| Age | Commit message (Collapse) | Author |
|---|
|
Report tunnel statistics with the "show stat" command.
Statistics are updated upon tunnel state modifications. Setting the
STATE_ESTB state is centralised in l2tp_tunnel_connect() to ensure
the tunnel state remains synchronised with the statistics even when
errors occur.
While there, connect tunnels after sending SCCCN and stop tunnel
establishment timer as soon as l2tp_tunnel_connect() is called (so
that it'll be deleted even upon failure).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Since launching L2TP sessions doesn't require to create a new context
anymore, the only purpose of l2tp_tunnel_start_session() is to start
the session establishment timer. This patch let the session startup
functions handle this timer, so that sessions aren't started by a
function pointer anymore. Direct access to the session startup function
also let the caller handle startup failures using its existing error
handling path.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
* l2tp_session_disconnect() now always succeeds.
* l2tp_tunnel_cancel_session() now can be replaced by
l2tp_session_free().
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Run the control channels of L2TP sessions in their tunnel context to
avoid context calls between tunnels and sessions.
Tunnels and sessions now use the new state STATE_INIT as their initial
state (allows to differentiate between tunnels and sessions that are
starting or stopping). The STATE_CLOSE state isn't implicitely set to
0 by memset() anymore, so its value is changed for consistency with the
other STATE_* values.
With tunnels and sessions running in the same context, sessions can
remove themselves from their tunnel without having to perform context
calls. Tunnels can also remove sessions directly, without having to
asynchronously notify them. So the set of l2tp_tunnel_free_session*()
functions becomes useless. Sessions can also check if they're the last
session of the tunnel and automatically disconnect the tunnel if need
be. So the l2tp_tunnel_session_freed() callback can be removed.
The 'sess_count' field is now used to track the number of sessions
stored in the 'sessions' field of tunnels. It's incremented as soon
as a session is added and everytime one is removed.
The callback, used by data channels to notify their L2TP control session
of disconnection, is now executed in the tunnel context. The session ID
is used by the tunnel to find which session the disconnection applies
to. The session may well get destroyed by other means between the time
of the context call and the time of the callback execution.
The l2tp_tunnel_start_session() function doesn't need to create a new
context for the session. It now only sets the session establishment
timer and directly runs the session startup callback.
Since l2tp_session_free() can now handle sessions in any state and is
called within the tunnel context, there is no need for a special
l2tp_tunnel_cancel_session() (for now, this function is kept for patch
clarity).
Now that session packets are sent while in tunnel context,
l2tp_session_send() only needs to set the header session ID and can
directly call l2tp_tunnel_send(). For reception, the tunnel also
directly calls l2tp_session_recv().
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Split L2TP control and data channels operations. The data channel of an
L2TP session now runs in its own triton context.
The L2TP control session initialises and launches the data channel
context in l2tp_session_start_data_channel(). Then all data channel
operations (e.g. PPP negociation) are performed in this context.
When the data channel stops, it checks if the control channel is still
running; if so, it notifies the control channel about its disconnection
using the l2tp_session_apses_finished() callback.
The control channel similarly checks for data channel execution and
notifies about L2TP layer disconnection using apses_stop().
Since the presence of the data channel is checked using its context
field, the STATE_PPP state isn't required anymore. So L2TP control
sessions now automatically enter STATE_ESTB in l2tp_session_connect().
A new set of states (APSTATE_*) are defined for tracking evolution of
data channels. Data channels also handle statistics using these new
states.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Define a new function for initialising and starting the data channel of
an L2TP session. For now, l2tp_session_start_data_channel() only
gathers the data channel specific operations, previously handled by
l2tp_tunnel_alloc_session() and l2tp_session_connect().
While here, move deletion of the session establishment timer to the
beginning of l2tp_session_connect(), so that it will stop even if the
function fails.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use reference counters to track tunnels and sessions usage.
Tunnels hold a reference to each of their sessions while sessions hold
a reference to the tunnel they belong to. Tunnels and sessions also
hold themselves to ensure that l2tp_{tunnel_session}_free() will be
called before their reference counter drops to zero.
Once the reference counter drops to zero, the tunnel or session is
destroyed. Destruction may happen in any context, so context dependant
operations still have to be done in l2tp_{tunnel,session}_free(). On
the other hand l2tp_{tunnel,session}_free() must not free data wich may
be required by their reference holders.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
A triton context handler may not unregister itself while executed by
the context thread, unless it returns -1 (otherwise the md thread may
free the handler before the context thread stops using it).
So l2tp_conn_read() must return -1 after calling l2tp_tunnel_free()
(the md handler associated to l2tp_conn_read() may be unregistered
by l2tp_tunnel_free()).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
The "reload" command frees the variable pointed to by conf_secret
in case the "secret" option gets removed from accel-ppp.conf. In
such a case, conf_secret must be reset to NULL to avoid dereferencing
the old pointer.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Store tunnel secret in the l2tp_conn_t structure so that different
tunnels may use different secrets.
The new "secret" option, added to the "l2tp create tunnel" command,
let the user define the secret to be used by the new tunnel.
By default, new tunnels keep using the "secret" option defined in
accel-ppp.conf.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
warning if they're running already
Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
|
|
start warning if they're running already"
This reverts commit c4ddc0fe1f402f84b1bb01b9568e2294569d0d15.
|
|
warning if they're running already
Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
|
|
The Assigned Session ID AVP should only be sent in ICRQ, ICRP, OCRQ,
OCRP and CDN messages. An LNS receiving an ICCN with Assigned
Session ID may reject the message because of this unexpected
mandatory AVP.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
There's no need to check for iprange when creating a new tunnel
upon administrator's request.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
may be overrided by radius
Signed-off-by: Dmitry Kozlov <xeb@mail.ru>
|
|
Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
|
|
As the maximum acceptable MTU for an L2TP link may vary depending on
IP and L2TP packet headers options, it is better to make it
configurable so that an administrator can adapt it to its network
constraints.
Use the original value (1420) as default.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Now that memdebug implements asprintf() we can simplify session's
channel name allocation by replacing the two snprintf() calls.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
The PPPoL2TP socket created upon tunnel connection is never used
afterwards. It can be closed right after associating (connecting)
the tunnel with the underlying UDP socket (kernel won't cleanup a
tunnel as long as its UDP socket is open).
Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Disable use of ephemeral ports by default since it poses problems with
NAT and wasn't used in earlier versions of accel-ppp.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Add two options to the 'l2tp create tunnel' command:
* 'peer-port' allows to specify the destination port of the
SCCRQ packet (instead of standard port 1701). This allows
to connect to a peer listening on a non standard port.
* 'host-port' allows to specify the source port of the SCCRQ
packet (instead of an arbitrary free port).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Define option 'use-ephemeral-ports' for accel-ppp.conf. When set
to 0, this option deactivates the use of ephemeral ports. That is,
accel-ppp won't choose an arbitrary source port when replying to a
tunnel establishment request, but will use the SCCRQ's destination
port instead.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Commit 05bb6859 "pptp,l2tp: bind to port options" assigns fixed source
port for every L2TP tunnel. This removes support for ephemeral ports
(as described in RFC 2661 section 8.1) and statically sets the source
port when accel-ppp initiates tunnel connections.
This patch reverts to the previous behaviour (automatic source port
selection) while keeping the ability to listen for incoming
connections on a port different from 1701 (which was the purpose of
commit 05bb6859).
Support for disabling usage of ephemeral ports and for manual port
selection upon tunnel creation will be added later on by means of
configuration options.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
This variable doesn't need to be visible outside of its
compilation unit.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
Allocate space for the terminationg null byte, to avoid truncating
PPP channel name.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Since multiple sessions may be created in each tunnel, a client may
bypass the connlimit module by creating many sessions in an existing
tunnel (connlimit is only used upon reception of SCCRQ messages).
This patch adds connlimit checks when handling session creation requests
(ICRQ and OCRQ) so that connection limits get enforced in every case.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Set Challenge attribute using a random length so that its size can't
be guessed when hide-avps is on.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Add option "hide-avps" in the "l2tp" section for hiding attributes
sent to peer. This same option is also made available on accel-ppp's
command line interface:
accel-ppp# tunnel create tunnel peer-addr 192.0.2.1 hide-avps 1
Attribute hiding is performed upon attribute creation (in the
l2tp_packet_add_*() functions family) rather than upon packet sending.
This avoid running the cipher for every retransmission; the counterpart
is that l2tp_packet_print() can't dump original attributes of hidden
AVPs.
Currently, only one random vector is used for all hidden AVPs in a
packet. This is easily extensible though, as the 'last_RV' field in
struct l2tp_packet_t may be overridden to use new vectors for next
AVPs.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Define and export the u_randbuf() function that fills a buffer with
random data.
Convert L2TP's challenge generation code for using it.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Decode hidden AVPs on reception. This is transparent for functions in
l2tp.c (except for the presence of the Random Vector AVP).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Secret length is used quite often especially when handling hidden AVPs.
Store conf_secret length together with conf_secret to avoid calling
strlen(conf_secret) every time.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use "info2" log messages to inform about packets sent or processed.
For HELLO and ZLB messages, the log level is set to "debug" as these
are transmitted quite often and don't bring much information (this same
logging policy is used for logging packets when conf_verbose is on).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Log message for any packet retransmission action using log_tunnel()
and level "info2".
Remove l2tp_conn_log() since it is no longer used.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Add a log message (warn level) for any discarded message type.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use info1 messages to log information about main session establishment
and disconnection steps. These messages are:
* establishment requests and their origin (CLI, ICRQ or OCRQ)
* establishment confirmation (when session is really established)
* PPP establishment
* disconnection requests and their reason
Other information of interest use info2. These include:
* Peer Session ID setting
* Session internal structure freeing
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use info1 messages to log information about main tunnel establishment
and disconnection steps. These messages are:
* establishment requests and their origin (CLI or SCCRQ)
* establishment confirmation (when tunnel is really established)
* disconnection requests and their reason
Other information of interest use info2. These include:
* Peer port update
* Peer Tunnel ID setting
* Tunnel internal structure freeing
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Adapt packet logging policy to make it consistent across L2TP packet
handling functions:
* Don't log messages if conf_verbose is off.
* Log HELLO and ZLB messages with log_debug and use log_info2 for
any other message type.
* Log retransmissions with log_info2, no matter the message type.
* Log outgoing messages right before sending them.
* Log incoming messages right before analysing their message type.
This unifies the way l2tp_conn_read() and l2tp_udp_read() log
incoming messages.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Implement minimal WEN messages processing, so that they get properly
acknowledged.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Handle incomming messages differently depending on their Message Type:
* Close tunnel only when handling tunnel establishment messages
fails (SCCRP and SCCCN) and everytime a StopCCN is received.
* Never close tunnel after reception of HELLO, SLI or session
establishment messages (ICRQ and OCRQ).
* Ignore messages with invalid first attribute type.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Interpret AVPs present in CDN to provide user with better diagnostic.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Allocate PPP channel name using the string size to be stored and check
for allocation failure. Use two snprintf() and a _malloc() instead of
asprintf() so that allocated memory will be visible by memdebug.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
In all reception or sending functions, return 0 on success or if
incomming message has been ignored (l2tp_recv_*() only). Return -1
upon any processing error.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
There is no need to warn about missing Challenge when handling SCCRQ
comming from a host for which a secret exists: this will be done
automatically upon SCCRP generation (by l2tp_tunnel_genchallresp()).
Using the log message from l2tp_tunnel_genchallresp() has the advantage
of working for missing Challenge AVPs in both SCCRQ and SCCRP messages.
This patch also removes a redundant log message in l2tp_session_recv()
when handling unknown message types.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
* Avoid retrieving tunnel and session contexts manually; use
l2tp_{tunnel,session}_self() instead.
* Use l2tp_session_disconnect() instead of using an
l2tp_send_CDN(); l2tp_session_free() sequence.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
If a HELLO message can't be acknowledged just log an error as tunnel
doesn't need to get closed. If too many HELLO messages aren't
acknowledged, the peer will close the tunnel itself.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
If tunnel or session establishment timeout expires, send StopCCN or CDN
to notify peer before closing tunnel/session.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Always disconnect tunnel once l2tp_tunnel_disconnect() is called,
even if sending StopCCN failed.
Change the way unknown message types are handled to comply with
new l2tp_tunnel_disconnect() signature.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
