| Age | Commit message (Collapse) | Author |
|---|
|
T72: Fix compilations warnings for unaligned variable access
|
|
Add missing dhcp end option on dhcp notify packet
|
|
- IPoE/DHCP4: Specify minimal suitable alignment explicitly.
We need to guarantee 2 byte alignment for the `hdr` pointer in
`ip_csum(uint16_t *buf)` calculation
- PPPOE: Suppress false-positive warning for `sockaddr_pppox`.
Similiar issue: https://github.com/kernelslacker/trinity/pull/40
- Introduce tmp variables to avoid alignment issues for SSTP/DHCPv6
For additional details:
https://phabricator.accel-ppp.org/T72
Signed-off-by: Volodymyr Huti <v.huti@vyos.io>
|
|
Add liblua dependency for DEB packages
|
|
|
|
add tests and ci workflow for running tests
|
|
ci: add build jobs (Github CI)
|
|
|
|
This commit adds tests (using python3 pytest framework):
1. Test basic accel-cmd commands (show version, show stat, etc)
2. Test ipoe shared session up (dhcpv4) without radius
3. Test pppoe discovery (without PADO delay)
4. Test pppoe discovery (without PADO delay)
5. Test pppoe session up (ipv4) without radius
6. Test vlan creation using vlan-mon (pppoe)
These tests require external utils. Please read tests/README.md how to setup
environment, how to run the tests and how to generate coverage report
Also, run-tests.yml contains step-by-step instruction how to run the tests
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
Added build on:
1. Ubuntu 20.04, 22.04 (github runners)
2. Ubuntu 18.04, 20.04, 22.04 (in official containers from dockerhub)
3. Debian 10, 11, 12 (in official containers from dockerub)
Build jobs do:
1. Build (cmake, make)
2. Packaging (cpack)
3. Install
4. Run
5. Check using 'show stat' command
6. Upload built .deb package as artifact
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
accel-cmd: add macos compatibility
|
|
MacOS socket does not support SOCK_CLOEXEC. This patch uses fcntl
with FD_CLOEXEC instead of using SOCK_CLOEXEC in socket() call
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
sstp: T69: Add timer befor context wakeup to preevent segfault
|
|
|
|
Fix ipv6 inside netns
|
|
This commit proposes to modify the log message in dhcpv6.c to include
the correct file name. It avoids confusion when reading the logs
|
|
T60: Implement configurable session-timeout param for all connection …
|
|
This fix allow to create the socket inside the netns for ipv6-dhcp module.
|
|
ipv6 auto-configuration generate error when link is
terminated inside netns. The error message is :
"ipv6_nd: setsockopt(SO_BINDTODEVICE): No such device"
This error is generated because socket is not created inside
the netns but it’s created in the default netns.
This fix allow to create the socket in the right place.
to propose this fix, i was inspired by :
issue : https://phabricator.accel-ppp.org/T68
commit : https://github.com/accel-ppp/accel-ppp/commit/f1d616d91914be493b6a32a96323fa871733f8e0
|
|
Per https://datatracker.ietf.org/doc/html/rfc1334#section-2.2.1:
Implementation Note: Because the Authenticate-Ack might be
lost, the authenticator MUST allow repeated Authenticate-
Request packets after completing the Authentication phase.
Protocol phase MUST return the same reply Code returned when
the Authentication phase completed (the message portion MAY be
different). Any Authenticate-Request packets received during
any other phase MUST be silently discarded.
|
|
|
|
Fine tune commit 39a9eb807ade35cf60edc6f2e209ed74ba1d262f
|
|
|
|
|
|
Use helper method to set ipoe device function
|
|
|
|
add switch to disable sending NAS-Port-Id
|
|
T22: connection limit for non-shared interfaces by interface index
|
|
Bugfixes
|
|
This patch introduces nas-port-id-in-req switch to disable sending
NAS-Port-Id attribute in radauth and radacct messages. New switch
might be useful if radius server cannot properly handle this
attrubite.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
Replace Cyrillic char
|
|
here is the structure of CHAP challenge message for PPP:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value-Size | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Name ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
When sending a CHAP challenge, accel-ppp set NAME to NULL. According to
RFC 1994 (PPP CHAP), this field should neither be NULL nor be equal to
CR/LF. As ixia does not recognize AUthentication packet when this field
is NULL, we set it to "accel-ppp" by default.
In MS-CHAPv1 and MS-CHAPv2, authenticator does not provide information
in Name field.
Signed-off-by: Gabriel Jeanneau <gabriel.jeanneau@6wind.com>
|
|
When using pppd_compat module, accel-ppp crash with SIGBUS on
spin_lock(&t->ctx->lock) of timer_thread.
When a moduile call triton_timer_del, fd are close without taking into
account epoll function and without removing from polled fd list.
File descriptor are removed from polled fd list and then close in
timer_thread avoiding use after free.
Fixes: 5bac5a2edb7b ("rewriting triton library...")
Signed-off-by: Gabriel Jeanneau <gabriel.jeanneau@6wind.com>
|
|
When receiving IPCP packet on channel handler, check unit handler to
avoid sending a LCP Protocol Reject because ppp unit has not been
created yet.
This patch allows accel-ppp to handle higher pressure (handle 300
connections per second).
Signed-off-by: Gabriel Jeanneau <gabriel.jeanneau@6wind.com>
|
|
CMAKE_FIND_ROOT_PATH variable is a list of pathes used by CMAKE to find
packages and library for compilation.
It should not be used for installation as :
- it is a list
- it points to staging folder of packaging tools.
So let's use a more standard CMAKE code to make sure
files and folders are actually installed in target destination.
Signed-off-by: Gabriel Jeanneau <gabriel.jeanneau@6wind.com>
Signed-off-by: Stéphane Gonauer <stephane.gonauer@6wind.com>
|
|
Fixed typos in help
|
|
fix buffer overflow when receive radius packet
|
|
Added support for binding device name for radius request and DM/CoA server.
|
|
Check if ipv6 dp pool is available before reply
|
|
|
|
This patch fixes buffer overflow if radius packet contains invalid atribute length
and attrubute type from the following list: ipv4addr, ipv6addr, ipv6prefix or ifid
Reported-by: Chloe Ong
Reported-by: Eugene Lim <spaceraccoon@users.noreply.github.com>
Reported-by: Kar Wei Loh
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
|
|
|
|
New configuration format:
[radius]
server=address,secret[,auth-port=1812][,acct-port=1813][,vrf=VRF_NAME][,req-limit=0][,fail-timeout=0,max-fail=0,][,weight=1][,backup]
dae-server=x.x.x.x:port,secret[,vrf=VRF_NAME]
By default, VRF name is undefined.
|
|
T55: add netlink buffer size configuration parameters
|
|
T57: use readlink exe_buf to determine correct program name after res…
|
|
|
|
Netlink buffers may overflow so it might be useful to increase send and receive
netlink buffer sizes.
Two parameters to [common] configuration section added: nl-rcv-buffer,
nl-snd-buffer.
It is required to set (sysctl) net.core.wmem_max>=nl-snd-buffer and
net.core.rmem_max>=nl-rcv-buffer before running accel-pppd
To check current netlink buffer size and related info use the following command:
% ss -f netlink -m
0 0 rtnl:kernel * skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)
0 0 rtnl:-1140221812 * skmem:(r0,rb2048000,t0,tb80000,f0,w0,o0,bl0,d0)
0 0 rtnl:accel-pppd/14285 * skmem:(r0,rb2048000,t0,tb65536,f0,w0,o0,bl0,d0)
...
(Please check man ss to get the meaning for r,rb,t,tb,f,w,o,bl and d params)
In the ss output you will see the values doubled from configured.
First accel-pppd netlink socket will use default values (rcv=1048576, snd=32768)
regardless of configured nl-rcv-buffer and nl-snd-buffer values.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
T54: Use get_stats function to prevent garbage in counters
|
