summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-01-10Merge branch 'master' of github.com:xebd/accel-pppDmitry Kozlov
2018-01-10Merge pull request #34 from themiron/sstpxebd
sstp: drop unnecessary ssl reinitialization
2018-01-10sstp: drop unnecessary ssl reinitializationVladislav Grishenko
2018-01-10Merge branch 'master' of ssh://git.code.sf.net/p/accel-ppp/codeDmitry Kozlov
2018-01-10Merge branch 'master' of github.com:xebd/accel-pppDmitry Kozlov
2018-01-10Merge pull request #31 from themiron/sstpxebd
sstp support
2018-01-09ipoe: do not create ipoe interface with server's ifindexDmitry Kozlov
2018-01-07Merge branch 'master' of /home/dima/git/accel-pppDmitry Kozlov
2018-01-06cmake: added CPACK_TYPE=Debian9Dmitry Kozlov
2018-01-06cmake: reworked debian related package generation rulesDmitry Kozlov
2018-01-06ipoe_mod: use least byte of hwaddr as hash keyDmitry Kozlov
2018-01-06sstp: reuse general logging frameworkVladislav Grishenko
2018-01-05sstp: add man & readme recordsVladislav Grishenko
2018-01-05sstp: possible sync ppp mode fixVladislav Grishenko
2018-01-05sstp: fix default max mtu to fit standard 1500 mediaVladislav Grishenko
2018-01-05ipoe: implemented ipv6 in shared modeDmitry Kozlov
2017-12-30sstp: add generic base for parsing http header values, improve host-name ↵Vladislav Grishenko
checking
2017-12-30sstp: log current SSL mode for referenceVladislav Grishenko
2017-12-30sstp: optimize SSL context & config reload handlingVladislav Grishenko
2017-12-30sstp: fix obsolete contexts leakVladislav Grishenko
2017-12-30sstp: rework certificate load, fix build issue with some openssl versionVladislav Grishenko
2017-12-30sstp: fix va_start/va_end usage on x64 platformsVladislav Grishenko
2017-12-30sstp: http: protect against oversized headers and improve parsingVladislav Grishenko
2017-12-30sstp: implement HTTP host header and TLS SNI checkingVladislav Grishenko
2017-12-30sstp: drop ssl_mode_auto_retry, not required afer ↵Vladislav Grishenko
7945857927b4cedab365ba86934d771281eeb213
2017-12-30sstp: use HTTP status code 510 for HTTP method errorsVladislav Grishenko
2017-12-30sstp: http: get rid of static reply bufferVladislav Grishenko
2017-12-30sstp: fix eof result of ssl read/write ops although no harm was really happenedVladislav Grishenko
2017-12-30sstp: allow colons in cert-hash-* hex valuesVladislav Grishenko
Simplify copy-pasting from openssl x509 -fingerprint output: Examples: openssl x509 -in cert.pem -noout -fingerprint -sha1 openssl x509 -in cert.pem -noout -fingerprint -sha256
2017-12-30sstp: use ssl-keyfile option for certificate private keyVladislav Grishenko
if not set, fallback to private key in the same ssl-pemfile
2017-12-30sstp: treat SSL errors as EIOVladislav Grishenko
2017-12-30sstp: keep default ssl ciphers for better compatibilityVladislav Grishenko
2017-12-30sstp: allow to prefer server ciphers with ssl-prefer-server-ciphers optionVladislav Grishenko
2017-12-30sstp: implement Crypto Binding's Certificate hash & proto checking per 3.3.5.2.3Vladislav Grishenko
Warning: config options are changed aligned with general accel-ppp style. Following cases, including no-openssl build are supported: ssl | ssl-pemfile | behavior 1 set get both sha1 & sha256 from the certificate 0 set get both sha1 & sha256 from the certificate 0 unset use cert-hash-sha1 and/or cert-hash-sha256 hex options no-openssl use cert-hash-sha1 and/or cert-hash-sha256 hex options cert-hash-sha1 and/or cert-hash-sha256 hex options override certificate's, so it's possible to turn certficate hash verification off with just empty values (default).
2017-12-30sstp: implement Crypto Binding attr & nonce checking per 3.3.5.2.3Vladislav Grishenko
2017-12-30sstp: fix thread crash on certificate-error diconnectVladislav Grishenko
2017-12-30sstp: zero allocated packets, fix non-zero reserved fieldsVladislav Grishenko
2017-12-30sstp: make sstp great again. simplify ssl handlers, fix crashes, move to ↵Vladislav Grishenko
async ppp TODO: accounting/statistics, minimize syscall & memory usage
2017-12-30sstp: implement ifname option supportVladislav Grishenko
2017-12-30sstp: allow 3 nak replies per 3.3.5.2.2Vladislav Grishenko
2017-12-30sstp: implement preliminar sstp protocol supportVladislav Grishenko
2017-12-29ipv6: ignore "unspecified address" (::/128)Dmitry Kozlov
2017-12-28ipoe: check noauth option in [auth] section tooDmitry Kozlov
2017-12-28Merge pull request #30 from themiron/alloca-crashxebd
triton: fix crash due gcc mis-optimization of alloca()
2017-12-28triton: fix crash due gcc mis-optimization of alloca()Vladislav Grishenko
since alloca() result is used indirectly, gcc 4.7.2 thinks the whole call can be dropped on any optimization level.
2017-12-27ipoe,vlan_mon: updated up to kernel 4.14Dmitry Kozlov
2017-12-27ipoe: include server's mac into weight notify packet to be used as ↵Dmitry Kozlov
additional key when weights are equal
2017-12-27ipoe: implemented new load balancing mechanismDmitry Kozlov
new config options: [ipoe] weight=N - global weight interface=ethX,weight=N - per-interface weight How it works: On reception of DHCPDISCOVER accel-ppp sends broadcast DHCP message to port 67 with same xid and add special vendor-specific option where encodes its current session count multipled by weight. On reception of such message accel-ppp searches session with same xid and compares weight. If received weight is less than session's weight then it terminates this session. per-interface weight=0 has special meaning as backup (fail-over) interface, f.e. it terminates session on any received weight. By default weight based load balancing is disabled. To enable need to specify global or/and per-interface weight.
2017-12-27triton: fixed bugs introduced by previous commitDmitry Kozlov
2017-12-26shaper: install ifb filter for all protocolsDmitry Kozlov
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-28 19:01:05 +0000