2 * detail.c Process the detail file
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2007 The FreeRADIUS server project
21 * Copyright 2007 Alan DeKok <aland@deployingradius.com>
26 #include <freeradius-devel/radiusd.h>
27 #include <freeradius-devel/modules.h>
28 #include <freeradius-devel/detail.h>
29 #include <freeradius-devel/process.h>
30 #include <freeradius-devel/rad_assert.h>
32 #ifdef HAVE_SYS_STAT_H
44 #define USEC (1000000)
46 static FR_NAME_NUMBER state_names[] = {
47 { "unopened", STATE_UNOPENED },
48 { "unlocked", STATE_UNLOCKED },
49 { "header", STATE_HEADER },
50 { "reading", STATE_READING },
51 { "queued", STATE_QUEUED },
52 { "running", STATE_RUNNING },
53 { "no-reply", STATE_NO_REPLY },
54 { "replied", STATE_REPLIED },
60 * If we're limiting outstanding packets, then mark the response
63 int detail_send(rad_listen_t *listener, REQUEST *request)
67 listen_detail_t *data = listener->data;
69 rad_assert(request->listener == listener);
70 rad_assert(listener->send == detail_send);
73 * This request timed out. Remember that, and tell the
74 * caller it's OK to read more "detail" file stuff.
76 if (request->reply->code == 0) {
77 data->delay_time = data->retry_interval * USEC;
79 data->state = STATE_NO_REPLY;
81 RDEBUG("Detail - No response configured for request %d. Will retry in %d seconds",
82 request->number, data->retry_interval);
84 radius_signal_self(RADIUS_SIGNAL_SELF_DETAIL);
89 * We call gettimeofday a lot. But it should be OK,
90 * because there's nothing else to do.
92 gettimeofday(&now, NULL);
95 * If we haven't sent a packet in the last second, reset
99 if (timercmp(&data->last_packet, &now, <)) {
100 data->has_rtt = FALSE;
105 * Only one detail packet may be outstanding at a time,
106 * so it's safe to update some entries in the detail
109 * We keep smoothed round trip time (SRTT), but not round
110 * trip timeout (RTO). We use SRTT to calculate a rough
113 rtt = now.tv_sec - request->packet->timestamp.tv_sec;
116 rtt -= request->packet->timestamp.tv_usec;
119 * If we're proxying, the RTT is our processing time,
120 * plus the network delay there and back, plus the time
121 * on the other end to process the packet. Ideally, we
122 * should remove the network delays from the RTT, but we
123 * don't know what they are.
125 * So, to be safe, we over-estimate the total cost of
126 * processing the packet.
128 if (!data->has_rtt) {
129 data->has_rtt = TRUE;
131 data->rttvar = rtt / 2;
134 data->rttvar -= data->rttvar >> 2;
135 data->rttvar += (data->srtt - rtt);
136 data->srtt -= data->srtt >> 3;
137 data->srtt += rtt >> 3;
141 * Calculate the time we wait before sending the next
144 * rtt / (rtt + delay) = load_factor / 100
146 data->delay_time = (data->srtt * (100 - data->load_factor)) / (data->load_factor);
149 * Cap delay at 4 packets/s. If the end system can't
150 * handle this, then it's very broken.
152 if (data->delay_time > (USEC / 4)) data->delay_time= USEC / 4;
154 RDEBUG3("Received response for request %d. Will read the next packet in %d seconds",
155 request->number, data->delay_time / USEC);
157 data->last_packet = now;
159 data->state = STATE_REPLIED;
161 radius_signal_self(RADIUS_SIGNAL_SELF_DETAIL);
168 * Open the detail file, if we can.
170 * FIXME: create it, if it's not already there, so that the main
171 * server select() will wake us up if there's anything to read.
173 static int detail_open(rad_listen_t *this)
176 listen_detail_t *data = this->data;
177 char *filename = data->filename;
179 rad_assert(data->state == STATE_UNOPENED);
180 data->delay_time = USEC;
183 * Open detail.work first, so we don't lose
184 * accounting packets. It's probably better to
185 * duplicate them than to lose them.
187 * Note that we're not writing to the file, but
188 * we've got to open it for writing in order to
189 * establish the lock, to prevent rlm_detail from
192 * This also means that if we're doing globbing,
193 * this file will be read && processed before the
194 * file globbing is done.
196 this->fd = open(data->filename_work, O_RDWR);
198 DEBUG2("Polling for detail file %s", filename);
201 * Try reading the detail file. If it
202 * doesn't exist, we can't do anything.
204 * Doing the stat will tell us if the file
205 * exists, even if we don't have permissions
208 if (stat(filename, &st) < 0) {
215 memset(&files, 0, sizeof(files));
216 if (glob(filename, 0, NULL, &files) != 0) {
223 for (i = 0; i < files.gl_pathc; i++) {
224 if (stat(files.gl_pathv[i], &st) < 0) continue;
227 (st.st_ctime < chtime)) {
228 chtime = st.st_ctime;
238 filename = strdup(files.gl_pathv[found]);
246 * Open it BEFORE we rename it, just to
249 this->fd = open(filename, O_RDWR);
251 radlog(L_ERR, "Detail - Failed to open %s: %s",
252 filename, strerror(errno));
253 if (filename != data->filename) free(filename);
258 * Rename detail to detail.work
260 DEBUG("Detail - Renaming %s -> %s", filename, data->filename_work);
261 if (rename(filename, data->filename_work) < 0) {
262 if (filename != data->filename) free(filename);
267 if (filename != data->filename) free(filename);
268 } /* else detail.work existed, and we opened it */
270 rad_assert(data->vps == NULL);
271 rad_assert(data->fp == NULL);
273 data->state = STATE_UNLOCKED;
275 data->client_ip.af = AF_UNSPEC;
286 * FIXME: add a configuration "exit when done" so that the detail
287 * file reader can be used as a one-off tool to update stuff.
289 * The time sequence for reading from the detail file is:
291 * t_0 signalled that the server is idle, and we
292 * can read from the detail file.
294 * t_rtt the packet has been processed successfully,
295 * wait for t_delay to enforce load factor.
297 * t_rtt + t_delay wait for signal that the server is idle.
300 int detail_recv(rad_listen_t *listener)
302 char key[256], op[8], value[1024];
303 VALUE_PAIR *vp, **tail;
304 RADIUS_PACKET *packet;
306 listen_detail_t *data = listener->data;
310 * We may be in the main thread. It needs to update the
311 * timers before we try to read from the file again.
313 if (data->signal) return 0;
315 switch (data->state) {
318 rad_assert(listener->fd < 0);
320 if (!detail_open(listener)) return 0;
322 rad_assert(data->state == STATE_UNLOCKED);
323 rad_assert(listener->fd >= 0);
328 * Try to lock fd. If we can't, return.
329 * If we can, continue. This means that
330 * the server doesn't block while waiting
331 * for the lock to open...
335 * Note that we do NOT block waiting for
336 * the lock. We've re-named the file
337 * above, so we've already guaranteed
338 * that any *new* detail writer will not
339 * be opening this file. The only
340 * purpose of the lock is to catch a race
341 * condition where the execution
342 * "ping-pongs" between radiusd &
345 if (rad_lockfd_nonblock(listener->fd, 0) < 0) {
347 * Close the FD. The main loop
348 * will wake up in a second and
353 data->state = STATE_UNOPENED;
357 data->fp = fdopen(listener->fd, "r");
359 radlog(L_ERR, "FATAL: Failed to re-open detail file %s: %s",
360 data->filename, strerror(errno));
365 * Look for the header
367 data->state = STATE_HEADER;
368 data->delay_time = USEC;
377 data->state = STATE_UNOPENED;
384 if (fstat(listener->fd, &buf) < 0) {
385 radlog(L_ERR, "Failed to stat "
386 "detail file %s: %s",
392 if (((off_t) ftell(data->fp)) == buf.st_size) {
398 * End of file. Delete it, and re-set
401 if (feof(data->fp)) {
403 DEBUG("Detail - unlinking %s",
404 data->filename_work);
405 unlink(data->filename_work);
406 if (data->fp) fclose(data->fp);
409 data->state = STATE_UNOPENED;
410 rad_assert(data->vps == NULL);
412 if (data->one_shot) {
413 radlog(L_INFO, "Finished reading \"one shot\" detail file - Exiting");
414 radius_signal_self(RADIUS_SIGNAL_SELF_EXIT);
421 * Else go read something.
426 * Read more value-pair's, unless we're
427 * at EOF. In that case, queue whatever
431 if (data->fp && !feof(data->fp)) break;
432 data->state = STATE_QUEUED;
440 * Periodically check what's going on.
441 * If the request is taking too long,
445 if (time(NULL) < (data->running + data->retry_interval)) {
449 DEBUG("No response to detail request. Retrying");
450 data->state = STATE_NO_REPLY;
454 * If there's no reply, keep
455 * retransmitting the current packet
459 data->state = STATE_QUEUED;
463 * We have a reply. Clean up the old
464 * request, and go read another one.
467 pairfree(&data->vps);
468 data->state = STATE_HEADER;
473 while (*tail) tail = &(*tail)->next;
476 * Read a header, OR a value-pair.
478 while (fgets(buffer, sizeof(buffer), data->fp)) {
479 data->offset = ftell(data->fp); /* for statistics */
482 * Badly formatted file: delete it.
484 * FIXME: Maybe flag an error?
486 if (!strchr(buffer, '\n')) {
487 pairfree(&data->vps);
492 * We're reading VP's, and got a blank line.
495 if ((data->state == STATE_READING) &&
496 (buffer[0] == '\n')) {
497 data->state = STATE_QUEUED;
502 * Look for date/time header, and read VP's if
503 * found. If not, keep reading lines until we
506 if (data->state == STATE_HEADER) {
509 if (sscanf(buffer, "%*s %*s %*d %*d:%*d:%*d %d", &y)) {
510 data->state = STATE_READING;
516 * We have a full "attribute = value" line.
517 * If it doesn't look reasonable, skip it.
519 * FIXME: print an error for badly formatted attributes?
521 if (sscanf(buffer, "%255s %8s %1023s", key, op, value) != 3) {
522 DEBUG2W("Skipping badly formatted line %s",
528 * Should be =, :=, +=, ...
530 if (!strchr(op, '=')) continue;
533 * Skip non-protocol attributes.
535 if (!strcasecmp(key, "Request-Authenticator")) continue;
538 * Set the original client IP address, based on
539 * what's in the detail file.
541 * Hmm... we don't set the server IP address.
544 if (!strcasecmp(key, "Client-IP-Address")) {
545 data->client_ip.af = AF_INET;
546 if (ip_hton(value, AF_INET, &data->client_ip) < 0) {
548 "Failed parsing Client-IP-Address");
550 pairfree(&data->vps);
557 * The original time at which we received the
558 * packet. We need this to properly calculate
561 if (!strcasecmp(key, "Timestamp")) {
562 data->timestamp = atoi(value);
564 vp = paircreate(data, PW_PACKET_ORIGINAL_TIMESTAMP, 0);
566 vp->vp_date = (uint32_t) data->timestamp;
576 * FIXME: do we want to check for non-protocol
577 * attributes like radsqlrelay does?
580 if ((userparse(data, buffer, &vp) > 0) &&
588 * Some kind of error.
590 * FIXME: Leave the file in-place, and warn the
593 if (ferror(data->fp)) goto cleanup;
599 * Process the packet.
605 * The writer doesn't check that the record was
606 * completely written. If the disk is full, this can
607 * result in a truncated record. When that happens,
610 if (data->state != STATE_QUEUED) {
611 radlog(L_ERR, "Truncated record: treating it as EOF for detail file %s", data->filename_work);
616 * We're done reading the file, but we didn't read
617 * anything. Clean up, and don't return anything.
620 data->state = STATE_HEADER;
621 if (!data->fp || feof(data->fp)) goto cleanup;
626 * Allocate the packet. If we fail, it's a serious
629 packet = rad_alloc(NULL, 1);
631 radlog(L_ERR, "FATAL: Failed allocating memory for detail");
635 memset(packet, 0, sizeof(*packet));
637 packet->src_ipaddr.af = AF_INET;
638 packet->src_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_NONE);
639 packet->code = PW_ACCOUNTING_REQUEST;
640 gettimeofday(&packet->timestamp, NULL);
643 * Remember where it came from, so that we don't
644 * proxy it to the place it came from...
646 if (data->client_ip.af != AF_UNSPEC) {
647 packet->src_ipaddr = data->client_ip;
650 vp = pairfind(packet->vps, PW_PACKET_SRC_IP_ADDRESS, 0, TAG_ANY);
652 packet->src_ipaddr.af = AF_INET;
653 packet->src_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
655 vp = pairfind(packet->vps, PW_PACKET_SRC_IPV6_ADDRESS, 0, TAG_ANY);
657 packet->src_ipaddr.af = AF_INET6;
658 memcpy(&packet->src_ipaddr.ipaddr.ip6addr,
659 &vp->vp_ipv6addr, sizeof(vp->vp_ipv6addr));
663 vp = pairfind(packet->vps, PW_PACKET_DST_IP_ADDRESS, 0, TAG_ANY);
665 packet->dst_ipaddr.af = AF_INET;
666 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
668 vp = pairfind(packet->vps, PW_PACKET_DST_IPV6_ADDRESS, 0, TAG_ANY);
670 packet->dst_ipaddr.af = AF_INET6;
671 memcpy(&packet->dst_ipaddr.ipaddr.ip6addr,
672 &vp->vp_ipv6addr, sizeof(vp->vp_ipv6addr));
677 * Generate packet ID, ports, IP via a counter.
679 packet->id = data->counter & 0xff;
680 packet->src_port = 1024 + ((data->counter >> 8) & 0xff);
681 packet->dst_port = 1024 + ((data->counter >> 16) & 0xff);
683 packet->dst_ipaddr.af = AF_INET;
684 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = htonl((INADDR_LOOPBACK & ~0xffffff) | ((data->counter >> 24) & 0xff));
687 * If everything's OK, this is a waste of memory.
688 * Otherwise, it lets us re-send the original packet
689 * contents, unmolested.
691 packet->vps = paircopy(packet, data->vps);
694 * Prefer the Event-Timestamp in the packet, if it
695 * exists. That is when the event occurred, whereas the
696 * "Timestamp" field is when we wrote the packet to the
697 * detail file, which could have been much later.
699 vp = pairfind(packet->vps, PW_EVENT_TIMESTAMP, 0, TAG_ANY);
701 data->timestamp = vp->vp_integer;
705 * Look for Acct-Delay-Time, and update
706 * based on Acct-Delay-Time += (time(NULL) - timestamp)
708 vp = pairfind(packet->vps, PW_ACCT_DELAY_TIME, 0, TAG_ANY);
710 vp = paircreate(packet, PW_ACCT_DELAY_TIME, 0);
711 rad_assert(vp != NULL);
712 pairadd(&packet->vps, vp);
714 if (data->timestamp != 0) {
715 vp->vp_integer += time(NULL) - data->timestamp;
719 * Set the transmission count.
721 vp = pairfind(packet->vps, PW_PACKET_TRANSMIT_COUNTER, 0, TAG_ANY);
723 vp = paircreate(packet, PW_PACKET_TRANSMIT_COUNTER, 0);
724 rad_assert(vp != NULL);
725 pairadd(&packet->vps, vp);
727 vp->vp_integer = data->tries;
730 fr_printf_log("detail_recv: Read packet from %s\n", data->filename_work);
731 for (vp = packet->vps; vp; vp = vp->next) {
737 * Don't bother doing limit checks, etc.
739 gettimeofday(&now, NULL);
740 if (!request_insert(listener, packet, &data->detail_client,
741 rad_accounting, &now)) {
743 data->state = STATE_NO_REPLY; /* try again later */
747 data->state = STATE_RUNNING;
748 data->running = packet->timestamp.tv_sec;
755 * Free detail-specific stuff.
757 void detail_free(rad_listen_t *this)
759 listen_detail_t *data = this->data;
761 talloc_free(data->filename);
762 data->filename = NULL;
763 pairfree(&data->vps);
765 if (data->fp != NULL) {
772 int detail_print(const rad_listen_t *this, char *buffer, size_t bufsize)
775 return snprintf(buffer, bufsize, "%s",
776 ((listen_detail_t *)(this->data))->filename);
779 return snprintf(buffer, bufsize, "detail file %s as server %s",
780 ((listen_detail_t *)(this->data))->filename,
785 * Overloaded to return delay times.
787 int detail_encode(rad_listen_t *this, UNUSED REQUEST *request)
789 listen_detail_t *data = this->data;
792 * We haven't sent a packet... delay things a bit.
795 int delay = (data->poll_interval - 1) * USEC;
798 * Add +/- 0.25s of jitter
800 delay += (USEC * 3) / 4;
801 delay += fr_rand() % (USEC / 2);
803 DEBUG2("Detail listener %s state %s signalled %d waiting %d.%06d sec",
805 fr_int2str(state_names, data->state, "?"), data->signal,
806 (delay / USEC), delay % USEC);
813 DEBUG2("Detail listener %s state %s signalled %d waiting %d.%06d sec",
814 data->filename, fr_int2str(state_names, data->state, "?"),
816 data->delay_time / USEC,
817 data->delay_time % USEC);
819 return data->delay_time;
824 * Overloaded to return "should we fix delay times"
826 int detail_decode(rad_listen_t *this, UNUSED REQUEST *request)
828 listen_detail_t *data = this->data;
834 static const CONF_PARSER detail_config[] = {
835 { "filename", PW_TYPE_STRING_PTR,
836 offsetof(listen_detail_t, filename), NULL, NULL },
837 { "load_factor", PW_TYPE_INTEGER,
838 offsetof(listen_detail_t, load_factor), NULL, Stringify(10)},
839 { "poll_interval", PW_TYPE_INTEGER,
840 offsetof(listen_detail_t, poll_interval), NULL, Stringify(1)},
841 { "retry_interval", PW_TYPE_INTEGER,
842 offsetof(listen_detail_t, retry_interval), NULL, Stringify(30)},
843 { "one_shot", PW_TYPE_BOOLEAN,
844 offsetof(listen_detail_t, one_shot), NULL, NULL},
845 { "max_outstanding", PW_TYPE_INTEGER,
846 offsetof(listen_detail_t, load_factor), NULL, NULL},
848 { NULL, -1, 0, NULL, NULL } /* end the list */
851 extern int check_config;
854 * Parse a detail section.
856 int detail_parse(CONF_SECTION *cs, rad_listen_t *this)
859 listen_detail_t *data;
863 if (check_config) return 0;
866 this->data = rad_malloc(sizeof(*data));
867 memset(this->data, 0, sizeof(*data));
872 rcode = cf_section_parse(cs, data, detail_config);
874 cf_log_err_cs(cs, "Failed parsing listen section");
878 if (!data->filename) {
879 cf_log_err_cs(cs, "No detail file specified in listen section");
883 if ((data->load_factor < 1) || (data->load_factor > 100)) {
884 cf_log_err_cs(cs, "Load factor must be between 1 and 100");
888 if ((data->poll_interval < 1) || (data->poll_interval > 20)) {
889 cf_log_err_cs(cs, "poll_interval must be between 1 and 20");
893 if (data->max_outstanding == 0) data->max_outstanding = 1;
896 * If the filename is a glob, use "detail.work" as the
899 if ((strchr(data->filename, '*') != NULL) ||
900 (strchr(data->filename, '[') != NULL)) {
904 radlog(L_INFO, "WARNING: Detail file \"%s\" appears to use file globbing, but it is not supported on this system.", data->filename);
906 strlcpy(buffer, data->filename, sizeof(buffer));
907 p = strrchr(buffer, FR_DIR_SEP);
913 strlcat(buffer, "detail.work",
914 sizeof(buffer) - strlen(buffer));
917 snprintf(buffer, sizeof(buffer), "%s.work", data->filename);
920 free(data->filename_work);
921 data->filename_work = strdup(buffer); /* FIXME: leaked */
925 data->state = STATE_UNOPENED;
926 data->delay_time = data->poll_interval * USEC;
930 * Initialize the fake client.
932 client = &data->detail_client;
933 memset(client, 0, sizeof(*client));
934 client->ipaddr.af = AF_INET;
935 client->ipaddr.ipaddr.ip4addr.s_addr = INADDR_NONE;
937 client->longname = client->shortname = data->filename;
938 client->secret = client->shortname;
939 client->nastype = strdup("none");