X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/bb63cb999417e2fea8e70e498b8f8eb97a0edd80..22a3646ac214163b6db81775075a387898c99c2c:/l2tpns.c diff --git a/l2tpns.c b/l2tpns.c index e6d2ba4..127d515 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.76 2005/01/10 07:17:37 bodea Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.78 2005/01/13 07:57:36 bodea Exp $"; #include #include @@ -151,7 +151,7 @@ static sessionidt shut_acct_n = 0; tunnelt *tunnel = NULL; // Array of tunnel structures. sessiont *session = NULL; // Array of session structures. -sessioncountt *sess_count = NULL; // Array of partial per-session traffic counters. +sessionlocalt *sess_local = NULL; // Array of local per-session counters. radiust *radius = NULL; // Array of radius structures. ippoolt *ip_address_pool = NULL; // Array of dynamic IP addresses. ip_filtert *ip_filters = NULL; // Array of named filters. @@ -832,7 +832,7 @@ static void processipout(uint8_t * buf, int len) // DoS prevention: enforce a maximum number of packets per 0.1s for a session if (config->max_packets > 0) { - if (sess_count[s].last_packet_out == TIME) + if (sess_local[s].last_packet_out == TIME) { int max = config->max_packets; @@ -845,24 +845,26 @@ static void processipout(uint8_t * buf, int len) if (!config->cluster_iam_master && sp->throttle_out && sp->throttle_out < max) max = sp->throttle_out; - if (++sess_count[s].packets_out > max) + if (++sess_local[s].packets_out > max) { - sess_count[s].packets_dropped++; + sess_local[s].packets_dropped++; return; } } else { - if (sess_count[s].packets_dropped) + if (sess_local[s].packets_dropped) { - INC_STAT(tun_rx_dropped, sess_count[s].packets_dropped); - LOG(2, s, t, "Possible DoS attack on %s (%s); dropped %u packets.", - fmtaddr(ip, 0), sp->user, sess_count[s].packets_dropped); + INC_STAT(tun_rx_dropped, sess_local[s].packets_dropped); + LOG(3, s, t, "Dropped %u/%u packets to %s for %suser %s\n", + sess_local[s].packets_out, sess_local[s].packets_dropped, + fmtaddr(ip, 0), sp->throttle_out ? "throttled " : "", + sp->user); } - sess_count[s].last_packet_out = TIME; - sess_count[s].packets_out = 1; - sess_count[s].packets_dropped = 0; + sess_local[s].last_packet_out = TIME; + sess_local[s].packets_out = 1; + sess_local[s].packets_dropped = 0; } } @@ -903,7 +905,7 @@ static void processipout(uint8_t * buf, int len) sp->total_cout += len; // byte count sp->pout++; udp_tx += len; - sess_count[s].cout += len; // To send to master.. + sess_local[s].cout += len; // To send to master.. } // @@ -953,7 +955,7 @@ static void send_ipout(sessionidt s, uint8_t *buf, int len) sp->total_cout += len; // byte count sp->pout++; udp_tx += len; - sess_count[s].cout += len; // To send to master.. + sess_local[s].cout += len; // To send to master.. } // add an AVP (16 bit) @@ -2729,9 +2731,9 @@ static void initdata(int optdebug, char *optconfig) exit(1); } - if (!(sess_count = shared_malloc(sizeof(sessioncountt) * MAXSESSION))) + if (!(sess_local = shared_malloc(sizeof(sessionlocalt) * MAXSESSION))) { - LOG(0, 0, 0, "Error doing malloc for sessions_count: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error doing malloc for sess_local: %s\n", strerror(errno)); exit(1); }