X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/466ffcdaac51211102276e824d02ed9bc77dd82d..b3335712110224f0a27e58320ebc6b4459d7ac34:/l2tpns.c diff --git a/l2tpns.c b/l2tpns.c index a28cd5f..1f47934 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.85 2005/03/10 03:08:08 bodea Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.90 2005/04/18 05:07:20 bodea Exp $"; #include #include @@ -68,11 +68,10 @@ static int rand_fd = -1; // Random data source time_t basetime = 0; // base clock char hostname[1000] = ""; // us. static int tunidx; // ifr_ifindex of tun device -static uint32_t sessionid = 0; // session id for radius accounting static int syslog_log = 0; // are we logging to syslog static FILE *log_stream = NULL; // file handle for direct logging (i.e. direct into file, not via syslog). extern int cluster_sockfd; // Intra-cluster communications socket. -uint32_t last_id = 0; // Last used PPP SID. Can I kill this?? -- mo +uint32_t last_id = 0; // Unique ID for radius accounting struct cli_session_actions *cli_session_actions = NULL; // Pending session changes requested by CLI struct cli_tunnel_actions *cli_tunnel_actions = NULL; // Pending tunnel changes required by CLI @@ -1264,7 +1263,7 @@ static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m) c->length += 10; } -// add an AVP (32 bit) +// add an AVP (string) static void controls(controlt * c, uint16_t avp, char *val, uint8_t m) { uint16_t l = ((m ? 0x8000 : 0) + strlen(val) + 6); @@ -1433,7 +1432,7 @@ static void filter_session(sessionidt s, int filter_in, int filter_out) } // start tidy shutdown of session -void sessionshutdown(sessionidt s, char *reason) +void sessionshutdown(sessionidt s, char *reason, int result, int error) { int walled_garden = session[s].walled_garden; @@ -1453,7 +1452,7 @@ void sessionshutdown(sessionidt s, char *reason) run_plugins(PLUGIN_KILL_SESSION, &data); } - if (!walled_garden && !session[s].die) + if (session[s].ip && !walled_garden && !session[s].die) { // RADIUS Stop message uint16_t r = session[s].radius; @@ -1508,9 +1507,19 @@ void sessionshutdown(sessionidt s, char *reason) if (session[s].throttle_in || session[s].throttle_out) // Unthrottle if throttled. throttle_session(s, 0, 0); + if (result) { // Send CDN controlt *c = controlnew(14); // sending CDN - control16(c, 1, 3, 1); // result code (admin reasons - TBA make error, general error, add message + if (error) + { + char buf[4]; + *(uint16_t *) buf = htons(result); + *(uint16_t *) (buf+2) = htons(error); + controlb(c, 1, buf, 4, 1); + } + else + control16(c, 1, result, 1); + control16(c, 14, s, 1); // assigned session (our end) controladd(c, session[s].tunnel, s); // send the message } @@ -1546,7 +1555,7 @@ void sendipcp(tunnelidt t, sessionidt s) if (radius[r].try > 10) { radiusclear(r, s); // Clear radius session. - sessionshutdown(s, "No reply on IPCP"); + sessionshutdown(s, "No reply on IPCP", 3, 0); return; } @@ -1606,7 +1615,7 @@ void sessionkill(sessionidt s, char *reason) } session[s].die = TIME; - sessionshutdown(s, reason); // close radius/routes, etc. + sessionshutdown(s, reason, 3, 0); // close radius/routes, etc. if (session[s].radius) radiusclear(session[s].radius, s); // cant send clean accounting data, session is killed @@ -1654,12 +1663,12 @@ static void tunnelkill(tunnelidt t, char *reason) // free tunnel tunnelclear(t); LOG(1, 0, t, "Kill tunnel %d: %s\n", t, reason); - cli_tunnel_actions[s].action = 0; + cli_tunnel_actions[t].action = 0; cluster_send_tunnel(t); } // shut down a tunnel cleanly -static void tunnelshutdown(tunnelidt t, char *reason) +static void tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg) { sessionidt s; @@ -1676,17 +1685,38 @@ static void tunnelshutdown(tunnelidt t, char *reason) // close session for (s = 1; s <= config->cluster_highest_sessionid ; ++s) if (session[s].tunnel == t) - sessionshutdown(s, reason); + sessionshutdown(s, reason, 3, 0); tunnel[t].state = TUNNELDIE; tunnel[t].die = TIME + 700; // Clean up in 70 seconds cluster_send_tunnel(t); // TBA - should we wait for sessions to stop? - { // Send StopCCN - controlt *c = controlnew(4); // sending StopCCN - control16(c, 1, 1, 1); // result code (admin reasons - TBA make error, general error, add message) - control16(c, 9, t, 1); // assigned tunnel (our end) - controladd(c, t, 0); // send the message + if (result) + { + controlt *c = controlnew(4); // sending StopCCN + if (error) + { + char buf[64]; + int l = 4; + *(uint16_t *) buf = htons(result); + *(uint16_t *) (buf+2) = htons(error); + if (msg) + { + int m = strlen(msg); + if (m + 4 > sizeof(buf)) + m = sizeof(buf) - 4; + + memcpy(buf+4, msg, m); + l += m; + } + + controlb(c, 1, buf, l, 1); + } + else + control16(c, 1, result, 1); + + control16(c, 9, t, 1); // assigned tunnel (our end) + controladd(c, t, 0); // send the message } } @@ -1890,6 +1920,10 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) } if (l) { // if not a null message + int result = 0; + int error = 0; + char *msg = 0; + // process AVPs while (l && !(fatal & 0x80)) // 0x80 = mandatory AVP { @@ -1909,6 +1943,9 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) { LOG(1, s, t, "Unrecognised AVP flags %02X\n", *b); fatal = flags; + result = 2; // general error + error = 3; // reserved field non-zero + msg = 0; continue; // next } b += 2; @@ -1916,6 +1953,9 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) { LOG(2, s, t, "Unknown AVP vendor %d\n", ntohs(*(uint16_t *) (b))); fatal = flags; + result = 2; // general error + error = 6; // generic vendor-specific error + msg = "unsupported vendor-specific"; continue; // next } b += 2; @@ -1932,18 +1972,27 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) { LOG(1, s, t, "Hidden AVP requested, but no L2TP secret.\n"); fatal = flags; + result = 2; // general error + error = 6; // generic vendor-specific error + msg = "secret not specified"; continue; } if (!session[s].random_vector_length) { LOG(1, s, t, "Hidden AVP requested, but no random vector.\n"); fatal = flags; + result = 2; // general error + error = 6; // generic + msg = "no random vector"; continue; } if (n < 8) { LOG(2, s, t, "Short hidden AVP.\n"); fatal = flags; + result = 2; // general error + error = 2; // length is wrong + msg = 0; continue; } @@ -1955,7 +2004,13 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) orig_len = ntohs(*(uint16_t *) b); if (orig_len > n + 2) { + LOG(1, s, t, "Original length %d too long in hidden AVP of length %d; wrong secret?\n", + orig_len, n); + fatal = flags; + result = 2; // general error + error = 2; // length is wrong + msg = 0; continue; } @@ -2004,6 +2059,9 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) { // allow 0.0 and 1.0 LOG(1, s, t, " Bad protocol version %04X\n", version); fatal = flags; + result = 5; // unspported protocol version + error = 0x0100; // supported version + msg = 0; continue; // next } } @@ -2180,14 +2238,20 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) session[s].random_vector_length = n; break; default: - LOG(2, s, t, " Unknown AVP type %d\n", mtype); - fatal = flags; - continue; // next + { + static char e[] = "unknown AVP 0xXXXX"; + LOG(2, s, t, " Unknown AVP type %d\n", mtype); + fatal = flags; + result = 2; // general error + error = 8; // unknown mandatory AVP + sprintf((msg = e) + 14, "%04x", mtype); + continue; // next + } } } // process message if (fatal & 0x80) - tunnelshutdown(t, "Unknown Mandatory AVP"); + tunnelshutdown(t, "Invalid mandatory AVP", result, error, msg); else switch (message) { @@ -2212,8 +2276,7 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) break; case 4: // StopCCN controlnull(t); // ack - tunnelshutdown(t, "Stopped"); // Shut down cleanly - tunnelkill(t, "Stopped"); // Immediately force everything dead + tunnelshutdown(t, "Stopped", 0, 0, 0); // Shut down cleanly break; case 6: // HELLO controlnull(t); // simply ACK @@ -2255,7 +2318,6 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) } c = controlnew(11); // sending ICRP - session[s].id = sessionid++; session[s].opened = time_now; session[s].tunnel = t; session[s].far = asession; @@ -2287,7 +2349,7 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) break; case 14: // CDN controlnull(t); // ack - sessionshutdown(s, "Closed (Received CDN)"); + sessionshutdown(s, "Closed (Received CDN)", 0, 0); break; case 0xFFFF: LOG(1, s, t, "Missing message type\n"); @@ -2295,7 +2357,7 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) default: STAT(tunnel_rx_errors); if (mandatory) - tunnelshutdown(t, "Unknown message type"); + tunnelshutdown(t, "Unknown message type", 2, 6, "unknown message type"); else LOG(1, s, t, "Unknown message type %d\n", message); break; @@ -2540,7 +2602,7 @@ static int regular_cleanups(void) if (a & CLI_TUN_KILL) { LOG(2, 0, t, "Dropping tunnel by CLI\n"); - tunnelshutdown(t, "Requested by administrator"); + tunnelshutdown(t, "Requested by administrator", 1, 0, 0); } } @@ -2574,13 +2636,13 @@ static int regular_cleanups(void) // Drop sessions who have not responded within IDLE_TIMEOUT seconds if (session[s].last_packet && (time_now - session[s].last_packet >= IDLE_TIMEOUT)) { - sessionshutdown(s, "No response to LCP ECHO requests"); + sessionshutdown(s, "No response to LCP ECHO requests", 3, 0); STAT(session_timeout); if (++count >= MAX_ACTIONS) break; continue; } - // No data in IDLE_TIMEOUT seconds, send LCP ECHO + // No data in ECHO_TIMEOUT seconds, send LCP ECHO if (session[s].user[0] && (time_now - session[s].last_packet >= ECHO_TIMEOUT)) { uint8_t b[MAXCONTROL] = {0}; @@ -2608,7 +2670,7 @@ static int regular_cleanups(void) if (a & CLI_SESS_KILL) { LOG(2, s, session[s].tunnel, "Dropping session by CLI\n"); - sessionshutdown(s, "Requested by administrator"); + sessionshutdown(s, "Requested by administrator", 3, 0); a = 0; // dead, no need to check for other actions } @@ -3773,7 +3835,7 @@ static void sigquit_handler(int sig) for (i = 1; i < MAXTUNNEL; i++) { if (tunnel[i].ip || tunnel[i].state) - tunnelshutdown(i, "L2TPNS Closing"); + tunnelshutdown(i, "L2TPNS Closing", 6, 0, 0); } } @@ -4051,7 +4113,7 @@ int sessionsetup(tunnelidt t, sessionidt s) if (!session[s].ip) { LOG(0, s, t, " No IP allocated. The IP address pool is FULL!\n"); - sessionshutdown(s, "No IP addresses available"); + sessionshutdown(s, "No IP addresses available", 2, 7); return 0; } LOG(3, s, t, " No IP allocated. Assigned %s from pool\n",