X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/6c4ac1aa6a6659816080995e649cc640a9290066..97ad99cc23c5f0007de461afb200fd83c3d20481:/l2tpns.h diff --git a/l2tpns.h b/l2tpns.h index 2654cdc..684df59 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -1,5 +1,5 @@ // L2TPNS Global Stuff -// $Id: l2tpns.h,v 1.49 2004/12/17 00:28:00 bodea Exp $ +// $Id: l2tpns.h,v 1.54 2005/01/25 04:19:05 bodea Exp $ #ifndef __L2TPNS_H__ #define __L2TPNS_H__ @@ -15,7 +15,7 @@ #include #include -#define VERSION "2.0.13" +#define VERSION "2.1.0" // Limits #define MAXTUNNEL 500 // could be up to 65535 @@ -72,6 +72,7 @@ #endif #define TUNDEVICE "/dev/net/tun" +#define RANDOMDEVICE "/dev/urandom" // default, not as secure as /dev/random but non-blocking #define STATEFILE DATADIR "/state.dump" // State dump file #define CONFIGFILE FLASHDIR "/startup-config" // Configuration file #define CLIUSERS FLASHDIR "/users" // CLI Users file @@ -81,18 +82,20 @@ #define L2TPPORT 1701 // L2TP port #define RADPORT 1645 // old radius port... #define PKTARP 0x0806 // ARP packet type -#define PKTIP 0x0800 // IP packet type -#define PSEUDOMAC 0x0200 // pseudo MAC prefix (local significant MAC) +#define PKTIP 0x0800 // IPv4 packet type +#define PKTIPV6 0x86DD // IPv6 packet type #define PPPPAP 0xC023 #define PPPCHAP 0xC223 #define PPPLCP 0xC021 #define PPPIPCP 0x8021 +#define PPPIPV6CP 0x8057 #define PPPCCP 0x80FD #define PPPIP 0x0021 +#define PPPIPV6 0x0057 #define PPPMP 0x003D #define MIN_IP_SIZE 0x19 -enum -{ + +enum { ConfigReq = 1, ConfigAck, ConfigNak, @@ -107,6 +110,15 @@ enum IdentRequest }; +enum { + AccessRequest = 1, + AccessAccept, + AccessReject, + AccountingRequest, + AccountingResponse, + AccessChallenge = 11 +}; + // Types typedef uint16_t sessionidt; typedef uint16_t tunnelidt; @@ -201,19 +213,33 @@ typedef struct uint16_t sid; // near end session id. uint8_t filter_in; // input filter index (to ip_filters[N-1]; 0 if none) uint8_t filter_out; // output filter index - char reserved[18]; // Space to expand structure without changing HB_VERSION + struct in6_addr ipv6route; // Static IPv6 route + uint8_t ipv6prefixlen; // IPv6 route prefix length + char reserved[1]; // Space to expand structure without changing HB_VERSION } sessiont; #define SF_IPCP_ACKED 1 // Has this session seen an IPCP Ack? #define SF_LCP_ACKED 2 // LCP negotiated #define SF_CCP_ACKED 4 // CCP negotiated +#define SF_IPV6CP_ACKED 8 // IPv6 negotiated +#define SF_IPV6_NACKED 16 // IPv6 rejected +#define SF_IPV6_ROUTED 32 // advertised v6 route + +#define AUTHPAP 1 // allow PAP +#define AUTHCHAP 2 // allow CHAP typedef struct { + // byte counters uint32_t cin; uint32_t cout; -} sessioncountt; + + // DoS prevention + clockt last_packet_out; + uint32_t packets_out; + uint32_t packets_dropped; +} sessionlocalt; #define SESSIONPFC 1 // PFC negotiated flags #define SESSIONACFC 2 // ACFC negotiated flags @@ -316,6 +342,7 @@ struct Tstats uint32_t tun_tx_bytes; uint32_t tun_rx_errors; uint32_t tun_tx_errors; + uint32_t tun_rx_dropped; uint32_t tunnel_rx_packets; uint32_t tunnel_tx_packets; @@ -353,11 +380,14 @@ struct Tstats #ifdef STATISTICS uint32_t call_processtun; uint32_t call_processipout; + uint32_t call_processipv6out; uint32_t call_processudp; uint32_t call_sessionbyip; + uint32_t call_sessionbyipv6; uint32_t call_sessionbyuser; uint32_t call_sendarp; uint32_t call_sendipcp; + uint32_t call_processipv6cp; uint32_t call_tunnelsend; uint32_t call_sessionkill; uint32_t call_sessionshutdown; @@ -372,18 +402,20 @@ struct Tstats uint32_t call_processlcp; uint32_t call_processipcp; uint32_t call_processipin; + uint32_t call_processipv6in; uint32_t call_processccp; uint32_t call_sendchap; uint32_t call_processrad; uint32_t call_radiussend; uint32_t call_radiusretry; + uint32_t call_random_data; #endif }; #ifdef STATISTICS #ifdef STAT_CALLS -#define CSTAT(x) STAT(x) +#define CSTAT(x) STAT(call_ ## x) #else #define CSTAT(x) #endif @@ -420,6 +452,8 @@ typedef struct char log_filename[128]; char l2tpsecret[64]; + char random_device[256]; // random device path, defaults to RANDOMDEVICE + char radiussecret[64]; int radius_accounting; in_addr_t radiusserver[MAXRADSERVER]; // radius servers @@ -427,6 +461,10 @@ typedef struct uint8_t numradiusservers; // radius server count short num_radfds; // Number of radius filehandles allocated + char radius_authtypes_s[32]; // list of valid authentication types (chap, pap) in order of preference + int radius_authtypes; + int radius_authprefer; + in_addr_t default_dns1, default_dns2; unsigned long rl_rate; // default throttle rate @@ -446,7 +484,8 @@ typedef struct int next_tbf; // Next HTB id available to use int scheduler_fifo; // If the system has multiple CPUs, use FIFO scheduling policy for this process. int lock_pages; // Lock pages into memory. - int icmp_rate; // Max number of ICMP unreachable per second to send> + int icmp_rate; // Max number of ICMP unreachable per second to send + int max_packets; // DoS prevention: per session limit of packets/0.1s in_addr_t cluster_address; // Multicast address of cluster. // Send to this address to have everyone hear. @@ -468,6 +507,8 @@ typedef struct int cluster_hb_timeout; // How many missed heartbeats trigger an election. uint64_t cluster_table_version; // # state changes processed by cluster + struct in6_addr ipv6_prefix; // Our IPv6 network pool. + #ifdef BGP #define BGP_NUM_PEERS 2 uint16_t as_number; @@ -480,7 +521,7 @@ typedef struct #endif } configt; -enum config_typet { INT, STRING, UNSIGNED_LONG, SHORT, BOOL, IP, MAC }; +enum config_typet { INT, STRING, UNSIGNED_LONG, SHORT, BOOL, IPv4, IPv6, MAC }; typedef struct { char *key; @@ -550,7 +591,9 @@ void processpap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l); void processchap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l); void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l); void processipcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l); +void processipv6cp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l); void processipin(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l); +void processipv6in(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l); void processccp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l); void sendchap(tunnelidt t, sessionidt s); uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, tunnelidt t, sessionidt s, uint16_t mtype); @@ -569,8 +612,12 @@ void radiusclear(uint16_t r, sessionidt s); // l2tpns.c clockt backoff(uint8_t try); +void send_ipv6_ra(tunnelidt t, sessionidt s, struct in6_addr *ip); +void route6set(sessionidt s, struct in6_addr ip, int prefixlen, int add); sessionidt sessionbyip(in_addr_t ip); +sessionidt sessionbyipv6(struct in6_addr ip); sessionidt sessionbyuser(char *username); +void random_data(uint8_t *buf, int len); void sessionshutdown(sessionidt s, char *reason); void send_garp(in_addr_t ip); void tunnelsend(uint8_t *buf, uint16_t l, tunnelidt t); @@ -611,7 +658,7 @@ void host_unreachable(in_addr_t destination, uint16_t id, in_addr_t source, char extern tunnelt *tunnel; extern sessiont *session; -extern sessioncountt *sess_count; +extern sessionlocalt *sess_local; extern ippoolt *ip_address_pool; #define sessionfree (session[0].next)