| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Fix indentation of sections 'log' and 'ip-pool'.
Remove space before comma in section 'chap-secret/username-hash'.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Add two options to the 'l2tp create tunnel' command:
* 'peer-port' allows to specify the destination port of the
SCCRQ packet (instead of standard port 1701). This allows
to connect to a peer listening on a non standard port.
* 'host-port' allows to specify the source port of the SCCRQ
packet (instead of an arbitrary free port).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Define option 'use-ephemeral-ports' for accel-ppp.conf. When set
to 0, this option deactivates the use of ephemeral ports. That is,
accel-ppp won't choose an arbitrary source port when replying to a
tunnel establishment request, but will use the SCCRQ's destination
port instead.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Commit 05bb6859 "pptp,l2tp: bind to port options" assigns fixed source
port for every L2TP tunnel. This removes support for ephemeral ports
(as described in RFC 2661 section 8.1) and statically sets the source
port when accel-ppp initiates tunnel connections.
This patch reverts to the previous behaviour (automatic source port
selection) while keeping the ability to listen for incoming
connections on a port different from 1701 (which was the purpose of
commit 05bb6859).
Support for disabling usage of ephemeral ports and for manual port
selection upon tunnel creation will be added later on by means of
configuration options.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
This variable doesn't need to be visible outside of its
compilation unit.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
|
|
|
|
|
|
default)
|
|
|
|
|
|
|
|
Allocate space for the terminationg null byte, to avoid truncating
PPP channel name.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
|
|
|
|
|
|
Since multiple sessions may be created in each tunnel, a client may
bypass the connlimit module by creating many sessions in an existing
tunnel (connlimit is only used upon reception of SCCRQ messages).
This patch adds connlimit checks when handling session creation requests
(ICRQ and OCRQ) so that connection limits get enforced in every case.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use the number of available processors to set the thread-count
option if not given in configuration file.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Define l2tp_packet_add_int64() to create attributes of 64 bits long
integers.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Set Challenge attribute using a random length so that its size can't
be guessed when hide-avps is on.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Add option "hide-avps" in the "l2tp" section for hiding attributes
sent to peer. This same option is also made available on accel-ppp's
command line interface:
accel-ppp# tunnel create tunnel peer-addr 192.0.2.1 hide-avps 1
Attribute hiding is performed upon attribute creation (in the
l2tp_packet_add_*() functions family) rather than upon packet sending.
This avoid running the cipher for every retransmission; the counterpart
is that l2tp_packet_print() can't dump original attributes of hidden
AVPs.
Currently, only one random vector is used for all hidden AVPs in a
packet. This is easily extensible though, as the 'last_RV' field in
struct l2tp_packet_t may be overridden to use new vectors for next
AVPs.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Define and export the u_randbuf() function that fills a buffer with
random data.
Convert L2TP's challenge generation code for using it.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Decode hidden AVPs on reception. This is transparent for functions in
l2tp.c (except for the presence of the Random Vector AVP).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Secret length is used quite often especially when handling hidden AVPs.
Store conf_secret length together with conf_secret to avoid calling
strlen(conf_secret) every time.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Received attributes of type ATTR_TYPE_INT64 are transferred to upper
layer in network byte order while any other integer type uses host
byte order.
This patch converts int64 values to host byte order so that they can be
used like other integer types.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
When adding a string AVP to an L2TP packet, the attribute value is
allocated and set using strdup(). There's no need to memcpy() it
again afterwards.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
Use "info2" log messages to inform about packets sent or processed.
For HELLO and ZLB messages, the log level is set to "debug" as these
are transmitted quite often and don't bring much information (this same
logging policy is used for logging packets when conf_verbose is on).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Log message for any packet retransmission action using log_tunnel()
and level "info2".
Remove l2tp_conn_log() since it is no longer used.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Add a log message (warn level) for any discarded message type.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use info1 messages to log information about main session establishment
and disconnection steps. These messages are:
* establishment requests and their origin (CLI, ICRQ or OCRQ)
* establishment confirmation (when session is really established)
* PPP establishment
* disconnection requests and their reason
Other information of interest use info2. These include:
* Peer Session ID setting
* Session internal structure freeing
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Use info1 messages to log information about main tunnel establishment
and disconnection steps. These messages are:
* establishment requests and their origin (CLI or SCCRQ)
* establishment confirmation (when tunnel is really established)
* disconnection requests and their reason
Other information of interest use info2. These include:
* Peer port update
* Peer Tunnel ID setting
* Tunnel internal structure freeing
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Adapt packet logging policy to make it consistent across L2TP packet
handling functions:
* Don't log messages if conf_verbose is off.
* Log HELLO and ZLB messages with log_debug and use log_info2 for
any other message type.
* Log retransmissions with log_info2, no matter the message type.
* Log outgoing messages right before sending them.
* Log incoming messages right before analysing their message type.
This unifies the way l2tp_conn_read() and l2tp_udp_read() log
incoming messages.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Implement minimal WEN messages processing, so that they get properly
acknowledged.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Handle incomming messages differently depending on their Message Type:
* Close tunnel only when handling tunnel establishment messages
fails (SCCRP and SCCCN) and everytime a StopCCN is received.
* Never close tunnel after reception of HELLO, SLI or session
establishment messages (ICRQ and OCRQ).
* Ignore messages with invalid first attribute type.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Interpret AVPs present in CDN to provide user with better diagnostic.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
