| Age | Commit message (Collapse) | Author |
|---|
|
|
|
add switch to disable sending NAS-Port-Id
|
|
T22: connection limit for non-shared interfaces by interface index
|
|
Bugfixes
|
|
This patch introduces nas-port-id-in-req switch to disable sending
NAS-Port-Id attribute in radauth and radacct messages. New switch
might be useful if radius server cannot properly handle this
attrubite.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
here is the structure of CHAP challenge message for PPP:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value-Size | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Name ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
When sending a CHAP challenge, accel-ppp set NAME to NULL. According to
RFC 1994 (PPP CHAP), this field should neither be NULL nor be equal to
CR/LF. As ixia does not recognize AUthentication packet when this field
is NULL, we set it to "accel-ppp" by default.
In MS-CHAPv1 and MS-CHAPv2, authenticator does not provide information
in Name field.
Signed-off-by: Gabriel Jeanneau <gabriel.jeanneau@6wind.com>
|
|
When using pppd_compat module, accel-ppp crash with SIGBUS on
spin_lock(&t->ctx->lock) of timer_thread.
When a moduile call triton_timer_del, fd are close without taking into
account epoll function and without removing from polled fd list.
File descriptor are removed from polled fd list and then close in
timer_thread avoiding use after free.
Fixes: 5bac5a2edb7b ("rewriting triton library...")
Signed-off-by: Gabriel Jeanneau <gabriel.jeanneau@6wind.com>
|
|
When receiving IPCP packet on channel handler, check unit handler to
avoid sending a LCP Protocol Reject because ppp unit has not been
created yet.
This patch allows accel-ppp to handle higher pressure (handle 300
connections per second).
Signed-off-by: Gabriel Jeanneau <gabriel.jeanneau@6wind.com>
|
|
CMAKE_FIND_ROOT_PATH variable is a list of pathes used by CMAKE to find
packages and library for compilation.
It should not be used for installation as :
- it is a list
- it points to staging folder of packaging tools.
So let's use a more standard CMAKE code to make sure
files and folders are actually installed in target destination.
Signed-off-by: Gabriel Jeanneau <gabriel.jeanneau@6wind.com>
Signed-off-by: Stéphane Gonauer <stephane.gonauer@6wind.com>
|
|
Fixed typos in help
|
|
fix buffer overflow when receive radius packet
|
|
Added support for binding device name for radius request and DM/CoA server.
|
|
|
|
This patch fixes buffer overflow if radius packet contains invalid atribute length
and attrubute type from the following list: ipv4addr, ipv6addr, ipv6prefix or ifid
Reported-by: Chloe Ong
Reported-by: Eugene Lim <spaceraccoon@users.noreply.github.com>
Reported-by: Kar Wei Loh
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
|
|
|
|
New configuration format:
[radius]
server=address,secret[,auth-port=1812][,acct-port=1813][,vrf=VRF_NAME][,req-limit=0][,fail-timeout=0,max-fail=0,][,weight=1][,backup]
dae-server=x.x.x.x:port,secret[,vrf=VRF_NAME]
By default, VRF name is undefined.
|
|
T55: add netlink buffer size configuration parameters
|
|
|
|
Netlink buffers may overflow so it might be useful to increase send and receive
netlink buffer sizes.
Two parameters to [common] configuration section added: nl-rcv-buffer,
nl-snd-buffer.
It is required to set (sysctl) net.core.wmem_max>=nl-snd-buffer and
net.core.rmem_max>=nl-rcv-buffer before running accel-pppd
To check current netlink buffer size and related info use the following command:
% ss -f netlink -m
0 0 rtnl:kernel * skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)
0 0 rtnl:-1140221812 * skmem:(r0,rb2048000,t0,tb80000,f0,w0,o0,bl0,d0)
0 0 rtnl:accel-pppd/14285 * skmem:(r0,rb2048000,t0,tb65536,f0,w0,o0,bl0,d0)
...
(Please check man ss to get the meaning for r,rb,t,tb,f,w,o,bl and d params)
In the ss output you will see the values doubled from configured.
First accel-pppd netlink socket will use default values (rcv=1048576, snd=32768)
regardless of configured nl-rcv-buffer and nl-snd-buffer values.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
|
|
|
Co-authored-by: Sergey V. Lobanov <svlobanov@users.noreply.github.com>
Co-authored-by: Vladislav Grishenko <themiron@users.noreply.github.com>
|
|
proxy_arp=2 should be used for ipoe setup with shared vlan and intra-vlan l2 isolation. accel-ppp should use server mac when sending arp reply message. There is no reason to send subscriber's mac if proxy_arp is enabled
In case of ipoe shared vlan without l2-isolation, proxy_arp=1 should be used
|
|
|
|
|
|
|
|
Fix logging per-user-dir. Add possibility to drop session hard if it already has finish state
|
|
|
|
|
|
|
|
|
|
|
|
fixes a1a2b79240511222868a60960d51f12adbe0d7d4
|
|
|
|
|
|
fix 4b52c1a3590b43ca892c460d9b1478e1da742156
|
|
|
|
|
|
closes #17
|
|
cli: T40: Show version of running accel-pppd from cli or telnet
|
|
Add accept-blank-service option
|
|
|
|
dhcp request header
|
|
|
|
|
|
|
|
* fix no next pool when it was defined after referencing:
192.168.1.2-255,name=pool1,next=pool2
192.168.2.2-255,name=pool2
* fix UB when next pool was set to same pool:
192.168.1.2-255,name=pool1,next=pool1
* add warning about empty/not defined next pools
|
|
* fix no next pool when subsequent pool prefix was defined w/o next pool:
fc00:0:3::/48,64,name=pool1,next=pool2
fc00:0:4::/48,64,name=pool1
* fix no next pool when it was defined after referencing:
fc00:0:3::/48,64,name=pool1,next=pool2
fc00:0:4::/48,64,name=pool2
* fix UB when next pool was set to same pool:
fc00:0:3::/48,64,name=pool1,next=pool1
* add warning about empty/not defined next pools
|
|
|
|
|
