Fix intercepts: don't double-snoop throttled customers, ensure
authorBrendan O'Dea <bod@optus.net>
Tue, 9 Nov 2004 05:42:53 +0000 (05:42 +0000)
committerBrendan O'Dea <bod@optus.net>
Tue, 9 Nov 2004 05:42:53 +0000 (05:42 +0000)
byte/packet counts are only updated once

Changes
l2tpns.c
ppp.c

diff --git a/Changes b/Changes
index 1813202..2d1c16f 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1,5 +1,7 @@
 ? Brendan O'Dea <bod@optusnet.com.au> 2.0.5
 - Handle routing properly in lone-master case 
 ? Brendan O'Dea <bod@optusnet.com.au> 2.0.5
 - Handle routing properly in lone-master case 
+- Fix intercepts:  don't double-snoop throttled customers, ensure
+  byte/packet counts are only updated once
 
 * Mon Nov 8 2004 Brendan O'Dea <bod@optusnet.com.au> 2.0.4
 - Added setrxspeed plugin
 
 * Mon Nov 8 2004 Brendan O'Dea <bod@optusnet.com.au> 2.0.4
 - Added setrxspeed plugin
index 5df2ef5..0414db7 100644 (file)
--- a/l2tpns.c
+++ b/l2tpns.c
@@ -4,7 +4,7 @@
 // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
 // vim: sw=8 ts=8
 
 // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
 // vim: sw=8 ts=8
 
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.45 2004-11-05 07:50:05 bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.46 2004-11-09 05:42:53 bodea Exp $";
 
 #include <arpa/inet.h>
 #include <assert.h>
 
 #include <arpa/inet.h>
 #include <assert.h>
@@ -787,10 +787,6 @@ void processipout(u8 * buf, int len)
                return;
        }
 
                return;
        }
 
-       // Snooping this session, send it to intercept box
-       if (sp->snoop_ip && sp->snoop_port)
-               snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
-
        LOG(5, session[s].ip, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
 
        // Add on L2TP header
        LOG(5, session[s].ip, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
 
        // Add on L2TP header
@@ -804,6 +800,10 @@ void processipout(u8 * buf, int len)
                tunnelsend(b, len + (p-b), t); // send it...
        }
 
                tunnelsend(b, len + (p-b), t); // send it...
        }
 
+       // Snooping this session, send it to intercept box
+       if (sp->snoop_ip && sp->snoop_port)
+               snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
+
        sp->cout += len; // byte count
        sp->total_cout += len; // byte count
        sp->pout++;
        sp->cout += len; // byte count
        sp->total_cout += len; // byte count
        sp->pout++;
@@ -837,15 +837,12 @@ void send_ipout(sessionidt s, u8 *buf, int len)
 
        if (!session[s].ip)
                return;
 
        if (!session[s].ip)
                return;
+
        t = session[s].tunnel;
        sp = &session[s];
 
        LOG(5, session[s].ip, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
 
        t = session[s].tunnel;
        sp = &session[s];
 
        LOG(5, session[s].ip, s, t, "Ethernet -> Tunnel (%d bytes)\n", len);
 
-       // Snooping this session.
-       if (sp->snoop_ip && sp->snoop_port)
-               snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
-
        // Add on L2TP header
        {
                u8 *p = makeppp(b, sizeof(b),  buf, len, t, s, PPPIP);
        // Add on L2TP header
        {
                u8 *p = makeppp(b, sizeof(b),  buf, len, t, s, PPPIP);
@@ -856,6 +853,11 @@ void send_ipout(sessionidt s, u8 *buf, int len)
                }
                tunnelsend(b, len + (p-b), t); // send it...
        }
                }
                tunnelsend(b, len + (p-b), t); // send it...
        }
+
+       // Snooping this session.
+       if (sp->snoop_ip && sp->snoop_port)
+               snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port);
+
        sp->cout += len; // byte count
        sp->total_cout += len; // byte count
        sp->pout++;
        sp->cout += len; // byte count
        sp->total_cout += len; // byte count
        sp->pout++;
diff --git a/ppp.c b/ppp.c
index b2d84ec..9d5a2f3 100644 (file)
--- a/ppp.c
+++ b/ppp.c
@@ -1,6 +1,6 @@
 // L2TPNS PPP Stuff
 
 // L2TPNS PPP Stuff
 
-char const *cvs_id_ppp = "$Id: ppp.c,v 1.22 2004-11-05 23:18:54 bodea Exp $";
+char const *cvs_id_ppp = "$Id: ppp.c,v 1.23 2004-11-09 05:42:53 bodea Exp $";
 
 #include <stdio.h>
 #include <string.h>
 
 #include <stdio.h>
 #include <string.h>
@@ -709,12 +709,6 @@ void processipin(tunnelidt t, sessionidt s, u8 *p, u16 l)
                return;
        }
 
                return;
        }
 
-       if (session[s].snoop_ip && session[s].snoop_port)
-       {
-               // Snooping this session
-               snoop_send_packet(p, l, session[s].snoop_ip, session[s].snoop_port);
-       }
-
        // Add on the tun header
        p -= 4;
        *(u32 *)p = htonl(0x00000800);
        // Add on the tun header
        p -= 4;
        *(u32 *)p = htonl(0x00000800);
@@ -725,16 +719,6 @@ void processipin(tunnelidt t, sessionidt s, u8 *p, u16 l)
                return;
        }
 
                return;
        }
 
-       session[s].cin += l - 4;
-       session[s].total_cin += l - 4;
-       sess_count[s].cin += l - 4;
-
-       session[s].pin++;
-       eth_tx += l - 4;
-
-       STAT(tun_tx_packets);
-       INC_STAT(tun_tx_bytes, l);
-
        if (session[s].tbf_in && config->cluster_iam_master) { // Are we throttled and a master?? actually handle the throttled packets.
                tbf_queue_packet(session[s].tbf_in, p, l);
                return;
        if (session[s].tbf_in && config->cluster_iam_master) { // Are we throttled and a master?? actually handle the throttled packets.
                tbf_queue_packet(session[s].tbf_in, p, l);
                return;
@@ -746,8 +730,25 @@ void processipin(tunnelidt t, sessionidt s, u8 *p, u16 l)
                STAT(tun_tx_errors);
                LOG(0, 0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
                        l, strerror(errno), tunfd, p);
                STAT(tun_tx_errors);
                LOG(0, 0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
                        l, strerror(errno), tunfd, p);
+
+               return;
        }
 
        }
 
+       if (session[s].snoop_ip && session[s].snoop_port)
+       {
+               // Snooping this session
+               snoop_send_packet(p + 4, l - 4, session[s].snoop_ip, session[s].snoop_port);
+       }
+
+       session[s].cin += l - 4;
+       session[s].total_cin += l - 4;
+       sess_count[s].cin += l - 4;
+
+       session[s].pin++;
+       eth_tx += l - 4;
+
+       STAT(tun_tx_packets);
+       INC_STAT(tun_tx_bytes, l - 4);
 }
 
 //
 }
 
 //
@@ -757,11 +758,20 @@ void processipin(tunnelidt t, sessionidt s, u8 *p, u16 l)
 void send_ipin(sessionidt s, u8 *buf, int len)
 {
        LOG_HEX(5, "IP in throttled", buf, len);
 void send_ipin(sessionidt s, u8 *buf, int len)
 {
        LOG_HEX(5, "IP in throttled", buf, len);
+
        if (write(tunfd, buf, len) < 0)
        {
                STAT(tun_tx_errors);
                LOG(0, 0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
                        len, strerror(errno), tunfd, buf);
        if (write(tunfd, buf, len) < 0)
        {
                STAT(tun_tx_errors);
                LOG(0, 0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
                        len, strerror(errno), tunfd, buf);
+
+               return;
+       }
+
+       if (session[s].snoop_ip && session[s].snoop_port)
+       {
+               // Snooping this session
+               snoop_send_packet(p + 4, l - 4, session[s].snoop_ip, session[s].snoop_port);
        }
 
        // Increment packet counters
        }
 
        // Increment packet counters
@@ -771,6 +781,9 @@ void send_ipin(sessionidt s, u8 *buf, int len)
 
        session[s].pin++;
        eth_tx += len - 4;
 
        session[s].pin++;
        eth_tx += len - 4;
+
+       STAT(tun_tx_packets);
+       INC_STAT(tun_tx_bytes, l - 4);
 }
 
 
 }