summaryrefslogtreecommitdiff
path: root/accel-pppd/radius
AgeCommit message (Collapse)Author
2026-03-23radius: fix stop accounting timeout flow and request cleanupDenys Fedoryshchenko
When sending accounting STOP requests, the timer callback was incorrectly set to the START timeout handler. This caused stop retries to follow the wrong termination path. Also clear rpd->acct_req before freeing on stop timeout/shutdown failures to avoid leaving a stale pointer. This bug is very nasty, revealed during stress tests, leading to memory corruption and other bad stuff when there is noticeable loss of radius "Stop" packets. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2026-03-23radius: Fix use after free and moreDenys Fedoryshchenko
Situation is a bit complex. Even one problem we fix easily, such as saving server as variable, rad_req_free might free server in theory, and s will be invalid. This is a bit of rewrite, but proper fix. Fixes problem in 2 functions. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2026-03-23radius: Invalid integer and date parsingDenys Fedoryshchenko
Actually 3 fixes in same place: INTEGER: size mismatch now breaks instead of falling through - a malformed INTEGER attribute is rejected rather than silently parsed with a wrong size INTEGER/DATE split: each case has its own break, no more fallthrough DATE: strictly requires len == 4 (per RFC 2865), warns and skips otherwise instead of silently accepting 1 or 2-byte dates Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2026-03-23radius: Fix to same type of allocator and deallocatorDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2026-03-23radius: Fix invalid check after mempool allocationDenys Fedoryshchenko
This check left old, relevant to mmap, migrate to proper check. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2026-03-23radius: MS-CHAP2-Success unchecked memcpy(40 bytes)Denys Fedoryshchenko
Also fix small typo. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2026-03-23radius: Vendor attribute parsing over-readsDenys Fedoryshchenko
When parsing vendor-specific attributes (type 26), the code reads internal structure without checking that the attribute data is long enough. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2026-03-23Update accel-pppd/radius/radius.cDenys Fedoryshchenko
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-03-23Update accel-pppd/radius/radius.cDenys Fedoryshchenko
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-03-23radius: Fix buggy Framed-Route parsingDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2026-01-24dae-allowed: Remove nagging about making option mandatoryDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-23radius: Implement DM/CoA security hardening by restricting source ip addressesDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-15fix(radius): refresh session stats in req_set_statDenys Fedoryshchenko
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-13Merge pull request #279 from nuclearcat/fix-acctDenys Fedoryshchenko
acct: Fix losing some data on interface down due wrong sequence
2025-12-13fix(accounting): preserve last counters on disconnectDmitriy Eshenko
Ensure accounting values include the most recent traffic sample when a session disconnects, preventing the final interval from being dropped and avoiding under-reported totals in usage/billing. Big thanks Dmitriy Eshenko for patch and testing Author: Dmitriy Eshenko <dmitriy.eshenko@accel-ppp.org> Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-12-10crypto: Removed internal tomcat crypto.Andrii Melnychenko
Signed-off-by: Andrii Melnychenko <a.melnychenko@vyos.io>
2025-11-28Merge pull request #267 from nuclearcat/fix-ssl-warningsDenys Fedoryshchenko
Suppress OpenSSL 3.0 deprecation warnings for legacy crypto APIs
2025-11-26fixup! Add RADIUS blast attack protection with Message-AuthenticatorDenys Fedoryshchenko
Not a bug, but to supress warnings. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-11-26Suppress OpenSSL 3.0 deprecation warnings for legacy crypto APIsDenys Fedoryshchenko
We are using similar approach as in other projects, easiest one, but probably in future it will break as soon as this functions will be removed completely. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2025-07-01Add RADIUS blast attack protection with Message-AuthenticatorDenys Fedoryshchenko
Recently FreeRadius started to complain accel-ppp doesn't pass BlastRADIUS check. This commit fixes that. This commit implements protection against RADIUS blast attacks by adding support for the Message-Authenticator attribute in Access-Request packets. This security enhancement helps prevent unauthorized access attempts and replay attacks on RADIUS authentication. - Added new configuration option `blast-protection=1` in [radius] to enable Message-Authenticator inclusion - Implemented HMAC-MD5 calculation for Message-Authenticator attribute (RFC 2869) - Modified packet building to include 18-byte Message-Authenticator attribute when enabled - Updated packet structure to support signing with shared secret Enable blast protection by adding to the `[radius]` section: ``` blast-protection=1 ``` When enabled, all Access-Request packets will include a Message-Authenticator attribute with HMAC-MD5 signature, providing cryptographic integrity verification and protection against packet modification attacks. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
2024-08-27build: fix compile errors on GCC 14Sergey V. Lobanov
This patch fixes compile errors on GCC 14 like the following /root/accel-ppp/accel-pppd/radius/packet.c: In function 'rad_packet_recv': /root/accel-ppp/accel-pppd/radius/packet.c:142:72: error: passing argument 5 of 'recvfrom' from incompatible pointer type [-Wincompatible-pointer-types] 142 | n = recvfrom(fd, pack->buf, REQ_LENGTH_MAX, 0, addr, &addr_len); | ^~~~ | | | struct sockaddr_in * In file included from /usr/include/netinet/in.h:10, from /usr/include/arpa/inet.h:9, from /root/accel-ppp/accel-pppd/radius/packet.c:10: /usr/include/sys/socket.h:397:55: note: expected 'struct sockaddr * restrict' but argument is of type 'struct sockaddr_in *' Reference: https://gcc.gnu.org/gcc-14/porting_to.html
2023-11-30Adding support to Radius IPV6 addressLeoMeres
This change enables ipv6 connections between accel-ppp and radius server
2023-01-27radius: implemented accounting delay option (acct-delay-start)Dmitry Kozlov
2022-11-01Remove unused variable.Stephan Brunner
2022-11-01Use 64-bit interface statistics rather than doing custom 32-bit overflow ↵Stephan Brunner
handling. When a link has a relatively high throughput, the 32-bit packet and byte counters could overflow multiple times between accounting runs. To accommodate this limitation, directly use 64-bit interface statistics. This also gets rid of the internal giga-word counters.
2022-04-20add switch to disable sending NAS-Port-IdSergey V. Lobanov
This patch introduces nas-port-id-in-req switch to disable sending NAS-Port-Id attribute in radauth and radacct messages. New switch might be useful if radius server cannot properly handle this attrubite. Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-01-24Merge pull request #35 from svlobanov/fix-radius-overflowxebd
fix buffer overflow when receive radius packet
2021-12-29fix buffer overflow when receive radius packetSergey V. Lobanov
This patch fixes buffer overflow if radius packet contains invalid atribute length and attrubute type from the following list: ipv4addr, ipv6addr, ipv6prefix or ifid Reported-by: Chloe Ong Reported-by: Eugene Lim <spaceraccoon@users.noreply.github.com> Reported-by: Kar Wei Loh Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2021-12-28These changes are in response to PR commentsroot
2021-12-28Added VRF support for radius request and DM/CoA server.root
New configuration format: [radius] server=address,secret[,auth-port=1812][,acct-port=1813][,vrf=VRF_NAME][,req-limit=0][,fail-timeout=0,max-fail=0,][,weight=1][,backup] dae-server=x.x.x.x:port,secret[,vrf=VRF_NAME] By default, VRF name is undefined.
2021-12-16vrf: T10: Add VRF supportDmitriyEshenko
Co-authored-by: Sergey V. Lobanov <svlobanov@users.noreply.github.com> Co-authored-by: Vladislav Grishenko <themiron@users.noreply.github.com>
2021-03-28radius: fix segfault regression after 62f7740033f05053a581e864742575a46ccc6da2[anp/hsw]
2021-03-20Fix unsigned bitfileds leftovers after 62f7740033f05053a581e864742575a46ccc6da2Vladislav Grishenko
2021-03-20Fixed some errors found by valgrind and pvs-studio (#11)[anp/hsw]
* Fix errors found by valgrind ==12312== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s) ==12312== at 0x486CCF0: sendmsg (in /lib/libpthread-2.22.so) ==12312== by 0x12F57F: rtnl_talk (libnetlink.c:316) ==12312== by 0x132DA3: genl_resolve_mcg (genl.c:52) ==12312== by 0x484E1CB: init (vlan_mon.c:528) ==12312== by 0x484CDC0: vlan_mon_register_proto (vlan_mon.c:48) ==12312== by 0x510B763: load_vlan_mon (pppoe.c:1914) ==12312== by 0x510BFF2: load_config (pppoe.c:2064) ==12312== by 0x510C22A: pppoe_init (pppoe.c:2108) ==12312== by 0x483E9EB: triton_load_modules (triton.c:704) ==12312== by 0x1384B2: main (main.c:339) ==12312== Address 0xbedacdd8 is on thread 1's stack ==12312== in frame #2, created by genl_resolve_mcg (genl.c:23) ==12312== 15 bytes in 1 blocks are definitely lost in loss record 352 of 836 ==12312== at 0x482A9A9: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==12312== by 0x4B97524: strdup (in /lib/libc-2.22.so) ==12312== by 0x12C30C: init (telnet.c:769) ==12312== by 0x483E9EB: triton_load_modules (triton.c:704) ==12312== by 0x1384B2: main (main.c:339) ==12312== ==12312== 15 bytes in 1 blocks are definitely lost in loss record 353 of 836 ==12312== at 0x482A9A9: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==12312== by 0x4B97524: strdup (in /lib/libc-2.22.so) ==12312== by 0x12D60A: init (tcp.c:392) ==12312== by 0x483E9EB: triton_load_modules (triton.c:704) ==12312== by 0x1384B2: main (main.c:339) * Fix another warnings by cppcheck [accel-pppd/ctrl/ipoe/arp.c:256]: (error) Uninitialized variable: n [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 5) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 6) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 5) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 6) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 5) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 6) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/pppoe.c:738]: (warning) Possible null pointer dereference [accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/libnetlink/libnetlink.c:515]: (warning) Possible null pointer dereference [accel-pppd/ppp/ipv6cp_opt_intfid.c:185]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. * Suppress compiler warnings * Fix locking errors /opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c 279 warn V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 279, 249. /opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c 333 warn V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 333, 315. /opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c 422 warn V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 422, 372. /opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c 488 warn V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 488, 468. /opt/pvs/accel-ppp/accel-pppd/triton/mempool.c 119 warn V1020 The function exited without calling the 'pthread_spin_unlock' function. Check lines: 119, 116. * Fix array len errors /opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c 75 warn V557 Array underrun is possible. The value of 'len - 1' index could reach -1. /opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c 76 warn V557 Array underrun is possible. The value of '-- len' index could reach -1. * Fix possible memory leaks /opt/pvs/accel-ppp/accel-pppd/radius/radius.c 936 err V773 The function was exited without releasing the 'str' pointer. A memory leak is possible. /opt/pvs/accel-ppp/accel-pppd/radius/serv.c 622 err V773 The function was exited without releasing the 'str' pointer. A memory leak is possible. /opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c 144 err V773 The function was exited without releasing the 'raw' pointer. A memory leak is possible. * Fix unsafe code /opt/pvs/accel-ppp/accel-pppd/cli/tcp.c 364 warn V1004 The 'host' pointer was used unsafely after it was verified against nullptr. Check lines: 338, 364. /opt/pvs/accel-ppp/accel-pppd/cli/telnet.c 701 warn V1004 The 'host' pointer was used unsafely after it was verified against nullptr. Check lines: 675, 701. /opt/pvs/accel-ppp/accel-pppd/extra/ippool.c 241 err V614 Potentially uninitialized pointer 'pos' used. /opt/pvs/accel-ppp/accel-pppd/radius/dict.c 165 err V614 Uninitialized pointer 'parent_items' used. * Remove duplicate code /opt/pvs/accel-ppp/accel-pppd/radius/serv.c 202 warn V547 Expression 'ts.tv_sec < req->serv->fail_time' is always false. * Fix treating signed bool variables as unsigned * Add nullptr checking /opt/pvs/accel-ppp/accel-pppd/ipv6/dhcpv6.c 886 err V595 The 'opt->val' pointer was utilized before it was verified against nullptr. Check lines: 886, 890. /opt/pvs/accel-ppp/accel-pppd/ipv6/nd.c 479 err V595 The 'opt->val' pointer was utilized before it was verified against nullptr. Check lines: 479, 483. /opt/pvs/accel-ppp/accel-pppd/radius/auth.c 152 err V595 The 'rpd->auth_ctx' pointer was utilized before it was verified against nullptr. Check lines: 152, 154. /opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c 114 err V595 The 'cur_sect' pointer was utilized before it was verified against nullptr. Check lines: 114, 117. * Add logging of exit conditions * Clarify calculation [accel-pppd/ppp/ccp_mppe.c:281]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:282]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:283]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:284]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:285]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:286]: (style) Clarify calculation precedence for '&' and '?'. [drivers/ipoe/ipoe.c:307]: (style) Clarify calculation precedence for '&' and '?'. * Fix void calculations [accel-pppd/ctrl/pppoe/disc.c:211]: (portability) 'pkt' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/ctrl/pptp/pptp.c:150]: (portability) 'buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/acct.c:37]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/auth.c:35]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/auth.c:79]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:43]: (portability) 'pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:47]: (portability) 'pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:57]: (portability) 'pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:65]: (portability) 'req.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:97]: (portability) 'req.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/serv.c:364]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/triton/mempool.c:115]: (portability) 'mmap_ptr' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/triton/mempool.c:122]: (portability) 'mmap_ptr' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/triton/mempool.c:276]: (portability) 'ptr' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. * Fix void part 2 [accel-pppd/ipv6/dhcpv6.c:844]: (portability) 'conf_dnssl' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/ipv6/nd.c:199]: (portability) '(void*)dnsslinfo' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/ipv6/nd.c:432]: (portability) 'conf_dnssl' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. * Fix null pointer dereference [accel-pppd/ctrl/ipoe/ipoe.c:2048]: (warning) Possible null pointer dereference: eth [accel-pppd/ctrl/ipoe/ipoe.c:2049]: (warning) Possible null pointer dereference: iph * Remove redundant check /opt/pvs/accel-ppp/accel-pppd/ctrl/l2tp/packet.c 656 warn V547 Expression 'attr->length <= 16' is always false. * PR fixes * PR fixes 2
2021-03-13Fix segmentation fault when radius section is missing[anp/hsw]
2021-03-13Fix some errors and warnings found by cppcheck[anp/hsw]
[accel-pppd/ctrl/ipoe/ipoe.c:4054]: (style) A pointer can not be negative so it is either pointless or an error to check if it is not. [accel-pppd/logs/log_syslog.c:148]: (error) Array 'facility_name[9]' accessed at index 35, which is out of bounds. [accel-pppd/lua/session.c:274]: (error) Common realloc mistake: 'mods' nulled but not freed upon failure [accel-pppd/extra/ippool.c:114]: (warning) %u in format string (no. 1) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:114]: (warning) %u in format string (no. 2) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:114]: (warning) %u in format string (no. 3) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:114]: (warning) %u in format string (no. 4) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:114]: (warning) %u in format string (no. 5) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:141]: (warning) %u in format string (no. 1) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:141]: (warning) %u in format string (no. 2) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:141]: (warning) %u in format string (no. 3) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:141]: (warning) %u in format string (no. 4) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:141]: (warning) %u in format string (no. 5) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/main.c:97]: (warning) %d in format string (no. 1) requires 'int *' but the argument type is 'unsigned int *'. [accel-pppd/radius/radius.c:687] -> [accel-pppd/radius/radius.c:690]: (warning) Possible null pointer dereference: rpd - otherwise it is redundant to check it against null. [accel-pppd/radius/serv.c:805] -> [accel-pppd/radius/serv.c:829]: (warning) Possible null pointer dereference: ptr2 - otherwise it is redundant to check it against null. [accel-pppd/radius/serv.c:813] -> [accel-pppd/radius/serv.c:829]: (warning) Possible null pointer dereference: ptr2 - otherwise it is redundant to check it against null. [accel-pppd/radius/serv.c:823] -> [accel-pppd/radius/serv.c:829]: (warning) Possible null pointer dereference: ptr2 - otherwise it is redundant to check it against null.
2020-10-21radius: sanity check for vendor attribute lengthDmitry Kozlov
2020-09-13radius: keep vendor & attr numbers in orderVladislav Grishenko
2020-09-11radius: add MikroTik dictionaryVladislav Grishenko
2020-09-06radius: fix crash with l4-redirect with no ipv6 (T23)Vladislav Grishenko
2020-06-06radius: add strip-realm config optionVladislav Grishenko
refer #6 for modre details.
2020-04-21Send Delegated-IPv6-Prefix attribute in Accounting-Start messageSergey V. Lobanov
If Delegated-IPv6-Prefix was received in Access-Accept message, it is necessary to send it in radacct Start message
2020-04-02Fix radius Framed-IP-Addressstetsyuk
Add htonl to check if Framed-IP-Address==0xFFFFFFFE Ignore 0xFFFFFFFE as Framed-IP-Address in DM/CoA requests
2020-01-20radius: implement jitter of accounting update intervalVladislav Grishenko
2020-01-10ipv6pool/radius: implement named ipv6 poolsVladislav Grishenko
default stateful ipv6 address & prefix radius attrs are per-rfc6911: 171 Delegated-IPv6-Prefix-Pool 172 Stateful-IPv6-Address-Pool the single pool name from chap-secret file pool is shared for ipv4/ipv6/ipv6 dp, new config syntax TBD. per-proto pool names are still for ipv4 only, new config syntax TBD.
2019-08-30radius: dm/coa: add invalid packet loggingVladislav Grishenko
2019-08-29radius: add support for Access-Accept usernameVladislav Grishenko
once radius server has returned User-Name attribute in Access-Accept packet, it'll be used for any subsequent Accounting-Request packets instead of internal username per RFC2865 5.1 other way of just replacing session username is possible, but not desired at the moment due potential issues with single-session modes in case of different ppp logins / ipoe macs and same contract number returned by radius for that accounts.
2019-08-26[Fix] - Increment Accounting-Request id for Acct-Status-Type Stoproot
2019-06-27Update radius.cEshenko Dmitriy
2019-05-10Fix bug after radius server recoveryroot