* nor RFC2385 (which requires a kernel patch on 2.4 kernels).
*/
- char const *cvs_id_bgp = "$Id: bgp.c,v 1.12 2005/09/02 23:39:36 bodea Exp $";
-
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
static void bgp_clear(struct bgp_peer *peer);
static void bgp_set_retry(struct bgp_peer *peer);
-static void bgp_cidr(in_addr_t ip, in_addr_t mask, struct bgp_ip_prefix *pfx);
static struct bgp_route_list *bgp_insert_route(struct bgp_route_list *head,
struct bgp_route_list *new);
+static struct bgp_route6_list *bgp_insert_route6(struct bgp_route6_list *head,
+ struct bgp_route6_list *new);
+static void bgp_process_timers(struct bgp_peer *peer);
static void bgp_free_routes(struct bgp_route_list *routes);
+static void bgp_free_routes6(struct bgp_route6_list *routes);
static char const *bgp_msg_type_str(uint8_t type);
static int bgp_connect(struct bgp_peer *peer);
static int bgp_handle_connect(struct bgp_peer *peer);
static int bgp_send_open(struct bgp_peer *peer);
static int bgp_send_keepalive(struct bgp_peer *peer);
static int bgp_send_update(struct bgp_peer *peer);
+static int bgp_send_update6(struct bgp_peer *peer);
static int bgp_send_notification(struct bgp_peer *peer, uint8_t code,
uint8_t subcode);
static uint16_t our_as;
static struct bgp_route_list *bgp_routes = 0;
+static struct bgp_route6_list *bgp_routes6 = 0;
int bgp_configured = 0;
struct bgp_peer *bgp_peers = 0;
return 0;
bgp_routes = 0;
+ bgp_routes6 = 0;
bgp_configured = 0; /* set by bgp_start */
return 1;
/* start connection with a peer */
int bgp_start(struct bgp_peer *peer, char *name, int as, int keepalive,
- int hold, int enable)
+ int hold, struct in_addr update_source, int enable)
{
struct hostent *h;
int ibgp;
}
memcpy(&peer->addr, h->h_addr, sizeof(peer->addr));
+ peer->source_addr = update_source.s_addr;
peer->as = as > 0 ? as : our_as;
ibgp = peer->as == our_as;
ADD_ATTRIBUTE();
- /* NEXT_HOP */
- a.flags = BGP_PATH_ATTR_FLAG_TRANS;
- a.code = BGP_PATH_ATTR_CODE_NEXT_HOP;
- ip = my_address; /* we're it */
- a.data.s.len = sizeof(ip);
- memcpy(a.data.s.value, &ip, sizeof(ip));
-
- ADD_ATTRIBUTE();
-
/* MULTI_EXIT_DISC */
a.flags = BGP_PATH_ATTR_FLAG_OPTIONAL;
a.code = BGP_PATH_ATTR_CODE_MULTI_EXIT_DISC;
ADD_ATTRIBUTE();
+ /* remember the len before adding NEXT_HOP */
+ peer->path_attr_len_without_nexthop = peer->path_attr_len;
+
+ /* NEXT_HOP */
+ a.flags = BGP_PATH_ATTR_FLAG_TRANS;
+ a.code = BGP_PATH_ATTR_CODE_NEXT_HOP;
+ if (config->nexthop_address)
+ {
+ ip = config->nexthop_address;
+ }
+ else
+ {
+ ip = my_address; /* we're it */
+ }
+ a.data.s.len = sizeof(ip);
+ memcpy(a.data.s.value, &ip, sizeof(ip));
+
+ ADD_ATTRIBUTE();
+
if (!(peer->path_attrs = malloc(peer->path_attr_len)))
{
LOG(0, 0, 0, "Can't allocate path_attrs for %s (%s)\n",
memcpy(peer->path_attrs, path_attrs, peer->path_attr_len);
+ /* multiprotocol attributes initialization */
+ if (config->ipv6_prefix.s6_addr[0])
+ {
+ struct bgp_attr_mp_reach_nlri_partial mp_reach_nlri_partial;
+ struct bgp_attr_mp_unreach_nlri_partial mp_unreach_nlri_partial;
+
+ a.flags = BGP_PATH_ATTR_FLAG_OPTIONAL;
+ a.code = BGP_PATH_ATTR_CODE_MP_REACH_NLRI;
+ a.data.s.len = 0; /* will be set on UPDATE */
+
+ mp_reach_nlri_partial.afi = htons(BGP_MP_AFI_IPv6);
+ mp_reach_nlri_partial.safi = BGP_MP_SAFI_UNICAST;
+ mp_reach_nlri_partial.reserved = 0;
+ mp_reach_nlri_partial.next_hop_len = 16;
+
+ /* use the defined nexthop6, or our address in ipv6_prefix */
+ if (config->nexthop6_address.s6_addr[0])
+ memcpy(&mp_reach_nlri_partial.next_hop,
+ &config->nexthop6_address.s6_addr, 16);
+ else
+ {
+ /* our address is ipv6prefix::1 */
+ memcpy(&mp_reach_nlri_partial.next_hop,
+ &config->ipv6_prefix.s6_addr, 16);
+ mp_reach_nlri_partial.next_hop[15] = 1;
+ }
+
+ memcpy(&a.data.s.value, &mp_reach_nlri_partial,
+ sizeof(struct bgp_attr_mp_reach_nlri_partial));
+ memcpy(&peer->mp_reach_nlri_partial, &a,
+ BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE);
+
+ a.flags = BGP_PATH_ATTR_FLAG_OPTIONAL | BGP_PATH_ATTR_FLAG_EXTLEN;
+ a.code = BGP_PATH_ATTR_CODE_MP_UNREACH_NLRI;
+ a.data.e.len = 0; /* will be set on UPDATE */
+
+ mp_unreach_nlri_partial.afi = htons(BGP_MP_AFI_IPv6);
+ mp_unreach_nlri_partial.safi = BGP_MP_SAFI_UNICAST;
+
+ memcpy(&a.data.e.value, &mp_unreach_nlri_partial,
+ sizeof(struct bgp_attr_mp_unreach_nlri_partial));
+ memcpy(&peer->mp_unreach_nlri_partial, &a,
+ BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE);
+ }
+
+ peer->mp_handling = HandlingUnknown;
+
LOG(4, 0, 0, "Initiating BGP connection to %s (routing %s)\n",
name, enable ? "enabled" : "suspended");
bgp_free_routes(peer->routes);
peer->routes = 0;
+ bgp_free_routes6(peer->routes6);
+ peer->routes6 = 0;
peer->outbuf->packet.header.len = 0;
peer->outbuf->done = 0;
bgp_halt(peer); /* give up */
}
-/* convert ip/mask to CIDR notation */
-static void bgp_cidr(in_addr_t ip, in_addr_t mask, struct bgp_ip_prefix *pfx)
+/* insert route into list; sorted */
+static struct bgp_route_list *bgp_insert_route(struct bgp_route_list *head,
+ struct bgp_route_list *new)
{
- int i;
- uint32_t b;
-
- /* convert to prefix notation */
- pfx->len = 32;
- pfx->prefix = ip;
+ struct bgp_route_list *p = head;
+ struct bgp_route_list *e = 0;
- if (!mask) /* bogus */
- mask = 0xffffffff;
+ while (p && memcmp(&p->dest, &new->dest, sizeof(p->dest)) < 0)
+ {
+ e = p;
+ p = p->next;
+ }
- for (i = 0; i < 32 && ((b = ntohl(1 << i)), !(mask & b)); i++)
+ if (e)
{
- pfx->len--;
- pfx->prefix &= ~b;
+ new->next = e->next;
+ e->next = new;
+ }
+ else
+ {
+ new->next = head;
+ head = new;
}
+
+ return head;
}
-/* insert route into list; sorted */
-static struct bgp_route_list *bgp_insert_route(struct bgp_route_list *head,
- struct bgp_route_list *new)
+/* insert route6 into list; sorted */
+static struct bgp_route6_list *bgp_insert_route6(struct bgp_route6_list *head,
+ struct bgp_route6_list *new)
{
- struct bgp_route_list *p = head;
- struct bgp_route_list *e = 0;
+ struct bgp_route6_list *p = head;
+ struct bgp_route6_list *e = 0;
while (p && memcmp(&p->dest, &new->dest, sizeof(p->dest)) < 0)
{
* that if that route is later deleted we don't have to be concerned
* about adding back the more specific one).
*/
-int bgp_add_route(in_addr_t ip, in_addr_t mask)
+int bgp_add_route(in_addr_t ip, int prefixlen)
{
struct bgp_route_list *r = bgp_routes;
struct bgp_route_list add;
int i;
- bgp_cidr(ip, mask, &add.dest);
+ add.dest.prefix = ip;
+ add.dest.len = prefixlen;
add.next = 0;
/* check for duplicate */
return 1;
}
+/* add route to list for peers */
+/*
+ * Note: same provisions as above
+ */
+int bgp_add_route6(struct in6_addr ip, int prefixlen)
+{
+ struct bgp_route6_list *r = bgp_routes6;
+ struct bgp_route6_list add;
+ int i;
+ char ipv6addr[INET6_ADDRSTRLEN];
+
+ memcpy(&add.dest.prefix, &ip.s6_addr, 16);
+ add.dest.len = prefixlen;
+ add.next = 0;
+
+ /* check for duplicate */
+ while (r)
+ {
+ i = memcmp(&r->dest, &add.dest, sizeof(r->dest));
+ if (!i)
+ return 1; /* already covered */
+
+ if (i > 0)
+ break;
+
+ r = r->next;
+ }
+
+ /* insert into route list; sorted */
+ if (!(r = malloc(sizeof(*r))))
+ {
+ LOG(0, 0, 0, "Can't allocate route for %s/%d (%s)\n",
+ inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN), add.dest.len,
+ strerror(errno));
+
+ return 0;
+ }
+
+ memcpy(r, &add, sizeof(*r));
+ bgp_routes6 = bgp_insert_route6(bgp_routes6, r);
+
+ /* flag established peers for update */
+ for (i = 0; i < BGP_NUM_PEERS; i++)
+ if (bgp_peers[i].state == Established
+ && bgp_peers[i].mp_handling == HandleIPv6Routes)
+ bgp_peers[i].update_routes6 = 1;
+
+ LOG(4, 0, 0, "Registered BGP route %s/%d\n",
+ inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN), add.dest.len);
+
+ return 1;
+}
+
/* remove route from list for peers */
-int bgp_del_route(in_addr_t ip, in_addr_t mask)
+int bgp_del_route(in_addr_t ip, int prefixlen)
{
struct bgp_route_list *r = bgp_routes;
struct bgp_route_list *e = 0;
struct bgp_route_list del;
int i;
- bgp_cidr(ip, mask, &del.dest);
+ del.dest.prefix = ip;
+ del.dest.len = prefixlen;
del.next = 0;
/* find entry in routes list and remove */
return 1;
}
+/* remove route from list for peers */
+int bgp_del_route6(struct in6_addr ip, int prefixlen)
+{
+ struct bgp_route6_list *r = bgp_routes6;
+ struct bgp_route6_list *e = 0;
+ struct bgp_route6_list del;
+ int i;
+ char ipv6addr[INET6_ADDRSTRLEN];
+
+ memcpy(&del.dest.prefix, &ip.s6_addr, 16);
+ del.dest.len = prefixlen;
+ del.next = 0;
+
+ /* find entry in routes list and remove */
+ while (r)
+ {
+ i = memcmp(&r->dest, &del.dest, sizeof(r->dest));
+ if (!i)
+ {
+ if (e)
+ e->next = r->next;
+ else
+ bgp_routes6 = r->next;
+
+ free(r);
+ break;
+ }
+
+ e = r;
+
+ if (i > 0)
+ r = 0; /* stop */
+ else
+ r = r->next;
+ }
+
+ /* not found */
+ if (!r)
+ return 1;
+
+ /* flag established peers for update */
+ for (i = 0; i < BGP_NUM_PEERS; i++)
+ if (bgp_peers[i].state == Established
+ && bgp_peers[i].mp_handling == HandleIPv6Routes)
+ bgp_peers[i].update_routes6 = 1;
+
+ LOG(4, 0, 0, "Removed BGP route %s/%d\n",
+ inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN), del.dest.len);
+
+ return 1;
+}
+
/* enable or disable routing */
void bgp_enable_routing(int enable)
{
continue;
}
- /* process timers */
- if (peer->state == Established)
+ /* process pending IPv6 updates */
+ if (peer->update_routes6
+ && !peer->outbuf->packet.header.len) /* ditto */
{
- if (time_now > peer->expire_time)
- {
- LOG(1, 0, 0, "No message from BGP peer %s in %ds\n",
- peer->name, peer->hold);
-
- bgp_send_notification(peer, BGP_ERR_HOLD_TIMER_EXP, 0);
+ if (!bgp_send_update6(peer))
continue;
- }
-
- if (time_now > peer->keepalive_time && !peer->outbuf->packet.header.len)
- bgp_send_keepalive(peer);
- }
- else if (peer->state == Idle)
- {
- if (time_now > peer->retry_time)
- bgp_connect(peer);
}
- else if (time_now > peer->state_time + BGP_STATE_TIME)
+
+ /* process timers */
+ bgp_process_timers(peer);
+ }
+
+ return 1;
+}
+
+/* process bgp timers only */
+void bgp_process_peers_timers()
+{
+ int i;
+
+ if (!bgp_configured)
+ return;
+
+ for (i = 0; i < BGP_NUM_PEERS; i++)
+ {
+ struct bgp_peer *peer = &bgp_peers[i];
+
+ if (peer->state == Disabled)
+ continue;
+
+ bgp_process_timers(peer);
+ }
+}
+
+static void bgp_process_timers(struct bgp_peer *peer)
+{
+ if (peer->state == Established)
+ {
+ if (time_now > peer->expire_time)
{
- LOG(1, 0, 0, "%s timer expired for BGP peer %s\n",
- bgp_state_str(peer->state), peer->name);
+ LOG(1, 0, 0, "No message from BGP peer %s in %ds\n",
+ peer->name, peer->hold);
- bgp_restart(peer);
+ bgp_send_notification(peer, BGP_ERR_HOLD_TIMER_EXP, 0);
+ return;
}
+
+ if (time_now > peer->keepalive_time && !peer->outbuf->packet.header.len)
+ bgp_send_keepalive(peer);
+ }
+ else if (peer->state == Idle)
+ {
+ if (time_now > peer->retry_time)
+ bgp_connect(peer);
}
+ else if (time_now > peer->state_time + BGP_STATE_TIME)
+ {
+ LOG(1, 0, 0, "%s timer expired for BGP peer %s\n",
+ bgp_state_str(peer->state), peer->name);
- return 1;
+ bgp_restart(peer);
+ }
}
static void bgp_free_routes(struct bgp_route_list *routes)
}
}
+static void bgp_free_routes6(struct bgp_route6_list *routes)
+{
+ struct bgp_route6_list *tmp;
+
+ while ((tmp = routes))
+ {
+ routes = tmp->next;
+ free(tmp);
+ }
+}
+
char const *bgp_state_str(enum bgp_state state)
{
switch (state)
{
static int bgp_port = 0;
struct sockaddr_in addr;
+ struct sockaddr_in source_addr;
struct epoll_event ev;
if (!bgp_port)
/* set to non-blocking */
fcntl(peer->sock, F_SETFL, fcntl(peer->sock, F_GETFL, 0) | O_NONBLOCK);
+ /* set source address */
+ memset(&source_addr, 0, sizeof(source_addr));
+ source_addr.sin_family = AF_INET;
+ source_addr.sin_addr.s_addr = peer->source_addr; /* defaults to INADDR_ANY */
+ if (bind(peer->sock, (struct sockaddr *) &source_addr, sizeof(source_addr)) < 0)
+ {
+ LOG(1, 0, 0, "Can't set source address to %s: %s\n",
+ inet_ntoa(source_addr.sin_addr), strerror(errno));
+
+ bgp_set_retry(peer);
+ return 0;
+ }
+
/* try connect */
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
struct bgp_data_open data;
int hold;
int i;
+ off_t param_offset, capability_offset;
+ struct bgp_opt_param *param;
+ uint8_t capabilities_len;
+ char *capabilities = NULL;
+ struct bgp_capability *capability;
+ struct bgp_mp_cap_param *mp_cap;
for (i = 0; i < sizeof(p->header.marker); i++)
{
if (peer->keepalive * 3 > peer->hold)
peer->keepalive = peer->hold / 3;
+ /* check for optional parameters */
+ /* 2 is for the size of type + len (both uint8_t) */
+ for (param_offset = 0;
+ param_offset < data.opt_len;
+ param_offset += 2 + param->len)
+ {
+ param = (struct bgp_opt_param *)((char *)&data.opt_params + param_offset);
+
+ /* sensible check */
+ if (data.opt_len - param_offset < 2
+ || param->len > data.opt_len - param_offset - 2)
+ {
+ LOG(1, 0, 0, "Malformed Optional Parameter list from BGP peer %s\n",
+ peer->name);
+
+ bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_UNSPEC);
+ return 0;
+ }
+
+ /* we know only one parameter type */
+ if (param->type != BGP_PARAM_TYPE_CAPABILITY)
+ {
+ LOG(1, 0, 0, "Unsupported Optional Parameter type %d from BGP peer %s\n",
+ param->type, peer->name);
+
+ bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_OPN_UNSUP_PARAM);
+ return 0;
+ }
+
+ capabilities_len = param->len;
+ capabilities = (char *)¶m->value;
+
+ /* look for BGP multiprotocol capability */
+ for (capability_offset = 0;
+ capability_offset < capabilities_len;
+ capability_offset += 2 + capability->len)
+ {
+ capability = (struct bgp_capability *)(capabilities + capability_offset);
+
+ /* sensible check */
+ if (capabilities_len - capability_offset < 2
+ || capability->len > capabilities_len - capability_offset - 2)
+ {
+ LOG(1, 0, 0, "Malformed Capabilities list from BGP peer %s\n",
+ peer->name);
+
+ bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_UNSPEC);
+ return 0;
+ }
+
+ /* we only know one capability code */
+ if (capability->code != BGP_CAP_CODE_MP
+ && capability->len != sizeof(struct bgp_mp_cap_param))
+ {
+ LOG(4, 0, 0, "Unsupported Capability code %d from BGP peer %s\n",
+ capability->code, peer->name);
+
+ /* we don't terminate, still; we just jump to the next one */
+ continue;
+ }
+
+ mp_cap = (struct bgp_mp_cap_param *)&capability->value;
+ /* the only <AFI, SAFI> tuple we support */
+ if (ntohs(mp_cap->afi) != BGP_MP_AFI_IPv6 && mp_cap->safi != BGP_MP_SAFI_UNICAST)
+ {
+ LOG(4, 0, 0, "Unsupported multiprotocol AFI %d and SAFI %d from BGP peer %s\n",
+ mp_cap->afi, mp_cap->safi, peer->name);
+
+ /* we don't terminate, still; we just jump to the next one */
+ continue;
+ }
+
+ /* yes it can! */
+ peer->mp_handling = HandleIPv6Routes;
+ }
+ }
+
+ if (peer->mp_handling != HandleIPv6Routes)
+ {
+ peer->mp_handling = DoesntHandleIPv6Routes;
+ if (config->ipv6_prefix.s6_addr[0])
+ LOG(1, 0, 0, "Warning: BGP peer %s doesn't handle IPv6 prefixes updates\n",
+ peer->name);
+ }
+
/* next transition requires an exchange of keepalives */
bgp_send_keepalive(peer);
-
- /* FIXME: may need to check for optional params */
}
break;
if (notification->error_code == BGP_ERR_CEASE)
{
LOG(4, 0, 0, "BGP peer %s sent CEASE\n", peer->name);
- bgp_restart(peer);
+ bgp_set_retry(peer);
+ return 0;
+ }
+
+ if (notification->error_code == BGP_ERR_OPEN
+ && notification->error_subcode == BGP_ERR_OPN_UNSUP_PARAM)
+ {
+ LOG(4, 0, 0, "BGP peer %s doesn't support BGP Capabilities\n", peer->name);
+ peer->mp_handling = DoesntHandleIPv6Routes;
+ bgp_set_retry(peer);
return 0;
}
+ if (notification->error_code == BGP_ERR_OPEN
+ && notification->error_subcode == BGP_ERR_OPN_UNSUP_CAP)
+ {
+ /* the only capability we advertise is this one, so upon receiving
+ an "unsupported capability" message, we disable IPv6 routes for
+ this peer */
+ LOG(4, 0, 0, "BGP peer %s doesn't support IPv6 routes advertisement\n", peer->name);
+ peer->mp_handling = DoesntHandleIPv6Routes;
+ break;
+ }
+
/* FIXME: should handle more notifications */
LOG(4, 0, 0, "BGP peer %s sent unhandled NOTIFICATION %d\n",
peer->name, (int) notification->error_code);
static int bgp_send_open(struct bgp_peer *peer)
{
struct bgp_data_open data;
+ struct bgp_mp_cap_param mp_ipv6 = { htons(BGP_MP_AFI_IPv6), 0, BGP_MP_SAFI_UNICAST };
+ struct bgp_capability cap_mp_ipv6;
+ struct bgp_opt_param param_cap_mp_ipv6;
uint16_t len = sizeof(peer->outbuf->packet.header);
memset(peer->outbuf->packet.header.marker, 0xff,
data.version = BGP_VERSION;
data.as = htons(our_as);
data.hold_time = htons(peer->hold);
- data.identifier = my_address;
- data.opt_len = 0;
+ /* use the source IP we use as identifier, if available */
+ if (peer->source_addr != INADDR_ANY)
+ data.identifier = peer->source_addr;
+ else
+ data.identifier = my_address;
+
+ /* if we know peer doesn't support MP (mp_handling == DoesntHandleIPv6Routes)
+ then don't add this parameter */
+ if (config->ipv6_prefix.s6_addr[0]
+ && (peer->mp_handling == HandlingUnknown
+ || peer->mp_handling == HandleIPv6Routes))
+ {
+ /* construct the param and capability */
+ cap_mp_ipv6.code = BGP_CAP_CODE_MP;
+ cap_mp_ipv6.len = sizeof(mp_ipv6);
+ memcpy(&cap_mp_ipv6.value, &mp_ipv6, cap_mp_ipv6.len);
+
+ param_cap_mp_ipv6.type = BGP_PARAM_TYPE_CAPABILITY;
+ param_cap_mp_ipv6.len = 2 + sizeof(mp_ipv6);
+ memcpy(¶m_cap_mp_ipv6.value, &cap_mp_ipv6, param_cap_mp_ipv6.len);
+
+ data.opt_len = 2 + param_cap_mp_ipv6.len;
+ memcpy(&data.opt_params, ¶m_cap_mp_ipv6, data.opt_len);
+ }
+ else
+ data.opt_len = 0;
- memcpy(peer->outbuf->packet.data, &data, BGP_DATA_OPEN_SIZE);
- len += BGP_DATA_OPEN_SIZE;
+ memcpy(peer->outbuf->packet.data, &data, BGP_DATA_OPEN_SIZE + data.opt_len);
+ len += BGP_DATA_OPEN_SIZE + data.opt_len;
peer->outbuf->packet.header.len = htons(len);
peer->outbuf->done = 0;
return bgp_write(peer);
}
+/* send/buffer UPDATE message for IPv6 routes */
+static int bgp_send_update6(struct bgp_peer *peer)
+{
+ uint16_t attr_len;
+ uint16_t unreach_len = 0;
+ char *unreach_len_pos;
+ uint8_t reach_len;
+ uint16_t len = sizeof(peer->outbuf->packet.header);
+ struct bgp_route6_list *have = peer->routes6;
+ struct bgp_route6_list *want = peer->routing ? bgp_routes6 : 0;
+ struct bgp_route6_list *e = 0;
+ struct bgp_route6_list *add = 0;
+ int s;
+ char ipv6addr[INET6_ADDRSTRLEN];
+
+ char *data = (char *) &peer->outbuf->packet.data;
+
+ /* need leave room for attr_len, bgp_path_attrs and one prefix */
+ char *max = (char *) &peer->outbuf->packet.data
+ + sizeof(peer->outbuf->packet.data)
+ - sizeof(attr_len) - peer->path_attr_len_without_nexthop
+ - BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE - sizeof(struct bgp_ip6_prefix);
+
+ memset(peer->outbuf->packet.header.marker, 0xff,
+ sizeof(peer->outbuf->packet.header.marker));
+
+ peer->outbuf->packet.header.type = BGP_MSG_UPDATE;
+
+ /* insert non-MP unfeasible routes length */
+ memcpy(data, &unreach_len, sizeof(unreach_len));
+ /* skip over it and attr_len too; it will be filled when known */
+ data += sizeof(unreach_len) + sizeof(attr_len);
+ len += sizeof(unreach_len) + sizeof(attr_len);
+
+ /* copy usual attributes */
+ memcpy(data, peer->path_attrs, peer->path_attr_len_without_nexthop);
+ data += peer->path_attr_len_without_nexthop;
+ attr_len = peer->path_attr_len_without_nexthop;
+
+ /* copy MP unreachable NLRI heading */
+ memcpy(data, peer->mp_unreach_nlri_partial,
+ BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE);
+ /* remember where to update this attr len */
+ unreach_len_pos = data + 2;
+ data += BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE;
+ attr_len += BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE;
+
+ peer->update_routes6 = 0; /* tentatively clear */
+
+ /* find differences */
+ while ((have || want) && data < (max - sizeof(struct bgp_ip6_prefix)))
+ {
+ if (have)
+ s = want
+ ? memcmp(&have->dest, &want->dest, sizeof(have->dest))
+ : -1;
+ else
+ s = 1;
+
+ if (s < 0) /* found one to delete */
+ {
+ struct bgp_route6_list *tmp = have;
+ have = have->next;
+
+ s = BGP_IP_PREFIX_SIZE(tmp->dest);
+ memcpy(data, &tmp->dest, s);
+ data += s;
+ unreach_len += s;
+ attr_len += s;
+
+ LOG(5, 0, 0, "Withdrawing route %s/%d from BGP peer %s\n",
+ inet_ntop(AF_INET6, &tmp->dest.prefix, ipv6addr, INET6_ADDRSTRLEN),
+ tmp->dest.len, peer->name);
+
+ free(tmp);
+
+ if (e)
+ e->next = have;
+ else
+ peer->routes6 = have;
+ }
+ else
+ {
+ if (!s) /* same */
+ {
+ e = have; /* stash the last found to relink above */
+ have = have->next;
+ want = want->next;
+ }
+ else if (s > 0) /* addition reqd. */
+ {
+ if (add)
+ {
+ peer->update_routes6 = 1; /* only one add per packet */
+ if (!have)
+ break;
+ }
+ else
+ add = want;
+
+ if (want)
+ want = want->next;
+ }
+ }
+ }
+
+ if (have || want)
+ peer->update_routes6 = 1; /* more to do */
+
+ /* anything changed? */
+ if (!(unreach_len || add))
+ return 1;
+
+ if (unreach_len)
+ {
+ /* go back and insert MP unreach_len */
+ unreach_len += sizeof(struct bgp_attr_mp_unreach_nlri_partial);
+ unreach_len = htons(unreach_len);
+ memcpy(unreach_len_pos, &unreach_len, sizeof(unreach_len));
+ }
+ else
+ {
+ /* we can remove this attribute, then */
+ data -= BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE;
+ attr_len -= BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE;
+ }
+
+ if (add)
+ {
+ if (!(e = malloc(sizeof(*e))))
+ {
+ LOG(0, 0, 0, "Can't allocate route for %s/%d (%s)\n",
+ inet_ntop(AF_INET6, &add->dest.prefix, ipv6addr, INET6_ADDRSTRLEN),
+ add->dest.len, strerror(errno));
+
+ return 0;
+ }
+
+ memcpy(e, add, sizeof(*e));
+ e->next = 0;
+ peer->routes6 = bgp_insert_route6(peer->routes6, e);
+
+ /* copy MP reachable NLRI heading */
+ memcpy(data, peer->mp_reach_nlri_partial,
+ BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE);
+ /* with proper len */
+ reach_len = BGP_IP_PREFIX_SIZE(add->dest);
+ data[2] = sizeof(struct bgp_attr_mp_reach_nlri_partial) + reach_len;
+ data += BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE;
+ attr_len += BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE;
+
+ memcpy(data, &add->dest, reach_len);
+ data += reach_len;
+ attr_len += reach_len;
+
+ LOG(5, 0, 0, "Advertising route %s/%d to BGP peer %s\n",
+ inet_ntop(AF_INET6, &add->dest.prefix, ipv6addr, INET6_ADDRSTRLEN),
+ add->dest.len, peer->name);
+ }
+
+ /* update len with attributes we added */
+ len += attr_len;
+
+ /* go back and insert attr_len */
+ attr_len = htons(attr_len);
+ memcpy((char *)&peer->outbuf->packet.data + 2, &attr_len, sizeof(attr_len));
+
+ peer->outbuf->packet.header.len = htons(len);
+ peer->outbuf->done = 0;
+
+ return bgp_write(peer);
+}
+
/* send/buffer NOTIFICATION message */
static int bgp_send_notification(struct bgp_peer *peer, uint8_t code,
uint8_t subcode)
/* BGPv4 (RFC1771) */
- /* $Id: bgp.h,v 1.5 2005/06/04 15:42:35 bodea Exp $ */
+ /* $Id: bgp.h,v 1.5 2005-06-04 15:42:35 bodea Exp $ */
#ifndef __BGP_H__
#define __BGP_H__
char opt_params[sizeof(((struct bgp_packet *)0)->data) - BGP_DATA_OPEN_SIZE]; /* variable */
} __attribute__ ((packed));
+struct bgp_opt_param {
+ uint8_t type;
+ uint8_t len;
+#define BGP_MAX_OPT_PARAM_SIZE 256
+ char value[BGP_MAX_OPT_PARAM_SIZE];
+} __attribute__ ((packed));
+
+#define BGP_PARAM_TYPE_CAPABILITY 2
+struct bgp_capability {
+ uint8_t code;
+ uint8_t len;
+#define BGP_MAX_CAPABILITY_SIZE 256
+ char value[BGP_MAX_CAPABILITY_SIZE];
+} __attribute__ ((packed));
+
+/* RFC4760 Multiprotocol extension */
+#define BGP_CAP_CODE_MP 1
+
+struct bgp_mp_cap_param {
+ uint16_t afi; /* sa_family_t */
+ uint8_t reserved; /* SHOULD be 0 */
+ uint8_t safi;
+} __attribute__ ((packed));
+
+/* bgp_mp_cap_param.afi */
+#define BGP_MP_AFI_RESERVED 0
+#define BGP_MP_AFI_IPv4 1
+#define BGP_MP_AFI_IPv6 2
+/* bgp_mp_cap_param.safi */
+#define BGP_MP_SAFI_UNICAST 1
+#define BGP_MP_SAFI_MULTICAST 2
+
+struct bgp_ip6_prefix {
+ uint8_t len;
+ uint8_t prefix[16]; /* variable */
+} __attribute__ ((packed));
+
+/* end of RFC4760 specific definitions */
+
struct bgp_ip_prefix {
uint8_t len;
uint32_t prefix; /* variable */
} __attribute__ ((packed));
+/* works for both IPv4 and IPv6 prefixes */
#define BGP_IP_PREFIX_SIZE(p) (1 + ((p).len / 8) + ((p).len % 8 != 0))
struct bgp_path_attr {
} data; /* variable */
} __attribute__ ((packed));
+struct bgp_attr_mp_reach_nlri_partial {
+ uint16_t afi; /* sa_family_t */
+ uint8_t safi;
+ uint8_t next_hop_len;
+ uint8_t next_hop[16];
+ uint8_t reserved;
+} __attribute__ ((packed));
+#define BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE (3 + sizeof(struct bgp_attr_mp_reach_nlri_partial))
+
+struct bgp_attr_mp_unreach_nlri_partial {
+ uint16_t afi; /* sa_family_t */
+ uint8_t safi;
+} __attribute__ ((packed));
+/* we use it as an extended attribute */
+#define BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE (4 + sizeof(struct bgp_attr_mp_unreach_nlri_partial))
+
/* bgp_path_attr.flags (bitfields) */
#define BGP_PATH_ATTR_FLAG_OPTIONAL (1 << 7)
#define BGP_PATH_ATTR_FLAG_TRANS (1 << 6)
#define BGP_PATH_ATTR_CODE_ATOMIC_AGGREGATE 6 /* well-known, discretionary */
#define BGP_PATH_ATTR_CODE_AGGREGATOR 7 /* optional, transitive */
#define BGP_PATH_ATTR_CODE_COMMUNITIES 8 /* optional, transitive (RFC1997) */
+#define BGP_PATH_ATTR_CODE_MP_REACH_NLRI 14 /* optional, non-transitive (RFC4760) */
+#define BGP_PATH_ATTR_CODE_MP_UNREACH_NLRI 15 /* optional, non-transitive (RFC4760) */
#define BGP_PATH_ATTR_SIZE(p) ((((p).flags & BGP_PATH_ATTR_FLAG_EXTLEN) \
- ? ((p).data.e.len + 1) : (p).data.s.len) + 3)
+ ? ((p).data.e.len + 4) : (p).data.s.len) + 3)
/* well known COMMUNITIES */
#define BGP_COMMUNITY_NO_EXPORT 0xffffff01 /* don't advertise outside confederation */
} __attribute__ ((packed));
/* bgp_data_notification.error_code, .error_subcode */
+#define BGP_ERR_UNSPEC 0
#define BGP_ERR_HEADER 1
# define BGP_ERR_HDR_NOT_SYNC 1
# define BGP_ERR_HDR_BAD_LEN 2
# define BGP_ERR_OPN_UNSUP_PARAM 4
# define BGP_ERR_OPN_AUTH_FAILURE 5
# define BGP_ERR_OPN_HOLD_TIME 6
+# define BGP_ERR_OPN_UNSUP_CAP 7
#define BGP_ERR_UPDATE 3
# define BGP_ERR_UPD_BAD_ATTR_LIST 1
# define BGP_ERR_UPD_UNKN_WK_ATTR 2
Established, /* established */
};
+struct bgp_route6_list {
+ struct bgp_ip6_prefix dest;
+ struct bgp_route6_list *next;
+};
+
struct bgp_route_list {
struct bgp_ip_prefix dest;
struct bgp_route_list *next;
size_t done; /* bytes sent/recvd */
};
+enum bgp_mp_handling {
+ HandleIPv6Routes,
+ DoesntHandleIPv6Routes,
+ HandlingUnknown,
+};
+
/* state */
struct bgp_peer {
char name[32]; /* peer name */
in_addr_t addr; /* peer address */
+ in_addr_t source_addr; /* our source address */
int as; /* AS number */
int sock;
enum bgp_state state; /* FSM state */
int cli_flag; /* updates requested from CLI */
char *path_attrs; /* path attrs to send in UPDATE message */
int path_attr_len; /* length of path attrs */
+ int path_attr_len_without_nexthop; /* length of path attrs without NEXT_HOP */
uint32_t events; /* events to poll */
struct event_data edata; /* poll data */
+ enum bgp_mp_handling mp_handling; /* how it handles IPv6 routes advertisements */
+ int update_routes6; /* UPDATE required for IPv6 routes */
+ struct bgp_route6_list *routes6; /* IPv6 routes known by this peer */
+ char mp_reach_nlri_partial[BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE];
+ char mp_unreach_nlri_partial[BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE];
};
/* bgp_peer.cli_flag */
/* actions */
int bgp_setup(int as);
int bgp_start(struct bgp_peer *peer, char *name, int as, int keepalive,
- int hold, int enable);
+ int hold, struct in_addr update_source, int enable);
void bgp_stop(struct bgp_peer *peer);
void bgp_halt(struct bgp_peer *peer);
int bgp_restart(struct bgp_peer *peer);
-int bgp_add_route(in_addr_t ip, in_addr_t mask);
-int bgp_del_route(in_addr_t ip, in_addr_t mask);
+int bgp_add_route(in_addr_t ip, int prefixlen);
+int bgp_add_route6(struct in6_addr ip, int prefixlen);
+int bgp_del_route(in_addr_t ip, int prefixlen);
+int bgp_del_route6(struct in6_addr ip, int prefixlen);
void bgp_enable_routing(int enable);
int bgp_set_poll(void);
int bgp_process(uint32_t events[]);
+void bgp_process_peers_timers();
char const *bgp_state_str(enum bgp_state state);
- extern char const *cvs_id_bgp;
-
#endif /* __BGP_H__ */
// L2TPNS Command Line Interface
// vim: sw=8 ts=8
- char const *cvs_name = "$Name: $";
- char const *cvs_id_cli = "$Id: cli.c,v 1.76 2006/12/18 12:08:28 bodea Exp $";
-
#include <stdio.h>
#include <stddef.h>
#include <stdarg.h>
/* match if b is a substr of a */
#define MATCH(a,b) (!strncmp((a), (b), strlen(b)))
-void init_cli(char *hostname)
+void init_cli()
{
FILE *f;
char buf[4096];
struct cli_command *c;
struct cli_command *c2;
- int on = 1;
- struct sockaddr_in addr;
cli = cli_init();
- if (hostname && *hostname)
- cli_set_hostname(cli, hostname);
- else
- cli_set_hostname(cli, "l2tpns");
c = cli_register_command(cli, NULL, "show", NULL, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, NULL);
cli_register_command(cli, c, "banana", cmd_show_banana, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show a banana");
}
fclose(f);
}
+}
+
+void cli_init_complete(char *hostname)
+{
+ int on = 1;
+ struct sockaddr_in addr;
+
+ if (hostname && *hostname)
+ cli_set_hostname(cli, hostname);
+ else
+ cli_set_hostname(cli, "l2tpns");
memset(&addr, 0, sizeof(addr));
clifd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
fcntl(clifd, F_SETFL, flags | O_NONBLOCK);
}
addr.sin_family = AF_INET;
+ addr.sin_addr.s_addr = config->cli_bind_address; /* defaults to INADDR_ANY */
addr.sin_port = htons(23);
if (bind(clifd, (void *) &addr, sizeof(addr)) < 0)
+ {
+ LOG(0, 0, 0, "Error binding cli on port 23: %s\n", strerror(errno));
+ close(clifd);
+ clifd = -1;
+ return;
+ }
+ if (listen(clifd, 10) < 0)
{
LOG(0, 0, 0, "Error listening on cli port 23: %s\n", strerror(errno));
+ close(clifd);
+ clifd = -1;
return;
}
- listen(clifd, 10);
}
void cli_do(int sockfd)
if (session[s].idle_timeout)
cli_print(cli, "\tIdle Timeout:\t%u seconds", session[s].idle_timeout - (session[s].last_data ? abs(time_now - session[s].last_data) : 0));
+ if (session[s].timeout)
+ {
+ cli_print(cli, "\tRemaining time:\t%u",
+ (session[s].bundle && bundle[session[s].bundle].num_of_links > 1)
+ ? (unsigned) (session[s].timeout - bundle[session[s].bundle].online_time)
+ : (unsigned) (session[s].timeout - (time_now - session[s].opened)));
+ }
+
cli_print(cli, "\tBytes In/Out:\t%u/%u", session[s].cout, session[s].cin);
cli_print(cli, "\tPkts In/Out:\t%u/%u", session[s].pout, session[s].pin);
cli_print(cli, "\tMRU:\t\t%d", session[s].mru);
}
// Show Summary
- cli_print(cli, "%5s %4s %-32s %-15s %s %s %s %s %10s %10s %10s %4s %-15s %s",
+ cli_print(cli, "%5s %4s %-32s %-15s %s %s %s %s %10s %10s %10s %4s %10s %-15s %s",
"SID",
"TID",
"Username",
"downloaded",
"uploaded",
"idle",
+ "Rem.Time",
"LAC",
"CLI");
for (i = 1; i < MAXSESSION; i++)
{
+ uint32_t rem_time;
if (!session[i].opened) continue;
- cli_print(cli, "%5d %4d %-32s %-15s %s %s %s %s %10u %10lu %10lu %4u %-15s %s",
+ if (session[i].bundle && bundle[session[i].bundle].num_of_links > 1)
+ rem_time = session[i].timeout ? (session[i].timeout - bundle[session[i].bundle].online_time) : 0;
+ else
+ rem_time = session[i].timeout ? (session[i].timeout - (time_now-session[i].opened)) : 0;
+
+ cli_print(cli, "%5d %4d %-32s %-15s %s %s %s %s %10u %10lu %10lu %4u %10lu %-15s %s",
i,
session[i].tunnel,
session[i].user[0] ? session[i].user : "*",
(unsigned long)session[i].cout,
(unsigned long)session[i].cin,
abs(time_now - (session[i].last_packet ? session[i].last_packet : time_now)),
+ (unsigned long)(rem_time),
fmtaddr(htonl(tunnel[ session[i].tunnel ].ip), 1),
session[i].calling[0] ? session[i].calling : "*");
}
static int cmd_show_version(struct cli_def *cli, char *command, char **argv, int argc)
{
- int tag = 0;
- int file = 0;
- int i = 0;
-
if (CLI_HELP_REQUESTED)
- return cli_arg_help(cli, 1,
- "tag", "Include CVS release tag",
- "file", "Include file versions",
- NULL);
-
- for (i = 0; i < argc; i++)
- if (!strcmp(argv[i], "tag"))
- tag++;
- else if (!strcmp(argv[i], "file"))
- file++;
+ return CLI_HELP_NO_ARGS;
cli_print(cli, "L2TPNS %s", VERSION);
- if (tag)
- {
- char const *p = strchr(cvs_name, ':');
- char const *e;
- if (p)
- {
- p++;
- while (isspace(*p))
- p++;
- }
-
- if (!p || *p == '$')
- p = "HEAD";
-
- e = strpbrk(p, " \t$");
- cli_print(cli, "Tag: %.*s", (int) (e ? e - p + 1 : strlen(p)), p);
- }
-
- if (file)
- {
- extern linked_list *loaded_plugins;
- void *p;
-
- cli_print(cli, "Files:");
- cli_print(cli, " %s", cvs_id_arp);
- #ifdef BGP
- cli_print(cli, " %s", cvs_id_bgp);
- #endif /* BGP */
- cli_print(cli, " %s", cvs_id_cli);
- cli_print(cli, " %s", cvs_id_cluster);
- cli_print(cli, " %s", cvs_id_constants);
- cli_print(cli, " %s", cvs_id_control);
- cli_print(cli, " %s", cvs_id_icmp);
- cli_print(cli, " %s", cvs_id_l2tpns);
- cli_print(cli, " %s", cvs_id_ll);
- cli_print(cli, " %s", cvs_id_ppp);
- cli_print(cli, " %s", cvs_id_radius);
- cli_print(cli, " %s", cvs_id_tbf);
- cli_print(cli, " %s", cvs_id_util);
-
- ll_reset(loaded_plugins);
- while ((p = ll_next(loaded_plugins)))
- {
- char const **id = dlsym(p, "cvs_id");
- if (id)
- cli_print(cli, " %s", *id);
- }
- }
-
return CLI_OK;
}
h = BGP_HOLD_TIME;
cli_print(cli, " neighbour %s timers %d %d", config->neighbour[i].name, k, h);
+
+ if (config->neighbour[i].update_source.s_addr != INADDR_ANY)
+ cli_print(cli, " neighbour %s update-source %s",
+ config->neighbour[i].name,
+ inet_ntoa(config->neighbour[i].update_source));
}
}
#endif
return cli_arg_help(cli, 0,
"remote-as", "Set remote autonomous system number",
"timers", "Set timers",
+ "update-source", "Set source address to use for the BGP session",
NULL);
default:
return cli_arg_help(cli, 1, NULL);
}
+ if (MATCH("update-source", argv[1]))
+ return cli_arg_help(cli, argc > 3, "A.B.C.D", "Source IP address", NULL);
+
return CLI_OK;
}
}
snprintf(config->neighbour[i].name, sizeof(config->neighbour[i].name), "%s", argv[0]);
config->neighbour[i].keepalive = -1;
config->neighbour[i].hold = -1;
+ config->neighbour[i].update_source.s_addr = INADDR_ANY;
}
config->neighbour[i].as = as;
return CLI_OK;
}
+ if (MATCH("update-source", argv[1]))
+ {
+ struct in_addr addr;
+
+ if (!config->neighbour[i].name[0])
+ {
+ cli_error(cli, "Specify remote-as first");
+ return CLI_OK;
+ }
+
+ if (!inet_aton(argv[2], &addr))
+ {
+ cli_error(cli, "Cannot parse IP \"%s\"", argv[2]);
+ return CLI_OK;
+ }
+
+ config->neighbour[i].update_source = addr;
+ return CLI_OK;
+ }
+
if (argc != 4 || !MATCH("timers", argv[1]))
{
cli_error(cli, "Invalid arguments");
// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
// vim: sw=8 ts=8
- char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.176 2011/01/20 12:48:40 bodea Exp $";
-
#include <arpa/inet.h>
#include <assert.h>
#include <errno.h>
#define SYSLOG_NAMES
#include <syslog.h>
#include <malloc.h>
-#include <math.h>
#include <net/route.h>
#include <sys/mman.h>
#include <netdb.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/wait.h>
-#include <linux/if.h>
+#include <net/if.h>
#include <stddef.h>
#include <time.h>
#include <dlfcn.h>
#include <sched.h>
#include <sys/sysinfo.h>
#include <libcli.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
#include "md5.h"
#include "l2tpns.h"
// Globals
configt *config = NULL; // all configuration
+int nlfd = -1; // netlink socket
int tunfd = -1; // tun interface file handle. (network device)
int udpfd = -1; // UDP file handle
int controlfd = -1; // Control signal handle
int daefd = -1; // Socket listening for DAE connections.
int snoopfd = -1; // UDP file handle for sending out intercept data
int *radfds = NULL; // RADIUS requests file handles
-int ifrfd = -1; // File descriptor for routing, etc
-int ifr6fd = -1; // File descriptor for IPv6 routing, etc
int rand_fd = -1; // Random data source
int cluster_sockfd = -1; // Intra-cluster communications socket.
int epollfd = -1; // event polling
time_t basetime = 0; // base clock
-char hostname[1000] = ""; // us.
+char hostname[MAXHOSTNAME] = ""; // us.
static int tunidx; // ifr_ifindex of tun device
+int nlseqnum = 0; // netlink sequence number
+int min_initok_nlseqnum = 0; // minimun seq number for messages after init is ok
static int syslog_log = 0; // are we logging to syslog
static FILE *log_stream = 0; // file handle for direct logging (i.e. direct into file, not via syslog).
uint32_t last_id = 0; // Unique ID for radius accounting
CONFIG("cluster_hb_timeout", cluster_hb_timeout, INT),
CONFIG("cluster_master_min_adv", cluster_master_min_adv, INT),
CONFIG("ipv6_prefix", ipv6_prefix, IPv6),
+ CONFIG("cli_bind_address", cli_bind_address, IPv4),
+ CONFIG("hostname", hostname, STRING),
+ CONFIG("nexthop_address", nexthop_address, IPv4),
+ CONFIG("nexthop6_address", nexthop6_address, IPv6),
{ NULL, 0, 0, 0 },
};
NULL,
"plugin_pre_auth",
"plugin_post_auth",
- "plugin_packet_rx",
- "plugin_packet_tx",
"plugin_timer",
"plugin_new_session",
"plugin_kill_session",
struct Tringbuffer *ringbuffer = NULL;
#endif
+static ssize_t netlink_send(struct nlmsghdr *nh);
+static void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen);
static void cache_ipmap(in_addr_t ip, sessionidt s);
static void uncache_ipmap(in_addr_t ip);
static void cache_ipv6map(struct in6_addr ip, int prefixlen, sessionidt s);
// via BGP if enabled, and stuffs it into the
// 'sessionbyip' cache.
//
-// 'ip' and 'mask' must be in _host_ order.
+// 'ip' must be in _host_ order.
//
-static void routeset(sessionidt s, in_addr_t ip, in_addr_t mask, in_addr_t gw, int add)
+static void routeset(sessionidt s, in_addr_t ip, int prefixlen, in_addr_t gw, int add)
{
- struct rtentry r;
+ struct {
+ struct nlmsghdr nh;
+ struct rtmsg rt;
+ char buf[32];
+ } req;
int i;
+ in_addr_t n_ip;
- if (!mask) mask = 0xffffffff;
+ if (!prefixlen) prefixlen = 32;
- ip &= mask; // Force the ip to be the first one in the route.
+ ip &= 0xffffffff << (32 - prefixlen);; // Force the ip to be the first one in the route.
- memset(&r, 0, sizeof(r));
- r.rt_dev = config->tundevice;
- r.rt_dst.sa_family = AF_INET;
- *(uint32_t *) & (((struct sockaddr_in *) &r.rt_dst)->sin_addr.s_addr) = htonl(ip);
- r.rt_gateway.sa_family = AF_INET;
- *(uint32_t *) & (((struct sockaddr_in *) &r.rt_gateway)->sin_addr.s_addr) = htonl(gw);
- r.rt_genmask.sa_family = AF_INET;
- *(uint32_t *) & (((struct sockaddr_in *) &r.rt_genmask)->sin_addr.s_addr) = htonl(mask);
- r.rt_flags = (RTF_UP | RTF_STATIC);
+ memset(&req, 0, sizeof(req));
+
+ if (add)
+ {
+ req.nh.nlmsg_type = RTM_NEWROUTE;
+ req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE;
+ }
+ else
+ {
+ req.nh.nlmsg_type = RTM_DELROUTE;
+ req.nh.nlmsg_flags = NLM_F_REQUEST;
+ }
+
+ req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.rt));
+
+ req.rt.rtm_family = AF_INET;
+ req.rt.rtm_dst_len = prefixlen;
+ req.rt.rtm_table = RT_TABLE_MAIN;
+ req.rt.rtm_protocol = 42;
+ req.rt.rtm_scope = RT_SCOPE_LINK;
+ req.rt.rtm_type = RTN_UNICAST;
+
+ netlink_addattr(&req.nh, RTA_OIF, &tunidx, sizeof(int));
+ n_ip = htonl(ip);
+ netlink_addattr(&req.nh, RTA_DST, &n_ip, sizeof(n_ip));
if (gw)
- r.rt_flags |= RTF_GATEWAY;
- else if (mask == 0xffffffff)
- r.rt_flags |= RTF_HOST;
+ {
+ n_ip = htonl(gw);
+ netlink_addattr(&req.nh, RTA_GATEWAY, &n_ip, sizeof(n_ip));
+ }
- LOG(1, s, 0, "Route %s %s/%s%s%s\n", add ? "add" : "del",
- fmtaddr(htonl(ip), 0), fmtaddr(htonl(mask), 1),
+ LOG(1, s, session[s].tunnel, "Route %s %s/%d%s%s\n", add ? "add" : "del",
+ fmtaddr(htonl(ip), 0), prefixlen,
gw ? " via" : "", gw ? fmtaddr(htonl(gw), 2) : "");
- if (ioctl(ifrfd, add ? SIOCADDRT : SIOCDELRT, (void *) &r) < 0)
- LOG(0, 0, 0, "routeset() error in ioctl: %s\n", strerror(errno));
+ if (netlink_send(&req.nh) < 0)
+ LOG(0, 0, 0, "routeset() error in sending netlink message: %s\n", strerror(errno));
#ifdef BGP
if (add)
- bgp_add_route(htonl(ip), htonl(mask));
+ bgp_add_route(htonl(ip), prefixlen);
else
- bgp_del_route(htonl(ip), htonl(mask));
+ bgp_del_route(htonl(ip), prefixlen);
#endif /* BGP */
// Add/Remove the IPs to the 'sessionbyip' cache.
if (!add) // Are we deleting a route?
s = 0; // Caching the session as '0' is the same as uncaching.
- for (i = ip; (i&mask) == (ip&mask) ; ++i)
+ for (i = ip; i < ip+(1<<(32-prefixlen)) ; ++i)
cache_ipmap(i, s);
}
}
void route6set(sessionidt s, struct in6_addr ip, int prefixlen, int add)
{
- struct in6_rtmsg rt;
+ struct {
+ struct nlmsghdr nh;
+ struct rtmsg rt;
+ char buf[64];
+ } req;
+ int metric;
char ipv6addr[INET6_ADDRSTRLEN];
- if (ifr6fd < 0)
+ if (!config->ipv6_prefix.s6_addr[0])
{
LOG(0, 0, 0, "Asked to set IPv6 route, but IPv6 not setup.\n");
return;
}
- memset(&rt, 0, sizeof(rt));
+ memset(&req, 0, sizeof(req));
+
+ if (add)
+ {
+ req.nh.nlmsg_type = RTM_NEWROUTE;
+ req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE;
+ }
+ else
+ {
+ req.nh.nlmsg_type = RTM_DELROUTE;
+ req.nh.nlmsg_flags = NLM_F_REQUEST;
+ }
+
+ req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.rt));
- memcpy(&rt.rtmsg_dst, &ip, sizeof(struct in6_addr));
- rt.rtmsg_dst_len = prefixlen;
- rt.rtmsg_metric = 1;
- rt.rtmsg_flags = RTF_UP;
- rt.rtmsg_ifindex = tunidx;
+ req.rt.rtm_family = AF_INET6;
+ req.rt.rtm_dst_len = prefixlen;
+ req.rt.rtm_table = RT_TABLE_MAIN;
+ req.rt.rtm_protocol = 42;
+ req.rt.rtm_scope = RT_SCOPE_LINK;
+ req.rt.rtm_type = RTN_UNICAST;
- LOG(1, 0, 0, "Route %s %s/%d\n",
+ netlink_addattr(&req.nh, RTA_OIF, &tunidx, sizeof(int));
+ netlink_addattr(&req.nh, RTA_DST, &ip, sizeof(ip));
+ metric = 1;
+ netlink_addattr(&req.nh, RTA_METRICS, &metric, sizeof(metric));
+
+ LOG(1, s, session[s].tunnel, "Route %s %s/%d\n",
add ? "add" : "del",
inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN),
prefixlen);
- if (ioctl(ifr6fd, add ? SIOCADDRT : SIOCDELRT, (void *) &rt) < 0)
- LOG(0, 0, 0, "route6set() error in ioctl: %s\n",
- strerror(errno));
+ if (netlink_send(&req.nh) < 0)
+ LOG(0, 0, 0, "route6set() error in sending netlink message: %s\n", strerror(errno));
- // FIXME: need to add BGP routing (RFC2858)
+#ifdef BGP
+ if (add)
+ bgp_add_route6(ip, prefixlen);
+ else
+ bgp_del_route6(ip, prefixlen);
+#endif /* BGP */
if (s)
{
return;
}
-// defined in linux/ipv6.h, but tricky to include from user-space
-// TODO: move routing to use netlink rather than ioctl
-struct in6_ifreq {
- struct in6_addr ifr6_addr;
- __u32 ifr6_prefixlen;
- unsigned int ifr6_ifindex;
+//
+// Set up netlink socket
+static void initnetlink(void)
+{
+ struct sockaddr_nl nladdr;
+
+ nlfd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+ if (nlfd < 0)
+ {
+ LOG(0, 0, 0, "Can't create netlink socket: %s\n", strerror(errno));
+ exit(1);
+ }
+
+ memset(&nladdr, 0, sizeof(nladdr));
+ nladdr.nl_family = AF_NETLINK;
+ nladdr.nl_pid = getpid();
+
+ if (bind(nlfd, (struct sockaddr *)&nladdr, sizeof(nladdr)) < 0)
+ {
+ LOG(0, 0, 0, "Can't bind netlink socket: %s\n", strerror(errno));
+ exit(1);
+ }
+}
+
+static ssize_t netlink_send(struct nlmsghdr *nh)
+{
+ struct sockaddr_nl nladdr;
+ struct iovec iov;
+ struct msghdr msg;
+
+ nh->nlmsg_pid = getpid();
+ nh->nlmsg_seq = ++nlseqnum;
+
+ // set kernel address
+ memset(&nladdr, 0, sizeof(nladdr));
+ nladdr.nl_family = AF_NETLINK;
+
+ iov = (struct iovec){ (void *)nh, nh->nlmsg_len };
+ msg = (struct msghdr){ (void *)&nladdr, sizeof(nladdr), &iov, 1, NULL, 0, 0 };
+
+ return sendmsg(nlfd, &msg, 0);
+}
+
+static ssize_t netlink_recv(void *buf, ssize_t len)
+{
+ struct sockaddr_nl nladdr;
+ struct iovec iov;
+ struct msghdr msg;
+
+ // set kernel address
+ memset(&nladdr, 0, sizeof(nladdr));
+ nladdr.nl_family = AF_NETLINK;
+
+ iov = (struct iovec){ buf, len };
+ msg = (struct msghdr){ (void *)&nladdr, sizeof(nladdr), &iov, 1, NULL, 0, 0 };
+
+ return recvmsg(nlfd, &msg, 0);
+}
+
+/* adapted from iproute2 */
+static void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen)
+{
+ int len = RTA_LENGTH(alen);
+ struct rtattr *rta;
+
+ rta = (struct rtattr *)(((void *)nh) + NLMSG_ALIGN(nh->nlmsg_len));
+ rta->rta_type = type;
+ rta->rta_len = len;
+ memcpy(RTA_DATA(rta), data, alen);
+ nh->nlmsg_len = NLMSG_ALIGN(nh->nlmsg_len) + RTA_ALIGN(len);
+}
+
+// messages corresponding to different phases seq number
+static char *tun_nl_phase_msg[] = {
+ "initialized",
+ "getting tun interface index",
+ "setting tun interface parameters",
+ "setting tun IPv4 address",
+ "setting tun LL IPv6 address",
+ "setting tun global IPv6 address",
};
//
static void inittun(void)
{
struct ifreq ifr;
- struct in6_ifreq ifr6;
- struct sockaddr_in sin = {0};
+
memset(&ifr, 0, sizeof(ifr));
ifr.ifr_flags = IFF_TUN;
LOG(0, 0, 0, "Can't set tun interface: %s\n", strerror(errno));
exit(1);
}
- assert(strlen(ifr.ifr_name) < sizeof(config->tundevice));
- strncpy(config->tundevice, ifr.ifr_name, sizeof(config->tundevice) - 1);
- ifrfd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
+ assert(strlen(ifr.ifr_name) < sizeof(config->tundevice) - 1);
+ strncpy(config->tundevice, ifr.ifr_name, sizeof(config->tundevice));
- sin.sin_family = AF_INET;
- sin.sin_addr.s_addr = config->bind_address ? config->bind_address : 0x01010101; // 1.1.1.1
- memcpy(&ifr.ifr_addr, &sin, sizeof(struct sockaddr));
-
- if (ioctl(ifrfd, SIOCSIFADDR, (void *) &ifr) < 0)
- {
- LOG(0, 0, 0, "Error setting tun address: %s\n", strerror(errno));
- exit(1);
- }
- /* Bump up the qlen to deal with bursts from the network */
- ifr.ifr_qlen = 1000;
- if (ioctl(ifrfd, SIOCSIFTXQLEN, (void *) &ifr) < 0)
- {
- LOG(0, 0, 0, "Error setting tun queue length: %s\n", strerror(errno));
- exit(1);
- }
- /* set MTU to modem MRU */
- ifr.ifr_mtu = MRU;
- if (ioctl(ifrfd, SIOCSIFMTU, (void *) &ifr) < 0)
- {
- LOG(0, 0, 0, "Error setting tun MTU: %s\n", strerror(errno));
- exit(1);
- }
- ifr.ifr_flags = IFF_UP;
- if (ioctl(ifrfd, SIOCSIFFLAGS, (void *) &ifr) < 0)
+ tunidx = if_nametoindex(config->tundevice);
+ if (tunidx == 0)
{
- LOG(0, 0, 0, "Error setting tun flags: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Can't get tun interface index\n");
exit(1);
}
- if (ioctl(ifrfd, SIOCGIFINDEX, (void *) &ifr) < 0)
+
{
- LOG(0, 0, 0, "Error getting tun ifindex: %s\n", strerror(errno));
- exit(1);
- }
- tunidx = ifr.ifr_ifindex;
+ struct {
+ // interface setting
+ struct nlmsghdr nh;
+ union {
+ struct ifinfomsg ifinfo;
+ struct ifaddrmsg ifaddr;
+ } ifmsg;
+ char rtdata[32]; // 32 should be enough
+ } req;
+ uint32_t txqlen, mtu;
+ in_addr_t ip;
- // Only setup IPv6 on the tun device if we have a configured prefix
- if (config->ipv6_prefix.s6_addr[0]) {
- ifr6fd = socket(PF_INET6, SOCK_DGRAM, 0);
+ memset(&req, 0, sizeof(req));
- // Link local address is FE80::1
- memset(&ifr6.ifr6_addr, 0, sizeof(ifr6.ifr6_addr));
- ifr6.ifr6_addr.s6_addr[0] = 0xFE;
- ifr6.ifr6_addr.s6_addr[1] = 0x80;
- ifr6.ifr6_addr.s6_addr[15] = 1;
- ifr6.ifr6_prefixlen = 64;
- ifr6.ifr6_ifindex = ifr.ifr_ifindex;
- if (ioctl(ifr6fd, SIOCSIFADDR, (void *) &ifr6) < 0)
- {
- LOG(0, 0, 0, "Error setting tun IPv6 link local address:"
- " %s\n", strerror(errno));
- }
+ req.nh.nlmsg_type = RTM_NEWLINK;
+ req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_MULTI;
+ req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.ifmsg.ifinfo));
- // Global address is prefix::1
- memset(&ifr6.ifr6_addr, 0, sizeof(ifr6.ifr6_addr));
- ifr6.ifr6_addr = config->ipv6_prefix;
- ifr6.ifr6_addr.s6_addr[15] = 1;
- ifr6.ifr6_prefixlen = 64;
- ifr6.ifr6_ifindex = ifr.ifr_ifindex;
- if (ioctl(ifr6fd, SIOCSIFADDR, (void *) &ifr6) < 0)
- {
- LOG(0, 0, 0, "Error setting tun IPv6 global address: %s\n",
- strerror(errno));
+ req.ifmsg.ifinfo.ifi_family = AF_UNSPEC;
+ req.ifmsg.ifinfo.ifi_index = tunidx;
+ req.ifmsg.ifinfo.ifi_flags |= IFF_UP; // set interface up
+ req.ifmsg.ifinfo.ifi_change = IFF_UP; // only change this flag
+
+ /* Bump up the qlen to deal with bursts from the network */
+ txqlen = 1000;
+ netlink_addattr(&req.nh, IFLA_TXQLEN, &txqlen, sizeof(txqlen));
+ /* set MTU to modem MRU */
+ mtu = MRU;
+ netlink_addattr(&req.nh, IFLA_MTU, &mtu, sizeof(mtu));
+
+ if (netlink_send(&req.nh) < 0)
+ goto senderror;
+
+ memset(&req, 0, sizeof(req));
+
+ req.nh.nlmsg_type = RTM_NEWADDR;
+ req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE | NLM_F_MULTI;
+ req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.ifmsg.ifaddr));
+
+ req.ifmsg.ifaddr.ifa_family = AF_INET;
+ req.ifmsg.ifaddr.ifa_prefixlen = 32;
+ req.ifmsg.ifaddr.ifa_scope = RT_SCOPE_UNIVERSE;
+ req.ifmsg.ifaddr.ifa_index = tunidx;
+
+ if (config->bind_address)
+ ip = config->bind_address;
+ else
+ ip = 0x01010101; // 1.1.1.1
+ netlink_addattr(&req.nh, IFA_LOCAL, &ip, sizeof(ip));
+
+ if (netlink_send(&req.nh) < 0)
+ goto senderror;
+
+ // Only setup IPv6 on the tun device if we have a configured prefix
+ if (config->ipv6_prefix.s6_addr[0]) {
+ struct in6_addr ip6;
+
+ memset(&req, 0, sizeof(req));
+
+ req.nh.nlmsg_type = RTM_NEWADDR;
+ req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE | NLM_F_MULTI;
+ req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.ifmsg.ifaddr));
+
+ req.ifmsg.ifaddr.ifa_family = AF_INET6;
+ req.ifmsg.ifaddr.ifa_prefixlen = 64;
+ req.ifmsg.ifaddr.ifa_scope = RT_SCOPE_LINK;
+ req.ifmsg.ifaddr.ifa_index = tunidx;
+
+ // Link local address is FE80::1
+ memset(&ip6, 0, sizeof(ip6));
+ ip6.s6_addr[0] = 0xFE;
+ ip6.s6_addr[1] = 0x80;
+ ip6.s6_addr[15] = 1;
+ netlink_addattr(&req.nh, IFA_LOCAL, &ip6, sizeof(ip6));
+
+ if (netlink_send(&req.nh) < 0)
+ goto senderror;
+
+ memset(&req, 0, sizeof(req));
+
+ req.nh.nlmsg_type = RTM_NEWADDR;
+ req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE | NLM_F_MULTI;
+ req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.ifmsg.ifaddr));
+
+ req.ifmsg.ifaddr.ifa_family = AF_INET6;
+ req.ifmsg.ifaddr.ifa_prefixlen = 64;
+ req.ifmsg.ifaddr.ifa_scope = RT_SCOPE_UNIVERSE;
+ req.ifmsg.ifaddr.ifa_index = tunidx;
+
+ // Global address is prefix::1
+ ip6 = config->ipv6_prefix;
+ ip6.s6_addr[15] = 1;
+ netlink_addattr(&req.nh, IFA_LOCAL, &ip6, sizeof(ip6));
+
+ if (netlink_send(&req.nh) < 0)
+ goto senderror;
}
+
+ memset(&req, 0, sizeof(req));
+
+ req.nh.nlmsg_type = NLMSG_DONE;
+ req.nh.nlmsg_len = NLMSG_LENGTH(0);
+
+ if (netlink_send(&req.nh) < 0)
+ goto senderror;
+
+ // if we get an error for seqnum < min_initok_nlseqnum,
+ // we must exit as initialization went wrong
+ if (config->ipv6_prefix.s6_addr[0])
+ min_initok_nlseqnum = 5 + 1; // idx + if + addr + 2*addr6
+ else
+ min_initok_nlseqnum = 3 + 1; // idx + if + addr
}
+
+ return;
+
+senderror:
+ LOG(0, 0, 0, "Error while setting up tun device: %s\n", strerror(errno));
+ exit(1);
}
// set up UDP ports
return;
}
- // Add on L2TP header
- {
- bundleidt bid = 0;
- if(session[s].bundle != 0 && bundle[session[s].bundle].num_of_links > 1)
- {
- bid = session[s].bundle;
- s = bundle[bid].members[bundle[bid].current_ses = (bundle[bid].current_ses + 1) % bundle[bid].num_of_links];
- t = session[s].tunnel;
- sp = &session[s];
- LOG(4, s, t, "MPPP: (1)Session number becomes: %d\n", s);
- if(len > MINFRAGLEN)
- {
- // Partition the packet to "bundle[b].num_of_links" fragments
- bundlet *b = &bundle[bid];
- uint32_t num_of_links = b->num_of_links;
- uint32_t fraglen = len / num_of_links;
- fraglen = (fraglen > session[s].mru ? session[s].mru : fraglen);
- uint32_t last_fraglen = fraglen + len % num_of_links;
- last_fraglen = (last_fraglen > session[s].mru ? len % num_of_links : last_fraglen);
- uint32_t remain = len;
-
- // send the first packet
- uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, fraglen, s, t, PPPIP, 0, bid, MP_BEGIN);
- if (!p) return;
- tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
- // statistics
- update_session_out_stat(s, sp, fraglen);
- remain -= fraglen;
- while (remain > last_fraglen)
- {
- s = b->members[b->current_ses = (b->current_ses + 1) % num_of_links];
- t = session[s].tunnel;
- sp = &session[s];
- LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
- p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), fraglen, s, t, PPPIP, 0, bid, 0);
- if (!p) return;
- tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
- update_session_out_stat(s, sp, fraglen);
- remain -= fraglen;
- }
- // send the last fragment
- s = b->members[b->current_ses = (b->current_ses + 1) % num_of_links];
+ if(session[s].bundle != 0 && bundle[session[s].bundle].num_of_links > 1)
+ {
+ // Add on L2TP header
+ bundleidt bid = session[s].bundle;
+ bundlet *b = &bundle[bid];
+
+ b->current_ses = (b->current_ses + 1) % b->num_of_links;
+ s = b->members[b->current_ses];
+ t = session[s].tunnel;
+ sp = &session[s];
+ LOG(4, s, t, "MPPP: (1)Session number becomes: %d\n", s);
+ if(len > MINFRAGLEN)
+ {
+ // Partition the packet to "bundle[b].num_of_links" fragments
+ uint32_t num_of_links = b->num_of_links;
+ uint32_t fraglen = len / num_of_links;
+ fraglen = (fraglen > session[s].mru ? session[s].mru : fraglen);
+ uint32_t last_fraglen = fraglen + len % num_of_links;
+ last_fraglen = (last_fraglen > session[s].mru ? len % num_of_links : last_fraglen);
+ uint32_t remain = len;
+
+ // send the first packet
+ uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, fraglen, s, t, PPPIP, 0, bid, MP_BEGIN);
+ if (!p) return;
+ tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
+ // statistics
+ update_session_out_stat(s, sp, fraglen);
+ remain -= fraglen;
+ while (remain > last_fraglen)
+ {
+ b->current_ses = (b->current_ses + 1) % num_of_links;
+ s = b->members[b->current_ses];
t = session[s].tunnel;
sp = &session[s];
- LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
- p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), remain, s, t, PPPIP, 0, bid, MP_END);
- if (!p) return;
- tunnelsend(fragbuf, remain + (p-fragbuf), t); // send it...
- update_session_out_stat(s, sp, remain);
- if (remain != last_fraglen)
- LOG(3, s, t, "PROCESSIPOUT ERROR REMAIN != LAST_FRAGLEN, %d != %d\n", remain, last_fraglen);
- }
- else {
- // Send it as one frame
- uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, bid, MP_BOTH_BITS);
- if (!p) return;
- tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
- LOG(4, s, t, "MPPP: packet sent as one frame\n");
- update_session_out_stat(s, sp, len);
- }
- }
- else
- {
- uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0);
- if (!p) return;
- tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+ LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
+ p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), fraglen, s, t, PPPIP, 0, bid, 0);
+ if (!p) return;
+ tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
+ update_session_out_stat(s, sp, fraglen);
+ remain -= fraglen;
+ }
+ // send the last fragment
+ b->current_ses = (b->current_ses + 1) % num_of_links;
+ s = b->members[b->current_ses];
+ t = session[s].tunnel;
+ sp = &session[s];
+ LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
+ p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), remain, s, t, PPPIP, 0, bid, MP_END);
+ if (!p) return;
+ tunnelsend(fragbuf, remain + (p-fragbuf), t); // send it...
+ update_session_out_stat(s, sp, remain);
+ if (remain != last_fraglen)
+ LOG(3, s, t, "PROCESSIPOUT ERROR REMAIN != LAST_FRAGLEN, %d != %d\n", remain, last_fraglen);
+ }
+ else {
+ // Send it as one frame
+ uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, bid, MP_BOTH_BITS);
+ if (!p) return;
+ tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+ LOG(4, s, t, "MPPP: packet sent as one frame\n");
update_session_out_stat(s, sp, len);
- }
- }
+ }
+ }
+ else
+ {
+ uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0);
+ if (!p) return;
+ tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+ update_session_out_stat(s, sp, len);
+ }
// Snooping this session, send it to intercept box
if (sp->snoop_ip && sp->snoop_port)
if (session[s].bundle && bundle[session[s].bundle].num_of_links > 1)
{
bundleidt bid = session[s].bundle;
- s = bundle[bid].members[bundle[bid].current_ses = (bundle[bid].current_ses + 1) % bundle[bid].num_of_links];
+ bundlet *b = &bundle[bid];
+
+ b->current_ses = (b->current_ses + 1) % b->num_of_links;
+ s = b->members[b->current_ses];
LOG(3, s, session[s].tunnel, "MPPP: Session number becomes: %u\n", s);
}
t = session[s].tunnel;
static void control16(controlt * c, uint16_t avp, uint16_t val, uint8_t m)
{
uint16_t l = (m ? 0x8008 : 0x0008);
- *(uint16_t *) (c->buf + c->length + 0) = htons(l);
- *(uint16_t *) (c->buf + c->length + 2) = htons(0);
- *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
- *(uint16_t *) (c->buf + c->length + 6) = htons(val);
+ c->buf16[c->length/2 + 0] = htons(l);
+ c->buf16[c->length/2 + 1] = htons(0);
+ c->buf16[c->length/2 + 2] = htons(avp);
+ c->buf16[c->length/2 + 3] = htons(val);
c->length += 8;
}
static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m)
{
uint16_t l = (m ? 0x800A : 0x000A);
- *(uint16_t *) (c->buf + c->length + 0) = htons(l);
- *(uint16_t *) (c->buf + c->length + 2) = htons(0);
- *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
- *(uint32_t *) (c->buf + c->length + 6) = htonl(val);
+ c->buf16[c->length/2 + 0] = htons(l);
+ c->buf16[c->length/2 + 1] = htons(0);
+ c->buf16[c->length/2 + 2] = htons(avp);
+ *(uint32_t *) &c->buf[c->length + 6] = htonl(val);
c->length += 10;
}
static void controls(controlt * c, uint16_t avp, char *val, uint8_t m)
{
uint16_t l = ((m ? 0x8000 : 0) + strlen(val) + 6);
- *(uint16_t *) (c->buf + c->length + 0) = htons(l);
- *(uint16_t *) (c->buf + c->length + 2) = htons(0);
- *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
- memcpy(c->buf + c->length + 6, val, strlen(val));
+ c->buf16[c->length/2 + 0] = htons(l);
+ c->buf16[c->length/2 + 1] = htons(0);
+ c->buf16[c->length/2 + 2] = htons(avp);
+ memcpy(&c->buf[c->length + 6], val, strlen(val));
c->length += 6 + strlen(val);
}
static void controlb(controlt * c, uint16_t avp, uint8_t *val, unsigned int len, uint8_t m)
{
uint16_t l = ((m ? 0x8000 : 0) + len + 6);
- *(uint16_t *) (c->buf + c->length + 0) = htons(l);
- *(uint16_t *) (c->buf + c->length + 2) = htons(0);
- *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
- memcpy(c->buf + c->length + 6, val, len);
+ c->buf16[c->length/2 + 0] = htons(l);
+ c->buf16[c->length/2 + 1] = htons(0);
+ c->buf16[c->length/2 + 2] = htons(avp);
+ memcpy(&c->buf[c->length + 6], val, len);
c->length += 6 + len;
}
}
assert(c);
c->next = 0;
- *(uint16_t *) (c->buf + 0) = htons(0xC802); // flags/ver
+ c->buf16[0] = htons(0xC802); // flags/ver
c->length = 12;
control16(c, 0, mtype, 1);
return c;
// (ZLB send).
static void controlnull(tunnelidt t)
{
- uint8_t buf[12];
+ uint16_t buf[6];
if (tunnel[t].controlc) // Messages queued; They will carry the ack.
return;
- *(uint16_t *) (buf + 0) = htons(0xC802); // flags/ver
- *(uint16_t *) (buf + 2) = htons(12); // length
- *(uint16_t *) (buf + 4) = htons(tunnel[t].far); // tunnel
- *(uint16_t *) (buf + 6) = htons(0); // session
- *(uint16_t *) (buf + 8) = htons(tunnel[t].ns); // sequence
- *(uint16_t *) (buf + 10) = htons(tunnel[t].nr); // sequence
- tunnelsend(buf, 12, t);
+ buf[0] = htons(0xC802); // flags/ver
+ buf[1] = htons(12); // length
+ buf[2] = htons(tunnel[t].far); // tunnel
+ buf[3] = htons(0); // session
+ buf[4] = htons(tunnel[t].ns); // sequence
+ buf[5] = htons(tunnel[t].nr); // sequence
+ tunnelsend((uint8_t *)buf, 12, t);
}
// add a control message to a tunnel, and send if within window
static void controladd(controlt *c, sessionidt far, tunnelidt t)
{
- *(uint16_t *) (c->buf + 2) = htons(c->length); // length
- *(uint16_t *) (c->buf + 4) = htons(tunnel[t].far); // tunnel
- *(uint16_t *) (c->buf + 6) = htons(far); // session
- *(uint16_t *) (c->buf + 8) = htons(tunnel[t].ns); // sequence
+ c->buf16[1] = htons(c->length); // length
+ c->buf16[2] = htons(tunnel[t].far); // tunnel
+ c->buf16[3] = htons(far); // session
+ c->buf16[4] = htons(tunnel[t].ns); // sequence
tunnel[t].ns++; // advance sequence
// link in message in to queue
if (tunnel[t].controlc)
int routed = 0;
for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
{
- if ((session[s].ip & session[s].route[r].mask) ==
- (session[s].route[r].ip & session[s].route[r].mask))
+ if ((session[s].ip >> (32-session[s].route[r].prefixlen)) ==
+ (session[s].route[r].ip >> (32-session[s].route[r].prefixlen)))
routed++;
- if (del_routes) routeset(s, session[s].route[r].ip, session[s].route[r].mask, 0, 0);
+ if (del_routes) routeset(s, session[s].route[r].ip, session[s].route[r].prefixlen, 0, 0);
session[s].route[r].ip = 0;
}
{
// This session was part of a bundle
bundle[b].num_of_links--;
- LOG(3, s, 0, "MPPP: Dropping member link: %d from bundle %d\n",s,b);
+ LOG(3, s, session[s].tunnel, "MPPP: Dropping member link: %d from bundle %d\n",s,b);
if(bundle[b].num_of_links == 0)
{
bundleclear(b);
- LOG(3, s, 0, "MPPP: Kill bundle: %d (No remaing member links)\n",b);
+ LOG(3, s, session[s].tunnel, "MPPP: Kill bundle: %d (No remaing member links)\n",b);
}
else
{
break;
}
bundle[b].members[mem_num] = bundle[b].members[bundle[b].num_of_links];
- LOG(3, s, 0, "MPPP: Adjusted member links array\n");
+ LOG(3, s, session[s].tunnel, "MPPP: Adjusted member links array\n");
}
}
cluster_send_bundle(b);
controlt *c = controlnew(14); // sending CDN
if (cdn_error)
{
- uint8_t buf[4];
- *(uint16_t *) buf = htons(cdn_result);
- *(uint16_t *) (buf+2) = htons(cdn_error);
- controlb(c, 1, buf, 4, 1);
+ uint16_t buf[2];
+ buf[0] = htons(cdn_result);
+ buf[1] = htons(cdn_error);
+ controlb(c, 1, (uint8_t *)buf, 4, 1);
}
else
control16(c, 1, cdn_result, 1);
controlt *c = controlnew(4); // sending StopCCN
if (error)
{
- uint8_t buf[64];
+ uint16_t buf[32];
int l = 4;
- *(uint16_t *) buf = htons(result);
- *(uint16_t *) (buf+2) = htons(error);
+ buf[0] = htons(result);
+ buf[1] = htons(error);
if (msg)
{
int m = strlen(msg);
if (m + 4 > sizeof(buf))
m = sizeof(buf) - 4;
- memcpy(buf+4, msg, m);
+ memcpy(buf+2, msg, m);
l += m;
}
- controlb(c, 1, buf, l, 1);
+ controlb(c, 1, (uint8_t *)buf, l, 1);
}
else
control16(c, 1, result, 1);
// Set multilink options before sending initial LCP packet
sess_local[s].mp_mrru = 1614;
- sess_local[s].mp_epdis = config->bind_address ? config->bind_address : my_address;
+ sess_local[s].mp_epdis = ntohl(config->bind_address ? config->bind_address : my_address);
sendlcp(s, t);
change_state(s, lcp, RequestSent);
static clockt last_talked = 0;
static clockt start_busy_wait = 0;
- if (!config->cluster_iam_master)
- {
#ifdef BGP
- static time_t stopped_bgp = 0;
- if (bgp_configured)
+ static time_t stopped_bgp = 0;
+ if (bgp_configured)
+ {
+ if (!stopped_bgp)
{
- if (!stopped_bgp)
- {
- LOG(1, 0, 0, "Shutting down in %d seconds, stopping BGP...\n", QUIT_DELAY);
+ LOG(1, 0, 0, "Shutting down in %d seconds, stopping BGP...\n", QUIT_DELAY);
- for (i = 0; i < BGP_NUM_PEERS; i++)
- if (bgp_peers[i].state == Established)
- bgp_stop(&bgp_peers[i]);
+ for (i = 0; i < BGP_NUM_PEERS; i++)
+ if (bgp_peers[i].state == Established)
+ bgp_stop(&bgp_peers[i]);
- stopped_bgp = time_now;
+ stopped_bgp = time_now;
+ if (!config->cluster_iam_master)
+ {
// we don't want to become master
cluster_send_ping(0);
return 1;
}
-
- if (time_now < (stopped_bgp + QUIT_DELAY))
- return 1;
}
+
+ if (!config->cluster_iam_master && time_now < (stopped_bgp + QUIT_DELAY))
+ return 1;
+ }
#endif /* BGP */
+ if (!config->cluster_iam_master)
return 0;
- }
if (main_quit == QUIT_SHUTDOWN)
{
# include "fake_epoll.h"
#endif
-// the base set of fds polled: cli, cluster, tun, udp, control, dae
-#define BASE_FDS 6
+// the base set of fds polled: cli, cluster, tun, udp, control, dae, netlink
+#define BASE_FDS 7
// additional polled fds
#ifdef BGP
exit(1);
}
- LOG(4, 0, 0, "Beginning of main loop. clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d\n",
- clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd);
+ LOG(4, 0, 0, "Beginning of main loop. clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d, nlfd=%d\n",
+ clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd, nlfd);
/* setup our fds to poll for input */
{
d[i].type = FD_TYPE_DAE;
e.data.ptr = &d[i++];
epoll_ctl(epollfd, EPOLL_CTL_ADD, daefd, &e);
+
+ d[i].type = FD_TYPE_NETLINK;
+ e.data.ptr = &d[i++];
+ epoll_ctl(epollfd, EPOLL_CTL_ADD, nlfd, &e);
}
#ifdef BGP
if (config->neighbour[i].name[0])
bgp_start(&bgp_peers[i], config->neighbour[i].name,
config->neighbour[i].as, config->neighbour[i].keepalive,
- config->neighbour[i].hold, 0); /* 0 = routing disabled */
+ config->neighbour[i].hold, config->neighbour[i].update_source,
+ 0); /* 0 = routing disabled */
}
#endif /* BGP */
break;
#endif /* BGP */
+ case FD_TYPE_NETLINK:
+ {
+ struct nlmsghdr *nh = (struct nlmsghdr *)buf;
+ s = netlink_recv(buf, sizeof(buf));
+ if (nh->nlmsg_type == NLMSG_ERROR)
+ {
+ struct nlmsgerr *errmsg = NLMSG_DATA(nh);
+ if (errmsg->error)
+ {
+ if (errmsg->msg.nlmsg_seq < min_initok_nlseqnum)
+ {
+ LOG(0, 0, 0, "Got a fatal netlink error (while %s): %s\n", tun_nl_phase_msg[nh->nlmsg_seq], strerror(-errmsg->error));
+ exit(1);
+ }
+ else
+
+ LOG(0, 0, 0, "Got a netlink error: %s\n", strerror(-errmsg->error));
+ }
+ // else it's a ack
+ }
+ else
+ LOG(1, 0, 0, "Got a unknown netlink message: type %d seq %d flags %d\n", nh->nlmsg_type, nh->nlmsg_seq, nh->nlmsg_flags);
+ n--;
+ break;
+ }
+
default:
LOG(0, 0, 0, "Unexpected fd type returned from epoll_wait: %d\n", d->type);
}
more++;
}
}
+#ifdef BGP
+ else
+ /* no event received, but timers could still have expired */
+ bgp_process_peers_timers();
+#endif /* BGP */
if (time_changed)
{
//
// Add a block of addresses to the IP pool to hand out.
//
-static void add_to_ip_pool(in_addr_t addr, in_addr_t mask)
+static void add_to_ip_pool(in_addr_t addr, int prefixlen)
{
int i;
- if (mask == 0)
- mask = 0xffffffff; // Host route only.
+ if (prefixlen == 0)
+ prefixlen = 32; // Host route only.
- addr &= mask;
+ addr &= 0xffffffff << (32 - prefixlen);
if (ip_pool_size >= MAXIPPOOL) // Pool is full!
return ;
- for (i = addr ;(i & mask) == addr; ++i)
+ for (i = addr ; i < addr+(1<<(32-prefixlen)); ++i)
{
if ((i & 0xff) == 0 || (i&0xff) == 255)
continue; // Skip 0 and broadcast addresses.
{
// It's a range
int numbits = 0;
- in_addr_t start = 0, mask = 0;
+ in_addr_t start = 0;
LOG(2, 0, 0, "Adding IP address range %s\n", buf);
*p++ = 0;
continue;
}
start = ntohl(inet_addr(pool));
- mask = (in_addr_t) (pow(2, numbits) - 1) << (32 - numbits);
// Add a static route for this pool
- LOG(5, 0, 0, "Adding route for address pool %s/%u\n",
- fmtaddr(htonl(start), 0), 32 + mask);
+ LOG(5, 0, 0, "Adding route for address pool %s/%d\n",
+ fmtaddr(htonl(start), 0), numbits);
- routeset(0, start, mask, 0, 1);
+ routeset(0, start, numbits, 0, 1);
- add_to_ip_pool(start, mask);
+ add_to_ip_pool(start, numbits);
}
else
{
initplugins();
initdata(optdebug, optconfig);
- init_cli(hostname);
+ init_cli();
read_config_file();
+ /* set hostname /after/ having read the config file */
+ if (*config->hostname)
+ strcpy(hostname, config->hostname);
+ cli_init_complete(hostname);
update_config();
init_tbf(config->num_tbfs);
}
}
+ initnetlink();
+
/* Set up the cluster communications port. */
if (cluster_init() < 0)
exit(1);
// Add the route for this session.
for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
{
- if ((session[s].ip & session[s].route[r].mask) ==
- (session[s].route[r].ip & session[s].route[r].mask))
+ if ((session[s].ip >> (32-session[s].route[r].prefixlen)) ==
+ (session[s].route[r].ip >> (32-session[s].route[r].prefixlen)))
routed++;
- routeset(s, session[s].route[r].ip, session[s].route[r].mask, 0, 1);
+ routeset(s, session[s].route[r].ip, session[s].route[r].prefixlen, 0, 1);
}
// Static IPs need to be routed if not already
for (i = 0; !newip && i < MAXROUTE && (session[s].route[i].ip || new->route[i].ip); i++)
if (new->route[i].ip != session[s].route[i].ip ||
- new->route[i].mask != session[s].route[i].mask)
+ new->route[i].prefixlen != session[s].route[i].prefixlen)
newip++;
// needs update
// remove old routes...
for (i = 0; i < MAXROUTE && session[s].route[i].ip; i++)
{
- if ((session[s].ip & session[s].route[i].mask) ==
- (session[s].route[i].ip & session[s].route[i].mask))
+ if ((session[s].ip >> (32-session[s].route[i].prefixlen)) ==
+ (session[s].route[i].ip >> (32-session[s].route[i].prefixlen)))
routed++;
- routeset(s, session[s].route[i].ip, session[s].route[i].mask, 0, 0);
+ routeset(s, session[s].route[i].ip, session[s].route[i].prefixlen, 0, 0);
}
// ...ip
// add new routes...
for (i = 0; i < MAXROUTE && new->route[i].ip; i++)
{
- if ((new->ip & new->route[i].mask) ==
- (new->route[i].ip & new->route[i].mask))
+ if ((new->ip >> (32-new->route[i].prefixlen)) ==
+ (new->route[i].ip >> (32-new->route[i].prefixlen)))
routed++;
- routeset(s, new->route[i].ip, new->route[i].mask, 0, 1);
+ routeset(s, new->route[i].ip, new->route[i].prefixlen, 0, 1);
}
// ...ip
// L2TPNS Global Stuff
- // $Id: l2tpns.h,v 1.121 2009/12/08 14:49:28 bodea Exp $
+ // $Id: l2tpns.h,v 1.121 2009-12-08 14:49:28 bodea Exp $
#ifndef __L2TPNS_H__
#define __L2TPNS_H__
#include <sys/types.h>
#include <libcli.h>
- #define VERSION "2.2.0"
+ #define VERSION "2.2.1"
// Limits
#define MAXTUNNEL 500 // could be up to 65535
#define PPPoE_MRU 1492 // maximum PPPoE MRU (rfc2516: 1500 less PPPoE header (6) and PPP protocol ID (2))
#define MAXETHER (MAXMTU+18) // max packet we try sending to tun
#define MAXTEL 96 // telephone number
+#define MAXHOSTNAME 256 // hostname
#define MAXUSER 128 // username
#define MAXPASS 128 // password
+ #define MAXCLASS 128 // radius class attribute size
#define MAXPLUGINS 20 // maximum number of plugins to load
#define MAXRADSERVER 10 // max radius servers
#define MAXROUTE 10 // max static routes per session
typedef struct // route
{
in_addr_t ip;
- in_addr_t mask;
+ int prefixlen;
}
routet;
{
struct controls *next; // next in queue
uint16_t length; // length
- uint8_t buf[MAXCONTROL];
+ union {
+ uint8_t buf[MAXCONTROL];
+ uint16_t buf16[MAXCONTROL/2];
+ } __attribute__ ((__transparent_union__));
}
controlt;
uint8_t ipv6cp:4; // IPV6CP state
uint8_t ccp:4; // CCP state
} ppp;
- char reserved_1[2]; // unused: padding
+ uint16_t mru; // maximum receive unit
in_addr_t ip; // IP of session set by RADIUS response (host byte order).
int ip_pool_index; // index to IP pool
uint32_t unique_id; // unique session id
- char reserved_2[4]; // unused: was ns/nr
uint32_t magic; // ppp magic number
uint32_t pin, pout; // packet counts
uint32_t cin, cout; // byte counts
uint16_t throttle_out; // downstream throttle rate
uint8_t filter_in; // input filter index (to ip_filters[N-1]; 0 if none)
uint8_t filter_out; // output filter index
- uint16_t mru; // maximum receive unit
+ uint16_t snoop_port; // Interception destination port
+ in_addr_t snoop_ip; // Interception destination IP
clockt opened; // when started
clockt die; // being closed, when to finally free
uint32_t session_timeout; // Maximum session time in seconds
- uint32_t idle_timeout; // Maximum idle time in seconds
+ uint32_t idle_timeout; // Maximum idle time in seconds
time_t last_packet; // Last packet from the user (used for idle timeouts)
- time_t last_data; // Last data packet to/from the user (used for idle timeouts)
+ time_t last_data; // Last data packet to/from the user (used for idle timeouts)
in_addr_t dns1, dns2; // DNS servers
routet route[MAXROUTE]; // static routes
uint16_t tbf_in; // filter bucket for throttling in from the user.
uint16_t tbf_out; // filter bucket for throttling out to the user.
int random_vector_length;
uint8_t random_vector[MAXTEL];
- char user[MAXUSER]; // user (needed in seesion for radius stop messages)
+ char user[MAXUSER]; // user (needed in session for radius stop messages)
char called[MAXTEL]; // called number
char calling[MAXTEL]; // calling number
uint32_t tx_connect_speed;
uint32_t rx_connect_speed;
clockt timeout; // Session timeout
- uint32_t mrru; // Multilink Max-Receive-Reconstructed-Unit
- uint8_t mssf; // Multilink Short Sequence Number Header Format
- epdist epdis; // Multilink Endpoint Discriminator
- bundleidt bundle; // Multilink Bundle Identifier
- in_addr_t snoop_ip; // Interception destination IP
- uint16_t snoop_port; // Interception destination port
+ uint32_t mrru; // Multilink Max-Receive-Reconstructed-Unit
+ epdist epdis; // Multilink Endpoint Discriminator
+ bundleidt bundle; // Multilink Bundle Identifier
+ uint8_t mssf; // Multilink Short Sequence Number Header Format
uint8_t walled_garden; // is this session gardened?
+ uint8_t classlen; // class (needed for radius accounting messages)
+ char class[MAXCLASS];
uint8_t ipv6prefixlen; // IPv6 route prefix length
struct in6_addr ipv6route; // Static IPv6 route
- char reserved_3[11]; // Space to expand structure without changing HB_VERSION
+ char reserved[12]; // Space to expand structure without changing HB_VERSION
}
sessiont;
#define SET_STAT(x, y)
#endif
+#ifndef IFNAMSIZ
+# define IFNAMSIZ 16
+#endif
+
typedef struct
{
int debug; // debugging level
int reload_config; // flag to re-read config (set by cli)
int multi_read_count; // amount of packets to read per fd in processing loop
- char tundevice[10]; // tun device name
+ char tundevice[IFNAMSIZ]; // tun device name
char log_filename[128];
char l2tp_secret[64]; // L2TP shared secret
int cluster_master_min_adv; // Master advertises routes while the number of up to date
// slaves is less than this value.
+ in_addr_t cli_bind_address; // bind address for CLI
+ char hostname[MAXHOSTNAME]; // hostname (overridden by -h on command line)
// Guest change
char guest_user[MAXUSER]; // Guest account username
uint16_t as;
int keepalive;
int hold;
+ struct in_addr update_source;
} neighbour[BGP_NUM_PEERS];
+ in_addr_t nexthop_address;
+ struct in6_addr nexthop6_address;
#endif
} configt;
// cli.c
-void init_cli(char *hostname);
+void init_cli();
+void cli_init_complete(char *hostname);
void cli_do_file(FILE *fh);
void cli_do(int sockfd);
int cli_arg_help(struct cli_def *cli, int cr_ok, char *entry, ...);
FD_TYPE_DAE,
FD_TYPE_RADIUS,
FD_TYPE_BGP,
+ FD_TYPE_NETLINK,
} type;
int index; // for RADIUS, BGP
};
#define CLI_HELP_REQUESTED (argc > 0 && argv[argc-1][strlen(argv[argc-1])-1] == '?')
#define CLI_HELP_NO_ARGS (argc > 1 || argv[0][1]) ? CLI_OK : cli_arg_help(cli, 1, NULL)
- // CVS identifiers (for "show version file")
- extern char const *cvs_id_arp;
- extern char const *cvs_id_cli;
- extern char const *cvs_id_cluster;
- extern char const *cvs_id_constants;
- extern char const *cvs_id_control;
- extern char const *cvs_id_icmp;
- extern char const *cvs_id_l2tpns;
- extern char const *cvs_id_ll;
- extern char const *cvs_id_md5;
- extern char const *cvs_id_ppp;
- extern char const *cvs_id_radius;
- extern char const *cvs_id_tbf;
- extern char const *cvs_id_util;
-
#endif /* __L2TPNS_H__ */
// L2TPNS PPP Stuff
- char const *cvs_id_ppp = "$Id: ppp.c,v 1.104 2009/12/08 14:49:28 bodea Exp $";
-
#include <stdio.h>
#include <string.h>
#include <unistd.h>
break;
+ case Closing:
+ sessionshutdown(s, "LCP: ConfigReq in state Closing. This should not happen. Killing session.", CDN_ADMIN_DISC, TERM_LOST_SERVICE);
+ break;
+
default:
LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
return;
uint8_t *o = p + 4;
int length = l - 4;
int gotip = 0;
- uint8_t ident[8];
+ uint32_t ident[2];
while (length > 2)
{
gotip++; // seen address
if (o[1] != 10) return;
- *(uint32_t *) ident = htonl(session[s].ip);
- *(uint32_t *) (ident + 4) = 0;
+ ident[0] = htonl(session[s].ip);
+ ident[1] = 0;
if (memcmp(o + 2, ident, sizeof(ident)))
{
- q = ppp_conf_nak(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o, ident, sizeof(ident));
+ q = ppp_conf_nak(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o, (uint8_t *)ident, sizeof(ident));
if (!q) return;
}
if ((b - start) + l > size)
{
- LOG(2, s, t, "makeppp would overflow buffer (size=%d, header+payload=%td)\n", size, (b - start) + l);
+ LOG(2, s, t, "makeppp would overflow buffer (size=%d, header+payload=%ld)\n", size, (b - start) + l);
return NULL;
}
// L2TPNS Radius Stuff
- char const *cvs_id_radius = "$Id: radius.c,v 1.56 2009/12/08 14:49:28 bodea Exp $";
-
#include <time.h>
#include <stdio.h>
#include <sys/types.h>
}
}
+ if (session[s].classlen) {
+ *p = 25; // class
+ p[1] = session[s].classlen + 2;
+ memcpy(p + 2, session[s].class, session[s].classlen);
+ p += p[1];
+ }
+
{
struct param_radius_account acct = { &tunnel[session[s].tunnel], &session[s], &p };
run_plugins(PLUGIN_RADIUS_ACCOUNT, &acct);
int r;
for (r = 0; s && r < MAXROUTE && session[s].route[r].ip; r++)
{
- int width = 32;
- if (session[s].route[r].mask)
- {
- int mask = session[s].route[r].mask;
- while (!(mask & 1))
- {
- width--;
- mask >>= 1;
- }
- }
-
*p = 22; // Framed-Route
p[1] = sprintf((char *) p + 2, "%s/%d %s 1",
fmtaddr(htonl(session[s].route[r].ip), 0),
- width, fmtaddr(htonl(session[s].ip), 1)) + 2;
+ session[s].route[r].prefixlen,
+ fmtaddr(htonl(session[s].ip), 1)) + 2;
p += p[1];
}
else if (*p == 22)
{
// Framed-Route
- in_addr_t ip = 0, mask = 0;
+ in_addr_t ip = 0;
uint8_t u = 0;
uint8_t bits = 0;
uint8_t *n = p + 2;
n++;
while (n < e && isdigit(*n))
bits = bits * 10 + *n++ - '0';
- mask = (( -1) << (32 - bits));
}
else if ((ip >> 24) < 128)
- mask = 0xFF0000;
+ bits = 8;
else if ((ip >> 24) < 192)
- mask = 0xFFFF0000;
+ bits = 16;
else
- mask = 0xFFFFFF00;
+ bits = 24;
if (routes == MAXROUTE)
{
}
else if (ip)
{
- LOG(3, s, session[s].tunnel, " Radius reply contains route for %s/%s\n",
- fmtaddr(htonl(ip), 0), fmtaddr(htonl(mask), 1));
+ LOG(3, s, session[s].tunnel, " Radius reply contains route for %s/%d\n",
+ fmtaddr(htonl(ip), 0), bits);
session[s].route[routes].ip = ip;
- session[s].route[routes].mask = mask;
+ session[s].route[routes].prefixlen = bits;
routes++;
}
}
session[s].ipv6prefixlen = prefixlen;
}
}
+ else if (*p == 25)
+ {
+ // Class
+ if (p[1] < 3) continue;
+ session[s].classlen = p[1] - 2;
+ if (session[s].classlen > MAXCLASS)
+ session[s].classlen = MAXCLASS;
+ memcpy(session[s].class, p + 2, session[s].classlen);
+ }
}
}
else if (r_code == AccessReject)
/* Misc util functions */
- char const *cvs_id_util = "$Id: util.c,v 1.14 2006/04/05 01:45:57 bodea Exp $";
-
#include <unistd.h>
#include <errno.h>
#include <sched.h>
if (controlfd != -1) close(controlfd);
if (daefd != -1) close(daefd);
if (snoopfd != -1) close(snoopfd);
- if (ifrfd != -1) close(ifrfd);
- if (ifr6fd != -1) close(ifr6fd);
if (rand_fd != -1) close(rand_fd);
if (epollfd != -1) close(epollfd);
projects / l2tpns.git / commitdiff