Merge from Master 2.2.1-2sames3.15
authorfendo <fendo@bi12info.com>
Fri, 19 Sep 2014 10:20:47 +0000 (12:20 +0200)
committerfendo <fendo@bi12info.com>
Fri, 19 Sep 2014 10:20:47 +0000 (12:20 +0200)
cluster.c
cluster.h
debian/changelog
dhcp6.c
icmp.c
l2tpns.c
l2tpns.h
ppp.c
radius.c

index 8e604db..329711a 100644 (file)
--- a/cluster.c
+++ b/cluster.c
@@ -1538,6 +1538,128 @@ struct oldsession {
        char reserved_3[11];
 };
 
+struct oldsessionV7 {
+       sessionidt next;                // next session in linked list
+       sessionidt far;                 // far end session ID
+       tunnelidt tunnel;               // near end tunnel ID
+       uint8_t flags;                  // session flags: see SESSION_*
+       struct {
+               uint8_t phase;          // PPP phase
+               uint8_t lcp:4;          //   LCP    state
+               uint8_t ipcp:4;         //   IPCP   state
+               uint8_t ipv6cp:4;       //   IPV6CP state
+               uint8_t ccp:4;          //   CCP    state
+       } ppp;
+       uint16_t mru;                   // maximum receive unit
+       in_addr_t ip;                   // IP of session set by RADIUS response (host byte order).
+       int ip_pool_index;              // index to IP pool
+       uint32_t unique_id;             // unique session id
+       uint32_t magic;                 // ppp magic number
+       uint32_t pin, pout;             // packet counts
+       uint32_t cin, cout;             // byte counts
+       uint32_t cin_wrap, cout_wrap;   // byte counter wrap count (RADIUS accounting giagawords)
+       uint32_t cin_delta, cout_delta; // byte count changes (for dump_session())
+       uint16_t throttle_in;           // upstream throttle rate (kbps)
+       uint16_t throttle_out;          // downstream throttle rate
+       uint8_t filter_in;              // input filter index (to ip_filters[N-1]; 0 if none)
+       uint8_t filter_out;             // output filter index
+       uint16_t snoop_port;            // Interception destination port
+       in_addr_t snoop_ip;             // Interception destination IP
+       clockt opened;                  // when started
+       clockt die;                     // being closed, when to finally free
+       uint32_t session_timeout;       // Maximum session time in seconds
+       uint32_t idle_timeout;          // Maximum idle time in seconds
+       time_t last_packet;             // Last packet from the user (used for idle timeouts)
+       time_t last_data;               // Last data packet to/from the user (used for idle timeouts)
+       in_addr_t dns1, dns2;           // DNS servers
+       routet route[MAXROUTE];         // static routes
+       uint16_t tbf_in;                // filter bucket for throttling in from the user.
+       uint16_t tbf_out;               // filter bucket for throttling out to the user.
+       int random_vector_length;
+       uint8_t random_vector[MAXTEL];
+       char user[MAXUSER];             // user (needed in session for radius stop messages)
+       char called[MAXTEL];            // called number
+       char calling[MAXTEL];           // calling number
+       uint32_t tx_connect_speed;
+       uint32_t rx_connect_speed;
+       clockt timeout;                 // Session timeout
+       uint32_t mrru;                  // Multilink Max-Receive-Reconstructed-Unit
+       epdist epdis;                   // Multilink Endpoint Discriminator
+       bundleidt bundle;               // Multilink Bundle Identifier
+       uint8_t mssf;                   // Multilink Short Sequence Number Header Format
+       uint8_t walled_garden;          // is this session gardened?
+       uint8_t classlen;               // class (needed for radius accounting messages)
+       char class[MAXCLASS];
+       uint8_t ipv6prefixlen;          // IPv6 route prefix length
+       struct in6_addr ipv6route;      // Static IPv6 route
+       sessionidt forwardtosession;    // LNS id_session to forward
+       uint8_t src_hwaddr[ETH_ALEN];   // MAC addr source (for pppoe sessions 6 bytes)
+       char reserved[4];               // Space to expand structure without changing HB_VERSION
+};
+
+struct oldsessionV8 {
+       sessionidt next;                // next session in linked list
+       sessionidt far;                 // far end session ID
+       tunnelidt tunnel;               // near end tunnel ID
+       uint8_t flags;                  // session flags: see SESSION_*
+       struct {
+               uint8_t phase;          // PPP phase
+               uint8_t lcp:4;          //   LCP    state
+               uint8_t ipcp:4;         //   IPCP   state
+               uint8_t ipv6cp:4;       //   IPV6CP state
+               uint8_t ccp:4;          //   CCP    state
+       } ppp;
+       uint16_t mru;                   // maximum receive unit
+       in_addr_t ip;                   // IP of session set by RADIUS response (host byte order).
+       int ip_pool_index;              // index to IP pool
+       uint32_t unique_id;             // unique session id
+       uint32_t magic;                 // ppp magic number
+       uint32_t pin, pout;             // packet counts
+       uint32_t cin, cout;             // byte counts
+       uint32_t cin_wrap, cout_wrap;   // byte counter wrap count (RADIUS accounting giagawords)
+       uint32_t cin_delta, cout_delta; // byte count changes (for dump_session())
+       uint16_t throttle_in;           // upstream throttle rate (kbps)
+       uint16_t throttle_out;          // downstream throttle rate
+       uint8_t filter_in;              // input filter index (to ip_filters[N-1]; 0 if none)
+       uint8_t filter_out;             // output filter index
+       uint16_t snoop_port;            // Interception destination port
+       in_addr_t snoop_ip;             // Interception destination IP
+       clockt opened;                  // when started
+       clockt die;                     // being closed, when to finally free
+       uint32_t session_timeout;       // Maximum session time in seconds
+       uint32_t idle_timeout;          // Maximum idle time in seconds
+       time_t last_packet;             // Last packet from the user (used for idle timeouts)
+       time_t last_data;               // Last data packet to/from the user (used for idle timeouts)
+       in_addr_t dns1, dns2;           // DNS servers
+       routet route[MAXROUTE];         // static routes
+       uint16_t tbf_in;                // filter bucket for throttling in from the user.
+       uint16_t tbf_out;               // filter bucket for throttling out to the user.
+       int random_vector_length;
+       uint8_t random_vector[MAXTEL];
+       char user[MAXUSER];             // user (needed in session for radius stop messages)
+       char called[MAXTEL];            // called number
+       char calling[MAXTEL];           // calling number
+       uint32_t tx_connect_speed;
+       uint32_t rx_connect_speed;
+       clockt timeout;                 // Session timeout
+       uint32_t mrru;                  // Multilink Max-Receive-Reconstructed-Unit
+       epdist epdis;                   // Multilink Endpoint Discriminator
+       bundleidt bundle;               // Multilink Bundle Identifier
+       uint8_t mssf;                   // Multilink Short Sequence Number Header Format
+       uint8_t walled_garden;          // is this session gardened?
+       uint8_t classlen;               // class (needed for radius accounting messages)
+       char class[MAXCLASS];
+       uint8_t ipv6prefixlen;          // IPv6 route prefix length
+       struct in6_addr ipv6route;      // Static IPv6 route
+       sessionidt forwardtosession;    // LNS id_session to forward
+       uint8_t src_hwaddr[ETH_ALEN];   // MAC addr source (for pppoe sessions 6 bytes)
+       uint32_t dhcpv6_prefix_iaid;    // prefix iaid requested by client
+       uint32_t dhcpv6_iana_iaid;              // iaid of iana requested by client
+       struct in6_addr ipv6address;    // Framed Ipv6 address
+       struct dhcp6_opt_clientid dhcpv6_client_id; // Size max (headers + DUID)
+       char reserved[4];               // Space to expand structure without changing HB_VERSION
+};
+
 static uint8_t *convert_session(struct oldsession *old)
 {
        static sessiont new;
@@ -1592,16 +1714,162 @@ static uint8_t *convert_session(struct oldsession *old)
        new.snoop_ip = old->snoop_ip;
        new.snoop_port = old->snoop_port;
        new.walled_garden = old->walled_garden;
-       new.ipv6prefixlen = old->ipv6prefixlen;
-       new.ipv6route = old->ipv6route;
+       new.route6[0].ipv6prefixlen = old->ipv6prefixlen;
+       new.route6[0].ipv6route = old->ipv6route;
+
+       memcpy(new.random_vector, old->random_vector, sizeof(new.random_vector));
+       memcpy(new.user, old->user, sizeof(new.user));
+       memcpy(new.called, old->called, sizeof(new.called));
+       memcpy(new.calling, old->calling, sizeof(new.calling));
+
+       for (i = 0; i < MAXROUTE; i++)
+               memcpy(&new.route[i], &old->route[i], sizeof(new.route[i]));
+
+       return (uint8_t *) &new;
+}
 
+static uint8_t *convert_sessionV7(struct oldsessionV7 *old)
+{
+       static sessiont new;
+       int i;
+
+       memset(&new, 0, sizeof(new));
+
+       new.next = old->next;
+       new.far = old->far;
+       new.tunnel = old->tunnel;
+       new.flags = old->flags;
+       new.ppp.phase = old->ppp.phase;
+       new.ppp.lcp = old->ppp.lcp;
+       new.ppp.ipcp = old->ppp.ipcp;
+       new.ppp.ipv6cp = old->ppp.ipv6cp;
+       new.ppp.ccp = old->ppp.ccp;
+       new.mru = old->mru;
+       new.ip = old->ip;
+       new.ip_pool_index = old->ip_pool_index;
+       new.unique_id = old->unique_id;
+       new.magic = old->magic;
+       new.pin = old->pin;
+       new.pout = old->pout;
+       new.cin = old->cin;
+       new.cout = old->cout;
+       new.cin_wrap = old->cin_wrap;
+       new.cout_wrap = old->cout_wrap;
+       new.cin_delta = old->cin_delta;
+       new.cout_delta = old->cout_delta;
+       new.throttle_in = old->throttle_in;
+       new.throttle_out = old->throttle_out;
+       new.filter_in = old->filter_in;
+       new.filter_out = old->filter_out;
+       new.snoop_port = old->snoop_port;
+       new.snoop_ip = old->snoop_ip;
+       new.opened = old->opened;
+       new.die = old->die;
+       new.session_timeout = old->session_timeout;
+       new.idle_timeout = old->idle_timeout;
+       new.last_packet = old->last_packet;
+       new.last_data = old->last_data;
+       new.dns1 = old->dns1;
+       new.dns2 = old->dns2;
+       for (i = 0; i < MAXROUTE; i++)
+               memcpy(&new.route[i], &old->route[i], sizeof(new.route[i]));
+       new.tbf_in = old->tbf_in;
+       new.tbf_out = old->tbf_out;
+       new.random_vector_length = old->random_vector_length;
        memcpy(new.random_vector, old->random_vector, sizeof(new.random_vector));
        memcpy(new.user, old->user, sizeof(new.user));
        memcpy(new.called, old->called, sizeof(new.called));
        memcpy(new.calling, old->calling, sizeof(new.calling));
+       new.tx_connect_speed = old->tx_connect_speed;
+       new.rx_connect_speed = old->rx_connect_speed;
+       new.timeout = old->timeout;
+       new.mrru = old->mrru;
+       new.epdis = old->epdis;
+       new.bundle = old->bundle;
+       new.mssf = old->mssf;
+       new.walled_garden = old->walled_garden;
+       new.classlen = old->classlen;
+       memcpy(new.class, old->class, sizeof(new.class));
+       new.route6[0].ipv6prefixlen = old->ipv6prefixlen;
+       new.route6[0].ipv6route = old->ipv6route;
+
+       new.forwardtosession = old->forwardtosession;
+       memcpy(new.src_hwaddr, old->src_hwaddr, sizeof(new.src_hwaddr));
+
+       return (uint8_t *) &new;
+}
+
+static uint8_t *convert_sessionV8(struct oldsessionV8 *old)
+{
+       static sessiont new;
+       int i;
 
+       memset(&new, 0, sizeof(new));
+
+       new.next = old->next;
+       new.far = old->far;
+       new.tunnel = old->tunnel;
+       new.flags = old->flags;
+       new.ppp.phase = old->ppp.phase;
+       new.ppp.lcp = old->ppp.lcp;
+       new.ppp.ipcp = old->ppp.ipcp;
+       new.ppp.ipv6cp = old->ppp.ipv6cp;
+       new.ppp.ccp = old->ppp.ccp;
+       new.mru = old->mru;
+       new.ip = old->ip;
+       new.ip_pool_index = old->ip_pool_index;
+       new.unique_id = old->unique_id;
+       new.magic = old->magic;
+       new.pin = old->pin;
+       new.pout = old->pout;
+       new.cin = old->cin;
+       new.cout = old->cout;
+       new.cin_wrap = old->cin_wrap;
+       new.cout_wrap = old->cout_wrap;
+       new.cin_delta = old->cin_delta;
+       new.cout_delta = old->cout_delta;
+       new.throttle_in = old->throttle_in;
+       new.throttle_out = old->throttle_out;
+       new.filter_in = old->filter_in;
+       new.filter_out = old->filter_out;
+       new.snoop_port = old->snoop_port;
+       new.snoop_ip = old->snoop_ip;
+       new.opened = old->opened;
+       new.die = old->die;
+       new.session_timeout = old->session_timeout;
+       new.idle_timeout = old->idle_timeout;
+       new.last_packet = old->last_packet;
+       new.last_data = old->last_data;
+       new.dns1 = old->dns1;
+       new.dns2 = old->dns2;
        for (i = 0; i < MAXROUTE; i++)
                memcpy(&new.route[i], &old->route[i], sizeof(new.route[i]));
+       new.tbf_in = old->tbf_in;
+       new.tbf_out = old->tbf_out;
+       new.random_vector_length = old->random_vector_length;
+       memcpy(new.random_vector, old->random_vector, sizeof(new.random_vector));
+       memcpy(new.user, old->user, sizeof(new.user));
+       memcpy(new.called, old->called, sizeof(new.called));
+       memcpy(new.calling, old->calling, sizeof(new.calling));
+       new.tx_connect_speed = old->tx_connect_speed;
+       new.rx_connect_speed = old->rx_connect_speed;
+       new.timeout = old->timeout;
+       new.mrru = old->mrru;
+       new.epdis = old->epdis;
+       new.bundle = old->bundle;
+       new.mssf = old->mssf;
+       new.walled_garden = old->walled_garden;
+       new.classlen = old->classlen;
+       memcpy(new.class, old->class, sizeof(new.class));
+       new.route6[0].ipv6prefixlen = old->ipv6prefixlen;
+       new.route6[0].ipv6route = old->ipv6route;
+
+       new.forwardtosession = old->forwardtosession;
+       memcpy(new.src_hwaddr, old->src_hwaddr, sizeof(new.src_hwaddr));
+       new.dhcpv6_prefix_iaid = old->dhcpv6_prefix_iaid;
+       new.dhcpv6_iana_iaid = old->dhcpv6_iana_iaid;
+       new.ipv6address = old->ipv6address;
+       new.dhcpv6_client_id = old->dhcpv6_client_id;
 
        return (uint8_t *) &new;
 }
@@ -1618,7 +1886,7 @@ static int cluster_process_heartbeat(uint8_t *data, int size, int more, uint8_t
        int i, type;
        int hb_ver = more;
 
-#if HB_VERSION != 8
+#if HB_VERSION != 9
 # error "need to update cluster_process_heartbeat()"
 #endif
 
@@ -1799,10 +2067,13 @@ static int cluster_process_heartbeat(uint8_t *data, int size, int more, uint8_t
                                if (size != sizeof(sessiont)) { // Ouch! Very very bad!
                                        if ((hb_ver < HB_VERSION) && (size < sizeof(sessiont)))
                                        {
-                                               // set to 0 the unused variables
-                                               memset(&c[size], 0, (sizeof(sessiont) - size));
-                                               LOG(3, 0, 0, "WARNING: Received a CSESSION from %s hb_version %d != %d current version !\n", fmtaddr(addr, 2), hb_ver, HB_VERSION);
-                                               // New feature not activated until the master has not been upgraded.
+                                               if ((hb_ver == 7) && (size == sizeof(struct oldsessionV7)))
+                                                       cluster_recv_session(more, convert_sessionV7((struct oldsessionV7 *) c));
+                                               else if (size == sizeof(struct oldsessionV8))
+                                                       cluster_recv_session(more, convert_sessionV8((struct oldsessionV8 *) c));
+                                               else
+                                                       LOG(0, 0, 0, "DANGER: Received a CSESSION version=%d that didn't decompress correctly!\n", hb_ver);
+                                               break;
                                        }
                                        else
                                        {
index 290c589..3df6c4d 100644 (file)
--- a/cluster.h
+++ b/cluster.h
@@ -29,7 +29,7 @@
 #define C_CGROUPE              22      // Compressed groupe structure.
 
 
-#define HB_VERSION             8       // Protocol version number..
+#define HB_VERSION             9       // Protocol version number..
 #define HB_MAX_SEQ             (1<<30) // Maximum sequence number. (MUST BE A POWER OF 2!)
 #define HB_HISTORY_SIZE                64      // How many old heartbeats we remember?? (Must be a factor of HB_MAX_SEQ)
 
index 1c96e14..14b5b52 100644 (file)
@@ -1,3 +1,11 @@
+l2tpns (2.2.1-2sames3.15) unstable; urgency=low
+
+  * new feature: If the user attribute "Framed-IPv6-Address" is defined then the ICMPv6_RA advertise this IPv6 address.
+  * Fix: Incorrect delegation of IPv6 prefixes when multiple of 4 bits (nibble) (eg: /44, /52 ...).
+  * Added ability to define up to 5 IPv6 prefix delegation by user.
+
+ -- Fernando Alves <fendo@sameswifi.fr>  Thu, 18 Sep 2014 18:36:43 +0200
+
 l2tpns (2.2.1-2sames3.14) unstable; urgency=low
 
   * Fix cluster slave; reset to 0, the end of the session when the master version < slave version.
@@ -7,7 +15,7 @@ l2tpns (2.2.1-2sames3.14) unstable; urgency=low
 
  -- Fernando Alves <fendo@sameswifi.fr>  Sun, 14 Sep 2014 18:27:09 +0200
 
-l2tpns (2.2.1-2sames3.12) UNRELEASED; urgency=low
+l2tpns (2.2.1-2sames3.12) unstable; urgency=low
 
   * Fix: throttle ipv6 out.
   * Fix: remove old IPV6 routes on slave
diff --git a/dhcp6.c b/dhcp6.c
index e422df5..171c1f0 100644 (file)
--- a/dhcp6.c
+++ b/dhcp6.c
@@ -98,21 +98,33 @@ static void dhcp6_send_reply(sessionidt s, tunnelidt t, struct in6_addr *ip6_src
                }
                else
                {
+                       struct dhcp6_opt_h *p_opt_head;
+                       int r;
+                       uint16_t lenopt;
+
                        if (list_option.p_mess_hdr->type == DHCP6_REQUEST || list_option.p_opt_rapidcommit)
                        {
                                session[s].dhcpv6_prefix_iaid = ((struct dhcp6_opt_ia_pd *)list_option.p_opt_ia_pd)->iaid;
                        }
 
-                       p_opt->len = htons(sizeof(struct dhcp6_opt_ia_pd) - sizeof(*p_opt) + sizeof(struct dhcp6_opt_ia_prefix));
+                       p_opt_head = p_opt;
+                       lenopt = sizeof(struct dhcp6_opt_ia_pd) - sizeof(*p_opt);
+
                        p_opt = (struct dhcp6_opt_h *) &((struct dhcp6_opt_ia_pd *)p_opt)[1];
 
-                       ((struct dhcp6_opt_ia_prefix *)p_opt)->hdr.code = htons(D6_OPT_IAPREFIX);
-                       ((struct dhcp6_opt_ia_prefix *)p_opt)->hdr.len = htons(sizeof(struct dhcp6_opt_ia_prefix) - sizeof(*p_opt));
-                       ((struct dhcp6_opt_ia_prefix *)p_opt)->pref_lifetime= (config->dhcp6_preferred_lifetime > 0) ? htonl(config->dhcp6_preferred_lifetime) : 0xFFFFFFFF;
-                       ((struct dhcp6_opt_ia_prefix *)p_opt)->valid_lifetime= (config->dhcp6_valid_lifetime > 0) ? htonl(config->dhcp6_valid_lifetime) : 0xFFFFFFFF;
-                       ((struct dhcp6_opt_ia_prefix *)p_opt)->prefix_len = session[s].ipv6prefixlen;
-                       ((struct dhcp6_opt_ia_prefix *)p_opt)->prefix = session[s].ipv6route;
-                        p_opt = (struct dhcp6_opt_h *) &((struct dhcp6_opt_ia_prefix *)p_opt)[1]; // next option
+                       for (r = 0; r < MAXROUTE6 && session[s].route6[r].ipv6route.s6_addr[0] && session[s].route6[r].ipv6prefixlen; r++)
+                       {
+                               ((struct dhcp6_opt_ia_prefix *)p_opt)->hdr.code = htons(D6_OPT_IAPREFIX);
+                               ((struct dhcp6_opt_ia_prefix *)p_opt)->hdr.len = htons(sizeof(struct dhcp6_opt_ia_prefix) - sizeof(*p_opt));
+                               ((struct dhcp6_opt_ia_prefix *)p_opt)->pref_lifetime= (config->dhcp6_preferred_lifetime > 0) ? htonl(config->dhcp6_preferred_lifetime) : 0xFFFFFFFF;
+                               ((struct dhcp6_opt_ia_prefix *)p_opt)->valid_lifetime= (config->dhcp6_valid_lifetime > 0) ? htonl(config->dhcp6_valid_lifetime) : 0xFFFFFFFF;
+                               ((struct dhcp6_opt_ia_prefix *)p_opt)->prefix_len = session[s].route6[r].ipv6prefixlen;
+                               ((struct dhcp6_opt_ia_prefix *)p_opt)->prefix = session[s].route6[r].ipv6route;
+
+                                p_opt = (struct dhcp6_opt_h *) &((struct dhcp6_opt_ia_prefix *)p_opt)[1]; // next option
+                                lenopt += sizeof(struct dhcp6_opt_ia_prefix);
+                       }
+                       p_opt_head->len = htons(lenopt);
                }
        }
 
@@ -257,6 +269,46 @@ static void dhcp6_send_reply(sessionidt s, tunnelidt t, struct in6_addr *ip6_src
        tunnelsend(b, len + (((uint8_t *) p_ip6_hdr)-b), t); // send it...
 }
 
+static char * get_msg_type(uint8_t type)
+{
+       switch(type)
+       {
+               case DHCP6_SOLICIT:
+               {
+                       return "Solicit";
+               }
+               break;
+
+               case DHCP6_REQUEST:
+                       return "Request";
+               break;
+
+               case DHCP6_RENEW:
+                       return "Renew";
+               break;
+
+               case DHCP6_INFORMATION_REQUEST:
+                       return "Information Request";
+               break;
+
+               case DHCP6_REBIND:
+                       return "Rebind";
+               break;
+
+               case DHCP6_RELEASE:
+                       return "Release";
+               break;
+
+               case DHCP6_DECLINE:
+                       return "Decline";
+               break;
+
+               default:
+                       return "Unknown";
+               break;
+       }
+}
+
 void dhcpv6_process(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 {
        struct ip6_hdr *p_ip6_hdr_in;
@@ -270,9 +322,9 @@ void dhcpv6_process(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
        p_ip6_hdr_in = (struct ip6_hdr *) p;
        p_mess_hdr = (struct dhcp6_mess_hdr *) (p + 48);
 
-       LOG(3, s, t, "Got DHCPv6 message Type: %d\n", p_mess_hdr->type);
+       LOG(3, s, t, "Got DHCPv6 message Type: %s(%d)\n", get_msg_type(p_mess_hdr->type), p_mess_hdr->type);
 
-       if (!session[s].ipv6route.s6_addr[0] || !session[s].ipv6prefixlen)
+       if (!session[s].route6[0].ipv6route.s6_addr[0] || !session[s].route6[0].ipv6prefixlen)
                return;
 
        p_opt = (struct dhcp6_opt_h *) &p_mess_hdr[1];
@@ -326,8 +378,6 @@ void dhcpv6_process(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
        {
                case DHCP6_SOLICIT:
                {
-                       LOG(3, s, t, "..(Type %d = Solicit)\n", p_mess_hdr->type);
-
                        if (!list_option.p_opt_clientid)
                        {
                                LOG(3, s, t, "DHCPv6: error no Client-ID\n");
@@ -369,8 +419,6 @@ void dhcpv6_process(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
                case DHCP6_REQUEST:
                {
-                       LOG(3, s, t, "..(Type %d = Request)\n", p_mess_hdr->type);
-
                        if (!list_option.p_opt_clientid)
                        {
                                LOG(3, s, t, "DHCPv6: error no Client-ID\n");
@@ -416,8 +464,6 @@ void dhcpv6_process(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
                case DHCP6_RENEW:
                {
-                       LOG(3, s, t, "..(Type %d = Renew)\n", p_mess_hdr->type);
-
                        if (!list_option.p_opt_clientid)
                        {
                                LOG(3, s, t, "DHCPv6: error no Client-ID\n");
@@ -448,8 +494,6 @@ void dhcpv6_process(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
                case DHCP6_INFORMATION_REQUEST:
                {
-                       LOG(3, s, t, "..(Type %d = Information Request)\n", p_mess_hdr->type);
-
                        if (!list_option.p_opt_clientid)
                        {
                                LOG(3, s, t, "DHCPv6: error no Client-ID\n");
@@ -462,24 +506,20 @@ void dhcpv6_process(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
                case DHCP6_REBIND:
                {
-                       LOG(3, s, t, "..(Type %d = Rebind)\n", p_mess_hdr->type);
                }
                break;
 
                case DHCP6_RELEASE:
                {
-                       LOG(3, s, t, "..(Type %d = Release)\n", p_mess_hdr->type);
                }
                break;
 
                case DHCP6_DECLINE:
                {
-                       LOG(3, s, t, "..(Type %d = Decline)\n", p_mess_hdr->type);
                }
                break;
 
                default:
-                       LOG(3, s, t, "Got unknown DHCPv6 Type: %d\n", *(p + 38));
                break;
        }
 
diff --git a/icmp.c b/icmp.c
index e458741..d03b60b 100644 (file)
--- a/icmp.c
+++ b/icmp.c
@@ -144,7 +144,13 @@ void send_ipv6_ra(sessionidt s, tunnelidt t, struct in6_addr *ip)
        pinfo->nd_opt_pi_preferred_time = htonl(604800);
        pinfo->nd_opt_pi_reserved2      = 0;
        pinfo->nd_opt_pi_prefix_len     = 64; // prefix length
-       pinfo->nd_opt_pi_prefix         = config->ipv6_prefix;
+       if (session[s].ipv6address.s6_addr[0])
+       {
+               // MSB 64bits of assigned IPv6 address to user (see radius attribut Framed-IPv6-Address)
+               memcpy(&pinfo->nd_opt_pi_prefix, &session[s].ipv6address.s6_addr[0], 8);
+       }
+       else
+               pinfo->nd_opt_pi_prefix     = config->ipv6_prefix;
 
        // // Length of payload (not header)
        p_ip6_hdr->ip6_plen = htons(sizeof(*pinfo) + sizeof(*p_nra));
index 5403364..5c887ec 100644 (file)
--- a/l2tpns.c
+++ b/l2tpns.c
@@ -99,7 +99,7 @@ union iphash ip_hash[256];    // Mapping from IP address to session structures.
 struct ipv6radix {
        sessionidt sess;
        struct ipv6radix *branch;
-} ipv6_hash[256];              // Mapping from IPv6 address to session structures.
+} ipv6_hash[16];               // Mapping from IPv6 address to session structures.
 
 // Traffic counters.
 static uint32_t udp_rx = 0, udp_rx_pkt = 0, udp_tx = 0;
@@ -980,19 +980,24 @@ static sessionidt lookup_ipv6map(struct in6_addr ip)
        char ipv6addr[INET6_ADDRSTRLEN];
 
        curnode = &ipv6_hash[ip.s6_addr[0]];
+       curnode = &ipv6_hash[((ip.s6_addr[0]) & 0xF0)>>4];
        i = 1;
        s = curnode->sess;
 
-       while (s == 0 && i < 15 && curnode->branch != NULL)
+       while (s == 0 && i < 32 && curnode->branch != NULL)
        {
-               curnode = &curnode->branch[ip.s6_addr[i]];
+               if (i & 1)
+                       curnode = &curnode->branch[ip.s6_addr[i>>1] & 0x0F];
+               else
+                       curnode = &curnode->branch[(ip.s6_addr[i>>1] & 0xF0)>>4];
+
                s = curnode->sess;
                i++;
        }
 
        LOG(4, s, session[s].tunnel, "Looking up address %s and got %d\n",
-                       inet_ntop(AF_INET6, &ip, ipv6addr,
-                               INET6_ADDRSTRLEN),
+                       inet_ntop(AF_INET6, &ip, ipv6addr,
+                       INET6_ADDRSTRLEN),
                        s);
 
        return s;
@@ -1033,6 +1038,19 @@ sessionidt sessionbyipv6(struct in6_addr ip)
        return 0;
 }
 
+sessionidt sessionbyipv6new(struct in6_addr ip)
+{
+       sessionidt s;
+       CSTAT(sessionbyipv6new);
+
+       s = lookup_ipv6map(ip);
+
+       if (s > 0 && s < MAXSESSION && session[s].opened)
+               return s;
+
+       return 0;
+}
+
 //
 // Take an IP address in HOST byte order and
 // add it to the sessionid by IP cache.
@@ -1072,22 +1090,28 @@ static void uncache_ipmap(in_addr_t ip)
 static void cache_ipv6map(struct in6_addr ip, int prefixlen, sessionidt s)
 {
        int i;
-       int bytes;
+       int niblles;
        struct ipv6radix *curnode;
        char ipv6addr[INET6_ADDRSTRLEN];
 
-       curnode = &ipv6_hash[ip.s6_addr[0]];
+       curnode = &ipv6_hash[((ip.s6_addr[0]) & 0xF0)>>4];
 
-       bytes = prefixlen >> 3;
+       niblles = prefixlen >> 2;
        i = 1;
-       while (i < bytes) {
+
+       while (i < niblles)
+       {
                if (curnode->branch == NULL)
                {
-                       if (!(curnode->branch = calloc(256,
-                                       sizeof (struct ipv6radix))))
+                       if (!(curnode->branch = calloc(16, sizeof (struct ipv6radix))))
                                return;
                }
-               curnode = &curnode->branch[ip.s6_addr[i]];
+
+               if (i & 1)
+                       curnode = &curnode->branch[ip.s6_addr[i>>1] & 0x0F];
+               else
+                       curnode = &curnode->branch[(ip.s6_addr[i>>1] & 0xF0)>>4];
+
                i++;
        }
 
@@ -1095,13 +1119,13 @@ static void cache_ipv6map(struct in6_addr ip, int prefixlen, sessionidt s)
 
        if (s > 0)
                LOG(4, s, session[s].tunnel, "Caching ip address %s/%d\n",
-                               inet_ntop(AF_INET6, &ip, ipv6addr, 
-                                       INET6_ADDRSTRLEN),
+                               inet_ntop(AF_INET6, &ip, ipv6addr,
+                               INET6_ADDRSTRLEN),
                                prefixlen);
        else if (s == 0)
                LOG(4, 0, 0, "Un-caching ip address %s/%d\n",
-                               inet_ntop(AF_INET6, &ip, ipv6addr, 
-                                       INET6_ADDRSTRLEN),
+                               inet_ntop(AF_INET6, &ip, ipv6addr,
+                               INET6_ADDRSTRLEN),
                                prefixlen);
 }
 
@@ -1152,7 +1176,6 @@ int cmd_show_ipcache(struct cli_def *cli, const char *command, char **argv, int
        return CLI_OK;
 }
 
-
 // Find session by username, 0 for not found
 // walled garden users aren't authenticated, so the username is
 // reasonably useless. Ignore them to avoid incorrect actions
@@ -1714,7 +1737,6 @@ static void processipv6out(uint8_t * buf, int len)
        sessionidt s;
        sessiont *sp;
        tunnelidt t;
-       in_addr_t ip;
        struct in6_addr ip6;
 
        uint8_t *data = buf;    // Keep a copy of the originals.
@@ -1753,10 +1775,9 @@ static void processipv6out(uint8_t * buf, int len)
 
        if (s == 0)
        {
-               ip = *(uint32_t *)(buf + 32);
-               s = sessionbyip(ip);
+               s = sessionbyipv6new(ip6);
        }
-       
+
        if (s == 0)
        {
                // Is this a packet for a session that doesn't exist?
@@ -2150,8 +2171,11 @@ void sessionshutdown(sessionidt s, char const *reason, int cdn_result, int cdn_e
                        free_ip_address(s);
 
                // unroute IPv6, if setup
-               if (session[s].ipv6route.s6_addr[0] && session[s].ipv6prefixlen && del_routes)
-                       route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 0);
+               for (r = 0; r < MAXROUTE6 && session[s].route6[r].ipv6route.s6_addr[0] && session[s].route6[r].ipv6prefixlen; r++)
+               {
+                       if (del_routes) route6set(s, session[s].route6[r].ipv6route, session[s].route6[r].ipv6prefixlen, 0);
+                       memset(&session[s].route6[r], 0, sizeof(session[s].route6[r]));
+               }
 
                if (session[s].ipv6address.s6_addr[0] && del_routes)
                {
@@ -2211,8 +2235,10 @@ void sessionshutdown(sessionidt s, char const *reason, int cdn_result, int cdn_e
                                                cache_ipmap(session[new_s].ip, new_s);
 
                                                // IPV6 route
-                                               if (session[new_s].ipv6prefixlen)
-                                                       cache_ipv6map(session[new_s].ipv6route, session[new_s].ipv6prefixlen, new_s);
+                                               for (r = 0; r < MAXROUTE6 && session[new_s].route6[r].ipv6prefixlen; r++)
+                                               {
+                                                       cache_ipv6map(session[new_s].route6[r].ipv6route, session[new_s].route6[r].ipv6prefixlen, new_s);
+                                               }
 
                                                if (session[new_s].ipv6address.s6_addr[0])
                                                {
@@ -5872,7 +5898,7 @@ int load_session(sessionidt s, sessiont *new)
        // needs update
        if (newip)
        {
-               int routed = 0;
+               int routed = 0;
 
                // remove old routes...
                for (i = 0; i < MAXROUTE && session[s].route[i].ip; i++)
@@ -5896,8 +5922,10 @@ int load_session(sessionidt s, sessiont *new)
                }
 
                // remove old IPV6 routes...
-               if (session[s].ipv6route.s6_addr[0] && session[s].ipv6prefixlen)
-                       route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 0);
+               for (i = 0; i < MAXROUTE6 && session[s].route6[i].ipv6route.s6_addr[0] && session[s].route6[i].ipv6prefixlen; i++)
+               {
+                       route6set(s, session[s].route6[i].ipv6route, session[s].route6[i].ipv6prefixlen, 0);
+               }
 
                if (session[s].ipv6address.s6_addr[0])
                {
@@ -5930,8 +5958,10 @@ int load_session(sessionidt s, sessiont *new)
        }
 
        // check v6 routing
-       if (new->ipv6prefixlen && new->ppp.ipv6cp == Opened && session[s].ppp.ipv6cp != Opened)
-               route6set(s, new->ipv6route, new->ipv6prefixlen, 1);
+       for (i = 0; i < MAXROUTE6 && new->route6[i].ipv6prefixlen; i++)
+       {
+               route6set(s, new->route6[i].ipv6route, new->route6[i].ipv6prefixlen, 1);
+       }
 
        if (new->ipv6address.s6_addr[0] && new->ppp.ipv6cp == Opened && session[s].ppp.ipv6cp != Opened)
        {
index 94784d2..a5a89f4 100644 (file)
--- a/l2tpns.h
+++ b/l2tpns.h
@@ -52,6 +52,7 @@
 #define MAXPLUGINS     20              // maximum number of plugins to load
 #define MAXRADSERVER   10              // max radius servers
 #define MAXROUTE       10              // max static routes per session
+#define MAXROUTE6      5               // max static Ipv6 routes per session
 #define MAXIPPOOL      131072          // max number of ip addresses in pool
 #define RINGBUFFER_SIZE        10000           // Number of ringbuffer entries to allocate
 #define MAX_LOG_LENGTH 512             // Maximum size of log message
@@ -256,6 +257,14 @@ typedef struct                     // route
 }
 routet;
 
+// structures
+typedef struct                 // route
+{
+       struct in6_addr ipv6route;      // Static IPv6 route
+       uint8_t ipv6prefixlen;          // IPv6 route prefix length
+}
+routet6;
+
 typedef struct controls                // control message
 {
        struct controls *next;  // next in queue
@@ -333,14 +342,13 @@ typedef struct
        uint8_t walled_garden;          // is this session gardened?
        uint8_t classlen;               // class (needed for radius accounting messages)
        char class[MAXCLASS];
-       uint8_t ipv6prefixlen;          // IPv6 route prefix length
-       struct in6_addr ipv6route;      // Static IPv6 route
        sessionidt forwardtosession;    // LNS id_session to forward
        uint8_t src_hwaddr[ETH_ALEN];   // MAC addr source (for pppoe sessions 6 bytes)
        uint32_t dhcpv6_prefix_iaid;    // prefix iaid requested by client
        uint32_t dhcpv6_iana_iaid;              // iaid of iana requested by client
        struct in6_addr ipv6address;    // Framed Ipv6 address
        struct dhcp6_opt_clientid dhcpv6_client_id; // Size max (headers + DUID)
+       routet6 route6[MAXROUTE6];              // static IPv6 routes
        char reserved[4];               // Space to expand structure without changing HB_VERSION
 }
 sessiont;
@@ -638,6 +646,7 @@ struct Tstats
     uint32_t   call_processudp;
     uint32_t   call_sessionbyip;
     uint32_t   call_sessionbyipv6;
+    uint32_t   call_sessionbyipv6new;
     uint32_t   call_sessionbyuser;
     uint32_t   call_sendarp;
     uint32_t   call_sendipcp;
@@ -986,6 +995,7 @@ void send_ipv6_ra(sessionidt s, tunnelidt t, struct in6_addr *ip);
 void route6set(sessionidt s, struct in6_addr ip, int prefixlen, int add);
 sessionidt sessionbyip(in_addr_t ip);
 sessionidt sessionbyipv6(struct in6_addr ip);
+sessionidt sessionbyipv6new(struct in6_addr ip);
 sessionidt sessionbyuser(char *username);
 void increment_counter(uint32_t *counter, uint32_t *wrap, uint32_t delta);
 void random_data(uint8_t *buf, int len);
diff --git a/ppp.c b/ppp.c
index 0259ab7..c4f9ab4 100644 (file)
--- a/ppp.c
+++ b/ppp.c
@@ -1481,11 +1481,14 @@ void processipcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
 static void ipv6cp_open(sessionidt s, tunnelidt t)
 {
+       int i;
        LOG(3, s, t, "IPV6CP: Opened\n");
 
        change_state(s, ipv6cp, Opened);
-       if (session[s].ipv6prefixlen)
-               route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 1);
+       for (i = 0; i < MAXROUTE6 && session[s].route6[i].ipv6prefixlen; i++)
+       {
+               route6set(s, session[s].route6[i].ipv6route, session[s].route6[i].ipv6prefixlen, 1);
+       }
 
        if (session[s].ipv6address.s6_addr[0])
        {
@@ -1579,8 +1582,16 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                                gotip++; // seen address
                                if (o[1] != 10) return;
 
-                               ident[0] = htonl(session[s].ip);
-                               ident[1] = 0;
+                               if (session[s].ipv6address.s6_addr[0])
+                               {
+                                       // LSB 64bits of assigned IPv6 address to user (see radius attribut Framed-IPv6-Address)
+                                       memcpy(&ident[0], &session[s].ipv6address.s6_addr[8], 8);
+                               }
+                               else
+                               {
+                                       ident[0] = htonl(session[s].ip);
+                                       ident[1] = 0;
+                               }
 
                                if (memcmp(o + 2, ident, sizeof(ident)))
                                {
@@ -2253,7 +2264,18 @@ void processipv6in(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                return;
 
        // no spoof
-       if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s)
+       if (session[s].ipv6address.s6_addr[0])
+       {
+               if ((sessionbyipv6new(ip) != s) &&
+                       (ip.s6_addr[0] != 0xFE || ip.s6_addr[1] != 0x80 || ip.s6_addr16[1] != 0 || ip.s6_addr16[2] != 0 || ip.s6_addr16[3] != 0))
+               {
+                       char str[INET6_ADDRSTRLEN];
+                       LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
+                                       inet_ntop(AF_INET6, &ip, str, INET6_ADDRSTRLEN));
+                       return;
+               }
+       }
+       else if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s)
        {
                char str[INET6_ADDRSTRLEN];
                LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
index 53f28b0..134afe2 100644 (file)
--- a/radius.c
+++ b/radius.c
@@ -534,7 +534,8 @@ void processrad(uint8_t *buf, int len, char socket_index)
        sessionidt s;
        tunnelidt t = 0;
        hasht hash;
-       uint8_t routes = 0;
+       int routes = 0;
+       int routes6 = 0;
        int r_code;
        int r_id;
        int OpentunnelReq = 0;
@@ -795,11 +796,17 @@ void processrad(uint8_t *buf, int len, char socket_index)
 
                                                if (prefixlen)
                                                {
-                                                       LOG(3, s, session[s].tunnel,
-                                                               "   Radius reply contains route for %s/%d\n",
-                                                               n, prefixlen);
-                                                       session[s].ipv6route = r6;
-                                                       session[s].ipv6prefixlen = prefixlen;
+                                                       if (routes6 == MAXROUTE6)
+                                                       {
+                                                               LOG(1, s, session[s].tunnel, "   Too many IPv6 routes\n");
+                                                       }
+                                                       else
+                                                       {
+                                                               LOG(3, s, session[s].tunnel, "   Radius reply contains route for %s/%d\n", n, prefixlen);
+                                                               session[s].route6[routes6].ipv6route = r6;
+                                                               session[s].route6[routes6].ipv6prefixlen = prefixlen;
+                                                               routes6++;
+                                                       }
                                                }
                                        }
                                        else if (*p == 123)
@@ -808,10 +815,19 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                                if ((p[1] > 4) && (p[3] > 0) && (p[3] <= 128))
                                                {
                                                        char ipv6addr[INET6_ADDRSTRLEN];
-                                                       memcpy(&session[s].ipv6route, &p[4], p[1] - 4);
-                                                       session[s].ipv6prefixlen = p[3];
-                                                       LOG(3, s, session[s].tunnel, "   Radius reply contains Delegated IPv6 Prefix %s/%d\n",
-                                                               inet_ntop(AF_INET6, &session[s].ipv6route, ipv6addr, INET6_ADDRSTRLEN), session[s].ipv6prefixlen);
+
+                                                       if (routes6 == MAXROUTE6)
+                                                       {
+                                                               LOG(1, s, session[s].tunnel, "   Too many IPv6 routes\n");
+                                                       }
+                                                       else
+                                                       {
+                                                               memcpy(&session[s].route6[routes6].ipv6route, &p[4], p[1] - 4);
+                                                               session[s].route6[routes6].ipv6prefixlen = p[3];
+                                                               LOG(3, s, session[s].tunnel, "   Radius reply contains Delegated IPv6 Prefix %s/%d\n",
+                                                                       inet_ntop(AF_INET6, &session[s].route6[routes6].ipv6route, ipv6addr, INET6_ADDRSTRLEN), session[s].route6[routes6].ipv6prefixlen);
+                                                               routes6++;
+                                                       }
                                                }
                                        }
                                        else if (*p == 168)