From 6b6c8a8933ab99139647e6185eb69336473e5c42 Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Tue, 10 May 2005 09:35:27 +0000 Subject: [PATCH 01/16] reset length of lcp packets --- ppp.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ppp.c b/ppp.c index dfbc39d..40d33e3 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.54 2005-05-10 00:56:12 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.55 2005-05-10 09:35:27 bodea Exp $"; #include #include @@ -405,7 +405,7 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) *q++ = 6; memset(q, 0, 4); // asyncmap 0 q += 4; - *((uint16_t *) (response + 2)) = htons(q - response); // LCP header length + *((uint16_t *) (response + 2)) = htons(l = q - response); // LCP header length break; case 3: // Authentication-Protocol @@ -466,7 +466,7 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) q = a; } - *((uint16_t *) (response + 2)) = htons(q - response); // LCP header length + *((uint16_t *) (response + 2)) = htons(l = q - response); // LCP header length break; } break; @@ -498,7 +498,7 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) memcpy(q, o, length); q += length; - *((uint16_t *) (response + 2)) = htons(q - response); // LCP header length + *((uint16_t *) (response + 2)) = htons(l = q - response); // LCP header length } x -= length; o += length; @@ -513,7 +513,7 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) } LOG(3, s, t, "Sending %s\n", ppp_lcp_type(*response)); - tunnelsend(b, l + (q - b), t); + tunnelsend(b, l + response - b, t); if (!(session[s].flags & SF_LCP_ACKED)) sendlcp(t, s, config->radius_authprefer); -- 2.20.1 From 2267fbe504476b75d30270fb39a0f01481087676 Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Tue, 10 May 2005 09:47:23 +0000 Subject: [PATCH 02/16] set length properly --- ppp.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/ppp.c b/ppp.c index 40d33e3..6888328 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.55 2005-05-10 09:35:27 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.56 2005-05-10 09:47:23 bodea Exp $"; #include #include @@ -405,7 +405,6 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) *q++ = 6; memset(q, 0, 4); // asyncmap 0 q += 4; - *((uint16_t *) (response + 2)) = htons(l = q - response); // LCP header length break; case 3: // Authentication-Protocol @@ -466,7 +465,6 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) q = a; } - *((uint16_t *) (response + 2)) = htons(l = q - response); // LCP header length break; } break; @@ -498,18 +496,22 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) memcpy(q, o, length); q += length; - *((uint16_t *) (response + 2)) = htons(l = q - response); // LCP header length } x -= length; o += length; } - if (!response) + if (response) { - // Send back a ConfigAck - q = response = makeppp(b, sizeof(b), p, l, t, s, PPPLCP); - if (!q) return; - *q = ConfigAck; + l = q - response; // LCP packet length + *((uint16_t *) (response + 2)) = htons(l); // update header + } + else + { + // Send packet back as ConfigAck + response = makeppp(b, sizeof(b), p, l, t, s, PPPLCP); + if (!response) return; + *response = ConfigAck; } LOG(3, s, t, "Sending %s\n", ppp_lcp_type(*response)); -- 2.20.1 From d908e3348f2f824e798e43a90fb89b2dfe981e2b Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Tue, 10 May 2005 09:57:19 +0000 Subject: [PATCH 03/16] sendchap on ConfigAck --- ppp.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/ppp.c b/ppp.c index 6888328..6cdeb35 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.56 2005-05-10 09:47:23 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.57 2005-05-10 09:57:19 bodea Exp $"; #include #include @@ -355,7 +355,34 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) if (*p == ConfigAck) { - LOG(3, s, t, "LCP: Discarding ConfigAck\n"); + int x = l - 4; + uint8_t *o = (p + 4); + int authtype = 0; + + LOG(3, s, t, "LCP: ConfigAck (%d bytes)...\n", l); + if (config->debug > 3) dumplcp(p, l); + + while (x > 2) + { + int type = o[0]; + int length = o[1]; + + if (length == 0 || type == 0 || x < length) break; + switch (type) + { + case 3: // Authentication-Protocol + { + int proto = ntohs(*(uint16_t *)(o + 2)); + if (proto == PPPCHAP && *(o + 4) == 5) + sendchap(t, s); + } + + break; + } + x -= length; + o += length; + } + session[s].flags |= SF_LCP_ACKED; } else if (*p == ConfigReq) -- 2.20.1 From 4d3e657b282f9557e2a0cc9944b51e77d94ff932 Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Tue, 10 May 2005 09:57:50 +0000 Subject: [PATCH 04/16] *** empty log message *** --- ppp.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ppp.c b/ppp.c index 6cdeb35..a2a67ea 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.57 2005-05-10 09:57:19 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.58 2005-05-10 09:57:50 bodea Exp $"; #include #include @@ -357,7 +357,6 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) { int x = l - 4; uint8_t *o = (p + 4); - int authtype = 0; LOG(3, s, t, "LCP: ConfigAck (%d bytes)...\n", l); if (config->debug > 3) dumplcp(p, l); -- 2.20.1 From 750423daeeddca51d7c9f253fca1da54fb6b652c Mon Sep 17 00:00:00 2001 From: Jonathan McDowell Date: Tue, 10 May 2005 10:54:34 +0000 Subject: [PATCH 05/16] Fix processing of ConfigNak responses to LCP. --- ppp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ppp.c b/ppp.c index a2a67ea..79b972d 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.58 2005-05-10 09:57:50 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.59 2005-05-10 10:54:34 jonmcd Exp $"; #include #include @@ -605,6 +605,8 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) LOG(2, s, t, " Remote NAKed LCP type %u?\n", type); break; } + x -= length; + o += length; } if (!authtype) @@ -1327,7 +1329,7 @@ void sendlcp(tunnelidt t, sessionidt s, int authtype) return; LOG(4, s, t, "Sending LCP ConfigReq for %s\n", - config->radius_authprefer == AUTHCHAP ? "CHAP" : "PAP"); + authtype == AUTHCHAP ? "CHAP" : "PAP"); if (!session[s].mru) session[s].mru = DEFAULT_MRU; -- 2.20.1 From d8c5baa23986f51dba83ed0f76c256cae0348334 Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Tue, 10 May 2005 11:23:33 +0000 Subject: [PATCH 06/16] check all suggested auth mechanisms --- ppp.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/ppp.c b/ppp.c index 79b972d..2d030bf 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.59 2005-05-10 10:54:34 jonmcd Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.60 2005-05-10 11:23:33 bodea Exp $"; #include #include @@ -550,7 +550,7 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) { int x = l - 4; uint8_t *o = (p + 4); - int authtype = 0; + int authtype = -1; LOG(3, s, t, "LCP: ConfigNak (%d bytes)...\n", l); if (config->debug > 3) dumplcp(p, l); @@ -569,7 +569,7 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) break; case 3: // Authentication-Protocol - if (authtype) + if (authtype > 0) break; { @@ -593,12 +593,6 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) } } - if (!authtype) - { - sessionshutdown(s, "Unsupported authentication.", 3, 0); - return; - } - break; default: @@ -610,6 +604,12 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) } if (!authtype) + { + sessionshutdown(s, "Unsupported authentication.", 3, 0); + return; + } + + if (authtype == -1) authtype = config->radius_authprefer; sendlcp(t, s, authtype); -- 2.20.1 From 6deb8f544bebc3a0824ab56b18ae2ec577819d89 Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Tue, 10 May 2005 11:59:25 +0000 Subject: [PATCH 07/16] update ipv6_prefix description --- Docs/startup-config.5 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Docs/startup-config.5 b/Docs/startup-config.5 index f4b6a5d..35d5346 100644 --- a/Docs/startup-config.5 +++ b/Docs/startup-config.5 @@ -2,7 +2,7 @@ .de Id .ds Dt \\$4 \\$5 .. -.Id $Id: startup-config.5,v 1.6 2005-05-10 08:11:29 bodea Exp $ +.Id $Id: startup-config.5,v 1.7 2005-05-10 11:59:25 bodea Exp $ .TH STARTUP-CONFIG 5 "\*(Dt" L2TPNS "File Formats and Conventions" .SH NAME startup\-config \- configuration file for l2tpns @@ -190,7 +190,9 @@ elected when this interval has been passed without seeing a heartbeat from the master. .TP .B ipv6_prefix -TODO: Noodles +Enable negotiation of IPv6. This forms the the first 64 bits of the +client allocated address. The remaining 64 come from the allocated +IPv4 address and 4 bytes of 0s. .RE .SS BGP ROUTING The routing configuration section is entered by the command -- 2.20.1 From 344fe615102c3939f44d623a56326b9ae58b4df7 Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Thu, 12 May 2005 04:08:45 +0000 Subject: [PATCH 08/16] send CDN when ICRQ cannot be accepted (no sessions, no RADIUS) --- l2tpns.c | 67 ++++++++++++++++++++++++++++++-------------------------- 1 file changed, 36 insertions(+), 31 deletions(-) diff --git a/l2tpns.c b/l2tpns.c index 4664c50..f2000f5 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.101 2005-05-10 08:48:00 bodea Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.102 2005-05-12 04:08:45 bodea Exp $"; #include #include @@ -1323,11 +1323,11 @@ static void controlnull(tunnelidt t) } // add a control message to a tunnel, and send if within window -static void controladd(controlt * c, tunnelidt t, sessionidt s) +static void controladd(controlt * c, tunnelidt t, sessionidt far) { *(uint16_t *) (c->buf + 2) = htons(c->length); // length *(uint16_t *) (c->buf + 4) = htons(tunnel[t].far); // tunnel - *(uint16_t *) (c->buf + 6) = htons(s ? session[s].far : 0); // session + *(uint16_t *) (c->buf + 6) = htons(far); // session *(uint16_t *) (c->buf + 8) = htons(tunnel[t].ns); // sequence tunnel[t].ns++; // advance sequence // link in message in to queue @@ -1518,7 +1518,7 @@ void sessionshutdown(sessionidt s, char *reason, int result, int error) control16(c, 1, result, 1); control16(c, 14, s, 1); // assigned session (our end) - controladd(c, session[s].tunnel, s); // send the message + controladd(c, session[s].tunnel, session[s].far); // send the message } if (!session[s].die) @@ -2277,7 +2277,7 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) controls(c, 7, tunnel[t].hostname, 1); // host name (TBA) if (chapresponse) controlb(c, 13, chapresponse, 16, 1); // Challenge response control16(c, 9, t, 1); // assigned tunnel - controladd(c, t, s); // send the resply + controladd(c, t, 0); // send the resply } tunnel[t].state = TUNNELOPENING; break; @@ -2305,16 +2305,11 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) // TBA break; case 10: // ICRQ - if (!sessionfree) - { - STAT(session_overflow); - LOG(1, 0, t, "No free sessions\n"); - return; - } - else + controlt *c; + + if (sessionfree) { uint16_t r; - controlt *c; s = sessionfree; sessionfree = session[s].next; @@ -2324,28 +2319,38 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) config->cluster_highest_sessionid = s; // make a RADIUS session - if (!(r = radiusnew(s))) + if ((r = radiusnew(s))) { - LOG(1, s, t, "No free RADIUS sessions for ICRQ\n"); - sessionclear(s); - return; + c = controlnew(11); // sending ICRP + session[s].opened = time_now; + session[s].tunnel = t; + session[s].far = asession; + session[s].last_packet = time_now; + LOG(3, s, t, "New session (%d/%d)\n", tunnel[t].far, session[s].far); + control16(c, 14, s, 1); // assigned session + controladd(c, t, asession); // send the reply + + strncpy(radius[r].calling, calling, sizeof(radius[r].calling) - 1); + strncpy(session[s].called, called, sizeof(session[s].called) - 1); + strncpy(session[s].calling, calling, sizeof(session[s].calling) - 1); + STAT(session_created); + break; } - c = controlnew(11); // sending ICRP - session[s].opened = time_now; - session[s].tunnel = t; - session[s].far = asession; - session[s].last_packet = time_now; - LOG(3, s, t, "New session (%d/%d)\n", tunnel[t].far, session[s].far); - control16(c, 14, s, 1); // assigned session - controladd(c, t, s); // send the reply - - strncpy(radius[r].calling, calling, sizeof(radius[r].calling) - 1); - strncpy(session[s].called, called, sizeof(session[s].called) - 1); - strncpy(session[s].calling, calling, sizeof(session[s].calling) - 1); - STAT(session_created); + + LOG(1, s, t, "No free RADIUS sessions for ICRQ\n"); + sessionclear(s); } - break; + else + { + STAT(session_overflow); + LOG(1, 0, t, "No free sessions\n"); + } + + c = controlnew(14); // CDN + control16(c, 1, 4, 1); // temporary lack of resources + controladd(c, session[s].tunnel, asession); // send the message + return; case 11: // ICRP // TBA break; -- 2.20.1 From c650fd367a693e1447326f0a4e5d5e5c8bbe445f Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Fri, 13 May 2005 01:29:40 +0000 Subject: [PATCH 09/16] always send LCP ConfigReq after we get ICCN --- l2tpns.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/l2tpns.c b/l2tpns.c index f2000f5..a3da175 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.102 2005-05-12 04:08:45 bodea Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.103 2005-05-13 01:29:40 bodea Exp $"; #include #include @@ -2305,8 +2305,6 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) // TBA break; case 10: // ICRQ - controlt *c; - if (sessionfree) { uint16_t r; @@ -2321,7 +2319,7 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) // make a RADIUS session if ((r = radiusnew(s))) { - c = controlnew(11); // sending ICRP + controlt *c = controlnew(11); // sending ICRP session[s].opened = time_now; session[s].tunnel = t; session[s].far = asession; @@ -2347,9 +2345,11 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) LOG(1, 0, t, "No free sessions\n"); } - c = controlnew(14); // CDN - control16(c, 1, 4, 1); // temporary lack of resources - controladd(c, session[s].tunnel, asession); // send the message + { + controlt *c = controlnew(14); // CDN + control16(c, 1, 4, 1); // temporary lack of resources + controladd(c, session[s].tunnel, asession); // send the message + } return; case 11: // ICRP // TBA @@ -2361,8 +2361,11 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr) LOG(3, s, t, "Magic %X Flags %X\n", amagic, aflags); controlnull(t); // ack // proxy authentication type is not supported - if (authtype && !(config->radius_authtypes & authtype)) - sendlcp(t, s, config->radius_authprefer); + if (!(config->radius_authtypes & authtype)) + authtype = config->radius_authprefer; + + // start LCP + sendlcp(t, s, authtype); break; case 14: // CDN controlnull(t); // ack -- 2.20.1 From b140841c65cb0cb1551c372b6629dea5f3d79310 Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Fri, 13 May 2005 05:28:16 +0000 Subject: [PATCH 10/16] add "throttle=N" --- autothrottle.c | 49 ++++++++++++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 19 deletions(-) diff --git a/autothrottle.c b/autothrottle.c index 4770ae8..074fe53 100644 --- a/autothrottle.c +++ b/autothrottle.c @@ -4,7 +4,16 @@ /* set up throttling based on RADIUS reply */ -char const *cvs_id = "$Id: autothrottle.c,v 1.13 2004-11-30 07:14:45 bodea Exp $"; +/* + * lcp:interface-config#1=service-policy input N + * lcp:interface-config#2=service-policy output N + * + * throttle=N + * throttle=yes (use throttle_rate from config) + * throttle=no + */ + +char const *cvs_id = "$Id: autothrottle.c,v 1.14 2005-05-13 05:28:16 bodea Exp $"; int plugin_api_version = PLUGIN_API_VERSION; struct pluginfuncs *p; @@ -69,31 +78,33 @@ int plugin_radius_response(struct param_radius_response *data) if (!strcmp(data->key, "throttle")) { - if (!strcmp(data->value, "yes")) + char *e; + int rate; + + if ((rate = strtol(data->value, &e, 10)) < 0 || *e) { - unsigned long *rate = p->getconfig("throttle_speed", UNSIGNED_LONG); - if (rate) + rate = -1; + if (!strcmp(data->value, "yes")) { - if (*rate) - p->log(3, p->get_id_by_session(data->s), data->s->tunnel, - " Throttling user to %dkb/s\n", *rate); - else - p->log(3, p->get_id_by_session(data->s), data->s->tunnel, - " Not throttling user (throttle_speed=0)\n"); - - data->s->throttle_in = data->s->throttle_out = *rate; + unsigned long *ts = p->getconfig("throttle_speed", UNSIGNED_LONG); + if (ts) + rate = *ts; } - else - p->log(1, p->get_id_by_session(data->s), data->s->tunnel, - " Not throttling user (can't get throttle_speed)\n"); + else if (!strcmp(data->value, "no")) + rate = 0; } - else if (!strcmp(data->value, "no")) - { + + if (rate < 0) + return PLUGIN_RET_OK; + + if (rate) + p->log(3, p->get_id_by_session(data->s), data->s->tunnel, + " Throttling user to %dkb/s\n", rate); + else p->log(3, p->get_id_by_session(data->s), data->s->tunnel, " Not throttling user\n"); - data->s->throttle_in = data->s->throttle_out = 0; - } + data->s->throttle_in = data->s->throttle_out = rate; } return PLUGIN_RET_OK; -- 2.20.1 From 520b2cb24d2e5dba74e946ae259f3622606ce5fe Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Fri, 13 May 2005 09:23:00 +0000 Subject: [PATCH 11/16] it seems that some clients regularly attempt to reauth... just ignore (don't drop) --- ppp.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ppp.c b/ppp.c index 2d030bf..3408d86 100644 --- a/ppp.c +++ b/ppp.c @@ -1,6 +1,6 @@ // L2TPNS PPP Stuff -char const *cvs_id_ppp = "$Id: ppp.c,v 1.60 2005-05-10 11:23:33 bodea Exp $"; +char const *cvs_id_ppp = "$Id: ppp.c,v 1.61 2005-05-13 09:23:00 bodea Exp $"; #include #include @@ -150,7 +150,6 @@ void processchap(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l) { LOG(1, s, t, "Unexpected CHAP message\n"); STAT(tunnel_rx_errors); - sessionshutdown(s, "Unexpected CHAP message.", 3, 0); return; } -- 2.20.1 From 847b4c6b1d2e074003411aa706b76bc667518b34 Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Mon, 16 May 2005 04:51:16 +0000 Subject: [PATCH 12/16] fix RADIUS indexing (should have 16K entries with 64 sockets) --- Changes | 4 +++- l2tpns.c | 8 ++++---- l2tpns.h | 8 ++++---- l2tpns.spec | 2 +- radius.c | 6 +++--- 5 files changed, 15 insertions(+), 13 deletions(-) diff --git a/Changes b/Changes index fda010e..0b2f15f 100644 --- a/Changes +++ b/Changes @@ -1,4 +1,4 @@ -* Tue May 10 2005 Brendan O'Dea 2.1.0 +* Mon May 16 2005 Brendan O'Dea 2.1.0 - Add IPv6 support from Jonathan McDowell. - Add CHAP support from Jordan Hrycaj. - Add interim accounting support from Vladislav Bjelic. @@ -61,6 +61,8 @@ - Make "show running-config" a privileged command (contains clear text shared secrets). - Add sessionctl plugin to provide drop/kill via nsctl. +- Add handling of "throttle=N" RADIUS attributes. +- Fix RADIUS indexing (should have 16K entries with 64 sockets). * Fri Dec 17 2004 Brendan O'Dea 2.0.13 - Better cluster master collision resolution: keep a counter of state diff --git a/l2tpns.c b/l2tpns.c index a3da175..2fa9b12 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -4,7 +4,7 @@ // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // vim: sw=8 ts=8 -char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.103 2005-05-13 01:29:40 bodea Exp $"; +char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.104 2005-05-16 04:51:16 bodea Exp $"; #include #include @@ -1566,7 +1566,7 @@ void sendipcp(tunnelidt t, sessionidt s) if (!q) return; *q = ConfigReq; - q[1] = r << RADIUS_SHIFT; // ID, dont care, we only send one type of request + q[1] = r >> RADIUS_SHIFT; // ID, dont care, we only send one type of request *(uint16_t *) (q + 2) = htons(10); q[4] = 3; q[5] = 6; @@ -1588,7 +1588,7 @@ void sendipcp(tunnelidt t, sessionidt s) if (!q) return; *q = ConfigReq; - q[1] = r << RADIUS_SHIFT; // ID, don't care, we + q[1] = r >> RADIUS_SHIFT; // ID, don't care, we // only send one type // of request *(uint16_t *) (q + 2) = htons(14); @@ -4005,7 +4005,7 @@ static void update_config() if (!config->numradiusservers) LOG(0, 0, 0, "No RADIUS servers defined!\n"); - config->num_radfds = 2 << RADIUS_SHIFT; + config->num_radfds = 1 << RADIUS_SHIFT; // parse radius_authtypes_s config->radius_authtypes = config->radius_authprefer = 0; diff --git a/l2tpns.h b/l2tpns.h index edb9daf..3406afd 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -1,5 +1,5 @@ // L2TPNS Global Stuff -// $Id: l2tpns.h,v 1.68 2005-05-08 07:13:56 bodea Exp $ +// $Id: l2tpns.h,v 1.69 2005-05-16 04:51:16 bodea Exp $ #ifndef __L2TPNS_H__ #define __L2TPNS_H__ @@ -22,9 +22,9 @@ #define MAXSESSION 60000 // could be up to 65535 #define MAXTBFS 6000 // Maximum token bucket filters. Might need up to 2 * session. -#define RADIUS_SHIFT 5 -#define RADIUS_MASK ((unsigned short)(((unsigned short)~0) >> (16 - RADIUS_SHIFT))) -#define MAXRADIUS ((unsigned long)(1L << RADIUS_SHIFT) * 255) +#define RADIUS_SHIFT 6 +#define RADIUS_MASK ((1 << RADIUS_SHIFT) - 1) +#define MAXRADIUS ((1 << (RADIUS_SHIFT + 8)) - 1) #define T_UNDEF (0xffff) // A tunnel ID that won't ever be used. Mark session as undefined. #define T_FREE (0) // A tunnel ID that won't ever be used. Mark session as free. diff --git a/l2tpns.spec b/l2tpns.spec index e214492..1472f03 100644 --- a/l2tpns.spec +++ b/l2tpns.spec @@ -43,5 +43,5 @@ rm -rf %{buildroot} %attr(644,root,root) /usr/share/man/man[58]/* %changelog -* Tue May 10 2005 Brendan O'Dea 2.1.0-1 +* Mon May 16 2005 Brendan O'Dea 2.1.0-1 - 2.1.0 release, see /usr/share/doc/l2tpns-2.1.0/Changes diff --git a/radius.c b/radius.c index a9fc7e6..2c5fe60 100644 --- a/radius.c +++ b/radius.c @@ -1,6 +1,6 @@ // L2TPNS Radius Stuff -char const *cvs_id_radius = "$Id: radius.c,v 1.30 2005-05-07 08:17:26 bodea Exp $"; +char const *cvs_id_radius = "$Id: radius.c,v 1.31 2005-05-16 04:51:16 bodea Exp $"; #include #include @@ -163,12 +163,12 @@ void radiussend(uint16_t r, uint8_t state) switch (state) { case RADIUSAUTH: - b[0] = 1; // access request + b[0] = AccessRequest; // access request break; case RADIUSSTART: case RADIUSSTOP: case RADIUSINTERIM: - b[0] = 4; // accounting request + b[0] = AccountingRequest; // accounting request break; default: LOG(0, 0, 0, "Unknown radius state %d\n", state); -- 2.20.1 From ed5752f08407ab9a7a5a13978f8f39a81c401260 Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Mon, 16 May 2005 05:50:54 +0000 Subject: [PATCH 13/16] off by one --- l2tpns.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/l2tpns.h b/l2tpns.h index 3406afd..908180f 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -1,5 +1,5 @@ // L2TPNS Global Stuff -// $Id: l2tpns.h,v 1.69 2005-05-16 04:51:16 bodea Exp $ +// $Id: l2tpns.h,v 1.70 2005-05-16 05:50:54 bodea Exp $ #ifndef __L2TPNS_H__ #define __L2TPNS_H__ @@ -24,7 +24,7 @@ #define RADIUS_SHIFT 6 #define RADIUS_MASK ((1 << RADIUS_SHIFT) - 1) -#define MAXRADIUS ((1 << (RADIUS_SHIFT + 8)) - 1) +#define MAXRADIUS (1 << 8 + RADIUS_SHIFT) #define T_UNDEF (0xffff) // A tunnel ID that won't ever be used. Mark session as undefined. #define T_FREE (0) // A tunnel ID that won't ever be used. Mark session as free. -- 2.20.1 From 2b5cae3b51b9b575d98acc611035b3dcf56c6d72 Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Mon, 16 May 2005 05:56:33 +0000 Subject: [PATCH 14/16] supress warning --- l2tpns.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/l2tpns.h b/l2tpns.h index 908180f..f96f9d6 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -1,5 +1,5 @@ // L2TPNS Global Stuff -// $Id: l2tpns.h,v 1.70 2005-05-16 05:50:54 bodea Exp $ +// $Id: l2tpns.h,v 1.71 2005-05-16 05:56:33 bodea Exp $ #ifndef __L2TPNS_H__ #define __L2TPNS_H__ @@ -24,7 +24,7 @@ #define RADIUS_SHIFT 6 #define RADIUS_MASK ((1 << RADIUS_SHIFT) - 1) -#define MAXRADIUS (1 << 8 + RADIUS_SHIFT) +#define MAXRADIUS (1 << (8 + RADIUS_SHIFT)) #define T_UNDEF (0xffff) // A tunnel ID that won't ever be used. Mark session as undefined. #define T_FREE (0) // A tunnel ID that won't ever be used. Mark session as free. -- 2.20.1 From 5fac6af5f0b93b66ff8e3392704d4a3a69e65b7b Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Mon, 16 May 2005 06:01:08 +0000 Subject: [PATCH 15/16] add new radius state --- cli.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cli.c b/cli.c index 886bf1f..84057e8 100644 --- a/cli.c +++ b/cli.c @@ -2,7 +2,7 @@ // vim: sw=8 ts=8 char const *cvs_name = "$Name: $"; -char const *cvs_id_cli = "$Id: cli.c,v 1.57 2005-05-09 08:53:50 bodea Exp $"; +char const *cvs_id_cli = "$Id: cli.c,v 1.58 2005-05-16 06:01:08 bodea Exp $"; #include #include @@ -1018,6 +1018,7 @@ static int cmd_show_radius(struct cli_def *cli, char *command, char **argv, int "IPCP", "START", "STOP", + "INTRM", "WAIT", }; -- 2.20.1 From c98bf0cb8b1e6144f57e6e12b75dcf7c0512746b Mon Sep 17 00:00:00 2001 From: Brendan O'Dea Date: Fri, 20 May 2005 01:32:14 +0000 Subject: [PATCH 16/16] use 1452 as MRU --- l2tpns.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/l2tpns.h b/l2tpns.h index f96f9d6..06815cc 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -1,5 +1,5 @@ // L2TPNS Global Stuff -// $Id: l2tpns.h,v 1.71 2005-05-16 05:56:33 bodea Exp $ +// $Id: l2tpns.h,v 1.72 2005-05-20 01:32:14 bodea Exp $ #ifndef __L2TPNS_H__ #define __L2TPNS_H__ @@ -43,7 +43,7 @@ #define ECHO_TIMEOUT 60 // Time between last packet sent and LCP ECHO generation #define IDLE_TIMEOUT 240 // Time between last packet sent and LCP ECHO generation #define BUSY_WAIT_TIME 3000 // 5 minutes in 1/10th seconds to wait for radius to cleanup on shutdown -#define DEFAULT_MRU 1458 // maximum packet size to avoid fragmentation when LNS ethernet MTU is 1500 +#define DEFAULT_MRU 1452 // maximum packet size to avoid fragmentation when LNS ethernet MTU is 1500 // Constants #ifndef ETCDIR -- 2.20.1