* Wed Jun 23 2004 David Parrish <david@dparrish.com> 2.0.0

- Major release - Completely replace active/standby clustering with a new peer-to-peer clustering method which allows much greater throughput and is a lot more fault tolerant - Add internal tbf implementation for throttling without relying on tc and kernel HTB - Add support for iBGP and eBGP to advertise routes - Add cli commands "show cluster", "show bgp", "show ipcache", "show throttle", "show tbf", "suspend bgp", "restart bgp", "show user" - Interception destination must be set per-user - If SMP machine, allow use of SCHED_FIFO, which should improve performance - Added config option to send GARP at startup - Added plugin_become_master and plugin_new_session_master plugin hooks - Remove useless sessionsendarp(). This isn't needed now that we are using TUN instead of TAP. - ICMP rate limiting so not every unreachable packet is replied with an ICMP unreachable message - mangle table is not required on anything but the cluster master, so slaves will drop the mangle table and attempt to unload the ip_conntrack module - Statically assigned IP addresses (by Radius) work now - Add -d command-line flag to detach and become a daemon - Configuration file is now "/etc/l2tpns/startup-config" - Reduced MIN_IP_SIZE to 0x19 to stop a pile of Short IP warnings - Resend initial IPCP request until it's acknowleged by the client - Better radius session cleanup logic - Many miscellaenous bugfixes and performance enhancements - Thanks to Michael O'Reilly and Brendan O'Dea for most of these new features
2004-06-23 03:52:24 +00:00 · 2004-06-23 03:52:24 +00:00 · ed90ea49e0
commit ed90ea49e0
parent 67fb382676
31 changed files with 5417 additions and 1844 deletions
--- a/29
+++ b/29
@ -1,3 +1,32 @@
 * Wed Jun 23 2004 David Parrish <david@dparrish.com> 2.0.0
 - Major release
 - Completely replace active/standby clustering with a new peer-to-peer
  clustering method which allows much greater throughput and is a lot more fault
  tolerant
 - Add internal tbf implementation for throttling without relying on tc and
  kernel HTB
 - Add support for iBGP and eBGP to advertise routes
 - Add cli commands "show cluster", "show bgp", "show ipcache", "show throttle",
  "show tbf", "suspend bgp", "restart bgp", "show user"
 - Interception destination must be set per-user
 - If SMP machine, allow use of SCHED_FIFO, which should improve performance
 - Added config option to send GARP at startup
 - Added plugin_become_master and plugin_new_session_master plugin hooks
 - Remove useless sessionsendarp(). This isn't needed now that we are using TUN
  instead of TAP.
 - ICMP rate limiting so not every unreachable packet is replied with an ICMP
  unreachable message
 - mangle table is not required on anything but the cluster master, so slaves
  will drop the mangle table and attempt to unload the ip_conntrack module
 - Statically assigned IP addresses (by Radius) work now
 - Add -d command-line flag to detach and become a daemon
 - Configuration file is now "/etc/l2tpns/startup-config"
 - Reduced MIN_IP_SIZE to 0x19 to stop a pile of Short IP warnings
 - Resend initial IPCP request until it's acknowleged by the client
 - Better radius session cleanup logic
 - Many miscellaenous bugfixes and performance enhancements
 - Thanks to Michael O'Reilly and Brendan O'Dea for most of these new features
 * Mon May 24 2004 David Parrish <david@dparrish.com> 1.2.0
 - Fix SEGFAULT in garden module
 - Use multiple radius sockets to allow more concurrent authentication requests
--- a/56
+++ b/56
@ -4,7 +4,9 @@ etcdir = $(PREFIX)/etc/l2tpns
 libdir = $(PREFIX)/usr/lib/l2tpns
 CC = gcc
-CFLAGS=-Wall -g -O3 -funroll-loops -fomit-frame-pointer -finline-functions
+DEFINES= -DBGP -DRINGBUFFER -DSTAT_CALLS -DSTATISTICS
 OPTIM=-g -O3 -funroll-loops -fomit-frame-pointer -finline-functions
 CFLAGS=-Wall $(OPTIM) $(DEFINES)
 LDFLAGS = 
 LIBS = -lm -ldl -lcli
 INSTALL = /usr/bin/install -c
@ -15,36 +17,38 @@ OBJS=	md5.o \
 	l2tpns.o \
 	ppp.o \
 	radius.o \
 	throttle.o \
 	rl.o \
 	ll.o \
 	cluster.o \
 	cluster_slave.o \
 	arp.o \
 	constants.o \
 	ll.o \
 	control.o \
 	util.o \
 	tbf.o \
 	bgp.o \
 PLUGINS=garden.so autothrottle.so autosnoop.so
-all:	l2tpns cluster_master nsctl $(PLUGINS)
+all:	l2tpns nsctl $(PLUGINS)
 l2tpns:	$(OBJS)
 	$(CC) $(CFLAGS) -o $@ $^ $(LIBS) $(DEFS)
 cluster_master:	cluster_master.o ll.o cluster.o util.o
 	$(CC) $(CFLAGS) -o $@ $^ $(DEFS)
 nsctl:	nsctl.o control.o
 	$(CC) $(CFLAGS) -o $@ $^ $(DEFS)
 clean:
-	/bin/rm -f *.o *.so l2tpns cluster_master nsctl
+	/bin/rm -f *.o *.so l2tpns nsctl
 depend:
 	(sed -n 'p; /^## Dependencies: (autogenerated) ##/q' Makefile && \
 	    gcc -MM $(DEFINES) $(OBJS:.o=.c) && \
 	    gcc -MM $(DEFINES) $(PLUGINS:.so=.c) | sed 's/\.o/.so/') >Makefile.tmp
 	mv Makefile Makefile.bak
 	mv Makefile.tmp Makefile
 install: all
 	$(INSTALL) -D -o root -g root -m 0755 l2tpns $(bindir)/l2tpns
 	$(INSTALL) -D -o root -g root -m 0755 cluster_master $(bindir)/cluster_master
 	$(INSTALL) -D -o root -g root -m 0755 nsctl $(bindir)/nsctl
 	$(INSTALL) -D -o root -g root -m 0600 etc/l2tpns.cfg.default $(etcdir)/l2tpns.cfg
 	$(INSTALL) -D -o root -g root -m 0644 etc/ip_pool.default $(etcdir)/l2tpns.ip_pool
@ -57,8 +61,32 @@ install: all
 		mknod /dev/net/tun c 10 200; \
 	fi
-%.so: %.c
+%.o: %.c
-	$(CC) -fPIC -shared -o $@ $^ $(LDFLAGS) $(LIBS) $(LIBPATH)
+	$(CC) -c $(CFLAGS) -o $@ $<
-%.o: %.c l2tpns.h
+%.so: %.c
-	$(CC) -c -o $@ $<  $(CFLAGS)
+	$(CC) -fPIC -shared $(CFLAGS) -o $@ $< $(LDFLAGS) $(LIBS) $(LIBPATH)
 .PHONY: all clean depend
 ## Dependencies: (autogenerated) ##
 md5.o: md5.c md5.h
 icmp.o: icmp.c l2tpns.h config.h
 cli.o: cli.c l2tpns.h config.h util.h cluster.h tbf.h bgp.h
 l2tpns.o: l2tpns.c md5.h l2tpns.h config.h cluster.h plugin.h ll.h \
  constants.h control.h util.h tbf.h bgp.h
 ppp.o: ppp.c l2tpns.h config.h constants.h plugin.h util.h tbf.h \
  cluster.h
 radius.o: radius.c md5.h constants.h l2tpns.h config.h plugin.h util.h
 ll.o: ll.c ll.h
 cluster.o: cluster.c l2tpns.h config.h cluster.h util.h tbf.h bgp.h
 arp.o: arp.c l2tpns.h config.h
 constants.o: constants.c constants.h
 ll.o: ll.c ll.h
 control.o: control.c control.h
 util.o: util.c l2tpns.h config.h
 tbf.o: tbf.c l2tpns.h config.h tbf.h
 bgp.o: bgp.c l2tpns.h config.h bgp.h util.h
 garden.so: garden.c l2tpns.h config.h plugin.h control.h
 autothrottle.so: autothrottle.c l2tpns.h config.h plugin.h control.h
 autosnoop.so: autosnoop.c l2tpns.h config.h plugin.h control.h
--- a/autosnoop.c
+++ b/autosnoop.c
@ -8,21 +8,27 @@
 #include "control.h"
 int __plugin_api_version = 1;
-struct pluginfuncs p;
+struct pluginfuncs *p;
 int plugin_radius_response(struct param_radius_response *data)
 {
 	if (strcmp(data->key, "intercept") == 0)
 	{
-		if (strcmp(data->value, "yes") == 0)
+		char *x;
 		data->s->snoop_ip = 0;
 		data->s->snoop_port = 0;
 		if ((x = strchr(data->value, ':')))
 		{
-			p.log(3, 0, 0, 0, "         Intercepting user\n");
+			*x++ = 0;
-			data->s->snoop = 1;
+			if (*data->value) data->s->snoop_ip = inet_addr(data->value);
 			if (data->s->snoop_ip == INADDR_NONE) data->s->snoop_ip = 0;
 			if (*x) data->s->snoop_port = atoi(x);
 			p->log(3, 0, 0, 0, "         Intercepting user to %s:%d\n",
 				p->inet_toa(data->s->snoop_ip), data->s->snoop_port);
 		}
-		else if (strcmp(data->value, "no") == 0)
+		else
 		{
-			p.log(3, 0, 0, 0, "         Not intercepting user\n");
+			p->log(3, 0, 0, 0, "         Not Intercepting user (reply string should be snoop=ip:port)\n");
 			data->s->snoop = 0;
 		}
 	}
 	return PLUGIN_RET_OK;
@ -30,10 +36,7 @@ int plugin_radius_response(struct param_radius_response *data)
 int plugin_init(struct pluginfuncs *funcs)
 {
-	if (!funcs) return 0;
+	return ((p = funcs)) ? 1 : 0;
 	memcpy(&p, funcs, sizeof(p));
 	return 1;
 }
 void plugin_done()
--- a/autothrottle.c
+++ b/autothrottle.c
@ -8,7 +8,7 @@
 #include "control.h"
 int __plugin_api_version = 1;
-struct pluginfuncs p;
+struct pluginfuncs *p;
 int plugin_radius_response(struct param_radius_response *data)
 {
@ -16,12 +16,12 @@ int plugin_radius_response(struct param_radius_response *data)
 	{
 		if (strcmp(data->value, "yes") == 0)
 		{
-			p.log(3, 0, 0, 0, "         Throttling user\n");
+			p->log(3, 0, 0, 0, "         Throttling user\n");
 			data->s->throttle = 1;
 		}
 		else if (strcmp(data->value, "no") == 0)
 		{
-			p.log(3, 0, 0, 0, "         Not throttling user\n");
+			p->log(3, 0, 0, 0, "         Not throttling user\n");
 			data->s->throttle = 0;
 		}
 	}
@ -30,10 +30,7 @@ int plugin_radius_response(struct param_radius_response *data)
 int plugin_init(struct pluginfuncs *funcs)
 {
-	if (!funcs) return 0;
+	return ((p = funcs)) ? 1 : 0;
 	memcpy(&p, funcs, sizeof(p));
 	return 1;
 }
 void plugin_done()
--- a/bgp.c
+++ b/bgp.c
--- a/bgp.h
+++ b/bgp.h
@ -0,0 +1,202 @@
 /* BGPv4 (RFC1771) */
 /* $Id: bgp.h,v 1.1 2004/06/23 03:52:24 fred_nerk Exp $ */
 #ifndef __BGP_H__
 #define __BGP_H__
 #define BGP_MAX_PACKET_SIZE	4096
 #define BGP_HOLD_TIME		180	/* seconds before peer times us out */
 #define BGP_KEEPALIVE_TIME	60	/* seconds between messages */
 #define BGP_MAX_RETRY		42	/* maximum number of times to retry */
 #define BGP_RETRY_BACKOFF	60	/* number of seconds between retries,
 					   cumulative */
 #define BGP_METRIC		1	/* multi_exit_disc */
 #define BGP_LOCAL_PREF		100	/* local preference value */
 struct bgp_header {
    char marker[16];
    u16 len;
    u8 type;
 } __attribute__ ((packed));
 /* bgp_header.type */
 #define BGP_MSG_OPEN		1
 #define BGP_MSG_UPDATE		2
 #define BGP_MSG_NOTIFICATION	3
 #define BGP_MSG_KEEPALIVE	4
 struct bgp_packet {
    struct bgp_header header;
    char data[BGP_MAX_PACKET_SIZE - sizeof(struct bgp_header)]; /* variable */
 } __attribute__ ((packed));
 struct bgp_data_open {
    u8 version;
 #define BGP_VERSION	4
    u16 as;
    u16 hold_time;
    u32 identifier;
    u8 opt_len;
 #define BGP_DATA_OPEN_SIZE	10 /* size of struct excluding opt_params */
    char opt_params[sizeof(((struct bgp_packet *)0)->data) - BGP_DATA_OPEN_SIZE]; /* variable */
 } __attribute__ ((packed));
 struct bgp_ip_prefix {
    u8 len;
    u32 prefix; /* variable */
 } __attribute__ ((packed));
 #define BGP_IP_PREFIX_SIZE(p) (1 + ((p).len / 8) + ((p).len % 8 != 0))
 struct bgp_path_attr {
    u8 flags;
    u8 code;
    union {
 	struct {
 	    u8 len;
 	    char value[29];		/* semi-random size, adequate for l2tpns */
 	} __attribute__ ((packed)) s;	/* short */
 	struct {
 	    u16 len;
 	    char value[28];
 	} __attribute__ ((packed)) e;	/* extended */
    } data; /* variable */
 } __attribute__ ((packed));
 /* bgp_path_attr.flags (bitfields) */
 #define BGP_PATH_ATTR_FLAG_OPTIONAL	(1 << 7)
 #define BGP_PATH_ATTR_FLAG_TRANS	(1 << 6)
 #define BGP_PATH_ATTR_FLAG_PARTIAL	(1 << 5)
 #define BGP_PATH_ATTR_FLAG_EXTLEN	(1 << 4)
 /* bgp_path_attr.code, ...value */
 #define BGP_PATH_ATTR_CODE_ORIGIN		1	/* well-known, mandatory */
 #  define BGP_PATH_ATTR_CODE_ORIGIN_IGP		  0
 #  define BGP_PATH_ATTR_CODE_ORIGIN_EGP		  1
 #  define BGP_PATH_ATTR_CODE_ORIGIN_INCOMPLETE	  2
 #define BGP_PATH_ATTR_CODE_AS_PATH		2	/* well-known, mandatory */
 #  define BGP_PATH_ATTR_CODE_AS_PATH_AS_SET	  1
 #  define BGP_PATH_ATTR_CODE_AS_PATH_AS_SEQUENCE  2
 #define BGP_PATH_ATTR_CODE_NEXT_HOP		3	/* well-known, mandatory */
 #define BGP_PATH_ATTR_CODE_MULTI_EXIT_DISC	4	/* optional, non-transitive */
 #define BGP_PATH_ATTR_CODE_LOCAL_PREF		5	/* well-known, discretionary */
 #define BGP_PATH_ATTR_CODE_ATOMIC_AGGREGATE	6	/* well-known, discretionary */
 #define BGP_PATH_ATTR_CODE_AGGREGATOR		7	/* optional, transitive */
 #define BGP_PATH_ATTR_CODE_COMMUNITIES		8	/* optional, transitive (RFC1997) */
 #define BGP_PATH_ATTR_SIZE(p) ((((p).flags & BGP_PATH_ATTR_FLAG_EXTLEN) \
    ? ((p).data.e.len + 1) : (p).data.s.len) + 3)
 /* well known COMMUNITIES */
 #define BGP_COMMUNITY_NO_EXPORT			0xffffff01	/* don't advertise outside confederation */
 #define BGP_COMMUNITY_NO_ADVERTISE		0xffffff02	/* don't advertise to any peer */
 #define BGP_COMMUNITY_NO_EXPORT_SUBCONFED	0xffffff03	/* don't advertise to any other AS */
 struct bgp_data_notification {
    u8 error_code;
    u8 error_subcode;
    char data[sizeof(((struct bgp_packet *)0)->data) - 2]; /* variable */
 } __attribute__ ((packed));
 /* bgp_data_notification.error_code, .error_subcode */
 #define BGP_ERR_HEADER			1
 #  define BGP_ERR_HDR_NOT_SYNC		  1
 #  define BGP_ERR_HDR_BAD_LEN		  2
 #  define BGP_ERR_HDR_BAD_TYPE		  3
 #define BGP_ERR_OPEN			2
 #  define BGP_ERR_OPN_VERSION		  1
 #  define BGP_ERR_OPN_BAD_AS		  2
 #  define BGP_ERR_OPN_BAD_IDENT		  3
 #  define BGP_ERR_OPN_UNSUP_PARAM	  4
 #  define BGP_ERR_OPN_AUTH_FAILURE	  5
 #  define BGP_ERR_OPN_HOLD_TIME		  6
 #define BGP_ERR_UPDATE			3
 #  define BGP_ERR_UPD_BAD_ATTR_LIST	  1
 #  define BGP_ERR_UPD_UNKN_WK_ATTR	  2
 #  define BGP_ERR_UPD_MISS_WK_ATTR	  3
 #  define BGP_ERR_UPD_BAD_ATTR_FLAG	  4
 #  define BGP_ERR_UPD_BAD_ATTR_LEN	  5
 #  define BGP_ERR_UPD_BAD_ORIGIN	  6
 #  define BGP_ERR_UPD_ROUTING_LOOP	  7
 #  define BGP_ERR_UPD_BAD_NEXT_HOP	  8
 #  define BGP_ERR_UPD_BAD_OPT_ATTR	  9
 #  define BGP_ERR_UPD_BAD_NETWORK	  10
 #  define BGP_ERR_UPD_BAD_AS_PATH	  11
 #define BGP_ERR_HOLD_TIMER_EXP		4
 #define BGP_ERR_FSM			5
 #define BGP_ERR_CEASE			6
 enum bgp_state {
    Disabled,				/* initial, or failed */
    Idle,				/* trying to connect */
    Connect,				/* connect issued */
    Active,				/* connected, waiting to send OPEN */
    OpenSent,				/* OPEN sent, waiting for peer OPEN */
    OpenConfirm,			/* KEEPALIVE sent, waiting for peer KEEPALIVE */
    Established,			/* established */
 };
 struct bgp_route_list {
    struct bgp_ip_prefix dest;
    struct bgp_route_list *next;
 };
 struct bgp_buf {
    struct bgp_packet packet;		/* BGP packet */
    size_t done;			/* bytes sent/recvd */
 };
 /* state */
 struct bgp_peer {
    char name[32];			/* peer name */
    in_addr_t addr;			/* peer address */
    int as;				/* AS number */
    int sock;
    enum bgp_state state;		/* FSM state */
    enum bgp_state next_state;		/* next state after outbuf cleared */
    time_t state_time;			/* time of last state change */
    time_t keepalive_time;		/* time to send next keepalive */
    time_t retry_time;			/* time for connection retry */
    int retry_count;			/* connection retry count */
    int hold;				/* hold time from peer */
    time_t expire_time;			/* time next peer packet expected */
    int routing;			/* propagate routes */
    int update_routes;			/* UPDATE required */
    struct bgp_route_list *routes;	/* routes known by this peer */
    struct bgp_buf *outbuf;		/* pending output */
    struct bgp_buf *inbuf;		/* pending input */
    int cli_flag;			/* updates requested from CLI */
    char *path_attrs;			/* path attrs to send in UPDATE message */
    int path_attr_len;			/* length of path attrs */
 };
 /* bgp_peer.cli_flag */
 #define BGP_CLI_SUSPEND		1
 #define BGP_CLI_ENABLE		2
 #define BGP_CLI_RESTART		3
 #define BGP_NUM_PEERS 2
 extern struct bgp_peer *bgp_peers;
 extern struct bgp_route_list *bgp_routes;
 extern int bgp_configured;
 /* actions */
 int bgp_setup(int as);
 int bgp_start(struct bgp_peer *peer, char *name, int as, int enable);
 void bgp_stop(struct bgp_peer *peer);
 void bgp_halt(struct bgp_peer *peer);
 int bgp_restart(struct bgp_peer *peer);
 int bgp_add_route(in_addr_t ip, in_addr_t mask);
 int bgp_del_route(in_addr_t ip, in_addr_t mask);
 void bgp_enable_routing(int enable);
 int bgp_select_state(struct bgp_peer *peer);
 int bgp_process(struct bgp_peer *peer, int readable, int writable);
 /* CLI */
 int cmd_show_bgp(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_suspend_bgp(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_no_suspend_bgp(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_restart_bgp(struct cli_def *cli, char *command, char **argv, int argc);
 #endif /* __BGP_H__ */
--- a/cli.c
+++ b/cli.c
@ -1,5 +1,5 @@
 // L2TPNS Command Line Interface
-// $Id: cli.c,v 1.4 2004/05/24 04:12:02 fred_nerk Exp $
+// $Id: cli.c,v 1.5 2004/06/23 03:52:24 fred_nerk Exp $
 // vim: sw=4 ts=8
 #include <stdio.h>
@ -7,6 +7,7 @@
 #include <sys/stat.h>
 #include <syslog.h>
 #include <malloc.h>
 #include <sched.h>
 #include <string.h>
 #include <stdlib.h>
 #include <time.h>
@ -16,23 +17,26 @@
 #include <sys/types.h>
 #include <signal.h>
 #include <unistd.h>
 #include <libcli.h>
 #include "l2tpns.h"
 #include "libcli.h"
 #include "util.h"
 #include "cluster.h"
 #include "tbf.h"
 #ifdef BGP
 #include "bgp.h"
 #endif
 extern tunnelt *tunnel;
 extern sessiont *session;
 extern radiust *radius;
 extern ippoolt *ip_address_pool;
 extern struct Tstats *_statistics;
 extern int cli_pid;
 struct cli_def *cli = NULL;
 int cli_quit = 0;
 extern int clifd, udpfd, tapfd, snoopfd, ifrfd, cluster_sockfd;
 extern int *radfds;
 extern sessionidt *cli_session_kill;
 extern tunnelidt *cli_tunnel_kill;
 extern tbft *filter_buckets;
 extern struct configt *config;
 extern struct config_descriptt config_values[];
 extern char hostname[];
@ -40,7 +44,7 @@ extern char hostname[];
 extern struct Tringbuffer *ringbuffer;
 #endif
-char *rcs_id = "$Id: cli.c,v 1.4 2004/05/24 04:12:02 fred_nerk Exp $";
+char *rcs_id = "$Id: cli.c,v 1.5 2004/06/23 03:52:24 fred_nerk Exp $";
 char *debug_levels[] = {
    "CRIT",
@ -77,6 +81,7 @@ int cmd_show_run(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_show_banana(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_show_plugins(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_show_throttle(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_show_cluster(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_write_memory(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_clear_counters(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_drop_user(struct cli_def *cli, char *command, char **argv, int argc);
@ -99,22 +104,33 @@ void init_cli()
    FILE *f;
    char buf[4096];
    struct cli_command *c;
    struct cli_command *c2;
    int on = 1;
    struct sockaddr_in addr;
    cli = cli_init();
    c = cli_register_command(cli, NULL, "show", NULL, NULL);
    cli_register_command(cli, c, "banana", cmd_show_banana, "Show a banana");
 #ifdef BGP
    cli_register_command(cli, c, "bgp", cmd_show_bgp, "Show BGP status");
 #endif /* BGP */
    cli_register_command(cli, c, "cluster", cmd_show_cluster, "Show cluster information");
    cli_register_command(cli, c, "ipcache", cmd_show_ipcache, "Show contents of the IP cache");
    cli_register_command(cli, c, "plugins", cmd_show_plugins, "List all installed plugins");
    cli_register_command(cli, c, "pool", cmd_show_pool, "Show the IP address allocation pool");
    cli_register_command(cli, c, "radius", cmd_show_radius, "Show active radius queries");
    cli_register_command(cli, c, "running-config", cmd_show_run, "Show the currently running configuration");
    cli_register_command(cli, c, "session", cmd_show_session, "Show a list of sessions or details for a single session");
    cli_register_command(cli, c, "tbf", cmd_show_tbf, "List all token bucket filters in use");
    cli_register_command(cli, c, "throttle", cmd_show_throttle, "List all throttled sessions and associated TBFs");
    cli_register_command(cli, c, "tunnels", cmd_show_tunnels, "Show a list of tunnels or details for a single tunnel");
    cli_register_command(cli, c, "users", cmd_show_users, "Show a list of all connected users or details of selected user");
    cli_register_command(cli, c, "version", cmd_show_version, "Show currently running software version");
-    cli_register_command(cli, c, "banana", cmd_show_banana, "Show a banana");
+
-    cli_register_command(cli, c, "pool", cmd_show_pool, "Show the IP address allocation pool");
+    c2 = cli_register_command(cli, c, "histogram", NULL, NULL);
-    cli_register_command(cli, c, "running-config", cmd_show_run, "Show the currently running configuration");
+    cli_register_command(cli, c2, "idle", cmd_show_hist_idle, "Show histogram of session idle times");
-    cli_register_command(cli, c, "radius", cmd_show_radius, "Show active radius queries");
+    cli_register_command(cli, c2, "open", cmd_show_hist_open, "Show histogram of session durations");
    cli_register_command(cli, c, "plugins", cmd_show_plugins, "List all installed plugins");
    cli_register_command(cli, c, "throttle", cmd_show_throttle, "List all token bucket filters in use");
 #ifdef STATISTICS
    cli_register_command(cli, c, "counters", cmd_show_counters, "Display all the internal counters and running totals");
@ -131,18 +147,25 @@ void init_cli()
    cli_register_command(cli, NULL, "snoop", cmd_snoop, "Temporarily enable interception for a user");
    cli_register_command(cli, NULL, "throttle", cmd_throttle, "Temporarily enable throttling for a user");
    cli_register_command(cli, NULL, "debug", cmd_debug, "Set the level of logging that is shown on the console");
    c = cli_register_command(cli, NULL, "suspend", NULL, NULL);
    cli_register_command(cli, c, "bgp", cmd_suspend_bgp, "Withdraw routes from BGP peer");
    c = cli_register_command(cli, NULL, "no", NULL, NULL);
    cli_register_command(cli, c, "snoop", cmd_no_snoop, "Temporarily disable interception for a user");
    cli_register_command(cli, c, "throttle", cmd_no_throttle, "Temporarily disable throttling for a user");
    cli_register_command(cli, c, "debug", cmd_no_debug, "Turn off logging of a certain level of debugging");
    c2 = cli_register_command(cli, c, "suspend", NULL, NULL);
    cli_register_command(cli, c2, "bgp", cmd_no_suspend_bgp, "Advertise routes to BGP peer");
    c = cli_register_command(cli, NULL, "drop", NULL, NULL);
    cli_register_command(cli, c, "user", cmd_drop_user, "Disconnect a user");
    cli_register_command(cli, c, "tunnel", cmd_drop_tunnel, "Disconnect a tunnel and all sessions on that tunnel");
    cli_register_command(cli, c, "session", cmd_drop_session, "Disconnect a session");
-    cli_register_command(cli, NULL, "debug", cmd_debug, "Set the level of logging that is shown on the console");
+    c = cli_register_command(cli, NULL, "restart", NULL, NULL);
    cli_register_command(cli, c, "bgp", cmd_restart_bgp, "Restart BGP");
    c = cli_register_command(cli, NULL, "load", NULL, NULL);
    cli_register_command(cli, c, "plugin", cmd_load_plugin, "Load a plugin");
@ -200,6 +223,30 @@ void cli_do(int sockfd)
    int i;
    if (fork()) return;
    if (config->scheduler_fifo)
    {
 	int ret;
 	struct sched_param params = {0};
 	params.sched_priority = 0;
 	if ((ret = sched_setscheduler(0, SCHED_OTHER, &params)) == 0)
 	{
 	    log(3, 0, 0, 0, "Dropped FIFO scheduler\n");
 	}
 	else
 	{
 	    log(0, 0, 0, 0, "Error setting scheduler to OTHER: %s\n", strerror(errno));
 	    log(0, 0, 0, 0, "This is probably really really bad.\n");
 	}
    }
    signal(SIGPIPE, SIG_DFL);
    signal(SIGCHLD, SIG_DFL);
    signal(SIGHUP, SIG_DFL);
    signal(SIGUSR1, SIG_DFL);
    signal(SIGQUIT, SIG_DFL);
    signal(SIGKILL, SIG_DFL);
    signal(SIGALRM, SIG_DFL);
    signal(SIGTERM, SIG_DFL);
    // Close sockets
    if (udpfd) close(udpfd); udpfd = 0;
@ -210,14 +257,11 @@ void cli_do(int sockfd)
    if (ifrfd) close(ifrfd); ifrfd = 0;
    if (cluster_sockfd) close(cluster_sockfd); cluster_sockfd = 0;
    if (clifd) close(clifd); clifd = 0;
-
+#ifdef BGP
-    signal(SIGPIPE, SIG_DFL);
+    for (i = 0; i < BGP_NUM_PEERS; i++)
-    signal(SIGCHLD, SIG_DFL);
+	if (bgp_peers[i].sock != -1)
-    signal(SIGHUP, SIG_DFL);
+	    close(bgp_peers[i].sock);
-    signal(SIGUSR1, SIG_DFL);
+#endif /* BGP */
    signal(SIGQUIT, SIG_DFL);
    signal(SIGKILL, SIG_DFL);
    signal(SIGALRM, SIG_DFL);
    log(3, 0, 0, 0, "Accepted connection to CLI\n");
@ -231,7 +275,7 @@ void cli_do(int sockfd)
    {
 	char prompt[1005];
-	snprintf(prompt, 1005, "%s> ", hostname);
+	snprintf(prompt, 1005, "l2tpns> ");
 	cli_loop(cli, sockfd, prompt);
    }
@ -281,16 +325,20 @@ int cmd_show_session(struct cli_def *cli, char *command, char **argv, int argc)
 	    cli_print(cli, "	Idle time:	%u seconds", abs(time_now - session[s].last_packet));
 	    cli_print(cli, "	Next Recv:	%u", session[s].nr);
 	    cli_print(cli, "	Next Send:	%u", session[s].ns);
-	    cli_print(cli, "	Bytes In/Out:	%lu/%lu", (unsigned long)session[s].cin, (unsigned long)session[s].total_cout);
+	    cli_print(cli, "	Bytes In/Out:	%lu/%lu", (unsigned long)session[s].total_cout, (unsigned long)session[s].total_cin);
-	    cli_print(cli, "	Pkts In/Out:	%lu/%lu", (unsigned long)session[s].pin, (unsigned long)session[s].pout);
+	    cli_print(cli, "	Pkts In/Out:	%lu/%lu", (unsigned long)session[s].pout, (unsigned long)session[s].pin);
 	    cli_print(cli, "	MRU:		%d", session[s].mru);
 	    cli_print(cli, "	Radius Session:	%u", session[s].radius);
 	    cli_print(cli, "	Rx Speed:	%lu", session[s].rx_connect_speed);
 	    cli_print(cli, "	Tx Speed:	%lu", session[s].tx_connect_speed);
-	    cli_print(cli, "	Intercepted:	%s", session[s].snoop ? "YES" : "no");
+	    if (session[s].snoop_ip && session[s].snoop_port)
 		cli_print(cli, "        Intercepted:    %s:%d", inet_toa(session[s].snoop_ip), session[s] .snoop_port);
 	    else
 		cli_print(cli, "        Intercepted:    no");
 	    cli_print(cli, "	Throttled:	%s", session[s].throttle ? "YES" : "no");
 	    cli_print(cli, "	Walled Garden:	%s", session[s].walled_garden ? "YES" : "no");
-	    cli_print(cli, "	Filter Bucket:	%s", session[s].tbf ? filter_buckets[session[s].tbf].handle : "none");
+	    cli_print(cli, "	Filter BucketI:	%d", session[s].tbf_in);
 	    cli_print(cli, "	Filter BucketO:	%d", session[s].tbf_out);
 	}
 	return CLI_OK;
    }
@ -321,7 +369,7 @@ int cmd_show_session(struct cli_def *cli, char *command, char **argv, int argc)
 		session[i].tunnel,
 		session[i].user[0] ? session[i].user : "*",
 		userip,
-		(session[i].snoop) ? "Y" : "N",
+		(session[i].snoop_ip && session[i].snoop_port) ? "Y" : "N",
 		(session[i].throttle) ? "Y" : "N",
 		(session[i].walled_garden) ? "Y" : "N",
 		abs(time_now - (unsigned long)session[i].opened),
@ -490,6 +538,9 @@ int cmd_show_counters(struct cli_def *cli, char *command, char **argv, int argc)
    cli_print(cli, "%-30s%lu", "session_overflow",	GET_STAT(session_overflow));
    cli_print(cli, "%-30s%lu", "ip_allocated",		GET_STAT(ip_allocated));
    cli_print(cli, "%-30s%lu", "ip_freed",		GET_STAT(ip_freed));
    cli_print(cli, "%-30s%lu", "cluster_forwarded",	GET_STAT(c_forwarded));
    cli_print(cli, "%-30s%lu", "recv_forward",		GET_STAT(recv_forward));
 #ifdef STAT_CALLS
    cli_print(cli, "\n%-30s%-10s", "Counter", "Value");
@ -549,7 +600,7 @@ int cmd_show_pool(struct cli_def *cli, char *command, char **argv, int argc)
 	if (ip_address_pool[i].assigned)
 	{
 	    cli_print(cli, "%-15s    Y %8d %s",
-		inet_toa(ip_address_pool[i].address), ip_address_pool[i].session, session[ip_address_pool[i].session].user);
+		inet_toa(htonl(ip_address_pool[i].address)), ip_address_pool[i].session, session[ip_address_pool[i].session].user);
 	    used++;
 	}
@ -557,10 +608,10 @@ int cmd_show_pool(struct cli_def *cli, char *command, char **argv, int argc)
 	{
 	    if (ip_address_pool[i].last)
 		cli_print(cli, "%-15s    N %8s [%s] %ds",
-		    inet_toa(ip_address_pool[i].address), "",
+		    inet_toa(htonl(ip_address_pool[i].address)), "",
 		    ip_address_pool[i].user, time_now - ip_address_pool[i].last);
 	    else if (show_all)
-		cli_print(cli, "%-15s    N", inet_toa(ip_address_pool[i].address));
+		cli_print(cli, "%-15s    N", inet_toa(htonl(ip_address_pool[i].address)));
 	    free++;
 	}
@ -588,7 +639,6 @@ int cmd_write_memory(struct cli_def *cli, char *command, char **argv, int argc)
 	cmd_show_run(cli, command, argv, argc);
 	cli_print_callback(cli, NULL);
 	fclose(save_config_fh);
 	sleep(1);
    }
    else
    {
@ -698,13 +748,13 @@ int cmd_show_throttle(struct cli_def *cli, char *command, char **argv, int argc)
    cli_print(cli, "%-6s %8s %-4s", "ID", "Handle", "Used");
    for (i = 0; i < MAXSESSION; i++)
    {
-	if (!*filter_buckets[i].handle)
+	if (!session[i].throttle)
 	    continue;
-	cli_print(cli, "%-6d %8s   %c",
+	cli_print(cli, "%-6d %8d %8d",
 	    i,
-	    filter_buckets[i].handle,
+	    session[i].tbf_in,
-	    (filter_buckets[i].in_use) ? 'Y' : 'N');
+	    session[i].tbf_out);
    }
    return CLI_OK;
 }
@ -741,6 +791,11 @@ int cmd_drop_user(struct cli_def *cli, char *command, char **argv, int argc)
    int i;
    sessionidt s;
    if (!config->cluster_iam_master)
    {
 	cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
 	return CLI_OK;
    }
    if (!argc)
    {
 	cli_print(cli, "Specify a user to drop");
@ -787,6 +842,11 @@ int cmd_drop_tunnel(struct cli_def *cli, char *command, char **argv, int argc)
    int i;
    tunnelidt tid;
    if (!config->cluster_iam_master)
    {
 	cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
 	return CLI_OK;
    }
    if (!argc)
    {
 	cli_print(cli, "Specify a tunnel to drop");
@ -842,6 +902,11 @@ int cmd_drop_session(struct cli_def *cli, char *command, char **argv, int argc)
    int i;
    sessionidt s;
    if (!config->cluster_iam_master)
    {
 	cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
 	return CLI_OK;
    }
    if (!argc)
    {
 	cli_print(cli, "Specify a session id to drop");
@ -889,33 +954,56 @@ int cmd_drop_session(struct cli_def *cli, char *command, char **argv, int argc)
 int cmd_snoop(struct cli_def *cli, char *command, char **argv, int argc)
 {
    int i;
    ipt ip;
    u16 port;
    sessionidt s;
-    if (!argc)
+    if (!config->cluster_iam_master)
    {
-	cli_print(cli, "Specify a user");
+	cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
 	return CLI_OK;
    }
    if (argc < 3)
    {
 	cli_print(cli, "Specify username ip port");
 	return CLI_OK;
    }
    for (i = 0; i < argc; i++)
    {
 	if (strchr(argv[i], '?'))
 	{
-	    cli_print(cli, "username ...");
+	    cli_print(cli, "username ip port");
 	    return CLI_OK;
 	}
    }
    for (i = 0; i < argc; i++)
    {
 	if (!(s = sessionbyuser(argv[i])))
 	{
 	    cli_print(cli, "User %s is not connected", argv[i]);
 	    continue;
 	}
 	session[s].snoop = 1;
-	cli_print(cli, "Snooping user %s", argv[i]);
+    if (!(s = sessionbyuser(argv[0])))
    {
 	cli_print(cli, "User %s is not connected", argv[0]);
 	return CLI_OK;
    }
    ip = inet_addr(argv[1]);
    if (!ip || ip == INADDR_NONE)
    {
 	cli_print(cli, "Cannot parse IP \"%s\"", argv[1]);
 	return CLI_OK;
    }
    port = atoi(argv[2]);
    if (!port)
    {
 	cli_print(cli, "Invalid port %s", argv[2]);
 	return CLI_OK;
    }
    session[s].snoop_ip = ip;
    session[s].snoop_port = port;
    cli_print(cli, "Snooping user %s to %s:%d", argv[0], inet_toa(session[s].snoop_ip), session[s].snoop_port);
    return CLI_OK;
 }
@ -924,6 +1012,12 @@ int cmd_no_snoop(struct cli_def *cli, char *command, char **argv, int argc)
    int i;
    sessionidt s;
    if (!config->cluster_iam_master)
    {
 	cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
 	return CLI_OK;
    }
    if (!argc)
    {
 	cli_print(cli, "Specify a user");
@ -945,7 +1039,8 @@ int cmd_no_snoop(struct cli_def *cli, char *command, char **argv, int argc)
 	    cli_print(cli, "User %s is not connected", argv[i]);
 	    continue;
 	}
-	session[s].snoop = 0;
+	session[s].snoop_ip = 0;
 	session[s].snoop_port = 0;
 	cli_print(cli, "Not snooping user %s", argv[i]);
    }
@ -957,6 +1052,11 @@ int cmd_throttle(struct cli_def *cli, char *command, char **argv, int argc)
    int i;
    sessionidt s;
    if (!config->cluster_iam_master)
    {
 	cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
 	return CLI_OK;
    }
    if (!argc)
    {
 	cli_print(cli, "Specify a user");
@ -978,10 +1078,10 @@ int cmd_throttle(struct cli_def *cli, char *command, char **argv, int argc)
 	    cli_print(cli, "User %s is not connected", argv[i]);
 	    continue;
 	}
-	if (!throttle_session(s, 1))
+	if (!throttle_session(s, config->rl_rate))
-	    cli_print(cli, "error throttling %s", argv[i]);
+	    cli_print(cli, "Error throttling %s", argv[i]);
 	else
-	    cli_print(cli, "throttling user %s", argv[i]);
+	    cli_print(cli, "Throttling user %s", argv[i]);
    }
    return CLI_OK;
 }
@ -991,6 +1091,11 @@ int cmd_no_throttle(struct cli_def *cli, char *command, char **argv, int argc)
    int i;
    sessionidt s;
    if (!config->cluster_iam_master)
    {
 	cli_print(cli, "Can't do this on a slave. Do it on %s", inet_toa(config->cluster_master_address));
 	return CLI_OK;
    }
    if (!argc)
    {
 	cli_print(cli, "Specify a user");
@ -1265,7 +1370,7 @@ int regular_stuff(struct cli_def *cli)
 	if (show_message)
 	{
-	    ipt address = ntohl(ringbuffer->buffer[i].address);
+	    ipt address = htonl(ringbuffer->buffer[i].address);
 	    char *ipaddr;
 	    struct in_addr addr;
--- a/cluster.c
+++ b/cluster.c
--- a/cluster.h
+++ b/cluster.h
@ -1,19 +1,85 @@
 // L2TPNS Clustering Stuff
-// $Id: cluster.h,v 1.2 2004/03/05 00:09:03 fred_nerk Exp $
+// $Id: cluster.h,v 1.3 2004/06/23 03:52:24 fred_nerk Exp $
-#define C_HELLO			1
+#ifndef __CLUSTER_H__
-#define C_HELLO_RESPONSE	2
+#define __CLUSTER_H__
 #define C_HEARTBEAT		1
 #define C_ACK			2
 #define C_PING			3
-#define C_TUNNEL		4
+#define C_TUNNEL		4	// Tunnel structure.
-#define C_SESSION		5
+#define C_SESSION		5	// Session structure.
 #define C_GOODBYE		6
 #define C_LASTSEEN		7	// Tell master the last heartbeat that I handled.
 #define C_KILL			8	// Tell a slave to die.
 #define C_FORWARD		9	// Forwarded packet..
 #define C_BYTES                 10      // Update byte counters.
 #define C_THROTTLE		11	// A packet for the master to throttle. (The TBF tells direction).
 #define C_CSESSION		12	// Compressed session structure.
 #define C_CTUNNEL		13	// Compressed tunnel structure.
 #define C_GARDEN		14	// Gardened packet
 #define HB_VERSION		2	// Protocol version number..
 #define HB_MAX_SEQ		(1<<30)	// Maximum sequence number. (MUST BE A POWER OF 2!)
 #define HB_HISTORY_SIZE		64	// How many old heartbeats we remember?? (Must be a factor of HB_MAX_SEQ)
 #define PING_INTERVAL		5	// 0.5 seconds. Needs to be short to keep session tables fresh.
 #define HB_TIMEOUT		(15*2*PING_INTERVAL) // 15 seconds without heartbeat triggers an election..
 #define CLUSTERPORT		32792
 #define CLUSTERCLIENTPORT	32793
 #define UDP			17
 #define TIMEOUT			20
 #define IL			sizeof(int)
-int cluster_init(uint32_t bind_address, int server);
+#define CLUSTER_MAX_SIZE	32	// No more than 32 machines in a cluster!
-int cluster_send_message(unsigned long ip_address, uint32_t vip, char type, void *data, int datalen);
+
-int processcluster(char *buf, int l);
+#define DEFAULT_MCAST_ADDR	"239.192.13.13"		// Need an assigned number!
 #define DEFAULT_MCAST_INTERFACE	"eth0"
 typedef struct {
 	u32	version;	// protocol version.
 	u32	seq;		// Sequence number for this heatbeat.
 	u32	basetime;	// What time I started
 	u32	clusterid;	// Id for this cluster?
 	u32	highsession;	// Id of the highest in-use session.
 	u32	freesession;	// Id of the first free session.
 	u32	hightunnel;	// Id of the highest used tunnel.
 	u32	size_sess;	// Size of the session structure.
 	u32	size_tunn;	// size of the tunnel structure.
 	char reserved[128 - 9*sizeof(u32)];	// Pad out to 128 bytes.
 } heartt;
 typedef struct {		/* Used to update byte counters on the */
 				/* master. */
 	u32        sid;
 	u32        in;
 	u32        out;
 } bytest;
 typedef struct {
 	u32	addr;		//
 	u32	ver;		// version of structure.
 	u32	undef;		// Number of undefined structures. 0 if up-to-date.
 	u32	basetime;	// start time of this peer.
 } pingt;
 int cluster_init();
 int processcluster(char *buf, int size, u32 addr);
 int cluster_forward_packet(char *buf, int size, u32 addr);
 int cluster_send_session(int sid);
 int cluster_send_tunnel(int tid);
 int master_forward_packet(char * data, int size, u32 addr, int port);
 int master_throttle_packet(int tid, char * data, int size);
 int master_garden_packet(sessionidt s, char * data, int size);
 void master_update_counts(void);
 void cluster_send_ping(time_t basetime);
 void cluster_heartbeat(int highsession, int freesession, int hightunnel);
 void cluster_check_master(void);
 int show_cluster(struct cli_def *cli, char *command, char **argv, int argc);
 #endif /* __CLUSTER_H__ */
--- a/cluster_master.c
+++ b/cluster_master.c
@ -1,517 +0,0 @@
 // L2TPNS Cluster Master
 // $Id: cluster_master.c,v 1.3 2004/05/24 04:12:34 fred_nerk Exp $
 #include <stdio.h>
 #include <netinet/in.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <time.h>
 #include <string.h>
 #include <errno.h>
 #include <stdarg.h>
 #include <malloc.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 #include <signal.h>
 #include <sys/ioctl.h>
 #include <arpa/inet.h>
 #include <sys/wait.h>
 #include "cluster.h"
 #include "ll.h"
 #include "util.h"
 #include "config.h"
 #define L2TPNS		BINDIR "/l2tpns"
 typedef struct
 {
    char *hostname;
    unsigned long last_message;
    uint32_t ip_address;
    uint32_t slave_address;
    int remove_from_cluster;
    int down;
    int tunnel_len;
    int session_len;
    pid_t pid;
    int num_tunnels;
    char *tunnels[1000];
    int num_sessions;
    char *sessions[13000];
 } slave;
 uint32_t master_address;
 linked_list *slaves;
 extern int cluster_sockfd;
 int debug = 4;
 int processmsg(char *buf, int l, struct sockaddr_in *src_addr);
 int handle_hello(char *buf, int l, struct sockaddr_in *src_addr, uint32_t addr);
 int handle_tunnel(char *buf, int l, uint32_t addr);
 int handle_session(char *buf, int l, uint32_t addr);
 int handle_ping(char *buf, int l, uint32_t addr);
 int handle_goodbye(char *buf, int l, uint32_t addr);
 int backup_up(slave *s);
 int backup_down(slave *s);
 int return_state(slave *s);
 slave *find_slave(uint32_t address);
 #define log _log
 void _log(int level, const char *format, ...) __attribute__((format (printf, 2, 3)));
 void log_hex(int level, const char *title, const char *data, int maxsize);
 /* Catch our forked processes exiting */
 void sigchild_handler(int signal)
 {
    int status;
    int pid;
    pid = wait(&status);
    /* TODO: catch errors and respawn? */
 }
 int main(int argc, char *argv[])
 {
    slave *s;
    char buf[4096];
    struct timeval to;
    if (argc != 2) {
 	log(0, "Usage: %s <address>\n", argv[0]);
 	exit(-1);
    }
    master_address = inet_addr(argv[1]);
    if (master_address == INADDR_NONE) {
 	log(0, "Invalid ip %s\n", argv[1]);
 	exit(-1);
    }
    cluster_init(master_address, 1);
    slaves = ll_init();
    signal(SIGCHLD, sigchild_handler);
    log(0, "Cluster Manager $Id: cluster_master.c,v 1.3 2004/05/24 04:12:34 fred_nerk Exp $ starting\n");
    to.tv_sec = 1;
    to.tv_usec = 0;
    while (1)
    {
 	fd_set r;
 	int n;
 	FD_ZERO(&r);
 	FD_SET(cluster_sockfd, &r);
 	n = select(cluster_sockfd + 1, &r, 0, 0, &to);
 	if (n < 0)
 	{
 	    if (errno != EINTR)
 	    {
 		perror("select");
 		exit(-1);
 	    }
 	    continue;
 	}
 	else if (n)
 	{
 	    struct sockaddr_in addr;
 	    int alen = sizeof(addr);
 	    memset(buf, 0, sizeof(buf));
 	    if (FD_ISSET(cluster_sockfd, &r))
 		processmsg(buf, recvfrom(cluster_sockfd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen), &addr);
 	    continue;
 	}
 	// Handle slaves timing out
 	{
 	    time_t now = time(NULL);
 	    ll_reset(slaves);
 	    while ((s = ll_next(slaves)))
 	    {
 		if (s->down) continue;
 		if (s->last_message < (now - TIMEOUT))
 		{
 		    log(4, "Slave \"%s\" s->last_message is %lu (timeout is %lu)\n", s->hostname, s->last_message, (now - TIMEOUT));
 		    if (s->remove_from_cluster)
 		    {
 			// Remove them from the cluster
 			ll_delete(slaves, s);
 			if (s->hostname) free(s->hostname);
 			free(s);
 			ll_reset(slaves);
 			continue;
 		    }
 		    backup_up(s);
 		}
 	    }
 	}
 	to.tv_sec = 1;
 	to.tv_usec = 0;
    }
    return 0;
 }
 int processmsg(char *buf, int l, struct sockaddr_in *src_addr)
 {
    slave *s;
    char mtype;
    uint32_t addr;
    log_hex(4, "Received", buf, l);
    if (!buf || l <= sizeof(uint32_t)) return 0;
    addr = ntohl(*(uint32_t*)buf);
    buf += sizeof(uint32_t);
    l -= sizeof(uint32_t);
    mtype = *buf; buf++; l--;
    if (mtype != C_GOODBYE && (s = find_slave(addr)) && s->down)
    {
 	char *hostname;
 	hostname = calloc(l + 1, 1);
 	memcpy(hostname, buf, l);
 	log(1, "Slave \"%s\" (for %s) has come back.\n", hostname, inet_toa(s->ip_address));
 	backup_down(s);
 	free(hostname);
    }
    switch (mtype)
    {
 	case C_HELLO:
 	    handle_hello(buf, l, src_addr, addr);
 	    break;
 	case C_PING:
 	    if (!find_slave(addr))
 		handle_hello(buf, l, src_addr, addr);
 	    else
 		handle_ping(buf, l, addr);
 	    break;
 	case C_TUNNEL:
 	    if (!find_slave(addr)) handle_hello((char *)(buf + 1), *(char *)buf, src_addr, addr);
 	    handle_tunnel(buf, l, addr);
 	    break;
 	case C_SESSION:
 	    if (!find_slave(addr)) handle_hello((char *)(buf + 1), *(char *)buf, src_addr, addr);
 	    handle_session(buf, l, addr);
 	    break;
 	case C_GOODBYE:
 	    if (!find_slave(addr)) break;
 	    handle_goodbye(buf, l, addr);
 	    break;
    }
    return mtype;
 }
 int handle_hello(char *buf, int l, struct sockaddr_in *src_addr, uint32_t addr)
 {
    slave *s;
    char *hostname;
    hostname = calloc(l + 1, 1);
    memcpy(hostname, buf, l);
    // Is this a slave we have state information for?
    if ((s = find_slave(addr)))
    {
 	if (src_addr->sin_addr.s_addr == master_address)
 	{
 	    log(1, "Got hello from \"%s\", local backup for %s.\n", hostname, inet_toa(s->ip_address));
 	}
 	else if (s->down)
 	{
 	    log(1, "Slave \"%s\" (for %s) has come back.\n", hostname, inet_toa(s->ip_address));
 	    backup_down(s);
 	}
 	else
 	{
 	    log(1, "Slave \"%s\" said hello and we didn't know it was down.\n", s->hostname);
 	}
 	/* Reset the hostname if needed */
 	free(s->hostname);
 	s->hostname = hostname;
    } else {
 	// No state information, it's a new slave
 	s = calloc(sizeof(slave), 1);
 	s->ip_address = addr;
 	ll_push(slaves, s);
 	s->hostname = hostname;
 	log(1, "New slave added to cluster \"%s\"\n", s->hostname);
    }
    s->slave_address = src_addr->sin_addr.s_addr;
    // Send state information back
    return_state(s);
    s->last_message = time(NULL);
    return 0;
 }
 int handle_tunnel(char *buf, int l, uint32_t addr)
 {
    int tid;
    slave *s;
    if (!(s = find_slave(addr)))
    {
 	log(0, "handle_tunnel() called with no valid slave\n");
 	return 0;
    }
    s->last_message = time(NULL);
    // Skip hostname
    tid = *(char *)buf;
    buf += (tid + 1);
    l -= (tid + 1);
    // Grab tunnel ID
    tid = *(int *)buf;
    buf += sizeof(int);
    l -= sizeof(int);
    log(3, "Received tunnel %d from \"%s\" (%d bytes long)\n", tid, s->hostname, l);
    // Allocate memory for it if it's not already
    if (!s->tunnels[tid])
    {
 	s->tunnels[tid] = malloc(l);
 	s->num_tunnels++;
 	s->tunnel_len = l;
    }
    memcpy(s->tunnels[tid], buf, l);
    return l;
 }
 int handle_session(char *buf, int l, uint32_t addr)
 {
    slave *s;
    int sid;
    char hostname[4096] = {0};
    if (!(s = find_slave(addr)))
    {
 	log(0, "handle_session() called with no valid slave\n");
 	return 0;
    }
    s->last_message = time(NULL);
    // Skip hostname
    sid = *(char *)buf;
    memcpy(hostname, (char *)(buf + 1), sid);
    buf += (sid + 1);
    l -= (sid + 1);
    log(0, "Hostname is %s\n", hostname);
    // Grab session ID
    sid = *(int *)buf;
    buf += sizeof(int);
    l -= sizeof(int);
    log(3, "Received session %d from \"%s\" (%d bytes long)\n", sid, s->hostname, l);
    // Allocate memory for it if it's not already
    if (!s->sessions[sid])
    {
 	s->sessions[sid] = malloc(l);
 	s->num_sessions++;
 	s->session_len = l;
    }
    memcpy(s->sessions[sid], buf, l);
    return l;
 }
 int handle_ping(char *buf, int l, uint32_t addr)
 {
    slave *s;
    if (!(s = find_slave(addr)))
    {
 	log(0, "handle_ping() called with no valid slave\n");
 	return 0;
    }
    s->last_message = time(NULL);
    return 0;
 }
 int return_state(slave *s)
 {
    char *packet;
    int i;
    int num_tunnels = 0, num_sessions = 0;
    int pktlen;
    log(3, "Sending state information to \"%s\"\n", s->hostname);
    for (i = 0; i < 1000; i++)
 	if (s->tunnels[i]) num_tunnels++;
    for (i = 0; i < 13000; i++)
 	if (s->sessions[i]) num_sessions++;
    if (!num_sessions && !num_tunnels) return 0;
    packet = calloc(IL * 4, 1);
    *(int *)(packet + IL * 0) = num_tunnels;
    *(int *)(packet + IL * 1) = num_sessions;
    *(int *)(packet + IL * 2) = s->tunnel_len;
    *(int *)(packet + IL * 3) = s->session_len;
    cluster_send_message(s->slave_address, s->ip_address, C_HELLO_RESPONSE, packet, IL * 4);
    free(packet);
    // Send tunnels one-by-one, in order
    log(0, "Sending %d tunnels of %d bytes each\n", num_tunnels, s->tunnel_len);
    pktlen = s->tunnel_len + sizeof(int);
    packet = malloc(pktlen);
    for (i = 0; i < 1000; i++)
    {
 	if (s->tunnels[i])
 	{
 	    *(int *)packet = i;
 	    memcpy((char *)(packet + sizeof(int)), s->tunnels[i], s->tunnel_len);
 	    log(0, "Sending tunnel %d\n", i);
 	    cluster_send_message(s->slave_address, s->ip_address, C_TUNNEL, packet, pktlen);
 	}
    }
    free(packet);
    // Send sessions one-by-one, in order
    log(0, "Sending %d sessions of %d bytes each\n", num_sessions, s->session_len);
    pktlen = s->session_len + sizeof(int);
    packet = malloc(pktlen);
    for (i = 0; i < 13000; i++)
    {
 	if (s->sessions[i])
 	{
 	    *(int *)packet = i;
 	    memcpy((char *)(packet + sizeof(int)), s->sessions[i], s->session_len);
 	    log(0, "Sending session %d\n", i);
 	    cluster_send_message(s->slave_address, s->ip_address, C_SESSION, packet, pktlen);
 	}
    }
    free(packet);
    return 0;
 }
 slave *find_slave(uint32_t address)
 {
    slave *s;
    ll_reset(slaves);
    while ((s = ll_next(slaves)))
    {
 	if (s->ip_address == address)
 	{
 	    return s;
 	}
    }
    return NULL;
 }
 void _log(int level, const char *format, ...)
 {
 	va_list ap;
 	if (debug < level) return;
 	va_start(ap, format);
 	vfprintf(stderr, format, ap);
 }
 void log_hex(int level, const char *title, const char *data, int maxsize)
 {
 	unsigned int i, j;
 	unsigned const char *d = (unsigned const char *)data;
 	if (debug < level) return;
 	log(level, "%s (%d bytes):\n", title, maxsize);
 	setvbuf(stderr, NULL, _IOFBF, 16384);
 	for (i = 0; i < maxsize; )
 	{
 		fprintf(stderr, "%4X: ", i);
 		for (j = i; j < maxsize && j < (i + 16); j++)
 		{
 			fprintf(stderr, "%02X ", d[j]);
 			if (j == i + 7)
 				fputs(": ", stderr);
 		}
 		for (; j < i + 16; j++)
 		{
 			fputs("   ", stderr);
 			if (j == i + 7)
 				fputs(": ", stderr);
 		}
 		fputs("  ", stderr);
 		for (j = i; j < maxsize && j < (i + 16); j++)
 		{
 			if (d[j] >= 0x20 && d[j] < 0x7f && d[j] != 0x20)
 				fputc(d[j], stderr);
 			else
 				fputc('.', stderr);
 			if (j == i + 7)
 				fputs("  ", stderr);
 		}
 		i = j;
 		fputs("\n", stderr);
 	}
 	fflush(stderr);
 	setbuf(stderr, NULL);
 }
 int backup_up(slave *s)
 {
    log(2, "Becoming backup for \"%s\" (%s).\n", s->hostname, inet_toa(s->ip_address));
    s->pid = fork();
    if (!s->pid)
    {
 	if (execl(L2TPNS, L2TPNS, "-a", inet_toa(s->ip_address), NULL) < 0)
 	    log(0, "Error execing backup " L2TPNS ": %s\n", strerror(errno));
 	exit(0);
    }
    s->down = 1;
    return 0;
 }
 int backup_down(slave *s)
 {
    log(2, "Not being backup for \"%s\" (%s) anymore.\n", s->hostname, inet_toa(s->ip_address));
    s->down = 0;
    if (s->pid) {
 	kill(s->pid, SIGTERM);
 	sleep(2);
 	kill(s->pid, SIGKILL);
    }
    return 0;
 }
 int handle_goodbye(char *buf, int l, uint32_t addr)
 {
    int i;
    slave *s;
    // Is this a slave we have state information for?
    if ((s = find_slave(addr)))
    {
        log(0, "Received goodbye for slave %s\n", s->hostname);
 	ll_delete(slaves, s);
 	for (i = 0; i < s->num_tunnels; i++)
 	    if (s->tunnels[i]) free(s->tunnels[i]);
 	for (i = 0; i < s->num_sessions; i++)
 	    if (s->sessions[i]) free(s->sessions[i]);
 	if (s->hostname) free(s->hostname);
 	free(s);
    }
    return 0;
 }
--- a/cluster_slave.c
+++ b/cluster_slave.c
@ -1,270 +0,0 @@
 // L2TPNS Cluster Master
 // $Id: cluster_slave.c,v 1.4 2004/05/24 04:12:48 fred_nerk Exp $
 #include <stdio.h>
 #include <netinet/in.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <string.h>
 #include <time.h>
 #include <errno.h>
 #include <malloc.h>
 #include <sys/socket.h>
 #include <sys/file.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <arpa/inet.h>
 #include "l2tpns.h"
 #include "cluster.h"
 #include "ll.h"
 #include "util.h"
 // vim: sw=4 ts=8
 extern int cluster_sockfd;
 extern char hostname[1000];
 extern ippoolt *ip_address_pool;
 extern uint32_t vip_address;
 extern struct configt *config;
 int handle_tunnel(char *buf, int l);
 int handle_session(char *buf, int l);
 int handle_hello_response(char *buf, int l);
 int processcluster(char *buf, int l)
 {
    char mtype;
    uint32_t addr;
    log_hex(4, "Cluster receive", buf, l);
    if (!buf || l <= sizeof(uint32_t)) return 0;
    addr = ntohl(*(uint32_t*)buf);
    buf += sizeof(uint32_t);
    l -= sizeof(uint32_t);
    if (addr != vip_address)
    {
 	log(0, 0, 0, 0, "Received cluster message for VIP %s, which isn't ours\n", inet_toa(addr));
    }
    mtype = *buf; buf++; l--;
    switch (mtype)
    {
 	case C_HELLO:
 	    break;
 	case C_HELLO_RESPONSE:
 	    handle_hello_response(buf, l);
 	    break;
 	case C_PING:
 	    break;
 	case C_TUNNEL:
 	    handle_tunnel(buf, l);
 	    break;
 	case C_SESSION:
 	    handle_session(buf, l);
 	    break;
    }
    return mtype;
    return 0;
 }
 int handle_tunnel(char *buf, int l)
 {
    int t;
    // Ignore tunnel message if NOSTATEFILE exists
    if (config->ignore_cluster_updates)
    {
 	log(1, 0, 0, 0, "Discarding tunnel message from cluster master.\n");
 	return 0;
    }
    t = *(int *)buf;
    log(1, 0, 0, t, "Receiving tunnel %d from cluster master (%d bytes)\n", t, l);
    buf += sizeof(int); l -= sizeof(int);
    if (t > MAXTUNNEL)
    {
 	log(0, 0, 0, t, "Cluster master tried to send tunnel %d, which is bigger than MAXTUNNEL (%d)\n", t, MAXTUNNEL);
 	return 0;
    }
    if (l != sizeof(tunnelt))
    {
 	log(1, 0, 0, t, "Discarding bogus tunnel message (%d bytes instead of %d).\n", l, sizeof(tunnelt));
 	return 0;
    }
    memcpy(&tunnel[t], buf, l);
    log(3, 0, 0, t, "Cluster master sent tunnel for %s\n", tunnel[t].hostname);
    tunnel[t].controlc = 0;
    tunnel[t].controls = NULL;
    tunnel[t].controle = NULL;
    return 0;
 }
 int handle_session(char *buf, int l)
 {
    int s;
    // Ignore tunnel message if NOSTATEFILE exists
    if (config->ignore_cluster_updates)
    {
 	log(1, 0, 0, 0, "Discarding session message from cluster master.\n");
 	return 0;
    }
    s = *(int *)buf;
    log(1, 0, s, 0, "Receiving session %d from cluster master (%d bytes)\n", s, l);
    buf += sizeof(int); l -= sizeof(int);
    if (s > MAXSESSION)
    {
 	log(0, 0, s, 0, "Cluster master tried to send session %d, which is bigger than MAXSESSION (%d)\n", s, MAXSESSION);
 	return 0;
    }
    if (l != sizeof(sessiont))
    {
 	log(1, 0, s, 0, "Discarding short session message (%d bytes instead of %d).\n", l, sizeof(sessiont));
 	return 0;
    }
    if (s > 1)
    {
 	session[s-1].next = session[s].next;
    }
    if (sessionfree == s)
    {
 	sessionfree = session[s].next;
    }
    memcpy(&session[s], buf, l);
    session[s].tbf = 0;
    session[s].throttle = 0;
    if (session[s].opened)
    {
 	log(2, 0, s, session[s].tunnel, "Cluster master sent active session for user %s\n", session[s].user);
 	sessionsetup(session[s].tunnel, s, 0);
 	if (session[s].ip && session[s].ip != 0xFFFFFFFE)
 	{
 	    int x;
 	    for (x = 0; x < MAXIPPOOL && ip_address_pool[x].address; x++)
 	    {
 		if (ip_address_pool[x].address == session[s].ip)
 		{
 		    ip_address_pool[x].assigned = 1;
 		    break;
 		}
 	    }
 	}
    }
    return 0;
 }
 int handle_hello_response(char *buf, int l)
 {
    int numtunnels, numsessions;
    /* The cluster master has downed the address, so send another garp */
    send_garp(vip_address);
    if (!l) return 0;
    if (l < (4 * IL))
    {
 	log(1, 0, 0, 0, "Cluster master sent invalid hello response: %d bytes instead of %d\n", l, (4 * IL));
 	return 0;
    }
    numtunnels = *(int *)(buf + IL * 0);
    numsessions = *(int *)(buf + IL * 1);
    if (numtunnels == 0 && numsessions == 0)
    {
 	log(2, 0, 0, 0, "Cluster master has no state information for us.\n");
 	return 0;
    }
    log(2, 0, 0, 0, "The cluster master will send %d tunnels and %d sessions.\n", numtunnels, numsessions);
    return 0;
 }
 int cluster_send_session(int s)
 {
 	char *packet;
 	int len = 0;
 	if (!cluster_sockfd) return 1;
 	packet = malloc(4096);
 	// Hostname
 	len = strlen(hostname);
 	*(char *)packet = len;
 	memcpy((char *)(packet + 1), hostname, len);
 	len++;
 	// Session ID
 	*(int *)(packet + len) = s;
 	len += sizeof(int);
 	// Session data
 	memcpy((char *)(packet + len), &session[s], sizeof(sessiont));
 	len += sizeof(sessiont);
 	cluster_send_message(config->cluster_address, vip_address, C_SESSION, packet, len);
 	free(packet);
 	return 1;
 }
 int cluster_send_tunnel(int t)
 {
 	char *packet;
 	int len = 0;
 	packet = malloc(4096);
 	// Hostname
 	len = strlen(hostname);
 	*(char *)packet = len;
 	memcpy((char *)(packet + 1), hostname, len);
 	len++;
 	// Tunnel ID
 	*(int *)(packet + len) = t;
 	len += sizeof(int);
 	// Tunnel data
 	memcpy((char *)(packet + len), &tunnel[t], sizeof(tunnelt));
 	len += sizeof(tunnelt);
 	cluster_send_message(config->cluster_address, vip_address, C_TUNNEL, packet, len);
 	free(packet);
 	return 1;
 }
 int cluster_send_goodbye()
 {
 	char *packet;
 	int len = 0;
 	packet = malloc(4096);
 	log(2, 0, 0, 0, "Sending goodbye to cluster master\n");
 	// Hostname
 	len = strlen(hostname);
 	*(char *)packet = len;
 	memcpy((char *)(packet + 1), hostname, len);
 	len++;
 	cluster_send_message(config->cluster_address, vip_address, C_GOODBYE, packet, len);
 	free(packet);
 	return 1;
 }
--- a/config.h
+++ b/config.h
@ -1,3 +1,4 @@
 #define LIBDIR "/usr/lib/l2tpns"
 #define ETCDIR "/etc/l2tpns"
 #define BINDIR "/usr/sbin"
 #define DATADIR "/tmp"
--- a/constants.c
+++ b/constants.c
@ -4,7 +4,7 @@
 const char *lcp_types[MAX_LCP_TYPE+1] = {
 	"Reserved",
 	"Maximum-Receive-Unit",
-	"Reserved 2",
+	"Async-Control-Map",
 	"Authentication-Protocol",
 	"Quality-Protocol",
 	"Magic-Number",
--- a/constants.h
+++ b/constants.h
@ -1,5 +1,5 @@
-
+#ifndef __CONSTANTS_H__
-// enum these ?
+#define __CONSTANTS_H__
 #define MAX_LCP_TYPE 8
 extern const char *lcp_types[MAX_LCP_TYPE+1];
@ -25,3 +25,5 @@ extern const char *radius_states[MAX_RADIUS_STATE+1];
 #define MAX_L2TP_MESSAGE_TYPE 16
 extern const char *l2tp_message_types[MAX_L2TP_MESSAGE_TYPE+1];
 #endif /* __CONSTANTS_H__ */
--- a/control.h
+++ b/control.h
@ -15,4 +15,4 @@ int send_packet(int sockfd, int dest_ip, int dest_port, char *packet, int len);
 void dump_packet(char *packet, FILE *stream);
 int read_packet(int sockfd, char *packet);
-#endif
+#endif /* __CONTROL_H__ */
--- a/garden.c
+++ b/garden.c
@ -8,21 +8,28 @@
 #include "control.h"
 int __plugin_api_version = 1;
-struct pluginfuncs p;
+static struct pluginfuncs *p = 0;
-char *init_commands[] = {
+static int iam_master = 0;	// We're all slaves! Slaves I tell you!
-	// This is for incoming connections to a gardened user
+
-	"iptables -t nat -N garden_users 2>&1 >/dev/null",
+char *up_commands[] = {
 	"iptables -t nat -N garden >/dev/null 2>&1",	// Create a chain that all gardened users will go through
 	"iptables -t nat -F garden",
 	". " PLUGINCONF "/build-garden",		// Populate with site-specific DNAT rules
 	"iptables -t nat -N garden_users >/dev/null 2>&1",// Empty chain, users added/removed by garden_session
 	"iptables -t nat -F garden_users",
-	"iptables -t nat -N garden 2>&1", /* Don't flush - init script sets this up */
+	"iptables -t nat -A PREROUTING -j garden_users",	// DNAT any users on the garden_users chain
-	"iptables -t nat -A l2tpns -j garden_users",
+	NULL,
 	NULL
 };
-char *done_commands[] = {
+char *down_commands[] = {
-	"iptables -t nat -F garden_users 2>&1 >/dev/null",
+	"iptables -t nat -F PREROUTING",
-	"iptables -t nat -D l2tpns -j garden_users",
+	"iptables -t nat -F garden_users",
-	NULL
+	"iptables -t nat -X garden_users",
 	"iptables -t nat -F garden",
 	"iptables -t nat -X garden",
 	"rmmod iptable_nat ip_conntrack",
 	NULL,
 };
 int garden_session(sessiont *s, int flag);
@ -32,7 +39,7 @@ int plugin_post_auth(struct param_post_auth *data)
 	// Ignore if user authentication was successful
 	if (data->auth_allowed) return PLUGIN_RET_OK;
-	p.log(3, 0, 0, 0, "Walled Garden allowing login\n");
+	p->log(3, 0, 0, 0, "Walled Garden allowing login\n");
 	data->auth_allowed = 1;
 	data->s->walled_garden = 1;
 	return PLUGIN_RET_OK;
@ -40,13 +47,23 @@ int plugin_post_auth(struct param_post_auth *data)
 int plugin_new_session(struct param_new_session *data)
 {
-	if (data->s->walled_garden) garden_session(data->s, 1);
+	if (!iam_master)
 		return PLUGIN_RET_OK;	// Slaves don't do walled garden processing.
 	if (data->s->walled_garden)
 		garden_session(data->s, 1);
 	return PLUGIN_RET_OK;
 }
 int plugin_kill_session(struct param_new_session *data)
 {
-	if (data->s->walled_garden) garden_session(data->s, 0);
+	if (!iam_master)
 		return PLUGIN_RET_OK;	// Slaves don't do walled garden processing.
 	if (data->s->walled_garden)
 		garden_session(data->s, 0);
 	return PLUGIN_RET_OK;
 }
@ -55,12 +72,21 @@ int plugin_control(struct param_control *data)
 	sessiont *s;
 	sessionidt session;
-	if (data->type != PKT_GARDEN && data->type != PKT_UNGARDEN) return PLUGIN_RET_OK;
+	if (!iam_master)	// All garden processing happens on the master.
-	if (!data->data && data->data_length) return PLUGIN_RET_OK;
+		return PLUGIN_RET_OK;
 	if (data->type != PKT_GARDEN && data->type != PKT_UNGARDEN)
 		return PLUGIN_RET_OK;
 	if (!data->data && data->data_length)
 		return PLUGIN_RET_OK;
 	session = atoi((char*)(data->data));
-	if (!session) return PLUGIN_RET_OK; // Really?
+	if (!session)
 		return PLUGIN_RET_OK;
 	data->send_response = 1;
-	s = p.get_session_by_id(session);
+	s = p->get_session_by_id(session);
 	if (!s || !s->ip)
 	{
 		char *errormsg = "Session not connected";
@ -68,7 +94,7 @@ int plugin_control(struct param_control *data)
 		sprintf((data->response + data->response_length), "%s", errormsg);
 		data->response_length += strlen(errormsg) + 1;
-		p.log(3, 0, 0, 0, "Unknown session %d\n", session);
+		p->log(3, 0, 0, 0, "Unknown session %d\n", session);
 		return PLUGIN_RET_STOP;
 	}
 	*(short *)(data->response + 2) = ntohs(PKT_RESP_OK);
@ -80,9 +106,33 @@ int plugin_control(struct param_control *data)
 		sprintf((data->response + data->response_length), "%s", errormsg);
 		data->response_length += strlen(errormsg) + 1;
 	}
 	return PLUGIN_RET_STOP;
 }
 int plugin_become_master(void)
 {
 	int i;
 	iam_master = 1;	// We just became the master. Wow!
 	for (i = 0; up_commands[i] && *up_commands[i]; i++)
 	{
 		p->log(3, 0, 0, 0, "Running %s\n", up_commands[i]);
 		system(up_commands[i]);
 	}
 	return PLUGIN_RET_OK;
 }
 // Called for each active session after becoming master
 int plugin_new_session_master(sessiont * s)
 {	
 	if (s->walled_garden)
 		garden_session(s, 1);
 	return PLUGIN_RET_OK;
 }
 int garden_session(sessiont *s, int flag)
 {
 	char cmd[2048];
@ -90,34 +140,11 @@ int garden_session(sessiont *s, int flag)
 	if (!s) return 0;
 	if (!s->opened) return 0;
 	/* Note that we don't handle throttling/snooping/etc here
 	 * To do that, we'd need to send an end accounting record
 	 * then a radius auth, then start accouting again.
 	 * That means that we need the password (which garden has)
 	 * and a lot of code to check that the new set of params
 	 * (routes, IP, ACLs, etc) 'matched' the old one in a
 	 * 'compatable' way. (ie user's system doesn't need to be told
 	 * of the change)
 	 *
 	 * Thats a lot of pain/code for very little gain.
 	 * If we want them redone from scratch, just sessionkill them -
 	 * a user on garden isn't going to have any open TCP
 	 * connections which are worth caring about, anyway.
 	 *
 	 * Note that the user will be rethrottled shortly by the scan
 	 * script thingy if appropriate.
 	 *
 	 * Currently, garden only directly ungardens someone if
 	 * they haven't paid their bill, and then subsequently do so
 	 * online. This isn't something which can be set up by a malicious
 	 * customer at will.
 	 */
 	if (flag == 1)
 	{
-		// Gardened User
+		p->log(2, 0, 0, s->tunnel, "Garden user %s (%s)\n", s->user, p->inet_toa(htonl(s->ip)));
-		p.log(2, 0, 0, s->tunnel, "Trap user %s (%s) in walled garden\n", s->user, p.inet_toa(ntohl(s->ip)));
+		snprintf(cmd, 2048, "iptables -t nat -A garden_users -s %s -j garden", p->inet_toa(htonl(s->ip)));
-		snprintf(cmd, 2048, "iptables -t nat -A garden_users -s %s -j garden", p.inet_toa(ntohl(s->ip)));
+		p->log(3, 0, 0, s->tunnel, "%s\n", cmd);
 		p.log(3, 0, 0, s->tunnel, "%s\n", cmd);
 		system(cmd);
 		s->walled_garden = 1;
 	}
@ -127,18 +154,18 @@ int garden_session(sessiont *s, int flag)
 		int count = 40;
 		// Normal User
-		p.log(2, 0, 0, s->tunnel, "Release user %s (%s) from walled garden\n", s->user, p.inet_toa(ntohl(s->ip)));
+		p->log(2, 0, 0, s->tunnel, "Un-Garden user %s (%s)\n", s->user, p->inet_toa(htonl(s->ip)));
 		// Kick off any duplicate usernames
 		// but make sure not to kick off ourself
-		if (s->ip && !s->die && (other = p.get_session_by_username(s->user)) && s != p.get_session_by_id(other)) {
+		if (s->ip && !s->die && (other = p->get_session_by_username(s->user)) && s != p->get_session_by_id(other)) {
-			p.sessionkill(other, "Duplicate session when user un-gardened");
+			p->sessionkill(other, "Duplicate session when user released from walled garden");
 		}
 		/* Clean up counters */
 		s->cin = s->cout = 0;
 		s->pin = s->pout = 0;
-		snprintf(cmd, 2048, "iptables -t nat -D garden_users -s %s -j garden", p.inet_toa(ntohl(s->ip)));
+		snprintf(cmd, 2048, "iptables -t nat -D garden_users -s %s -j garden", p->inet_toa(htonl(s->ip)));
-		p.log(3, 0, 0, s->tunnel, "%s\n", cmd);
+		p->log(3, 0, 0, s->tunnel, "%s\n", cmd);
 		while (--count)
 		{
 			int status = system(cmd);
@ -149,8 +176,8 @@ int garden_session(sessiont *s, int flag)
 		if (!s->die) {
 			/* OK, we're up! */
-			u16 r = p.radiusnew(p.get_id_by_session(s));
+			u16 r = p->radiusnew(p->get_id_by_session(s));
-			p.radiussend(r, RADIUSSTART);
+			p->radiussend(r, RADIUSSTART);
 		}
 	}
 	s->walled_garden = flag;
@ -159,15 +186,32 @@ int garden_session(sessiont *s, int flag)
 int plugin_init(struct pluginfuncs *funcs)
 {
-	int i;
+	FILE *tables;
 	int found_nat = 0;
-	if (!funcs) return 0;
+	if (!funcs)
-	memcpy(&p, funcs, sizeof(p));
+		return 0;
-	for (i = 0; init_commands[i] && *init_commands[i]; i++)
+	p = funcs;
 	if ((tables = fopen("/proc/net/ip_tables_names", "r")))
 	{
-		p.log(3, 0, 0, 0, "Running %s\n", init_commands[i]);
+		char buf[1024];
-		system(init_commands[i]);
+		while (fgets(buf, sizeof(buf), tables) && !found_nat)
 			found_nat = !strcmp(buf, "nat\n");
 		fclose(tables);
 	}
 	/* master killed/crashed? */
 	if (found_nat)
 	{
 		int i;
 		for (i = 0; down_commands[i] && *down_commands[i]; i++)
 		{
 			p->log(3, 0, 0, 0, "Running %s\n", down_commands[i]);
 			system(down_commands[i]);
 		}
 	}
 	return 1;
@ -176,10 +220,14 @@ int plugin_init(struct pluginfuncs *funcs)
 void plugin_done()
 {
 	int i;
-	for (i = 0; done_commands[i] && *done_commands[i]; i++)
+
 	if (!iam_master)	// Never became master. nothing to do.
 		return;
 	for (i = 0; down_commands[i] && *down_commands[i]; i++)
 	{
-		p.log(3, 0, 0, 0, "Running %s\n", done_commands[i]);
+		p->log(3, 0, 0, 0, "Running %s\n", down_commands[i]);
-		system(done_commands[i]);
+		system(down_commands[i]);
 	}
 }
--- a/icmp.c
+++ b/icmp.c
@ -1,6 +1,7 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <netinet/in.h>
 #include <asm/types.h>
 #include <linux/ip.h>
 #include <linux/icmp.h>
 #include <stdio.h>
@ -9,9 +10,8 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <memory.h>
 #include "l2tpns.h"
-extern ipt myip;
+#include "l2tpns.h"
 __u16 _checksum(unsigned char *addr, int count);
--- a/l2tpns.c
+++ b/l2tpns.c
--- a/l2tpns.h
+++ b/l2tpns.h
@ -1,20 +1,35 @@
 // L2TPNS Global Stuff
-// $Id: l2tpns.h,v 1.6 2004/05/24 04:33:35 fred_nerk Exp $
+// $Id: l2tpns.h,v 1.7 2004/06/23 03:52:24 fred_nerk Exp $
 #ifndef __L2TPNS_H__
 #define __L2TPNS_H__
 #include <netinet/in.h>
 #include <stdio.h>
 #include <execinfo.h>
 #include <stdio.h>
 #include <signal.h>
 #include <stdlib.h>
 #include <netinet/in.h>
 #include <sys/socket.h>
 #include <arpa/inet.h>
 #include <sys/types.h>
 #include <libcli.h>
 #include "config.h"
-#define VERSION	"1.2.0"
+#define VERSION	"2.0.0"
 // Limits
 #define MAXTUNNEL	500		// could be up to 65535
 #define MAXSESSION	50000		// could be up to 65535
 #define MAXTBFS		6000		// Maximum token bucket filters. Might need up to 2 * session.
 #define RADIUS_SHIFT	5
 #define RADIUS_MASK	((unsigned short)(((unsigned short)~0) >> (16 - RADIUS_SHIFT)))
 #define	MAXRADIUS	((2 << (RADIUS_SHIFT - 1)) * 255)
 #define T_UNDEF		(0xffff)	// A tunnel ID that won't ever be used. Mark session as undefined.
 #define T_FREE		(0)		// A tunnel ID that won't ever be used. Mark session as free.
 #define	MAXCONTROL	1000		// max length control message we ever send...
 #define	MAXETHER	(1500+18)	// max packet we try sending to tap
 #define	MAXTEL		96		// telephone number
@ -28,20 +43,28 @@
 #define IDLE_TIMEOUT	240		// Time between last packet sent and LCP ECHO generation
 // Constants
-#define STATISTICS
+#ifndef PLUGINDIR
-#define STAT_CALLS
+#define PLUGINDIR	LIBDIR			// Plugins
-#define RINGBUFFER
+#endif
 #ifndef PLUGINCONF
 #define PLUGINCONF	ETCDIR			// Plugin config dir
 #endif
 #ifndef DATADIR
 #define DATADIR		"/tmp"
 #endif
 #ifndef FLASHDIR
 #define FLASHDIR	ETCDIR
 #endif
 #define TAPDEVICE	"/dev/net/tun"
 #define	UDP		17
-#define HOMEDIR		"/home/l2tpns/"			// Base dir for data
+#define STATEFILE	DATADIR "/state.dump"		// State dump file
-#define STATEFILE	"/tmp/l2tpns.dump"              // State dump file
+#define CONFIGFILE	FLASHDIR "/startup-config"	// Configuration file
-#define NOSTATEFILE	"/tmp/l2tpns.no_state_reload"   // If exists, state will not be reloaded
+#define CLIUSERS	FLASHDIR "/users"		// CLI Users file
-#define CONFIGFILE	ETCDIR "/l2tpns.cfg"            // Configuration file
+#define IPPOOLFILE	FLASHDIR "/ip_pool"		// Address pool configuration
 #define CLIUSERS	ETCDIR "/l2tpns.users"          // CLI Users file
 #define IPPOOLFILE	ETCDIR "/l2tpns.ip_pool"        // Address pool configuration
 #ifndef LIBDIR
 #define LIBDIR		"/usr/lib/l2tpns"
 #endif
 #define ACCT_TIME	3000		// 5 minute accounting interval
 #define	L2TPPORT	1701		// L2TP port
 #define RADPORT		1645		// old radius port...
@ -56,7 +79,7 @@
 #define	PPPCCP		0x80FD
 #define PPPIP		0x0021
 #define PPPMP		0x003D
-#define MIN_IP_SIZE	0x20
+#define MIN_IP_SIZE	0x19
 enum
 {
 	ConfigReq = 1,
@ -102,20 +125,13 @@ typedef struct controls         // control message
 }
 controlt;
 typedef struct stbft
 {
    char handle[10];
    char in_use;
 } tbft;
 // 336 bytes per session
 typedef struct sessions
 {
 	sessionidt next;		// next session in linked list
 	sessionidt far;			// far end session ID
 	tunnelidt tunnel;		// tunnel ID
-	ipt ip;				// IP of session set by RADIUS response
+	ipt ip;				// IP of session set by RADIUS response (host byte order).
 	int ip_pool_index;		// index to IP pool
 	unsigned long sid;		// session id for hsddb
 	u16 nr;				// next receive
@ -126,28 +142,40 @@ typedef struct sessions
 	u32 total_cin;			// This counter is never reset while a session is open
 	u32 total_cout;			// This counter is never reset while a session is open
 	u32 id;				// session id
 	u32 throttle;			// non-zero if this session is throttled.
 	clockt opened;			// when started
 	clockt die;			// being closed, when to finally free
 	time_t last_packet;		// Last packet from the user (used for idle timeouts)
 	ipt dns1, dns2;			// DNS servers
 	routet route[MAXROUTE];		// static routes
 	u16 radius;			// which radius session is being used (0 for not waiting on authentication)
 	u8 flags;			// various bit flags
 	u8 snoop;			// are we snooping this session?
 	u8 throttle;			// is this session throttled?
 	u8 walled_garden;		// is this session gardened?
 	u16 mru;			// maximum receive unit
-	u16 tbf;			// filter bucket for throttling
+	u16 tbf_in;			// filter bucket for throttling in from the user.
 	u16 tbf_out;			// filter bucket for throttling out to the user.
 	u8 l2tp_flags;			// various bit flags from the ICCN on the l2tp tunnel.
 	u8 walled_garden;		// is this session gardened?
 	u8 flags1;			// additional flags (currently unused);
 	char random_vector[MAXTEL];
 	int random_vector_length;
-	char user[129];			// user (needed in seesion for radius stop messages)
+	char user[129];			// user (needed in seesion for radius stop messages) (can we reduce this? --mo)
 	char called[MAXTEL];		// called number
 	char calling[MAXTEL];		// calling number
-	unsigned long tx_connect_speed;
+	u32 tx_connect_speed;
-	unsigned long rx_connect_speed;
+	u32 rx_connect_speed;
 	u32 flags;			// Various session flags.
 	ipt snoop_ip;			// Interception destination IP
 	u16 snoop_port;			// Interception destination port
 	char reserved[28];		// Space to expand structure without changing HB_VERSION
 }
 sessiont;
 #define SF_IPCP_ACKED	(1<<0)		// Has this session seen an IPCP Ack?
 typedef struct {
 	u32	cin;
 	u32	cout;
 } sessioncountt;
 #define	SESSIONPFC	1            // PFC negotiated flags
 #define	SESSIONACFC	2           // ACFC negotiated flags
@ -191,7 +219,7 @@ radiust;
 typedef struct
 {
-	ipt		address;
+	ipt		address;	// Host byte order..
 	char		assigned;	// 1 if assigned, 0 if free
 	sessionidt	session;
 	clockt		last;		// last used
@ -223,7 +251,8 @@ enum
 	TUNNELFREE,		// Not in use
 	TUNNELOPEN,		// Active tunnel
 	TUNNELDIE,		// Currently closing
-	TUNNELOPENING		// Busy opening
+	TUNNELOPENING,		// Busy opening
 	TUNNELUNDEF,		// Undefined
 };
 enum
@ -234,7 +263,8 @@ enum
 	RADIUSIPCP,             // sending IPCP to end user
 	RADIUSSTART,            // sending start accounting to RADIUS server
 	RADIUSSTOP,             // sending stop accounting to RADIUS server
-	RADIUSWAIT		// waiting timeout before available, in case delayed replies
+	RADIUSWAIT,		// waiting timeout before available, in case delayed replies
 	RADIUSDEAD,		// errored while talking to radius server.
 };
 struct Tstats
@ -278,6 +308,9 @@ struct Tstats
    unsigned long	ip_allocated;
    unsigned long	ip_freed;
    unsigned long	c_forwarded;
    unsigned long	recv_forward;
 #ifdef STAT_CALLS
    unsigned long	call_processtap;
    unsigned long	call_processarp;
@ -326,6 +359,7 @@ struct configt
 	int		debug;				// debugging level
 	time_t		start_time;			// time when l2tpns was started
 	char		bandwidth[256];			// current bandwidth
 	clockt		current_time;
 	char		config_file[128];
 	int		reload_config;			// flag to re-read config (set by cli)
@ -344,21 +378,43 @@ struct configt
 	ipt		default_dns1, default_dns2;
 	ipt		snoop_destination_host;
 	u16		snoop_destination_port;
 	unsigned long	rl_rate;
 	int		save_state;
 	uint32_t	cluster_address;
 	int		ignore_cluster_updates;
 	char		accounting_dir[128];
 	ipt		bind_address;
 	int		send_garp;			// Set to true to garp for vip address on startup
 	int		target_uid;
 	int		dump_speed;
 	char		plugins[64][MAXPLUGINS];
 	char		old_plugins[64][MAXPLUGINS];
 	int		next_tbf;			// Next HTB id available to use
 	int		scheduler_fifo;			// If 1, will force scheduler to use SCHED_FIFO.
 							// Don't use this unless you have a dual processor machine!
 	int		icmp_rate;			// Max number of ICMP unreachable per second to send
 	u32	cluster_address;		// Multicast address of cluster.
 							// Send to this address to have everyone hear.
 	char		cluster_interface[64];		// Which interface to listen for multicast on.
 	int		cluster_iam_master;		// Are we the cluster master???
 	int		cluster_iam_uptodate;		// Set if we've got a full set of state from the master.
 	u32	cluster_master_address;		// The network address of the cluster master.
 							// Zero if i am the cluster master.
 	int		cluster_seq_number;		// Sequence number of the next heartbeat we'll send out
 							// (or the seq number we're next expecting if we're a slave).
 	int		cluster_undefined_sessions;	// How many sessions we're yet to receive from the master.
 	int		cluster_undefined_tunnels;	// How many tunnels we're yet to receive from the master.
 	int		cluster_highest_sessionid;
 	int		cluster_highest_tunnelid;
 	clockt		cluster_last_hb;		// Last time we saw a heartbeat from the master.
 	int		cluster_num_changes;		// Number of changes queued.
 #ifdef BGP
 	u16		as_number;
 	char		bgp_peer[2][64];
 	u16		bgp_peer_as[2];
 #endif
 };
 struct config_descriptt
@ -381,10 +437,10 @@ void processipcp(tunnelidt t, sessionidt s, u8 * p, u16 l);
 void processipin(tunnelidt t, sessionidt s, u8 * p, u16 l);
 void processccp(tunnelidt t, sessionidt s, u8 * p, u16 l);
 void sendchap(tunnelidt t, sessionidt s);
-u8 *makeppp(u8 * b, u8 * p, int l, tunnelidt t, sessionidt s, u16 mtype);
+u8 *makeppp(u8 * b, int size, u8 * p, int l, tunnelidt t, sessionidt s, u16 mtype);
 u8 *findppp(u8 * b, u8 mtype);
 void initlcp(tunnelidt t, sessionidt s);
-void dumplcp(char *p, int l);
+void dumplcp(u8 *p, int l);
 // radius.c
@ -410,7 +466,7 @@ void rl_destroy_tbf(u16 t);
 // l2tpns.c
 clockt now(void);
 clockt backoff(u8 try);
-void routeset(ipt ip, ipt mask, ipt gw, u8 add);
+void routeset(sessionidt, ipt ip, ipt mask, ipt gw, u8 add);
 void inittap(void);
 void initudp(void);
 void initdata(void);
@ -439,9 +495,13 @@ void processtap(u8 * buf, int len);
 void processcontrol(u8 * buf, int len, struct sockaddr_in *addr);
 int assign_ip_address(sessionidt s);
 void free_ip_address(sessionidt s);
-void snoop_send_packet(char *packet, u16 size);
+void snoop_send_packet(char *packet, u16 size, ipt destination, u16 port);
 void dump_acct_info();
 void mainloop(void);
 int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc);
 int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc);
 #define log _log
 #ifndef log_hex
 #define log_hex(a,b,c,d) do{if (a <= config->debug) _log_hex(a,0,0,0,b,c,d);}while (0)
@ -449,7 +509,7 @@ void mainloop(void);
 void _log(int level, ipt address, sessionidt s, tunnelidt t, const char *format, ...) __attribute__((format (printf, 5, 6)));
 void _log_hex(int level, ipt address, sessionidt s, tunnelidt t, const char *title, const char *data, int maxsize);
 void build_chap_response(char *challenge, u8 id, u16 challenge_length, char **challenge_response);
-int sessionsetup(tunnelidt t, sessionidt s, u8 routes);
+int sessionsetup(tunnelidt t, sessionidt s);
 int cluster_send_session(int s);
 int cluster_send_tunnel(int t);
 int cluster_send_goodbye();
@ -459,15 +519,23 @@ void cli_do(int sockfd);
 #ifdef RINGBUFFER
 void ringbuffer_dump(FILE *stream);
 #endif
-void initplugins();
+void initplugins(void);
 int run_plugins(int plugin_type, void *data);
 void add_plugin(char *plugin_name);
 void remove_plugin(char *plugin_name);
 void plugins_done(void);
 void tunnelclear(tunnelidt t);
 void host_unreachable(ipt destination, u16 id, ipt source, char *packet, int packet_len);
-
+void fix_address_pool(int sid);
 void rebuild_address_pool(void);
 void send_ipin(sessionidt s, u8 * buf, int len);
 int throttle_session(sessionidt s, int throttle);
 int load_session(sessionidt, sessiont *);
 void become_master(void);	// We're the master; kick off any required master initializations.
 extern tunnelt *tunnel;
 extern sessiont *session;
 extern sessioncountt *sess_count;
 extern ippoolt *ip_address_pool;
 #define sessionfree (session[0].next)
 #define log_backtrace(count, max) \
@ -485,3 +553,12 @@ if (count++ < max) { \
 	free(strings); \
 }
 extern struct configt *config;
 extern time_t basetime;		// Time when this process started.
 extern time_t time_now;		// Seconds since EPOCH.
 extern u32 last_sid;
 extern struct Tstats *_statistics;
 extern ipt my_address;
 extern int tun_write(u8 *data, int size);
 #endif /* __L2TPNS_H__ */
--- a/ll.c
+++ b/ll.c
@ -1,5 +1,5 @@
 // L2TPNS Linked List Stuff
-// $Id: ll.c,v 1.2 2004/03/05 00:09:03 fred_nerk Exp $
+// $Id: ll.c,v 1.3 2004/06/23 03:52:24 fred_nerk Exp $
 #include <stdio.h>
 #include <sys/file.h>
--- a/ll.h
+++ b/ll.h
@ -25,4 +25,4 @@ void *ll_next(linked_list *l);
 int ll_size(linked_list *l);
 int ll_contains(linked_list *l, void *search);
-#endif
+#endif /* __LL_H__ */
--- a/machines.cfg
+++ b/machines.cfg
@ -1,39 +0,0 @@
 #!/usr/bin/perl -w
 # vim:ft=perl
 $m{$_class} = {
 	IPfilter => "iptables",
 	File_append => [
 		[ "/etc/modules.conf", "alias char-major-10-200 tun\n", "char-major-10-200", "depmod -a" ],
 	],
 	inittab_include => [
 		"$_path/src/l2tpns",
 	],
 	rpm_check => [
 		"$_path/rpm/libcli-1.2.0-1.i386.rpm",
 		'iproute',
 		'perl-Compress-Zlib',
 		'perl-MLDBM',
 		'perl-Storable',
 	],
 	Firewall => {
 		'all' => '1701:udp',
 	},
 	F_Firewall => {
 		all => 'all',
 	},
 	Sysctl => {
 		'net.ipv4.ip_forward' => 1,
 		'net.ipv4.conf.all.proxy_arp' => 1,
 		'net.core.rmem_max' => 8388608,
 		'net.core.wmem_max' => 8388608,
 		'net.core.rmem_default' => 8388608,
 		'net.core.wmem_default' => 8388608,
 		'net.ipv4.tcp_rmem' => '4096 65530 128388607',
 		'net.ipv4.tcp_wmem' => '4096 65530 128388607',
 	},
 	File_install => [
 		[ "/etc/logrotate.d/l2tpns", "$_path/etc/l2tpns.logrotate", undef, { mode => 0755 } ],
 	],
 };
--- a/md5.h
+++ b/md5.h
@ -1,6 +1,9 @@
-/* GLOBAL.H - RSAREF types and constants
+/* RSAREF types and constants
 */
 #ifndef __MD5_H__
 #define __MD5_H__
 /* PROTOTYPES should be set to one if and only if the compiler supports
  function argument prototyping.
 The following makes PROTOTYPES default to 0 if it has not already
@ -68,3 +71,4 @@ void MD5Update PROTO_LIST
  ((MD5_CTX *, unsigned char *, unsigned int));
 void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
 #endif /* __MD5_H__ */
--- a/plugin.h
+++ b/plugin.h
@ -14,7 +14,9 @@ enum
 	PLUGIN_NEW_SESSION,
 	PLUGIN_KILL_SESSION,
 	PLUGIN_CONTROL,
-	PLUGIN_RADIUS_RESPONSE
+	PLUGIN_RADIUS_RESPONSE,
 	PLUGIN_BECOME_MASTER,
 	PLUGIN_NEW_SESSION_MASTER,
 };
 #define PLUGIN_RET_ERROR	0
@ -115,4 +117,4 @@ struct param_radius_response
 	char *value;
 };
-#endif
+#endif /* __PLUGIN_H__ */
--- a/ppp.c
+++ b/ppp.c
@ -1,5 +1,5 @@
 // L2TPNS PPP Stuff
-// $Id: ppp.c,v 1.4 2004/05/24 04:26:01 fred_nerk Exp $
+// $Id: ppp.c,v 1.5 2004/06/23 03:52:24 fred_nerk Exp $
 #include <stdio.h>
 #include <string.h>
@ -10,14 +10,15 @@
 #include "constants.h"
 #include "plugin.h"
 #include "util.h"
 #include "tbf.h"
 #include "cluster.h"
 extern tunnelt *tunnel;
 extern sessiont *session;
 extern radiust *radius;
 extern int tapfd;
-extern char hostname[1000];
+extern char hostname[];
-extern struct Tstats *_statistics;
+extern u32 eth_tx;
 extern unsigned long eth_tx;
 extern time_t time_now;
 extern struct configt *config;
@ -66,7 +67,11 @@ void processpap(tunnelidt t, sessionidt s, u8 * p, u16 l)
 		// respond now, either no RADIUS available or already authenticated
 		u8 b[MAXCONTROL];
 		u8 id = p[1];
-		u8 *p = makeppp(b, 0, 0, t, s, PPPPAP);
+		u8 *p = makeppp(b, sizeof(b), 0, 0, t, s, PPPPAP);
 		if (!p) {	// Failed to make ppp header!
 			log(1,0,0,0, "Failed to make PPP header in process pap!\n");
 			return;
 		}
 		if (session[s].ip)
 			*p = 2;              // ACK
 		else
@ -126,6 +131,9 @@ void processchap(tunnelidt t, sessionidt s, u8 * p, u16 l)
 	if (!r)
 	{
 		log(1, 0, s, t, "Unexpected CHAP message\n");
 // FIXME: Need to drop the session here.
 		STAT(tunnel_rx_errors);
 		return;
 	}
@ -206,21 +214,21 @@ char *ppp_lcp_types[] = {
 	"DiscardRequest",
 };
-void dumplcp(char *p, int l)
+void dumplcp(u8 *p, int l)
 {
-	signed int x = l - 3;
+	signed int x = l - 4;
-	char *o = (p + 3);
+	u8 *o = (p + 4);
 	log_hex(5, "PPP LCP Packet", p, l);
-	log(4, 0, 0, 0, "PPP LCP Packet type %d (%s)\n", *p, ppp_lcp_types[(int)*p]);
+	log(4, 0, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p, ppp_lcp_types[(int)*p], ntohs( ((u16 *) p)[1]) );
 	log(4, 0, 0, 0, "Length: %d\n", l);
 	if (*p != ConfigReq && *p != ConfigRej && *p != ConfigAck)
 		return;
 	while (x > 2)
 	{
-		int type = *(u8 *)(o);
+		int type = o[0];
-		int length = *(u8 *)(o + 1);
+		int length = o[1];
 		if (length == 0)
 		{
 			log(4, 0, 0, 0, "	Option length is 0...\n");
@ -245,18 +253,18 @@ void dumplcp(char *p, int l)
 							proto == 0xC223 ? "CHAP" : "PAP");
 					break;
 				}
 			case 5: // Magic-Number
 				{
 					u32 magicno = ntohl(*(u32 *)(o + 2));
 					log(4, 0, 0, 0, "    %s %x\n", lcp_types[type], magicno);
 					break;
 				}
 			case 4: // Quality-Protocol
 				{
 					u32 qp = ntohl(*(u32 *)(o + 2));
 					log(4, 0, 0, 0, "    %s %x\n", lcp_types[type], qp);
 					break;
 				}
 			case 5: // Magic-Number
 				{
 					u32 magicno = ntohl(*(u32 *)(o + 2));
 					log(4, 0, 0, 0, "    %s %x\n", lcp_types[type], magicno);
 					break;
 				}
 			case 7: // Protocol-Field-Compression
 				{
 					u32 pfc = ntohl(*(u32 *)(o + 2));
@ -300,15 +308,16 @@ void processlcp(tunnelidt t, sessionidt s, u8 * p, u16 l)
 	}
 	else if (*p == ConfigReq)
 	{
-		signed int x = l - 1;
+		signed int x = l - 4;
-		char *o = (p + 1);
+		u8 *o = (p + 4);
 		log(3, session[s].ip, s, t, "LCP: ConfigReq (%d bytes)...\n", l);
 		dumplcp(p, l);
 		while (x > 2)
 		{
-			int type = *(u8 *)(o);
+			int type = o[0];
-			int length = *(u8 *)(o + 1);
+			int length = o[1];
 			if (length == 0 || type == 0) break;
 			switch (type)
 			{
@ -324,7 +333,11 @@ void processlcp(tunnelidt t, sessionidt s, u8 * p, u16 l)
 							if (!q)
 							{
-								q = makeppp(b, p, l, t, s, PPPLCP);
+								q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
 								if (!q) {
 									log(2, session[s].ip, s, t, " Failed to send packet.\n");
 									break;
 								}
 								*q++ = ConfigNak;
 							}
 							memcpy(q, o, length);
@ -365,7 +378,11 @@ void processlcp(tunnelidt t, sessionidt s, u8 * p, u16 l)
 		{
 			// Send back a ConfigAck
 			log(3, session[s].ip, s, t, "ConfigReq accepted, sending as Ack\n");
-			q = makeppp(b, p, l, t, s, PPPLCP);
+			q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
 			if (!q) {
 				log(3, session[s].ip, s, t, " failed to create packet.\n");
 				return;
 			}
 			*q = ConfigAck;
 			tunnelsend(b, l + (q - b), t);
 		}
@ -376,7 +393,7 @@ void processlcp(tunnelidt t, sessionidt s, u8 * p, u16 l)
 			tunnelsend(b, l + (q - b), t);
 			log(3, session[s].ip, s, t, "Sending ConfigReq, requesting PAP login\n");
-			q = makeppp(b, NULL, 0, t, s, PPPLCP);
+			q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP);
 			*q++ = ConfigReq;
 			*(u8 *)(q++) = 3;
 			*(u8 *)(q++) = 4;
@ -393,7 +410,11 @@ void processlcp(tunnelidt t, sessionidt s, u8 * p, u16 l)
 	else if (*p == TerminateReq)
 	{
 		*p = TerminateAck;     // close
-		q = makeppp(b, p, l, t, s, PPPLCP);
+		q = makeppp(b, sizeof(b),  p, l, t, s, PPPLCP);
 		if (!q) {
 			log(3, session[s].ip, s, t, "Failed to create PPP packet in processlcp.\n");
 			return;
 		}
 		log(3, session[s].ip, s, t, "LCP: Received TerminateReq. Sending TerminateAck\n");
 		sessionshutdown(s, "Remote end closed connection.");
 		tunnelsend(b, l + (q - b), t); // send it
@ -406,7 +427,11 @@ void processlcp(tunnelidt t, sessionidt s, u8 * p, u16 l)
 	{
 		*p = EchoReply;      // reply
 		*(u32 *) (p + 4) = htonl(session[s].magic); // our magic number
-		q = makeppp(b, p, l, t, s, PPPLCP);
+		q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
 		if (!q) {
 			log(3, session[s].ip, s, t, " failed to send EchoReply.\n");
 			return;
 		}
 		log(5, session[s].ip, s, t, "LCP: Received EchoReq. Sending EchoReply\n");
 		tunnelsend(b, l + (q - b), t); // send it
 	}
@ -438,11 +463,14 @@ void processipcp(tunnelidt t, sessionidt s, u8 * p, u16 l)
 	if (*p == ConfigAck)
 	{                          // happy with our IPCP
 		u16 r = session[s].radius;
-		if ((!r || radius[r].state == RADIUSIPCP) && !session[s].walled_garden)
+		if ((!r || radius[r].state == RADIUSIPCP) && !session[s].walled_garden) {
 			if (!r)
 				r = radiusnew(s);
 			if (r)
 				radiussend(r, RADIUSSTART); // send radius start, having got IPCP at last
 		}
 		session[s].flags |= SF_IPCP_ACKED;
 		return ;                 // done
 	}
 	if (*p != ConfigReq)
@ -460,7 +488,7 @@ void processipcp(tunnelidt t, sessionidt s, u8 * p, u16 l)
 	if (!session[s].ip)
 	{
 		log(3, 0, s, t, "Waiting on radius reply\n");
-		return ;                   // have to wait on RADIUS eply
+		return ;                   // have to wait on RADIUS reply
 	}
 	// form a config reply quoting the IP in the session
 	{
@ -480,7 +508,11 @@ void processipcp(tunnelidt t, sessionidt s, u8 * p, u16 l)
 		{                       // reject
 			u16 n = 4;
 			i = p + l;
-			q = makeppp(b, p, l, t, s, PPPIPCP);
+			q = makeppp(b, sizeof(b), p, l, t, s, PPPIPCP);
 			if (!q) {
 				log(2, 0, s, t, "Failed to send IPCP.\n");
 				return;
 			}
 			*q = ConfigRej;
 			p += 4;
 			while (p < i && p[1])
@ -529,54 +561,109 @@ void processipcp(tunnelidt t, sessionidt s, u8 * p, u16 l)
 				*(u32 *) (i + 2) = htonl(session[s].ip);
 				*p = ConfigNak;
 			}
-			q = makeppp(b, p, l, t, s, PPPIPCP);
+			q = makeppp(b, sizeof(b), p, l, t, s, PPPIPCP);
 			if (!q) {
 				log(2, 0, s, t, " Failed to send IPCP packet.\n");
 				return;
 			}
 			tunnelsend(b, l + (q - b), t); // send it
 		}
 	}
 }
 // process IP packet received
 //
 // This MUST be called with at least 4 byte behind 'p'.
 // (i.e. this routine writes to p[-4]).
 void processipin(tunnelidt t, sessionidt s, u8 * p, u16 l)
 {
 	ipt ip;
 #ifdef STAT_CALLS
 	STAT(call_processipin);
 #endif
 	log_hex(5, "IP", p, l);
 	ip = ntohl(*(u32 *)(p + 12));
 	if (l > MAXETHER)
 	{
-		log(1, *(u32 *)(p + 12), s, t, "IP packet too long %d\n", l);
+		log(1, ip, s, t, "IP packet too long %d\n", l);
 		STAT(tunnel_rx_errors);
 		return ;
 	}
-	session[s].cin += l;
+	// no spoof (do sessionbyip to handled statically routed subnets)
-	session[s].total_cin += l;
+	if (ip != session[s].ip && sessionbyip(htonl(ip)) != s)
-	session[s].pin++;
+	{
-	eth_tx += l;
+		log(5, ip, s, t, "Dropping packet with spoofed IP %s\n", inet_toa(htonl(ip)));
 		return;
 	}
 	// Add on the tun header
 	p -= 4;
 	*(u32 *)p = htonl(0x00000800);
 	l += 4;
 	if (session[s].tbf_in && !config->cluster_iam_master) { // Are we throttled and a slave?
 		master_throttle_packet(session[s].tbf_in, p, l); // Pass it to the master for handling.
 		return;
 	}
 	session[s].cin += l - 4;
 	session[s].total_cin += l - 4;
 	sess_count[s].cin += l - 4;
 	session[s].pin++;
 	eth_tx += l - 4;
 	if (session[s].snoop_ip && session[s].snoop_port)
 	{
 		// Snooping this session, send it to ASIO
 		snoop_send_packet(p, l, session[s].snoop_ip, session[s].snoop_port);
 	}
 	STAT(tap_tx_packets);
 	INC_STAT(tap_tx_bytes, l);
 	if (session[s].tbf_in && config->cluster_iam_master) { // Are we throttled and a master?? actually handle the throttled packets.
 		tbf_queue_packet(session[s].tbf_in, p, l);
 		return;
 	}
 	// send to ethernet
-	if (write(tapfd, p, l) < 0)
+	if (tun_write(p, l) < 0)
 	{
 		STAT(tap_tx_errors);
 		log(0, 0, s, t, "Error writing %d bytes to TAP device: %s (tapfd=%d, p=%p)\n",
 			l, strerror(errno), tapfd, p);
 	}
 	if (session[s].snoop)
 	{
 		// Snooping this session, send it to ASIO
 		snoop_send_packet(p, l);
 	}
 	STAT(tap_tx_packets);
 	INC_STAT(tap_tx_bytes, l);
 }
 //
 // Helper routine for the TBF filters.
 // Used to send queued data in from the user.
 //
 void send_ipin(sessionidt s, u8 *buf, int len)
 {
 	log_hex(5, "IP in throttled", buf, len);
 	if (write(tapfd, buf, len) < 0)
 	{
 		STAT(tap_tx_errors);
 		log(0, 0, 0, 0, "Error writing %d bytes to TAP device: %s (tapfd=%d, p=%p)\n",
 			len, strerror(errno), tapfd, buf);
 	}
 	// Increment packet counters
 	session[s].cin += len - 4;
 	session[s].total_cin += len - 4;
 	sess_count[s].cin += len - 4;
 	session[s].pin++;
 	eth_tx += len - 4;
 }
 // Process LCP messages
 void processccp(tunnelidt t, sessionidt s, u8 * p, u16 l)
 {
@ -607,7 +694,11 @@ void processccp(tunnelidt t, sessionidt s, u8 * p, u16 l)
 		}
 		else
 			*p = TerminateAck;     // close
-		q = makeppp(b, p, l, t, s, PPPCCP);
+		q = makeppp(b, sizeof(b), p, l, t, s, PPPCCP);
 		if (!q) {
 			log(1,0,0,0, "Failed to send CCP packet.\n");	
 			return;
 		}
 		tunnelsend(b, l + (q - b), t); // send it
 	}
 }
@ -645,7 +736,11 @@ void sendchap(tunnelidt t, sessionidt s)
 		STAT(tunnel_tx_errors);
 		return ;
 	}
-	q = makeppp(b, 0, 0, t, s, PPPCHAP);
+	q = makeppp(b, sizeof(b), 0, 0, t, s, PPPCHAP);
 	if (!q) {
 		log(1, 0, s, t, "failed to send CHAP challenge.\n");
 		return;
 	}
 	*q = 1;                      // challenhe
 	q[1] = radius[r].id;         // ID
 	q[4] = 16;                   // length
@ -658,24 +753,33 @@ void sendchap(tunnelidt t, sessionidt s)
 // fill in a L2TP message with a PPP frame,
 // copies existing PPP message and changes magic number if seen
 // returns start of PPP frame
-u8 *makeppp(u8 * b, u8 * p, int l, tunnelidt t, sessionidt s, u16 mtype)
+u8 *makeppp(u8 * b, int size, u8 * p, int l, tunnelidt t, sessionidt s, u16 mtype)
 {
 	if (size < 12)
 		return NULL;	// Need more space than this!!
 	*(u16 *) (b + 0) = htons(0x0002); // L2TP with no options
 	*(u16 *) (b + 2) = htons(tunnel[t].far); // tunnel
 	*(u16 *) (b + 4) = htons(session[s].far); // session
 	b += 6;
-	if (mtype != PPPLCP && !(session[s].flags & SESSIONACFC))
+	if (mtype != PPPLCP && !(session[s].l2tp_flags & SESSIONACFC))
 	{
 		*(u16 *) b = htons(0xFF03); // HDLC header
 		b += 2;
 	}
-	if (mtype < 0x100 && session[s].flags & SESSIONPFC)
+	if (mtype < 0x100 && session[s].l2tp_flags & SESSIONPFC)
 		*b++ = mtype;
 	else
 	{
 		*(u16 *) b = htons(mtype);
 		b += 2;
 	}
 	if (l + 12 > size) {
 		log(3,0,0,0, "Would have overflowed the buffer in makeppp: size %d, len %d.\n", size, l);
 		return NULL;	// Run out of room to hold the packet!
 	}
 	if (p && l)
 		memcpy(b, p, l);
 	return b;
@ -706,7 +810,11 @@ void initlcp(tunnelidt t, sessionidt s)
 {
 	char b[500] = {0}, *q;
-	q = makeppp(b, NULL, 0, t, s, PPPLCP);
+	q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP);
 	if (!q) {
 		log(1, 0, s, t, "Failed to send LCP ConfigReq.\n");
 		return;
 	}
 	log(4, 0, s, t, "Sending LCP ConfigReq for PAP\n");
 	*q = ConfigReq;
 	*(u8 *)(q + 1) = (time_now % 255) + 1; // ID
--- a/radius.c
+++ b/radius.c
@ -1,5 +1,5 @@
 // L2TPNS Radius Stuff
-// $Id: radius.c,v 1.3 2004/05/24 04:27:11 fred_nerk Exp $
+// $Id: radius.c,v 1.4 2004/06/23 03:52:24 fred_nerk Exp $
 #include <time.h>
 #include <stdio.h>
@ -21,7 +21,6 @@ extern radiust *radius;
 extern sessiont *session;
 extern tunnelt *tunnel;
 extern u32 sessionid;
 extern struct Tstats *_statistics;
 extern struct configt *config;
 extern int *radfds;
@ -95,6 +94,9 @@ u16 radiusnew(sessionidt s)
 	session[s].radius = r;
 	radius[r].session = s;
 	radius[r].state = RADIUSWAIT;
 	radius[r].retry = config->current_time + 1200; // Wait at least 120 seconds to re-claim this.
 	log(3,0,s, session[s].tunnel, "Allocated radius %d\n", r);
 	return r;
 }
@ -352,6 +354,11 @@ void processrad(u8 *buf, int len, char socket_index)
 	hasht hash;
 	u8 routes = 0;
 	int r_code, r_id ; // Radius code.
 	r_code = buf[0]; // First byte in radius packet.
 	r_id = buf[1]; // radius reply indentifier.
 #ifdef STAT_CALLS
 	STAT(call_processrad);
 #endif
@ -362,10 +369,10 @@ void processrad(u8 *buf, int len, char socket_index)
 		return ;
 	}
 	len = ntohs(*(u16 *) (buf + 2));
-	r = socket_index | (buf[1] << RADIUS_SHIFT);
+	r = socket_index | (r_id << RADIUS_SHIFT);
 	s = radius[r].session;
-	log(3, 0, s, session[s].tunnel, "Received %s, radius %d response for session %u\n",
+	log(3, 0, s, session[s].tunnel, "Received %s, radius %d response for session %u (code %d, id %d)\n",
-			radius_states[radius[r].state], r, s);
+			radius_states[radius[r].state], r, s, r_code, r_id);
 	if (!s && radius[r].state != RADIUSSTOP)
 	{
 		log(1, 0, s, session[s].tunnel, "   Unexpected RADIUS response\n");
@ -386,16 +393,21 @@ void processrad(u8 *buf, int len, char socket_index)
 	do {
 		if (memcmp(hash, buf + 4, 16))
 		{
-			log(0, 0, s, session[s].tunnel, "   Incorrect auth on RADIUS response\n");
+			log(0, 0, s, session[s].tunnel, "   Incorrect auth on RADIUS response!! (wrong secret in radius config?)\n");
-			radius[r].state = RADIUSWAIT;
+//			radius[r].state = RADIUSWAIT;
-			break;
+
 			return; // Do nothing. On timeout, it will try the next radius server.
 		}
 		if ((radius[r].state == RADIUSAUTH && *buf != 2 && *buf != 3) ||
 			((radius[r].state == RADIUSSTART || radius[r].state == RADIUSSTOP) && *buf != 5))
 		{
 			log(1, 0, s, session[s].tunnel, "   Unexpected RADIUS response %d\n", *buf);
-			radius[r].state = RADIUSWAIT;
+
-			break;
+			return; // We got something we didn't expect. Let the timeouts take
 				// care off finishing the radius session if that's really correct.
 // old code. I think incorrect. --mo
 //			radius[r].state = RADIUSWAIT;
 //			break; // Finish the radius sesssion.
 		}
 		if (radius[r].state == RADIUSAUTH)
 		{
@ -404,8 +416,10 @@ void processrad(u8 *buf, int len, char socket_index)
 			if (radius[r].chap)
 			{
 				// CHAP
-				u8 *p = makeppp(b, 0, 0, t, s, PPPCHAP);
+				u8 *p = makeppp(b, sizeof(b), 0, 0, t, s, PPPCHAP);
-
+				if (!p) {
 					return;	// Abort!
 				}
 				{
 					struct param_post_auth packet = { &tunnel[t], &session[s], session[s].user, (*buf == 2), PPPCHAP };
 					run_plugins(PLUGIN_POST_AUTH, &packet);
@ -422,7 +436,9 @@ void processrad(u8 *buf, int len, char socket_index)
 			else
 			{
 				// PAP
-				u8 *p = makeppp(b, 0, 0, t, s, PPPPAP);
+				u8 *p = makeppp(b, sizeof(b), 0, 0, t, s, PPPPAP);
 				if (!p)
 					return;		// Abort!
 				{
 					struct param_post_auth packet = { &tunnel[t], &session[s], session[s].user, (*buf == 2), PPPPAP };
@ -453,17 +469,18 @@ void processrad(u8 *buf, int len, char socket_index)
 						// Statically assigned address
 						log(3, 0, s, session[s].tunnel, "   Radius reply contains IP address %s\n", inet_toa(*(u32 *) (p + 2)));
 						session[s].ip = ntohl(*(u32 *) (p + 2));
 						session[s].ip_pool_index = -1;
 					}
 					else if (*p == 135)
 					{
 						// DNS address
-						log(3, 0, s, session[s].tunnel, "   Radius reply contains primary DNS address %s\n", inet_toa(ntohl(*(u32 *) (p + 2))));
+						log(3, 0, s, session[s].tunnel, "   Radius reply contains primary DNS address %s\n", inet_toa(*(u32 *) (p + 2)));
 						session[s].dns1 = ntohl(*(u32 *) (p + 2));
 					}
 					else if (*p == 136)
 					{
 						// DNS address
-						log(3, 0, s, session[s].tunnel, "   Radius reply contains secondary DNS address %s\n", inet_toa(ntohl(*(u32 *) (p + 2))));
+						log(3, 0, s, session[s].tunnel, "   Radius reply contains secondary DNS address %s\n", inet_toa(*(u32 *) (p + 2)));
 						session[s].dns2 = ntohl(*(u32 *) (p + 2));
 					}
 					else if (*p == 22)
@ -503,11 +520,11 @@ void processrad(u8 *buf, int len, char socket_index)
 						{
 							log(1, 0, s, session[s].tunnel, "   Too many routes\n");
 						}
-						else
+						else if (ip)
 						{
 							char *ips, *masks;
-							ips = strdup(inet_toa(ip));
+							ips = strdup(inet_toa(htonl(ip)));
-							masks = strdup(inet_toa(mask));
+							masks = strdup(inet_toa(htonl(mask)));
 							log(3, 0, s, session[s].tunnel, "   Radius reply contains route for %s/%s\n", ips, masks);
 							free(ips);
 							free(masks);
@ -564,19 +581,10 @@ void processrad(u8 *buf, int len, char socket_index)
 			else if (*buf == 3)
 			{
 				log(2, 0, s, session[s].tunnel, "   Authentication denied for %s\n", session[s].user);
 //FIXME: We should tear down the session here!
 				break;
 			}
 			// Check for Assign-IP-Address
 			if (!session[s].ip || session[s].ip == 0xFFFFFFFE)
 			{
 				assign_ip_address(s);
 				if (session[s].ip)
 					log(3, 0, s, t, "   No IP allocated by radius. Assigned %s from pool\n",
 							inet_toa(htonl(session[s].ip)));
 				else
 					log(0, 0, s, t, "   No IP allocated by radius. The IP address pool is FULL!\n");
 			}
 			if (!session[s].dns1 && config->default_dns1)
 			{
 				session[s].dns1 = htonl(config->default_dns1);
@ -588,21 +596,15 @@ void processrad(u8 *buf, int len, char socket_index)
 				log(3, 0, s, t, "   Sending dns2 = %s\n", inet_toa(config->default_dns2));
 			}
-			if (session[s].ip)
+			// Valid Session, set it up
-			{
+			session[s].sid = 0;
-				// Valid Session, set it up
+			sessionsetup(t, s);
 				session[s].sid = 0;
 				sessionsetup(t, s, routes);
 			}
 			else
 			{
 				log(0, 0, s, t, "   End of processrad(), but no valid session exists.\n");
 				sessionkill(s, "Can't create valid session");
 			}
 		}
 		else
 		{
-			log(3, 0, s, t, "   RADIUS response in state %s\n", radius_states[radius[r].state]);
+				// An ack for a stop or start record.
 			log(3, 0, s, t, "   RADIUS accounting ack recv in state %s\n", radius_states[radius[r].state]);
 			break;
 		}
 	} while (0);
--- a/rl.c
+++ b/rl.c
@ -1,121 +0,0 @@
 // L2TPNS Rate Limiting Stuff
 // $Id: rl.c,v 1.4 2004/05/24 04:28:41 fred_nerk Exp $
 #include <arpa/inet.h>
 #include <errno.h>
 #include <malloc.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/file.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <time.h>
 #include <unistd.h>
 #include "l2tpns.h"
 extern radiust *radius;
 extern sessiont *session;
 extern u32 sessionid;
 extern tbft *filter_buckets;
 extern struct configt *config;
 #define DEVICE "tun0"
 void init_rl()
 {
    char *commands[] = {
 	"tc qdisc add dev " DEVICE " root handle 1: htb",
 	"tc filter del dev " DEVICE " protocol ip pref 1 fw",
 	"iptables -t mangle -N throttle 2>&1 >/dev/null",
 	"iptables -t mangle -F throttle 2>&1 >/dev/null",
 	"iptables -t mangle -A l2tpns -j throttle 2>&1 >/dev/null",
 	NULL
    };
    int i;
    log(2, 0, 0, 0, "Initializing HTB\n");
    for (i = 0; commands[i] && *commands[i]; i++)
    {
 	log(3, 0, 0, 0, "Running \"%s\"\n", commands[i]);
 	system(commands[i]);
    }
    log(2, 0, 0, 0, "Done initializing HTB\n");
 }
 u16 rl_create_tbf()
 {
    u16 t;
    char cmd[2048];
    if (!config->rl_rate) return 0;
    t = ++config->next_tbf;
    if (config->next_tbf >= MAXSESSION) return 0;
    snprintf(filter_buckets[t].handle, 9, "1:%d0", t);
    log(2, 0, 0, 0, "Creating new htb %s\n", filter_buckets[t].handle);
    snprintf(cmd, 2048, "tc class add dev " DEVICE " parent 1: classid %s htb rate %lukbit burst 15k",
 	    filter_buckets[t].handle, config->rl_rate);
    log(3, 0, 0, 0, "%s\n", cmd);
    if (WEXITSTATUS(system(cmd)) != 0)
    {
 	memset(filter_buckets[t].handle, 0, sizeof(filter_buckets[t].handle));
 	log(0, 0, 0, 0, "tc returned an error creating a token bucket\n");
 	return 0;
    }
    snprintf(cmd, 2048, "tc filter add dev " DEVICE " protocol ip parent 1:0 prio 1 handle %d fw flowid %s",
 	    t, filter_buckets[t].handle);
    log(3, 0, 0, 0, "%s\n", cmd);
    if (WEXITSTATUS(system(cmd)) != 0)
    {
 	memset(filter_buckets[t].handle, 0, sizeof(filter_buckets[t].handle));
 	log(0, 0, 0, 0, "tc returned an error creating a filter\n");
 	return 0;
    }
    return t;
 }
 u16 rl_get_tbf()
 {
    int i;
    if (!config->rl_rate) return 0;
    for (i = 1; i < MAXSESSION; i++)
    {
 	if (!*filter_buckets[i].handle) continue;
 	if (filter_buckets[i].in_use) continue;
 	filter_buckets[i].in_use = 1;
 	log(2, 0, 0, 0, "Returning tbf %s\n", filter_buckets[i].handle);
 	return i;
    }
    i = rl_create_tbf();
    if (i) filter_buckets[i].in_use = 1;
    return i;
 }
 void rl_done_tbf(u16 t)
 {
    if (!t) return;
    log(2, 0, 0, 0, "Freeing up HTB %s\n", filter_buckets[t].handle);
    filter_buckets[t].in_use = 0;
 }
 void rl_destroy_tbf(u16 t)
 {
    char cmd[2048];
    if (!config->rl_rate) return;
    if (filter_buckets[t].in_use)
    {
 	log(0, 0, 0, 0, "Trying to destroy an in-use HTB %s\n", filter_buckets[t].handle);
 	return;
    }
    snprintf(cmd, 2048, "tc qdisc del dev " DEVICE " handle %s", filter_buckets[t].handle);
    if (WEXITSTATUS(system(cmd)) != 0)
 	log(0, 0, 0, 0, "tc returned an error deleting a token bucket\n");
    memset(filter_buckets[t].handle, 0, sizeof(filter_buckets[t].handle));
 }
--- a/tbf.c
+++ b/tbf.c
@ -0,0 +1,400 @@
 #include <malloc.h>
 #include <string.h>
 #include <unistd.h>
 #include <sys/mman.h>
 #include "l2tpns.h"
 #include "tbf.h"
 // Need a time interval.
 #define TBF_MAX_QUEUE	2	// Maximum of 2 queued packet per
 #define TBF_MAX_SIZE	3000	// Maxiumum queued packet size is 2048.
 #define TBF_MAX_CREDIT	6000	// Maximum 6000 bytes of credit.
 #define TBF_RATE	360	// 360 bytes per 1/10th of a second.
 typedef struct {
 	int		credit;
 	int		lasttime;
 	int		queued;
 	int		oldest;	// Position of packet in the ring buffer.
 	sessionidt	sid;	// associated session ID.
 	int		max_credit; // Maximum amount of credit available (burst size).
 	int		rate;	// How many bytes of credit per second we get? (sustained rate)
 	void		(*send)(sessionidt s, u8 *, int);	// Routine to actually send out the data.
 	int		prev;	// Timer chain position.
 	int		next;	// Timer chain position.
 	u32	b_queued;	// Total bytes sent through this TBF
 	u32	b_sent;		// Total bytes sucessfully made it to the network.
 	u32	p_queued;	// ditto packets.
 	u32	p_sent;		// ditto packets.
 	u32	b_dropped;	// Total bytes dropped.
 	u32	p_dropped;	// Total packets dropped.
 	u32	p_delayed;	// Total packets not sent immediately.
 	int		sizes[TBF_MAX_QUEUE];
 	char		packets[TBF_MAX_QUEUE][TBF_MAX_SIZE];
 } tbft;
 tbft * filter_list = NULL;
 int filter_list_size = 0;
 static int timer_chain = -1;	// Head of timer chain.
 static void tbf_run_queue(int tbf_id);
 void init_tbf(void)
 {
 	filter_list = mmap(NULL, sizeof(*filter_list) * MAXTBFS, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, 0, 0);
 	if (!filter_list)
 		return;
 	filter_list_size = MAXTBFS;
 	filter_list[0].sid = -1;	// Reserved.
 }
 //
 // Put a TBF on the timer list.
 // This is a doubly linked list..
 // We put ourselves on the tail of the list.
 //
 static void add_to_timer(int id)
 {
 	if (!filter_list)
 		return;
 	if (timer_chain == -1) {
 		filter_list[id].next = filter_list[id].prev = id;
 		timer_chain = id;
 		return;
 	}
 	filter_list[id].next = timer_chain;
 	filter_list[id].prev = filter_list[timer_chain].prev;
 	filter_list[filter_list[timer_chain].prev].next = id;
 	filter_list[timer_chain].prev = id;
 }
 //
 // Remove a TBF from the timer list.
 // This is a doubly linked list.
 static void del_from_timer(int id)
 {
 	if (!filter_list)
 		return;
 	if (filter_list[id].next == id) {	// Last element in chain?
 		if (timer_chain != id) { // WTF?
 			log(0,0,0,0, "Removed a singleton element from TBF, but tc didn't point to it!\n");
 		} else
 			timer_chain = -1;
 		filter_list[id].next = filter_list[id].prev = 0;
 		return;
 	}
 	filter_list[filter_list[id].next].prev = filter_list[id].prev;
 	filter_list[filter_list[id].prev].next = filter_list[id].next;
 	if (timer_chain == id)
 		timer_chain = filter_list[id].next;
 	filter_list[id].next = filter_list[id].prev = 0;	// Mark as off the timer chain.
 }
 //
 // Free a token bucket filter structure for re-use.
 //
 int free_tbf(int tid)
 {
 	if (tid < 1)	// Make sure we don't free id # 0
 		return -1;
 	if (!filter_list)	// WTF?
 		return -1;
 	if (filter_list[tid].next)
 		del_from_timer(tid);
 	filter_list[tid].sid = 0;
 	return 0;	// Done!
 }
 //
 // Allocate a new token bucket filter.
 //
 int new_tbf(int sid, int max_credit, int rate, void (*f)(sessionidt, u8 *, int))
 {
 	int i;
 	static int p = 0;
 	log(3,0,0,0, "Allocating new TBF (sess %d, rate %d, helper %p)\n", sid, rate, f);
 	if (!filter_list)
 		return 0;	// Couldn't alloc memory!
 //    again:
 	for (i = 0 ; i < filter_list_size ; ++i, p = (p+1)%filter_list_size ) {
 		if (filter_list[p].sid)
 			continue;
 		memset((void*) &filter_list[p], 0, sizeof(filter_list[p]) ); // Clear counters and data.
 		filter_list[p].sid = sid;
 		filter_list[p].credit = max_credit;
 		filter_list[p].queued = 0;
 		filter_list[p].max_credit = max_credit;
 		filter_list[p].rate = rate;
 		filter_list[p].oldest = 0;
 		filter_list[p].send = f;
 		return p;
 	}
 	log(0,0,0,0, "Ran out of token bucket filters! Sess %d will be un-throttled\n", sid);
 	return 0;
 #if 0
 	// Not using. Disasterous if called via the CLI! :)
 		// All allocated filters are used! Increase the size of the allocated
 		// filters.
 	i = filter_list_size;
 	filter_list_size = filter_list_size * 2 + 1;
 	filter_list = realloc(filter_list, filter_list_size * sizeof(*filter_list) );
 	for (; i < filter_list_size; ++i)
 		filter_list[i].sid = 0;
 	goto again;
 #endif
 }
 //
 // Sanity check all the TBF records. This is
 // typically done when we become a master..
 //
 void fsck_tbfs(void)
 {
 	int i , sid;
 	if (!filter_list)
 		return;
 	for (i = 1; i < filter_list_size; ++i) {
 		if (!filter_list[i].sid)	// Is it used??
 			continue;
 		sid = filter_list[i].sid;
 		if (i != session[sid].tbf_in &&
 			i != session[sid].tbf_out) { // Ooops.
 			free_tbf(i);		// Mark it as free...
 		}
 	}
 	for (i = 0; i < config->cluster_highest_sessionid ; ++i) {
 		if (session[i].tbf_in && filter_list[session[i].tbf_in].sid != i) {
 			filter_list[session[i].tbf_in].sid = i; // Ouch!? FIXME. What to do here?
 		}
 		if (session[i].tbf_out && filter_list[session[i].tbf_out].sid != i) {
 			filter_list[session[i].tbf_out].sid = i; // Ouch!? FIXME. What to do here?
 		}
 	}
 }
 //
 // Run a packet through a token bucket filter.
 // If we can send it right away, we do. Else we
 // try and queue it to send later. Else we drop it.
 //
 int tbf_queue_packet(int tbf_id, char * data, int size)
 {
 	int i;
 	tbft * f;
 	if (!filter_list)
 		return -1;
 	if (tbf_id > filter_list_size || tbf_id < 1) {	// Out of range ID??
 		// Very bad. Just drop it.
 		return -1;
 	}
 	f = &filter_list[tbf_id];
 	if (!f->sid)		// Is this a real structure??
 		return -1;
 	tbf_run_queue(tbf_id);	// Caculate credit and send any queued packets if possible..
 	f->b_queued += size;
 	f->p_queued ++;
 	if (!f->queued && f->credit > size) { // If the queue is empty, and we have
 				// enough credit, just send it now.
 		f->credit -= size;
 		if (f->send) {
 			f->send(f->sid, data, size);
 			f->b_sent += size;
 			f->p_sent ++;
 		} else {
 			f->b_dropped += size;
 			f->p_dropped ++;
 		}
 		return size;
 	}
 		// Not enough credit. Can we have room in the queue?
 	if (f->queued >= TBF_MAX_QUEUE) {
 		f->p_dropped ++;
 		f->b_dropped += size;
 		return -1;	// No, just drop it.
 	}
 		// Is it too big to fit into a queue slot?
 	if (size >= TBF_MAX_SIZE) {
 		f->p_dropped ++;
 		f->b_dropped += size;
 		return -1;	// Yes, just drop it.
 	}
 		// Ok. We have a slot, and it's big enough to
 		// contain the packet, so queue the packet!
 	i = ( f->oldest + f->queued ) % TBF_MAX_QUEUE;
 	memcpy(f->packets[i], data, size);
 	f->sizes[i] = size;
 	f->queued ++;
 	f->p_delayed ++;
 	if (!f->next)	// Are we off the timer chain?
 		add_to_timer(tbf_id);	// Put ourselves on the timer chain.
 	return 0;	// All done.
 }
 //
 // Send queued packets from the filter if possible.
 // (We're normally only called if this is possible.. )
 static void tbf_run_queue(int tbf_id)
 {
 	tbft * f;
 	if (!filter_list)
 		return;
 	f = &filter_list[tbf_id];
 		// Calculate available credit...
 	f->credit += (config->current_time - f->lasttime) * f->rate / 10; // current time is 1/10th of a second.
 	if (f->credit > f->max_credit)
 		f->credit = f->max_credit;
 	f->lasttime = config->current_time;
 	while (f->queued > 0 && f->credit >= f->sizes[f->oldest]) { // While we have enough credit..
 		if (f->send) {
 			f->send(f->sid, f->packets[f->oldest], f->sizes[f->oldest]);
 			f->b_sent += f->sizes[f->oldest];
 			f->p_sent ++;
 		} else {
 			f->b_dropped += f->sizes[f->oldest];
 			f->p_dropped ++;
 		}
 		f->credit -= f->sizes[f->oldest];
 		f->oldest = (f->oldest + 1 ) % TBF_MAX_QUEUE;
 		f->queued--;	// One less queued packet..
 	}
 	if (f->queued)	// Still more to do. Hang around on the timer list.
 		return;
 	if (f->next)	// Are we on the timer list??
 		del_from_timer(tbf_id);	// Nothing more to do. Get off the timer list.
 }
 //
 // Periodically walk the timer list..
 //
 int tbf_run_timer(void)
 {
 	int i = timer_chain;
 	int count = filter_list_size + 1;	// Safety check.
 	int last = -1;
 	int tbf_id; // structure being processed.
 	if (timer_chain < 0)
 		return 0;	// Nothing to do...
 	if (!filter_list)	// No structures built yet.
 		return 0;
 	last = filter_list[i].prev; // last element to process.
 	do {
 		tbf_id = i;
 		i = filter_list[i].next;	// Get the next in the queue.
 		tbf_run_queue(tbf_id);	// Run the timer queue..
 	} while ( timer_chain > 0 && i && tbf_id != last && --count > 0);
 #if 0	// Debugging.
 	for (i = 0; i < filter_list_size; ++i) {
 		if (!filter_list[i].next)
 			continue;
 		if (filter_list[i].lasttime == config->current_time)	// Did we just run it?
 			continue;
 		log(1,0,0,0, "Missed tbf %d! Not on the timer chain?(n %d, p %d, tc %d)\n", i,
 			filter_list[i].next, filter_list[i].prev, timer_chain);
 		tbf_run_queue(i);
 	}
 #endif
 	return 1;
 }
 int cmd_show_tbf(struct cli_def *cli, char *command, char **argv, int argc)
 {
 	int i;
 	int count = 0;
 	if (!config->cluster_iam_master) {
 		cli_print(cli, "Command can't be run on a slave.");
 		return CLI_OK;
 	}
 	if (!filter_list)
 		return CLI_OK;
 	cli_print(cli,"%6s %5s %5s %6s %6s | %7s %7s %8s %8s %8s %8s", "TBF#", "Sid", "Rate", "Credit", "Queued",
 		"ByteIn","PackIn","ByteSent","PackSent", "PackDrop", "PackDelay");
 	for (i = 1; i < filter_list_size; ++i) {
 		if (!filter_list[i].sid) // Is it used?
 			continue;	// No.
 		cli_print(cli, "%5d%1s %5d %5d %6d %6d | %7d %7d %8d %8d %8d %8d",
 			i, (filter_list[i].next ? "*" : " "),
 			filter_list[i].sid,
 			filter_list[i].rate * 8,
 			filter_list[i].credit,
 			filter_list[i].queued,
 			filter_list[i].b_queued,
 			filter_list[i].p_queued,
 			filter_list[i].b_sent,
 			filter_list[i].p_sent,
 			filter_list[i].p_dropped,
 			filter_list[i].p_delayed);
 		++count;
 	}
 	cli_print(cli, "%d tbf entries used, %d total", count, filter_list_size);
 	return CLI_OK;
 }
--- a/tbf.h
+++ b/tbf.h
@ -0,0 +1,13 @@
 #ifndef __TBF_H__
 #define __TBF_H__
 void init_tbf(void);
 int tbf_run_timer(void);
 int tbf_queue_packet(int tbf_id, char * data, int size);
 int new_tbf(int sid, int max_credit, int rate, void (*f)(sessionidt, u8 *, int));
 int free_tbf(int tid);
 void fsck_tbfs(void);
 int cmd_show_tbf(struct cli_def *cli, char *command, char **argv, int argc);
 #endif /* __TBF_H__ */
--- a/throttle.c
+++ b/throttle.c
@ -1,77 +0,0 @@
 // L2TPNS Throttle Stuff
 // $Id: throttle.c,v 1.3 2004/05/24 04:29:21 fred_nerk Exp $
 #include <stdio.h>
 #include <sys/file.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
 #include <sys/types.h>
 #include <malloc.h>
 #include <string.h>
 #include <stdlib.h>
 #include <time.h>
 #include <arpa/inet.h>
 #include <errno.h>
 #include <unistd.h>
 #include "l2tpns.h"
 #include "util.h"
 extern radiust *radius;
 extern sessiont *session;
 extern u32 sessionid;
 extern tbft *filter_buckets;
 extern struct configt *config;
 // Throttle or Unthrottle a session
 int throttle_session(sessionidt s, int throttle)
 {
 	if (!config->rl_rate) return 0;
 	if (!*session[s].user)
 		return 0; // User not logged in
 	if (throttle)
 	{
 		// Throttle them
 		char cmd[2048] = {0};
 		if (!session[s].tbf) session[s].tbf = rl_get_tbf();
 		if (!session[s].tbf)
 		{
 			log(1, 0, s, session[s].tunnel, "Error creating a filtering bucket for user %s\n", session[s].user);
 			return 0;
 		}
 		log(2, 0, s, session[s].tunnel, "Throttling session %d for user %s (bucket %s)\n", s, session[s].user, filter_buckets[session[s].tbf].handle);
 		snprintf(cmd, 2048, "iptables -t mangle -A throttle -d %s -j MARK --set-mark %d",
 				inet_toa(ntohl(session[s].ip)),
 				session[s].tbf);
 		log(4, 0, s, session[s].tunnel, "Running %s\n", cmd);
 		if (WEXITSTATUS(system(cmd)) != 0)
 		{
 			log(2, 0, s, session[s].tunnel, "iptables returned an error. Session is not throttled\n");
 			return 0;
 		}
 	}
 	else
 	{
 		char cmd[2048] = {0};
 		log(2, 0, s, session[s].tunnel, "Unthrottling session %d for user %s\n", s, session[s].user);
 		if (session[s].tbf)
 		{
 			int count = 10;
 			snprintf(cmd, 2048, "iptables -t mangle -D throttle -d %s -j MARK --set-mark %d", inet_toa(ntohl(session[s].ip)), session[s].tbf);
 			log(4, 0, s, session[s].tunnel, "Running %s\n", cmd);
 			while (--count)
 			{
 				int status = system(cmd);
 				if (WEXITSTATUS(status) != 0) break;
 			}
 			system(cmd);
 			rl_done_tbf(session[s].tbf);
 			session[s].tbf = 0;
 		}
 	}
 	session[s].throttle = throttle;
 	return session[s].throttle;
 }
--- a/util.h
+++ b/util.h
@ -1 +1,6 @@
 #ifndef __UTIL_H__
 #define __UTIL_H__
 char *inet_toa(unsigned long addr);
 #endif /* __UTIL_H__ */