summaryrefslogtreecommitdiff
path: root/accel-pppd/include
AgeCommit message (Collapse)Author
2020-06-29sstp: fix MITM w/o SSTP_MSG_CALL_CONNECTED is being sentVladislav Grishenko
3.3.2.1 Negotiation Timer When establishing the SSTP connection, the SSTP server starts the negotiation timer. 2. After sending the Call Connect Acknowledge message, if the server does not receive a Call Connected message before the Negotiation timer expires then it MUST send a Call Abort message and start the process of bringing down (disconnecting) the connection. The server MAY implement different timer values for the Call Connected message and the Call Connect Request message. 3.3.7.1 Server-Side Interface with PPP When the server receives a PPP data frame from the PPP layer, the server MUST perform the following steps: * If CurrentState is set to Server_Call_Connected: Generate an SSTP data packet (section 2.2.3) with the PPP frame as the higher-layer payload and send the packet to the HTTPS layer. * Else, drop the PPP frame. sstp-client is known to be broken, it doesn't send SSTP_MSG_CALL_CONNECTED with PAP and CHAP-MD5 auth, no network data flow and disconnect by negotiation timer is expected.
2020-03-18net: new function get_ifindexSimon Chopin
The index of a given interface is an operation that highly depends on the network namespace we're in. This patch simply cuts out a function to get the index for a given interface name from the session initialization code, and expose it in the ap_net structure. This function can then be used to refresh the index when moving interfaces around. Signed-off-by: Simon Chopin <s.chopin@alphalink.fr>
2020-03-07session: add global [common]max-starting optionVladislav Grishenko
usually there's no need to have per-proto limitation, since the need of max starting limitation affects the whole server, not particular protocol only.
2020-01-11ipv6pool: add per-proto ipv6-pool and ipv6-pool-delegate optionsVladislav Grishenko
also, disable ipv6 pools via chap-secrets, need to find another syntax for it, may be with comments.
2020-01-10ipv6pool/radius: implement named ipv6 poolsVladislav Grishenko
default stateful ipv6 address & prefix radius attrs are per-rfc6911: 171 Delegated-IPv6-Prefix-Pool 172 Stateful-IPv6-Address-Pool the single pool name from chap-secret file pool is shared for ipv4/ipv6/ipv6 dp, new config syntax TBD. per-proto pool names are still for ipv4 only, new config syntax TBD.
2018-10-26vlan_mon: make vlan_mon.h self-containedGuillaume Nault
We need to include <stdint.h> to define 'uint16_t'. Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
2018-10-26core: make ap_net.h self-containedGuillaume Nault
We need to include <sys/socket.h> to define 'socklen_t', <sys/types.h> for 'ssize_t' and "list.h" for 'struct list_head'. Also, let's include "libnetlink.h" so that we don't need a forward declaration for 'struct rtnl_handle'. Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
2018-10-26connlimit: make connlimit.h self-containedGuillaume Nault
We need to include <stdint.h> to define 'uint*_t' and <string.h> for 'memcpy'. Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
2018-10-26backup: make ap_session_backup.h self-containedGuillaume Nault
We need to include <netinet/in.h> to define 'struct in6_addr' and <stdint.h> for 'uint8_t'. Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
2017-10-17radius: implemented lua supportDmitry Kozlov
to get radius object use session:module("radius") function radius object provides flollowing functions: radius:attrs() - returns array of attributes {"name" = NAME, "vendor" = VENDOR|nil} radius:attr(name[,vendor]) - returns value of attribute (may return multiple results) Example: function ip_up(ses) rad = ses:module("radius") attrs = rad:attrs() if attrs then print("attrs:") for _,a in pairs(attrs) do io.write("\t") if a.vendor then io.write(a.vendor..":") end io.write(a.name.."=") print(rad:attr(a.name, a.vendor)) end end end
2017-10-16lua: implemented "session" module that provides session object to be passed ↵Dmitry Kozlov
to lua scripts session object consists of following functions: ifname() - interface name ifindex() - interface ifindex sid() - Acct-Session-ID uptime() - session uptime in seconds username() ctrl_type() - type of session (pppt/pppoe/l2tp/ipoe) calling_sid() - Calling-Station-ID called_sid() - Called-Station-ID ipv4() - retuns pair (peer address, local address) ipv6() - ipv6 address or nil rx_bytes() tx_bytes()
2017-10-13improved lua supportDmitry Kozlov
Implemented support for lua 5.2/5.3. To build accel-ppp with exact lua version pass it in -DLUA=x.y, for example -DLUA=5.2 (cmake 3.0 is required for this). Old style -DLUA=TRUE supports only 5.1 and does not require cmake 3.0. Also extra lua modules (lua_lpack, lua_bit) took out into separated library luasupp.
2017-04-18implemented session count limitingDmitry Kozlov
new config option: [common] max-sessions=N If set then accel-pppd stops reply to new connection requests if total number of sessions (active and starting) is reached specified limit.
2017-04-18Revert "implemented session count limiting"Dmitry Kozlov
This reverts commit 88a908974b0b2e9c7eee8ad9a8b0b4432e95d167.
2017-04-18implemented session count limitingDmitry Kozlov
new config option: [common] max-sessions=N If set then accel-pppd stops reply to new connection requests if total number of sessions (active and starting) is reached specified limit.
2017-04-18Revert "implemented session count limiting"Dmitry Kozlov
This reverts commit 9ea88bac7d5bf8fc5cf2d5f7d0a734ec7a9e6df6.
2017-04-18implemented session count limitingDmitry Kozlov
new config option: [common] max-sessions=N If set then accel-pppd stops reply to new connection requests if total number of sessions (active and starting) is reached specified limit.
2016-07-11implemented support for network namespaceDmitry Kozlov
This is done using radius attribute NAS-Port-Id. The new format of this attribute is NAS-Port-Id=[ns/][name]. Namespaces must be created malually by "ip netns add ..." command
2016-06-02ppp: make include/ppp_auth.h a symlinkGuillaume Nault
include/ppp_auth.h used to be a symlink to ppp/ppp_auth.h, until it was made a copy by ebbd6f580322 ("fix typo (successed -> succeeded)"). Therefore, changes to ppp/ppp_auth.h aren't visible to files including ppp_auth.h anymore. These files have already diverged (just a whitespace fix for now), so let's restore the original symlink before more changes occur. Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
2016-04-30radius: add Delegated-IPv6-Prefix to accounting packetsDmitry Kozlov
2016-04-15preparation for DPDK intergation (part 6)Dmitry Kozlov
2016-04-11Revert "pppoe: do not negotiate LCP MRU option if it is larger than 1492"Dmitry Kozlov
This reverts commit fc098b3062badfd802f91241533069cad4886b6f.
2016-04-10pppoe: do not negotiate LCP MRU option if it is larger than 1492Dmitry Kozlov
2016-04-05improved logging: if session's interface is empty log ctrl's interfaceDmitry Kozlov
2016-04-04vlan_mon: make possible to work other module after message "vlan not started"Dmitry Kozlov
2016-04-04ipoe,pppoe,vlan_mon: deleted conditions to simultaneous start ipoe and pppoe ↵Dmitry Kozlov
on same interfaces (started by vlan_mon)
2016-04-02for single-session=deny make early check for duplicate username (before ↵Dmitry Kozlov
calling radius)
2016-03-18make termination caused by SIGTERM softDmitry Kozlov
2016-03-17vlan_mon,ipoe,pppoe: implemented detection of vlan existanceDmitry Kozlov
2015-12-04preparation for DPDK intergation (part 5)Dmitry Kozlov
2015-12-04preparation for DPDK intergation (part 4)Dmitry Kozlov
2015-12-04preparation for DPDK intergation (part 3)Dmitry Kozlov
2015-12-04preparation for DPDK intergationDmitry Kozlov
2015-11-21move parse_vlan_mon function to vlan-mon moduleDmitry Kozlov
2015-11-21split ipoe driver to ipoe and vlan_monDmitry Kozlov
introduced new module "vlan-mon"
2015-11-18ipoe: do not send immediate Accounting Stop in soft terminate modeDmitry Kozlov
2015-11-17ipoe: use single socket for arp processingDmitry Kozlov
2015-02-21session: implemented idle and timeout timersDmitry Kozlov
2014-11-22remove trailing whitespacesDmitry Kozlov
2014-11-05ipv6: move ipv6_dp from dhcpv6 private data to ap_sessionDmitry Kozlov
2014-09-20rewrite of authentication/accounting proceduresDmitry Kozlov
This patch gets rid of synchronuos style of authentication/accounting. Synchronous style of authentication/accounting produced sleeping threads which becomes a problem when lots of sessions started/stopped and all they want authorization/accounting.
2014-07-11terminate session if interface rename failsDmitry Kozlov
2014-05-182-way interface renamingDmitry Kozlov
First try to rename interface immediately and if it fails then do second try later just before bring interface up. In case single-session=replace first try to rename interface may fail because first session may be active
2014-05-18improved single-session=replace handlingDmitry Kozlov
Wait for previous session completely terminated before continuing authorization new session.
2014-05-12radius: use NAS-Port-Id in Access-Accept for interface renamingDmitry Kozlov
2013-08-28ipoe: add ipset support for l4 redirectKozlov Dmitry
2013-06-29connlimit: Initialise connlimit key (MAC)Guillaume Nault
Initialise 'key' before calling memcpy() to ensure that all bytes are set in the return value. Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
2013-06-14connlimit: Fix size of memcpy() for MAC addressGuillaume Nault
The 'hw' parameter of cl_key_from_mac() is actually a pointer, so 'key.hw' must be used instead to compute the size of the MAC address. Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
2013-03-16ipoe: fixed shared=1 modeKozlov Dmitry
2013-01-25Revert "altered session finishing procedure"Kozlov Dmitry
This reverts commit 9f4f36169f03857b6910402028717210270a0339.
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-04 03:37:07 +0000