2 * detail.c Process the detail file
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2007 The FreeRADIUS server project
21 * Copyright 2007 Alan DeKok <aland@deployingradius.com>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/radiusd.h>
28 #include <freeradius-devel/modules.h>
29 #include <freeradius-devel/detail.h>
30 #include <freeradius-devel/rad_assert.h>
32 #ifdef HAVE_SYS_STAT_H
44 #define USEC (1000000)
46 typedef enum detail_state_t {
57 static FR_NAME_NUMBER state_names[] = {
58 { "unopened", STATE_UNOPENED },
59 { "unlocked", STATE_UNLOCKED },
60 { "header", STATE_HEADER },
61 { "reading", STATE_READING },
62 { "queued", STATE_QUEUED },
63 { "running", STATE_RUNNING },
64 { "no-reply", STATE_NO_REPLY },
65 { "replied", STATE_REPLIED },
70 typedef struct listen_detail_t {
71 fr_event_t *ev; /* has to be first entry (ugh) */
80 fr_ipaddr_t client_ip;
81 int load_factor; /* 1..100 */
89 struct timeval last_packet;
90 RADCLIENT detail_client;
95 * If we're limiting outstanding packets, then mark the response
98 int detail_send(rad_listen_t *listener, REQUEST *request)
102 listen_detail_t *data = listener->data;
104 rad_assert(request->listener == listener);
105 rad_assert(listener->send == detail_send);
108 * This request timed out. Remember that, and tell the
109 * caller it's OK to read more "detail" file stuff.
111 if (request->reply->code == 0) {
112 data->delay_time = data->retry_interval * USEC;
114 data->state = STATE_NO_REPLY;
116 RDEBUG("Detail - No response configured for request %d. Will retry in %d seconds",
117 request->number, data->retry_interval);
119 radius_signal_self(RADIUS_SIGNAL_SELF_DETAIL);
124 * We call gettimeofday a lot. But it should be OK,
125 * because there's nothing else to do.
127 gettimeofday(&now, NULL);
130 * If we haven't sent a packet in the last second, reset
134 if (timercmp(&data->last_packet, &now, <)) {
135 data->has_rtt = FALSE;
140 * Only one detail packet may be outstanding at a time,
141 * so it's safe to update some entries in the detail
144 * We keep smoothed round trip time (SRTT), but not round
145 * trip timeout (RTO). We use SRTT to calculate a rough
148 rtt = now.tv_sec - request->received.tv_sec;
151 rtt -= request->received.tv_usec;
154 * If we're proxying, the RTT is our processing time,
155 * plus the network delay there and back, plus the time
156 * on the other end to process the packet. Ideally, we
157 * should remove the network delays from the RTT, but we
158 * don't know what they are.
160 * So, to be safe, we over-estimate the total cost of
161 * processing the packet.
163 if (!data->has_rtt) {
164 data->has_rtt = TRUE;
166 data->rttvar = rtt / 2;
169 data->rttvar -= data->rttvar >> 2;
170 data->rttvar += (data->srtt - rtt);
171 data->srtt -= data->srtt >> 3;
172 data->srtt += rtt >> 3;
176 * Calculate the time we wait before sending the next
179 * rtt / (rtt + delay) = load_factor / 100
181 data->delay_time = (data->srtt * (100 - data->load_factor)) / (data->load_factor);
184 * Cap delay at 4 packets/s. If the end system can't
185 * handle this, then it's very broken.
187 if (data->delay_time > (USEC / 4)) data->delay_time= USEC / 4;
189 RDEBUG3("Received response for request %d. Will read the next packet in %d seconds",
190 request->number, data->delay_time / USEC);
192 data->last_packet = now;
194 data->state = STATE_REPLIED;
195 radius_signal_self(RADIUS_SIGNAL_SELF_DETAIL);
202 * Open the detail file, if we can.
204 * FIXME: create it, if it's not already there, so that the main
205 * server select() will wake us up if there's anything to read.
207 static int detail_open(rad_listen_t *this)
210 listen_detail_t *data = this->data;
211 char *filename = data->filename;
213 rad_assert(data->state == STATE_UNOPENED);
214 data->delay_time = USEC;
217 * Open detail.work first, so we don't lose
218 * accounting packets. It's probably better to
219 * duplicate them than to lose them.
221 * Note that we're not writing to the file, but
222 * we've got to open it for writing in order to
223 * establish the lock, to prevent rlm_detail from
226 * This also means that if we're doing globbing,
227 * this file will be read && processed before the
228 * file globbing is done.
230 this->fd = open(data->filename_work, O_RDWR);
232 DEBUG2("Polling for detail file %s", filename);
235 * Try reading the detail file. If it
236 * doesn't exist, we can't do anything.
238 * Doing the stat will tell us if the file
239 * exists, even if we don't have permissions
242 if (stat(filename, &st) < 0) {
249 memset(&files, 0, sizeof(files));
250 if (glob(filename, 0, NULL, &files) != 0) {
256 for (i = 0; i < files.gl_pathc; i++) {
257 if (stat(files.gl_pathv[i], &st) < 0) continue;
260 (st.st_ctime < chtime)) {
261 chtime = st.st_ctime;
271 filename = strdup(files.gl_pathv[found]);
279 * Open it BEFORE we rename it, just to
282 this->fd = open(filename, O_RDWR);
284 radlog(L_ERR, "Detail - Failed to open %s: %s",
285 filename, strerror(errno));
286 if (filename != data->filename) free(filename);
291 * Rename detail to detail.work
293 DEBUG("Detail - Renaming %s -> %s", filename, data->filename_work);
294 if (rename(filename, data->filename_work) < 0) {
295 if (filename != data->filename) free(filename);
300 if (filename != data->filename) free(filename);
301 } /* else detail.work existed, and we opened it */
303 rad_assert(data->vps == NULL);
304 rad_assert(data->fp == NULL);
306 data->state = STATE_UNLOCKED;
308 data->client_ip.af = AF_UNSPEC;
316 * FIXME: add a configuration "exit when done" so that the detail
317 * file reader can be used as a one-off tool to update stuff.
319 * The time sequence for reading from the detail file is:
321 * t_0 signalled that the server is idle, and we
322 * can read from the detail file.
324 * t_rtt the packet has been processed successfully,
325 * wait for t_delay to enforce load factor.
327 * t_rtt + t_delay wait for signal that the server is idle.
330 int detail_recv(rad_listen_t *listener,
331 RAD_REQUEST_FUNP *pfun, REQUEST **prequest)
333 char key[256], op[8], value[1024];
334 VALUE_PAIR *vp, **tail;
335 RADIUS_PACKET *packet;
337 listen_detail_t *data = listener->data;
340 * We may be in the main thread. It needs to update the
341 * timers before we try to read from the file again.
343 if (data->signal) return 0;
345 switch (data->state) {
348 rad_assert(listener->fd < 0);
350 if (!detail_open(listener)) return 0;
352 rad_assert(data->state == STATE_UNLOCKED);
353 rad_assert(listener->fd >= 0);
358 * Try to lock fd. If we can't, return.
359 * If we can, continue. This means that
360 * the server doesn't block while waiting
361 * for the lock to open...
365 * Note that we do NOT block waiting for
366 * the lock. We've re-named the file
367 * above, so we've already guaranteed
368 * that any *new* detail writer will not
369 * be opening this file. The only
370 * purpose of the lock is to catch a race
371 * condition where the execution
372 * "ping-pongs" between radiusd &
375 if (rad_lockfd_nonblock(listener->fd, 0) < 0) {
377 * Close the FD. The main loop
378 * will wake up in a second and
383 data->state = STATE_UNOPENED;
387 data->fp = fdopen(listener->fd, "r");
389 radlog(L_ERR, "FATAL: Failed to re-open detail file %s: %s",
390 data->filename, strerror(errno));
395 * Look for the header
397 data->state = STATE_HEADER;
398 data->delay_time = USEC;
406 data->state = STATE_UNOPENED;
413 fstat(listener->fd, &buf);
414 if (((off_t) ftell(data->fp)) == buf.st_size) {
420 * End of file. Delete it, and re-set
423 if (feof(data->fp)) {
425 DEBUG("Detail - unlinking %s",
426 data->filename_work);
427 unlink(data->filename_work);
428 if (data->fp) fclose(data->fp);
431 data->state = STATE_UNOPENED;
432 rad_assert(data->vps == NULL);
437 * Else go read something.
442 * Read more value-pair's, unless we're
443 * at EOF. In that case, queue whatever
447 if (data->fp && !feof(data->fp)) break;
448 data->state = STATE_QUEUED;
456 * Periodically check what's going on.
457 * If the request is taking too long,
461 if (time(NULL) < (data->running + data->retry_interval)) {
465 DEBUG("No response to detail request. Retrying");
466 data->state = STATE_NO_REPLY;
470 * If there's no reply, keep
471 * retransmitting the current packet
475 data->state = STATE_QUEUED;
479 * We have a reply. Clean up the old
480 * request, and go read another one.
483 pairfree(&data->vps);
484 data->state = STATE_HEADER;
489 while (*tail) tail = &(*tail)->next;
492 * Read a header, OR a value-pair.
494 while (fgets(buffer, sizeof(buffer), data->fp)) {
496 * Badly formatted file: delete it.
498 * FIXME: Maybe flag an error?
500 if (!strchr(buffer, '\n')) {
501 pairfree(&data->vps);
506 * We're reading VP's, and got a blank line.
509 if ((data->state == STATE_READING) &&
510 (buffer[0] == '\n')) {
511 data->state = STATE_QUEUED;
516 * Look for date/time header, and read VP's if
517 * found. If not, keep reading lines until we
520 if (data->state == STATE_HEADER) {
523 if (sscanf(buffer, "%*s %*s %*d %*d:%*d:%*d %d", &y)) {
524 data->state = STATE_READING;
530 * We have a full "attribute = value" line.
531 * If it doesn't look reasonable, skip it.
533 * FIXME: print an error for badly formatted attributes?
535 if (sscanf(buffer, "%255s %8s %1023s", key, op, value) != 3) {
536 DEBUG2("WARNING: Skipping badly formatted line %s",
542 * Should be =, :=, +=, ...
544 if (!strchr(op, '=')) continue;
547 * Skip non-protocol attributes.
549 if (!strcasecmp(key, "Request-Authenticator")) continue;
552 * Set the original client IP address, based on
553 * what's in the detail file.
555 * Hmm... we don't set the server IP address.
558 if (!strcasecmp(key, "Client-IP-Address")) {
559 data->client_ip.af = AF_INET;
560 ip_hton(value, AF_INET, &data->client_ip);
565 * The original time at which we received the
566 * packet. We need this to properly calculate
569 if (!strcasecmp(key, "Timestamp")) {
570 data->timestamp = atoi(value);
572 vp = paircreate(PW_PACKET_ORIGINAL_TIMESTAMP,
575 vp->vp_date = (uint32_t) data->timestamp;
585 * FIXME: do we want to check for non-protocol
586 * attributes like radsqlrelay does?
589 if ((userparse(buffer, &vp) > 0) &&
597 * Some kind of error.
599 * FIXME: Leave the file in-place, and warn the
602 if (ferror(data->fp)) goto cleanup;
605 * Process the packet.
608 rad_assert(data->state == STATE_QUEUED);
611 * We're done reading the file, but we didn't read
612 * anything. Clean up, and don't return anything.
615 data->state = STATE_HEADER;
616 if (feof(data->fp)) goto cleanup;
621 * Allocate the packet. If we fail, it's a serious
624 packet = rad_alloc(1);
626 radlog(L_ERR, "FATAL: Failed allocating memory for detail");
630 memset(packet, 0, sizeof(*packet));
632 packet->src_ipaddr.af = AF_INET;
633 packet->src_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_NONE);
634 packet->code = PW_ACCOUNTING_REQUEST;
635 packet->timestamp = time(NULL);
638 * Remember where it came from, so that we don't
639 * proxy it to the place it came from...
641 if (data->client_ip.af != AF_UNSPEC) {
642 packet->src_ipaddr = data->client_ip;
645 vp = pairfind(packet->vps, PW_PACKET_SRC_IP_ADDRESS);
647 packet->src_ipaddr.af = AF_INET;
648 packet->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
650 vp = pairfind(packet->vps, PW_PACKET_SRC_IPV6_ADDRESS);
652 packet->src_ipaddr.af = AF_INET6;
653 memcpy(&packet->src_ipaddr.ipaddr.ip6addr,
654 &vp->vp_ipv6addr, sizeof(vp->vp_ipv6addr));
658 vp = pairfind(packet->vps, PW_PACKET_DST_IP_ADDRESS);
660 packet->dst_ipaddr.af = AF_INET;
661 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
663 vp = pairfind(packet->vps, PW_PACKET_DST_IPV6_ADDRESS);
665 packet->dst_ipaddr.af = AF_INET6;
666 memcpy(&packet->dst_ipaddr.ipaddr.ip6addr,
667 &vp->vp_ipv6addr, sizeof(vp->vp_ipv6addr));
672 * We've got to give SOME value for Id & ports, so that
673 * the packets can be added to the request queue.
674 * However, we don't want to keep track of used/unused
675 * id's and ports, as that's a lot of work. This hack
676 * ensures that (if we have real random numbers), that
677 * there will be a collision on every 2^(16+15+15+24 - 1)
678 * packets, on average. That means we can read 2^37
679 * packets before having a collision, which means it's
680 * effectively impossible.
682 packet->id = fr_rand() & 0xffff;
683 packet->src_port = 1024 + (fr_rand() & 0x7fff);
684 packet->dst_port = 1024 + (fr_rand() & 0x7fff);
686 packet->dst_ipaddr.af = AF_INET;
687 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = htonl((INADDR_LOOPBACK & ~0xffffff) | (fr_rand() & 0xffffff));
690 * If everything's OK, this is a waste of memory.
691 * Otherwise, it lets us re-send the original packet
692 * contents, unmolested.
694 packet->vps = paircopy(data->vps);
697 * Look for Acct-Delay-Time, and update
698 * based on Acct-Delay-Time += (time(NULL) - timestamp)
700 vp = pairfind(packet->vps, PW_ACCT_DELAY_TIME);
702 vp = paircreate(PW_ACCT_DELAY_TIME, PW_TYPE_INTEGER);
703 rad_assert(vp != NULL);
704 pairadd(&packet->vps, vp);
706 if (data->timestamp != 0) {
707 vp->vp_integer += time(NULL) - data->timestamp;
710 *pfun = rad_accounting;
713 fr_printf_log("detail_recv: Read packet from %s\n", data->filename_work);
714 for (vp = packet->vps; vp; vp = vp->next) {
720 * FIXME: many of these checks may not be necessary when
721 * reading from the detail file.
725 if (!received_request(listener, packet, prequest,
726 &data->detail_client)) {
728 data->state = STATE_NO_REPLY; /* try again later */
732 data->state = STATE_RUNNING;
733 data->running = packet->timestamp;
740 * Free detail-specific stuff.
742 void detail_free(rad_listen_t *this)
744 listen_detail_t *data = this->data;
746 free(data->filename);
747 pairfree(&data->vps);
749 if (data->fp != NULL) fclose(data->fp);
753 int detail_print(rad_listen_t *this, char *buffer, size_t bufsize)
756 return snprintf(buffer, bufsize, "%s",
757 ((listen_detail_t *)(this->data))->filename);
760 return snprintf(buffer, bufsize, "detail file %s as server %s",
761 ((listen_detail_t *)(this->data))->filename,
766 * Overloaded to return delay times.
768 int detail_encode(rad_listen_t *this, UNUSED REQUEST *request)
770 listen_detail_t *data = this->data;
773 * We haven't sent a packet... delay things a bit.
776 int delay = (data->poll_interval - 1) * USEC;
779 * Add +/- 0.25s of jitter
781 delay += (USEC * 3) / 4;
782 delay += fr_rand() % (USEC / 2);
784 DEBUG2("Detail listener %s state %s signalled %d waiting %d.%06d sec",
786 fr_int2str(state_names, data->state, "?"), data->signal,
787 (delay / USEC), delay % USEC);
794 DEBUG2("Detail listener %s state %s signalled %d waiting %d.%06d sec",
795 data->filename, fr_int2str(state_names, data->state, "?"),
797 data->delay_time / USEC,
798 data->delay_time % USEC);
800 return data->delay_time;
805 * Overloaded to return "should we fix delay times"
807 int detail_decode(rad_listen_t *this, UNUSED REQUEST *request)
809 listen_detail_t *data = this->data;
815 static const CONF_PARSER detail_config[] = {
816 { "filename", PW_TYPE_STRING_PTR,
817 offsetof(listen_detail_t, filename), NULL, NULL },
818 { "load_factor", PW_TYPE_INTEGER,
819 offsetof(listen_detail_t, load_factor), NULL, Stringify(10)},
820 { "poll_interval", PW_TYPE_INTEGER,
821 offsetof(listen_detail_t, poll_interval), NULL, Stringify(1)},
822 { "retry_interval", PW_TYPE_INTEGER,
823 offsetof(listen_detail_t, retry_interval), NULL, Stringify(30)},
825 { NULL, -1, 0, NULL, NULL } /* end the list */
830 * Parse a detail section.
832 int detail_parse(CONF_SECTION *cs, rad_listen_t *this)
835 listen_detail_t *data;
840 this->data = rad_malloc(sizeof(*data));
841 memset(this->data, 0, sizeof(*data));
846 rcode = cf_section_parse(cs, data, detail_config);
848 cf_log_err(cf_sectiontoitem(cs), "Failed parsing listen section");
852 if (!data->filename) {
853 cf_log_err(cf_sectiontoitem(cs), "No detail file specified in listen section");
857 if ((data->load_factor < 1) || (data->load_factor > 100)) {
858 cf_log_err(cf_sectiontoitem(cs), "Load factor must be between 1 and 100");
862 if ((data->poll_interval < 1) || (data->poll_interval > 20)) {
863 cf_log_err(cf_sectiontoitem(cs), "poll_interval must be between 1 and 20");
868 * If the filename is a glob, use "detail.work" as the
871 if ((strchr(data->filename, '*') != NULL) ||
872 (strchr(data->filename, '[') != NULL)) {
876 radlog(L_INFO, "WARNING: Detail file \"%s\" appears to use file globbing, but it is not supported on this system.", data->filename);
878 strlcpy(buffer, data->filename, sizeof(buffer));
879 p = strrchr(buffer, FR_DIR_SEP);
885 strlcat(buffer, "detail.work",
886 sizeof(buffer) - strlen(buffer));
889 snprintf(buffer, sizeof(buffer), "%s.work", data->filename);
892 free(data->filename_work);
893 data->filename_work = strdup(buffer); /* FIXME: leaked */
897 data->state = STATE_UNOPENED;
898 data->delay_time = data->poll_interval * USEC;
902 * Initialize the fake client.
904 client = &data->detail_client;
905 memset(client, 0, sizeof(*client));
906 client->ipaddr.af = AF_INET;
907 client->ipaddr.ipaddr.ip4addr.s_addr = INADDR_NONE;
909 client->longname = client->shortname = data->filename;
910 client->secret = client->shortname;
911 client->nastype = strdup("none");