l2tp: Check for IP range before creating new tunnels

Refuse to initiate tunnel creation to peers not defined in the "client-ip-range" configuration section. Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
author: Guillaume Nault <g.nault@alphalink.fr> 2013-02-13 13:48:51 +0100
committer: Kozlov Dmitry <xeb@mail.ru> 2013-02-13 17:24:03 +0400
commit: 7e14fe6e37890591e4d6c9a0f36b5ac19571a14e (patch)
tree: af09e6ec5c9bf5d513a45f9d86864d977b2b627b
parent: 2e1caa1445b51000bc3695b0f55753f533468839 (diff)
download: accel-ppp-xebd-7e14fe6e37890591e4d6c9a0f36b5ac19571a14e.tar.gz
accel-ppp-xebd-7e14fe6e37890591e4d6c9a0f36b5ac19571a14e.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c
index 7e990d0..e41bb00 100644
--- a/accel-pppd/ctrl/l2tp/l2tp.c
+++ b/accel-pppd/ctrl/l2tp/l2tp.c
@@ -2458,6 +2458,13 @@ static int l2tp_create_tunnel_exec(const char *cmd, char * const *fields,
 	if (peer.sin_family == AF_UNSPEC)
 		return CLI_CMD_SYNTAX;
 
+	if (iprange_client_check(peer.sin_addr.s_addr) < 0) {
+		char addr[17];
+		u_inet_ntoa(peer.sin_addr.s_addr, addr);
+		cli_sendv(client, "Peer address %s out of IP range\r\n", addr);
+		return CLI_CMD_INVAL;
+	}
+
 	conn = l2tp_tunnel_alloc(&peer, &host, 3, lns_mode);
 	if (conn == NULL)
 		return CLI_CMD_FAILED;
author	Guillaume Nault <g.nault@alphalink.fr>	2013-02-13 13:48:51 +0100
committer	Kozlov Dmitry <xeb@mail.ru>	2013-02-13 17:24:03 +0400
commit	7e14fe6e37890591e4d6c9a0f36b5ac19571a14e (patch)
tree	af09e6ec5c9bf5d513a45f9d86864d977b2b627b
parent	2e1caa1445b51000bc3695b0f55753f533468839 (diff)
download	accel-ppp-xebd-7e14fe6e37890591e4d6c9a0f36b5ac19571a14e.tar.gz accel-ppp-xebd-7e14fe6e37890591e4d6c9a0f36b5ac19571a14e.zip