From: Brendan O'Dea Date: Tue, 9 Nov 2004 05:42:53 +0000 (+0000) Subject: Fix intercepts: don't double-snoop throttled customers, ensure X-Git-Tag: 2.2.1-2fdn3.1~19^2^2~1^2~358 X-Git-Url: http://git.sameswireless.fr/l2tpns.git/commitdiff_plain/32f6edf2662e26ad6e5a9020483e4a6a49e4f95b?ds=inline;hp=9cc63de62466c5f70e51a06681aae32db8ac385a Fix intercepts: don't double-snoop throttled customers, ensure byte/packet counts are only updated once --- diff --git a/Changes b/Changes index 1813202..2d1c16f 100644 --- a/Changes +++ b/Changes @@ -1,5 +1,7 @@ ? Brendan O'Dea 2.0.5 - Handle routing properly in lone-master case +- Fix intercepts: don't double-snoop throttled customers, ensure + byte/packet counts are only updated once * Mon Nov 8 2004 Brendan O'Dea 2.0.4 - Added setrxspeed plugin diff --git a/l2tpns.c b/l2tpns.c index 5df2ef5..0414db7 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.45 2004-11-05 07:50:05 bodea Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.46 2004-11-09 05:42:53 bodea Exp $"; #include #include @@ -787,10 +787,6 @@ void processipout(u8 * buf, int len) return; } - // Snooping this session, send it to intercept box - if (sp->snoop_ip && sp->snoop_port) - snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port); - LOG(5, session[s].ip, s, t, "Ethernet -> Tunnel (%d bytes)\n", len); // Add on L2TP header @@ -804,6 +800,10 @@ void processipout(u8 * buf, int len) tunnelsend(b, len + (p-b), t); // send it... } + // Snooping this session, send it to intercept box + if (sp->snoop_ip && sp->snoop_port) + snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port); + sp->cout += len; // byte count sp->total_cout += len; // byte count sp->pout++; @@ -837,15 +837,12 @@ void send_ipout(sessionidt s, u8 *buf, int len) if (!session[s].ip) return; + t = session[s].tunnel; sp = &session[s]; LOG(5, session[s].ip, s, t, "Ethernet -> Tunnel (%d bytes)\n", len); - // Snooping this session. - if (sp->snoop_ip && sp->snoop_port) - snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port); - // Add on L2TP header { u8 *p = makeppp(b, sizeof(b), buf, len, t, s, PPPIP); @@ -856,6 +853,11 @@ void send_ipout(sessionidt s, u8 *buf, int len) } tunnelsend(b, len + (p-b), t); // send it... } + + // Snooping this session. + if (sp->snoop_ip && sp->snoop_port) + snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port); + sp->cout += len; // byte count sp->total_cout += len; // byte count sp->pout++; diff --git a/ppp.c b/ppp.c index b2d84ec..9d5a2f3 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.22 2004-11-05 23:18:54 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.23 2004-11-09 05:42:53 bodea Exp $"; #include #include @@ -709,12 +709,6 @@ void processipin(tunnelidt t, sessionidt s, u8 *p, u16 l) return; } - if (session[s].snoop_ip && session[s].snoop_port) - { - // Snooping this session - snoop_send_packet(p, l, session[s].snoop_ip, session[s].snoop_port); - } - // Add on the tun header p -= 4; *(u32 *)p = htonl(0x00000800); @@ -725,16 +719,6 @@ void processipin(tunnelidt t, sessionidt s, u8 *p, u16 l) return; } - session[s].cin += l - 4; - session[s].total_cin += l - 4; - sess_count[s].cin += l - 4; - - session[s].pin++; - eth_tx += l - 4; - - STAT(tun_tx_packets); - INC_STAT(tun_tx_bytes, l); - if (session[s].tbf_in && config->cluster_iam_master) { // Are we throttled and a master?? actually handle the throttled packets. tbf_queue_packet(session[s].tbf_in, p, l); return; @@ -746,8 +730,25 @@ void processipin(tunnelidt t, sessionidt s, u8 *p, u16 l) STAT(tun_tx_errors); LOG(0, 0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n", l, strerror(errno), tunfd, p); + + return; } + if (session[s].snoop_ip && session[s].snoop_port) + { + // Snooping this session + snoop_send_packet(p + 4, l - 4, session[s].snoop_ip, session[s].snoop_port); + } + + session[s].cin += l - 4; + session[s].total_cin += l - 4; + sess_count[s].cin += l - 4; + + session[s].pin++; + eth_tx += l - 4; + + STAT(tun_tx_packets); + INC_STAT(tun_tx_bytes, l - 4); } // @@ -757,11 +758,20 @@ void processipin(tunnelidt t, sessionidt s, u8 *p, u16 l) void send_ipin(sessionidt s, u8 *buf, int len) { LOG_HEX(5, "IP in throttled", buf, len); + if (write(tunfd, buf, len) < 0) { STAT(tun_tx_errors); LOG(0, 0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n", len, strerror(errno), tunfd, buf); + + return; + } + + if (session[s].snoop_ip && session[s].snoop_port) + { + // Snooping this session + snoop_send_packet(p + 4, l - 4, session[s].snoop_ip, session[s].snoop_port); } // Increment packet counters @@ -771,6 +781,9 @@ void send_ipin(sessionidt s, u8 *buf, int len) session[s].pin++; eth_tx += len - 4; + + STAT(tun_tx_packets); + INC_STAT(tun_tx_bytes, l - 4); }