char reserved_3[11];
};
+struct oldsessionV7 {
+ sessionidt next; // next session in linked list
+ sessionidt far; // far end session ID
+ tunnelidt tunnel; // near end tunnel ID
+ uint8_t flags; // session flags: see SESSION_*
+ struct {
+ uint8_t phase; // PPP phase
+ uint8_t lcp:4; // LCP state
+ uint8_t ipcp:4; // IPCP state
+ uint8_t ipv6cp:4; // IPV6CP state
+ uint8_t ccp:4; // CCP state
+ } ppp;
+ uint16_t mru; // maximum receive unit
+ in_addr_t ip; // IP of session set by RADIUS response (host byte order).
+ int ip_pool_index; // index to IP pool
+ uint32_t unique_id; // unique session id
+ uint32_t magic; // ppp magic number
+ uint32_t pin, pout; // packet counts
+ uint32_t cin, cout; // byte counts
+ uint32_t cin_wrap, cout_wrap; // byte counter wrap count (RADIUS accounting giagawords)
+ uint32_t cin_delta, cout_delta; // byte count changes (for dump_session())
+ uint16_t throttle_in; // upstream throttle rate (kbps)
+ uint16_t throttle_out; // downstream throttle rate
+ uint8_t filter_in; // input filter index (to ip_filters[N-1]; 0 if none)
+ uint8_t filter_out; // output filter index
+ uint16_t snoop_port; // Interception destination port
+ in_addr_t snoop_ip; // Interception destination IP
+ clockt opened; // when started
+ clockt die; // being closed, when to finally free
+ uint32_t session_timeout; // Maximum session time in seconds
+ uint32_t idle_timeout; // Maximum idle time in seconds
+ time_t last_packet; // Last packet from the user (used for idle timeouts)
+ time_t last_data; // Last data packet to/from the user (used for idle timeouts)
+ in_addr_t dns1, dns2; // DNS servers
+ routet route[MAXROUTE]; // static routes
+ uint16_t tbf_in; // filter bucket for throttling in from the user.
+ uint16_t tbf_out; // filter bucket for throttling out to the user.
+ int random_vector_length;
+ uint8_t random_vector[MAXTEL];
+ char user[MAXUSER]; // user (needed in session for radius stop messages)
+ char called[MAXTEL]; // called number
+ char calling[MAXTEL]; // calling number
+ uint32_t tx_connect_speed;
+ uint32_t rx_connect_speed;
+ clockt timeout; // Session timeout
+ uint32_t mrru; // Multilink Max-Receive-Reconstructed-Unit
+ epdist epdis; // Multilink Endpoint Discriminator
+ bundleidt bundle; // Multilink Bundle Identifier
+ uint8_t mssf; // Multilink Short Sequence Number Header Format
+ uint8_t walled_garden; // is this session gardened?
+ uint8_t classlen; // class (needed for radius accounting messages)
+ char class[MAXCLASS];
+ uint8_t ipv6prefixlen; // IPv6 route prefix length
+ struct in6_addr ipv6route; // Static IPv6 route
+ sessionidt forwardtosession; // LNS id_session to forward
+ uint8_t src_hwaddr[ETH_ALEN]; // MAC addr source (for pppoe sessions 6 bytes)
+ char reserved[4]; // Space to expand structure without changing HB_VERSION
+};
+
+struct oldsessionV8 {
+ sessionidt next; // next session in linked list
+ sessionidt far; // far end session ID
+ tunnelidt tunnel; // near end tunnel ID
+ uint8_t flags; // session flags: see SESSION_*
+ struct {
+ uint8_t phase; // PPP phase
+ uint8_t lcp:4; // LCP state
+ uint8_t ipcp:4; // IPCP state
+ uint8_t ipv6cp:4; // IPV6CP state
+ uint8_t ccp:4; // CCP state
+ } ppp;
+ uint16_t mru; // maximum receive unit
+ in_addr_t ip; // IP of session set by RADIUS response (host byte order).
+ int ip_pool_index; // index to IP pool
+ uint32_t unique_id; // unique session id
+ uint32_t magic; // ppp magic number
+ uint32_t pin, pout; // packet counts
+ uint32_t cin, cout; // byte counts
+ uint32_t cin_wrap, cout_wrap; // byte counter wrap count (RADIUS accounting giagawords)
+ uint32_t cin_delta, cout_delta; // byte count changes (for dump_session())
+ uint16_t throttle_in; // upstream throttle rate (kbps)
+ uint16_t throttle_out; // downstream throttle rate
+ uint8_t filter_in; // input filter index (to ip_filters[N-1]; 0 if none)
+ uint8_t filter_out; // output filter index
+ uint16_t snoop_port; // Interception destination port
+ in_addr_t snoop_ip; // Interception destination IP
+ clockt opened; // when started
+ clockt die; // being closed, when to finally free
+ uint32_t session_timeout; // Maximum session time in seconds
+ uint32_t idle_timeout; // Maximum idle time in seconds
+ time_t last_packet; // Last packet from the user (used for idle timeouts)
+ time_t last_data; // Last data packet to/from the user (used for idle timeouts)
+ in_addr_t dns1, dns2; // DNS servers
+ routet route[MAXROUTE]; // static routes
+ uint16_t tbf_in; // filter bucket for throttling in from the user.
+ uint16_t tbf_out; // filter bucket for throttling out to the user.
+ int random_vector_length;
+ uint8_t random_vector[MAXTEL];
+ char user[MAXUSER]; // user (needed in session for radius stop messages)
+ char called[MAXTEL]; // called number
+ char calling[MAXTEL]; // calling number
+ uint32_t tx_connect_speed;
+ uint32_t rx_connect_speed;
+ clockt timeout; // Session timeout
+ uint32_t mrru; // Multilink Max-Receive-Reconstructed-Unit
+ epdist epdis; // Multilink Endpoint Discriminator
+ bundleidt bundle; // Multilink Bundle Identifier
+ uint8_t mssf; // Multilink Short Sequence Number Header Format
+ uint8_t walled_garden; // is this session gardened?
+ uint8_t classlen; // class (needed for radius accounting messages)
+ char class[MAXCLASS];
+ uint8_t ipv6prefixlen; // IPv6 route prefix length
+ struct in6_addr ipv6route; // Static IPv6 route
+ sessionidt forwardtosession; // LNS id_session to forward
+ uint8_t src_hwaddr[ETH_ALEN]; // MAC addr source (for pppoe sessions 6 bytes)
+ uint32_t dhcpv6_prefix_iaid; // prefix iaid requested by client
+ uint32_t dhcpv6_iana_iaid; // iaid of iana requested by client
+ struct in6_addr ipv6address; // Framed Ipv6 address
+ struct dhcp6_opt_clientid dhcpv6_client_id; // Size max (headers + DUID)
+ char reserved[4]; // Space to expand structure without changing HB_VERSION
+};
+
static uint8_t *convert_session(struct oldsession *old)
{
static sessiont new;
new.snoop_ip = old->snoop_ip;
new.snoop_port = old->snoop_port;
new.walled_garden = old->walled_garden;
- new.ipv6prefixlen = old->ipv6prefixlen;
- new.ipv6route = old->ipv6route;
+ new.route6[0].ipv6prefixlen = old->ipv6prefixlen;
+ new.route6[0].ipv6route = old->ipv6route;
+
+ memcpy(new.random_vector, old->random_vector, sizeof(new.random_vector));
+ memcpy(new.user, old->user, sizeof(new.user));
+ memcpy(new.called, old->called, sizeof(new.called));
+ memcpy(new.calling, old->calling, sizeof(new.calling));
+
+ for (i = 0; i < MAXROUTE; i++)
+ memcpy(&new.route[i], &old->route[i], sizeof(new.route[i]));
+
+ return (uint8_t *) &new;
+}
+static uint8_t *convert_sessionV7(struct oldsessionV7 *old)
+{
+ static sessiont new;
+ int i;
+
+ memset(&new, 0, sizeof(new));
+
+ new.next = old->next;
+ new.far = old->far;
+ new.tunnel = old->tunnel;
+ new.flags = old->flags;
+ new.ppp.phase = old->ppp.phase;
+ new.ppp.lcp = old->ppp.lcp;
+ new.ppp.ipcp = old->ppp.ipcp;
+ new.ppp.ipv6cp = old->ppp.ipv6cp;
+ new.ppp.ccp = old->ppp.ccp;
+ new.mru = old->mru;
+ new.ip = old->ip;
+ new.ip_pool_index = old->ip_pool_index;
+ new.unique_id = old->unique_id;
+ new.magic = old->magic;
+ new.pin = old->pin;
+ new.pout = old->pout;
+ new.cin = old->cin;
+ new.cout = old->cout;
+ new.cin_wrap = old->cin_wrap;
+ new.cout_wrap = old->cout_wrap;
+ new.cin_delta = old->cin_delta;
+ new.cout_delta = old->cout_delta;
+ new.throttle_in = old->throttle_in;
+ new.throttle_out = old->throttle_out;
+ new.filter_in = old->filter_in;
+ new.filter_out = old->filter_out;
+ new.snoop_port = old->snoop_port;
+ new.snoop_ip = old->snoop_ip;
+ new.opened = old->opened;
+ new.die = old->die;
+ new.session_timeout = old->session_timeout;
+ new.idle_timeout = old->idle_timeout;
+ new.last_packet = old->last_packet;
+ new.last_data = old->last_data;
+ new.dns1 = old->dns1;
+ new.dns2 = old->dns2;
+ for (i = 0; i < MAXROUTE; i++)
+ memcpy(&new.route[i], &old->route[i], sizeof(new.route[i]));
+ new.tbf_in = old->tbf_in;
+ new.tbf_out = old->tbf_out;
+ new.random_vector_length = old->random_vector_length;
memcpy(new.random_vector, old->random_vector, sizeof(new.random_vector));
memcpy(new.user, old->user, sizeof(new.user));
memcpy(new.called, old->called, sizeof(new.called));
memcpy(new.calling, old->calling, sizeof(new.calling));
+ new.tx_connect_speed = old->tx_connect_speed;
+ new.rx_connect_speed = old->rx_connect_speed;
+ new.timeout = old->timeout;
+ new.mrru = old->mrru;
+ new.epdis = old->epdis;
+ new.bundle = old->bundle;
+ new.mssf = old->mssf;
+ new.walled_garden = old->walled_garden;
+ new.classlen = old->classlen;
+ memcpy(new.class, old->class, sizeof(new.class));
+ new.route6[0].ipv6prefixlen = old->ipv6prefixlen;
+ new.route6[0].ipv6route = old->ipv6route;
+
+ new.forwardtosession = old->forwardtosession;
+ memcpy(new.src_hwaddr, old->src_hwaddr, sizeof(new.src_hwaddr));
+
+ return (uint8_t *) &new;
+}
+
+static uint8_t *convert_sessionV8(struct oldsessionV8 *old)
+{
+ static sessiont new;
+ int i;
+ memset(&new, 0, sizeof(new));
+
+ new.next = old->next;
+ new.far = old->far;
+ new.tunnel = old->tunnel;
+ new.flags = old->flags;
+ new.ppp.phase = old->ppp.phase;
+ new.ppp.lcp = old->ppp.lcp;
+ new.ppp.ipcp = old->ppp.ipcp;
+ new.ppp.ipv6cp = old->ppp.ipv6cp;
+ new.ppp.ccp = old->ppp.ccp;
+ new.mru = old->mru;
+ new.ip = old->ip;
+ new.ip_pool_index = old->ip_pool_index;
+ new.unique_id = old->unique_id;
+ new.magic = old->magic;
+ new.pin = old->pin;
+ new.pout = old->pout;
+ new.cin = old->cin;
+ new.cout = old->cout;
+ new.cin_wrap = old->cin_wrap;
+ new.cout_wrap = old->cout_wrap;
+ new.cin_delta = old->cin_delta;
+ new.cout_delta = old->cout_delta;
+ new.throttle_in = old->throttle_in;
+ new.throttle_out = old->throttle_out;
+ new.filter_in = old->filter_in;
+ new.filter_out = old->filter_out;
+ new.snoop_port = old->snoop_port;
+ new.snoop_ip = old->snoop_ip;
+ new.opened = old->opened;
+ new.die = old->die;
+ new.session_timeout = old->session_timeout;
+ new.idle_timeout = old->idle_timeout;
+ new.last_packet = old->last_packet;
+ new.last_data = old->last_data;
+ new.dns1 = old->dns1;
+ new.dns2 = old->dns2;
for (i = 0; i < MAXROUTE; i++)
memcpy(&new.route[i], &old->route[i], sizeof(new.route[i]));
+ new.tbf_in = old->tbf_in;
+ new.tbf_out = old->tbf_out;
+ new.random_vector_length = old->random_vector_length;
+ memcpy(new.random_vector, old->random_vector, sizeof(new.random_vector));
+ memcpy(new.user, old->user, sizeof(new.user));
+ memcpy(new.called, old->called, sizeof(new.called));
+ memcpy(new.calling, old->calling, sizeof(new.calling));
+ new.tx_connect_speed = old->tx_connect_speed;
+ new.rx_connect_speed = old->rx_connect_speed;
+ new.timeout = old->timeout;
+ new.mrru = old->mrru;
+ new.epdis = old->epdis;
+ new.bundle = old->bundle;
+ new.mssf = old->mssf;
+ new.walled_garden = old->walled_garden;
+ new.classlen = old->classlen;
+ memcpy(new.class, old->class, sizeof(new.class));
+ new.route6[0].ipv6prefixlen = old->ipv6prefixlen;
+ new.route6[0].ipv6route = old->ipv6route;
+
+ new.forwardtosession = old->forwardtosession;
+ memcpy(new.src_hwaddr, old->src_hwaddr, sizeof(new.src_hwaddr));
+ new.dhcpv6_prefix_iaid = old->dhcpv6_prefix_iaid;
+ new.dhcpv6_iana_iaid = old->dhcpv6_iana_iaid;
+ new.ipv6address = old->ipv6address;
+ new.dhcpv6_client_id = old->dhcpv6_client_id;
return (uint8_t *) &new;
}
int i, type;
int hb_ver = more;
-#if HB_VERSION != 8
+#if HB_VERSION != 9
# error "need to update cluster_process_heartbeat()"
#endif
if (size != sizeof(sessiont)) { // Ouch! Very very bad!
if ((hb_ver < HB_VERSION) && (size < sizeof(sessiont)))
{
- // set to 0 the unused variables
- memset(&c[size], 0, (sizeof(sessiont) - size));
- LOG(3, 0, 0, "WARNING: Received a CSESSION from %s hb_version %d != %d current version !\n", fmtaddr(addr, 2), hb_ver, HB_VERSION);
- // New feature not activated until the master has not been upgraded.
+ if ((hb_ver == 7) && (size == sizeof(struct oldsessionV7)))
+ cluster_recv_session(more, convert_sessionV7((struct oldsessionV7 *) c));
+ else if (size == sizeof(struct oldsessionV8))
+ cluster_recv_session(more, convert_sessionV8((struct oldsessionV8 *) c));
+ else
+ LOG(0, 0, 0, "DANGER: Received a CSESSION version=%d that didn't decompress correctly!\n", hb_ver);
+ break;
}
else
{
#define C_CGROUPE 22 // Compressed groupe structure.
-#define HB_VERSION 8 // Protocol version number..
+#define HB_VERSION 9 // Protocol version number..
#define HB_MAX_SEQ (1<<30) // Maximum sequence number. (MUST BE A POWER OF 2!)
#define HB_HISTORY_SIZE 64 // How many old heartbeats we remember?? (Must be a factor of HB_MAX_SEQ)
+l2tpns (2.2.1-2sames3.15) unstable; urgency=low
+
+ * new feature: If the user attribute "Framed-IPv6-Address" is defined then the ICMPv6_RA advertise this IPv6 address.
+ * Fix: Incorrect delegation of IPv6 prefixes when multiple of 4 bits (nibble) (eg: /44, /52 ...).
+ * Added ability to define up to 5 IPv6 prefix delegation by user.
+
+ -- Fernando Alves <fendo@sameswifi.fr> Thu, 18 Sep 2014 18:36:43 +0200
+
l2tpns (2.2.1-2sames3.14) unstable; urgency=low
* Fix cluster slave; reset to 0, the end of the session when the master version < slave version.
-- Fernando Alves <fendo@sameswifi.fr> Sun, 14 Sep 2014 18:27:09 +0200
-l2tpns (2.2.1-2sames3.12) UNRELEASED; urgency=low
+l2tpns (2.2.1-2sames3.12) unstable; urgency=low
* Fix: throttle ipv6 out.
* Fix: remove old IPV6 routes on slave
}
else
{
+ struct dhcp6_opt_h *p_opt_head;
+ int r;
+ uint16_t lenopt;
+
if (list_option.p_mess_hdr->type == DHCP6_REQUEST || list_option.p_opt_rapidcommit)
{
session[s].dhcpv6_prefix_iaid = ((struct dhcp6_opt_ia_pd *)list_option.p_opt_ia_pd)->iaid;
}
- p_opt->len = htons(sizeof(struct dhcp6_opt_ia_pd) - sizeof(*p_opt) + sizeof(struct dhcp6_opt_ia_prefix));
+ p_opt_head = p_opt;
+ lenopt = sizeof(struct dhcp6_opt_ia_pd) - sizeof(*p_opt);
+
p_opt = (struct dhcp6_opt_h *) &((struct dhcp6_opt_ia_pd *)p_opt)[1];
- ((struct dhcp6_opt_ia_prefix *)p_opt)->hdr.code = htons(D6_OPT_IAPREFIX);
- ((struct dhcp6_opt_ia_prefix *)p_opt)->hdr.len = htons(sizeof(struct dhcp6_opt_ia_prefix) - sizeof(*p_opt));
- ((struct dhcp6_opt_ia_prefix *)p_opt)->pref_lifetime= (config->dhcp6_preferred_lifetime > 0) ? htonl(config->dhcp6_preferred_lifetime) : 0xFFFFFFFF;
- ((struct dhcp6_opt_ia_prefix *)p_opt)->valid_lifetime= (config->dhcp6_valid_lifetime > 0) ? htonl(config->dhcp6_valid_lifetime) : 0xFFFFFFFF;
- ((struct dhcp6_opt_ia_prefix *)p_opt)->prefix_len = session[s].ipv6prefixlen;
- ((struct dhcp6_opt_ia_prefix *)p_opt)->prefix = session[s].ipv6route;
- p_opt = (struct dhcp6_opt_h *) &((struct dhcp6_opt_ia_prefix *)p_opt)[1]; // next option
+ for (r = 0; r < MAXROUTE6 && session[s].route6[r].ipv6route.s6_addr[0] && session[s].route6[r].ipv6prefixlen; r++)
+ {
+ ((struct dhcp6_opt_ia_prefix *)p_opt)->hdr.code = htons(D6_OPT_IAPREFIX);
+ ((struct dhcp6_opt_ia_prefix *)p_opt)->hdr.len = htons(sizeof(struct dhcp6_opt_ia_prefix) - sizeof(*p_opt));
+ ((struct dhcp6_opt_ia_prefix *)p_opt)->pref_lifetime= (config->dhcp6_preferred_lifetime > 0) ? htonl(config->dhcp6_preferred_lifetime) : 0xFFFFFFFF;
+ ((struct dhcp6_opt_ia_prefix *)p_opt)->valid_lifetime= (config->dhcp6_valid_lifetime > 0) ? htonl(config->dhcp6_valid_lifetime) : 0xFFFFFFFF;
+ ((struct dhcp6_opt_ia_prefix *)p_opt)->prefix_len = session[s].route6[r].ipv6prefixlen;
+ ((struct dhcp6_opt_ia_prefix *)p_opt)->prefix = session[s].route6[r].ipv6route;
+
+ p_opt = (struct dhcp6_opt_h *) &((struct dhcp6_opt_ia_prefix *)p_opt)[1]; // next option
+ lenopt += sizeof(struct dhcp6_opt_ia_prefix);
+ }
+ p_opt_head->len = htons(lenopt);
}
}
tunnelsend(b, len + (((uint8_t *) p_ip6_hdr)-b), t); // send it...
}
+static char * get_msg_type(uint8_t type)
+{
+ switch(type)
+ {
+ case DHCP6_SOLICIT:
+ {
+ return "Solicit";
+ }
+ break;
+
+ case DHCP6_REQUEST:
+ return "Request";
+ break;
+
+ case DHCP6_RENEW:
+ return "Renew";
+ break;
+
+ case DHCP6_INFORMATION_REQUEST:
+ return "Information Request";
+ break;
+
+ case DHCP6_REBIND:
+ return "Rebind";
+ break;
+
+ case DHCP6_RELEASE:
+ return "Release";
+ break;
+
+ case DHCP6_DECLINE:
+ return "Decline";
+ break;
+
+ default:
+ return "Unknown";
+ break;
+ }
+}
+
void dhcpv6_process(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
{
struct ip6_hdr *p_ip6_hdr_in;
p_ip6_hdr_in = (struct ip6_hdr *) p;
p_mess_hdr = (struct dhcp6_mess_hdr *) (p + 48);
- LOG(3, s, t, "Got DHCPv6 message Type: %d\n", p_mess_hdr->type);
+ LOG(3, s, t, "Got DHCPv6 message Type: %s(%d)\n", get_msg_type(p_mess_hdr->type), p_mess_hdr->type);
- if (!session[s].ipv6route.s6_addr[0] || !session[s].ipv6prefixlen)
+ if (!session[s].route6[0].ipv6route.s6_addr[0] || !session[s].route6[0].ipv6prefixlen)
return;
p_opt = (struct dhcp6_opt_h *) &p_mess_hdr[1];
{
case DHCP6_SOLICIT:
{
- LOG(3, s, t, "..(Type %d = Solicit)\n", p_mess_hdr->type);
-
if (!list_option.p_opt_clientid)
{
LOG(3, s, t, "DHCPv6: error no Client-ID\n");
case DHCP6_REQUEST:
{
- LOG(3, s, t, "..(Type %d = Request)\n", p_mess_hdr->type);
-
if (!list_option.p_opt_clientid)
{
LOG(3, s, t, "DHCPv6: error no Client-ID\n");
case DHCP6_RENEW:
{
- LOG(3, s, t, "..(Type %d = Renew)\n", p_mess_hdr->type);
-
if (!list_option.p_opt_clientid)
{
LOG(3, s, t, "DHCPv6: error no Client-ID\n");
case DHCP6_INFORMATION_REQUEST:
{
- LOG(3, s, t, "..(Type %d = Information Request)\n", p_mess_hdr->type);
-
if (!list_option.p_opt_clientid)
{
LOG(3, s, t, "DHCPv6: error no Client-ID\n");
case DHCP6_REBIND:
{
- LOG(3, s, t, "..(Type %d = Rebind)\n", p_mess_hdr->type);
}
break;
case DHCP6_RELEASE:
{
- LOG(3, s, t, "..(Type %d = Release)\n", p_mess_hdr->type);
}
break;
case DHCP6_DECLINE:
{
- LOG(3, s, t, "..(Type %d = Decline)\n", p_mess_hdr->type);
}
break;
default:
- LOG(3, s, t, "Got unknown DHCPv6 Type: %d\n", *(p + 38));
break;
}
pinfo->nd_opt_pi_preferred_time = htonl(604800);
pinfo->nd_opt_pi_reserved2 = 0;
pinfo->nd_opt_pi_prefix_len = 64; // prefix length
- pinfo->nd_opt_pi_prefix = config->ipv6_prefix;
+ if (session[s].ipv6address.s6_addr[0])
+ {
+ // MSB 64bits of assigned IPv6 address to user (see radius attribut Framed-IPv6-Address)
+ memcpy(&pinfo->nd_opt_pi_prefix, &session[s].ipv6address.s6_addr[0], 8);
+ }
+ else
+ pinfo->nd_opt_pi_prefix = config->ipv6_prefix;
// // Length of payload (not header)
p_ip6_hdr->ip6_plen = htons(sizeof(*pinfo) + sizeof(*p_nra));
struct ipv6radix {
sessionidt sess;
struct ipv6radix *branch;
-} ipv6_hash[256]; // Mapping from IPv6 address to session structures.
+} ipv6_hash[16]; // Mapping from IPv6 address to session structures.
// Traffic counters.
static uint32_t udp_rx = 0, udp_rx_pkt = 0, udp_tx = 0;
char ipv6addr[INET6_ADDRSTRLEN];
curnode = &ipv6_hash[ip.s6_addr[0]];
+ curnode = &ipv6_hash[((ip.s6_addr[0]) & 0xF0)>>4];
i = 1;
s = curnode->sess;
- while (s == 0 && i < 15 && curnode->branch != NULL)
+ while (s == 0 && i < 32 && curnode->branch != NULL)
{
- curnode = &curnode->branch[ip.s6_addr[i]];
+ if (i & 1)
+ curnode = &curnode->branch[ip.s6_addr[i>>1] & 0x0F];
+ else
+ curnode = &curnode->branch[(ip.s6_addr[i>>1] & 0xF0)>>4];
+
s = curnode->sess;
i++;
}
LOG(4, s, session[s].tunnel, "Looking up address %s and got %d\n",
- inet_ntop(AF_INET6, &ip, ipv6addr,
- INET6_ADDRSTRLEN),
+ inet_ntop(AF_INET6, &ip, ipv6addr,
+ INET6_ADDRSTRLEN),
s);
return s;
return 0;
}
+sessionidt sessionbyipv6new(struct in6_addr ip)
+{
+ sessionidt s;
+ CSTAT(sessionbyipv6new);
+
+ s = lookup_ipv6map(ip);
+
+ if (s > 0 && s < MAXSESSION && session[s].opened)
+ return s;
+
+ return 0;
+}
+
//
// Take an IP address in HOST byte order and
// add it to the sessionid by IP cache.
static void cache_ipv6map(struct in6_addr ip, int prefixlen, sessionidt s)
{
int i;
- int bytes;
+ int niblles;
struct ipv6radix *curnode;
char ipv6addr[INET6_ADDRSTRLEN];
- curnode = &ipv6_hash[ip.s6_addr[0]];
+ curnode = &ipv6_hash[((ip.s6_addr[0]) & 0xF0)>>4];
- bytes = prefixlen >> 3;
+ niblles = prefixlen >> 2;
i = 1;
- while (i < bytes) {
+
+ while (i < niblles)
+ {
if (curnode->branch == NULL)
{
- if (!(curnode->branch = calloc(256,
- sizeof (struct ipv6radix))))
+ if (!(curnode->branch = calloc(16, sizeof (struct ipv6radix))))
return;
}
- curnode = &curnode->branch[ip.s6_addr[i]];
+
+ if (i & 1)
+ curnode = &curnode->branch[ip.s6_addr[i>>1] & 0x0F];
+ else
+ curnode = &curnode->branch[(ip.s6_addr[i>>1] & 0xF0)>>4];
+
i++;
}
if (s > 0)
LOG(4, s, session[s].tunnel, "Caching ip address %s/%d\n",
- inet_ntop(AF_INET6, &ip, ipv6addr,
- INET6_ADDRSTRLEN),
+ inet_ntop(AF_INET6, &ip, ipv6addr,
+ INET6_ADDRSTRLEN),
prefixlen);
else if (s == 0)
LOG(4, 0, 0, "Un-caching ip address %s/%d\n",
- inet_ntop(AF_INET6, &ip, ipv6addr,
- INET6_ADDRSTRLEN),
+ inet_ntop(AF_INET6, &ip, ipv6addr,
+ INET6_ADDRSTRLEN),
prefixlen);
}
return CLI_OK;
}
-
// Find session by username, 0 for not found
// walled garden users aren't authenticated, so the username is
// reasonably useless. Ignore them to avoid incorrect actions
sessionidt s;
sessiont *sp;
tunnelidt t;
- in_addr_t ip;
struct in6_addr ip6;
uint8_t *data = buf; // Keep a copy of the originals.
if (s == 0)
{
- ip = *(uint32_t *)(buf + 32);
- s = sessionbyip(ip);
+ s = sessionbyipv6new(ip6);
}
-
+
if (s == 0)
{
// Is this a packet for a session that doesn't exist?
free_ip_address(s);
// unroute IPv6, if setup
- if (session[s].ipv6route.s6_addr[0] && session[s].ipv6prefixlen && del_routes)
- route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 0);
+ for (r = 0; r < MAXROUTE6 && session[s].route6[r].ipv6route.s6_addr[0] && session[s].route6[r].ipv6prefixlen; r++)
+ {
+ if (del_routes) route6set(s, session[s].route6[r].ipv6route, session[s].route6[r].ipv6prefixlen, 0);
+ memset(&session[s].route6[r], 0, sizeof(session[s].route6[r]));
+ }
if (session[s].ipv6address.s6_addr[0] && del_routes)
{
cache_ipmap(session[new_s].ip, new_s);
// IPV6 route
- if (session[new_s].ipv6prefixlen)
- cache_ipv6map(session[new_s].ipv6route, session[new_s].ipv6prefixlen, new_s);
+ for (r = 0; r < MAXROUTE6 && session[new_s].route6[r].ipv6prefixlen; r++)
+ {
+ cache_ipv6map(session[new_s].route6[r].ipv6route, session[new_s].route6[r].ipv6prefixlen, new_s);
+ }
if (session[new_s].ipv6address.s6_addr[0])
{
// needs update
if (newip)
{
- int routed = 0;
+ int routed = 0;
// remove old routes...
for (i = 0; i < MAXROUTE && session[s].route[i].ip; i++)
}
// remove old IPV6 routes...
- if (session[s].ipv6route.s6_addr[0] && session[s].ipv6prefixlen)
- route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 0);
+ for (i = 0; i < MAXROUTE6 && session[s].route6[i].ipv6route.s6_addr[0] && session[s].route6[i].ipv6prefixlen; i++)
+ {
+ route6set(s, session[s].route6[i].ipv6route, session[s].route6[i].ipv6prefixlen, 0);
+ }
if (session[s].ipv6address.s6_addr[0])
{
}
// check v6 routing
- if (new->ipv6prefixlen && new->ppp.ipv6cp == Opened && session[s].ppp.ipv6cp != Opened)
- route6set(s, new->ipv6route, new->ipv6prefixlen, 1);
+ for (i = 0; i < MAXROUTE6 && new->route6[i].ipv6prefixlen; i++)
+ {
+ route6set(s, new->route6[i].ipv6route, new->route6[i].ipv6prefixlen, 1);
+ }
if (new->ipv6address.s6_addr[0] && new->ppp.ipv6cp == Opened && session[s].ppp.ipv6cp != Opened)
{
#define MAXPLUGINS 20 // maximum number of plugins to load
#define MAXRADSERVER 10 // max radius servers
#define MAXROUTE 10 // max static routes per session
+#define MAXROUTE6 5 // max static Ipv6 routes per session
#define MAXIPPOOL 131072 // max number of ip addresses in pool
#define RINGBUFFER_SIZE 10000 // Number of ringbuffer entries to allocate
#define MAX_LOG_LENGTH 512 // Maximum size of log message
}
routet;
+// structures
+typedef struct // route
+{
+ struct in6_addr ipv6route; // Static IPv6 route
+ uint8_t ipv6prefixlen; // IPv6 route prefix length
+}
+routet6;
+
typedef struct controls // control message
{
struct controls *next; // next in queue
uint8_t walled_garden; // is this session gardened?
uint8_t classlen; // class (needed for radius accounting messages)
char class[MAXCLASS];
- uint8_t ipv6prefixlen; // IPv6 route prefix length
- struct in6_addr ipv6route; // Static IPv6 route
sessionidt forwardtosession; // LNS id_session to forward
uint8_t src_hwaddr[ETH_ALEN]; // MAC addr source (for pppoe sessions 6 bytes)
uint32_t dhcpv6_prefix_iaid; // prefix iaid requested by client
uint32_t dhcpv6_iana_iaid; // iaid of iana requested by client
struct in6_addr ipv6address; // Framed Ipv6 address
struct dhcp6_opt_clientid dhcpv6_client_id; // Size max (headers + DUID)
+ routet6 route6[MAXROUTE6]; // static IPv6 routes
char reserved[4]; // Space to expand structure without changing HB_VERSION
}
sessiont;
uint32_t call_processudp;
uint32_t call_sessionbyip;
uint32_t call_sessionbyipv6;
+ uint32_t call_sessionbyipv6new;
uint32_t call_sessionbyuser;
uint32_t call_sendarp;
uint32_t call_sendipcp;
void route6set(sessionidt s, struct in6_addr ip, int prefixlen, int add);
sessionidt sessionbyip(in_addr_t ip);
sessionidt sessionbyipv6(struct in6_addr ip);
+sessionidt sessionbyipv6new(struct in6_addr ip);
sessionidt sessionbyuser(char *username);
void increment_counter(uint32_t *counter, uint32_t *wrap, uint32_t delta);
void random_data(uint8_t *buf, int len);
static void ipv6cp_open(sessionidt s, tunnelidt t)
{
+ int i;
LOG(3, s, t, "IPV6CP: Opened\n");
change_state(s, ipv6cp, Opened);
- if (session[s].ipv6prefixlen)
- route6set(s, session[s].ipv6route, session[s].ipv6prefixlen, 1);
+ for (i = 0; i < MAXROUTE6 && session[s].route6[i].ipv6prefixlen; i++)
+ {
+ route6set(s, session[s].route6[i].ipv6route, session[s].route6[i].ipv6prefixlen, 1);
+ }
if (session[s].ipv6address.s6_addr[0])
{
gotip++; // seen address
if (o[1] != 10) return;
- ident[0] = htonl(session[s].ip);
- ident[1] = 0;
+ if (session[s].ipv6address.s6_addr[0])
+ {
+ // LSB 64bits of assigned IPv6 address to user (see radius attribut Framed-IPv6-Address)
+ memcpy(&ident[0], &session[s].ipv6address.s6_addr[8], 8);
+ }
+ else
+ {
+ ident[0] = htonl(session[s].ip);
+ ident[1] = 0;
+ }
if (memcmp(o + 2, ident, sizeof(ident)))
{
return;
// no spoof
- if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s)
+ if (session[s].ipv6address.s6_addr[0])
+ {
+ if ((sessionbyipv6new(ip) != s) &&
+ (ip.s6_addr[0] != 0xFE || ip.s6_addr[1] != 0x80 || ip.s6_addr16[1] != 0 || ip.s6_addr16[2] != 0 || ip.s6_addr16[3] != 0))
+ {
+ char str[INET6_ADDRSTRLEN];
+ LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
+ inet_ntop(AF_INET6, &ip, str, INET6_ADDRSTRLEN));
+ return;
+ }
+ }
+ else if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s)
{
char str[INET6_ADDRSTRLEN];
LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
sessionidt s;
tunnelidt t = 0;
hasht hash;
- uint8_t routes = 0;
+ int routes = 0;
+ int routes6 = 0;
int r_code;
int r_id;
int OpentunnelReq = 0;
if (prefixlen)
{
- LOG(3, s, session[s].tunnel,
- " Radius reply contains route for %s/%d\n",
- n, prefixlen);
- session[s].ipv6route = r6;
- session[s].ipv6prefixlen = prefixlen;
+ if (routes6 == MAXROUTE6)
+ {
+ LOG(1, s, session[s].tunnel, " Too many IPv6 routes\n");
+ }
+ else
+ {
+ LOG(3, s, session[s].tunnel, " Radius reply contains route for %s/%d\n", n, prefixlen);
+ session[s].route6[routes6].ipv6route = r6;
+ session[s].route6[routes6].ipv6prefixlen = prefixlen;
+ routes6++;
+ }
}
}
else if (*p == 123)
if ((p[1] > 4) && (p[3] > 0) && (p[3] <= 128))
{
char ipv6addr[INET6_ADDRSTRLEN];
- memcpy(&session[s].ipv6route, &p[4], p[1] - 4);
- session[s].ipv6prefixlen = p[3];
- LOG(3, s, session[s].tunnel, " Radius reply contains Delegated IPv6 Prefix %s/%d\n",
- inet_ntop(AF_INET6, &session[s].ipv6route, ipv6addr, INET6_ADDRSTRLEN), session[s].ipv6prefixlen);
+
+ if (routes6 == MAXROUTE6)
+ {
+ LOG(1, s, session[s].tunnel, " Too many IPv6 routes\n");
+ }
+ else
+ {
+ memcpy(&session[s].route6[routes6].ipv6route, &p[4], p[1] - 4);
+ session[s].route6[routes6].ipv6prefixlen = p[3];
+ LOG(3, s, session[s].tunnel, " Radius reply contains Delegated IPv6 Prefix %s/%d\n",
+ inet_ntop(AF_INET6, &session[s].route6[routes6].ipv6route, ipv6addr, INET6_ADDRSTRLEN), session[s].route6[routes6].ipv6prefixlen);
+ routes6++;
+ }
}
}
else if (*p == 168)