accel-ppp.git - High performance PPTP/L2TP/SSTP/PPPoE/IPoE server for Linux (mirror of https://github.com/accel-ppp/accel-ppp.git)

Age	Commit message (Collapse)	Author
2018-01-09	ipoe: do not create ipoe interface with server's ifindex	Dmitry Kozlov

2018-01-06	sstp: reuse general logging framework	Vladislav Grishenko

2018-01-05	sstp: possible sync ppp mode fix	Vladislav Grishenko

2018-01-05	sstp: fix default max mtu to fit standard 1500 media	Vladislav Grishenko

2018-01-05	ipoe: implemented ipv6 in shared mode	Dmitry Kozlov

2017-12-30	sstp: add generic base for parsing http header values, improve host-name ↵	Vladislav Grishenko
	checking
2017-12-30	sstp: log current SSL mode for reference	Vladislav Grishenko

2017-12-30	sstp: optimize SSL context & config reload handling	Vladislav Grishenko

2017-12-30	sstp: fix obsolete contexts leak	Vladislav Grishenko

2017-12-30	sstp: rework certificate load, fix build issue with some openssl version	Vladislav Grishenko

2017-12-30	sstp: fix va_start/va_end usage on x64 platforms	Vladislav Grishenko

2017-12-30	sstp: http: protect against oversized headers and improve parsing	Vladislav Grishenko

2017-12-30	sstp: implement HTTP host header and TLS SNI checking	Vladislav Grishenko

2017-12-30	sstp: drop ssl_mode_auto_retry, not required afer ↵	Vladislav Grishenko
	7945857927b4cedab365ba86934d771281eeb213
2017-12-30	sstp: use HTTP status code 510 for HTTP method errors	Vladislav Grishenko

2017-12-30	sstp: http: get rid of static reply buffer	Vladislav Grishenko

2017-12-30	sstp: fix eof result of ssl read/write ops although no harm was really happened	Vladislav Grishenko

2017-12-30	sstp: allow colons in cert-hash-* hex values	Vladislav Grishenko
	Simplify copy-pasting from openssl x509 -fingerprint output: Examples: openssl x509 -in cert.pem -noout -fingerprint -sha1 openssl x509 -in cert.pem -noout -fingerprint -sha256
2017-12-30	sstp: use ssl-keyfile option for certificate private key	Vladislav Grishenko
	if not set, fallback to private key in the same ssl-pemfile
2017-12-30	sstp: treat SSL errors as EIO	Vladislav Grishenko

2017-12-30	sstp: keep default ssl ciphers for better compatibility	Vladislav Grishenko

2017-12-30	sstp: allow to prefer server ciphers with ssl-prefer-server-ciphers option	Vladislav Grishenko

2017-12-30	sstp: implement Crypto Binding's Certificate hash & proto checking per 3.3.5.2.3	Vladislav Grishenko
	Warning: config options are changed aligned with general accel-ppp style. Following cases, including no-openssl build are supported: ssl \| ssl-pemfile \| behavior 1 set get both sha1 & sha256 from the certificate 0 set get both sha1 & sha256 from the certificate 0 unset use cert-hash-sha1 and/or cert-hash-sha256 hex options no-openssl use cert-hash-sha1 and/or cert-hash-sha256 hex options cert-hash-sha1 and/or cert-hash-sha256 hex options override certificate's, so it's possible to turn certficate hash verification off with just empty values (default).
2017-12-30	sstp: implement Crypto Binding attr & nonce checking per 3.3.5.2.3	Vladislav Grishenko

2017-12-30	sstp: fix thread crash on certificate-error diconnect	Vladislav Grishenko

2017-12-30	sstp: zero allocated packets, fix non-zero reserved fields	Vladislav Grishenko

2017-12-30	sstp: make sstp great again. simplify ssl handlers, fix crashes, move to ↵	Vladislav Grishenko
	async ppp TODO: accounting/statistics, minimize syscall & memory usage
2017-12-30	sstp: implement ifname option support	Vladislav Grishenko

2017-12-30	sstp: allow 3 nak replies per 3.3.5.2.2	Vladislav Grishenko

2017-12-30	sstp: implement preliminar sstp protocol support	Vladislav Grishenko

2017-12-28	ipoe: check noauth option in [auth] section too	Dmitry Kozlov

2017-12-27	ipoe: include server's mac into weight notify packet to be used as ↵	Dmitry Kozlov
	additional key when weights are equal
2017-12-27	ipoe: implemented new load balancing mechanism	Dmitry Kozlov
	new config options: [ipoe] weight=N - global weight interface=ethX,weight=N - per-interface weight How it works: On reception of DHCPDISCOVER accel-ppp sends broadcast DHCP message to port 67 with same xid and add special vendor-specific option where encodes its current session count multipled by weight. On reception of such message accel-ppp searches session with same xid and compares weight. If received weight is less than session's weight then it terminates this session. per-interface weight=0 has special meaning as backup (fail-over) interface, f.e. it terminates session on any received weight. By default weight based load balancing is disabled. To enable need to specify global or/and per-interface weight.
2017-12-20	shaper: define UINT16_MAX if not set	Dmitry Kozlov

2017-12-19	ipoe: arp: do not reply on requests from 0.0.0.0	Dmitry Kozlov

2017-12-19	ipoe: fixed memory leak	Dmitry Kozlov

2017-12-05	ppp: implement per-ctrl ppp interface rename support, may be overrided by radius	Vladislav Grishenko
	Reuse exsisting radius functionality and allow set iterface name template for pppoe/pptp/l2tp, '%d' specification will be replaced automagically to the next available index by kernel. PPP interface rename allows to easy differ client's interfaces from the other ppp ones, for example, with just netfilter interface rules. Example: [pptp] ifname=pptp%d will produce pptp0, pptp1, ...
2017-12-05	Merge branch 'master' of github.com:xebd/accel-ppp	Dmitry Kozlov

2017-12-05	ipoe: fixed mutex deadlock	Dmitry Kozlov

2017-12-05	Merge pull request #23 from themiron/echo-fixes	xebd
	pptp/l2tp: echo failure improvements
2017-12-05	l2tp: implement adaptive l2tp hello	Vladislav Grishenko
	With incoming l2tp hello there's no need to ask peer for replies in configured hello-interval, so just postpone it. Helps against false-positive echo failures with heavily loaded channels and/or peers.
2017-12-05	pptp: implement adaptive pptp echo	Vladislav Grishenko
	With incoming pptp echo request there's no need to ask peer for replies in configured echo-interval, so just postpone it. Helps against false-positive echo failures with heavily loaded channels and/or peers.
2017-12-05	pptp: fix and allow to disable echo failures counting	Vladislav Grishenko
	Sent echos counter is overloaded with random icmp id, so echo-failure setting is either ignored or causes random pptp channel stops within valid accumulated fail count range, i.e on the the first fail. Since icmp id is not actually used for checking, fix issue by dropping overload. Default echo-failure value is 3, so allow endless echo fails without channel drop by setting echo-failure to 0.
2017-12-05	l2tp: skip obsolete session data packets from logging	Vladislav Grishenko
	After session is freed on our end, kernel doesn't bother with possible incoming data packets and just passes them to userspace, in turn they are mistreated as short control packets with corresponding errors. Since there's no special data packet handling, just ignore them.
2017-12-01	ipoe: check connlimit for UP sessions	Dmitry Kozlov

2017-11-29	ipoe: fixed handling DHCP vendor-specific attributes	Dmitry Kozlov

2017-10-25	ipoe: fixed bug	Dmitry Kozlov
	Assign opt82_ses=ses if shared=0
2017-10-13	improved lua support	Dmitry Kozlov
	Implemented support for lua 5.2/5.3. To build accel-ppp with exact lua version pass it in -DLUA=x.y, for example -DLUA=5.2 (cmake 3.0 is required for this). Old style -DLUA=TRUE supports only 5.1 and does not require cmake 3.0. Also extra lua modules (lua_lpack, lua_bit) took out into separated library luasupp.
2017-10-09	ipoe: more verbose netlink errors	Dmitry Kozlov

2017-09-25	ipoe: introduced interface option mtu=N	Dmitry Kozlov