| Age | Commit message (Collapse) | Author |
|---|
|
Rework iproute_del() to have the same parameters as iproute_add().
This will allow callers to specify more precisely the route they want
to delete.
Callers will later be converted to make use of these parameters to
ensure that the removed route precisely matches the one that was
originaly inserted.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Framed-IPv6-Route is the IPv6 counterpart of Framed-Route. It's only
used for defining routes to be added locally by accel-ppp. Routes that
should be announced to the peer using Router Advertisements should be
defined in the Route-IPv6-Information attribute (but that's currently
not implemented).
Framed-IPv6-Route format is:
<network in CIDR notation> [<gateway IPv6 address> [<route metric>]]
The gateway address and the route metric are optionals, but the metric
can only be set if a gateway address is given. One can use the
unspecified address '::' to define a route with no gateway and a
non-default route metric.
When no gateway address is defined, the session's network interface is
used directly.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
When handling the EV_WINS event, IPCP assumes that the ->wins1 and
->wins2 fields of the event structure are properly set. But that may
not be the case.
If only one of the MS-Primary-NBNS-Server or MS-Secondary-NBNS-Server
RADIUS attributes was received, then only ->wins1 or ->wins2 is set,
while the other keeps a non initialised value. This uninitialised value
is then copied by ev_wins() and proposed to the peer when negociating
the Primary-NBNS-Address or Secondary-NBNS-Address IPCP options.
That leaks four bytes of the stack to the network and prevents using
the values found in the [wins] section of accel-ppp.conf as fallback.
Fix this by initialising the whole event structure in rad_proc_attrs().
Then, in ev_wins(), we can check if ->wins1 or ->wins2 is properly set
before copying them. That allows to propery fallback to accel-ppp.conf
values when one of the values was not provided by RADIUS.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
When handling the EV_DNS event, IPCP assumes that the ->dns1 and ->dns2
fields of the event structure are properly set. But that may not be the
case.
If only one of the MS-Primary-DNS-Server or MS-Secondary-DNS-Server
RADIUS attributes was received, then only ->dns1 or ->dns2 is set,
while the other keeps a non initialised value. This uninitialised value
is then copied by ev_dns() and proposed to the peer when negociating
the Primary-DNS-Address or Secondary-DNS-Address IPCP options.
That leaks four bytes of the stack to the network and prevents using
the values found in the [dns] section of accel-ppp.conf as fallback.
Fix this by initialising the whole event structure in rad_proc_attrs().
Then, in ev_dns(), we can check if ->dns1 or ->dns2 is properly set
before copying them. That allows to propery fallback to accel-ppp.conf
values when one of the values was not provided by RADIUS.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
Let an optional route priority (aka metric) be defined in RADIUS
Framed-Route attributes.
The priority is an integer placed at the end of the route string. This
is backward compatible with the previous format and also conforms with
the recommended format defined by RFC 2865 (although we don't allow
multiple metrics).
Framed-Route format is:
<network> [<gateway> [<priority>]]
For example, 'Framed-Route = "192.0.2.0/24 203.0.113.1 8"' will let
the following route be installed (assuming 203.0.113.1 is routed
through eth0):
$ ip route show
[...]
192.0.2.0/24 via 203.0.113.1 dev eth0 metric 8
It's possible to use the unspecified gateway (0.0.0.0) if one wants to
set a priority without specifying a gateway address.
Finally, route deletion now also takes the priority into account, in
order to avoid removing a different route accidentally.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
to get radius object use session:module("radius") function
radius object provides flollowing functions:
radius:attrs() - returns array of attributes {"name" = NAME, "vendor" = VENDOR|nil}
radius:attr(name[,vendor]) - returns value of attribute (may return multiple results)
Example:
function ip_up(ses)
rad = ses:module("radius")
attrs = rad:attrs()
if attrs then
print("attrs:")
for _,a in pairs(attrs) do
io.write("\t")
if a.vendor then io.write(a.vendor..":") end
io.write(a.name.."=")
print(rad:attr(a.name, a.vendor))
end
end
end
|
|
later use
Bacause interface may not still exists in authentication phase
|
|
|
|
|
|
The 'installed' bit of the allocated ipv6db_addr_t structure needs to
be initialised. This is because ap_session_ifdown() reads this bit to
know if the address or route needs to be removed from the kernel.
The 'installed' bit is set by ap_session_accounting_started() and the
ND and DHCPV6 protocol handlers, but disconnection could happen before
these steps.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
Framed-Route has following syntax: Framed-Route=address[/mask] [gateway]
If gateway is not specified then route would be attached to session interface.
|
|
and Session-Timeout attributes
|
|
Signed-off-by: François Cachereul <f.cachereul@alphalink.fr>
|
|
|
|
|
|
The mistake was revealed by gcc 4.9.0
Signed-off-by: François Cachereul <f.cachereul@alphalink.fr>
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: Dmitry Kozlov <xeb@mail.ru>
|
|
Before this patch any single fail (no responce for max_try requests) caused radius server to enter "fail" state,
which may be unwanted behaviour, because radius may not respond for interim Accounting-Request by some reasons.
This patch introduces "max-fail" option which specifies number of unreplied requests in a row after which server enters into "fail" state.
(Actual only for multi-server configurations)
|
|
|
|
|
|
server replied
|
|
This patch gets rid of synchronuos style of authentication/accounting.
Synchronous style of authentication/accounting produced sleeping threads
which becomes a problem when lots of sessions started/stopped and all they want authorization/accounting.
|
|
If specified then accel-ppp will send tunnel type as string (pppoe,pptp,l2tp,ipoe).
|
|
|
|
|
|
This fixes invalid assosiation vendor specific Cisco-AVPair to Username attribute which both have same id
and prevents to find sessions in some circumstances.
Signed-off-by: Dmitry Kozlov <xeb@mail.ru>
|
|
Do not assign local address for non-PPP (IPoE at present) sessions in
specified modules.
This enforces ctrl to assign proper local address by itself.
Signed-off-by: Dmitry Kozlov <xeb@mail.ru>
|
|
|
|
|
|
sessions
|
|
Explicitely interpret zero values when parsing boolean options. This
allows to unset boolean parameters such as "verbose" when reloading
the configuration.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
* l2tp: Fix allocation checking when adding octets AVP
* cli, tcp: Fix non-NULL terminated string reception
* Fix va_end() missing calls
* chap-secrets: implemented encryption
* auth_pap: make messages like other auth modules
* cli: check xmit_buf is not null at enter to write function
* pppoe: implemented regular expression support
* chap-secrets: implemented encryption
* ippool: fixed initialization order
* optional shaper compiling
* ppp: dns/wins code cleanup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
containes pool name
|
|
|
|
|
|
|
|
|
|
|
|
|
