abc/lwip
1
0
Fork 0
mirror of https://git.savannah.nongnu.org/git/lwip.git synced 2025-08-07 15:04:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

PPP, MPPE, fixed TCP over MPPE

Browse Source 
We used to modify in place the packet payload during encryption, it works
well for UDP and ICMP but TCP stack requires that we don't change the
packet payload, therefore we now copy the whole packet before encryption.
This commit is contained in:
Sylvain Rochet 2015-08-27 01:58:35 +02:00
parent f649172580
commit 97ef85c9aa
1 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/netif/ppp/mppe.c
View File

@ -198,20 +198,31 @@ void mppe_comp_reset(ppp_pcb *pcb, ppp_mppe_state *state)
err_t err_t
mppe_compress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb, u16_t protocol) mppe_compress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb, u16_t protocol)
{ {
struct pbuf *n; struct pbuf *n, *np;
u8_t *pl; u8_t *pl;
err_t err;
if (pbuf_header(*pb, (s16_t)(MPPE_OVHD + sizeof(protocol))) == 0) { /* TCP stack requires that we don't change the packet payload, therefore we copy
pbuf_ref(*pb); * the whole packet before encryption.
} else { */
struct pbuf *np = pbuf_alloc(PBUF_RAW, MPPE_OVHD + sizeof(protocol), PBUF_RAM); np = pbuf_alloc(PBUF_RAW, MPPE_OVHD + sizeof(protocol) + (*pb)->tot_len, PBUF_POOL);
if (!np) { if (!np) {
return ERR_MEM; return ERR_MEM;
}
pbuf_chain(np, *pb);
*pb = np;
} }
pl = (u8_t*)(*pb)->payload;
/* Hide MPPE header + protocol */
pbuf_header(np, -(s16_t)(MPPE_OVHD + sizeof(protocol)));
if ((err = pbuf_copy(np, *pb)) != ERR_OK) {
pbuf_free(np);
return err;
}
/* Reveal MPPE header + protocol */
pbuf_header(np, (s16_t)(MPPE_OVHD + sizeof(protocol)));
*pb = np;
pl = (u8_t*)np->payload;
state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE; state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
PPPDEBUG(LOG_DEBUG, ("mppe_compress[%d]: ccount %d\n", pcb->netif->num, state->ccount)); PPPDEBUG(LOG_DEBUG, ("mppe_compress[%d]: ccount %d\n", pcb->netif->num, state->ccount));
@ -239,10 +250,10 @@ mppe_compress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb, u16_t proto
pl[1] = protocol; pl[1] = protocol;
/* Hide MPPE header */ /* Hide MPPE header */
pbuf_header(*pb, -(s16_t)MPPE_OVHD); pbuf_header(np, -(s16_t)MPPE_OVHD);
/* Encrypt packet */ /* Encrypt packet */
for (n = *pb; n != NULL; n = n->next) { for (n = np; n != NULL; n = n->next) {
arc4_crypt(&state->arc4, (u8_t*)n->payload, n->len); arc4_crypt(&state->arc4, (u8_t*)n->payload, n->len);
if (n->tot_len == n->len) { if (n->tot_len == n->len) {
break; break;
@ -250,7 +261,7 @@ mppe_compress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb, u16_t proto
} }
/* Reveal MPPE header */ /* Reveal MPPE header */
pbuf_header(*pb, (s16_t)MPPE_OVHD); pbuf_header(np, (s16_t)MPPE_OVHD);
return ERR_OK; return ERR_OK;
} }