From def1dfd3ccaafe0b50d1bd0c24a04aa990414ebe Mon Sep 17 00:00:00 2001 From: bodea Date: Wed, 7 Jul 2004 09:09:53 +0000 Subject: [PATCH 1/1] - set hostname in CLI prompt - add assertions to help identify odd LASTSEEN breakage - make cluster_hb_interval work; include interval/timeout in heartbeats so that a change on the master is propagated immediately to the slaves - use fast heartbeats when there are slaves not up to date - ensure basetime of shut down master is set to zero (prevent delayed election) - fix radius session leak on IPCP timeout - fix some off-by-one errors in tunnel/session loops --- cli.c | 20 +++--- cluster.c | 207 ++++++++++++++++++++++++++++++++++++------------------ cluster.h | 14 ++-- l2tpns.c | 80 ++++++++++++++------- l2tpns.h | 5 +- radius.c | 25 ++++--- 6 files changed, 222 insertions(+), 129 deletions(-) diff --git a/cli.c b/cli.c index f188866..3784b94 100644 --- a/cli.c +++ b/cli.c @@ -2,7 +2,7 @@ // vim: sw=4 ts=8 char const *cvs_name = "$Name: $"; -char const *cvs_id_cli = "$Id: cli.c,v 1.7 2004/07/02 07:30:43 bodea Exp $"; +char const *cvs_id_cli = "$Id: cli.c,v 1.8 2004/07/07 09:09:53 bodea Exp $"; #include #include @@ -102,7 +102,7 @@ int cmd_remove_plugin(struct cli_def *cli, char *command, char **argv, int argc) int cmd_uptime(struct cli_def *cli, char *command, char **argv, int argc); int regular_stuff(struct cli_def *cli); -void init_cli() +void init_cli(char *hostname) { FILE *f; char buf[4096]; @@ -112,7 +112,10 @@ void init_cli() struct sockaddr_in addr; cli = cli_init(); - cli_set_hostname(cli, "l2tpns"); + if (hostname && *hostname) + cli_set_hostname(cli, hostname); + else + cli_set_hostname(cli, "l2tpns"); c = cli_register_command(cli, NULL, "show", NULL, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, NULL); cli_register_command(cli, c, "banana", cmd_show_banana, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show a banana"); @@ -374,7 +377,6 @@ int cli_arg_help(struct cli_def *cli, int cr_ok, char *entry, ...) int cmd_show_session(struct cli_def *cli, char *command, char **argv, int argc) { int i; - time_t time_now; if (CLI_HELP_REQUESTED) return cli_arg_help(cli, 1, @@ -466,7 +468,6 @@ int cmd_show_session(struct cli_def *cli, char *command, char **argv, int argc) int cmd_show_tunnels(struct cli_def *cli, char *command, char **argv, int argc) { int i, x, show_all = 0; - time_t time_now; char *states[] = { "Free", "Open", @@ -528,7 +529,7 @@ int cmd_show_tunnels(struct cli_def *cli, char *command, char **argv, int argc) } // Show tunnel summary - cli_print(cli, "%s %s %s %s %s", + cli_print(cli, "%4s %20s %20s %6s %s", "TID", "Hostname", "IP", @@ -540,7 +541,7 @@ int cmd_show_tunnels(struct cli_def *cli, char *command, char **argv, int argc) if (!show_all && (!tunnel[i].ip || tunnel[i].die || !tunnel[i].hostname[0])) continue; for (x = 0; x < MAXSESSION; x++) if (session[x].tunnel == i && session[x].opened && !session[x].die) sessions++; - cli_print(cli, "%d %s %s %s %d", + cli_print(cli, "%4d %20s %20s %6s %6d", i, *tunnel[i].hostname ? tunnel[i].hostname : "(null)", inet_toa(htonl(tunnel[i].ip)), @@ -753,7 +754,6 @@ int cmd_show_pool(struct cli_def *cli, char *command, char **argv, int argc) { int i; int used = 0, free = 0, show_all = 0; - time_t time_now; if (!config->cluster_iam_master) { @@ -873,6 +873,7 @@ int cmd_show_run(struct cli_def *cli, char *command, char **argv, int argc) int cmd_show_radius(struct cli_def *cli, char *command, char **argv, int argc) { + int i, free = 0, used = 0, show_all = 0; char *states[] = { "NULL", "CHAP", @@ -882,8 +883,6 @@ int cmd_show_radius(struct cli_def *cli, char *command, char **argv, int argc) "STOP", "WAIT", }; - int i, free = 0, used = 0, show_all = 0; - time_t time_now; if (CLI_HELP_REQUESTED) { @@ -1544,7 +1543,6 @@ int cmd_uptime(struct cli_def *cli, char *command, char **argv, int argc) FILE *fh; char buf[100], *p = buf, *loads[3]; int i, num_sessions = 0; - time_t time_now; if (CLI_HELP_REQUESTED) return CLI_HELP_NO_ARGS; diff --git a/cluster.c b/cluster.c index a146e05..a8c9310 100644 --- a/cluster.c +++ b/cluster.c @@ -1,6 +1,6 @@ // L2TPNS Clustering Stuff -char const *cvs_id_cluster = "$Id: cluster.c,v 1.6 2004/07/05 06:54:01 bodea Exp $"; +char const *cvs_id_cluster = "$Id: cluster.c,v 1.7 2004/07/07 09:09:53 bodea Exp $"; #include #include @@ -44,8 +44,6 @@ ipt my_address = 0; // The network address of my ethernet port. static int walk_session_number = 0; // The next session to send when doing the slow table walk. static int walk_tunnel_number = 0; // The next tunnel to send when doing the slow table walk. -static int hsess, fsess; // Saved copies of the highest used session id, and the first free one. - #define MAX_HEART_SIZE (8192) // Maximum size of heartbeat packet. Must be less than max IP packet size :) #define MAX_CHANGES (MAX_HEART_SIZE/(sizeof(sessiont) + sizeof(int) ) - 2) // Assumes a session is the biggest type! @@ -68,7 +66,7 @@ static struct { int uptodate; } peers[CLUSTER_MAX_SIZE]; // List of all the peers we've heard from. static int num_peers; // Number of peers in list. -static int have_peers; // At least one peer +static int have_peers; // At least one up to date peer int rle_decompress(u8 ** src_p, int ssize, u8 *dst, int dsize); int rle_compress(u8 ** src_p, int ssize, u8 *dst, int dsize); @@ -94,7 +92,7 @@ int cluster_init() if (!*config->cluster_interface) return 0; - cluster_sockfd = socket(AF_INET, SOCK_DGRAM, UDP); + cluster_sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; @@ -158,8 +156,6 @@ int cluster_send_data(void *data, int datalen) addr.sin_port = htons(CLUSTERPORT); addr.sin_family = AF_INET; -// log_hex(4, "Cluster send", data, datalen); // VERY big data packets. How about we don't.. - log(5,0,0,0, "Cluster send data: %d bytes\n", datalen); if (sendto(cluster_sockfd, data, datalen, MSG_NOSIGNAL, (void *) &addr, sizeof(addr)) < 0) @@ -202,18 +198,13 @@ void cluster_uptodate(void) log(0,0,0,0, "Now uptodate with master.\n"); - // If we're not a master, or if we have no slaves - // then start taking traffic.. - if (!config->cluster_iam_master || !have_peers) - { #ifdef BGP - if (bgp_configured) - bgp_enable_routing(1); - else + if (bgp_configured) + bgp_enable_routing(1); + else #endif /* BGP */ - if (config->send_garp) - send_garp(config->bind_address); // Start taking traffic. - } + if (config->send_garp) + send_garp(config->bind_address); // Start taking traffic. } // @@ -339,6 +330,13 @@ int master_garden_packet(sessionidt s, char *data, int size) static void send_heartbeat(int seq, char * data, int size) { int i; + static int last_seq = -1; + + if (last_seq != -1 && (seq != (last_seq+1)%HB_MAX_SEQ) ) { + log(0,0,0,0, "FATAL: Sequence number skipped! (%d != %d)\n", + seq, last_seq); + } + last_seq = seq; if (size > sizeof(past_hearts[0].data)) { log(0,0,0,0, "Tried to heartbeat something larger than the maximum packet!\n"); @@ -440,35 +438,62 @@ void cluster_check_master(void) clockt t = TIME; static int probed = 0; - // Is the master late? If so, try probing it... - if (TIME > (config->cluster_last_hb + config->cluster_hb_timeout/8 + 11)) { - if (!probed) { - if (config->cluster_master_address) { - peer_send_message(config->cluster_master_address, - C_LASTSEEN, config->cluster_seq_number, NULL, 0); + if (TIME < (config->cluster_last_hb + config->cluster_hb_timeout)) + { + // If the master is late (missed 2 hearbeats by a second and a + // hair) it may be that the switch has dropped us from the + // multicast group, try unicasting one probe to the master + // which will hopefully respond with a unicast heartbeat that + // will allow us to limp along until the querier next runs. + if (config->cluster_master_address + && TIME > (config->cluster_last_hb + 2 * config->cluster_hb_interval + 11)) + { + if (!probed) + { probed = 1; + log(1, 0, 0, 0, "Heartbeat from master %.1fs late, probing...\n", + TIME - (config->cluster_last_hb + config->cluster_hb_interval)); + + peer_send_message(config->cluster_master_address, + C_LASTSEEN, config->cluster_seq_number, NULL, 0); } + } else { // We got a recent heartbeat; reset the probe flag. + probed = 0; } - } else { // We got a recent heartbeat; reset the probe flag. - probed = 0; + + if (!config->cluster_iam_master) + return; // Everything's ok. return. + + // Master needs to check peer state } - if (TIME < (config->cluster_last_hb + config->cluster_hb_timeout) ) - return; // Everything's ok. return. + config->cluster_last_hb = TIME + 1; - if (!config->cluster_iam_master) + if (config->cluster_iam_master) + config->cluster_iam_uptodate = 1; // cleared in loop below + else log(0,0,0,0, "Master timed out! Holding election...\n"); - config->cluster_last_hb = TIME + 1; - for (i = have_peers = 0; i < num_peers ; ++i) { + for (i = have_peers = 0; i < num_peers; i++) + { if ((peers[i].timestamp + config->cluster_hb_timeout) < t) continue; // Stale peer! Skip them. if (!peers[i].basetime) continue; // Shutdown peer! Skip them. - have_peers = 1; + if (peers[i].uptodate) + have_peers = 1; + + if (config->cluster_iam_master) + { + if (!peers[i].uptodate) + config->cluster_iam_uptodate = 0; // Start fast heartbeats + + continue; + } + if (peers[i].basetime < basetime) { log(1,0,0,0, "Expecting %s to become master\n", inet_toa(peers[i].peer) ); return; // They'll win the election. Get out of here. @@ -586,12 +611,11 @@ void cluster_check_master(void) config->cluster_undefined_sessions = 0; config->cluster_undefined_tunnels = 0; + config->cluster_iam_uptodate = 1; // assume all peers are up-to-date - // - // FIXME. We need to fix up the tunnel control message - // queue here! There's a number of other variables we - // should also update. - cluster_uptodate(); + // FIXME. We need to fix up the tunnel control message + // queue here! There's a number of other variables we + // should also update. } @@ -699,6 +723,7 @@ int hb_add_type(char **p, int type, int id) default: log(0,0,0,0, "Found an invalid type in heart queue! (%d)\n", type); kill(0, SIGTERM); + exit(1); } return 0; } @@ -706,31 +731,33 @@ int hb_add_type(char **p, int type, int id) // // Send a heartbeat, incidently sending out any queued changes.. // -void cluster_heartbeat(int highsession, int freesession, int hightunnel) +void cluster_heartbeat() { int i, count = 0, tcount = 0; char buff[MAX_HEART_SIZE + sizeof(heartt) + sizeof(int) ]; heartt h; - char * p = buff; + char *p = buff; if (!config->cluster_iam_master) // Only the master does this. return; - hsess = highsession; - fsess = freesession; - // Fill out the heartbeat header. + // Fill out the heartbeat header. + memset(&h, 0, sizeof(h)); + h.version = HB_VERSION; h.seq = config->cluster_seq_number; h.basetime = basetime; h.clusterid = config->bind_address; // Will this do?? h.basetime = basetime; - h.highsession = highsession; - h.freesession = freesession; - h.hightunnel = hightunnel; + h.highsession = config->cluster_highest_sessionid; + h.freesession = sessionfree; + h.hightunnel = config->cluster_highest_tunnelid; h.size_sess = sizeof(sessiont); // Just in case. h.size_tunn = sizeof(tunnelt); + h.interval = config->cluster_hb_interval; + h.timeout = config->cluster_hb_timeout; - add_type(&p, C_HEARTBEAT, HB_VERSION, (char*) &h, sizeof(h) ); + add_type(&p, C_HEARTBEAT, HB_VERSION, (char*) &h, sizeof(h)); for (i = 0; i < config->cluster_num_changes; ++i) { hb_add_type(&p, cluster_changes[i].type, cluster_changes[i].id); @@ -739,6 +766,7 @@ void cluster_heartbeat(int highsession, int freesession, int hightunnel) if (p > (buff + sizeof(buff))) { // Did we somehow manage to overun the buffer? log(0,0,0,0, "FATAL: Overran the heartbeat buffer! This is fatal. Exiting. (size %d)\n", p - buff); kill(0, SIGTERM); + exit(1); } // @@ -749,11 +777,11 @@ void cluster_heartbeat(int highsession, int freesession, int hightunnel) if (!walk_session_number) // session #0 isn't valid. ++walk_session_number; - if (count >= highsession) // If we're a small cluster, don't go wild. + if (count >= config->cluster_highest_sessionid) // If we're a small cluster, don't go wild. break; hb_add_type(&p, C_CSESSION, walk_session_number); - walk_session_number = (1+walk_session_number)%(highsession+1); // +1 avoids divide by zero. + walk_session_number = (1+walk_session_number)%(config->cluster_highest_sessionid+1); // +1 avoids divide by zero. ++count; // Count the number of extra sessions we're sending. } @@ -783,6 +811,7 @@ void cluster_heartbeat(int highsession, int freesession, int hightunnel) if (p > (buff + sizeof(buff))) { // Did we somehow manage to overun the buffer? log(0,0,0,0, "Overran the heartbeat buffer now! This is fatal. Exiting. (size %d)\n", p - buff); kill(0, SIGTERM); + exit(1); } log(3,0,0,0, "Sending heartbeat #%d with %d changes (%d x-sess, %d x-tunnels, %d highsess, %d hightun size %d)\n", @@ -813,7 +842,7 @@ int type_changed(int type, int id) ++config->cluster_num_changes; if (config->cluster_num_changes > MAX_CHANGES) - cluster_heartbeat(config->cluster_highest_sessionid, fsess, config->cluster_highest_tunnelid); + cluster_heartbeat(); // flush now return 1; } @@ -868,8 +897,13 @@ int cluster_catchup_slave(int seq, u32 slave) while (seq != config->cluster_seq_number) { s = seq%HB_HISTORY_SIZE; if (seq != past_hearts[s].seq) { + int i; log(0,0,0,0, "Tried to re-send heartbeat for %s but %d doesn't match %d! (%d,%d)\n", inet_toa(slave), seq, past_hearts[s].seq, s, config->cluster_seq_number); + + for (i = 0; i < HB_HISTORY_SIZE; ++i) { + log(0,0,0,0, "\tentry %3d: seq %d (size %d)\n", i, past_hearts[s].seq, past_hearts[s].size); + } return -1; // What to do here!? } peer_send_data(slave, past_hearts[s].data, past_hearts[s].size); @@ -895,14 +929,6 @@ int cluster_add_peer(u32 peer, time_t basetime, pingt *p) return 0; } - // Is this the master shutting down?? - if (peer == config->cluster_master_address && !basetime) { - config->cluster_master_address = 0; - config->cluster_last_hb = 0; // Force an election. - cluster_check_master(); - return 0; - } - for (i = 0; i < num_peers ; ++i) { if (peers[i].peer != peer) @@ -911,9 +937,18 @@ int cluster_add_peer(u32 peer, time_t basetime, pingt *p) // This peer already exists. Just update the timestamp. peers[i].basetime = basetime; peers[i].timestamp = TIME; + peers[i].uptodate = !p->undef; break; } + // Is this the master shutting down?? + if (peer == config->cluster_master_address && !basetime) { + config->cluster_master_address = 0; + config->cluster_last_hb = 0; // Force an election. + cluster_check_master(); + return 0; + } + if (i >= num_peers) { log(4,0,0,0, "Adding %s as a peer\n", inet_toa(peer)); @@ -921,8 +956,9 @@ int cluster_add_peer(u32 peer, time_t basetime, pingt *p) // Not found. Is there a stale slot to re-use? for (i = 0; i < num_peers ; ++i) { - if (peers[i].peer != peer) - continue; + if (!peers[i].basetime) // Shutdown + break; + if ((peers[i].timestamp + config->cluster_hb_timeout * 10) < TIME) // Stale. break; } @@ -937,19 +973,27 @@ int cluster_add_peer(u32 peer, time_t basetime, pingt *p) peers[i].peer = peer; peers[i].basetime = basetime; peers[i].timestamp = TIME; + peers[i].uptodate = !p->undef; if (i == num_peers) ++num_peers; log(1,0,0,0, "Added %s as a new peer. Now %d peers\n", inet_toa(peer), num_peers); } + if (peers[i].uptodate) + { #ifdef BGP - /* drop routes if we've now got a peer */ - if (bgp_configured && config->cluster_iam_master && !have_peers) - bgp_enable_routing(0); + /* drop routes if we've now got a peer */ + if (config->cluster_iam_master && bgp_configured && !have_peers) + bgp_enable_routing(0); #endif /* BGP */ + have_peers = 1; + } + else if (config->cluster_iam_master) + { + config->cluster_iam_uptodate = 0; // increase heart-rate... + } - have_peers = 1; return 1; } @@ -1017,6 +1061,7 @@ static int cluster_recv_session(int more , u8 * p) if (!config->cluster_iam_uptodate) cluster_uptodate(); // Check to see if we're up to date. + return 0; } @@ -1054,23 +1099,28 @@ static int cluster_recv_tunnel(int more, u8 *p) // -// Process a version one heartbeat.. +// Process a heartbeat.. // -static int cluster_process_heartbeat_v2(u8 * data, int size, int more, u8 * p, u32 addr) +static int cluster_process_heartbeat(u8 * data, int size, int more, u8 * p, u32 addr) { heartt * h; int s = size - (p-data); int i, type; - if (more != HB_VERSION) { - log(0,0,0,0, "Received a heartbeat version that I don't understand!\n"); +#if HB_VERSION != 3 +# error "need to update cluster_process_heartbeat()" +#endif + + // we handle version 2+ + if (more < 2 || more > HB_VERSION) { + log(0,0,0,0, "Received a heartbeat version that I don't support (%d)!\n", more); return -1; // Ignore it?? } + // Ok. It's a heartbeat packet from a cluster master! if (s < sizeof(*h)) goto shortpacket; - h = (heartt*) p; p += sizeof(*h); s -= sizeof(*h); @@ -1128,6 +1178,25 @@ static int cluster_process_heartbeat_v2(u8 * data, int size, int more, u8 * p, u // that the free session pointer is correct. cluster_check_sessions(h->highsession, h->freesession, h->hightunnel); + if (more > 2) // reserved section of heartt was not initialized prior to v3 + { + if (h->interval != config->cluster_hb_interval) + { + log(2, 0, 0, 0, "Master set ping/heartbeat interval to %u (was %u)\n", + h->interval, config->cluster_hb_interval); + + config->cluster_hb_interval = h->interval; + } + + if (h->timeout != config->cluster_hb_timeout) + { + log(2, 0, 0, 0, "Master set heartbeat timeout to %u (was %u)\n", + h->timeout, config->cluster_hb_timeout); + + config->cluster_hb_timeout = h->timeout; + } + } + // Ok. process the packet... while ( s > 0) { @@ -1315,14 +1384,14 @@ int processcluster(char * data, int size, u32 addr) case C_HEARTBEAT: log(4,0,0,0, "Got a heartbeat from %s\n", inet_toa(addr)); - - return cluster_process_heartbeat_v2(data, size, more, p, addr); + return cluster_process_heartbeat(data, size, more, p, addr); default: log(0,0,0,0, "Strange type packet received on cluster socket (%d)\n", type); return -1; } return 0; + shortpacket: log(0,0,0,0, "I got an cluster heartbeat packet! This means I'm probably out of sync!!\n"); return -1; diff --git a/cluster.h b/cluster.h index 2bfba31..4d0f69e 100644 --- a/cluster.h +++ b/cluster.h @@ -1,5 +1,5 @@ // L2TPNS Clustering Stuff -// $Id: cluster.h,v 1.3 2004/06/23 03:52:24 fred_nerk Exp $ +// $Id: cluster.h,v 1.4 2004/07/07 09:09:53 bodea Exp $ #ifndef __CLUSTER_H__ #define __CLUSTER_H__ @@ -20,7 +20,7 @@ #define C_CTUNNEL 13 // Compressed tunnel structure. #define C_GARDEN 14 // Gardened packet -#define HB_VERSION 2 // Protocol version number.. +#define HB_VERSION 3 // Protocol version number.. #define HB_MAX_SEQ (1<<30) // Maximum sequence number. (MUST BE A POWER OF 2!) #define HB_HISTORY_SIZE 64 // How many old heartbeats we remember?? (Must be a factor of HB_MAX_SEQ) @@ -28,10 +28,6 @@ #define HB_TIMEOUT (15*2*PING_INTERVAL) // 15 seconds without heartbeat triggers an election.. #define CLUSTERPORT 32792 -#define UDP 17 -#define TIMEOUT 20 -#define IL sizeof(int) - #define CLUSTER_MAX_SIZE 32 // No more than 32 machines in a cluster! #define DEFAULT_MCAST_ADDR "239.192.13.13" // Need an assigned number! @@ -49,8 +45,10 @@ typedef struct { u32 size_sess; // Size of the session structure. u32 size_tunn; // size of the tunnel structure. + u32 interval; // ping/heartbeat interval (if changed) + u32 timeout; // heartbeat timeout (if changed) - char reserved[128 - 9*sizeof(u32)]; // Pad out to 128 bytes. + char reserved[128 - 11*sizeof(u32)]; // Pad out to 128 bytes. } heartt; typedef struct { /* Used to update byte counters on the */ @@ -78,7 +76,7 @@ int master_garden_packet(sessionidt s, char * data, int size); void master_update_counts(void); void cluster_send_ping(time_t basetime); -void cluster_heartbeat(int highsession, int freesession, int hightunnel); +void cluster_heartbeat(void); void cluster_check_master(void); int show_cluster(struct cli_def *cli, char *command, char **argv, int argc); diff --git a/l2tpns.c b/l2tpns.c index f7a7b5b..ac6c8e9 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.10 2004/07/02 07:31:23 bodea Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.11 2004/07/07 09:09:53 bodea Exp $"; #include #include @@ -418,7 +418,7 @@ void initudp(void) addr.sin_family = AF_INET; addr.sin_port = htons(L2TPPORT); addr.sin_addr.s_addr = config->bind_address; - udpfd = socket(AF_INET, SOCK_DGRAM, UDP); + udpfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); setsockopt(udpfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); { int flags = fcntl(udpfd, F_GETFL, 0); @@ -429,7 +429,7 @@ void initudp(void) log(0, 0, 0, 0, "Error in UDP bind: %s\n", strerror(errno)); exit(1); } - snoopfd = socket(AF_INET, SOCK_DGRAM, UDP); + snoopfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); snoop_addr.sin_family = AF_INET; // Control @@ -1161,14 +1161,17 @@ void sendipcp(tunnelidt t, sessionidt s) if (!r) r = radiusnew(s); + if (radius[r].state != RADIUSIPCP) { radius[r].state = RADIUSIPCP; radius[r].try = 0; } + radius[r].retry = backoff(radius[r].try++); if (radius[r].try > 10) { + radiusclear(r, s); // Clear radius session. sessionshutdown(s, "No reply on IPCP"); return; } @@ -1198,6 +1201,7 @@ void sessionkill(sessionidt s, char *reason) sessionshutdown(s, reason); // close radius/routes, etc. if (session[s].radius) radiusclear(session[s].radius, 0); // cant send clean accounting data, session is killed + log(2, 0, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason); throttle_session(s, 0); // Force session to be un-throttle. Free'ing TBF structures. @@ -1585,8 +1589,8 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) // TBA - to send to RADIUS break; case 8: // vendor name - memset(tunnel[t].vendor, 0, 128); - memcpy(tunnel[t].vendor, b, (n >= 127) ? 127 : n); + memset(tunnel[t].vendor, 0, sizeof(tunnel[t].vendor)); + memcpy(tunnel[t].vendor, b, (n >= sizeof(tunnel[t].vendor) - 1) ? sizeof(tunnel[t].vendor) - 1 : n); log(4, ntohl(addr->sin_addr.s_addr), s, t, " Vendor name = \"%s\"\n", tunnel[t].vendor); break; case 9: // assigned tunnel @@ -1819,7 +1823,7 @@ void processudp(u8 * buf, int len, struct sockaddr_in *addr) if (!(r = radiusnew(s))) { log(1, ntohl(addr->sin_addr.s_addr), s, t, "No free RADIUS sessions for ICRQ\n"); -// sessionkill(s, "no free RADIUS sesions"); + sessionkill(s, "no free RADIUS sesions"); return; } @@ -2044,7 +2048,7 @@ int regular_cleanups(void) } else radius[r].retry = backoff(radius[r].try+1); // Is this really needed? --mo } - for (t = 1; t < config->cluster_highest_tunnelid; t++) + for (t = 1; t <= config->cluster_highest_tunnelid; t++) { // check for expired tunnels if (tunnel[t].die && tunnel[t].die <= TIME) @@ -2220,8 +2224,8 @@ void mainloop(void) int cn, i; u8 buf[65536]; struct timeval to; - time_t next_cluster_ping = 0; // default 1 second pings. - clockt next_clean = time_now + config->cleanup_interval; + clockt next_cluster_ping = 0; // send initial ping immediately + time_t next_clean = time_now + config->cleanup_interval; log(4, 0, 0, 0, "Beginning of main loop. udpfd=%d, tapfd=%d, cluster_sockfd=%d, controlfd=%d\n", udpfd, tapfd, cluster_sockfd, controlfd); @@ -2355,16 +2359,17 @@ void mainloop(void) } // Runs on every machine (master and slaves). - if (cluster_sockfd && next_cluster_ping <= time_now) + if (cluster_sockfd && next_cluster_ping <= TIME) { // Check to see which of the cluster is still alive.. - next_cluster_ping = time_now + 1; cluster_send_ping(basetime); - cluster_check_master(); - - cluster_heartbeat(config->cluster_highest_sessionid, sessionfree, config->cluster_highest_tunnelid); // Only does anything if we're a master. + cluster_heartbeat(); // Only does anything if we're a master. master_update_counts(); // If we're a slave, send our byte counters to our master. + if (config->cluster_iam_master && !config->cluster_iam_uptodate) + next_cluster_ping = TIME + 1; // out-of-date slaves, do fast updates + else + next_cluster_ping = TIME + config->cluster_hb_interval; } // Run token bucket filtering queue.. @@ -2401,11 +2406,8 @@ void mainloop(void) } // Are we the master and shutting down?? - if (config->cluster_iam_master) { - - cluster_heartbeat(config->cluster_highest_sessionid, sessionfree, - config->cluster_highest_tunnelid); // Flush any queued changes.. - } + if (config->cluster_iam_master) + cluster_heartbeat(); // Flush any queued changes.. // Ok. Notify everyone we're shutting down. If we're // the master, this will force an election. @@ -2464,14 +2466,14 @@ void initdata(void) ip_address_pool = mmap(NULL, sizeof(ippoolt) * MAXIPPOOL, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, 0, 0); if (ip_address_pool == MAP_FAILED) { - log(0, 0, 0, 0, "Error doing mmap for radius: %s\n", strerror(errno)); + log(0, 0, 0, 0, "Error doing mmap for ip_address_pool: %s\n", strerror(errno)); exit(1); } #ifdef RINGBUFFER ringbuffer = mmap(NULL, sizeof(struct Tringbuffer), PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, 0, 0); if (ringbuffer == MAP_FAILED) { - log(0, 0, 0, 0, "Error doing mmap for radius: %s\n", strerror(errno)); + log(0, 0, 0, 0, "Error doing mmap for ringbuffer: %s\n", strerror(errno)); exit(1); } memset(ringbuffer, 0, sizeof(struct Tringbuffer)); @@ -2512,8 +2514,10 @@ void initdata(void) if (!*hostname) { + char *p; // Grab my hostname unless it's been specified gethostname(hostname, sizeof(hostname)); + if ((p = strchr(hostname, '.'))) *p = 0; } _statistics->start_time = _statistics->last_reset = time(NULL); @@ -2539,7 +2543,7 @@ int assign_ip_address(sessionidt s) { u32 i; int best = -1; - clockt best_time = time_now; + time_t best_time = time_now; char *u = session[s].user; char reuse = 0; @@ -2881,7 +2885,7 @@ int main(int argc, char *argv[]) config->debug++; break; case 'h': - strncpy(hostname, optarg, 999); + snprintf(hostname, sizeof(hostname), "%s", optarg); break; case '?': default: @@ -2907,7 +2911,7 @@ int main(int argc, char *argv[]) initplugins(); initdata(); init_tbf(); - init_cli(); + init_cli(hostname); read_config_file(); log(0, 0, 0, 0, "L2TPNS version " VERSION "\n"); @@ -3291,6 +3295,8 @@ static int facility_value(char *name) void update_config() { int i; + static int timeout = 0; + static int interval = 0; // Update logging closelog(); @@ -3373,6 +3379,26 @@ void update_config() if (!config->cluster_hb_timeout) config->cluster_hb_timeout = HB_TIMEOUT; // 10 missed heartbeat triggers an election. + if (interval != config->cluster_hb_interval || timeout != config->cluster_hb_timeout) + { + // Paranoia: cluster_check_master() treats 2 x interval + 1 sec as + // late, ensure we're sufficiently larger than that + int t = 4 * config->cluster_hb_interval + 11; + + if (config->cluster_hb_timeout < t) + { + log(0,0,0,0, "Heartbeat timeout %d too low, adjusting to %d\n", config->cluster_hb_timeout, t); + config->cluster_hb_timeout = t; + } + + // Push timing changes to the slaves immediately if we're the master + if (config->cluster_iam_master) + cluster_heartbeat(); + + interval = config->cluster_hb_interval; + timeout = config->cluster_hb_timeout; + } + config->reload_config = 0; } @@ -3807,7 +3833,7 @@ void become_master(void) int s; run_plugins(PLUGIN_BECOME_MASTER, NULL); - for (s = 0; s < config->cluster_highest_sessionid ; ++s) { + for (s = 1; s <= config->cluster_highest_sessionid ; ++s) { if (!session[s].tunnel) // Not an in-use session. continue; @@ -3829,7 +3855,7 @@ int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc time(&time_now); for (i = 0; i < 64;++i) buckets[i] = 0; - for (s = 0; s < config->cluster_highest_sessionid ; ++s) { + for (s = 1; s <= config->cluster_highest_sessionid ; ++s) { int idle; if (!session[s].tunnel) continue; @@ -3865,7 +3891,7 @@ int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc time(&time_now); for (i = 0; i < 64;++i) buckets[i] = 0; - for (s = 0; s < config->cluster_highest_sessionid ; ++s) { + for (s = 1; s <= config->cluster_highest_sessionid ; ++s) { int open = 0, d; if (!session[s].tunnel) continue; diff --git a/l2tpns.h b/l2tpns.h index 1f0ccb8..da49b25 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -1,5 +1,5 @@ // L2TPNS Global Stuff -// $Id: l2tpns.h,v 1.9 2004/07/02 07:31:23 bodea Exp $ +// $Id: l2tpns.h,v 1.10 2004/07/07 09:09:53 bodea Exp $ #ifndef __L2TPNS_H__ #define __L2TPNS_H__ @@ -60,7 +60,6 @@ #endif #define TAPDEVICE "/dev/net/tun" -#define UDP 17 #define STATEFILE DATADIR "/state.dump" // State dump file #define CONFIGFILE FLASHDIR "/startup-config" // Configuration file #define CLIUSERS FLASHDIR "/users" // CLI Users file @@ -525,7 +524,7 @@ int sessionsetup(tunnelidt t, sessionidt s); int cluster_send_session(int s); int cluster_send_tunnel(int t); int cluster_send_goodbye(); -void init_cli(); +void init_cli(char *hostname); void cli_do_file(FILE *fh); void cli_do(int sockfd); int cli_arg_help(struct cli_def *cli, int cr_ok, char *entry, ...); diff --git a/radius.c b/radius.c index c846c46..1739c80 100644 --- a/radius.c +++ b/radius.c @@ -1,6 +1,6 @@ // L2TPNS Radius Stuff -char const *cvs_id_radius = "$Id: radius.c,v 1.6 2004/07/02 07:31:23 bodea Exp $"; +char const *cvs_id_radius = "$Id: radius.c,v 1.7 2004/07/07 09:09:53 bodea Exp $"; #include #include @@ -46,7 +46,7 @@ void initrad(void) for (i = 0; i < config->num_radfds; i++) { int flags; - if (!radfds[i]) radfds[i] = socket(AF_INET, SOCK_DGRAM, UDP); + if (!radfds[i]) radfds[i] = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); flags = fcntl(radfds[i], F_GETFL, 0); fcntl(radfds[i], F_SETFL, flags | O_NONBLOCK); } @@ -59,7 +59,7 @@ void radiusclear(u16 r, sessionidt s) } -static u16 new_radius() +static u16 get_free_radius() { int count; static u32 next_radius_id = 0; @@ -82,13 +82,22 @@ static u16 new_radius() u16 radiusnew(sessionidt s) { - u16 r; - if (!(r = new_radius())) + u16 r = session[s].radius; + + /* re-use */ + if (r) + { + log(3, 0, s, session[s].tunnel, "Re-used radius %d\n", r); + return r; + } + + if (!(r = get_free_radius())) { log(1, 0, s, session[s].tunnel, "No free RADIUS sessions\n"); STAT(radius_overflow); return 0; }; + memset(&radius[r], 0, sizeof(radius[r])); session[s].radius = r; radius[r].session = s; @@ -393,20 +402,14 @@ void processrad(u8 *buf, int len, char socket_index) if (memcmp(hash, buf + 4, 16)) { log(0, 0, s, session[s].tunnel, " Incorrect auth on RADIUS response!! (wrong secret in radius config?)\n"); -// radius[r].state = RADIUSWAIT; - return; // Do nothing. On timeout, it will try the next radius server. } if ((radius[r].state == RADIUSAUTH && *buf != 2 && *buf != 3) || ((radius[r].state == RADIUSSTART || radius[r].state == RADIUSSTOP) && *buf != 5)) { log(1, 0, s, session[s].tunnel, " Unexpected RADIUS response %d\n", *buf); - return; // We got something we didn't expect. Let the timeouts take // care off finishing the radius session if that's really correct. -// old code. I think incorrect. --mo -// radius[r].state = RADIUSWAIT; -// break; // Finish the radius sesssion. } if (radius[r].state == RADIUSAUTH) { -- 2.20.1