| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Reuse exsisting radius functionality and allow set iterface name
template for pppoe/pptp/l2tp, '%d' specification will be replaced
automagically to the next available index by kernel.
PPP interface rename allows to easy differ client's interfaces from
the other ppp ones, for example, with just netfilter interface rules.
Example:
[pptp]
ifname=pptp%d will produce pptp0, pptp1, ...
|
|
pptp/l2tp: echo failure improvements
|
|
With incoming l2tp hello there's no need to ask peer for
replies in configured hello-interval, so just postpone it.
Helps against false-positive echo failures with heavily
loaded channels and/or peers.
|
|
After session is freed on our end, kernel doesn't bother with possible
incoming data packets and just passes them to userspace, in turn
they are mistreated as short control packets with corresponding errors.
Since there's no special data packet handling, just ignore them.
|
|
new config option:
[common]
max-sessions=N
If set then accel-pppd stops reply to new connection requests if total number of sessions (active and starting) is reached specified limit.
|
|
This reverts commit 88a908974b0b2e9c7eee8ad9a8b0b4432e95d167.
|
|
new config option:
[common]
max-sessions=N
If set then accel-pppd stops reply to new connection requests if total number of sessions (active and starting) is reached specified limit.
|
|
This reverts commit 9ea88bac7d5bf8fc5cf2d5f7d0a734ec7a9e6df6.
|
|
new config option:
[common]
max-sessions=N
If set then accel-pppd stops reply to new connection requests if total number of sessions (active and starting) is reached specified limit.
|
|
There are three different triton contexts that use l2tp_ctx_switch() as
their ->before_switch callback (main UDP server, L2TP control and L2TP
data).
In UDP server and L2TP control contexts, l2tp_ctx_switch() is called
with 'arg' == NULL. Only L2TP data contexts pass an ap_session pointer.
So we have to check 'arg' before setting 'net' or accel-ppp would
segfaults.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
This is done using radius attribute NAS-Port-Id. The new format of this attribute is NAS-Port-Id=[ns/][name].
Namespaces must be created malually by "ip netns add ..." command
|
|
Move warning messages to PPTP and L2TP modules. No other module
actually uses iprange, so it's perfectly valid to disable it, or at
least to not configure any range, when PPTP and L2TP aren't used.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
|
|
|
|
Wait for a full retransmission cycle after reception of a StopCCN.
Introduce STATE_FIN_WAIT to identify tunnels which have received a
StopCCN but are waiting for the disconnection timer to expire.
A tunnel can go from STATE_FIN (i.e. StopCCN has been sent, waiting for
acknowledgement) to STATE_FIN_WAIT (i.e. StopCCN has been received,
waiting for full retransmission cycle), but not the other way around.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
* Set default retransmission timeout to 1 second. Since we now have
exponential backoff, we can afford a smaller value.
* Add the rtimeout-cap option to set the maximum value the
retransmission timer has to respect during exponential backoff.
* Store the maximun number of retransmissions in tunnel's structure
(like other retransmission parameters).
* Describe all these changes in man page and reset them to their
default values if they're removed from configuration file before a
reload.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Rework the l2tp_rtimeout() callback, so that time between
retransmissions expands exponentially. This allows for faster
retransmissions without without overwhelming the peer.
A cap is set on the maximum retransmission time. For now it is set to
16 seconds.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
If a peer needs to disconnect a session for which it didn't receive
any reply, it sends a CDN with no Session ID. In this case, the
Assigned Session ID AVP is the only data that can be used to find out
which session has to be closed. Though it isn't supported for now,
let's accept and ack these messages. Session will be deleted on our
side thanks to the establishment timer.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Add the recv-window option in accel-ppp.conf.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Add a fixed length receive queue to tunnels and adverdise its length to
the peer using the Receive Window Size AVP.
Incoming message handling is modified as follow:
-Read as much messages as possible and store them in the receive queue.
Messages are stored in order, based on their sequence number. Messages
not fitting into the queue are discarded (doesn't happen if peer
respects our Receive Window AVP). This is the job of the new
l2tp_tunnel_store_msg() function. It also automatically finds out if
there are new messages to acknowledge.
-Once all incoming messages have been read, free acknowledged packets
from retransmission queue (based on the highest received
acknowledgement number).
-Then process messages in the receive queue. This is done by
l2tp_tunnel_reply(). Each packet is processed by
l2tp_{tunnel,session}_recv() (or dropped in some particular cases).
The send queue is then pushed. If there's no message in the send
queue and an acknowledgement is necessary, a ZLB is sent instead.
-Finally, detect if the peer has acknowledged a StopCCN. There are
three components to this test:
-Have we tried to send a StopCCN? Check with tunnel's state.
-Has the StopCCN been pushed on the network? Check with tunnel's
send queue.
-Has the peer acknowledged the StopCCN? Check with tunnel's
retransmission queue.
For now, l2tp_tunnel_store_msg() doesn't perform fast retransmissions.
So l2tp_retransmit() is removed.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use stacked error labels for better extensibility.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Refuse to create new sessions when the local send queue is bigger than
the peer's receive window (i.e. when there are already more outstanding
messages than what the peer can currently accept). Only sessions
initiated locally are affected, session requests from the peer are
still handled normally.
This avoids adding useless presure on the sending window when many
sessions are created locally. If sessions were created, they'd add
many ICRQ or OCRQ messages in the send queue and we'd have to wait for
all these messages to be sent before being able to reply to messages
from the peer.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Store the Receive Window Size AVP sent by peer and respect it when
sending messages. That is, stop sending messages from send queue once
the number of unacknowledged messages is higher than peer's receive
window.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Add a per session send queue. Messages sent by a session are added to
both tunnel and session queues. This allows sessions to remove their
unsent messages from tunnel's send queue before they disconnect.
The same approach is used for tunnels. Before disconnecting, they clear
their send queue to avoid sending useless messages.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Modify return value of l2tp_tunnel_push_sendqueue() to inform the
caller if a message has been sent or if the queue was empty. This
information, let l2tp_conn_read() automatically acknowledge
received messages using a ZLB when there's no response to send.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Stop checking for l2tp_{tunnel,session}_send() return values.
These functions now always succeed, unless the session or tunnel is
closing (in which case packet is automatically dropped and caller
doesn't need to take any special action).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Don't send messages immediately, store them in conn->send_queue
instead, so we have control over how many and when messages are
sent on the network. Once a message is sent, it's removed from
the send queue and added to the retransmission queue.
Retransmission queue is automatically updated based on acknowledgements
received from peer.
For now, packets in the send queue are pushed on the network after
each incoming packet processing. So functions called by l2tp_conn_read()
don't have to call l2tp_tunnel_push_sendqueue().
Other functions (e.g. triton callbacks) have to manually push packets
out of the send queue.
The same applies for disconnection. The l2tp_tunnel_disconnect_push()
and l2tp_session_disconnect_push() functions have been defined for use
in functions that don't call l2tp_tunnel_push_sendqueue() automatically.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Remove message type switch from l2tp_conn_read(). Define
l2tp_tunnel_recv() instead to handle tunnel specific messages.
The Session ID field in L2TP control messages is used to determine if
packet is tunnel or session oriented.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Let l2tp_tunnel_disconnect() delete the tunnel when an error occurs.
Return an int to indicate if conn has been deleted.
Most callers are compatible with this new behaviour, either because
they never use the tunnel after disconnection or because they hold
a reference on the tunnel.
A few callers need to be adapted though:
-l2tp_conn_close() calls l2tp_tunnel_disconnect() to properly inform
the peer of tunnel disconnection. But it also deletes the tunnel
immediately, no matter if StopCCN message was sent or not. Since
l2tp_conn_close() doesn't hold a reference on the tunnel, care must
be taken not to access the tunnel if it was deleted by
l2tp_tunnel_disconnect().
Since immediate deletion isn't required, the l2tp_tunnel_free() call
is simply removed. The normal disconnection process is now followed,
with detection and retransmission of lost messages, acknowledgment
handling, etc.
-situation is similar for l2tp_tunnel_timeout() and handled in the
same way.
This patch also deletes tunnel's sessions, as well as the establishment
and hello timers. These are of no use once the tunnel enters the
disconnection process.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Now that l2tp_tunnel_free() can be called directly inside the main
reception loop, let l2tp_recv_StopCCN() delete the tunnel itself.
This avoids special handling in l2tp_conn_read().
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Let functions launched by l2tp_conn_read() delete the tunnel. This is
done by taking a reference on conn to ensure it'll remain a valid
tunnel, even after calling l2tp_tunnel_free(conn).
l2tp_conn_read() now detects if conn got deleted, so that we know if
the tunnel still holds a reference to itself. If it doesn't,
tunnel_put() may free the tunnel and thus the triton handler we're
running from. So we have to return -1 in this case.
l2tp_tunnel_free() also needs to be modified: it can't safely close
conn->hnd.fd anymore. Since l2tp_conn_read() relies on conn->hnd.fd
being a valid file descriptor, closing it inside the reception loop
would break this assumption in next iteration.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Upon failure, l2tp_recv_SCCRP() and l2tp_recv_SCCCN() disconnect their
tunnel, which is then immediately deleted by l2tp_conn_read(). Deleting
the tunnel isn't necessary at this stage and prevents retransmission of
the disconnection message if it gets lost. Same applies to unknown
message types with M bit set.
This path avoids immediate tunnel deletion, thus allowing the
disconnection process to handle acknowledgments from peer and to
retransmit messages if necessary.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Re-use the Session ID selection algorithm for generating Tunnel IDs.
When a peer always uses the same source port for establishing tunnels,
and if ephemeral ports aren't activated (default), then Tunnel IDs are
the only way to identify tunnels. Using ramdom Tunnel IDs then
minimises the risk of re-using IDs of half-closed tunnels (i.e. tunnels
closed locally, but still existing on the peer side).
As a minor side effect, the maximum value of a Tunnel ID is now
2^16 - 1.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Don't give up immediately when generating a new Session ID fails. Keep
trying until a valid Session ID is found. Abort when the number of
attempts exceeds the number of valid Session IDs.
This is derived from algorithm 3 of RFC 6056 (Port Randomization
Recommendations). Other algorithms may be used later on if need be.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
* Add "secret" to the list of options accepted by the
"l2tp create tunnel" command.
* Display one option per line to avoid too long help message.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Replace cli_sendv by cli_send where possible.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Verify tunnel or session states before handling HELLO, StopCCN and CDN
messages.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
WEN and SLI messages carry session specific data and should be handled
by the session rather than by the tunnel. Session's state can now be
checked before accepting these message types.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
l2tp_conn_read() already has code to free received packets. Let
l2tp_session_recv() take advantage of it.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Ease log file analysis by explicitely logging which L2TP control
channel carries a given data channel (PPP).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use a syntax closer to the one used by log_session() in order to ease
grep searching in log files.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Tunnel and session establishment timers should to be unset after they
expire. Otherwise, they may uselessly expire again while disconnection
is performed.
While here, rename l2tp_timeout() to l2tp_tunnel_timeout() for
consistency with its session counterpart.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
* missing space char (l2tp_send_StopCCN)
* missing new line char (l2tp_tunnel_create_session)
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Compute control channel statistics for L2TP sessions and report them
in the "show stat" command.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Report tunnel statistics with the "show stat" command.
Statistics are updated upon tunnel state modifications. Setting the
STATE_ESTB state is centralised in l2tp_tunnel_connect() to ensure
the tunnel state remains synchronised with the statistics even when
errors occur.
While there, connect tunnels after sending SCCCN and stop tunnel
establishment timer as soon as l2tp_tunnel_connect() is called (so
that it'll be deleted even upon failure).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Since launching L2TP sessions doesn't require to create a new context
anymore, the only purpose of l2tp_tunnel_start_session() is to start
the session establishment timer. This patch let the session startup
functions handle this timer, so that sessions aren't started by a
function pointer anymore. Direct access to the session startup function
also let the caller handle startup failures using its existing error
handling path.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
* l2tp_session_disconnect() now always succeeds.
* l2tp_tunnel_cancel_session() now can be replaced by
l2tp_session_free().
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
