diff options
| author | Guillaume Nault <g.nault@alphalink.fr> | 2013-04-09 21:43:12 +0200 |
|---|---|---|
| committer | Dmitry Kozlov <xeb@mail.ru> | 2013-04-17 09:06:35 +0400 |
| commit | 9ec0d6beda4249ca0483e461bd5fb361f7a28efa (patch) | |
| tree | 62ab757c015542c1a235d957109aeda692d51a1c /accel-pppd/accel-ppp.conf.5 | |
| parent | b041db6c60fb80846ad6b6770adc3971e41b2194 (diff) | |
| download | accel-ppp-9ec0d6beda4249ca0483e461bd5fb361f7a28efa.tar.gz accel-ppp-9ec0d6beda4249ca0483e461bd5fb361f7a28efa.zip | |
l2tp: Full hidden AVPs support
Add option "hide-avps" in the "l2tp" section for hiding attributes
sent to peer. This same option is also made available on accel-ppp's
command line interface:
accel-ppp# tunnel create tunnel peer-addr 192.0.2.1 hide-avps 1
Attribute hiding is performed upon attribute creation (in the
l2tp_packet_add_*() functions family) rather than upon packet sending.
This avoid running the cipher for every retransmission; the counterpart
is that l2tp_packet_print() can't dump original attributes of hidden
AVPs.
Currently, only one random vector is used for all hidden AVPs in a
packet. This is easily extensible though, as the 'last_RV' field in
struct l2tp_packet_t may be overridden to use new vectors for next
AVPs.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Diffstat (limited to 'accel-pppd/accel-ppp.conf.5')
| -rw-r--r-- | accel-pppd/accel-ppp.conf.5 | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 index 08540215..636fe184 100644 --- a/accel-pppd/accel-ppp.conf.5 +++ b/accel-pppd/accel-ppp.conf.5 @@ -424,6 +424,12 @@ is greater of zero then l2tp module will produce verbose logging. .TP .BI "secret=" string Specifies secret to connect to server. +.TP +.BI "hide-avps=" n +If this option is given and +.B n +is greater than 0, then attributes sent in L2TP packets will be hidden (for +AVPs that support it). .SH [radius] .br Configuration of RADIUS module. |