cvs commit: src/sys/netgraph ng_pppoe.c

Julian Elischer julian at elischer.org
Thu Jan 26 13:09:27 PST 2006 

Bjoern A. Zeeb wrote:

> On Thu, 26 Jan 2006, Gleb Smirnoff wrote:
>
> Hi,
>
> some brain-dump...
>
>> The other change I'm planning to do is the following - if the
>> original PADI had empty Service-Name, and we are servicing a
>> specific Service-Name, then return remove empty one from PADO,
>> returning only our specific Service-Name.
>
>
> Why would you want that? I haven't re-read the RFC but I think it said
> that PADOs have to include the Service-Name the client requested first,
> optionally followed by other Services-Names the AC may want to
> announce.
>
> Only in PADS you will then reply with only the one Name you accepted.
>
> I can see the problem with your change and the above coming:
> What would happen if you
>     a) accepted the 'any service' request
>     b) replied with 'any service' and 'service-name1, ...'
>     c) the client now requests 'any service'
>     d) you don't want to serve 'any service'
>
> Well you should have been silent from a) to b) *ups*
>
> Ok, so the only solution to this problem is what should also be in
> that RFC - it's a ploicy decicion of the AC -- of what to accept
> as Service-Name in a PADI. We had a clear policy up to now name it
> closed system. With your change we will have an open system (everyone
> will see the Service-Names we may serve if requested).
>
> The first thing might be a sysctl to toggle old and new behavior but
> actually one may also want to decide on a peer by peer base depending
> on a lookup perhaps based on mac address and/or Service-Name requested
> or even simpler on a per ("Ethernet") port base and fall back to
> a default poilcy if there is nothing (no hook) to do such a lookup.
> [ I am () ethernet because it's not always a physical ethernet port
>   at the other end at the AC ]


the reason that the AC side ofthe pppoe code is as it is with the dat of 
the padi being sent to the
user process is so that the user code can decide these things.

>
>
> The other question is what to do with clients requesting Service-Names
> we don't know of but we know that we should serve the client?
> I think this is a common scenario here in DE that some clients set a
> Service-Name to "foo" and the ACs silently ignore and just serves it
> (server all Service-Names policy)[1].  It's also a policy decision that
> people might need ...
>
> [1] There are people speculating what will happen if they need to make
> use of service-names ... ;) Fun with nnK users ...
>

More information about the cvs-src mailing list