| Age | Commit message (Collapse) | Author |
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
When sending accounting STOP requests, the timer callback was
incorrectly set to the START timeout handler. This caused stop
retries to follow the wrong termination path.
Also clear rpd->acct_req before freeing on stop timeout/shutdown
failures to avoid leaving a stale pointer.
This bug is very nasty, revealed during stress tests, leading to
memory corruption and other bad stuff when there is noticeable
loss of radius "Stop" packets.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
|
|
|
|
Replaced Linux-specific headers with their net counterparts.
|
|
Replaced conditional inclusion of if_arp.h and if_packet.h with direct includes.
|
|
|
|
Removed checks for __free_fn_t and good ifarp in CMakeLists.txt.
|
|
Removed check for printf.h and related definitions.
|
|
Removed conditional inclusion of printf.h.
|
|
Situation is a bit complex. Even one problem we fix easily,
such as saving server as variable, rad_req_free might free
server in theory, and s will be invalid.
This is a bit of rewrite, but proper fix.
Fixes problem in 2 functions.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Actually 3 fixes in same place:
INTEGER: size mismatch now breaks instead of falling through - a malformed INTEGER attribute is rejected rather than silently parsed with a wrong size
INTEGER/DATE split: each case has its own break, no more fallthrough
DATE: strictly requires len == 4 (per RFC 2865), warns and skips otherwise instead of silently accepting 1 or 2-byte dates
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
This check left old, relevant to mmap, migrate to proper check.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Also fix small typo.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
When parsing vendor-specific attributes (type 26),
the code reads internal structure without checking that the attribute data is long enough.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
ppp init might fail due malloc failure, missing or invalid runtime state, failure to setup
resources (sockers, timers, handler registration), etc.
This is quite unlikely now, but some floating(hard to catch) bugs says
better to be safe than sorry.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Initialized the ifreq in destablish_ppp to avoid the uninitialized-struct
warning before use.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
It was a micro-optimization to skip taking the mutex when uc_size was 0.
But because uc_size isnt atomic and wasnt read under the lock, it created a TOCTOU window.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
|
|
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
|
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
release: 1.14.0
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
dae-allowed: Remove nagging about making option mandatory
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
radius: Implement DM/CoA security hardening by restricting source ips
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
fix(radius): refresh session stats in req_set_stat
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
pppoe: Fix RFC2516 non-compilance in PADI tags parsing
|
|
acct: Fix losing some data on interface down due wrong sequence
|
|
Ensure accounting values include the most recent traffic sample when a session disconnects,
preventing the final interval from being dropped and avoiding under-reported totals in usage/billing.
Big thanks Dmitriy Eshenko for patch and testing
Author: Dmitriy Eshenko <dmitriy.eshenko@accel-ppp.org>
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Backporting PR#17 from accel-ppp-ng
|
|
docs: Add Radius documentation for ipoe and pppoe
|
|
cmake: Bump up minimum version to supress Alpine Linux compile warnings
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
We currently only break out of the switch, so the for loop keeps parsing tags after TAG_END_OF_LIST (accel-pppd/ctrl/pppoe/pppoe.c: around pppoe_recv_PADI).
RFC 2516 (paragraph 5, Tag Types: End-of-List) says an End-of-List tag MAY appear in PADI/PADR and "any TAGs after an End-of-List MUST be ignored."
Since we continue processing them, this behavior is technically non-compliant with the RFC.
Same in pppoe_recv_PADR.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
OpenSSL is now mandatory.
Signed-off-by: Andrii Melnychenko <a.melnychenko@vyos.io>
|
|
Signed-off-by: Andrii Melnychenko <a.melnychenko@vyos.io>
|
|
auth_chap_md5: unused variable, mschap_error likely copy paste error, plain chap dont have errors like mschap
|
|
Sstp improvements
|
|
Missing docs more
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|
|
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
|