diff options
author | Guillaume Nault <g.nault@alphalink.fr> | 2013-02-13 13:48:51 +0100 |
---|---|---|
committer | Kozlov Dmitry <xeb@mail.ru> | 2013-02-13 17:24:03 +0400 |
commit | 7e14fe6e37890591e4d6c9a0f36b5ac19571a14e (patch) | |
tree | af09e6ec5c9bf5d513a45f9d86864d977b2b627b | |
parent | 2e1caa1445b51000bc3695b0f55753f533468839 (diff) | |
download | accel-ppp-xebd-7e14fe6e37890591e4d6c9a0f36b5ac19571a14e.tar.gz accel-ppp-xebd-7e14fe6e37890591e4d6c9a0f36b5ac19571a14e.zip |
l2tp: Check for IP range before creating new tunnels
Refuse to initiate tunnel creation to peers not defined in the
"client-ip-range" configuration section.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
-rw-r--r-- | accel-pppd/ctrl/l2tp/l2tp.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index 7e990d0..e41bb00 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -2458,6 +2458,13 @@ static int l2tp_create_tunnel_exec(const char *cmd, char * const *fields, if (peer.sin_family == AF_UNSPEC) return CLI_CMD_SYNTAX; + if (iprange_client_check(peer.sin_addr.s_addr) < 0) { + char addr[17]; + u_inet_ntoa(peer.sin_addr.s_addr, addr); + cli_sendv(client, "Peer address %s out of IP range\r\n", addr); + return CLI_CMD_INVAL; + } + conn = l2tp_tunnel_alloc(&peer, &host, 3, lns_mode); if (conn == NULL) return CLI_CMD_FAILED; |