summaryrefslogtreecommitdiff
path: root/kernel/driver/find_kernel_headers
diff options
context:
space:
mode:
authorDenys Fedoryshchenko <denys.f@collabora.com>2025-06-25 22:31:08 +0300
committerDenys Fedoryshchenko <denys.f@collabora.com>2025-07-01 14:32:13 +0300
commit1ce263f13ac0b3aed3b14b4a9bb6a51afe210684 (patch)
treece765094676327c751586010e65ce4af4545f262 /kernel/driver/find_kernel_headers
parente06f5b835eb3ef28a2489ca903bc410175225c11 (diff)
downloadaccel-ppp-1ce263f13ac0b3aed3b14b4a9bb6a51afe210684.tar.gz
accel-ppp-1ce263f13ac0b3aed3b14b4a9bb6a51afe210684.zip
Add RADIUS blast attack protection with Message-Authenticator
Recently FreeRadius started to complain accel-ppp doesn't pass BlastRADIUS check. This commit fixes that. This commit implements protection against RADIUS blast attacks by adding support for the Message-Authenticator attribute in Access-Request packets. This security enhancement helps prevent unauthorized access attempts and replay attacks on RADIUS authentication. - Added new configuration option `blast-protection=1` in [radius] to enable Message-Authenticator inclusion - Implemented HMAC-MD5 calculation for Message-Authenticator attribute (RFC 2869) - Modified packet building to include 18-byte Message-Authenticator attribute when enabled - Updated packet structure to support signing with shared secret Enable blast protection by adding to the `[radius]` section: ``` blast-protection=1 ``` When enabled, all Access-Request packets will include a Message-Authenticator attribute with HMAC-MD5 signature, providing cryptographic integrity verification and protection against packet modification attacks. Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
Diffstat (limited to 'kernel/driver/find_kernel_headers')
0 files changed, 0 insertions, 0 deletions