From: Brendan O'Dea Date: Mon, 29 Nov 2004 02:17:17 +0000 (+0000) Subject: make "established" a different tcp flag match X-Git-Tag: 2.2.1-2fdn3.1~19^2^2~1^2~318 X-Git-Url: http://git.sameswireless.fr/l2tpns.git/commitdiff_plain/2f5b811429a2690c2ce44d09cc571c3230420c1b make "established" a different tcp flag match add fragment handling drop IP address from LOG macro (function) --- diff --git a/Changes b/Changes index 2285f0f..24fb093 100644 --- a/Changes +++ b/Changes @@ -7,6 +7,7 @@ setup in some instances. - Implement named access-lists which may be applied to a session either via Filter-Id RADIUS responses, or using the CLI. +- Drop ip address from LOG. * Sat Nov 20 2004 Brendan O'Dea 2.0.8 - Ignore gateway address in Framed-Route (from Jonathan McDowell). diff --git a/autosnoop.c b/autosnoop.c index beb8f8d..7bacfa9 100644 --- a/autosnoop.c +++ b/autosnoop.c @@ -4,7 +4,7 @@ /* set up intercept based on RADIUS reply */ -char const *cvs_id = "$Id: autosnoop.c,v 1.8 2004-11-17 08:23:34 bodea Exp $"; +char const *cvs_id = "$Id: autosnoop.c,v 1.9 2004-11-29 02:17:17 bodea Exp $"; int plugin_api_version = PLUGIN_API_VERSION; struct pluginfuncs *p; @@ -22,12 +22,14 @@ int plugin_radius_response(struct param_radius_response *data) if (*data->value) data->s->snoop_ip = inet_addr(data->value); if (data->s->snoop_ip == INADDR_NONE) data->s->snoop_ip = 0; if (*x) data->s->snoop_port = atoi(x); - p->log(3, 0, 0, 0, " Intercepting user to %s:%d\n", - p->inet_toa(data->s->snoop_ip), data->s->snoop_port); + p->log(3, p->get_id_by_session(data->s), data->s->tunnel, + " Intercepting user to %s:%d\n", + p->fmtaddr(data->s->snoop_ip, 0), data->s->snoop_port); } else { - p->log(3, 0, 0, 0, " Not Intercepting user (reply string should be intercept=ip:port)\n"); + p->log(3, p->get_id_by_session(data->s), data->s->tunnel, + " Not Intercepting user (reply string should be intercept=ip:port)\n"); } } return PLUGIN_RET_OK; diff --git a/autothrottle.c b/autothrottle.c index 9973a4f..f631877 100644 --- a/autothrottle.c +++ b/autothrottle.c @@ -4,7 +4,7 @@ /* set up throttling based on RADIUS reply */ -char const *cvs_id = "$Id: autothrottle.c,v 1.9 2004-11-17 08:23:34 bodea Exp $"; +char const *cvs_id = "$Id: autothrottle.c,v 1.10 2004-11-29 02:17:17 bodea Exp $"; int plugin_api_version = PLUGIN_API_VERSION; struct pluginfuncs *p; @@ -35,17 +35,23 @@ int plugin_radius_response(struct param_radius_response *data) case 2: // output data->s->throttle_out = rate; free(pt); - p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Set output throttle rate %dkb/s\n", rate); + p->log(3, p->get_id_by_session(data->s), data->s->tunnel, + " Set output throttle rate %dkb/s\n", rate); + return PLUGIN_RET_OK; case 3: //input data->s->throttle_in = rate; free(pt); - p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Set input throttle rate %dkb/s\n", rate); + p->log(3, p->get_id_by_session(data->s), data->s->tunnel, + " Set input throttle rate %dkb/s\n", rate); + return PLUGIN_RET_OK; default: - p->log(1, 0, p->get_id_by_session(data->s), data->s->tunnel, "Syntax error in rate limit AV pair: %s=%s\n", data->key, data->value); + p->log(1, p->get_id_by_session(data->s), data->s->tunnel, + "Syntax error in rate limit AV pair: %s=%s\n", data->key, data->value); + free(pt); return PLUGIN_RET_OK; } @@ -53,8 +59,10 @@ int plugin_radius_response(struct param_radius_response *data) else { free(pt); - p->log(1, 0, p->get_id_by_session(data->s), data->s->tunnel, "Syntax error in rate limit AV pair: %s=%s\n", + p->log(1, p->get_id_by_session(data->s), data->s->tunnel, + "Syntax error in rate limit AV pair: %s=%s\n", data->key, data->value); + return PLUGIN_RET_OK; } } @@ -68,23 +76,29 @@ int plugin_radius_response(struct param_radius_response *data) if (rate) { if (*rate) - p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Throttling user to %dkb/s\n", *rate); + p->log(3, p->get_id_by_session(data->s), data->s->tunnel, + " Throttling user to %dkb/s\n", *rate); else - p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Not throttling user (throttle_speed=0)\n"); + p->log(3, p->get_id_by_session(data->s), data->s->tunnel, + " Not throttling user (throttle_speed=0)\n"); data->s->throttle_in = data->s->throttle_out = *rate; } else - p->log(1, 0, p->get_id_by_session(data->s), data->s->tunnel, "Not throttling user (can't get throttle_speed)\n"); + p->log(1, p->get_id_by_session(data->s), data->s->tunnel, + "Not throttling user (can't get throttle_speed)\n"); } else if (strcmp(data->value, "no") == 0) { - p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Not throttling user\n"); + p->log(3, p->get_id_by_session(data->s), data->s->tunnel, + " Not throttling user\n"); + data->s->throttle_in = data->s->throttle_out = 0; } } - p->log(4, 0, p->get_id_by_session(data->s), data->s->tunnel, "autothrottle module ignoring AV pair %s=%s\n", + p->log(4, p->get_id_by_session(data->s), data->s->tunnel, + "autothrottle module ignoring AV pair %s=%s\n", data->key, data->value); return PLUGIN_RET_OK; diff --git a/bgp.c b/bgp.c index 2d0954b..e2b05fa 100644 --- a/bgp.c +++ b/bgp.c @@ -10,7 +10,7 @@ * nor RFC2385 (which requires a kernel patch on 2.4 kernels). */ -char const *cvs_id_bgp = "$Id: bgp.c,v 1.7 2004-11-15 06:49:56 bodea Exp $"; +char const *cvs_id_bgp = "$Id: bgp.c,v 1.8 2004-11-29 02:17:17 bodea Exp $"; #include #include @@ -69,7 +69,7 @@ int bgp_setup(int as) if (!((peer->outbuf = malloc(sizeof(*peer->outbuf))) && (peer->inbuf = malloc(sizeof(*peer->inbuf))))) { - LOG(0, 0, 0, 0, "Can't allocate buffers for bgp peer (%s)\n", + LOG(0, 0, 0, "Can't allocate buffers for bgp peer (%s)\n", strerror(errno)); return 0; @@ -111,7 +111,7 @@ int bgp_start(struct bgp_peer *peer, char *name, int as, int keepalive, int hold if (!(h = gethostbyname(name)) || h->h_addrtype != AF_INET) { - LOG(0, 0, 0, 0, "Can't get address for BGP peer %s (%s)\n", + LOG(0, 0, 0, "Can't get address for BGP peer %s (%s)\n", name, h ? "no address" : hstrerror(h_errno)); return 0; @@ -225,7 +225,7 @@ int bgp_start(struct bgp_peer *peer, char *name, int as, int keepalive, int hold if (!(peer->path_attrs = malloc(peer->path_attr_len))) { - LOG(0, 0, 0, 0, "Can't allocate path_attrs for %s (%s)\n", + LOG(0, 0, 0, "Can't allocate path_attrs for %s (%s)\n", name, strerror(errno)); return 0; @@ -233,7 +233,7 @@ int bgp_start(struct bgp_peer *peer, char *name, int as, int keepalive, int hold memcpy(peer->path_attrs, path_attrs, peer->path_attr_len); - LOG(4, 0, 0, 0, "Initiating BGP connection to %s (routing %s)\n", + LOG(4, 0, 0, "Initiating BGP connection to %s (routing %s)\n", name, enable ? "enabled" : "suspended"); /* we have at least one peer configured */ @@ -274,7 +274,7 @@ static void bgp_clear(struct bgp_peer *peer) peer->state = peer->next_state; peer->state_time = time_now; - LOG(4, 0, 0, 0, "BGP peer %s: state %s\n", peer->name, + LOG(4, 0, 0, "BGP peer %s: state %s\n", peer->name, bgp_state_str(peer->next_state)); } } @@ -282,14 +282,14 @@ static void bgp_clear(struct bgp_peer *peer) /* initiate a clean shutdown */ void bgp_stop(struct bgp_peer *peer) { - LOG(4, 0, 0, 0, "Terminating BGP connection to %s\n", peer->name); + LOG(4, 0, 0, "Terminating BGP connection to %s\n", peer->name); bgp_send_notification(peer, BGP_ERR_CEASE, 0); } /* drop connection (if any) and set state to Disabled */ void bgp_halt(struct bgp_peer *peer) { - LOG(4, 0, 0, 0, "Aborting BGP connection to %s\n", peer->name); + LOG(4, 0, 0, "Aborting BGP connection to %s\n", peer->name); peer->next_state = Disabled; bgp_clear(peer); } @@ -399,8 +399,8 @@ int bgp_add_route(in_addr_t ip, in_addr_t mask) /* insert into route list; sorted */ if (!(r = malloc(sizeof(*r)))) { - LOG(0, 0, 0, 0, "Can't allocate route for %s/%d (%s)\n", - inet_toa(add.dest.prefix), add.dest.len, strerror(errno)); + LOG(0, 0, 0, "Can't allocate route for %s/%d (%s)\n", + fmtaddr(add.dest.prefix, 0), add.dest.len, strerror(errno)); return 0; } @@ -413,8 +413,8 @@ int bgp_add_route(in_addr_t ip, in_addr_t mask) if (bgp_peers[i].state == Established) bgp_peers[i].update_routes = 1; - LOG(4, 0, 0, 0, "Registered BGP route %s/%d\n", inet_toa(add.dest.prefix), - add.dest.len); + LOG(4, 0, 0, "Registered BGP route %s/%d\n", + fmtaddr(add.dest.prefix, 0), add.dest.len); return 1; } @@ -462,8 +462,8 @@ int bgp_del_route(in_addr_t ip, in_addr_t mask) if (bgp_peers[i].state == Established) bgp_peers[i].update_routes = 1; - LOG(4, 0, 0, 0, "Removed BGP route %s/%d\n", inet_toa(del.dest.prefix), - del.dest.len); + LOG(4, 0, 0, "Removed BGP route %s/%d\n", + fmtaddr(del.dest.prefix, 0), del.dest.len); return 1; } @@ -482,7 +482,7 @@ void bgp_enable_routing(int enable) bgp_peers[i].update_routes = 1; } - LOG(4, 0, 0, 0, "%s BGP routing\n", enable ? "Enabled" : "Suspended"); + LOG(4, 0, 0, "%s BGP routing\n", enable ? "Enabled" : "Suspended"); } /* return a bitmask indicating if the socket should be added to the @@ -588,7 +588,7 @@ int bgp_process(struct bgp_peer *peer, int readable, int writable) { if (time_now > peer->expire_time) { - LOG(1, 0, 0, 0, "No message from BGP peer %s in %ds\n", + LOG(1, 0, 0, "No message from BGP peer %s in %ds\n", peer->name, peer->hold); bgp_send_notification(peer, BGP_ERR_HOLD_TIMER_EXP, 0); @@ -605,7 +605,7 @@ int bgp_process(struct bgp_peer *peer, int readable, int writable) } else if (time_now > peer->state_time + BGP_STATE_TIME) { - LOG(1, 0, 0, 0, "%s timer expired for BGP peer %s\n", + LOG(1, 0, 0, "%s timer expired for BGP peer %s\n", bgp_state_str(peer->state), peer->name); return bgp_restart(peer); @@ -665,7 +665,7 @@ static int bgp_connect(struct bgp_peer *peer) struct servent *serv; if (!(serv = getservbyname("bgp", "tcp"))) { - LOG(0, 0, 0, 0, "Can't get bgp service (%s)\n", strerror(errno)); + LOG(0, 0, 0, "Can't get bgp service (%s)\n", strerror(errno)); return 0; } @@ -674,7 +674,7 @@ static int bgp_connect(struct bgp_peer *peer) if ((peer->sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { - LOG(0, 0, 0, 0, "Can't create a socket for BGP peer %s (%s)\n", + LOG(0, 0, 0, "Can't create a socket for BGP peer %s (%s)\n", peer->name, strerror(errno)); peer->state = peer->next_state = Disabled; @@ -697,7 +697,7 @@ static int bgp_connect(struct bgp_peer *peer) if (errno != EINPROGRESS) { - LOG(1, 0, 0, 0, "Can't connect to BGP peer %s (%s)\n", + LOG(1, 0, 0, "Can't connect to BGP peer %s (%s)\n", inet_ntoa(addr.sin_addr), strerror(errno)); bgp_set_retry(peer); @@ -707,7 +707,7 @@ static int bgp_connect(struct bgp_peer *peer) peer->state = Connect; peer->state_time = time_now; - LOG(4, 0, 0, 0, "BGP peer %s: state Connect\n", peer->name); + LOG(4, 0, 0, "BGP peer %s: state Connect\n", peer->name); return 1; } @@ -715,7 +715,7 @@ static int bgp_connect(struct bgp_peer *peer) peer->state_time = time_now; peer->retry_time = peer->retry_count = 0; - LOG(4, 0, 0, 0, "BGP peer %s: state Active\n", inet_ntoa(addr.sin_addr)); + LOG(4, 0, 0, "BGP peer %s: state Active\n", inet_ntoa(addr.sin_addr)); return bgp_send_open(peer); } @@ -728,7 +728,7 @@ static int bgp_handle_connect(struct bgp_peer *peer) getsockopt(peer->sock, SOL_SOCKET, SO_ERROR, &err, &len); if (err) { - LOG(1, 0, 0, 0, "Can't connect to BGP peer %s (%s)\n", peer->name, + LOG(1, 0, 0, "Can't connect to BGP peer %s (%s)\n", peer->name, strerror(err)); bgp_set_retry(peer); @@ -738,7 +738,7 @@ static int bgp_handle_connect(struct bgp_peer *peer) peer->state = Active; peer->state_time = time_now; - LOG(4, 0, 0, 0, "BGP peer %s: state Active\n", peer->name); + LOG(4, 0, 0, "BGP peer %s: state Active\n", peer->name); return bgp_send_open(peer); } @@ -759,9 +759,9 @@ static int bgp_write(struct bgp_peer *peer) return 1; if (errno == EPIPE) - LOG(1, 0, 0, 0, "Connection to BGP peer %s closed\n", peer->name); + LOG(1, 0, 0, "Connection to BGP peer %s closed\n", peer->name); else - LOG(1, 0, 0, 0, "Can't write to BGP peer %s (%s)\n", peer->name, + LOG(1, 0, 0, "Can't write to BGP peer %s (%s)\n", peer->name, strerror(errno)); bgp_set_retry(peer); @@ -774,7 +774,7 @@ static int bgp_write(struct bgp_peer *peer) return 1; } - LOG(4, 0, 0, 0, "Sent %s to BGP peer %s\n", + LOG(4, 0, 0, "Sent %s to BGP peer %s\n", bgp_msg_type_str(peer->outbuf->packet.header.type), peer->name); peer->outbuf->packet.header.len = 0; @@ -794,7 +794,7 @@ static int bgp_write(struct bgp_peer *peer) peer->state = peer->next_state; peer->state_time = time_now; - LOG(4, 0, 0, 0, "BGP peer %s: state %s\n", peer->name, + LOG(4, 0, 0, "BGP peer %s: state %s\n", peer->name, bgp_state_str(peer->state)); } @@ -811,7 +811,7 @@ static int bgp_read(struct bgp_peer *peer) { if (!r) { - LOG(1, 0, 0, 0, "Connection to BGP peer %s closed\n", peer->name); + LOG(1, 0, 0, "Connection to BGP peer %s closed\n", peer->name); } else { @@ -821,7 +821,7 @@ static int bgp_read(struct bgp_peer *peer) if (errno == EAGAIN) return 1; - LOG(1, 0, 0, 0, "Can't read from BGP peer %s (%s)\n", peer->name, + LOG(1, 0, 0, "Can't read from BGP peer %s (%s)\n", peer->name, strerror(errno)); } @@ -841,7 +841,7 @@ static int bgp_handle_input(struct bgp_peer *peer) if (len > BGP_MAX_PACKET_SIZE) { - LOG(1, 0, 0, 0, "Bad header length from BGP %s\n", peer->name); + LOG(1, 0, 0, "Bad header length from BGP %s\n", peer->name); bgp_send_notification(peer, BGP_ERR_HEADER, BGP_ERR_HDR_BAD_LEN); return 0; } @@ -849,7 +849,7 @@ static int bgp_handle_input(struct bgp_peer *peer) if (peer->inbuf->done < len) return 0; - LOG(4, 0, 0, 0, "Received %s from BGP peer %s\n", + LOG(4, 0, 0, "Received %s from BGP peer %s\n", bgp_msg_type_str(p->header.type), peer->name); switch (p->header.type) @@ -864,7 +864,7 @@ static int bgp_handle_input(struct bgp_peer *peer) { if ((unsigned char) p->header.marker[i] != 0xff) { - LOG(1, 0, 0, 0, "Invalid marker from BGP peer %s\n", + LOG(1, 0, 0, "Invalid marker from BGP peer %s\n", peer->name); bgp_send_notification(peer, BGP_ERR_HEADER, @@ -876,7 +876,7 @@ static int bgp_handle_input(struct bgp_peer *peer) if (peer->state != OpenSent) { - LOG(1, 0, 0, 0, "OPEN from BGP peer %s in %s state\n", + LOG(1, 0, 0, "OPEN from BGP peer %s in %s state\n", peer->name, bgp_state_str(peer->state)); bgp_send_notification(peer, BGP_ERR_FSM, 0); @@ -887,7 +887,7 @@ static int bgp_handle_input(struct bgp_peer *peer) if (data.version != BGP_VERSION) { - LOG(1, 0, 0, 0, "Bad version (%d) sent by BGP peer %s\n", + LOG(1, 0, 0, "Bad version (%d) sent by BGP peer %s\n", (int) data.version, peer->name); bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_OPN_VERSION); @@ -896,7 +896,7 @@ static int bgp_handle_input(struct bgp_peer *peer) if (ntohs(data.as) != peer->as) { - LOG(1, 0, 0, 0, "Bad AS sent by BGP peer %s (got %d, " + LOG(1, 0, 0, "Bad AS sent by BGP peer %s (got %d, " "expected %d)\n", peer->name, (int) htons(data.as), (int) peer->as); @@ -906,7 +906,7 @@ static int bgp_handle_input(struct bgp_peer *peer) if ((hold = ntohs(data.hold_time)) < 3) { - LOG(1, 0, 0, 0, "Bad hold time (%d) from BGP peer %s\n", + LOG(1, 0, 0, "Bad hold time (%d) from BGP peer %s\n", hold, peer->name); bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_OPN_HOLD_TIME); @@ -939,7 +939,7 @@ static int bgp_handle_input(struct bgp_peer *peer) peer->retry_count = 0; peer->retry_time = 0; - LOG(4, 0, 0, 0, "BGP peer %s: state Established\n", peer->name); + LOG(4, 0, 0, "BGP peer %s: state Established\n", peer->name); } break; @@ -952,13 +952,13 @@ static int bgp_handle_input(struct bgp_peer *peer) if (notification->error_code == BGP_ERR_CEASE) { - LOG(4, 0, 0, 0, "BGP peer %s sent CEASE\n", peer->name); + LOG(4, 0, 0, "BGP peer %s sent CEASE\n", peer->name); bgp_halt(peer); return 0; } /* FIXME: should handle more notifications */ - LOG(4, 0, 0, 0, "BGP peer %s sent unhandled NOTIFICATION %d\n", + LOG(4, 0, 0, "BGP peer %s sent unhandled NOTIFICATION %d\n", peer->name, (int) notification->error_code); } @@ -1077,8 +1077,8 @@ static int bgp_send_update(struct bgp_peer *peer) unf_len += s; len += s; - LOG(5, 0, 0, 0, "Withdrawing route %s/%d from BGP peer %s\n", - inet_toa(tmp->dest.prefix), tmp->dest.len, peer->name); + LOG(5, 0, 0, "Withdrawing route %s/%d from BGP peer %s\n", + fmtaddr(tmp->dest.prefix, 0), tmp->dest.len, peer->name); free(tmp); @@ -1127,8 +1127,8 @@ static int bgp_send_update(struct bgp_peer *peer) { if (!(e = malloc(sizeof(*e)))) { - LOG(0, 0, 0, 0, "Can't allocate route for %s/%d (%s)\n", - inet_toa(add->dest.prefix), add->dest.len, strerror(errno)); + LOG(0, 0, 0, "Can't allocate route for %s/%d (%s)\n", + fmtaddr(add->dest.prefix, 0), add->dest.len, strerror(errno)); return 0; } @@ -1151,8 +1151,8 @@ static int bgp_send_update(struct bgp_peer *peer) data += s; len += s; - LOG(5, 0, 0, 0, "Advertising route %s/%d to BGP peer %s\n", - inet_toa(add->dest.prefix), add->dest.len, peer->name); + LOG(5, 0, 0, "Advertising route %s/%d to BGP peer %s\n", + fmtaddr(add->dest.prefix, 0), add->dest.len, peer->name); } else { diff --git a/cli.c b/cli.c index 0983c5e..836c0e9 100644 --- a/cli.c +++ b/cli.c @@ -2,7 +2,7 @@ // vim: sw=8 ts=8 char const *cvs_name = "$Name: $"; -char const *cvs_id_cli = "$Id: cli.c,v 1.33 2004-11-28 20:09:53 bodea Exp $"; +char const *cvs_id_cli = "$Id: cli.c,v 1.34 2004-11-29 02:17:17 bodea Exp $"; #include #include @@ -117,6 +117,7 @@ static int cmd_no_ip_access_list(struct cli_def *cli, char *command, char **argv static int cmd_ip_access_list_rule(struct cli_def *cli, char *command, char **argv, int argc); static int cmd_filter(struct cli_def *cli, char *command, char **argv, int argc); static int cmd_no_filter(struct cli_def *cli, char *command, char **argv, int argc); +static int cmd_show_access_list(struct cli_def *cli, char *command, char **argv, int argc); /* match if b is a substr of a */ #define MATCH(a,b) (!strncmp((a), (b), strlen(b))) @@ -153,6 +154,7 @@ void init_cli(char *hostname) cli_register_command(cli, c, "tunnels", cmd_show_tunnels, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show a list of tunnels or details for a single tunnel"); cli_register_command(cli, c, "users", cmd_show_users, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show a list of all connected users or details of selected user"); cli_register_command(cli, c, "version", cmd_show_version, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show currently running software version"); + cli_register_command(cli, c, "access-list", cmd_show_access_list, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show named access-list"); c2 = cli_register_command(cli, c, "histogram", NULL, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, NULL); cli_register_command(cli, c2, "idle", cmd_show_hist_idle, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show histogram of session idle times"); @@ -231,7 +233,7 @@ void init_cli(char *hostname) if (!(f = fopen(CLIUSERS, "r"))) { - LOG(0, 0, 0, 0, "WARNING! No users specified. Command-line access is open to all\n"); + LOG(0, 0, 0, "WARNING! No users specified. Command-line access is open to all\n"); } else { @@ -247,12 +249,12 @@ void init_cli(char *hostname) if (!strcmp(buf, "enable")) { cli_allow_enable(cli, p); - LOG(3, 0, 0, 0, "Setting enable password\n"); + LOG(3, 0, 0, "Setting enable password\n"); } else { cli_allow_user(cli, buf, p); - LOG(3, 0, 0, 0, "Allowing user %s to connect to the CLI\n", buf); + LOG(3, 0, 0, "Allowing user %s to connect to the CLI\n", buf); } } fclose(f); @@ -271,7 +273,7 @@ void init_cli(char *hostname) addr.sin_port = htons(23); if (bind(clifd, (void *) &addr, sizeof(addr)) < 0) { - LOG(0, 0, 0, 0, "Error listening on cli port 23: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error listening on cli port 23: %s\n", strerror(errno)); return; } listen(clifd, 10); @@ -286,18 +288,18 @@ void cli_do(int sockfd) if (fork_and_close()) return; if (getpeername(sockfd, (struct sockaddr *)&addr, &l) == 0) { - LOG(3, 0, 0, 0, "Accepted connection to CLI from %s\n", inet_toa(addr.sin_addr.s_addr)); + LOG(3, 0, 0, "Accepted connection to CLI from %s\n", fmtaddr(addr.sin_addr.s_addr, 0)); require_auth = addr.sin_addr.s_addr != inet_addr("127.0.0.1"); } else - LOG(0, 0, 0, 0, "getpeername() failed on cli socket. Requiring authentication: %s\n", strerror(errno)); + LOG(0, 0, 0, "getpeername() failed on cli socket. Requiring authentication: %s\n", strerror(errno)); if (require_auth) { - LOG(3, 0, 0, 0, "CLI is remote, requiring authentication\n"); + LOG(3, 0, 0, "CLI is remote, requiring authentication\n"); if (!cli->users) /* paranoia */ { - LOG(0, 0, 0, 0, "No users for remote authentication! Exiting CLI\n"); + LOG(0, 0, 0, "No users for remote authentication! Exiting CLI\n"); exit(0); } } @@ -318,18 +320,18 @@ void cli_do(int sockfd) cli_loop(cli, sockfd); close(sockfd); - LOG(3, 0, 0, 0, "Closed CLI connection from %s\n", inet_toa(addr.sin_addr.s_addr)); + LOG(3, 0, 0, "Closed CLI connection from %s\n", fmtaddr(addr.sin_addr.s_addr, 0)); exit(0); } static void cli_print_log(struct cli_def *cli, char *string) { - LOG(3, 0, 0, 0, "%s\n", string); + LOG(3, 0, 0, "%s\n", string); } void cli_do_file(FILE *fh) { - LOG(3, 0, 0, 0, "Reading configuration file\n"); + LOG(3, 0, 0, "Reading configuration file\n"); cli_print_callback(cli, cli_print_log); cli_file(cli, fh, PRIVILEGE_PRIVILEGED, MODE_CONFIG); cli_print_callback(cli, NULL); @@ -398,7 +400,7 @@ static int cmd_show_session(struct cli_def *cli, char *command, char **argv, int cli_print(cli, "\tCalling Num:\t%s", session[s].calling); cli_print(cli, "\tCalled Num:\t%s", session[s].called); cli_print(cli, "\tTunnel ID:\t%d", session[s].tunnel); - cli_print(cli, "\tIP address:\t%s", inet_toa(htonl(session[s].ip))); + cli_print(cli, "\tIP address:\t%s", fmtaddr(htonl(session[s].ip), 0)); cli_print(cli, "\tUnique SID:\t%lu", session[s].unique_id); cli_print(cli, "\tIdle time:\t%u seconds", abs(time_now - session[s].last_packet)); cli_print(cli, "\tNext Recv:\t%u", session[s].nr); @@ -414,7 +416,7 @@ static int cmd_show_session(struct cli_def *cli, char *command, char **argv, int if (session[s].filter_out && session[s].filter_out <= MAXFILTER) cli_print(cli, "\tFilter out:\t%u (%s)", session[s].filter_out, ip_filters[session[s].filter_out - 1].name); if (session[s].snoop_ip && session[s].snoop_port) - cli_print(cli, "\tIntercepted:\t%s:%d", inet_toa(session[s].snoop_ip), session[s] .snoop_port); + cli_print(cli, "\tIntercepted:\t%s:%d", fmtaddr(session[s].snoop_ip, 0), session[s] .snoop_port); else cli_print(cli, "\tIntercepted:\tno"); @@ -488,15 +490,12 @@ static int cmd_show_session(struct cli_def *cli, char *command, char **argv, int for (i = 1; i < MAXSESSION; i++) { - char *userip, *tunnelip; if (!session[i].opened) continue; - userip = strdup(inet_toa(htonl(session[i].ip))); - tunnelip = strdup(inet_toa(htonl(tunnel[ session[i].tunnel ].ip))); cli_print(cli, "%5d %4d %-32s %-15s %s %s %s %10u %10lu %10lu %4u %-15s %s", i, session[i].tunnel, session[i].user[0] ? session[i].user : "*", - userip, + fmtaddr(htonl(session[i].ip), 0), (session[i].snoop_ip && session[i].snoop_port) ? "Y" : "N", (session[i].throttle_in || session[i].throttle_out) ? "Y" : "N", (session[i].walled_garden) ? "Y" : "N", @@ -504,10 +503,8 @@ static int cmd_show_session(struct cli_def *cli, char *command, char **argv, int (unsigned long)session[i].total_cout, (unsigned long)session[i].total_cin, abs(time_now - (session[i].last_packet ? session[i].last_packet : time_now)), - tunnelip, + fmtaddr(htonl(tunnel[ session[i].tunnel ].ip), 1), session[i].calling[0] ? session[i].calling : "*"); - if (userip) free(userip); - if (tunnelip) free(tunnelip); } return CLI_OK; } @@ -558,7 +555,7 @@ static int cmd_show_tunnels(struct cli_def *cli, char *command, char **argv, int cli_print(cli, "\r\nTunnel %d:", t); cli_print(cli, "\tState:\t\t%s", states[tunnel[t].state]); cli_print(cli, "\tHostname:\t%s", tunnel[t].hostname[0] ? tunnel[t].hostname : "(none)"); - cli_print(cli, "\tRemote IP:\t%s", inet_toa(htonl(tunnel[t].ip))); + cli_print(cli, "\tRemote IP:\t%s", fmtaddr(htonl(tunnel[t].ip), 0)); cli_print(cli, "\tRemote Port:\t%d", tunnel[t].port); cli_print(cli, "\tRx Window:\t%u", tunnel[t].window); cli_print(cli, "\tNext Recv:\t%u", tunnel[t].nr); @@ -593,7 +590,7 @@ static int cmd_show_tunnels(struct cli_def *cli, char *command, char **argv, int cli_print(cli, "%4d %20s %20s %6s %6d", i, *tunnel[i].hostname ? tunnel[i].hostname : "(null)", - inet_toa(htonl(tunnel[i].ip)), + fmtaddr(htonl(tunnel[i].ip), 0), states[tunnel[i].state], sessions); } @@ -802,7 +799,9 @@ static int cmd_show_pool(struct cli_def *cli, char *command, char **argv, int ar if (!config->cluster_iam_master) { - cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); + cli_print(cli, "Can't do this on a slave. Do it on %s", + fmtaddr(config->cluster_master_address, 0)); + return CLI_OK; } @@ -827,7 +826,9 @@ static int cmd_show_pool(struct cli_def *cli, char *command, char **argv, int ar if (ip_address_pool[i].assigned) { cli_print(cli, "%-15s\tY %8d %s", - inet_toa(htonl(ip_address_pool[i].address)), ip_address_pool[i].session, session[ip_address_pool[i].session].user); + fmtaddr(htonl(ip_address_pool[i].address), 0), + ip_address_pool[i].session, + session[ip_address_pool[i].session].user); used++; } @@ -835,10 +836,11 @@ static int cmd_show_pool(struct cli_def *cli, char *command, char **argv, int ar { if (ip_address_pool[i].last) cli_print(cli, "%-15s\tN %8s [%s] %ds", - inet_toa(htonl(ip_address_pool[i].address)), "", + fmtaddr(htonl(ip_address_pool[i].address), 0), "", ip_address_pool[i].user, time_now - ip_address_pool[i].last); + else if (show_all) - cli_print(cli, "%-15s\tN", inet_toa(htonl(ip_address_pool[i].address))); + cli_print(cli, "%-15s\tN", fmtaddr(htonl(ip_address_pool[i].address), 0)); free++; } @@ -896,7 +898,7 @@ static int cmd_show_run(struct cli_def *cli, char *command, char **argv, int arg if (config_values[i].type == STRING) cli_print(cli, "set %s \"%.*s\"", config_values[i].key, config_values[i].size, (char *)value); else if (config_values[i].type == IP) - cli_print(cli, "set %s %s", config_values[i].key, inet_toa(*(unsigned *)value)); + cli_print(cli, "set %s %s", config_values[i].key, fmtaddr(*(unsigned *)value, 0)); else if (config_values[i].type == SHORT) cli_print(cli, "set %s %hu", config_values[i].key, *(short *)value); else if (config_values[i].type == BOOL) @@ -1123,7 +1125,9 @@ static int cmd_drop_user(struct cli_def *cli, char *command, char **argv, int ar if (!config->cluster_iam_master) { - cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); + cli_print(cli, "Can't do this on a slave. Do it on %s", + fmtaddr(config->cluster_master_address, 0)); + return CLI_OK; } @@ -1162,7 +1166,9 @@ static int cmd_drop_tunnel(struct cli_def *cli, char *command, char **argv, int if (!config->cluster_iam_master) { - cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); + cli_print(cli, "Can't do this on a slave. Do it on %s", + fmtaddr(config->cluster_master_address, 0)); + return CLI_OK; } @@ -1210,7 +1216,9 @@ static int cmd_drop_session(struct cli_def *cli, char *command, char **argv, int if (!config->cluster_iam_master) { - cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); + cli_print(cli, "Can't do this on a slave. Do it on %s", + fmtaddr(config->cluster_master_address, 0)); + return CLI_OK; } @@ -1275,7 +1283,9 @@ static int cmd_snoop(struct cli_def *cli, char *command, char **argv, int argc) if (!config->cluster_iam_master) { - cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); + cli_print(cli, "Can't do this on a slave. Do it on %s", + fmtaddr(config->cluster_master_address, 0)); + return CLI_OK; } @@ -1305,7 +1315,7 @@ static int cmd_snoop(struct cli_def *cli, char *command, char **argv, int argc) return CLI_OK; } - cli_print(cli, "Snooping user %s to %s:%d", argv[0], inet_toa(ip), port); + cli_print(cli, "Snooping user %s to %s:%d", argv[0], fmtaddr(ip, 0), port); cli_session_actions[s].snoop_ip = ip; cli_session_actions[s].snoop_port = port; cli_session_actions[s].action |= CLI_SESS_SNOOP; @@ -1324,7 +1334,9 @@ static int cmd_no_snoop(struct cli_def *cli, char *command, char **argv, int arg if (!config->cluster_iam_master) { - cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); + cli_print(cli, "Can't do this on a slave. Do it on %s", + fmtaddr(config->cluster_master_address, 0)); + return CLI_OK; } @@ -1396,7 +1408,9 @@ static int cmd_throttle(struct cli_def *cli, char *command, char **argv, int arg if (!config->cluster_iam_master) { - cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); + cli_print(cli, "Can't do this on a slave. Do it on %s", + fmtaddr(config->cluster_master_address, 0)); + return CLI_OK; } @@ -1486,7 +1500,9 @@ static int cmd_no_throttle(struct cli_def *cli, char *command, char **argv, int if (!config->cluster_iam_master) { - cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); + cli_print(cli, "Can't do this on a slave. Do it on %s", + fmtaddr(config->cluster_master_address, 0)); + return CLI_OK; } @@ -1866,16 +1882,8 @@ int regular_stuff(struct cli_def *cli) if (show_message) { - ipt address = htonl(ringbuffer->buffer[i].address); - char *ipaddr; - struct in_addr addr; - - memcpy(&addr, &address, sizeof(ringbuffer->buffer[i].address)); - ipaddr = inet_ntoa(addr); - - cli_print(cli, "\r%s-%s-%u-%u %s", + cli_print(cli, "\r%s-%u-%u %s", debug_levels[(int)ringbuffer->buffer[i].level], - ipaddr, ringbuffer->buffer[i].tunnel, ringbuffer->buffer[i].session, ringbuffer->buffer[i].message); @@ -2128,7 +2136,7 @@ static int cmd_show_bgp(struct cli_def *cli, char *command, char **argv, int arg NULL); cli_print(cli, "BGPv%d router identifier %s, local AS number %d", - BGP_VERSION, inet_toa(my_address), (int) config->as_number); + BGP_VERSION, fmtaddr(my_address, 0), (int) config->as_number); time(&time_now); @@ -2137,7 +2145,7 @@ static int cmd_show_bgp(struct cli_def *cli, char *command, char **argv, int arg if (!*bgp_peers[i].name) continue; - addr = inet_toa(bgp_peers[i].addr); + addr = fmtaddr(bgp_peers[i].addr, 0); if (argc && strcmp(addr, argv[0]) && strncmp(bgp_peers[i].name, argv[0], strlen(argv[0]))) continue; @@ -2189,7 +2197,7 @@ static int cmd_suspend_bgp(struct cli_def *cli, char *command, char **argv, int if (!bgp_peers[i].routing) continue; - addr = inet_toa(bgp_peers[i].addr); + addr = fmtaddr(bgp_peers[i].addr, 0); if (argc && strcmp(addr, argv[0]) && strcmp(bgp_peers[i].name, argv[0])) continue; @@ -2222,7 +2230,7 @@ static int cmd_no_suspend_bgp(struct cli_def *cli, char *command, char **argv, i if (bgp_peers[i].routing) continue; - addr = inet_toa(bgp_peers[i].addr); + addr = fmtaddr(bgp_peers[i].addr, 0); if (argc && strcmp(addr, argv[0]) && strncmp(bgp_peers[i].name, argv[0], strlen(argv[0]))) continue; @@ -2253,7 +2261,7 @@ static int cmd_restart_bgp(struct cli_def *cli, char *command, char **argv, int if (!*bgp_peers[i].name) continue; - addr = inet_toa(bgp_peers[i].addr); + addr = fmtaddr(bgp_peers[i].addr, 0); if (argc && strcmp(addr, argv[0]) && strncmp(bgp_peers[i].name, argv[0], strlen(argv[0]))) continue; @@ -2385,15 +2393,13 @@ static int cmd_no_ip_access_list(struct cli_def *cli, char *command, char **argv static int show_ip_wild(char *buf, ipt ip, ipt wild) { - int i; if (ip == INADDR_ANY && wild == INADDR_BROADCAST) return sprintf(buf, " any"); if (wild == INADDR_ANY) - return sprintf(buf, " host %s", inet_toa(ip)); + return sprintf(buf, " host %s", fmtaddr(ip, 0)); - i = sprintf(buf, " %s", inet_toa(ip)); - return i + sprintf(buf + i, " %s", inet_toa(wild)); + return sprintf(buf, " %s %s", fmtaddr(ip, 0), fmtaddr(wild, 1)); } static int show_ports(char *buf, ip_filter_portt *ports) @@ -2435,14 +2441,14 @@ static char const *show_access_list_rule(int extended, ip_filter_rulet *rule) if (rule->proto == IPPROTO_TCP && rule->tcp_flag_op) { - if (rule->tcp_flag_op == FILTER_FLAG_OP_ANY && - rule->tcp_sflags == (TCP_FLAG_ACK|TCP_FLAG_RST) && - rule->tcp_cflags == TCP_FLAG_SYN) + switch (rule->tcp_flag_op) { + case FILTER_FLAG_OP_EST: p += sprintf(p, " established"); - } - else - { + break; + + case FILTER_FLAG_OP_ANY: + case FILTER_FLAG_OP_ALL: p += sprintf(p, " match-%s", rule->tcp_flag_op == FILTER_FLAG_OP_ALL ? "all" : "any"); if (rule->tcp_sflags & TCP_FLAG_FIN) p += sprintf(p, " +fin"); if (rule->tcp_cflags & TCP_FLAG_FIN) p += sprintf(p, " -fin"); @@ -2456,9 +2462,13 @@ static char const *show_access_list_rule(int extended, ip_filter_rulet *rule) if (rule->tcp_cflags & TCP_FLAG_ACK) p += sprintf(p, " -ack"); if (rule->tcp_sflags & TCP_FLAG_URG) p += sprintf(p, " +urg"); if (rule->tcp_cflags & TCP_FLAG_URG) p += sprintf(p, " -urg"); + break; } } + if (rule->frag) + p += sprintf(p, " fragments"); + return buf; } @@ -2637,9 +2647,7 @@ ip_filter_rulet *access_list_rule_ext(struct cli_def *cli, char *command, char * { if (MATCH("established", argv[a])) { - rule.tcp_flag_op = FILTER_FLAG_OP_ANY; - rule.tcp_sflags = (TCP_FLAG_ACK|TCP_FLAG_RST); - rule.tcp_cflags = TCP_FLAG_SYN; + rule.tcp_flag_op = FILTER_FLAG_OP_EST; a++; } else if (!strcmp(argv[a], "match-any") || !strcmp(argv[a], "match-an") || @@ -2678,6 +2686,12 @@ ip_filter_rulet *access_list_rule_ext(struct cli_def *cli, char *command, char * } } + if (a < argc && MATCH("fragments", argv[a])) + { + rule.frag = 1; + a++; + } + if (a < argc) { cli_print(cli, "Invalid flag \"%s\"", argv[a]); @@ -2861,7 +2875,9 @@ static int cmd_filter(struct cli_def *cli, char *command, char **argv, int argc) if (!config->cluster_iam_master) { - cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); + cli_print(cli, "Can't do this on a slave. Do it on %s", + fmtaddr(config->cluster_master_address, 0)); + return CLI_OK; } @@ -2934,7 +2950,9 @@ static int cmd_no_filter(struct cli_def *cli, char *command, char **argv, int ar if (!config->cluster_iam_master) { - cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); + cli_print(cli, "Can't do this on a slave. Do it on %s", + fmtaddr(config->cluster_master_address, 0)); + return CLI_OK; } @@ -2966,6 +2984,48 @@ static int cmd_no_filter(struct cli_def *cli, char *command, char **argv, int ar return CLI_OK; } +static int cmd_show_access_list(struct cli_def *cli, char *command, char **argv, int argc) +{ + int i; + + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, argc > 1, "NAME", "Filter name", NULL); + + if (argc < 1) + { + cli_print(cli, "Specify a filter name"); + return CLI_OK; + } + + for (i = 0; i < argc; i++) + { + int f = find_access_list(argv[i]); + ip_filter_rulet *rules; + + if (f < 0 || !*ip_filters[f].name) + { + cli_print(cli, "Access-list %s not defined", argv[i]); + return CLI_OK; + } + + cli_print(cli, "%s IP access list %s", + ip_filters[f].extended ? "Extended" : "Standard", + ip_filters[f].name); + + for (rules = ip_filters[f].rules; rules->action; rules++) + { + char const *r = show_access_list_rule(ip_filters[f].extended, rules); + if (rules->counter) + cli_print(cli, "%s (%d match%s)", r, + rules->counter, rules->counter > 1 ? "es" : ""); + else + cli_print(cli, "%s", r); + } + } + + return CLI_OK; +} + // Convert a string in the form of abcd.ef12.3456 into char[6] void parsemac(char *string, char mac[6]) { diff --git a/cluster.c b/cluster.c index f15127d..fdfe2dd 100644 --- a/cluster.c +++ b/cluster.c @@ -1,6 +1,6 @@ // L2TPNS Clustering Stuff -char const *cvs_id_cluster = "$Id: cluster.c,v 1.18 2004-11-16 07:54:32 bodea Exp $"; +char const *cvs_id_cluster = "$Id: cluster.c,v 1.19 2004-11-29 02:17:17 bodea Exp $"; #include #include @@ -101,14 +101,14 @@ int cluster_init() if (bind(cluster_sockfd, (void *) &addr, sizeof(addr)) < 0) { - LOG(0, 0, 0, 0, "Failed to bind cluster socket: %s\n", strerror(errno)); + LOG(0, 0, 0, "Failed to bind cluster socket: %s\n", strerror(errno)); return -1; } strcpy(ifr.ifr_name, config->cluster_interface); if (ioctl(cluster_sockfd, SIOCGIFADDR, &ifr) < 0) { - LOG(0, 0, 0, 0, "Failed to get interface address for (%s): %s\n", config->cluster_interface, strerror(errno)); + LOG(0, 0, 0, "Failed to get interface address for (%s): %s\n", config->cluster_interface, strerror(errno)); return -1; } @@ -125,13 +125,13 @@ int cluster_init() if (setsockopt(cluster_sockfd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)) < 0) { - LOG(0, 0, 0, 0, "Failed to setsockopt (join mcast group): %s\n", strerror(errno)); + LOG(0, 0, 0, "Failed to setsockopt (join mcast group): %s\n", strerror(errno)); return -1; } if (setsockopt (cluster_sockfd, IPPROTO_IP, IP_MULTICAST_IF, &interface_addr, sizeof(interface_addr)) < 0) { - LOG(0, 0, 0, 0, "Failed to setsockopt (set mcast interface): %s\n", strerror(errno)); + LOG(0, 0, 0, "Failed to setsockopt (set mcast interface): %s\n", strerror(errno)); return -1; } @@ -158,11 +158,11 @@ static int cluster_send_data(void *data, int datalen) addr.sin_port = htons(CLUSTERPORT); addr.sin_family = AF_INET; - LOG(5,0,0,0, "Cluster send data: %d bytes\n", datalen); + LOG(5, 0, 0, "Cluster send data: %d bytes\n", datalen); if (sendto(cluster_sockfd, data, datalen, MSG_NOSIGNAL, (void *) &addr, sizeof(addr)) < 0) { - LOG(0, 0, 0, 0, "sendto: %s\n", strerror(errno)); + LOG(0, 0, 0, "sendto: %s\n", strerror(errno)); return -1; } @@ -210,7 +210,7 @@ static void cluster_uptodate(void) config->cluster_iam_uptodate = 1; - LOG(0,0,0,0, "Now uptodate with master.\n"); + LOG(0, 0, 0, "Now uptodate with master.\n"); advertise(); } @@ -236,7 +236,7 @@ static int peer_send_data(u32 peer, char * data, int size) if (sendto(cluster_sockfd, data, size, MSG_NOSIGNAL, (void *) &addr, sizeof(addr)) < 0) { - LOG(0, 0, 0, 0, "sendto: %s\n", strerror(errno)); + LOG(0, 0, 0, "sendto: %s\n", strerror(errno)); return -1; } @@ -251,7 +251,7 @@ static int peer_send_message(u32 peer, int type, int more, char * data, int size char buf[65536]; // Vast overkill. char * p = buf; - LOG(4,0,0,0, "Sending message to peer (type %d, more %d, size %d)\n", type, more, size); + LOG(4, 0, 0, "Sending message to peer (type %d, more %d, size %d)\n", type, more, size); add_type(&p, type, more, data, size); return peer_send_data(peer, buf, (p-buf) ); @@ -271,7 +271,7 @@ int master_forward_packet(char *data, int size, u32 addr, int port) if (!config->cluster_master_address) // No election has been held yet. Just skip it. return -1; - LOG(4,0,0,0, "Forwarding packet from %s to master (size %d)\n", inet_toa(addr), size); + LOG(4, 0, 0, "Forwarding packet from %s to master (size %d)\n", fmtaddr(addr, 0), size); STAT(c_forwarded); add_type(&p, C_FORWARD, addr, (char*) &port, sizeof(port) ); @@ -297,7 +297,7 @@ int master_throttle_packet(int tbfid, char *data, int size) if (!config->cluster_master_address) // No election has been held yet. Just skip it. return -1; - LOG(4,0,0,0, "Throttling packet master (size %d, tbfid %d)\n", size, tbfid); + LOG(4, 0, 0, "Throttling packet master (size %d, tbfid %d)\n", size, tbfid); add_type(&p, C_THROTTLE, tbfid, data, size); @@ -322,7 +322,7 @@ int master_garden_packet(sessionidt s, char *data, int size) if (!config->cluster_master_address) // No election has been held yet. Just skip it. return -1; - LOG(4,0,0,0, "Walled garden packet to master (size %d)\n", size); + LOG(4, 0, 0, "Walled garden packet to master (size %d)\n", size); add_type(&p, C_GARDEN, s, data, size); @@ -340,7 +340,7 @@ static void send_heartbeat(int seq, char * data, int size) if (size > sizeof(past_hearts[0].data)) { - LOG(0,0,0,0, "Tried to heartbeat something larger than the maximum packet!\n"); + LOG(0, 0, 0, "Tried to heartbeat something larger than the maximum packet!\n"); kill(0, SIGTERM); exit(1); } @@ -363,7 +363,7 @@ void cluster_send_ping(time_t basetime) if (config->cluster_iam_master && basetime) // We're heartbeating so no need to ping. return; - LOG(5,0,0,0, "Sending cluster ping...\n"); + LOG(5, 0, 0, "Sending cluster ping...\n"); x.ver = 1; x.addr = config->bind_address; @@ -422,7 +422,7 @@ void master_update_counts(void) // Forward the data to the master. - LOG(4,0,0,0, "Sending byte counters to master (%d elements)\n", c); + LOG(4, 0, 0, "Sending byte counters to master (%d elements)\n", c); peer_send_message(config->cluster_master_address, C_BYTES, c, (char*) &b, sizeof(b[0]) * c); return; } @@ -491,7 +491,7 @@ void cluster_check_master(void) if (!probed && config->cluster_master_address) { probed = 1; - LOG(1, 0, 0, 0, "Heartbeat from master %.1fs late, probing...\n", + LOG(1, 0, 0, "Heartbeat from master %.1fs late, probing...\n", 0.1 * (TIME - (config->cluster_last_hb + config->cluster_hb_interval))); peer_send_message(config->cluster_master_address, @@ -506,7 +506,7 @@ void cluster_check_master(void) config->cluster_last_hb = TIME + 1; // Just the one election thanks. - LOG(0,0,0,0, "Master timed out! Holding election...\n"); + LOG(0, 0, 0, "Master timed out! Holding election...\n"); for (i = 0; i < num_peers; i++) { @@ -517,13 +517,13 @@ void cluster_check_master(void) continue; // Shutdown peer! Skip them. if (peers[i].basetime < basetime) { - LOG(1,0,0,0, "Expecting %s to become master\n", inet_toa(peers[i].peer) ); + LOG(1, 0, 0, "Expecting %s to become master\n", fmtaddr(peers[i].peer, 0)); return; // They'll win the election. Get out of here. } if (peers[i].basetime == basetime && peers[i].peer > my_address) { - LOG(1,0,0,0, "Expecting %s to become master\n", inet_toa(peers[i].peer) ); + LOG(1, 0, 0, "Expecting %s to become master\n", fmtaddr(peers[i].peer, 0)); return; // They'll win the election. Wait for them to come up. } } @@ -535,7 +535,7 @@ void cluster_check_master(void) config->cluster_iam_master = 1; config->cluster_master_address = 0; - LOG(0,0,0,0, "I am declaring myself the master!\n"); + LOG(0, 0, 0, "I am declaring myself the master!\n"); if (config->cluster_seq_number == -1) config->cluster_seq_number = 0; @@ -607,7 +607,7 @@ void cluster_check_master(void) // If we're not the very first master, this is a big issue! if(count>0) - LOG(0,0,0,0, "Warning: Fixed %d uninitialized sessions in becoming master!\n", count); + LOG(0, 0, 0, "Warning: Fixed %d uninitialized sessions in becoming master!\n", count); config->cluster_undefined_sessions = 0; config->cluster_undefined_tunnels = 0; @@ -670,7 +670,7 @@ static void cluster_check_sessions(int highsession, int freesession_ptr, int hig if (config->cluster_undefined_sessions || config->cluster_undefined_tunnels) { - LOG(2,0,0,0, "Cleared undefined sessions/tunnels. %d sess (high %d), %d tunn (high %d)\n", + LOG(2, 0, 0, "Cleared undefined sessions/tunnels. %d sess (high %d), %d tunn (high %d)\n", config->cluster_undefined_sessions, highsession, config->cluster_undefined_tunnels, hightunnel); return; } @@ -724,7 +724,7 @@ static int hb_add_type(char **p, int type, int id) (char*) &tunnel[id], sizeof(tunnelt)); break; default: - LOG(0,0,0,0, "Found an invalid type in heart queue! (%d)\n", type); + LOG(0, 0, 0, "Found an invalid type in heart queue! (%d)\n", type); kill(0, SIGTERM); exit(1); } @@ -767,7 +767,7 @@ void cluster_heartbeat() } if (p > (buff + sizeof(buff))) { // Did we somehow manage to overun the buffer? - LOG(0,0,0,0, "FATAL: Overran the heartbeat buffer! This is fatal. Exiting. (size %d)\n", p - buff); + LOG(0, 0, 0, "FATAL: Overran the heartbeat buffer! This is fatal. Exiting. (size %d)\n", p - buff); kill(0, SIGTERM); exit(1); } @@ -812,14 +812,14 @@ void cluster_heartbeat() // // Did we do something wrong? if (p > (buff + sizeof(buff))) { // Did we somehow manage to overun the buffer? - LOG(0,0,0,0, "Overran the heartbeat buffer now! This is fatal. Exiting. (size %d)\n", p - buff); + LOG(0, 0, 0, "Overran the heartbeat buffer now! This is fatal. Exiting. (size %d)\n", p - buff); kill(0, SIGTERM); exit(1); } - LOG(3,0,0,0, "Sending heartbeat #%d with %d changes (%d x-sess, %d x-tunnels, %d highsess, %d hightun, size %d)\n", - h.seq, config->cluster_num_changes, count, tcount, config->cluster_highest_sessionid, - config->cluster_highest_tunnelid, (p-buff)); + LOG(3, 0, 0, "Sending heartbeat #%d with %d changes (%d x-sess, %d x-tunnels, %d highsess, %d hightun, size %d)\n", + h.seq, config->cluster_num_changes, count, tcount, config->cluster_highest_sessionid, + config->cluster_highest_tunnelid, (p-buff)); config->cluster_num_changes = 0; @@ -855,7 +855,7 @@ static int type_changed(int type, int id) int cluster_send_session(int sid) { if (!config->cluster_iam_master) { - LOG(0,0,sid,0, "I'm not a master, but I just tried to change a session!\n"); + LOG(0, sid, 0, "I'm not a master, but I just tried to change a session!\n"); return -1; } @@ -866,7 +866,7 @@ int cluster_send_session(int sid) int cluster_send_tunnel(int tid) { if (!config->cluster_iam_master) { - LOG(0,0,0,tid, "I'm not a master, but I just tried to change a tunnel!\n"); + LOG(0, 0, tid, "I'm not a master, but I just tried to change a tunnel!\n"); return -1; } @@ -884,14 +884,14 @@ static int cluster_catchup_slave(int seq, u32 slave) int s; int diff; - LOG(1,0,0,0, "Slave %s sent LASTSEEN with seq %d\n", inet_toa(slave), seq); + LOG(1, 0, 0, "Slave %s sent LASTSEEN with seq %d\n", fmtaddr(slave, 0), seq); diff = config->cluster_seq_number - seq; // How many packet do we need to send? if (diff < 0) diff += HB_MAX_SEQ; if (diff >= HB_HISTORY_SIZE) { // Ouch. We don't have the packet to send it! - LOG(0,0,0,0, "A slaved asked for message %d when our seq number is %d. Killing it.\n", + LOG(0, 0, 0, "A slaved asked for message %d when our seq number is %d. Killing it.\n", seq, config->cluster_seq_number); return peer_send_message(slave, C_KILL, seq, NULL, 0);// Kill the slave. Nothing else to do. } @@ -900,8 +900,8 @@ static int cluster_catchup_slave(int seq, u32 slave) while (seq != config->cluster_seq_number) { s = seq%HB_HISTORY_SIZE; if (seq != past_hearts[s].seq) { - LOG(0,0,0,0, "Tried to re-send heartbeat for %s but %d doesn't match %d! (%d,%d)\n", - inet_toa(slave), seq, past_hearts[s].seq, s, config->cluster_seq_number); + LOG(0, 0, 0, "Tried to re-send heartbeat for %s but %d doesn't match %d! (%d,%d)\n", + fmtaddr(slave, 0), seq, past_hearts[s].seq, s, config->cluster_seq_number); return -1; // What to do here!? } peer_send_data(slave, past_hearts[s].data, past_hearts[s].size); @@ -934,7 +934,7 @@ static int cluster_add_peer(u32 peer, time_t basetime, pingt *pp, int size) if (clusterid != config->bind_address) { // Is this for us? - LOG(4,0,0,0, "Skipping ping from %s (different cluster)\n", inet_toa(peer)); + LOG(4, 0, 0, "Skipping ping from %s (different cluster)\n", fmtaddr(peer, 0)); return 0; } @@ -952,7 +952,7 @@ static int cluster_add_peer(u32 peer, time_t basetime, pingt *pp, int size) // Is this the master shutting down?? if (peer == config->cluster_master_address && !basetime) { - LOG(3,0,0,0, "Master %s shutting down...\n", inet_toa(config->cluster_master_address)); + LOG(3, 0, 0, "Master %s shutting down...\n", fmtaddr(config->cluster_master_address, 0)); config->cluster_master_address = 0; config->cluster_last_hb = 0; // Force an election. cluster_check_master(); @@ -961,7 +961,7 @@ static int cluster_add_peer(u32 peer, time_t basetime, pingt *pp, int size) if (i >= num_peers) { - LOG(4,0,0,0, "Adding %s as a peer\n", inet_toa(peer)); + LOG(4, 0, 0, "Adding %s as a peer\n", fmtaddr(peer, 0)); // Not found. Is there a stale slot to re-use? for (i = 0; i < num_peers ; ++i) @@ -976,7 +976,7 @@ static int cluster_add_peer(u32 peer, time_t basetime, pingt *pp, int size) if (i >= CLUSTER_MAX_SIZE) { // Too many peers!! - LOG(0,0,0,0, "Tried to add %s as a peer, but I already have %d of them!\n", inet_toa(peer), i); + LOG(0, 0, 0, "Tried to add %s as a peer, but I already have %d of them!\n", fmtaddr(peer, 0), i); return -1; } @@ -987,7 +987,7 @@ static int cluster_add_peer(u32 peer, time_t basetime, pingt *pp, int size) if (i == num_peers) ++num_peers; - LOG(1,0,0,0, "Added %s as a new peer. Now %d peers\n", inet_toa(peer), num_peers); + LOG(1, 0, 0, "Added %s as a new peer. Now %d peers\n", fmtaddr(peer, 0), num_peers); } return 1; @@ -1004,14 +1004,14 @@ static int cluster_handle_bytes(char * data, int size) b = (bytest*) data; - LOG(3,0,0,0, "Got byte counter update (size %d)\n", size); + LOG(3, 0, 0, "Got byte counter update (size %d)\n", size); /* Loop around, adding the byte counts to each of the sessions. */ while (size >= sizeof(*b) ) { if (b->sid > MAXSESSION) { - LOG(0,0,0,0, "Got C_BYTES with session #%d!\n", b->sid); + LOG(0, 0, 0, "Got C_BYTES with session #%d!\n", b->sid); return -1; /* Abort processing */ } @@ -1027,7 +1027,7 @@ static int cluster_handle_bytes(char * data, int size) } if (size != 0) - LOG(0,0,0,0, "Got C_BYTES with %d bytes of trailing junk!\n", size); + LOG(0, 0, 0, "Got C_BYTES with %d bytes of trailing junk!\n", size); return size; } @@ -1038,13 +1038,13 @@ static int cluster_handle_bytes(char * data, int size) static int cluster_recv_session(int more , u8 * p) { if (more >= MAXSESSION) { - LOG(0,0,0,0, "DANGER: Received a heartbeat session id > MAXSESSION!\n"); + LOG(0, 0, 0, "DANGER: Received a heartbeat session id > MAXSESSION!\n"); return -1; } if (session[more].tunnel == T_UNDEF) { if (config->cluster_iam_uptodate) { // Sanity. - LOG(0,0,0,0, "I thought I was uptodate but I just found an undefined session!\n"); + LOG(0, 0, 0, "I thought I was uptodate but I just found an undefined session!\n"); } else { --config->cluster_undefined_sessions; } @@ -1052,7 +1052,7 @@ static int cluster_recv_session(int more , u8 * p) load_session(more, (sessiont*) p); // Copy session into session table.. - LOG(5,0,more,0, "Received session update (%d undef)\n", config->cluster_undefined_sessions); + LOG(5, more, 0, "Received session update (%d undef)\n", config->cluster_undefined_sessions); if (!config->cluster_iam_uptodate) cluster_uptodate(); // Check to see if we're up to date. @@ -1063,13 +1063,13 @@ static int cluster_recv_session(int more , u8 * p) static int cluster_recv_tunnel(int more, u8 *p) { if (more >= MAXTUNNEL) { - LOG(0,0,0,0, "DANGER: Received a tunnel session id > MAXTUNNEL!\n"); + LOG(0, 0, 0, "DANGER: Received a tunnel session id > MAXTUNNEL!\n"); return -1; } if (tunnel[more].state == TUNNELUNDEF) { if (config->cluster_iam_uptodate) { // Sanity. - LOG(0,0,0,0, "I thought I was uptodate but I just found an undefined tunnel!\n"); + LOG(0, 0, 0, "I thought I was uptodate but I just found an undefined tunnel!\n"); } else { --config->cluster_undefined_tunnels; } @@ -1084,7 +1084,7 @@ static int cluster_recv_tunnel(int more, u8 *p) tunnel[more].controls = tunnel[more].controle = NULL; tunnel[more].controlc = 0; - LOG(5,0,0,more, "Received tunnel update\n"); + LOG(5, 0, more, "Received tunnel update\n"); if (!config->cluster_iam_uptodate) cluster_uptodate(); // Check to see if we're up to date. @@ -1108,7 +1108,7 @@ static int cluster_process_heartbeat(u8 * data, int size, int more, u8 * p, u32 // we handle version 2+ if (more < 2 || more > HB_VERSION) { - LOG(0,0,0,0, "Received a heartbeat version that I don't support (%d)!\n", more); + LOG(0, 0, 0, "Received a heartbeat version that I don't support (%d)!\n", more); return -1; // Ignore it?? } @@ -1126,18 +1126,18 @@ static int cluster_process_heartbeat(u8 * data, int size, int more, u8 * p, u32 if (config->cluster_iam_master) { // Sanity... // Note that this MUST match the election process above! - LOG(0,0,0,0, "I just got a packet claiming to be from a master but _I_ am the master!\n"); + LOG(0, 0, 0, "I just got a packet claiming to be from a master but _I_ am the master!\n"); if (!h->basetime) { - LOG(0,0,0,0, "Heartbeat from addr %s with zero basetime!\n", inet_toa(addr) ); + LOG(0, 0, 0, "Heartbeat from addr %s with zero basetime!\n", fmtaddr(addr, 0)); return -1; // Skip it. } if (basetime > h->basetime) { - LOG(0,0,0,0, "They're (%s) an older master than me so I'm gone!\n", inet_toa(addr)); + LOG(0, 0, 0, "They're (%s) an older master than me so I'm gone!\n", fmtaddr(addr, 0)); kill(0, SIGTERM); exit(1); } if (basetime == h->basetime && my_address < addr) { // Tie breaker. - LOG(0,0,0,0, "They're a higher IP address than me, so I'm gone!\n"); + LOG(0, 0, 0, "They're a higher IP address than me, so I'm gone!\n"); kill(0, SIGTERM); exit(1); } @@ -1150,7 +1150,7 @@ static int cluster_process_heartbeat(u8 * data, int size, int more, u8 * p, u32 config->cluster_last_hb = TIME; // Reset to ensure that we don't become master!! if (config->cluster_seq_number != h->seq) { // Out of sequence heartbeat! - LOG(1,0,0,0, "HB: Got seq# %d but was expecting %d. asking for resend.\n", h->seq, config->cluster_seq_number); + LOG(1, 0, 0, "HB: Got seq# %d but was expecting %d. asking for resend.\n", h->seq, config->cluster_seq_number); peer_send_message(addr, C_LASTSEEN, config->cluster_seq_number, NULL, 0); @@ -1177,7 +1177,7 @@ static int cluster_process_heartbeat(u8 * data, int size, int more, u8 * p, u32 { if (h->interval != config->cluster_hb_interval) { - LOG(2, 0, 0, 0, "Master set ping/heartbeat interval to %u (was %u)\n", + LOG(2, 0, 0, "Master set ping/heartbeat interval to %u (was %u)\n", h->interval, config->cluster_hb_interval); config->cluster_hb_interval = h->interval; @@ -1185,7 +1185,7 @@ static int cluster_process_heartbeat(u8 * data, int size, int more, u8 * p, u32 if (h->timeout != config->cluster_hb_timeout) { - LOG(2, 0, 0, 0, "Master set heartbeat timeout to %u (was %u)\n", + LOG(2, 0, 0, "Master set heartbeat timeout to %u (was %u)\n", h->timeout, config->cluster_hb_timeout); config->cluster_hb_timeout = h->timeout; @@ -1213,7 +1213,7 @@ static int cluster_process_heartbeat(u8 * data, int size, int more, u8 * p, u32 s -= (p - orig_p); if (size != sizeof(sessiont) ) { // Ouch! Very very bad! - LOG(0,0,0,0, "DANGER: Received a CSESSION that didn't decompress correctly!\n"); + LOG(0, 0, 0, "DANGER: Received a CSESSION that didn't decompress correctly!\n"); // Now what? Should exit! No-longer up to date! break; } @@ -1240,7 +1240,7 @@ static int cluster_process_heartbeat(u8 * data, int size, int more, u8 * p, u32 s -= (p - orig_p); if (size != sizeof(tunnelt) ) { // Ouch! Very very bad! - LOG(0,0,0,0, "DANGER: Received a CSESSION that didn't decompress correctly!\n"); + LOG(0, 0, 0, "DANGER: Received a CSESSION that didn't decompress correctly!\n"); // Now what? Should exit! No-longer up to date! break; } @@ -1259,24 +1259,24 @@ static int cluster_process_heartbeat(u8 * data, int size, int more, u8 * p, u32 s -= sizeof(tunnel[more]); break; default: - LOG(0,0,0,0, "DANGER: I received a heartbeat element where I didn't understand the type! (%d)\n", type); + LOG(0, 0, 0, "DANGER: I received a heartbeat element where I didn't understand the type! (%d)\n", type); return -1; // can't process any more of the packet!! } } + if (config->cluster_master_address != addr) { - char *str; - str = strdup(inet_toa(config->cluster_master_address)); - LOG(0,0,0,0, "My master just changed from %s to %s!\n", str, inet_toa(addr)); - if (str) free(str); + LOG(0, 0, 0, "My master just changed from %s to %s!\n", + fmtaddr(config->cluster_master_address, 0), fmtaddr(addr, 1)); + + config->cluster_master_address = addr; } - config->cluster_master_address = addr; config->cluster_last_hb = TIME; // Successfully received a heartbeat! return 0; shortpacket: - LOG(0,0,0,0, "I got an incomplete heartbeat packet! This means I'm probably out of sync!!\n"); + LOG(0, 0, 0, "I got an incomplete heartbeat packet! This means I'm probably out of sync!!\n"); return -1; } @@ -1293,7 +1293,7 @@ int processcluster(char * data, int size, u32 addr) if (addr == my_address) return -1; // Ignore it. Something looped back the multicast! - LOG(5,0,0,0, "Process cluster: %d bytes from %s\n", size, inet_toa(addr)); + LOG(5, 0, 0, "Process cluster: %d bytes from %s\n", size, fmtaddr(addr, 0)); if (s <= 0) // Any data there?? return -1; @@ -1325,18 +1325,18 @@ int processcluster(char * data, int size, u32 addr) p += sizeof(int); if (!config->cluster_iam_master) { // huh? - LOG(0,0,0,0, "I'm not the master, but I got a C_FORWARD from %s?\n", inet_toa(addr)); + LOG(0, 0, 0, "I'm not the master, but I got a C_FORWARD from %s?\n", fmtaddr(addr, 0)); return -1; } - LOG(4,0,0,0, "Got a forwarded packet... (%s:%d)\n", inet_toa(more), a.sin_port); + LOG(4, 0, 0, "Got a forwarded packet... (%s:%d)\n", fmtaddr(more, 0), a.sin_port); STAT(recv_forward); processudp(p, s, &a); return 0; } case C_THROTTLE: { // Receive a forwarded packet from a slave. if (!config->cluster_iam_master) { - LOG(0,0,0,0, "I'm not the master, but I got a C_THROTTLE from %s?\n", inet_toa(addr)); + LOG(0, 0, 0, "I'm not the master, but I got a C_THROTTLE from %s?\n", fmtaddr(addr, 0)); return -1; } @@ -1346,7 +1346,7 @@ int processcluster(char * data, int size, u32 addr) case C_GARDEN: // Receive a walled garden packet from a slave. if (!config->cluster_iam_master) { - LOG(0,0,0,0, "I'm not the master, but I got a C_GARDEN from %s?\n", inet_toa(addr)); + LOG(0, 0, 0, "I'm not the master, but I got a C_GARDEN from %s?\n", fmtaddr(addr, 0)); return -1; } @@ -1358,37 +1358,37 @@ int processcluster(char * data, int size, u32 addr) case C_KILL: // The master asked us to die!? (usually because we're too out of date). if (config->cluster_iam_master) { - LOG(0,0,0,0, "_I_ am master, but I received a C_KILL from %s! (Seq# %d)\n", inet_toa(addr), more); + LOG(0, 0, 0, "_I_ am master, but I received a C_KILL from %s! (Seq# %d)\n", fmtaddr(addr, 0), more); return -1; } if (more != config->cluster_seq_number) { - LOG(0,0,0,0, "The master asked us to die but the seq number didn't match!?\n"); + LOG(0, 0, 0, "The master asked us to die but the seq number didn't match!?\n"); return -1; } if (addr != config->cluster_master_address) { - LOG(0,0,0,0, "Received a C_KILL from %s which doesn't match config->cluster_master_address (%x)\n", - inet_toa(addr), config->cluster_master_address); + LOG(0, 0, 0, "Received a C_KILL from %s which doesn't match config->cluster_master_address (%s)\n", + fmtaddr(addr, 0), fmtaddr(config->cluster_master_address, 1)); // We can only warn about it. The master might really have switched! } - LOG(0,0,0,0, "Received a valid C_KILL: I'm going to die now.\n"); + LOG(0, 0, 0, "Received a valid C_KILL: I'm going to die now.\n"); kill(0, SIGTERM); exit(0); // Lets be paranoid; return -1; // Just signalling the compiler. case C_HEARTBEAT: - LOG(4,0,0,0, "Got a heartbeat from %s\n", inet_toa(addr)); + LOG(4, 0, 0, "Got a heartbeat from %s\n", fmtaddr(addr, 0)); return cluster_process_heartbeat(data, size, more, p, addr); default: - LOG(0,0,0,0, "Strange type packet received on cluster socket (%d)\n", type); + LOG(0, 0, 0, "Strange type packet received on cluster socket (%d)\n", type); return -1; } return 0; shortpacket: - LOG(0,0,0,0, "I got a _short_ cluster heartbeat packet! This means I'm probably out of sync!!\n"); + LOG(0, 0, 0, "I got a _short_ cluster heartbeat packet! This means I'm probably out of sync!!\n"); return -1; } @@ -1402,14 +1402,16 @@ int cmd_show_cluster(struct cli_def *cli, char *command, char **argv, int argc) return CLI_HELP_NO_ARGS; cli_print(cli, "Cluster status : %s", config->cluster_iam_master ? "Master" : "Slave" ); - cli_print(cli, "My address : %s", inet_toa(my_address)); - cli_print(cli, "VIP address : %s", inet_toa(config->bind_address)); - cli_print(cli, "Multicast address: %s", inet_toa(config->cluster_address)); + cli_print(cli, "My address : %s", fmtaddr(my_address, 0)); + cli_print(cli, "VIP address : %s", fmtaddr(config->bind_address, 0)); + cli_print(cli, "Multicast address: %s", fmtaddr(config->cluster_address, 0)); cli_print(cli, "Multicast i'face : %s", config->cluster_interface); if (!config->cluster_iam_master) { cli_print(cli, "My master : %s (last heartbeat %.1f seconds old)", - config->cluster_master_address ? inet_toa(config->cluster_master_address) : "Not defined", + config->cluster_master_address + ? fmtaddr(config->cluster_master_address, 0) + : "Not defined", 0.1 * (TIME - config->cluster_last_hb)); cli_print(cli, "Uptodate : %s", config->cluster_iam_uptodate ? "Yes" : "No"); cli_print(cli, "Next sequence number expected: %d", config->cluster_seq_number); @@ -1426,7 +1428,7 @@ int cmd_show_cluster(struct cli_def *cli, char *command, char **argv, int argc) if (num_peers) cli_print(cli, "%20s %10s %8s", "Address", "Basetime", "Age"); for (i = 0; i < num_peers; ++i) { - cli_print(cli, "%20s %10d %8d", inet_toa(peers[i].peer), + cli_print(cli, "%20s %10d %8d", fmtaddr(peers[i].peer, 0), peers[i].basetime, TIME - peers[i].timestamp); } return CLI_OK; diff --git a/garden.c b/garden.c index 62f49a2..9369013 100644 --- a/garden.c +++ b/garden.c @@ -9,7 +9,7 @@ /* walled garden */ -char const *cvs_id = "$Id: garden.c,v 1.16 2004-11-18 06:41:03 bodea Exp $"; +char const *cvs_id = "$Id: garden.c,v 1.17 2004-11-29 02:17:17 bodea Exp $"; int plugin_api_version = PLUGIN_API_VERSION; static struct pluginfuncs *p = 0; @@ -47,7 +47,7 @@ int plugin_post_auth(struct param_post_auth *data) // Ignore if user authentication was successful if (data->auth_allowed) return PLUGIN_RET_OK; - p->log(3, 0, 0, 0, "Walled Garden allowing login\n"); + p->log(3, p->get_id_by_session(data->s), data->s->tunnel, "Walled Garden allowing login\n"); data->auth_allowed = 1; data->s->walled_garden = 1; return PLUGIN_RET_OK; @@ -147,7 +147,7 @@ int plugin_become_master(void) for (i = 0; up_commands[i] && *up_commands[i]; i++) { - p->log(3, 0, 0, 0, "Running %s\n", up_commands[i]); + p->log(3, 0, 0, "Running %s\n", up_commands[i]); system(up_commands[i]); } @@ -169,15 +169,17 @@ int plugin_new_session_master(sessiont *s) int garden_session(sessiont *s, int flag) { char cmd[2048]; + sessionidt sess; if (!s) return 0; if (!s->opened) return 0; + sess = p->get_id_by_session(s); if (flag == 1) { - p->log(2, 0, 0, s->tunnel, "Garden user %s (%s)\n", s->user, p->inet_toa(htonl(s->ip))); - snprintf(cmd, sizeof(cmd), "iptables -t nat -A garden_users -s %s -j garden", p->inet_toa(htonl(s->ip))); - p->log(3, 0, 0, s->tunnel, "%s\n", cmd); + p->log(2, sess, s->tunnel, "Garden user %s (%s)\n", s->user, p->fmtaddr(htonl(s->ip), 0)); + snprintf(cmd, sizeof(cmd), "iptables -t nat -A garden_users -s %s -j garden", p->fmtaddr(htonl(s->ip), 0)); + p->log(3, sess, s->tunnel, "%s\n", cmd); system(cmd); s->walled_garden = 1; } @@ -187,7 +189,7 @@ int garden_session(sessiont *s, int flag) int count = 40; // Normal User - p->log(2, 0, 0, s->tunnel, "Un-Garden user %s (%s)\n", s->user, p->inet_toa(htonl(s->ip))); + p->log(2, sess, s->tunnel, "Un-Garden user %s (%s)\n", s->user, p->fmtaddr(htonl(s->ip), 0)); // Kick off any duplicate usernames // but make sure not to kick off ourself if (s->ip && !s->die && (other = p->get_session_by_username(s->user)) && s != p->get_session_by_id(other)) { @@ -197,8 +199,8 @@ int garden_session(sessiont *s, int flag) s->cin = s->cout = 0; s->pin = s->pout = 0; - snprintf(cmd, sizeof(cmd), "iptables -t nat -D garden_users -s %s -j garden", p->inet_toa(htonl(s->ip))); - p->log(3, 0, 0, s->tunnel, "%s\n", cmd); + snprintf(cmd, sizeof(cmd), "iptables -t nat -D garden_users -s %s -j garden", p->fmtaddr(htonl(s->ip), 0)); + p->log(3, sess, s->tunnel, "%s\n", cmd); while (--count) { int status = system(cmd); @@ -242,7 +244,7 @@ int plugin_init(struct pluginfuncs *funcs) int i; for (i = 0; down_commands[i] && *down_commands[i]; i++) { - p->log(3, 0, 0, 0, "Running %s\n", down_commands[i]); + p->log(3, 0, 0, "Running %s\n", down_commands[i]); system(down_commands[i]); } } @@ -259,7 +261,7 @@ void plugin_done() for (i = 0; down_commands[i] && *down_commands[i]; i++) { - p->log(3, 0, 0, 0, "Running %s\n", down_commands[i]); + p->log(3, 0, 0, "Running %s\n", down_commands[i]); system(down_commands[i]); } } diff --git a/l2tpns.c b/l2tpns.c index 99057a3..2c3f345 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.59 2004-11-28 20:10:04 bodea Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.60 2004-11-29 02:17:17 bodea Exp $"; #include #include @@ -194,9 +194,9 @@ clockt backoff(u8 try) // -// Log a debug message. Typically called vias LOG macro +// Log a debug message. Typically called via the LOG macro // -void _log(int level, ipt address, sessionidt s, tunnelidt t, const char *format, ...) +void _log(int level, sessionidt s, tunnelidt t, const char *format, ...) { static char message[65536] = {0}; static char message2[65536] = {0}; @@ -212,7 +212,6 @@ void _log(int level, ipt address, sessionidt s, tunnelidt t, const char *format, ringbuffer->head = 0; ringbuffer->buffer[ringbuffer->tail].level = level; - ringbuffer->buffer[ringbuffer->tail].address = address; ringbuffer->buffer[ringbuffer->tail].session = s; ringbuffer->buffer[ringbuffer->tail].tunnel = t; va_start(ap, format); @@ -249,7 +248,7 @@ void _log_hex(int level, const char *title, const char *data, int maxsize) // No support for _log_hex to syslog if (log_stream) { - _log(level, 0, 0, 0, "%s (%d bytes):\n", title, maxsize); + _log(level, 0, 0, "%s (%d bytes):\n", title, maxsize); setvbuf(log_stream, NULL, _IOFBF, 16384); for (i = 0; i < maxsize; ) @@ -322,14 +321,12 @@ static void routeset(sessionidt s, ipt ip, ipt mask, ipt gw, u8 add) else if (mask == 0xffffffff) r.rt_flags |= RTF_HOST; - LOG(1, ip, 0, 0, "Route %s %u.%u.%u.%u/%u.%u.%u.%u %u.%u.%u.%u\n", - add ? "add" : "del", - ip >> 24, ip >> 16 & 0xff, ip >> 8 & 0xff, ip & 0xff, - mask >> 24, mask >> 16 & 0xff, mask >> 8 & 0xff, mask & 0xff, - gw >> 24, gw >> 16 & 0xff, gw >> 8 & 0xff, gw & 0xff); + LOG(1, s, 0, "Route %s %s/%s%s%s\n", add ? "add" : "del", + fmtaddr(htonl(ip), 0), fmtaddr(htonl(mask), 1), + gw ? " via" : "", gw ? fmtaddr(htonl(gw), 2) : ""); if (ioctl(ifrfd, add ? SIOCADDRT : SIOCDELRT, (void *) &r) < 0) - LOG(0, 0, 0, 0, "routeset() error in ioctl: %s\n", strerror(errno)); + LOG(0, 0, 0, "routeset() error in ioctl: %s\n", strerror(errno)); #ifdef BGP if (add) @@ -368,7 +365,7 @@ static void inittun(void) tunfd = open(TUNDEVICE, O_RDWR); if (tunfd < 0) { // fatal - LOG(0, 0, 0, 0, "Can't open %s: %s\n", TUNDEVICE, strerror(errno)); + LOG(0, 0, 0, "Can't open %s: %s\n", TUNDEVICE, strerror(errno)); exit(1); } { @@ -377,7 +374,7 @@ static void inittun(void) } if (ioctl(tunfd, TUNSETIFF, (void *) &ifr) < 0) { - LOG(0, 0, 0, 0, "Can't set tun interface: %s\n", strerror(errno)); + LOG(0, 0, 0, "Can't set tun interface: %s\n", strerror(errno)); exit(1); } assert(strlen(ifr.ifr_name) < sizeof(config->tundevice)); @@ -390,20 +387,20 @@ static void inittun(void) if (ioctl(ifrfd, SIOCSIFADDR, (void *) &ifr) < 0) { - LOG(0, 0, 0, 0, "Error setting tun address: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error setting tun address: %s\n", strerror(errno)); exit(1); } /* Bump up the qlen to deal with bursts from the network */ ifr.ifr_qlen = 1000; if (ioctl(ifrfd, SIOCSIFTXQLEN, (void *) &ifr) < 0) { - LOG(0, 0, 0, 0, "Error setting tun queue length: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error setting tun queue length: %s\n", strerror(errno)); exit(1); } ifr.ifr_flags = IFF_UP; if (ioctl(ifrfd, SIOCSIFFLAGS, (void *) &ifr) < 0) { - LOG(0, 0, 0, 0, "Error setting tun flags: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error setting tun flags: %s\n", strerror(errno)); exit(1); } } @@ -427,7 +424,7 @@ static void initudp(void) } if (bind(udpfd, (void *) &addr, sizeof(addr)) < 0) { - LOG(0, 0, 0, 0, "Error in UDP bind: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error in UDP bind: %s\n", strerror(errno)); exit(1); } snoopfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); @@ -440,7 +437,7 @@ static void initudp(void) setsockopt(controlfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); if (bind(controlfd, (void *) &addr, sizeof(addr)) < 0) { - LOG(0, 0, 0, 0, "Error in control bind: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error in control bind: %s\n", strerror(errno)); exit(1); } } @@ -511,9 +508,10 @@ static void cache_ipmap(ipt ip, int s) d[(size_t) a[3]] = (char *)((int)s); if (s > 0) - LOG(4, ip, s, session[s].tunnel, "Caching ip address %s\n", inet_toa(nip)); + LOG(4, s, session[s].tunnel, "Caching ip address %s\n", fmtaddr(nip, 0)); + else if (s == 0) - LOG(4, ip, 0, 0, "Un-caching ip address %s\n", inet_toa(nip)); + LOG(4, 0, 0, "Un-caching ip address %s\n", fmtaddr(nip, 0)); // else a map to an ip pool index. } @@ -598,21 +596,21 @@ void send_garp(ipt ip) s = socket(PF_INET, SOCK_DGRAM, 0); if (s < 0) { - LOG(0, 0, 0, 0, "Error creating socket for GARP: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error creating socket for GARP: %s\n", strerror(errno)); return; } memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, "eth0", sizeof(ifr.ifr_name) - 1); if (ioctl(s, SIOCGIFHWADDR, &ifr) < 0) { - LOG(0, 0, 0, 0, "Error getting eth0 hardware address for GARP: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error getting eth0 hardware address for GARP: %s\n", strerror(errno)); close(s); return; } memcpy(mac, &ifr.ifr_hwaddr.sa_data, 6*sizeof(char)); if (ioctl(s, SIOCGIFINDEX, &ifr) < 0) { - LOG(0, 0, 0, 0, "Error getting eth0 interface index for GARP: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error getting eth0 interface index for GARP: %s\n", strerror(errno)); close(s); return; } @@ -644,7 +642,7 @@ void tunnelsend(u8 * buf, u16 l, tunnelidt t) if (!t) { static int backtrace_count = 0; - LOG(0, 0, 0, t, "tunnelsend called with 0 as tunnel id\n"); + LOG(0, 0, t, "tunnelsend called with 0 as tunnel id\n"); STAT(tunnel_tx_errors); log_backtrace(backtrace_count, 5) return; @@ -653,7 +651,7 @@ void tunnelsend(u8 * buf, u16 l, tunnelidt t) if (!tunnel[t].ip) { static int backtrace_count = 0; - LOG(1, 0, 0, t, "Error sending data out tunnel: no remote endpoint (tunnel not set up)\n"); + LOG(1, 0, t, "Error sending data out tunnel: no remote endpoint (tunnel not set up)\n"); log_backtrace(backtrace_count, 5) STAT(tunnel_tx_errors); return; @@ -675,13 +673,13 @@ void tunnelsend(u8 * buf, u16 l, tunnelidt t) if (tunnel[t].try > 1) { STAT(tunnel_retries); - LOG(3, tunnel[t].ip, 0, t, "Control message resend try %d\n", tunnel[t].try); + LOG(3, 0, t, "Control message resend try %d\n", tunnel[t].try); } } if (sendto(udpfd, buf, l, 0, (void *) &addr, sizeof(addr)) < 0) { - LOG(0, tunnel[t].ip, ntohs((*(u16 *) (buf + 6))), t, "Error sending data out tunnel: %s (udpfd=%d, buf=%p, len=%d, dest=%s)\n", + LOG(0, ntohs((*(u16 *) (buf + 6))), t, "Error sending data out tunnel: %s (udpfd=%d, buf=%p, len=%d, dest=%s)\n", strerror(errno), udpfd, buf, l, inet_ntoa(addr.sin_addr)); STAT(tunnel_tx_errors); return; @@ -719,13 +717,13 @@ static void processipout(u8 * buf, int len) if (len < MIN_IP_SIZE) { - LOG(1, 0, 0, 0, "Short IP, %d bytes\n", len); + LOG(1, 0, 0, "Short IP, %d bytes\n", len); STAT(tunnel_tx_errors); return; } if (len >= MAXETHER) { - LOG(1, 0, 0, 0, "Oversize IP packet %d bytes\n", len); + LOG(1, 0, 0, "Oversize IP packet %d bytes\n", len); STAT(tunnel_tx_errors); return; } @@ -737,7 +735,7 @@ static void processipout(u8 * buf, int len) // Got an IP header now if (*(u8 *)(buf) >> 4 != 4) { - LOG(1, 0, 0, 0, "IP: Don't understand anything except IPv4\n"); + LOG(1, 0, 0, "IP: Don't understand anything except IPv4\n"); return; } @@ -756,7 +754,7 @@ static void processipout(u8 * buf, int len) if (rate++ < config->icmp_rate) // Only send a max of icmp_rate per second. { - LOG(4, 0, 0, 0, "IP: Sending ICMP host unreachable to %s\n", inet_toa(*(u32 *)(buf + 12))); + LOG(4, 0, 0, "IP: Sending ICMP host unreachable to %s\n", fmtaddr(*(u32 *)(buf + 12), 0)); host_unreachable(*(u32 *)(buf + 12), *(u16 *)(buf + 4), ip, buf, (len < 64) ? 64 : len); } return; @@ -784,7 +782,7 @@ static void processipout(u8 * buf, int len) return; } - LOG(5, session[s].ip, s, t, "Ethernet -> Tunnel (%d bytes)\n", len); + LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len); // Add on L2TP header { @@ -818,7 +816,7 @@ static void send_ipout(sessionidt s, u8 *buf, int len) if (len < 0 || len > MAXETHER) { - LOG(1,0,0,0, "Odd size IP packet: %d bytes\n", len); + LOG(1, 0, 0, "Odd size IP packet: %d bytes\n", len); return; } @@ -834,7 +832,7 @@ static void send_ipout(sessionidt s, u8 *buf, int len) t = session[s].tunnel; sp = &session[s]; - LOG(5, session[s].ip, s, t, "Ethernet -> Tunnel (%d bytes)\n", len); + LOG(5, s, t, "Ethernet -> Tunnel (%d bytes)\n", len); // Add on L2TP header { @@ -1054,14 +1052,14 @@ void sessionshutdown(sessionidt s, char *reason) if (!session[s].tunnel) { - LOG(3, session[s].ip, s, session[s].tunnel, "Called sessionshutdown on a session with no tunnel.\n"); + LOG(3, s, session[s].tunnel, "Called sessionshutdown on a session with no tunnel.\n"); return; // not a live session } if (!session[s].die) { struct param_kill_session data = { &tunnel[session[s].tunnel], &session[s] }; - LOG(2, 0, s, session[s].tunnel, "Shutting down session %d: %s\n", s, reason); + LOG(2, s, session[s].tunnel, "Shutting down session %d: %s\n", s, reason); run_plugins(PLUGIN_KILL_SESSION, &data); } @@ -1073,7 +1071,7 @@ void sessionshutdown(sessionidt s, char *reason) { if (!(r = radiusnew(s))) { - LOG(1, 0, s, session[s].tunnel, "No free RADIUS sessions for Stop message\n"); + LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Stop message\n"); STAT(radius_overflow); } else @@ -1182,7 +1180,7 @@ static void sessionkill(sessionidt s, char *reason) if (session[s].radius) radiusclear(session[s].radius, s); // cant send clean accounting data, session is killed - LOG(2, 0, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason); + LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason); memset(&session[s], 0, sizeof(session[s])); session[s].tunnel = T_FREE; // Mark it as free. @@ -1225,7 +1223,7 @@ static void tunnelkill(tunnelidt t, char *reason) // free tunnel tunnelclear(t); - LOG(1, 0, 0, t, "Kill tunnel %d: %s\n", t, reason); + LOG(1, 0, t, "Kill tunnel %d: %s\n", t, reason); cli_tunnel_actions[s].action = 0; cluster_send_tunnel(t); } @@ -1243,7 +1241,7 @@ static void tunnelshutdown(tunnelidt t, char *reason) tunnelkill(t, reason); return; } - LOG(1, 0, 0, t, "Shutting down tunnel %d (%s)\n", t, reason); + LOG(1, 0, t, "Shutting down tunnel %d (%s)\n", t, reason); // close session for (s = 1; s < MAXSESSION; s++) @@ -1279,13 +1277,13 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) INC_STAT(tunnel_rx_bytes, len); if (len < 6) { - LOG(1, ntohl(addr->sin_addr.s_addr), 0, 0, "Short UDP, %d bytes\n", len); + LOG(1, 0, 0, "Short UDP, %d bytes\n", len); STAT(tunnel_rx_errors); return; } if ((buf[1] & 0x0F) != 2) { - LOG(1, ntohl(addr->sin_addr.s_addr), 0, 0, "Bad L2TP ver %d\n", (buf[1] & 0x0F) != 2); + LOG(1, 0, 0, "Bad L2TP ver %d\n", (buf[1] & 0x0F) != 2); STAT(tunnel_rx_errors); return; } @@ -1300,13 +1298,13 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) p += 2; if (s >= MAXSESSION) { - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Received UDP packet with invalid session ID\n"); + LOG(1, s, t, "Received UDP packet with invalid session ID\n"); STAT(tunnel_rx_errors); return; } if (t >= MAXTUNNEL) { - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Received UDP packet with invalid tunnel ID\n"); + LOG(1, s, t, "Received UDP packet with invalid tunnel ID\n"); STAT(tunnel_rx_errors); return; } @@ -1324,7 +1322,7 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) } if ((p - buf) > l) { - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Bad length %d>%d\n", (p - buf), l); + LOG(1, s, t, "Bad length %d>%d\n", (p - buf), l); STAT(tunnel_rx_errors); return; } @@ -1351,7 +1349,7 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) if ((*buf & 0xCA) != 0xC8) { - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Bad control header %02X\n", *buf); + LOG(1, s, t, "Bad control header %02X\n", *buf); STAT(tunnel_rx_errors); return; } @@ -1371,20 +1369,20 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) tunnel[i].port != ntohs(addr->sin_port) ) continue; t = i; - LOG(3, ntohl(addr->sin_addr.s_addr), s, t, "Duplicate SCCRQ?\n"); + LOG(3, s, t, "Duplicate SCCRQ?\n"); break; } } - LOG(3, ntohl(addr->sin_addr.s_addr), s, t, "Control message (%d bytes): (unacked %d) l-ns %d l-nr %d r-ns %d r-nr %d\n", - l, tunnel[t].controlc, tunnel[t].ns, tunnel[t].nr, ns, nr); + LOG(3, s, t, "Control message (%d bytes): (unacked %d) l-ns %d l-nr %d r-ns %d r-nr %d\n", + l, tunnel[t].controlc, tunnel[t].ns, tunnel[t].nr, ns, nr); // if no tunnel specified, assign one if (!t) { if (!(t = new_tunnel())) { - LOG(1, ntohl(addr->sin_addr.s_addr), 0, 0, "No more tunnels\n"); + LOG(1, 0, 0, "No more tunnels\n"); STAT(tunnel_overflow); return; } @@ -1393,9 +1391,8 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) tunnel[t].port = ntohs(addr->sin_port); tunnel[t].window = 4; // default window STAT(tunnel_created); - LOG(1, ntohl(addr->sin_addr.s_addr), 0, t, " New tunnel from %u.%u.%u.%u/%u ID %d\n", - tunnel[t].ip >> 24, tunnel[t].ip >> 16 & 255, - tunnel[t].ip >> 8 & 255, tunnel[t].ip & 255, tunnel[t].port, t); + LOG(1, 0, t, " New tunnel from %s:%u ID %d\n", + fmtaddr(htonl(tunnel[t].ip), 0), tunnel[t].port, t); } // If the 'ns' just received is not the 'nr' we're @@ -1408,7 +1405,7 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) { // is this the sequence we were expecting? STAT(tunnel_rx_errors); - LOG(1, ntohl(addr->sin_addr.s_addr), 0, t, " Out of sequence tunnel %d, (%d is not the expected %d)\n", + LOG(1, 0, t, " Out of sequence tunnel %d, (%d is not the expected %d)\n", t, ns, tunnel[t].nr); if (l) // Is this not a ZLB? @@ -1470,7 +1467,7 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) p += n; // next if (l < n) { - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Invalid length in AVP\n"); + LOG(1, s, t, "Invalid length in AVP\n"); STAT(tunnel_rx_errors); fatal = flags; return; @@ -1481,17 +1478,17 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) // handle hidden AVPs if (!*config->l2tpsecret) { - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Hidden AVP requested, but no L2TP secret.\n"); + LOG(1, s, t, "Hidden AVP requested, but no L2TP secret.\n"); fatal = flags; continue; } if (!session[s].random_vector_length) { - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Hidden AVP requested, but no random vector.\n"); + LOG(1, s, t, "Hidden AVP requested, but no random vector.\n"); fatal = flags; continue; } - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, "Hidden AVP\n"); + LOG(4, s, t, "Hidden AVP\n"); // Unhide the AVP n = unhide_avp(b, t, s, n); if (n == 0) @@ -1502,14 +1499,14 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) } if (*b & 0x3C) { - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Unrecognised AVP flags %02X\n", *b); + LOG(1, s, t, "Unrecognised AVP flags %02X\n", *b); fatal = flags; continue; // next } b += 2; if (*(u16 *) (b)) { - LOG(2, ntohl(addr->sin_addr.s_addr), s, t, "Unknown AVP vendor %d\n", ntohs(*(u16 *) (b))); + LOG(2, s, t, "Unknown AVP vendor %d\n", ntohs(*(u16 *) (b))); fatal = flags; continue; // next } @@ -1518,13 +1515,12 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) b += 2; n -= 6; - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " AVP %d (%s) len %d\n", mtype, avpnames[mtype], n); + LOG(4, s, t, " AVP %d (%s) len %d\n", mtype, avpnames[mtype], n); switch (mtype) { case 0: // message type message = ntohs(*(u16 *) b); - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Message type = %d (%s)\n", *b, - l2tp_message_types[message]); + LOG(4, s, t, " Message type = %d (%s)\n", *b, l2tp_message_types[message]); mandatorymessage = flags; break; case 1: // result code @@ -1542,20 +1538,17 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) resdesc = cdn_result_codes[rescode]; } - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Result Code %d: %s\n", - rescode, resdesc); + LOG(4, s, t, " Result Code %d: %s\n", rescode, resdesc); if (n >= 4) { u16 errcode = ntohs(*(u16 *)(b + 2)); const char* errdesc = "(unknown)"; if (errcode <= MAX_ERROR_CODE) errdesc = error_codes[errcode]; - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Error Code %d: %s\n", - errcode, errdesc); + LOG(4, s, t, " Error Code %d: %s\n", errcode, errdesc); } if (n > 4) - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Error String: %.*s\n", - n-4, b+4); + LOG(4, s, t, " Error String: %.*s\n", n-4, b+4); break; } @@ -1563,85 +1556,84 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) case 2: // protocol version { version = ntohs(*(u16 *) (b)); - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Protocol version = %d\n", version); + LOG(4, s, t, " Protocol version = %d\n", version); if (version && version != 0x0100) { // allow 0.0 and 1.0 - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, " Bad protocol version %04X\n", - version); + LOG(1, s, t, " Bad protocol version %04X\n", version); fatal = flags; continue; // next } } break; case 3: // framing capabilities -// LOG(4, ntohl(addr->sin_addr.s_addr), s, t, "Framing capabilities\n"); +// LOG(4, s, t, "Framing capabilities\n"); break; case 4: // bearer capabilities -// LOG(4, ntohl(addr->sin_addr.s_addr), s, t, "Bearer capabilities\n"); +// LOG(4, s, t, "Bearer capabilities\n"); break; case 5: // tie breaker // We never open tunnels, so we don't care about tie breakers -// LOG(4, ntohl(addr->sin_addr.s_addr), s, t, "Tie breaker\n"); +// LOG(4, s, t, "Tie breaker\n"); continue; case 6: // firmware revision -// LOG(4, ntohl(addr->sin_addr.s_addr), s, t, "Firmware revision\n"); +// LOG(4, s, t, "Firmware revision\n"); break; case 7: // host name memset(tunnel[t].hostname, 0, 128); memcpy(tunnel[t].hostname, b, (n >= 127) ? 127 : n); - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Tunnel hostname = \"%s\"\n", tunnel[t].hostname); + LOG(4, s, t, " Tunnel hostname = \"%s\"\n", tunnel[t].hostname); // TBA - to send to RADIUS break; case 8: // vendor name memset(tunnel[t].vendor, 0, sizeof(tunnel[t].vendor)); memcpy(tunnel[t].vendor, b, (n >= sizeof(tunnel[t].vendor) - 1) ? sizeof(tunnel[t].vendor) - 1 : n); - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Vendor name = \"%s\"\n", tunnel[t].vendor); + LOG(4, s, t, " Vendor name = \"%s\"\n", tunnel[t].vendor); break; case 9: // assigned tunnel tunnel[t].far = ntohs(*(u16 *) (b)); - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Remote tunnel id = %d\n", tunnel[t].far); + LOG(4, s, t, " Remote tunnel id = %d\n", tunnel[t].far); break; case 10: // rx window tunnel[t].window = ntohs(*(u16 *) (b)); if (!tunnel[t].window) tunnel[t].window = 1; // window of 0 is silly - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " rx window = %d\n", tunnel[t].window); + LOG(4, s, t, " rx window = %d\n", tunnel[t].window); break; case 11: // Challenge { - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " LAC requested CHAP authentication for tunnel\n"); + LOG(4, s, t, " LAC requested CHAP authentication for tunnel\n"); build_chap_response(b, 2, n, &chapresponse); } break; case 13: // Response // Why did they send a response? We never challenge. - LOG(2, ntohl(addr->sin_addr.s_addr), s, t, " received unexpected challenge response\n"); + LOG(2, s, t, " received unexpected challenge response\n"); break; case 14: // assigned session asession = session[s].far = ntohs(*(u16 *) (b)); - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " assigned session = %d\n", asession); + LOG(4, s, t, " assigned session = %d\n", asession); break; case 15: // call serial number - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " call serial number = %d\n", ntohl(*(u32 *)b)); + LOG(4, s, t, " call serial number = %d\n", ntohl(*(u32 *)b)); break; case 18: // bearer type - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " bearer type = %d\n", ntohl(*(u32 *)b)); + LOG(4, s, t, " bearer type = %d\n", ntohl(*(u32 *)b)); // TBA - for RADIUS break; case 19: // framing type - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " framing type = %d\n", ntohl(*(u32 *)b)); + LOG(4, s, t, " framing type = %d\n", ntohl(*(u32 *)b)); // TBA break; case 21: // called number memset(called, 0, MAXTEL); memcpy(called, b, (n >= MAXTEL) ? (MAXTEL-1) : n); - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Called <%s>\n", called); + LOG(4, s, t, " Called <%s>\n", called); break; case 22: // calling number memset(calling, 0, MAXTEL); memcpy(calling, b, (n >= MAXTEL) ? (MAXTEL-1) : n); - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Calling <%s>\n", calling); + LOG(4, s, t, " Calling <%s>\n", calling); break; case 23: // subtype break; @@ -1657,8 +1649,7 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) memcpy(tmp, b, (n >= 30) ? 30 : n); session[s].tx_connect_speed = atol(tmp); } - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " TX connect speed <%u>\n", - session[s].tx_connect_speed); + LOG(4, s, t, " TX connect speed <%u>\n", session[s].tx_connect_speed); break; case 38: // rx connect speed if (n == 4) @@ -1672,20 +1663,18 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) memcpy(tmp, b, (n >= 30) ? 30 : n); session[s].rx_connect_speed = atol(tmp); } - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " RX connect speed <%u>\n", - session[s].rx_connect_speed); + LOG(4, s, t, " RX connect speed <%u>\n", session[s].rx_connect_speed); break; case 25: // Physical Channel ID { u32 tmp = ntohl(*(u32 *)b); - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Physical Channel ID <%X>\n", tmp); + LOG(4, s, t, " Physical Channel ID <%X>\n", tmp); break; } case 29: // Proxy Authentication Type { u16 authtype = ntohs(*(u16 *)b); - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Proxy Auth Type %d (%s)\n", - authtype, authtypes[authtype]); + LOG(4, s, t, " Proxy Auth Type %d (%s)\n", authtype, authtypes[authtype]); requestchap = (authtype == 2); break; } @@ -1693,21 +1682,20 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) { char authname[64] = {0}; memcpy(authname, b, (n > 63) ? 63 : n); - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Proxy Auth Name (%s)\n", + LOG(4, s, t, " Proxy Auth Name (%s)\n", authname); break; } case 31: // Proxy Authentication Challenge { memcpy(radius[session[s].radius].auth, b, 16); - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Proxy Auth Challenge\n"); + LOG(4, s, t, " Proxy Auth Challenge\n"); break; } case 32: // Proxy Authentication ID { u16 authid = ntohs(*(u16 *)(b)); - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Proxy Auth ID (%d)\n", - authid); + LOG(4, s, t, " Proxy Auth ID (%d)\n", authid); if (session[s].radius) radius[session[s].radius].id = authid; break; @@ -1716,7 +1704,7 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) { char authresp[64] = {0}; memcpy(authresp, b, (n > 63) ? 63 : n); - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Proxy Auth Response\n"); + LOG(4, s, t, " Proxy Auth Response\n"); break; } case 27: // last send lcp @@ -1743,13 +1731,13 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) case 39: // seq required - we control it as an LNS anyway... break; case 36: // Random Vector - LOG(4, ntohl(addr->sin_addr.s_addr), s, t, " Random Vector received. Enabled AVP Hiding.\n"); + LOG(4, s, t, " Random Vector received. Enabled AVP Hiding.\n"); memset(session[s].random_vector, 0, sizeof(session[s].random_vector)); memcpy(session[s].random_vector, b, n); session[s].random_vector_length = n; break; default: - LOG(2, ntohl(addr->sin_addr.s_addr), s, t, " Unknown AVP type %d\n", mtype); + LOG(2, s, t, " Unknown AVP type %d\n", mtype); fatal = flags; continue; // next } @@ -1817,7 +1805,7 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) // make a RADIUS session if (!(r = radiusnew(s))) { - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "No free RADIUS sessions for ICRQ\n"); + LOG(1, s, t, "No free RADIUS sessions for ICRQ\n"); sessionkill(s, "no free RADIUS sesions"); return; } @@ -1828,7 +1816,7 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) session[s].tunnel = t; session[s].far = asession; session[s].last_packet = time_now; - LOG(3, ntohl(addr->sin_addr.s_addr), s, t, "New session (%d/%d)\n", tunnel[t].far, session[s].far); + LOG(3, s, t, "New session (%d/%d)\n", tunnel[t].far, session[s].far); control16(c, 14, s, 1); // assigned session controladd(c, t, s); // send the reply { @@ -1850,7 +1838,7 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) if (amagic == 0) amagic = time_now; session[s].magic = amagic; // set magic number session[s].l2tp_flags = aflags; // set flags received - LOG(3, ntohl(addr->sin_addr.s_addr), s, t, "Magic %X Flags %X\n", amagic, aflags); + LOG(3, s, t, "Magic %X Flags %X\n", amagic, aflags); controlnull(t); // ack // In CHAP state, request PAP instead if (requestchap) @@ -1861,14 +1849,14 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) sessionshutdown(s, "Closed (Received CDN)"); break; case 0xFFFF: - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Missing message type\n"); + LOG(1, s, t, "Missing message type\n"); break; default: STAT(tunnel_rx_errors); if (mandatorymessage & 0x80) tunnelshutdown(t, "Unknown message"); else - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Unknown message type %d\n", message); + LOG(1, s, t, "Unknown message type %d\n", message); break; } if (chapresponse) free(chapresponse); @@ -1876,7 +1864,7 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) } else { - LOG(4, 0, s, t, " Got a ZLB ack\n"); + LOG(4, s, t, " Got a ZLB ack\n"); } } else @@ -1891,7 +1879,7 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) } if (l < 2) { - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Short ppp length %d\n", l); + LOG(1, s, t, "Short ppp length %d\n", l); STAT(tunnel_rx_errors); return; } @@ -1917,16 +1905,16 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) } - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "UDP packet contains session %d " - "but no session[%d].tunnel exists (LAC said" - " tunnel = %d). Dropping packet.\n", s, s, t); + LOG(1, s, t, "UDP packet contains session %d but no session[%d].tunnel " + "exists (LAC said tunnel = %d). Dropping packet.\n", s, s, t); + STAT(tunnel_rx_errors); return; } if (session[s].die) { - LOG(3, ntohl(addr->sin_addr.s_addr), s, t, "Session %d is closing. Don't process PPP packets\n", s); + LOG(3, s, t, "Session %d is closing. Don't process PPP packets\n", s); // I'm pretty sure this isn't right -- mo. // return; // closing session, PPP not processed } @@ -1973,7 +1961,7 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) else { STAT(tunnel_rx_errors); - LOG(1, ntohl(addr->sin_addr.s_addr), s, t, "Unknown PPP protocol %04X\n", prot); + LOG(1, s, t, "Unknown PPP protocol %04X\n", prot); } } } @@ -1991,7 +1979,7 @@ static void processtun(u8 * buf, int len) eth_rx += len; if (len < 22) { - LOG(1, 0, 0, 0, "Short tun packet %d bytes\n", len); + LOG(1, 0, 0, "Short tun packet %d bytes\n", len); STAT(tun_rx_errors); return; } @@ -2016,7 +2004,7 @@ static int regular_cleanups(void) static clockt next_acct = 0; int a; - LOG(3, 0, 0, 0, "Begin regular cleanup\n"); + LOG(3, 0, 0, "Begin regular cleanup\n"); for (r = 1; r < MAXRADIUS; r++) { @@ -2062,7 +2050,7 @@ static int regular_cleanups(void) { controlt *c = controlnew(6); // sending HELLO controladd(c, t, 0); // send the message - LOG(3, tunnel[t].ip, 0, t, "Sending HELLO message\n"); + LOG(3, 0, t, "Sending HELLO message\n"); } // Check for tunnel changes requested from the CLI @@ -2071,7 +2059,7 @@ static int regular_cleanups(void) cli_tunnel_actions[t].action = 0; if (a & CLI_TUN_KILL) { - LOG(2, tunnel[t].ip, 0, t, "Dropping tunnel by CLI\n"); + LOG(2, 0, t, "Dropping tunnel by CLI\n"); tunnelshutdown(t, "Requested by administrator"); } } @@ -2091,7 +2079,7 @@ static int regular_cleanups(void) if (!session[s].die && session[s].ip && !(session[s].flags & SF_IPCP_ACKED)) { // IPCP has not completed yet. Resend - LOG(3, session[s].ip, s, session[s].tunnel, "No ACK for initial IPCP ConfigReq... resending\n"); + LOG(3, s, session[s].tunnel, "No ACK for initial IPCP ConfigReq... resending\n"); sendipcp(session[s].tunnel, s); } @@ -2125,7 +2113,7 @@ static int regular_cleanups(void) *(u16 *)(q + 2) = htons(8); // Length *(u32 *)(q + 4) = 0; // Magic Number (not supported) - LOG(4, session[s].ip, s, session[s].tunnel, "No data in %d seconds, sending LCP ECHO\n", + LOG(4, s, session[s].tunnel, "No data in %d seconds, sending LCP ECHO\n", (int)(time_now - session[s].last_packet)); tunnelsend(b, 24, session[s].tunnel); // send it if (++count >= MAX_ACTIONS) break; @@ -2139,22 +2127,23 @@ static int regular_cleanups(void) cli_session_actions[s].action = 0; if (a & CLI_SESS_KILL) { - LOG(2, 0, s, session[s].tunnel, "Dropping session by CLI\n"); + LOG(2, s, session[s].tunnel, "Dropping session by CLI\n"); sessionshutdown(s, "Requested by administrator"); a = 0; // dead, no need to check for other actions } if (a & CLI_SESS_NOSNOOP) { - LOG(2, 0, s, session[s].tunnel, "Unsnooping session by CLI\n"); + LOG(2, s, session[s].tunnel, "Unsnooping session by CLI\n"); session[s].snoop_ip = 0; session[s].snoop_port = 0; send++; } else if (a & CLI_SESS_SNOOP) { - LOG(2, 0, s, session[s].tunnel, "Snooping session by CLI (to %s:%d)\n", - inet_toa(cli_session_actions[s].snoop_ip), cli_session_actions[s].snoop_port); + LOG(2, s, session[s].tunnel, "Snooping session by CLI (to %s:%d)\n", + fmtaddr(cli_session_actions[s].snoop_ip, 0), + cli_session_actions[s].snoop_port); session[s].snoop_ip = cli_session_actions[s].snoop_ip; session[s].snoop_port = cli_session_actions[s].snoop_port; @@ -2163,13 +2152,13 @@ static int regular_cleanups(void) if (a & CLI_SESS_NOTHROTTLE) { - LOG(2, 0, s, session[s].tunnel, "Un-throttling session by CLI\n"); + LOG(2, s, session[s].tunnel, "Un-throttling session by CLI\n"); throttle_session(s, 0, 0); send++; } else if (a & CLI_SESS_THROTTLE) { - LOG(2, 0, s, session[s].tunnel, "Throttling session by CLI (to %dkb/s up and %dkb/s down)\n", + LOG(2, s, session[s].tunnel, "Throttling session by CLI (to %dkb/s up and %dkb/s down)\n", cli_session_actions[s].throttle_in, cli_session_actions[s].throttle_out); @@ -2179,13 +2168,13 @@ static int regular_cleanups(void) if (a & CLI_SESS_NOFILTER) { - LOG(2, 0, s, session[s].tunnel, "Un-filtering session by CLI\n"); + LOG(2, s, session[s].tunnel, "Un-filtering session by CLI\n"); filter_session(s, 0, 0); send++; } else if (a & CLI_SESS_FILTER) { - LOG(2, 0, s, session[s].tunnel, "Filtering session by CLI (in=%d, out=%d)\n", + LOG(2, s, session[s].tunnel, "Filtering session by CLI (in=%d, out=%d)\n", cli_session_actions[s].filter_in, cli_session_actions[s].filter_out); @@ -2210,7 +2199,7 @@ static int regular_cleanups(void) if (count >= MAX_ACTIONS) return 1; // Didn't finish! - LOG(3, 0, 0, 0, "End regular cleanup (%d actions), next in %d seconds\n", count, config->cleanup_interval); + LOG(3, 0, 0, "End regular cleanup (%d actions), next in %d seconds\n", count, config->cleanup_interval); return 0; } @@ -2234,7 +2223,7 @@ static int still_busy(void) if (last_talked != TIME) { - LOG(2,0,0,0, "Tunnel %d still has un-acked control messages.\n", i); + LOG(2, 0, 0, "Tunnel %d still has un-acked control messages.\n", i); last_talked = TIME; } return 1; @@ -2243,7 +2232,7 @@ static int still_busy(void) // We stop waiting for radius after BUSY_WAIT_TIME 1/10th seconds if (abs(TIME - start_busy_wait) > BUSY_WAIT_TIME) { - LOG(1, 0, 0, 0, "Giving up waiting for RADIUS to be empty. Shutting down anyway.\n"); + LOG(1, 0, 0, "Giving up waiting for RADIUS to be empty. Shutting down anyway.\n"); return 0; } @@ -2256,7 +2245,7 @@ static int still_busy(void) if (last_talked != TIME) { - LOG(2,0,0,0, "Radius session %d is still busy (sid %d)\n", i, radius[i].session); + LOG(2, 0, 0, "Radius session %d is still busy (sid %d)\n", i, radius[i].session); last_talked = TIME; } return 1; @@ -2277,8 +2266,8 @@ static void mainloop(void) clockt next_cluster_ping = 0; // send initial ping immediately time_t next_clean = time_now + config->cleanup_interval; - LOG(4, 0, 0, 0, "Beginning of main loop. udpfd=%d, tunfd=%d, cluster_sockfd=%d, controlfd=%d\n", - udpfd, tunfd, cluster_sockfd, controlfd); + LOG(4, 0, 0, "Beginning of main loop. udpfd=%d, tunfd=%d, cluster_sockfd=%d, controlfd=%d\n", + udpfd, tunfd, cluster_sockfd, controlfd); FD_ZERO(&readset); FD_SET(udpfd, &readset); @@ -2343,7 +2332,7 @@ static void mainloop(void) errno == ECHILD) // EINTR was clobbered by sigchild_handler() continue; - LOG(0, 0, 0, 0, "Error returned from select(): %s\n", strerror(errno)); + LOG(0, 0, 0, "Error returned from select(): %s\n", strerror(errno)); main_quit++; break; } @@ -2397,7 +2386,7 @@ static void mainloop(void) if ((sockfd = accept(clifd, (struct sockaddr *)&addr, &len)) <= 0) { - LOG(0, 0, 0, 0, "accept error: %s\n", strerror(errno)); + LOG(0, 0, 0, "accept error: %s\n", strerror(errno)); continue; } else @@ -2550,12 +2539,12 @@ static void initdata(int optdebug, char *optconfig) if (!(_statistics = shared_malloc(sizeof(struct Tstats)))) { - LOG(0, 0, 0, 0, "Error doing malloc for _statistics: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error doing malloc for _statistics: %s\n", strerror(errno)); exit(1); } if (!(config = shared_malloc(sizeof(configt)))) { - LOG(0, 0, 0, 0, "Error doing malloc for configuration: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error doing malloc for configuration: %s\n", strerror(errno)); exit(1); } memset(config, 0, sizeof(configt)); @@ -2567,36 +2556,36 @@ static void initdata(int optdebug, char *optconfig) if (!(tunnel = shared_malloc(sizeof(tunnelt) * MAXTUNNEL))) { - LOG(0, 0, 0, 0, "Error doing malloc for tunnels: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error doing malloc for tunnels: %s\n", strerror(errno)); exit(1); } if (!(session = shared_malloc(sizeof(sessiont) * MAXSESSION))) { - LOG(0, 0, 0, 0, "Error doing malloc for sessions: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error doing malloc for sessions: %s\n", strerror(errno)); exit(1); } if (!(sess_count = shared_malloc(sizeof(sessioncountt) * MAXSESSION))) { - LOG(0, 0, 0, 0, "Error doing malloc for sessions_count: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error doing malloc for sessions_count: %s\n", strerror(errno)); exit(1); } if (!(radius = shared_malloc(sizeof(radiust) * MAXRADIUS))) { - LOG(0, 0, 0, 0, "Error doing malloc for radius: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error doing malloc for radius: %s\n", strerror(errno)); exit(1); } if (!(ip_address_pool = shared_malloc(sizeof(ippoolt) * MAXIPPOOL))) { - LOG(0, 0, 0, 0, "Error doing malloc for ip_address_pool: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error doing malloc for ip_address_pool: %s\n", strerror(errno)); exit(1); } if (!(ip_filters = shared_malloc(sizeof(ip_filtert) * MAXFILTER))) { - LOG(0, 0, 0, 0, "Error doing malloc for ip_filters: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error doing malloc for ip_filters: %s\n", strerror(errno)); exit(1); } memset(ip_filters, 0, sizeof(ip_filtert) * MAXFILTER); @@ -2604,7 +2593,7 @@ memset(ip_filters, 0, sizeof(ip_filtert) * MAXFILTER); #ifdef RINGBUFFER if (!(ringbuffer = shared_malloc(sizeof(struct Tringbuffer)))) { - LOG(0, 0, 0, 0, "Error doing malloc for ringbuffer: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error doing malloc for ringbuffer: %s\n", strerror(errno)); exit(1); } memset(ringbuffer, 0, sizeof(struct Tringbuffer)); @@ -2612,14 +2601,14 @@ memset(ip_filters, 0, sizeof(ip_filtert) * MAXFILTER); if (!(cli_session_actions = shared_malloc(sizeof(struct cli_session_actions) * MAXSESSION))) { - LOG(0, 0, 0, 0, "Error doing malloc for cli session actions: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error doing malloc for cli session actions: %s\n", strerror(errno)); exit(1); } memset(cli_session_actions, 0, sizeof(struct cli_session_actions) * MAXSESSION); if (!(cli_tunnel_actions = shared_malloc(sizeof(struct cli_tunnel_actions) * MAXSESSION))) { - LOG(0, 0, 0, 0, "Error doing malloc for cli tunnel actions: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error doing malloc for cli tunnel actions: %s\n", strerror(errno)); exit(1); } memset(cli_tunnel_actions, 0, sizeof(struct cli_tunnel_actions) * MAXSESSION); @@ -2654,7 +2643,7 @@ memset(ip_filters, 0, sizeof(ip_filtert) * MAXFILTER); #ifdef BGP if (!(bgp_peers = shared_malloc(sizeof(struct bgp_peer) * BGP_NUM_PEERS))) { - LOG(0, 0, 0, 0, "Error doing malloc for bgp: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error doing malloc for bgp: %s\n", strerror(errno)); exit(1); } #endif /* BGP */ @@ -2693,7 +2682,7 @@ static int assign_ip_address(sessionidt s) if (best < 0) { - LOG(0, 0, s, session[s].tunnel, "assign_ip_address(): out of addresses\n"); + LOG(0, s, session[s].tunnel, "assign_ip_address(): out of addresses\n"); return 0; } @@ -2711,8 +2700,8 @@ static int assign_ip_address(sessionidt s) strncpy(ip_address_pool[best].user, u, sizeof(ip_address_pool[best].user) - 1); STAT(ip_allocated); - LOG(4, ip_address_pool[best].address, s, session[s].tunnel, - "assign_ip_address(): %s ip address %d from pool\n", reuse ? "Reusing" : "Allocating", best); + LOG(4, s, session[s].tunnel, "assign_ip_address(): %s ip address %d from pool\n", + reuse ? "Reusing" : "Allocating", best); return 1; } @@ -2775,8 +2764,8 @@ void rebuild_address_pool(void) if (ipid < 1) // Not found in the pool either? good. continue; - LOG(0, 0, i, 0, "Session %d has an IP address (%s) that was marked static, but is in the pool (%d)!\n", - i, inet_toa(session[i].ip), ipid); + LOG(0, i, 0, "Session %d has an IP address (%s) that was marked static, but is in the pool (%d)!\n", + i, fmtaddr(session[i].ip, 0), ipid); // Fall through and process it as part of the pool. } @@ -2784,7 +2773,7 @@ void rebuild_address_pool(void) if (ipid > MAXIPPOOL || ipid < 0) { - LOG(0, 0, i, 0, "Session %d has a pool IP that's not found in the pool! (%d)\n", i, ipid); + LOG(0, i, 0, "Session %d has a pool IP that's not found in the pool! (%d)\n", i, ipid); ipid = -1; session[i].ip_pool_index = ipid; continue; @@ -2844,7 +2833,7 @@ static void add_to_ip_pool(u32 addr, u32 mask) ++ip_pool_size; if (ip_pool_size >= MAXIPPOOL) { - LOG(0,0,0,0, "Overflowed IP pool adding %s\n", inet_toa(htonl(addr)) ); + LOG(0, 0, 0, "Overflowed IP pool adding %s\n", fmtaddr(htonl(addr), 0)); return; } } @@ -2860,7 +2849,7 @@ static void initippool() if (!(f = fopen(IPPOOLFILE, "r"))) { - LOG(0, 0, 0, 0, "Can't load pool file " IPPOOLFILE ": %s\n", strerror(errno)); + LOG(0, 0, 0, "Can't load pool file " IPPOOLFILE ": %s\n", strerror(errno)); exit(1); } @@ -2879,7 +2868,7 @@ static void initippool() src = inet_addr(buf); if (src == INADDR_NONE) { - LOG(0, 0, 0, 0, "Invalid address pool IP %s\n", buf); + LOG(0, 0, 0, "Invalid address pool IP %s\n", buf); exit(1); } // This entry is for a specific IP only @@ -2894,18 +2883,20 @@ static void initippool() int numbits = 0; u32 start = 0, mask = 0; - LOG(2, 0, 0, 0, "Adding IP address range %s\n", buf); + LOG(2, 0, 0, "Adding IP address range %s\n", buf); *p++ = 0; if (!*p || !(numbits = atoi(p))) { - LOG(0, 0, 0, 0, "Invalid pool range %s\n", buf); + LOG(0, 0, 0, "Invalid pool range %s\n", buf); continue; } start = ntohl(inet_addr(pool)); mask = (u32)(pow(2, numbits) - 1) << (32 - numbits); // Add a static route for this pool - LOG(5, 0, 0, 0, "Adding route for address pool %s/%u\n", inet_toa(htonl(start)), 32 + mask); + LOG(5, 0, 0, "Adding route for address pool %s/%u\n", + fmtaddr(htonl(start), 0), 32 + mask); + routeset(0, start, mask, 0, 1); add_to_ip_pool(start, mask); @@ -2917,7 +2908,7 @@ static void initippool() } } fclose(f); - LOG(1, 0, 0, 0, "IP address pool is %d addresses\n", ip_pool_size - 1); + LOG(1, 0, 0, "IP address pool is %d addresses\n", ip_pool_size - 1); } void snoop_send_packet(char *packet, u16 size, ipt destination, u16 port) @@ -2930,10 +2921,13 @@ void snoop_send_packet(char *packet, u16 size, ipt destination, u16 port) snoop_addr.sin_addr.s_addr = destination; snoop_addr.sin_port = ntohs(port); - LOG(5, 0, 0, 0, "Snooping packet at %p (%d bytes) to %s:%d\n", - packet, size, inet_toa(snoop_addr.sin_addr.s_addr), htons(snoop_addr.sin_port)); + LOG(5, 0, 0, "Snooping packet at %p (%d bytes) to %s:%d\n", + packet, size, fmtaddr(snoop_addr.sin_addr.s_addr, 0), + htons(snoop_addr.sin_port)); + if (sendto(snoopfd, packet, size, MSG_DONTWAIT | MSG_NOSIGNAL, (void *) &snoop_addr, sizeof(snoop_addr)) < 0) - LOG(0, 0, 0, 0, "Error sending intercept packet: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error sending intercept packet: %s\n", strerror(errno)); + STAT(packets_snooped); } @@ -2960,10 +2954,10 @@ static void dump_acct_info() time_t now = time(NULL); if (!(f = fopen(filename, "w"))) { - LOG(0, 0, 0, 0, "Can't write accounting info to %s: %s\n", filename, strerror(errno)); + LOG(0, 0, 0, "Can't write accounting info to %s: %s\n", filename, strerror(errno)); return ; } - LOG(3, 0, 0, 0, "Dumping accounting information to %s\n", filename); + LOG(3, 0, 0, "Dumping accounting information to %s\n", filename); fprintf(f, "# dslwatch.pl dump file V1.01\n" "# host: %s\n" "# time: %ld\n" @@ -2974,10 +2968,10 @@ static void dump_acct_info() now - basetime); } - LOG(4, 0, 0, 0, "Dumping accounting information for %s\n", session[i].user); + LOG(4, 0, 0, "Dumping accounting information for %s\n", session[i].user); fprintf(f, "%s %s %d %u %u\n", session[i].user, // username - inet_toa(htonl(session[i].ip)), // ip + fmtaddr(htonl(session[i].ip), 0), // ip (session[i].throttle_in || session[i].throttle_out) ? 2 : 1, // qos (u32)session[i].cin, // uptxoctets (u32)session[i].cout); // downrxoctets @@ -3045,16 +3039,17 @@ int main(int argc, char *argv[]) read_config_file(); init_tbf(config->num_tbfs); - LOG(0, 0, 0, 0, "L2TPNS version " VERSION "\n"); - LOG(0, 0, 0, 0, "Copyright (c) 2003, 2004 Optus Internet Engineering\n"); - LOG(0, 0, 0, 0, "Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced\n"); + LOG(0, 0, 0, "L2TPNS version " VERSION "\n"); + LOG(0, 0, 0, "Copyright (c) 2003, 2004 Optus Internet Engineering\n"); + LOG(0, 0, 0, "Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced\n"); { struct rlimit rlim; rlim.rlim_cur = RLIM_INFINITY; rlim.rlim_max = RLIM_INFINITY; // Remove the maximum core size if (setrlimit(RLIMIT_CORE, &rlim) < 0) - LOG(0, 0, 0, 0, "Can't set ulimit: %s\n", strerror(errno)); + LOG(0, 0, 0, "Can't set ulimit: %s\n", strerror(errno)); + // Make core dumps go to /tmp chdir("/tmp"); } @@ -3067,18 +3062,18 @@ int main(int argc, char *argv[]) if (get_nprocs() < 2) { - LOG(0, 0, 0, 0, "Not using FIFO scheduler, there is only 1 processor in the system.\n"); + LOG(0, 0, 0, "Not using FIFO scheduler, there is only 1 processor in the system.\n"); config->scheduler_fifo = 0; } else { if ((ret = sched_setscheduler(0, SCHED_FIFO, ¶ms)) == 0) { - LOG(1, 0, 0, 0, "Using FIFO scheduler. Say goodbye to any other processes running\n"); + LOG(1, 0, 0, "Using FIFO scheduler. Say goodbye to any other processes running\n"); } else { - LOG(0, 0, 0, 0, "Error setting scheduler to FIFO: %s\n", strerror(errno)); + LOG(0, 0, 0, "Error setting scheduler to FIFO: %s\n", strerror(errno)); config->scheduler_fifo = 0; } } @@ -3102,7 +3097,7 @@ int main(int argc, char *argv[]) #endif /* BGP */ inittun(); - LOG(1, 0, 0, 0, "Set up on interface %s\n", config->tundevice); + LOG(1, 0, 0, "Set up on interface %s\n", config->tundevice); initudp(); initrad(); @@ -3120,9 +3115,9 @@ int main(int argc, char *argv[]) if (config->lock_pages) { if (!mlockall(MCL_CURRENT)) - LOG(1, 0, 0, 0, "Locking pages into memory\n"); + LOG(1, 0, 0, "Locking pages into memory\n"); else - LOG(0, 0, 0, 0, "Can't lock pages: %s\n", strerror(errno)); + LOG(0, 0, 0, "Can't lock pages: %s\n", strerror(errno)); } alarm(1); @@ -3200,7 +3195,7 @@ static void sigalrm_handler(int sig) static void sigterm_handler(int sig) { - LOG(1, 0, 0, 0, "Shutting down cleanly\n"); + LOG(1, 0, 0, "Shutting down cleanly\n"); if (config->save_state) dump_state(); @@ -3211,7 +3206,7 @@ static void sigquit_handler(int sig) { int i; - LOG(1, 0, 0, 0, "Shutting down without saving sessions\n"); + LOG(1, 0, 0, "Shutting down without saving sessions\n"); for (i = 1; i < MAXSESSION; i++) { if (session[i].opened) @@ -3255,7 +3250,7 @@ static void read_state() if (sb.st_mtime < (time(NULL) - 60)) { - LOG(0, 0, 0, 0, "State file is too old to read, ignoring\n"); + LOG(0, 0, 0, "State file is too old to read, ignoring\n"); unlink(STATEFILE); return ; } @@ -3265,41 +3260,41 @@ static void read_state() if (!f) { - LOG(0, 0, 0, 0, "Can't read state file: %s\n", strerror(errno)); + LOG(0, 0, 0, "Can't read state file: %s\n", strerror(errno)); exit(1); } if (fread(magic, sizeof(magic), 1, f) != 1 || strncmp(magic, DUMP_MAGIC, sizeof(magic))) { - LOG(0, 0, 0, 0, "Bad state file magic\n"); + LOG(0, 0, 0, "Bad state file magic\n"); exit(1); } - LOG(1, 0, 0, 0, "Reading state information\n"); + LOG(1, 0, 0, "Reading state information\n"); if (fread(buf, sizeof(buf), 1, f) != 1 || buf[0] > MAXIPPOOL || buf[1] != sizeof(ippoolt)) { - LOG(0, 0, 0, 0, "Error/mismatch reading ip pool header from state file\n"); + LOG(0, 0, 0, "Error/mismatch reading ip pool header from state file\n"); exit(1); } if (buf[0] > ip_pool_size) { - LOG(0, 0, 0, 0, "ip pool has shrunk! state = %d, current = %d\n", buf[0], ip_pool_size); + LOG(0, 0, 0, "ip pool has shrunk! state = %d, current = %d\n", buf[0], ip_pool_size); exit(1); } - LOG(2, 0, 0, 0, "Loading %u ip addresses\n", buf[0]); + LOG(2, 0, 0, "Loading %u ip addresses\n", buf[0]); for (i = 0; i < buf[0]; i++) { if (fread(&itmp, sizeof(itmp), 1, f) != 1) { - LOG(0, 0, 0, 0, "Error reading ip %d from state file: %s\n", i, strerror(errno)); + LOG(0, 0, 0, "Error reading ip %d from state file: %s\n", i, strerror(errno)); exit(1); } if (itmp.address != ip_address_pool[i].address) { - LOG(0, 0, 0, 0, "Mismatched ip %d from state file: pool may only be extended\n", i); + LOG(0, 0, 0, "Mismatched ip %d from state file: pool may only be extended\n", i); exit(1); } @@ -3308,14 +3303,14 @@ static void read_state() if (fread(buf, sizeof(buf), 1, f) != 1 || buf[0] != MAXTUNNEL || buf[1] != sizeof(tunnelt)) { - LOG(0, 0, 0, 0, "Error/mismatch reading tunnel header from state file\n"); + LOG(0, 0, 0, "Error/mismatch reading tunnel header from state file\n"); exit(1); } - LOG(2, 0, 0, 0, "Loading %u tunnels\n", MAXTUNNEL); + LOG(2, 0, 0, "Loading %u tunnels\n", MAXTUNNEL); if (fread(tunnel, sizeof(tunnelt), MAXTUNNEL, f) != MAXTUNNEL) { - LOG(0, 0, 0, 0, "Error reading tunnel data from state file\n"); + LOG(0, 0, 0, "Error reading tunnel data from state file\n"); exit(1); } @@ -3325,19 +3320,19 @@ static void read_state() tunnel[i].controls = NULL; tunnel[i].controle = NULL; if (*tunnel[i].hostname) - LOG(3, 0, 0, 0, "Created tunnel for %s\n", tunnel[i].hostname); + LOG(3, 0, 0, "Created tunnel for %s\n", tunnel[i].hostname); } if (fread(buf, sizeof(buf), 1, f) != 1 || buf[0] != MAXSESSION || buf[1] != sizeof(sessiont)) { - LOG(0, 0, 0, 0, "Error/mismatch reading session header from state file\n"); + LOG(0, 0, 0, "Error/mismatch reading session header from state file\n"); exit(1); } - LOG(2, 0, 0, 0, "Loading %u sessions\n", MAXSESSION); + LOG(2, 0, 0, "Loading %u sessions\n", MAXSESSION); if (fread(session, sizeof(sessiont), MAXSESSION, f) != MAXSESSION) { - LOG(0, 0, 0, 0, "Error reading session data from state file\n"); + LOG(0, 0, 0, "Error reading session data from state file\n"); exit(1); } @@ -3347,14 +3342,14 @@ static void read_state() session[i].tbf_out = 0; if (session[i].opened) { - LOG(2, 0, i, 0, "Loaded active session for user %s\n", session[i].user); + LOG(2, i, 0, "Loaded active session for user %s\n", session[i].user); if (session[i].ip) sessionsetup(session[i].tunnel, i); } } fclose(f); - LOG(0, 0, 0, 0, "Loaded saved state information\n"); + LOG(0, 0, 0, "Loaded saved state information\n"); } static void dump_state() @@ -3370,12 +3365,12 @@ static void dump_state() if (!(f = fopen(STATEFILE, "w"))) break; - LOG(1, 0, 0, 0, "Dumping state information\n"); + LOG(1, 0, 0, "Dumping state information\n"); if (fwrite(DUMP_MAGIC, sizeof(DUMP_MAGIC) - 1, 1, f) != 1) break; - LOG(2, 0, 0, 0, "Dumping %u ip addresses\n", ip_pool_size); + LOG(2, 0, 0, "Dumping %u ip addresses\n", ip_pool_size); buf[0] = ip_pool_size; buf[1] = sizeof(ippoolt); if (fwrite(buf, sizeof(buf), 1, f) != 1) @@ -3383,7 +3378,7 @@ static void dump_state() if (fwrite(ip_address_pool, sizeof(ippoolt), ip_pool_size, f) != ip_pool_size) break; - LOG(2, 0, 0, 0, "Dumping %u tunnels\n", MAXTUNNEL); + LOG(2, 0, 0, "Dumping %u tunnels\n", MAXTUNNEL); buf[0] = MAXTUNNEL; buf[1] = sizeof(tunnelt); if (fwrite(buf, sizeof(buf), 1, f) != 1) @@ -3391,7 +3386,7 @@ static void dump_state() if (fwrite(tunnel, sizeof(tunnelt), MAXTUNNEL, f) != MAXTUNNEL) break; - LOG(2, 0, 0, 0, "Dumping %u sessions\n", MAXSESSION); + LOG(2, 0, 0, "Dumping %u sessions\n", MAXSESSION); buf[0] = MAXSESSION; buf[1] = sizeof(sessiont); if (fwrite(buf, sizeof(buf), 1, f) != 1) @@ -3404,7 +3399,7 @@ static void dump_state() } while (0); - LOG(0, 0, 0, 0, "Can't write state information: %s\n", strerror(errno)); + LOG(0, 0, 0, "Can't write state information: %s\n", strerror(errno)); unlink(STATEFILE); } @@ -3415,11 +3410,11 @@ static void build_chap_response(char *challenge, u8 id, u16 challenge_length, ch if (!*config->l2tpsecret) { - LOG(0, 0, 0, 0, "LNS requested CHAP authentication, but no l2tp secret is defined\n"); + LOG(0, 0, 0, "LNS requested CHAP authentication, but no l2tp secret is defined\n"); return; } - LOG(4, 0, 0, 0, " Building challenge response for CHAP request\n"); + LOG(4, 0, 0, " Building challenge response for CHAP request\n"); *challenge_response = (char *)calloc(17, 1); @@ -3509,9 +3504,7 @@ static void update_config() } if (!config->numradiusservers) - { - LOG(0, 0, 0, 0, "No RADIUS servers defined!\n"); - } + LOG(0, 0, 0, "No RADIUS servers defined!\n"); config->num_radfds = 2 << RADIUS_SHIFT; @@ -3553,7 +3546,7 @@ static void update_config() if (config->cluster_hb_timeout < t) { - LOG(0,0,0,0, "Heartbeat timeout %d too low, adjusting to %d\n", config->cluster_hb_timeout, t); + LOG(0, 0, 0, "Heartbeat timeout %d too low, adjusting to %d\n", config->cluster_hb_timeout, t); config->cluster_hb_timeout = t; } @@ -3577,7 +3570,7 @@ static void update_config() } else { - LOG(0, 0, 0, 0, "Can't write to PID file %s: %s\n", config->pid_file, strerror(errno)); + LOG(0, 0, 0, "Can't write to PID file %s: %s\n", config->pid_file, strerror(errno)); } } @@ -3595,9 +3588,9 @@ static void read_config_file() return; } - LOG(3, 0, 0, 0, "Reading config file %s\n", config->config_file); + LOG(3, 0, 0, "Reading config file %s\n", config->config_file); cli_do_file(f); - LOG(3, 0, 0, 0, "Done reading config file\n"); + LOG(3, 0, 0, "Done reading config file\n"); fclose(f); update_config(); } @@ -3612,19 +3605,19 @@ int sessionsetup(tunnelidt t, sessionidt s) CSTAT(call_sessionsetup); - LOG(3, session[s].ip, s, t, "Doing session setup for session\n"); + LOG(3, s, t, "Doing session setup for session\n"); if (!session[s].ip || session[s].ip == 0xFFFFFFFE) { assign_ip_address(s); if (!session[s].ip) { - LOG(0, 0, s, t, " No IP allocated. The IP address pool is FULL!\n"); + LOG(0, s, t, " No IP allocated. The IP address pool is FULL!\n"); sessionshutdown(s, "No IP addresses available"); return 0; } - LOG(3, 0, s, t, " No IP allocated. Assigned %s from pool\n", - inet_toa(htonl(session[s].ip))); + LOG(3, s, t, " No IP allocated. Assigned %s from pool\n", + fmtaddr(htonl(session[s].ip), 0)); } @@ -3674,7 +3667,7 @@ int sessionsetup(tunnelidt t, sessionidt s) if (!session[s].unique_id) { // did this session just finish radius? - LOG(3, session[s].ip, s, t, "Sending initial IPCP to client\n"); + LOG(3, s, t, "Sending initial IPCP to client\n"); sendipcp(t, s); session[s].unique_id = ++last_id; } @@ -3691,15 +3684,9 @@ int sessionsetup(tunnelidt t, sessionidt s) session[s].last_packet = time_now; - { - char *sessionip, *tunnelip; - sessionip = strdup(inet_toa(htonl(session[s].ip))); - tunnelip = strdup(inet_toa(htonl(tunnel[t].ip))); - LOG(2, session[s].ip, s, t, "Login by %s at %s from %s (%s)\n", - session[s].user, sessionip, tunnelip, tunnel[t].hostname); - if (sessionip) free(sessionip); - if (tunnelip) free(tunnelip); - } + LOG(2, s, t, "Login by %s at %s from %s (%s)\n", session[s].user, + fmtaddr(htonl(session[s].ip), 0), + fmtaddr(htonl(tunnel[t].ip), 1), tunnel[t].hostname); cluster_send_session(s); // Mark it as dirty, and needing to the flooded to the cluster. @@ -3719,7 +3706,7 @@ int load_session(sessionidt s, sessiont *new) if (new->ip_pool_index >= MAXIPPOOL || new->tunnel >= MAXTUNNEL) { - LOG(0,0,s,0, "Strange session update received!\n"); + LOG(0, s, 0, "Strange session update received!\n"); // FIXME! What to do here? return 0; } @@ -3794,13 +3781,13 @@ int load_session(sessionidt s, sessiont *new) // check filters if (new->filter_in && (new->filter_in > MAXFILTER || !ip_filters[new->filter_in - 1].name[0])) { - LOG(2, session[s].ip, s, session[s].tunnel, "Dropping invalid input filter %d\n", (int) new->filter_in); + LOG(2, s, session[s].tunnel, "Dropping invalid input filter %d\n", (int) new->filter_in); new->filter_in = 0; } if (new->filter_out && (new->filter_out > MAXFILTER || !ip_filters[new->filter_out - 1].name[0])) { - LOG(2, session[s].ip, s, session[s].tunnel, "Dropping invalid output filter %d\n", (int) new->filter_out); + LOG(2, s, session[s].tunnel, "Dropping invalid output filter %d\n", (int) new->filter_out); new->filter_out = 0; } @@ -3850,7 +3837,7 @@ static void *open_plugin(char *plugin_name, int load) char path[256] = ""; snprintf(path, 256, PLUGINDIR "/%s.so", plugin_name); - LOG(2, 0, 0, 0, "%soading plugin from %s\n", load ? "L" : "Un-l", path); + LOG(2, 0, 0, "%soading plugin from %s\n", load ? "L" : "Un-l", path); return dlopen(path, RTLD_NOW); } @@ -3866,14 +3853,14 @@ static void *getconfig(char *key, enum config_typet type) if (config_values[i].type == type) return ((void *) config) + config_values[i].offset; - LOG(1, 0, 0, 0, "plugin requested config item \"%s\" expecting type %d, have type %d\n", + LOG(1, 0, 0, "plugin requested config item \"%s\" expecting type %d, have type %d\n", key, type, config_values[i].type); return 0; } } - LOG(1, 0, 0, 0, "plugin requested unknown config item \"%s\"\n", key); + LOG(1, 0, 0, "plugin requested unknown config item \"%s\"\n", key); return 0; } @@ -3882,7 +3869,7 @@ static int add_plugin(char *plugin_name) static struct pluginfuncs funcs = { _log, _log_hex, - inet_toa, + fmtaddr, sessionbyuser, sessiontbysessionidt, sessionidtbysessiont, @@ -3900,7 +3887,7 @@ static int add_plugin(char *plugin_name) if (!p) { - LOG(1, 0, 0, 0, " Plugin load failed: %s\n", dlerror()); + LOG(1, 0, 0, " Plugin load failed: %s\n", dlerror()); return -1; } @@ -3914,7 +3901,7 @@ static int add_plugin(char *plugin_name) int *v = dlsym(p, "plugin_api_version"); if (!v || *v != PLUGIN_API_VERSION) { - LOG(1, 0, 0, 0, " Plugin load failed: API version mismatch: %s\n", dlerror()); + LOG(1, 0, 0, " Plugin load failed: API version mismatch: %s\n", dlerror()); dlclose(p); return -1; } @@ -3924,7 +3911,7 @@ static int add_plugin(char *plugin_name) { if (!initfunc(&funcs)) { - LOG(1, 0, 0, 0, " Plugin load failed: plugin_init() returned FALSE: %s\n", dlerror()); + LOG(1, 0, 0, " Plugin load failed: plugin_init() returned FALSE: %s\n", dlerror()); dlclose(p); return -1; } @@ -3937,12 +3924,12 @@ static int add_plugin(char *plugin_name) void *x; if (plugin_functions[i] && (x = dlsym(p, plugin_functions[i]))) { - LOG(3, 0, 0, 0, " Supports function \"%s\"\n", plugin_functions[i]); + LOG(3, 0, 0, " Supports function \"%s\"\n", plugin_functions[i]); ll_push(plugins[i], x); } } - LOG(2, 0, 0, 0, " Loaded plugin %s\n", plugin_name); + LOG(2, 0, 0, " Loaded plugin %s\n", plugin_name); return 1; } @@ -3978,7 +3965,7 @@ static int remove_plugin(char *plugin_name) } dlclose(p); - LOG(2, 0, 0, 0, "Removed plugin %s\n", plugin_name); + LOG(2, 0, 0, "Removed plugin %s\n", plugin_name); return loaded; } @@ -4022,11 +4009,12 @@ static void processcontrol(u8 * buf, int len, struct sockaddr_in *addr, int alen { if (type < 0) { - LOG(4, ntohl(addr->sin_addr.s_addr), 0, 0, "Bogus control message (%d)\n", type); + LOG(4, 0, 0, "Bogus control message from %s (%d)\n", + fmtaddr(addr->sin_addr.s_addr, 0), type); } else { - LOG(4, ntohl(addr->sin_addr.s_addr), 0, 0, "Received "); + LOG(4, 0, 0, "Received [%s] ", fmtaddr(addr->sin_addr.s_addr, 0)); dump_control(&request, log_stream); } } @@ -4121,7 +4109,7 @@ static void processcontrol(u8 * buf, int len, struct sockaddr_in *addr, int alen response.argc = 1; if (config->cluster_master_address) { - strcpy(msg + 23, inet_toa(config->cluster_master_address)); + strcpy(msg + 23, fmtaddr(config->cluster_master_address, 0)); response.argv[0] = msg; } else @@ -4160,7 +4148,7 @@ static void processcontrol(u8 * buf, int len, struct sockaddr_in *addr, int alen buf = calloc(NSCTL_MAX_PKT_SZ, 1); if (!buf) { - LOG(2, ntohl(addr->sin_addr.s_addr), 0, 0, "Failed to allocate nsctl response\n"); + LOG(2, 0, 0, "Failed to allocate nsctl response\n"); return; } @@ -4170,12 +4158,13 @@ static void processcontrol(u8 * buf, int len, struct sockaddr_in *addr, int alen sendto(controlfd, buf, r, 0, (const struct sockaddr *) addr, alen); if (log_stream && config->debug >= 4) { - LOG(4, ntohl(addr->sin_addr.s_addr), 0, 0, "Sent "); + LOG(4, 0, 0, "Sent [%s] ", fmtaddr(addr->sin_addr.s_addr, 0)); dump_control(&response, log_stream); } } else - LOG(2, ntohl(addr->sin_addr.s_addr), 0, 0, "Failed to pack nsctl response (%d)\n", r); + LOG(2, 0, 0, "Failed to pack nsctl response for %s (%d)\n", + fmtaddr(addr->sin_addr.s_addr, 0), r); free(buf); } @@ -4187,13 +4176,13 @@ static tunnelidt new_tunnel() { if (tunnel[i].state == TUNNELFREE) { - LOG(4, 0, 0, i, "Assigning tunnel ID %d\n", i); + LOG(4, 0, i, "Assigning tunnel ID %d\n", i); if (i > config->cluster_highest_tunnelid) config->cluster_highest_tunnelid = i; return i; } } - LOG(0, 0, 0, 0, "Can't find a free tunnel! There shouldn't be this many in use!\n"); + LOG(0, 0, 0, "Can't find a free tunnel! There shouldn't be this many in use!\n"); return 0; } @@ -4355,7 +4344,7 @@ static int unhide_avp(u8 *avp, tunnelidt t, sessionidt s, u16 length) if (hidden_length > length - 8) { - LOG(1, 0, s, t, "Hidden length %d too long in AVP of length %d\n", (int) hidden_length, (int) length); + LOG(1, s, t, "Hidden length %d too long in AVP of length %d\n", (int) hidden_length, (int) length); return 0; } @@ -4402,17 +4391,14 @@ static int ip_filter_flag(u8 op, u8 sflags, u8 cflags, u8 flags) { switch (op) { - /* - * NOTE: "match-any +A +B -C -D" is interpreted as "match if - * either A or B is set *and* C or D is clear". While "or" is - * possibly more correct, the way "established" is currently - * implemented depends on this behaviour. - */ case FILTER_FLAG_OP_ANY: - return (flags & sflags) && !(flags & cflags); + return (flags & sflags) || (~flags & cflags); case FILTER_FLAG_OP_ALL: return (flags & sflags) == sflags && (~flags & cflags) == cflags; + + case FILTER_FLAG_OP_EST: + return (flags & (TCP_FLAG_ACK|TCP_FLAG_RST)) && (~flags & TCP_FLAG_SYN); } return 0; @@ -4420,6 +4406,7 @@ static int ip_filter_flag(u8 op, u8 sflags, u8 cflags, u8 flags) int ip_filter(u8 *buf, int len, u8 filter) { + u16 frag_offset; u8 proto; ipt src_ip; ipt dst_ip; @@ -4434,11 +4421,13 @@ int ip_filter(u8 *buf, int len, u8 filter) if (*buf >> 4) // IPv4 return 0; + + frag_offset = ntohs(*(u16 *) (buf + 0)) & 0x1fff; proto = buf[9]; src_ip = *(u32 *) (buf + 12); dst_ip = *(u32 *) (buf + 16); - if (proto == IPPROTO_TCP || proto == IPPROTO_UDP) + if (frag_offset == 0 && (proto == IPPROTO_TCP || proto == IPPROTO_UDP)) { int l = buf[0] & 0xf; if (len < l + 4) // ports @@ -4468,20 +4457,32 @@ int ip_filter(u8 *buf, int len, u8 filter) (dst_ip & ~rule->dst_wild) != (rule->dst_ip & ~rule->dst_wild)) continue; - if (proto == IPPROTO_TCP || proto == IPPROTO_UDP) + if (frag_offset) { - if (rule->src_ports.op && !ip_filter_port(&rule->src_ports, src_port)) + if (!rule->frag || rule->action == FILTER_ACTION_DENY) continue; - - if (rule->dst_ports.op && !ip_filter_port(&rule->dst_ports, dst_port)) + } + else + { + if (rule->frag) continue; - if (proto == IPPROTO_TCP && rule->tcp_flag_op && - !ip_filter_flag(rule->tcp_flag_op, rule->tcp_sflags, rule->tcp_cflags, flags)) - continue; + if (proto == IPPROTO_TCP || proto == IPPROTO_UDP) + { + if (rule->src_ports.op && !ip_filter_port(&rule->src_ports, src_port)) + continue; + + if (rule->dst_ports.op && !ip_filter_port(&rule->dst_ports, dst_port)) + continue; + + if (proto == IPPROTO_TCP && rule->tcp_flag_op && + !ip_filter_flag(rule->tcp_flag_op, rule->tcp_sflags, rule->tcp_cflags, flags)) + continue; + } } // matched + rule->counter++; return rule->action == FILTER_ACTION_PERMIT; } diff --git a/l2tpns.h b/l2tpns.h index 3681744..ef91cf3 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -1,5 +1,5 @@ // L2TPNS Global Stuff -// $Id: l2tpns.h,v 1.40 2004-11-28 20:10:04 bodea Exp $ +// $Id: l2tpns.h,v 1.41 2004-11-29 02:17:17 bodea Exp $ #ifndef __L2TPNS_H__ #define __L2TPNS_H__ @@ -277,7 +277,6 @@ struct Tringbuffer char level; sessionidt session; tunnelidt tunnel; - ipt address; char message[MAX_LOG_LENGTH]; } buffer[RINGBUFFER_SIZE]; int head; @@ -513,11 +512,14 @@ typedef struct ipt dst_ip; // dest ip ipt dst_wild; ip_filter_portt dst_ports; - u8 tcp_flag_op; // match type: any, all + u8 frag; // apply to non-initial fragments + u8 tcp_flag_op; // match type: any, all, established #define FILTER_FLAG_OP_ANY 1 #define FILTER_FLAG_OP_ALL 2 +#define FILTER_FLAG_OP_EST 3 u8 tcp_sflags; // flags set u8 tcp_cflags; // flags clear + u32 counter; // match count } ip_filter_rulet; #define TCP_FLAG_FIN 0x01 @@ -580,10 +582,10 @@ int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc #undef LOG #undef LOG_HEX -#define LOG(D, a, s, t, f, ...) ({ if (D <= config->debug) _log(D, a, s, t, f, ## __VA_ARGS__); }) +#define LOG(D, s, t, f, ...) ({ if (D <= config->debug) _log(D, s, t, f, ## __VA_ARGS__); }) #define LOG_HEX(D, t, d, s) ({ if (D <= config->debug) _log_hex(D, t, d, s); }) -void _log(int level, ipt address, sessionidt s, tunnelidt t, const char *format, ...) __attribute__((format (printf, 5, 6))); +void _log(int level, sessionidt s, tunnelidt t, const char *format, ...) __attribute__((format (printf, 4, 5))); void _log_hex(int level, const char *title, const char *data, int maxsize); int sessionsetup(tunnelidt t, sessionidt s); @@ -616,12 +618,12 @@ if (count++ < max) { \ void *array[20]; \ char **strings; \ int size, i; \ - LOG(0, 0, 0, t, "Backtrace follows"); \ + LOG(0, 0, t, "Backtrace follows"); \ size = backtrace(array, 10); \ strings = backtrace_symbols(array, size); \ if (strings) for (i = 0; i < size; i++) \ { \ - LOG(0, 0, 0, t, "%s\n", strings[i]); \ + LOG(0, 0, t, "%s\n", strings[i]); \ } \ free(strings); \ } diff --git a/plugin.h b/plugin.h index e2bd047..8e151be 100644 --- a/plugin.h +++ b/plugin.h @@ -1,7 +1,7 @@ #ifndef __PLUGIN_H__ #define __PLUGIN_H__ -#define PLUGIN_API_VERSION 3 +#define PLUGIN_API_VERSION 4 #define MAX_PLUGIN_TYPES 30 enum @@ -26,9 +26,9 @@ enum struct pluginfuncs { - void (*log)(int level, ipt address, sessionidt s, tunnelidt t, const char *format, ...); + void (*log)(int level, sessionidt s, tunnelidt t, const char *format, ...); void (*log_hex)(int level, const char *title, const char *data, int maxsize); - char *(*inet_toa)(unsigned long addr); + char *(*fmtaddr)(ipt addr, int n); sessionidt (*get_session_by_username)(char *username); sessiont *(*get_session_by_id)(sessionidt s); sessionidt (*get_id_by_session)(sessiont *s); diff --git a/ppp.c b/ppp.c index ad84be4..4684947 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.32 2004-11-28 20:10:04 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.33 2004-11-29 02:17:18 bodea Exp $"; #include #include @@ -37,14 +37,14 @@ void processpap(tunnelidt t, sessionidt s, u8 *p, u16 l) LOG_HEX(5, "PAP", p, l); if (l < 4) { - LOG(1, 0, s, t, "Short PAP %u bytes\n", l); + LOG(1, s, t, "Short PAP %u bytes\n", l); STAT(tunnel_rx_errors); return ; } if ((hl = ntohs(*(u16 *) (p + 2))) > l) { - LOG(1, 0, s, t, "Length mismatch PAP %u/%u\n", hl, l); + LOG(1, s, t, "Length mismatch PAP %u/%u\n", hl, l); STAT(tunnel_rx_errors); return ; } @@ -52,7 +52,7 @@ void processpap(tunnelidt t, sessionidt s, u8 *p, u16 l) if (*p != 1) { - LOG(1, 0, s, t, "Unexpected PAP code %d\n", *p); + LOG(1, s, t, "Unexpected PAP code %d\n", *p); STAT(tunnel_rx_errors); return ; } @@ -67,7 +67,7 @@ void processpap(tunnelidt t, sessionidt s, u8 *p, u16 l) if (*b && *b < sizeof(pass)) memcpy(pass, b + 1, *b); pass[*b] = 0; - LOG(3, 0, s, t, "PAP login %s/%s\n", user, pass); + LOG(3, s, t, "PAP login %s/%s\n", user, pass); } if (session[s].ip || !session[s].radius) { @@ -86,14 +86,16 @@ void processpap(tunnelidt t, sessionidt s, u8 *p, u16 l) p[4] = 0; // no message if (session[s].ip) { - LOG(3, session[s].ip, s, t, "Already an IP allocated: %s (%d)\n", inet_toa(htonl(session[s].ip)), session[s].ip_pool_index); + LOG(3, s, t, "Already an IP allocated: %s (%d)\n", + fmtaddr(htonl(session[s].ip), 0), session[s].ip_pool_index); + session[s].flags &= ~SF_IPCP_ACKED; } else { - LOG(1, 0, s, t, "No radius session available to authenticate session...\n"); + LOG(1, s, t, "No radius session available to authenticate session...\n"); } - LOG(3, 0, s, t, "Fallback response to PAP (%s)\n", (session[s].ip) ? "ACK" : "NAK"); + LOG(3, s, t, "Fallback response to PAP (%s)\n", (session[s].ip) ? "ACK" : "NAK"); tunnelsend(b, 5 + (p - b), t); // send it } else @@ -106,7 +108,7 @@ void processpap(tunnelidt t, sessionidt s, u8 *p, u16 l) run_plugins(PLUGIN_PRE_AUTH, &packet); if (!packet.continue_auth) { - LOG(3, 0, s, t, "A plugin rejected PRE_AUTH\n"); + LOG(3, s, t, "A plugin rejected PRE_AUTH\n"); if (packet.username) free(packet.username); if (packet.password) free(packet.password); return; @@ -119,7 +121,7 @@ void processpap(tunnelidt t, sessionidt s, u8 *p, u16 l) free(packet.password); radius[r].id = p[1]; - LOG(3, 0, s, t, "Sending login for %s/%s to radius\n", user, pass); + LOG(3, s, t, "Sending login for %s/%s to radius\n", user, pass); radiussend(r, RADIUSAUTH); } } @@ -136,7 +138,7 @@ void processchap(tunnelidt t, sessionidt s, u8 *p, u16 l) r = session[s].radius; if (!r) { - LOG(1, 0, s, t, "Unexpected CHAP message\n"); + LOG(1, s, t, "Unexpected CHAP message\n"); // FIXME: Need to drop the session here. @@ -146,14 +148,14 @@ void processchap(tunnelidt t, sessionidt s, u8 *p, u16 l) if (l < 4) { - LOG(1, 0, s, t, "Short CHAP %u bytes\n", l); + LOG(1, s, t, "Short CHAP %u bytes\n", l); STAT(tunnel_rx_errors); return ; } if ((hl = ntohs(*(u16 *) (p + 2))) > l) { - LOG(1, 0, s, t, "Length mismatch CHAP %u/%u\n", hl, l); + LOG(1, s, t, "Length mismatch CHAP %u/%u\n", hl, l); STAT(tunnel_rx_errors); return ; } @@ -161,20 +163,20 @@ void processchap(tunnelidt t, sessionidt s, u8 *p, u16 l) if (*p != 2) { - LOG(1, 0, s, t, "Unexpected CHAP response code %d\n", *p); + LOG(1, s, t, "Unexpected CHAP response code %d\n", *p); STAT(tunnel_rx_errors); return; } if (p[1] != radius[r].id) { - LOG(1, 0, s, t, "Wrong CHAP response ID %d (should be %d) (%d)\n", p[1], radius[r].id, r); + LOG(1, s, t, "Wrong CHAP response ID %d (should be %d) (%d)\n", p[1], radius[r].id, r); STAT(tunnel_rx_errors); return ; } if (l < 5 || p[4] != 16) { - LOG(1, 0, s, t, "Bad CHAP response length %d\n", l < 5 ? -1 : p[4]); + LOG(1, s, t, "Bad CHAP response length %d\n", l < 5 ? -1 : p[4]); STAT(tunnel_rx_errors); return ; } @@ -183,7 +185,7 @@ void processchap(tunnelidt t, sessionidt s, u8 *p, u16 l) p += 5; if (l < 16 || l - 16 >= sizeof(session[s].user)) { - LOG(1, 0, s, t, "CHAP user too long %d\n", l - 16); + LOG(1, s, t, "CHAP user too long %d\n", l - 16); STAT(tunnel_rx_errors); return ; } @@ -204,7 +206,7 @@ void processchap(tunnelidt t, sessionidt s, u8 *p, u16 l) run_plugins(PLUGIN_PRE_AUTH, &packet); if (!packet.continue_auth) { - LOG(3, 0, s, t, "A plugin rejected PRE_AUTH\n"); + LOG(3, s, t, "A plugin rejected PRE_AUTH\n"); if (packet.username) free(packet.username); if (packet.password) free(packet.password); return; @@ -218,7 +220,7 @@ void processchap(tunnelidt t, sessionidt s, u8 *p, u16 l) } radius[r].chap = 1; - LOG(3, 0, s, t, "CHAP login %s\n", session[s].user); + LOG(3, s, t, "CHAP login %s\n", session[s].user); radiussend(r, RADIUSAUTH); } @@ -244,8 +246,8 @@ static void dumplcp(u8 *p, int l) u8 *o = (p + 4); LOG_HEX(5, "PPP LCP Packet", p, l); - LOG(4, 0, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p, ppp_lcp_types[(int)*p], ntohs( ((u16 *) p)[1]) ); - LOG(4, 0, 0, 0, "Length: %d\n", l); + LOG(4, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p, ppp_lcp_types[(int)*p], ntohs( ((u16 *) p)[1]) ); + LOG(4, 0, 0, "Length: %d\n", l); if (*p != ConfigReq && *p != ConfigRej && *p != ConfigAck) return; @@ -255,12 +257,12 @@ static void dumplcp(u8 *p, int l) int length = o[1]; if (length < 2) { - LOG(4, 0, 0, 0, " Option length is %d...\n", length); + LOG(4, 0, 0, " Option length is %d...\n", length); break; } if (type == 0) { - LOG(4, 0, 0, 0, " Option type is 0...\n"); + LOG(4, 0, 0, " Option type is 0...\n"); x -= length; o += length; continue; @@ -269,51 +271,51 @@ static void dumplcp(u8 *p, int l) { case 1: // Maximum-Receive-Unit if (length == 4) - LOG(4, 0, 0, 0, " %s %d\n", lcp_types[type], ntohs(*(u16 *)(o + 2))); + LOG(4, 0, 0, " %s %d\n", lcp_types[type], ntohs(*(u16 *)(o + 2))); else - LOG(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length); + LOG(4, 0, 0, " %s odd length %d\n", lcp_types[type], length); break; case 2: // Async-Control-Character-Map if (length == 6) { u32 asyncmap = ntohl(*(u32 *)(o + 2)); - LOG(4, 0, 0, 0, " %s %x\n", lcp_types[type], asyncmap); + LOG(4, 0, 0, " %s %x\n", lcp_types[type], asyncmap); } else - LOG(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length); + LOG(4, 0, 0, " %s odd length %d\n", lcp_types[type], length); break; case 3: // Authentication-Protocol if (length == 4) { int proto = ntohs(*(u16 *)(o + 2)); - LOG(4, 0, 0, 0, " %s 0x%x (%s)\n", lcp_types[type], proto, + LOG(4, 0, 0, " %s 0x%x (%s)\n", lcp_types[type], proto, proto == PPPCHAP ? "CHAP" : proto == PPPPAP ? "PAP" : "UNKNOWN"); } else - LOG(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length); + LOG(4, 0, 0, " %s odd length %d\n", lcp_types[type], length); break; case 4: // Quality-Protocol { u32 qp = ntohl(*(u32 *)(o + 2)); - LOG(4, 0, 0, 0, " %s %x\n", lcp_types[type], qp); + LOG(4, 0, 0, " %s %x\n", lcp_types[type], qp); } break; case 5: // Magic-Number if (length == 6) { u32 magicno = ntohl(*(u32 *)(o + 2)); - LOG(4, 0, 0, 0, " %s %x\n", lcp_types[type], magicno); + LOG(4, 0, 0, " %s %x\n", lcp_types[type], magicno); } else - LOG(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length); + LOG(4, 0, 0, " %s odd length %d\n", lcp_types[type], length); break; case 7: // Protocol-Field-Compression case 8: // Address-And-Control-Field-Compression - LOG(4, 0, 0, 0, " %s\n", lcp_types[type]); + LOG(4, 0, 0, " %s\n", lcp_types[type]); break; default: - LOG(2, 0, 0, 0, " Unknown PPP LCP Option type %d\n", type); + LOG(2, 0, 0, " Unknown PPP LCP Option type %d\n", type); break; } x -= length; @@ -334,14 +336,14 @@ void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l) LOG_HEX(5, "LCP", p, l); if (l < 4) { - LOG(1, session[s].ip, s, t, "Short LCP %d bytes\n", l); + LOG(1, s, t, "Short LCP %d bytes\n", l); STAT(tunnel_rx_errors); return ; } if ((hl = ntohs(*(u16 *) (p + 2))) > l) { - LOG(1, 0, s, t, "Length mismatch LCP %u/%u\n", hl, l); + LOG(1, s, t, "Length mismatch LCP %u/%u\n", hl, l); STAT(tunnel_rx_errors); return ; } @@ -349,7 +351,7 @@ void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l) if (*p == ConfigAck) { - LOG(3, session[s].ip, s, t, "LCP: Discarding ConfigAck\n"); + LOG(3, s, t, "LCP: Discarding ConfigAck\n"); session[s].flags |= SF_LCP_ACKED; } else if (*p == ConfigReq) @@ -358,7 +360,7 @@ void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l) u8 *o = (p + 4); u8 response = 0; - LOG(3, session[s].ip, s, t, "LCP: ConfigReq (%d bytes)...\n", l); + LOG(3, s, t, "LCP: ConfigReq (%d bytes)...\n", l); if (config->debug > 3) dumplcp(p, l); while (x > 2) @@ -379,7 +381,7 @@ void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l) if (response && response != ConfigNak) // rej already queued break; - LOG(2, session[s].ip, s, t, " Remote requesting asyncmap. Rejecting.\n"); + LOG(2, s, t, " Remote requesting asyncmap. Rejecting.\n"); if (!response) { q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP); @@ -389,7 +391,7 @@ void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l) if ((q - b + 11) > sizeof(b)) { - LOG(2, session[s].ip, s, t, "LCP overflow for asyncmap ConfigNak.\n"); + LOG(2, s, t, "LCP overflow for asyncmap ConfigNak.\n"); break; } @@ -414,7 +416,7 @@ void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l) else sprintf(proto_name, "%#4.4x", proto); - LOG(2, session[s].ip, s, t, " Remote requesting %s authentication. Rejecting.\n", proto_name); + LOG(2, s, t, " Remote requesting %s authentication. Rejecting.\n", proto_name); if (!response) { @@ -425,7 +427,7 @@ void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l) if ((q - b + length) > sizeof(b)) { - LOG(2, session[s].ip, s, t, "LCP overflow for %s ConfigNak.\n", proto_name); + LOG(2, s, t, "LCP overflow for %s ConfigNak.\n", proto_name); break; } @@ -445,7 +447,7 @@ void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l) break; default: // Reject any unknown options - LOG(2, session[s].ip, s, t, " Rejecting PPP LCP Option type %d\n", type); + LOG(2, s, t, " Rejecting PPP LCP Option type %d\n", type); if (!response || response != ConfigRej) // drop nak in favour of rej { q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP); @@ -455,7 +457,7 @@ void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l) if ((q - b + length) > sizeof(b)) { - LOG(2, session[s].ip, s, t, "LCP overflow for ConfigRej (type=%d).\n", type); + LOG(2, s, t, "LCP overflow for ConfigRej (type=%d).\n", type); break; } @@ -474,7 +476,7 @@ void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l) response = *q = ConfigAck; } - LOG(3, session[s].ip, s, t, "Sending %s\n", ppp_lcp_types[response]); + LOG(3, s, t, "Sending %s\n", ppp_lcp_types[response]); tunnelsend(b, l + (q - b), t); if (!(session[s].flags & SF_LCP_ACKED)) @@ -482,13 +484,13 @@ void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l) } else if (*p == ConfigNak) { - LOG(1, session[s].ip, s, t, "Remote end sent a ConfigNak. Ignoring\n"); + LOG(1, s, t, "Remote end sent a ConfigNak. Ignoring\n"); if (config->debug > 3) dumplcp(p, l); return ; } else if (*p == TerminateReq) { - LOG(3, session[s].ip, s, t, "LCP: Received TerminateReq. Sending TerminateAck\n"); + LOG(3, s, t, "LCP: Received TerminateReq. Sending TerminateAck\n"); *p = TerminateAck; // close q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP); if (!q) return; @@ -501,7 +503,7 @@ void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l) } else if (*p == EchoReq) { - LOG(5, session[s].ip, s, t, "LCP: Received EchoReq. Sending EchoReply\n"); + LOG(5, s, t, "LCP: Received EchoReq. Sending EchoReply\n"); *p = EchoReply; // reply *(u32 *) (p + 4) = htonl(session[s].magic); // our magic number q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP); @@ -517,7 +519,7 @@ void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l) *p = CodeRej; if (l > MAXCONTROL) { - LOG(1, 0, s, t, "Truncated Ident Packet (length=%d) to 1400 bytes\n", l); + LOG(1, s, t, "Truncated Ident Packet (length=%d) to 1400 bytes\n", l); l = 1400; } q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP); @@ -527,7 +529,7 @@ void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l) } else { - LOG(1, session[s].ip, s, t, "Unexpected LCP code %d\n", *p); + LOG(1, s, t, "Unexpected LCP code %d\n", *p); STAT(tunnel_rx_errors); return ; } @@ -563,14 +565,14 @@ void processipcp(tunnelidt t, sessionidt s, u8 *p, u16 l) LOG_HEX(5, "IPCP", p, l); if (l < 5) { - LOG(1, 0, s, t, "Short IPCP %d bytes\n", l); + LOG(1, s, t, "Short IPCP %d bytes\n", l); STAT(tunnel_rx_errors); return ; } if ((hl = ntohs(*(u16 *) (p + 2))) > l) { - LOG(1, 0, s, t, "Length mismatch IPCP %u/%u\n", hl, l); + LOG(1, s, t, "Length mismatch IPCP %u/%u\n", hl, l); STAT(tunnel_rx_errors); return ; } @@ -589,7 +591,7 @@ void processipcp(tunnelidt t, sessionidt s, u8 *p, u16 l) } session[s].flags |= SF_IPCP_ACKED; - LOG(3, session[s].ip, s, t, "IPCP Acked, session is now active\n"); + LOG(3, s, t, "IPCP Acked, session is now active\n"); // clear LCP_ACKED/CCP_ACKED flag for possible fast renegotiaion for routers session[s].flags &= ~(SF_LCP_ACKED|SF_CCP_ACKED); @@ -598,15 +600,15 @@ void processipcp(tunnelidt t, sessionidt s, u8 *p, u16 l) } if (*p != ConfigReq) { - LOG(1, 0, s, t, "Unexpected IPCP code %d\n", *p); + LOG(1, s, t, "Unexpected IPCP code %d\n", *p); STAT(tunnel_rx_errors); return ; } - LOG(4, session[s].ip, s, t, "IPCP ConfigReq received\n"); + LOG(4, s, t, "IPCP ConfigReq received\n"); if (!session[s].ip) { - LOG(3, 0, s, t, "Waiting on radius reply\n"); + LOG(3, s, t, "Waiting on radius reply\n"); return; // have to wait on RADIUS reply } // form a config reply quoting the IP in the session @@ -637,19 +639,19 @@ void processipcp(tunnelidt t, sessionidt s, u8 *p, u16 l) { if (*p != 0x81 && *p != 0x83 && *p != 3) { - LOG(2, 0, s, t, "IPCP reject %d\n", *p); + LOG(2, s, t, "IPCP reject %d\n", *p); memcpy(q + n, p, p[1]); n += p[1]; } p += p[1]; } *(u16 *) (q + 2) = htons(n); - LOG(4, session[s].ip, s, t, "Sending ConfigRej\n"); + LOG(4, s, t, "Sending ConfigRej\n"); tunnelsend(b, n + (q - b), t); // send it } else { - LOG(4, session[s].ip, s, t, "Sending ConfigAck\n"); + LOG(4, s, t, "Sending ConfigAck\n"); *p = ConfigAck; if ((i = findppp(p, 0x81))) // Primary DNS address { @@ -657,7 +659,7 @@ void processipcp(tunnelidt t, sessionidt s, u8 *p, u16 l) { *(u32 *) (i + 2) = htonl(session[s].dns1); *p = ConfigNak; - LOG(5, session[s].ip, s, t, " DNS1 = %s\n", inet_toa(session[s].dns1)); + LOG(5, s, t, " DNS1 = %s\n", fmtaddr(session[s].dns1, 0)); } } if ((i = findppp(p, 0x83))) // Secondary DNS address (TBA, is it) @@ -666,13 +668,13 @@ void processipcp(tunnelidt t, sessionidt s, u8 *p, u16 l) { *(u32 *) (i + 2) = htonl(session[s].dns2); *p = ConfigNak; - LOG(5, session[s].ip, s, t, " DNS2 = %s\n", inet_toa(session[s].dns2)); + LOG(5, s, t, " DNS2 = %s\n", fmtaddr(session[s].dns2, 0)); } } i = findppp(p, 3); // IP address if (!i || i[1] != 6) { - LOG(1, 0, s, t, "No IP in IPCP request\n"); + LOG(1, s, t, "No IP in IPCP request\n"); STAT(tunnel_rx_errors); return ; } @@ -680,8 +682,8 @@ void processipcp(tunnelidt t, sessionidt s, u8 *p, u16 l) { *(u32 *) (i + 2) = htonl(session[s].ip); *p = ConfigNak; - LOG(4, session[s].ip, s, t, " No, a ConfigNak, client is requesting IP - sending %s\n", - inet_toa(htonl(session[s].ip))); + LOG(4, s, t, " No, a ConfigNak, client is requesting IP - sending %s\n", + fmtaddr(htonl(session[s].ip), 0)); } if (!(q = makeppp(b, sizeof(b), p, l, t, s, PPPIPCP))) return; @@ -707,7 +709,7 @@ void processipin(tunnelidt t, sessionidt s, u8 *p, u16 l) if (l > MAXETHER) { - LOG(1, ip, s, t, "IP packet too long %d\n", l); + LOG(1, s, t, "IP packet too long %d\n", l); STAT(tunnel_rx_errors); return ; } @@ -715,7 +717,7 @@ void processipin(tunnelidt t, sessionidt s, u8 *p, u16 l) // no spoof (do sessionbyip to handled statically routed subnets) if (ip != session[s].ip && sessionbyip(htonl(ip)) != s) { - LOG(5, ip, s, t, "Dropping packet with spoofed IP %s\n", inet_toa(htonl(ip))); + LOG(5, s, t, "Dropping packet with spoofed IP %s\n", fmtaddr(htonl(ip), 0)); return; } @@ -742,7 +744,7 @@ void processipin(tunnelidt t, sessionidt s, u8 *p, u16 l) if (tun_write(p, l) < 0) { STAT(tun_tx_errors); - LOG(0, 0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n", + LOG(0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n", l, strerror(errno), tunfd, p); return; @@ -776,7 +778,7 @@ void send_ipin(sessionidt s, u8 *buf, int len) if (write(tunfd, buf, len) < 0) { STAT(tun_tx_errors); - LOG(0, 0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n", + LOG(0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n", len, strerror(errno), tunfd, buf); return; @@ -838,9 +840,9 @@ void processccp(tunnelidt t, sessionidt s, u8 *p, u16 l) default: if (l > 1) - LOG(1, 0, s, t, "Unexpected CCP request code %d\n", *p); + LOG(1, s, t, "Unexpected CCP request code %d\n", *p); else - LOG(1, 0, s, t, "Short CCP packet\n"); + LOG(1, s, t, "Short CCP packet\n"); STAT(tunnel_rx_errors); return; @@ -863,11 +865,11 @@ void sendchap(tunnelidt t, sessionidt s) if (!r) { - LOG(1, 0, s, t, "No RADIUS to send challenge\n"); + LOG(1, s, t, "No RADIUS to send challenge\n"); STAT(tunnel_tx_errors); return ; } - LOG(1, 0, s, t, "Send CHAP challenge\n"); + LOG(1, s, t, "Send CHAP challenge\n"); { // new challenge int n; @@ -906,7 +908,7 @@ u8 *makeppp(u8 *b, int size, u8 *p, int l, tunnelidt t, sessionidt s, u16 mtype) if (size < 12) // Need more space than this!! { static int backtrace_count = 0; - LOG(0, session[s].ip, s, t, "makeppp buffer too small for L2TP header (size=%d)\n", size); + LOG(0, s, t, "makeppp buffer too small for L2TP header (size=%d)\n", size); log_backtrace(backtrace_count, 5) return NULL; } @@ -931,7 +933,7 @@ u8 *makeppp(u8 *b, int size, u8 *p, int l, tunnelidt t, sessionidt s, u16 mtype) if (l + 12 > size) { static int backtrace_count = 0; - LOG(2, session[s].ip, s, t, "makeppp would overflow buffer (size=%d, header+payload=%d)\n", size, l + 12); + LOG(2, s, t, "makeppp would overflow buffer (size=%d, header+payload=%d)\n", size, l + 12); log_backtrace(backtrace_count, 5) return NULL; } @@ -950,7 +952,7 @@ void initlcp(tunnelidt t, sessionidt s) if (!(q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP))) return; - LOG(4, 0, s, t, "Sending LCP ConfigReq for PAP\n"); + LOG(4, s, t, "Sending LCP ConfigReq for PAP\n"); *q = ConfigReq; *(u8 *)(q + 1) = (time_now % 255) + 1; // ID *(u16 *)(q + 2) = htons(14); // Length @@ -973,7 +975,7 @@ static void initccp(tunnelidt t, sessionidt s) if (!(q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPCCP))) return; - LOG(4, 0, s, t, "Sending CCP ConfigReq for no compression\n"); + LOG(4, s, t, "Sending CCP ConfigReq for no compression\n"); *q = ConfigReq; *(u8 *)(q + 1) = (time_now % 255) + 1; // ID *(u16 *)(q + 2) = htons(4); // Length diff --git a/radius.c b/radius.c index 63aeec1..799a472 100644 --- a/radius.c +++ b/radius.c @@ -1,6 +1,6 @@ // L2TPNS Radius Stuff -char const *cvs_id_radius = "$Id: radius.c,v 1.17 2004-11-28 02:53:11 bodea Exp $"; +char const *cvs_id_radius = "$Id: radius.c,v 1.18 2004-11-29 02:17:18 bodea Exp $"; #include #include @@ -42,7 +42,7 @@ static const char *radius_state(int state) void initrad(void) { int i; - LOG(3, 0, 0, 0, "Creating %d sockets for RADIUS queries\n", config->num_radfds); + LOG(3, 0, 0, "Creating %d sockets for RADIUS queries\n", config->num_radfds); radfds = calloc(sizeof(int), config->num_radfds); for (i = 0; i < config->num_radfds; i++) { @@ -77,7 +77,7 @@ static u16 get_free_radius() } } - LOG(0, 0, 0, 0, "Can't find a free radius session! This is very bad!\n"); + LOG(0, 0, 0, "Can't find a free radius session! This is very bad!\n"); return 0; } @@ -88,13 +88,13 @@ u16 radiusnew(sessionidt s) /* re-use */ if (r) { - LOG(3, 0, s, session[s].tunnel, "Re-used radius %d\n", r); + LOG(3, s, session[s].tunnel, "Re-used radius %d\n", r); return r; } if (!(r = get_free_radius())) { - LOG(1, 0, s, session[s].tunnel, "No free RADIUS sessions\n"); + LOG(1, s, session[s].tunnel, "No free RADIUS sessions\n"); STAT(radius_overflow); return 0; }; @@ -105,7 +105,7 @@ u16 radiusnew(sessionidt s) radius[r].state = RADIUSWAIT; radius[r].retry = TIME + 1200; // Wait at least 120 seconds to re-claim this. - LOG(3,0,s, session[s].tunnel, "Allocated radius %d\n", r); + LOG(3, s, session[s].tunnel, "Allocated radius %d\n", r); return r; } @@ -124,12 +124,12 @@ void radiussend(u16 r, u8 state) s = radius[r].session; if (!config->numradiusservers) { - LOG(0, 0, s, session[s].tunnel, "No RADIUS servers\n"); + LOG(0, s, session[s].tunnel, "No RADIUS servers\n"); return; } if (!*config->radiussecret) { - LOG(0, 0, s, session[s].tunnel, "No RADIUS secret\n"); + LOG(0, s, session[s].tunnel, "No RADIUS secret\n"); return; } @@ -144,9 +144,10 @@ void radiussend(u16 r, u8 state) radius[r].try = 0; radius[r].state = state; radius[r].retry = backoff(radius[r].try++); - LOG(4, 0, s, session[s].tunnel, "Send RADIUS id %d sock %d state %s try %d\n", - r >> RADIUS_SHIFT, r & RADIUS_MASK, - radius_state(radius[r].state), radius[r].try); + LOG(4, s, session[s].tunnel, "Send RADIUS id %d sock %d state %s try %d\n", + r >> RADIUS_SHIFT, r & RADIUS_MASK, + radius_state(radius[r].state), radius[r].try); + if (radius[r].try > config->numradiusservers * 2) { if (s) @@ -155,7 +156,7 @@ void radiussend(u16 r, u8 state) sessionshutdown(s, "RADIUS timeout"); else { - LOG(1, 0, s, session[s].tunnel, "RADIUS timeout, but in state %s so don't timeout session\n", + LOG(1, s, session[s].tunnel, "RADIUS timeout, but in state %s so don't timeout session\n", radius_states[state]); radiusclear(r, s); } @@ -180,7 +181,7 @@ void radiussend(u16 r, u8 state) b[0] = 4; // accounting request break; default: - LOG(0, 0, 0, 0, "Unknown radius state %d\n", state); + LOG(0, 0, 0, "Unknown radius state %d\n", state); } b[1] = r >> RADIUS_SHIFT; // identifier memcpy(b + 4, radius[r].auth, 16); @@ -381,22 +382,22 @@ void processrad(u8 *buf, int len, char socket_index) LOG_HEX(5, "RADIUS Response", buf, len); if (len < 20 || len < ntohs(*(u16 *) (buf + 2))) { - LOG(1, 0, 0, 0, "Duff RADIUS response length %d\n", len); + LOG(1, 0, 0, "Duff RADIUS response length %d\n", len); return ; } len = ntohs(*(u16 *) (buf + 2)); r = socket_index | (r_id << RADIUS_SHIFT); s = radius[r].session; - LOG(3, 0, s, session[s].tunnel, "Received %s, radius %d response for session %u (code %d, id %d)\n", + LOG(3, s, session[s].tunnel, "Received %s, radius %d response for session %u (code %d, id %d)\n", radius_states[radius[r].state], r, s, r_code, r_id); if (!s && radius[r].state != RADIUSSTOP) { - LOG(1, 0, s, session[s].tunnel, " Unexpected RADIUS response\n"); + LOG(1, s, session[s].tunnel, " Unexpected RADIUS response\n"); return; } if (radius[r].state != RADIUSAUTH && radius[r].state != RADIUSSTART && radius[r].state != RADIUSSTOP) { - LOG(1, 0, s, session[s].tunnel, " Unexpected RADIUS response\n"); + LOG(1, s, session[s].tunnel, " Unexpected RADIUS response\n"); return; } t = session[s].tunnel; @@ -409,19 +410,19 @@ void processrad(u8 *buf, int len, char socket_index) do { if (memcmp(hash, buf + 4, 16)) { - LOG(0, 0, s, session[s].tunnel, " Incorrect auth on RADIUS response!! (wrong secret in radius config?)\n"); + LOG(0, s, session[s].tunnel, " Incorrect auth on RADIUS response!! (wrong secret in radius config?)\n"); return; // Do nothing. On timeout, it will try the next radius server. } if ((radius[r].state == RADIUSAUTH && *buf != 2 && *buf != 3) || ((radius[r].state == RADIUSSTART || radius[r].state == RADIUSSTOP) && *buf != 5)) { - LOG(1, 0, s, session[s].tunnel, " Unexpected RADIUS response %d\n", *buf); + LOG(1, s, session[s].tunnel, " Unexpected RADIUS response %d\n", *buf); return; // We got something we didn't expect. Let the timeouts take // care off finishing the radius session if that's really correct. } if (radius[r].state == RADIUSAUTH) { - LOG(4, 0, s, session[s].tunnel, " Original response is \"%s\"\n", (*buf == 2) ? "accept" : "reject"); + LOG(4, s, session[s].tunnel, " Original response is \"%s\"\n", (*buf == 2) ? "accept" : "reject"); // process auth response if (radius[r].chap) { @@ -435,7 +436,7 @@ void processrad(u8 *buf, int len, char socket_index) *buf = packet.auth_allowed ? 2 : 3; } - LOG(3, 0, s, session[s].tunnel, " CHAP User %s authentication %s.\n", session[s].user, + LOG(3, s, session[s].tunnel, " CHAP User %s authentication %s.\n", session[s].user, (*buf == 2) ? "allowed" : "denied"); *p = (*buf == 2) ? 3 : 4; // ack/nak p[1] = radius[r].id; @@ -454,7 +455,7 @@ void processrad(u8 *buf, int len, char socket_index) *buf = packet.auth_allowed ? 2 : 3; } - LOG(3, 0, s, session[s].tunnel, " PAP User %s authentication %s.\n", session[s].user, + LOG(3, s, session[s].tunnel, " PAP User %s authentication %s.\n", session[s].user, (*buf == 2) ? "allowed" : "denied"); // ack/nak *p = *buf; @@ -475,21 +476,24 @@ void processrad(u8 *buf, int len, char socket_index) if (*p == 8) { // Framed-IP-Address - LOG(3, 0, s, session[s].tunnel, " Radius reply contains IP address %s\n", inet_toa(*(u32 *) (p + 2))); session[s].ip = ntohl(*(u32 *) (p + 2)); session[s].ip_pool_index = -1; + LOG(3, s, session[s].tunnel, " Radius reply contains IP address %s\n", + fmtaddr(htonl(session[s].ip), 0)); } else if (*p == 135) { // DNS address - LOG(3, 0, s, session[s].tunnel, " Radius reply contains primary DNS address %s\n", inet_toa(*(u32 *) (p + 2))); session[s].dns1 = ntohl(*(u32 *) (p + 2)); + LOG(3, s, session[s].tunnel, " Radius reply contains primary DNS address %s\n", + fmtaddr(htonl(session[s].dns1), 0)); } else if (*p == 136) { // DNS address - LOG(3, 0, s, session[s].tunnel, " Radius reply contains secondary DNS address %s\n", inet_toa(*(u32 *) (p + 2))); session[s].dns2 = ntohl(*(u32 *) (p + 2)); + LOG(3, s, session[s].tunnel, " Radius reply contains secondary DNS address %s\n", + fmtaddr(htonl(session[s].dns2), 0)); } else if (*p == 22) { @@ -524,18 +528,16 @@ void processrad(u8 *buf, int len, char socket_index) mask = 0xFFFF0000; else mask = 0xFFFFFF00; + if (routes == MAXROUTE) { - LOG(1, 0, s, session[s].tunnel, " Too many routes\n"); + LOG(1, s, session[s].tunnel, " Too many routes\n"); } else if (ip) { - char *ips, *masks; - ips = strdup(inet_toa(htonl(ip))); - masks = strdup(inet_toa(htonl(mask))); - LOG(3, 0, s, session[s].tunnel, " Radius reply contains route for %s/%s\n", ips, masks); - free(ips); - free(masks); + LOG(3, s, session[s].tunnel, " Radius reply contains route for %s/%s\n", + fmtaddr(htonl(ip), 0), fmtaddr(htonl(mask), 1)); + session[s].route[routes].ip = ip; session[s].route[routes].mask = mask; routes++; @@ -550,7 +552,7 @@ void processrad(u8 *buf, int len, char socket_index) u8 *f = 0; int i; - LOG(3, 0, s, session[s].tunnel, " Radius reply contains Filter-Id \"%.*s\"\n", l, filter); + LOG(3, s, session[s].tunnel, " Radius reply contains Filter-Id \"%.*s\"\n", l, filter); if ((suffix = memchr(filter, '.', l))) { int b = suffix - filter; @@ -564,7 +566,7 @@ void processrad(u8 *buf, int len, char socket_index) if (!f) { - LOG(3, 0, s, session[s].tunnel, " Invalid filter\n"); + LOG(3, s, session[s].tunnel, " Invalid filter\n"); continue; } @@ -576,7 +578,7 @@ void processrad(u8 *buf, int len, char socket_index) if (*f) ip_filters[*f - 1].used++; else - LOG(3, 0, s, session[s].tunnel, " Unknown filter\n"); + LOG(3, s, session[s].tunnel, " Unknown filter\n"); } else if (*p == 26) @@ -585,16 +587,16 @@ void processrad(u8 *buf, int len, char socket_index) int vendor = ntohl(*(int *)(p + 2)); char attrib = *(p + 6); char attrib_length = *(p + 7) - 2; - LOG(3, 0, s, session[s].tunnel, " Radius reply contains Vendor-Specific. Vendor=%d Attrib=%d Length=%d\n", vendor, attrib, attrib_length); + LOG(3, s, session[s].tunnel, " Radius reply contains Vendor-Specific. Vendor=%d Attrib=%d Length=%d\n", vendor, attrib, attrib_length); if (attrib_length == 0) continue; if (attrib != 1) - LOG(3, 0, s, session[s].tunnel, " Unknown vendor-specific\n"); + LOG(3, s, session[s].tunnel, " Unknown vendor-specific\n"); else { char *avpair, *value, *key, *newp; avpair = key = calloc(attrib_length + 1, 1); memcpy(avpair, p + 8, attrib_length); - LOG(3, 0, s, session[s].tunnel, " Cisco-Avpair value: %s\n", avpair); + LOG(3, s, session[s].tunnel, " Cisco-Avpair value: %s\n", avpair); do { value = strchr(key, '='); if (!value) break; @@ -626,7 +628,7 @@ void processrad(u8 *buf, int len, char socket_index) } else if (*buf == 3) { - LOG(2, 0, s, session[s].tunnel, " Authentication denied for %s\n", session[s].user); + LOG(2, s, session[s].tunnel, " Authentication denied for %s\n", session[s].user); //FIXME: We should tear down the session here! break; } @@ -634,12 +636,12 @@ void processrad(u8 *buf, int len, char socket_index) if (!session[s].dns1 && config->default_dns1) { session[s].dns1 = htonl(config->default_dns1); - LOG(3, 0, s, t, " Sending dns1 = %s\n", inet_toa(config->default_dns1)); + LOG(3, s, t, " Sending dns1 = %s\n", fmtaddr(config->default_dns1, 0)); } if (!session[s].dns2 && config->default_dns2) { session[s].dns2 = htonl(config->default_dns2); - LOG(3, 0, s, t, " Sending dns2 = %s\n", inet_toa(config->default_dns2)); + LOG(3, s, t, " Sending dns2 = %s\n", fmtaddr(config->default_dns2, 0)); } // Valid Session, set it up @@ -649,7 +651,7 @@ void processrad(u8 *buf, int len, char socket_index) else { // An ack for a stop or start record. - LOG(3, 0, s, t, " RADIUS accounting ack recv in state %s\n", radius_states[radius[r].state]); + LOG(3, s, t, " RADIUS accounting ack recv in state %s\n", radius_states[radius[r].state]); break; } } while (0); @@ -691,7 +693,7 @@ void radiusretry(u16 r) case RADIUSWAIT: // waiting timeout before available, in case delayed reply from RADIUS server // free up RADIUS task radiusclear(r, s); - LOG(3, 0, s, session[s].tunnel, "Freeing up radius session %d\n", r); + LOG(3, s, session[s].tunnel, "Freeing up radius session %d\n", r); break; } } diff --git a/stripdomain.c b/stripdomain.c index 1013b7b..a7a3fb2 100644 --- a/stripdomain.c +++ b/stripdomain.c @@ -4,7 +4,7 @@ /* strip domain part of username before sending RADIUS requests */ -char const *cvs_id = "$Id: stripdomain.c,v 1.6 2004-11-17 08:23:35 bodea Exp $"; +char const *cvs_id = "$Id: stripdomain.c,v 1.7 2004-11-29 02:17:18 bodea Exp $"; int plugin_api_version = PLUGIN_API_VERSION; static struct pluginfuncs *p = 0; @@ -18,7 +18,7 @@ int plugin_pre_auth(struct param_pre_auth *data) // Strip off @domain if ((x = strchr(data->username, '@'))) { - p->log(3, 0, 0, 0, "Stripping off trailing domain name \"%s\"\n", x); + p->log(3, 0, 0, "Stripping off trailing domain name \"%s\"\n", x); *x = 0; } diff --git a/tbf.c b/tbf.c index 4ef7e4e..c717a82 100644 --- a/tbf.c +++ b/tbf.c @@ -1,6 +1,6 @@ // L2TPNS: token bucket filters -char const *cvs_id_tbf = "$Id: tbf.c,v 1.9 2004-11-05 04:55:27 bodea Exp $"; +char const *cvs_id_tbf = "$Id: tbf.c,v 1.10 2004-11-29 02:17:18 bodea Exp $"; #include #include "l2tpns.h" @@ -54,7 +54,7 @@ static void del_from_timer(int id) if (filter_list[id].next == id) { // Last element in chain? if (timer_chain != id) { // WTF? - LOG(0,0,0,0, "Removed a singleton element from TBF, but tc didn't point to it!\n"); + LOG(0, 0, 0, "Removed a singleton element from TBF, but tc didn't point to it!\n"); } else timer_chain = -1; filter_list[id].next = filter_list[id].prev = 0; @@ -96,7 +96,7 @@ int new_tbf(int sid, int max_credit, int rate, void (*f)(sessionidt, u8 *, int)) int i; static int p = 0; - LOG(4,0,0,0, "Allocating new TBF (sess %d, rate %d, helper %p)\n", sid, rate, f); + LOG(4, 0, 0, "Allocating new TBF (sess %d, rate %d, helper %p)\n", sid, rate, f); if (!filter_list) return 0; // Couldn't alloc memory! @@ -116,7 +116,7 @@ int new_tbf(int sid, int max_credit, int rate, void (*f)(sessionidt, u8 *, int)) return p; } - LOG(0,0,0,0, "Ran out of token bucket filters! Sess %d will be un-throttled\n", sid); + LOG(0, 0, 0, "Ran out of token bucket filters! Sess %d will be un-throttled\n", sid); return 0; } @@ -300,7 +300,7 @@ int tbf_run_timer(void) if (filter_list[i].lasttime == TIME) // Did we just run it? continue; - LOG(1,0,0,0, "Missed tbf %d! Not on the timer chain?(n %d, p %d, tc %d)\n", i, + LOG(1, 0, 0, "Missed tbf %d! Not on the timer chain?(n %d, p %d, tc %d)\n", i, filter_list[i].next, filter_list[i].prev, timer_chain); tbf_run_queue(i); } @@ -318,7 +318,9 @@ int cmd_show_tbf(struct cli_def *cli, char *command, char **argv, int argc) return CLI_HELP_NO_ARGS; if (!config->cluster_iam_master) { - cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); + cli_print(cli, "Can't do this on a slave. Do it on %s", + fmtaddr(config->cluster_master_address, 0)); + return CLI_OK; } diff --git a/util.c b/util.c index b11627b..3dc9f05 100644 --- a/util.c +++ b/util.c @@ -1,6 +1,6 @@ /* Misc util functions */ -char const *cvs_id_util = "$Id: util.c,v 1.6 2004-11-16 07:54:32 bodea Exp $"; +char const *cvs_id_util = "$Id: util.c,v 1.7 2004-11-29 02:17:18 bodea Exp $"; #include #include @@ -16,11 +16,16 @@ char const *cvs_id_util = "$Id: util.c,v 1.6 2004-11-16 07:54:32 bodea Exp $"; #include "bgp.h" #endif -char *inet_toa(unsigned long addr) +// format ipv4 addr as a dotted-quad; n chooses one of 4 static buffers +// to use +char *fmtaddr(ipt addr, int n) { + static char addrs[4][16]; struct in_addr in; - memcpy(&in, &addr, sizeof(unsigned long)); - return inet_ntoa(in); + + if (n < 0 || n >= 4) return ""; + in.s_addr = addr; + return strcpy(addrs[n], inet_ntoa(in)); } void *shared_malloc(unsigned int size) @@ -51,8 +56,8 @@ pid_t fork_and_close() params.sched_priority = 0; if (sched_setscheduler(0, SCHED_OTHER, ¶ms)) { - LOG(0, 0, 0, 0, "Error setting scheduler to OTHER after fork: %s\n", strerror(errno)); - LOG(0, 0, 0, 0, "This is probably really really bad.\n"); + LOG(0, 0, 0, "Error setting scheduler to OTHER after fork: %s\n", strerror(errno)); + LOG(0, 0, 0, "This is probably really really bad.\n"); } } diff --git a/util.h b/util.h index 5fe9d4f..91ab0bb 100644 --- a/util.h +++ b/util.h @@ -1,7 +1,7 @@ #ifndef __UTIL_H__ #define __UTIL_H__ -char *inet_toa(unsigned long addr); +char *fmtaddr(ipt addr, int n); void *shared_malloc(unsigned int size); pid_t fork_and_close(void);