| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
address and mask if radius can assign only client address
|
|
|
|
|
|
|
|
Fix indentation of sections 'log' and 'ip-pool'.
Remove space before comma in section 'chap-secret/username-hash'.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Add two options to the 'l2tp create tunnel' command:
* 'peer-port' allows to specify the destination port of the
SCCRQ packet (instead of standard port 1701). This allows
to connect to a peer listening on a non standard port.
* 'host-port' allows to specify the source port of the SCCRQ
packet (instead of an arbitrary free port).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Define option 'use-ephemeral-ports' for accel-ppp.conf. When set
to 0, this option deactivates the use of ephemeral ports. That is,
accel-ppp won't choose an arbitrary source port when replying to a
tunnel establishment request, but will use the SCCRQ's destination
port instead.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Commit 05bb6859 "pptp,l2tp: bind to port options" assigns fixed source
port for every L2TP tunnel. This removes support for ephemeral ports
(as described in RFC 2661 section 8.1) and statically sets the source
port when accel-ppp initiates tunnel connections.
This patch reverts to the previous behaviour (automatic source port
selection) while keeping the ability to listen for incoming
connections on a port different from 1701 (which was the purpose of
commit 05bb6859).
Support for disabling usage of ephemeral ports and for manual port
selection upon tunnel creation will be added later on by means of
configuration options.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
This variable doesn't need to be visible outside of its
compilation unit.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
|
|
|
|
|
|
default)
|
|
|
|
|
|
|
|
Allocate space for the terminationg null byte, to avoid truncating
PPP channel name.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
* Stop daemon upon halt and reboot
* Protect the ACCEL_PPPD_OPTS variable in the existence check to
allow space charaters.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
|
|
|
|
|
|
Since multiple sessions may be created in each tunnel, a client may
bypass the connlimit module by creating many sessions in an existing
tunnel (connlimit is only used upon reception of SCCRQ messages).
This patch adds connlimit checks when handling session creation requests
(ICRQ and OCRQ) so that connection limits get enforced in every case.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use the number of available processors to set the thread-count
option if not given in configuration file.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Define l2tp_packet_add_int64() to create attributes of 64 bits long
integers.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Set Challenge attribute using a random length so that its size can't
be guessed when hide-avps is on.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Add option "hide-avps" in the "l2tp" section for hiding attributes
sent to peer. This same option is also made available on accel-ppp's
command line interface:
accel-ppp# tunnel create tunnel peer-addr 192.0.2.1 hide-avps 1
Attribute hiding is performed upon attribute creation (in the
l2tp_packet_add_*() functions family) rather than upon packet sending.
This avoid running the cipher for every retransmission; the counterpart
is that l2tp_packet_print() can't dump original attributes of hidden
AVPs.
Currently, only one random vector is used for all hidden AVPs in a
packet. This is easily extensible though, as the 'last_RV' field in
struct l2tp_packet_t may be overridden to use new vectors for next
AVPs.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Define and export the u_randbuf() function that fills a buffer with
random data.
Convert L2TP's challenge generation code for using it.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Decode hidden AVPs on reception. This is transparent for functions in
l2tp.c (except for the presence of the Random Vector AVP).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Secret length is used quite often especially when handling hidden AVPs.
Store conf_secret length together with conf_secret to avoid calling
strlen(conf_secret) every time.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Received attributes of type ATTR_TYPE_INT64 are transferred to upper
layer in network byte order while any other integer type uses host
byte order.
This patch converts int64 values to host byte order so that they can be
used like other integer types.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
When adding a string AVP to an L2TP packet, the attribute value is
allocated and set using strdup(). There's no need to memcpy() it
again afterwards.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
Use "info2" log messages to inform about packets sent or processed.
For HELLO and ZLB messages, the log level is set to "debug" as these
are transmitted quite often and don't bring much information (this same
logging policy is used for logging packets when conf_verbose is on).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Log message for any packet retransmission action using log_tunnel()
and level "info2".
Remove l2tp_conn_log() since it is no longer used.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Add a log message (warn level) for any discarded message type.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
