On Tue, Nov 25, 2003 at 10:18:43AM -0500, Jeff McAdams wrote: > Martijn van Oosterhout wrote: > > >To the perosn who suggested subversion, I'm going to have to read more on > >it > >since it didn't appear "obvious" to me. > > > > > The command line client is very cvs like, so you can probably switch > over to it without a great deal of grief. Hmm, OK. I think I got it to work now. I don't suppose it supports compression because it took a while to pull down the l2tp code. We've actually made some significant patches to that version at our work, including support for /dev/pts and a few other things. I'll see if I can get them for you. We fixed a *lot* of things just to get it to work on our systems. > >Next step is to modify the L2TP daemon source to use this code. The most > >obvious thing missing for me is a way for the server to select > >tunnels/session to terminate. At the moment it's fire-and-forget. > > > l2tpd currently keeps track of the pppd's by the file descriptors that > it uses to talk to them...well...sorta. It has a structure for each > call/session which holds the descriptor and other information, but the > descriptor is the real link to pppd. But I guess the descriptor is > going away, now, so there will have to be another way to keep track of > it. pppd would still be a child of l2tpd in the model you envision, so > we can still keep track of them via pids if you like. Actually, I looked at the code. Since you do keep track of pids it would be possible to kill of the pppd which would remove the session from the kernel automatically. I think only one function really needs to be changed but the there is lots of surrounding stuff like providing the directory with the kernel source and include files and such. > >The L2TP can ignore a session once it has started. But since you want to > >have the PPP daemons eventually killed off (not just by LCP timeout) I > >figure an ioctl is necessary. > > > > > Yes, and we still need to be able to have l2tpd kill the sessions for > control at that layer. I guess the user could kill the pppd when > necessary, but they may not have the information about which pppd goes > with which call/session, so that might get tricky. The l2tp daemon has that info, so it should be workable. > Any idea why they're sending multiple Conf-Req's? 1701 sends two, never > gets a response to the first one at all, which is slightly concerning > given that its all on localhost...1702 sends one, gets an ACK, then > sends another with the exact same parameters? Good point, I'll have to dig through it and see if I can see what's happening. Thanks again. Martijn -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > "All that is needed for the forces of evil to triumph is for enough good > men to do nothing." - Edmond Burke > "The penalty good people pay for not being interested in politics is to be > governed by people worse than themselves." - Plato
Attachment:
pgp00133.pgp
Description: PGP signature
