welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

first version of the LAC functionality

Browse source
This commit is contained in:
fendo 2012-11-28 23:43:33 +01:00
parent 7fd68b1dae
commit 4df24fd868
7 changed files with 582 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Makefile
View file

@ -43,6 +43,9 @@ endif
DEFINES += -DBGP DEFINES += -DBGP
OBJS += bgp.o OBJS += bgp.o
DEFINES += -DLAC
OBJS += l2tplac.o
all: programs plugins all: programs plugins
programs: $(PROGRAMS) programs: $(PROGRAMS)
plugins: $(PLUGINS) plugins: $(PLUGINS)

61
cli.c
View file

@ -31,6 +31,9 @@
#ifdef BGP #ifdef BGP
#include "bgp.h" #include "bgp.h"
#endif #endif
#ifdef LAC
#include "l2tplac.h"
#endif
extern tunnelt *tunnel; extern tunnelt *tunnel;
extern bundlet *bundle; extern bundlet *bundle;
@ -99,7 +102,9 @@ static int cmd_remove_plugin(struct cli_def *cli, char *command, char **argv, in
static int cmd_uptime(struct cli_def *cli, char *command, char **argv, int argc); static int cmd_uptime(struct cli_def *cli, char *command, char **argv, int argc);
static int cmd_shutdown(struct cli_def *cli, char *command, char **argv, int argc); static int cmd_shutdown(struct cli_def *cli, char *command, char **argv, int argc);
static int cmd_reload(struct cli_def *cli, char *command, char **argv, int argc); static int cmd_reload(struct cli_def *cli, char *command, char **argv, int argc);
#ifdef LAC
static int cmd_setforward(struct cli_def *cli, char *command, char **argv, int argc);
#endif
static int regular_stuff(struct cli_def *cli); static int regular_stuff(struct cli_def *cli);
@ -222,6 +227,10 @@ void init_cli()
cli_register_command(cli, NULL, "set", cmd_set, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Set a configuration variable"); cli_register_command(cli, NULL, "set", cmd_set, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Set a configuration variable");
#ifdef LAC
cli_register_command(cli, NULL, "setforward", cmd_setforward, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Set the Remote LNS Forward");
#endif
c = cli_register_command(cli, NULL, "ip", NULL, PRIVILEGE_PRIVILEGED, MODE_CONFIG, NULL); c = cli_register_command(cli, NULL, "ip", NULL, PRIVILEGE_PRIVILEGED, MODE_CONFIG, NULL);
cli_register_command(cli, c, "access-list", cmd_ip_access_list, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Add named access-list"); cli_register_command(cli, c, "access-list", cmd_ip_access_list, PRIVILEGE_PRIVILEGED, MODE_CONFIG, "Add named access-list");
@ -3095,3 +3104,53 @@ static int cmd_reload(struct cli_def *cli, char *command, char **argv, int argc)
kill(getppid(), SIGHUP); kill(getppid(), SIGHUP);
return CLI_OK; return CLI_OK;
} }
#ifdef LAC
static int cmd_setforward(struct cli_def *cli, char *command, char **argv, int argc)
{
int ret;
if (CLI_HELP_REQUESTED)
{
switch (argc)
{
case 1:
return cli_arg_help(cli, 0,
"MASK", "Users mask to forward (ex: myISP@operator.com)", NULL);
case 2:
return cli_arg_help(cli, 0,
"IP", "IP of the remote LNS(ex: 64.64.64.64)", NULL);
case 3:
return cli_arg_help(cli, 0,
"PORT", "Port of the remote LNS (ex: 1701)", NULL);
case 4:
return cli_arg_help(cli, 0,
"SECRET", "l2tp secret of the remote LNS (ex: mysecretpsw)", NULL);
default:
return cli_arg_help(cli, argc > 1, NULL);
}
}
if (argc != 4)
{
cli_error(cli, "Specify variable and value");
return CLI_OK;
}
// adremotelns(mask, IP_RemoteLNS, Port_RemoteLNS, SecretRemoteLNS)
ret = addremotelns(argv[0], argv[1], argv[2], argv[3]);
if (ret)
cli_print(cli, "setforward %s %s %s %s", argv[0], argv[1], argv[2], argv[3]);
else
cli_error(cli, "ERROR setforward %s %s %s %s", argv[0], argv[1], argv[2], argv[3]);
return CLI_OK;
}
#endif

322
l2tplac.c Normal file
View file

@ -0,0 +1,322 @@
/*
* Add functionality "LAC" to l2tpns.
* Used to forward a ppp session to another "LNS".
*/
#include <errno.h>
#include <string.h>
#include "md5.h"
#include "l2tpns.h"
#include "util.h"
#include "l2tplac.h"
/* sequence diagram: Client <--> LAC <--> LNS1 <--> LNS2
*
* LCP Negotiation
* Client <-------------------> LAC
* Challenge (CHAP/PAP)
* Client <-------------------> LAC
* SCCRQ
* LAC --------------------> LNS1 (Tunnel Open)
* SCCRP
* LAC <-------------------- LNS1 (Tunnel Open)
* SCCCN
* LAC --------------------> LNS1 (Tunnel Open)
* ZLB
* LAC <-------------------- LNS1 (Tunnel Open)
* ICRQ
* LAC --------------------> LNS1 (Session Open)
* ICRP
* LAC <-------------------- LNS1 (Session Open)
* ICCN
* LAC --------------------> LNS1 (Session Open)
* ZLB
* LAC <-------------------- LNS1 (Session Open)
* LCP Negotiation
* Client <---------------------------------------------> LNS1
* Challenge (CHAP/PAP)
* Client <---------------------------------------------> LNS1
* SCCRQ
* LNS1 --------------------> LNS2 (Tunnel Open)
* SCCRP
* LNS1 <-------------------- LNS2 (Tunnel Open)
* SCCCN
* LNS1 --------------------> LNS2 (Tunnel Open)
* ZLB
* LNS1 <-------------------- LNS2 (Tunnel Open)
* ICRQ
* LNS1 --------------------> LNS2 (Session Open)
* ICRP
* LNS1 <-------------------- LNS2 (Session Open)
* ICCN
* LNS1 --------------------> LNS2 (Session Open)
* ZLB
* LNS1 <-------------------- LNS2 (Session Open)
* LCP Negotiation
* Client <------------------------------------------------------------------------> LNS2
* PAP/CHAP Authentification
* Client <------------------------------------------------------------------------> LNS2
* DATA (ppp)
* Client <------------------------------------------------------------------------> LNS2
* */
// Limits
#define MAXRLNSTUNNEL 101
typedef uint16_t confrlnsidt;
/*
* Possible configrlns states
* TUNNELFREE -> TUNNELOPEN -> TUNNELDIE -> TUNNELFREE
*/
enum
{
CONFRLNSFREE = 0, // Not in use
CONFRLNSSET // Config Set
};
// struct remote lns
typedef struct
{
tunnelidt tid; // near end tunnel ID
int state; // conf state (tunnelstate enum)
in_addr_t ip; // Ip for far end
uint16_t port; // port for far end
hasht auth; // request authenticator
char strmaskuser[MAXUSER];
char l2tp_secret[64]; // L2TP shared secret
}
configrlns;
configrlns *pconfigrlns = NULL; // Array of tunnel structures.
// Init data structures
void initremotelnsdata()
{
confrlnsidt i;
if ( !(pconfigrlns = shared_malloc(sizeof(pconfigrlns[0]) * MAXRLNSTUNNEL)) )
{
LOG(0, 0, 0, "Error doing malloc for tunnels lac: %s\n", strerror(errno));
exit(1);
}
memset(pconfigrlns, 0, sizeof(pconfigrlns[0]) * MAXRLNSTUNNEL);
// Mark all the tunnels as undefined (waiting to be filled in by a download).
for (i = 1; i < MAXRLNSTUNNEL; i++)
pconfigrlns[i].state = CONFRLNSFREE; // mark it as not filled in.
config->highest_rlnsid = 0;
}
// Check if must be forwarded to another LNS
int forwardtolns(sessionidt s, char * puser)
{
tunnelidt t;
confrlnsidt i;
for (i = 1; i <= config->highest_rlnsid ; ++i)
{
if ( NULL != strstr(puser, pconfigrlns[i].strmaskuser))
{
t = pconfigrlns[i].tid;
if ((t != 0) && (tunnel[t].ip != pconfigrlns[i].ip))
{
pconfigrlns[i].tid = t = 0;
LOG(1, 0, t, "Tunnel ID inconsistency\n");
}
if (t == 0)
{
if (main_quit == QUIT_SHUTDOWN) return 0;
// Start Open Tunnel
if (!(t = lac_new_tunnel()))
{
LOG(1, 0, 0, "No more tunnels\n");
STAT(tunnel_overflow);
return 0;
}
lac_tunnelclear(t);
tunnel[t].ip = pconfigrlns[i].ip;
tunnel[t].port = pconfigrlns[i].port;
tunnel[t].window = 4; // default window
STAT(tunnel_created);
LOG(1, 0, t, "New (REMOTE LNS) tunnel to %s:%u ID %u\n", fmtaddr(htonl(tunnel[t].ip), 0), tunnel[t].port, t);
random_data(pconfigrlns[i].auth, sizeof(pconfigrlns[i].auth));
pconfigrlns[i].tid = t;
lac_send_SCCRQ(t, pconfigrlns[i].auth, sizeof(pconfigrlns[i].auth));
}
else if (tunnel[t].state == TUNNELOPEN)
{
if (main_quit != QUIT_SHUTDOWN)
{
/**********************/
/** Open New session **/
/**********************/
sessionidt new_sess = sessionfree;
sessionfree = session[new_sess].next;
memset(&session[new_sess], 0, sizeof(session[new_sess]));
if (new_sess > config->cluster_highest_sessionid)
config->cluster_highest_sessionid = new_sess;
session[new_sess].opened = time_now;
session[new_sess].tunnel = t;
session[new_sess].last_packet = session[s].last_data = time_now;
session[new_sess].ppp.phase = Establish;
session[new_sess].ppp.lcp = Starting;
// Sent ICRQ Incoming-call-request
lac_send_ICRQ(t, new_sess);
// Set session to forward to another LNS
session[s].forwardtosession = new_sess;
session[new_sess].forwardtosession = s;
STAT(session_created);
}
else
{
lac_tunnelshutdown(t, "Shutting down", 6, 0, 0);
pconfigrlns[i].tid = 0;
}
}
else
{
/** TODO **/
LOG(1, 0, t, "(REMOTE LNS) tunnel is not open\n");
}
return 1;
}
}
return 0;
}
static tunnelidt getidrlns(tunnelidt t)
{
confrlnsidt idrlns;
for (idrlns = 1; idrlns <= config->highest_rlnsid ; ++idrlns)
{
if (pconfigrlns[idrlns].tid == t) return idrlns;
}
return 0;
}
int istunneltolns(tunnelidt t)
{
confrlnsidt idrlns;
for (idrlns = 1; idrlns <= config->highest_rlnsid ; ++idrlns)
{
if (pconfigrlns[idrlns].tid == t) return 1;
}
return 0;
}
void calc_lac_auth(tunnelidt t, uint8_t id, uint8_t *out)
{
MD5_CTX ctx;
confrlnsidt idrlns;
idrlns = getidrlns(t);
MD5_Init(&ctx);
MD5_Update(&ctx, &id, 1);
MD5_Update(&ctx, pconfigrlns[idrlns].l2tp_secret, strlen(pconfigrlns[idrlns].l2tp_secret));
MD5_Update(&ctx, pconfigrlns[idrlns].auth, 16);
MD5_Final(out, &ctx);
}
// Forward session to external LNS
int session_forward_tolns(uint8_t *buf, int len, sessionidt sess, uint16_t proto)
{
uint16_t t = 0, s = 0;
uint8_t *p = buf + 2; // First word L2TP options
s = session[sess].forwardtosession;
if (session[s].forwardtosession != sess)
{
LOG(0, sess, session[sess].tunnel, "Link Session (%u) broken\n", s);
return 0;
}
t = session[s].tunnel;
if (t >= MAXTUNNEL)
{
LOG(1, s, t, "Session with invalid tunnel ID\n");
return 0;
}
if (*buf & 0x40)
{ // length
p += 2;
}
*(uint16_t *) p = htons(tunnel[t].far); // tunnel
p += 2;
*(uint16_t *) p = htons(session[s].far); // session
p += 2;
if (*buf & 0x08)
{ // ns/nr
*(uint16_t *) p = htons(tunnel[t].ns); // sequence
p += 2;
*(uint16_t *) p = htons(tunnel[t].nr); // sequence
p += 2;
}
if ((proto == PPPIP) || (proto == PPPMP) ||(proto == PPPIPV6 && config->ipv6_prefix.s6_addr[0]))
{
session[sess].last_packet = session[sess].last_data = time_now;
}
else
session[sess].last_packet = time_now;
tunnelsend(buf, len, t); // send it...
return 1;
}
int addremotelns(char *mask, char *IP_RemoteLNS, char *Port_RemoteLNS, char *SecretRemoteLNS)
{
confrlnsidt idrlns;
for (idrlns = 1; idrlns < MAXRLNSTUNNEL; ++idrlns)
{
if (pconfigrlns[idrlns].state == CONFRLNSFREE)
{
snprintf((char *) pconfigrlns[idrlns].strmaskuser, sizeof(pconfigrlns[idrlns].strmaskuser), "%s", mask);
pconfigrlns[idrlns].ip = ntohl(inet_addr(IP_RemoteLNS));
pconfigrlns[idrlns].port = atoi(Port_RemoteLNS);
snprintf((char *) pconfigrlns[idrlns].l2tp_secret, sizeof(pconfigrlns[idrlns].l2tp_secret), "%s", SecretRemoteLNS);
config->highest_rlnsid = idrlns;
pconfigrlns[idrlns].state = CONFRLNSSET;
LOG(1, 0, 0, "New Remote LNS conf (count %u) mask:%s IP:%s Port:%u l2tpsecret:*****\n", idrlns,
pconfigrlns[idrlns].strmaskuser, fmtaddr(htonl(pconfigrlns[idrlns].ip), 0),
pconfigrlns[idrlns].port);
return 1;
}
}
LOG(0, 0, 0, "No more Remote LNS Conf Free\n");
return 0;
}

14
l2tplac.h Normal file
View file

@ -0,0 +1,14 @@
/* L2TPLAC */
/* $Id: l2tplac.h,v 1.0 2012-07-01 14:49:28 fendo Exp $ */
#ifndef __L2TPLAC_H__
#define __L2TPLAC_H__
// l2tplac.c
void initremotelnsdata();
int session_forward_tolns(uint8_t *buf, int len, sessionidt sess, uint16_t proto);
int forwardtolns(sessionidt s, char * puser);
void calc_lac_auth(tunnelidt t, uint8_t id, uint8_t *out);
int istunneltolns(tunnelidt t);
int addremotelns(char *mask, char *IP_RemoteLNS, char *Port_RemoteLNS, char *SecretRemoteLNS);
#endif /* __L2TPLAC_H__ */

145
l2tpns.c
View file

@ -53,6 +53,15 @@
#include "bgp.h" #include "bgp.h"
#endif #endif
#ifdef LAC
#include "l2tplac.h"
#endif
#ifdef LAC
char * Vendor_name = "Linux L2TPNS";
uint32_t call_serial_number = 0;
#endif
// Globals // Globals
configt *config = NULL; // all configuration configt *config = NULL; // all configuration
int nlfd = -1; // netlink socket int nlfd = -1; // netlink socket
@ -160,8 +169,10 @@ config_descriptt config_values[] = {
CONFIG("ipv6_prefix", ipv6_prefix, IPv6), CONFIG("ipv6_prefix", ipv6_prefix, IPv6),
CONFIG("cli_bind_address", cli_bind_address, IPv4), CONFIG("cli_bind_address", cli_bind_address, IPv4),
CONFIG("hostname", hostname, STRING), CONFIG("hostname", hostname, STRING),
#ifdef BGP
CONFIG("nexthop_address", nexthop_address, IPv4), CONFIG("nexthop_address", nexthop_address, IPv4),
CONFIG("nexthop6_address", nexthop6_address, IPv6), CONFIG("nexthop6_address", nexthop6_address, IPv6),
#endif
CONFIG("echo_timeout", echo_timeout, INT), CONFIG("echo_timeout", echo_timeout, INT),
CONFIG("idle_echo_timeout", idle_echo_timeout, INT), CONFIG("idle_echo_timeout", idle_echo_timeout, INT),
{ NULL, 0, 0, 0 }, { NULL, 0, 0, 0 },
@ -224,13 +235,6 @@ static tunnelidt new_tunnel(void);
static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len); static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vector, size_t vec_len);
static void bundleclear(bundleidt b); static void bundleclear(bundleidt b);
// on slaves, alow BGP to withdraw cleanly before exiting
#define QUIT_DELAY 5
// quit actions (master)
#define QUIT_FAILOVER 1 // SIGTERM: exit when all control messages have been acked (for cluster failover)
#define QUIT_SHUTDOWN 2 // SIGQUIT: shutdown sessions/tunnels, reject new connections
// return internal time (10ths since process startup), set f if given // return internal time (10ths since process startup), set f if given
// as a side-effect sets time_now, and time_changed // as a side-effect sets time_now, and time_changed
static clockt now(double *f) static clockt now(double *f)
@ -2719,6 +2723,15 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
} }
break; break;
case 13: // Response case 13: // Response
#ifdef LAC
if (istunneltolns(t))
{
chapresponse = calloc(17, 1);
memcpy(chapresponse, b, (n < 17) ? n : 16);
LOG(1, s, t, "received challenge response from (REMOTE LNS)\n");
}
else
#endif /* LAC */
// Why did they send a response? We never challenge. // Why did they send a response? We never challenge.
LOG(2, s, t, " received unexpected challenge response\n"); LOG(2, s, t, " received unexpected challenge response\n");
break; break;
@ -2962,6 +2975,39 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
case 2: // SCCRP case 2: // SCCRP
tunnel[t].state = TUNNELOPEN; tunnel[t].state = TUNNELOPEN;
tunnel[t].lastrec = time_now; tunnel[t].lastrec = time_now;
#ifdef LAC
LOG(1, s, t, "Recieved SCCRP (REMOTE LNS)\n");
if (main_quit != QUIT_SHUTDOWN)
{
if (istunneltolns(t) && chapresponse)
{
hasht hash;
calc_lac_auth(t, 2, hash); // id = 2 (SCCRP)
// check authenticator
if (memcmp(hash, chapresponse, 16) == 0)
{
controlt *c = controlnew(3); // sending SCCCN
controls(c, 7, hostname, 1); // host name
controls(c, 8, Vendor_name, 1); // Vendor name
control16(c, 2, version, 1); // protocol version
control32(c, 3, 3, 1); // framing Capabilities
control16(c, 9, t, 1); // assigned tunnel
controladd(c, 0, t); // send
LOG(1, s, t, "sending SCCCN (REMOTE LNS)\n");
}
else
{
tunnelshutdown(t, "(REMOTE LNS) Bad chap response", 4, 0, 0);
}
}
}
else
{
tunnelshutdown(t, "Shutting down", 6, 0, 0);
}
#endif /* LAC */
break; break;
case 3: // SCCN case 3: // SCCN
tunnel[t].state = TUNNELOPEN; tunnel[t].state = TUNNELOPEN;
@ -3029,7 +3075,23 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
} }
return; return;
case 11: // ICRP case 11: // ICRP
// TBA #ifdef LAC
LOG(1, s, t, "Recieved ICRP (REMOTE LNS)\n");
if (session[s].forwardtosession)
{
controlt *c = controlnew(12); // ICCN
session[s].opened = time_now;
session[s].tunnel = t;
session[s].far = asession;
session[s].last_packet = session[s].last_data = time_now;
control32(c, 19, 1, 1); // Framing Type
control32(c, 24, 10000000, 1); // Tx Connect Speed
controladd(c, asession, t); // send the message
LOG(1, s, t, "Sending ICCN (REMOTE LNS)\n");
}
#endif /* LAC */
break; break;
case 12: // ICCN case 12: // ICCN
if (amagic == 0) amagic = time_now; if (amagic == 0) amagic = time_now;
@ -3052,6 +3114,9 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
case 14: // CDN case 14: // CDN
controlnull(t); // ack controlnull(t); // ack
#ifdef LAC
#endif /* LAC */
sessionshutdown(s, disc_reason, CDN_NONE, disc_cause); sessionshutdown(s, disc_reason, CDN_NONE, disc_cause);
break; break;
case 0xFFFF: case 0xFFFF:
@ -3101,6 +3166,16 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
l -= 2; l -= 2;
} }
#ifdef LAC
if (session[s].forwardtosession)
{
LOG(4, s, t, "Forwarding data session to %u (REMOTE LNS)\n", session[s].forwardtosession);
// Forward to Remote LNS
session_forward_tolns(buf, len, s, proto);
return;
}
#endif /* LAC */
if (s && !session[s].opened) // Is something wrong?? if (s && !session[s].opened) // Is something wrong??
{ {
if (!config->cluster_iam_master) if (!config->cluster_iam_master)
@ -3110,7 +3185,6 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
return; return;
} }
LOG(1, s, t, "UDP packet contains session which is not opened. Dropping packet.\n"); LOG(1, s, t, "UDP packet contains session which is not opened. Dropping packet.\n");
STAT(tunnel_rx_errors); STAT(tunnel_rx_errors);
return; return;
@ -4400,6 +4474,10 @@ static void initdata(int optdebug, char *optconfig)
exit(1); exit(1);
} }
#endif /* BGP */ #endif /* BGP */
#ifdef LAC
initremotelnsdata();
#endif
} }
static int assign_ip_address(sessionidt s) static int assign_ip_address(sessionidt s)
@ -6146,3 +6224,52 @@ int ip_filter(uint8_t *buf, int len, uint8_t filter)
// default deny // default deny
return 0; return 0;
} }
#ifdef LAC
tunnelidt lac_new_tunnel()
{
return new_tunnel();
}
void lac_tunnelclear(tunnelidt t)
{
tunnelclear(t);
}
void lac_send_SCCRQ(tunnelidt t, uint8_t * auth, unsigned int auth_len)
{
uint16_t version = 0x0100; // protocol version
tunnel[t].state = TUNNELOPENING;
// Sent SCCRQ - Start Control Connection Request
controlt *c = controlnew(1); // sending SCCRQ
controls(c, 7, hostname, 1); // host name
controls(c, 8, Vendor_name, 1); // Vendor name
control16(c, 2, version, 1); // protocol version
control32(c, 3, 3, 1); // framing Capabilities
control16(c, 9, t, 1); // assigned tunnel
controlb(c, 11, (uint8_t *) auth, auth_len, 1); // CHAP Challenge
LOG(1, 0, t, "Sent SCCRQ tunnel (REMOTE LNS)\n");
controladd(c, 0, t); // send
}
void lac_send_ICRQ(tunnelidt t, sessionidt s)
{
// Sent ICRQ Incoming-call-request
controlt *c = controlnew(10); // ICRQ
control16(c, 14, s, 1); // assigned sesion
call_serial_number++;
control32(c, 15, call_serial_number, 1); // call serial number
LOG(1, s, t, "Sent ICRQ (REMOTE LNS) (tunnel far ID %u)\n", tunnel[t].far);
controladd(c, 0, t); // send
}
void lac_tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg)
{
tunnelshutdown(t, reason, result, error, msg);
}
#endif

22
l2tpns.h
View file

@ -321,7 +321,12 @@ typedef struct
char class[MAXCLASS]; char class[MAXCLASS];
uint8_t ipv6prefixlen; // IPv6 route prefix length uint8_t ipv6prefixlen; // IPv6 route prefix length
struct in6_addr ipv6route; // Static IPv6 route struct in6_addr ipv6route; // Static IPv6 route
#ifdef LAC
sessionidt forwardtosession; // LNS id_session to forward
char reserved[10]; // Space to expand structure without changing HB_VERSION
#else
char reserved[12]; // Space to expand structure without changing HB_VERSION char reserved[12]; // Space to expand structure without changing HB_VERSION
#endif
} }
sessiont; sessiont;
@ -750,6 +755,9 @@ typedef struct
int echo_timeout; // Time between last packet sent and LCP ECHO generation int echo_timeout; // Time between last packet sent and LCP ECHO generation
int idle_echo_timeout; // Time between last packet seen and int idle_echo_timeout; // Time between last packet seen and
// Drop sessions who have not responded within IDLE_ECHO_TIMEOUT seconds // Drop sessions who have not responded within IDLE_ECHO_TIMEOUT seconds
#ifdef LAC
int highest_rlnsid;
#endif
} configt; } configt;
enum config_typet { INT, STRING, UNSIGNED_LONG, SHORT, BOOL, IPv4, IPv6 }; enum config_typet { INT, STRING, UNSIGNED_LONG, SHORT, BOOL, IPv4, IPv6 };
@ -843,6 +851,13 @@ typedef struct
#define TERM_PORT_REINIT 21 #define TERM_PORT_REINIT 21
#define TERM_PORT_DISABLED 22 #define TERM_PORT_DISABLED 22
// on slaves, alow BGP to withdraw cleanly before exiting
#define QUIT_DELAY 5
// quit actions (master)
#define QUIT_FAILOVER 1 // SIGTERM: exit when all control messages have been acked (for cluster failover)
#define QUIT_SHUTDOWN 2 // SIGQUIT: shutdown sessions/tunnels, reject new connections
// arp.c // arp.c
void sendarp(int ifr_idx, const unsigned char* mac, in_addr_t ip); void sendarp(int ifr_idx, const unsigned char* mac, in_addr_t ip);
@ -904,6 +919,13 @@ int ip_filter(uint8_t *buf, int len, uint8_t filter);
int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc); int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc);
int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc); int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc);
int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc); int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc);
#ifdef LAC
tunnelidt lac_new_tunnel();
void lac_tunnelclear(tunnelidt t);
void lac_send_SCCRQ(tunnelidt t, uint8_t * auth, unsigned int auth_len);
void lac_send_ICRQ(tunnelidt t, sessionidt s);
void lac_tunnelshutdown(tunnelidt t, char *reason, int result, int error, char *msg);
#endif
#undef LOG #undef LOG
#undef LOG_HEX #undef LOG_HEX

25
ppp.c
View file

@ -1,5 +1,7 @@
// L2TPNS PPP Stuff // L2TPNS PPP Stuff
//#define LAC
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <unistd.h> #include <unistd.h>
@ -12,6 +14,10 @@
#include "tbf.h" #include "tbf.h"
#include "cluster.h" #include "cluster.h"
#ifdef LAC
#include "l2tplac.h"
#endif
extern tunnelt *tunnel; extern tunnelt *tunnel;
extern bundlet *bundle; extern bundlet *bundle;
extern fragmentationt *frag; extern fragmentationt *frag;
@ -100,6 +106,14 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
LOG(3, s, t, "PAP login %s/%s\n", user, pass); LOG(3, s, t, "PAP login %s/%s\n", user, pass);
} }
#ifdef LAC
if (forwardtolns(s, user))
{
LOG(3, s, t, "Forwarding login for %s to other LNS\n", user);
return;
}
#endif
if (session[s].ip || !(r = radiusnew(s))) if (session[s].ip || !(r = radiusnew(s)))
{ {
// respond now, either no RADIUS available or already authenticated // respond now, either no RADIUS available or already authenticated
@ -251,6 +265,17 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
packet.username = calloc(l + 1, 1); packet.username = calloc(l + 1, 1);
memcpy(packet.username, p, l); memcpy(packet.username, p, l);
#ifdef LAC
if (forwardtolns(s, packet.username))
{
LOG(3, s, t, "Forwarding login for %s to other LNS\n", packet.username);
free(packet.username);
free(packet.password);
return;
}
#endif
run_plugins(PLUGIN_PRE_AUTH, &packet); run_plugins(PLUGIN_PRE_AUTH, &packet);
if (!packet.continue_auth) if (!packet.continue_auth)
{ {