first version of the LAC functionality
authorfendo <fendo@bi12info.com>
Wed, 28 Nov 2012 22:43:33 +0000 (23:43 +0100)
committerfendo <fendo@bi12info.com>
Wed, 28 Nov 2012 22:43:33 +0000 (23:43 +0100)
Makefile
cli.c
l2tplac.c [new file with mode: 0644]
l2tplac.h [new file with mode: 0644]
l2tpns.c
l2tpns.h
ppp.c

index ea7e8df..e915e9b 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -43,6 +43,9 @@ endif
 DEFINES += -DBGP
 OBJS += bgp.o
 
 DEFINES += -DBGP
 OBJS += bgp.o
 
+DEFINES += -DLAC
+OBJS += l2tplac.o
+
 all: programs plugins
 programs: $(PROGRAMS)
 plugins: $(PLUGINS)
 all: programs plugins
 programs: $(PROGRAMS)
 plugins: $(PLUGINS)
diff --git a/cli.c b/cli.c
index 3f63413..5b0bcbc 100644 (file)
--- a/cli.c
+++ b/cli.c
@@ -31,6 +31,9 @@
 #ifdef BGP
 #include "bgp.h"
 #endif
 #ifdef BGP
 #include "bgp.h"
 #endif
+#ifdef LAC
+#include "l2tplac.h"
+#endif
 
 extern tunnelt *tunnel;
 extern bundlet *bundle;
 
 extern tunnelt *tunnel;
 extern bundlet *bundle;
@@ -99,7 +102,9 @@ static int cmd_remove_plugin(struct cli_def *cli, char *command, char **argv, in
 static int cmd_uptime(struct cli_def *cli, char *command, char **argv, int argc);
 static int cmd_shutdown(struct cli_def *cli, char *command, char **argv, int argc);
 static int cmd_reload(struct cli_def *cli, char *command, char **argv, int argc);
 static int cmd_uptime(struct cli_def *cli, char *command, char **argv, int argc);
 static int cmd_shutdown(struct cli_def *cli, char *command, char **argv, int argc);
 static int cmd_reload(struct cli_def *cli, char *command, char **argv, int argc);
-
+#ifdef LAC
+static int cmd_setforward(struct cli_def *cli, char *command, char **argv, int argc);
+#endif
 
 static int regular_stuff(struct cli_def *cli);
 
 
 static int regular_stuff(struct cli_def *cli);
 
@@ -222,6 +227,10 @@ void init_cli()
 
        cli_register_command(cli, NULL, "set", cmd_set, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Set a configuration variable");
 
 
        cli_register_command(cli, NULL, "set", cmd_set, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Set a configuration variable");
 
+#ifdef LAC
+       cli_register_command(cli, NULL, "setforward", cmd_setforward, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Set the Remote LNS Forward");
+#endif
+
        c = cli_register_command(cli, NULL, "ip", NULL, PRIVILEGE_PRIVILEGED, MODE_CONFIG, NULL);
        cli_register_command(cli, c, "access-list", cmd_ip_access_list, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Add named access-list");
 
        c = cli_register_command(cli, NULL, "ip", NULL, PRIVILEGE_PRIVILEGED, MODE_CONFIG, NULL);
        cli_register_command(cli, c, "access-list", cmd_ip_access_list, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Add named access-list");
 
@@ -3095,3 +3104,53 @@ static int cmd_reload(struct cli_def *cli, char *command, char **argv, int argc)
        kill(getppid(), SIGHUP);
        return CLI_OK;
 }
        kill(getppid(), SIGHUP);
        return CLI_OK;
 }
+
+#ifdef LAC
+
+static int cmd_setforward(struct cli_def *cli, char *command, char **argv, int argc)
+{
+       int ret;
+
+       if (CLI_HELP_REQUESTED)
+       {
+               switch (argc)
+               {
+               case 1:
+                       return cli_arg_help(cli, 0,
+                               "MASK", "Users mask to forward (ex: myISP@operator.com)", NULL);
+
+               case 2:
+                       return cli_arg_help(cli, 0,
+                               "IP", "IP of the remote LNS(ex: 64.64.64.64)", NULL);
+
+               case 3:
+                       return cli_arg_help(cli, 0,
+                               "PORT", "Port of the remote LNS (ex: 1701)", NULL);
+
+               case 4:
+                       return cli_arg_help(cli, 0,
+                               "SECRET", "l2tp secret of the remote LNS (ex: mysecretpsw)", NULL);
+
+               default:
+                       return cli_arg_help(cli, argc > 1, NULL);
+               }
+       }
+
+       if (argc != 4)
+       {
+               cli_error(cli, "Specify variable and value");
+               return CLI_OK;
+       }
+
+       // adremotelns(mask, IP_RemoteLNS, Port_RemoteLNS, SecretRemoteLNS)
+       ret = addremotelns(argv[0], argv[1], argv[2], argv[3]);
+
+       if (ret)
+               cli_print(cli, "setforward %s %s %s %s", argv[0], argv[1], argv[2], argv[3]);
+       else
+               cli_error(cli, "ERROR setforward %s %s %s %s", argv[0], argv[1], argv[2], argv[3]);
+
+       return CLI_OK;
+}
+
+#endif
diff --git a/l2tplac.c b/l2tplac.c
new file mode 100644 (file)
index 0000000..11ac963
--- /dev/null
+++ b/l2tplac.c
@@ -0,0 +1,322 @@
+/*
+ * Add functionality "LAC" to l2tpns.
+ * Used to forward a ppp session to another "LNS".
+ */
+#include <errno.h>
+#include <string.h>
+
+#include "md5.h"
+#include "l2tpns.h"
+#include "util.h"
+
+#include "l2tplac.h"
+
+/* sequence diagram: Client <--> LAC <--> LNS1 <--> LNS2
+ * 
+ *           LCP Negotiation
+ * Client <-------------------> LAC
+ *         Challenge (CHAP/PAP)
+ * Client <-------------------> LAC
+ *                                         SCCRQ
+ *                              LAC --------------------> LNS1 (Tunnel Open)
+ *                                         SCCRP
+ *                              LAC <-------------------- LNS1 (Tunnel Open)
+ *                                         SCCCN
+ *                              LAC --------------------> LNS1 (Tunnel Open)
+ *                                         ZLB
+ *                              LAC <-------------------- LNS1 (Tunnel Open)
+ *                                         ICRQ
+ *                              LAC --------------------> LNS1 (Session Open)
+ *                                         ICRP
+ *                              LAC <-------------------- LNS1 (Session Open)
+ *                                         ICCN
+ *                              LAC --------------------> LNS1 (Session Open)
+ *                                         ZLB
+ *                              LAC <-------------------- LNS1 (Session Open)
+ *                        LCP Negotiation
+ * Client <---------------------------------------------> LNS1
+ *                        Challenge (CHAP/PAP)
+ * Client <---------------------------------------------> LNS1
+ *                                                                    SCCRQ
+ *                                                        LNS1 --------------------> LNS2 (Tunnel Open)
+ *                                                                    SCCRP
+ *                                                        LNS1 <-------------------- LNS2 (Tunnel Open)
+ *                                                                    SCCCN
+ *                                                        LNS1 --------------------> LNS2 (Tunnel Open)
+ *                                                                    ZLB
+ *                                                        LNS1 <-------------------- LNS2 (Tunnel Open)
+ *                                                                    ICRQ
+ *                                                        LNS1 --------------------> LNS2 (Session Open)
+ *                                                                    ICRP
+ *                                                        LNS1 <-------------------- LNS2 (Session Open)
+ *                                                                    ICCN
+ *                                                        LNS1 --------------------> LNS2 (Session Open)
+ *                                                                    ZLB
+ *                                                        LNS1 <-------------------- LNS2 (Session Open)
+ *                                   LCP Negotiation
+ * Client <------------------------------------------------------------------------> LNS2
+ *                                   PAP/CHAP Authentification
+ * Client <------------------------------------------------------------------------> LNS2
+ *                                   DATA (ppp)
+ * Client <------------------------------------------------------------------------> LNS2
+ * */
+
+// Limits
+#define MAXRLNSTUNNEL  101
+
+typedef uint16_t confrlnsidt;
+
+/*
+ * Possible configrlns states
+ * TUNNELFREE -> TUNNELOPEN -> TUNNELDIE -> TUNNELFREE
+ */
+enum
+{
+       CONFRLNSFREE = 0,       // Not in use
+       CONFRLNSSET             // Config Set
+};
+
+// struct remote lns
+typedef struct
+{
+       tunnelidt tid;          // near end tunnel ID
+       int state;                      // conf state (tunnelstate enum)
+       in_addr_t ip;           // Ip for far end
+       uint16_t port;          // port for far end
+       hasht auth;                     // request authenticator
+       char strmaskuser[MAXUSER];
+       char l2tp_secret[64];           // L2TP shared secret
+}
+configrlns;
+
+configrlns *pconfigrlns = NULL;                        // Array of tunnel structures.
+
+// Init data structures
+void initremotelnsdata()
+{
+       confrlnsidt i;
+
+       if ( !(pconfigrlns = shared_malloc(sizeof(pconfigrlns[0]) * MAXRLNSTUNNEL)) )
+       {
+               LOG(0, 0, 0, "Error doing malloc for tunnels lac: %s\n", strerror(errno));
+               exit(1);
+       }
+
+       memset(pconfigrlns, 0, sizeof(pconfigrlns[0]) * MAXRLNSTUNNEL);
+
+       // Mark all the tunnels as undefined (waiting to be filled in by a download).
+       for (i = 1; i < MAXRLNSTUNNEL; i++)
+               pconfigrlns[i].state = CONFRLNSFREE;    // mark it as not filled in.
+
+       config->highest_rlnsid = 0;
+}
+
+// Check if must be forwarded to another LNS
+int forwardtolns(sessionidt s, char * puser)
+{
+       tunnelidt t;
+       confrlnsidt i;
+
+       for (i = 1; i <= config->highest_rlnsid ; ++i)
+       {
+               if ( NULL != strstr(puser, pconfigrlns[i].strmaskuser))
+               {
+                       t = pconfigrlns[i].tid;
+
+                       if ((t != 0) && (tunnel[t].ip != pconfigrlns[i].ip))
+                       {
+                               pconfigrlns[i].tid = t = 0;
+                               LOG(1, 0, t, "Tunnel ID inconsistency\n");
+                       }
+
+                       if (t == 0)
+                       {
+                               if (main_quit == QUIT_SHUTDOWN) return 0;
+
+                               // Start Open Tunnel
+                               if (!(t = lac_new_tunnel()))
+                               {
+                                       LOG(1, 0, 0, "No more tunnels\n");
+                                       STAT(tunnel_overflow);
+                                       return 0;
+                               }
+                               lac_tunnelclear(t);
+                               tunnel[t].ip = pconfigrlns[i].ip;
+                               tunnel[t].port = pconfigrlns[i].port;
+                               tunnel[t].window = 4; // default window
+                               STAT(tunnel_created);
+                               LOG(1, 0, t, "New (REMOTE LNS) tunnel to %s:%u ID %u\n", fmtaddr(htonl(tunnel[t].ip), 0), tunnel[t].port, t);
+
+                               random_data(pconfigrlns[i].auth, sizeof(pconfigrlns[i].auth));
+
+                               pconfigrlns[i].tid = t;
+
+                               lac_send_SCCRQ(t, pconfigrlns[i].auth, sizeof(pconfigrlns[i].auth));
+                       }
+                       else if (tunnel[t].state == TUNNELOPEN)
+                       {
+                               if (main_quit != QUIT_SHUTDOWN)
+                               {
+                                       /**********************/
+                                       /** Open New session **/
+                                       /**********************/
+                                       sessionidt new_sess = sessionfree;
+
+                                       sessionfree = session[new_sess].next;
+                                       memset(&session[new_sess], 0, sizeof(session[new_sess]));
+
+                                       if (new_sess > config->cluster_highest_sessionid)
+                                               config->cluster_highest_sessionid = new_sess;
+
+                                       session[new_sess].opened = time_now;
+                                       session[new_sess].tunnel = t;
+                                       session[new_sess].last_packet = session[s].last_data = time_now;
+
+                                       session[new_sess].ppp.phase = Establish;
+                                       session[new_sess].ppp.lcp = Starting;
+
+                                       // Sent ICRQ  Incoming-call-request
+                                       lac_send_ICRQ(t, new_sess);
+
+                                       // Set session to forward to another LNS
+                                       session[s].forwardtosession = new_sess;
+                                       session[new_sess].forwardtosession = s;
+
+                                       STAT(session_created);
+                               }
+                               else
+                               {
+                                       lac_tunnelshutdown(t, "Shutting down", 6, 0, 0);
+                                       pconfigrlns[i].tid = 0;
+                               }
+                       }
+                       else
+                       {
+                               /** TODO **/
+                               LOG(1, 0, t, "(REMOTE LNS) tunnel is not open\n");
+                       }
+
+                       return 1;
+               }
+       }
+
+       return 0;
+}
+
+static tunnelidt getidrlns(tunnelidt t)
+{
+       confrlnsidt idrlns;
+
+       for (idrlns = 1; idrlns <= config->highest_rlnsid ; ++idrlns)
+       {
+               if (pconfigrlns[idrlns].tid == t) return idrlns;
+       }
+
+       return 0;
+}
+
+int istunneltolns(tunnelidt t)
+{
+       confrlnsidt idrlns;
+
+       for (idrlns = 1; idrlns <= config->highest_rlnsid ; ++idrlns)
+       {
+               if (pconfigrlns[idrlns].tid == t) return 1;
+       }
+
+       return 0;
+}
+
+void calc_lac_auth(tunnelidt t, uint8_t id, uint8_t *out)
+{
+       MD5_CTX ctx;
+       confrlnsidt idrlns;
+
+       idrlns = getidrlns(t);
+
+       MD5_Init(&ctx);
+       MD5_Update(&ctx, &id, 1);
+       MD5_Update(&ctx, pconfigrlns[idrlns].l2tp_secret, strlen(pconfigrlns[idrlns].l2tp_secret));
+       MD5_Update(&ctx, pconfigrlns[idrlns].auth, 16);
+       MD5_Final(out, &ctx);
+}
+
+// Forward session to external LNS
+int session_forward_tolns(uint8_t *buf, int len, sessionidt sess, uint16_t proto)
+{
+       uint16_t t = 0, s = 0;
+       uint8_t *p = buf + 2; // First word L2TP options
+
+       s = session[sess].forwardtosession;
+       if (session[s].forwardtosession != sess)
+       {
+               LOG(0, sess, session[sess].tunnel, "Link Session (%u) broken\n", s);
+               return 0;
+       }
+
+       t = session[s].tunnel;
+       if (t >= MAXTUNNEL)
+       {
+               LOG(1, s, t, "Session with invalid tunnel ID\n");
+               return 0;
+       }
+
+       if (*buf & 0x40)
+       {   // length
+               p += 2;
+       }
+
+       *(uint16_t *) p = htons(tunnel[t].far); // tunnel
+       p += 2;
+       *(uint16_t *) p = htons(session[s].far); // session
+       p += 2;
+
+       if (*buf & 0x08)
+       {   // ns/nr
+               *(uint16_t *) p = htons(tunnel[t].ns); // sequence
+               p += 2;
+               *(uint16_t *) p = htons(tunnel[t].nr); // sequence
+               p += 2;
+       }
+
+       if ((proto == PPPIP) || (proto == PPPMP) ||(proto == PPPIPV6 && config->ipv6_prefix.s6_addr[0]))
+       {
+               session[sess].last_packet = session[sess].last_data = time_now;
+       }
+       else
+               session[sess].last_packet = time_now;
+
+       tunnelsend(buf, len, t); // send it...
+
+       return 1;
+}
+
+int addremotelns(char *mask, char *IP_RemoteLNS, char *Port_RemoteLNS, char *SecretRemoteLNS)
+{
+       confrlnsidt idrlns;
+
+       for (idrlns = 1; idrlns < MAXRLNSTUNNEL; ++idrlns)
+       {
+               if (pconfigrlns[idrlns].state == CONFRLNSFREE)
+               {
+                       snprintf((char *) pconfigrlns[idrlns].strmaskuser, sizeof(pconfigrlns[idrlns].strmaskuser), "%s", mask);
+                       pconfigrlns[idrlns].ip = ntohl(inet_addr(IP_RemoteLNS));
+                       pconfigrlns[idrlns].port = atoi(Port_RemoteLNS);
+                       snprintf((char *) pconfigrlns[idrlns].l2tp_secret, sizeof(pconfigrlns[idrlns].l2tp_secret), "%s", SecretRemoteLNS);
+
+                       config->highest_rlnsid = idrlns;
+
+                       pconfigrlns[idrlns].state = CONFRLNSSET;
+
+                       LOG(1, 0, 0, "New Remote LNS conf (count %u) mask:%s IP:%s Port:%u l2tpsecret:*****\n", idrlns,
+                               pconfigrlns[idrlns].strmaskuser, fmtaddr(htonl(pconfigrlns[idrlns].ip), 0),
+                               pconfigrlns[idrlns].port);
+
+                       return 1;
+               }
+       }
+
+       LOG(0, 0, 0, "No more Remote LNS Conf Free\n");
+
+       return 0;
+}
diff --git a/l2tplac.h b/l2tplac.h
new file mode 100644 (file)
index 0000000..ba81a8e
--- /dev/null
+++ b/l2tplac.h
@@ -0,0 +1,14 @@
+/* L2TPLAC */
+/* $Id: l2tplac.h,v 1.0 2012-07-01 14:49:28 fendo Exp $ */
+
+#ifndef __L2TPLAC_H__
+#define __L2TPLAC_H__
+
+// l2tplac.c
+void initremotelnsdata();
+int session_forward_tolns(uint8_t *buf, int len, sessionidt sess, uint16_t proto);
+int forwardtolns(sessionidt s, char * puser);
+void calc_lac_auth(tunnelidt t, uint8_t id, uint8_t *out);
+int istunneltolns(tunnelidt t);
+int addremotelns(char *mask, char *IP_RemoteLNS, char *Port_RemoteLNS, char *SecretRemoteLNS);
+#endif /* __L2TPLAC_H__ */
index ed85a91..d4bb9ca 100644 (file)
--- a/l2tpns.c
+++ b/l2tpns.c
 #include "bgp.h"
 #endif
 
 #include "bgp.h"
 #endif
 
+#ifdef LAC
+#include "l2tplac.h"
+#endif
+
+#ifdef LAC
+char * Vendor_name = "Linux L2TPNS";
+uint32_t call_serial_number = 0;
+#endif
+
 // Globals
 configt *config = NULL;                // all configuration
 int nlfd = -1;                 // netlink socket
 // Globals
 configt *config = NULL;                // all configuration
 int nlfd = -1;                 // netlink socket
@@ -160,8 +169,10 @@ config_descriptt config_values[] = {
        CONFIG("ipv6_prefix", ipv6_prefix, IPv6),
        CONFIG("cli_bind_address", cli_bind_address, IPv4),
        CONFIG("hostname", hostname, STRING),
        CONFIG("ipv6_prefix", ipv6_prefix, IPv6),
        CONFIG("cli_bind_address", cli_bind_address, IPv4),
        CONFIG("hostname", hostname, STRING),
+#ifdef BGP
        CONFIG("nexthop_address", nexthop_address, IPv4),
        CONFIG("nexthop6_address", nexthop6_address, IPv6),
        CONFIG("nexthop_address", nexthop_address, IPv4),
        CONFIG("nexthop6_address", nexthop6_address, IPv6),
+#endif
        CONFIG("echo_timeout", echo_timeout, INT),
        CONFIG("idle_echo_timeout", idle_echo_timeout, INT),
        { NULL, 0, 0, 0 },
        CONFIG("echo_timeout", echo_timeout, INT),
        CONFIG("idle_echo_timeout", idle_echo_timeout, INT),
        { NULL, 0, 0, 0 },
@@ -224,13 +235,6 @@ static tunnelidt new_tunnel(void);
 static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len);
 static void bundleclear(bundleidt b);
 
 static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len);
 static void bundleclear(bundleidt b);
 
-// on slaves, alow BGP to withdraw cleanly before exiting
-#define QUIT_DELAY     5
-
-// quit actions (master)
-#define QUIT_FAILOVER  1 // SIGTERM: exit when all control messages have been acked (for cluster failover)
-#define QUIT_SHUTDOWN  2 // SIGQUIT: shutdown sessions/tunnels, reject new connections
-
 // return internal time (10ths since process startup), set f if given
 // as a side-effect sets time_now, and time_changed
 static clockt now(double *f)
 // return internal time (10ths since process startup), set f if given
 // as a side-effect sets time_now, and time_changed
 static clockt now(double *f)
@@ -2719,6 +2723,15 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                                        }
                                        break;
                                case 13:    // Response
                                        }
                                        break;
                                case 13:    // Response
+#ifdef LAC
+                                       if (istunneltolns(t))
+                                       {
+                                               chapresponse = calloc(17, 1);
+                                               memcpy(chapresponse, b, (n < 17) ? n : 16);
+                                               LOG(1, s, t, "received challenge response from (REMOTE LNS)\n");
+                                       }
+                                       else
+#endif /* LAC */
                                        // Why did they send a response? We never challenge.
                                        LOG(2, s, t, "   received unexpected challenge response\n");
                                        break;
                                        // Why did they send a response? We never challenge.
                                        LOG(2, s, t, "   received unexpected challenge response\n");
                                        break;
@@ -2962,6 +2975,39 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                                case 2:       // SCCRP
                                        tunnel[t].state = TUNNELOPEN;
                                        tunnel[t].lastrec = time_now;
                                case 2:       // SCCRP
                                        tunnel[t].state = TUNNELOPEN;
                                        tunnel[t].lastrec = time_now;
+#ifdef LAC
+                                       LOG(1, s, t, "Recieved SCCRP (REMOTE LNS)\n");
+                                       if (main_quit != QUIT_SHUTDOWN)
+                                       {
+                                               if (istunneltolns(t) && chapresponse)
+                                               {
+                                                       hasht hash;
+
+                                                       calc_lac_auth(t, 2, hash); // id = 2 (SCCRP)
+                                                       // check authenticator
+                                                       if (memcmp(hash, chapresponse, 16) == 0)
+                                                       {
+                                                               controlt *c = controlnew(3); // sending SCCCN
+                                                               controls(c, 7, hostname, 1); // host name
+                                                               controls(c, 8, Vendor_name, 1); // Vendor name
+                                                               control16(c, 2, version, 1); // protocol version
+                                                               control32(c, 3, 3, 1); // framing Capabilities
+                                                               control16(c, 9, t, 1); // assigned tunnel
+                                                               controladd(c, 0, t); // send
+
+                                                               LOG(1, s, t, "sending SCCCN (REMOTE LNS)\n");
+                                                       }
+                                                       else
+                                                       {
+                                                               tunnelshutdown(t, "(REMOTE LNS) Bad chap response", 4, 0, 0);
+                                                       }
+                                               }
+                                       }
+                                       else
+                                       {
+                                               tunnelshutdown(t, "Shutting down", 6, 0, 0);
+                                       }
+#endif /* LAC */
                                        break;
                                case 3:       // SCCN
                                        tunnel[t].state = TUNNELOPEN;
                                        break;
                                case 3:       // SCCN
                                        tunnel[t].state = TUNNELOPEN;
@@ -3029,7 +3075,23 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                                        }
                                        return;
                                case 11:      // ICRP
                                        }
                                        return;
                                case 11:      // ICRP
-                                       // TBA
+#ifdef LAC
+                               LOG(1, s, t, "Recieved ICRP (REMOTE LNS)\n");
+                               if (session[s].forwardtosession)
+                               {
+                                       controlt *c = controlnew(12); // ICCN
+
+                                       session[s].opened = time_now;
+                                       session[s].tunnel = t;
+                                       session[s].far = asession;
+                                       session[s].last_packet = session[s].last_data = time_now;
+
+                                       control32(c, 19, 1, 1); // Framing Type
+                                       control32(c, 24, 10000000, 1); // Tx Connect Speed
+                                       controladd(c, asession, t); // send the message
+                                       LOG(1, s, t, "Sending ICCN (REMOTE LNS)\n");
+                               }
+#endif /* LAC */
                                        break;
                                case 12:      // ICCN
                                        if (amagic == 0) amagic = time_now;
                                        break;
                                case 12:      // ICCN
                                        if (amagic == 0) amagic = time_now;
@@ -3052,6 +3114,9 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
 
                                case 14:      // CDN
                                        controlnull(t); // ack
 
                                case 14:      // CDN
                                        controlnull(t); // ack
+#ifdef LAC
+
+#endif /* LAC */
                                        sessionshutdown(s, disc_reason, CDN_NONE, disc_cause);
                                        break;
                                case 0xFFFF:
                                        sessionshutdown(s, disc_reason, CDN_NONE, disc_cause);
                                        break;
                                case 0xFFFF:
@@ -3101,6 +3166,16 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                        l -= 2;
                }
 
                        l -= 2;
                }
 
+#ifdef LAC
+               if (session[s].forwardtosession)
+               {
+                       LOG(4, s, t, "Forwarding data session to %u (REMOTE LNS)\n", session[s].forwardtosession);
+                       // Forward to Remote LNS
+                       session_forward_tolns(buf, len, s, proto);
+                       return;
+               }
+#endif /* LAC */
+
                if (s && !session[s].opened)    // Is something wrong??
                {
                        if (!config->cluster_iam_master)
                if (s && !session[s].opened)    // Is something wrong??
                {
                        if (!config->cluster_iam_master)
@@ -3110,7 +3185,6 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
                                return;
                        }
 
                                return;
                        }
 
-
                        LOG(1, s, t, "UDP packet contains session which is not opened.  Dropping packet.\n");
                        STAT(tunnel_rx_errors);
                        return;
                        LOG(1, s, t, "UDP packet contains session which is not opened.  Dropping packet.\n");
                        STAT(tunnel_rx_errors);
                        return;
@@ -4400,6 +4474,10 @@ static void initdata(int optdebug, char *optconfig)
                exit(1);
        }
 #endif /* BGP */
                exit(1);
        }
 #endif /* BGP */
+
+#ifdef LAC
+       initremotelnsdata();
+#endif
 }
 
 static int assign_ip_address(sessionidt s)
 }
 
 static int assign_ip_address(sessionidt s)
@@ -6146,3 +6224,52 @@ int ip_filter(uint8_t *buf, int len, uint8_t filter)
        // default deny
        return 0;
 }
        // default deny
        return 0;
 }
+
+#ifdef LAC
+
+tunnelidt lac_new_tunnel()
+{
+       return new_tunnel();
+}
+
+void lac_tunnelclear(tunnelidt t)
+{
+       tunnelclear(t);
+}
+
+void lac_send_SCCRQ(tunnelidt t, uint8_t * auth, unsigned int auth_len)
+{
+       uint16_t version = 0x0100;      // protocol version
+
+       tunnel[t].state = TUNNELOPENING;
+
+       // Sent SCCRQ - Start Control Connection Request
+       controlt *c = controlnew(1); // sending SCCRQ
+       controls(c, 7, hostname, 1); // host name
+       controls(c, 8, Vendor_name, 1); // Vendor name
+       control16(c, 2, version, 1); // protocol version
+       control32(c, 3, 3, 1); // framing Capabilities
+       control16(c, 9, t, 1); // assigned tunnel
+       controlb(c, 11, (uint8_t *) auth, auth_len, 1);  // CHAP Challenge
+       LOG(1, 0, t, "Sent SCCRQ tunnel (REMOTE LNS)\n");
+       controladd(c, 0, t); // send
+}
+
+void lac_send_ICRQ(tunnelidt t, sessionidt s)
+{
+       // Sent ICRQ  Incoming-call-request
+       controlt *c = controlnew(10); // ICRQ
+
+       control16(c, 14, s, 1); // assigned sesion
+       call_serial_number++;
+       control32(c, 15, call_serial_number, 1);  // call serial number
+       LOG(1, s, t, "Sent ICRQ (REMOTE LNS) (tunnel far ID %u)\n", tunnel[t].far);
+       controladd(c, 0, t); // send
+}
+
+void lac_tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg)
+{
+       tunnelshutdown(t, reason, result, error, msg);
+}
+
+#endif
index 6314ae7..e83234d 100644 (file)
--- a/l2tpns.h
+++ b/l2tpns.h
@@ -321,7 +321,12 @@ typedef struct
        char class[MAXCLASS];
        uint8_t ipv6prefixlen;          // IPv6 route prefix length
        struct in6_addr ipv6route;      // Static IPv6 route
        char class[MAXCLASS];
        uint8_t ipv6prefixlen;          // IPv6 route prefix length
        struct in6_addr ipv6route;      // Static IPv6 route
+#ifdef LAC
+       sessionidt forwardtosession;    // LNS id_session to forward
+       char reserved[10];              // Space to expand structure without changing HB_VERSION
+#else
        char reserved[12];              // Space to expand structure without changing HB_VERSION
        char reserved[12];              // Space to expand structure without changing HB_VERSION
+#endif
 }
 sessiont;
 
 }
 sessiont;
 
@@ -750,6 +755,9 @@ typedef struct
        int echo_timeout; // Time between last packet sent and LCP ECHO generation
        int idle_echo_timeout; // Time between last packet seen and
                                                   // Drop sessions who have not responded within IDLE_ECHO_TIMEOUT seconds
        int echo_timeout; // Time between last packet sent and LCP ECHO generation
        int idle_echo_timeout; // Time between last packet seen and
                                                   // Drop sessions who have not responded within IDLE_ECHO_TIMEOUT seconds
+#ifdef LAC
+       int highest_rlnsid;
+#endif
 } configt;
 
 enum config_typet { INT, STRING, UNSIGNED_LONG, SHORT, BOOL, IPv4, IPv6 };
 } configt;
 
 enum config_typet { INT, STRING, UNSIGNED_LONG, SHORT, BOOL, IPv4, IPv6 };
@@ -843,6 +851,13 @@ typedef struct
 #define TERM_PORT_REINIT               21
 #define TERM_PORT_DISABLED             22
 
 #define TERM_PORT_REINIT               21
 #define TERM_PORT_DISABLED             22
 
+// on slaves, alow BGP to withdraw cleanly before exiting
+#define QUIT_DELAY     5
+
+// quit actions (master)
+#define QUIT_FAILOVER  1 // SIGTERM: exit when all control messages have been acked (for cluster failover)
+#define QUIT_SHUTDOWN  2 // SIGQUIT: shutdown sessions/tunnels, reject new connections
+
 // arp.c
 void sendarp(int ifr_idx, const unsigned char* mac, in_addr_t ip);
 
 // arp.c
 void sendarp(int ifr_idx, const unsigned char* mac, in_addr_t ip);
 
@@ -904,6 +919,13 @@ int ip_filter(uint8_t *buf, int len, uint8_t filter);
 int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc);
+#ifdef LAC
+tunnelidt lac_new_tunnel();
+void lac_tunnelclear(tunnelidt t);
+void lac_send_SCCRQ(tunnelidt t, uint8_t * auth, unsigned int auth_len);
+void lac_send_ICRQ(tunnelidt t, sessionidt s);
+void lac_tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg);
+#endif
 
 #undef LOG
 #undef LOG_HEX
 
 #undef LOG
 #undef LOG_HEX
diff --git a/ppp.c b/ppp.c
index f9a60ac..518f6ec 100644 (file)
--- a/ppp.c
+++ b/ppp.c
@@ -1,5 +1,7 @@
 // L2TPNS PPP Stuff
 
 // L2TPNS PPP Stuff
 
+//#define LAC
+
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
 #include "tbf.h"
 #include "cluster.h"
 
 #include "tbf.h"
 #include "cluster.h"
 
+#ifdef LAC
+#include "l2tplac.h"
+#endif
+
 extern tunnelt *tunnel;
 extern bundlet *bundle;
 extern fragmentationt *frag;
 extern tunnelt *tunnel;
 extern bundlet *bundle;
 extern fragmentationt *frag;
@@ -100,6 +106,14 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                LOG(3, s, t, "PAP login %s/%s\n", user, pass);
        }
 
                LOG(3, s, t, "PAP login %s/%s\n", user, pass);
        }
 
+#ifdef LAC
+       if (forwardtolns(s, user))
+       {
+               LOG(3, s, t, "Forwarding login for %s to other LNS\n", user);
+               return;
+       }
+#endif
+
        if (session[s].ip || !(r = radiusnew(s)))
        {
                // respond now, either no RADIUS available or already authenticated
        if (session[s].ip || !(r = radiusnew(s)))
        {
                // respond now, either no RADIUS available or already authenticated
@@ -251,6 +265,17 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                packet.username = calloc(l + 1, 1);
                memcpy(packet.username, p, l);
 
                packet.username = calloc(l + 1, 1);
                memcpy(packet.username, p, l);
 
+#ifdef LAC
+               if (forwardtolns(s, packet.username))
+               {
+                       LOG(3, s, t, "Forwarding login for %s to other LNS\n", packet.username);
+
+                       free(packet.username);
+                       free(packet.password);
+                       return;
+               }
+#endif
+
                run_plugins(PLUGIN_PRE_AUTH, &packet);
                if (!packet.continue_auth)
                {
                run_plugins(PLUGIN_PRE_AUTH, &packet);
                if (!packet.continue_auth)
                {