| Age | Commit message (Collapse) | Author |
|---|
|
When handling the EV_DNS event, IPCP assumes that the ->dns1 and ->dns2
fields of the event structure are properly set. But that may not be the
case.
If only one of the MS-Primary-DNS-Server or MS-Secondary-DNS-Server
RADIUS attributes was received, then only ->dns1 or ->dns2 is set,
while the other keeps a non initialised value. This uninitialised value
is then copied by ev_dns() and proposed to the peer when negociating
the Primary-DNS-Address or Secondary-DNS-Address IPCP options.
That leaks four bytes of the stack to the network and prevents using
the values found in the [dns] section of accel-ppp.conf as fallback.
Fix this by initialising the whole event structure in rad_proc_attrs().
Then, in ev_dns(), we can check if ->dns1 or ->dns2 is properly set
before copying them. That allows to propery fallback to accel-ppp.conf
values when one of the values was not provided by RADIUS.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
We need to include "list.h" to define 'struct list_head' and
<netinet/in.h> for 'in_addr_t' and 'struct in6_addr'.
Also, let's include "ap_session.h" so that we don't need a forward
declaration for 'struct ap_session'.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
|
|
Let an optional route priority (aka metric) be defined in RADIUS
Framed-Route attributes.
The priority is an integer placed at the end of the route string. This
is backward compatible with the previous format and also conforms with
the recommended format defined by RFC 2865 (although we don't allow
multiple metrics).
Framed-Route format is:
<network> [<gateway> [<priority>]]
For example, 'Framed-Route = "192.0.2.0/24 203.0.113.1 8"' will let
the following route be installed (assuming 203.0.113.1 is routed
through eth0):
$ ip route show
[...]
192.0.2.0/24 via 203.0.113.1 dev eth0 metric 8
It's possible to use the unspecified gateway (0.0.0.0) if one wants to
set a priority without specifying a gateway address.
Finally, route deletion now also takes the priority into account, in
order to avoid removing a different route accidentally.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
Introduced 4 priorities:
0 - management (cli)
1 - starting sessions (default priority)
2 - active sessions
3 - finishing sessions
|
|
|
|
|
|
|
|
to get radius object use session:module("radius") function
radius object provides flollowing functions:
radius:attrs() - returns array of attributes {"name" = NAME, "vendor" = VENDOR|nil}
radius:attr(name[,vendor]) - returns value of attribute (may return multiple results)
Example:
function ip_up(ses)
rad = ses:module("radius")
attrs = rad:attrs()
if attrs then
print("attrs:")
for _,a in pairs(attrs) do
io.write("\t")
if a.vendor then io.write(a.vendor..":") end
io.write(a.name.."=")
print(rad:attr(a.name, a.vendor))
end
end
end
|
|
1 - is high priority queue for Access-Request and Account-Request(Start)
2 - is low priority queue for Account-Request(Alive) and Account-Request(Stop)
This patch intended to prioritize sessions connecting requests over disconnects and interim updates.
|
|
|
|
later use
Bacause interface may not still exists in authentication phase
|
|
|
|
|
|
|
|
The 'installed' bit of the allocated ipv6db_addr_t structure needs to
be initialised. This is because ap_session_ifdown() reads this bit to
know if the address or route needs to be removed from the kernel.
The 'installed' bit is set by ap_session_accounting_started() and the
ND and DHCPV6 protocol handlers, but disconnection could happen before
these steps.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
|
|
If start=auto is specified then accel-pppd automatically starts session with username = interface name on shared=0 interfaces.
Use it with conjuction vlan_mon. So any packet may start session.
|
|
radius server error packet may be coredump.
|
|
Framed-Route has following syntax: Framed-Route=address[/mask] [gateway]
If gateway is not specified then route would be attached to session interface.
|
|
and Session-Timeout attributes
|
|
Signed-off-by: François Cachereul <f.cachereul@alphalink.fr>
|
|
|
|
|
|
conditions)
|
|
|
|
|
|
The mistake was revealed by gcc 4.9.0
Signed-off-by: François Cachereul <f.cachereul@alphalink.fr>
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: Dmitry Kozlov <xeb@mail.ru>
|
|
|
|
|
|
Before this patch any single fail (no responce for max_try requests) caused radius server to enter "fail" state,
which may be unwanted behaviour, because radius may not respond for interim Accounting-Request by some reasons.
This patch introduces "max-fail" option which specifies number of unreplied requests in a row after which server enters into "fail" state.
(Actual only for multi-server configurations)
|
|
|
|
not respond
|
|
|
|
|
|
|
|
|
|
|
|
server replied
|
|
|
|
|
|
This patch gets rid of synchronuos style of authentication/accounting.
Synchronous style of authentication/accounting produced sleeping threads
which becomes a problem when lots of sessions started/stopped and all they want authorization/accounting.
|
|
release)
|
|
|
|
|
