From 46ec025f156b16cf4bd65270680ffb69313aea18 Mon Sep 17 00:00:00 2001 From: bodea Date: Wed, 9 Feb 2005 00:16:17 +0000 Subject: [PATCH 1/1] remove unmaintained "save_state" option --- Changes | 6 +- Docs/manual.html | 18 +--- Docs/startup-config.5 | 10 +- etc/startup-config.default | 1 - l2tpns.c | 186 +------------------------------------ l2tpns.h | 3 +- l2tpns.spec | 2 +- 7 files changed, 11 insertions(+), 215 deletions(-) diff --git a/Changes b/Changes index 56247c0..66ff22a 100644 --- a/Changes +++ b/Changes @@ -1,11 +1,11 @@ -* Tue Jan 25 2005 Brendan O'Dea 2.1.0 +* Wed Feb 9 2005 Brendan O'Dea 2.1.0 - Add IPv6 support from Jonathan McDowell. - Add CHAP support from Jordan Hrycaj (work in progress). - Sanity check that cluster_send_session is not called from a child process. - Throttle outgoing LASTSEEN packets to at most one per second for a given seq#. -- More DoS prevention: add packet_limit option to apply a hard limit +- More DoS prevention: add packet_limit option to apply a hard limit to downstream packets per session. - Use bounds-checking lookup functions for string constants. - Add enum for RADIUS codes. @@ -15,6 +15,8 @@ - Log "Accepted connection to CLI" at 4 when connection is from localhost to reduce noise in logs. - Show time since last counter reset in "show counters". +- Remove "save_state" option. Not maintained anymore; use clustering + to retain state across restarts. * Fri Dec 17 2004 Brendan O'Dea 2.0.13 - Better cluster master collision resolution: keep a counter of state diff --git a/Docs/manual.html b/Docs/manual.html index 8dd2532..3d1adf9 100644 --- a/Docs/manual.html +++ b/Docs/manual.html @@ -191,14 +191,6 @@ user, both a primary and a secondary. If either is set to 0.0.0.0, then that one will not be sent. -
  • save_state (boolean)
    -When l2tpns receives a STGTERM it will write out its current -ip_address_pool, session and tunnel tables to disk prior to exiting to -be re-loaded at startup. The validity of this data is obviously quite -short and the intent is to allow an sessions to be retained over a -software upgrade. -
  • -
  • primary_radius (ip address)
  • secondary_radius (ip address)
    Sets the RADIUS servers used for both authentication and accounting. @@ -692,14 +684,10 @@ killall -HUP l2tpns The signals understood are:
      -
    • SIGHUP - Reload the config from disk and re-open log file

    • -
    • SIGTERM / SIGINT - Shut down for a restart. This will dump the current -state to disk (if save_state is set to true). Upon restart, the -process will read this saved state to resume active sessions.

      +

    • SIGHUP - Reload the config from disk and re-open log file
    • +
    • SIGTERM / SIGINT - Shut down.
    • SIGQUIT - Shut down cleanly. This will send a disconnect message for -every active session and tunnel before shutting down. This is a good idea -when upgrading the code, as no sessions will be left with the remote end -thinking they are open.
    • +every active session and tunnel before shutting down.

    Throttling

    diff --git a/Docs/startup-config.5 b/Docs/startup-config.5 index 5b4c3ae..cf3a6ef 100644 --- a/Docs/startup-config.5 +++ b/Docs/startup-config.5 @@ -2,7 +2,7 @@ .de Id .ds Dt \\$4 \\$5 .. -.Id $Id: startup-config.5,v 1.4 2005/01/10 07:17:37 bodea Exp $ +.Id $Id: startup-config.5,v 1.5 2005/02/09 00:16:21 bodea Exp $ .TH STARTUP-CONFIG 5 "\*(Dt" L2TPNS "File Formats and Conventions" .SH NAME startup\-config \- configuration file for l2tpns @@ -63,14 +63,6 @@ Whenever a PPP connection is established, DNS servers will be sent to the user, both a primary and a secondary. If either is set to 0.0.0.0, then that one will not be sent. .TP -.B save_state -When -.B l2tpns -receives a STGTERM it will write out its current ip_address_pool, -session and tunnel tables to disk prior to exiting to be re-loaded at -startup. The validity of this data is obviously quite short and the -intent is to allow an sessions to be retained over a software upgrade. -.TP .BR primary_radius , " secondary_radius" Sets the RADIUS servers used for both authentication and accounting. If the primary server does not respond, then the secondary RADIUS diff --git a/etc/startup-config.default b/etc/startup-config.default index 1646e4b..6ec4011 100644 --- a/etc/startup-config.default +++ b/etc/startup-config.default @@ -4,7 +4,6 @@ set pid_file "/var/run/l2tpns.pid" set l2tp_secret "secret" set primary_dns 1.2.3.4 set secondary_dns 1.2.3.5 -set save_state yes set primary_radius 1.2.3.6 set secondary_radius 1.2.3.7 set radius_accounting yes diff --git a/l2tpns.c b/l2tpns.c index 45962c0..f49586b 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.81 2005/02/08 01:20:38 bodea Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.82 2005/02/09 00:16:17 bodea Exp $"; #include #include @@ -106,7 +106,6 @@ config_descriptt config_values[] = { CONFIG("l2tp_secret", l2tpsecret, STRING), CONFIG("primary_dns", default_dns1, IPv4), CONFIG("secondary_dns", default_dns2, IPv4), - CONFIG("save_state", save_state, BOOL), CONFIG("primary_radius", radiusserver[0], IPv4), CONFIG("secondary_radius", radiusserver[1], IPv4), CONFIG("primary_radius_port", radiusport[0], SHORT), @@ -179,8 +178,6 @@ static void sigalrm_handler(int sig); static void sigterm_handler(int sig); static void sigquit_handler(int sig); static void sigchild_handler(int sig); -static void read_state(void); -static void dump_state(void); static void build_chap_response(char *challenge, uint8_t id, uint16_t challenge_length, char **challenge_response); static void update_config(void); static void read_config_file(void); @@ -3637,8 +3634,6 @@ int main(int argc, char *argv[]) initrad(); initippool(); - read_state(); - signal(SIGHUP, sighup_handler); signal(SIGTERM, sigterm_handler); signal(SIGINT, sigterm_handler); @@ -3730,9 +3725,6 @@ static void sigalrm_handler(int sig) static void sigterm_handler(int sig) { LOG(1, 0, 0, "Shutting down cleanly\n"); - if (config->save_state) - dump_state(); - main_quit++; } @@ -3765,182 +3757,6 @@ static void sigchild_handler(int sig) ; } -static void read_state() -{ - struct stat sb; - int i; - ippoolt itmp; - FILE *f; - char magic[sizeof(DUMP_MAGIC) - 1]; - uint32_t buf[2]; - - if (!config->save_state) - { - unlink(STATEFILE); - return ; - } - - if (stat(STATEFILE, &sb) < 0) - { - unlink(STATEFILE); - return ; - } - - if (sb.st_mtime < (time(NULL) - 60)) - { - LOG(0, 0, 0, "State file is too old to read, ignoring\n"); - unlink(STATEFILE); - return ; - } - - f = fopen(STATEFILE, "r"); - unlink(STATEFILE); - - if (!f) - { - LOG(0, 0, 0, "Can't read state file: %s\n", strerror(errno)); - exit(1); - } - - if (fread(magic, sizeof(magic), 1, f) != 1 || strncmp(magic, DUMP_MAGIC, sizeof(magic))) - { - LOG(0, 0, 0, "Bad state file magic\n"); - exit(1); - } - - LOG(1, 0, 0, "Reading state information\n"); - if (fread(buf, sizeof(buf), 1, f) != 1 || buf[0] > MAXIPPOOL || buf[1] != sizeof(ippoolt)) - { - LOG(0, 0, 0, "Error/mismatch reading ip pool header from state file\n"); - exit(1); - } - - if (buf[0] > ip_pool_size) - { - LOG(0, 0, 0, "ip pool has shrunk! state = %d, current = %d\n", buf[0], ip_pool_size); - exit(1); - } - - LOG(2, 0, 0, "Loading %u ip addresses\n", buf[0]); - for (i = 0; i < buf[0]; i++) - { - if (fread(&itmp, sizeof(itmp), 1, f) != 1) - { - LOG(0, 0, 0, "Error reading ip %d from state file: %s\n", i, strerror(errno)); - exit(1); - } - - if (itmp.address != ip_address_pool[i].address) - { - LOG(0, 0, 0, "Mismatched ip %d from state file: pool may only be extended\n", i); - exit(1); - } - - memcpy(&ip_address_pool[i], &itmp, sizeof(itmp)); - } - - if (fread(buf, sizeof(buf), 1, f) != 1 || buf[0] != MAXTUNNEL || buf[1] != sizeof(tunnelt)) - { - LOG(0, 0, 0, "Error/mismatch reading tunnel header from state file\n"); - exit(1); - } - - LOG(2, 0, 0, "Loading %u tunnels\n", MAXTUNNEL); - if (fread(tunnel, sizeof(tunnelt), MAXTUNNEL, f) != MAXTUNNEL) - { - LOG(0, 0, 0, "Error reading tunnel data from state file\n"); - exit(1); - } - - for (i = 0; i < MAXTUNNEL; i++) - { - tunnel[i].controlc = 0; - tunnel[i].controls = NULL; - tunnel[i].controle = NULL; - if (*tunnel[i].hostname) - LOG(3, 0, 0, "Created tunnel for %s\n", tunnel[i].hostname); - } - - if (fread(buf, sizeof(buf), 1, f) != 1 || buf[0] != MAXSESSION || buf[1] != sizeof(sessiont)) - { - LOG(0, 0, 0, "Error/mismatch reading session header from state file\n"); - exit(1); - } - - LOG(2, 0, 0, "Loading %u sessions\n", MAXSESSION); - if (fread(session, sizeof(sessiont), MAXSESSION, f) != MAXSESSION) - { - LOG(0, 0, 0, "Error reading session data from state file\n"); - exit(1); - } - - for (i = 0; i < MAXSESSION; i++) - { - session[i].tbf_in = 0; - session[i].tbf_out = 0; - if (session[i].opened) - { - LOG(2, i, 0, "Loaded active session for user %s\n", session[i].user); - if (session[i].ip) - sessionsetup(session[i].tunnel, i); - } - } - - fclose(f); - LOG(0, 0, 0, "Loaded saved state information\n"); -} - -static void dump_state() -{ - FILE *f; - uint32_t buf[2]; - - if (!config->save_state) - return; - - do - { - if (!(f = fopen(STATEFILE, "w"))) - break; - - LOG(1, 0, 0, "Dumping state information\n"); - - if (fwrite(DUMP_MAGIC, sizeof(DUMP_MAGIC) - 1, 1, f) != 1) - break; - - LOG(2, 0, 0, "Dumping %u ip addresses\n", ip_pool_size); - buf[0] = ip_pool_size; - buf[1] = sizeof(ippoolt); - if (fwrite(buf, sizeof(buf), 1, f) != 1) - break; - if (fwrite(ip_address_pool, sizeof(ippoolt), ip_pool_size, f) != ip_pool_size) - break; - - LOG(2, 0, 0, "Dumping %u tunnels\n", MAXTUNNEL); - buf[0] = MAXTUNNEL; - buf[1] = sizeof(tunnelt); - if (fwrite(buf, sizeof(buf), 1, f) != 1) - break; - if (fwrite(tunnel, sizeof(tunnelt), MAXTUNNEL, f) != MAXTUNNEL) - break; - - LOG(2, 0, 0, "Dumping %u sessions\n", MAXSESSION); - buf[0] = MAXSESSION; - buf[1] = sizeof(sessiont); - if (fwrite(buf, sizeof(buf), 1, f) != 1) - break; - if (fwrite(session, sizeof(sessiont), MAXSESSION, f) != MAXSESSION) - break; - - if (fclose(f) == 0) - return ; // OK - } - while (0); - - LOG(0, 0, 0, "Can't write state information: %s\n", strerror(errno)); - unlink(STATEFILE); -} - static void build_chap_response(char *challenge, uint8_t id, uint16_t challenge_length, char **challenge_response) { MD5_CTX ctx; diff --git a/l2tpns.h b/l2tpns.h index 684df59..770e252 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -1,5 +1,5 @@ // L2TPNS Global Stuff -// $Id: l2tpns.h,v 1.54 2005/01/25 04:19:05 bodea Exp $ +// $Id: l2tpns.h,v 1.55 2005/02/09 00:16:19 bodea Exp $ #ifndef __L2TPNS_H__ #define __L2TPNS_H__ @@ -470,7 +470,6 @@ typedef struct unsigned long rl_rate; // default throttle rate int num_tbfs; // number of throttle buckets - int save_state; char accounting_dir[128]; in_addr_t bind_address; in_addr_t peer_address; diff --git a/l2tpns.spec b/l2tpns.spec index ea7a929..c32b5e1 100644 --- a/l2tpns.spec +++ b/l2tpns.spec @@ -43,5 +43,5 @@ rm -rf %{buildroot} %attr(644,root,root) /usr/share/man/man[58]/* %changelog -* Tue Jan 25 2005 Brendan O'Dea 2.1.0-1 +* Wed Feb 9 2005 Brendan O'Dea 2.1.0-1 - 2.1.0 release, see /usr/share/doc/l2tpns-2.1.0/Changes -- 2.20.1