- Reject unknown/unconfigured protocols on the master.

- Sanity check MRU before using in ppp_code_rej, protoreject.
2005-12-07 05:21:37 +00:00 · 2005-12-07 05:21:37 +00:00 · fc94b60b05
commit fc94b60b05
parent c2c2dfbe65
6 changed files with 46 additions and 32 deletions
--- a/4
+++ b/4
@ -1,10 +1,12 @@
-* Tue Dec 6 2005 Brendan O'Dea <bod@optus.net> 2.1.13
+* Wed Dec 7 2005 Brendan O'Dea <bod@optus.net> 2.1.13
 - Add test/ping-sweep.
 - Apply spec changes from Charlie Brady: use License header, change
  BuildRoot to include username.
 - Fix IPCP negotiation of secondary DNS server, reported by Jon Morby.
 - Clean up sessiont, removing some unused fields.
 - Remove unused "MAC" config type.
+- Reject unknown/unconfigured protocols on the master.
+- Sanity check MRU before using in ppp_code_rej, protoreject.

 * Thu Nov 17 2005 Brendan O'Dea <bod@optus.net> 2.1.12
 - Set MTU on tunnel interface so the kernel will re-fragment large
--- a/2
+++ b/2
@ -119,7 +119,7 @@ l2tpns.o: l2tpns.c md5.h l2tpns.h cluster.h plugin.h ll.h constants.h \
 ll.o: ll.c ll.h
 md5.o: md5.c md5.h
 ppp.o: ppp.c l2tpns.h constants.h plugin.h util.h tbf.h cluster.h
-radius.o: radius.c constants.h l2tpns.h plugin.h util.h cluster.h
+radius.o: radius.c md5.h constants.h l2tpns.h plugin.h util.h cluster.h
 tbf.o: tbf.c l2tpns.h util.h tbf.h
 util.o: util.c l2tpns.h bgp.h
 bgp.o: bgp.c l2tpns.h bgp.h util.h
--- a/l2tpns.c
+++ b/l2tpns.c
@ -4,7 +4,7 @@
 // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
 // vim: sw=8 ts=8

-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.150 2005/11/17 07:35:35 bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.151 2005/12/07 05:21:37 bodea Exp $";

 #include <arpa/inet.h>
 #include <assert.h>
@ -96,9 +96,9 @@ uint32_t eth_tx = 0;
 static uint32_t ip_pool_size = 1;	// Size of the pool of addresses used for dynamic address allocation.
 time_t time_now = 0;			// Current time in seconds since epoch.
 static char time_now_string[64] = {0};	// Current time as a string.
-int time_changed = 0;			// time_now changed
+static int time_changed = 0;		// time_now changed
 char main_quit = 0;			// True if we're in the process of exiting.
-char main_reload = 0;			// Re-load pending
+static char main_reload = 0;		// Re-load pending
 linked_list *loaded_plugins;
 linked_list *plugins[MAX_PLUGIN_TYPES];

@ -2615,29 +2615,9 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
 		}
 		else if (session[s].ppp.lcp == Opened)
 		{
-			uint8_t buf[MAXETHER];
-			uint8_t *q;
-			int mru = session[s].mru;
-			if (mru > sizeof(buf)) mru = sizeof(buf);
-
-			l += 6;
-			if (l > mru) l = mru;
-
-			q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPLCP);
-			if (!q) return;
-
-			*q = ProtocolRej;
-			*(q + 1) = ++sess_local[s].lcp_ident;
-			*(uint16_t *)(q + 2) = htons(l);
-			*(uint16_t *)(q + 4) = htons(proto);
-			memcpy(q + 6, p, l - 6);
-
-			if (proto == PPPIPV6CP)
-				LOG(3, s, t, "LCP: send ProtocolRej (IPV6CP: not configured)\n");
-			else
-				LOG(2, s, t, "LCP: sent ProtocolRej (0x%04X: unsupported)\n", proto);
-
-			tunnelsend(buf, l + (q - buf), t);
+			session[s].last_packet = time_now;
+			if (!config->cluster_iam_master) { master_forward_packet(buf, len, addr->sin_addr.s_addr, addr->sin_port); return; }
+			protoreject(s, t, p, l, proto);
 		}
 		else
 		{
--- a/l2tpns.h
+++ b/l2tpns.h
@ -1,5 +1,5 @@
 // L2TPNS Global Stuff
-// $Id: l2tpns.h,v 1.104 2005/12/06 23:53:14 bodea Exp $
+// $Id: l2tpns.h,v 1.105 2005/12/07 05:21:37 bodea Exp $

 #ifndef __L2TPNS_H__
 #define __L2TPNS_H__
@ -694,6 +694,7 @@ uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, sessionidt s, tunnelid
 void sendlcp(sessionidt s, tunnelidt t);
 void send_ipin(sessionidt s, uint8_t *buf, int len);
 void sendccp(sessionidt s, tunnelidt t);
+void protoreject(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l, uint16_t proto);


 // radius.c
--- a/l2tpns.spec
+++ b/l2tpns.spec
@ -43,5 +43,5 @@ rm -rf %{buildroot}
 %attr(644,root,root) /usr/share/man/man[58]/*

 %changelog
-* Tue Dec 6 2005 Brendan O'Dea <bod@optus.net> 2.1.13-1
+* Wed Dec 7 2005 Brendan O'Dea <bod@optus.net> 2.1.13-1
 - 2.1.13 release, see /usr/share/doc/l2tpns-2.1.13/Changes
--- a/ppp.c
+++ b/ppp.c
@ -1,6 +1,6 @@
 // L2TPNS PPP Stuff

-char const *cvs_id_ppp = "$Id: ppp.c,v 1.87 2005/12/04 13:06:50 bodea Exp $";
+char const *cvs_id_ppp = "$Id: ppp.c,v 1.88 2005/12/07 05:21:37 bodea Exp $";

 #include <stdio.h>
 #include <string.h>
@ -449,6 +449,7 @@ static void ppp_code_rej(sessionidt s, tunnelidt t, uint16_t proto,
 {
 	uint8_t *q;
 	int mru = session[s].mru;
+	if (mru < MINMTU) mru = MINMTU;
 	if (mru > size) mru = size;

 	l += 4;
@ -577,7 +578,7 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 				case 1: // Maximum-Receive-Unit
 					{
 						uint16_t mru = ntohs(*(uint16_t *)(o + 2));
-						if (mru >= 576)
+						if (mru >= MINMTU)
 						{
 							session[s].mru = mru;
 							break;
@ -1877,3 +1878,33 @@ void sendccp(sessionidt s, tunnelidt t)
 	tunnelsend(b, (q - b) + 4 , t);
 	restart_timer(s, ccp);
 }
+
+// Reject unknown/unconfigured protocols
+void protoreject(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l, uint16_t proto)
+{
+
+	uint8_t buf[MAXETHER];
+	uint8_t *q;
+	int mru = session[s].mru;
+	if (mru < MINMTU) mru = MINMTU;
+	if (mru > sizeof(buf)) mru = sizeof(buf);
+
+	l += 6;
+	if (l > mru) l = mru;
+
+	q = makeppp(buf, sizeof(buf), 0, 0, s, t, PPPLCP);
+	if (!q) return;
+
+	*q = ProtocolRej;
+	*(q + 1) = ++sess_local[s].lcp_ident;
+	*(uint16_t *)(q + 2) = htons(l);
+	*(uint16_t *)(q + 4) = htons(proto);
+	memcpy(q + 6, p, l - 6);
+
+	if (proto == PPPIPV6CP)
+		LOG(3, s, t, "LCP: send ProtocolRej (IPV6CP: not configured)\n");
+	else
+		LOG(2, s, t, "LCP: sent ProtocolRej (0x%04X: unsupported)\n", proto);
+
+	tunnelsend(buf, l + (q - buf), t);
+}