diff options
| author | Kozlov Dmitry <dima@server> | 2010-09-09 18:26:02 +0400 |
|---|---|---|
| committer | Kozlov Dmitry <dima@server> | 2010-09-09 18:29:47 +0400 |
| commit | 35d38d2c3f3db22216d43604b8750ecb6089e525 (patch) | |
| tree | f599fea448c4aacdd96cabf10fee88aa7bdb57aa /accel-pptpd/ctrl | |
| parent | eac0adf4b2b038690c761a126cb3e55a888060df (diff) | |
| download | accel-ppp-xebd-35d38d2c3f3db22216d43604b8750ecb6089e525.tar.gz accel-ppp-xebd-35d38d2c3f3db22216d43604b8750ecb6089e525.zip | |
iprange: implemneted modules iprange to validate ip addresses of controlling connection and tunnel
It will check that ip address of tunnel is not in range of clients ip addresses.
This will avoid kernel softlockups due to loopback occured.
Diffstat (limited to 'accel-pptpd/ctrl')
| -rw-r--r-- | accel-pptpd/ctrl/pptp.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/accel-pptpd/ctrl/pptp.c b/accel-pptpd/ctrl/pptp.c index 3a3c242..38f8473 100644 --- a/accel-pptpd/ctrl/pptp.c +++ b/accel-pptpd/ctrl/pptp.c @@ -17,7 +17,7 @@ #include "triton.h" #include "log.h" #include "ppp.h" - +#include "iprange.h" #define STATE_IDLE 0 #define STATE_ESTB 1 @@ -477,6 +477,12 @@ static int pptp_connect(struct triton_md_handler_t *h) log_info("pptp: new connection from %s\n", inet_ntoa(addr.sin_addr)); + if (iprange_client_check(addr.sin_addr.s_addr)) { + log_warn("pptp: IP is out of client-ip-range, droping connection...\n"); + close(sock); + continue; + } + if (fcntl(sock, F_SETFL, O_NONBLOCK)) { log_error("pptp: failed to set nonblocking mode: %s, closing connection...\n", strerror(errno)); close(sock); |