X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/54443c26c4624b8630ca14a71853123a8cc8c3dd..0a443cca73698f943ac84a300079f47478ea862e:/l2tpns.h?ds=sidebyside diff --git a/l2tpns.h b/l2tpns.h index e7584f9..f27f02e 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -1,5 +1,5 @@ // L2TPNS Global Stuff -// $Id: l2tpns.h,v 1.50 2004-12-18 01:20:05 bodea Exp $ +// $Id: l2tpns.h,v 1.52 2005-01-10 07:17:37 bodea Exp $ #ifndef __L2TPNS_H__ #define __L2TPNS_H__ @@ -72,6 +72,7 @@ #endif #define TUNDEVICE "/dev/net/tun" +#define RANDOMDEVICE "/dev/urandom" // default, not as secure as /dev/random but non-blocking #define STATEFILE DATADIR "/state.dump" // State dump file #define CONFIGFILE FLASHDIR "/startup-config" // Configuration file #define CLIUSERS FLASHDIR "/users" // CLI Users file @@ -93,8 +94,8 @@ #define PPPIPV6 0x0057 #define PPPMP 0x003D #define MIN_IP_SIZE 0x19 -enum -{ + +enum { ConfigReq = 1, ConfigAck, ConfigNak, @@ -109,6 +110,15 @@ enum IdentRequest }; +enum { + AccessRequest = 1, + AccessAccept, + AccessReject, + AccountingRequest, + AccountingResponse, + AccessChallenge = 11 +}; + // Types typedef uint16_t sessionidt; typedef uint16_t tunnelidt; @@ -213,10 +223,19 @@ sessiont; #define SF_IPV6CP_ACKED 8 // IPv6 negotiated #define SF_IPV6_NACKED 16 // IPv6 rejected +#define AUTHPAP 1 // allow PAP +#define AUTHCHAP 2 // allow CHAP + typedef struct { + // byte counters uint32_t cin; uint32_t cout; + + // DoS prevention + clockt last_packet_out; + uint32_t packets_out; + uint32_t packets_dropped; } sessioncountt; #define SESSIONPFC 1 // PFC negotiated flags @@ -320,6 +339,7 @@ struct Tstats uint32_t tun_tx_bytes; uint32_t tun_rx_errors; uint32_t tun_tx_errors; + uint32_t tun_rx_dropped; uint32_t tunnel_rx_packets; uint32_t tunnel_tx_packets; @@ -381,13 +401,14 @@ struct Tstats uint32_t call_processrad; uint32_t call_radiussend; uint32_t call_radiusretry; + uint32_t call_random_data; #endif }; #ifdef STATISTICS #ifdef STAT_CALLS -#define CSTAT(x) STAT(x) +#define CSTAT(x) STAT(call_ ## x) #else #define CSTAT(x) #endif @@ -424,6 +445,8 @@ typedef struct char log_filename[128]; char l2tpsecret[64]; + char random_device[256]; // random device path, defaults to RANDOMDEVICE + char radiussecret[64]; int radius_accounting; in_addr_t radiusserver[MAXRADSERVER]; // radius servers @@ -431,6 +454,10 @@ typedef struct uint8_t numradiusservers; // radius server count short num_radfds; // Number of radius filehandles allocated + char radius_authtypes_s[32]; // list of valid authentication types (chap, pap) in order of preference + int radius_authtypes; + int radius_authprefer; + in_addr_t default_dns1, default_dns2; unsigned long rl_rate; // default throttle rate @@ -450,7 +477,8 @@ typedef struct int next_tbf; // Next HTB id available to use int scheduler_fifo; // If the system has multiple CPUs, use FIFO scheduling policy for this process. int lock_pages; // Lock pages into memory. - int icmp_rate; // Max number of ICMP unreachable per second to send> + int icmp_rate; // Max number of ICMP unreachable per second to send + int max_packets; // DoS prevention: per session limit of packets/0.1s in_addr_t cluster_address; // Multicast address of cluster. // Send to this address to have everyone hear. @@ -575,6 +603,7 @@ void radiusclear(uint16_t r, sessionidt s); clockt backoff(uint8_t try); sessionidt sessionbyip(in_addr_t ip); sessionidt sessionbyuser(char *username); +void random_data(uint8_t *buf, int len); void sessionshutdown(sessionidt s, char *reason); void send_garp(in_addr_t ip); void tunnelsend(uint8_t *buf, uint16_t l, tunnelidt t);