summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-12-30sstp: allow colons in cert-hash-* hex valuesVladislav Grishenko
Simplify copy-pasting from openssl x509 -fingerprint output: Examples: openssl x509 -in cert.pem -noout -fingerprint -sha1 openssl x509 -in cert.pem -noout -fingerprint -sha256
2017-12-30sstp: use ssl-keyfile option for certificate private keyVladislav Grishenko
if not set, fallback to private key in the same ssl-pemfile
2017-12-30sstp: treat SSL errors as EIOVladislav Grishenko
2017-12-30sstp: keep default ssl ciphers for better compatibilityVladislav Grishenko
2017-12-30sstp: allow to prefer server ciphers with ssl-prefer-server-ciphers optionVladislav Grishenko
2017-12-30sstp: implement Crypto Binding's Certificate hash & proto checking per 3.3.5.2.3Vladislav Grishenko
Warning: config options are changed aligned with general accel-ppp style. Following cases, including no-openssl build are supported: ssl | ssl-pemfile | behavior 1 set get both sha1 & sha256 from the certificate 0 set get both sha1 & sha256 from the certificate 0 unset use cert-hash-sha1 and/or cert-hash-sha256 hex options no-openssl use cert-hash-sha1 and/or cert-hash-sha256 hex options cert-hash-sha1 and/or cert-hash-sha256 hex options override certificate's, so it's possible to turn certficate hash verification off with just empty values (default).
2017-12-30sstp: implement Crypto Binding attr & nonce checking per 3.3.5.2.3Vladislav Grishenko
2017-12-30sstp: fix thread crash on certificate-error diconnectVladislav Grishenko
2017-12-30sstp: zero allocated packets, fix non-zero reserved fieldsVladislav Grishenko
2017-12-30sstp: make sstp great again. simplify ssl handlers, fix crashes, move to ↵Vladislav Grishenko
async ppp TODO: accounting/statistics, minimize syscall & memory usage
2017-12-30sstp: implement ifname option supportVladislav Grishenko
2017-12-30sstp: allow 3 nak replies per 3.3.5.2.2Vladislav Grishenko
2017-12-30sstp: implement preliminar sstp protocol supportVladislav Grishenko
2017-12-29ipv6: ignore "unspecified address" (::/128)Dmitry Kozlov
2017-12-28ipoe: check noauth option in [auth] section tooDmitry Kozlov
2017-12-28Merge pull request #30 from themiron/alloca-crashxebd
triton: fix crash due gcc mis-optimization of alloca()
2017-12-28triton: fix crash due gcc mis-optimization of alloca()Vladislav Grishenko
since alloca() result is used indirectly, gcc 4.7.2 thinks the whole call can be dropped on any optimization level.
2017-12-27ipoe,vlan_mon: updated up to kernel 4.14Dmitry Kozlov
2017-12-27ipoe: include server's mac into weight notify packet to be used as ↵Dmitry Kozlov
additional key when weights are equal
2017-12-27ipoe: implemented new load balancing mechanismDmitry Kozlov
new config options: [ipoe] weight=N - global weight interface=ethX,weight=N - per-interface weight How it works: On reception of DHCPDISCOVER accel-ppp sends broadcast DHCP message to port 67 with same xid and add special vendor-specific option where encodes its current session count multipled by weight. On reception of such message accel-ppp searches session with same xid and compares weight. If received weight is less than session's weight then it terminates this session. per-interface weight=0 has special meaning as backup (fail-over) interface, f.e. it terminates session on any received weight. By default weight based load balancing is disabled. To enable need to specify global or/and per-interface weight.
2017-12-27triton: fixed bugs introduced by previous commitDmitry Kozlov
2017-12-26shaper: install ifb filter for all protocolsDmitry Kozlov
2017-12-26move version message to topDmitry Kozlov
2017-12-26get rid of deprecated readdir_rDmitry Kozlov
2017-12-26reworked context prioritiesDmitry Kozlov
Introduced 4 priorities: 0 - management (cli) 1 - starting sessions (default priority) 2 - active sessions 3 - finishing sessions
2017-12-26shaper: install skbedit filter for all protocolsDmitry Kozlov
2017-12-25ipv6: implemented special handling of /128 prefixesDmitry Kozlov
If prefix length is 128 then send RA with 64 prefix length and add point-to-point ipv6 address on interface
2017-12-25ipv6pool: added gw-ip6-address option and special handling for /128 prefixesDmitry Kozlov
If pool specified with /128 prefix length, then initialize intf_id by gw_ip6_address and peer_intf_id by generated pool address.
2017-12-25libnetlink: added ip6addr_add_peer functionDmitry Kozlov
2017-12-21radius: allocate memory for string attributesDmitry Kozlov
2017-12-20shaper: define UINT16_MAX if not setDmitry Kozlov
2017-12-20ippool: fixed parsing /32 rangesDmitry Kozlov
2017-12-19ipoe: arp: do not reply on requests from 0.0.0.0Dmitry Kozlov
2017-12-19ipoe: fixed memory leakDmitry Kozlov
2017-12-15ipoe: rename HASH_BITS -> IPOE_HASH_BITSDmitry Kozlov
2017-12-15ipoe,vlan_mon: define RHEL_MAJOR=0 if not setDmitry Kozlov
2017-12-15cmake: added centos supportDmitry Kozlov
2017-12-15ipoe, vlan_mon: implemented support for centos 3.10 kernelDmitry Kozlov
2017-12-14Merge pull request #27 from themiron/ppp-ifnamexebd
ppp: fix interface rename if kernel returns not zero, but picked index
2017-12-14ppp: fix interface wildcard rename if kernel returns not zero, but picked indexVladislav Grishenko
2017-12-14ippool: implemented next pool supportDmitry Kozlov
config changes: [ip-pool] x.x.x.x/mask,name=pool1 y.y.y.y/mask,name=pool2,next=pool1
2017-12-14radius: fixed memory leakDmitry Kozlov
2017-12-07pppd_compat: mark session started if ip-up handler calledDmitry Kozlov
2017-12-07pppd_compat: fixed bug caused fork queue to stallDmitry Kozlov
2017-12-07cmake: set INSTALL_RPATH for radius moduleDmitry Kozlov
2017-12-07Merge pull request #26 from themiron/chap-ippoolxebd
chap-secrets: add pool name support
2017-12-07chap-secrets: assume 4th field as pool nameVladislav Grishenko
Simplify previous commit, if 4th field isn't empty and doesn't start with reserved chars (*-!), assume it as pool name. Also, fix build warn without OPENSSL.
2017-12-06Merge pull request #25 from themiron/ppp-ifnamexebd
ppp: implement per-ctrl ppp interface rename support
2017-12-06chap-secrets: allow to use pool name instead of address to specify ipv4 poolVladislav Grishenko
Chap-secrets' ipdb uses 4th field as static peer ipv4 address. With no radius and multiple same username sessions, it's impossible to use non-default pool for such sessions. Abuse chap-secret's 4th field as pool=name to specify session's pool name. With ippool module loaded after chap-secrets (default order), it will be used for allocation from the specified poll name. Compatibility considerations: * pppd will skip 'pool=*' with warn 'unknown host in auth. address list' same as 5th field - shaper, because starting from 4th field pppd parse list of value. so, no new effects here. * previous versions of accel-ppp will parse 'pool=*' as empty address. * with no 'pool=*' in chap-secrets or with no chap-secrets loaded, no behavior change. * with no ippool loaded, session will get no peer address. * with ippool loaded before chap-secrets, chap-secrets's ipdb will not be used, therefore neither ip addess not pool name will has no effect. * if chap-secrets' pool is invalid or not found, default pool will be used by ippool or address came from radius. * chap-secret's pool name might override pool came from radius, if radius module is loaded after chap-secrets and no address came from radius.
2017-12-05ppp: implement per-ctrl ppp interface rename support, may be overrided by radiusVladislav Grishenko
Reuse exsisting radius functionality and allow set iterface name template for pppoe/pptp/l2tp, '%d' specification will be replaced automagically to the next available index by kernel. PPP interface rename allows to easy differ client's interfaces from the other ppp ones, for example, with just netfilter interface rules. Example: [pptp] ifname=pptp%d will produce pptp0, pptp1, ...
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-28 08:28:14 +0000