From: James Carlson <carlsonj@workingcode.com>
To: linux-ppp@vger.kernel.org
Subject: Re: Intervening IPCP Configure Requests
Date: Thu, 12 Aug 2010 13:20:10 +0000 [thread overview]
Message-ID: <4C63F50A.3070303@workingcode.com> (raw)
In-Reply-To: <29408130.post@talk.nabble.com>
Jouko Nikula wrote:
> Second use case is when client does not specify an IP-address. Then I would
> want to acquire a dynamic address, again outside pppd. If I found out that
> dynamic addresses are not allowed I would terminate the ppp connection,
> otherwise I would want to NAK the IPCP configure request with the acquired
> IP-address.
>
> I have looked into pppd plugin interface, but if I understand correctly the
> current interface only provides the address given on the command line or
> options file, not the ip-address requested by the other end. The ip-up or
> ip-pre-up scripts don't seem to work for me because they are called when the
> IPCP negotiation has already ended.
The existing allowed_address_hook() will allow you to filter IP
addresses for acceptability. The argument is the address the peer
requested, and if you return -1 and there are no other addresses
allowable, then the link will be torn down.
And the existing ip_choose_hook() will allow you to set up an address
that you want the peer to use. You can use the allowed_address_hook()
to determine if that address actually was used.
The existing code, though, doesn't really allow you to get into the
middle of negotiation as you're suggesting. And, arguably, the
interfaces are not as flexible as they could be.
Getting the on-the-wire behavior right (in general) requires mechanisms
that can be run synchronously and without undue delay. That's why the
existing code keeps those hooks out of the main line -- those external
functions are sometimes (and all too often) written to make calls to
RADIUS or DHCP servers, or other sorts of things that can block for
arbitrary periods of time.
To put in a supportable set of hooks for what you're suggesting would (I
believe) require either a set of non-blocking primitives plus completion
callbacks and interfaces into the existing event handling structure or
(gasp!) similar multithreaded mechanisms. I might be missing something,
but it doesn't look quite simple to me.
Of course, you've got the source, so if you just want to hack something
into the middle of ipcp_reqci() in pppd/ipcp.c, go ahead. Depending on
how your "validation" functions work, you might produce odd results on
the wire, including possibly non-converging behavior with some peers.
But if you're not worried about that or if it works for you, then go for it.
--
James Carlson 42.703N 71.076W <carlsonj@workingcode.com>
next prev parent reply other threads:[~2010-08-12 13:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-11 13:12 Intervening IPCP Configure Requests Jouko Nikula
2010-08-12 13:20 ` James Carlson [this message]
2010-08-16 13:33 ` Jouko Nikula
2010-08-16 14:07 ` James Carlson
2010-08-18 10:59 ` Jouko Nikula
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C63F50A.3070303@workingcode.com \
--to=carlsonj@workingcode.com \
--cc=linux-ppp@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.