X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/6b1075b65c4239e97629f3a891f49f5ae9ef3d4b..aa77d4f89aa291e851c9be8a64ecfdb1434e83c9:/l2tpns.h?ds=sidebyside diff --git a/l2tpns.h b/l2tpns.h index db96836..9dfd22a 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -1,5 +1,5 @@ // L2TPNS Global Stuff -// $Id: l2tpns.h,v 1.47 2004/12/16 08:49:53 bodea Exp $ +// $Id: l2tpns.h,v 1.49.2.16 2005/07/03 02:40:22 bodea Exp $ #ifndef __L2TPNS_H__ #define __L2TPNS_H__ @@ -15,16 +15,16 @@ #include #include -#define VERSION "2.0.13" +#define VERSION "2.0.23" // Limits #define MAXTUNNEL 500 // could be up to 65535 -#define MAXSESSION 50000 // could be up to 65535 +#define MAXSESSION 60000 // could be up to 65535 #define MAXTBFS 6000 // Maximum token bucket filters. Might need up to 2 * session. -#define RADIUS_SHIFT 5 -#define RADIUS_MASK ((unsigned short)(((unsigned short)~0) >> (16 - RADIUS_SHIFT))) -#define MAXRADIUS ((unsigned long)(1L << RADIUS_SHIFT) * 255) +#define RADIUS_SHIFT 6 +#define RADIUS_MASK ((1 << RADIUS_SHIFT) - 1) +#define MAXRADIUS (1 << (8 + RADIUS_SHIFT)) #define T_UNDEF (0xffff) // A tunnel ID that won't ever be used. Mark session as undefined. #define T_FREE (0) // A tunnel ID that won't ever be used. Mark session as free. @@ -211,9 +211,15 @@ sessiont; typedef struct { + // byte counters uint32_t cin; uint32_t cout; -} sessioncountt; + + // DoS prevention + clockt last_packet_out; + uint32_t packets_out; + uint32_t packets_dropped; +} sessionlocalt; #define SESSIONPFC 1 // PFC negotiated flags #define SESSIONACFC 2 // ACFC negotiated flags @@ -307,71 +313,77 @@ enum struct Tstats { - time_t start_time; - time_t last_reset; - - unsigned long tun_rx_packets; - unsigned long tun_tx_packets; - unsigned long tun_rx_bytes; - unsigned long tun_tx_bytes; - unsigned long tun_rx_errors; - unsigned long tun_tx_errors; - - unsigned long tunnel_rx_packets; - unsigned long tunnel_tx_packets; - unsigned long tunnel_rx_bytes; - unsigned long tunnel_tx_bytes; - unsigned long tunnel_rx_errors; - unsigned long tunnel_tx_errors; - - unsigned long tunnel_retries; - unsigned long radius_retries; - - unsigned long arp_sent; - - unsigned long packets_snooped; - - unsigned long tunnel_created; - unsigned long session_created; - unsigned long tunnel_timeout; - unsigned long session_timeout; - unsigned long radius_timeout; - unsigned long radius_overflow; - unsigned long tunnel_overflow; - unsigned long session_overflow; - - unsigned long ip_allocated; - unsigned long ip_freed; - - unsigned long c_forwarded; - unsigned long recv_forward; + time_t start_time; + time_t last_reset; + + uint32_t tun_rx_packets; + uint32_t tun_tx_packets; + uint32_t tun_rx_bytes; + uint32_t tun_tx_bytes; + uint32_t tun_rx_errors; + uint32_t tun_tx_errors; + uint32_t tun_rx_dropped; + + uint32_t tunnel_rx_packets; + uint32_t tunnel_tx_packets; + uint32_t tunnel_rx_bytes; + uint32_t tunnel_tx_bytes; + uint32_t tunnel_rx_errors; + uint32_t tunnel_tx_errors; + + uint32_t tunnel_retries; + uint32_t radius_retries; + + uint32_t arp_sent; + + uint32_t packets_snooped; + + uint32_t tunnel_created; + uint32_t session_created; + uint32_t tunnel_timeout; + uint32_t session_timeout; + uint32_t radius_timeout; + uint32_t radius_overflow; + uint32_t tunnel_overflow; + uint32_t session_overflow; + + uint32_t ip_allocated; + uint32_t ip_freed; + + uint32_t c_forwarded; + uint32_t recv_forward; + + uint32_t select_called; + uint32_t multi_read_used; + uint32_t multi_read_exceeded; + #ifdef STATISTICS - unsigned long call_processtun; - unsigned long call_processipout; - unsigned long call_processudp; - unsigned long call_sessionbyip; - unsigned long call_sessionbyuser; - unsigned long call_sendarp; - unsigned long call_sendipcp; - unsigned long call_tunnelsend; - unsigned long call_sessionkill; - unsigned long call_sessionshutdown; - unsigned long call_tunnelkill; - unsigned long call_tunnelshutdown; - unsigned long call_assign_ip_address; - unsigned long call_free_ip_address; - unsigned long call_dump_acct_info; - unsigned long call_sessionsetup; - unsigned long call_processpap; - unsigned long call_processchap; - unsigned long call_processlcp; - unsigned long call_processipcp; - unsigned long call_processipin; - unsigned long call_processccp; - unsigned long call_sendchap; - unsigned long call_processrad; - unsigned long call_radiussend; - unsigned long call_radiusretry; + uint32_t call_processtun; + uint32_t call_processipout; + uint32_t call_processudp; + uint32_t call_sessionbyip; + uint32_t call_sessionbyuser; + uint32_t call_sendarp; + uint32_t call_sendipcp; + uint32_t call_tunnelsend; + uint32_t call_sessionkill; + uint32_t call_sessionshutdown; + uint32_t call_tunnelkill; + uint32_t call_tunnelshutdown; + uint32_t call_assign_ip_address; + uint32_t call_free_ip_address; + uint32_t call_dump_acct_info; + uint32_t call_sessionsetup; + uint32_t call_processpap; + uint32_t call_processchap; + uint32_t call_processlcp; + uint32_t call_processipcp; + uint32_t call_processipin; + uint32_t call_processccp; + uint32_t call_sendchap; + uint32_t call_processrad; + uint32_t call_radiussend; + uint32_t call_radiusretry; #endif }; @@ -439,9 +451,11 @@ typedef struct char old_plugins[64][MAXPLUGINS]; int next_tbf; // Next HTB id available to use - int scheduler_fifo; // If the system has multiple CPUs, use FIFO scheduling policy for this process. + int scheduler_fifo; // If the system has multiple CPUs, use FIFO scheduling + // policy for this process. int lock_pages; // Lock pages into memory. - int icmp_rate; // Max number of ICMP unreachable per second to send> + int icmp_rate; // Max number of ICMP unreachable per second to send + int max_packets; // DoS prevention: per session limit of packets/0.1s in_addr_t cluster_address; // Multicast address of cluster. // Send to this address to have everyone hear. @@ -463,6 +477,10 @@ typedef struct int cluster_hb_timeout; // How many missed heartbeats trigger an election. uint64_t cluster_table_version; // # state changes processed by cluster + + int cluster_master_min_adv; // Master advertises routes while the number of up to date + // slaves is less than this value. + #ifdef BGP #define BGP_NUM_PEERS 2 uint16_t as_number; @@ -566,6 +584,7 @@ void radiusclear(uint16_t r, sessionidt s); clockt backoff(uint8_t try); sessionidt sessionbyip(in_addr_t ip); sessionidt sessionbyuser(char *username); +void sessionkill(sessionidt s, char *reason); void sessionshutdown(sessionidt s, char *reason); void send_garp(in_addr_t ip); void tunnelsend(uint8_t *buf, uint16_t l, tunnelidt t); @@ -606,7 +625,7 @@ void host_unreachable(in_addr_t destination, uint16_t id, in_addr_t source, char extern tunnelt *tunnel; extern sessiont *session; -extern sessioncountt *sess_count; +extern sessionlocalt *sess_local; extern ippoolt *ip_address_pool; #define sessionfree (session[0].next) @@ -629,6 +648,7 @@ if (count++ < max) { \ extern configt *config; extern time_t basetime; // Time when this process started. extern time_t time_now; // Seconds since EPOCH. +extern char main_quit; extern uint32_t last_id; extern struct Tstats *_statistics; extern in_addr_t my_address;