| Age | Commit message (Collapse) | Author |
|---|
|
config changes:
[ip-pool]
x.x.x.x/mask,name=pool1
y.y.y.y/mask,name=pool2,next=pool1
|
|
|
|
|
|
|
|
|
|
chap-secrets: add pool name support
|
|
Simplify previous commit, if 4th field isn't empty and doesn't
start with reserved chars (*-!), assume it as pool name.
Also, fix build warn without OPENSSL.
|
|
ppp: implement per-ctrl ppp interface rename support
|
|
Chap-secrets' ipdb uses 4th field as static peer ipv4 address. With no radius
and multiple same username sessions, it's impossible to use non-default pool
for such sessions.
Abuse chap-secret's 4th field as pool=name to specify session's pool name.
With ippool module loaded after chap-secrets (default order), it will be
used for allocation from the specified poll name.
Compatibility considerations:
* pppd will skip 'pool=*' with warn 'unknown host in auth. address list'
same as 5th field - shaper, because starting from 4th field pppd
parse list of value. so, no new effects here.
* previous versions of accel-ppp will parse 'pool=*' as empty address.
* with no 'pool=*' in chap-secrets or with no chap-secrets loaded, no
behavior change.
* with no ippool loaded, session will get no peer address.
* with ippool loaded before chap-secrets, chap-secrets's ipdb will not
be used, therefore neither ip addess not pool name will has no effect.
* if chap-secrets' pool is invalid or not found, default pool will be
used by ippool or address came from radius.
* chap-secret's pool name might override pool came from radius, if
radius module is loaded after chap-secrets and no address came from
radius.
|
|
Reuse exsisting radius functionality and allow set iterface name
template for pppoe/pptp/l2tp, '%d' specification will be replaced
automagically to the next available index by kernel.
PPP interface rename allows to easy differ client's interfaces from
the other ppp ones, for example, with just netfilter interface rules.
Example:
[pptp]
ifname=pptp%d will produce pptp0, pptp1, ...
|
|
|
|
|
|
|
|
|
|
|
|
pptp/l2tp: echo failure improvements
|
|
With incoming l2tp hello there's no need to ask peer for
replies in configured hello-interval, so just postpone it.
Helps against false-positive echo failures with heavily
loaded channels and/or peers.
|
|
With incoming pptp echo request there's no need to ask
peer for replies in configured echo-interval, so just
postpone it. Helps against false-positive echo failures
with heavily loaded channels and/or peers.
|
|
Sent echos counter is overloaded with random icmp id, so
echo-failure setting is either ignored or causes random pptp
channel stops within valid accumulated fail count range, i.e
on the the first fail. Since icmp id is not actually used for
checking, fix issue by dropping overload.
Default echo-failure value is 3, so allow endless echo fails
without channel drop by setting echo-failure to 0.
|
|
After session is freed on our end, kernel doesn't bother with possible
incoming data packets and just passes them to userspace, in turn
they are mistreated as short control packets with corresponding errors.
Since there's no special data packet handling, just ignore them.
|
|
default value for renew-time fixed
|
|
ipv6: nd: add non-/64 prefixes & AdvOnLinkFlag option support
|
|
|
|
print parsing
|
|
non-/64 subnets still needs Router Advertimenets for the
default route & RDNSS.
|
|
|
|
|
|
|
|
|
|
Assign opt82_ses=ses if shared=0
|
|
|
|
to get radius object use session:module("radius") function
radius object provides flollowing functions:
radius:attrs() - returns array of attributes {"name" = NAME, "vendor" = VENDOR|nil}
radius:attr(name[,vendor]) - returns value of attribute (may return multiple results)
Example:
function ip_up(ses)
rad = ses:module("radius")
attrs = rad:attrs()
if attrs then
print("attrs:")
for _,a in pairs(attrs) do
io.write("\t")
if a.vendor then io.write(a.vendor..":") end
io.write(a.name.."=")
print(rad:attr(a.name, a.vendor))
end
end
end
|
|
to access module specific object introduced new function session:module(NAME)
|
|
|
|
to lua scripts
session object consists of following functions:
ifname() - interface name
ifindex() - interface ifindex
sid() - Acct-Session-ID
uptime() - session uptime in seconds
username()
ctrl_type() - type of session (pppt/pppoe/l2tp/ipoe)
calling_sid() - Calling-Station-ID
called_sid() - Called-Station-ID
ipv4() - retuns pair (peer address, local address)
ipv6() - ipv6 address or nil
rx_bytes()
tx_bytes()
|
|
|
|
|
|
|
|
|
|
Implemented support for lua 5.2/5.3.
To build accel-ppp with exact lua version pass it in -DLUA=x.y, for example -DLUA=5.2 (cmake 3.0 is required for this).
Old style -DLUA=TRUE supports only 5.1 and does not require cmake 3.0.
Also extra lua modules (lua_lpack, lua_bit) took out into separated library luasupp.
|
|
|
|
[ppppd-compat]
fork-limit=N
Specifies number of simultaneously running background processes.
|
|
Instead of entering working thread into sleep triton saves machine context and stack on sleep and restores context/stack on wakeup.
This saves costly new thread allocation.
|
|
implemented coinfig reload
changed default value of ip-xxx scripts to be NULL (disabled)
|
|
1 - is high priority queue for Access-Request and Account-Request(Start)
2 - is low priority queue for Account-Request(Alive) and Account-Request(Stop)
This patch intended to prioritize sessions connecting requests over disconnects and interim updates.
|
|
Now, if lcp-echo-timeout is specified this is considered as idle timeout.
So if link is idling (no any packet was received) in specified interval accel-ppp starts to send LCP Echo-Request with lcp-echo-interval period.
If peer responds to echo request new idle period is being started.
If peer does not responds to lcp-echo-failure attempts accel-ppp terminates session with Acct-Terminate-Cause Lost-Carrier.
If lcp-echo-timeout is not specified or equals zero accel-ppp works in old behaviour (unconditionally sends LCP Echo-Request with lcp-echo-interval period).
This patch intended to prevent unexpected sessions termination due to lcp echo loses.
|
|
|
|
|
|
|
|
|
