setup in some instances.
- Implement named access-lists which may be applied to a session
either via Filter-Id RADIUS responses, or using the CLI.
+- Drop ip address from LOG.
* Sat Nov 20 2004 Brendan O'Dea <bod@optusnet.com.au> 2.0.8
- Ignore gateway address in Framed-Route (from Jonathan McDowell).
/* set up intercept based on RADIUS reply */
-char const *cvs_id = "$Id: autosnoop.c,v 1.8 2004-11-17 08:23:34 bodea Exp $";
+char const *cvs_id = "$Id: autosnoop.c,v 1.9 2004-11-29 02:17:17 bodea Exp $";
int plugin_api_version = PLUGIN_API_VERSION;
struct pluginfuncs *p;
if (*data->value) data->s->snoop_ip = inet_addr(data->value);
if (data->s->snoop_ip == INADDR_NONE) data->s->snoop_ip = 0;
if (*x) data->s->snoop_port = atoi(x);
- p->log(3, 0, 0, 0, " Intercepting user to %s:%d\n",
- p->inet_toa(data->s->snoop_ip), data->s->snoop_port);
+ p->log(3, p->get_id_by_session(data->s), data->s->tunnel,
+ " Intercepting user to %s:%d\n",
+ p->fmtaddr(data->s->snoop_ip, 0), data->s->snoop_port);
}
else
{
- p->log(3, 0, 0, 0, " Not Intercepting user (reply string should be intercept=ip:port)\n");
+ p->log(3, p->get_id_by_session(data->s), data->s->tunnel,
+ " Not Intercepting user (reply string should be intercept=ip:port)\n");
}
}
return PLUGIN_RET_OK;
/* set up throttling based on RADIUS reply */
-char const *cvs_id = "$Id: autothrottle.c,v 1.9 2004-11-17 08:23:34 bodea Exp $";
+char const *cvs_id = "$Id: autothrottle.c,v 1.10 2004-11-29 02:17:17 bodea Exp $";
int plugin_api_version = PLUGIN_API_VERSION;
struct pluginfuncs *p;
case 2: // output
data->s->throttle_out = rate;
free(pt);
- p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Set output throttle rate %dkb/s\n", rate);
+ p->log(3, p->get_id_by_session(data->s), data->s->tunnel,
+ " Set output throttle rate %dkb/s\n", rate);
+
return PLUGIN_RET_OK;
case 3: //input
data->s->throttle_in = rate;
free(pt);
- p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Set input throttle rate %dkb/s\n", rate);
+ p->log(3, p->get_id_by_session(data->s), data->s->tunnel,
+ " Set input throttle rate %dkb/s\n", rate);
+
return PLUGIN_RET_OK;
default:
- p->log(1, 0, p->get_id_by_session(data->s), data->s->tunnel, "Syntax error in rate limit AV pair: %s=%s\n", data->key, data->value);
+ p->log(1, p->get_id_by_session(data->s), data->s->tunnel,
+ "Syntax error in rate limit AV pair: %s=%s\n", data->key, data->value);
+
free(pt);
return PLUGIN_RET_OK;
}
else
{
free(pt);
- p->log(1, 0, p->get_id_by_session(data->s), data->s->tunnel, "Syntax error in rate limit AV pair: %s=%s\n",
+ p->log(1, p->get_id_by_session(data->s), data->s->tunnel,
+ "Syntax error in rate limit AV pair: %s=%s\n",
data->key, data->value);
+
return PLUGIN_RET_OK;
}
}
if (rate)
{
if (*rate)
- p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Throttling user to %dkb/s\n", *rate);
+ p->log(3, p->get_id_by_session(data->s), data->s->tunnel,
+ " Throttling user to %dkb/s\n", *rate);
else
- p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Not throttling user (throttle_speed=0)\n");
+ p->log(3, p->get_id_by_session(data->s), data->s->tunnel,
+ " Not throttling user (throttle_speed=0)\n");
data->s->throttle_in = data->s->throttle_out = *rate;
}
else
- p->log(1, 0, p->get_id_by_session(data->s), data->s->tunnel, "Not throttling user (can't get throttle_speed)\n");
+ p->log(1, p->get_id_by_session(data->s), data->s->tunnel,
+ "Not throttling user (can't get throttle_speed)\n");
}
else if (strcmp(data->value, "no") == 0)
{
- p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Not throttling user\n");
+ p->log(3, p->get_id_by_session(data->s), data->s->tunnel,
+ " Not throttling user\n");
+
data->s->throttle_in = data->s->throttle_out = 0;
}
}
- p->log(4, 0, p->get_id_by_session(data->s), data->s->tunnel, "autothrottle module ignoring AV pair %s=%s\n",
+ p->log(4, p->get_id_by_session(data->s), data->s->tunnel,
+ "autothrottle module ignoring AV pair %s=%s\n",
data->key, data->value);
return PLUGIN_RET_OK;
* nor RFC2385 (which requires a kernel patch on 2.4 kernels).
*/
-char const *cvs_id_bgp = "$Id: bgp.c,v 1.7 2004-11-15 06:49:56 bodea Exp $";
+char const *cvs_id_bgp = "$Id: bgp.c,v 1.8 2004-11-29 02:17:17 bodea Exp $";
#include <stdlib.h>
#include <unistd.h>
if (!((peer->outbuf = malloc(sizeof(*peer->outbuf)))
&& (peer->inbuf = malloc(sizeof(*peer->inbuf)))))
{
- LOG(0, 0, 0, 0, "Can't allocate buffers for bgp peer (%s)\n",
+ LOG(0, 0, 0, "Can't allocate buffers for bgp peer (%s)\n",
strerror(errno));
return 0;
if (!(h = gethostbyname(name)) || h->h_addrtype != AF_INET)
{
- LOG(0, 0, 0, 0, "Can't get address for BGP peer %s (%s)\n",
+ LOG(0, 0, 0, "Can't get address for BGP peer %s (%s)\n",
name, h ? "no address" : hstrerror(h_errno));
return 0;
if (!(peer->path_attrs = malloc(peer->path_attr_len)))
{
- LOG(0, 0, 0, 0, "Can't allocate path_attrs for %s (%s)\n",
+ LOG(0, 0, 0, "Can't allocate path_attrs for %s (%s)\n",
name, strerror(errno));
return 0;
memcpy(peer->path_attrs, path_attrs, peer->path_attr_len);
- LOG(4, 0, 0, 0, "Initiating BGP connection to %s (routing %s)\n",
+ LOG(4, 0, 0, "Initiating BGP connection to %s (routing %s)\n",
name, enable ? "enabled" : "suspended");
/* we have at least one peer configured */
peer->state = peer->next_state;
peer->state_time = time_now;
- LOG(4, 0, 0, 0, "BGP peer %s: state %s\n", peer->name,
+ LOG(4, 0, 0, "BGP peer %s: state %s\n", peer->name,
bgp_state_str(peer->next_state));
}
}
/* initiate a clean shutdown */
void bgp_stop(struct bgp_peer *peer)
{
- LOG(4, 0, 0, 0, "Terminating BGP connection to %s\n", peer->name);
+ LOG(4, 0, 0, "Terminating BGP connection to %s\n", peer->name);
bgp_send_notification(peer, BGP_ERR_CEASE, 0);
}
/* drop connection (if any) and set state to Disabled */
void bgp_halt(struct bgp_peer *peer)
{
- LOG(4, 0, 0, 0, "Aborting BGP connection to %s\n", peer->name);
+ LOG(4, 0, 0, "Aborting BGP connection to %s\n", peer->name);
peer->next_state = Disabled;
bgp_clear(peer);
}
/* insert into route list; sorted */
if (!(r = malloc(sizeof(*r))))
{
- LOG(0, 0, 0, 0, "Can't allocate route for %s/%d (%s)\n",
- inet_toa(add.dest.prefix), add.dest.len, strerror(errno));
+ LOG(0, 0, 0, "Can't allocate route for %s/%d (%s)\n",
+ fmtaddr(add.dest.prefix, 0), add.dest.len, strerror(errno));
return 0;
}
if (bgp_peers[i].state == Established)
bgp_peers[i].update_routes = 1;
- LOG(4, 0, 0, 0, "Registered BGP route %s/%d\n", inet_toa(add.dest.prefix),
- add.dest.len);
+ LOG(4, 0, 0, "Registered BGP route %s/%d\n",
+ fmtaddr(add.dest.prefix, 0), add.dest.len);
return 1;
}
if (bgp_peers[i].state == Established)
bgp_peers[i].update_routes = 1;
- LOG(4, 0, 0, 0, "Removed BGP route %s/%d\n", inet_toa(del.dest.prefix),
- del.dest.len);
+ LOG(4, 0, 0, "Removed BGP route %s/%d\n",
+ fmtaddr(del.dest.prefix, 0), del.dest.len);
return 1;
}
bgp_peers[i].update_routes = 1;
}
- LOG(4, 0, 0, 0, "%s BGP routing\n", enable ? "Enabled" : "Suspended");
+ LOG(4, 0, 0, "%s BGP routing\n", enable ? "Enabled" : "Suspended");
}
/* return a bitmask indicating if the socket should be added to the
{
if (time_now > peer->expire_time)
{
- LOG(1, 0, 0, 0, "No message from BGP peer %s in %ds\n",
+ LOG(1, 0, 0, "No message from BGP peer %s in %ds\n",
peer->name, peer->hold);
bgp_send_notification(peer, BGP_ERR_HOLD_TIMER_EXP, 0);
}
else if (time_now > peer->state_time + BGP_STATE_TIME)
{
- LOG(1, 0, 0, 0, "%s timer expired for BGP peer %s\n",
+ LOG(1, 0, 0, "%s timer expired for BGP peer %s\n",
bgp_state_str(peer->state), peer->name);
return bgp_restart(peer);
struct servent *serv;
if (!(serv = getservbyname("bgp", "tcp")))
{
- LOG(0, 0, 0, 0, "Can't get bgp service (%s)\n", strerror(errno));
+ LOG(0, 0, 0, "Can't get bgp service (%s)\n", strerror(errno));
return 0;
}
if ((peer->sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
{
- LOG(0, 0, 0, 0, "Can't create a socket for BGP peer %s (%s)\n",
+ LOG(0, 0, 0, "Can't create a socket for BGP peer %s (%s)\n",
peer->name, strerror(errno));
peer->state = peer->next_state = Disabled;
if (errno != EINPROGRESS)
{
- LOG(1, 0, 0, 0, "Can't connect to BGP peer %s (%s)\n",
+ LOG(1, 0, 0, "Can't connect to BGP peer %s (%s)\n",
inet_ntoa(addr.sin_addr), strerror(errno));
bgp_set_retry(peer);
peer->state = Connect;
peer->state_time = time_now;
- LOG(4, 0, 0, 0, "BGP peer %s: state Connect\n", peer->name);
+ LOG(4, 0, 0, "BGP peer %s: state Connect\n", peer->name);
return 1;
}
peer->state_time = time_now;
peer->retry_time = peer->retry_count = 0;
- LOG(4, 0, 0, 0, "BGP peer %s: state Active\n", inet_ntoa(addr.sin_addr));
+ LOG(4, 0, 0, "BGP peer %s: state Active\n", inet_ntoa(addr.sin_addr));
return bgp_send_open(peer);
}
getsockopt(peer->sock, SOL_SOCKET, SO_ERROR, &err, &len);
if (err)
{
- LOG(1, 0, 0, 0, "Can't connect to BGP peer %s (%s)\n", peer->name,
+ LOG(1, 0, 0, "Can't connect to BGP peer %s (%s)\n", peer->name,
strerror(err));
bgp_set_retry(peer);
peer->state = Active;
peer->state_time = time_now;
- LOG(4, 0, 0, 0, "BGP peer %s: state Active\n", peer->name);
+ LOG(4, 0, 0, "BGP peer %s: state Active\n", peer->name);
return bgp_send_open(peer);
}
return 1;
if (errno == EPIPE)
- LOG(1, 0, 0, 0, "Connection to BGP peer %s closed\n", peer->name);
+ LOG(1, 0, 0, "Connection to BGP peer %s closed\n", peer->name);
else
- LOG(1, 0, 0, 0, "Can't write to BGP peer %s (%s)\n", peer->name,
+ LOG(1, 0, 0, "Can't write to BGP peer %s (%s)\n", peer->name,
strerror(errno));
bgp_set_retry(peer);
return 1;
}
- LOG(4, 0, 0, 0, "Sent %s to BGP peer %s\n",
+ LOG(4, 0, 0, "Sent %s to BGP peer %s\n",
bgp_msg_type_str(peer->outbuf->packet.header.type), peer->name);
peer->outbuf->packet.header.len = 0;
peer->state = peer->next_state;
peer->state_time = time_now;
- LOG(4, 0, 0, 0, "BGP peer %s: state %s\n", peer->name,
+ LOG(4, 0, 0, "BGP peer %s: state %s\n", peer->name,
bgp_state_str(peer->state));
}
{
if (!r)
{
- LOG(1, 0, 0, 0, "Connection to BGP peer %s closed\n", peer->name);
+ LOG(1, 0, 0, "Connection to BGP peer %s closed\n", peer->name);
}
else
{
if (errno == EAGAIN)
return 1;
- LOG(1, 0, 0, 0, "Can't read from BGP peer %s (%s)\n", peer->name,
+ LOG(1, 0, 0, "Can't read from BGP peer %s (%s)\n", peer->name,
strerror(errno));
}
if (len > BGP_MAX_PACKET_SIZE)
{
- LOG(1, 0, 0, 0, "Bad header length from BGP %s\n", peer->name);
+ LOG(1, 0, 0, "Bad header length from BGP %s\n", peer->name);
bgp_send_notification(peer, BGP_ERR_HEADER, BGP_ERR_HDR_BAD_LEN);
return 0;
}
if (peer->inbuf->done < len)
return 0;
- LOG(4, 0, 0, 0, "Received %s from BGP peer %s\n",
+ LOG(4, 0, 0, "Received %s from BGP peer %s\n",
bgp_msg_type_str(p->header.type), peer->name);
switch (p->header.type)
{
if ((unsigned char) p->header.marker[i] != 0xff)
{
- LOG(1, 0, 0, 0, "Invalid marker from BGP peer %s\n",
+ LOG(1, 0, 0, "Invalid marker from BGP peer %s\n",
peer->name);
bgp_send_notification(peer, BGP_ERR_HEADER,
if (peer->state != OpenSent)
{
- LOG(1, 0, 0, 0, "OPEN from BGP peer %s in %s state\n",
+ LOG(1, 0, 0, "OPEN from BGP peer %s in %s state\n",
peer->name, bgp_state_str(peer->state));
bgp_send_notification(peer, BGP_ERR_FSM, 0);
if (data.version != BGP_VERSION)
{
- LOG(1, 0, 0, 0, "Bad version (%d) sent by BGP peer %s\n",
+ LOG(1, 0, 0, "Bad version (%d) sent by BGP peer %s\n",
(int) data.version, peer->name);
bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_OPN_VERSION);
if (ntohs(data.as) != peer->as)
{
- LOG(1, 0, 0, 0, "Bad AS sent by BGP peer %s (got %d, "
+ LOG(1, 0, 0, "Bad AS sent by BGP peer %s (got %d, "
"expected %d)\n", peer->name, (int) htons(data.as),
(int) peer->as);
if ((hold = ntohs(data.hold_time)) < 3)
{
- LOG(1, 0, 0, 0, "Bad hold time (%d) from BGP peer %s\n",
+ LOG(1, 0, 0, "Bad hold time (%d) from BGP peer %s\n",
hold, peer->name);
bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_OPN_HOLD_TIME);
peer->retry_count = 0;
peer->retry_time = 0;
- LOG(4, 0, 0, 0, "BGP peer %s: state Established\n", peer->name);
+ LOG(4, 0, 0, "BGP peer %s: state Established\n", peer->name);
}
break;
if (notification->error_code == BGP_ERR_CEASE)
{
- LOG(4, 0, 0, 0, "BGP peer %s sent CEASE\n", peer->name);
+ LOG(4, 0, 0, "BGP peer %s sent CEASE\n", peer->name);
bgp_halt(peer);
return 0;
}
/* FIXME: should handle more notifications */
- LOG(4, 0, 0, 0, "BGP peer %s sent unhandled NOTIFICATION %d\n",
+ LOG(4, 0, 0, "BGP peer %s sent unhandled NOTIFICATION %d\n",
peer->name, (int) notification->error_code);
}
unf_len += s;
len += s;
- LOG(5, 0, 0, 0, "Withdrawing route %s/%d from BGP peer %s\n",
- inet_toa(tmp->dest.prefix), tmp->dest.len, peer->name);
+ LOG(5, 0, 0, "Withdrawing route %s/%d from BGP peer %s\n",
+ fmtaddr(tmp->dest.prefix, 0), tmp->dest.len, peer->name);
free(tmp);
{
if (!(e = malloc(sizeof(*e))))
{
- LOG(0, 0, 0, 0, "Can't allocate route for %s/%d (%s)\n",
- inet_toa(add->dest.prefix), add->dest.len, strerror(errno));
+ LOG(0, 0, 0, "Can't allocate route for %s/%d (%s)\n",
+ fmtaddr(add->dest.prefix, 0), add->dest.len, strerror(errno));
return 0;
}
data += s;
len += s;
- LOG(5, 0, 0, 0, "Advertising route %s/%d to BGP peer %s\n",
- inet_toa(add->dest.prefix), add->dest.len, peer->name);
+ LOG(5, 0, 0, "Advertising route %s/%d to BGP peer %s\n",
+ fmtaddr(add->dest.prefix, 0), add->dest.len, peer->name);
}
else
{
// vim: sw=8 ts=8
char const *cvs_name = "$Name: $";
-char const *cvs_id_cli = "$Id: cli.c,v 1.33 2004-11-28 20:09:53 bodea Exp $";
+char const *cvs_id_cli = "$Id: cli.c,v 1.34 2004-11-29 02:17:17 bodea Exp $";
#include <stdio.h>
#include <stdarg.h>
static int cmd_ip_access_list_rule(struct cli_def *cli, char *command, char **argv, int argc);
static int cmd_filter(struct cli_def *cli, char *command, char **argv, int argc);
static int cmd_no_filter(struct cli_def *cli, char *command, char **argv, int argc);
+static int cmd_show_access_list(struct cli_def *cli, char *command, char **argv, int argc);
/* match if b is a substr of a */
#define MATCH(a,b) (!strncmp((a), (b), strlen(b)))
cli_register_command(cli, c, "tunnels", cmd_show_tunnels, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show a list of tunnels or details for a single tunnel");
cli_register_command(cli, c, "users", cmd_show_users, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show a list of all connected users or details of selected user");
cli_register_command(cli, c, "version", cmd_show_version, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show currently running software version");
+ cli_register_command(cli, c, "access-list", cmd_show_access_list, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show named access-list");
c2 = cli_register_command(cli, c, "histogram", NULL, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, NULL);
cli_register_command(cli, c2, "idle", cmd_show_hist_idle, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show histogram of session idle times");
if (!(f = fopen(CLIUSERS, "r")))
{
- LOG(0, 0, 0, 0, "WARNING! No users specified. Command-line access is open to all\n");
+ LOG(0, 0, 0, "WARNING! No users specified. Command-line access is open to all\n");
}
else
{
if (!strcmp(buf, "enable"))
{
cli_allow_enable(cli, p);
- LOG(3, 0, 0, 0, "Setting enable password\n");
+ LOG(3, 0, 0, "Setting enable password\n");
}
else
{
cli_allow_user(cli, buf, p);
- LOG(3, 0, 0, 0, "Allowing user %s to connect to the CLI\n", buf);
+ LOG(3, 0, 0, "Allowing user %s to connect to the CLI\n", buf);
}
}
fclose(f);
addr.sin_port = htons(23);
if (bind(clifd, (void *) &addr, sizeof(addr)) < 0)
{
- LOG(0, 0, 0, 0, "Error listening on cli port 23: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error listening on cli port 23: %s\n", strerror(errno));
return;
}
listen(clifd, 10);
if (fork_and_close()) return;
if (getpeername(sockfd, (struct sockaddr *)&addr, &l) == 0)
{
- LOG(3, 0, 0, 0, "Accepted connection to CLI from %s\n", inet_toa(addr.sin_addr.s_addr));
+ LOG(3, 0, 0, "Accepted connection to CLI from %s\n", fmtaddr(addr.sin_addr.s_addr, 0));
require_auth = addr.sin_addr.s_addr != inet_addr("127.0.0.1");
}
else
- LOG(0, 0, 0, 0, "getpeername() failed on cli socket. Requiring authentication: %s\n", strerror(errno));
+ LOG(0, 0, 0, "getpeername() failed on cli socket. Requiring authentication: %s\n", strerror(errno));
if (require_auth)
{
- LOG(3, 0, 0, 0, "CLI is remote, requiring authentication\n");
+ LOG(3, 0, 0, "CLI is remote, requiring authentication\n");
if (!cli->users) /* paranoia */
{
- LOG(0, 0, 0, 0, "No users for remote authentication! Exiting CLI\n");
+ LOG(0, 0, 0, "No users for remote authentication! Exiting CLI\n");
exit(0);
}
}
cli_loop(cli, sockfd);
close(sockfd);
- LOG(3, 0, 0, 0, "Closed CLI connection from %s\n", inet_toa(addr.sin_addr.s_addr));
+ LOG(3, 0, 0, "Closed CLI connection from %s\n", fmtaddr(addr.sin_addr.s_addr, 0));
exit(0);
}
static void cli_print_log(struct cli_def *cli, char *string)
{
- LOG(3, 0, 0, 0, "%s\n", string);
+ LOG(3, 0, 0, "%s\n", string);
}
void cli_do_file(FILE *fh)
{
- LOG(3, 0, 0, 0, "Reading configuration file\n");
+ LOG(3, 0, 0, "Reading configuration file\n");
cli_print_callback(cli, cli_print_log);
cli_file(cli, fh, PRIVILEGE_PRIVILEGED, MODE_CONFIG);
cli_print_callback(cli, NULL);
cli_print(cli, "\tCalling Num:\t%s", session[s].calling);
cli_print(cli, "\tCalled Num:\t%s", session[s].called);
cli_print(cli, "\tTunnel ID:\t%d", session[s].tunnel);
- cli_print(cli, "\tIP address:\t%s", inet_toa(htonl(session[s].ip)));
+ cli_print(cli, "\tIP address:\t%s", fmtaddr(htonl(session[s].ip), 0));
cli_print(cli, "\tUnique SID:\t%lu", session[s].unique_id);
cli_print(cli, "\tIdle time:\t%u seconds", abs(time_now - session[s].last_packet));
cli_print(cli, "\tNext Recv:\t%u", session[s].nr);
if (session[s].filter_out && session[s].filter_out <= MAXFILTER)
cli_print(cli, "\tFilter out:\t%u (%s)", session[s].filter_out, ip_filters[session[s].filter_out - 1].name);
if (session[s].snoop_ip && session[s].snoop_port)
- cli_print(cli, "\tIntercepted:\t%s:%d", inet_toa(session[s].snoop_ip), session[s] .snoop_port);
+ cli_print(cli, "\tIntercepted:\t%s:%d", fmtaddr(session[s].snoop_ip, 0), session[s] .snoop_port);
else
cli_print(cli, "\tIntercepted:\tno");
for (i = 1; i < MAXSESSION; i++)
{
- char *userip, *tunnelip;
if (!session[i].opened) continue;
- userip = strdup(inet_toa(htonl(session[i].ip)));
- tunnelip = strdup(inet_toa(htonl(tunnel[ session[i].tunnel ].ip)));
cli_print(cli, "%5d %4d %-32s %-15s %s %s %s %10u %10lu %10lu %4u %-15s %s",
i,
session[i].tunnel,
session[i].user[0] ? session[i].user : "*",
- userip,
+ fmtaddr(htonl(session[i].ip), 0),
(session[i].snoop_ip && session[i].snoop_port) ? "Y" : "N",
(session[i].throttle_in || session[i].throttle_out) ? "Y" : "N",
(session[i].walled_garden) ? "Y" : "N",
(unsigned long)session[i].total_cout,
(unsigned long)session[i].total_cin,
abs(time_now - (session[i].last_packet ? session[i].last_packet : time_now)),
- tunnelip,
+ fmtaddr(htonl(tunnel[ session[i].tunnel ].ip), 1),
session[i].calling[0] ? session[i].calling : "*");
- if (userip) free(userip);
- if (tunnelip) free(tunnelip);
}
return CLI_OK;
}
cli_print(cli, "\r\nTunnel %d:", t);
cli_print(cli, "\tState:\t\t%s", states[tunnel[t].state]);
cli_print(cli, "\tHostname:\t%s", tunnel[t].hostname[0] ? tunnel[t].hostname : "(none)");
- cli_print(cli, "\tRemote IP:\t%s", inet_toa(htonl(tunnel[t].ip)));
+ cli_print(cli, "\tRemote IP:\t%s", fmtaddr(htonl(tunnel[t].ip), 0));
cli_print(cli, "\tRemote Port:\t%d", tunnel[t].port);
cli_print(cli, "\tRx Window:\t%u", tunnel[t].window);
cli_print(cli, "\tNext Recv:\t%u", tunnel[t].nr);
cli_print(cli, "%4d %20s %20s %6s %6d",
i,
*tunnel[i].hostname ? tunnel[i].hostname : "(null)",
- inet_toa(htonl(tunnel[i].ip)),
+ fmtaddr(htonl(tunnel[i].ip), 0),
states[tunnel[i].state],
sessions);
}
if (!config->cluster_iam_master)
{
- cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
+ cli_print(cli, "Can't do this on a slave. Do it on %s",
+ fmtaddr(config->cluster_master_address, 0));
+
return CLI_OK;
}
if (ip_address_pool[i].assigned)
{
cli_print(cli, "%-15s\tY %8d %s",
- inet_toa(htonl(ip_address_pool[i].address)), ip_address_pool[i].session, session[ip_address_pool[i].session].user);
+ fmtaddr(htonl(ip_address_pool[i].address), 0),
+ ip_address_pool[i].session,
+ session[ip_address_pool[i].session].user);
used++;
}
{
if (ip_address_pool[i].last)
cli_print(cli, "%-15s\tN %8s [%s] %ds",
- inet_toa(htonl(ip_address_pool[i].address)), "",
+ fmtaddr(htonl(ip_address_pool[i].address), 0), "",
ip_address_pool[i].user, time_now - ip_address_pool[i].last);
+
else if (show_all)
- cli_print(cli, "%-15s\tN", inet_toa(htonl(ip_address_pool[i].address)));
+ cli_print(cli, "%-15s\tN", fmtaddr(htonl(ip_address_pool[i].address), 0));
free++;
}
if (config_values[i].type == STRING)
cli_print(cli, "set %s \"%.*s\"", config_values[i].key, config_values[i].size, (char *)value);
else if (config_values[i].type == IP)
- cli_print(cli, "set %s %s", config_values[i].key, inet_toa(*(unsigned *)value));
+ cli_print(cli, "set %s %s", config_values[i].key, fmtaddr(*(unsigned *)value, 0));
else if (config_values[i].type == SHORT)
cli_print(cli, "set %s %hu", config_values[i].key, *(short *)value);
else if (config_values[i].type == BOOL)
if (!config->cluster_iam_master)
{
- cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
+ cli_print(cli, "Can't do this on a slave. Do it on %s",
+ fmtaddr(config->cluster_master_address, 0));
+
return CLI_OK;
}
if (!config->cluster_iam_master)
{
- cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
+ cli_print(cli, "Can't do this on a slave. Do it on %s",
+ fmtaddr(config->cluster_master_address, 0));
+
return CLI_OK;
}
if (!config->cluster_iam_master)
{
- cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
+ cli_print(cli, "Can't do this on a slave. Do it on %s",
+ fmtaddr(config->cluster_master_address, 0));
+
return CLI_OK;
}
if (!config->cluster_iam_master)
{
- cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
+ cli_print(cli, "Can't do this on a slave. Do it on %s",
+ fmtaddr(config->cluster_master_address, 0));
+
return CLI_OK;
}
return CLI_OK;
}
- cli_print(cli, "Snooping user %s to %s:%d", argv[0], inet_toa(ip), port);
+ cli_print(cli, "Snooping user %s to %s:%d", argv[0], fmtaddr(ip, 0), port);
cli_session_actions[s].snoop_ip = ip;
cli_session_actions[s].snoop_port = port;
cli_session_actions[s].action |= CLI_SESS_SNOOP;
if (!config->cluster_iam_master)
{
- cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
+ cli_print(cli, "Can't do this on a slave. Do it on %s",
+ fmtaddr(config->cluster_master_address, 0));
+
return CLI_OK;
}
if (!config->cluster_iam_master)
{
- cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
+ cli_print(cli, "Can't do this on a slave. Do it on %s",
+ fmtaddr(config->cluster_master_address, 0));
+
return CLI_OK;
}
if (!config->cluster_iam_master)
{
- cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
+ cli_print(cli, "Can't do this on a slave. Do it on %s",
+ fmtaddr(config->cluster_master_address, 0));
+
return CLI_OK;
}
if (show_message)
{
- ipt address = htonl(ringbuffer->buffer[i].address);
- char *ipaddr;
- struct in_addr addr;
-
- memcpy(&addr, &address, sizeof(ringbuffer->buffer[i].address));
- ipaddr = inet_ntoa(addr);
-
- cli_print(cli, "\r%s-%s-%u-%u %s",
+ cli_print(cli, "\r%s-%u-%u %s",
debug_levels[(int)ringbuffer->buffer[i].level],
- ipaddr,
ringbuffer->buffer[i].tunnel,
ringbuffer->buffer[i].session,
ringbuffer->buffer[i].message);
NULL);
cli_print(cli, "BGPv%d router identifier %s, local AS number %d",
- BGP_VERSION, inet_toa(my_address), (int) config->as_number);
+ BGP_VERSION, fmtaddr(my_address, 0), (int) config->as_number);
time(&time_now);
if (!*bgp_peers[i].name)
continue;
- addr = inet_toa(bgp_peers[i].addr);
+ addr = fmtaddr(bgp_peers[i].addr, 0);
if (argc && strcmp(addr, argv[0]) &&
strncmp(bgp_peers[i].name, argv[0], strlen(argv[0])))
continue;
if (!bgp_peers[i].routing)
continue;
- addr = inet_toa(bgp_peers[i].addr);
+ addr = fmtaddr(bgp_peers[i].addr, 0);
if (argc && strcmp(addr, argv[0]) && strcmp(bgp_peers[i].name, argv[0]))
continue;
if (bgp_peers[i].routing)
continue;
- addr = inet_toa(bgp_peers[i].addr);
+ addr = fmtaddr(bgp_peers[i].addr, 0);
if (argc && strcmp(addr, argv[0]) &&
strncmp(bgp_peers[i].name, argv[0], strlen(argv[0])))
continue;
if (!*bgp_peers[i].name)
continue;
- addr = inet_toa(bgp_peers[i].addr);
+ addr = fmtaddr(bgp_peers[i].addr, 0);
if (argc && strcmp(addr, argv[0]) &&
strncmp(bgp_peers[i].name, argv[0], strlen(argv[0])))
continue;
static int show_ip_wild(char *buf, ipt ip, ipt wild)
{
- int i;
if (ip == INADDR_ANY && wild == INADDR_BROADCAST)
return sprintf(buf, " any");
if (wild == INADDR_ANY)
- return sprintf(buf, " host %s", inet_toa(ip));
+ return sprintf(buf, " host %s", fmtaddr(ip, 0));
- i = sprintf(buf, " %s", inet_toa(ip));
- return i + sprintf(buf + i, " %s", inet_toa(wild));
+ return sprintf(buf, " %s %s", fmtaddr(ip, 0), fmtaddr(wild, 1));
}
static int show_ports(char *buf, ip_filter_portt *ports)
if (rule->proto == IPPROTO_TCP && rule->tcp_flag_op)
{
- if (rule->tcp_flag_op == FILTER_FLAG_OP_ANY &&
- rule->tcp_sflags == (TCP_FLAG_ACK|TCP_FLAG_RST) &&
- rule->tcp_cflags == TCP_FLAG_SYN)
+ switch (rule->tcp_flag_op)
{
+ case FILTER_FLAG_OP_EST:
p += sprintf(p, " established");
- }
- else
- {
+ break;
+
+ case FILTER_FLAG_OP_ANY:
+ case FILTER_FLAG_OP_ALL:
p += sprintf(p, " match-%s", rule->tcp_flag_op == FILTER_FLAG_OP_ALL ? "all" : "any");
if (rule->tcp_sflags & TCP_FLAG_FIN) p += sprintf(p, " +fin");
if (rule->tcp_cflags & TCP_FLAG_FIN) p += sprintf(p, " -fin");
if (rule->tcp_cflags & TCP_FLAG_ACK) p += sprintf(p, " -ack");
if (rule->tcp_sflags & TCP_FLAG_URG) p += sprintf(p, " +urg");
if (rule->tcp_cflags & TCP_FLAG_URG) p += sprintf(p, " -urg");
+ break;
}
}
+ if (rule->frag)
+ p += sprintf(p, " fragments");
+
return buf;
}
{
if (MATCH("established", argv[a]))
{
- rule.tcp_flag_op = FILTER_FLAG_OP_ANY;
- rule.tcp_sflags = (TCP_FLAG_ACK|TCP_FLAG_RST);
- rule.tcp_cflags = TCP_FLAG_SYN;
+ rule.tcp_flag_op = FILTER_FLAG_OP_EST;
a++;
}
else if (!strcmp(argv[a], "match-any") || !strcmp(argv[a], "match-an") ||
}
}
+ if (a < argc && MATCH("fragments", argv[a]))
+ {
+ rule.frag = 1;
+ a++;
+ }
+
if (a < argc)
{
cli_print(cli, "Invalid flag \"%s\"", argv[a]);
if (!config->cluster_iam_master)
{
- cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
+ cli_print(cli, "Can't do this on a slave. Do it on %s",
+ fmtaddr(config->cluster_master_address, 0));
+
return CLI_OK;
}
if (!config->cluster_iam_master)
{
- cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
+ cli_print(cli, "Can't do this on a slave. Do it on %s",
+ fmtaddr(config->cluster_master_address, 0));
+
return CLI_OK;
}
return CLI_OK;
}
+static int cmd_show_access_list(struct cli_def *cli, char *command, char **argv, int argc)
+{
+ int i;
+
+ if (CLI_HELP_REQUESTED)
+ return cli_arg_help(cli, argc > 1, "NAME", "Filter name", NULL);
+
+ if (argc < 1)
+ {
+ cli_print(cli, "Specify a filter name");
+ return CLI_OK;
+ }
+
+ for (i = 0; i < argc; i++)
+ {
+ int f = find_access_list(argv[i]);
+ ip_filter_rulet *rules;
+
+ if (f < 0 || !*ip_filters[f].name)
+ {
+ cli_print(cli, "Access-list %s not defined", argv[i]);
+ return CLI_OK;
+ }
+
+ cli_print(cli, "%s IP access list %s",
+ ip_filters[f].extended ? "Extended" : "Standard",
+ ip_filters[f].name);
+
+ for (rules = ip_filters[f].rules; rules->action; rules++)
+ {
+ char const *r = show_access_list_rule(ip_filters[f].extended, rules);
+ if (rules->counter)
+ cli_print(cli, "%s (%d match%s)", r,
+ rules->counter, rules->counter > 1 ? "es" : "");
+ else
+ cli_print(cli, "%s", r);
+ }
+ }
+
+ return CLI_OK;
+}
+
// Convert a string in the form of abcd.ef12.3456 into char[6]
void parsemac(char *string, char mac[6])
{
// L2TPNS Clustering Stuff
-char const *cvs_id_cluster = "$Id: cluster.c,v 1.18 2004-11-16 07:54:32 bodea Exp $";
+char const *cvs_id_cluster = "$Id: cluster.c,v 1.19 2004-11-29 02:17:17 bodea Exp $";
#include <stdio.h>
#include <sys/file.h>
if (bind(cluster_sockfd, (void *) &addr, sizeof(addr)) < 0)
{
- LOG(0, 0, 0, 0, "Failed to bind cluster socket: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Failed to bind cluster socket: %s\n", strerror(errno));
return -1;
}
strcpy(ifr.ifr_name, config->cluster_interface);
if (ioctl(cluster_sockfd, SIOCGIFADDR, &ifr) < 0)
{
- LOG(0, 0, 0, 0, "Failed to get interface address for (%s): %s\n", config->cluster_interface, strerror(errno));
+ LOG(0, 0, 0, "Failed to get interface address for (%s): %s\n", config->cluster_interface, strerror(errno));
return -1;
}
if (setsockopt(cluster_sockfd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)) < 0)
{
- LOG(0, 0, 0, 0, "Failed to setsockopt (join mcast group): %s\n", strerror(errno));
+ LOG(0, 0, 0, "Failed to setsockopt (join mcast group): %s\n", strerror(errno));
return -1;
}
if (setsockopt (cluster_sockfd, IPPROTO_IP, IP_MULTICAST_IF, &interface_addr, sizeof(interface_addr)) < 0)
{
- LOG(0, 0, 0, 0, "Failed to setsockopt (set mcast interface): %s\n", strerror(errno));
+ LOG(0, 0, 0, "Failed to setsockopt (set mcast interface): %s\n", strerror(errno));
return -1;
}
addr.sin_port = htons(CLUSTERPORT);
addr.sin_family = AF_INET;
- LOG(5,0,0,0, "Cluster send data: %d bytes\n", datalen);
+ LOG(5, 0, 0, "Cluster send data: %d bytes\n", datalen);
if (sendto(cluster_sockfd, data, datalen, MSG_NOSIGNAL, (void *) &addr, sizeof(addr)) < 0)
{
- LOG(0, 0, 0, 0, "sendto: %s\n", strerror(errno));
+ LOG(0, 0, 0, "sendto: %s\n", strerror(errno));
return -1;
}
config->cluster_iam_uptodate = 1;
- LOG(0,0,0,0, "Now uptodate with master.\n");
+ LOG(0, 0, 0, "Now uptodate with master.\n");
advertise();
}
if (sendto(cluster_sockfd, data, size, MSG_NOSIGNAL, (void *) &addr, sizeof(addr)) < 0)
{
- LOG(0, 0, 0, 0, "sendto: %s\n", strerror(errno));
+ LOG(0, 0, 0, "sendto: %s\n", strerror(errno));
return -1;
}
char buf[65536]; // Vast overkill.
char * p = buf;
- LOG(4,0,0,0, "Sending message to peer (type %d, more %d, size %d)\n", type, more, size);
+ LOG(4, 0, 0, "Sending message to peer (type %d, more %d, size %d)\n", type, more, size);
add_type(&p, type, more, data, size);
return peer_send_data(peer, buf, (p-buf) );
if (!config->cluster_master_address) // No election has been held yet. Just skip it.
return -1;
- LOG(4,0,0,0, "Forwarding packet from %s to master (size %d)\n", inet_toa(addr), size);
+ LOG(4, 0, 0, "Forwarding packet from %s to master (size %d)\n", fmtaddr(addr, 0), size);
STAT(c_forwarded);
add_type(&p, C_FORWARD, addr, (char*) &port, sizeof(port) );
if (!config->cluster_master_address) // No election has been held yet. Just skip it.
return -1;
- LOG(4,0,0,0, "Throttling packet master (size %d, tbfid %d)\n", size, tbfid);
+ LOG(4, 0, 0, "Throttling packet master (size %d, tbfid %d)\n", size, tbfid);
add_type(&p, C_THROTTLE, tbfid, data, size);
if (!config->cluster_master_address) // No election has been held yet. Just skip it.
return -1;
- LOG(4,0,0,0, "Walled garden packet to master (size %d)\n", size);
+ LOG(4, 0, 0, "Walled garden packet to master (size %d)\n", size);
add_type(&p, C_GARDEN, s, data, size);
if (size > sizeof(past_hearts[0].data))
{
- LOG(0,0,0,0, "Tried to heartbeat something larger than the maximum packet!\n");
+ LOG(0, 0, 0, "Tried to heartbeat something larger than the maximum packet!\n");
kill(0, SIGTERM);
exit(1);
}
if (config->cluster_iam_master && basetime) // We're heartbeating so no need to ping.
return;
- LOG(5,0,0,0, "Sending cluster ping...\n");
+ LOG(5, 0, 0, "Sending cluster ping...\n");
x.ver = 1;
x.addr = config->bind_address;
// Forward the data to the master.
- LOG(4,0,0,0, "Sending byte counters to master (%d elements)\n", c);
+ LOG(4, 0, 0, "Sending byte counters to master (%d elements)\n", c);
peer_send_message(config->cluster_master_address, C_BYTES, c, (char*) &b, sizeof(b[0]) * c);
return;
}
if (!probed && config->cluster_master_address)
{
probed = 1;
- LOG(1, 0, 0, 0, "Heartbeat from master %.1fs late, probing...\n",
+ LOG(1, 0, 0, "Heartbeat from master %.1fs late, probing...\n",
0.1 * (TIME - (config->cluster_last_hb + config->cluster_hb_interval)));
peer_send_message(config->cluster_master_address,
config->cluster_last_hb = TIME + 1; // Just the one election thanks.
- LOG(0,0,0,0, "Master timed out! Holding election...\n");
+ LOG(0, 0, 0, "Master timed out! Holding election...\n");
for (i = 0; i < num_peers; i++)
{
continue; // Shutdown peer! Skip them.
if (peers[i].basetime < basetime) {
- LOG(1,0,0,0, "Expecting %s to become master\n", inet_toa(peers[i].peer) );
+ LOG(1, 0, 0, "Expecting %s to become master\n", fmtaddr(peers[i].peer, 0));
return; // They'll win the election. Get out of here.
}
if (peers[i].basetime == basetime &&
peers[i].peer > my_address) {
- LOG(1,0,0,0, "Expecting %s to become master\n", inet_toa(peers[i].peer) );
+ LOG(1, 0, 0, "Expecting %s to become master\n", fmtaddr(peers[i].peer, 0));
return; // They'll win the election. Wait for them to come up.
}
}
config->cluster_iam_master = 1;
config->cluster_master_address = 0;
- LOG(0,0,0,0, "I am declaring myself the master!\n");
+ LOG(0, 0, 0, "I am declaring myself the master!\n");
if (config->cluster_seq_number == -1)
config->cluster_seq_number = 0;
// If we're not the very first master, this is a big issue!
if(count>0)
- LOG(0,0,0,0, "Warning: Fixed %d uninitialized sessions in becoming master!\n", count);
+ LOG(0, 0, 0, "Warning: Fixed %d uninitialized sessions in becoming master!\n", count);
config->cluster_undefined_sessions = 0;
config->cluster_undefined_tunnels = 0;
if (config->cluster_undefined_sessions || config->cluster_undefined_tunnels) {
- LOG(2,0,0,0, "Cleared undefined sessions/tunnels. %d sess (high %d), %d tunn (high %d)\n",
+ LOG(2, 0, 0, "Cleared undefined sessions/tunnels. %d sess (high %d), %d tunn (high %d)\n",
config->cluster_undefined_sessions, highsession, config->cluster_undefined_tunnels, hightunnel);
return;
}
(char*) &tunnel[id], sizeof(tunnelt));
break;
default:
- LOG(0,0,0,0, "Found an invalid type in heart queue! (%d)\n", type);
+ LOG(0, 0, 0, "Found an invalid type in heart queue! (%d)\n", type);
kill(0, SIGTERM);
exit(1);
}
}
if (p > (buff + sizeof(buff))) { // Did we somehow manage to overun the buffer?
- LOG(0,0,0,0, "FATAL: Overran the heartbeat buffer! This is fatal. Exiting. (size %d)\n", p - buff);
+ LOG(0, 0, 0, "FATAL: Overran the heartbeat buffer! This is fatal. Exiting. (size %d)\n", p - buff);
kill(0, SIGTERM);
exit(1);
}
//
// Did we do something wrong?
if (p > (buff + sizeof(buff))) { // Did we somehow manage to overun the buffer?
- LOG(0,0,0,0, "Overran the heartbeat buffer now! This is fatal. Exiting. (size %d)\n", p - buff);
+ LOG(0, 0, 0, "Overran the heartbeat buffer now! This is fatal. Exiting. (size %d)\n", p - buff);
kill(0, SIGTERM);
exit(1);
}
- LOG(3,0,0,0, "Sending heartbeat #%d with %d changes (%d x-sess, %d x-tunnels, %d highsess, %d hightun, size %d)\n",
- h.seq, config->cluster_num_changes, count, tcount, config->cluster_highest_sessionid,
- config->cluster_highest_tunnelid, (p-buff));
+ LOG(3, 0, 0, "Sending heartbeat #%d with %d changes (%d x-sess, %d x-tunnels, %d highsess, %d hightun, size %d)\n",
+ h.seq, config->cluster_num_changes, count, tcount, config->cluster_highest_sessionid,
+ config->cluster_highest_tunnelid, (p-buff));
config->cluster_num_changes = 0;
int cluster_send_session(int sid)
{
if (!config->cluster_iam_master) {
- LOG(0,0,sid,0, "I'm not a master, but I just tried to change a session!\n");
+ LOG(0, sid, 0, "I'm not a master, but I just tried to change a session!\n");
return -1;
}
int cluster_send_tunnel(int tid)
{
if (!config->cluster_iam_master) {
- LOG(0,0,0,tid, "I'm not a master, but I just tried to change a tunnel!\n");
+ LOG(0, 0, tid, "I'm not a master, but I just tried to change a tunnel!\n");
return -1;
}
int s;
int diff;
- LOG(1,0,0,0, "Slave %s sent LASTSEEN with seq %d\n", inet_toa(slave), seq);
+ LOG(1, 0, 0, "Slave %s sent LASTSEEN with seq %d\n", fmtaddr(slave, 0), seq);
diff = config->cluster_seq_number - seq; // How many packet do we need to send?
if (diff < 0)
diff += HB_MAX_SEQ;
if (diff >= HB_HISTORY_SIZE) { // Ouch. We don't have the packet to send it!
- LOG(0,0,0,0, "A slaved asked for message %d when our seq number is %d. Killing it.\n",
+ LOG(0, 0, 0, "A slaved asked for message %d when our seq number is %d. Killing it.\n",
seq, config->cluster_seq_number);
return peer_send_message(slave, C_KILL, seq, NULL, 0);// Kill the slave. Nothing else to do.
}
while (seq != config->cluster_seq_number) {
s = seq%HB_HISTORY_SIZE;
if (seq != past_hearts[s].seq) {
- LOG(0,0,0,0, "Tried to re-send heartbeat for %s but %d doesn't match %d! (%d,%d)\n",
- inet_toa(slave), seq, past_hearts[s].seq, s, config->cluster_seq_number);
+ LOG(0, 0, 0, "Tried to re-send heartbeat for %s but %d doesn't match %d! (%d,%d)\n",
+ fmtaddr(slave, 0), seq, past_hearts[s].seq, s, config->cluster_seq_number);
return -1; // What to do here!?
}
peer_send_data(slave, past_hearts[s].data, past_hearts[s].size);
if (clusterid != config->bind_address)
{
// Is this for us?
- LOG(4,0,0,0, "Skipping ping from %s (different cluster)\n", inet_toa(peer));
+ LOG(4, 0, 0, "Skipping ping from %s (different cluster)\n", fmtaddr(peer, 0));
return 0;
}
// Is this the master shutting down??
if (peer == config->cluster_master_address && !basetime) {
- LOG(3,0,0,0, "Master %s shutting down...\n", inet_toa(config->cluster_master_address));
+ LOG(3, 0, 0, "Master %s shutting down...\n", fmtaddr(config->cluster_master_address, 0));
config->cluster_master_address = 0;
config->cluster_last_hb = 0; // Force an election.
cluster_check_master();
if (i >= num_peers)
{
- LOG(4,0,0,0, "Adding %s as a peer\n", inet_toa(peer));
+ LOG(4, 0, 0, "Adding %s as a peer\n", fmtaddr(peer, 0));
// Not found. Is there a stale slot to re-use?
for (i = 0; i < num_peers ; ++i)
if (i >= CLUSTER_MAX_SIZE)
{
// Too many peers!!
- LOG(0,0,0,0, "Tried to add %s as a peer, but I already have %d of them!\n", inet_toa(peer), i);
+ LOG(0, 0, 0, "Tried to add %s as a peer, but I already have %d of them!\n", fmtaddr(peer, 0), i);
return -1;
}
if (i == num_peers)
++num_peers;
- LOG(1,0,0,0, "Added %s as a new peer. Now %d peers\n", inet_toa(peer), num_peers);
+ LOG(1, 0, 0, "Added %s as a new peer. Now %d peers\n", fmtaddr(peer, 0), num_peers);
}
return 1;
b = (bytest*) data;
- LOG(3,0,0,0, "Got byte counter update (size %d)\n", size);
+ LOG(3, 0, 0, "Got byte counter update (size %d)\n", size);
/* Loop around, adding the byte
counts to each of the sessions. */
while (size >= sizeof(*b) ) {
if (b->sid > MAXSESSION) {
- LOG(0,0,0,0, "Got C_BYTES with session #%d!\n", b->sid);
+ LOG(0, 0, 0, "Got C_BYTES with session #%d!\n", b->sid);
return -1; /* Abort processing */
}
}
if (size != 0)
- LOG(0,0,0,0, "Got C_BYTES with %d bytes of trailing junk!\n", size);
+ LOG(0, 0, 0, "Got C_BYTES with %d bytes of trailing junk!\n", size);
return size;
}
static int cluster_recv_session(int more , u8 * p)
{
if (more >= MAXSESSION) {
- LOG(0,0,0,0, "DANGER: Received a heartbeat session id > MAXSESSION!\n");
+ LOG(0, 0, 0, "DANGER: Received a heartbeat session id > MAXSESSION!\n");
return -1;
}
if (session[more].tunnel == T_UNDEF) {
if (config->cluster_iam_uptodate) { // Sanity.
- LOG(0,0,0,0, "I thought I was uptodate but I just found an undefined session!\n");
+ LOG(0, 0, 0, "I thought I was uptodate but I just found an undefined session!\n");
} else {
--config->cluster_undefined_sessions;
}
load_session(more, (sessiont*) p); // Copy session into session table..
- LOG(5,0,more,0, "Received session update (%d undef)\n", config->cluster_undefined_sessions);
+ LOG(5, more, 0, "Received session update (%d undef)\n", config->cluster_undefined_sessions);
if (!config->cluster_iam_uptodate)
cluster_uptodate(); // Check to see if we're up to date.
static int cluster_recv_tunnel(int more, u8 *p)
{
if (more >= MAXTUNNEL) {
- LOG(0,0,0,0, "DANGER: Received a tunnel session id > MAXTUNNEL!\n");
+ LOG(0, 0, 0, "DANGER: Received a tunnel session id > MAXTUNNEL!\n");
return -1;
}
if (tunnel[more].state == TUNNELUNDEF) {
if (config->cluster_iam_uptodate) { // Sanity.
- LOG(0,0,0,0, "I thought I was uptodate but I just found an undefined tunnel!\n");
+ LOG(0, 0, 0, "I thought I was uptodate but I just found an undefined tunnel!\n");
} else {
--config->cluster_undefined_tunnels;
}
tunnel[more].controls = tunnel[more].controle = NULL;
tunnel[more].controlc = 0;
- LOG(5,0,0,more, "Received tunnel update\n");
+ LOG(5, 0, more, "Received tunnel update\n");
if (!config->cluster_iam_uptodate)
cluster_uptodate(); // Check to see if we're up to date.
// we handle version 2+
if (more < 2 || more > HB_VERSION) {
- LOG(0,0,0,0, "Received a heartbeat version that I don't support (%d)!\n", more);
+ LOG(0, 0, 0, "Received a heartbeat version that I don't support (%d)!\n", more);
return -1; // Ignore it??
}
if (config->cluster_iam_master) { // Sanity...
// Note that this MUST match the election process above!
- LOG(0,0,0,0, "I just got a packet claiming to be from a master but _I_ am the master!\n");
+ LOG(0, 0, 0, "I just got a packet claiming to be from a master but _I_ am the master!\n");
if (!h->basetime) {
- LOG(0,0,0,0, "Heartbeat from addr %s with zero basetime!\n", inet_toa(addr) );
+ LOG(0, 0, 0, "Heartbeat from addr %s with zero basetime!\n", fmtaddr(addr, 0));
return -1; // Skip it.
}
if (basetime > h->basetime) {
- LOG(0,0,0,0, "They're (%s) an older master than me so I'm gone!\n", inet_toa(addr));
+ LOG(0, 0, 0, "They're (%s) an older master than me so I'm gone!\n", fmtaddr(addr, 0));
kill(0, SIGTERM);
exit(1);
}
if (basetime == h->basetime && my_address < addr) { // Tie breaker.
- LOG(0,0,0,0, "They're a higher IP address than me, so I'm gone!\n");
+ LOG(0, 0, 0, "They're a higher IP address than me, so I'm gone!\n");
kill(0, SIGTERM);
exit(1);
}
config->cluster_last_hb = TIME; // Reset to ensure that we don't become master!!
if (config->cluster_seq_number != h->seq) { // Out of sequence heartbeat!
- LOG(1,0,0,0, "HB: Got seq# %d but was expecting %d. asking for resend.\n", h->seq, config->cluster_seq_number);
+ LOG(1, 0, 0, "HB: Got seq# %d but was expecting %d. asking for resend.\n", h->seq, config->cluster_seq_number);
peer_send_message(addr, C_LASTSEEN, config->cluster_seq_number, NULL, 0);
{
if (h->interval != config->cluster_hb_interval)
{
- LOG(2, 0, 0, 0, "Master set ping/heartbeat interval to %u (was %u)\n",
+ LOG(2, 0, 0, "Master set ping/heartbeat interval to %u (was %u)\n",
h->interval, config->cluster_hb_interval);
config->cluster_hb_interval = h->interval;
if (h->timeout != config->cluster_hb_timeout)
{
- LOG(2, 0, 0, 0, "Master set heartbeat timeout to %u (was %u)\n",
+ LOG(2, 0, 0, "Master set heartbeat timeout to %u (was %u)\n",
h->timeout, config->cluster_hb_timeout);
config->cluster_hb_timeout = h->timeout;
s -= (p - orig_p);
if (size != sizeof(sessiont) ) { // Ouch! Very very bad!
- LOG(0,0,0,0, "DANGER: Received a CSESSION that didn't decompress correctly!\n");
+ LOG(0, 0, 0, "DANGER: Received a CSESSION that didn't decompress correctly!\n");
// Now what? Should exit! No-longer up to date!
break;
}
s -= (p - orig_p);
if (size != sizeof(tunnelt) ) { // Ouch! Very very bad!
- LOG(0,0,0,0, "DANGER: Received a CSESSION that didn't decompress correctly!\n");
+ LOG(0, 0, 0, "DANGER: Received a CSESSION that didn't decompress correctly!\n");
// Now what? Should exit! No-longer up to date!
break;
}
s -= sizeof(tunnel[more]);
break;
default:
- LOG(0,0,0,0, "DANGER: I received a heartbeat element where I didn't understand the type! (%d)\n", type);
+ LOG(0, 0, 0, "DANGER: I received a heartbeat element where I didn't understand the type! (%d)\n", type);
return -1; // can't process any more of the packet!!
}
}
+
if (config->cluster_master_address != addr)
{
- char *str;
- str = strdup(inet_toa(config->cluster_master_address));
- LOG(0,0,0,0, "My master just changed from %s to %s!\n", str, inet_toa(addr));
- if (str) free(str);
+ LOG(0, 0, 0, "My master just changed from %s to %s!\n",
+ fmtaddr(config->cluster_master_address, 0), fmtaddr(addr, 1));
+
+ config->cluster_master_address = addr;
}
- config->cluster_master_address = addr;
config->cluster_last_hb = TIME; // Successfully received a heartbeat!
return 0;
shortpacket:
- LOG(0,0,0,0, "I got an incomplete heartbeat packet! This means I'm probably out of sync!!\n");
+ LOG(0, 0, 0, "I got an incomplete heartbeat packet! This means I'm probably out of sync!!\n");
return -1;
}
if (addr == my_address)
return -1; // Ignore it. Something looped back the multicast!
- LOG(5,0,0,0, "Process cluster: %d bytes from %s\n", size, inet_toa(addr));
+ LOG(5, 0, 0, "Process cluster: %d bytes from %s\n", size, fmtaddr(addr, 0));
if (s <= 0) // Any data there??
return -1;
p += sizeof(int);
if (!config->cluster_iam_master) { // huh?
- LOG(0,0,0,0, "I'm not the master, but I got a C_FORWARD from %s?\n", inet_toa(addr));
+ LOG(0, 0, 0, "I'm not the master, but I got a C_FORWARD from %s?\n", fmtaddr(addr, 0));
return -1;
}
- LOG(4,0,0,0, "Got a forwarded packet... (%s:%d)\n", inet_toa(more), a.sin_port);
+ LOG(4, 0, 0, "Got a forwarded packet... (%s:%d)\n", fmtaddr(more, 0), a.sin_port);
STAT(recv_forward);
processudp(p, s, &a);
return 0;
}
case C_THROTTLE: { // Receive a forwarded packet from a slave.
if (!config->cluster_iam_master) {
- LOG(0,0,0,0, "I'm not the master, but I got a C_THROTTLE from %s?\n", inet_toa(addr));
+ LOG(0, 0, 0, "I'm not the master, but I got a C_THROTTLE from %s?\n", fmtaddr(addr, 0));
return -1;
}
case C_GARDEN:
// Receive a walled garden packet from a slave.
if (!config->cluster_iam_master) {
- LOG(0,0,0,0, "I'm not the master, but I got a C_GARDEN from %s?\n", inet_toa(addr));
+ LOG(0, 0, 0, "I'm not the master, but I got a C_GARDEN from %s?\n", fmtaddr(addr, 0));
return -1;
}
case C_KILL: // The master asked us to die!? (usually because we're too out of date).
if (config->cluster_iam_master) {
- LOG(0,0,0,0, "_I_ am master, but I received a C_KILL from %s! (Seq# %d)\n", inet_toa(addr), more);
+ LOG(0, 0, 0, "_I_ am master, but I received a C_KILL from %s! (Seq# %d)\n", fmtaddr(addr, 0), more);
return -1;
}
if (more != config->cluster_seq_number) {
- LOG(0,0,0,0, "The master asked us to die but the seq number didn't match!?\n");
+ LOG(0, 0, 0, "The master asked us to die but the seq number didn't match!?\n");
return -1;
}
if (addr != config->cluster_master_address) {
- LOG(0,0,0,0, "Received a C_KILL from %s which doesn't match config->cluster_master_address (%x)\n",
- inet_toa(addr), config->cluster_master_address);
+ LOG(0, 0, 0, "Received a C_KILL from %s which doesn't match config->cluster_master_address (%s)\n",
+ fmtaddr(addr, 0), fmtaddr(config->cluster_master_address, 1));
// We can only warn about it. The master might really have switched!
}
- LOG(0,0,0,0, "Received a valid C_KILL: I'm going to die now.\n");
+ LOG(0, 0, 0, "Received a valid C_KILL: I'm going to die now.\n");
kill(0, SIGTERM);
exit(0); // Lets be paranoid;
return -1; // Just signalling the compiler.
case C_HEARTBEAT:
- LOG(4,0,0,0, "Got a heartbeat from %s\n", inet_toa(addr));
+ LOG(4, 0, 0, "Got a heartbeat from %s\n", fmtaddr(addr, 0));
return cluster_process_heartbeat(data, size, more, p, addr);
default:
- LOG(0,0,0,0, "Strange type packet received on cluster socket (%d)\n", type);
+ LOG(0, 0, 0, "Strange type packet received on cluster socket (%d)\n", type);
return -1;
}
return 0;
shortpacket:
- LOG(0,0,0,0, "I got a _short_ cluster heartbeat packet! This means I'm probably out of sync!!\n");
+ LOG(0, 0, 0, "I got a _short_ cluster heartbeat packet! This means I'm probably out of sync!!\n");
return -1;
}
return CLI_HELP_NO_ARGS;
cli_print(cli, "Cluster status : %s", config->cluster_iam_master ? "Master" : "Slave" );
- cli_print(cli, "My address : %s", inet_toa(my_address));
- cli_print(cli, "VIP address : %s", inet_toa(config->bind_address));
- cli_print(cli, "Multicast address: %s", inet_toa(config->cluster_address));
+ cli_print(cli, "My address : %s", fmtaddr(my_address, 0));
+ cli_print(cli, "VIP address : %s", fmtaddr(config->bind_address, 0));
+ cli_print(cli, "Multicast address: %s", fmtaddr(config->cluster_address, 0));
cli_print(cli, "Multicast i'face : %s", config->cluster_interface);
if (!config->cluster_iam_master) {
cli_print(cli, "My master : %s (last heartbeat %.1f seconds old)",
- config->cluster_master_address ? inet_toa(config->cluster_master_address) : "Not defined",
+ config->cluster_master_address
+ ? fmtaddr(config->cluster_master_address, 0)
+ : "Not defined",
0.1 * (TIME - config->cluster_last_hb));
cli_print(cli, "Uptodate : %s", config->cluster_iam_uptodate ? "Yes" : "No");
cli_print(cli, "Next sequence number expected: %d", config->cluster_seq_number);
if (num_peers)
cli_print(cli, "%20s %10s %8s", "Address", "Basetime", "Age");
for (i = 0; i < num_peers; ++i) {
- cli_print(cli, "%20s %10d %8d", inet_toa(peers[i].peer),
+ cli_print(cli, "%20s %10d %8d", fmtaddr(peers[i].peer, 0),
peers[i].basetime, TIME - peers[i].timestamp);
}
return CLI_OK;
/* walled garden */
-char const *cvs_id = "$Id: garden.c,v 1.16 2004-11-18 06:41:03 bodea Exp $";
+char const *cvs_id = "$Id: garden.c,v 1.17 2004-11-29 02:17:17 bodea Exp $";
int plugin_api_version = PLUGIN_API_VERSION;
static struct pluginfuncs *p = 0;
// Ignore if user authentication was successful
if (data->auth_allowed) return PLUGIN_RET_OK;
- p->log(3, 0, 0, 0, "Walled Garden allowing login\n");
+ p->log(3, p->get_id_by_session(data->s), data->s->tunnel, "Walled Garden allowing login\n");
data->auth_allowed = 1;
data->s->walled_garden = 1;
return PLUGIN_RET_OK;
for (i = 0; up_commands[i] && *up_commands[i]; i++)
{
- p->log(3, 0, 0, 0, "Running %s\n", up_commands[i]);
+ p->log(3, 0, 0, "Running %s\n", up_commands[i]);
system(up_commands[i]);
}
int garden_session(sessiont *s, int flag)
{
char cmd[2048];
+ sessionidt sess;
if (!s) return 0;
if (!s->opened) return 0;
+ sess = p->get_id_by_session(s);
if (flag == 1)
{
- p->log(2, 0, 0, s->tunnel, "Garden user %s (%s)\n", s->user, p->inet_toa(htonl(s->ip)));
- snprintf(cmd, sizeof(cmd), "iptables -t nat -A garden_users -s %s -j garden", p->inet_toa(htonl(s->ip)));
- p->log(3, 0, 0, s->tunnel, "%s\n", cmd);
+ p->log(2, sess, s->tunnel, "Garden user %s (%s)\n", s->user, p->fmtaddr(htonl(s->ip), 0));
+ snprintf(cmd, sizeof(cmd), "iptables -t nat -A garden_users -s %s -j garden", p->fmtaddr(htonl(s->ip), 0));
+ p->log(3, sess, s->tunnel, "%s\n", cmd);
system(cmd);
s->walled_garden = 1;
}
int count = 40;
// Normal User
- p->log(2, 0, 0, s->tunnel, "Un-Garden user %s (%s)\n", s->user, p->inet_toa(htonl(s->ip)));
+ p->log(2, sess, s->tunnel, "Un-Garden user %s (%s)\n", s->user, p->fmtaddr(htonl(s->ip), 0));
// Kick off any duplicate usernames
// but make sure not to kick off ourself
if (s->ip && !s->die && (other = p->get_session_by_username(s->user)) && s != p->get_session_by_id(other)) {
s->cin = s->cout = 0;
s->pin = s->pout = 0;
- snprintf(cmd, sizeof(cmd), "iptables -t nat -D garden_users -s %s -j garden", p->inet_toa(htonl(s->ip)));
- p->log(3, 0, 0, s->tunnel, "%s\n", cmd);
+ snprintf(cmd, sizeof(cmd), "iptables -t nat -D garden_users -s %s -j garden", p->fmtaddr(htonl(s->ip), 0));
+ p->log(3, sess, s->tunnel, "%s\n", cmd);
while (--count)
{
int status = system(cmd);
int i;
for (i = 0; down_commands[i] && *down_commands[i]; i++)
{
- p->log(3, 0, 0, 0, "Running %s\n", down_commands[i]);
+ p->log(3, 0, 0, "Running %s\n", down_commands[i]);
system(down_commands[i]);
}
}
for (i = 0; down_commands[i] && *down_commands[i]; i++)
{
- p->log(3, 0, 0, 0, "Running %s\n", down_commands[i]);
+ p->log(3, 0, 0, "Running %s\n", down_commands[i]);
system(down_commands[i]);
}
}
// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
// vim: sw=8 ts=8
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.59 2004-11-28 20:10:04 bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.60 2004-11-29 02:17:17 bodea Exp $";
#include <arpa/inet.h>
#include <assert.h>
//
-// Log a debug message. Typically called vias LOG macro
+// Log a debug message. Typically called via the LOG macro
//
-void _log(int level, ipt address, sessionidt s, tunnelidt t, const char *format, ...)
+void _log(int level, sessionidt s, tunnelidt t, const char *format, ...)
{
static char message[65536] = {0};
static char message2[65536] = {0};
ringbuffer->head = 0;
ringbuffer->buffer[ringbuffer->tail].level = level;
- ringbuffer->buffer[ringbuffer->tail].address = address;
ringbuffer->buffer[ringbuffer->tail].session = s;
ringbuffer->buffer[ringbuffer->tail].tunnel = t;
va_start(ap, format);
// No support for _log_hex to syslog
if (log_stream)
{
- _log(level, 0, 0, 0, "%s (%d bytes):\n", title, maxsize);
+ _log(level, 0, 0, "%s (%d bytes):\n", title, maxsize);
setvbuf(log_stream, NULL, _IOFBF, 16384);
for (i = 0; i < maxsize; )
else if (mask == 0xffffffff)
r.rt_flags |= RTF_HOST;
- LOG(1, ip, 0, 0, "Route %s %u.%u.%u.%u/%u.%u.%u.%u %u.%u.%u.%u\n",
- add ? "add" : "del",
- ip >> 24, ip >> 16 & 0xff, ip >> 8 & 0xff, ip & 0xff,
- mask >> 24, mask >> 16 & 0xff, mask >> 8 & 0xff, mask & 0xff,
- gw >> 24, gw >> 16 & 0xff, gw >> 8 & 0xff, gw & 0xff);
+ LOG(1, s, 0, "Route %s %s/%s%s%s\n", add ? "add" : "del",
+ fmtaddr(htonl(ip), 0), fmtaddr(htonl(mask), 1),
+ gw ? " via" : "", gw ? fmtaddr(htonl(gw), 2) : "");
if (ioctl(ifrfd, add ? SIOCADDRT : SIOCDELRT, (void *) &r) < 0)
- LOG(0, 0, 0, 0, "routeset() error in ioctl: %s\n", strerror(errno));
+ LOG(0, 0, 0, "routeset() error in ioctl: %s\n", strerror(errno));
#ifdef BGP
if (add)
tunfd = open(TUNDEVICE, O_RDWR);
if (tunfd < 0)
{ // fatal
- LOG(0, 0, 0, 0, "Can't open %s: %s\n", TUNDEVICE, strerror(errno));
+ LOG(0, 0, 0, "Can't open %s: %s\n", TUNDEVICE, strerror(errno));
exit(1);
}
{
}
if (ioctl(tunfd, TUNSETIFF, (void *) &ifr) < 0)
{
- LOG(0, 0, 0, 0, "Can't set tun interface: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Can't set tun interface: %s\n", strerror(errno));
exit(1);
}
assert(strlen(ifr.ifr_name) < sizeof(config->tundevice));
if (ioctl(ifrfd, SIOCSIFADDR, (void *) &ifr) < 0)
{
- LOG(0, 0, 0, 0, "Error setting tun address: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error setting tun address: %s\n", strerror(errno));
exit(1);
}
/* Bump up the qlen to deal with bursts from the network */
ifr.ifr_qlen = 1000;
if (ioctl(ifrfd, SIOCSIFTXQLEN, (void *) &ifr) < 0)
{
- LOG(0, 0, 0, 0, "Error setting tun queue length: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error setting tun queue length: %s\n", strerror(errno));
exit(1);
}
ifr.ifr_flags = IFF_UP;
if (ioctl(ifrfd, SIOCSIFFLAGS, (void *) &ifr) < 0)
{
- LOG(0, 0, 0, 0, "Error setting tun flags: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error setting tun flags: %s\n", strerror(errno));
exit(1);
}
}
}
if (bind(udpfd, (void *) &addr, sizeof(addr)) < 0)
{
- LOG(0, 0, 0, 0, "Error in UDP bind: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error in UDP bind: %s\n", strerror(errno));
exit(1);
}
snoopfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
setsockopt(controlfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
if (bind(controlfd, (void *) &addr, sizeof(addr)) < 0)
{
- LOG(0, 0, 0, 0, "Error in control bind: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error in control bind: %s\n", strerror(errno));
exit(1);
}
}
d[(size_t) a[3]] = (char *)((int)s);
if (s > 0)
- LOG(4, ip, s, session[s].tunnel, "Caching ip address %s\n", inet_toa(nip));
+ LOG(4, s, session[s].tunnel, "Caching ip address %s\n", fmtaddr(nip, 0));
+
else if (s == 0)
- LOG(4, ip, 0, 0, "Un-caching ip address %s\n", inet_toa(nip));
+ LOG(4, 0, 0, "Un-caching ip address %s\n", fmtaddr(nip, 0));
// else a map to an ip pool index.
}
s = socket(PF_INET, SOCK_DGRAM, 0);
if (s < 0)
{
- LOG(0, 0, 0, 0, "Error creating socket for GARP: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error creating socket for GARP: %s\n", strerror(errno));
return;
}
memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_name, "eth0", sizeof(ifr.ifr_name) - 1);
if (ioctl(s, SIOCGIFHWADDR, &ifr) < 0)
{
- LOG(0, 0, 0, 0, "Error getting eth0 hardware address for GARP: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error getting eth0 hardware address for GARP: %s\n", strerror(errno));
close(s);
return;
}
memcpy(mac, &ifr.ifr_hwaddr.sa_data, 6*sizeof(char));
if (ioctl(s, SIOCGIFINDEX, &ifr) < 0)
{
- LOG(0, 0, 0, 0, "Error getting eth0 interface index for GARP: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error getting eth0 interface index for GARP: %s\n", strerror(errno));
close(s);
return;
}
if (!t)
{
static int backtrace_count = 0;
- LOG(0, 0, 0, t, "tunnelsend called with 0 as tunnel id\n");
+ LOG(0, 0, t, "tunnelsend called with 0 as tunnel id\n");
STAT(tunnel_tx_errors);
log_backtrace(backtrace_count, 5)
return;
if (!tunnel[t].ip)
{
static int backtrace_count = 0;
- LOG(1, 0, 0, t, "Error sending data out tunnel: no remote endpoint (tunnel not set up)\n");
+ LOG(1, 0, t, "Error sending data out tunnel: no remote endpoint (tunnel not set up)\n");
log_backtrace(backtrace_count, 5)
STAT(tunnel_tx_errors);
return;
if (tunnel[t].try > 1)
{
STAT(tunnel_retries);
- LOG(3, tunnel[t].ip, 0, t, "Control message resend try %d\n", tunnel[t].try);
+ LOG(3, 0, t, "Control message resend try %d\n", tunnel[t].try);
}
}
if (sendto(udpfd, buf, l, 0, (void *) &addr, sizeof(addr)) < 0)
{
- LOG(0, tunnel[t].ip, ntohs((*(u16 *) (buf + 6))), t, "Error sending data out tunnel: %s (udpfd=%d, buf=%p, len=%d, dest=%s)\n",
+ LOG(0, ntohs((*(u16 *) (buf + 6))), t, "Error sending data out tunnel: %s (udpfd=%d, buf=%p, len=%d, dest=%s)\n",
strerror(errno), udpfd, buf, l, inet_ntoa(addr.sin_addr));
STAT(tunnel_tx_errors);
return;
if (len < MIN_IP_SIZE)
{
- LOG(1, 0, 0, 0, "Short IP, %d bytes\n", len);
+ LOG(1, 0, 0, "Short IP, %d bytes\n", len);
STAT(tunnel_tx_errors);
return;
}
if (len >= MAXETHER)
{
- LOG(1, 0, 0, 0, "Oversize IP packet %d bytes\n", len);
+ LOG(1, 0, 0, "Oversize IP packet %d bytes\n", len);
STAT(tunnel_tx_errors);
return;
}
// Got an IP header now
if (*(u8 *)(buf) >> 4 != 4)
{
- LOG(1, 0, 0, 0, "IP: Don't understand anything except IPv4\n");
+ LOG(1, 0, 0, "IP: Don't understand anything except IPv4\n");
return;
}
if (rate++ < config->icmp_rate) // Only send a max of icmp_rate per second.
{
- LOG(4, 0, 0, 0, "IP: Sending ICMP host unreachable to %s\n", inet_toa(*(u32 *)(buf + 12)));
+ LOG(4, 0, 0, "IP: Sending ICMP host unreachable to %s\n", fmtaddr(*(u32 *)(buf + 12), 0));
host_unreachable(*(u32 *)(buf + 12), *(u16 *)(buf + 4), ip, buf, (len < 64) ? 64 : len);
}
return;
return;
}
- LOG(5, session[s].ip, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
+ LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
// Add on L2TP header
{
if (len < 0 || len > MAXETHER)
{
- LOG(1,0,0,0, "Odd size IP packet: %d bytes\n", len);
+ LOG(1, 0, 0, "Odd size IP packet: %d bytes\n", len);
return;
}
t = session[s].tunnel;
sp = &session[s];
- LOG(5, session[s].ip, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
+ LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
// Add on L2TP header
{
if (!session[s].tunnel)
{
- LOG(3, session[s].ip, s, session[s].tunnel, "Called sessionshutdown on a session with no tunnel.\n");
+ LOG(3, s, session[s].tunnel, "Called sessionshutdown on a session with no tunnel.\n");
return; // not a live session
}
if (!session[s].die)
{
struct param_kill_session data = { &tunnel[session[s].tunnel], &session[s] };
- LOG(2, 0, s, session[s].tunnel, "Shutting down session %d: %s\n", s, reason);
+ LOG(2, s, session[s].tunnel, "Shutting down session %d: %s\n", s, reason);
run_plugins(PLUGIN_KILL_SESSION, &data);
}
{
if (!(r = radiusnew(s)))
{
- LOG(1, 0, s, session[s].tunnel, "No free RADIUS sessions for Stop message\n");
+ LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Stop message\n");
STAT(radius_overflow);
}
else
if (session[s].radius)
radiusclear(session[s].radius, s); // cant send clean accounting data, session is killed
- LOG(2, 0, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason);
+ LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason);
memset(&session[s], 0, sizeof(session[s]));
session[s].tunnel = T_FREE; // Mark it as free.
// free tunnel
tunnelclear(t);
- LOG(1, 0, 0, t, "Kill tunnel %d: %s\n", t, reason);
+ LOG(1, 0, t, "Kill tunnel %d: %s\n", t, reason);
cli_tunnel_actions[s].action = 0;
cluster_send_tunnel(t);
}
tunnelkill(t, reason);
return;
}
- LOG(1, 0, 0, t, "Shutting down tunnel %d (%s)\n", t, reason);
+ LOG(1, 0, t, "Shutting down tunnel %d (%s)\n", t, reason);
// close session
for (s = 1; s < MAXSESSION; s++)
INC_STAT(tunnel_rx_bytes, len);
if (len < 6)
{
- LOG(1, ntohl(addr->sin_addr.s_addr), 0, 0, "Short UDP, %d bytes\n", len);
+ LOG(1, 0, 0, "Short UDP, %d bytes\n", len);
STAT(tunnel_rx_errors);
return;
}
if ((buf[1] & 0x0F) != 2)
{
- LOG(1, ntohl(addr->sin_addr.s_addr), 0, 0, "Bad L2TP ver %d\n", (buf[1] & 0x0F) != 2);
+ LOG(1, 0, 0, "Bad L2TP ver %d\n", (buf[1] & 0x0F) != 2);
STAT(tunnel_rx_errors);
return;
}
p += 2;
if (s >= MAXSESSION)
{
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Received UDP packet with invalid session ID\n");
+ LOG(1, s, t, "Received UDP packet with invalid session ID\n");
STAT(tunnel_rx_errors);
return;
}
if (t >= MAXTUNNEL)
{
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Received UDP packet with invalid tunnel ID\n");
+ LOG(1, s, t, "Received UDP packet with invalid tunnel ID\n");
STAT(tunnel_rx_errors);
return;
}
}
if ((p - buf) > l)
{
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Bad length %d>%d\n", (p - buf), l);
+ LOG(1, s, t, "Bad length %d>%d\n", (p - buf), l);
STAT(tunnel_rx_errors);
return;
}
if ((*buf & 0xCA) != 0xC8)
{
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Bad control header %02X\n", *buf);
+ LOG(1, s, t, "Bad control header %02X\n", *buf);
STAT(tunnel_rx_errors);
return;
}
tunnel[i].port != ntohs(addr->sin_port) )
continue;
t = i;
- LOG(3, ntohl(addr->sin_addr.s_addr), s, t, "Duplicate SCCRQ?\n");
+ LOG(3, s, t, "Duplicate SCCRQ?\n");
break;
}
}
- LOG(3, ntohl(addr->sin_addr.s_addr), s, t, "Control message (%d bytes): (unacked %d) l-ns %d l-nr %d r-ns %d r-nr %d\n",
- l, tunnel[t].controlc, tunnel[t].ns, tunnel[t].nr, ns, nr);
+ LOG(3, s, t, "Control message (%d bytes): (unacked %d) l-ns %d l-nr %d r-ns %d r-nr %d\n",
+ l, tunnel[t].controlc, tunnel[t].ns, tunnel[t].nr, ns, nr);
// if no tunnel specified, assign one
if (!t)
{
if (!(t = new_tunnel()))
{
- LOG(1, ntohl(addr->sin_addr.s_addr), 0, 0, "No more tunnels\n");
+ LOG(1, 0, 0, "No more tunnels\n");
STAT(tunnel_overflow);
return;
}
tunnel[t].port = ntohs(addr->sin_port);
tunnel[t].window = 4; // default window
STAT(tunnel_created);
- LOG(1, ntohl(addr->sin_addr.s_addr), 0, t, " New tunnel from %u.%u.%u.%u/%u ID %d\n",
- tunnel[t].ip >> 24, tunnel[t].ip >> 16 & 255,
- tunnel[t].ip >> 8 & 255, tunnel[t].ip & 255, tunnel[t].port, t);
+ LOG(1, 0, t, " New tunnel from %s:%u ID %d\n",
+ fmtaddr(htonl(tunnel[t].ip), 0), tunnel[t].port, t);
}
// If the 'ns' just received is not the 'nr' we're
{
// is this the sequence we were expecting?
STAT(tunnel_rx_errors);
- LOG(1, ntohl(addr->sin_addr.s_addr), 0, t, " Out of sequence tunnel %d, (%d is not the expected %d)\n",
+ LOG(1, 0, t, " Out of sequence tunnel %d, (%d is not the expected %d)\n",
t, ns, tunnel[t].nr);
if (l) // Is this not a ZLB?
p += n; // next
if (l < n)
{
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Invalid length in AVP\n");
+ LOG(1, s, t, "Invalid length in AVP\n");
STAT(tunnel_rx_errors);
fatal = flags;
return;
// handle hidden AVPs
if (!*config->l2tpsecret)
{
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Hidden AVP requested, but no L2TP secret.\n");
+ LOG(1, s, t, "Hidden AVP requested, but no L2TP secret.\n");
fatal = flags;
continue;
}
if (!session[s].random_vector_length)
{
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Hidden AVP requested, but no random vector.\n");
+ LOG(1, s, t, "Hidden AVP requested, but no random vector.\n");
fatal = flags;
continue;
}
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, "Hidden AVP\n");
+ LOG(4, s, t, "Hidden AVP\n");
// Unhide the AVP
n = unhide_avp(b, t, s, n);
if (n == 0)
}
if (*b & 0x3C)
{
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Unrecognised AVP flags %02X\n", *b);
+ LOG(1, s, t, "Unrecognised AVP flags %02X\n", *b);
fatal = flags;
continue; // next
}
b += 2;
if (*(u16 *) (b))
{
- LOG(2, ntohl(addr->sin_addr.s_addr), s, t, "Unknown AVP vendor %d\n", ntohs(*(u16 *) (b)));
+ LOG(2, s, t, "Unknown AVP vendor %d\n", ntohs(*(u16 *) (b)));
fatal = flags;
continue; // next
}
b += 2;
n -= 6;
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " AVP %d (%s) len %d\n", mtype, avpnames[mtype], n);
+ LOG(4, s, t, " AVP %d (%s) len %d\n", mtype, avpnames[mtype], n);
switch (mtype)
{
case 0: // message type
message = ntohs(*(u16 *) b);
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Message type = %d (%s)\n", *b,
- l2tp_message_types[message]);
+ LOG(4, s, t, " Message type = %d (%s)\n", *b, l2tp_message_types[message]);
mandatorymessage = flags;
break;
case 1: // result code
resdesc = cdn_result_codes[rescode];
}
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Result Code %d: %s\n",
- rescode, resdesc);
+ LOG(4, s, t, " Result Code %d: %s\n", rescode, resdesc);
if (n >= 4)
{
u16 errcode = ntohs(*(u16 *)(b + 2));
const char* errdesc = "(unknown)";
if (errcode <= MAX_ERROR_CODE)
errdesc = error_codes[errcode];
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Error Code %d: %s\n",
- errcode, errdesc);
+ LOG(4, s, t, " Error Code %d: %s\n", errcode, errdesc);
}
if (n > 4)
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Error String: %.*s\n",
- n-4, b+4);
+ LOG(4, s, t, " Error String: %.*s\n", n-4, b+4);
break;
}
case 2: // protocol version
{
version = ntohs(*(u16 *) (b));
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Protocol version = %d\n", version);
+ LOG(4, s, t, " Protocol version = %d\n", version);
if (version && version != 0x0100)
{ // allow 0.0 and 1.0
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, " Bad protocol version %04X\n",
- version);
+ LOG(1, s, t, " Bad protocol version %04X\n", version);
fatal = flags;
continue; // next
}
}
break;
case 3: // framing capabilities
-// LOG(4, ntohl(addr->sin_addr.s_addr), s, t, "Framing capabilities\n");
+// LOG(4, s, t, "Framing capabilities\n");
break;
case 4: // bearer capabilities
-// LOG(4, ntohl(addr->sin_addr.s_addr), s, t, "Bearer capabilities\n");
+// LOG(4, s, t, "Bearer capabilities\n");
break;
case 5: // tie breaker
// We never open tunnels, so we don't care about tie breakers
-// LOG(4, ntohl(addr->sin_addr.s_addr), s, t, "Tie breaker\n");
+// LOG(4, s, t, "Tie breaker\n");
continue;
case 6: // firmware revision
-// LOG(4, ntohl(addr->sin_addr.s_addr), s, t, "Firmware revision\n");
+// LOG(4, s, t, "Firmware revision\n");
break;
case 7: // host name
memset(tunnel[t].hostname, 0, 128);
memcpy(tunnel[t].hostname, b, (n >= 127) ? 127 : n);
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Tunnel hostname = \"%s\"\n", tunnel[t].hostname);
+ LOG(4, s, t, " Tunnel hostname = \"%s\"\n", tunnel[t].hostname);
// TBA - to send to RADIUS
break;
case 8: // vendor name
memset(tunnel[t].vendor, 0, sizeof(tunnel[t].vendor));
memcpy(tunnel[t].vendor, b, (n >= sizeof(tunnel[t].vendor) - 1) ? sizeof(tunnel[t].vendor) - 1 : n);
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Vendor name = \"%s\"\n", tunnel[t].vendor);
+ LOG(4, s, t, " Vendor name = \"%s\"\n", tunnel[t].vendor);
break;
case 9: // assigned tunnel
tunnel[t].far = ntohs(*(u16 *) (b));
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Remote tunnel id = %d\n", tunnel[t].far);
+ LOG(4, s, t, " Remote tunnel id = %d\n", tunnel[t].far);
break;
case 10: // rx window
tunnel[t].window = ntohs(*(u16 *) (b));
if (!tunnel[t].window)
tunnel[t].window = 1; // window of 0 is silly
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " rx window = %d\n", tunnel[t].window);
+ LOG(4, s, t, " rx window = %d\n", tunnel[t].window);
break;
case 11: // Challenge
{
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " LAC requested CHAP authentication for tunnel\n");
+ LOG(4, s, t, " LAC requested CHAP authentication for tunnel\n");
build_chap_response(b, 2, n, &chapresponse);
}
break;
case 13: // Response
// Why did they send a response? We never challenge.
- LOG(2, ntohl(addr->sin_addr.s_addr), s, t, " received unexpected challenge response\n");
+ LOG(2, s, t, " received unexpected challenge response\n");
break;
case 14: // assigned session
asession = session[s].far = ntohs(*(u16 *) (b));
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " assigned session = %d\n", asession);
+ LOG(4, s, t, " assigned session = %d\n", asession);
break;
case 15: // call serial number
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " call serial number = %d\n", ntohl(*(u32 *)b));
+ LOG(4, s, t, " call serial number = %d\n", ntohl(*(u32 *)b));
break;
case 18: // bearer type
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " bearer type = %d\n", ntohl(*(u32 *)b));
+ LOG(4, s, t, " bearer type = %d\n", ntohl(*(u32 *)b));
// TBA - for RADIUS
break;
case 19: // framing type
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " framing type = %d\n", ntohl(*(u32 *)b));
+ LOG(4, s, t, " framing type = %d\n", ntohl(*(u32 *)b));
// TBA
break;
case 21: // called number
memset(called, 0, MAXTEL);
memcpy(called, b, (n >= MAXTEL) ? (MAXTEL-1) : n);
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Called <%s>\n", called);
+ LOG(4, s, t, " Called <%s>\n", called);
break;
case 22: // calling number
memset(calling, 0, MAXTEL);
memcpy(calling, b, (n >= MAXTEL) ? (MAXTEL-1) : n);
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Calling <%s>\n", calling);
+ LOG(4, s, t, " Calling <%s>\n", calling);
break;
case 23: // subtype
break;
memcpy(tmp, b, (n >= 30) ? 30 : n);
session[s].tx_connect_speed = atol(tmp);
}
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " TX connect speed <%u>\n",
- session[s].tx_connect_speed);
+ LOG(4, s, t, " TX connect speed <%u>\n", session[s].tx_connect_speed);
break;
case 38: // rx connect speed
if (n == 4)
memcpy(tmp, b, (n >= 30) ? 30 : n);
session[s].rx_connect_speed = atol(tmp);
}
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " RX connect speed <%u>\n",
- session[s].rx_connect_speed);
+ LOG(4, s, t, " RX connect speed <%u>\n", session[s].rx_connect_speed);
break;
case 25: // Physical Channel ID
{
u32 tmp = ntohl(*(u32 *)b);
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Physical Channel ID <%X>\n", tmp);
+ LOG(4, s, t, " Physical Channel ID <%X>\n", tmp);
break;
}
case 29: // Proxy Authentication Type
{
u16 authtype = ntohs(*(u16 *)b);
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Proxy Auth Type %d (%s)\n",
- authtype, authtypes[authtype]);
+ LOG(4, s, t, " Proxy Auth Type %d (%s)\n", authtype, authtypes[authtype]);
requestchap = (authtype == 2);
break;
}
{
char authname[64] = {0};
memcpy(authname, b, (n > 63) ? 63 : n);
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Proxy Auth Name (%s)\n",
+ LOG(4, s, t, " Proxy Auth Name (%s)\n",
authname);
break;
}
case 31: // Proxy Authentication Challenge
{
memcpy(radius[session[s].radius].auth, b, 16);
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Proxy Auth Challenge\n");
+ LOG(4, s, t, " Proxy Auth Challenge\n");
break;
}
case 32: // Proxy Authentication ID
{
u16 authid = ntohs(*(u16 *)(b));
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Proxy Auth ID (%d)\n",
- authid);
+ LOG(4, s, t, " Proxy Auth ID (%d)\n", authid);
if (session[s].radius)
radius[session[s].radius].id = authid;
break;
{
char authresp[64] = {0};
memcpy(authresp, b, (n > 63) ? 63 : n);
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Proxy Auth Response\n");
+ LOG(4, s, t, " Proxy Auth Response\n");
break;
}
case 27: // last send lcp
case 39: // seq required - we control it as an LNS anyway...
break;
case 36: // Random Vector
- LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Random Vector received. Enabled AVP Hiding.\n");
+ LOG(4, s, t, " Random Vector received. Enabled AVP Hiding.\n");
memset(session[s].random_vector, 0, sizeof(session[s].random_vector));
memcpy(session[s].random_vector, b, n);
session[s].random_vector_length = n;
break;
default:
- LOG(2, ntohl(addr->sin_addr.s_addr), s, t, " Unknown AVP type %d\n", mtype);
+ LOG(2, s, t, " Unknown AVP type %d\n", mtype);
fatal = flags;
continue; // next
}
// make a RADIUS session
if (!(r = radiusnew(s)))
{
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "No free RADIUS sessions for ICRQ\n");
+ LOG(1, s, t, "No free RADIUS sessions for ICRQ\n");
sessionkill(s, "no free RADIUS sesions");
return;
}
session[s].tunnel = t;
session[s].far = asession;
session[s].last_packet = time_now;
- LOG(3, ntohl(addr->sin_addr.s_addr), s, t, "New session (%d/%d)\n", tunnel[t].far, session[s].far);
+ LOG(3, s, t, "New session (%d/%d)\n", tunnel[t].far, session[s].far);
control16(c, 14, s, 1); // assigned session
controladd(c, t, s); // send the reply
{
if (amagic == 0) amagic = time_now;
session[s].magic = amagic; // set magic number
session[s].l2tp_flags = aflags; // set flags received
- LOG(3, ntohl(addr->sin_addr.s_addr), s, t, "Magic %X Flags %X\n", amagic, aflags);
+ LOG(3, s, t, "Magic %X Flags %X\n", amagic, aflags);
controlnull(t); // ack
// In CHAP state, request PAP instead
if (requestchap)
sessionshutdown(s, "Closed (Received CDN)");
break;
case 0xFFFF:
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Missing message type\n");
+ LOG(1, s, t, "Missing message type\n");
break;
default:
STAT(tunnel_rx_errors);
if (mandatorymessage & 0x80)
tunnelshutdown(t, "Unknown message");
else
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Unknown message type %d\n", message);
+ LOG(1, s, t, "Unknown message type %d\n", message);
break;
}
if (chapresponse) free(chapresponse);
}
else
{
- LOG(4, 0, s, t, " Got a ZLB ack\n");
+ LOG(4, s, t, " Got a ZLB ack\n");
}
}
else
}
if (l < 2)
{
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Short ppp length %d\n", l);
+ LOG(1, s, t, "Short ppp length %d\n", l);
STAT(tunnel_rx_errors);
return;
}
}
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "UDP packet contains session %d "
- "but no session[%d].tunnel exists (LAC said"
- " tunnel = %d). Dropping packet.\n", s, s, t);
+ LOG(1, s, t, "UDP packet contains session %d but no session[%d].tunnel "
+ "exists (LAC said tunnel = %d). Dropping packet.\n", s, s, t);
+
STAT(tunnel_rx_errors);
return;
}
if (session[s].die)
{
- LOG(3, ntohl(addr->sin_addr.s_addr), s, t, "Session %d is closing. Don't process PPP packets\n", s);
+ LOG(3, s, t, "Session %d is closing. Don't process PPP packets\n", s);
// I'm pretty sure this isn't right -- mo.
// return; // closing session, PPP not processed
}
else
{
STAT(tunnel_rx_errors);
- LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Unknown PPP protocol %04X\n", prot);
+ LOG(1, s, t, "Unknown PPP protocol %04X\n", prot);
}
}
}
eth_rx += len;
if (len < 22)
{
- LOG(1, 0, 0, 0, "Short tun packet %d bytes\n", len);
+ LOG(1, 0, 0, "Short tun packet %d bytes\n", len);
STAT(tun_rx_errors);
return;
}
static clockt next_acct = 0;
int a;
- LOG(3, 0, 0, 0, "Begin regular cleanup\n");
+ LOG(3, 0, 0, "Begin regular cleanup\n");
for (r = 1; r < MAXRADIUS; r++)
{
{
controlt *c = controlnew(6); // sending HELLO
controladd(c, t, 0); // send the message
- LOG(3, tunnel[t].ip, 0, t, "Sending HELLO message\n");
+ LOG(3, 0, t, "Sending HELLO message\n");
}
// Check for tunnel changes requested from the CLI
cli_tunnel_actions[t].action = 0;
if (a & CLI_TUN_KILL)
{
- LOG(2, tunnel[t].ip, 0, t, "Dropping tunnel by CLI\n");
+ LOG(2, 0, t, "Dropping tunnel by CLI\n");
tunnelshutdown(t, "Requested by administrator");
}
}
if (!session[s].die && session[s].ip && !(session[s].flags & SF_IPCP_ACKED))
{
// IPCP has not completed yet. Resend
- LOG(3, session[s].ip, s, session[s].tunnel, "No ACK for initial IPCP ConfigReq... resending\n");
+ LOG(3, s, session[s].tunnel, "No ACK for initial IPCP ConfigReq... resending\n");
sendipcp(session[s].tunnel, s);
}
*(u16 *)(q + 2) = htons(8); // Length
*(u32 *)(q + 4) = 0; // Magic Number (not supported)
- LOG(4, session[s].ip, s, session[s].tunnel, "No data in %d seconds, sending LCP ECHO\n",
+ LOG(4, s, session[s].tunnel, "No data in %d seconds, sending LCP ECHO\n",
(int)(time_now - session[s].last_packet));
tunnelsend(b, 24, session[s].tunnel); // send it
if (++count >= MAX_ACTIONS) break;
cli_session_actions[s].action = 0;
if (a & CLI_SESS_KILL)
{
- LOG(2, 0, s, session[s].tunnel, "Dropping session by CLI\n");
+ LOG(2, s, session[s].tunnel, "Dropping session by CLI\n");
sessionshutdown(s, "Requested by administrator");
a = 0; // dead, no need to check for other actions
}
if (a & CLI_SESS_NOSNOOP)
{
- LOG(2, 0, s, session[s].tunnel, "Unsnooping session by CLI\n");
+ LOG(2, s, session[s].tunnel, "Unsnooping session by CLI\n");
session[s].snoop_ip = 0;
session[s].snoop_port = 0;
send++;
}
else if (a & CLI_SESS_SNOOP)
{
- LOG(2, 0, s, session[s].tunnel, "Snooping session by CLI (to %s:%d)\n",
- inet_toa(cli_session_actions[s].snoop_ip), cli_session_actions[s].snoop_port);
+ LOG(2, s, session[s].tunnel, "Snooping session by CLI (to %s:%d)\n",
+ fmtaddr(cli_session_actions[s].snoop_ip, 0),
+ cli_session_actions[s].snoop_port);
session[s].snoop_ip = cli_session_actions[s].snoop_ip;
session[s].snoop_port = cli_session_actions[s].snoop_port;
if (a & CLI_SESS_NOTHROTTLE)
{
- LOG(2, 0, s, session[s].tunnel, "Un-throttling session by CLI\n");
+ LOG(2, s, session[s].tunnel, "Un-throttling session by CLI\n");
throttle_session(s, 0, 0);
send++;
}
else if (a & CLI_SESS_THROTTLE)
{
- LOG(2, 0, s, session[s].tunnel, "Throttling session by CLI (to %dkb/s up and %dkb/s down)\n",
+ LOG(2, s, session[s].tunnel, "Throttling session by CLI (to %dkb/s up and %dkb/s down)\n",
cli_session_actions[s].throttle_in,
cli_session_actions[s].throttle_out);
if (a & CLI_SESS_NOFILTER)
{
- LOG(2, 0, s, session[s].tunnel, "Un-filtering session by CLI\n");
+ LOG(2, s, session[s].tunnel, "Un-filtering session by CLI\n");
filter_session(s, 0, 0);
send++;
}
else if (a & CLI_SESS_FILTER)
{
- LOG(2, 0, s, session[s].tunnel, "Filtering session by CLI (in=%d, out=%d)\n",
+ LOG(2, s, session[s].tunnel, "Filtering session by CLI (in=%d, out=%d)\n",
cli_session_actions[s].filter_in,
cli_session_actions[s].filter_out);
if (count >= MAX_ACTIONS)
return 1; // Didn't finish!
- LOG(3, 0, 0, 0, "End regular cleanup (%d actions), next in %d seconds\n", count, config->cleanup_interval);
+ LOG(3, 0, 0, "End regular cleanup (%d actions), next in %d seconds\n", count, config->cleanup_interval);
return 0;
}
if (last_talked != TIME)
{
- LOG(2,0,0,0, "Tunnel %d still has un-acked control messages.\n", i);
+ LOG(2, 0, 0, "Tunnel %d still has un-acked control messages.\n", i);
last_talked = TIME;
}
return 1;
// We stop waiting for radius after BUSY_WAIT_TIME 1/10th seconds
if (abs(TIME - start_busy_wait) > BUSY_WAIT_TIME)
{
- LOG(1, 0, 0, 0, "Giving up waiting for RADIUS to be empty. Shutting down anyway.\n");
+ LOG(1, 0, 0, "Giving up waiting for RADIUS to be empty. Shutting down anyway.\n");
return 0;
}
if (last_talked != TIME)
{
- LOG(2,0,0,0, "Radius session %d is still busy (sid %d)\n", i, radius[i].session);
+ LOG(2, 0, 0, "Radius session %d is still busy (sid %d)\n", i, radius[i].session);
last_talked = TIME;
}
return 1;
clockt next_cluster_ping = 0; // send initial ping immediately
time_t next_clean = time_now + config->cleanup_interval;
- LOG(4, 0, 0, 0, "Beginning of main loop. udpfd=%d, tunfd=%d, cluster_sockfd=%d, controlfd=%d\n",
- udpfd, tunfd, cluster_sockfd, controlfd);
+ LOG(4, 0, 0, "Beginning of main loop. udpfd=%d, tunfd=%d, cluster_sockfd=%d, controlfd=%d\n",
+ udpfd, tunfd, cluster_sockfd, controlfd);
FD_ZERO(&readset);
FD_SET(udpfd, &readset);
errno == ECHILD) // EINTR was clobbered by sigchild_handler()
continue;
- LOG(0, 0, 0, 0, "Error returned from select(): %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error returned from select(): %s\n", strerror(errno));
main_quit++;
break;
}
if ((sockfd = accept(clifd, (struct sockaddr *)&addr, &len)) <= 0)
{
- LOG(0, 0, 0, 0, "accept error: %s\n", strerror(errno));
+ LOG(0, 0, 0, "accept error: %s\n", strerror(errno));
continue;
}
else
if (!(_statistics = shared_malloc(sizeof(struct Tstats))))
{
- LOG(0, 0, 0, 0, "Error doing malloc for _statistics: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error doing malloc for _statistics: %s\n", strerror(errno));
exit(1);
}
if (!(config = shared_malloc(sizeof(configt))))
{
- LOG(0, 0, 0, 0, "Error doing malloc for configuration: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error doing malloc for configuration: %s\n", strerror(errno));
exit(1);
}
memset(config, 0, sizeof(configt));
if (!(tunnel = shared_malloc(sizeof(tunnelt) * MAXTUNNEL)))
{
- LOG(0, 0, 0, 0, "Error doing malloc for tunnels: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error doing malloc for tunnels: %s\n", strerror(errno));
exit(1);
}
if (!(session = shared_malloc(sizeof(sessiont) * MAXSESSION)))
{
- LOG(0, 0, 0, 0, "Error doing malloc for sessions: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error doing malloc for sessions: %s\n", strerror(errno));
exit(1);
}
if (!(sess_count = shared_malloc(sizeof(sessioncountt) * MAXSESSION)))
{
- LOG(0, 0, 0, 0, "Error doing malloc for sessions_count: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error doing malloc for sessions_count: %s\n", strerror(errno));
exit(1);
}
if (!(radius = shared_malloc(sizeof(radiust) * MAXRADIUS)))
{
- LOG(0, 0, 0, 0, "Error doing malloc for radius: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error doing malloc for radius: %s\n", strerror(errno));
exit(1);
}
if (!(ip_address_pool = shared_malloc(sizeof(ippoolt) * MAXIPPOOL)))
{
- LOG(0, 0, 0, 0, "Error doing malloc for ip_address_pool: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error doing malloc for ip_address_pool: %s\n", strerror(errno));
exit(1);
}
if (!(ip_filters = shared_malloc(sizeof(ip_filtert) * MAXFILTER)))
{
- LOG(0, 0, 0, 0, "Error doing malloc for ip_filters: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error doing malloc for ip_filters: %s\n", strerror(errno));
exit(1);
}
memset(ip_filters, 0, sizeof(ip_filtert) * MAXFILTER);
#ifdef RINGBUFFER
if (!(ringbuffer = shared_malloc(sizeof(struct Tringbuffer))))
{
- LOG(0, 0, 0, 0, "Error doing malloc for ringbuffer: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error doing malloc for ringbuffer: %s\n", strerror(errno));
exit(1);
}
memset(ringbuffer, 0, sizeof(struct Tringbuffer));
if (!(cli_session_actions = shared_malloc(sizeof(struct cli_session_actions) * MAXSESSION)))
{
- LOG(0, 0, 0, 0, "Error doing malloc for cli session actions: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error doing malloc for cli session actions: %s\n", strerror(errno));
exit(1);
}
memset(cli_session_actions, 0, sizeof(struct cli_session_actions) * MAXSESSION);
if (!(cli_tunnel_actions = shared_malloc(sizeof(struct cli_tunnel_actions) * MAXSESSION)))
{
- LOG(0, 0, 0, 0, "Error doing malloc for cli tunnel actions: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error doing malloc for cli tunnel actions: %s\n", strerror(errno));
exit(1);
}
memset(cli_tunnel_actions, 0, sizeof(struct cli_tunnel_actions) * MAXSESSION);
#ifdef BGP
if (!(bgp_peers = shared_malloc(sizeof(struct bgp_peer) * BGP_NUM_PEERS)))
{
- LOG(0, 0, 0, 0, "Error doing malloc for bgp: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error doing malloc for bgp: %s\n", strerror(errno));
exit(1);
}
#endif /* BGP */
if (best < 0)
{
- LOG(0, 0, s, session[s].tunnel, "assign_ip_address(): out of addresses\n");
+ LOG(0, s, session[s].tunnel, "assign_ip_address(): out of addresses\n");
return 0;
}
strncpy(ip_address_pool[best].user, u, sizeof(ip_address_pool[best].user) - 1);
STAT(ip_allocated);
- LOG(4, ip_address_pool[best].address, s, session[s].tunnel,
- "assign_ip_address(): %s ip address %d from pool\n", reuse ? "Reusing" : "Allocating", best);
+ LOG(4, s, session[s].tunnel, "assign_ip_address(): %s ip address %d from pool\n",
+ reuse ? "Reusing" : "Allocating", best);
return 1;
}
if (ipid < 1) // Not found in the pool either? good.
continue;
- LOG(0, 0, i, 0, "Session %d has an IP address (%s) that was marked static, but is in the pool (%d)!\n",
- i, inet_toa(session[i].ip), ipid);
+ LOG(0, i, 0, "Session %d has an IP address (%s) that was marked static, but is in the pool (%d)!\n",
+ i, fmtaddr(session[i].ip, 0), ipid);
// Fall through and process it as part of the pool.
}
if (ipid > MAXIPPOOL || ipid < 0)
{
- LOG(0, 0, i, 0, "Session %d has a pool IP that's not found in the pool! (%d)\n", i, ipid);
+ LOG(0, i, 0, "Session %d has a pool IP that's not found in the pool! (%d)\n", i, ipid);
ipid = -1;
session[i].ip_pool_index = ipid;
continue;
++ip_pool_size;
if (ip_pool_size >= MAXIPPOOL)
{
- LOG(0,0,0,0, "Overflowed IP pool adding %s\n", inet_toa(htonl(addr)) );
+ LOG(0, 0, 0, "Overflowed IP pool adding %s\n", fmtaddr(htonl(addr), 0));
return;
}
}
if (!(f = fopen(IPPOOLFILE, "r")))
{
- LOG(0, 0, 0, 0, "Can't load pool file " IPPOOLFILE ": %s\n", strerror(errno));
+ LOG(0, 0, 0, "Can't load pool file " IPPOOLFILE ": %s\n", strerror(errno));
exit(1);
}
src = inet_addr(buf);
if (src == INADDR_NONE)
{
- LOG(0, 0, 0, 0, "Invalid address pool IP %s\n", buf);
+ LOG(0, 0, 0, "Invalid address pool IP %s\n", buf);
exit(1);
}
// This entry is for a specific IP only
int numbits = 0;
u32 start = 0, mask = 0;
- LOG(2, 0, 0, 0, "Adding IP address range %s\n", buf);
+ LOG(2, 0, 0, "Adding IP address range %s\n", buf);
*p++ = 0;
if (!*p || !(numbits = atoi(p)))
{
- LOG(0, 0, 0, 0, "Invalid pool range %s\n", buf);
+ LOG(0, 0, 0, "Invalid pool range %s\n", buf);
continue;
}
start = ntohl(inet_addr(pool));
mask = (u32)(pow(2, numbits) - 1) << (32 - numbits);
// Add a static route for this pool
- LOG(5, 0, 0, 0, "Adding route for address pool %s/%u\n", inet_toa(htonl(start)), 32 + mask);
+ LOG(5, 0, 0, "Adding route for address pool %s/%u\n",
+ fmtaddr(htonl(start), 0), 32 + mask);
+
routeset(0, start, mask, 0, 1);
add_to_ip_pool(start, mask);
}
}
fclose(f);
- LOG(1, 0, 0, 0, "IP address pool is %d addresses\n", ip_pool_size - 1);
+ LOG(1, 0, 0, "IP address pool is %d addresses\n", ip_pool_size - 1);
}
void snoop_send_packet(char *packet, u16 size, ipt destination, u16 port)
snoop_addr.sin_addr.s_addr = destination;
snoop_addr.sin_port = ntohs(port);
- LOG(5, 0, 0, 0, "Snooping packet at %p (%d bytes) to %s:%d\n",
- packet, size, inet_toa(snoop_addr.sin_addr.s_addr), htons(snoop_addr.sin_port));
+ LOG(5, 0, 0, "Snooping packet at %p (%d bytes) to %s:%d\n",
+ packet, size, fmtaddr(snoop_addr.sin_addr.s_addr, 0),
+ htons(snoop_addr.sin_port));
+
if (sendto(snoopfd, packet, size, MSG_DONTWAIT | MSG_NOSIGNAL, (void *) &snoop_addr, sizeof(snoop_addr)) < 0)
- LOG(0, 0, 0, 0, "Error sending intercept packet: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error sending intercept packet: %s\n", strerror(errno));
+
STAT(packets_snooped);
}
time_t now = time(NULL);
if (!(f = fopen(filename, "w")))
{
- LOG(0, 0, 0, 0, "Can't write accounting info to %s: %s\n", filename, strerror(errno));
+ LOG(0, 0, 0, "Can't write accounting info to %s: %s\n", filename, strerror(errno));
return ;
}
- LOG(3, 0, 0, 0, "Dumping accounting information to %s\n", filename);
+ LOG(3, 0, 0, "Dumping accounting information to %s\n", filename);
fprintf(f, "# dslwatch.pl dump file V1.01\n"
"# host: %s\n"
"# time: %ld\n"
now - basetime);
}
- LOG(4, 0, 0, 0, "Dumping accounting information for %s\n", session[i].user);
+ LOG(4, 0, 0, "Dumping accounting information for %s\n", session[i].user);
fprintf(f, "%s %s %d %u %u\n",
session[i].user, // username
- inet_toa(htonl(session[i].ip)), // ip
+ fmtaddr(htonl(session[i].ip), 0), // ip
(session[i].throttle_in || session[i].throttle_out) ? 2 : 1, // qos
(u32)session[i].cin, // uptxoctets
(u32)session[i].cout); // downrxoctets
read_config_file();
init_tbf(config->num_tbfs);
- LOG(0, 0, 0, 0, "L2TPNS version " VERSION "\n");
- LOG(0, 0, 0, 0, "Copyright (c) 2003, 2004 Optus Internet Engineering\n");
- LOG(0, 0, 0, 0, "Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced\n");
+ LOG(0, 0, 0, "L2TPNS version " VERSION "\n");
+ LOG(0, 0, 0, "Copyright (c) 2003, 2004 Optus Internet Engineering\n");
+ LOG(0, 0, 0, "Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced\n");
{
struct rlimit rlim;
rlim.rlim_cur = RLIM_INFINITY;
rlim.rlim_max = RLIM_INFINITY;
// Remove the maximum core size
if (setrlimit(RLIMIT_CORE, &rlim) < 0)
- LOG(0, 0, 0, 0, "Can't set ulimit: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Can't set ulimit: %s\n", strerror(errno));
+
// Make core dumps go to /tmp
chdir("/tmp");
}
if (get_nprocs() < 2)
{
- LOG(0, 0, 0, 0, "Not using FIFO scheduler, there is only 1 processor in the system.\n");
+ LOG(0, 0, 0, "Not using FIFO scheduler, there is only 1 processor in the system.\n");
config->scheduler_fifo = 0;
}
else
{
if ((ret = sched_setscheduler(0, SCHED_FIFO, ¶ms)) == 0)
{
- LOG(1, 0, 0, 0, "Using FIFO scheduler. Say goodbye to any other processes running\n");
+ LOG(1, 0, 0, "Using FIFO scheduler. Say goodbye to any other processes running\n");
}
else
{
- LOG(0, 0, 0, 0, "Error setting scheduler to FIFO: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Error setting scheduler to FIFO: %s\n", strerror(errno));
config->scheduler_fifo = 0;
}
}
#endif /* BGP */
inittun();
- LOG(1, 0, 0, 0, "Set up on interface %s\n", config->tundevice);
+ LOG(1, 0, 0, "Set up on interface %s\n", config->tundevice);
initudp();
initrad();
if (config->lock_pages)
{
if (!mlockall(MCL_CURRENT))
- LOG(1, 0, 0, 0, "Locking pages into memory\n");
+ LOG(1, 0, 0, "Locking pages into memory\n");
else
- LOG(0, 0, 0, 0, "Can't lock pages: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Can't lock pages: %s\n", strerror(errno));
}
alarm(1);
static void sigterm_handler(int sig)
{
- LOG(1, 0, 0, 0, "Shutting down cleanly\n");
+ LOG(1, 0, 0, "Shutting down cleanly\n");
if (config->save_state)
dump_state();
{
int i;
- LOG(1, 0, 0, 0, "Shutting down without saving sessions\n");
+ LOG(1, 0, 0, "Shutting down without saving sessions\n");
for (i = 1; i < MAXSESSION; i++)
{
if (session[i].opened)
if (sb.st_mtime < (time(NULL) - 60))
{
- LOG(0, 0, 0, 0, "State file is too old to read, ignoring\n");
+ LOG(0, 0, 0, "State file is too old to read, ignoring\n");
unlink(STATEFILE);
return ;
}
if (!f)
{
- LOG(0, 0, 0, 0, "Can't read state file: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Can't read state file: %s\n", strerror(errno));
exit(1);
}
if (fread(magic, sizeof(magic), 1, f) != 1 || strncmp(magic, DUMP_MAGIC, sizeof(magic)))
{
- LOG(0, 0, 0, 0, "Bad state file magic\n");
+ LOG(0, 0, 0, "Bad state file magic\n");
exit(1);
}
- LOG(1, 0, 0, 0, "Reading state information\n");
+ LOG(1, 0, 0, "Reading state information\n");
if (fread(buf, sizeof(buf), 1, f) != 1 || buf[0] > MAXIPPOOL || buf[1] != sizeof(ippoolt))
{
- LOG(0, 0, 0, 0, "Error/mismatch reading ip pool header from state file\n");
+ LOG(0, 0, 0, "Error/mismatch reading ip pool header from state file\n");
exit(1);
}
if (buf[0] > ip_pool_size)
{
- LOG(0, 0, 0, 0, "ip pool has shrunk! state = %d, current = %d\n", buf[0], ip_pool_size);
+ LOG(0, 0, 0, "ip pool has shrunk! state = %d, current = %d\n", buf[0], ip_pool_size);
exit(1);
}
- LOG(2, 0, 0, 0, "Loading %u ip addresses\n", buf[0]);
+ LOG(2, 0, 0, "Loading %u ip addresses\n", buf[0]);
for (i = 0; i < buf[0]; i++)
{
if (fread(&itmp, sizeof(itmp), 1, f) != 1)
{
- LOG(0, 0, 0, 0, "Error reading ip %d from state file: %s\n", i, strerror(errno));
+ LOG(0, 0, 0, "Error reading ip %d from state file: %s\n", i, strerror(errno));
exit(1);
}
if (itmp.address != ip_address_pool[i].address)
{
- LOG(0, 0, 0, 0, "Mismatched ip %d from state file: pool may only be extended\n", i);
+ LOG(0, 0, 0, "Mismatched ip %d from state file: pool may only be extended\n", i);
exit(1);
}
if (fread(buf, sizeof(buf), 1, f) != 1 || buf[0] != MAXTUNNEL || buf[1] != sizeof(tunnelt))
{
- LOG(0, 0, 0, 0, "Error/mismatch reading tunnel header from state file\n");
+ LOG(0, 0, 0, "Error/mismatch reading tunnel header from state file\n");
exit(1);
}
- LOG(2, 0, 0, 0, "Loading %u tunnels\n", MAXTUNNEL);
+ LOG(2, 0, 0, "Loading %u tunnels\n", MAXTUNNEL);
if (fread(tunnel, sizeof(tunnelt), MAXTUNNEL, f) != MAXTUNNEL)
{
- LOG(0, 0, 0, 0, "Error reading tunnel data from state file\n");
+ LOG(0, 0, 0, "Error reading tunnel data from state file\n");
exit(1);
}
tunnel[i].controls = NULL;
tunnel[i].controle = NULL;
if (*tunnel[i].hostname)
- LOG(3, 0, 0, 0, "Created tunnel for %s\n", tunnel[i].hostname);
+ LOG(3, 0, 0, "Created tunnel for %s\n", tunnel[i].hostname);
}
if (fread(buf, sizeof(buf), 1, f) != 1 || buf[0] != MAXSESSION || buf[1] != sizeof(sessiont))
{
- LOG(0, 0, 0, 0, "Error/mismatch reading session header from state file\n");
+ LOG(0, 0, 0, "Error/mismatch reading session header from state file\n");
exit(1);
}
- LOG(2, 0, 0, 0, "Loading %u sessions\n", MAXSESSION);
+ LOG(2, 0, 0, "Loading %u sessions\n", MAXSESSION);
if (fread(session, sizeof(sessiont), MAXSESSION, f) != MAXSESSION)
{
- LOG(0, 0, 0, 0, "Error reading session data from state file\n");
+ LOG(0, 0, 0, "Error reading session data from state file\n");
exit(1);
}
session[i].tbf_out = 0;
if (session[i].opened)
{
- LOG(2, 0, i, 0, "Loaded active session for user %s\n", session[i].user);
+ LOG(2, i, 0, "Loaded active session for user %s\n", session[i].user);
if (session[i].ip)
sessionsetup(session[i].tunnel, i);
}
}
fclose(f);
- LOG(0, 0, 0, 0, "Loaded saved state information\n");
+ LOG(0, 0, 0, "Loaded saved state information\n");
}
static void dump_state()
if (!(f = fopen(STATEFILE, "w")))
break;
- LOG(1, 0, 0, 0, "Dumping state information\n");
+ LOG(1, 0, 0, "Dumping state information\n");
if (fwrite(DUMP_MAGIC, sizeof(DUMP_MAGIC) - 1, 1, f) != 1)
break;
- LOG(2, 0, 0, 0, "Dumping %u ip addresses\n", ip_pool_size);
+ LOG(2, 0, 0, "Dumping %u ip addresses\n", ip_pool_size);
buf[0] = ip_pool_size;
buf[1] = sizeof(ippoolt);
if (fwrite(buf, sizeof(buf), 1, f) != 1)
if (fwrite(ip_address_pool, sizeof(ippoolt), ip_pool_size, f) != ip_pool_size)
break;
- LOG(2, 0, 0, 0, "Dumping %u tunnels\n", MAXTUNNEL);
+ LOG(2, 0, 0, "Dumping %u tunnels\n", MAXTUNNEL);
buf[0] = MAXTUNNEL;
buf[1] = sizeof(tunnelt);
if (fwrite(buf, sizeof(buf), 1, f) != 1)
if (fwrite(tunnel, sizeof(tunnelt), MAXTUNNEL, f) != MAXTUNNEL)
break;
- LOG(2, 0, 0, 0, "Dumping %u sessions\n", MAXSESSION);
+ LOG(2, 0, 0, "Dumping %u sessions\n", MAXSESSION);
buf[0] = MAXSESSION;
buf[1] = sizeof(sessiont);
if (fwrite(buf, sizeof(buf), 1, f) != 1)
}
while (0);
- LOG(0, 0, 0, 0, "Can't write state information: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Can't write state information: %s\n", strerror(errno));
unlink(STATEFILE);
}
if (!*config->l2tpsecret)
{
- LOG(0, 0, 0, 0, "LNS requested CHAP authentication, but no l2tp secret is defined\n");
+ LOG(0, 0, 0, "LNS requested CHAP authentication, but no l2tp secret is defined\n");
return;
}
- LOG(4, 0, 0, 0, " Building challenge response for CHAP request\n");
+ LOG(4, 0, 0, " Building challenge response for CHAP request\n");
*challenge_response = (char *)calloc(17, 1);
}
if (!config->numradiusservers)
- {
- LOG(0, 0, 0, 0, "No RADIUS servers defined!\n");
- }
+ LOG(0, 0, 0, "No RADIUS servers defined!\n");
config->num_radfds = 2 << RADIUS_SHIFT;
if (config->cluster_hb_timeout < t)
{
- LOG(0,0,0,0, "Heartbeat timeout %d too low, adjusting to %d\n", config->cluster_hb_timeout, t);
+ LOG(0, 0, 0, "Heartbeat timeout %d too low, adjusting to %d\n", config->cluster_hb_timeout, t);
config->cluster_hb_timeout = t;
}
}
else
{
- LOG(0, 0, 0, 0, "Can't write to PID file %s: %s\n", config->pid_file, strerror(errno));
+ LOG(0, 0, 0, "Can't write to PID file %s: %s\n", config->pid_file, strerror(errno));
}
}
return;
}
- LOG(3, 0, 0, 0, "Reading config file %s\n", config->config_file);
+ LOG(3, 0, 0, "Reading config file %s\n", config->config_file);
cli_do_file(f);
- LOG(3, 0, 0, 0, "Done reading config file\n");
+ LOG(3, 0, 0, "Done reading config file\n");
fclose(f);
update_config();
}
CSTAT(call_sessionsetup);
- LOG(3, session[s].ip, s, t, "Doing session setup for session\n");
+ LOG(3, s, t, "Doing session setup for session\n");
if (!session[s].ip || session[s].ip == 0xFFFFFFFE)
{
assign_ip_address(s);
if (!session[s].ip)
{
- LOG(0, 0, s, t, " No IP allocated. The IP address pool is FULL!\n");
+ LOG(0, s, t, " No IP allocated. The IP address pool is FULL!\n");
sessionshutdown(s, "No IP addresses available");
return 0;
}
- LOG(3, 0, s, t, " No IP allocated. Assigned %s from pool\n",
- inet_toa(htonl(session[s].ip)));
+ LOG(3, s, t, " No IP allocated. Assigned %s from pool\n",
+ fmtaddr(htonl(session[s].ip), 0));
}
if (!session[s].unique_id)
{
// did this session just finish radius?
- LOG(3, session[s].ip, s, t, "Sending initial IPCP to client\n");
+ LOG(3, s, t, "Sending initial IPCP to client\n");
sendipcp(t, s);
session[s].unique_id = ++last_id;
}
session[s].last_packet = time_now;
- {
- char *sessionip, *tunnelip;
- sessionip = strdup(inet_toa(htonl(session[s].ip)));
- tunnelip = strdup(inet_toa(htonl(tunnel[t].ip)));
- LOG(2, session[s].ip, s, t, "Login by %s at %s from %s (%s)\n",
- session[s].user, sessionip, tunnelip, tunnel[t].hostname);
- if (sessionip) free(sessionip);
- if (tunnelip) free(tunnelip);
- }
+ LOG(2, s, t, "Login by %s at %s from %s (%s)\n", session[s].user,
+ fmtaddr(htonl(session[s].ip), 0),
+ fmtaddr(htonl(tunnel[t].ip), 1), tunnel[t].hostname);
cluster_send_session(s); // Mark it as dirty, and needing to the flooded to the cluster.
if (new->ip_pool_index >= MAXIPPOOL ||
new->tunnel >= MAXTUNNEL)
{
- LOG(0,0,s,0, "Strange session update received!\n");
+ LOG(0, s, 0, "Strange session update received!\n");
// FIXME! What to do here?
return 0;
}
// check filters
if (new->filter_in && (new->filter_in > MAXFILTER || !ip_filters[new->filter_in - 1].name[0]))
{
- LOG(2, session[s].ip, s, session[s].tunnel, "Dropping invalid input filter %d\n", (int) new->filter_in);
+ LOG(2, s, session[s].tunnel, "Dropping invalid input filter %d\n", (int) new->filter_in);
new->filter_in = 0;
}
if (new->filter_out && (new->filter_out > MAXFILTER || !ip_filters[new->filter_out - 1].name[0]))
{
- LOG(2, session[s].ip, s, session[s].tunnel, "Dropping invalid output filter %d\n", (int) new->filter_out);
+ LOG(2, s, session[s].tunnel, "Dropping invalid output filter %d\n", (int) new->filter_out);
new->filter_out = 0;
}
char path[256] = "";
snprintf(path, 256, PLUGINDIR "/%s.so", plugin_name);
- LOG(2, 0, 0, 0, "%soading plugin from %s\n", load ? "L" : "Un-l", path);
+ LOG(2, 0, 0, "%soading plugin from %s\n", load ? "L" : "Un-l", path);
return dlopen(path, RTLD_NOW);
}
if (config_values[i].type == type)
return ((void *) config) + config_values[i].offset;
- LOG(1, 0, 0, 0, "plugin requested config item \"%s\" expecting type %d, have type %d\n",
+ LOG(1, 0, 0, "plugin requested config item \"%s\" expecting type %d, have type %d\n",
key, type, config_values[i].type);
return 0;
}
}
- LOG(1, 0, 0, 0, "plugin requested unknown config item \"%s\"\n", key);
+ LOG(1, 0, 0, "plugin requested unknown config item \"%s\"\n", key);
return 0;
}
static struct pluginfuncs funcs = {
_log,
_log_hex,
- inet_toa,
+ fmtaddr,
sessionbyuser,
sessiontbysessionidt,
sessionidtbysessiont,
if (!p)
{
- LOG(1, 0, 0, 0, " Plugin load failed: %s\n", dlerror());
+ LOG(1, 0, 0, " Plugin load failed: %s\n", dlerror());
return -1;
}
int *v = dlsym(p, "plugin_api_version");
if (!v || *v != PLUGIN_API_VERSION)
{
- LOG(1, 0, 0, 0, " Plugin load failed: API version mismatch: %s\n", dlerror());
+ LOG(1, 0, 0, " Plugin load failed: API version mismatch: %s\n", dlerror());
dlclose(p);
return -1;
}
{
if (!initfunc(&funcs))
{
- LOG(1, 0, 0, 0, " Plugin load failed: plugin_init() returned FALSE: %s\n", dlerror());
+ LOG(1, 0, 0, " Plugin load failed: plugin_init() returned FALSE: %s\n", dlerror());
dlclose(p);
return -1;
}
void *x;
if (plugin_functions[i] && (x = dlsym(p, plugin_functions[i])))
{
- LOG(3, 0, 0, 0, " Supports function \"%s\"\n", plugin_functions[i]);
+ LOG(3, 0, 0, " Supports function \"%s\"\n", plugin_functions[i]);
ll_push(plugins[i], x);
}
}
- LOG(2, 0, 0, 0, " Loaded plugin %s\n", plugin_name);
+ LOG(2, 0, 0, " Loaded plugin %s\n", plugin_name);
return 1;
}
}
dlclose(p);
- LOG(2, 0, 0, 0, "Removed plugin %s\n", plugin_name);
+ LOG(2, 0, 0, "Removed plugin %s\n", plugin_name);
return loaded;
}
{
if (type < 0)
{
- LOG(4, ntohl(addr->sin_addr.s_addr), 0, 0, "Bogus control message (%d)\n", type);
+ LOG(4, 0, 0, "Bogus control message from %s (%d)\n",
+ fmtaddr(addr->sin_addr.s_addr, 0), type);
}
else
{
- LOG(4, ntohl(addr->sin_addr.s_addr), 0, 0, "Received ");
+ LOG(4, 0, 0, "Received [%s] ", fmtaddr(addr->sin_addr.s_addr, 0));
dump_control(&request, log_stream);
}
}
response.argc = 1;
if (config->cluster_master_address)
{
- strcpy(msg + 23, inet_toa(config->cluster_master_address));
+ strcpy(msg + 23, fmtaddr(config->cluster_master_address, 0));
response.argv[0] = msg;
}
else
buf = calloc(NSCTL_MAX_PKT_SZ, 1);
if (!buf)
{
- LOG(2, ntohl(addr->sin_addr.s_addr), 0, 0, "Failed to allocate nsctl response\n");
+ LOG(2, 0, 0, "Failed to allocate nsctl response\n");
return;
}
sendto(controlfd, buf, r, 0, (const struct sockaddr *) addr, alen);
if (log_stream && config->debug >= 4)
{
- LOG(4, ntohl(addr->sin_addr.s_addr), 0, 0, "Sent ");
+ LOG(4, 0, 0, "Sent [%s] ", fmtaddr(addr->sin_addr.s_addr, 0));
dump_control(&response, log_stream);
}
}
else
- LOG(2, ntohl(addr->sin_addr.s_addr), 0, 0, "Failed to pack nsctl response (%d)\n", r);
+ LOG(2, 0, 0, "Failed to pack nsctl response for %s (%d)\n",
+ fmtaddr(addr->sin_addr.s_addr, 0), r);
free(buf);
}
{
if (tunnel[i].state == TUNNELFREE)
{
- LOG(4, 0, 0, i, "Assigning tunnel ID %d\n", i);
+ LOG(4, 0, i, "Assigning tunnel ID %d\n", i);
if (i > config->cluster_highest_tunnelid)
config->cluster_highest_tunnelid = i;
return i;
}
}
- LOG(0, 0, 0, 0, "Can't find a free tunnel! There shouldn't be this many in use!\n");
+ LOG(0, 0, 0, "Can't find a free tunnel! There shouldn't be this many in use!\n");
return 0;
}
if (hidden_length > length - 8)
{
- LOG(1, 0, s, t, "Hidden length %d too long in AVP of length %d\n", (int) hidden_length, (int) length);
+ LOG(1, s, t, "Hidden length %d too long in AVP of length %d\n", (int) hidden_length, (int) length);
return 0;
}
{
switch (op)
{
- /*
- * NOTE: "match-any +A +B -C -D" is interpreted as "match if
- * either A or B is set *and* C or D is clear". While "or" is
- * possibly more correct, the way "established" is currently
- * implemented depends on this behaviour.
- */
case FILTER_FLAG_OP_ANY:
- return (flags & sflags) && !(flags & cflags);
+ return (flags & sflags) || (~flags & cflags);
case FILTER_FLAG_OP_ALL:
return (flags & sflags) == sflags && (~flags & cflags) == cflags;
+
+ case FILTER_FLAG_OP_EST:
+ return (flags & (TCP_FLAG_ACK|TCP_FLAG_RST)) && (~flags & TCP_FLAG_SYN);
}
return 0;
int ip_filter(u8 *buf, int len, u8 filter)
{
+ u16 frag_offset;
u8 proto;
ipt src_ip;
ipt dst_ip;
if (*buf >> 4) // IPv4
return 0;
+
+ frag_offset = ntohs(*(u16 *) (buf + 0)) & 0x1fff;
proto = buf[9];
src_ip = *(u32 *) (buf + 12);
dst_ip = *(u32 *) (buf + 16);
- if (proto == IPPROTO_TCP || proto == IPPROTO_UDP)
+ if (frag_offset == 0 && (proto == IPPROTO_TCP || proto == IPPROTO_UDP))
{
int l = buf[0] & 0xf;
if (len < l + 4) // ports
(dst_ip & ~rule->dst_wild) != (rule->dst_ip & ~rule->dst_wild))
continue;
- if (proto == IPPROTO_TCP || proto == IPPROTO_UDP)
+ if (frag_offset)
{
- if (rule->src_ports.op && !ip_filter_port(&rule->src_ports, src_port))
+ if (!rule->frag || rule->action == FILTER_ACTION_DENY)
continue;
-
- if (rule->dst_ports.op && !ip_filter_port(&rule->dst_ports, dst_port))
+ }
+ else
+ {
+ if (rule->frag)
continue;
- if (proto == IPPROTO_TCP && rule->tcp_flag_op &&
- !ip_filter_flag(rule->tcp_flag_op, rule->tcp_sflags, rule->tcp_cflags, flags))
- continue;
+ if (proto == IPPROTO_TCP || proto == IPPROTO_UDP)
+ {
+ if (rule->src_ports.op && !ip_filter_port(&rule->src_ports, src_port))
+ continue;
+
+ if (rule->dst_ports.op && !ip_filter_port(&rule->dst_ports, dst_port))
+ continue;
+
+ if (proto == IPPROTO_TCP && rule->tcp_flag_op &&
+ !ip_filter_flag(rule->tcp_flag_op, rule->tcp_sflags, rule->tcp_cflags, flags))
+ continue;
+ }
}
// matched
+ rule->counter++;
return rule->action == FILTER_ACTION_PERMIT;
}
// L2TPNS Global Stuff
-// $Id: l2tpns.h,v 1.40 2004-11-28 20:10:04 bodea Exp $
+// $Id: l2tpns.h,v 1.41 2004-11-29 02:17:17 bodea Exp $
#ifndef __L2TPNS_H__
#define __L2TPNS_H__
char level;
sessionidt session;
tunnelidt tunnel;
- ipt address;
char message[MAX_LOG_LENGTH];
} buffer[RINGBUFFER_SIZE];
int head;
ipt dst_ip; // dest ip
ipt dst_wild;
ip_filter_portt dst_ports;
- u8 tcp_flag_op; // match type: any, all
+ u8 frag; // apply to non-initial fragments
+ u8 tcp_flag_op; // match type: any, all, established
#define FILTER_FLAG_OP_ANY 1
#define FILTER_FLAG_OP_ALL 2
+#define FILTER_FLAG_OP_EST 3
u8 tcp_sflags; // flags set
u8 tcp_cflags; // flags clear
+ u32 counter; // match count
} ip_filter_rulet;
#define TCP_FLAG_FIN 0x01
#undef LOG
#undef LOG_HEX
-#define LOG(D, a, s, t, f, ...) ({ if (D <= config->debug) _log(D, a, s, t, f, ## __VA_ARGS__); })
+#define LOG(D, s, t, f, ...) ({ if (D <= config->debug) _log(D, s, t, f, ## __VA_ARGS__); })
#define LOG_HEX(D, t, d, s) ({ if (D <= config->debug) _log_hex(D, t, d, s); })
-void _log(int level, ipt address, sessionidt s, tunnelidt t, const char *format, ...) __attribute__((format (printf, 5, 6)));
+void _log(int level, sessionidt s, tunnelidt t, const char *format, ...) __attribute__((format (printf, 4, 5)));
void _log_hex(int level, const char *title, const char *data, int maxsize);
int sessionsetup(tunnelidt t, sessionidt s);
void *array[20]; \
char **strings; \
int size, i; \
- LOG(0, 0, 0, t, "Backtrace follows"); \
+ LOG(0, 0, t, "Backtrace follows"); \
size = backtrace(array, 10); \
strings = backtrace_symbols(array, size); \
if (strings) for (i = 0; i < size; i++) \
{ \
- LOG(0, 0, 0, t, "%s\n", strings[i]); \
+ LOG(0, 0, t, "%s\n", strings[i]); \
} \
free(strings); \
}
#ifndef __PLUGIN_H__
#define __PLUGIN_H__
-#define PLUGIN_API_VERSION 3
+#define PLUGIN_API_VERSION 4
#define MAX_PLUGIN_TYPES 30
enum
struct pluginfuncs
{
- void (*log)(int level, ipt address, sessionidt s, tunnelidt t, const char *format, ...);
+ void (*log)(int level, sessionidt s, tunnelidt t, const char *format, ...);
void (*log_hex)(int level, const char *title, const char *data, int maxsize);
- char *(*inet_toa)(unsigned long addr);
+ char *(*fmtaddr)(ipt addr, int n);
sessionidt (*get_session_by_username)(char *username);
sessiont *(*get_session_by_id)(sessionidt s);
sessionidt (*get_id_by_session)(sessiont *s);
// L2TPNS PPP Stuff
-char const *cvs_id_ppp = "$Id: ppp.c,v 1.32 2004-11-28 20:10:04 bodea Exp $";
+char const *cvs_id_ppp = "$Id: ppp.c,v 1.33 2004-11-29 02:17:18 bodea Exp $";
#include <stdio.h>
#include <string.h>
LOG_HEX(5, "PAP", p, l);
if (l < 4)
{
- LOG(1, 0, s, t, "Short PAP %u bytes\n", l);
+ LOG(1, s, t, "Short PAP %u bytes\n", l);
STAT(tunnel_rx_errors);
return ;
}
if ((hl = ntohs(*(u16 *) (p + 2))) > l)
{
- LOG(1, 0, s, t, "Length mismatch PAP %u/%u\n", hl, l);
+ LOG(1, s, t, "Length mismatch PAP %u/%u\n", hl, l);
STAT(tunnel_rx_errors);
return ;
}
if (*p != 1)
{
- LOG(1, 0, s, t, "Unexpected PAP code %d\n", *p);
+ LOG(1, s, t, "Unexpected PAP code %d\n", *p);
STAT(tunnel_rx_errors);
return ;
}
if (*b && *b < sizeof(pass))
memcpy(pass, b + 1, *b);
pass[*b] = 0;
- LOG(3, 0, s, t, "PAP login %s/%s\n", user, pass);
+ LOG(3, s, t, "PAP login %s/%s\n", user, pass);
}
if (session[s].ip || !session[s].radius)
{
p[4] = 0; // no message
if (session[s].ip)
{
- LOG(3, session[s].ip, s, t, "Already an IP allocated: %s (%d)\n", inet_toa(htonl(session[s].ip)), session[s].ip_pool_index);
+ LOG(3, s, t, "Already an IP allocated: %s (%d)\n",
+ fmtaddr(htonl(session[s].ip), 0), session[s].ip_pool_index);
+
session[s].flags &= ~SF_IPCP_ACKED;
}
else
{
- LOG(1, 0, s, t, "No radius session available to authenticate session...\n");
+ LOG(1, s, t, "No radius session available to authenticate session...\n");
}
- LOG(3, 0, s, t, "Fallback response to PAP (%s)\n", (session[s].ip) ? "ACK" : "NAK");
+ LOG(3, s, t, "Fallback response to PAP (%s)\n", (session[s].ip) ? "ACK" : "NAK");
tunnelsend(b, 5 + (p - b), t); // send it
}
else
run_plugins(PLUGIN_PRE_AUTH, &packet);
if (!packet.continue_auth)
{
- LOG(3, 0, s, t, "A plugin rejected PRE_AUTH\n");
+ LOG(3, s, t, "A plugin rejected PRE_AUTH\n");
if (packet.username) free(packet.username);
if (packet.password) free(packet.password);
return;
free(packet.password);
radius[r].id = p[1];
- LOG(3, 0, s, t, "Sending login for %s/%s to radius\n", user, pass);
+ LOG(3, s, t, "Sending login for %s/%s to radius\n", user, pass);
radiussend(r, RADIUSAUTH);
}
}
r = session[s].radius;
if (!r)
{
- LOG(1, 0, s, t, "Unexpected CHAP message\n");
+ LOG(1, s, t, "Unexpected CHAP message\n");
// FIXME: Need to drop the session here.
if (l < 4)
{
- LOG(1, 0, s, t, "Short CHAP %u bytes\n", l);
+ LOG(1, s, t, "Short CHAP %u bytes\n", l);
STAT(tunnel_rx_errors);
return ;
}
if ((hl = ntohs(*(u16 *) (p + 2))) > l)
{
- LOG(1, 0, s, t, "Length mismatch CHAP %u/%u\n", hl, l);
+ LOG(1, s, t, "Length mismatch CHAP %u/%u\n", hl, l);
STAT(tunnel_rx_errors);
return ;
}
if (*p != 2)
{
- LOG(1, 0, s, t, "Unexpected CHAP response code %d\n", *p);
+ LOG(1, s, t, "Unexpected CHAP response code %d\n", *p);
STAT(tunnel_rx_errors);
return;
}
if (p[1] != radius[r].id)
{
- LOG(1, 0, s, t, "Wrong CHAP response ID %d (should be %d) (%d)\n", p[1], radius[r].id, r);
+ LOG(1, s, t, "Wrong CHAP response ID %d (should be %d) (%d)\n", p[1], radius[r].id, r);
STAT(tunnel_rx_errors);
return ;
}
if (l < 5 || p[4] != 16)
{
- LOG(1, 0, s, t, "Bad CHAP response length %d\n", l < 5 ? -1 : p[4]);
+ LOG(1, s, t, "Bad CHAP response length %d\n", l < 5 ? -1 : p[4]);
STAT(tunnel_rx_errors);
return ;
}
p += 5;
if (l < 16 || l - 16 >= sizeof(session[s].user))
{
- LOG(1, 0, s, t, "CHAP user too long %d\n", l - 16);
+ LOG(1, s, t, "CHAP user too long %d\n", l - 16);
STAT(tunnel_rx_errors);
return ;
}
run_plugins(PLUGIN_PRE_AUTH, &packet);
if (!packet.continue_auth)
{
- LOG(3, 0, s, t, "A plugin rejected PRE_AUTH\n");
+ LOG(3, s, t, "A plugin rejected PRE_AUTH\n");
if (packet.username) free(packet.username);
if (packet.password) free(packet.password);
return;
}
radius[r].chap = 1;
- LOG(3, 0, s, t, "CHAP login %s\n", session[s].user);
+ LOG(3, s, t, "CHAP login %s\n", session[s].user);
radiussend(r, RADIUSAUTH);
}
u8 *o = (p + 4);
LOG_HEX(5, "PPP LCP Packet", p, l);
- LOG(4, 0, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p, ppp_lcp_types[(int)*p], ntohs( ((u16 *) p)[1]) );
- LOG(4, 0, 0, 0, "Length: %d\n", l);
+ LOG(4, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p, ppp_lcp_types[(int)*p], ntohs( ((u16 *) p)[1]) );
+ LOG(4, 0, 0, "Length: %d\n", l);
if (*p != ConfigReq && *p != ConfigRej && *p != ConfigAck)
return;
int length = o[1];
if (length < 2)
{
- LOG(4, 0, 0, 0, " Option length is %d...\n", length);
+ LOG(4, 0, 0, " Option length is %d...\n", length);
break;
}
if (type == 0)
{
- LOG(4, 0, 0, 0, " Option type is 0...\n");
+ LOG(4, 0, 0, " Option type is 0...\n");
x -= length;
o += length;
continue;
{
case 1: // Maximum-Receive-Unit
if (length == 4)
- LOG(4, 0, 0, 0, " %s %d\n", lcp_types[type], ntohs(*(u16 *)(o + 2)));
+ LOG(4, 0, 0, " %s %d\n", lcp_types[type], ntohs(*(u16 *)(o + 2)));
else
- LOG(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length);
+ LOG(4, 0, 0, " %s odd length %d\n", lcp_types[type], length);
break;
case 2: // Async-Control-Character-Map
if (length == 6)
{
u32 asyncmap = ntohl(*(u32 *)(o + 2));
- LOG(4, 0, 0, 0, " %s %x\n", lcp_types[type], asyncmap);
+ LOG(4, 0, 0, " %s %x\n", lcp_types[type], asyncmap);
}
else
- LOG(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length);
+ LOG(4, 0, 0, " %s odd length %d\n", lcp_types[type], length);
break;
case 3: // Authentication-Protocol
if (length == 4)
{
int proto = ntohs(*(u16 *)(o + 2));
- LOG(4, 0, 0, 0, " %s 0x%x (%s)\n", lcp_types[type], proto,
+ LOG(4, 0, 0, " %s 0x%x (%s)\n", lcp_types[type], proto,
proto == PPPCHAP ? "CHAP" :
proto == PPPPAP ? "PAP" : "UNKNOWN");
}
else
- LOG(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length);
+ LOG(4, 0, 0, " %s odd length %d\n", lcp_types[type], length);
break;
case 4: // Quality-Protocol
{
u32 qp = ntohl(*(u32 *)(o + 2));
- LOG(4, 0, 0, 0, " %s %x\n", lcp_types[type], qp);
+ LOG(4, 0, 0, " %s %x\n", lcp_types[type], qp);
}
break;
case 5: // Magic-Number
if (length == 6)
{
u32 magicno = ntohl(*(u32 *)(o + 2));
- LOG(4, 0, 0, 0, " %s %x\n", lcp_types[type], magicno);
+ LOG(4, 0, 0, " %s %x\n", lcp_types[type], magicno);
}
else
- LOG(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length);
+ LOG(4, 0, 0, " %s odd length %d\n", lcp_types[type], length);
break;
case 7: // Protocol-Field-Compression
case 8: // Address-And-Control-Field-Compression
- LOG(4, 0, 0, 0, " %s\n", lcp_types[type]);
+ LOG(4, 0, 0, " %s\n", lcp_types[type]);
break;
default:
- LOG(2, 0, 0, 0, " Unknown PPP LCP Option type %d\n", type);
+ LOG(2, 0, 0, " Unknown PPP LCP Option type %d\n", type);
break;
}
x -= length;
LOG_HEX(5, "LCP", p, l);
if (l < 4)
{
- LOG(1, session[s].ip, s, t, "Short LCP %d bytes\n", l);
+ LOG(1, s, t, "Short LCP %d bytes\n", l);
STAT(tunnel_rx_errors);
return ;
}
if ((hl = ntohs(*(u16 *) (p + 2))) > l)
{
- LOG(1, 0, s, t, "Length mismatch LCP %u/%u\n", hl, l);
+ LOG(1, s, t, "Length mismatch LCP %u/%u\n", hl, l);
STAT(tunnel_rx_errors);
return ;
}
if (*p == ConfigAck)
{
- LOG(3, session[s].ip, s, t, "LCP: Discarding ConfigAck\n");
+ LOG(3, s, t, "LCP: Discarding ConfigAck\n");
session[s].flags |= SF_LCP_ACKED;
}
else if (*p == ConfigReq)
u8 *o = (p + 4);
u8 response = 0;
- LOG(3, session[s].ip, s, t, "LCP: ConfigReq (%d bytes)...\n", l);
+ LOG(3, s, t, "LCP: ConfigReq (%d bytes)...\n", l);
if (config->debug > 3) dumplcp(p, l);
while (x > 2)
if (response && response != ConfigNak) // rej already queued
break;
- LOG(2, session[s].ip, s, t, " Remote requesting asyncmap. Rejecting.\n");
+ LOG(2, s, t, " Remote requesting asyncmap. Rejecting.\n");
if (!response)
{
q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP);
if ((q - b + 11) > sizeof(b))
{
- LOG(2, session[s].ip, s, t, "LCP overflow for asyncmap ConfigNak.\n");
+ LOG(2, s, t, "LCP overflow for asyncmap ConfigNak.\n");
break;
}
else
sprintf(proto_name, "%#4.4x", proto);
- LOG(2, session[s].ip, s, t, " Remote requesting %s authentication. Rejecting.\n", proto_name);
+ LOG(2, s, t, " Remote requesting %s authentication. Rejecting.\n", proto_name);
if (!response)
{
if ((q - b + length) > sizeof(b))
{
- LOG(2, session[s].ip, s, t, "LCP overflow for %s ConfigNak.\n", proto_name);
+ LOG(2, s, t, "LCP overflow for %s ConfigNak.\n", proto_name);
break;
}
break;
default: // Reject any unknown options
- LOG(2, session[s].ip, s, t, " Rejecting PPP LCP Option type %d\n", type);
+ LOG(2, s, t, " Rejecting PPP LCP Option type %d\n", type);
if (!response || response != ConfigRej) // drop nak in favour of rej
{
q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP);
if ((q - b + length) > sizeof(b))
{
- LOG(2, session[s].ip, s, t, "LCP overflow for ConfigRej (type=%d).\n", type);
+ LOG(2, s, t, "LCP overflow for ConfigRej (type=%d).\n", type);
break;
}
response = *q = ConfigAck;
}
- LOG(3, session[s].ip, s, t, "Sending %s\n", ppp_lcp_types[response]);
+ LOG(3, s, t, "Sending %s\n", ppp_lcp_types[response]);
tunnelsend(b, l + (q - b), t);
if (!(session[s].flags & SF_LCP_ACKED))
}
else if (*p == ConfigNak)
{
- LOG(1, session[s].ip, s, t, "Remote end sent a ConfigNak. Ignoring\n");
+ LOG(1, s, t, "Remote end sent a ConfigNak. Ignoring\n");
if (config->debug > 3) dumplcp(p, l);
return ;
}
else if (*p == TerminateReq)
{
- LOG(3, session[s].ip, s, t, "LCP: Received TerminateReq. Sending TerminateAck\n");
+ LOG(3, s, t, "LCP: Received TerminateReq. Sending TerminateAck\n");
*p = TerminateAck; // close
q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
if (!q) return;
}
else if (*p == EchoReq)
{
- LOG(5, session[s].ip, s, t, "LCP: Received EchoReq. Sending EchoReply\n");
+ LOG(5, s, t, "LCP: Received EchoReq. Sending EchoReply\n");
*p = EchoReply; // reply
*(u32 *) (p + 4) = htonl(session[s].magic); // our magic number
q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
*p = CodeRej;
if (l > MAXCONTROL)
{
- LOG(1, 0, s, t, "Truncated Ident Packet (length=%d) to 1400 bytes\n", l);
+ LOG(1, s, t, "Truncated Ident Packet (length=%d) to 1400 bytes\n", l);
l = 1400;
}
q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
}
else
{
- LOG(1, session[s].ip, s, t, "Unexpected LCP code %d\n", *p);
+ LOG(1, s, t, "Unexpected LCP code %d\n", *p);
STAT(tunnel_rx_errors);
return ;
}
LOG_HEX(5, "IPCP", p, l);
if (l < 5)
{
- LOG(1, 0, s, t, "Short IPCP %d bytes\n", l);
+ LOG(1, s, t, "Short IPCP %d bytes\n", l);
STAT(tunnel_rx_errors);
return ;
}
if ((hl = ntohs(*(u16 *) (p + 2))) > l)
{
- LOG(1, 0, s, t, "Length mismatch IPCP %u/%u\n", hl, l);
+ LOG(1, s, t, "Length mismatch IPCP %u/%u\n", hl, l);
STAT(tunnel_rx_errors);
return ;
}
}
session[s].flags |= SF_IPCP_ACKED;
- LOG(3, session[s].ip, s, t, "IPCP Acked, session is now active\n");
+ LOG(3, s, t, "IPCP Acked, session is now active\n");
// clear LCP_ACKED/CCP_ACKED flag for possible fast renegotiaion for routers
session[s].flags &= ~(SF_LCP_ACKED|SF_CCP_ACKED);
}
if (*p != ConfigReq)
{
- LOG(1, 0, s, t, "Unexpected IPCP code %d\n", *p);
+ LOG(1, s, t, "Unexpected IPCP code %d\n", *p);
STAT(tunnel_rx_errors);
return ;
}
- LOG(4, session[s].ip, s, t, "IPCP ConfigReq received\n");
+ LOG(4, s, t, "IPCP ConfigReq received\n");
if (!session[s].ip)
{
- LOG(3, 0, s, t, "Waiting on radius reply\n");
+ LOG(3, s, t, "Waiting on radius reply\n");
return; // have to wait on RADIUS reply
}
// form a config reply quoting the IP in the session
{
if (*p != 0x81 && *p != 0x83 && *p != 3)
{
- LOG(2, 0, s, t, "IPCP reject %d\n", *p);
+ LOG(2, s, t, "IPCP reject %d\n", *p);
memcpy(q + n, p, p[1]);
n += p[1];
}
p += p[1];
}
*(u16 *) (q + 2) = htons(n);
- LOG(4, session[s].ip, s, t, "Sending ConfigRej\n");
+ LOG(4, s, t, "Sending ConfigRej\n");
tunnelsend(b, n + (q - b), t); // send it
}
else
{
- LOG(4, session[s].ip, s, t, "Sending ConfigAck\n");
+ LOG(4, s, t, "Sending ConfigAck\n");
*p = ConfigAck;
if ((i = findppp(p, 0x81))) // Primary DNS address
{
{
*(u32 *) (i + 2) = htonl(session[s].dns1);
*p = ConfigNak;
- LOG(5, session[s].ip, s, t, " DNS1 = %s\n", inet_toa(session[s].dns1));
+ LOG(5, s, t, " DNS1 = %s\n", fmtaddr(session[s].dns1, 0));
}
}
if ((i = findppp(p, 0x83))) // Secondary DNS address (TBA, is it)
{
*(u32 *) (i + 2) = htonl(session[s].dns2);
*p = ConfigNak;
- LOG(5, session[s].ip, s, t, " DNS2 = %s\n", inet_toa(session[s].dns2));
+ LOG(5, s, t, " DNS2 = %s\n", fmtaddr(session[s].dns2, 0));
}
}
i = findppp(p, 3); // IP address
if (!i || i[1] != 6)
{
- LOG(1, 0, s, t, "No IP in IPCP request\n");
+ LOG(1, s, t, "No IP in IPCP request\n");
STAT(tunnel_rx_errors);
return ;
}
{
*(u32 *) (i + 2) = htonl(session[s].ip);
*p = ConfigNak;
- LOG(4, session[s].ip, s, t, " No, a ConfigNak, client is requesting IP - sending %s\n",
- inet_toa(htonl(session[s].ip)));
+ LOG(4, s, t, " No, a ConfigNak, client is requesting IP - sending %s\n",
+ fmtaddr(htonl(session[s].ip), 0));
}
if (!(q = makeppp(b, sizeof(b), p, l, t, s, PPPIPCP)))
return;
if (l > MAXETHER)
{
- LOG(1, ip, s, t, "IP packet too long %d\n", l);
+ LOG(1, s, t, "IP packet too long %d\n", l);
STAT(tunnel_rx_errors);
return ;
}
// no spoof (do sessionbyip to handled statically routed subnets)
if (ip != session[s].ip && sessionbyip(htonl(ip)) != s)
{
- LOG(5, ip, s, t, "Dropping packet with spoofed IP %s\n", inet_toa(htonl(ip)));
+ LOG(5, s, t, "Dropping packet with spoofed IP %s\n", fmtaddr(htonl(ip), 0));
return;
}
if (tun_write(p, l) < 0)
{
STAT(tun_tx_errors);
- LOG(0, 0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
+ LOG(0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
l, strerror(errno), tunfd, p);
return;
if (write(tunfd, buf, len) < 0)
{
STAT(tun_tx_errors);
- LOG(0, 0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
+ LOG(0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
len, strerror(errno), tunfd, buf);
return;
default:
if (l > 1)
- LOG(1, 0, s, t, "Unexpected CCP request code %d\n", *p);
+ LOG(1, s, t, "Unexpected CCP request code %d\n", *p);
else
- LOG(1, 0, s, t, "Short CCP packet\n");
+ LOG(1, s, t, "Short CCP packet\n");
STAT(tunnel_rx_errors);
return;
if (!r)
{
- LOG(1, 0, s, t, "No RADIUS to send challenge\n");
+ LOG(1, s, t, "No RADIUS to send challenge\n");
STAT(tunnel_tx_errors);
return ;
}
- LOG(1, 0, s, t, "Send CHAP challenge\n");
+ LOG(1, s, t, "Send CHAP challenge\n");
{
// new challenge
int n;
if (size < 12) // Need more space than this!!
{
static int backtrace_count = 0;
- LOG(0, session[s].ip, s, t, "makeppp buffer too small for L2TP header (size=%d)\n", size);
+ LOG(0, s, t, "makeppp buffer too small for L2TP header (size=%d)\n", size);
log_backtrace(backtrace_count, 5)
return NULL;
}
if (l + 12 > size)
{
static int backtrace_count = 0;
- LOG(2, session[s].ip, s, t, "makeppp would overflow buffer (size=%d, header+payload=%d)\n", size, l + 12);
+ LOG(2, s, t, "makeppp would overflow buffer (size=%d, header+payload=%d)\n", size, l + 12);
log_backtrace(backtrace_count, 5)
return NULL;
}
if (!(q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP)))
return;
- LOG(4, 0, s, t, "Sending LCP ConfigReq for PAP\n");
+ LOG(4, s, t, "Sending LCP ConfigReq for PAP\n");
*q = ConfigReq;
*(u8 *)(q + 1) = (time_now % 255) + 1; // ID
*(u16 *)(q + 2) = htons(14); // Length
if (!(q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPCCP)))
return;
- LOG(4, 0, s, t, "Sending CCP ConfigReq for no compression\n");
+ LOG(4, s, t, "Sending CCP ConfigReq for no compression\n");
*q = ConfigReq;
*(u8 *)(q + 1) = (time_now % 255) + 1; // ID
*(u16 *)(q + 2) = htons(4); // Length
// L2TPNS Radius Stuff
-char const *cvs_id_radius = "$Id: radius.c,v 1.17 2004-11-28 02:53:11 bodea Exp $";
+char const *cvs_id_radius = "$Id: radius.c,v 1.18 2004-11-29 02:17:18 bodea Exp $";
#include <time.h>
#include <stdio.h>
void initrad(void)
{
int i;
- LOG(3, 0, 0, 0, "Creating %d sockets for RADIUS queries\n", config->num_radfds);
+ LOG(3, 0, 0, "Creating %d sockets for RADIUS queries\n", config->num_radfds);
radfds = calloc(sizeof(int), config->num_radfds);
for (i = 0; i < config->num_radfds; i++)
{
}
}
- LOG(0, 0, 0, 0, "Can't find a free radius session! This is very bad!\n");
+ LOG(0, 0, 0, "Can't find a free radius session! This is very bad!\n");
return 0;
}
/* re-use */
if (r)
{
- LOG(3, 0, s, session[s].tunnel, "Re-used radius %d\n", r);
+ LOG(3, s, session[s].tunnel, "Re-used radius %d\n", r);
return r;
}
if (!(r = get_free_radius()))
{
- LOG(1, 0, s, session[s].tunnel, "No free RADIUS sessions\n");
+ LOG(1, s, session[s].tunnel, "No free RADIUS sessions\n");
STAT(radius_overflow);
return 0;
};
radius[r].state = RADIUSWAIT;
radius[r].retry = TIME + 1200; // Wait at least 120 seconds to re-claim this.
- LOG(3,0,s, session[s].tunnel, "Allocated radius %d\n", r);
+ LOG(3, s, session[s].tunnel, "Allocated radius %d\n", r);
return r;
}
s = radius[r].session;
if (!config->numradiusservers)
{
- LOG(0, 0, s, session[s].tunnel, "No RADIUS servers\n");
+ LOG(0, s, session[s].tunnel, "No RADIUS servers\n");
return;
}
if (!*config->radiussecret)
{
- LOG(0, 0, s, session[s].tunnel, "No RADIUS secret\n");
+ LOG(0, s, session[s].tunnel, "No RADIUS secret\n");
return;
}
radius[r].try = 0;
radius[r].state = state;
radius[r].retry = backoff(radius[r].try++);
- LOG(4, 0, s, session[s].tunnel, "Send RADIUS id %d sock %d state %s try %d\n",
- r >> RADIUS_SHIFT, r & RADIUS_MASK,
- radius_state(radius[r].state), radius[r].try);
+ LOG(4, s, session[s].tunnel, "Send RADIUS id %d sock %d state %s try %d\n",
+ r >> RADIUS_SHIFT, r & RADIUS_MASK,
+ radius_state(radius[r].state), radius[r].try);
+
if (radius[r].try > config->numradiusservers * 2)
{
if (s)
sessionshutdown(s, "RADIUS timeout");
else
{
- LOG(1, 0, s, session[s].tunnel, "RADIUS timeout, but in state %s so don't timeout session\n",
+ LOG(1, s, session[s].tunnel, "RADIUS timeout, but in state %s so don't timeout session\n",
radius_states[state]);
radiusclear(r, s);
}
b[0] = 4; // accounting request
break;
default:
- LOG(0, 0, 0, 0, "Unknown radius state %d\n", state);
+ LOG(0, 0, 0, "Unknown radius state %d\n", state);
}
b[1] = r >> RADIUS_SHIFT; // identifier
memcpy(b + 4, radius[r].auth, 16);
LOG_HEX(5, "RADIUS Response", buf, len);
if (len < 20 || len < ntohs(*(u16 *) (buf + 2)))
{
- LOG(1, 0, 0, 0, "Duff RADIUS response length %d\n", len);
+ LOG(1, 0, 0, "Duff RADIUS response length %d\n", len);
return ;
}
len = ntohs(*(u16 *) (buf + 2));
r = socket_index | (r_id << RADIUS_SHIFT);
s = radius[r].session;
- LOG(3, 0, s, session[s].tunnel, "Received %s, radius %d response for session %u (code %d, id %d)\n",
+ LOG(3, s, session[s].tunnel, "Received %s, radius %d response for session %u (code %d, id %d)\n",
radius_states[radius[r].state], r, s, r_code, r_id);
if (!s && radius[r].state != RADIUSSTOP)
{
- LOG(1, 0, s, session[s].tunnel, " Unexpected RADIUS response\n");
+ LOG(1, s, session[s].tunnel, " Unexpected RADIUS response\n");
return;
}
if (radius[r].state != RADIUSAUTH && radius[r].state != RADIUSSTART && radius[r].state != RADIUSSTOP)
{
- LOG(1, 0, s, session[s].tunnel, " Unexpected RADIUS response\n");
+ LOG(1, s, session[s].tunnel, " Unexpected RADIUS response\n");
return;
}
t = session[s].tunnel;
do {
if (memcmp(hash, buf + 4, 16))
{
- LOG(0, 0, s, session[s].tunnel, " Incorrect auth on RADIUS response!! (wrong secret in radius config?)\n");
+ LOG(0, s, session[s].tunnel, " Incorrect auth on RADIUS response!! (wrong secret in radius config?)\n");
return; // Do nothing. On timeout, it will try the next radius server.
}
if ((radius[r].state == RADIUSAUTH && *buf != 2 && *buf != 3) ||
((radius[r].state == RADIUSSTART || radius[r].state == RADIUSSTOP) && *buf != 5))
{
- LOG(1, 0, s, session[s].tunnel, " Unexpected RADIUS response %d\n", *buf);
+ LOG(1, s, session[s].tunnel, " Unexpected RADIUS response %d\n", *buf);
return; // We got something we didn't expect. Let the timeouts take
// care off finishing the radius session if that's really correct.
}
if (radius[r].state == RADIUSAUTH)
{
- LOG(4, 0, s, session[s].tunnel, " Original response is \"%s\"\n", (*buf == 2) ? "accept" : "reject");
+ LOG(4, s, session[s].tunnel, " Original response is \"%s\"\n", (*buf == 2) ? "accept" : "reject");
// process auth response
if (radius[r].chap)
{
*buf = packet.auth_allowed ? 2 : 3;
}
- LOG(3, 0, s, session[s].tunnel, " CHAP User %s authentication %s.\n", session[s].user,
+ LOG(3, s, session[s].tunnel, " CHAP User %s authentication %s.\n", session[s].user,
(*buf == 2) ? "allowed" : "denied");
*p = (*buf == 2) ? 3 : 4; // ack/nak
p[1] = radius[r].id;
*buf = packet.auth_allowed ? 2 : 3;
}
- LOG(3, 0, s, session[s].tunnel, " PAP User %s authentication %s.\n", session[s].user,
+ LOG(3, s, session[s].tunnel, " PAP User %s authentication %s.\n", session[s].user,
(*buf == 2) ? "allowed" : "denied");
// ack/nak
*p = *buf;
if (*p == 8)
{
// Framed-IP-Address
- LOG(3, 0, s, session[s].tunnel, " Radius reply contains IP address %s\n", inet_toa(*(u32 *) (p + 2)));
session[s].ip = ntohl(*(u32 *) (p + 2));
session[s].ip_pool_index = -1;
+ LOG(3, s, session[s].tunnel, " Radius reply contains IP address %s\n",
+ fmtaddr(htonl(session[s].ip), 0));
}
else if (*p == 135)
{
// DNS address
- LOG(3, 0, s, session[s].tunnel, " Radius reply contains primary DNS address %s\n", inet_toa(*(u32 *) (p + 2)));
session[s].dns1 = ntohl(*(u32 *) (p + 2));
+ LOG(3, s, session[s].tunnel, " Radius reply contains primary DNS address %s\n",
+ fmtaddr(htonl(session[s].dns1), 0));
}
else if (*p == 136)
{
// DNS address
- LOG(3, 0, s, session[s].tunnel, " Radius reply contains secondary DNS address %s\n", inet_toa(*(u32 *) (p + 2)));
session[s].dns2 = ntohl(*(u32 *) (p + 2));
+ LOG(3, s, session[s].tunnel, " Radius reply contains secondary DNS address %s\n",
+ fmtaddr(htonl(session[s].dns2), 0));
}
else if (*p == 22)
{
mask = 0xFFFF0000;
else
mask = 0xFFFFFF00;
+
if (routes == MAXROUTE)
{
- LOG(1, 0, s, session[s].tunnel, " Too many routes\n");
+ LOG(1, s, session[s].tunnel, " Too many routes\n");
}
else if (ip)
{
- char *ips, *masks;
- ips = strdup(inet_toa(htonl(ip)));
- masks = strdup(inet_toa(htonl(mask)));
- LOG(3, 0, s, session[s].tunnel, " Radius reply contains route for %s/%s\n", ips, masks);
- free(ips);
- free(masks);
+ LOG(3, s, session[s].tunnel, " Radius reply contains route for %s/%s\n",
+ fmtaddr(htonl(ip), 0), fmtaddr(htonl(mask), 1));
+
session[s].route[routes].ip = ip;
session[s].route[routes].mask = mask;
routes++;
u8 *f = 0;
int i;
- LOG(3, 0, s, session[s].tunnel, " Radius reply contains Filter-Id \"%.*s\"\n", l, filter);
+ LOG(3, s, session[s].tunnel, " Radius reply contains Filter-Id \"%.*s\"\n", l, filter);
if ((suffix = memchr(filter, '.', l)))
{
int b = suffix - filter;
if (!f)
{
- LOG(3, 0, s, session[s].tunnel, " Invalid filter\n");
+ LOG(3, s, session[s].tunnel, " Invalid filter\n");
continue;
}
if (*f)
ip_filters[*f - 1].used++;
else
- LOG(3, 0, s, session[s].tunnel, " Unknown filter\n");
+ LOG(3, s, session[s].tunnel, " Unknown filter\n");
}
else if (*p == 26)
int vendor = ntohl(*(int *)(p + 2));
char attrib = *(p + 6);
char attrib_length = *(p + 7) - 2;
- LOG(3, 0, s, session[s].tunnel, " Radius reply contains Vendor-Specific. Vendor=%d Attrib=%d Length=%d\n", vendor, attrib, attrib_length);
+ LOG(3, s, session[s].tunnel, " Radius reply contains Vendor-Specific. Vendor=%d Attrib=%d Length=%d\n", vendor, attrib, attrib_length);
if (attrib_length == 0) continue;
if (attrib != 1)
- LOG(3, 0, s, session[s].tunnel, " Unknown vendor-specific\n");
+ LOG(3, s, session[s].tunnel, " Unknown vendor-specific\n");
else
{
char *avpair, *value, *key, *newp;
avpair = key = calloc(attrib_length + 1, 1);
memcpy(avpair, p + 8, attrib_length);
- LOG(3, 0, s, session[s].tunnel, " Cisco-Avpair value: %s\n", avpair);
+ LOG(3, s, session[s].tunnel, " Cisco-Avpair value: %s\n", avpair);
do {
value = strchr(key, '=');
if (!value) break;
}
else if (*buf == 3)
{
- LOG(2, 0, s, session[s].tunnel, " Authentication denied for %s\n", session[s].user);
+ LOG(2, s, session[s].tunnel, " Authentication denied for %s\n", session[s].user);
//FIXME: We should tear down the session here!
break;
}
if (!session[s].dns1 && config->default_dns1)
{
session[s].dns1 = htonl(config->default_dns1);
- LOG(3, 0, s, t, " Sending dns1 = %s\n", inet_toa(config->default_dns1));
+ LOG(3, s, t, " Sending dns1 = %s\n", fmtaddr(config->default_dns1, 0));
}
if (!session[s].dns2 && config->default_dns2)
{
session[s].dns2 = htonl(config->default_dns2);
- LOG(3, 0, s, t, " Sending dns2 = %s\n", inet_toa(config->default_dns2));
+ LOG(3, s, t, " Sending dns2 = %s\n", fmtaddr(config->default_dns2, 0));
}
// Valid Session, set it up
else
{
// An ack for a stop or start record.
- LOG(3, 0, s, t, " RADIUS accounting ack recv in state %s\n", radius_states[radius[r].state]);
+ LOG(3, s, t, " RADIUS accounting ack recv in state %s\n", radius_states[radius[r].state]);
break;
}
} while (0);
case RADIUSWAIT: // waiting timeout before available, in case delayed reply from RADIUS server
// free up RADIUS task
radiusclear(r, s);
- LOG(3, 0, s, session[s].tunnel, "Freeing up radius session %d\n", r);
+ LOG(3, s, session[s].tunnel, "Freeing up radius session %d\n", r);
break;
}
}
/* strip domain part of username before sending RADIUS requests */
-char const *cvs_id = "$Id: stripdomain.c,v 1.6 2004-11-17 08:23:35 bodea Exp $";
+char const *cvs_id = "$Id: stripdomain.c,v 1.7 2004-11-29 02:17:18 bodea Exp $";
int plugin_api_version = PLUGIN_API_VERSION;
static struct pluginfuncs *p = 0;
// Strip off @domain
if ((x = strchr(data->username, '@')))
{
- p->log(3, 0, 0, 0, "Stripping off trailing domain name \"%s\"\n", x);
+ p->log(3, 0, 0, "Stripping off trailing domain name \"%s\"\n", x);
*x = 0;
}
// L2TPNS: token bucket filters
-char const *cvs_id_tbf = "$Id: tbf.c,v 1.9 2004-11-05 04:55:27 bodea Exp $";
+char const *cvs_id_tbf = "$Id: tbf.c,v 1.10 2004-11-29 02:17:18 bodea Exp $";
#include <string.h>
#include "l2tpns.h"
if (filter_list[id].next == id) { // Last element in chain?
if (timer_chain != id) { // WTF?
- LOG(0,0,0,0, "Removed a singleton element from TBF, but tc didn't point to it!\n");
+ LOG(0, 0, 0, "Removed a singleton element from TBF, but tc didn't point to it!\n");
} else
timer_chain = -1;
filter_list[id].next = filter_list[id].prev = 0;
int i;
static int p = 0;
- LOG(4,0,0,0, "Allocating new TBF (sess %d, rate %d, helper %p)\n", sid, rate, f);
+ LOG(4, 0, 0, "Allocating new TBF (sess %d, rate %d, helper %p)\n", sid, rate, f);
if (!filter_list)
return 0; // Couldn't alloc memory!
return p;
}
- LOG(0,0,0,0, "Ran out of token bucket filters! Sess %d will be un-throttled\n", sid);
+ LOG(0, 0, 0, "Ran out of token bucket filters! Sess %d will be un-throttled\n", sid);
return 0;
}
if (filter_list[i].lasttime == TIME) // Did we just run it?
continue;
- LOG(1,0,0,0, "Missed tbf %d! Not on the timer chain?(n %d, p %d, tc %d)\n", i,
+ LOG(1, 0, 0, "Missed tbf %d! Not on the timer chain?(n %d, p %d, tc %d)\n", i,
filter_list[i].next, filter_list[i].prev, timer_chain);
tbf_run_queue(i);
}
return CLI_HELP_NO_ARGS;
if (!config->cluster_iam_master) {
- cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
+ cli_print(cli, "Can't do this on a slave. Do it on %s",
+ fmtaddr(config->cluster_master_address, 0));
+
return CLI_OK;
}
/* Misc util functions */
-char const *cvs_id_util = "$Id: util.c,v 1.6 2004-11-16 07:54:32 bodea Exp $";
+char const *cvs_id_util = "$Id: util.c,v 1.7 2004-11-29 02:17:18 bodea Exp $";
#include <unistd.h>
#include <errno.h>
#include "bgp.h"
#endif
-char *inet_toa(unsigned long addr)
+// format ipv4 addr as a dotted-quad; n chooses one of 4 static buffers
+// to use
+char *fmtaddr(ipt addr, int n)
{
+ static char addrs[4][16];
struct in_addr in;
- memcpy(&in, &addr, sizeof(unsigned long));
- return inet_ntoa(in);
+
+ if (n < 0 || n >= 4) return "";
+ in.s_addr = addr;
+ return strcpy(addrs[n], inet_ntoa(in));
}
void *shared_malloc(unsigned int size)
params.sched_priority = 0;
if (sched_setscheduler(0, SCHED_OTHER, ¶ms))
{
- LOG(0, 0, 0, 0, "Error setting scheduler to OTHER after fork: %s\n", strerror(errno));
- LOG(0, 0, 0, 0, "This is probably really really bad.\n");
+ LOG(0, 0, 0, "Error setting scheduler to OTHER after fork: %s\n", strerror(errno));
+ LOG(0, 0, 0, "This is probably really really bad.\n");
}
}
#ifndef __UTIL_H__
#define __UTIL_H__
-char *inet_toa(unsigned long addr);
+char *fmtaddr(ipt addr, int n);
void *shared_malloc(unsigned int size);
pid_t fork_and_close(void);
projects / l2tpns.git / commitdiff