| Age | Commit message (Collapse) | Author |
|---|
|
if not set, fallback to private key in the same ssl-pemfile
|
|
|
|
|
|
|
|
Warning: config options are changed aligned with general accel-ppp style.
Following cases, including no-openssl build are supported:
ssl | ssl-pemfile | behavior
1 set get both sha1 & sha256 from the certificate
0 set get both sha1 & sha256 from the certificate
0 unset use cert-hash-sha1 and/or cert-hash-sha256 hex options
no-openssl use cert-hash-sha1 and/or cert-hash-sha256 hex options
cert-hash-sha1 and/or cert-hash-sha256 hex options override certificate's,
so it's possible to turn certficate hash verification off with just empty
values (default).
|
|
|
|
|
|
|
|
async ppp
TODO: accounting/statistics, minimize syscall & memory usage
|
|
|
|
|
|
|
|
|
|
additional key when weights are equal
|
|
new config options:
[ipoe]
weight=N - global weight
interface=ethX,weight=N - per-interface weight
How it works:
On reception of DHCPDISCOVER accel-ppp sends broadcast DHCP message to port 67 with same xid and add special vendor-specific option
where encodes its current session count multipled by weight.
On reception of such message accel-ppp searches session with same xid and compares weight.
If received weight is less than session's weight then it terminates this session.
per-interface weight=0 has special meaning as backup (fail-over) interface, f.e. it terminates session on any received weight.
By default weight based load balancing is disabled.
To enable need to specify global or/and per-interface weight.
|
|
|
|
|
|
|
|
Reuse exsisting radius functionality and allow set iterface name
template for pppoe/pptp/l2tp, '%d' specification will be replaced
automagically to the next available index by kernel.
PPP interface rename allows to easy differ client's interfaces from
the other ppp ones, for example, with just netfilter interface rules.
Example:
[pptp]
ifname=pptp%d will produce pptp0, pptp1, ...
|
|
|
|
|
|
pptp/l2tp: echo failure improvements
|
|
With incoming l2tp hello there's no need to ask peer for
replies in configured hello-interval, so just postpone it.
Helps against false-positive echo failures with heavily
loaded channels and/or peers.
|
|
With incoming pptp echo request there's no need to ask
peer for replies in configured echo-interval, so just
postpone it. Helps against false-positive echo failures
with heavily loaded channels and/or peers.
|
|
Sent echos counter is overloaded with random icmp id, so
echo-failure setting is either ignored or causes random pptp
channel stops within valid accumulated fail count range, i.e
on the the first fail. Since icmp id is not actually used for
checking, fix issue by dropping overload.
Default echo-failure value is 3, so allow endless echo fails
without channel drop by setting echo-failure to 0.
|
|
After session is freed on our end, kernel doesn't bother with possible
incoming data packets and just passes them to userspace, in turn
they are mistreated as short control packets with corresponding errors.
Since there's no special data packet handling, just ignore them.
|
|
|
|
|
|
Assign opt82_ses=ses if shared=0
|
|
Implemented support for lua 5.2/5.3.
To build accel-ppp with exact lua version pass it in -DLUA=x.y, for example -DLUA=5.2 (cmake 3.0 is required for this).
Old style -DLUA=TRUE supports only 5.1 and does not require cmake 3.0.
Also extra lua modules (lua_lpack, lua_bit) took out into separated library luasupp.
|
|
|
|
|
|
|
|
|
|
introduced new config option:
[ipoe]
vendor=Name
this affects to all attributes specified in attr-xxx options
|
|
new config option:
[common]
max-sessions=N
If set then accel-pppd stops reply to new connection requests if total number of sessions (active and starting) is reached specified limit.
|
|
This reverts commit 88a908974b0b2e9c7eee8ad9a8b0b4432e95d167.
|
|
new config option:
[common]
max-sessions=N
If set then accel-pppd stops reply to new connection requests if total number of sessions (active and starting) is reached specified limit.
|
|
This reverts commit 9ea88bac7d5bf8fc5cf2d5f7d0a734ec7a9e6df6.
|
|
new config option:
[common]
max-sessions=N
If set then accel-pppd stops reply to new connection requests if total number of sessions (active and starting) is reached specified limit.
|
|
Included bitop library http://bitop.luajit.org/index.html
It may be used to extract vlan components in username function:
function username(ses)
vid=ses:vlan()
svid=bit.rshift(vid,16)
cvid=bit.band(vid,0xffff)
...
end
|
|
For this need to send 2 attributes: L4-Redirect=1,L4-Redirect-Ipset=new-set
|
|
This reverts commit b72efa378b32980f2114bcb8081fafbd93096aa0.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
