mirror/accel-ppp
1
0
Fork 0
mirror of https://github.com/accel-ppp/accel-ppp.git synced 2025-12-20 01:21:49 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #271 from nuclearcat/sstp-improvements

Browse Source 
Sstp improvements
This commit is contained in:
Denys Fedoryshchenko
2025-12-07 21:27:36 +02:00
committed by GitHub
parent 7cf4495a7c 8c9a4c4cdd
commit 5ca558210d
2 changed files with 38 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
accel-pppd/accel-ppp.conf.5
View File

@@ -874,6 +874,13 @@ Specifies incoming connection acceptance mode.
.br
.B proxy
- enable PROXY protocol 1 & 2 support.
.br
This is useful when accel-ppp is running behind a load balancer (like HAProxy or Nginx) or a reverse proxy. It allows accel-ppp to receive the original client IP address and port instead of the proxy's IP. The extracted real client IP is then used for:
.br
- \fBconnlimit\fR module checks (limiting connections per source IP).
- \fBclient-ip-range\fR verification.
- \fBCalling-Station-Id\fR attribute in RADIUS and logs.
.br
.TP
.BI "ssl-protocol=" ssl2|ssl3|tls1|tls1.1|tls1.2|tls1.3
Specifies the enabled SSL/TLS protocols supported by OpenSSL library.
@@ -951,6 +958,21 @@ as a template, i.e sstp%d => sstp0.
Set the maximum MTU value that can be negotiated for PPP over SSTP sessions.
Default value is 1452, maximum is 4087.
.TP
.BI "ip-pool=" pool_name
Specifies the name of the IPv4 pool to use for allocating client addresses.
.TP
.BI "ipv6-pool=" pool_name
Specifies the name of the IPv6 pool to use for allocating client addresses.
.TP
.BI "ipv6-pool-delegate=" pool_name
Specifies the name of the IPv6 prefix delegation pool to use.
.TP
.BI "sndbuf=" n
Specifies the TCP send buffer size (SO_SNDBUF) for the SSTP socket.
.TP
.BI "rcvbuf=" n
Specifies the TCP receive buffer size (SO_RCVBUF) for the SSTP socket.
.TP
.BI "session-timeout=" n
Specifies max sessions time in seconds, after this time session will be terminated.
.br

26
accel-pppd/ctrl/sstp/sstp.c
View File

@@ -181,7 +181,13 @@ static struct hash_t conf_hash_sha1 = { .len = 0 };
static struct hash_t conf_hash_sha256 = { .len = 0 };
//static int conf_bypass_auth = 0;
static const char *conf_hostname = NULL;
static int conf_http_mode = -1;
enum {
HTTP_ERR_ALLOW = -1,
HTTP_ERR_DENY = 0,
HTTP_ERR_REDIRECT = 1,
HTTP_ERR_REDIRECT_APPEND = 2,
};
static int conf_http_mode = HTTP_ERR_ALLOW;
static const char *conf_http_url = NULL;
static mempool_t conn_pool;
@@ -885,17 +891,17 @@ static int http_recv_request(struct sstp_conn_t *conn, uint8_t *data, int len)
log_ppp_info2("recv [HTTP <%s>]\n", line);
if (vstrsep(line, " ", &method, &request, &proto) < 3) {
if (conf_http_mode)
if (conf_http_mode != HTTP_ERR_DENY)
http_send_response(conn, "HTTP/1.1", "400 Bad Request", NULL);
return -1;
}
if (strncasecmp(proto, "HTTP/1", sizeof("HTTP/1") - 1) != 0) {
if (conf_http_mode)
if (conf_http_mode != HTTP_ERR_DENY)
http_send_response(conn, "HTTP/1.1", "400 Bad Request", NULL);
return -1;
}
if (strcasecmp(method, SSTP_HTTP_METHOD) != 0 && strcasecmp(method, "GET") != 0) {
if (conf_http_mode)
if (conf_http_mode != HTTP_ERR_DENY)
http_send_response(conn, proto, "501 Not Implemented", NULL);
return -1;
}
@@ -917,7 +923,7 @@ static int http_recv_request(struct sstp_conn_t *conn, uint8_t *data, int len)
}
if (host_error) {
if (conf_http_mode)
if (conf_http_mode != HTTP_ERR_DENY)
http_send_response(conn, proto, "404 Not Found", NULL);
return -1;
}
@@ -925,11 +931,11 @@ static int http_recv_request(struct sstp_conn_t *conn, uint8_t *data, int len)
if (strcasecmp(method, SSTP_HTTP_METHOD) != 0 || strcasecmp(request, SSTP_HTTP_URI) != 0) {
if (conf_http_mode > 0) {
if (_asprintf(&line, "Location: %s%s\r\n",
conf_http_url, (conf_http_mode == 2) ? request : "") < 0)
conf_http_url, (conf_http_mode == HTTP_ERR_REDIRECT_APPEND) ? request : "") < 0)
return -1;
http_send_response(conn, proto, "301 Moved Permanently", line);
_free(line);
} else if (conf_http_mode < 0)
} else if (conf_http_mode == HTTP_ERR_ALLOW)
http_send_response(conn, proto, "404 Not Found", NULL);
return -1;
}
@@ -2809,15 +2815,15 @@ static void load_config(void)
opt = conf_get_opt("sstp", "http-error");
if (opt) {
if (strcmp(opt, "deny") == 0)
conf_http_mode = 0;
conf_http_mode = HTTP_ERR_DENY;
else if (strcmp(opt, "allow") == 0)
conf_http_mode = -1;
conf_http_mode = HTTP_ERR_ALLOW;
else if (strstr(opt, "://") != NULL) {
conf_http_url = opt;
opt = strstr(opt, "://") + 3;
while (*opt == '/')
opt++;
conf_http_mode = strchr(opt, '/') ? 1 : 2;
conf_http_mode = strchr(opt, '/') ? HTTP_ERR_REDIRECT : HTTP_ERR_REDIRECT_APPEND;
}
}