Bug#611829: xl2tpd: field o_pad in "struct payload_hdr" unnecessary. RFC 2661.

Wed, 02 Feb 2011 08:45:18 -0800 

Package: xl2tpd
Version: 1.2.7+dfsg-1
Severity: important

Now xl2tpd cut 2 bytes from incomming frame in LAC mode, if it has offset,
before send to pppd.
It is two bytes "FF 03" usually.

Patch for this mistake:
l2tp-offsetpad-error.patch:

--- xl2tpd-1.2.7+dfsg.orig/network.c
+++ xl2tpd-1.2.7+dfsg/network.c
@@ -153,7 +153,7 @@ inline void fix_hdr (void *buf)
     {
         int len = 6;
         if (PSBIT (ver))
-            len += 4;
+            len += 2;
         if (PLBIT (ver))
             len += 2;
         if (PFBIT (ver))
--- xl2tpd-1.2.7+dfsg.orig/control.c
+++ xl2tpd-1.2.7+dfsg/control.c
@@ -1299,7 +1299,7 @@ inline int check_payload (struct buffer
                        }
                } */
         if (PSBIT (h->ver))
-            ehlen += 4;         /* Offset information */
+            ehlen += 2;         /* Offset information */
         if (PLBIT (h->ver))
             ehlen += h->length; /* include length if available */
         if (PVER (h->ver) != VER_L2TP)
@@ -1365,7 +1365,7 @@ inline int expand_payload (struct buffer
     if (!PFBIT (h->ver))
         ehlen += 4;             /* Should have Ns and Nr too */
     if (!PSBIT (h->ver))
-        ehlen += 4;             /* Offset information */
+        ehlen += 2;             /* Offset information */
     if (ehlen)
     {
         /*
@@ -1410,13 +1410,13 @@ inline int expand_payload (struct buffer
         {
             r++;
             new_hdr->o_size = *r;
-            r++;
-            new_hdr->o_pad = *r;
+//            r++;
+//            new_hdr->o_pad = *r;
         }
         else
         {
             new_hdr->o_size = 0;
-            new_hdr->o_pad = 0;
+//            new_hdr->o_pad = 0;
         }
     }
     else
@@ -1548,8 +1548,9 @@ inline int write_packet (struct buffer *
     /*
      * Skip over header
      */
-    buf->start += sizeof (struct payload_hdr);
-    buf->len -= sizeof (struct payload_hdr);
+    _u16 offset = ((struct payload_hdr*)(buf->start))->o_size;  // For FIXME:
+    buf->start += sizeof(struct payload_hdr) + offset;
+    buf->len -= sizeof(struct payload_hdr) + offset;

     c->rx_pkts++;
     c->rx_bytes += buf->len;
--- xl2tpd-1.2.7+dfsg.orig/call.c
+++ xl2tpd-1.2.7+dfsg/call.c
@@ -52,8 +52,8 @@ void add_payload_hdr (struct tunnel *t,
     buf->start -= sizeof (struct payload_hdr);
     buf->len += sizeof (struct payload_hdr);
     /* Account for no offset */
-    buf->start += 4;
-    buf->len -= 4;
+    buf->start += 2;
+    buf->len -= 2;
     if (!c->fbit && !c->ourfbit)
     {
         /* Forget about Ns and Nr fields then */
--- xl2tpd-1.2.7+dfsg.orig/l2tp.h
+++ xl2tpd-1.2.7+dfsg/l2tp.h
@@ -82,7 +82,7 @@ struct payload_hdr
     _u16 Ns;                    /* Optional next sent */
     _u16 Nr;                    /* Optional next received */
     _u16 o_size;                /* Optional offset size */
-    _u16 o_pad;                 /* Optional offset padding */
+//    _u16 o_pad;                 /* Optional offset padding */
 } __attribute__((packed));

 #define NZL_TIMEOUT_DIVISOR 4   /* Divide TIMEOUT by this and



-- System Information:
Debian Release: 6.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages xl2tpd depends on:
ii  libc6                         2.11.2-10  Embedded GNU C Library: Shared lib
ii  libpcap0.8                    1.1.1-2    system interface for user-level pa
ii  ppp                           2.4.5-4    Point-to-Point Protocol (PPP) - da

xl2tpd recommends no packages.

xl2tpd suggests no packages.

-- Configuration Files:
/etc/init.d/xl2tpd changed [not included]
/etc/xl2tpd/l2tp-secrets [Errno 13] Permission denied: 
u'/etc/xl2tpd/l2tp-secrets'
/etc/xl2tpd/xl2tpd.conf changed [not included]

-- no debconf information

--- xl2tpd-1.2.7+dfsg.orig/network.c
+++ xl2tpd-1.2.7+dfsg/network.c
@@ -153,7 +153,7 @@ inline void fix_hdr (void *buf)
     {
         int len = 6;
         if (PSBIT (ver))
-            len += 4;
+            len += 2;
         if (PLBIT (ver))
             len += 2;
         if (PFBIT (ver))
--- xl2tpd-1.2.7+dfsg.orig/control.c
+++ xl2tpd-1.2.7+dfsg/control.c
@@ -1299,7 +1299,7 @@ inline int check_payload (struct buffer
 			}
 		} */
         if (PSBIT (h->ver))
-            ehlen += 4;         /* Offset information */
+            ehlen += 2;         /* Offset information */
         if (PLBIT (h->ver))
             ehlen += h->length; /* include length if available */
         if (PVER (h->ver) != VER_L2TP)
@@ -1365,7 +1365,7 @@ inline int expand_payload (struct buffer
     if (!PFBIT (h->ver))
         ehlen += 4;             /* Should have Ns and Nr too */
     if (!PSBIT (h->ver))
-        ehlen += 4;             /* Offset information */
+        ehlen += 2;             /* Offset information */
     if (ehlen)
     {
         /*
@@ -1410,13 +1410,13 @@ inline int expand_payload (struct buffer
         {
             r++;
             new_hdr->o_size = *r;
-            r++;
-            new_hdr->o_pad = *r;
+//            r++;
+//            new_hdr->o_pad = *r;
         }
         else
         {
             new_hdr->o_size = 0;
-            new_hdr->o_pad = 0;
+//            new_hdr->o_pad = 0;
         }
     }
     else
@@ -1548,8 +1548,9 @@ inline int write_packet (struct buffer *
     /*
      * Skip over header 
      */
-    buf->start += sizeof (struct payload_hdr);
-    buf->len -= sizeof (struct payload_hdr);
+    _u16 offset = ((struct payload_hdr*)(buf->start))->o_size;  // For FIXME:
+    buf->start += sizeof(struct payload_hdr) + offset;
+    buf->len -= sizeof(struct payload_hdr) + offset;
 
     c->rx_pkts++;
     c->rx_bytes += buf->len;
--- xl2tpd-1.2.7+dfsg.orig/call.c
+++ xl2tpd-1.2.7+dfsg/call.c
@@ -52,8 +52,8 @@ void add_payload_hdr (struct tunnel *t,
     buf->start -= sizeof (struct payload_hdr);
     buf->len += sizeof (struct payload_hdr);
     /* Account for no offset */
-    buf->start += 4;
-    buf->len -= 4;
+    buf->start += 2;
+    buf->len -= 2;
     if (!c->fbit && !c->ourfbit)
     {
         /* Forget about Ns and Nr fields then */
--- xl2tpd-1.2.7+dfsg.orig/l2tp.h
+++ xl2tpd-1.2.7+dfsg/l2tp.h
@@ -82,7 +82,7 @@ struct payload_hdr
     _u16 Ns;                    /* Optional next sent */
     _u16 Nr;                    /* Optional next received */
     _u16 o_size;                /* Optional offset size */
-    _u16 o_pad;                 /* Optional offset padding */
+//    _u16 o_pad;                 /* Optional offset padding */
 } __attribute__((packed));
 
 #define NZL_TIMEOUT_DIVISOR 4   /* Divide TIMEOUT by this and

Reply via email to