welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Per-user upload and download throttle rates - Yuri

Browse source 
Make autothrottle.so understand cisco lcp:interface-config - Yuri
Show filter stats in show session - Yuri
This commit is contained in:
David Parrish 2004-08-26 06:22:37 +00:00
parent abbc5c5fce
commit 551daa285a
6 changed files with 198 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Changes
View file

@ -12,6 +12,9 @@
- Add support for LCP Ident and CallBack (rejection only) from Yuri - Add support for LCP Ident and CallBack (rejection only) from Yuri
- Initiate LCP if not attempted by the client, or in renegotiation - Yuri - Initiate LCP if not attempted by the client, or in renegotiation - Yuri
- Indentation and style cleanups - Indentation and style cleanups
- Per-user upload and download throttle rates - Yuri
- Make autothrottle.so understand cisco lcp:interface-config - Yuri
- Show filter stats in show session - Yuri
* Tue Jul 13 2004 Brendan O'Dea <bod@optusnet.com.au> 2.0.1 * Tue Jul 13 2004 Brendan O'Dea <bod@optusnet.com.au> 2.0.1
- Update INSTALL, Docs/manual.html documentation. - Update INSTALL, Docs/manual.html documentation.

59
autothrottle.c
View file

@ -10,21 +10,74 @@
int __plugin_api_version = 1; int __plugin_api_version = 1;
struct pluginfuncs *p; struct pluginfuncs *p;
#define THROTTLE_KEY "lcp:interface-config"
int plugin_radius_response(struct param_radius_response *data) int plugin_radius_response(struct param_radius_response *data)
{ {
if (strcmp(data->key, "throttle") == 0) char *t;
int i = 0;
int rate;
if (strncmp(data->key, THROTTLE_KEY, strlen(THROTTLE_KEY)) == 0)
{
char *pt = strdup(data->value);
while ((t = strsep(&pt, " ")) != NULL)
{
if (strcmp(t, "serv") == 0)
i = 1;
else if (strcmp(t, "o") && i == 1)
i = 2;
else if (strcmp(t, "i") && i == 1)
i = 3;
else if (i > 1 && (rate = atoi(t)) > 0)
{
switch (i)
{
case 2: // output
data->s->throttle |= (rate & 0xFFFF);
free(pt);
p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Set output throttle rate %dkb/s\n", rate);
return PLUGIN_RET_OK;
case 3: //input
data->s->throttle |= (rate << 16);
free(pt);
p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Set input throttle rate %dkb/s\n", rate);
return PLUGIN_RET_OK;
default:
p->log(1, 0, p->get_id_by_session(data->s), data->s->tunnel, "Syntax error in rate limit AV pair: %s=%s\n", data->key, data->value);
free(pt);
return PLUGIN_RET_OK;
}
}
else
{
free(pt);
p->log(1, 0, p->get_id_by_session(data->s), data->s->tunnel, "Syntax error in rate limit AV pair: %s=%s\n",
data->key, data->value);
return PLUGIN_RET_OK;
}
}
free(pt);
}
else if (strcmp(data->key, "throttle") == 0)
{ {
if (strcmp(data->value, "yes") == 0) if (strcmp(data->value, "yes") == 0)
{ {
p->log(3, 0, 0, 0, " Throttling user\n"); p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Throttling user\n");
data->s->throttle = 1; data->s->throttle = 1;
} }
else if (strcmp(data->value, "no") == 0) else if (strcmp(data->value, "no") == 0)
{ {
p->log(3, 0, 0, 0, " Not throttling user\n"); p->log(3, 0, p->get_id_by_session(data->s), data->s->tunnel, " Not throttling user\n");
data->s->throttle = 0; data->s->throttle = 0;
} }
} }
p->log(4, 0, p->get_id_by_session(data->s), data->s->tunnel, "autothrottle module ignoring AV pair %s=%s\n",
data->key, data->value);
return PLUGIN_RET_OK; return PLUGIN_RET_OK;
} }

142
cli.c
View file

@ -1,8 +1,8 @@
// L2TPNS Command Line Interface // L2TPNS Command Line Interface
// vim: sw=4 ts=8 // vim: sw=8 ts=8
char const *cvs_name = "$Name: $"; char const *cvs_name = "$Name: $";
char const *cvs_id_cli = "$Id: cli.c,v 1.12 2004-08-26 04:38:40 fred_nerk Exp $"; char const *cvs_id_cli = "$Id: cli.c,v 1.13 2004-08-26 06:22:37 fred_nerk Exp $";
#include <stdio.h> #include <stdio.h>
#include <stdarg.h> #include <stdarg.h>
@ -48,6 +48,7 @@ extern struct Tringbuffer *ringbuffer;
#endif #endif
extern struct cli_session_actions *cli_session_actions; extern struct cli_session_actions *cli_session_actions;
extern struct cli_tunnel_actions *cli_tunnel_actions; extern struct cli_tunnel_actions *cli_tunnel_actions;
extern tbft *filter_list;
char *debug_levels[] = { char *debug_levels[] = {
"CRIT", "CRIT",
@ -236,6 +237,9 @@ void init_cli(char *hostname)
void cli_do(int sockfd) void cli_do(int sockfd)
{ {
int i; int i;
int require_auth = 1;
struct sockaddr_in addr;
int l = sizeof(addr);
if (fork()) return; if (fork()) return;
if (config->scheduler_fifo) if (config->scheduler_fifo)
@ -278,33 +282,28 @@ void cli_do(int sockfd)
close(bgp_peers[i].sock); close(bgp_peers[i].sock);
#endif /* BGP */ #endif /* BGP */
if (getpeername(sockfd, (struct sockaddr *)&addr, &l) == 0)
{ {
int require_auth = 1; log(3, 0, 0, 0, "Accepted connection to CLI from %s\n", inet_toa(addr.sin_addr.s_addr));
struct sockaddr_in addr; require_auth = addr.sin_addr.s_addr != inet_addr("127.0.0.1");
int l = sizeof(addr); }
if (getpeername(sockfd, (struct sockaddr *)&addr, &l) == 0) else
{ log(0, 0, 0, 0, "getpeername() failed on cli socket. Requiring authentication: %s\n", strerror(errno));
log(3, 0, 0, 0, "Accepted connection to CLI from %s\n", inet_toa(addr.sin_addr.s_addr));
require_auth = addr.sin_addr.s_addr != inet_addr("127.0.0.1");
}
else
log(0, 0, 0, 0, "getpeername() failed on cli socket. Requiring authentication: %s\n", strerror(errno));
if (require_auth) if (require_auth)
{
log(3, 0, 0, 0, "CLI is remote, requiring authentication\n");
if (!cli->users) /* paranoia */
{ {
log(3, 0, 0, 0, "CLI is remote, requiring authentication\n"); log(0, 0, 0, 0, "No users for remote authentication! Exiting CLI\n");
if (!cli->users) /* paranoia */ exit(0);
{
log(0, 0, 0, 0, "No users for remote authentication! Exiting CLI\n");
exit(0);
}
}
else
{
/* no username/pass required */
cli->users = 0;
} }
} }
else
{
/* no username/pass required */
cli->users = 0;
}
debug_session = 0; debug_session = 0;
debug_tunnel = 0; debug_tunnel = 0;
@ -317,7 +316,7 @@ void cli_do(int sockfd)
cli_loop(cli, sockfd); cli_loop(cli, sockfd);
close(sockfd); close(sockfd);
log(3, 0, 0, 0, "Closed CLI connection\n"); log(3, 0, 0, 0, "Closed CLI connection from %s\n", inet_toa(addr.sin_addr.s_addr));
exit(0); exit(0);
} }
@ -385,7 +384,7 @@ int cmd_show_session(struct cli_def *cli, char *command, char **argv, int argc)
// Show individual session // Show individual session
for (i = 0; i < argc; i++) for (i = 0; i < argc; i++)
{ {
unsigned int s; unsigned int s, b_in, b_out;
s = atoi(argv[i]); s = atoi(argv[i]);
if (s <= 0 || s >= MAXSESSION) if (s <= 0 || s >= MAXSESSION)
{ {
@ -414,8 +413,41 @@ int cmd_show_session(struct cli_def *cli, char *command, char **argv, int argc)
cli_print(cli, " Intercepted: no"); cli_print(cli, " Intercepted: no");
cli_print(cli, " Throttled: %s", session[s].throttle ? "YES" : "no"); cli_print(cli, " Throttled: %s", session[s].throttle ? "YES" : "no");
cli_print(cli, " Walled Garden: %s", session[s].walled_garden ? "YES" : "no"); cli_print(cli, " Walled Garden: %s", session[s].walled_garden ? "YES" : "no");
cli_print(cli, " Filter BucketI: %d", session[s].tbf_in); b_in = session[s].tbf_in;
cli_print(cli, " Filter BucketO: %d", session[s].tbf_out); b_out = session[s].tbf_out;
if (b_in || b_out)
cli_print(cli, " %5s %6s %6s | %7s %7s %8s %8s %8s %8s",
"Rate", "Credit", "Queued", "ByteIn", "PackIn",
"ByteSent", "PackSent", "PackDrop", "PackDelay");
if (b_in)
cli_print(cli, " TBFI#%d%1s %5d %6d %6d | %7d %7d %8d %8d %8d %8d",
b_in,
(filter_list[b_in].next ? "*" : " "),
filter_list[b_in].rate * 8,
filter_list[b_in].credit,
filter_list[b_in].queued,
filter_list[b_in].b_queued,
filter_list[b_in].p_queued,
filter_list[b_in].b_sent,
filter_list[b_in].p_sent,
filter_list[b_in].p_dropped,
filter_list[b_in].p_delayed);
if (b_out)
cli_print(cli, " TBFO#%d%1s %5d %6d %6d | %7d %7d %8d %8d %8d %8d",
b_out,
(filter_list[b_out].next ? "*" : " "),
filter_list[b_out].rate * 8,
filter_list[b_out].credit,
filter_list[b_out].queued,
filter_list[b_out].b_queued,
filter_list[b_out].p_queued,
filter_list[b_out].b_sent,
filter_list[b_out].p_sent,
filter_list[b_out].p_dropped,
filter_list[b_out].p_delayed);
} }
return CLI_OK; return CLI_OK;
} }
@ -1227,12 +1259,27 @@ int cmd_no_snoop(struct cli_def *cli, char *command, char **argv, int argc)
int cmd_throttle(struct cli_def *cli, char *command, char **argv, int argc) int cmd_throttle(struct cli_def *cli, char *command, char **argv, int argc)
{ {
int i; int rate_in = 0;
int rate_out = 0;
sessionidt s; sessionidt s;
if (CLI_HELP_REQUESTED) if (CLI_HELP_REQUESTED)
return cli_arg_help(cli, argc > 1, {
"USER", "Username of session to throttle", NULL); switch (argc)
{
case 1:
return cli_arg_help(cli, 0, "user", "Username of session to throttle", NULL);
case 2:
return cli_arg_help(cli, 1, "rate", "Incoming rate in kb/s", NULL);
case 3:
return cli_arg_help(cli, 1, "rate", "Outgoing rate in kb/s", NULL);
default:
return cli_arg_help(cli, argc > 1, "user", "Username of session to throttle", NULL);
}
}
if (!config->cluster_iam_master) if (!config->cluster_iam_master)
{ {
@ -1240,31 +1287,26 @@ int cmd_throttle(struct cli_def *cli, char *command, char **argv, int argc)
return CLI_OK; return CLI_OK;
} }
if (!argc) rate_in = rate_out = config->rl_rate;
if (argc >= 2) rate_in = atoi(argv[1]);
if (argc >= 3) rate_out = atoi(argv[2]);
if (!(s = sessionbyuser(argv[0])))
{ {
cli_print(cli, "Specify a user"); cli_print(cli, "User %s is not connected", argv[0]);
return CLI_OK; return CLI_OK;
} }
for (i = 0; i < argc; i++) if (session[s].throttle)
{ {
if (!(s = sessionbyuser(argv[i]))) cli_print(cli, "User %s already throttled, unthrottle first", argv[0]);
{ return CLI_OK;
cli_print(cli, "User %s is not connected", argv[i]);
continue;
}
if (session[s].throttle)
{
cli_print(cli, "User %s already throttled", argv[i]);
continue;
}
cli_print(cli, "Throttling user %s", argv[i]);
cli_session_actions[s].throttle = config->rl_rate; // could be configurable at some stage
cli_session_actions[s].action |= CLI_SESS_THROTTLE;
} }
cli_print(cli, "Throttling user %s", argv[0]);
cli_session_actions[s].throttle = rate_in << 16 | rate_out;
cli_session_actions[s].action |= CLI_SESS_THROTTLE;
return CLI_OK; return CLI_OK;
} }
@ -1576,7 +1618,7 @@ int cmd_set(struct cli_def *cli, char *command, char **argv, int argc)
case 3: case 3:
if (!argv[2][1]) if (!argv[2][1])
return cli_arg_help(cli, 1, NULL); return cli_arg_help(cli, 1, NULL);
default: default:
return CLI_OK; return CLI_OK;

22
l2tpns.c
View file

@ -4,7 +4,7 @@
// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
// vim: sw=8 ts=8 // vim: sw=8 ts=8
char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.23 2004-08-26 04:43:52 fred_nerk Exp $"; char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.24 2004-08-26 06:22:37 fred_nerk Exp $";
#include <arpa/inet.h> #include <arpa/inet.h>
#include <assert.h> #include <assert.h>
@ -978,6 +978,9 @@ int throttle_session(sessionidt s, int throttle)
if (throttle) if (throttle)
{ {
int rate_in = throttle & 0x0000FFFF;
int rate_out = throttle >> 16;
if (session[s].tbf_in || session[s].tbf_out) if (session[s].tbf_in || session[s].tbf_out)
{ {
if (throttle == session[s].throttle) if (throttle == session[s].throttle)
@ -989,8 +992,8 @@ int throttle_session(sessionidt s, int throttle)
free_tbf(session[s].tbf_out); free_tbf(session[s].tbf_out);
} }
session[s].tbf_in = new_tbf(s, throttle*1024/4, throttle*1024/8, send_ipin); if (rate_in) session[s].tbf_in = new_tbf(s, rate_in * 1024 / 4, rate_in * 1024 / 8, send_ipin);
session[s].tbf_out = new_tbf(s, throttle*1024/4, throttle*1024/8, send_ipout); if (rate_out) session[s].tbf_out = new_tbf(s, rate_out * 1024 / 4, rate_out * 1024 / 8, send_ipout);
if (throttle != session[s].throttle) if (throttle != session[s].throttle)
{ {
@ -2144,8 +2147,9 @@ int regular_cleanups(void)
if (a & CLI_SESS_THROTTLE) if (a & CLI_SESS_THROTTLE)
{ {
log(2, 0, s, session[s].tunnel, "Throttling session by CLI (to %d)\n", log(2, 0, s, session[s].tunnel, "Throttling session by CLI (to %dkb/s up and %dkb/s down)\n",
cli_session_actions[s].throttle); cli_session_actions[s].throttle & 0xFFFF,
cli_session_actions[s].throttle >> 16);
throttle_session(s, cli_session_actions[s].throttle); throttle_session(s, cli_session_actions[s].throttle);
} }
@ -2879,10 +2883,10 @@ void dump_acct_info()
log(4, 0, 0, 0, "Dumping accounting information for %s\n", session[i].user); log(4, 0, 0, 0, "Dumping accounting information for %s\n", session[i].user);
fprintf(f, "%s %s %d %u %u\n", fprintf(f, "%s %s %d %u %u\n",
session[i].user, // username session[i].user, // username
inet_toa(htonl(session[i].ip)), // ip inet_toa(htonl(session[i].ip)), // ip
(session[i].throttle) ? 2 : 1, // qos (session[i].throttle) ? 2 : 1, // qos
(u32)session[i].cin, // uptxoctets (u32)session[i].cin, // uptxoctets
(u32)session[i].cout); // downrxoctets (u32)session[i].cout); // downrxoctets
session[i].pin = session[i].cin = 0; session[i].pin = session[i].cin = 0;

37
tbf.c
View file

@ -1,6 +1,6 @@
// L2TPNS: token bucket filters // L2TPNS: token bucket filters
char const *cvs_id_tbf = "$Id: tbf.c,v 1.4 2004-07-08 16:54:35 bodea Exp $"; char const *cvs_id_tbf = "$Id: tbf.c,v 1.5 2004-08-26 06:22:37 fred_nerk Exp $";
#define _GNU_SOURCE #define _GNU_SOURCE
@ -12,40 +12,7 @@ char const *cvs_id_tbf = "$Id: tbf.c,v 1.4 2004-07-08 16:54:35 bodea Exp $";
#include "util.h" #include "util.h"
#include "tbf.h" #include "tbf.h"
// Need a time interval. tbft *filter_list = NULL;
#define TBF_MAX_QUEUE 2 // Maximum of 2 queued packet per
#define TBF_MAX_SIZE 3000 // Maxiumum queued packet size is 2048.
#define TBF_MAX_CREDIT 6000 // Maximum 6000 bytes of credit.
#define TBF_RATE 360 // 360 bytes per 1/10th of a second.
typedef struct {
int credit;
int lasttime;
int queued;
int oldest; // Position of packet in the ring buffer.
sessionidt sid; // associated session ID.
int max_credit; // Maximum amount of credit available (burst size).
int rate; // How many bytes of credit per second we get? (sustained rate)
void (*send)(sessionidt s, u8 *, int); // Routine to actually send out the data.
int prev; // Timer chain position.
int next; // Timer chain position.
u32 b_queued; // Total bytes sent through this TBF
u32 b_sent; // Total bytes sucessfully made it to the network.
u32 p_queued; // ditto packets.
u32 p_sent; // ditto packets.
u32 b_dropped; // Total bytes dropped.
u32 p_dropped; // Total packets dropped.
u32 p_delayed; // Total packets not sent immediately.
int sizes[TBF_MAX_QUEUE];
char packets[TBF_MAX_QUEUE][TBF_MAX_SIZE];
} tbft;
static tbft *filter_list = NULL;
static int filter_list_size = 0; static int filter_list_size = 0;
static int timer_chain = -1; // Head of timer chain. static int timer_chain = -1; // Head of timer chain.

32
tbf.h
View file

@ -1,6 +1,38 @@
#ifndef __TBF_H__ #ifndef __TBF_H__
#define __TBF_H__ #define __TBF_H__
// Need a time interval.
#define TBF_MAX_QUEUE 2 // Maximum of 2 queued packet per
#define TBF_MAX_SIZE 3000 // Maxiumum queued packet size is 2048.
#define TBF_MAX_CREDIT 6000 // Maximum 6000 bytes of credit.
#define TBF_RATE 360 // 360 bytes per 1/10th of a second.
typedef struct {
int credit;
int lasttime;
int queued;
int oldest; // Position of packet in the ring buffer.
sessionidt sid; // associated session ID.
int max_credit; // Maximum amount of credit available (burst size).
int rate; // How many bytes of credit per second we get? (sustained rate)
void (*send)(sessionidt s, u8 *, int); // Routine to actually send out the data.
int prev; // Timer chain position.
int next; // Timer chain position.
u32 b_queued; // Total bytes sent through this TBF
u32 b_sent; // Total bytes sucessfully made it to the network.
u32 p_queued; // ditto packets.
u32 p_sent; // ditto packets.
u32 b_dropped; // Total bytes dropped.
u32 p_dropped; // Total packets dropped.
u32 p_delayed; // Total packets not sent immediately.
int sizes[TBF_MAX_QUEUE];
char packets[TBF_MAX_QUEUE][TBF_MAX_SIZE];
} tbft;
void init_tbf(void); void init_tbf(void);
int tbf_run_timer(void); int tbf_run_timer(void);
int tbf_queue_packet(int tbf_id, char * data, int size); int tbf_queue_packet(int tbf_id, char * data, int size);