X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/6a529fb49e8abf786e91a83dadff0ecd6dbe5e03..0834bba08ed4f1e507320306dc682d7e62371af5:/l2tpns.c?ds=inline diff --git a/l2tpns.c b/l2tpns.c index dc87ad8..694726d 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,8 +4,6 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.176 2011/01/20 12:48:40 bodea Exp $"; - #include #include #include @@ -55,11 +53,23 @@ char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.176 2011/01/20 12:48:40 bodea Exp #include "bgp.h" #endif +#ifdef LAC +#include "l2tplac.h" +#endif + +#ifdef LAC +char * Vendor_name = "Linux L2TPNS"; +uint32_t call_serial_number = 0; +#endif + // Globals configt *config = NULL; // all configuration int nlfd = -1; // netlink socket int tunfd = -1; // tun interface file handle. (network device) int udpfd = -1; // UDP file handle +#ifdef LAC +int udplacfd = -1; // UDP LAC file handle +#endif int controlfd = -1; // Control signal handle int clifd = -1; // Socket listening for CLI connections. int daefd = -1; // Socket listening for DAE connections. @@ -104,6 +114,7 @@ uint32_t eth_tx = 0; static uint32_t ip_pool_size = 1; // Size of the pool of addresses used for dynamic address allocation. time_t time_now = 0; // Current time in seconds since epoch. +uint64_t time_now_ms = 0; // Current time in milliseconds since epoch. static char time_now_string[64] = {0}; // Current time as a string. static int time_changed = 0; // time_now changed char main_quit = 0; // True if we're in the process of exiting. @@ -161,8 +172,16 @@ config_descriptt config_values[] = { CONFIG("ipv6_prefix", ipv6_prefix, IPv6), CONFIG("cli_bind_address", cli_bind_address, IPv4), CONFIG("hostname", hostname, STRING), +#ifdef BGP CONFIG("nexthop_address", nexthop_address, IPv4), CONFIG("nexthop6_address", nexthop6_address, IPv6), +#endif + CONFIG("echo_timeout", echo_timeout, INT), + CONFIG("idle_echo_timeout", idle_echo_timeout, INT), +#ifdef LAC + CONFIG("disable_lac_func", disable_lac_func, BOOL), + CONFIG("bind_portremotelns", bind_portremotelns, SHORT), +#endif { NULL, 0, 0, 0 }, }; @@ -223,13 +242,6 @@ static tunnelidt new_tunnel(void); static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len); static void bundleclear(bundleidt b); -// on slaves, alow BGP to withdraw cleanly before exiting -#define QUIT_DELAY 5 - -// quit actions (master) -#define QUIT_FAILOVER 1 // SIGTERM: exit when all control messages have been acked (for cluster failover) -#define QUIT_SHUTDOWN 2 // SIGQUIT: shutdown sessions/tunnels, reject new connections - // return internal time (10ths since process startup), set f if given // as a side-effect sets time_now, and time_changed static clockt now(double *f) @@ -242,6 +254,10 @@ static clockt now(double *f) time_now = t.tv_sec; time_changed++; } + + // Time in milliseconds + time_now_ms = (t.tv_sec * 1000) + (t.tv_usec/1000); + return (t.tv_sec - basetime) * 10 + t.tv_usec / 100000 + 1; } @@ -857,6 +873,24 @@ static void initudp(void) exit(1); } +#ifdef LAC + // Tunnel to Remote LNS + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = htons(config->bind_portremotelns); + udplacfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + setsockopt(udplacfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); + { + int flags = fcntl(udplacfd, F_GETFL, 0); + fcntl(udplacfd, F_SETFL, flags | O_NONBLOCK); + } + if (bind(udplacfd, (struct sockaddr *) &addr, sizeof(addr)) < 0) + { + LOG(0, 0, 0, "Error in UDP REMOTE LNS bind: %s\n", strerror(errno)); + exit(1); + } +#endif + // Intercept snoopfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); } @@ -1177,8 +1211,11 @@ void tunnelsend(uint8_t * buf, uint16_t l, tunnelidt t) LOG(3, 0, t, "Control message resend try %d\n", tunnel[t].try); } } - +#ifdef LAC + if (sendto((tunnel[t].isremotelns?udplacfd:udpfd), buf, l, 0, (void *) &addr, sizeof(addr)) < 0) +#else if (sendto(udpfd, buf, l, 0, (void *) &addr, sizeof(addr)) < 0) +#endif { LOG(0, ntohs((*(uint16_t *) (buf + 6))), t, "Error sending data out tunnel: %s (udpfd=%d, buf=%p, len=%d, dest=%s)\n", strerror(errno), udpfd, buf, l, inet_ntoa(addr.sin_addr)); @@ -1325,7 +1362,8 @@ static void update_session_out_stat(sessionidt s, sessiont *sp, int len) // process outgoing (to tunnel) IP // -static void processipout(uint8_t *buf, int len) +// (i.e. this routine writes to data[-8]). +void processipout(uint8_t *buf, int len) { sessionidt s; sessiont *sp; @@ -1462,75 +1500,123 @@ static void processipout(uint8_t *buf, int len) return; } - // Add on L2TP header - { - bundleidt bid = 0; - if(session[s].bundle != 0 && bundle[session[s].bundle].num_of_links > 1) - { - bid = session[s].bundle; - s = bundle[bid].members[bundle[bid].current_ses = ++bundle[bid].current_ses % bundle[bid].num_of_links]; - t = session[s].tunnel; - sp = &session[s]; - LOG(4, s, t, "MPPP: (1)Session number becomes: %d\n", s); - if(len > MINFRAGLEN) - { - // Partition the packet to "bundle[b].num_of_links" fragments - bundlet *b = &bundle[bid]; - uint32_t num_of_links = b->num_of_links; - uint32_t fraglen = len / num_of_links; - fraglen = (fraglen > session[s].mru ? session[s].mru : fraglen); - uint32_t last_fraglen = fraglen + len % num_of_links; - last_fraglen = (last_fraglen > session[s].mru ? len % num_of_links : last_fraglen); + if(session[s].bundle != 0 && bundle[session[s].bundle].num_of_links > 1) + { + + if (!config->cluster_iam_master) + { + // The MPPP packets must be managed by the Master. + master_forward_mppp_packet(s, data, size); + return; + } + + // Add on L2TP header + sessionidt members[MAXBUNDLESES]; + bundleidt bid = session[s].bundle; + bundlet *b = &bundle[bid]; + uint32_t num_of_links, nb_opened; + int i; + + num_of_links = b->num_of_links; + nb_opened = 0; + for (i = 0;i < num_of_links;i++) + { + s = b->members[i]; + if (session[s].ppp.lcp == Opened) + { + members[nb_opened] = s; + nb_opened++; + } + } + + if (nb_opened < 1) + { + LOG(3, s, t, "MPPP: PROCESSIPOUT ERROR, no session opened in bundle:%d\n", bid); + return; + } + + num_of_links = nb_opened; + b->current_ses = (b->current_ses + 1) % num_of_links; + s = members[b->current_ses]; + t = session[s].tunnel; + sp = &session[s]; + LOG(4, s, t, "MPPP: (1)Session number becomes: %d\n", s); + + if (num_of_links > 1) + { + if(len > MINFRAGLEN) + { + //for rotate traffic among the member links + uint32_t divisor = num_of_links; + if (divisor > 2) + divisor = divisor/2 + (divisor & 1); + + // Partition the packet to "num_of_links" fragments + uint32_t fraglen = len / divisor; + uint32_t last_fraglen = fraglen + len % divisor; uint32_t remain = len; // send the first packet - uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, fraglen, s, t, PPPIP, 0, bid, MP_BEGIN); - if (!p) return; - tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it... + uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, fraglen, s, t, PPPIP, 0, bid, MP_BEGIN); + if (!p) return; + tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it... + // statistics update_session_out_stat(s, sp, fraglen); + remain -= fraglen; while (remain > last_fraglen) - { - s = b->members[b->current_ses = ++b->current_ses % num_of_links]; + { + b->current_ses = (b->current_ses + 1) % num_of_links; + s = members[b->current_ses]; t = session[s].tunnel; sp = &session[s]; - LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s); - p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), fraglen, s, t, PPPIP, 0, bid, 0); - if (!p) return; - tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it... + LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s); + p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), fraglen, s, t, PPPIP, 0, bid, 0); + if (!p) return; + tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it... update_session_out_stat(s, sp, fraglen); remain -= fraglen; } // send the last fragment - s = b->members[b->current_ses = ++b->current_ses % num_of_links]; + b->current_ses = (b->current_ses + 1) % num_of_links; + s = members[b->current_ses]; t = session[s].tunnel; sp = &session[s]; - LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s); - p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), remain, s, t, PPPIP, 0, bid, MP_END); - if (!p) return; - tunnelsend(fragbuf, remain + (p-fragbuf), t); // send it... + LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s); + p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), remain, s, t, PPPIP, 0, bid, MP_END); + if (!p) return; + tunnelsend(fragbuf, remain + (p-fragbuf), t); // send it... update_session_out_stat(s, sp, remain); if (remain != last_fraglen) LOG(3, s, t, "PROCESSIPOUT ERROR REMAIN != LAST_FRAGLEN, %d != %d\n", remain, last_fraglen); - } - else { - // Send it as one frame - uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, bid, MP_BOTH_BITS); - if (!p) return; - tunnelsend(fragbuf, len + (p-fragbuf), t); // send it... + } + else + { + // Send it as one frame + uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, bid, MP_BOTH_BITS); + if (!p) return; + tunnelsend(fragbuf, len + (p-fragbuf), t); // send it... LOG(4, s, t, "MPPP: packet sent as one frame\n"); update_session_out_stat(s, sp, len); - } - } - else - { - uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0); - if (!p) return; - tunnelsend(fragbuf, len + (p-fragbuf), t); // send it... + } + } + else + { + // Send it as one frame (NO MPPP Frame) + uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0); + if (!p) return; + tunnelsend(fragbuf, len + (p-fragbuf), t); // send it... update_session_out_stat(s, sp, len); - } - } + } + } + else + { + uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0); + if (!p) return; + tunnelsend(fragbuf, len + (p-fragbuf), t); // send it... + update_session_out_stat(s, sp, len); + } // Snooping this session, send it to intercept box if (sp->snoop_ip && sp->snoop_port) @@ -1610,7 +1696,10 @@ static void processipv6out(uint8_t * buf, int len) if (session[s].bundle && bundle[session[s].bundle].num_of_links > 1) { bundleidt bid = session[s].bundle; - s = bundle[bid].members[bundle[bid].current_ses = ++bundle[bid].current_ses % bundle[bid].num_of_links]; + bundlet *b = &bundle[bid]; + + b->current_ses = (b->current_ses + 1) % b->num_of_links; + s = b->members[b->current_ses]; LOG(3, s, session[s].tunnel, "MPPP: Session number becomes: %u\n", s); } t = session[s].tunnel; @@ -1710,10 +1799,10 @@ static void send_ipout(sessionidt s, uint8_t *buf, int len) static void control16(controlt * c, uint16_t avp, uint16_t val, uint8_t m) { uint16_t l = (m ? 0x8008 : 0x0008); - *(uint16_t *) (c->buf + c->length + 0) = htons(l); - *(uint16_t *) (c->buf + c->length + 2) = htons(0); - *(uint16_t *) (c->buf + c->length + 4) = htons(avp); - *(uint16_t *) (c->buf + c->length + 6) = htons(val); + c->buf16[c->length/2 + 0] = htons(l); + c->buf16[c->length/2 + 1] = htons(0); + c->buf16[c->length/2 + 2] = htons(avp); + c->buf16[c->length/2 + 3] = htons(val); c->length += 8; } @@ -1721,10 +1810,10 @@ static void control16(controlt * c, uint16_t avp, uint16_t val, uint8_t m) static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m) { uint16_t l = (m ? 0x800A : 0x000A); - *(uint16_t *) (c->buf + c->length + 0) = htons(l); - *(uint16_t *) (c->buf + c->length + 2) = htons(0); - *(uint16_t *) (c->buf + c->length + 4) = htons(avp); - *(uint32_t *) (c->buf + c->length + 6) = htonl(val); + c->buf16[c->length/2 + 0] = htons(l); + c->buf16[c->length/2 + 1] = htons(0); + c->buf16[c->length/2 + 2] = htons(avp); + *(uint32_t *) &c->buf[c->length + 6] = htonl(val); c->length += 10; } @@ -1732,10 +1821,10 @@ static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m) static void controls(controlt * c, uint16_t avp, char *val, uint8_t m) { uint16_t l = ((m ? 0x8000 : 0) + strlen(val) + 6); - *(uint16_t *) (c->buf + c->length + 0) = htons(l); - *(uint16_t *) (c->buf + c->length + 2) = htons(0); - *(uint16_t *) (c->buf + c->length + 4) = htons(avp); - memcpy(c->buf + c->length + 6, val, strlen(val)); + c->buf16[c->length/2 + 0] = htons(l); + c->buf16[c->length/2 + 1] = htons(0); + c->buf16[c->length/2 + 2] = htons(avp); + memcpy(&c->buf[c->length + 6], val, strlen(val)); c->length += 6 + strlen(val); } @@ -1743,10 +1832,10 @@ static void controls(controlt * c, uint16_t avp, char *val, uint8_t m) static void controlb(controlt * c, uint16_t avp, uint8_t *val, unsigned int len, uint8_t m) { uint16_t l = ((m ? 0x8000 : 0) + len + 6); - *(uint16_t *) (c->buf + c->length + 0) = htons(l); - *(uint16_t *) (c->buf + c->length + 2) = htons(0); - *(uint16_t *) (c->buf + c->length + 4) = htons(avp); - memcpy(c->buf + c->length + 6, val, len); + c->buf16[c->length/2 + 0] = htons(l); + c->buf16[c->length/2 + 1] = htons(0); + c->buf16[c->length/2 + 2] = htons(avp); + memcpy(&c->buf[c->length + 6], val, len); c->length += 6 + len; } @@ -1763,7 +1852,7 @@ static controlt *controlnew(uint16_t mtype) } assert(c); c->next = 0; - *(uint16_t *) (c->buf + 0) = htons(0xC802); // flags/ver + c->buf16[0] = htons(0xC802); // flags/ver c->length = 12; control16(c, 0, mtype, 1); return c; @@ -1773,26 +1862,26 @@ static controlt *controlnew(uint16_t mtype) // (ZLB send). static void controlnull(tunnelidt t) { - uint8_t buf[12]; + uint16_t buf[6]; if (tunnel[t].controlc) // Messages queued; They will carry the ack. return; - *(uint16_t *) (buf + 0) = htons(0xC802); // flags/ver - *(uint16_t *) (buf + 2) = htons(12); // length - *(uint16_t *) (buf + 4) = htons(tunnel[t].far); // tunnel - *(uint16_t *) (buf + 6) = htons(0); // session - *(uint16_t *) (buf + 8) = htons(tunnel[t].ns); // sequence - *(uint16_t *) (buf + 10) = htons(tunnel[t].nr); // sequence - tunnelsend(buf, 12, t); + buf[0] = htons(0xC802); // flags/ver + buf[1] = htons(12); // length + buf[2] = htons(tunnel[t].far); // tunnel + buf[3] = htons(0); // session + buf[4] = htons(tunnel[t].ns); // sequence + buf[5] = htons(tunnel[t].nr); // sequence + tunnelsend((uint8_t *)buf, 12, t); } // add a control message to a tunnel, and send if within window static void controladd(controlt *c, sessionidt far, tunnelidt t) { - *(uint16_t *) (c->buf + 2) = htons(c->length); // length - *(uint16_t *) (c->buf + 4) = htons(tunnel[t].far); // tunnel - *(uint16_t *) (c->buf + 6) = htons(far); // session - *(uint16_t *) (c->buf + 8) = htons(tunnel[t].ns); // sequence + c->buf16[1] = htons(c->length); // length + c->buf16[2] = htons(tunnel[t].far); // tunnel + c->buf16[3] = htons(far); // session + c->buf16[4] = htons(tunnel[t].ns); // sequence tunnel[t].ns++; // advance sequence // link in message in to queue if (tunnel[t].controlc) @@ -1968,36 +2057,67 @@ void sessionshutdown(sessionidt s, char const *reason, int cdn_result, int cdn_e if (session[s].ppp.ipv6cp == Opened && session[s].ipv6prefixlen && del_routes) route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 0); - if (b) + if (b) { - // This session was part of a bundle - bundle[b].num_of_links--; - LOG(3, s, 0, "MPPP: Dropping member link: %d from bundle %d\n",s,b); - if(bundle[b].num_of_links == 0) + // This session was part of a bundle + bundle[b].num_of_links--; + LOG(3, s, session[s].tunnel, "MPPP: Dropping member link: %d from bundle %d\n",s,b); + if(bundle[b].num_of_links == 0) { - bundleclear(b); - LOG(3, s, 0, "MPPP: Kill bundle: %d (No remaing member links)\n",b); - } - else + bundleclear(b); + LOG(3, s, session[s].tunnel, "MPPP: Kill bundle: %d (No remaing member links)\n",b); + } + else { - // Adjust the members array to accomodate the new change - uint8_t mem_num = 0; - // It should be here num_of_links instead of num_of_links-1 (previous instruction "num_of_links--") - if(bundle[b].members[bundle[b].num_of_links] != s) + // Adjust the members array to accomodate the new change + uint8_t mem_num = 0; + // It should be here num_of_links instead of num_of_links-1 (previous instruction "num_of_links--") + if(bundle[b].members[bundle[b].num_of_links] != s) { - uint8_t ml; - for(ml = 0; ml sizeof(buf)) m = sizeof(buf) - 4; - memcpy(buf+4, msg, m); + memcpy(buf+2, msg, m); l += m; } - controlb(c, 1, buf, l, 1); + controlb(c, 1, (uint8_t *)buf, l, 1); } else control16(c, 1, result, 1); @@ -2536,7 +2668,7 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) case 0: // message type message = ntohs(*(uint16_t *) b); mandatory = flags & 0x80; - LOG(4, s, t, " Message type = %u (%s)\n", *b, l2tp_code(message)); + LOG(4, s, t, " Message type = %u (%s)\n", message, l2tp_code(message)); break; case 1: // result code { @@ -2631,6 +2763,15 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) } break; case 13: // Response +#ifdef LAC + if (tunnel[t].isremotelns) + { + chapresponse = calloc(17, 1); + memcpy(chapresponse, b, (n < 17) ? n : 16); + LOG(3, s, t, "received challenge response from REMOTE LNS\n"); + } + else +#endif /* LAC */ // Why did they send a response? We never challenge. LOG(2, s, t, " received unexpected challenge response\n"); break; @@ -2856,8 +2997,10 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) { case 1: // SCCRQ - Start Control Connection Request tunnel[t].state = TUNNELOPENING; + LOG(3, s, t, "Received SCCRQ\n"); if (main_quit != QUIT_SHUTDOWN) { + LOG(3, s, t, "sending SCCRP\n"); controlt *c = controlnew(2); // sending SCCRP control16(c, 2, version, 1); // protocol version control32(c, 3, 3, 1); // framing @@ -2874,13 +3017,47 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) case 2: // SCCRP tunnel[t].state = TUNNELOPEN; tunnel[t].lastrec = time_now; +#ifdef LAC + LOG(3, s, t, "Received SCCRP\n"); + if (main_quit != QUIT_SHUTDOWN) + { + if (tunnel[t].isremotelns && chapresponse) + { + hasht hash; + + lac_calc_rlns_auth(t, 2, hash); // id = 2 (SCCRP) + // check authenticator + if (memcmp(hash, chapresponse, 16) == 0) + { + LOG(3, s, t, "sending SCCCN to REMOTE LNS\n"); + controlt *c = controlnew(3); // sending SCCCN + controls(c, 7, hostname, 1); // host name + controls(c, 8, Vendor_name, 1); // Vendor name + control16(c, 2, version, 1); // protocol version + control32(c, 3, 3, 1); // framing Capabilities + control16(c, 9, t, 1); // assigned tunnel + controladd(c, 0, t); // send + } + else + { + tunnelshutdown(t, "Bad chap response from REMOTE LNS", 4, 0, 0); + } + } + } + else + { + tunnelshutdown(t, "Shutting down", 6, 0, 0); + } +#endif /* LAC */ break; case 3: // SCCN + LOG(3, s, t, "Received SCCN\n"); tunnel[t].state = TUNNELOPEN; tunnel[t].lastrec = time_now; controlnull(t); // ack break; case 4: // StopCCN + LOG(3, s, t, "Received StopCCN\n"); controlnull(t); // ack tunnelshutdown(t, "Stopped", 0, 0, 0); // Shut down cleanly break; @@ -2889,18 +3066,24 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) break; case 7: // OCRQ // TBA + LOG(3, s, t, "Received OCRQ\n"); break; case 8: // OCRO // TBA + LOG(3, s, t, "Received OCRO\n"); break; case 9: // OCCN // TBA + LOG(3, s, t, "Received OCCN\n"); break; case 10: // ICRQ + LOG(3, s, t, "Received ICRQ\n"); if (sessionfree && main_quit != QUIT_SHUTDOWN) { controlt *c = controlnew(11); // ICRP + LOG(3, s, t, "Sending ICRP\n"); + s = sessionfree; sessionfree = session[s].next; memset(&session[s], 0, sizeof(session[s])); @@ -2928,6 +3111,7 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) { controlt *c = controlnew(14); // CDN + LOG(3, s, t, "Sending CDN\n"); if (!sessionfree) { STAT(session_overflow); @@ -2941,9 +3125,26 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) } return; case 11: // ICRP - // TBA +#ifdef LAC + LOG(3, s, t, "Received ICRP\n"); + if (session[s].forwardtosession) + { + controlt *c = controlnew(12); // ICCN + + session[s].opened = time_now; + session[s].tunnel = t; + session[s].far = asession; + session[s].last_packet = session[s].last_data = time_now; + + control32(c, 19, 1, 1); // Framing Type + control32(c, 24, 10000000, 1); // Tx Connect Speed + controladd(c, asession, t); // send the message + LOG(3, s, t, "Sending ICCN\n"); + } +#endif /* LAC */ break; case 12: // ICCN + LOG(3, s, t, "Received ICCN\n"); if (amagic == 0) amagic = time_now; session[s].magic = amagic; // set magic number session[s].flags = aflags; // set flags received @@ -2963,6 +3164,7 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) break; case 14: // CDN + LOG(3, s, t, "Received CDN\n"); controlnull(t); // ack sessionshutdown(s, disc_reason, CDN_NONE, disc_cause); break; @@ -3013,6 +3215,16 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) l -= 2; } +#ifdef LAC + if (session[s].forwardtosession) + { + LOG(5, s, t, "Forwarding data session to session %u\n", session[s].forwardtosession); + // Forward to LAC or Remote LNS session + lac_session_forward(buf, len, s, proto); + return; + } +#endif /* LAC */ + if (s && !session[s].opened) // Is something wrong?? { if (!config->cluster_iam_master) @@ -3022,7 +3234,6 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) return; } - LOG(1, s, t, "UDP packet contains session which is not opened. Dropping packet.\n"); STAT(tunnel_rx_errors); return; @@ -3090,8 +3301,9 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) } session[s].last_packet = session[s].last_data = time_now; - if (session[s].walled_garden && !config->cluster_iam_master) + if (!config->cluster_iam_master) { + // The fragments reconstruction is managed by the Master. master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; } @@ -3130,6 +3342,7 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) } // read and process packet on tun +// (i.e. this routine writes to buf[-8]). static void processtun(uint8_t * buf, int len) { LOG_HEX(5, "Receive TUN Data", buf, len); @@ -3403,8 +3616,8 @@ static void regular_cleanups(double period) } } - // Drop sessions who have not responded within IDLE_TIMEOUT seconds - if (session[s].last_packet && (time_now - session[s].last_packet >= IDLE_TIMEOUT)) + // Drop sessions who have not responded within IDLE_ECHO_TIMEOUT seconds + if (session[s].last_packet && (time_now - session[s].last_packet >= config->idle_echo_timeout)) { sessionshutdown(s, "No response to LCP ECHO requests.", CDN_ADMIN_DISC, TERM_LOST_SERVICE); STAT(session_timeout); @@ -3413,7 +3626,7 @@ static void regular_cleanups(double period) } // No data in ECHO_TIMEOUT seconds, send LCP ECHO - if (session[s].ppp.phase >= Establish && (time_now - session[s].last_packet >= ECHO_TIMEOUT) && + if (session[s].ppp.phase >= Establish && (time_now - session[s].last_packet >= config->echo_timeout) && (time_now - sess_local[s].last_echo >= ECHO_TIMEOUT)) { uint8_t b[MAXETHER]; @@ -3679,8 +3892,13 @@ static int still_busy(void) # include "fake_epoll.h" #endif +#ifdef LAC +// the base set of fds polled: cli, cluster, tun, udp, control, dae, netlink, udplac +#define BASE_FDS 8 +#else // the base set of fds polled: cli, cluster, tun, udp, control, dae, netlink #define BASE_FDS 7 +#endif // additional polled fds #ifdef BGP @@ -3694,6 +3912,8 @@ static void mainloop(void) { int i; uint8_t buf[65536]; + uint8_t *p = buf + 8; // for the hearder of the forwarded MPPP packet (see C_MPPP_FORWARD) + int size_bufp = sizeof(buf) - 8; clockt next_cluster_ping = 0; // send initial ping immediately struct epoll_event events[BASE_FDS + RADIUS_FDS + EXTRA_FDS]; int maxevent = sizeof(events)/sizeof(*events); @@ -3704,8 +3924,13 @@ static void mainloop(void) exit(1); } +#ifdef LAC + LOG(4, 0, 0, "Beginning of main loop. clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d, nlfd=%d , udplacfd=%d\n", + clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd, nlfd, udplacfd); +#else LOG(4, 0, 0, "Beginning of main loop. clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d, nlfd=%d\n", clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd, nlfd); +#endif /* setup our fds to poll for input */ { @@ -3745,6 +3970,12 @@ static void mainloop(void) d[i].type = FD_TYPE_NETLINK; e.data.ptr = &d[i++]; epoll_ctl(epollfd, EPOLL_CTL_ADD, nlfd, &e); + +#ifdef LAC + d[i].type = FD_TYPE_UDPLAC; + e.data.ptr = &d[i++]; + epoll_ctl(epollfd, EPOLL_CTL_ADD, udplacfd, &e); +#endif } #ifdef BGP @@ -3807,6 +4038,10 @@ static void mainloop(void) socklen_t alen; int c, s; int udp_ready = 0; +#ifdef LAC + int udplac_ready = 0; + int udplac_pkts = 0; +#endif int tun_ready = 0; int cluster_ready = 0; int udp_pkts = 0; @@ -3844,7 +4079,9 @@ static void mainloop(void) case FD_TYPE_CLUSTER: cluster_ready++; break; case FD_TYPE_TUN: tun_ready++; break; case FD_TYPE_UDP: udp_ready++; break; - +#ifdef LAC + case FD_TYPE_UDPLAC: udplac_ready++; break; +#endif case FD_TYPE_CONTROL: // nsctl commands alen = sizeof(addr); s = recvfromto(controlfd, buf, sizeof(buf), MSG_WAITALL, (struct sockaddr *) &addr, &alen, &local); @@ -3934,13 +4171,31 @@ static void mainloop(void) n--; } } +#ifdef LAC + // L2TP REMOTE LNS + if (udplac_ready) + { + alen = sizeof(addr); + if ((s = recvfrom(udplacfd, buf, sizeof(buf), 0, (void *) &addr, &alen)) > 0) + { + if (!config->disable_lac_func) + processudp(buf, s, &addr); + udplac_pkts++; + } + else + { + udplac_ready = 0; + n--; + } + } +#endif // incoming IP if (tun_ready) { - if ((s = read(tunfd, buf, sizeof(buf))) > 0) + if ((s = read(tunfd, p, size_bufp)) > 0) { - processtun(buf, s); + processtun(p, s); tun_pkts++; } else @@ -3972,9 +4227,13 @@ static void mainloop(void) if (c >= config->multi_read_count) { +#ifdef LAC + LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun and %d cluster %d rmlns packets\n", + config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts, udplac_pkts); +#else LOG(3, 0, 0, "Reached multi_read_count (%d); processed %d udp, %d tun and %d cluster packets\n", config->multi_read_count, udp_pkts, tun_pkts, cluster_pkts); - +#endif STAT(multi_read_exceeded); more++; } @@ -4189,6 +4448,9 @@ static void initdata(int optdebug, char *optconfig) config->ppp_max_failure = 5; config->kill_timedout_sessions = 1; strcpy(config->random_device, RANDOMDEVICE); + // Set default value echo_timeout and idle_echo_timeout + config->echo_timeout = ECHO_TIMEOUT; + config->idle_echo_timeout = IDLE_ECHO_TIMEOUT; log_stream = stderr; @@ -4305,6 +4567,10 @@ static void initdata(int optdebug, char *optconfig) exit(1); } #endif /* BGP */ + +#ifdef LAC + lac_initremotelnsdata(); +#endif } static int assign_ip_address(sessionidt s) @@ -4591,7 +4857,11 @@ void snoop_send_packet(uint8_t *packet, uint16_t size, in_addr_t destination, ui static int dump_session(FILE **f, sessiont *s) { +#ifdef LAC + if (!s->opened || (!s->ip && !s->forwardtosession) || !(s->cin_delta || s->cout_delta) || !*s->user || s->walled_garden) +#else if (!s->opened || !s->ip || !(s->cin_delta || s->cout_delta) || !*s->user || s->walled_garden) +#endif return 1; if (!*f) @@ -4713,7 +4983,7 @@ int main(int argc, char *argv[]) /* set hostname /after/ having read the config file */ if (*config->hostname) strcpy(hostname, config->hostname); - cli_init_hostname(hostname); + cli_init_complete(hostname); update_config(); init_tbf(config->num_tbfs); @@ -4998,6 +5268,11 @@ static void update_config() if (!config->radius_dae_port) config->radius_dae_port = DAEPORT; +#ifdef LAC + if(!config->bind_portremotelns) + config->bind_portremotelns = L2TPLACPORT; +#endif + // re-initialise the random number source initrandom(config->random_device); @@ -5132,18 +5407,18 @@ int sessionsetup(sessionidt s, tunnelidt t) LOG(3, s, t, "Doing session setup for session\n"); // Join a bundle if the MRRU option is accepted - if(session[s].mrru > 0 && session[s].bundle == 0) - { - LOG(3, s, t, "This session can be part of multilink bundle\n"); - if (join_bundle(s) > 0) - cluster_send_bundle(session[s].bundle); + if(session[s].mrru > 0 && session[s].bundle == 0) + { + LOG(3, s, t, "This session can be part of multilink bundle\n"); + if (join_bundle(s) > 0) + cluster_send_bundle(session[s].bundle); else { LOG(0, s, t, "MPPP: Mismaching mssf option with other sessions in bundle\n"); sessionshutdown(s, "Mismaching mssf option.", CDN_NONE, TERM_SERVICE_UNAVAILABLE); return 0; } - } + } if (!session[s].ip) { @@ -5158,7 +5433,6 @@ int sessionsetup(sessionidt s, tunnelidt t) fmtaddr(htonl(session[s].ip), 0)); } - // Make sure this is right session[s].tunnel = t; @@ -5171,13 +5445,14 @@ int sessionsetup(sessionidt s, tunnelidt t) for (i = 1; i <= config->cluster_highest_sessionid; i++) { if (i == s) continue; - if (!session[s].opened) continue; + if (!session[s].opened) break; // Allow duplicate sessions for multilink ones of the same bundle. - if (session[s].bundle && session[i].bundle && session[s].bundle == session[i].bundle) - continue; + if (session[s].bundle && session[i].bundle && session[s].bundle == session[i].bundle) continue; + if (ip == session[i].ip) { sessionkill(i, "Duplicate IP address"); + cluster_listinvert_session(s, i); continue; } @@ -5185,16 +5460,16 @@ int sessionsetup(sessionidt s, tunnelidt t) if (session[s].walled_garden || session[i].walled_garden) continue; // Guest change int found = 0; - int gu; - for (gu = 0; gu < guest_accounts_num; gu++) - { - if (!strcasecmp(user, guest_users[gu])) - { - found = 1; - break; - } - } - if (found) continue; + int gu; + for (gu = 0; gu < guest_accounts_num; gu++) + { + if (!strcasecmp(user, guest_users[gu])) + { + found = 1; + break; + } + } + if (found) continue; // Drop the new session in case of duplicate sessionss, not the old one. if (!strcasecmp(user, session[i].user)) @@ -5205,7 +5480,7 @@ int sessionsetup(sessionidt s, tunnelidt t) // no need to set a route for the same IP address of the bundle if (!session[s].bundle || (bundle[session[s].bundle].num_of_links == 1)) { - int routed = 0; + int routed = 0; // Add the route for this session. for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++) @@ -6051,3 +6326,52 @@ int ip_filter(uint8_t *buf, int len, uint8_t filter) // default deny return 0; } + +#ifdef LAC + +tunnelidt lac_new_tunnel() +{ + return new_tunnel(); +} + +void lac_tunnelclear(tunnelidt t) +{ + tunnelclear(t); +} + +void lac_send_SCCRQ(tunnelidt t, uint8_t * auth, unsigned int auth_len) +{ + uint16_t version = 0x0100; // protocol version + + tunnel[t].state = TUNNELOPENING; + + // Sent SCCRQ - Start Control Connection Request + controlt *c = controlnew(1); // sending SCCRQ + controls(c, 7, hostname, 1); // host name + controls(c, 8, Vendor_name, 1); // Vendor name + control16(c, 2, version, 1); // protocol version + control32(c, 3, 3, 1); // framing Capabilities + control16(c, 9, t, 1); // assigned tunnel + controlb(c, 11, (uint8_t *) auth, auth_len, 1); // CHAP Challenge + LOG(3, 0, t, "Sent SCCRQ to REMOTE LNS\n"); + controladd(c, 0, t); // send +} + +void lac_send_ICRQ(tunnelidt t, sessionidt s) +{ + // Sent ICRQ Incoming-call-request + controlt *c = controlnew(10); // ICRQ + + control16(c, 14, s, 1); // assigned sesion + call_serial_number++; + control32(c, 15, call_serial_number, 1); // call serial number + LOG(3, s, t, "Sent ICRQ to REMOTE LNS (far ID %u)\n", tunnel[t].far); + controladd(c, 0, t); // send +} + +void lac_tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg) +{ + tunnelshutdown(t, reason, result, error, msg); +} + +#endif