtype), n);
+ LOG(4, s, t, " AVP %d (%s) len %d%s%s\n", mtype, avp_name(mtype), n,
+ flags & 0x40 ? ", hidden" : "", flags & 0x80 ? ", mandatory" : "");
+
switch (mtype)
{
case 0: // message type
case 36: // Random Vector
LOG(4, s, t, " Random Vector received. Enabled AVP Hiding.\n");
memset(session[s].random_vector, 0, sizeof(session[s].random_vector));
+ if (n > sizeof(session[s].random_vector))
+ n = sizeof(session[s].random_vector);
memcpy(session[s].random_vector, b, n);
session[s].random_vector_length = n;
break;
switch (message)
{
case 1: // SCCRQ - Start Control Connection Request
+ tunnel[t].state = TUNNELOPENING;
+ if (main_quit != QUIT_SHUTDOWN)
{
controlt *c = controlnew(2); // sending SCCRP
control16(c, 2, version, 1); // protocol version
control16(c, 9, t, 1); // assigned tunnel
controladd(c, t, 0); // send the resply
}
- tunnel[t].state = TUNNELOPENING;
+ else
+ {
+ tunnelshutdown(t, "Shutting down", 6, 0, 0);
+ }
break;
case 2: // SCCRP
tunnel[t].state = TUNNELOPEN;
// TBA
break;
case 10: // ICRQ
- if (sessionfree)
+ if (sessionfree && main_quit != QUIT_SHUTDOWN)
{
uint16_t r;
{
controlt *c = controlnew(14); // CDN
- control16(c, 1, 4, 1); // temporary lack of resources
- controladd(c, session[s].tunnel, asession); // send the message
+ if (main_quit == QUIT_SHUTDOWN)
+ control16(c, 1, 2, 7); // try another
+ else
+ control16(c, 1, 4, 0); // temporary lack of resources
+
+ controladd(c, t, asession); // send the message
}
return;
case 11: // ICRP
continue;
}
- if (session[s].ip && !(session[s].flags & SF_IPCP_ACKED))
+ if (session[s].ip && !(session[s].flags & SF_IPCP_ACKED)
+ && !(sess_local[s].radius && radius[sess_local[s].radius].state == RADIUSIPCP))
{
// IPCP has not completed yet. Resend
LOG(3, s, session[s].tunnel, "No ACK for initial IPCP ConfigReq... resending\n");
&& !sess_local[s].radius // RADIUS already in progress
&& time_now - sess_local[s].last_interim >= config->radius_interim)
{
- if (!(r = radiusnew(s)))
+ int rad = radiusnew(s);
+ if (!rad)
{
LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Interim message\n");
STAT(radius_overflow);
LOG(3, s, session[s].tunnel, "Sending RADIUS Interim for %s (%u)\n",
session[s].user, session[s].unique_id);
- radiussend(r, RADIUSINTERIM);
+ radiussend(rad, RADIUSINTERIM);
sess_local[s].last_interim = time_now;
s_actions++;
}
return 0;
}
+ if (main_quit == QUIT_SHUTDOWN)
+ {
+ static int dropped = 0;
+ if (!dropped)
+ {
+ int i;
+
+ LOG(1, 0, 0, "Dropping sessions and tunnels\n");
+ for (i = 1; i < MAXTUNNEL; i++)
+ if (tunnel[i].ip || tunnel[i].state)
+ tunnelshutdown(i, "L2TPNS Closing", 6, 0, 0);
+
+ dropped = 1;
+ }
+ }
+
if (start_busy_wait == 0)
start_busy_wait = TIME;
continue;
LOG(0, 0, 0, "Error returned from select(): %s\n", strerror(errno));
- main_quit++;
- break;
+ break; // exit
}
if (n)
//
// Important!!! We MUST not process any packets past this point!
- LOG(1, 0, 0, "Clean shutdown complete\n");
+ LOG(1, 0, 0, "Shutdown complete\n");
}
static void stripdomain(char *host)
initrad();
initippool();
- signal(SIGHUP, sighup_handler);
- signal(SIGTERM, sigterm_handler);
- signal(SIGINT, sigterm_handler);
- signal(SIGQUIT, sigquit_handler);
+ // seed prng
+ {
+ unsigned seed = time_now ^ getpid();
+ LOG(4, 0, 0, "Seeding the pseudo random generator: %u\n", seed);
+ srand(seed);
+ }
+
+ signal(SIGHUP, sighup_handler);
signal(SIGCHLD, sigchild_handler);
+ signal(SIGTERM, shutdown_handler);
+ signal(SIGINT, shutdown_handler);
+ signal(SIGQUIT, shutdown_handler);
// Prevent us from getting paged out
if (config->lock_pages)
}
-static void sigterm_handler(int sig)
-{
- LOG(1, 0, 0, "Shutting down cleanly\n");
- main_quit++;
-}
-
-static void sigquit_handler(int sig)
+static void shutdown_handler(int sig)
{
- int i;
-
- LOG(1, 0, 0, "Shutting down without saving sessions\n");
-
- if (config->cluster_iam_master)
- {
- for (i = 1; i < MAXSESSION; i++)
- {
- if (session[i].opened)
- sessionkill(i, "L2TPNS Closing");
- }
- for (i = 1; i < MAXTUNNEL; i++)
- {
- if (tunnel[i].ip || tunnel[i].state)
- tunnelshutdown(i, "L2TPNS Closing", 6, 0, 0);
- }
- }
-
- main_quit++;
+ LOG(1, 0, 0, "Shutting down\n");
+ main_quit = (sig == SIGQUIT) ? QUIT_SHUTDOWN : QUIT_FAILOVER;
}
static void sigchild_handler(int sig)
if (!session[s].ip)
{
LOG(0, s, t, " No IP allocated. The IP address pool is FULL!\n");
- sessionshutdown(s, "No IP addresses available.", 2, 7);
+ sessionshutdown(s, "No IP addresses available.", 2, 7); // try another
return 0;
}
LOG(3, s, t, " No IP allocated. Assigned %s from pool\n",
uint8_t digest[16];
uint8_t *last;
size_t d = 0;
+ uint16_t m = htons(type);
// Compute initial pad
MD5Init(&ctx);
- MD5Update(&ctx, (uint8_t) (type >> 8) & 0xff, 1);
- MD5Update(&ctx, (uint8_t) type & 0xff, 1);
+ MD5Update(&ctx, (unsigned char *) &m, 2);
MD5Update(&ctx, config->l2tpsecret, strlen(config->l2tpsecret));
MD5Update(&ctx, vector, vec_len);
MD5Final(digest, &ctx);
projects / l2tpns.git / blobdiff