From: David Parrish Date: Mon, 28 Jun 2004 02:43:13 +0000 (+0000) Subject: * Update cli callbacks to work with libcli 1.6. X-Git-Tag: 2.2.1-2fdn3.1~19^2^2~1^2~451 X-Git-Url: http://git.sameswireless.fr/l2tpns.git/commitdiff_plain/7aa420ce9f2c55049b061c7df836ccc990303ebf?ds=inline * Update cli callbacks to work with libcli 1.6. This supports privileged and unprivileged commands, as well as a configuration mode * Add help for all cli commands * Add "show version" command * Fix uptime counter display * Fix nasty bug where cluster basetime can be set to 0 when sending initial heartbeat * Don't rmmod ip_conntrack, as this can take a lot of time * Re-order logging in routeset such that the action is given before any error * Use the correct gateway address when deleting routes * Remove any routes when address changes * Require authentication if telnet from remote ip * Require enable password always * Return error if show pool done on slave * We MUST immediately exit if we're the wrong master! --- diff --git a/Makefile b/Makefile index 04bf448..8af2656 100644 --- a/Makefile +++ b/Makefile @@ -72,7 +72,7 @@ install: all ## Dependencies: (autogenerated) ## md5.o: md5.c md5.h icmp.o: icmp.c l2tpns.h config.h -cli.o: cli.c l2tpns.h config.h util.h cluster.h tbf.h bgp.h +cli.o: cli.c l2tpns.h config.h util.h cluster.h tbf.h ll.h bgp.h l2tpns.o: l2tpns.c md5.h l2tpns.h config.h cluster.h plugin.h ll.h \ constants.h control.h util.h tbf.h bgp.h ppp.o: ppp.c l2tpns.h config.h constants.h plugin.h util.h tbf.h \ @@ -85,7 +85,7 @@ constants.o: constants.c constants.h ll.o: ll.c ll.h control.o: control.c control.h util.o: util.c l2tpns.h config.h -tbf.o: tbf.c l2tpns.h config.h tbf.h +tbf.o: tbf.c l2tpns.h config.h util.h tbf.h bgp.o: bgp.c l2tpns.h config.h bgp.h util.h garden.so: garden.c l2tpns.h config.h plugin.h control.h autothrottle.so: autothrottle.c l2tpns.h config.h plugin.h control.h diff --git a/arp.c b/arp.c index 05929cd..68a4bba 100644 --- a/arp.c +++ b/arp.c @@ -1,3 +1,7 @@ +// L2TPNS: arp + +char const *cvs_id_arp = "$Id: arp.c,v 1.3 2004-06-28 02:43:13 fred_nerk Exp $"; + #include #include #include diff --git a/bgp.c b/bgp.c index ec6d9c2..23255ee 100644 --- a/bgp.c +++ b/bgp.c @@ -10,7 +10,7 @@ * nor RFC2385 (which requires a kernel patch on 2.4 kernels). */ -/* $Id: bgp.c,v 1.1 2004-06-23 03:52:24 fred_nerk Exp $ */ +char const *cvs_id_bgp = "$Id: bgp.c,v 1.2 2004-06-28 02:43:13 fred_nerk Exp $"; #include #include @@ -1188,6 +1188,12 @@ int cmd_show_bgp(struct cli_def *cli, char *command, char **argv, int argc) if (!bgp_configured) return CLI_OK; + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, 1, + "A.B.C.D", "BGP peer address", + "NAME", "BGP peer name", + NULL); + cli_print(cli, "BGPv%d router identifier %s, local AS number %d, " "hold time %ds", BGP_VERSION, inet_toa(my_address), (int) our_as, BGP_HOLD_TIME); @@ -1235,6 +1241,12 @@ int cmd_suspend_bgp(struct cli_def *cli, char *command, char **argv, int argc) if (!bgp_configured) return CLI_OK; + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, 1, + "A.B.C.D", "BGP peer address", + "NAME", "BGP peer name", + NULL); + for (i = 0; i < BGP_NUM_PEERS; i++) { if (bgp_peers[i].state != Established) @@ -1262,6 +1274,12 @@ int cmd_no_suspend_bgp(struct cli_def *cli, char *command, char **argv, int argc if (!bgp_configured) return CLI_OK; + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, 1, + "A.B.C.D", "BGP peer address", + "NAME", "BGP peer name", + NULL); + for (i = 0; i < BGP_NUM_PEERS; i++) { if (bgp_peers[i].state != Established) @@ -1290,6 +1308,12 @@ int cmd_restart_bgp(struct cli_def *cli, char *command, char **argv, int argc) if (!bgp_configured) return CLI_OK; + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, 1, + "A.B.C.D", "BGP peer address", + "NAME", "BGP peer name", + NULL); + for (i = 0; i < BGP_NUM_PEERS; i++) { if (!*bgp_peers[i].name) diff --git a/bgp.h b/bgp.h index 635a65d..1c33ce6 100644 --- a/bgp.h +++ b/bgp.h @@ -1,5 +1,5 @@ /* BGPv4 (RFC1771) */ -/* $Id: bgp.h,v 1.1 2004-06-23 03:52:24 fred_nerk Exp $ */ +/* $Id: bgp.h,v 1.2 2004-06-28 02:43:13 fred_nerk Exp $ */ #ifndef __BGP_H__ #define __BGP_H__ @@ -199,4 +199,6 @@ int cmd_suspend_bgp(struct cli_def *cli, char *command, char **argv, int argc); int cmd_no_suspend_bgp(struct cli_def *cli, char *command, char **argv, int argc); int cmd_restart_bgp(struct cli_def *cli, char *command, char **argv, int argc); +extern char const *cvs_id_bgp; + #endif /* __BGP_H__ */ diff --git a/cli.c b/cli.c index 892b8d1..902add0 100644 --- a/cli.c +++ b/cli.c @@ -1,14 +1,18 @@ // L2TPNS Command Line Interface -// $Id: cli.c,v 1.5 2004-06-23 03:52:24 fred_nerk Exp $ // vim: sw=4 ts=8 +char const *cvs_name = "$Name: $"; +char const *cvs_id_cli = "$Id: cli.c,v 1.6 2004-06-28 02:43:13 fred_nerk Exp $"; + #include +#include #include #include #include #include #include #include +#include #include #include #include @@ -17,11 +21,13 @@ #include #include #include +#include #include #include "l2tpns.h" #include "util.h" #include "cluster.h" #include "tbf.h" +#include "ll.h" #ifdef BGP #include "bgp.h" #endif @@ -39,13 +45,10 @@ extern sessionidt *cli_session_kill; extern tunnelidt *cli_tunnel_kill; extern struct configt *config; extern struct config_descriptt config_values[]; -extern char hostname[]; #ifdef RINGBUFFER extern struct Tringbuffer *ringbuffer; #endif -char *rcs_id = "$Id: cli.c,v 1.5 2004-06-23 03:52:24 fred_nerk Exp $"; - char *debug_levels[] = { "CRIT", "ERROR", @@ -109,71 +112,72 @@ void init_cli() struct sockaddr_in addr; cli = cli_init(); + cli_set_hostname(cli, "l2tpns"); - c = cli_register_command(cli, NULL, "show", NULL, NULL); - cli_register_command(cli, c, "banana", cmd_show_banana, "Show a banana"); + c = cli_register_command(cli, NULL, "show", NULL, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, NULL); + cli_register_command(cli, c, "banana", cmd_show_banana, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show a banana"); #ifdef BGP - cli_register_command(cli, c, "bgp", cmd_show_bgp, "Show BGP status"); + cli_register_command(cli, c, "bgp", cmd_show_bgp, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show BGP status"); #endif /* BGP */ - cli_register_command(cli, c, "cluster", cmd_show_cluster, "Show cluster information"); - cli_register_command(cli, c, "ipcache", cmd_show_ipcache, "Show contents of the IP cache"); - cli_register_command(cli, c, "plugins", cmd_show_plugins, "List all installed plugins"); - cli_register_command(cli, c, "pool", cmd_show_pool, "Show the IP address allocation pool"); - cli_register_command(cli, c, "radius", cmd_show_radius, "Show active radius queries"); - cli_register_command(cli, c, "running-config", cmd_show_run, "Show the currently running configuration"); - cli_register_command(cli, c, "session", cmd_show_session, "Show a list of sessions or details for a single session"); - cli_register_command(cli, c, "tbf", cmd_show_tbf, "List all token bucket filters in use"); - cli_register_command(cli, c, "throttle", cmd_show_throttle, "List all throttled sessions and associated TBFs"); - cli_register_command(cli, c, "tunnels", cmd_show_tunnels, "Show a list of tunnels or details for a single tunnel"); - cli_register_command(cli, c, "users", cmd_show_users, "Show a list of all connected users or details of selected user"); - cli_register_command(cli, c, "version", cmd_show_version, "Show currently running software version"); - - c2 = cli_register_command(cli, c, "histogram", NULL, NULL); - cli_register_command(cli, c2, "idle", cmd_show_hist_idle, "Show histogram of session idle times"); - cli_register_command(cli, c2, "open", cmd_show_hist_open, "Show histogram of session durations"); + cli_register_command(cli, c, "cluster", cmd_show_cluster, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show cluster information"); + cli_register_command(cli, c, "ipcache", cmd_show_ipcache, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show contents of the IP cache"); + cli_register_command(cli, c, "plugins", cmd_show_plugins, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "List all installed plugins"); + cli_register_command(cli, c, "pool", cmd_show_pool, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show the IP address allocation pool"); + cli_register_command(cli, c, "radius", cmd_show_radius, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show active radius queries"); + cli_register_command(cli, c, "running-config", cmd_show_run, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show the currently running configuration"); + cli_register_command(cli, c, "session", cmd_show_session, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show a list of sessions or details for a single session"); + cli_register_command(cli, c, "tbf", cmd_show_tbf, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "List all token bucket filters in use"); + cli_register_command(cli, c, "throttle", cmd_show_throttle, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "List all throttled sessions and associated TBFs"); + cli_register_command(cli, c, "tunnels", cmd_show_tunnels, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show a list of tunnels or details for a single tunnel"); + cli_register_command(cli, c, "users", cmd_show_users, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show a list of all connected users or details of selected user"); + cli_register_command(cli, c, "version", cmd_show_version, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show currently running software version"); + + c2 = cli_register_command(cli, c, "histogram", NULL, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, NULL); + cli_register_command(cli, c2, "idle", cmd_show_hist_idle, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show histogram of session idle times"); + cli_register_command(cli, c2, "open", cmd_show_hist_open, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show histogram of session durations"); #ifdef STATISTICS - cli_register_command(cli, c, "counters", cmd_show_counters, "Display all the internal counters and running totals"); + cli_register_command(cli, c, "counters", cmd_show_counters, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Display all the internal counters and running totals"); - c = cli_register_command(cli, NULL, "clear", NULL, NULL); - cli_register_command(cli, c, "counters", cmd_clear_counters, "Clear internal counters"); + c = cli_register_command(cli, NULL, "clear", NULL, PRIVILEGE_PRIVILEGED, MODE_EXEC, NULL); + cli_register_command(cli, c, "counters", cmd_clear_counters, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Clear internal counters"); #endif - cli_register_command(cli, NULL, "uptime", cmd_uptime, "Show uptime and bandwidth utilisation"); + cli_register_command(cli, NULL, "uptime", cmd_uptime, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show uptime and bandwidth utilisation"); - c = cli_register_command(cli, NULL, "write", NULL, NULL); - cli_register_command(cli, c, "memory", cmd_write_memory, "Save the running config to flash"); - cli_register_command(cli, c, "terminal", cmd_show_run, "Show the running config"); + c = cli_register_command(cli, NULL, "write", NULL, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, NULL); + cli_register_command(cli, c, "memory", cmd_write_memory, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Save the running config to flash"); + cli_register_command(cli, c, "terminal", cmd_show_run, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show the running config"); - cli_register_command(cli, NULL, "snoop", cmd_snoop, "Temporarily enable interception for a user"); - cli_register_command(cli, NULL, "throttle", cmd_throttle, "Temporarily enable throttling for a user"); - cli_register_command(cli, NULL, "debug", cmd_debug, "Set the level of logging that is shown on the console"); + cli_register_command(cli, NULL, "snoop", cmd_snoop, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Temporarily enable interception for a user"); + cli_register_command(cli, NULL, "throttle", cmd_throttle, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Temporarily enable throttling for a user"); + cli_register_command(cli, NULL, "debug", cmd_debug, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Set the level of logging that is shown on the console"); - c = cli_register_command(cli, NULL, "suspend", NULL, NULL); - cli_register_command(cli, c, "bgp", cmd_suspend_bgp, "Withdraw routes from BGP peer"); + c = cli_register_command(cli, NULL, "suspend", NULL, PRIVILEGE_PRIVILEGED, MODE_EXEC, NULL); + cli_register_command(cli, c, "bgp", cmd_suspend_bgp, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Withdraw routes from BGP peer"); - c = cli_register_command(cli, NULL, "no", NULL, NULL); - cli_register_command(cli, c, "snoop", cmd_no_snoop, "Temporarily disable interception for a user"); - cli_register_command(cli, c, "throttle", cmd_no_throttle, "Temporarily disable throttling for a user"); - cli_register_command(cli, c, "debug", cmd_no_debug, "Turn off logging of a certain level of debugging"); - c2 = cli_register_command(cli, c, "suspend", NULL, NULL); - cli_register_command(cli, c2, "bgp", cmd_no_suspend_bgp, "Advertise routes to BGP peer"); + c = cli_register_command(cli, NULL, "no", NULL, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, NULL); + cli_register_command(cli, c, "snoop", cmd_no_snoop, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Temporarily disable interception for a user"); + cli_register_command(cli, c, "throttle", cmd_no_throttle, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Temporarily disable throttling for a user"); + cli_register_command(cli, c, "debug", cmd_no_debug, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Turn off logging of a certain level of debugging"); + c2 = cli_register_command(cli, c, "suspend", NULL, PRIVILEGE_PRIVILEGED, MODE_EXEC, NULL); + cli_register_command(cli, c2, "bgp", cmd_no_suspend_bgp, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Advertise routes to BGP peer"); - c = cli_register_command(cli, NULL, "drop", NULL, NULL); - cli_register_command(cli, c, "user", cmd_drop_user, "Disconnect a user"); - cli_register_command(cli, c, "tunnel", cmd_drop_tunnel, "Disconnect a tunnel and all sessions on that tunnel"); - cli_register_command(cli, c, "session", cmd_drop_session, "Disconnect a session"); + c = cli_register_command(cli, NULL, "drop", NULL, PRIVILEGE_PRIVILEGED, MODE_EXEC, NULL); + cli_register_command(cli, c, "user", cmd_drop_user, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Disconnect a user"); + cli_register_command(cli, c, "tunnel", cmd_drop_tunnel, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Disconnect a tunnel and all sessions on that tunnel"); + cli_register_command(cli, c, "session", cmd_drop_session, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Disconnect a session"); - c = cli_register_command(cli, NULL, "restart", NULL, NULL); - cli_register_command(cli, c, "bgp", cmd_restart_bgp, "Restart BGP"); + c = cli_register_command(cli, NULL, "restart", NULL, PRIVILEGE_PRIVILEGED, MODE_EXEC, NULL); + cli_register_command(cli, c, "bgp", cmd_restart_bgp, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Restart BGP"); - c = cli_register_command(cli, NULL, "load", NULL, NULL); - cli_register_command(cli, c, "plugin", cmd_load_plugin, "Load a plugin"); + c = cli_register_command(cli, NULL, "load", NULL, PRIVILEGE_PRIVILEGED, MODE_EXEC, NULL); + cli_register_command(cli, c, "plugin", cmd_load_plugin, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Load a plugin"); - c = cli_register_command(cli, NULL, "remove", NULL, NULL); - cli_register_command(cli, c, "plugin", cmd_remove_plugin, "Remove a plugin"); + c = cli_register_command(cli, NULL, "remove", NULL, PRIVILEGE_PRIVILEGED, MODE_EXEC, NULL); + cli_register_command(cli, c, "plugin", cmd_remove_plugin, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Remove a plugin"); - cli_register_command(cli, NULL, "set", cmd_set, "Set a configuration variable"); + cli_register_command(cli, NULL, "set", cmd_set, PRIVILEGE_PRIVILEGED, MODE_EXEC, "Set a configuration variable"); // Enable regular processing cli_regular(cli, regular_stuff); @@ -193,9 +197,17 @@ void init_cli() if (!*buf) continue; if (!(p = strchr((char *)buf, ':'))) continue; *p++ = 0; + if (!strcmp(buf, "enable")) + { + cli_allow_enable(cli, p); + log(3, 0, 0, 0, "Setting enable password\n"); + } + else + { cli_allow_user(cli, buf, p); log(3, 0, 0, 0, "Allowing user %s to connect to the CLI\n", buf); } + } fclose(f); } @@ -263,7 +275,33 @@ void cli_do(int sockfd) close(bgp_peers[i].sock); #endif /* BGP */ - log(3, 0, 0, 0, "Accepted connection to CLI\n"); + { + int require_auth = 1; + struct sockaddr_in addr; + int l = sizeof(addr); + if (getpeername(sockfd, (struct sockaddr *)&addr, &l) == 0) + { + log(3, 0, 0, 0, "Accepted connection to CLI from %s\n", inet_toa(addr.sin_addr.s_addr)); + require_auth = addr.sin_addr.s_addr != inet_addr("127.0.0.1"); + } + else + log(0, 0, 0, 0, "getpeername() failed on cli socket. Requiring authentication: %s\n", strerror(errno)); + + if (require_auth) + { + log(3, 0, 0, 0, "CLI is remote, requiring authentication\n"); + if (!cli->users) /* paranoia */ + { + log(0, 0, 0, 0, "No users for remote authentication! Exiting CLI\n"); + exit(0); + } + } + else + { + /* no username/pass required */ + cli->users = 0; + } + } debug_session = 0; debug_tunnel = 0; @@ -293,15 +331,56 @@ void cli_do_file(FILE *fh) { log(3, 0, 0, 0, "Reading configuration file\n"); cli_print_callback(cli, cli_print_log); - cli_file(cli, fh); + cli_file(cli, fh, PRIVILEGE_PRIVILEGED); cli_print_callback(cli, NULL); } +int cli_arg_help(struct cli_def *cli, int cr_ok, char *entry, ...) +{ + va_list ap; + char *desc; + char buf[16]; + char *p; + + va_start(ap, entry); + while (entry) + { + /* allow one %d */ + if ((p = strchr(entry, '%')) && !strchr(p+1, '%') && p[1] == 'd') + { + int v = va_arg(ap, int); + snprintf(buf, sizeof(buf), entry, v); + p = buf; + } + else + p = entry; + + desc = va_arg(ap, char *); + if (desc && *desc) + cli_print(cli, " %-20s %s", p, desc); + else + cli_print(cli, " %s", p); + + entry = desc ? va_arg(ap, char *) : 0; + } + + va_end(ap); + if (cr_ok) + cli_print(cli, " "); + + return CLI_OK; +} + int cmd_show_session(struct cli_def *cli, char *command, char **argv, int argc) { int i; time_t time_now; + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, 1, + "<1-%d>", MAXSESSION-1, "Show specific session by id", + NULL); + time(&time_now); if (argc > 0) { @@ -310,7 +389,7 @@ int cmd_show_session(struct cli_def *cli, char *command, char **argv, int argc) { unsigned int s; s = atoi(argv[i]); - if (!s || s > MAXSESSION) + if (s <= 0 || s >= MAXSESSION) { cli_print(cli, "Invalid session id \"%s\"", argv[i]); continue; @@ -395,6 +474,19 @@ int cmd_show_tunnels(struct cli_def *cli, char *command, char **argv, int argc) "Opening", }; + if (CLI_HELP_REQUESTED) + { + if (argc > 1) + return cli_arg_help(cli, 1, + "<1-%d>", MAXTUNNEL-1, "Show specific tunnel by id", + NULL); + + return cli_arg_help(cli, 1, + "all", "Show all tunnels, including unused", + "<1-%d>", MAXTUNNEL-1, "Show specific tunnel by id", + NULL); + } + time(&time_now); if (argc > 0) { @@ -410,7 +502,7 @@ int cmd_show_tunnels(struct cli_def *cli, char *command, char **argv, int argc) char s[65535] = {0}; unsigned int t; t = atoi(argv[i]); - if (!t || t > MAXTUNNEL) + if (t <= 0 || t >= MAXTUNNEL) { cli_print(cli, "Invalid tunnel id \"%s\"", argv[i]); continue; @@ -464,6 +556,12 @@ int cmd_show_users(struct cli_def *cli, char *command, char **argv, int argc) char *sargv[32]; int sargc = 0; int i; + + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, 1, + "USER", "Show details for specific username", + NULL); + for (i = 0; i < MAXSESSION; i++) { if (!session[i].opened) continue; @@ -495,6 +593,9 @@ int cmd_show_users(struct cli_def *cli, char *command, char **argv, int argc) int cmd_show_counters(struct cli_def *cli, char *command, char **argv, int argc) { + if (CLI_HELP_REQUESTED) + return CLI_HELP_NO_ARGS; + cli_print(cli, "%-10s %-8s %-10s %-8s", "Ethernet", "Bytes", "Packets", "Errors"); cli_print(cli, "%-10s %8lu %8lu %8lu", "RX", GET_STAT(tap_rx_bytes), @@ -542,7 +643,7 @@ int cmd_show_counters(struct cli_def *cli, char *command, char **argv, int argc) cli_print(cli, "%-30s%lu", "recv_forward", GET_STAT(recv_forward)); -#ifdef STAT_CALLS +#ifdef STATISTICS cli_print(cli, "\n%-30s%-10s", "Counter", "Value"); cli_print(cli, "-----------------------------------------"); cli_print(cli, "%-30s%lu", "call_processtap", GET_STAT(call_processtap)); @@ -578,8 +679,73 @@ int cmd_show_counters(struct cli_def *cli, char *command, char **argv, int argc) int cmd_show_version(struct cli_def *cli, char *command, char **argv, int argc) { + int tag = 0; + int file = 0; + int i = 0; + + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, 1, + "tag", "Include CVS release tag", + "file", "Include file versions", + NULL); + + for (i = 0; i < argc; i++) + if (!strcmp(argv[i], "tag")) + tag++; + else if (!strcmp(argv[i], "file")) + file++; + cli_print(cli, "L2TPNS %s", VERSION); - cli_print(cli, "ID: %s", rcs_id); + if (tag) + { + char const *p = strchr(cvs_name, ':'); + char const *e; + if (p) + { + p++; + while (isspace(*p)) + p++; + } + + if (!p || *p == '$') + p = "HEAD"; + + e = strpbrk(p, " \t$"); + cli_print(cli, "Tag: %.*s", e ? e - p + 1 : strlen(p), p); + } + + if (file) + { + extern linked_list *loaded_plugins; + void *p; + + cli_print(cli, "Files:"); + cli_print(cli, " %s", cvs_id_arp); +#ifdef BGP + cli_print(cli, " %s", cvs_id_bgp); +#endif /* BGP */ + cli_print(cli, " %s", cvs_id_cli); + cli_print(cli, " %s", cvs_id_cluster); + cli_print(cli, " %s", cvs_id_constants); + cli_print(cli, " %s", cvs_id_control); + cli_print(cli, " %s", cvs_id_icmp); + cli_print(cli, " %s", cvs_id_l2tpns); + cli_print(cli, " %s", cvs_id_ll); + cli_print(cli, " %s", cvs_id_md5); + cli_print(cli, " %s", cvs_id_ppp); + cli_print(cli, " %s", cvs_id_radius); + cli_print(cli, " %s", cvs_id_tbf); + cli_print(cli, " %s", cvs_id_util); + + ll_reset(loaded_plugins); + while ((p = ll_next(loaded_plugins))) + { + char const **id = dlsym(p, "cvs_id"); + if (id) + cli_print(cli, " %s", *id); + } + } + return CLI_OK; } @@ -589,6 +755,22 @@ int cmd_show_pool(struct cli_def *cli, char *command, char **argv, int argc) int used = 0, free = 0, show_all = 0; time_t time_now; + if (!config->cluster_iam_master) + { + cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); + return CLI_OK; + } + + if (CLI_HELP_REQUESTED) + { + if (argc > 1) + return cli_arg_help(cli, 1, NULL); + + return cli_arg_help(cli, 1, + "all", "Show all pool addresses, including unused", + NULL); + } + if (argc > 0 && strcmp(argv[0], "all") == 0) show_all = 1; @@ -632,6 +814,9 @@ void print_save_config(struct cli_def *cli, char *string) int cmd_write_memory(struct cli_def *cli, char *command, char **argv, int argc) { + if (CLI_HELP_REQUESTED) + return CLI_HELP_NO_ARGS; + if ((save_config_fh = fopen(config->config_file, "w"))) { cli_print(cli, "Writing configuration"); @@ -651,6 +836,9 @@ int cmd_show_run(struct cli_def *cli, char *command, char **argv, int argc) { int i; + if (CLI_HELP_REQUESTED) + return CLI_HELP_NO_ARGS; + cli_print(cli, "# Current configuration:"); for (i = 0; config_values[i].key; i++) @@ -697,6 +885,16 @@ int cmd_show_radius(struct cli_def *cli, char *command, char **argv, int argc) int i, free = 0, used = 0, show_all = 0; time_t time_now; + if (CLI_HELP_REQUESTED) + { + if (argc > 1) + return cli_arg_help(cli, 1, NULL); + + return cli_arg_help(cli, 1, + "all", "Show all RADIUS sessions, including unused", + NULL); + } + cli_print(cli, "%6s%5s%6s%9s%9s%4s", "Radius", "Sock", "State", "Session", "Retry", "Try"); time(&time_now); @@ -730,6 +928,10 @@ int cmd_show_radius(struct cli_def *cli, char *command, char **argv, int argc) int cmd_show_plugins(struct cli_def *cli, char *command, char **argv, int argc) { int i; + + if (CLI_HELP_REQUESTED) + return CLI_HELP_NO_ARGS; + cli_print(cli, "Plugins currently loaded:"); for (i = 0; i < MAXPLUGINS; i++) { @@ -744,6 +946,10 @@ int cmd_show_plugins(struct cli_def *cli, char *command, char **argv, int argc) int cmd_show_throttle(struct cli_def *cli, char *command, char **argv, int argc) { int i; + + if (CLI_HELP_REQUESTED) + return CLI_HELP_NO_ARGS; + cli_print(cli, "Token bucket filters:"); cli_print(cli, "%-6s %8s %-4s", "ID", "Handle", "Used"); for (i = 0; i < MAXSESSION; i++) @@ -761,6 +967,9 @@ int cmd_show_throttle(struct cli_def *cli, char *command, char **argv, int argc) int cmd_show_banana(struct cli_def *cli, char *command, char **argv, int argc) { + if (CLI_HELP_REQUESTED) + return CLI_HELP_NO_ARGS; + cli_print(cli, " _\n" "//\\\n" "V \\\n" @@ -781,6 +990,9 @@ int cmd_show_banana(struct cli_def *cli, char *command, char **argv, int argc) int cmd_clear_counters(struct cli_def *cli, char *command, char **argv, int argc) { + if (CLI_HELP_REQUESTED) + return CLI_HELP_NO_ARGS; + cli_print(cli, "Counters cleared"); SET_STAT(last_reset, time(NULL)); return CLI_OK; @@ -791,6 +1003,10 @@ int cmd_drop_user(struct cli_def *cli, char *command, char **argv, int argc) int i; sessionidt s; + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, argc > 1, + "USER", "Username of session to drop", NULL); + if (!config->cluster_iam_master) { cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); @@ -801,14 +1017,6 @@ int cmd_drop_user(struct cli_def *cli, char *command, char **argv, int argc) cli_print(cli, "Specify a user to drop"); return CLI_OK; } - for (i = 0; i < argc; i++) - { - if (strchr(argv[i], '?')) - { - cli_print(cli, "username ..."); - return CLI_OK; - } - } for (i = 0; i < argc; i++) { @@ -842,6 +1050,10 @@ int cmd_drop_tunnel(struct cli_def *cli, char *command, char **argv, int argc) int i; tunnelidt tid; + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, argc > 1, + "<1-%d>", MAXTUNNEL-1, "Tunnel id to drop", NULL); + if (!config->cluster_iam_master) { cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); @@ -852,22 +1064,14 @@ int cmd_drop_tunnel(struct cli_def *cli, char *command, char **argv, int argc) cli_print(cli, "Specify a tunnel to drop"); return CLI_OK; } - for (i = 0; i < argc; i++) - { - if (strchr(argv[i], '?')) - { - cli_print(cli, "tunnel_id ..."); - return CLI_OK; - } - } for (i = 0; i < argc; i++) { int x; - if ((tid = atol(argv[i])) <= 0 || (tid > MAXTUNNEL)) + if ((tid = atol(argv[i])) <= 0 || (tid >= MAXTUNNEL)) { - cli_print(cli, "Invalid tunnel ID (%d - %d)", 0, MAXTUNNEL); + cli_print(cli, "Invalid tunnel ID (1-%d)", MAXTUNNEL-1); continue; } @@ -902,6 +1106,10 @@ int cmd_drop_session(struct cli_def *cli, char *command, char **argv, int argc) int i; sessionidt s; + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, argc > 1, + "<1-%d>", MAXSESSION-1, "Session id to drop", NULL); + if (!config->cluster_iam_master) { cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); @@ -912,20 +1120,12 @@ int cmd_drop_session(struct cli_def *cli, char *command, char **argv, int argc) cli_print(cli, "Specify a session id to drop"); return CLI_OK; } - for (i = 0; i < argc; i++) - { - if (strchr(argv[i], '?')) - { - cli_print(cli, "session_id ..."); - return CLI_OK; - } - } for (i = 0; i < argc; i++) { if ((s = atol(argv[i])) <= 0 || (s > MAXSESSION)) { - cli_print(cli, "Invalid session ID (%d - %d)", 0, MAXSESSION); + cli_print(cli, "Invalid session ID (1-%d)", MAXSESSION-1); continue; } @@ -953,14 +1153,38 @@ int cmd_drop_session(struct cli_def *cli, char *command, char **argv, int argc) int cmd_snoop(struct cli_def *cli, char *command, char **argv, int argc) { - int i; ipt ip; u16 port; sessionidt s; + if (CLI_HELP_REQUESTED) + { + switch (argc) + { + case 1: + return cli_arg_help(cli, 0, + "USER", "Username of session to snoop", NULL); + + case 2: + return cli_arg_help(cli, 0, + "A.B.C.D", "IP address of snoop destination", NULL); + + case 3: + return cli_arg_help(cli, 0, + "N", "Port of snoop destination", NULL); + + case 4: + if (!argv[3][1]) + return cli_arg_help(cli, 1, NULL); + + default: + return CLI_OK; + } + } + if (!config->cluster_iam_master) { - cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); + cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); return CLI_OK; } @@ -970,16 +1194,6 @@ int cmd_snoop(struct cli_def *cli, char *command, char **argv, int argc) return CLI_OK; } - for (i = 0; i < argc; i++) - { - if (strchr(argv[i], '?')) - { - cli_print(cli, "username ip port"); - return CLI_OK; - } - } - - if (!(s = sessionbyuser(argv[0]))) { cli_print(cli, "User %s is not connected", argv[0]); @@ -1012,6 +1226,10 @@ int cmd_no_snoop(struct cli_def *cli, char *command, char **argv, int argc) int i; sessionidt s; + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, argc > 1, + "USER", "Username of session to un-snoop", NULL); + if (!config->cluster_iam_master) { cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); @@ -1023,14 +1241,6 @@ int cmd_no_snoop(struct cli_def *cli, char *command, char **argv, int argc) cli_print(cli, "Specify a user"); return CLI_OK; } - for (i = 0; i < argc; i++) - { - if (strchr(argv[i], '?')) - { - cli_print(cli, "username ..."); - return CLI_OK; - } - } for (i = 0; i < argc; i++) { @@ -1052,6 +1262,10 @@ int cmd_throttle(struct cli_def *cli, char *command, char **argv, int argc) int i; sessionidt s; + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, argc > 1, + "USER", "Username of session to throttle", NULL); + if (!config->cluster_iam_master) { cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); @@ -1062,14 +1276,6 @@ int cmd_throttle(struct cli_def *cli, char *command, char **argv, int argc) cli_print(cli, "Specify a user"); return CLI_OK; } - for (i = 0; i < argc; i++) - { - if (strchr(argv[i], '?')) - { - cli_print(cli, "username ..."); - return CLI_OK; - } - } for (i = 0; i < argc; i++) { @@ -1091,6 +1297,10 @@ int cmd_no_throttle(struct cli_def *cli, char *command, char **argv, int argc) int i; sessionidt s; + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, argc > 1, + "USER", "Username of session to un-throttle", NULL); + if (!config->cluster_iam_master) { cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); @@ -1101,14 +1311,6 @@ int cmd_no_throttle(struct cli_def *cli, char *command, char **argv, int argc) cli_print(cli, "Specify a user"); return CLI_OK; } - for (i = 0; i < argc; i++) - { - if (strchr(argv[i], '?')) - { - cli_print(cli, "username ..."); - return CLI_OK; - } - } for (i = 0; i < argc; i++) { @@ -1119,8 +1321,9 @@ int cmd_no_throttle(struct cli_def *cli, char *command, char **argv, int argc) } throttle_session(s, 0); - cli_print(cli, "unthrottling user %s", argv[i]); + cli_print(cli, "Unthrottling user %s", argv[i]); } + return CLI_OK; } @@ -1128,47 +1331,61 @@ int cmd_debug(struct cli_def *cli, char *command, char **argv, int argc) { int i; + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, 1, + "all", "Enable debugging for all except \"data\"", + "critical", "", // FIXME: add descriptions + "error", "", + "warning", "", + "info", "", + "calls", "", + "data", "", + NULL); + if (!argc) { - cli_print(cli, "Currently debugging: "); - if (debug_flags.critical) cli_print(cli, "critical "); - if (debug_flags.error) cli_print(cli, "error "); - if (debug_flags.warning) cli_print(cli, "warning "); - if (debug_flags.info) cli_print(cli, "info "); - if (debug_flags.calls) cli_print(cli, "calls "); - if (debug_flags.data) cli_print(cli, "data "); - cli_print(cli, ""); - return CLI_OK; - } - - for (i = 0; i < argc; i++) + char *p = (char *) &debug_flags; + for (i = 0; i < sizeof(debug_flags); i++) { - if (*argv[i] == '?') + if (p[i]) { - cli_print(cli, "Possible debugging states are:"); - cli_print(cli, " critical"); - cli_print(cli, " error"); - cli_print(cli, " warning"); - cli_print(cli, " info"); - cli_print(cli, " calls"); - cli_print(cli, " data"); + cli_print(cli, "Currently debugging:%s%s%s%s%s%s", + (debug_flags.critical) ? " critical" : "", + (debug_flags.error) ? " error" : "", + (debug_flags.warning) ? " warning" : "", + (debug_flags.info) ? " info" : "", + (debug_flags.calls) ? " calls" : "", + (debug_flags.data) ? " data" : ""); + return CLI_OK; } } + cli_print(cli, "Debugging off"); + return CLI_OK; + } + for (i = 0; i < argc; i++) { - if (strcasecmp(argv[i], "critical") == 0) debug_flags.critical = 1; - if (strcasecmp(argv[i], "error") == 0) debug_flags.error = 1; - if (strcasecmp(argv[i], "warning") == 0) debug_flags.warning = 1; - if (strcasecmp(argv[i], "info") == 0) debug_flags.info = 1; - if (strcasecmp(argv[i], "calls") == 0) debug_flags.calls = 1; - if (strcasecmp(argv[i], "data") == 0) debug_flags.data = 1; - if (strcasecmp(argv[i], "all") == 0) + int len = strlen(argv[i]); + + if (argv[i][0] == 'c' && len < 2) + len = 2; /* distinguish [cr]itical from [ca]lls */ + + if (!strncasecmp(argv[i], "critical", len)) { debug_flags.critical = 1; continue; } + if (!strncasecmp(argv[i], "error", len)) { debug_flags.error = 1; continue; } + if (!strncasecmp(argv[i], "warning", len)) { debug_flags.warning = 1; continue; } + if (!strncasecmp(argv[i], "info", len)) { debug_flags.info = 1; continue; } + if (!strncasecmp(argv[i], "calls", len)) { debug_flags.calls = 1; continue; } + if (!strncasecmp(argv[i], "data", len)) { debug_flags.data = 1; continue; } + if (!strncasecmp(argv[i], "all", len)) { memset(&debug_flags, 1, sizeof(debug_flags)); debug_flags.data = 0; + continue; } + + cli_print(cli, "Invalid debugging flag \"%s\"", argv[i]); } return CLI_OK; @@ -1178,15 +1395,43 @@ int cmd_no_debug(struct cli_def *cli, char *command, char **argv, int argc) { int i; + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, 1, + "all", "Disable all debugging", + "critical", "", // FIXME: add descriptions + "error", "", + "warning", "", + "info", "", + "calls", "", + "data", "", + NULL); + + if (!argc) + { + memset(&debug_flags, 0, sizeof(debug_flags)); + return CLI_OK; + } + for (i = 0; i < argc; i++) { - if (strcasecmp(argv[i], "critical") == 0) debug_flags.critical = 0; - if (strcasecmp(argv[i], "error") == 0) debug_flags.error = 0; - if (strcasecmp(argv[i], "warning") == 0) debug_flags.warning = 0; - if (strcasecmp(argv[i], "info") == 0) debug_flags.info = 0; - if (strcasecmp(argv[i], "calls") == 0) debug_flags.calls = 0; - if (strcasecmp(argv[i], "data") == 0) debug_flags.data = 0; - if (strcasecmp(argv[i], "all") == 0) memset(&debug_flags, 0, sizeof(debug_flags)); + int len = strlen(argv[i]); + + if (argv[i][0] == 'c' && len < 2) + len = 2; /* distinguish [cr]itical from [ca]lls */ + + if (!strncasecmp(argv[i], "critical", len)) { debug_flags.critical = 0; continue; } + if (!strncasecmp(argv[i], "error", len)) { debug_flags.error = 0; continue; } + if (!strncasecmp(argv[i], "warning", len)) { debug_flags.warning = 0; continue; } + if (!strncasecmp(argv[i], "info", len)) { debug_flags.info = 0; continue; } + if (!strncasecmp(argv[i], "calls", len)) { debug_flags.calls = 0; continue; } + if (!strncasecmp(argv[i], "data", len)) { debug_flags.data = 0; continue; } + if (!strncasecmp(argv[i], "all", len)) + { + memset(&debug_flags, 0, sizeof(debug_flags)); + continue; + } + + cli_print(cli, "Invalid debugging flag \"%s\"", argv[i]); } return CLI_OK; @@ -1195,6 +1440,11 @@ int cmd_no_debug(struct cli_def *cli, char *command, char **argv, int argc) int cmd_load_plugin(struct cli_def *cli, char *command, char **argv, int argc) { int i, firstfree = 0; + + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, argc > 1, + "PLUGIN", "Name of plugin to load", NULL); + if (argc != 1) { cli_print(cli, "Specify a plugin to load"); @@ -1226,6 +1476,10 @@ int cmd_remove_plugin(struct cli_def *cli, char *command, char **argv, int argc) { int i; + if (CLI_HELP_REQUESTED) + return cli_arg_help(cli, argc > 1, + "PLUGIN", "Name of plugin to unload", NULL); + if (argc != 1) { cli_print(cli, "Specify a plugin to remove"); @@ -1246,17 +1500,36 @@ int cmd_remove_plugin(struct cli_def *cli, char *command, char **argv, int argc) return CLI_OK; } -char *duration(time_t seconds) +char *duration(time_t secs) { static char *buf = NULL; + int p = 0; + if (!buf) buf = calloc(64, 1); - if (seconds > 86400) - sprintf(buf, "%d days", (int)(seconds / 86400.0)); - else if (seconds > 60) - sprintf(buf, "%02d:%02lu", (int)(seconds / 3600.0), seconds % 60); + if (secs >= 86400) + { + int days = secs / 86400; + p = sprintf(buf, "%d day%s, ", days, days > 1 ? "s" : ""); + secs %= 86400; + } + + if (secs >= 3600) + { + int mins = secs / 60; + int hrs = mins / 60; + + mins %= 60; + sprintf(buf + p, "%d:%02d", hrs, mins); + } + else if (secs >= 60) + { + int mins = secs / 60; + sprintf(buf + p, "%d min%s", mins, mins > 1 ? "s" : ""); + } else - sprintf(buf, "%lu sec", seconds); + sprintf(buf, "%ld sec%s", secs, secs > 1 ? "s" : ""); + return buf; } @@ -1267,6 +1540,9 @@ int cmd_uptime(struct cli_def *cli, char *command, char **argv, int argc) int i, num_sessions = 0; time_t time_now; + if (CLI_HELP_REQUESTED) + return CLI_HELP_NO_ARGS; + fh = fopen("/proc/loadavg", "r"); fgets(buf, 100, fh); fclose(fh); @@ -1282,7 +1558,7 @@ int cmd_uptime(struct cli_def *cli, char *command, char **argv, int argc) cli_print(cli, "%s up %s, %d users, load average: %s, %s, %s", buf, - duration(abs(time_now - config->start_time)), + duration(time_now - config->start_time), num_sessions, loads[0], loads[1], loads[2] ); @@ -1298,9 +1574,36 @@ int cmd_set(struct cli_def *cli, char *command, char **argv, int argc) { int i; + if (CLI_HELP_REQUESTED) + { + switch (argc) + { + case 1: + { + int len = strlen(argv[0])-1; + for (i = 0; config_values[i].key; i++) + if (!len || !strncmp(argv[0], config_values[i].key, len)) + cli_print(cli, " %s", config_values[i].key); + } + + return CLI_OK; + + case 2: + return cli_arg_help(cli, 0, + "VALUE", "Value for variable", NULL); + + case 3: + if (!argv[2][1]) + return cli_arg_help(cli, 1, NULL); + + default: + return CLI_OK; + } + } + if (argc != 2) { - cli_print(cli, "Usage: set "); + cli_print(cli, "Specify variable and value"); return CLI_OK; } diff --git a/cluster.c b/cluster.c index 6f4695d..4c4efde 100644 --- a/cluster.c +++ b/cluster.c @@ -1,5 +1,6 @@ // L2TPNS Clustering Stuff -// $Id: cluster.c,v 1.3 2004-06-23 03:52:24 fred_nerk Exp $ + +char const *cvs_id_cluster = "$Id: cluster.c,v 1.4 2004-06-28 02:43:13 fred_nerk Exp $"; #include #include @@ -134,7 +135,7 @@ int cluster_init() return -1; } - config->cluster_last_hb = config->current_time; + config->cluster_last_hb = TIME; config->cluster_seq_number = -1; return cluster_sockfd; @@ -435,18 +436,18 @@ void cluster_check_master(void) int i, count, tcount, high_sid = 0; int last_free = 0; int had_peers = have_peers; - clockt t = config->current_time; + clockt t = TIME; - if (config->current_time < (config->cluster_last_hb + HB_TIMEOUT) ) + if (TIME < (config->cluster_last_hb + config->cluster_hb_timeout) ) return; // Everything's ok. return. if (!config->cluster_iam_master) log(0,0,0,0, "Master timed out! Holding election...\n"); - config->cluster_last_hb = config->current_time + 1; + config->cluster_last_hb = TIME + 1; for (i = have_peers = 0; i < num_peers ; ++i) { - if ((peers[i].timestamp + HB_TIMEOUT) < t) + if ((peers[i].timestamp + config->cluster_hb_timeout) < t) continue; // Stale peer! Skip them. if (!peers[i].basetime) @@ -721,7 +722,7 @@ void cluster_heartbeat(int highsession, int freesession, int hightunnel) } if (p > (buff + sizeof(buff))) { // Did we somehow manage to overun the buffer? - log(0,0,0,0, "Overrun the heartbeat buffer! This is fatal. Exiting. (size %d)\n", p - buff); + log(0,0,0,0, "FATAL: Overran the heartbeat buffer! This is fatal. Exiting. (size %d)\n", p - buff); kill(0, SIGTERM); } @@ -744,6 +745,9 @@ void cluster_heartbeat(int highsession, int freesession, int hightunnel) // // Fill out the packet with tunnels from the tunnel table... + // This effectively means we walk the tunnel table more quickly + // than the session table. This is good because stuffing up a + // tunnel is a much bigger deal than stuffing up a session. // while ( (p + sizeof(u32) * 2 + sizeof(tunnelt) ) < (buff + MAX_HEART_SIZE) ) { @@ -891,7 +895,7 @@ int cluster_add_peer(u32 peer, time_t basetime, pingt *p) // This peer already exists. Just update the timestamp. peers[i].basetime = basetime; - peers[i].timestamp = config->current_time; + peers[i].timestamp = TIME; break; } @@ -904,7 +908,7 @@ int cluster_add_peer(u32 peer, time_t basetime, pingt *p) { if (peers[i].peer != peer) continue; - if ((peers[i].timestamp + HB_TIMEOUT * 10) < config->current_time) // Stale. + if ((peers[i].timestamp + config->cluster_hb_timeout * 10) < TIME) // Stale. break; } @@ -917,7 +921,7 @@ int cluster_add_peer(u32 peer, time_t basetime, pingt *p) peers[i].peer = peer; peers[i].basetime = basetime; - peers[i].timestamp = config->current_time; + peers[i].timestamp = TIME; if (i == num_peers) ++num_peers; @@ -1081,14 +1085,14 @@ static int cluster_process_heartbeat_v2(u8 * data, int size, int more, u8 * p, u if (config->cluster_seq_number == -1) // Don't have one. Just align to the master... config->cluster_seq_number = h->seq; - config->cluster_last_hb = config->current_time; // Reset to ensure that we don't become master!! + config->cluster_last_hb = TIME; // Reset to ensure that we don't become master!! if (config->cluster_seq_number != h->seq) { // Out of sequence heartbeat! log(1,0,0,0, "HB: Got seq# %d but was expecting %d. asking for resend.\n", h->seq, config->cluster_seq_number); peer_send_message(addr, C_LASTSEEN, config->cluster_seq_number, NULL, 0); - config->cluster_last_hb = config->current_time; // Reset to ensure that we don't become master!! + config->cluster_last_hb = TIME; // Reset to ensure that we don't become master!! // Just drop the packet. The master will resend it as part of the catchup. @@ -1187,7 +1191,7 @@ static int cluster_process_heartbeat_v2(u8 * data, int size, int more, u8 * p, u } config->cluster_master_address = addr; - config->cluster_last_hb = config->current_time; // Successfully received a heartbeat! + config->cluster_last_hb = TIME; // Successfully received a heartbeat! return 0; shortpacket: @@ -1282,12 +1286,12 @@ int processcluster(char * data, int size, u32 addr) } if (addr != config->cluster_master_address) { - log(0,0,0,0, "Received a C_KILL from %s which doesn't match config->cluster_master_address (%x)", + log(0,0,0,0, "Received a C_KILL from %s which doesn't match config->cluster_master_address (%x)\n", inet_toa(addr), config->cluster_master_address); // We can only warn about it. The master might really have switched! } - log(0,0,0,0, "Received a valid C_KILL: I'm going to die now."); + log(0,0,0,0, "Received a valid C_KILL: I'm going to die now.\n"); kill(0, SIGTERM); exit(0); // Lets be paranoid; return -1; // Just signalling the compiler. @@ -1313,6 +1317,9 @@ int cmd_show_cluster(struct cli_def *cli, char *command, char **argv, int argc) { int i; + if (CLI_HELP_REQUESTED) + return CLI_HELP_NO_ARGS; + cli_print(cli, "Cluster status : %s", config->cluster_iam_master ? "Master" : "Slave" ); cli_print(cli, "My address : %s", inet_toa(my_address)); cli_print(cli, "VIP address : %s", inet_toa(config->bind_address)); @@ -1322,7 +1329,7 @@ int cmd_show_cluster(struct cli_def *cli, char *command, char **argv, int argc) if (!config->cluster_iam_master) { cli_print(cli, "My master : %s (last heartbeat %.1f seconds old)", config->cluster_master_address ? inet_toa(config->cluster_master_address) : "Not defined", - 0.1 * (config->current_time - config->cluster_last_hb)); + 0.1 * (TIME - config->cluster_last_hb)); cli_print(cli, "Uptodate : %s", config->cluster_iam_uptodate ? "Yes" : "No"); cli_print(cli, "Next sequence number expected: %d", config->cluster_seq_number); cli_print(cli, "%d sessions undefined of %d", config->cluster_undefined_sessions, config->cluster_highest_sessionid); @@ -1339,7 +1346,7 @@ int cmd_show_cluster(struct cli_def *cli, char *command, char **argv, int argc) cli_print(cli, "%20s %10s %8s", "Address", "Basetime", "Age"); for (i = 0; i < num_peers; ++i) { cli_print(cli, "%20s %10d %8d", inet_toa(peers[i].peer), - peers[i].basetime, config->current_time - peers[i].timestamp); + peers[i].basetime, TIME - peers[i].timestamp); } return CLI_OK; } diff --git a/constants.c b/constants.c index c53a26f..c7609d2 100644 --- a/constants.c +++ b/constants.c @@ -1,3 +1,7 @@ +// L2TPNS: constants + +char const *cvs_id_constants = "$Id: constants.c,v 1.3 2004-06-28 02:43:13 fred_nerk Exp $"; + #include "constants.h" #include diff --git a/control.c b/control.c index 9d83522..db86e2d 100644 --- a/control.c +++ b/control.c @@ -1,3 +1,7 @@ +// L2TPNS: control + +char const *cvs_id_control = "$Id: control.c,v 1.2 2004-06-28 02:43:13 fred_nerk Exp $"; + #include #include #include diff --git a/garden.c b/garden.c index 7477089..5e3d368 100644 --- a/garden.c +++ b/garden.c @@ -7,6 +7,8 @@ #include "plugin.h" #include "control.h" +char const *cvs_id = "$Id: garden.c,v 1.7 2004-06-28 02:43:13 fred_nerk Exp $"; + int __plugin_api_version = 1; static struct pluginfuncs *p = 0; @@ -19,6 +21,7 @@ char *up_commands[] = { "iptables -t nat -N garden_users >/dev/null 2>&1",// Empty chain, users added/removed by garden_session "iptables -t nat -F garden_users", "iptables -t nat -A PREROUTING -j garden_users", // DNAT any users on the garden_users chain + "sysctl -w net.ipv4.ip_conntrack_max=256000 >/dev/null", // lots of entries NULL, }; @@ -28,7 +31,10 @@ char *down_commands[] = { "iptables -t nat -X garden_users", "iptables -t nat -F garden", "iptables -t nat -X garden", - "rmmod iptable_nat ip_conntrack", + "rmmod iptable_nat", // Should also remove ip_conntrack, but + // doing so can take hours... literally. + // If a master is re-started as a slave, + // either rmmod manually, or reboot. NULL, }; diff --git a/icmp.c b/icmp.c index f7d73c6..853d665 100644 --- a/icmp.c +++ b/icmp.c @@ -1,3 +1,7 @@ +// L2TPNS: icmp + +char const *cvs_id_icmp = "$Id: icmp.c,v 1.3 2004-06-28 02:43:13 fred_nerk Exp $"; + #include #include #include diff --git a/l2tpns.c b/l2tpns.c index ebf71ad..9ce2c79 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -1,8 +1,11 @@ // L2TP Network Server // Adrian Kennard 2002 -// (c) Copyrigth 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) +// Copyright (c) 2003, 2004 Optus Internet Engineering +// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.9 2004-06-28 02:43:13 fred_nerk Exp $"; + #include #include #include @@ -111,6 +114,8 @@ struct config_descriptt config_values[] = { CONFIG("icmp_rate", icmp_rate, INT), CONFIG("cluster_address", cluster_address, IP), CONFIG("cluster_interface", cluster_interface, STRING), + CONFIG("cluster_hb_interval", cluster_hb_interval, INT), + CONFIG("cluster_hb_timeout", cluster_hb_timeout, INT), #ifdef BGP CONFIG("as_number", as_number, SHORT), CONFIG("bgp_peer1", bgp_peer[0], STRING), @@ -289,7 +294,7 @@ void routeset(sessionidt s, ipt ip, ipt mask, ipt gw, u8 add) if (!mask) mask = 0xffffffff; - ip = ip & mask; // Force the ip to be the first one in the route. + ip &= mask; // Force the ip to be the first one in the route. memset(&r, 0, sizeof(r)); r.rt_dev = config->tapdevice; @@ -304,8 +309,6 @@ void routeset(sessionidt s, ipt ip, ipt mask, ipt gw, u8 add) r.rt_flags |= RTF_GATEWAY; else if (mask == 0xffffffff) r.rt_flags |= RTF_HOST; - if (ioctl(ifrfd, add ? SIOCADDRT : SIOCDELRT, (void *) &r) < 0) - log(0, 0, 0, 0, "routeset() error in ioctl: %s\n", strerror(errno)); log(1, ip, 0, 0, "Route %s %u.%u.%u.%u/%u.%u.%u.%u %u.%u.%u.%u\n", add ? "add" : "del", @@ -313,6 +316,9 @@ void routeset(sessionidt s, ipt ip, ipt mask, ipt gw, u8 add) mask >> 24, mask >> 16 & 0xff, mask >> 8 & 0xff, mask & 0xff, gw >> 24, gw >> 16 & 0xff, gw >> 8 & 0xff, gw & 0xff); + if (ioctl(ifrfd, add ? SIOCADDRT : SIOCDELRT, (void *) &r) < 0) + log(0, 0, 0, 0, "routeset() error in ioctl: %s\n", strerror(errno)); + #ifdef BGP if (add) bgp_add_route(htonl(ip), htonl(mask)); @@ -471,10 +477,8 @@ int lookup_ipmap(ipt ip) sessionidt sessionbyip(ipt ip) { int s = lookup_ipmap(ip); + CSTAT(call_sessionbyip); -#ifdef STAT_CALLS - STAT(call_sessionbyip); -#endif if (s > 0 && s < MAXSESSION && session[s].tunnel) return s; return 0; @@ -527,6 +531,9 @@ int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc) int i, j, k, l; int count = 0; + if (CLI_HELP_REQUESTED) + return CLI_HELP_NO_ARGS; + cli_print(cli, "%7s %s", "Sess#", "IP Address"); for (i = 0; i < 256; ++i) { @@ -560,9 +567,8 @@ int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc) sessionidt sessionbyuser(char *username) { int s; -#ifdef STAT_CALLS - STAT(call_sessionbyuser); -#endif + CSTAT(call_sessionbyuser); + for (s = 1; s < MAXSESSION ; ++s) { if (session[s].walled_garden) continue; // Skip walled garden users. @@ -625,10 +631,9 @@ void processarp(u8 * buf, int len) ipt ip; sessionidt s; -#ifdef STAT_CALLS - STAT(call_processarp); -#endif + CSTAT(call_processarp); STAT(arp_recv); + if (len != 46) { log(0, 0, 0, 0, "Unexpected length ARP %d bytes\n", len); @@ -701,9 +706,8 @@ void tunnelsend(u8 * buf, u16 l, tunnelidt t) { struct sockaddr_in addr; -#ifdef STAT_CALLS - STAT(call_tunnelsend); -#endif + CSTAT(call_tunnelsend); + if (!t) { static int backtrace_count = 0; @@ -776,9 +780,9 @@ void processipout(u8 * buf, int len) int size = len; u8 b[MAXETHER + 20]; -#ifdef STAT_CALLS - STAT(call_processipout); -#endif + + CSTAT(call_processipout); + if (len < MIN_IP_SIZE) { log(1, 0, 0, 0, "Short IP, %d bytes\n", len); @@ -892,12 +896,12 @@ void send_ipout(sessionidt s, u8 *buf, int len) t = session[s].tunnel; sp = &session[s]; - log(5, session[s].ip, s, t, "Ethernet -> Tunnel (%d bytes)\n", len); - - // Snooping this session, send it to ASIO + // Snooping this session, send it to intercept box if (sp->snoop_ip && sp->snoop_port) snoop_send_packet(buf, len, sp->snoop_ip, sp->snoop_port); + log(5, session[s].ip, s, t, "Ethernet -> Tunnel (%d bytes)\n", len); + // Add on L2TP header { u8 *p = makeppp(b, sizeof(b), buf, len, t, s, PPPIP); @@ -1078,9 +1082,9 @@ void sessionshutdown(sessionidt s, char *reason) int dead = session[s].die; int walled_garden = session[s].walled_garden; -#ifdef STAT_CALLS - STAT(call_sessionshutdown); -#endif + + CSTAT(call_sessionshutdown); + if (!session[s].tunnel) { log(3, session[s].ip, s, session[s].tunnel, "Called sessionshutdown on a session with no tunnel.\n"); @@ -1152,9 +1156,9 @@ void sendipcp(tunnelidt t, sessionidt s) u8 buf[MAXCONTROL]; u16 r = session[s].radius; u8 *q; -#ifdef STAT_CALLS - STAT(call_sendipcp); -#endif + + CSTAT(call_sendipcp); + if (!r) r = radiusnew(s); if (radius[r].state != RADIUSIPCP) @@ -1188,9 +1192,9 @@ void sendipcp(tunnelidt t, sessionidt s) // kill a session now void sessionkill(sessionidt s, char *reason) { -#ifdef STAT_CALLS - STAT(call_sessionkill); -#endif + + CSTAT(call_sessionkill); + sessionshutdown(s, reason); // close radius/routes, etc. if (session[s].radius) radiusclear(session[s].radius, 0); // cant send clean accounting data, session is killed @@ -1210,9 +1214,8 @@ void tunnelkill(tunnelidt t, char *reason) { sessionidt s; controlt *c; -#ifdef STAT_CALLS - STAT(call_tunnelkill); -#endif + + CSTAT(call_tunnelkill); tunnel[t].state = TUNNELDIE; @@ -1242,9 +1245,9 @@ void tunnelkill(tunnelidt t, char *reason) void tunnelshutdown(tunnelidt t, char *reason) { sessionidt s; -#ifdef STAT_CALLS - STAT(call_tunnelshutdown); -#endif + + CSTAT(call_tunnelshutdown); + if (!tunnel[t].last || !tunnel[t].far || tunnel[t].state == TUNNELFREE) { // never set up, can immediately kill @@ -1277,9 +1280,9 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) u16 l = len, t = 0, s = 0, ns = 0, nr = 0; u8 *p = buf + 2; -#ifdef STAT_CALLS - STAT(call_processudp); -#endif + + CSTAT(call_processudp); + udp_rx += len; udp_rx_pkt++; log_hex(5, "UDP Data", buf, len); @@ -1996,9 +1999,9 @@ void processtap(u8 * buf, int len) log_hex(5, "Receive TAP Data", buf, len); STAT(tap_rx_packets); INC_STAT(tap_rx_bytes, len); -#ifdef STAT_CALLS - STAT(call_processtap); -#endif + + CSTAT(call_processtap); + eth_rx_pkt++; eth_rx += len; if (len < 22) @@ -2036,7 +2039,7 @@ int regular_cleanups(void) continue; if (radius[r].retry) { - if (radius[r].retry <= config->current_time) + if (radius[r].retry <= TIME) radiusretry(r); } else radius[r].retry = backoff(radius[r].try+1); // Is this really needed? --mo @@ -2044,7 +2047,7 @@ int regular_cleanups(void) for (t = 1; t < config->cluster_highest_tunnelid; t++) { // check for expired tunnels - if (tunnel[t].die && tunnel[t].die <= config->current_time) + if (tunnel[t].die && tunnel[t].die <= TIME) { STAT(tunnel_timeout); tunnelkill(t, "Expired"); @@ -2054,7 +2057,7 @@ int regular_cleanups(void) if (tunnel[t].retry && tunnel[t].controlc) { // resend pending messages as timeout on reply - if (tunnel[t].retry <= config->current_time) + if (tunnel[t].retry <= TIME) { controlt *c = tunnel[t].controls; u8 w = tunnel[t].window; @@ -2070,7 +2073,7 @@ int regular_cleanups(void) } } // Send hello - if (tunnel[t].state == TUNNELOPEN && tunnel[t].lastrec < config->current_time + 600) + if (tunnel[t].state == TUNNELOPEN && tunnel[t].lastrec < TIME + 600) { controlt *c = controlnew(6); // sending HELLO controladd(c, t, 0); // send the message @@ -2102,11 +2105,11 @@ int regular_cleanups(void) } count = 0; - for (i = 1; i < config->cluster_highest_sessionid; i++) + for (i = 1; i <= config->cluster_highest_sessionid; i++) { s++; - if (s >= config->cluster_highest_sessionid) + if (s > config->cluster_highest_sessionid) s = 1; if (!session[s].tunnel) // Session isn't in use @@ -2120,7 +2123,7 @@ int regular_cleanups(void) } // check for expired sessions - if (session[s].die && session[s].die <= config->current_time) + if (session[s].die && session[s].die <= TIME) { sessionkill(s, "Expired"); if (++count >= MAX_ACTIONS) break; @@ -2159,10 +2162,10 @@ int regular_cleanups(void) continue; } } - if (config->accounting_dir && next_acct <= config->current_time) + if (config->accounting_dir && next_acct <= TIME) { // Dump accounting data - next_acct = config->current_time + ACCT_TIME; + next_acct = TIME + ACCT_TIME; dump_acct_info(); } @@ -2186,9 +2189,9 @@ int still_busy(void) if (!tunnel[i].controlc) continue; - if (last_talked != config->current_time) { - log(2,0,0,0, "Tunnel %d still has an-acked control messages.\n", i); - last_talked = config->current_time; + if (last_talked != TIME) { + log(2,0,0,0, "Tunnel %d still has un-acked control messages.\n", i); + last_talked = TIME; } return 1; } @@ -2200,9 +2203,9 @@ int still_busy(void) if (radius[i].state == RADIUSWAIT) continue; - if (last_talked != config->current_time) { + if (last_talked != TIME) { log(2,0,0,0, "Radius session %d is still busy (sid %d)\n", i, radius[i].session); - last_talked = config->current_time; + last_talked = TIME; } return 1; } @@ -2286,7 +2289,7 @@ void mainloop(void) n = select(n + 1, &r, 0, 0, &to); #endif /* BGP */ - config->current_time = now(); + TIME = now(); if (n < 0) { if (errno == EINTR) @@ -2369,8 +2372,8 @@ void mainloop(void) // Runs on all machines both master and slave. { static clockt last_run = 0; - if (last_run != config->current_time) { - last_run = config->current_time; + if (last_run != TIME) { + last_run = TIME; tbf_run_timer(); } } @@ -2540,9 +2543,9 @@ int assign_ip_address(sessionidt s) char *u = session[s].user; char reuse = 0; -#ifdef STAT_CALLS - STAT(call_assign_ip_address); -#endif + + CSTAT(call_assign_ip_address); + for (i = 1; i < ip_pool_size; i++) { if (!ip_address_pool[i].address || ip_address_pool[i].assigned) @@ -2606,9 +2609,9 @@ void free_ip_address(sessionidt s) ip_address_pool[i].session = 0; ip_address_pool[i].last = time_now; -#ifdef STAT_CALLS - STAT(call_free_ip_address); -#endif + + CSTAT(call_free_ip_address); + } // @@ -2644,7 +2647,7 @@ void rebuild_address_pool(void) if (ipid < 1) // Not found in the pool either? good. continue; - log(0, 0, i, 0, "Session %d has an IP address (%s) that was marked static, but is in the pool (%d)!", + log(0, 0, i, 0, "Session %d has an IP address (%s) that was marked static, but is in the pool (%d)!\n", i, inet_toa(session[i].ip), ipid); // Fall through and process it as part of the pool. @@ -2747,7 +2750,7 @@ void initippool() src = inet_addr(buf); if (src == INADDR_NONE) { - log(0, 0, 0, 0, "Invalid address pool IP %s", buf); + log(0, 0, 0, 0, "Invalid address pool IP %s\n", buf); exit(1); } // This entry is for a specific IP only @@ -2811,9 +2814,9 @@ void dump_acct_info() int i; FILE *f = NULL; -#ifdef STAT_CALLS - STAT(call_dump_acct_info); -#endif + + CSTAT(call_dump_acct_info); + strftime(timestr, 64, "%Y%m%d%H%M%S", localtime(&t)); snprintf(filename, 1024, "%s/%s", config->accounting_dir, timestr); @@ -2907,9 +2910,9 @@ int main(int argc, char *argv[]) init_cli(); read_config_file(); - log(0, 0, 0, 0, "$Id: l2tpns.c,v 1.8 2004-06-23 03:52:24 fred_nerk Exp $\n" - "(c) Copyright 2003, 2004 Optus Internet Engineering\n" - "(c) Copyright 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced\n"); + log(0, 0, 0, 0, "L2TPNS version " VERSION "\n"); + log(0, 0, 0, 0, "Copyright (c) 2003, 2004 Optus Internet Engineering\n"); + log(0, 0, 0, 0, "Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced\n"); { struct rlimit rlim; rlim.rlim_cur = RLIM_INFINITY; @@ -3359,11 +3362,17 @@ void update_config() } memcpy(config->old_plugins, config->plugins, sizeof(config->plugins)); if (!config->cleanup_interval) config->cleanup_interval = 10; - if (!config->multi_read_count) config->multi_read_count = 1; + if (!config->multi_read_count) config->multi_read_count = 10; if (!config->cluster_address) config->cluster_address = inet_addr(DEFAULT_MCAST_ADDR); if (!*config->cluster_interface) strncpy(config->cluster_interface, DEFAULT_MCAST_INTERFACE, sizeof(config->cluster_interface) - 1); + if (!config->cluster_hb_interval) + config->cluster_hb_interval = PING_INTERVAL; // Heartbeat every 0.5 seconds. + + if (!config->cluster_hb_timeout) + config->cluster_hb_timeout = HB_TIMEOUT; // 10 missed heartbeat triggers an election. + config->reload_config = 0; } @@ -3391,9 +3400,9 @@ int sessionsetup(tunnelidt t, sessionidt s) char *user; sessionidt i; int r; -#ifdef STAT_CALLS - STAT(call_sessionsetup); -#endif + + CSTAT(call_sessionsetup); + log(3, session[s].ip, s, t, "Doing session setup for session\n"); @@ -3501,9 +3510,16 @@ int load_session(sessionidt s, sessiont *new) { if (session[s].ip) // If there's an old one, remove it. { + // Remove any routes if the IP has changed + for (i = 0; i < MAXROUTE && session[s].route[i].ip; i++) + { + routeset(s, session[s].route[i].ip, session[s].route[i].mask, session[s].ip, 0); + session[s].route[i].ip = 0; + } + if (session[s].ip_pool_index == -1) // static IP routeset(s, session[s].ip, 0, 0, 0); - else // It's part of the IP pool, add it manually. + else // It's part of the IP pool, remove it manually. uncache_ipmap(session[s].ip); } @@ -3515,7 +3531,7 @@ int load_session(sessionidt s, sessiont *new) } } - // Add routes for the session if they're new. + // Update routed networks for (i = 0; i < MAXROUTE && (session[s].route[i].ip || new->route[i].ip); i++) { if (new->route[i].ip == session[s].route[i].ip && @@ -3523,7 +3539,7 @@ int load_session(sessionidt s, sessiont *new) continue; if (session[s].route[i].ip) // Remove the old one if it exists. - routeset(s, session[s].route[i].ip, session[s].route[i].mask, session[s].route[i].ip, 0); + routeset(s, session[s].route[i].ip, session[s].route[i].mask, session[s].ip, 0); if (new->route[i].ip) // Add the new one if it exists. routeset(s, new->route[i].ip, new->route[i].mask, new->ip, 1); @@ -3706,9 +3722,12 @@ void processcontrol(u8 * buf, int len, struct sockaddr_in *addr) int l; struct param_control param = { buf, len, ntohl(addr->sin_addr.s_addr), ntohs(addr->sin_port), NULL, 0, 0 }; + + if (log_stream && config->debug >= 4) + { log(4, ntohl(addr->sin_addr.s_addr), 0, 0, "Received "); - if (log_stream) dump_packet(buf, log_stream); + } resp = calloc(1400, 1); l = new_packet(PKT_RESP_ERROR, resp); @@ -3805,6 +3824,9 @@ int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc int count = 0; int buckets[64]; + if (CLI_HELP_REQUESTED) + return CLI_HELP_NO_ARGS; + time(&time_now); for (i = 0; i < 64;++i) buckets[i] = 0; @@ -3838,6 +3860,9 @@ int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc int count = 0; int buckets[64]; + if (CLI_HELP_REQUESTED) + return CLI_HELP_NO_ARGS; + time(&time_now); for (i = 0; i < 64;++i) buckets[i] = 0; diff --git a/l2tpns.h b/l2tpns.h index 653364c..97f3a8a 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -1,5 +1,5 @@ // L2TPNS Global Stuff -// $Id: l2tpns.h,v 1.7 2004-06-23 03:52:24 fred_nerk Exp $ +// $Id: l2tpns.h,v 1.8 2004-06-28 02:43:13 fred_nerk Exp $ #ifndef __L2TPNS_H__ #define __L2TPNS_H__ @@ -125,7 +125,6 @@ typedef struct controls // control message } controlt; -// 336 bytes per session typedef struct sessions { sessionidt next; // next session in linked list @@ -311,7 +310,7 @@ struct Tstats unsigned long c_forwarded; unsigned long recv_forward; -#ifdef STAT_CALLS +#ifdef STATISTICS unsigned long call_processtap; unsigned long call_processarp; unsigned long call_processipout; @@ -343,11 +342,19 @@ struct Tstats }; #ifdef STATISTICS -#define STAT(x) _statistics->x++ -#define INC_STAT(x,y) _statistics->x += y -#define GET_STAT(x) _statistics->x -#define SET_STAT(x, y) _statistics->x = y + +#ifdef STAT_CALLS +#define CSTAT(x) STAT(x) +#else +#define CSTAT(x) +#endif + +#define STAT(x) (_statistics->x++) +#define INC_STAT(x,y) (_statistics->x += (y)) +#define GET_STAT(x) (_statistics->x) +#define SET_STAT(x, y) (_statistics->x = (y)) #else +#define CSTAT(x) #define STAT(x) #define INC_STAT(x,y) #define GET_STAT(x) 0 @@ -359,7 +366,9 @@ struct configt int debug; // debugging level time_t start_time; // time when l2tpns was started char bandwidth[256]; // current bandwidth - clockt current_time; + clockt current_time; // 1/10ths of a second since the process started. + // means that we can only run a given process + // for 13 years without re-starting! char config_file[128]; int reload_config; // flag to re-read config (set by cli) @@ -410,6 +419,9 @@ struct configt clockt cluster_last_hb; // Last time we saw a heartbeat from the master. int cluster_num_changes; // Number of changes queued. + int cluster_hb_interval; // How often to send a heartbeat. + int cluster_hb_timeout; // How many missed heartbeats trigger an election. + #ifdef BGP u16 as_number; char bgp_peer[2][64]; @@ -516,6 +528,7 @@ int cluster_send_goodbye(); void init_cli(); void cli_do_file(FILE *fh); void cli_do(int sockfd); +int cli_arg_help(struct cli_def *cli, int cr_ok, char *entry, ...); #ifdef RINGBUFFER void ringbuffer_dump(FILE *stream); #endif @@ -561,4 +574,27 @@ extern u32 last_sid; extern struct Tstats *_statistics; extern ipt my_address; extern int tun_write(u8 *data, int size); + + +#define TIME (config->current_time) + +// macros for handling help in cli commands +#define CLI_HELP_REQUESTED (argc > 0 && argv[argc-1][strlen(argv[argc-1])-1] == '?') +#define CLI_HELP_NO_ARGS (argc > 1 || argv[0][1]) ? CLI_OK : cli_arg_help(cli, 1, NULL) + +// CVS identifiers (for "show version file") +extern char const *cvs_id_arp; +extern char const *cvs_id_cli; +extern char const *cvs_id_cluster; +extern char const *cvs_id_constants; +extern char const *cvs_id_control; +extern char const *cvs_id_icmp; +extern char const *cvs_id_l2tpns; +extern char const *cvs_id_ll; +extern char const *cvs_id_md5; +extern char const *cvs_id_ppp; +extern char const *cvs_id_radius; +extern char const *cvs_id_tbf; +extern char const *cvs_id_util; + #endif /* __L2TPNS_H__ */ diff --git a/ll.c b/ll.c index 6793e6e..0831152 100644 --- a/ll.c +++ b/ll.c @@ -1,5 +1,6 @@ // L2TPNS Linked List Stuff -// $Id: ll.c,v 1.3 2004-06-23 03:52:24 fred_nerk Exp $ + +char const *cvs_id_ll = "$Id: ll.c,v 1.4 2004-06-28 02:43:13 fred_nerk Exp $"; #include #include diff --git a/md5.c b/md5.c index e0691c8..1911dc5 100644 --- a/md5.c +++ b/md5.c @@ -1,6 +1,8 @@ /* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm */ +char const *cvs_id_md5 = "$Id: md5.c,v 1.2 2004-06-28 02:43:13 fred_nerk Exp $"; + /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. diff --git a/ppp.c b/ppp.c index deab284..474c30a 100644 --- a/ppp.c +++ b/ppp.c @@ -1,5 +1,6 @@ // L2TPNS PPP Stuff -// $Id: ppp.c,v 1.5 2004-06-23 03:52:24 fred_nerk Exp $ + +char const *cvs_id_ppp = "$Id: ppp.c,v 1.6 2004-06-28 02:43:13 fred_nerk Exp $"; #include #include @@ -28,13 +29,13 @@ void processpap(tunnelidt t, sessionidt s, u8 * p, u16 l) char user[129]; char pass[129]; -#ifdef STAT_CALLS - STAT(call_processpap); -#endif + + CSTAT(call_processpap); + log_hex(5, "PAP", p, l); if (l < 4) { - log(1, 0, s, t, "Short PAP %u bytes", l); + log(1, 0, s, t, "Short PAP %u bytes\n", l); STAT(tunnel_rx_errors); return ; } @@ -123,9 +124,9 @@ void processchap(tunnelidt t, sessionidt s, u8 * p, u16 l) u16 r; u16 len; -#ifdef STAT_CALLS - STAT(call_processchap); -#endif + + CSTAT(call_processchap); + log_hex(5, "CHAP", p, l); r = session[s].radius; if (!r) @@ -292,13 +293,13 @@ void processlcp(tunnelidt t, sessionidt s, u8 * p, u16 l) u8 b[MAXCONTROL]; u8 *q = NULL; -#ifdef STAT_CALLS - STAT(call_processlcp); -#endif + + CSTAT(call_processlcp); + log_hex(5, "LCP", p, l); if (l < 4) { - log(1, session[s].ip, s, t, "Short LCP %d bytes", l); + log(1, session[s].ip, s, t, "Short LCP %d bytes\n", l); STAT(tunnel_rx_errors); return ; } @@ -450,13 +451,13 @@ void processlcp(tunnelidt t, sessionidt s, u8 * p, u16 l) // Process IPCP messages void processipcp(tunnelidt t, sessionidt s, u8 * p, u16 l) { -#ifdef STAT_CALLS - STAT(call_processipcp); -#endif + + CSTAT(call_processipcp); + log_hex(5, "IPCP", p, l); if (l < 5) { - log(1, 0, s, t, "Short IPCP %d bytes", l); + log(1, 0, s, t, "Short IPCP %d bytes\n", l); STAT(tunnel_rx_errors); return ; } @@ -579,9 +580,9 @@ void processipin(tunnelidt t, sessionidt s, u8 * p, u16 l) { ipt ip; -#ifdef STAT_CALLS - STAT(call_processipin); -#endif + + CSTAT(call_processipin); + log_hex(5, "IP", p, l); ip = ntohl(*(u32 *)(p + 12)); @@ -667,9 +668,9 @@ void send_ipin(sessionidt s, u8 *buf, int len) // Process LCP messages void processccp(tunnelidt t, sessionidt s, u8 * p, u16 l) { -#ifdef STAT_CALLS - STAT(call_processccp); -#endif + + CSTAT(call_processccp); + log_hex(5, "CCP", p, l); if (l < 2 || (*p != ConfigReq && *p != TerminateReq)) { @@ -709,9 +710,9 @@ void sendchap(tunnelidt t, sessionidt s) u8 b[MAXCONTROL]; u16 r = session[s].radius; u8 *q; -#ifdef STAT_CALLS - STAT(call_sendchap); -#endif + + CSTAT(call_sendchap); + if (!r) { log(1, 0, s, t, "No RADIUS to send challenge\n"); diff --git a/radius.c b/radius.c index 32eafe7..db49387 100644 --- a/radius.c +++ b/radius.c @@ -1,5 +1,6 @@ // L2TPNS Radius Stuff -// $Id: radius.c,v 1.4 2004-06-23 03:52:24 fred_nerk Exp $ + +char const *cvs_id_radius = "$Id: radius.c,v 1.5 2004-06-28 02:43:13 fred_nerk Exp $"; #include #include @@ -57,28 +58,26 @@ void radiusclear(u16 r, sessionidt s) memset(&radius[r], 0, sizeof(radius[r])); // radius[r].state = RADIUSNULL; } -int next_radius_id = 1; static u16 new_radius() { - u16 i; - int loops = 0; - for (i = next_radius_id; ; i = (i + 1) % MAXRADIUS) + int count; + static u32 next_radius_id = 0; + + for (count = MAXRADIUS; count > 0 ; --count) { - if (radius[i].state == RADIUSNULL) + ++next_radius_id; // Find the next ID to check. + if (next_radius_id >= MAXRADIUS) + next_radius_id = 1; + + if (radius[next_radius_id].state == RADIUSNULL) { - next_radius_id = (next_radius_id + 1) % MAXRADIUS; - return i; + return next_radius_id; + } + } - if (next_radius_id == i) - { - if (++loops == 2) - { log(0, 0, 0, 0, "Can't find a free radius session! This is very bad!\n"); return 0; - } - } - } } u16 radiusnew(sessionidt s) @@ -94,7 +93,7 @@ u16 radiusnew(sessionidt s) session[s].radius = r; radius[r].session = s; radius[r].state = RADIUSWAIT; - radius[r].retry = config->current_time + 1200; // Wait at least 120 seconds to re-claim this. + radius[r].retry = TIME + 1200; // Wait at least 120 seconds to re-claim this. log(3,0,s, session[s].tunnel, "Allocated radius %d\n", r); return r; @@ -109,9 +108,9 @@ void radiussend(u16 r, u8 state) int pl; u8 *p; sessionidt s; -#ifdef STAT_CALLS - STAT(call_radiussend); -#endif + + CSTAT(call_radiussend); + s = radius[r].session; if (!config->numradiusservers) { @@ -359,9 +358,9 @@ void processrad(u8 *buf, int len, char socket_index) r_code = buf[0]; // First byte in radius packet. r_id = buf[1]; // radius reply indentifier. -#ifdef STAT_CALLS - STAT(call_processrad); -#endif + + CSTAT(call_processrad); + log_hex(5, "RADIUS Response", buf, len); if (len < 20 || len < ntohs(*(u16 *) (buf + 2))) { @@ -617,9 +616,9 @@ void radiusretry(u16 r) { sessionidt s = radius[r].session; tunnelidt t = 0; -#ifdef STAT_CALLS - STAT(call_radiusretry); -#endif + + CSTAT(call_radiusretry); + if (s) t = session[s].tunnel; radius[r].retry = backoff(radius[r].try + 1); diff --git a/tbf.c b/tbf.c index c024c67..0232996 100644 --- a/tbf.c +++ b/tbf.c @@ -1,9 +1,14 @@ +// L2TPNS: token bucket filters + +char const *cvs_id_tbf = "$Id: tbf.c,v 1.2 2004-06-28 02:43:13 fred_nerk Exp $"; + #include #include #include #include #include "l2tpns.h" +#include "util.h" #include "tbf.h" // Need a time interval. @@ -289,10 +294,10 @@ static void tbf_run_queue(int tbf_id) f = &filter_list[tbf_id]; // Calculate available credit... - f->credit += (config->current_time - f->lasttime) * f->rate / 10; // current time is 1/10th of a second. + f->credit += (TIME - f->lasttime) * f->rate / 10; // current time is 1/10th of a second. if (f->credit > f->max_credit) f->credit = f->max_credit; - f->lasttime = config->current_time; + f->lasttime = TIME; while (f->queued > 0 && f->credit >= f->sizes[f->oldest]) { // While we have enough credit.. @@ -348,7 +353,7 @@ int tbf_run_timer(void) for (i = 0; i < filter_list_size; ++i) { if (!filter_list[i].next) continue; - if (filter_list[i].lasttime == config->current_time) // Did we just run it? + if (filter_list[i].lasttime == TIME) // Did we just run it? continue; log(1,0,0,0, "Missed tbf %d! Not on the timer chain?(n %d, p %d, tc %d)\n", i, @@ -365,10 +370,14 @@ int cmd_show_tbf(struct cli_def *cli, char *command, char **argv, int argc) int i; int count = 0; + if (CLI_HELP_REQUESTED) + return CLI_HELP_NO_ARGS; + if (!config->cluster_iam_master) { - cli_print(cli, "Command can't be run on a slave."); + cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address)); return CLI_OK; } + if (!filter_list) return CLI_OK; diff --git a/util.c b/util.c index 343e956..b0589f1 100644 --- a/util.c +++ b/util.c @@ -1,5 +1,7 @@ /* Misc util functions */ +char const *cvs_id_util = "$Id: util.c,v 1.2 2004-06-28 02:43:13 fred_nerk Exp $"; + #include "l2tpns.h" #include