基于freebsd建立内核模式的pppoe服务器
http://www.routerclub.com/viewnews_303.html
讲述了制作pppoeserver的方法,但是它有一个性能上的缺点,因为它是工作在用户模式中,所以在流量和多用户的情况下,会不能胜任。
这里有一篇文章作了详细的比较:
http://www.jraitala.net/comp/articles/2002/pppoe/
现在我来介绍怎样在freebsd下建立内核模式的pppoe服务器的方法。
在freebsd中,ports里带的软件配合netgraph可以实现kernel pppoe, 这个软件名字叫mpd (/usr/ports/net/mpd)。
mpd目前的版本是3.18,Ports里的说明文件是这样描述它的:”Mpd is a netgraph(4) based implementation of the multi-link PPP protocol for FreeBSD. It is designed to be both fast and flexible.It handles configuration and negotiation in user land, while routing. all data packets strictly in the kernel. It supports several of the numerous PPP sub-protocols and extensions。
哦,对了。mpd的手册在这里,http://pink.the-7.net/~ab/mpd/mpd.html。有时间慢慢研究一下吧。
下面再提供一些配置mpd的例子(要配置三个文件),更多的例子可以在/usr/local/etc/mpd下找到。不过不要全部照抄哦。:-)
mpd.conf
PPPoE:
new -i ng0 PPPoE PPPoE
set iface addrs 1.1.1.1 2.2.2.2
set iface route default
set iface disable on-demand
set iface idle 0
set bundle disable multilink
set bundle authname username
set link no acfcomp protocomp
set link disable pap chap
set link accept chap
set link mtu 1492
set link mru 1492
set ipcp yes vjcomp
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
open iface
mpd.links
PPPoE:
set link type pppoe
set pppoe iface rl0
set pppoe service “adsl”
mpd.secret
username “password”
配置完了以后用mpd -b启动mpd。更多的启动选项请敲mpd -h查看。
下页的链接是mpd 的补丁,地址是:
http://www.foggy.ru/soft/mpd/
This is README file for patch:
This is patched version of mpd 3.18. Main goal of this patch – full-featured PPPoE server.
Example of config files is in conf/mpd.conf.mz.sample and conf/mpd.links.mz.sample
Changes from original version:
Kernel-level filters (see file README.filters for details). This feature needs ng_bpfinet kernel module (ng_bpf from FreeBSD 5.5 with permanent storage registers).
Automatic bundle create/destroy (not fully tested yet).
Improved logging. It is possible now to have unique session identifier in all log lines with format “pid:6-digit-unique-number:”. It is very useful for search all info about session in log file via grep.
Added “show users” commands (for view active users stats).
Added “show summary” command (for misc instance info view).
Added “set instance comment” command for set up misc comment. Comment is shown on “show summary” command output.
Added ability to send RADIUS accounting info in kilobytes (instead of bytes).
Added ability to reverse incoming and outgoing traffic in RADIUS accounting.
Added support of non-counted IP addresses list.
Added traffic limits support (values from RADIUS server). This feature needs ng_bpfinet kernel module.
Added shaper (bandwidth limit) support (using external script).
Added ability to set PPPoE AC name.
Added ability to start/stop accepting all incoming connections requests or connections from one system interface only (tested only for PPPoE now).
Added ability to use simplified CHAP challenge on connection between mpd and RADIUS.
Added internal IP pools support.
Added debug and accounting logging options.
Added automatic search for free IP address in avaliable IP pools (it allows use one IP pool in more then one mpd instance on the same system).
Added some statistics about mpd instance.
Added all nodes naming with instance-specifix prefix.
Added “terminate instance now” console command for quick stop mpd. “quit” command behavior now similar to “exit”.
Added “terminate instance quick” command. It is stop accept incoming connection, politely close all user sessions and terminate daemon after it.
Added “terminate instance gracefull” command. It is stop accept incoming connection, wait until all users will disconnect and terminate after it.
Added “stop sessions” command. It is stop all current logged user sessions.
NAS-Port now equal to number of ng interface + NAS port offset. This offset can be specified in mpd.conf with “set instance nas-port-offset”.
Default log facility changed to local5 (instead of daemon).
Netgraph MRU and MTU increased up to 1680 (???do we really need it???).
Patch for destroy corresponding netgraph nodes on mpd crash included.
Patch for “Drop-User” RADIUS attribute included (not tested).
exppp “traffic limit” RADIUS vendor-specific attribute support.
Bundle destroy (automatic and manual via “terminate bundle”).
Naming PPPoE nodes at their creation.
Renaming PPPoE nodes, if they already exists.
Telnet auth using login/password (instead of password-only). For successfull auth login must exist in mpd.secret and has IP in 127.0.0.0/8 net.
Some often used cycles PPPoE code speedup.
Optional support of ng_tcpmss.
“Accepting PPPoE connection from” line now contains source interface name.
64-bit BPF program counters.
FD_SETSIZE precompiled value increased to 65536. This will allow much more bundles and connections.
“show pppoe interface” command.
Added “set instance console” command for set ip and port for mpd console in config file. Do not do anything after starting mpd.
Control socket for controlling mpd via pppctl command. Can be specified in command line, or in mpd.conf via “set instance fsocket”.
This patch now can be added to files/ dir in net/mpd port and correctly compiled.
From: http://www.routerclub.com/viewnews-305.html