From: fendo Date: Wed, 28 Nov 2012 22:43:33 +0000 (+0100) Subject: first version of the LAC functionality X-Git-Tag: 2.2.1-2fdn3.1~9 X-Git-Url: http://git.sameswireless.fr/l2tpns.git/commitdiff_plain/4df24fd868177859ddd778f1f45bc825f6264cfb first version of the LAC functionality --- diff --git a/Makefile b/Makefile index ea7e8df..e915e9b 100644 --- a/Makefile +++ b/Makefile @@ -43,6 +43,9 @@ endif DEFINES += -DBGP OBJS += bgp.o +DEFINES += -DLAC +OBJS += l2tplac.o + all: programs plugins programs: $(PROGRAMS) plugins: $(PLUGINS) diff --git a/cli.c b/cli.c index 3f63413..5b0bcbc 100644 --- a/cli.c +++ b/cli.c @@ -31,6 +31,9 @@ #ifdef BGP #include "bgp.h" #endif +#ifdef LAC +#include "l2tplac.h" +#endif extern tunnelt *tunnel; extern bundlet *bundle; @@ -99,7 +102,9 @@ static int cmd_remove_plugin(struct cli_def *cli, char *command, char **argv, in static int cmd_uptime(struct cli_def *cli, char *command, char **argv, int argc); static int cmd_shutdown(struct cli_def *cli, char *command, char **argv, int argc); static int cmd_reload(struct cli_def *cli, char *command, char **argv, int argc); - +#ifdef LAC +static int cmd_setforward(struct cli_def *cli, char *command, char **argv, int argc); +#endif static int regular_stuff(struct cli_def *cli); @@ -222,6 +227,10 @@ void init_cli() cli_register_command(cli, NULL, "set", cmd_set, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Set a configuration variable"); +#ifdef LAC + cli_register_command(cli, NULL, "setforward", cmd_setforward, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Set the Remote LNS Forward"); +#endif + c = cli_register_command(cli, NULL, "ip", NULL, PRIVILEGE_PRIVILEGED, MODE_CONFIG, NULL); cli_register_command(cli, c, "access-list", cmd_ip_access_list, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Add named access-list"); @@ -3095,3 +3104,53 @@ static int cmd_reload(struct cli_def *cli, char *command, char **argv, int argc) kill(getppid(), SIGHUP); return CLI_OK; } + +#ifdef LAC + +static int cmd_setforward(struct cli_def *cli, char *command, char **argv, int argc) +{ + int ret; + + if (CLI_HELP_REQUESTED) + { + switch (argc) + { + case 1: + return cli_arg_help(cli, 0, + "MASK", "Users mask to forward (ex: myISP@operator.com)", NULL); + + case 2: + return cli_arg_help(cli, 0, + "IP", "IP of the remote LNS(ex: 64.64.64.64)", NULL); + + case 3: + return cli_arg_help(cli, 0, + "PORT", "Port of the remote LNS (ex: 1701)", NULL); + + case 4: + return cli_arg_help(cli, 0, + "SECRET", "l2tp secret of the remote LNS (ex: mysecretpsw)", NULL); + + default: + return cli_arg_help(cli, argc > 1, NULL); + } + } + + if (argc != 4) + { + cli_error(cli, "Specify variable and value"); + return CLI_OK; + } + + // adremotelns(mask, IP_RemoteLNS, Port_RemoteLNS, SecretRemoteLNS) + ret = addremotelns(argv[0], argv[1], argv[2], argv[3]); + + if (ret) + cli_print(cli, "setforward %s %s %s %s", argv[0], argv[1], argv[2], argv[3]); + else + cli_error(cli, "ERROR setforward %s %s %s %s", argv[0], argv[1], argv[2], argv[3]); + + return CLI_OK; +} + +#endif diff --git a/l2tplac.c b/l2tplac.c new file mode 100644 index 0000000..11ac963 --- /dev/null +++ b/l2tplac.c @@ -0,0 +1,322 @@ +/* + * Add functionality "LAC" to l2tpns. + * Used to forward a ppp session to another "LNS". + */ +#include +#include + +#include "md5.h" +#include "l2tpns.h" +#include "util.h" + +#include "l2tplac.h" + +/* sequence diagram: Client <--> LAC <--> LNS1 <--> LNS2 + * + * LCP Negotiation + * Client <-------------------> LAC + * Challenge (CHAP/PAP) + * Client <-------------------> LAC + * SCCRQ + * LAC --------------------> LNS1 (Tunnel Open) + * SCCRP + * LAC <-------------------- LNS1 (Tunnel Open) + * SCCCN + * LAC --------------------> LNS1 (Tunnel Open) + * ZLB + * LAC <-------------------- LNS1 (Tunnel Open) + * ICRQ + * LAC --------------------> LNS1 (Session Open) + * ICRP + * LAC <-------------------- LNS1 (Session Open) + * ICCN + * LAC --------------------> LNS1 (Session Open) + * ZLB + * LAC <-------------------- LNS1 (Session Open) + * LCP Negotiation + * Client <---------------------------------------------> LNS1 + * Challenge (CHAP/PAP) + * Client <---------------------------------------------> LNS1 + * SCCRQ + * LNS1 --------------------> LNS2 (Tunnel Open) + * SCCRP + * LNS1 <-------------------- LNS2 (Tunnel Open) + * SCCCN + * LNS1 --------------------> LNS2 (Tunnel Open) + * ZLB + * LNS1 <-------------------- LNS2 (Tunnel Open) + * ICRQ + * LNS1 --------------------> LNS2 (Session Open) + * ICRP + * LNS1 <-------------------- LNS2 (Session Open) + * ICCN + * LNS1 --------------------> LNS2 (Session Open) + * ZLB + * LNS1 <-------------------- LNS2 (Session Open) + * LCP Negotiation + * Client <------------------------------------------------------------------------> LNS2 + * PAP/CHAP Authentification + * Client <------------------------------------------------------------------------> LNS2 + * DATA (ppp) + * Client <------------------------------------------------------------------------> LNS2 + * */ + +// Limits +#define MAXRLNSTUNNEL 101 + +typedef uint16_t confrlnsidt; + +/* + * Possible configrlns states + * TUNNELFREE -> TUNNELOPEN -> TUNNELDIE -> TUNNELFREE + */ +enum +{ + CONFRLNSFREE = 0, // Not in use + CONFRLNSSET // Config Set +}; + +// struct remote lns +typedef struct +{ + tunnelidt tid; // near end tunnel ID + int state; // conf state (tunnelstate enum) + in_addr_t ip; // Ip for far end + uint16_t port; // port for far end + hasht auth; // request authenticator + char strmaskuser[MAXUSER]; + char l2tp_secret[64]; // L2TP shared secret +} +configrlns; + +configrlns *pconfigrlns = NULL; // Array of tunnel structures. + +// Init data structures +void initremotelnsdata() +{ + confrlnsidt i; + + if ( !(pconfigrlns = shared_malloc(sizeof(pconfigrlns[0]) * MAXRLNSTUNNEL)) ) + { + LOG(0, 0, 0, "Error doing malloc for tunnels lac: %s\n", strerror(errno)); + exit(1); + } + + memset(pconfigrlns, 0, sizeof(pconfigrlns[0]) * MAXRLNSTUNNEL); + + // Mark all the tunnels as undefined (waiting to be filled in by a download). + for (i = 1; i < MAXRLNSTUNNEL; i++) + pconfigrlns[i].state = CONFRLNSFREE; // mark it as not filled in. + + config->highest_rlnsid = 0; +} + +// Check if must be forwarded to another LNS +int forwardtolns(sessionidt s, char * puser) +{ + tunnelidt t; + confrlnsidt i; + + for (i = 1; i <= config->highest_rlnsid ; ++i) + { + if ( NULL != strstr(puser, pconfigrlns[i].strmaskuser)) + { + t = pconfigrlns[i].tid; + + if ((t != 0) && (tunnel[t].ip != pconfigrlns[i].ip)) + { + pconfigrlns[i].tid = t = 0; + LOG(1, 0, t, "Tunnel ID inconsistency\n"); + } + + if (t == 0) + { + if (main_quit == QUIT_SHUTDOWN) return 0; + + // Start Open Tunnel + if (!(t = lac_new_tunnel())) + { + LOG(1, 0, 0, "No more tunnels\n"); + STAT(tunnel_overflow); + return 0; + } + lac_tunnelclear(t); + tunnel[t].ip = pconfigrlns[i].ip; + tunnel[t].port = pconfigrlns[i].port; + tunnel[t].window = 4; // default window + STAT(tunnel_created); + LOG(1, 0, t, "New (REMOTE LNS) tunnel to %s:%u ID %u\n", fmtaddr(htonl(tunnel[t].ip), 0), tunnel[t].port, t); + + random_data(pconfigrlns[i].auth, sizeof(pconfigrlns[i].auth)); + + pconfigrlns[i].tid = t; + + lac_send_SCCRQ(t, pconfigrlns[i].auth, sizeof(pconfigrlns[i].auth)); + } + else if (tunnel[t].state == TUNNELOPEN) + { + if (main_quit != QUIT_SHUTDOWN) + { + /**********************/ + /** Open New session **/ + /**********************/ + sessionidt new_sess = sessionfree; + + sessionfree = session[new_sess].next; + memset(&session[new_sess], 0, sizeof(session[new_sess])); + + if (new_sess > config->cluster_highest_sessionid) + config->cluster_highest_sessionid = new_sess; + + session[new_sess].opened = time_now; + session[new_sess].tunnel = t; + session[new_sess].last_packet = session[s].last_data = time_now; + + session[new_sess].ppp.phase = Establish; + session[new_sess].ppp.lcp = Starting; + + // Sent ICRQ Incoming-call-request + lac_send_ICRQ(t, new_sess); + + // Set session to forward to another LNS + session[s].forwardtosession = new_sess; + session[new_sess].forwardtosession = s; + + STAT(session_created); + } + else + { + lac_tunnelshutdown(t, "Shutting down", 6, 0, 0); + pconfigrlns[i].tid = 0; + } + } + else + { + /** TODO **/ + LOG(1, 0, t, "(REMOTE LNS) tunnel is not open\n"); + } + + return 1; + } + } + + return 0; +} + +static tunnelidt getidrlns(tunnelidt t) +{ + confrlnsidt idrlns; + + for (idrlns = 1; idrlns <= config->highest_rlnsid ; ++idrlns) + { + if (pconfigrlns[idrlns].tid == t) return idrlns; + } + + return 0; +} + +int istunneltolns(tunnelidt t) +{ + confrlnsidt idrlns; + + for (idrlns = 1; idrlns <= config->highest_rlnsid ; ++idrlns) + { + if (pconfigrlns[idrlns].tid == t) return 1; + } + + return 0; +} + +void calc_lac_auth(tunnelidt t, uint8_t id, uint8_t *out) +{ + MD5_CTX ctx; + confrlnsidt idrlns; + + idrlns = getidrlns(t); + + MD5_Init(&ctx); + MD5_Update(&ctx, &id, 1); + MD5_Update(&ctx, pconfigrlns[idrlns].l2tp_secret, strlen(pconfigrlns[idrlns].l2tp_secret)); + MD5_Update(&ctx, pconfigrlns[idrlns].auth, 16); + MD5_Final(out, &ctx); +} + +// Forward session to external LNS +int session_forward_tolns(uint8_t *buf, int len, sessionidt sess, uint16_t proto) +{ + uint16_t t = 0, s = 0; + uint8_t *p = buf + 2; // First word L2TP options + + s = session[sess].forwardtosession; + if (session[s].forwardtosession != sess) + { + LOG(0, sess, session[sess].tunnel, "Link Session (%u) broken\n", s); + return 0; + } + + t = session[s].tunnel; + if (t >= MAXTUNNEL) + { + LOG(1, s, t, "Session with invalid tunnel ID\n"); + return 0; + } + + if (*buf & 0x40) + { // length + p += 2; + } + + *(uint16_t *) p = htons(tunnel[t].far); // tunnel + p += 2; + *(uint16_t *) p = htons(session[s].far); // session + p += 2; + + if (*buf & 0x08) + { // ns/nr + *(uint16_t *) p = htons(tunnel[t].ns); // sequence + p += 2; + *(uint16_t *) p = htons(tunnel[t].nr); // sequence + p += 2; + } + + if ((proto == PPPIP) || (proto == PPPMP) ||(proto == PPPIPV6 && config->ipv6_prefix.s6_addr[0])) + { + session[sess].last_packet = session[sess].last_data = time_now; + } + else + session[sess].last_packet = time_now; + + tunnelsend(buf, len, t); // send it... + + return 1; +} + +int addremotelns(char *mask, char *IP_RemoteLNS, char *Port_RemoteLNS, char *SecretRemoteLNS) +{ + confrlnsidt idrlns; + + for (idrlns = 1; idrlns < MAXRLNSTUNNEL; ++idrlns) + { + if (pconfigrlns[idrlns].state == CONFRLNSFREE) + { + snprintf((char *) pconfigrlns[idrlns].strmaskuser, sizeof(pconfigrlns[idrlns].strmaskuser), "%s", mask); + pconfigrlns[idrlns].ip = ntohl(inet_addr(IP_RemoteLNS)); + pconfigrlns[idrlns].port = atoi(Port_RemoteLNS); + snprintf((char *) pconfigrlns[idrlns].l2tp_secret, sizeof(pconfigrlns[idrlns].l2tp_secret), "%s", SecretRemoteLNS); + + config->highest_rlnsid = idrlns; + + pconfigrlns[idrlns].state = CONFRLNSSET; + + LOG(1, 0, 0, "New Remote LNS conf (count %u) mask:%s IP:%s Port:%u l2tpsecret:*****\n", idrlns, + pconfigrlns[idrlns].strmaskuser, fmtaddr(htonl(pconfigrlns[idrlns].ip), 0), + pconfigrlns[idrlns].port); + + return 1; + } + } + + LOG(0, 0, 0, "No more Remote LNS Conf Free\n"); + + return 0; +} diff --git a/l2tplac.h b/l2tplac.h new file mode 100644 index 0000000..ba81a8e --- /dev/null +++ b/l2tplac.h @@ -0,0 +1,14 @@ +/* L2TPLAC */ +/* $Id: l2tplac.h,v 1.0 2012-07-01 14:49:28 fendo Exp $ */ + +#ifndef __L2TPLAC_H__ +#define __L2TPLAC_H__ + +// l2tplac.c +void initremotelnsdata(); +int session_forward_tolns(uint8_t *buf, int len, sessionidt sess, uint16_t proto); +int forwardtolns(sessionidt s, char * puser); +void calc_lac_auth(tunnelidt t, uint8_t id, uint8_t *out); +int istunneltolns(tunnelidt t); +int addremotelns(char *mask, char *IP_RemoteLNS, char *Port_RemoteLNS, char *SecretRemoteLNS); +#endif /* __L2TPLAC_H__ */ diff --git a/l2tpns.c b/l2tpns.c index ed85a91..d4bb9ca 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -53,6 +53,15 @@ #include "bgp.h" #endif +#ifdef LAC +#include "l2tplac.h" +#endif + +#ifdef LAC +char * Vendor_name = "Linux L2TPNS"; +uint32_t call_serial_number = 0; +#endif + // Globals configt *config = NULL; // all configuration int nlfd = -1; // netlink socket @@ -160,8 +169,10 @@ config_descriptt config_values[] = { CONFIG("ipv6_prefix", ipv6_prefix, IPv6), CONFIG("cli_bind_address", cli_bind_address, IPv4), CONFIG("hostname", hostname, STRING), +#ifdef BGP CONFIG("nexthop_address", nexthop_address, IPv4), CONFIG("nexthop6_address", nexthop6_address, IPv6), +#endif CONFIG("echo_timeout", echo_timeout, INT), CONFIG("idle_echo_timeout", idle_echo_timeout, INT), { NULL, 0, 0, 0 }, @@ -224,13 +235,6 @@ static tunnelidt new_tunnel(void); static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len); static void bundleclear(bundleidt b); -// on slaves, alow BGP to withdraw cleanly before exiting -#define QUIT_DELAY 5 - -// quit actions (master) -#define QUIT_FAILOVER 1 // SIGTERM: exit when all control messages have been acked (for cluster failover) -#define QUIT_SHUTDOWN 2 // SIGQUIT: shutdown sessions/tunnels, reject new connections - // return internal time (10ths since process startup), set f if given // as a side-effect sets time_now, and time_changed static clockt now(double *f) @@ -2719,6 +2723,15 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) } break; case 13: // Response +#ifdef LAC + if (istunneltolns(t)) + { + chapresponse = calloc(17, 1); + memcpy(chapresponse, b, (n < 17) ? n : 16); + LOG(1, s, t, "received challenge response from (REMOTE LNS)\n"); + } + else +#endif /* LAC */ // Why did they send a response? We never challenge. LOG(2, s, t, " received unexpected challenge response\n"); break; @@ -2962,6 +2975,39 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) case 2: // SCCRP tunnel[t].state = TUNNELOPEN; tunnel[t].lastrec = time_now; +#ifdef LAC + LOG(1, s, t, "Recieved SCCRP (REMOTE LNS)\n"); + if (main_quit != QUIT_SHUTDOWN) + { + if (istunneltolns(t) && chapresponse) + { + hasht hash; + + calc_lac_auth(t, 2, hash); // id = 2 (SCCRP) + // check authenticator + if (memcmp(hash, chapresponse, 16) == 0) + { + controlt *c = controlnew(3); // sending SCCCN + controls(c, 7, hostname, 1); // host name + controls(c, 8, Vendor_name, 1); // Vendor name + control16(c, 2, version, 1); // protocol version + control32(c, 3, 3, 1); // framing Capabilities + control16(c, 9, t, 1); // assigned tunnel + controladd(c, 0, t); // send + + LOG(1, s, t, "sending SCCCN (REMOTE LNS)\n"); + } + else + { + tunnelshutdown(t, "(REMOTE LNS) Bad chap response", 4, 0, 0); + } + } + } + else + { + tunnelshutdown(t, "Shutting down", 6, 0, 0); + } +#endif /* LAC */ break; case 3: // SCCN tunnel[t].state = TUNNELOPEN; @@ -3029,7 +3075,23 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) } return; case 11: // ICRP - // TBA +#ifdef LAC + LOG(1, s, t, "Recieved ICRP (REMOTE LNS)\n"); + if (session[s].forwardtosession) + { + controlt *c = controlnew(12); // ICCN + + session[s].opened = time_now; + session[s].tunnel = t; + session[s].far = asession; + session[s].last_packet = session[s].last_data = time_now; + + control32(c, 19, 1, 1); // Framing Type + control32(c, 24, 10000000, 1); // Tx Connect Speed + controladd(c, asession, t); // send the message + LOG(1, s, t, "Sending ICCN (REMOTE LNS)\n"); + } +#endif /* LAC */ break; case 12: // ICCN if (amagic == 0) amagic = time_now; @@ -3052,6 +3114,9 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) case 14: // CDN controlnull(t); // ack +#ifdef LAC + +#endif /* LAC */ sessionshutdown(s, disc_reason, CDN_NONE, disc_cause); break; case 0xFFFF: @@ -3101,6 +3166,16 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) l -= 2; } +#ifdef LAC + if (session[s].forwardtosession) + { + LOG(4, s, t, "Forwarding data session to %u (REMOTE LNS)\n", session[s].forwardtosession); + // Forward to Remote LNS + session_forward_tolns(buf, len, s, proto); + return; + } +#endif /* LAC */ + if (s && !session[s].opened) // Is something wrong?? { if (!config->cluster_iam_master) @@ -3110,7 +3185,6 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) return; } - LOG(1, s, t, "UDP packet contains session which is not opened. Dropping packet.\n"); STAT(tunnel_rx_errors); return; @@ -4400,6 +4474,10 @@ static void initdata(int optdebug, char *optconfig) exit(1); } #endif /* BGP */ + +#ifdef LAC + initremotelnsdata(); +#endif } static int assign_ip_address(sessionidt s) @@ -6146,3 +6224,52 @@ int ip_filter(uint8_t *buf, int len, uint8_t filter) // default deny return 0; } + +#ifdef LAC + +tunnelidt lac_new_tunnel() +{ + return new_tunnel(); +} + +void lac_tunnelclear(tunnelidt t) +{ + tunnelclear(t); +} + +void lac_send_SCCRQ(tunnelidt t, uint8_t * auth, unsigned int auth_len) +{ + uint16_t version = 0x0100; // protocol version + + tunnel[t].state = TUNNELOPENING; + + // Sent SCCRQ - Start Control Connection Request + controlt *c = controlnew(1); // sending SCCRQ + controls(c, 7, hostname, 1); // host name + controls(c, 8, Vendor_name, 1); // Vendor name + control16(c, 2, version, 1); // protocol version + control32(c, 3, 3, 1); // framing Capabilities + control16(c, 9, t, 1); // assigned tunnel + controlb(c, 11, (uint8_t *) auth, auth_len, 1); // CHAP Challenge + LOG(1, 0, t, "Sent SCCRQ tunnel (REMOTE LNS)\n"); + controladd(c, 0, t); // send +} + +void lac_send_ICRQ(tunnelidt t, sessionidt s) +{ + // Sent ICRQ Incoming-call-request + controlt *c = controlnew(10); // ICRQ + + control16(c, 14, s, 1); // assigned sesion + call_serial_number++; + control32(c, 15, call_serial_number, 1); // call serial number + LOG(1, s, t, "Sent ICRQ (REMOTE LNS) (tunnel far ID %u)\n", tunnel[t].far); + controladd(c, 0, t); // send +} + +void lac_tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg) +{ + tunnelshutdown(t, reason, result, error, msg); +} + +#endif diff --git a/l2tpns.h b/l2tpns.h index 6314ae7..e83234d 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -321,7 +321,12 @@ typedef struct char class[MAXCLASS]; uint8_t ipv6prefixlen; // IPv6 route prefix length struct in6_addr ipv6route; // Static IPv6 route +#ifdef LAC + sessionidt forwardtosession; // LNS id_session to forward + char reserved[10]; // Space to expand structure without changing HB_VERSION +#else char reserved[12]; // Space to expand structure without changing HB_VERSION +#endif } sessiont; @@ -750,6 +755,9 @@ typedef struct int echo_timeout; // Time between last packet sent and LCP ECHO generation int idle_echo_timeout; // Time between last packet seen and // Drop sessions who have not responded within IDLE_ECHO_TIMEOUT seconds +#ifdef LAC + int highest_rlnsid; +#endif } configt; enum config_typet { INT, STRING, UNSIGNED_LONG, SHORT, BOOL, IPv4, IPv6 }; @@ -843,6 +851,13 @@ typedef struct #define TERM_PORT_REINIT 21 #define TERM_PORT_DISABLED 22 +// on slaves, alow BGP to withdraw cleanly before exiting +#define QUIT_DELAY 5 + +// quit actions (master) +#define QUIT_FAILOVER 1 // SIGTERM: exit when all control messages have been acked (for cluster failover) +#define QUIT_SHUTDOWN 2 // SIGQUIT: shutdown sessions/tunnels, reject new connections + // arp.c void sendarp(int ifr_idx, const unsigned char* mac, in_addr_t ip); @@ -904,6 +919,13 @@ int ip_filter(uint8_t *buf, int len, uint8_t filter); int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc); int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc); int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc); +#ifdef LAC +tunnelidt lac_new_tunnel(); +void lac_tunnelclear(tunnelidt t); +void lac_send_SCCRQ(tunnelidt t, uint8_t * auth, unsigned int auth_len); +void lac_send_ICRQ(tunnelidt t, sessionidt s); +void lac_tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg); +#endif #undef LOG #undef LOG_HEX diff --git a/ppp.c b/ppp.c index f9a60ac..518f6ec 100644 --- a/ppp.c +++ b/ppp.c @@ -1,5 +1,7 @@ // L2TPNS PPP Stuff +//#define LAC + #include #include #include @@ -12,6 +14,10 @@ #include "tbf.h" #include "cluster.h" +#ifdef LAC +#include "l2tplac.h" +#endif + extern tunnelt *tunnel; extern bundlet *bundle; extern fragmentationt *frag; @@ -100,6 +106,14 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) LOG(3, s, t, "PAP login %s/%s\n", user, pass); } +#ifdef LAC + if (forwardtolns(s, user)) + { + LOG(3, s, t, "Forwarding login for %s to other LNS\n", user); + return; + } +#endif + if (session[s].ip || !(r = radiusnew(s))) { // respond now, either no RADIUS available or already authenticated @@ -251,6 +265,17 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l) packet.username = calloc(l + 1, 1); memcpy(packet.username, p, l); +#ifdef LAC + if (forwardtolns(s, packet.username)) + { + LOG(3, s, t, "Forwarding login for %s to other LNS\n", packet.username); + + free(packet.username); + free(packet.password); + return; + } +#endif + run_plugins(PLUGIN_PRE_AUTH, &packet); if (!packet.continue_auth) {