On Wed, 26 Sep 2012 14:44:58 +0900 (JST)
YASUOKA Masahiko <[email protected]> wrote:
> On Tue, 25 Sep 2012 16:16:12 +0200
> csszep <[email protected]> wrote:
>> I wanted to try a simple npppd setup and i got a panic.
>
> I'm looking into this problem and fixing it. But it will take more
> days.
oops, I forgot about this bug
> To workaround the problem, please add
>
> mppe no
>
> to the tunnel configuration.
Can you try below diff instead of the above workaround?
Index: sys/net/pipex.c
===================================================================
RCS file: /cvs/src/sys/net/pipex.c,v
retrieving revision 1.37
diff -u -p -r1.37 pipex.c
--- sys/net/pipex.c 14 Dec 2012 01:19:26 -0000 1.37
+++ sys/net/pipex.c 13 Feb 2013 14:55:16 -0000
@@ -396,14 +396,24 @@ pipex_add_session(struct pipex_session_r
}
#endif
#ifdef PIPEX_MPPE
- if ((req->pr_ppp_flags & PIPEX_PPP_MPPE_ACCEPTED) != 0)
+ if ((req->pr_ppp_flags & PIPEX_PPP_MPPE_ACCEPTED) != 0) {
+ if (req->pr_mppe_recv.keylenbits <= 0) {
+ free(session, M_TEMP);
+ return (EINVAL);
+ }
pipex_session_init_mppe_recv(session,
req->pr_mppe_recv.stateless, req->pr_mppe_recv.keylenbits,
req->pr_mppe_recv.master_key);
- if ((req->pr_ppp_flags & PIPEX_PPP_MPPE_ENABLED) != 0)
+ }
+ if ((req->pr_ppp_flags & PIPEX_PPP_MPPE_ENABLED) != 0) {
+ if (req->pr_mppe_send.keylenbits <= 0) {
+ free(session, M_TEMP);
+ return (EINVAL);
+ }
pipex_session_init_mppe_send(session,
req->pr_mppe_send.stateless, req->pr_mppe_send.keylenbits,
req->pr_mppe_send.master_key);
+ }
if (pipex_session_is_mppe_required(session)) {
if (!pipex_session_is_mppe_enabled(session) ||
Index: usr.sbin/npppd/npppd/mppe.c
===================================================================
RCS file: /cvs/src/usr.sbin/npppd/npppd/mppe.c,v
retrieving revision 1.9
diff -u -p -r1.9 mppe.c
--- usr.sbin/npppd/npppd/mppe.c 19 Dec 2012 09:23:54 -0000 1.9
+++ usr.sbin/npppd/npppd/mppe.c 13 Feb 2013 14:55:16 -0000
@@ -119,9 +119,6 @@ mppe_init(mppe *_this, npppd_ppp *ppp)
_this->required = conf->mppe_required;
- if (_this->required == 0)
- goto mppe_config_done;
-
if (conf->mppe_keystate == (NPPPD_MPPE_STATEFUL|NPPPD_MPPE_STATELESS)) {
/* no need to change from default. */
} else if (conf->mppe_keystate == NPPPD_MPPE_STATELESS) {
@@ -230,21 +227,21 @@ mppe_start(mppe *_this)
_this->recv.keybits = 128;
}
- mppe_rc4_init(_this, &_this->send, 0);
- mppe_rc4_init(_this, &_this->recv, _this->recv.stateless);
-
- GetNewKeyFromSHA(_this->recv.master_key, _this->recv.master_key,
- _this->recv.keylen, _this->recv.session_key);
- GetNewKeyFromSHA(_this->send.master_key, _this->send.master_key,
- _this->send.keylen, _this->send.session_key);
-
- mppe_reduce_key(&_this->recv);
- mppe_reduce_key(&_this->send);
-
- mppe_rc4_setkey(_this, &_this->recv);
- mppe_rc4_setkey(_this, &_this->send);
+ if (_this->send.keybits > 0) {
+ mppe_rc4_init(_this, &_this->send, 0);
+ GetNewKeyFromSHA(_this->send.master_key, _this->send.master_key,
+ _this->send.keylen, _this->send.session_key);
+ mppe_reduce_key(&_this->send);
+ mppe_rc4_setkey(_this, &_this->send);
+ }
+ if (_this->recv.keybits > 0) {
+ mppe_rc4_init(_this, &_this->recv, _this->recv.stateless);
+ GetNewKeyFromSHA(_this->recv.master_key, _this->recv.master_key,
+ _this->recv.keylen, _this->recv.session_key);
+ mppe_reduce_key(&_this->recv);
+ mppe_rc4_setkey(_this, &_this->recv);
+ }
}
-
/**
* creating the mppe bits. In case of first proposal, it specifies the
Index: usr.sbin/npppd/npppd/npppd.c
===================================================================
RCS file: /cvs/src/usr.sbin/npppd/npppd/npppd.c,v
retrieving revision 1.26
diff -u -p -r1.26 npppd.c
--- usr.sbin/npppd/npppd/npppd.c 5 Dec 2012 23:20:26 -0000 1.26
+++ usr.sbin/npppd/npppd/npppd.c 13 Feb 2013 14:55:17 -0000
@@ -899,19 +899,21 @@ pipex_setup_common(npppd_ppp *ppp, struc
#ifdef USE_NPPPD_MPPE
req->pr_ccp_id = ppp->ccp.fsm.id;
- memcpy(req->pr_mppe_send.master_key,
- ppp->mppe.send.master_key, sizeof(req->pr_mppe_send.master_key));
- req->pr_mppe_send.stateless = ppp->mppe.send.stateless;
- req->pr_mppe_send.keylenbits = ppp->mppe.send.keybits;
-
- memcpy(req->pr_mppe_recv.master_key,
- ppp->mppe.recv.master_key, sizeof(req->pr_mppe_recv.master_key));
- req->pr_mppe_recv.stateless = ppp->mppe.recv.stateless;
- req->pr_mppe_recv.keylenbits = ppp->mppe.recv.keybits;
-
- if (ppp->mppe_started != 0) {
- req->pr_ppp_flags |= PIPEX_PPP_MPPE_ACCEPTED;
+ if (ppp->mppe.send.keybits) {
+ memcpy(req->pr_mppe_send.master_key,
+ ppp->mppe.send.master_key,
+ sizeof(req->pr_mppe_send.master_key));
+ req->pr_mppe_send.stateless = ppp->mppe.send.stateless;
+ req->pr_mppe_send.keylenbits = ppp->mppe.send.keybits;
req->pr_ppp_flags |= PIPEX_PPP_MPPE_ENABLED;
+ }
+ if (ppp->mppe.recv.keybits > 0) {
+ memcpy(req->pr_mppe_recv.master_key,
+ ppp->mppe.recv.master_key,
+ sizeof(req->pr_mppe_recv.master_key));
+ req->pr_mppe_recv.stateless = ppp->mppe.recv.stateless;
+ req->pr_mppe_recv.keylenbits = ppp->mppe.recv.keybits;
+ req->pr_ppp_flags |= PIPEX_PPP_MPPE_ACCEPTED;
}
if (ppp->mppe.required)
req->pr_ppp_flags |= PIPEX_PPP_MPPE_REQUIRED;
Index: usr.sbin/npppd/npppd/npppd_iface.c
===================================================================
RCS file: /cvs/src/usr.sbin/npppd/npppd/npppd_iface.c,v
retrieving revision 1.7
diff -u -p -r1.7 npppd_iface.c
--- usr.sbin/npppd/npppd/npppd_iface.c 18 Sep 2012 13:14:08 -0000 1.7
+++ usr.sbin/npppd/npppd/npppd_iface.c 13 Feb 2013 14:55:17 -0000
@@ -467,7 +467,7 @@ npppd_iface_network_input_delegate(struc
if (ppp_iface(ppp) != args->_this)
return 0;
#ifdef USE_NPPPD_MPPE
- if (MPPE_READY(ppp)) {
+ if (MPPE_SEND_READY(ppp)) {
/* output via MPPE if MPPE started */
mppe_pkt_output(&ppp->mppe, PPP_PROTO_IP, args->pktp,
args->lpktp);
@@ -528,7 +528,7 @@ npppd_iface_network_input_ipv4(npppd_ifa
ppp_reset_idle_timeout(ppp);
#ifdef USE_NPPPD_MPPE
- if (MPPE_READY(ppp)) {
+ if (MPPE_SEND_READY(ppp)) {
/* output via MPPE if MPPE started */
mppe_pkt_output(&ppp->mppe, PPP_PROTO_IP, pktp, lpktp);
return;
Index: usr.sbin/npppd/npppd/ppp.c
===================================================================
RCS file: /cvs/src/usr.sbin/npppd/npppd/ppp.c,v
retrieving revision 1.17
diff -u -p -r1.17 ppp.c
--- usr.sbin/npppd/npppd/ppp.c 7 Jan 2013 18:12:08 -0000 1.17
+++ usr.sbin/npppd/npppd/ppp.c 13 Feb 2013 14:55:18 -0000
@@ -869,7 +869,7 @@ ppp_recv_packet(npppd_ppp *_this, unsign
return 1;
}
- if (MPPE_READY(_this)) {
+ if (MPPE_RECV_READY(_this)) {
/* MPPE is opened but naked ip packet */
ppp_log(_this, LOG_WARNING,
"mppe is available but received naked IP.");
@@ -879,7 +879,7 @@ ppp_recv_packet(npppd_ppp *_this, unsign
break;
case PPP_PROTO_MPPE:
#ifdef USE_NPPPD_MPPE
- if (_this->mppe_started == 0) {
+ if (!MPPE_RECV_READY(_this)) {
#else
{
#endif
Index: usr.sbin/npppd/npppd/ppp.h
===================================================================
RCS file: /cvs/src/usr.sbin/npppd/npppd/ppp.h,v
retrieving revision 1.14
diff -u -p -r1.14 ppp.h
--- usr.sbin/npppd/npppd/ppp.h 7 Jan 2013 18:12:08 -0000 1.14
+++ usr.sbin/npppd/npppd/ppp.h 13 Feb 2013 14:55:18 -0000
@@ -645,7 +645,11 @@ typedef struct _dialin_proxy_info {
(((ppp)->mppe.enabled != 0) && ((ppp)->mppe.required != 0))
/** MPPE is ready to use */
-#define MPPE_READY(ppp) ((ppp)->mppe_started != 0)
+#define MPPE_SEND_READY(ppp) \
+ ((ppp)->mppe_started != 0 && (ppp)->mppe.send.keybits > 0)
+#define MPPE_RECV_READY(ppp) \
+ ((ppp)->mppe_started != 0 && (ppp)->mppe.recv.keybits > 0)
+
/* Adapted from NetBSD:/usr/src/usr.sbin/pppd/pppd/pppd.h */
/*
