High performance PPTP/L2TP/PPPoE/IPoE server for Linux (mirror of https://github.com/marekm72/accel-ppp-xebd.git) https://git.amelek.net/marekm72/accel-ppp-xebd.git/atom?h=patch-1 2023-06-29T17:48:39+00:00 2023-06-29T17:48:39+00:00 Dmitriy Eshenko dmitriy.eshenko@accel-ppp.org 2023-06-29T17:48:39+00:00 urn:sha1:a9e9f3ea0d7d4c48ba402d885372c978d5c75aab 2022-11-01T09:08:06+00:00 Stephan Brunner s.brunner@stephan-brunner.net 2022-11-01T09:08:06+00:00 urn:sha1:5d3e96a67dc6ea6ca81156bdccd83b9b7e241ccb 2022-11-01T08:51:34+00:00 Stephan Brunner s.brunner@stephan-brunner.net 2022-11-01T08:51:14+00:00 urn:sha1:ffe3a1337c1380a5b79651b34037c6c9f66b9ea1 When a link has a relatively high throughput, the 32-bit packet and byte counters could overflow multiple times between accounting runs. To accommodate this limitation, directly use 64-bit interface statistics. This also gets rid of the internal giga-word counters. 2021-12-16T20:03:52+00:00 DmitriyEshenko dmitriy.eshenko@vyos.io 2021-12-10T16:43:42+00:00 urn:sha1:737bf4d8b6e9e1bf50be69e8c99028bb2696190c Co-authored-by: Sergey V. Lobanov <svlobanov@users.noreply.github.com> Co-authored-by: Vladislav Grishenko <themiron@users.noreply.github.com> 2021-03-20T14:21:47+00:00 Vladislav Grishenko themiron@mail.ru 2021-03-20T14:20:34+00:00 urn:sha1:44a526ab7de382f2ea0295c88a6024960cabca77 2021-03-20T14:14:59+00:00 [anp/hsw] sysop@880.ru 2021-03-20T14:14:59+00:00 urn:sha1:62f7740033f05053a581e864742575a46ccc6da2 * Fix errors found by valgrind ==12312== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s) ==12312== at 0x486CCF0: sendmsg (in /lib/libpthread-2.22.so) ==12312== by 0x12F57F: rtnl_talk (libnetlink.c:316) ==12312== by 0x132DA3: genl_resolve_mcg (genl.c:52) ==12312== by 0x484E1CB: init (vlan_mon.c:528) ==12312== by 0x484CDC0: vlan_mon_register_proto (vlan_mon.c:48) ==12312== by 0x510B763: load_vlan_mon (pppoe.c:1914) ==12312== by 0x510BFF2: load_config (pppoe.c:2064) ==12312== by 0x510C22A: pppoe_init (pppoe.c:2108) ==12312== by 0x483E9EB: triton_load_modules (triton.c:704) ==12312== by 0x1384B2: main (main.c:339) ==12312== Address 0xbedacdd8 is on thread 1's stack ==12312== in frame #2, created by genl_resolve_mcg (genl.c:23) ==12312== 15 bytes in 1 blocks are definitely lost in loss record 352 of 836 ==12312== at 0x482A9A9: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==12312== by 0x4B97524: strdup (in /lib/libc-2.22.so) ==12312== by 0x12C30C: init (telnet.c:769) ==12312== by 0x483E9EB: triton_load_modules (triton.c:704) ==12312== by 0x1384B2: main (main.c:339) ==12312== ==12312== 15 bytes in 1 blocks are definitely lost in loss record 353 of 836 ==12312== at 0x482A9A9: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==12312== by 0x4B97524: strdup (in /lib/libc-2.22.so) ==12312== by 0x12D60A: init (tcp.c:392) ==12312== by 0x483E9EB: triton_load_modules (triton.c:704) ==12312== by 0x1384B2: main (main.c:339) * Fix another warnings by cppcheck [accel-pppd/ctrl/ipoe/arp.c:256]: (error) Uninitialized variable: n [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 5) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 6) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 5) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 6) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 5) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 6) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/pppoe.c:738]: (warning) Possible null pointer dereference [accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/libnetlink/libnetlink.c:515]: (warning) Possible null pointer dereference [accel-pppd/ppp/ipv6cp_opt_intfid.c:185]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. * Suppress compiler warnings * Fix locking errors /opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c 279 warn V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 279, 249. /opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c 333 warn V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 333, 315. /opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c 422 warn V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 422, 372. /opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c 488 warn V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 488, 468. /opt/pvs/accel-ppp/accel-pppd/triton/mempool.c 119 warn V1020 The function exited without calling the 'pthread_spin_unlock' function. Check lines: 119, 116. * Fix array len errors /opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c 75 warn V557 Array underrun is possible. The value of 'len - 1' index could reach -1. /opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c 76 warn V557 Array underrun is possible. The value of '-- len' index could reach -1. * Fix possible memory leaks /opt/pvs/accel-ppp/accel-pppd/radius/radius.c 936 err V773 The function was exited without releasing the 'str' pointer. A memory leak is possible. /opt/pvs/accel-ppp/accel-pppd/radius/serv.c 622 err V773 The function was exited without releasing the 'str' pointer. A memory leak is possible. /opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c 144 err V773 The function was exited without releasing the 'raw' pointer. A memory leak is possible. * Fix unsafe code /opt/pvs/accel-ppp/accel-pppd/cli/tcp.c 364 warn V1004 The 'host' pointer was used unsafely after it was verified against nullptr. Check lines: 338, 364. /opt/pvs/accel-ppp/accel-pppd/cli/telnet.c 701 warn V1004 The 'host' pointer was used unsafely after it was verified against nullptr. Check lines: 675, 701. /opt/pvs/accel-ppp/accel-pppd/extra/ippool.c 241 err V614 Potentially uninitialized pointer 'pos' used. /opt/pvs/accel-ppp/accel-pppd/radius/dict.c 165 err V614 Uninitialized pointer 'parent_items' used. * Remove duplicate code /opt/pvs/accel-ppp/accel-pppd/radius/serv.c 202 warn V547 Expression 'ts.tv_sec < req->serv->fail_time' is always false. * Fix treating signed bool variables as unsigned * Add nullptr checking /opt/pvs/accel-ppp/accel-pppd/ipv6/dhcpv6.c 886 err V595 The 'opt->val' pointer was utilized before it was verified against nullptr. Check lines: 886, 890. /opt/pvs/accel-ppp/accel-pppd/ipv6/nd.c 479 err V595 The 'opt->val' pointer was utilized before it was verified against nullptr. Check lines: 479, 483. /opt/pvs/accel-ppp/accel-pppd/radius/auth.c 152 err V595 The 'rpd->auth_ctx' pointer was utilized before it was verified against nullptr. Check lines: 152, 154. /opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c 114 err V595 The 'cur_sect' pointer was utilized before it was verified against nullptr. Check lines: 114, 117. * Add logging of exit conditions * Clarify calculation [accel-pppd/ppp/ccp_mppe.c:281]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:282]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:283]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:284]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:285]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:286]: (style) Clarify calculation precedence for '&' and '?'. [drivers/ipoe/ipoe.c:307]: (style) Clarify calculation precedence for '&' and '?'. * Fix void calculations [accel-pppd/ctrl/pppoe/disc.c:211]: (portability) 'pkt' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/ctrl/pptp/pptp.c:150]: (portability) 'buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/acct.c:37]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/auth.c:35]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/auth.c:79]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:43]: (portability) 'pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:47]: (portability) 'pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:57]: (portability) 'pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:65]: (portability) 'req.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:97]: (portability) 'req.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/serv.c:364]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/triton/mempool.c:115]: (portability) 'mmap_ptr' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/triton/mempool.c:122]: (portability) 'mmap_ptr' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/triton/mempool.c:276]: (portability) 'ptr' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. * Fix void part 2 [accel-pppd/ipv6/dhcpv6.c:844]: (portability) 'conf_dnssl' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/ipv6/nd.c:199]: (portability) '(void*)dnsslinfo' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/ipv6/nd.c:432]: (portability) 'conf_dnssl' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. * Fix null pointer dereference [accel-pppd/ctrl/ipoe/ipoe.c:2048]: (warning) Possible null pointer dereference: eth [accel-pppd/ctrl/ipoe/ipoe.c:2049]: (warning) Possible null pointer dereference: iph * Remove redundant check /opt/pvs/accel-ppp/accel-pppd/ctrl/l2tp/packet.c 656 warn V547 Expression 'attr->length <= 16' is always false. * PR fixes * PR fixes 2 2020-06-28T23:38:42+00:00 Vladislav Grishenko themiron@mail.ru 2020-06-28T21:32:13+00:00 urn:sha1:0f2c18df473d131ff4c696078923e622e1bb4682 3.3.2.1 Negotiation Timer When establishing the SSTP connection, the SSTP server starts the negotiation timer. 2. After sending the Call Connect Acknowledge message, if the server does not receive a Call Connected message before the Negotiation timer expires then it MUST send a Call Abort message and start the process of bringing down (disconnecting) the connection. The server MAY implement different timer values for the Call Connected message and the Call Connect Request message. 3.3.7.1 Server-Side Interface with PPP When the server receives a PPP data frame from the PPP layer, the server MUST perform the following steps: * If CurrentState is set to Server_Call_Connected: Generate an SSTP data packet (section 2.2.3) with the PPP frame as the higher-layer payload and send the packet to the HTTPS layer. * Else, drop the PPP frame. sstp-client is known to be broken, it doesn't send SSTP_MSG_CALL_CONNECTED with PAP and CHAP-MD5 auth, no network data flow and disconnect by negotiation timer is expected. 2020-03-18T08:07:38+00:00 Simon Chopin s.chopin@alphalink.fr 2020-02-28T10:28:07+00:00 urn:sha1:f5b1c3f98bf082d4ecf57e8f2e3c61fc993d80e7 The index of a given interface is an operation that highly depends on the network namespace we're in. This patch simply cuts out a function to get the index for a given interface name from the session initialization code, and expose it in the ap_net structure. This function can then be used to refresh the index when moving interfaces around. Signed-off-by: Simon Chopin <s.chopin@alphalink.fr> 2020-03-06T23:31:11+00:00 Vladislav Grishenko themiron@mail.ru 2020-03-06T23:25:00+00:00 urn:sha1:6b04e5778c1c0c9686066dd44caccfd755917c25 usually there's no need to have per-proto limitation, since the need of max starting limitation affects the whole server, not particular protocol only. 2020-01-10T20:57:14+00:00 Vladislav Grishenko themiron@mail.ru 2020-01-10T20:57:14+00:00 urn:sha1:f532c72d0cb33b16b9794d83a46969538bdf2596 also, disable ipv6 pools via chap-secrets, need to find another syntax for it, may be with comments.