From a60d08c8ca66de1844a430cc487a725e4c0e0d54 Mon Sep 17 00:00:00 2001 From: Kozlov Dmitry Date: Thu, 19 Jul 2012 19:09:24 +0400 Subject: ipoe: implemented L4-Redirect radius attribute ipoe: implemented client address, router address and mask to be passed via radius --- accel-pppd/ctrl/ipoe/backup.c | 47 ++++++++++++- accel-pppd/ctrl/ipoe/dhcpv4.c | 16 +++++ accel-pppd/ctrl/ipoe/dhcpv4.h | 1 + accel-pppd/ctrl/ipoe/ipoe.c | 153 +++++++++++++++++++++++++++++++++++++++-- accel-pppd/ctrl/ipoe/ipoe.h | 1 + accel-pppd/libnetlink/iplink.c | 72 +++++++++++++++++++ accel-pppd/libnetlink/iplink.h | 3 + 7 files changed, 288 insertions(+), 5 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/ctrl/ipoe/backup.c b/accel-pppd/ctrl/ipoe/backup.c index 8347a4e5..0bc64484 100644 --- a/accel-pppd/ctrl/ipoe/backup.c +++ b/accel-pppd/ctrl/ipoe/backup.c @@ -14,7 +14,7 @@ #include "ap_session_backup.h" #define IPOE_TAG_HWADDR 1 -#define IPOE_TAG_CLIENT_ID 2 +#define IPOE_TAG_CLIENT_ID 2 #define IPOE_TAG_AGENT_CIRCUIT_ID 3 #define IPOE_TAG_AGENT_REMOTE_ID 4 #define IPOE_TAG_XID 5 @@ -22,9 +22,16 @@ #define IPOE_TAG_CALLING_SID 7 #define IPOE_TAG_CALLED_SID 8 #define IPOE_TAG_IFNAME 9 +#define IPOE_TAG_FLAGS 10 +#define IPOE_TAG_YIADDR 11 +#define IPOE_TAG_SIADDR 12 +#define IPOE_TAG_MASK 13 #define IPOE_TAG_IFINDEX 100 +#define IPOE_FLAG_IFCFG 0x01 +#define IPOE_FLAG_DHCP_ADDR 0x02 +#define IPOE_FLAG_L4_REDIR 0x04 #define add_tag(id, data, size) if (!backup_add_tag(m, id, 0, data, size)) return -1; #define add_tag_i(id, data, size) if (!backup_add_tag(m, id, 1, data, size)) return -1; @@ -37,12 +44,26 @@ static void restore_complete(void); static int session_save(struct ap_session *ses, struct backup_mod *m) { struct ipoe_session *conn = container_of(ses, typeof(*conn), ses); + int flags = 0; + + if (conn->ifcfg) + flags |= IPOE_FLAG_IFCFG; + + if (conn->dhcp_addr) + flags |= IPOE_FLAG_DHCP_ADDR; + + if (conn->l4_redirect) + flags |= IPOE_FLAG_L4_REDIR; add_tag(IPOE_TAG_HWADDR, conn->hwaddr, 6); add_tag(IPOE_TAG_CALLING_SID, ses->ctrl->calling_station_id, strlen(ses->ctrl->calling_station_id)); add_tag(IPOE_TAG_CALLED_SID, ses->ctrl->called_station_id, strlen(ses->ctrl->called_station_id)); add_tag(IPOE_TAG_XID, &conn->xid, 4); add_tag(IPOE_TAG_GIADDR, &conn->giaddr, 4); + add_tag(IPOE_TAG_YIADDR, &conn->yiaddr, 4); + add_tag(IPOE_TAG_SIADDR, &conn->siaddr, 4); + add_tag(IPOE_TAG_MASK, &conn->mask, 1); + add_tag(IPOE_TAG_FLAGS, &flags, 4); if (conn->client_id) add_tag(IPOE_TAG_CLIENT_ID, conn->client_id->data, conn->client_id->len); @@ -83,6 +104,7 @@ static struct ap_session *ctrl_restore(struct backup_mod *m) int dlen = 0; uint8_t *ptr; struct ipoe_session_info *info; + int flags = 0; //if (!m->data->internal) // return NULL; @@ -149,9 +171,32 @@ static struct ap_session *ctrl_restore(struct backup_mod *m) case IPOE_TAG_IFINDEX: ses->ifindex = *(uint32_t *)t->data; break; + case IPOE_TAG_YIADDR: + ses->yiaddr = *(uint32_t *)t->data; + break; + case IPOE_TAG_SIADDR: + ses->siaddr = *(uint32_t *)t->data; + break; + case IPOE_TAG_MASK: + ses->mask = *(uint8_t *)t->data; + break; + case IPOE_TAG_FLAGS: + flags = *(uint32_t *)t->data; + break; } } + if (flags & IPOE_FLAG_IFCFG) + ses->ifcfg = 1; + + if (flags & IPOE_FLAG_DHCP_ADDR) { + dhcpv4_reserve_ip(ses->serv->dhcpv4, ses->yiaddr); + ses->dhcp_addr = 1; + } + + if (flags & IPOE_FLAG_L4_REDIR) + ses->l4_redirect = 1; + ses->serv = serv; triton_context_register(&ses->ctx, &ses->ses); diff --git a/accel-pppd/ctrl/ipoe/dhcpv4.c b/accel-pppd/ctrl/ipoe/dhcpv4.c index f1a8876f..08da43ac 100644 --- a/accel-pppd/ctrl/ipoe/dhcpv4.c +++ b/accel-pppd/ctrl/ipoe/dhcpv4.c @@ -721,6 +721,22 @@ int dhcpv4_get_ip(struct dhcpv4_serv *serv, uint32_t *yiaddr, uint32_t *siaddr, void dhcpv4_put_ip(struct dhcpv4_serv *serv, uint32_t ip) { int n = ntohl(ip) - serv->range->startip; + + if (n <= 0 || n / (8 * sizeof(long)) >= serv->range->len) + return; + + pthread_mutex_lock(&serv->range->lock); + serv->range->free[n / (8 * sizeof(long))] |= 1 << (n % (8 * sizeof(long))); + pthread_mutex_unlock(&serv->range->lock); +} + +void dhcpv4_reserve_ip(struct dhcpv4_serv *serv, uint32_t ip) +{ + int n = ntohl(ip) - serv->range->startip; + + if (n <= 0 || n / (8 * sizeof(long)) >= serv->range->len) + return; + pthread_mutex_lock(&serv->range->lock); serv->range->free[n / (8 * sizeof(long))] |= 1 << (n % (8 * sizeof(long))); pthread_mutex_unlock(&serv->range->lock); diff --git a/accel-pppd/ctrl/ipoe/dhcpv4.h b/accel-pppd/ctrl/ipoe/dhcpv4.h index cf3aac72..3ebb74cc 100644 --- a/accel-pppd/ctrl/ipoe/dhcpv4.h +++ b/accel-pppd/ctrl/ipoe/dhcpv4.h @@ -102,5 +102,6 @@ void dhcpv4_print_packet(struct dhcpv4_packet *pack, void (*print)(const char *f int dhcpv4_get_ip(struct dhcpv4_serv *serv, uint32_t *yiaddr, uint32_t *siaddr, int *mask); void dhcpv4_put_ip(struct dhcpv4_serv *serv, uint32_t ip); +void dhcpv4_reserve_ip(struct dhcpv4_serv *serv, uint32_t ip); #endif diff --git a/accel-pppd/ctrl/ipoe/ipoe.c b/accel-pppd/ctrl/ipoe/ipoe.c index 69ffe36c..711dca39 100644 --- a/accel-pppd/ctrl/ipoe/ipoe.c +++ b/accel-pppd/ctrl/ipoe/ipoe.c @@ -30,6 +30,9 @@ #include "iplink.h" #include "connlimit.h" +#ifdef RADIUS +#include "radius.h" +#endif #include "ipoe.h" @@ -49,6 +52,13 @@ static int conf_ifcfg = 1; //static int conf_dhcpv6; static int conf_username; static int conf_unit_cache; +#ifdef RADIUS +static int conf_attr_dhcp_client_ip; +static int conf_attr_dhcp_router_ip; +static int conf_attr_dhcp_mask; +static int conf_attr_l4_redirect; +#endif +static int conf_l4_redirect_table; #ifdef USE_LUA static const char *conf_lua_username_func; @@ -182,6 +192,29 @@ static void ipoe_session_set_username(struct ipoe_session *ses) ses->ses.username = _strdup(ses->ses.ifname); } +static void ipoe_change_l4_redirect(struct ipoe_session *ses, int del) +{ + in_addr_t addr; + + if (conf_l4_redirect_table <= 0) + return; + + if (ses->ses.ipv4) + addr = ses->ses.ipv4->addr; + else + addr = ses->yiaddr; + + if (del) + iprule_del(addr, conf_l4_redirect_table); + else + iprule_add(addr, conf_l4_redirect_table); +} + +static void ipoe_change_addr(struct ipoe_session *ses, in_addr_t newaddr) +{ + +} + static void ipoe_session_start(struct ipoe_session *ses) { int r; @@ -256,9 +289,11 @@ static void ipoe_session_start(struct ipoe_session *ses) return; } - dhcpv4_get_ip(ses->serv->dhcpv4, &ses->yiaddr, &ses->siaddr, &ses->mask); - if (ses->yiaddr) - ses->dhcp_addr = 1; + if (!ses->yiaddr) { + dhcpv4_get_ip(ses->serv->dhcpv4, &ses->yiaddr, &ses->siaddr, &ses->mask); + if (ses->yiaddr) + ses->dhcp_addr = 1; + } ses->ses.ipv4 = ipdb_get_ipv4(&ses->ses); /*if (!ses->ses.ipv4) { @@ -390,6 +425,9 @@ static void ipoe_session_activate(struct ipoe_session *ses) if (ses->serv->opt_ifcfg) ipoe_ifcfg_add(ses); + + if (ses->l4_redirect) + ipoe_change_l4_redirect(ses, 0); ap_session_activate(&ses->ses); @@ -494,6 +532,11 @@ static void ipoe_session_finished(struct ap_session *s) static void ipoe_session_terminate(struct ap_session *s, int hard) { + struct ipoe_session *ses = container_of(s, typeof(*ses), ses); + + if (ses->l4_redirect) + ipoe_change_l4_redirect(ses, 1); + ap_session_finished(s); } @@ -814,6 +857,62 @@ void ipoe_recv_up(int ifindex, struct ethhdr *eth, struct iphdr *iph) } } +#ifdef RADIUS +static void ev_radius_access_accept(struct ev_radius_t *ev) +{ + struct ipoe_session *ses = container_of(ev->ses, typeof(*ses), ses); + struct rad_attr_t *attr; + + if (ev->ses->ctrl->type != CTRL_TYPE_IPOE) + return; + + list_for_each_entry(attr, &ev->reply->attrs, entry) { + if (attr->attr->id == conf_attr_dhcp_client_ip) + ses->yiaddr = attr->val.ipaddr; + else if (attr->attr->id == conf_attr_dhcp_router_ip) + ses->siaddr = attr->val.ipaddr; + else if (attr->attr->id == conf_attr_dhcp_mask) { + if (attr->val.integer > 0 && attr->val.integer < 31) + ses->mask = attr->val.integer; + } else if (attr->attr->id == conf_attr_l4_redirect) { + if (attr->attr->type == ATTR_TYPE_STRING) { + if (attr->len && attr->val.string[0] != '0') + ses->l4_redirect = 1; + } else if (attr->val.integer != 0) + ses->l4_redirect = 1; + } + } +} + +static void ev_radius_coa(struct ev_radius_t *ev) +{ + struct ipoe_session *ses = container_of(ev->ses, typeof(*ses), ses); + struct rad_attr_t *attr; + int l4_redirect; + + if (ev->ses->ctrl->type != CTRL_TYPE_IPOE) + return; + + l4_redirect = ses->l4_redirect; + + list_for_each_entry(attr, &ev->request->attrs, entry) { + if (attr->attr->id == conf_attr_l4_redirect) { + if (attr->attr->type == ATTR_TYPE_STRING) + ses->l4_redirect = attr->len && attr->val.string[0] != '0'; + else + ses->l4_redirect = ((unsigned int)attr->val.integer) > 0; + } else if (strcmp(attr->attr->name, "Framed-IP-Address") == 0) { + if (ses->ses.ipv4 && ses->ses.ipv4->peer_addr != attr->val.ipaddr) + ipoe_change_addr(ses, attr->val.ipaddr); + } + } + + //if (l4_redirect && !ses->l4_redirect) || (!l4_redirect && ses->l4_redirect)) + if (l4_redirect != ses->l4_redirect) + ipoe_change_l4_redirect(ses, l4_redirect); +} +#endif + static void ipoe_serv_close(struct triton_context_t *ctx) { struct ipoe_serv *serv = container_of(ctx, typeof(*serv), ctx); @@ -1155,6 +1254,35 @@ static void load_local_nets(struct conf_sect_t *sect) } } +#ifdef RADIUS +static void parse_conf_rad_attr(const char *opt, int *val) +{ + struct rad_dict_attr_t *attr; + + opt = conf_get_opt("ipoe", opt); + + if (opt) { + if (atoi(opt) > 0) + *val = atoi(opt); + else { + attr = rad_dict_find_attr(opt); + if (attr) + *val = attr->id; + else + log_emerg("ipoe: couldn't find '%s' in dictionary\n", opt); + } + } else + *val = -1; +} +static void load_radius_attrs(void) +{ + parse_conf_rad_attr("attr-dhcp-client-ip", &conf_attr_dhcp_client_ip); + parse_conf_rad_attr("attr-dhcp-router-ip", &conf_attr_dhcp_router_ip); + parse_conf_rad_attr("attr-dhcp-mask", &conf_attr_dhcp_mask); + parse_conf_rad_attr("attr-l4-redirect", &conf_attr_l4_redirect); +} +#endif + static void load_config(void) { const char *opt; @@ -1210,6 +1338,12 @@ static void load_config(void) if (opt) conf_unit_cache = atoi(opt); + opt = conf_get_opt("ipoe", "l4-redirect-table"); + if (opt) + conf_l4_redirect_table = atoi(opt); + else + conf_l4_redirect_table = 0; + opt = conf_get_opt("ipoe", "shared"); if (opt) conf_shared = atoi(opt); @@ -1248,6 +1382,11 @@ static void load_config(void) if (!conf_dhcpv4 && !conf_up) conf_dhcpv4 = 1; +#ifdef RADIUS + if (triton_module_loaded("radius")) + load_radius_attrs(); +#endif + load_interfaces(s); load_local_nets(s); } @@ -1262,6 +1401,12 @@ static void ipoe_init(void) cli_register_simple_cmd2(show_stat_exec, NULL, 2, "show", "stat"); triton_event_register_handler(EV_CONFIG_RELOAD, (triton_event_func)load_config); + +#ifdef RADIUS + if (triton_module_loaded("radius")) + triton_event_register_handler(EV_RADIUS_ACCESS_ACCEPT, (triton_event_func)ev_radius_access_accept); + triton_event_register_handler(EV_RADIUS_COA, (triton_event_func)ev_radius_coa); +#endif } -DEFINE_INIT(20, ipoe_init); +DEFINE_INIT(52, ipoe_init); diff --git a/accel-pppd/ctrl/ipoe/ipoe.h b/accel-pppd/ctrl/ipoe/ipoe.h index edf97540..b955b952 100644 --- a/accel-pppd/ctrl/ipoe/ipoe.h +++ b/accel-pppd/ctrl/ipoe/ipoe.h @@ -55,6 +55,7 @@ struct ipoe_session int ifindex; int ifcfg:1; int dhcp_addr:1; + int l4_redirect:1; }; struct ipoe_session_info diff --git a/accel-pppd/libnetlink/iplink.c b/accel-pppd/libnetlink/iplink.c index 779a8aeb..4b85afe2 100644 --- a/accel-pppd/libnetlink/iplink.c +++ b/accel-pppd/libnetlink/iplink.c @@ -14,6 +14,7 @@ //#include //#include //#include +#include #include "triton.h" #include "log.h" @@ -294,6 +295,77 @@ int __export iproute_del(int ifindex, in_addr_t dst) return 0; } +int __export iprule_add(uint32_t addr, int table) +{ + struct ipaddr_req { + struct nlmsghdr n; + struct rtmsg i; + char buf[1024]; + } req; + + if (!rth) + open_rth(); + + if (!rth) + return -1; + + memset(&req, 0, sizeof(req) - 1024); + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); + req.n.nlmsg_flags = NLM_F_REQUEST; + req.n.nlmsg_type = RTM_NEWRULE; + req.i.rtm_family = AF_INET; + req.i.rtm_table = table < 256 ? table : RT_TABLE_UNSPEC; + req.i.rtm_scope = RT_SCOPE_UNIVERSE; + req.i.rtm_protocol = RTPROT_BOOT; + req.i.rtm_type = RTN_UNICAST; + req.i.rtm_src_len = 32; + + addattr32(&req.n, sizeof(req), FRA_SRC, addr); + if (table >= 256) + addattr32(&req.n, sizeof(req), FRA_TABLE, table); + + if (rtnl_talk(rth, &req.n, 0, 0, NULL, NULL, NULL, 0) < 0) + return -1; + + return 0; +} + +int __export iprule_del(uint32_t addr, int table) +{ + struct ipaddr_req { + struct nlmsghdr n; + struct rtmsg i; + char buf[1024]; + } req; + + if (!rth) + open_rth(); + + if (!rth) + return -1; + + memset(&req, 0, sizeof(req) - 1024); + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); + req.n.nlmsg_flags = NLM_F_REQUEST; + req.n.nlmsg_type = RTM_DELRULE; + req.i.rtm_family = AF_INET; + req.i.rtm_table = table < 256 ? table : RT_TABLE_UNSPEC; + req.i.rtm_scope = RT_SCOPE_UNIVERSE; + req.i.rtm_protocol = RTPROT_BOOT; + req.i.rtm_type = RTN_UNICAST; + req.i.rtm_src_len = 32; + + addattr32(&req.n, sizeof(req), FRA_SRC, addr); + if (table >= 256) + addattr32(&req.n, sizeof(req), FRA_TABLE, table); + + if (rtnl_talk(rth, &req.n, 0, 0, NULL, NULL, NULL, 0) < 0) + return -1; + + return 0; +} static void init(void) diff --git a/accel-pppd/libnetlink/iplink.h b/accel-pppd/libnetlink/iplink.h index a6af6627..f9124343 100644 --- a/accel-pppd/libnetlink/iplink.h +++ b/accel-pppd/libnetlink/iplink.h @@ -13,4 +13,7 @@ int ipaddr_del(int ifindex, in_addr_t addr); int iproute_add(int ifindex, in_addr_t src, in_addr_t dst); int iproute_del(int ifindex, in_addr_t dst); + +int iprule_add(uint32_t addr, int table); +int iprule_del(uint32_t addr, int table); #endif -- cgit v1.2.3