| Age | Commit message (Collapse) | Author |
|
release: 1.14.0
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
dae-allowed: Remove nagging about making option mandatory
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
radius: Implement DM/CoA security hardening by restricting source ips
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
fix(radius): refresh session stats in req_set_stat
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
pppoe: Fix RFC2516 non-compilance in PADI tags parsing
|
|
acct: Fix losing some data on interface down due wrong sequence
|
|
Ensure accounting values include the most recent traffic sample when a session disconnects,
preventing the final interval from being dropped and avoiding under-reported totals in usage/billing.
Big thanks Dmitriy Eshenko for patch and testing
Author: Dmitriy Eshenko <dmitriy.eshenko@accel-ppp.org>
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Backporting PR#17 from accel-ppp-ng
|
|
docs: Add Radius documentation for ipoe and pppoe
|
|
cmake: Bump up minimum version to supress Alpine Linux compile warnings
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
We currently only break out of the switch, so the for loop keeps parsing tags after TAG_END_OF_LIST (accel-pppd/ctrl/pppoe/pppoe.c: around pppoe_recv_PADI).
RFC 2516 (paragraph 5, Tag Types: End-of-List) says an End-of-List tag MAY appear in PADI/PADR and "any TAGs after an End-of-List MUST be ignored."
Since we continue processing them, this behavior is technically non-compliant with the RFC.
Same in pppoe_recv_PADR.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
OpenSSL is now mandatory.
Signed-off-by: Andrii Melnychenko <a.melnychenko@vyos.io>
|
|
Signed-off-by: Andrii Melnychenko <a.melnychenko@vyos.io>
|
|
auth_chap_md5: unused variable, mschap_error likely copy paste error, plain chap dont have errors like mschap
|
|
Sstp improvements
|
|
Missing docs more
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
l2tp: fix buffer overflow and type errors in Calling/Called Number handling
|
|
chap dont have errors like mschap
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Suppress OpenSSL 3.0 deprecation warnings for legacy crypto APIs
|
|
fixup! Add RADIUS blast attack protection with Message-Authenticator
|
|
Fix issues introduced in 88a2ebdb:
- Fix type declaration: uint8_t *calling[254] declared an array of 254
pointers instead of an array of 254 bytes. Remove erroneous asterisks.
- Fix buffer overflow vulnerability: L2TP AVP values can be up to 1017
bytes (L2TP_AVP_LEN_MASK - sizeof(avp_header)), but buffers were only
254(*4?) bytes. A malicious packet could cause stack buffer overflow.
Use L2TP_AVP_LEN_MASK (1023) for buffer size to handle maximum AVP length.
- Remove useless NULL checks: Stack-allocated arrays can never be NULL,
causing compiler warnings. The existence check is n > 0 / m > 1.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Not a bug, but to supress warnings.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
We are using similar approach as in other projects, easiest one,
but probably in future it will break as soon as this functions
will be removed completely.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
mempool: Fix 32-bit stats
|
|
Raised cmake_minimum_required to 3.5
|
|
docs: Improve ippool documentation
|
|
Improve ippool documentation based on users feedback.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
docs: Update accel-ppp.conf about certificate configuration
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
We are living in 64-bit world long time, so there is very likely mempool
stats might overflow past 4GB and report incorrect values.
Updated mempool stats to use 64-bit counters so they don’t
wrap past 4 GB and print correctly in CLI.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
This is follow-up for https://github.com/accel-ppp/accel-ppp/pull/238
Adding missing documentation update.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
SSTP: load certificate chain instead of single one
|
|
pppoe: add missing break, ignore vendor-specific tags when parsing PADR
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Part of a long-term kernel networking cleanup is the kernel is moving to a strict type called dscp_t.
1)Macros like flowi4_tos are being removed to break compilation of old drivers (like accel-ppp) that treat the field as a raw byte.
2)This forces developers to use the new accessor functions (like ip4_dst_hoplimit or inet_dscp_to_dsfield) ensuring ECN bits are preserved.
We need to maintain compatibility with older kernel as well.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
It should look like:
[ 99%] Generating driver/ipoe.ko for kernel $(make -s -C ${KDIR}
kernelrelease 2>/dev/null || uname -r)" right before the module build
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|