From ca024045c6f8b1fd19c928db861c3437bdc705a6 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 26 Jun 2013 20:50:19 +0200 Subject: l2tp: Unset ephemeral ports by default Disable use of ephemeral ports by default since it poses problems with NAT and wasn't used in earlier versions of accel-ppp. Signed-off-by: Guillaume Nault --- accel-pppd/ctrl/l2tp/l2tp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'accel-pppd/ctrl/l2tp/l2tp.c') diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index 5f731933..146a03ed 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -52,7 +52,7 @@ int conf_verbose = 0; int conf_hide_avps = 0; int conf_avp_permissive = 0; static int conf_port = L2TP_PORT; -static int conf_ephemeral_ports = 1; +static int conf_ephemeral_ports = 0; static int conf_timeout = 60; static int conf_rtimeout = 5; static int conf_retransmit = 5; -- cgit v1.2.3 From 6bf07eec92361996df794552e7e4f2ea36886b33 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 26 Jun 2013 20:50:52 +0200 Subject: l2tp: Close tunnel's PPPoL2TP socket The PPPoL2TP socket created upon tunnel connection is never used afterwards. It can be closed right after associating (connecting) the tunnel with the underlying UDP socket (kernel won't cleanup a tunnel as long as its UDP socket is open). Signed-off-by: Vladislav Grishenko Signed-off-by: Guillaume Nault --- accel-pppd/ctrl/l2tp/l2tp.c | 38 ++++++++++++++++---------------------- 1 file changed, 16 insertions(+), 22 deletions(-) (limited to 'accel-pppd/ctrl/l2tp/l2tp.c') diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index 146a03ed..d81516ed 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -97,8 +97,6 @@ struct l2tp_conn_t struct triton_timer_t rtimeout_timer; struct triton_timer_t hello_timer; - int tunnel_fd; - struct sockaddr_in peer_addr; struct sockaddr_in host_addr; uint16_t tid; @@ -706,9 +704,6 @@ static void l2tp_tunnel_free(struct l2tp_conn_t *conn) l2tp_conn[conn->tid] = NULL; pthread_mutex_unlock(&l2tp_lock); - if (conn->tunnel_fd != -1) - close(conn->tunnel_fd); - if (conn->ctx.tpd) triton_context_unregister(&conn->ctx); @@ -1123,8 +1118,6 @@ static struct l2tp_conn_t *l2tp_tunnel_alloc(const struct sockaddr_in *peer, conn->hello_timer.expire = l2tp_send_HELLO; conn->hello_timer.period = conf_hello_interval * 1000; - conn->tunnel_fd = -1; - conn->sessions = NULL; conn->sess_count = 0; conn->lns_mode = lns_mode; @@ -1269,6 +1262,7 @@ out_err: static int l2tp_tunnel_connect(struct l2tp_conn_t *conn) { struct sockaddr_pppol2tp pppox_addr; + int tunnel_fd; int flg; memset(&pppox_addr, 0, sizeof(pppox_addr)); @@ -1280,31 +1274,31 @@ static int l2tp_tunnel_connect(struct l2tp_conn_t *conn) pppox_addr.pppol2tp.s_tunnel = conn->tid; pppox_addr.pppol2tp.d_tunnel = conn->peer_tid; - conn->tunnel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); - if (conn->tunnel_fd < 0) { + tunnel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); + if (tunnel_fd < 0) { log_tunnel(log_error, conn, "impossible to connect tunnel:" " socket(AF_PPPOX) failed: %s\n", strerror(errno)); - goto out_err; + goto err; } - flg = fcntl(conn->tunnel_fd, F_GETFD); + flg = fcntl(tunnel_fd, F_GETFD); if (flg < 0) { log_tunnel(log_error, conn, "impossible to connect tunnel:" " fcntl(F_GETFD) failed: %s\n", strerror(errno)); - goto out_err; + goto err_fd; } - flg = fcntl(conn->tunnel_fd, F_SETFD, flg | FD_CLOEXEC); + flg = fcntl(tunnel_fd, F_SETFD, flg | FD_CLOEXEC); if (flg < 0) { log_tunnel(log_error, conn, "impossible to connect tunnel:" " fcntl(F_SETFD) failed: %s\n", strerror(errno)); - goto out_err; + goto err_fd; } - if (connect(conn->tunnel_fd, + if (connect(tunnel_fd, (struct sockaddr *)&pppox_addr, sizeof(pppox_addr)) < 0) { log_tunnel(log_error, conn, "impossible to connect tunnel:" " connect() failed: %s\n", strerror(errno)); - goto out_err; + goto err_fd; } if (conf_hello_interval) @@ -1312,19 +1306,19 @@ static int l2tp_tunnel_connect(struct l2tp_conn_t *conn) log_tunnel(log_error, conn, "impossible to connect tunnel:" " setting HELLO timer failed\n"); - goto out_err; + goto err_fd; } if (conn->timeout_timer.tpd) triton_timer_del(&conn->timeout_timer); + close(tunnel_fd); + return 0; -out_err: - if (conn->tunnel_fd >= 0) { - close(conn->tunnel_fd); - conn->tunnel_fd = -1; - } +err_fd: + close(tunnel_fd); +err: return -1; } -- cgit v1.2.3 From 004db9a22bf2b860cc36f4a1c24d559136b11c82 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 10 Jul 2013 12:55:10 +0200 Subject: l2tp: use asprintf() to set sessions channel names Now that memdebug implements asprintf() we can simplify session's channel name allocation by replacing the two snprintf() calls. Signed-off-by: Guillaume Nault --- accel-pppd/ctrl/l2tp/l2tp.c | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) (limited to 'accel-pppd/ctrl/l2tp/l2tp.c') diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index d81516ed..29ba76cc 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -1157,7 +1157,6 @@ static int l2tp_session_connect(struct l2tp_sess_t *sess) struct l2tp_conn_t *conn = sess->paren_conn; int lns_mode = sess->lns_mode; int flg; - int chan_sz; uint16_t peer_port; char addr[17]; @@ -1209,23 +1208,10 @@ static int l2tp_session_connect(struct l2tp_sess_t *sess) u_inet_ntoa(conn->peer_addr.sin_addr.s_addr, addr); peer_port = ntohs(conn->peer_addr.sin_port); - chan_sz = snprintf(NULL, 0, "%s:%i session %i", - addr, peer_port, sess->peer_sid); - if (chan_sz < 0) { + if (_asprintf(&sess->ppp.ses.chan_name, "%s:%i session %i", + addr, peer_port, sess->peer_sid) < 0) { log_session(log_error, sess, "impossible to connect session:" - " snprintf() failed: %s\n", strerror(errno)); - goto out_err; - } - sess->ppp.ses.chan_name = _malloc(chan_sz + 1); - if (sess->ppp.ses.chan_name == NULL) { - log_session(log_error, sess, "impossible to connect session:" - " memory allocation failed\n"); - goto out_err; - } - if (snprintf(sess->ppp.ses.chan_name, chan_sz + 1, "%s:%i session %i", - addr, peer_port, sess->peer_sid) < 0) { - log_session(log_error, sess, "impossible to connect session:" - " snprintf(%i) failed\n", chan_sz + 1); + " setting session's channel name failed\n"); goto out_err; } -- cgit v1.2.3 From 4e6cf832cddf523c233ff0f0f3b244e077d87df3 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Tue, 23 Jul 2013 20:35:14 +0200 Subject: l2tp: Add the ppp-max-mtu option As the maximum acceptable MTU for an L2TP link may vary depending on IP and L2TP packet headers options, it is better to make it configurable so that an administrator can adapt it to its network constraints. Use the original value (1420) as default. Signed-off-by: Guillaume Nault --- accel-pppd/accel-ppp.conf.5 | 4 ++++ accel-pppd/ctrl/l2tp/l2tp.c | 11 ++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) (limited to 'accel-pppd/ctrl/l2tp/l2tp.c') diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 index 2faf2ab7..9f7740a3 100644 --- a/accel-pppd/accel-ppp.conf.5 +++ b/accel-pppd/accel-ppp.conf.5 @@ -463,6 +463,10 @@ Specifies if an arbitrary source port is used when replying to a tunnel establishment request. When this option is deactivated, the destination port of the incoming request (SCCRQ) is used as source port for the reply (SCCRP). Default value is 0. +.TP +.BI "ppp-max-mtu=" n +Set the maximun MTU value that can be negociated for PPP over L2TP +sessions. Default value is 1420. .SH [radius] .br Configuration of RADIUS module. diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index 29ba76cc..b4b20b72 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -48,9 +48,12 @@ #define STATE_FIN 9 #define STATE_CLOSE 0 +#define DEFAULT_PPP_MAX_MTU 1420 + int conf_verbose = 0; int conf_hide_avps = 0; int conf_avp_permissive = 0; +static int conf_ppp_max_mtu = DEFAULT_PPP_MAX_MTU; static int conf_port = L2TP_PORT; static int conf_ephemeral_ports = 0; static int conf_timeout = 60; @@ -878,7 +881,7 @@ static struct l2tp_sess_t *l2tp_tunnel_alloc_session(struct l2tp_conn_t *conn) sess->ctrl.started = l2tp_ppp_started; sess->ctrl.finished = l2tp_ppp_finished; sess->ctrl.terminate = ppp_terminate; - sess->ctrl.max_mtu = 1420; + sess->ctrl.max_mtu = conf_ppp_max_mtu; sess->ctrl.mppe = conf_mppe; sess->ctrl.calling_station_id = _malloc(17); sess->ctrl.called_station_id = _malloc(17); @@ -3813,6 +3816,12 @@ static void load_config(void) if (opt && atoi(opt) > 0) conf_retransmit = atoi(opt); + opt = conf_get_opt("l2tp", "ppp-max-mtu"); + if (opt && atoi(opt) > 0) + conf_ppp_max_mtu = atoi(opt); + else + conf_ppp_max_mtu = DEFAULT_PPP_MAX_MTU; + opt = conf_get_opt("l2tp", "host-name"); if (opt) conf_host_name = opt; -- cgit v1.2.3