| Age | Commit message (Collapse) | Author |
|---|
|
T72: Fix compilations warnings for unaligned variable access
|
|
Add missing dhcp end option on dhcp notify packet
|
|
- IPoE/DHCP4: Specify minimal suitable alignment explicitly.
We need to guarantee 2 byte alignment for the `hdr` pointer in
`ip_csum(uint16_t *buf)` calculation
- PPPOE: Suppress false-positive warning for `sockaddr_pppox`.
Similiar issue: https://github.com/kernelslacker/trinity/pull/40
- Introduce tmp variables to avoid alignment issues for SSTP/DHCPv6
For additional details:
https://phabricator.accel-ppp.org/T72
Signed-off-by: Volodymyr Huti <v.huti@vyos.io>
|
|
|
|
Fix ipv6 inside netns
|
|
This commit proposes to modify the log message in dhcpv6.c to include
the correct file name. It avoids confusion when reading the logs
|
|
T60: Implement configurable session-timeout param for all connection …
|
|
This fix allow to create the socket inside the netns for ipv6-dhcp module.
|
|
ipv6 auto-configuration generate error when link is
terminated inside netns. The error message is :
"ipv6_nd: setsockopt(SO_BINDTODEVICE): No such device"
This error is generated because socket is not created inside
the netns but it’s created in the default netns.
This fix allow to create the socket in the right place.
to propose this fix, i was inspired by :
issue : https://phabricator.accel-ppp.org/T68
commit : https://github.com/accel-ppp/accel-ppp/commit/f1d616d91914be493b6a32a96323fa871733f8e0
|
|
Per https://datatracker.ietf.org/doc/html/rfc1334#section-2.2.1:
Implementation Note: Because the Authenticate-Ack might be
lost, the authenticator MUST allow repeated Authenticate-
Request packets after completing the Authentication phase.
Protocol phase MUST return the same reply Code returned when
the Authentication phase completed (the message portion MAY be
different). Any Authenticate-Request packets received during
any other phase MUST be silently discarded.
|
|
|
|
Fine tune commit 39a9eb807ade35cf60edc6f2e209ed74ba1d262f
|
|
|
|
|
|
add switch to disable sending NAS-Port-Id
|
|
T22: connection limit for non-shared interfaces by interface index
|
|
Bugfixes
|
|
This patch introduces nas-port-id-in-req switch to disable sending
NAS-Port-Id attribute in radauth and radacct messages. New switch
might be useful if radius server cannot properly handle this
attrubite.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
here is the structure of CHAP challenge message for PPP:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value-Size | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Name ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
When sending a CHAP challenge, accel-ppp set NAME to NULL. According to
RFC 1994 (PPP CHAP), this field should neither be NULL nor be equal to
CR/LF. As ixia does not recognize AUthentication packet when this field
is NULL, we set it to "accel-ppp" by default.
In MS-CHAPv1 and MS-CHAPv2, authenticator does not provide information
in Name field.
Signed-off-by: Gabriel Jeanneau <gabriel.jeanneau@6wind.com>
|
|
When using pppd_compat module, accel-ppp crash with SIGBUS on
spin_lock(&t->ctx->lock) of timer_thread.
When a moduile call triton_timer_del, fd are close without taking into
account epoll function and without removing from polled fd list.
File descriptor are removed from polled fd list and then close in
timer_thread avoiding use after free.
Fixes: 5bac5a2edb7b ("rewriting triton library...")
Signed-off-by: Gabriel Jeanneau <gabriel.jeanneau@6wind.com>
|
|
When receiving IPCP packet on channel handler, check unit handler to
avoid sending a LCP Protocol Reject because ppp unit has not been
created yet.
This patch allows accel-ppp to handle higher pressure (handle 300
connections per second).
Signed-off-by: Gabriel Jeanneau <gabriel.jeanneau@6wind.com>
|
|
CMAKE_FIND_ROOT_PATH variable is a list of pathes used by CMAKE to find
packages and library for compilation.
It should not be used for installation as :
- it is a list
- it points to staging folder of packaging tools.
So let's use a more standard CMAKE code to make sure
files and folders are actually installed in target destination.
Signed-off-by: Gabriel Jeanneau <gabriel.jeanneau@6wind.com>
Signed-off-by: Stéphane Gonauer <stephane.gonauer@6wind.com>
|
|
Fixed typos in help
|
|
fix buffer overflow when receive radius packet
|
|
Added support for binding device name for radius request and DM/CoA server.
|
|
|
|
This patch fixes buffer overflow if radius packet contains invalid atribute length
and attrubute type from the following list: ipv4addr, ipv6addr, ipv6prefix or ifid
Reported-by: Chloe Ong
Reported-by: Eugene Lim <spaceraccoon@users.noreply.github.com>
Reported-by: Kar Wei Loh
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
|
|
|
|
New configuration format:
[radius]
server=address,secret[,auth-port=1812][,acct-port=1813][,vrf=VRF_NAME][,req-limit=0][,fail-timeout=0,max-fail=0,][,weight=1][,backup]
dae-server=x.x.x.x:port,secret[,vrf=VRF_NAME]
By default, VRF name is undefined.
|
|
T55: add netlink buffer size configuration parameters
|
|
|
|
Netlink buffers may overflow so it might be useful to increase send and receive
netlink buffer sizes.
Two parameters to [common] configuration section added: nl-rcv-buffer,
nl-snd-buffer.
It is required to set (sysctl) net.core.wmem_max>=nl-snd-buffer and
net.core.rmem_max>=nl-rcv-buffer before running accel-pppd
To check current netlink buffer size and related info use the following command:
% ss -f netlink -m
0 0 rtnl:kernel * skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)
0 0 rtnl:-1140221812 * skmem:(r0,rb2048000,t0,tb80000,f0,w0,o0,bl0,d0)
0 0 rtnl:accel-pppd/14285 * skmem:(r0,rb2048000,t0,tb65536,f0,w0,o0,bl0,d0)
...
(Please check man ss to get the meaning for r,rb,t,tb,f,w,o,bl and d params)
In the ss output you will see the values doubled from configured.
First accel-pppd netlink socket will use default values (rcv=1048576, snd=32768)
regardless of configured nl-rcv-buffer and nl-snd-buffer values.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
|
|
Co-authored-by: Sergey V. Lobanov <svlobanov@users.noreply.github.com>
Co-authored-by: Vladislav Grishenko <themiron@users.noreply.github.com>
|
|
proxy_arp=2 should be used for ipoe setup with shared vlan and intra-vlan l2 isolation. accel-ppp should use server mac when sending arp reply message. There is no reason to send subscriber's mac if proxy_arp is enabled
In case of ipoe shared vlan without l2-isolation, proxy_arp=1 should be used
|
|
|
|
|
|
|
|
Fix logging per-user-dir. Add possibility to drop session hard if it already has finish state
|
|
|
|
|
|
|
|
|
|
|
|
fixes a1a2b79240511222868a60960d51f12adbe0d7d4
|
|
|
|
|
|
fix 4b52c1a3590b43ca892c460d9b1478e1da742156
|
|
|
