-* Wed May 24 2006 Brendan O'Dea <bod@optus.net> 2.2.0
+* Fri Jun 9 2006 Brendan O'Dea <bod@optus.net> 2.2.0
- Only poll clifd if successfully bound.
- Add "Practical VPNs" document from Liran Tal as Docs/vpn .
- Add Multilink support from Khaled Al Hamwi.
- Remove non-working setuid option.
- Convert manual.html to Docbook.
- Kludge around problem with Netgear DM602 authentication.
+- Add session/idle timeouts (Graham Maltby).
* Tue Apr 18 2006 Brendan O'Dea <bod@optus.net> 2.1.18
- Don't shutdown on TerminateReq, wait for CDN.
Jonathan Yarden <jyarden@bluegrass.net>
Patrick Cole <z@amused.net>
Khaled Al Hamwi <kh.alhamwi@gmail.com>
+Graham Maltby <gmaltby+l2tpns@iig.com.au>
// vim: sw=8 ts=8
char const *cvs_name = "$Name: $";
-char const *cvs_id_cli = "$Id: cli.c,v 1.73 2006/05/05 08:10:18 bodea Exp $";
+char const *cvs_id_cli = "$Id: cli.c,v 1.74 2006/06/11 12:46:18 bodea Exp $";
#include <stdio.h>
#include <stddef.h>
cli_print(cli, "\tUnique SID:\t%u", session[s].unique_id);
cli_print(cli, "\tOpened:\t\t%u seconds", session[s].opened ? abs(time_now - session[s].opened) : 0);
cli_print(cli, "\tIdle time:\t%u seconds", session[s].last_packet ? abs(time_now - session[s].last_packet) : 0);
+ if (session[s].session_timeout)
+ cli_print(cli, "\tSess Timeout:\t%u seconds", session[s].session_timeout - (session[s].opened ? abs(time_now - session[s].opened) : 0));
+ if (session[s].idle_timeout)
+ cli_print(cli, "\tIdle Timeout:\t%u seconds", session[s].idle_timeout - (session[s].last_data ? abs(time_now - session[s].last_data) : 0));
+
cli_print(cli, "\tBytes In/Out:\t%u/%u", session[s].cout, session[s].cin);
if (session[s].timeout)
{
// L2TPNS Clustering Stuff
-char const *cvs_id_cluster = "$Id: cluster.c,v 1.51 2006/04/27 09:53:49 bodea Exp $";
+char const *cvs_id_cluster = "$Id: cluster.c,v 1.52 2006/06/11 12:46:18 bodea Exp $";
#include <stdio.h>
#include <stdlib.h>
}
// Reset idle timeouts..
- session[i].last_packet = time_now;
+ session[i].last_packet = session[i].last_data = time_now;
// Reset die relative to our uptime rather than the old master's
if (session[i].die) session[i].die = TIME;
session[b->sid].cout_delta += b->cout;
if (b->cin)
- session[b->sid].last_packet = time_now; // Reset idle timer!
+ session[b->sid].last_packet = session[b->sid].last_data = time_now;
+ else if (b->cout)
+ session[b->sid].last_data = time_now;
size -= sizeof(*b);
++b;
// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
// vim: sw=8 ts=8
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.166 2006/05/16 06:46:37 bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.167 2006/06/11 12:46:18 bodea Exp $";
#include <arpa/inet.h>
#include <assert.h>
p += 2;
l -= 2;
}
+
if (proto == PPPIP)
{
if (session[s].die)
LOG(4, s, t, "MPPP: Session %u is closing. Don't process PPP packets\n", s);
return; // closing session, PPP not processed
}
- session[s].last_packet = time_now;
+
+ session[s].last_packet = session[s].last_data = time_now;
processipin(s, t, p, l);
}
else if (proto == PPPIPV6 && config->ipv6_prefix.s6_addr[0])
return; // closing session, PPP not processed
}
- session[s].last_packet = time_now;
+ session[s].last_packet = session[s].last_data = time_now;
processipv6in(s, t, p, l);
}
else
}
t = session[s].tunnel;
sp = &session[s];
+ sp->last_data = time_now;
// DoS prevention: enforce a maximum number of packets per 0.1s for a session
if (config->max_packets > 0)
}
t = session[s].tunnel;
sp = &session[s];
+ sp->last_data = time_now;
// FIXME: add DoS prevention/filters?
session[s].opened = time_now;
session[s].tunnel = t;
session[s].far = asession;
- session[s].last_packet = time_now;
+ session[s].last_packet = session[s].last_data = time_now;
LOG(3, s, t, "New session (%u/%u)\n", tunnel[t].far, session[s].far);
control16(c, 14, s, 1); // assigned session
controladd(c, asession, t); // send the reply
return; // closing session, PPP not processed
}
- session[s].last_packet = time_now;
+ session[s].last_packet = session[s].last_data = time_now;
if (session[s].walled_garden && !config->cluster_iam_master)
{
master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
return; // closing session, PPP not processed
}
- session[s].last_packet = time_now;
+ session[s].last_packet = session[s].last_data = time_now;
if (session[s].walled_garden && !config->cluster_iam_master)
{
master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
return; // closing session, PPP not processed
}
- session[s].last_packet = time_now;
+ session[s].last_packet = session[s].last_data = time_now;
if (session[s].walled_garden && !config->cluster_iam_master)
{
master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port);
s_actions++;
}
+ // Drop sessions who have reached session_timeout seconds
+ if (session[s].session_timeout && (time_now - session[s].opened >= session[s].session_timeout))
+ {
+ sessionshutdown(s, "Session Timeout Reached", CDN_ADMIN_DISC, TERM_SESSION_TIMEOUT);
+ STAT(session_timeout);
+ s_actions++;
+ continue;
+ }
+
+ // Drop sessions who have reached idle_timeout seconds
+ if (session[s].last_data && session[s].idle_timeout && (time_now - session[s].last_data >= session[s].idle_timeout))
+ {
+ sessionshutdown(s, "Idle Timeout Reached", CDN_ADMIN_DISC, TERM_IDLE_TIMEOUT);
+ STAT(session_timeout);
+ s_actions++;
+ continue;
+ }
+
// Check for actions requested from the CLI
if ((a = cli_session_actions[s].action))
{
if (session[s].throttle_in || session[s].throttle_out)
throttle_session(s, session[s].throttle_in, session[s].throttle_out);
- session[s].last_packet = time_now;
+ session[s].last_packet = session[s].last_data = time_now;
LOG(2, s, t, "Login by %s at %s from %s (%s)\n", session[s].user,
fmtaddr(htonl(session[s].ip), 0),
if (!session[s].opened)
continue;
- idle = time_now - session[s].last_packet;
+ idle = time_now - session[s].last_data;
idle /= 5 ; // In multiples of 5 seconds.
if (idle < 0)
idle = 0;
// L2TPNS Global Stuff
-// $Id: l2tpns.h,v 1.116 2006/04/27 14:37:28 bodea Exp $
+// $Id: l2tpns.h,v 1.117 2006/06/11 12:46:18 bodea Exp $
#ifndef __L2TPNS_H__
#define __L2TPNS_H__
uint16_t mru; // maximum receive unit
clockt opened; // when started
clockt die; // being closed, when to finally free
+ uint32_t session_timeout; // Maximum session time in seconds
+ uint32_t idle_timeout; // Maximum idle time in seconds
time_t last_packet; // Last packet from the user (used for idle timeouts)
+ time_t last_data; // Last data packet to/from the user (used for idle timeouts)
in_addr_t dns1, dns2; // DNS servers
routet route[MAXROUTE]; // static routes
uint16_t tbf_in; // filter bucket for throttling in from the user.
%attr(644,root,root) /usr/share/man/man[58]/*
%changelog
-* Wed May 24 2006 Brendan O'Dea <bod@optus.net> 2.2.0-1
+* Fri Jun 9 2006 Brendan O'Dea <bod@optus.net> 2.2.0-1
- 2.2.0 release, see /usr/share/doc/l2tpns-2.2.0/Changes
// L2TPNS Radius Stuff
-char const *cvs_id_radius = "$Id: radius.c,v 1.50 2006/04/27 09:53:50 bodea Exp $";
+char const *cvs_id_radius = "$Id: radius.c,v 1.51 2006/06/11 12:46:18 bodea Exp $";
#include <time.h>
#include <stdio.h>
}
}
}
+
if (s)
{
*p = 5; // NAS-Port
p[1] = 6;
*(uint32_t *) (p + 2) = htonl(1); // PPP
p += p[1];
- }
- if (s && session[s].ip)
- {
- *p = 8; // Framed-IP-Address
- p[1] = 6;
- *(uint32_t *) (p + 2) = htonl(session[s].ip);
- p += p[1];
- }
- if (s && session[s].route[0].ip)
- {
- int r;
- for (r = 0; s && r < MAXROUTE && session[s].route[r].ip; r++)
+
+ if (session[s].ip)
{
- int width = 32;
- if (session[s].route[r].mask)
+ *p = 8; // Framed-IP-Address
+ p[1] = 6;
+ *(uint32_t *) (p + 2) = htonl(session[s].ip);
+ p += p[1];
+ }
+
+ if (session[s].route[0].ip)
+ {
+ int r;
+ for (r = 0; s && r < MAXROUTE && session[s].route[r].ip; r++)
{
- int mask = session[s].route[r].mask;
- while (!(mask & 1))
- {
- width--;
- mask >>= 1;
- }
+ int width = 32;
+ if (session[s].route[r].mask)
+ {
+ int mask = session[s].route[r].mask;
+ while (!(mask & 1))
+ {
+ width--;
+ mask >>= 1;
+ }
+ }
+
+ *p = 22; // Framed-Route
+ p[1] = sprintf((char *) p + 2, "%s/%d %s 1",
+ fmtaddr(htonl(session[s].route[r].ip), 0),
+ width, fmtaddr(htonl(session[s].ip), 1)) + 2;
+
+ p += p[1];
}
+ }
+
+ if (session[s].session_timeout)
+ {
+ *p = 27; // Session-Timeout
+ p[1] = 6;
+ *(uint32_t *) (p + 2) = htonl(session[s].session_timeout);
+ p += p[1];
+ }
- *p = 22; // Framed-Route
- p[1] = sprintf((char *) p + 2, "%s/%d %s 1",
- fmtaddr(htonl(session[s].route[r].ip), 0),
- width, fmtaddr(htonl(session[s].ip), 1)) + 2;
+ if (session[s].idle_timeout)
+ {
+ *p = 28; // Idle-Timeout
+ p[1] = 6;
+ *(uint32_t *) (p + 2) = htonl(session[s].idle_timeout);
+ p += p[1];
+ }
+ if (*session[s].called)
+ {
+ *p = 30; // called
+ p[1] = strlen(session[s].called) + 2;
+ strcpy((char *) p + 2, session[s].called);
+ p += p[1];
+ }
+
+ if (*session[s].calling)
+ {
+ *p = 31; // calling
+ p[1] = strlen(session[s].calling) + 2;
+ strcpy((char *) p + 2, session[s].calling);
p += p[1];
}
}
- if (*session[s].called)
- {
- *p = 30; // called
- p[1] = strlen(session[s].called) + 2;
- strcpy((char *) p + 2, session[s].called);
- p += p[1];
- }
- if (*session[s].calling)
- {
- *p = 31; // calling
- p[1] = strlen(session[s].calling) + 2;
- strcpy((char *) p + 2, session[s].calling);
- p += p[1];
- }
+
// NAS-IP-Address
*p = 4;
p[1] = 6;
ip_filters[f].used++;
}
}
+ else if (*p == 27)
+ {
+ // Session-Timeout
+ uint32_t to = ntohl(*(uint32_t *)(p + 2));
+
+ LOG(3, s, session[s].tunnel, " Radius reply contains Session-Timeout = %u\n", to);
+ if (to > 0)
+ {
+ session[s].session_timeout = to;
+ }
+ }
+ else if (*p == 28)
+ {
+ // Idle-Timeout
+ uint32_t to = ntohl(*(uint32_t *)(p + 2));
+
+ LOG(3, s, session[s].tunnel, " Radius reply contains Idle-Timeout = %u\n", to);
+ if (to > 0)
+ {
+ session[s].idle_timeout = to;
+ }
+ }
else if (*p == 26 && p[1] >= 7)
{
// Vendor-Specific Attribute
projects / l2tpns.git / commitdiff