2 * detail.c Process the detail file
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2007 The FreeRADIUS server project
21 * Copyright 2007 Alan DeKok <aland@deployingradius.com>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/radiusd.h>
28 #include <freeradius-devel/modules.h>
29 #include <freeradius-devel/detail.h>
30 #include <freeradius-devel/rad_assert.h>
32 #ifdef HAVE_SYS_STAT_H
38 #define USEC (1000000)
40 typedef struct listen_detail_t {
41 int delay_time; /* should be first entry */
48 fr_ipaddr_t client_ip;
49 int load_factor; /* 1..100 */
55 struct timeval last_packet;
56 RADCLIENT detail_client;
60 #define STATE_UNOPENED (0)
61 #define STATE_UNLOCKED (1)
62 #define STATE_HEADER (2)
63 #define STATE_READING (3)
64 #define STATE_QUEUED (4)
65 #define STATE_RUNNING (5)
66 #define STATE_NO_REPLY (6)
67 #define STATE_REPLIED (7)
70 * If we're limiting outstanding packets, then mark the response
73 int detail_send(rad_listen_t *listener, REQUEST *request)
77 listen_detail_t *data = listener->data;
79 rad_assert(request->listener == listener);
80 rad_assert(listener->send == detail_send);
83 * This request timed out. Remember that, and tell the
84 * caller it's OK to read more "detail" file stuff.
86 if (request->reply->code == 0) {
89 data->state = STATE_NO_REPLY;
90 radius_signal_self(RADIUS_SIGNAL_SELF_DETAIL);
95 * We call gettimeofday a lot. But here it should be OK,
96 * because there's nothing else to do.
98 gettimeofday(&now, NULL);
101 * If we haven't sent a packet in the last second, reset
105 if (timercmp(&data->last_packet, &now, <)) {
106 data->has_rtt = FALSE;
111 * Only one detail packet may be outstanding at a time,
112 * so it's safe to update some entries in the detail
115 * We keep smoothed round trip time (SRTT), but not round
116 * trip timeout (RTO). We use SRTT to calculate a rough
119 rtt = now.tv_sec - request->received.tv_sec;
122 rtt -= request->received.tv_usec;
125 * If we're proxying, the RTT is our processing time,
126 * plus the network delay there and back, plus the time
127 * on the other end to process the packet. Ideally, we
128 * should remove the network delays from the RTT, but we
129 * don't know what they are.
131 * So, to be safe, we over-estimate the total cost of
132 * processing the packet.
134 if (!data->has_rtt) {
135 data->has_rtt = TRUE;
137 data->rttvar = rtt / 2;
140 data->rttvar -= data->rttvar >> 2;
141 data->rttvar += (data->srtt - rtt);
142 data->srtt -= data->srtt >> 3;
143 data->srtt += rtt >> 3;
147 * Calculate the time we wait before sending the next
150 * rtt / (rtt + delay) = load_factor / 100
152 data->delay_time = (data->srtt * (100 - data->load_factor)) / (data->load_factor);
153 if (data->delay_time == 0) data->delay_time = USEC / 10;
156 * Cap delay at 4 packets/s. If the end system can't
157 * handle this, then it's very broken.
159 if (data->delay_time > (USEC / 4)) data->delay_time= USEC / 4;
162 DEBUG2("RTT %d\tdelay %d", data->srtt, data->delay_time);
165 data->last_packet = now;
167 data->state = STATE_REPLIED;
168 radius_signal_self(RADIUS_SIGNAL_SELF_DETAIL);
173 int detail_delay(rad_listen_t *listener)
175 listen_detail_t *data = listener->data;
177 if (!data->signal) return 0;
181 return data->delay_time;
186 * Open the detail file, if we can.
188 * FIXME: create it, if it's not already there, so that the main
189 * server select() will wake us up if there's anything to read.
191 static int detail_open(rad_listen_t *this)
194 listen_detail_t *data = this->data;
196 rad_assert(data->state == STATE_UNOPENED);
197 data->delay_time = USEC;
200 * Open detail.work first, so we don't lose
201 * accounting packets. It's probably better to
202 * duplicate them than to lose them.
204 * Note that we're not writing to the file, but
205 * we've got to open it for writing in order to
206 * establish the lock, to prevent rlm_detail from
209 this->fd = open(data->filename_work, O_RDWR);
211 DEBUG2("Polling for detail file %s", data->filename);
214 * Try reading the detail file. If it
215 * doesn't exist, we can't do anything.
217 * Doing the stat will tell us if the file
218 * exists, even if we don't have permissions
221 if (stat(data->filename, &st) < 0) {
226 * Open it BEFORE we rename it, just to
229 this->fd = open(data->filename, O_RDWR);
231 radlog(L_ERR, "Failed to open %s: %s",
232 data->filename, strerror(errno));
237 * Rename detail to detail.work
239 if (rename(data->filename, data->filename_work) < 0) {
244 } /* else detail.work existed, and we opened it */
246 rad_assert(data->vps == NULL);
247 rad_assert(data->fp == NULL);
249 data->state = STATE_UNLOCKED;
251 data->client_ip.af = AF_UNSPEC;
259 * FIXME: add a configuration "exit when done" so that the detail
260 * file reader can be used as a one-off tool to update stuff.
262 * The time sequence for reading from the detail file is:
264 * t_0 signalled that the server is idle, and we
265 * can read from the detail file.
267 * t_rtt the packet has been processed successfully,
268 * wait for t_delay to enforce load factor.
270 * t_rtt + t_delay wait for signal that the server is idle.
273 int detail_recv(rad_listen_t *listener,
274 RAD_REQUEST_FUNP *pfun, REQUEST **prequest)
276 char key[256], value[1024];
277 VALUE_PAIR *vp, **tail;
278 RADIUS_PACKET *packet;
280 listen_detail_t *data = listener->data;
282 switch (data->state) {
285 rad_assert(listener->fd < 0);
287 if (!detail_open(listener)) return 0;
289 rad_assert(data->state == STATE_UNLOCKED);
290 rad_assert(listener->fd >= 0);
295 * Try to lock fd. If we can't, return.
296 * If we can, continue. This means that
297 * the server doesn't block while waiting
298 * for the lock to open...
302 * Note that we do NOT block waiting for
303 * the lock. We've re-named the file
304 * above, so we've already guaranteed
305 * that any *new* detail writer will not
306 * be opening this file. The only
307 * purpose of the lock is to catch a race
308 * condition where the execution
309 * "ping-pongs" between radiusd &
312 if (rad_lockfd_nonblock(listener->fd, 0) < 0) {
314 * Close the FD. The main loop
315 * will wake up in a second and
320 data->state = STATE_UNOPENED;
324 data->fp = fdopen(listener->fd, "r");
326 radlog(L_ERR, "FATAL: Failed to re-open detail file %s: %s",
327 data->filename, strerror(errno));
332 * Look for the header
334 data->state = STATE_HEADER;
342 data->state = STATE_UNOPENED;
349 fstat(listener->fd, &buf);
350 if (((off_t) ftell(data->fp)) == buf.st_size) {
356 * End of file. Delete it, and re-set
359 if (feof(data->fp)) {
361 unlink(data->filename_work);
362 if (data->fp) fclose(data->fp);
365 data->state = STATE_UNOPENED;
366 rad_assert(data->vps == NULL);
371 * Else go read something.
376 * Read more value-pair's, unless we're
377 * at EOF. In that case, queue whatever
381 if (!feof(data->fp)) break;
382 data->state = STATE_QUEUED;
390 * We still have an outstanding packet.
391 * Don't read any more.
397 * If there's no reply, keep
398 * retransmitting the current packet
402 data->state = STATE_QUEUED;
406 * We have a reply. Clean up the old
407 * request, and go read another one.
410 pairfree(&data->vps);
411 data->state = STATE_HEADER;
416 while (*tail) tail = &(*tail)->next;
419 * Read a header, OR a value-pair.
421 while (fgets(buffer, sizeof(buffer), data->fp)) {
423 * Badly formatted file: delete it.
425 * FIXME: Maybe flag an error?
427 if (!strchr(buffer, '\n')) {
428 pairfree(&data->vps);
433 * We're reading VP's, and got a blank line.
436 if ((data->state == STATE_READING) &&
437 (buffer[0] == '\n')) {
438 data->state = STATE_QUEUED;
443 * Look for date/time header, and read VP's if
444 * found. If not, keep reading lines until we
447 if (data->state == STATE_HEADER) {
450 if (sscanf(buffer, "%*s %*s %*d %*d:%*d:%*d %d", &y)) {
451 data->state = STATE_READING;
457 * We have a full "attribute = value" line.
458 * If it doesn't look reasonable, skip it.
460 * FIXME: print an error for badly formatted attributes?
462 if (sscanf(buffer, "%255s = %1023s", key, value) != 2) {
467 * Skip non-protocol attributes.
469 if (!strcasecmp(key, "Request-Authenticator")) continue;
472 * Set the original client IP address, based on
473 * what's in the detail file.
475 * Hmm... we don't set the server IP address.
478 if (!strcasecmp(key, "Client-IP-Address")) {
479 data->client_ip.af = AF_INET;
480 ip_hton(value, AF_INET, &data->client_ip);
485 * The original time at which we received the
486 * packet. We need this to properly calculate
489 if (!strcasecmp(key, "Timestamp")) {
490 data->timestamp = atoi(value);
497 * FIXME: do we want to check for non-protocol
498 * attributes like radsqlrelay does?
501 if ((userparse(buffer, &vp) > 0) &&
509 * Some kind of error.
511 * FIXME: Leave the file in-place, and warn the
514 if (ferror(data->fp)) goto cleanup;
517 * Process the packet.
520 rad_assert(data->state == STATE_QUEUED);
523 * We're done reading the file, but we didn't read
524 * anything. Clean up, and don't return anything.
527 data->state = STATE_HEADER;
532 * Allocate the packet. If we fail, it's a serious
535 packet = rad_alloc(1);
537 radlog(L_ERR, "FATAL: Failed allocating memory for detail");
541 memset(packet, 0, sizeof(*packet));
543 packet->src_ipaddr.af = AF_INET;
544 packet->src_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_NONE);
545 packet->code = PW_ACCOUNTING_REQUEST;
546 packet->timestamp = time(NULL);
549 * Remember where it came from, so that we don't
550 * proxy it to the place it came from...
552 if (data->client_ip.af != AF_UNSPEC) {
553 packet->src_ipaddr = data->client_ip;
556 vp = pairfind(packet->vps, PW_PACKET_SRC_IP_ADDRESS);
558 packet->src_ipaddr.af = AF_INET;
559 packet->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
561 vp = pairfind(packet->vps, PW_PACKET_SRC_IPV6_ADDRESS);
563 packet->src_ipaddr.af = AF_INET6;
564 memcpy(&packet->src_ipaddr.ipaddr.ip6addr,
565 &vp->vp_ipv6addr, sizeof(vp->vp_ipv6addr));
569 vp = pairfind(packet->vps, PW_PACKET_DST_IP_ADDRESS);
571 packet->dst_ipaddr.af = AF_INET;
572 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
574 vp = pairfind(packet->vps, PW_PACKET_DST_IPV6_ADDRESS);
576 packet->dst_ipaddr.af = AF_INET6;
577 memcpy(&packet->dst_ipaddr.ipaddr.ip6addr,
578 &vp->vp_ipv6addr, sizeof(vp->vp_ipv6addr));
583 * We've got to give SOME value for Id & ports, so that
584 * the packets can be added to the request queue.
585 * However, we don't want to keep track of used/unused
586 * id's and ports, as that's a lot of work. This hack
587 * ensures that (if we have real random numbers), that
588 * there will be a collision on every 2^(16+15+15+24 - 1)
589 * packets, on average. That means we can read 2^37
590 * packets before having a collision, which means it's
591 * effectively impossible.
593 packet->id = fr_rand() & 0xffff;
594 packet->src_port = 1024 + (fr_rand() & 0x7fff);
595 packet->dst_port = 1024 + (fr_rand() & 0x7fff);
597 packet->dst_ipaddr.af = AF_INET;
598 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = htonl((INADDR_LOOPBACK & ~0xffffff) | (fr_rand() & 0xffffff));
601 * If everything's OK, this is a waste of memory.
602 * Otherwise, it lets us re-send the original packet
603 * contents, unmolested.
605 packet->vps = paircopy(data->vps);
608 * Look for Acct-Delay-Time, and update
609 * based on Acct-Delay-Time += (time(NULL) - timestamp)
611 vp = pairfind(packet->vps, PW_ACCT_DELAY_TIME);
613 vp = paircreate(PW_ACCT_DELAY_TIME, PW_TYPE_INTEGER);
614 rad_assert(vp != NULL);
615 pairadd(&packet->vps, vp);
617 if (data->timestamp != 0) {
618 vp->vp_integer += time(NULL) - data->timestamp;
621 *pfun = rad_accounting;
624 fr_printf_log("detail_recv: Read packet from %s\n", data->filename);
625 for (vp = packet->vps; vp; vp = vp->next) {
631 * FIXME: many of these checks may not be necessary when
632 * reading from the detail file.
636 if (!received_request(listener, packet, prequest,
637 &data->detail_client)) {
639 data->state = STATE_NO_REPLY; /* try again later */
643 data->state = STATE_RUNNING;
650 * Free detail-specific stuff.
652 void detail_free(rad_listen_t *this)
654 listen_detail_t *data = this->data;
656 free(data->filename);
657 pairfree(&data->vps);
659 if (data->fp != NULL) fclose(data->fp);
663 int detail_print(rad_listen_t *this, char *buffer, size_t bufsize)
666 return snprintf(buffer, bufsize, "%s",
667 ((listen_detail_t *)(this->data))->filename);
670 return snprintf(buffer, bufsize, "detail file %s as server %s",
671 ((listen_detail_t *)(this->data))->filename,
675 int detail_encode(UNUSED rad_listen_t *this, UNUSED REQUEST *request)
678 * We never encode responses "sent to" the detail file.
683 int detail_decode(UNUSED rad_listen_t *this, UNUSED REQUEST *request)
686 * We never decode responses read from the detail file.
692 static const CONF_PARSER detail_config[] = {
693 { "filename", PW_TYPE_STRING_PTR,
694 offsetof(listen_detail_t, filename), NULL, NULL },
695 { "load_factor", PW_TYPE_INTEGER,
696 offsetof(listen_detail_t, load_factor), NULL, Stringify(10)},
698 { NULL, -1, 0, NULL, NULL } /* end the list */
703 * Parse a detail section.
705 int detail_parse(CONF_SECTION *cs, rad_listen_t *this)
708 listen_detail_t *data;
713 this->data = rad_malloc(sizeof(*data));
714 memset(this->data, 0, sizeof(*data));
718 data->delay_time = USEC;
720 rcode = cf_section_parse(cs, data, detail_config);
722 cf_log_err(cf_sectiontoitem(cs), "Failed parsing listen section");
726 if (!data->filename) {
727 cf_log_err(cf_sectiontoitem(cs), "No detail file specified in listen section");
731 if ((data->load_factor < 1) || (data->load_factor > 100)) {
732 cf_log_err(cf_sectiontoitem(cs), "Load factor must be between 1 and 100");
736 snprintf(buffer, sizeof(buffer), "%s.work", data->filename);
737 free(data->filename_work);
738 data->filename_work = strdup(buffer); /* FIXME: leaked */
742 data->state = STATE_UNOPENED;
745 * Initialize the fake client.
747 client = &data->detail_client;
748 memset(client, 0, sizeof(*client));
749 client->ipaddr.af = AF_INET;
750 client->ipaddr.ipaddr.ip4addr.s_addr = INADDR_NONE;
752 client->longname = client->shortname = data->filename;
753 client->secret = client->shortname;
754 client->nastype = strdup("none");