| Age | Commit message (Collapse) | Author |
|---|
|
When accel-ppp is under stress (for example because of massive
disconnections) it may enter a state where no session could be
created or destroyed anymore.
This happens when at least one of the pppd_compat fork() fail. In this
case, the error code path doesn't unlock the sigchld handler, which
prevents it from running the completion callbacks of running scripts.
If the "fork-limit" option is used, failure to call the completion
callback will prevent other scripts from running. This will block
setting up and tearing down sessions, as those will wait indefinitely
for their pppd_compat scripts to run.
Therefore, we have to unlock the sigchld handler when fork() fails.
We also need to call fork_queue_wakeup(), because the previous
check_fork_limit() call already took one reference in the fork limit.
Finally, ev_ses_pre_up() is a bit special because it has to tear the
session down if the ip-pre-up script failed. Therefore it also has to
call ap_session_terminate() upon fork() failures.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
log:
libnetlink: RTNETLINK answers: Invalid argument
ppp0: f7bb00a79ef667d2: failed to set IPv4 address: Invalid argument
ipaddr_add_peer() called only with mask equeal 0 or 32, but w/o
zero-allocated structs it contans garbage in some cases.
so, instead ipaddr_add() was called with wrong mask value.
also, init chap-secrets mask for the same reason.
|
|
Several modules assume that if ses->ipv6 is set, then
ses->ipv6->addr_list contains at least one element. But this is not
true if ipv6 was allocated by the pseudo ipdb backend of ipv6cp
(ipv6cp_opt_intfid.c). That is, if the PPP session only has an
automatic link-local address.
This leads modules like pppd-compat and dhcpv6 to access invalid memory
when trying to retrieve the IPv6 address of a PPP session.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
Missing tab was misleading.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
If the PPP device is set up into a specific network namespace, all the
configuration that goes with it belongs to this same netns. Therefore,
we need to run the up/down scripts in that namespace too.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
The first argument passed to the ip-pre-up script, was mistakenly set
to the value of ip-up.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
|
|
|
|
|
|
If pool specified with /128 prefix length, then initialize intf_id by gw_ip6_address and peer_intf_id by generated pool address.
|
|
|
|
config changes:
[ip-pool]
x.x.x.x/mask,name=pool1
y.y.y.y/mask,name=pool2,next=pool1
|
|
|
|
|
|
Simplify previous commit, if 4th field isn't empty and doesn't
start with reserved chars (*-!), assume it as pool name.
Also, fix build warn without OPENSSL.
|
|
Chap-secrets' ipdb uses 4th field as static peer ipv4 address. With no radius
and multiple same username sessions, it's impossible to use non-default pool
for such sessions.
Abuse chap-secret's 4th field as pool=name to specify session's pool name.
With ippool module loaded after chap-secrets (default order), it will be
used for allocation from the specified poll name.
Compatibility considerations:
* pppd will skip 'pool=*' with warn 'unknown host in auth. address list'
same as 5th field - shaper, because starting from 4th field pppd
parse list of value. so, no new effects here.
* previous versions of accel-ppp will parse 'pool=*' as empty address.
* with no 'pool=*' in chap-secrets or with no chap-secrets loaded, no
behavior change.
* with no ippool loaded, session will get no peer address.
* with ippool loaded before chap-secrets, chap-secrets's ipdb will not
be used, therefore neither ip addess not pool name will has no effect.
* if chap-secrets' pool is invalid or not found, default pool will be
used by ippool or address came from radius.
* chap-secret's pool name might override pool came from radius, if
radius module is loaded after chap-secrets and no address came from
radius.
|
|
|
|
|
|
|
|
|
|
[ppppd-compat]
fork-limit=N
Specifies number of simultaneously running background processes.
|
|
implemented coinfig reload
changed default value of ip-xxx scripts to be NULL (disabled)
|
|
|
|
|
|
tx_bytes and rx_bytes are only used in the ->stop_time branch, so
let's compute them here rather than at the top of the function.
Also, let's replace '4294967296llu' by 'UINT32_MAX + 1', to make it
clear that a gigaword equals 2^32 bytes and is used to keep track of
how many times the 32 bits tx and rx counters have overflowed.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use snprintf() to ensure fill_env() isn't going to overflow 'mem'.
Environment variables are either completely set or not defined at all
(but are never truncated).
For the ipv6 and ipv6_dp cases, the environment variable is now fully
generated with a single format string for simplicity.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Hello,
small patch to avoid gcc -Wformat warnings on Debian x32 where time_t
is "long long" (64-bit signed, to be 2038 safe), not "unsigned long"
(32-bit unsigned) corresponding to "%lu" format strings.
Regards,
Marek
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This patch gets rid of synchronuos style of authentication/accounting.
Synchronous style of authentication/accounting produced sleeping threads
which becomes a problem when lots of sessions started/stopped and all they want authorization/accounting.
|
|
|
|
|
|
|
|
By default list of IP address is serial at startup.
This option shuffles initial IP list so it becomes more random.
|
|
Signed-off-by: Dmitry Kozlov <xeb@mail.ru>
|
|
table
Signed-off-by: Dmitry Kozlov <xeb@mail.ru>
|
|
Use unshare(CLONE_FILES) to create a local file descriptors namespace
for the SNMP thread. This is similar to what was done in bf5340
'net-snmp: run snmp in "special" thread', but without calling clone()
directly. So the net-snmp plugin keeps running in a regular pthread.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
This reverts commit bf5340291badcc631bd855bb924593cd445ecd26.
snmp_thread() needs to be run as regular thread to allow Valgrind
analysis. Using a different namespace for file desciptors will be
done later on using unshare().
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
