summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-12-30sstp: fix eof result of ssl read/write ops although no harm was really happenedVladislav Grishenko
2017-12-30sstp: allow colons in cert-hash-* hex valuesVladislav Grishenko
Simplify copy-pasting from openssl x509 -fingerprint output: Examples: openssl x509 -in cert.pem -noout -fingerprint -sha1 openssl x509 -in cert.pem -noout -fingerprint -sha256
2017-12-30sstp: use ssl-keyfile option for certificate private keyVladislav Grishenko
if not set, fallback to private key in the same ssl-pemfile
2017-12-30sstp: treat SSL errors as EIOVladislav Grishenko
2017-12-30sstp: keep default ssl ciphers for better compatibilityVladislav Grishenko
2017-12-30sstp: allow to prefer server ciphers with ssl-prefer-server-ciphers optionVladislav Grishenko
2017-12-30sstp: implement Crypto Binding's Certificate hash & proto checking per 3.3.5.2.3Vladislav Grishenko
Warning: config options are changed aligned with general accel-ppp style. Following cases, including no-openssl build are supported: ssl | ssl-pemfile | behavior 1 set get both sha1 & sha256 from the certificate 0 set get both sha1 & sha256 from the certificate 0 unset use cert-hash-sha1 and/or cert-hash-sha256 hex options no-openssl use cert-hash-sha1 and/or cert-hash-sha256 hex options cert-hash-sha1 and/or cert-hash-sha256 hex options override certificate's, so it's possible to turn certficate hash verification off with just empty values (default).
2017-12-30sstp: implement Crypto Binding attr & nonce checking per 3.3.5.2.3Vladislav Grishenko
2017-12-30sstp: fix thread crash on certificate-error diconnectVladislav Grishenko
2017-12-30sstp: zero allocated packets, fix non-zero reserved fieldsVladislav Grishenko
2017-12-30sstp: make sstp great again. simplify ssl handlers, fix crashes, move to ↵Vladislav Grishenko
async ppp TODO: accounting/statistics, minimize syscall & memory usage
2017-12-30sstp: implement ifname option supportVladislav Grishenko
2017-12-30sstp: allow 3 nak replies per 3.3.5.2.2Vladislav Grishenko
2017-12-30sstp: implement preliminar sstp protocol supportVladislav Grishenko
2017-12-29ipv6: ignore "unspecified address" (::/128)Dmitry Kozlov
2017-12-28ipoe: check noauth option in [auth] section tooDmitry Kozlov
2017-12-28Merge pull request #30 from themiron/alloca-crashxebd
triton: fix crash due gcc mis-optimization of alloca()
2017-12-28triton: fix crash due gcc mis-optimization of alloca()Vladislav Grishenko
since alloca() result is used indirectly, gcc 4.7.2 thinks the whole call can be dropped on any optimization level.
2017-12-27ipoe,vlan_mon: updated up to kernel 4.14Dmitry Kozlov
2017-12-27ipoe: include server's mac into weight notify packet to be used as ↵Dmitry Kozlov
additional key when weights are equal
2017-12-27ipoe: implemented new load balancing mechanismDmitry Kozlov
new config options: [ipoe] weight=N - global weight interface=ethX,weight=N - per-interface weight How it works: On reception of DHCPDISCOVER accel-ppp sends broadcast DHCP message to port 67 with same xid and add special vendor-specific option where encodes its current session count multipled by weight. On reception of such message accel-ppp searches session with same xid and compares weight. If received weight is less than session's weight then it terminates this session. per-interface weight=0 has special meaning as backup (fail-over) interface, f.e. it terminates session on any received weight. By default weight based load balancing is disabled. To enable need to specify global or/and per-interface weight.
2017-12-27triton: fixed bugs introduced by previous commitDmitry Kozlov
2017-12-26shaper: install ifb filter for all protocolsDmitry Kozlov
2017-12-26move version message to topDmitry Kozlov
2017-12-26get rid of deprecated readdir_rDmitry Kozlov
2017-12-26reworked context prioritiesDmitry Kozlov
Introduced 4 priorities: 0 - management (cli) 1 - starting sessions (default priority) 2 - active sessions 3 - finishing sessions
2017-12-26shaper: install skbedit filter for all protocolsDmitry Kozlov
2017-12-25ipv6: implemented special handling of /128 prefixesDmitry Kozlov
If prefix length is 128 then send RA with 64 prefix length and add point-to-point ipv6 address on interface
2017-12-25ipv6pool: added gw-ip6-address option and special handling for /128 prefixesDmitry Kozlov
If pool specified with /128 prefix length, then initialize intf_id by gw_ip6_address and peer_intf_id by generated pool address.
2017-12-25libnetlink: added ip6addr_add_peer functionDmitry Kozlov
2017-12-21radius: allocate memory for string attributesDmitry Kozlov
2017-12-20shaper: define UINT16_MAX if not setDmitry Kozlov
2017-12-20ippool: fixed parsing /32 rangesDmitry Kozlov
2017-12-19ipoe: arp: do not reply on requests from 0.0.0.0Dmitry Kozlov
2017-12-19ipoe: fixed memory leakDmitry Kozlov
2017-12-15ipoe: rename HASH_BITS -> IPOE_HASH_BITSDmitry Kozlov
2017-12-15ipoe,vlan_mon: define RHEL_MAJOR=0 if not setDmitry Kozlov
2017-12-15cmake: added centos supportDmitry Kozlov
2017-12-15ipoe, vlan_mon: implemented support for centos 3.10 kernelDmitry Kozlov
2017-12-14Merge pull request #27 from themiron/ppp-ifnamexebd
ppp: fix interface rename if kernel returns not zero, but picked index
2017-12-14ppp: fix interface wildcard rename if kernel returns not zero, but picked indexVladislav Grishenko
2017-12-14ippool: implemented next pool supportDmitry Kozlov
config changes: [ip-pool] x.x.x.x/mask,name=pool1 y.y.y.y/mask,name=pool2,next=pool1
2017-12-14radius: fixed memory leakDmitry Kozlov
2017-12-07pppd_compat: mark session started if ip-up handler calledDmitry Kozlov
2017-12-07pppd_compat: fixed bug caused fork queue to stallDmitry Kozlov
2017-12-07cmake: set INSTALL_RPATH for radius moduleDmitry Kozlov
2017-12-07Merge pull request #26 from themiron/chap-ippoolxebd
chap-secrets: add pool name support
2017-12-07chap-secrets: assume 4th field as pool nameVladislav Grishenko
Simplify previous commit, if 4th field isn't empty and doesn't start with reserved chars (*-!), assume it as pool name. Also, fix build warn without OPENSSL.
2017-12-06Merge pull request #25 from themiron/ppp-ifnamexebd
ppp: implement per-ctrl ppp interface rename support
2017-12-06chap-secrets: allow to use pool name instead of address to specify ipv4 poolVladislav Grishenko
Chap-secrets' ipdb uses 4th field as static peer ipv4 address. With no radius and multiple same username sessions, it's impossible to use non-default pool for such sessions. Abuse chap-secret's 4th field as pool=name to specify session's pool name. With ippool module loaded after chap-secrets (default order), it will be used for allocation from the specified poll name. Compatibility considerations: * pppd will skip 'pool=*' with warn 'unknown host in auth. address list' same as 5th field - shaper, because starting from 4th field pppd parse list of value. so, no new effects here. * previous versions of accel-ppp will parse 'pool=*' as empty address. * with no 'pool=*' in chap-secrets or with no chap-secrets loaded, no behavior change. * with no ippool loaded, session will get no peer address. * with ippool loaded before chap-secrets, chap-secrets's ipdb will not be used, therefore neither ip addess not pool name will has no effect. * if chap-secrets' pool is invalid or not found, default pool will be used by ippool or address came from radius. * chap-secret's pool name might override pool came from radius, if radius module is loaded after chap-secrets and no address came from radius.
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-01 18:26:51 +0000