From 90ebb19a3d853e3e261a839f52aa65e18c99527d Mon Sep 17 00:00:00 2001 From: fred_nerk Date: Thu, 26 Aug 2004 06:22:37 +0000 Subject: [PATCH] Per-user upload and download throttle rates - Yuri Make autothrottle.so understand cisco lcp:interface-config - Yuri Show filter stats in show session - Yuri --- Changes | 3 ++ autothrottle.c | 59 ++++++++++++++++++-- cli.c | 142 ++++++++++++++++++++++++++++++++----------------- l2tpns.c | 22 ++++---- tbf.c | 37 +------------ tbf.h | 32 +++++++++++ 6 files changed, 198 insertions(+), 97 deletions(-) diff --git a/Changes b/Changes index a5adea5..53188bf 100644 --- a/Changes +++ b/Changes @@ -12,6 +12,9 @@ - Add support for LCP Ident and CallBack (rejection only) from Yuri - Initiate LCP if not attempted by the client, or in renegotiation - Yuri - Indentation and style cleanups +- Per-user upload and download throttle rates - Yuri +- Make autothrottle.so understand cisco lcp:interface-config - Yuri +- Show filter stats in show session - Yuri * Tue Jul 13 2004 Brendan O'Dea 2.0.1 - Update INSTALL, Docs/manual.html documentation. diff --git a/autothrottle.c b/autothrottle.c index 4def160..118c03d 100644 --- a/autothrottle.c +++ b/autothrottle.c @@ -10,21 +10,74 @@ int __plugin_api_version = 1; struct pluginfuncs *p; +#define THROTTLE_KEY "lcp:interface-config" + int plugin_radius_response(struct param_radius_response *data) { - if (strcmp(data->key, "throttle") == 0) + char *t; + int i = 0; + int rate; + + if (strncmp(data->key, THROTTLE_KEY, strlen(THROTTLE_KEY)) == 0) + { + char *pt = strdup(data->value); + while ((t = strsep(&pt, " ")) != NULL) + { + if (strcmp(t, "serv") == 0) + i = 1; + else if (strcmp(t, "o") && i == 1) + i = 2; + else if (strcmp(t, "i") && i == 1) + i = 3; + else if (i > 1 && (rate = atoi(t)) > 0) + { + switch (i) + { + case 2: // output + data->s->throttle |= (rate & 0xFFFF); + free(pt); + p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Set output throttle rate %dkb/s\n", rate); + return PLUGIN_RET_OK; + + case 3: //input + data->s->throttle |= (rate << 16); + free(pt); + p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Set input throttle rate %dkb/s\n", rate); + return PLUGIN_RET_OK; + + default: + p->log(1, 0, p->get_id_by_session(data->s), data->s->tunnel, "Syntax error in rate limit AV pair: %s=%s\n", data->key, data->value); + free(pt); + return PLUGIN_RET_OK; + } + } + else + { + free(pt); + p->log(1, 0, p->get_id_by_session(data->s), data->s->tunnel, "Syntax error in rate limit AV pair: %s=%s\n", + data->key, data->value); + return PLUGIN_RET_OK; + } + } + free(pt); + } + else if (strcmp(data->key, "throttle") == 0) { if (strcmp(data->value, "yes") == 0) { - p->log(3, 0, 0, 0, " Throttling user\n"); + p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Throttling user\n"); data->s->throttle = 1; } else if (strcmp(data->value, "no") == 0) { - p->log(3, 0, 0, 0, " Not throttling user\n"); + p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Not throttling user\n"); data->s->throttle = 0; } } + + p->log(4, 0, p->get_id_by_session(data->s), data->s->tunnel, "autothrottle module ignoring AV pair %s=%s\n", + data->key, data->value); + return PLUGIN_RET_OK; } diff --git a/cli.c b/cli.c index 0653794..68f4614 100644 --- a/cli.c +++ b/cli.c @@ -1,8 +1,8 @@ // L2TPNS Command Line Interface -// vim: sw=4 ts=8 +// vim: sw=8 ts=8 char const *cvs_name = "$Name: $"; -char const *cvs_id_cli = "$Id: cli.c,v 1.12 2004/08/26 04:38:40 fred_nerk Exp $"; +char const *cvs_id_cli = "$Id: cli.c,v 1.13 2004/08/26 06:22:37 fred_nerk Exp $"; #include #include @@ -48,6 +48,7 @@ extern struct Tringbuffer *ringbuffer; #endif extern struct cli_session_actions *cli_session_actions; extern struct cli_tunnel_actions *cli_tunnel_actions; +extern tbft *filter_list; char *debug_levels[] = { "CRIT", @@ -236,6 +237,9 @@ void init_cli(char *hostname) void cli_do(int sockfd) { int i; + int require_auth = 1; + struct sockaddr_in addr; + int l = sizeof(addr); if (fork()) return; if (config->scheduler_fifo) @@ -278,33 +282,28 @@ void cli_do(int sockfd) close(bgp_peers[i].sock); #endif /* BGP */ + if (getpeername(sockfd, (struct sockaddr *)&addr, &l) == 0) { - int require_auth = 1; - struct sockaddr_in addr; - int l = sizeof(addr); - if (getpeername(sockfd, (struct sockaddr *)&addr, &l) == 0) - { - log(3, 0, 0, 0, "Accepted connection to CLI from %s\n", inet_toa(addr.sin_addr.s_addr)); - require_auth = addr.sin_addr.s_addr != inet_addr("127.0.0.1"); - } - else - log(0, 0, 0, 0, "getpeername() failed on cli socket. Requiring authentication: %s\n", strerror(errno)); + log(3, 0, 0, 0, "Accepted connection to CLI from %s\n", inet_toa(addr.sin_addr.s_addr)); + require_auth = addr.sin_addr.s_addr != inet_addr("127.0.0.1"); + } + else + log(0, 0, 0, 0, "getpeername() failed on cli socket. Requiring authentication: %s\n", strerror(errno)); - if (require_auth) - { - log(3, 0, 0, 0, "CLI is remote, requiring authentication\n"); - if (!cli->users) /* paranoia */ - { - log(0, 0, 0, 0, "No users for remote authentication! Exiting CLI\n"); - exit(0); - } - } - else + if (require_auth) + { + log(3, 0, 0, 0, "CLI is remote, requiring authentication\n"); + if (!cli->users) /* paranoia */ { - /* no username/pass required */ - cli->users = 0; + log(0, 0, 0, 0, "No users for remote authentication! Exiting CLI\n"); + exit(0); } } + else + { + /* no username/pass required */ + cli->users = 0; + } debug_session = 0; debug_tunnel = 0; @@ -317,7 +316,7 @@ void cli_do(int sockfd) cli_loop(cli, sockfd); close(sockfd); - log(3, 0, 0, 0, "Closed CLI connection\n"); + log(3, 0, 0, 0, "Closed CLI connection from %s\n", inet_toa(addr.sin_addr.s_addr)); exit(0); } @@ -385,7 +384,7 @@ int cmd_show_session(struct cli_def *cli, char *command, char **argv, int argc) // Show individual session for (i = 0; i < argc; i++) { - unsigned int s; + unsigned int s, b_in, b_out; s = atoi(argv[i]); if (s <= 0 || s >= MAXSESSION) { @@ -414,8 +413,41 @@ int cmd_show_session(struct cli_def *cli, char *command, char **argv, int argc) cli_print(cli, " Intercepted: no"); cli_print(cli, " Throttled: %s", session[s].throttle ? "YES" : "no"); cli_print(cli, " Walled Garden: %s", session[s].walled_garden ? "YES" : "no"); - cli_print(cli, " Filter BucketI: %d", session[s].tbf_in); - cli_print(cli, " Filter BucketO: %d", session[s].tbf_out); + b_in = session[s].tbf_in; + b_out = session[s].tbf_out; + if (b_in || b_out) + cli_print(cli, " %5s %6s %6s | %7s %7s %8s %8s %8s %8s", + "Rate", "Credit", "Queued", "ByteIn", "PackIn", + "ByteSent", "PackSent", "PackDrop", "PackDelay"); + + if (b_in) + cli_print(cli, " TBFI#%d%1s %5d %6d %6d | %7d %7d %8d %8d %8d %8d", + b_in, + (filter_list[b_in].next ? "*" : " "), + filter_list[b_in].rate * 8, + filter_list[b_in].credit, + filter_list[b_in].queued, + filter_list[b_in].b_queued, + filter_list[b_in].p_queued, + filter_list[b_in].b_sent, + filter_list[b_in].p_sent, + filter_list[b_in].p_dropped, + filter_list[b_in].p_delayed); + + if (b_out) + cli_print(cli, " TBFO#%d%1s %5d %6d %6d | %7d %7d %8d %8d %8d %8d", + b_out, + (filter_list[b_out].next ? "*" : " "), + filter_list[b_out].rate * 8, + filter_list[b_out].credit, + filter_list[b_out].queued, + filter_list[b_out].b_queued, + filter_list[b_out].p_queued, + filter_list[b_out].b_sent, + filter_list[b_out].p_sent, + filter_list[b_out].p_dropped, + filter_list[b_out].p_delayed); + } return CLI_OK; } @@ -1227,12 +1259,27 @@ int cmd_no_snoop(struct cli_def *cli, char *command, char **argv, int argc) int cmd_throttle(struct cli_def *cli, char *command, char **argv, int argc) { - int i; + int rate_in = 0; + int rate_out = 0; sessionidt s; if (CLI_HELP_REQUESTED) - return cli_arg_help(cli, argc > 1, - "USER", "Username of session to throttle", NULL); + { + switch (argc) + { + case 1: + return cli_arg_help(cli, 0, "user", "Username of session to throttle", NULL); + + case 2: + return cli_arg_help(cli, 1, "rate", "Incoming rate in kb/s", NULL); + + case 3: + return cli_arg_help(cli, 1, "rate", "Outgoing rate in kb/s", NULL); + + default: + return cli_arg_help(cli, argc > 1, "user", "Username of session to throttle", NULL); + } + } if (!config->cluster_iam_master) { @@ -1240,31 +1287,26 @@ int cmd_throttle(struct cli_def *cli, char *command, char **argv, int argc) return CLI_OK; } - if (!argc) + rate_in = rate_out = config->rl_rate; + if (argc >= 2) rate_in = atoi(argv[1]); + if (argc >= 3) rate_out = atoi(argv[2]); + + if (!(s = sessionbyuser(argv[0]))) { - cli_print(cli, "Specify a user"); + cli_print(cli, "User %s is not connected", argv[0]); return CLI_OK; } - for (i = 0; i < argc; i++) + if (session[s].throttle) { - if (!(s = sessionbyuser(argv[i]))) - { - cli_print(cli, "User %s is not connected", argv[i]); - continue; - } - - if (session[s].throttle) - { - cli_print(cli, "User %s already throttled", argv[i]); - continue; - } - - cli_print(cli, "Throttling user %s", argv[i]); - cli_session_actions[s].throttle = config->rl_rate; // could be configurable at some stage - cli_session_actions[s].action |= CLI_SESS_THROTTLE; + cli_print(cli, "User %s already throttled, unthrottle first", argv[0]); + return CLI_OK; } + cli_print(cli, "Throttling user %s", argv[0]); + cli_session_actions[s].throttle = rate_in << 16 | rate_out; + cli_session_actions[s].action |= CLI_SESS_THROTTLE; + return CLI_OK; } @@ -1576,7 +1618,7 @@ int cmd_set(struct cli_def *cli, char *command, char **argv, int argc) case 3: if (!argv[2][1]) - return cli_arg_help(cli, 1, NULL); + return cli_arg_help(cli, 1, NULL); default: return CLI_OK; diff --git a/l2tpns.c b/l2tpns.c index 189dceb..262ae31 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.23 2004/08/26 04:43:52 fred_nerk Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.24 2004/08/26 06:22:37 fred_nerk Exp $"; #include #include @@ -978,6 +978,9 @@ int throttle_session(sessionidt s, int throttle) if (throttle) { + int rate_in = throttle & 0x0000FFFF; + int rate_out = throttle >> 16; + if (session[s].tbf_in || session[s].tbf_out) { if (throttle == session[s].throttle) @@ -989,8 +992,8 @@ int throttle_session(sessionidt s, int throttle) free_tbf(session[s].tbf_out); } - session[s].tbf_in = new_tbf(s, throttle*1024/4, throttle*1024/8, send_ipin); - session[s].tbf_out = new_tbf(s, throttle*1024/4, throttle*1024/8, send_ipout); + if (rate_in) session[s].tbf_in = new_tbf(s, rate_in * 1024 / 4, rate_in * 1024 / 8, send_ipin); + if (rate_out) session[s].tbf_out = new_tbf(s, rate_out * 1024 / 4, rate_out * 1024 / 8, send_ipout); if (throttle != session[s].throttle) { @@ -2144,8 +2147,9 @@ int regular_cleanups(void) if (a & CLI_SESS_THROTTLE) { - log(2, 0, s, session[s].tunnel, "Throttling session by CLI (to %d)\n", - cli_session_actions[s].throttle); + log(2, 0, s, session[s].tunnel, "Throttling session by CLI (to %dkb/s up and %dkb/s down)\n", + cli_session_actions[s].throttle & 0xFFFF, + cli_session_actions[s].throttle >> 16); throttle_session(s, cli_session_actions[s].throttle); } @@ -2879,10 +2883,10 @@ void dump_acct_info() log(4, 0, 0, 0, "Dumping accounting information for %s\n", session[i].user); fprintf(f, "%s %s %d %u %u\n", - session[i].user, // username - inet_toa(htonl(session[i].ip)), // ip - (session[i].throttle) ? 2 : 1, // qos - (u32)session[i].cin, // uptxoctets + session[i].user, // username + inet_toa(htonl(session[i].ip)), // ip + (session[i].throttle) ? 2 : 1, // qos + (u32)session[i].cin, // uptxoctets (u32)session[i].cout); // downrxoctets session[i].pin = session[i].cin = 0; diff --git a/tbf.c b/tbf.c index ca3a930..7a83136 100644 --- a/tbf.c +++ b/tbf.c @@ -1,6 +1,6 @@ // L2TPNS: token bucket filters -char const *cvs_id_tbf = "$Id: tbf.c,v 1.4 2004/07/08 16:54:35 bodea Exp $"; +char const *cvs_id_tbf = "$Id: tbf.c,v 1.5 2004/08/26 06:22:37 fred_nerk Exp $"; #define _GNU_SOURCE @@ -12,40 +12,7 @@ char const *cvs_id_tbf = "$Id: tbf.c,v 1.4 2004/07/08 16:54:35 bodea Exp $"; #include "util.h" #include "tbf.h" -// Need a time interval. - -#define TBF_MAX_QUEUE 2 // Maximum of 2 queued packet per -#define TBF_MAX_SIZE 3000 // Maxiumum queued packet size is 2048. - -#define TBF_MAX_CREDIT 6000 // Maximum 6000 bytes of credit. -#define TBF_RATE 360 // 360 bytes per 1/10th of a second. - -typedef struct { - int credit; - int lasttime; - int queued; - int oldest; // Position of packet in the ring buffer. - sessionidt sid; // associated session ID. - int max_credit; // Maximum amount of credit available (burst size). - int rate; // How many bytes of credit per second we get? (sustained rate) - void (*send)(sessionidt s, u8 *, int); // Routine to actually send out the data. - int prev; // Timer chain position. - int next; // Timer chain position. - - u32 b_queued; // Total bytes sent through this TBF - u32 b_sent; // Total bytes sucessfully made it to the network. - u32 p_queued; // ditto packets. - u32 p_sent; // ditto packets. - u32 b_dropped; // Total bytes dropped. - u32 p_dropped; // Total packets dropped. - u32 p_delayed; // Total packets not sent immediately. - - int sizes[TBF_MAX_QUEUE]; - char packets[TBF_MAX_QUEUE][TBF_MAX_SIZE]; -} tbft; - - -static tbft *filter_list = NULL; +tbft *filter_list = NULL; static int filter_list_size = 0; static int timer_chain = -1; // Head of timer chain. diff --git a/tbf.h b/tbf.h index 3d98c1b..7a6df12 100644 --- a/tbf.h +++ b/tbf.h @@ -1,6 +1,38 @@ #ifndef __TBF_H__ #define __TBF_H__ +// Need a time interval. + +#define TBF_MAX_QUEUE 2 // Maximum of 2 queued packet per +#define TBF_MAX_SIZE 3000 // Maxiumum queued packet size is 2048. + +#define TBF_MAX_CREDIT 6000 // Maximum 6000 bytes of credit. +#define TBF_RATE 360 // 360 bytes per 1/10th of a second. + +typedef struct { + int credit; + int lasttime; + int queued; + int oldest; // Position of packet in the ring buffer. + sessionidt sid; // associated session ID. + int max_credit; // Maximum amount of credit available (burst size). + int rate; // How many bytes of credit per second we get? (sustained rate) + void (*send)(sessionidt s, u8 *, int); // Routine to actually send out the data. + int prev; // Timer chain position. + int next; // Timer chain position. + + u32 b_queued; // Total bytes sent through this TBF + u32 b_sent; // Total bytes sucessfully made it to the network. + u32 p_queued; // ditto packets. + u32 p_sent; // ditto packets. + u32 b_dropped; // Total bytes dropped. + u32 p_dropped; // Total packets dropped. + u32 p_delayed; // Total packets not sent immediately. + + int sizes[TBF_MAX_QUEUE]; + char packets[TBF_MAX_QUEUE][TBF_MAX_SIZE]; +} tbft; + void init_tbf(void); int tbf_run_timer(void); int tbf_queue_packet(int tbf_id, char * data, int size); -- 2.20.1