From f01b90e7b0a3cf3b08fbc750932c658e5640ba97 Mon Sep 17 00:00:00 2001 From: Oleksandr Martsyniuk Date: Sat, 21 Jan 2017 15:51:29 +0200 Subject: default value for renew-time fixed To keep clients from losing adresses, T1 should be set less that lease time. --- accel-pppd/accel-ppp.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/accel-pppd/accel-ppp.conf b/accel-pppd/accel-ppp.conf index 2fcb85a..435b21b 100644 --- a/accel-pppd/accel-ppp.conf +++ b/accel-pppd/accel-ppp.conf @@ -105,7 +105,7 @@ verbose=1 username=ifname #password=username lease-time=600 -renew-time=600 +renew-time=300 max-lease-time=3600 #unit-cache=1000 #l4-redirect-table=4 -- cgit v1.2.3 From faf5bf8a0f40119273b94d8c80bafaaabb3d185e Mon Sep 17 00:00:00 2001 From: Vladislav Grishenko Date: Sat, 28 Jan 2017 03:02:22 +0500 Subject: l2tp: skip obsolete session data packets from logging After session is freed on our end, kernel doesn't bother with possible incoming data packets and just passes them to userspace, in turn they are mistreated as short control packets with corresponding errors. Since there's no special data packet handling, just ignore them. --- accel-pppd/ctrl/l2tp/packet.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/accel-pppd/ctrl/l2tp/packet.c b/accel-pppd/ctrl/l2tp/packet.c index 34e4bb6..455c486 100644 --- a/accel-pppd/ctrl/l2tp/packet.c +++ b/accel-pppd/ctrl/l2tp/packet.c @@ -289,21 +289,21 @@ int l2tp_recv(int fd, struct l2tp_packet_t **p, struct in_pktinfo *pkt_info, return 0; } - if (n < sizeof(*hdr)) { + if (n < 6) { if (conf_verbose) log_warn("l2tp: short packet received (%i/%zu)\n", n, sizeof(*hdr)); goto out_err_hdr; } + if (hdr->T == 0) + goto out_err_hdr; + if (n < ntohs(hdr->length)) { if (conf_verbose) log_warn("l2tp: short packet received (%i/%i)\n", n, ntohs(hdr->length)); goto out_err_hdr; } - if (hdr->T == 0) - goto out_err_hdr; - if (hdr->ver == 2) { if (hdr->L == 0) { if (conf_verbose) -- cgit v1.2.3 From 528b83c33e5b03467fda5dbb1cb398bb4795fa7b Mon Sep 17 00:00:00 2001 From: Vladislav Grishenko Date: Sat, 28 Jan 2017 02:39:19 +0500 Subject: pptp: fix and allow to disable echo failures counting Sent echos counter is overloaded with random icmp id, so echo-failure setting is either ignored or causes random pptp channel stops within valid accumulated fail count range, i.e on the the first fail. Since icmp id is not actually used for checking, fix issue by dropping overload. Default echo-failure value is 3, so allow endless echo fails without channel drop by setting echo-failure to 0. --- accel-pppd/ctrl/pptp/pptp.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/accel-pppd/ctrl/pptp/pptp.c b/accel-pppd/ctrl/pptp/pptp.c index 99958cc..03f6e98 100644 --- a/accel-pppd/ctrl/pptp/pptp.c +++ b/accel-pppd/ctrl/pptp/pptp.c @@ -423,13 +423,10 @@ static int pptp_echo_rply(struct pptp_conn_t *conn) if (conf_verbose) log_ppp_debug("recv [PPTP Echo-Reply ]\n", msg->identifier); - /*if (msg->identifier != conn->echo_sent) { - log_ppp_warn("pptp:echo: identifier mismatch\n"); - //return -1; - }*/ conn->echo_sent = 0; return 0; } + static void pptp_send_echo(struct triton_timer_t *t) { struct pptp_conn_t *conn = container_of(t, typeof(*conn), echo_timer); @@ -443,8 +440,7 @@ static void pptp_send_echo(struct triton_timer_t *t) return; } - conn->echo_sent = random(); - msg.identifier = conn->echo_sent; + msg.identifier = random(); if (conf_verbose) log_ppp_debug("send [PPTP Echo-Request ]\n", msg.identifier); @@ -761,7 +757,7 @@ static void load_config(void) conf_echo_interval = atoi(opt); opt = conf_get_opt("pptp", "echo-failure"); - if (opt && atoi(opt) > 0) + if (opt && atoi(opt) >= 0) conf_echo_failure = atoi(opt); opt = conf_get_opt("pptp", "verbose"); -- cgit v1.2.3 From 8d7b74ed52922b352a39993ed6856fccf826f25b Mon Sep 17 00:00:00 2001 From: Vladislav Grishenko Date: Sat, 28 Jan 2017 02:53:17 +0500 Subject: pptp: implement adaptive pptp echo With incoming pptp echo request there's no need to ask peer for replies in configured echo-interval, so just postpone it. Helps against false-positive echo failures with heavily loaded channels and/or peers. --- accel-pppd/ctrl/pptp/pptp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/accel-pppd/ctrl/pptp/pptp.c b/accel-pppd/ctrl/pptp/pptp.c index 03f6e98..fa48687 100644 --- a/accel-pppd/ctrl/pptp/pptp.c +++ b/accel-pppd/ctrl/pptp/pptp.c @@ -413,6 +413,9 @@ static int pptp_echo_rqst(struct pptp_conn_t *conn) log_ppp_debug("send [PPTP Echo-Reply ]\n", out_msg.identifier); } + if (conn->echo_timer.tpd) + triton_timer_mod(&conn->echo_timer, 0); + return post_msg(conn, &out_msg, sizeof(out_msg)); } -- cgit v1.2.3 From f0829a7a37b991f0e7289e3c8d0140fcf72f9263 Mon Sep 17 00:00:00 2001 From: Vladislav Grishenko Date: Sat, 28 Jan 2017 02:59:51 +0500 Subject: l2tp: implement adaptive l2tp hello With incoming l2tp hello there's no need to ask peer for replies in configured hello-interval, so just postpone it. Helps against false-positive echo failures with heavily loaded channels and/or peers. --- accel-pppd/ctrl/l2tp/l2tp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index 51f8e7d..a44d31d 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -3213,6 +3213,9 @@ static int l2tp_recv_HELLO(struct l2tp_conn_t *conn, log_tunnel(log_debug, conn, "handling HELLO\n"); + if (conn->hello_timer.tpd) + triton_timer_mod(&conn->hello_timer, 0); + return 0; } -- cgit v1.2.3