v4.14-9529-beta

src/Cedar/Cedar.h

@@ -135,10 +135,10 @@
 
 
 // Version number
-#define	CEDAR_VER					413
+#define	CEDAR_VER					414
 
 // Build Number
-#define	CEDAR_BUILD					9525
+#define	CEDAR_BUILD					9529
 
 // Beta number
 //#define	BETA_NUMBER					3
@@ -160,9 +160,9 @@
 #define	BUILD_DATE_Y		2015
 #define	BUILD_DATE_M		2
 #define	BUILD_DATE_D		2
-#define	BUILD_DATE_HO		10
-#define	BUILD_DATE_MI		28
-#define	BUILD_DATE_SE		53
+#define	BUILD_DATE_HO		17
+#define	BUILD_DATE_MI		33
+#define	BUILD_DATE_SE		33
 
 // Tolerable time difference
 #define	ALLOW_TIMESTAMP_DIFF		(UINT64)(3 * 24 * 60 * 60 * 1000)

src/Cedar/Hub.c

@@ -600,6 +600,7 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao)
 	GetHubAdminOptionDataAndSet(ao, "AssignVLanIdByRadiusAttribute", &o->AssignVLanIdByRadiusAttribute);
 	GetHubAdminOptionDataAndSet(ao, "SecureNAT_RandomizeAssignIp", &o->SecureNAT_RandomizeAssignIp);
 	GetHubAdminOptionDataAndSet(ao, "DetectDormantSessionInterval", &o->DetectDormantSessionInterval);
+	GetHubAdminOptionDataAndSet(ao, "NoPhysicalIPOnPacketLog", &o->NoPhysicalIPOnPacketLog);
 }
 
 // Convert the contents of the HUB_OPTION to data
@@ -668,6 +669,7 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name)
 	Add(aol, NewAdminOption("AssignVLanIdByRadiusAttribute", o->AssignVLanIdByRadiusAttribute));
 	Add(aol, NewAdminOption("SecureNAT_RandomizeAssignIp", o->SecureNAT_RandomizeAssignIp));
 	Add(aol, NewAdminOption("DetectDormantSessionInterval", o->DetectDormantSessionInterval));
+	Add(aol, NewAdminOption("NoPhysicalIPOnPacketLog", o->NoPhysicalIPOnPacketLog));
 
 	Zero(ao, sizeof(RPC_ADMIN_OPTION));
 

src/Cedar/Hub.h

@@ -278,6 +278,7 @@ struct HUB_OPTION
 	bool AssignVLanIdByRadiusAttribute;	// Assign the VLAN ID for the VPN session, by the attribute value of RADIUS
 	bool SecureNAT_RandomizeAssignIp;	// Randomize the assignment IP address for new DHCP client
 	UINT DetectDormantSessionInterval;	// Interval (seconds) threshold to detect a dormant VPN session
+	bool NoPhysicalIPOnPacketLog;		// Disable saving physical IP address on the packet log
 };
 
 // MAC table entry

src/Cedar/IPsec_L2TP.c

@@ -1539,7 +1539,7 @@ void ProcL2TPPacketRecv(L2TP_SERVER *l2tp, UDPPACKET *p)
 				UINT client_assigned_id = (pp->Ver == 3 ? READ_UINT(a->Data) : READ_USHORT(a->Data));
 				if (GetTunnelFromIdOfAssignedByClient(l2tp, &p->SrcIP, client_assigned_id) == NULL)
 				{
-					if (LIST_NUM(l2tp->TunnelList) < L2TP_QUOTA_MAX_NUM_TUNNELS && GetNumL2TPTunnelsByClientIP(l2tp, &p->SrcIP) >= L2TP_QUOTA_MAX_NUM_TUNNELS_PER_IP)
+					if (LIST_NUM(l2tp->TunnelList) < L2TP_QUOTA_MAX_NUM_TUNNELS && GetNumL2TPTunnelsByClientIP(l2tp, &p->SrcIP) < L2TP_QUOTA_MAX_NUM_TUNNELS_PER_IP)
 					{
 						char ipstr[MAX_SIZE];
 						L2TP_PACKET *pp2;

src/Cedar/Logging.c

@@ -1061,6 +1061,7 @@ bool PacketLog(HUB *hub, SESSION *src_session, SESSION *dest_session, PKT *packe
 	SERVER *s;
 	UINT syslog_setting;
 	bool no_log = false;
+	HUB_OPTION *opt = NULL;
 	// Validate arguments
 	if (hub == NULL || src_session == NULL || packet == NULL)
 	{
@@ -1081,6 +1082,8 @@ bool PacketLog(HUB *hub, SESSION *src_session, SESSION *dest_session, PKT *packe
 		return true;
 	}
 
+	opt = hub->Option;
+
 	// Determine the logging level
 	level = CalcPacketLoggingLevel(hub, packet);
 	if (level == PACKET_LOG_NONE)
@@ -1155,6 +1158,21 @@ bool PacketLog(HUB *hub, SESSION *src_session, SESSION *dest_session, PKT *packe
 		pl->DestSessionName = CopyStr("");
 	}
 
+	if (opt == NULL || opt->NoPhysicalIPOnPacketLog == false)
+	{
+		if (src_session != NULL && src_session->NormalClient)
+		{
+			StrCpy(pl->SrcPhysicalIP, sizeof(pl->SrcPhysicalIP), src_session->ClientIP);
+		}
+
+		if (dest_session != NULL && dest_session->NormalClient)
+		{
+			StrCpy(pl->DestPhysicalIP, sizeof(pl->DestPhysicalIP), dest_session->ClientIP);
+		}
+
+		pl->WritePhysicalIP = true;
+	}
+
 	if (src_session->LoggingRecordCount != NULL)
 	{
 		UINT n = 0;
@@ -1493,6 +1511,10 @@ char *PacketLogParseProc(RECORD *rec)
 	// Generate each part
 	t = ZeroMalloc(sizeof(TOKEN_LIST));
 	t->NumTokens = 16;
+	if (pl->WritePhysicalIP)
+	{
+		t->NumTokens += 2;
+	}
 	t->Token = ZeroMalloc(sizeof(char *) * t->NumTokens);
 
 	// Source session
@@ -2028,6 +2050,16 @@ char *PacketLogParseProc(RECORD *rec)
 			BinToStr(data, p->PacketSize * 2 + 1, p->PacketData, p->PacketSize);
 			t->Token[15] = data;
 		}
+
+		// Physical IP addresses
+		if (StrLen(pl->SrcPhysicalIP) != 0)
+		{
+			t->Token[16] = CopyStr(pl->SrcPhysicalIP);
+		}
+		if (StrLen(pl->DestPhysicalIP) != 0)
+		{
+			t->Token[17] = CopyStr(pl->DestPhysicalIP);
+		}
 	}
 	else
 	{

src/Cedar/Logging.h

@@ -130,6 +130,9 @@ struct PACKET_LOG
 	struct PKT *Packet;
 	char *SrcSessionName;
 	char *DestSessionName;
+	bool WritePhysicalIP;
+	char SrcPhysicalIP[64];
+	char DestPhysicalIP[64];
 	bool PurePacket;						// Packet not cloned
 	bool PurePacketNoPayload;				// Packet not cloned (without payload)
 	SESSION *SrcSession;

src/Cedar/Protocol.c

@@ -2911,6 +2911,8 @@ bool ServerAccept(CONNECTION *c)
 			s->LocalHostSession = local_host_session;
 			s->NormalClient = true;
 
+			IPToStr(s->ClientIP, sizeof(s->ClientIP), &c->ClientIp);
+
 			if (c->FirstSock->IsRUDPSocket)
 			{
 				// R-UDP session

src/Cedar/Server.c

@@ -4105,6 +4105,7 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o)
 	o->AssignVLanIdByRadiusAttribute = CfgGetBool(f, "AssignVLanIdByRadiusAttribute");
 	o->SecureNAT_RandomizeAssignIp = CfgGetBool(f, "SecureNAT_RandomizeAssignIp");
 	o->DetectDormantSessionInterval = CfgGetInt(f, "DetectDormantSessionInterval");
+	o->NoPhysicalIPOnPacketLog = CfgGetBool(f, "NoPhysicalIPOnPacketLog");
 
 	// Enabled by default
 	if (CfgIsItem(f, "ManageOnlyPrivateIP"))
@@ -4182,6 +4183,7 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o)
 	CfgAddBool(f, "SuppressClientUpdateNotification", o->SuppressClientUpdateNotification);
 	CfgAddBool(f, "AssignVLanIdByRadiusAttribute", o->AssignVLanIdByRadiusAttribute);
 	CfgAddBool(f, "SecureNAT_RandomizeAssignIp", o->SecureNAT_RandomizeAssignIp);
+	CfgAddBool(f, "NoPhysicalIPOnPacketLog", o->NoPhysicalIPOnPacketLog);
 	CfgAddInt(f, "DetectDormantSessionInterval", o->DetectDormantSessionInterval);
 	CfgAddBool(f, "NoLookBPDUBridgeId", o->NoLookBPDUBridgeId);
 	CfgAddInt(f, "AdjustTcpMssValue", o->AdjustTcpMssValue);
@@ -7487,6 +7489,7 @@ void SiCalledUpdateHub(SERVER *s, PACK *p)
 	o.SecureNAT_RandomizeAssignIp = PackGetBool(p, "SecureNAT_RandomizeAssignIp");
 	o.DetectDormantSessionInterval = PackGetInt(p, "DetectDormantSessionInterval");
 	o.VlanTypeId = PackGetInt(p, "VlanTypeId");
+	o.NoPhysicalIPOnPacketLog = PackGetBool(p, "NoPhysicalIPOnPacketLog");
 	if (o.VlanTypeId == 0)
 	{
 		o.VlanTypeId = MAC_PROTO_TAGVLAN;
@@ -9328,6 +9331,7 @@ void SiPackAddCreateHub(PACK *p, HUB *h)
 	PackAddBool(p, "AssignVLanIdByRadiusAttribute", h->Option->AssignVLanIdByRadiusAttribute);
 	PackAddInt(p, "ClientMinimumRequiredBuild", h->Option->ClientMinimumRequiredBuild);
 	PackAddBool(p, "SecureNAT_RandomizeAssignIp", h->Option->SecureNAT_RandomizeAssignIp);
+	PackAddBool(p, "NoPhysicalIPOnPacketLog", h->Option->NoPhysicalIPOnPacketLog);
 	PackAddInt(p, "DetectDormantSessionInterval", h->Option->DetectDormantSessionInterval);
 	PackAddBool(p, "FixForDLinkBPDU", h->Option->FixForDLinkBPDU);
 	PackAddBool(p, "BroadcastLimiterStrictMode", h->Option->BroadcastLimiterStrictMode);

src/Cedar/Session.h

@@ -188,6 +188,7 @@ struct SESSION
 	bool InProcMode;				// In-process mode
 	THREAD *Thread;					// Management thread
 	CONNECTION *Connection;			// Connection
+	char ClientIP[64];				// Client IP
 	CLIENT_OPTION *ClientOption;	// Client connection options
 	CLIENT_AUTH *ClientAuth;		// Client authentication data
 	volatile bool Halt;				// Halting flag