| Age | Commit message (Collapse) | Author |
|---|
|
Co-authored-by: Sergey V. Lobanov <svlobanov@users.noreply.github.com>
Co-authored-by: Vladislav Grishenko <themiron@users.noreply.github.com>
|
|
3.3.2.1 Negotiation Timer
When establishing the SSTP connection, the SSTP server starts the negotiation timer.
2. After sending the Call Connect Acknowledge message, if the server does not receive a Call
Connected message before the Negotiation timer expires then it MUST send a Call Abort message
and start the process of bringing down (disconnecting) the connection. The server MAY implement
different timer values for the Call Connected message and the Call Connect Request message.
3.3.7.1 Server-Side Interface with PPP
When the server receives a PPP data frame from the PPP layer, the server MUST perform the
following steps:
* If CurrentState is set to Server_Call_Connected: Generate an SSTP data
packet (section 2.2.3) with the PPP frame as the higher-layer payload and send the packet to
the HTTPS layer.
* Else, drop the PPP frame.
sstp-client is known to be broken, it doesn't send SSTP_MSG_CALL_CONNECTED with
PAP and CHAP-MD5 auth, no network data flow and disconnect by negotiation timer
is expected.
|
|
If you move an interface into a namespace where there is alreay an
interface with the same index, the moved interface will get a new index
assigned to it. We need to update our data structure accordingly.
Signed-off-by: Simon Chopin <s.chopin@alphalink.fr>
|
|
Let callers set a gateway and a priority to IPv6 routes. This is
necessary for implementing the RADIUS Framed-IPv6-Route attribute.
Also let ip6route_del() configure .rtm_protocol. This is already
implemented in ip6route_add(), so we need to add the ip6route_del()
counterpart. Otherwise, we couldn't delete routes that were added using
a non-zero protocol.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reuse exsisting radius functionality and allow set iterface name
template for pppoe/pptp/l2tp, '%d' specification will be replaced
automagically to the next available index by kernel.
PPP interface rename allows to easy differ client's interfaces from
the other ppp ones, for example, with just netfilter interface rules.
Example:
[pptp]
ifname=pptp%d will produce pptp0, pptp1, ...
|
|
|
|
to get radius object use session:module("radius") function
radius object provides flollowing functions:
radius:attrs() - returns array of attributes {"name" = NAME, "vendor" = VENDOR|nil}
radius:attr(name[,vendor]) - returns value of attribute (may return multiple results)
Example:
function ip_up(ses)
rad = ses:module("radius")
attrs = rad:attrs()
if attrs then
print("attrs:")
for _,a in pairs(attrs) do
io.write("\t")
if a.vendor then io.write(a.vendor..":") end
io.write(a.name.."=")
print(rad:attr(a.name, a.vendor))
end
end
end
|
|
This is done using radius attribute NAS-Port-Id. The new format of this attribute is NAS-Port-Id=[ns/][name].
Namespaces must be created malually by "ip netns add ..." command
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This patch gets rid of synchronuos style of authentication/accounting.
Synchronous style of authentication/accounting produced sleeping threads
which becomes a problem when lots of sessions started/stopped and all they want authorization/accounting.
|
|
drop existing sessions immediately and continue rather than wait full session termination
|
|
|
|
|
|
First try to rename interface immediately and if it fails then do second try later just before bring interface up.
In case single-session=replace first try to rename interface may fail because first session may be active
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
