X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/11996ba4147678c1d400dcc16e33d83a9a3ede9c..517c3509bfa1987dc91fc5c15f86fcb8e5a6f7ed:/l2tpns.c diff --git a/l2tpns.c b/l2tpns.c index 71d5857..52872a5 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -81,7 +81,7 @@ int cluster_sockfd = -1; // Intra-cluster communications socket. int epollfd = -1; // event polling time_t basetime = 0; // base clock char hostname[MAXHOSTNAME] = ""; // us. -static int tunidx; // ifr_ifindex of tun device +int tunidx; // ifr_ifindex of tun device int nlseqnum = 0; // netlink sequence number int min_initok_nlseqnum = 0; // minimun seq number for messages after init is ok static int syslog_log = 0; // are we logging to syslog @@ -187,10 +187,13 @@ config_descriptt config_values[] = { CONFIG("bind_address_remotelns", bind_address_remotelns, IPv4), CONFIG("bind_portremotelns", bind_portremotelns, SHORT), #endif - CONFIG("pppoe_if_name", pppoe_if_name, STRING), + CONFIG("pppoe_if_to_bind", pppoe_if_to_bind, STRING), CONFIG("pppoe_service_name", pppoe_service_name, STRING), CONFIG("pppoe_ac_name", pppoe_ac_name, STRING), - { NULL, 0, 0, 0 }, + CONFIG("disable_sending_hello", disable_sending_hello, BOOL), + CONFIG("disable_no_spoof", disable_no_spoof, BOOL), + CONFIG("grp_txrate_average_time", grp_txrate_average_time, INT), + { NULL, 0, 0, 0 } }; static char *plugin_functions[] = { @@ -218,6 +221,7 @@ tunnelt *tunnel = NULL; // Array of tunnel structures. bundlet *bundle = NULL; // Array of bundle structures. fragmentationt *frag = NULL; // Array of fragmentation structures. sessiont *session = NULL; // Array of session structures. +groupsesst *grpsession = NULL; // Array of groupsesst structures. sessionlocalt *sess_local = NULL; // Array of local per-session counters. radiust *radius = NULL; // Array of radius structures. ippoolt *ip_address_pool = NULL; // Array of dynamic IP addresses. @@ -228,9 +232,6 @@ struct Tstats *_statistics = NULL; struct Tringbuffer *ringbuffer = NULL; #endif -static ssize_t netlink_send(struct nlmsghdr *nh); -static void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen); -static void cache_ipmap(in_addr_t ip, sessionidt s); static void uncache_ipmap(in_addr_t ip); static void cache_ipv6map(struct in6_addr ip, int prefixlen, sessionidt s); static void free_ip_address(sessionidt s); @@ -259,8 +260,9 @@ static clockt now(double *f) if (f) *f = t.tv_sec + t.tv_usec / 1000000.0; if (t.tv_sec != time_now) { - time_now = t.tv_sec; - time_changed++; + time_now = t.tv_sec; + time_changed++; + grp_time_changed(); } // Time in milliseconds @@ -619,7 +621,7 @@ static void initnetlink(void) } } -static ssize_t netlink_send(struct nlmsghdr *nh) +ssize_t netlink_send(struct nlmsghdr *nh) { struct sockaddr_nl nladdr; struct iovec iov; @@ -655,7 +657,7 @@ static ssize_t netlink_recv(void *buf, ssize_t len) } /* adapted from iproute2 */ -static void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen) +void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen) { int len = RTA_LENGTH(alen); struct rtattr *rta; @@ -1001,7 +1003,7 @@ sessionidt sessionbyipv6(struct in6_addr ip) // // (It's actually cached in network order) // -static void cache_ipmap(in_addr_t ip, sessionidt s) +void cache_ipmap(in_addr_t ip, sessionidt s) { in_addr_t nip = htonl(ip); // MUST be in network order. I.e. MSB must in be ((char *) (&ip))[0] uint8_t *a = (uint8_t *) &nip; @@ -1373,6 +1375,7 @@ static void update_session_out_stat(sessionidt s, sessiont *sp, int len) { increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count sp->cout_delta += len; + sp->coutgrp_delta += len; sp->pout++; sp->last_data = time_now; @@ -1386,6 +1389,7 @@ static void update_session_out_stat(sessionidt s, sessiont *sp, int len) void processipout(uint8_t *buf, int len) { sessionidt s; + groupidt g; sessiont *sp; tunnelidt t; in_addr_t ip; @@ -1422,7 +1426,31 @@ void processipout(uint8_t *buf, int len) } ip = *(uint32_t *)(buf + 16); - if (!(s = sessionbyip(ip))) + if ((g = grp_groupbyip(ip))) + { + s = grp_getnextsession(g, ip); + if (!s) + { + // Is this a packet for a session that doesn't exist? + static int rate = 0; // Number of ICMP packets we've sent this second. + static int last = 0; // Last time we reset the ICMP packet counter 'rate'. + + if (last != time_now) + { + last = time_now; + rate = 0; + } + + if (rate++ < config->icmp_rate) // Only send a max of icmp_rate per second. + { + LOG(4, 0, 0, "IP: Sending ICMP host unreachable to %s\n", fmtaddr(*(in_addr_t *)(buf + 12), 0)); + host_unreachable(*(in_addr_t *)(buf + 12), *(uint16_t *)(buf + 4), + config->bind_address ? config->bind_address : my_address, buf, len); + } + return; + } + } + else if (!(s = sessionbyip(ip))) { // Is this a packet for a session that doesn't exist? static int rate = 0; // Number of ICMP packets we've sent this second. @@ -1624,17 +1652,15 @@ void processipout(uint8_t *buf, int len) else { // Send it as one frame (NO MPPP Frame) - uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0); - if (!p) return; - tunnelsend(fragbuf, len + (p-fragbuf), t); // send it... + uint8_t *p = opt_makeppp(buf, len, s, t, PPPIP, 0, 0, 0); + tunnelsend(p, len + (buf-p), t); // send it... update_session_out_stat(s, sp, len); } } else { - uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0); - if (!p) return; - tunnelsend(fragbuf, len + (p-fragbuf), t); // send it... + uint8_t *p = opt_makeppp(buf, len, s, t, PPPIP, 0, 0, 0); + tunnelsend(p, len + (buf-p), t); // send it... update_session_out_stat(s, sp, len); } @@ -1759,6 +1785,7 @@ static void processipv6out(uint8_t * buf, int len) increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count sp->cout_delta += len; + sp->coutgrp_delta += len; sp->pout++; udp_tx += len; @@ -1808,6 +1835,7 @@ static void send_ipout(sessionidt s, uint8_t *buf, int len) increment_counter(&sp->cout, &sp->cout_wrap, len); // byte count sp->cout_delta += len; + sp->coutgrp_delta += len; sp->pout++; udp_tx += len; @@ -2026,7 +2054,6 @@ void sessionshutdown(sessionidt s, char const *reason, int cdn_result, int cdn_e struct param_kill_session data = { &tunnel[session[s].tunnel], &session[s] }; LOG(2, s, session[s].tunnel, "Shutting down session %u: %s\n", s, reason); run_plugins(PLUGIN_KILL_SESSION, &data); - session[s].die = TIME + 150; // Clean up in 15 seconds } if (session[s].ip && !walled_garden && !session[s].die) @@ -2051,8 +2078,11 @@ void sessionshutdown(sessionidt s, char const *reason, int cdn_result, int cdn_e memcpy(&shut_acct[shut_acct_n++], &session[s], sizeof(session[s])); } + if (!session[s].die) + session[s].die = TIME + 150; // Clean up in 15 seconds + if (session[s].ip) - { // IP allocated, clear and unroute + { // IP allocated, clear and unroute int r; int routed = 0; for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++) @@ -2252,6 +2282,8 @@ static void sessionclear(sessionidt s) // kill a session now void sessionkill(sessionidt s, char *reason) { + groupidt g; + CSTAT(sessionkill); if (!session[s].opened) // not alive @@ -2282,6 +2314,12 @@ void sessionkill(sessionidt s, char *reason) #endif LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason); + + if ((g = grp_groupbysession(s))) + { + grp_removesession(g, s); + } + sessionclear(s); cluster_send_session(s); } @@ -3500,10 +3538,13 @@ static void regular_cleanups(double period) // Send hello if (tunnel[t].state == TUNNELOPEN && !tunnel[t].controlc && (time_now - tunnel[t].lastrec) > 60) { - controlt *c = controlnew(6); // sending HELLO - controladd(c, 0, t); // send the message - LOG(3, 0, t, "Sending HELLO message\n"); - t_actions++; + if (!config->disable_sending_hello) + { + controlt *c = controlnew(6); // sending HELLO + controladd(c, 0, t); // send the message + LOG(3, 0, t, "Sending HELLO message\n"); + t_actions++; + } } // Check for tunnel changes requested from the CLI @@ -3677,7 +3718,7 @@ static void regular_cleanups(double period) // No data in ECHO_TIMEOUT seconds, send LCP ECHO if (session[s].ppp.phase >= Establish && (time_now - session[s].last_packet >= config->echo_timeout) && - (time_now - sess_local[s].last_echo >= ECHO_TIMEOUT)) + (time_now - sess_local[s].last_echo >= config->echo_timeout)) { uint8_t b[MAXETHER]; @@ -3963,9 +4004,9 @@ static void mainloop(void) { int i; uint8_t buf[65536]; - uint8_t *p = buf + 24; // for the hearder of the forwarded MPPP packet (see C_MPPP_FORWARD) + uint8_t *p = buf + 32; // for the hearder of the forwarded MPPP packet (see C_MPPP_FORWARD) // and the forwarded pppoe session - int size_bufp = sizeof(buf) - 24; + int size_bufp = sizeof(buf) - 32; clockt next_cluster_ping = 0; // send initial ping immediately struct epoll_event events[BASE_FDS + RADIUS_FDS + EXTRA_FDS]; int maxevent = sizeof(events)/sizeof(*events); @@ -4154,26 +4195,26 @@ static void mainloop(void) case FD_TYPE_CONTROL: // nsctl commands alen = sizeof(addr); - s = recvfromto(controlfd, buf, sizeof(buf), MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local); - if (s > 0) processcontrol(buf, s, &addr, alen, &local); + s = recvfromto(controlfd, p, size_bufp, MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local); + if (s > 0) processcontrol(p, s, &addr, alen, &local); n--; break; case FD_TYPE_DAE: // DAE requests alen = sizeof(addr); - s = recvfromto(daefd, buf, sizeof(buf), MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local); - if (s > 0) processdae(buf, s, &addr, alen, &local); + s = recvfromto(daefd, p, size_bufp, MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local); + if (s > 0) processdae(p, s, &addr, alen, &local); n--; break; case FD_TYPE_RADIUS: // RADIUS response alen = sizeof(addr); - s = recvfrom(radfds[d->index], buf, sizeof(buf), MSG_WAITALL, (struct sockaddr *) &addr, &alen); + s = recvfrom(radfds[d->index], p, size_bufp, MSG_WAITALL, (struct sockaddr *) &addr, &alen); if (s >= 0 && config->cluster_iam_master) { if (addr.sin_addr.s_addr == config->radiusserver[0] || addr.sin_addr.s_addr == config->radiusserver[1]) - processrad(buf, s, d->index); + processrad(p, s, d->index); else LOG(3, 0, 0, "Dropping RADIUS packet from unknown source %s\n", fmtaddr(addr.sin_addr.s_addr, 0)); @@ -4191,8 +4232,8 @@ static void mainloop(void) case FD_TYPE_NETLINK: { - struct nlmsghdr *nh = (struct nlmsghdr *)buf; - s = netlink_recv(buf, sizeof(buf)); + struct nlmsghdr *nh = (struct nlmsghdr *)p; + s = netlink_recv(p, size_bufp); if (nh->nlmsg_type == NLMSG_ERROR) { struct nlmsgerr *errmsg = NLMSG_DATA(nh); @@ -4313,11 +4354,11 @@ static void mainloop(void) if (c >= config->multi_read_count) { #ifdef LAC - LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun %d cluster and %d rmlns packets\n", - config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts, udplac_pkts); + LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun %d cluster %d rmlns and %d pppoe packets\n", + config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts, udplac_pkts, pppoesess_pkts); #else - LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun and %d cluster packets\n", - config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts); + LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun %d cluster and %d pppoe packets\n", + config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts, pppoesess_pkts); #endif STAT(multi_read_exceeded); more++; @@ -4656,6 +4697,8 @@ static void initdata(int optdebug, char *optconfig) #ifdef LAC lac_initremotelnsdata(); #endif + + grp_initdata(); } static int assign_ip_address(sessionidt s) @@ -5121,10 +5164,10 @@ int main(int argc, char *argv[]) inittun(); LOG(1, 0, 0, "Set up on interface %s\n", config->tundevicename); - if (*config->pppoe_if_name) + if (*config->pppoe_if_to_bind) { init_pppoe(); - LOG(1, 0, 0, "Set up on pppoe interface %s\n", config->pppoe_if_name); + LOG(1, 0, 0, "Set up on pppoe interface %s\n", config->pppoe_if_to_bind); } initudp(); initrad(); @@ -5548,8 +5591,7 @@ int sessionsetup(sessionidt s, tunnelidt t) if (ip == session[i].ip) { - sessionkill(i, "Duplicate IP address"); - cluster_listinvert_session(s, i); + sessionshutdown(i, "Duplicate IP address", CDN_ADMIN_DISC, TERM_ADMIN_RESET); // close radius/routes, etc. continue; } @@ -5570,7 +5612,7 @@ int sessionsetup(sessionidt s, tunnelidt t) // Drop the new session in case of duplicate sessionss, not the old one. if (!strcasecmp(user, session[i].user)) - sessionkill(i, "Duplicate session for users"); + sessionshutdown(i, "Duplicate session for users", CDN_ADMIN_DISC, TERM_ADMIN_RESET); // close radius/routes, etc. } } @@ -5578,6 +5620,7 @@ int sessionsetup(sessionidt s, tunnelidt t) if (!session[s].bundle || (bundle[session[s].bundle].num_of_links == 1)) { int routed = 0; + groupidt g; // Add the route for this session. for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++) @@ -5600,6 +5643,11 @@ int sessionsetup(sessionidt s, tunnelidt t) } else cache_ipmap(session[s].ip, s); + + if ((g = grp_groupbysession(s))) + { + grp_setgrouproute(g, 1); + } } sess_local[s].lcp_authtype = 0; // RADIUS authentication complete