| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-12-19 | ipoe: added option 56 to DHCP NAK packet | Dmitry Kozlov | |
| 2020-09-13 | radius: keep vendor & attr numbers in order | Vladislav Grishenko | |
| 2020-09-06 | auth/chap-secrets/dhcpv4: fix big-endian arch support | Vladislav Grishenko | |
| 2020-09-06 | l2tp: fix RCE through buffer overflow & fix LE/BE compatibility | Vladislav Grishenko | |
| Unsufficent checks of valid l2tp header & avp length cause possible RCE through buffer overflow, reported by https://github.com/WinMin swings & leommxj, Chaitin Security Research Lab. Add missed header length and avp length validation to fix the issue. Order of struct bitfields is implementation-defined so current code doesn't play well with big-endian arch. switch to explicit flag bit checking/gathering to fix the issue. RFC 2661 and 3931 requires that length, seqeuence flags must be set and offset flag must not be set, so avp-premissive can't help in this cases. | |||
| 2020-08-09 | sstp: avoid redundant writes to ppp socket | Vladislav Grishenko | |
| 2020-08-09 | sstp: switch to async sending | Vladislav Grishenko | |
| 2020-08-01 | sstp: allow to configure send & receive buffer sizes | Vladislav Grishenko | |
| magic value of 65535 reported to have thoughput issues on unreliable transports (3G/4G), so let it be configurable. zero value means use system defaults: [sstp] sndbuf=0 rvcbuf=0 | |||
| 2020-08-01 | sstp: speed up data path | Vladislav Grishenko | |
| 2020-08-01 | sstp: use quick linger for closing sockets | Vladislav Grishenko | |
| 2020-07-01 | sstp: stop being noisy w/o verbose mode | Vladislav Grishenko | |
| 2020-06-29 | sstp: fix MITM w/o SSTP_MSG_CALL_CONNECTED is being sent | Vladislav Grishenko | |
| 3.3.2.1 Negotiation Timer When establishing the SSTP connection, the SSTP server starts the negotiation timer. 2. After sending the Call Connect Acknowledge message, if the server does not receive a Call Connected message before the Negotiation timer expires then it MUST send a Call Abort message and start the process of bringing down (disconnecting) the connection. The server MAY implement different timer values for the Call Connected message and the Call Connect Request message. 3.3.7.1 Server-Side Interface with PPP When the server receives a PPP data frame from the PPP layer, the server MUST perform the following steps: * If CurrentState is set to Server_Call_Connected: Generate an SSTP data packet (section 2.2.3) with the PPP frame as the higher-layer payload and send the packet to the HTTPS layer. * Else, drop the PPP frame. sstp-client is known to be broken, it doesn't send SSTP_MSG_CALL_CONNECTED with PAP and CHAP-MD5 auth, no network data flow and disconnect by negotiation timer is expected. | |||
| 2020-06-29 | sstp: fix compound mac validation with broken clients | Vladislav Grishenko | |
| sstp-client sends SSTP_MSG_CALL_CONNECTED message too early, before auth response, so HLAK can't be known yet and subsequent HLAK-based validation fails. workaround the issue by defer accepting SSTP_MSG_CALL_CONNECTED after auth either has been succeeded or bypassed. | |||
| 2020-06-28 | sstp: fix crypto-binding attr errors logging | Vladislav Grishenko | |
| 2020-06-08 | ipoe: gracefuly terminate denied sessions | Vladislav Grishenko | |
| 2020-04-30 | ipoe: dhcp: add rebind-time support | Vladislav Grishenko | |
| 2020-04-13 | dhcpv4/dhcpv6: improve packet validation | Vladislav Grishenko | |
| 2020-04-10 | Check for length in pppoe tags | Denys Fedoryshchenko | |
| 2020-04-06 | pptp: T6: Check timer before modify | DmitriyEshenko | |
| 2020-03-10 | Merge pull request #121 from themiron/max-starting-cleanup | xebd | |
| Add global [common]max-starting option | |||
| 2020-03-10 | Merge pull request #117 from themiron/echo-opt82 | xebd | |
| ipoe: dhcpv4: echo back opt82 if sent by client/relay per rfc3046 | |||
| 2020-03-07 | sstp: fix max-sessions limit was not applied | Vladislav Grishenko | |
| 2020-03-07 | session: add global [common]max-starting option | Vladislav Grishenko | |
| usually there's no need to have per-proto limitation, since the need of max starting limitation affects the whole server, not particular protocol only. | |||
| 2020-03-07 | Revert "ipoe,pptp: introduced max-starting option (limit number of starting ↵ | Vladislav Grishenko | |
| sessions)" This reverts commit 02008c74a19c538ff7d9ce643c8cd4c738886196. | |||
| 2020-03-07 | Revert "pppoe: introduced max-starting option (limit number of starting ↵ | Vladislav Grishenko | |
| sessions)" This reverts commit 61862862a9fa24db4f16c24db1aed1f1a5f0be19. | |||
| 2020-02-16 | ipoe: dhcpv4: echo back opt82 if sent by client/unknown relay per rfc3046 | Vladislav Grishenko | |
| 2020-02-16 | ipoe: dhcpv4: move relay packet logging after padding | Vladislav Grishenko | |
| 2020-02-16 | ipoe: dhcpv4: implement udp csum and padding per rfc1542 | Vladislav Grishenko | |
| 2020-01-13 | Merge pull request #110 from themiron/ipv6-pool | xebd | |
| Add named ipv6 pools support | |||
| 2020-01-11 | ipv6pool: add per-proto ipv6-pool and ipv6-pool-delegate options | Vladislav Grishenko | |
| also, disable ipv6 pools via chap-secrets, need to find another syntax for it, may be with comments. | |||
| 2019-12-24 | pppoe: introduced max-starting option (limit number of starting sessions) | Gavrilenkov A | |
| 2019-09-11 | ipoe: check for ipoe_create_session_dhcpv4 returns not NULL | Dmitry Kozlov | |
| 2019-09-04 | ipoe,pptp: introduced max-starting option (limit number of starting sessions) | Gavrilenkov A | |
| 2019-08-29 | ppp/ipoe: cleanup cleck-ip support | Vladislav Grishenko | |
| let check-ip setting from [ppp]/[ipoe] sections has prio over [common] for compatibility with older configs. | |||
| 2019-08-27 | Merge pull request #92 from themiron/sstp | xebd | |
| sstp: implement ssl-protocol option and add unsupported features logging | |||
| 2019-08-20 | Prepared check-ip and for ipoe, migrate to [common]check-ip | DmitriyEshenko | |
| 2019-07-27 | sstp: enable all client-compat opts | Vladislav Grishenko | |
| 2019-07-27 | sstp: tie log errors with config options | Vladislav Grishenko | |
| 2019-07-27 | sstp: log DH/ECDH support warnings as well | Vladislav Grishenko | |
| 2019-07-27 | sstp: implement ssl-protocol list option | Vladislav Grishenko | |
| possible protocols are ssl2, ssl3, tls1, tls1.1, tls1.2 and tls1.3, but support does depend on openssl library. defaults are up to openssl library w/o ssl2/ssl3. | |||
| 2019-05-29 | Added extra AVP to SCCCN as known to allow MPD5 tunnels | Pedro don't want to be here | |
| original commit author is @dyangol | |||
| 2019-05-13 | ipoe: restored max-lease-time functionality | Dmitry Kozlov | |
| 2019-05-13 | Revert "ipoe: restored max-lease-time functionality" | Dmitry Kozlov | |
| This reverts commit 6f433706a152ea987899fd830ff399e257b0f2a6. | |||
| 2019-05-13 | Merge branch 'master' of github.com:xebd/accel-ppp | Dmitry Kozlov | |
| 2019-05-13 | ipoe: restored max-lease-time functionality | Dmitry Kozlov | |
| 2019-05-09 | ipoe: Fix send NAK for REQUEST with 3 same XID for not existing sessions | DmitriyEshenko | |
| 2019-03-08 | initialize ssl_halen = ETH_ALEN in sockaddr_ll structures | Dmitry Kozlov | |
| 2019-02-12 | ipoe: always ignore Gratoitous ARP | Dmitry Kozlov | |
| 2019-02-02 | ipoe: dhcpv4: add wins1/wins2 config options support | Vladislav Grishenko | |
| 2019-02-02 | ipoe: dhcpv4: fix dhcp reply with dns1 unset, dns2 set | Vladislav Grishenko | |
| 2019-02-02 | ipoe: dhcpv4: group radius array attrs into one dhcp option | Vladislav Grishenko | |
 |
index : accel-ppp.git | |
| High performance PPTP/L2TP/SSTP/PPPoE/IPoE server for Linux (mirror of https://github.com/marekm72/accel-ppp.git) |
| summaryrefslogtreecommitdiff |