summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2026-01-25Merge pull request #289 from nuclearcat/release-1.141.14.0Denys Fedoryshchenko
release: 1.14.0
2026-01-24release: 1.14.0Denys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2026-01-24Merge pull request #287 from nuclearcat/remove-nagging-daeDenys Fedoryshchenko
dae-allowed: Remove nagging about making option mandatory
2026-01-24dae-allowed: Remove nagging about making option mandatoryDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2026-01-05Merge pull request #285 from nuclearcat/add-coa-securityDenys Fedoryshchenko
radius: Implement DM/CoA security hardening by restricting source ips
2025-12-23radius: Implement DM/CoA security hardening by restricting source ip addressesDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-15Merge pull request #281 from nuclearcat/fix-acct-cachingDenys Fedoryshchenko
fix(radius): refresh session stats in req_set_stat
2025-12-15fix(radius): refresh session stats in req_set_statDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-13Merge pull request #277 from nuclearcat/minor-rfc2516-complianceDenys Fedoryshchenko
pppoe: Fix RFC2516 non-compilance in PADI tags parsing
2025-12-13Merge pull request #279 from nuclearcat/fix-acctDenys Fedoryshchenko
acct: Fix losing some data on interface down due wrong sequence
2025-12-13fix(accounting): preserve last counters on disconnectDmitriy Eshenko
Ensure accounting values include the most recent traffic sample when a session disconnects, preventing the final interval from being dropped and avoiding under-reported totals in usage/billing. Big thanks Dmitriy Eshenko for patch and testing Author: Dmitriy Eshenko <dmitriy.eshenko@accel-ppp.org> Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-12Merge pull request #275 from nuclearcat/backport-nr-pr-17Denys Fedoryshchenko
Backporting PR#17 from accel-ppp-ng
2025-12-11Merge pull request #274 from nuclearcat/add-docsDenys Fedoryshchenko
docs: Add Radius documentation for ipoe and pppoe
2025-12-11Merge pull request #276 from nuclearcat/fix-cmake-min2Denys Fedoryshchenko
cmake: Bump up minimum version to supress Alpine Linux compile warnings
2025-12-11docs: Add Radius documentation for ipoe and pppoeDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-11pppoe: Fix RFC2516 non-compilance in PADI tags parsingDenys Fedoryshchenko
We currently only break out of the switch, so the for loop keeps parsing tags after TAG_END_OF_LIST (accel-pppd/ctrl/pppoe/pppoe.c: around pppoe_recv_PADI). RFC 2516 (paragraph 5, Tag Types: End-of-List) says an End-of-List tag MAY appear in PADI/PADR and "any TAGs after an End-of-List MUST be ignored." Since we continue processing them, this behavior is technically non-compliant with the RFC. Same in pppoe_recv_PADR. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-10cmake: Bump up minimum version to supress Alpine Linux compile warningsDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-10Minor compile fix, we have only OpenSSL version nowDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-10crypto: Removed CRYPTO_OPENSSL definition.Andrii Melnychenko
OpenSSL is now mandatory. Signed-off-by: Andrii Melnychenko <a.melnychenko@vyos.io>
2025-12-10crypto: Removed internal tomcat crypto.Andrii Melnychenko
Signed-off-by: Andrii Melnychenko <a.melnychenko@vyos.io>
2025-12-07Merge pull request #270 from nuclearcat/static-analyzer-fixesDenys Fedoryshchenko
auth_chap_md5: unused variable, mschap_error likely copy paste error, plain chap dont have errors like mschap
2025-12-07Merge pull request #271 from nuclearcat/sstp-improvementsDenys Fedoryshchenko
Sstp improvements
2025-12-07Merge pull request #272 from nuclearcat/missing-docs-moreDenys Fedoryshchenko
Missing docs more
2025-12-01radius: Improve documentationDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-01ppp: Add missing documentation, improve clarityDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-01pppoe: Add missing documentationDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-01l2tp: Add missing documentationDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-01sstp: Improve documentation about proxy protocolDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-01sstp: Update documentation for missing optionsDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-01sstp: Add config option enum for better code readabilityDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-11-30Merge pull request #269 from nuclearcat/fix-buffer-overflowDenys Fedoryshchenko
l2tp: fix buffer overflow and type errors in Calling/Called Number handling
2025-11-30auth_chap_md5: unused variable, mschap_error likely copy paste error, plain ↵Denys Fedoryshchenko
chap dont have errors like mschap Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-11-28Merge pull request #267 from nuclearcat/fix-ssl-warningsDenys Fedoryshchenko
Suppress OpenSSL 3.0 deprecation warnings for legacy crypto APIs
2025-11-27Merge pull request #268 from nuclearcat/fixup-warningsDenys Fedoryshchenko
fixup! Add RADIUS blast attack protection with Message-Authenticator
2025-11-26l2tp: fix buffer overflow and type errors in Calling/Called Number handlingDenys Fedoryshchenko
Fix issues introduced in 88a2ebdb: - Fix type declaration: uint8_t *calling[254] declared an array of 254 pointers instead of an array of 254 bytes. Remove erroneous asterisks. - Fix buffer overflow vulnerability: L2TP AVP values can be up to 1017 bytes (L2TP_AVP_LEN_MASK - sizeof(avp_header)), but buffers were only 254(*4?) bytes. A malicious packet could cause stack buffer overflow. Use L2TP_AVP_LEN_MASK (1023) for buffer size to handle maximum AVP length. - Remove useless NULL checks: Stack-allocated arrays can never be NULL, causing compiler warnings. The existence check is n > 0 / m > 1. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-11-26fixup! Add RADIUS blast attack protection with Message-AuthenticatorDenys Fedoryshchenko
Not a bug, but to supress warnings. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-11-26Suppress OpenSSL 3.0 deprecation warnings for legacy crypto APIsDenys Fedoryshchenko
We are using similar approach as in other projects, easiest one, but probably in future it will break as soon as this functions will be removed completely. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-11-26Merge pull request #265 from nuclearcat/fix-mempoolDenys Fedoryshchenko
mempool: Fix 32-bit stats
2025-11-26Merge pull request #263 from nuclearcat/raise-cmake-versionDenys Fedoryshchenko
Raised cmake_minimum_required to 3.5
2025-11-26Merge pull request #266 from nuclearcat/docs-ippoolDenys Fedoryshchenko
docs: Improve ippool documentation
2025-11-26docs: Improve ippool documentationDenys Fedoryshchenko
Improve ippool documentation based on users feedback. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-11-26Merge pull request #264 from nuclearcat/cert-doc-updateDenys Fedoryshchenko
docs: Update accel-ppp.conf about certificate configuration
2025-11-23Remove unused definition/struct and functionDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-11-23mempool: Fix 32-bit statsDenys Fedoryshchenko
We are living in 64-bit world long time, so there is very likely mempool stats might overflow past 4GB and report incorrect values. Updated mempool stats to use 64-bit counters so they don’t wrap past 4 GB and print correctly in CLI. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-11-23docs: Update accel-ppp.conf about certificate configurationDenys Fedoryshchenko
This is follow-up for https://github.com/accel-ppp/accel-ppp/pull/238 Adding missing documentation update. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-11-23Merge pull request #238 from socketpair/chainDenys Fedoryshchenko
SSTP: load certificate chain instead of single one
2025-11-23Merge pull request #262 from nuclearcat/add-missing-breakDenys Fedoryshchenko
pppoe: add missing break, ignore vendor-specific tags when parsing PADR
2025-11-23README: Update minimal cmake versionDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-11-23ipoe: Fix flowi4_tos build error on Fedora 6.18Denys Fedoryshchenko
Part of a long-term kernel networking cleanup is the kernel is moving to a strict type called dscp_t. 1)Macros like flowi4_tos are being removed to break compilation of old drivers (like accel-ppp) that treat the field as a raw byte. 2)This forces developers to use the new accessor functions (like ip4_dst_hoplimit or inet_dscp_to_dsfield) ensuring ECN bits are preserved. We need to maintain compatibility with older kernel as well. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-11-23Add printout of kernel version we are building ipoe forDenys Fedoryshchenko
It should look like: [ 99%] Generating driver/ipoe.ko for kernel $(make -s -C ${KDIR} kernelrelease 2>/dev/null || uname -r)" right before the module build Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>