From e489ddac3840bf66eaa30474dbe4e9a2a2444d75 Mon Sep 17 00:00:00 2001 From: DmitriyEshenko Date: Sun, 8 May 2022 15:38:04 +0300 Subject: T60: Implement configurable session-timeout param for all connection types --- accel-pppd/accel-ppp.conf.5 | 25 +++++++++++++++++++++++++ accel-pppd/ctrl/l2tp/l2tp.c | 10 ++++++++++ accel-pppd/ctrl/pppoe/pppoe.c | 8 ++++++++ accel-pppd/ctrl/pptp/pptp.c | 9 +++++++++ accel-pppd/ctrl/sstp/sstp.c | 9 +++++++++ accel-pppd/session.c | 10 ++++++++++ 6 files changed, 71 insertions(+) (limited to 'accel-pppd') diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 index 6eca358..9d7c63e 100644 --- a/accel-pppd/accel-ppp.conf.5 +++ b/accel-pppd/accel-ppp.conf.5 @@ -137,6 +137,11 @@ Specifies netlink maximum send buffer size (SO_SNDBUF option) (default 32768). .TP .BI "nl-rcv-buffer=" n Specifies netlink maximum receive buffer size (SO_RCVBUF option) (default 1048576). +.TP +.BI "session-timeout=" n +Specifies max sessions time in seconds, after this time session will be terminated. +.br +This timeout can be redefined with radius attribute Session-Timeout. 0 value means infinite timeout. .SH [ppp] .br PPP module configuration. @@ -538,6 +543,11 @@ as a template, i.e pptp%d => pptp0. .BI "ppp-max-mtu=" n Set the maximum MTU value that can be negotiated for PPP over PPTP sessions. Default value is 1436. +.TP +.BI "session-timeout=" n +Specifies max sessions time in seconds, after this time session will be terminated. +.br +This timeout can be redefined with radius attribute Session-Timeout. 0 value means infinite timeout. .SH [pppoe] .br Configuration of PPPoE module. @@ -607,6 +617,11 @@ Specifies overall limit of PADI packets to reply in 1 second period (default 0 - If this option is given ppp interface will be renamed using .B ifname as a template, i.e pppoe%d => pppoe0. +.TP +.BI "session-timeout=" n +Specifies max sessions time in seconds, after this time session will be terminated. +.br +This timeout can be redefined with radius attribute Session-Timeout. 0 value means infinite timeout. .SH [l2tp] .br Configuration of L2TP module. @@ -698,6 +713,11 @@ sessions. Default value is 1420. If this option is given ppp interface will be renamed using .B ifname as a template, i.e l2tp%d => l2tp0. +.TP +.BI "session-timeout=" n +Specifies max sessions time in seconds, after this time session will be terminated. +.br +This timeout can be redefined with radius attribute Session-Timeout. 0 value means infinite timeout. .SH [sstp] .br Configuration of SSTP module. @@ -804,6 +824,11 @@ as a template, i.e sstp%d => sstp0. .BI "ppp-max-mtu=" n Set the maximum MTU value that can be negotiated for PPP over SSTP sessions. Default value is 1452, maximum is 4087. +.TP +.BI "session-timeout=" n +Specifies max sessions time in seconds, after this time session will be terminated. +.br +This timeout can be redefined with radius attribute Session-Timeout. 0 value means infinite timeout. .SH [radius] .br Configuration of RADIUS module. diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index 8567027..027d710 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -93,6 +93,7 @@ static size_t conf_secret_len = 0; static int conf_mppe = MPPE_UNSET; static int conf_dataseq = L2TP_DATASEQ_ALLOW; static int conf_reorder_timeout = 0; +static int conf_session_timeout; static const char *conf_ip_pool; static const char *conf_ipv6_pool; static const char *conf_dpv6_pool; @@ -1813,6 +1814,9 @@ static int l2tp_session_start_data_channel(struct l2tp_sess_t *sess) if (conf_ifname) sess->ppp.ses.ifname_rename = _strdup(conf_ifname); + if (conf_session_timeout) + sess->ppp.ses.session_timeout = conf_session_timeout; + sess->ppp.ses.ctrl = &sess->ctrl; sess->apses_state = APSTATE_INIT; @@ -4972,6 +4976,12 @@ static void load_config(void) conf_dpv6_pool = conf_get_opt("l2tp", "ipv6-pool-delegate"); conf_ifname = conf_get_opt("l2tp", "ifname"); + opt = conf_get_opt("l2tp", "session-timeout"); + if (opt) + conf_session_timeout = atoi(opt); + else + conf_session_timeout = 0; + switch (iprange_check_activation()) { case IPRANGE_DISABLED: log_warn("l2tp: iprange module disabled, improper IP configuration of PPP interfaces may cause kernel soft lockup\n"); diff --git a/accel-pppd/ctrl/pppoe/pppoe.c b/accel-pppd/ctrl/pppoe/pppoe.c index 415dd7c..43163f1 100644 --- a/accel-pppd/ctrl/pppoe/pppoe.c +++ b/accel-pppd/ctrl/pppoe/pppoe.c @@ -127,6 +127,7 @@ unsigned long stat_filtered; pthread_rwlock_t serv_lock = PTHREAD_RWLOCK_INITIALIZER; LIST_HEAD(serv_list); static int connlimit_loaded; +static int conf_session_timeout; static pthread_mutex_t sid_lock = PTHREAD_MUTEX_INITIALIZER; static unsigned long *sid_map; @@ -417,6 +418,8 @@ static struct pppoe_conn_t *allocate_channel(struct pppoe_serv_t *serv, const ui conn->ppp.ses.dpv6_pool_name = _strdup(conf_dpv6_pool); if (conf_ifname) conn->ppp.ses.ifname_rename = _strdup(conf_ifname); + if (conf_session_timeout) + conn->ppp.ses.session_timeout = conf_session_timeout; triton_context_register(&conn->ctx, conn); @@ -2027,6 +2030,11 @@ static void load_config(void) else conf_cookie_timeout = 5; + opt = conf_get_opt("pppoe", "session-timeout"); + if (opt) + conf_session_timeout = atoi(opt); + else + conf_session_timeout = 0; conf_mppe = MPPE_UNSET; opt = conf_get_opt("pppoe", "mppe"); diff --git a/accel-pppd/ctrl/pptp/pptp.c b/accel-pppd/ctrl/pptp/pptp.c index a5bcaca..a95fe8a 100644 --- a/accel-pppd/ctrl/pptp/pptp.c +++ b/accel-pppd/ctrl/pptp/pptp.c @@ -60,6 +60,7 @@ static int conf_timeout = 5; static int conf_echo_interval = 0; static int conf_echo_failure = 3; static int conf_verbose = 0; +static int conf_session_timeout; static int conf_mppe = MPPE_UNSET; static const char *conf_ip_pool; static const char *conf_ipv6_pool; @@ -721,6 +722,8 @@ static int pptp_connect(struct triton_md_handler_t *h) conn->ppp.ses.dpv6_pool_name = _strdup(conf_dpv6_pool); if (conf_ifname) conn->ppp.ses.ifname_rename = _strdup(conf_ifname); + if (conf_session_timeout) + conn->ppp.ses.session_timeout = conf_session_timeout; triton_context_register(&conn->ctx, &conn->ppp.ses); triton_md_register_handler(&conn->ctx, &conn->hnd); @@ -807,6 +810,12 @@ static void load_config(void) conf_dpv6_pool = conf_get_opt("pptp", "ipv6-pool-delegate"); conf_ifname = conf_get_opt("pptp", "ifname"); + opt = conf_get_opt("pptp", "session-timeout"); + if (opt) + conf_session_timeout = atoi(opt); + else + conf_session_timeout = 0; + switch (iprange_check_activation()) { case IPRANGE_DISABLED: log_warn("pptp: iprange module disabled, improper IP configuration of PPP interfaces may cause kernel soft lockup\n"); diff --git a/accel-pppd/ctrl/sstp/sstp.c b/accel-pppd/ctrl/sstp/sstp.c index 4b15400..f17db43 100644 --- a/accel-pppd/ctrl/sstp/sstp.c +++ b/accel-pppd/ctrl/sstp/sstp.c @@ -169,6 +169,7 @@ static const char *conf_ifname; static int conf_proxyproto = 0; static int conf_sndbuf = 0; static int conf_rcvbuf = 0; +static int conf_session_timeout; static int conf_hash_protocol = CERT_HASH_PROTOCOL_SHA1 | CERT_HASH_PROTOCOL_SHA256; static struct hash_t conf_hash_sha1 = { .len = 0 }; @@ -2401,6 +2402,8 @@ static int sstp_connect(struct triton_md_handler_t *h) conn->ppp.ses.dpv6_pool_name = _strdup(conf_dpv6_pool); if (conf_ifname) conn->ppp.ses.ifname_rename = _strdup(conf_ifname); + if (conf_session_timeout) + conn->ppp.ses.session_timeout = conf_session_timeout; sockaddr_ntop(&addr, addr_buf, sizeof(addr_buf), FLAG_NOPORT); conn->ctrl.calling_station_id = _strdup(addr_buf); @@ -2843,6 +2846,12 @@ static void load_config(void) if (opt && atoi(opt) > 0) conf_rcvbuf = atoi(opt); + opt = conf_get_opt("sstp", "session-timeout"); + if (opt) + conf_session_timeout = atoi(opt); + else + conf_session_timeout = 0; + ipmode = (serv.addr.u.sa.sa_family == AF_INET && !conf_proxyproto) ? iprange_check_activation() : -1; switch (ipmode) { diff --git a/accel-pppd/session.c b/accel-pppd/session.c index 63c9c11..81ac271 100644 --- a/accel-pppd/session.c +++ b/accel-pppd/session.c @@ -35,6 +35,7 @@ static int conf_single_session = -1; static int conf_single_session_ignore_case; static int conf_sid_source; static int conf_seq_save_timeout = 10; +static int conf_session_timeout; static const char *conf_seq_file; int __export conf_max_sessions; int __export conf_max_starting; @@ -152,6 +153,9 @@ void __export ap_session_activate(struct ap_session *ses) __sync_sub_and_fetch(&ap_session_stat.starting, 1); __sync_add_and_fetch(&ap_session_stat.active, 1); + if (!ses->session_timeout && conf_session_timeout) + ses->session_timeout = conf_session_timeout; + if (ses->idle_timeout) { ses->timer.expire = ap_session_timer; ses->timer.period = 60000; @@ -547,6 +551,12 @@ static void load_config(void) conf_max_starting = atoi(opt); else conf_max_starting = 0; + + opt = conf_get_opt("common", "session-timeout"); + if (opt) + conf_session_timeout = atoi(opt); + else + conf_session_timeout = 0; } static void init(void) -- cgit v1.2.3