This is done in the pppd upstream and was disabled because we don't have
the allowed addresses list required for the auth_ip_addr function.
This is mostly necessary for PPP in server mode to prevent the peer to
use the IP address it wants instead of the one we want, which is
currently allowed.
Rewrite auth_ip_addr in a simple way where we forbid PPP peer to use
loopback net, a multicast address or a reserved class address. Added
to that we consider that PPP in server mode with peer required to
authenticate must provide the peer IP address, reject any IP address
wanted by peer different than the one we wanted. This is actually
an allowed addresses "list" of one entry that follows what is done
in the unused auth_ip_addr function.
Commit 7df5496e7b revealed a regression introduced in commit 5a71509353
which broke IPCP reset state.
ask_for_local was set to 0 if ouraddr initial value is 0, if
ask_for_local was false go->ouraddr was cleared in reset callback,
commit 5a71509353 breaks it by removing this clearing. This regression
was silent because the whole ppp pcb runtime data was cleared before
reconnecting until commit 7df5496e7b which removed this giant clearing.
Fix it by reintroducing ask_for_local boolean value, with proper initial
value following what unused function ip_check_options do.
Fixes: 7df5496e7b ("PPP, rework initial/reconnect cleanup")
Fixes: 5a71509353 ("PPP, CORE, IPCP: removed useless ask_for_local boolean")
Let lwip use functions/macros prefixed by lwip_ internally to avoid naming clashes with external #includes.
Remove over-complicated #define handling in def.h
Make functions easier to override in cc.h. The following is sufficient now (no more LWIP_PLATFORM_BYTESWAP):
#define lwip_htons(x) <your_htons>
#define lwip_htonl(x) <your_htonl>
Fix below build errors:
In file included from ../../../../../lwip/src/include/netif/ppp/ppp_opts.h:31:0,
from ../../../../../lwip/src/netif/ppp/pppoe.c:71:
../../../../../lwip/src/netif/ppp/pppoe.c: In function ‘pppoe_timeout’:
../../../../../lwip/src/netif/ppp/pppoe.c:861:30: error: ‘ethbroadcast’ undeclared (first use in this function)
MEMCPY(&sc->sc_dest, ethbroadcast.addr, sizeof(sc->sc_dest));
^
../../../../../lwip/src/include/lwip/opt.h:137:52: note: in definition of macro ‘MEMCPY’
#define MEMCPY(dst,src,len) memcpy(dst,src,len)
^
../../../../../lwip/src/netif/ppp/pppoe.c:861:30: note: each undeclared identifier is reported only once for each function it appears in
MEMCPY(&sc->sc_dest, ethbroadcast.addr, sizeof(sc->sc_dest));
^
../../../../../lwip/src/include/lwip/opt.h:137:52: note: in definition of macro ‘MEMCPY’
#define MEMCPY(dst,src,len) memcpy(dst,src,len)
^
../../../../../lwip/src/netif/ppp/pppoe.c: In function ‘pppoe_connect’:
../../../../../lwip/src/netif/ppp/pppoe.c:899:24: error: ‘ethbroadcast’ undeclared (first use in this function)
MEMCPY(&sc->sc_dest, ethbroadcast.addr, sizeof(sc->sc_dest));
^
../../../../../lwip/src/include/lwip/opt.h:137:52: note: in definition of macro ‘MEMCPY’
#define MEMCPY(dst,src,len) memcpy(dst,src,len)
^
../../Common.mk:94: recipe for target 'pppoe.o' failed
make: *** [pppoe.o] Error 1
Fixes: 8eb9db18a2d9 ("Reduce usage of netif/ethernet.h header, mostly lwip/prot/ethernet.h is sufficient")
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: goldsimon <goldsimon@gmx.de>
The check for link up was missing, meaning valid LCP echo request/reply
packets are filtered whatever the PPP state is, despite what the comment
says.
Fix it by checking the PPP state as we would like to have done when it
was written.
VJ packets, Compressed packets, IPv4 and IPv6 packets are useless in
the PPP packet dump. We properly filtered IPv4 and IPv6 packets but
we forgot filtering VJ and Compressed packets.
Improve the filtering rule to filter packets which are not auth
protocol (< 0xC000) and which are not control protocol (0x8000 bit
not set).
If LCP is not started yet, we are only closing the link protocol, in
this case we have to set the disconnect state ourself because PPP
is not actually started yet.
pppoe_softc_list is always not null when pppoe_find_softc_by_session is
called, furthermore pppoe_softc_list being null here does not hurt.
session is still checked whatsoever in pppoe_find_softc_by_session,
prechecking the session value for a value which can't really happen
except for forged frames does not add any value.
Remove unnecessary cleanup at the end of session, cleanup as much as
possible in the connect callback instead. It follows what PPPoE is
currently doing and it makes everything simpler to read.
Instead of relying on cleanup at the end of session, cleanup as much as
possible in the connect callback. It removes duplicated code and make
everything simpler to read.
While we are at it, remove useless initialization code from create
and connect functions.
ppp_close might try to close LCP even if LCP is not started, it happens
because because the PPP session might be waiting for the link protocol
to come up and we do not check that.
We say in the PPP documentation that ppp_close() can be called anytime,
so, if link protocol is currently trying to connect, we must cancel
the link connection.
Fix it by calling the link protocol disconnect callback if LCP is not
started yet.
Disconnect callback does not currently support a disconnect event while
initiation is in progress. Retry timer is not stopped and PADT frame is
sent whatever the current state is. PADT frame can only be sent if we
received a PADS frame, otherwise sc_session is 0 and sending a PADT
frame is meaningless.
Fix both issues to allow calling the disconnect callback whatever the
PPPoE state is.
We say in the PPP documentation that ppp_close() can be called anytime,
as of today, this is not entirely true, there are still conditions that
are not handled properly.
If PPP is already disconnecting, ppp_close() must do nothing and returns
ERR_INPROGRESS instead of messing up the PPP disconnection state.
PPP_PHASE_MASTER state is only used if multilink mode is enabled. Since
we don't support multilink mode checking for this state only add some
code for no value added at all.
Build-out PPP_PHASE_MASTER state check if multilink mode is disabled.
Van Jacobson TCP header compression only apply if TCP is enabled,
therefore we need to disable VJ compression if TCP is disabled.
We already have conditions to enforce VJ disabling if IPv4 is disabled
or if PPPoS is disabled, add TCP to those conditions and remove
unecessary VJ_SUPPORT && LWIP_TCP conditions.
This function only set PPP to initialize phase, and it is only called at
the very beginning of functions where it is called. It means we could
as well set the initialize phase before calling those functions in the
PPP core.
PPP is currently in initialize phase until authentication is started
or until we start IPCP negotiation.
It works, because PPP states are mostly used for user information, most
state are actually useless for PPP itself. Being in initialize state
while PPP is started is not very consistent, switch to establish phase
before starting LCP.
sc->sc_ethif can't be NULL, it is set definitively in pppoe_create.
PPPoE can't by anything else than PADI sent in pppoe_send_padi, it
is only called when this is true.
PPPoE state can't be anything else than initial state in
pppoe_connect, this function is called from PPP core only when PPP
is in the dead phase, if PPP is in the dead phase it means the link
protocol is dead as well.
PPPoE can't be anything else than data phase in pppoe_disconnect
this function is only called by PPP core only when PPP session is up,
if PPP session is UP it means the link protocol is UP as well.
PPPoE can't by anything else than PADR sent in pppoe_send_padr, it
is only called when this is true.
PPPoE can't by anything else than PADO sent in pppoe_send_pado, it
is only called when this is true.
PPPoE can't by anything else than PADO sent in pppoe_send_pads, it
is only called when this is true.
PPPoE can't be anything else than session phase in pppoe_xmit,
function is only called by pppoe_write and pppoe_netif_output
which are both called by PPP core only when PPP session is up, if
PPP session is UP it means the link protocol is UP as well.
L2TP state can't be anything else than initial state in
pppol2tp_connect, this function is called from PPP core only when PPP
is in the dead phase, if PPP is in the dead phase it means the link
protocol is dead as well.
L2TP can't be anything else than data phase in pppol2tp_xmit, this
function is only called by pppol2tp_write and pppol2tp_netif_output
which are both called by PPP core only when PPP session is up, if
PPP session is UP it means the link protocol is UP as well.
L2TP can't be anything else than data phase in pppol2tp_disconnect,
this function is only called by PPP core only when PPP session is up,
if PPP session is UP it means the link protocol is UP as well.
When we are disconnecting, we should switch to PPP dead phase at the
very end, because this is our final disconnection phase allowing
reconnect, therefore we should switch to dead phase after the link
protocol finished disconnecting.
We are currently switching to dead phase when LCP detected that the link
is down, this is obviously wrong. Fix this flaw by continuing in
disconnect phase until ppp_link_end is called from link protocol.
PPP is just the upper protocol for PPPoE and PPPoL2TP, meaning it is only
started once "E" or L2TP is established. Therefore waiting indefinitely
for LCP packets on the PPP side does not make sense at all, if the lower
level protocol is UP, PPP *MUST* comes up as well or we should restart from
the beginning.
There is two passive modes for PPPoS, passive more, for which we will
try to connect and then listen silently, and silent mode, for which we
will listen silently from the beginning.
Introduce ppp_set_passive and ppp_set_silent so the mode can be chosen
before connecting/listening.
Setting PPP authentication most only be done when the PPP PCB is in the
dead phase (i.e. disconnected). This is safe to access the PPP PCB
members while the session is down, therefore providing a thread-safe
function of it is meaningless and it might even be misleading.
All our new ppp_set_* functions do not have their equivalent
pppapi_set_* functions and they are not going to have them. At least
we make ppp_set_auth consistent with all others ppp_set_*, so that it
doesn't look like special.
Helper function to setup MPPE (Microsoft Point to Point Encryption) for
a PPP link. Allows enabling/disabled MPPE itself, enabling/disabling
stateless support, and whether we are willing to negotiate 40-bit
and/or 128-bit encryptions.
print_string() displays characters as \\%.03o but without first
casting it from "char" to "unsigned char" so it gets sign-extended
to an int. This causes output like \37777777630 instead of \230.
(Based from pppd commit 5e8c3cb256a7e86e3572a82a75d51c6850efdbdc)
Found by coverity.
Introduced by c0e7d54e37 "Removed 2 mem_mallocs: error string can be a
global variable, include memory for sc_ac_cookie in struct pppoe_softc;
commented out unused code (sc_service_name/sc_concentrator_name)".
Fixes it by bailing out if received AC cookie is to big for us, this
can't really happen anyway.
There is absolutely no reason I did it this way in the first
place, maybe I feared that not all compilers have a proper
implementation of offsetof() ? It sounds stupid.
Unfortunately, there is no standard way to declare a pointer with
potentially unaligned accesses. The only portable way is to create
packed struct.
VJ support uses optimized accesses to IP and TCP struct to check a
whole part of them at once to speed up the (de)compressor.
This commit wrap potentially unaligned *u16_t and *u32_t accesses with
packed struct so all compilers are able to deal with them properly.
Closes: #48308
PPP auth required flag is currently hardcoded to true if PPP is
acting as a server and set to false if PPP is acting as a client.
This is probably the most wanted behavior, but since we now have the
ability to change that at runtime, allow users to do it.
It means we can now have a server which asks the client to authenticate
or vice versa. This is pretty unusual thought. What we don't support
yet is mutual authentication with a different set of user and password
per direction which is even less usual.
PPP use peer DNS setting is currently hardcoded to true if PPP is
acting as a client and set to false if PPP is actinf as a server.
This is probably the most wanted behavior, but since we now have the
ability to change that at runtime, allow users to do it.
We don't have a way to have a different default configuration if the
PPP PCB is going to be used as a client or as a server, therefore the
default configuration should be fine for both of them. Since enabling
peer DNS by default is dangerous for server mode, the default is now
not to ask for DNS servers and it should now be explicitely enabled
if needed, update the documentation accordingly.
Now that we have helpers to set those members externaly, pppos_listen
struct ppp_addrs* argument does not add any value. In addition it
was not a well chosen design choice because the user needed to keep a
copy of struct ppp_addrs when listening again for a new connection.
DNS servers should be set in IPCP allowoptions instead of wantoptions.
In addition if server mode is enabled we need to disable usepeerdns
config flag so we are not asking DNS servers to our client.
This function does not clear anything anymore. What it is now is an
optional way to notify PPP that link layer is started, changing the
PPP state from "dead" to "initialize". Rename it accordingly to what
the function really is.
What we really need here is to cleanup the PPP environment before
starting LCP, we don't care about the PPP state before LCP is
started. Move cleanups from ppp_clear to ppp_start to clean them
just before we need them cleaned.
