From 99951ab338a1727150b312fca914631dcf838201 Mon Sep 17 00:00:00 2001 From: Gabriel Jeanneau Date: Tue, 7 Dec 2021 17:42:26 +0100 Subject: accel-pppd: Fix buildroot compilation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CMAKE_FIND_ROOT_PATH variable is a list of pathes used by CMAKE to find packages and library for compilation. It should not be used for installation as : - it is a list - it points to staging folder of packaging tools. So let's use a more standard CMAKE code to make sure files and folders are actually installed in target destination. Signed-off-by: Gabriel Jeanneau Signed-off-by: Stéphane Gonauer --- accel-pppd/CMakeLists.txt | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/accel-pppd/CMakeLists.txt b/accel-pppd/CMakeLists.txt index 23a1d0a..ab8a350 100644 --- a/accel-pppd/CMakeLists.txt +++ b/accel-pppd/CMakeLists.txt @@ -1,6 +1,8 @@ SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fvisibility=hidden") ADD_DEFINITIONS(-DPTHREAD_SPINLOCK) +include(GNUInstallDirs) + INCLUDE_DIRECTORIES(include) IF (MEMDEBUG) @@ -134,9 +136,9 @@ INSTALL(TARGETS accel-pppd INSTALL(FILES accel-ppp.conf.5 DESTINATION share/man/man5) IF (NOT DEFINED CPACK_TYPE) - INSTALL(FILES accel-ppp.conf DESTINATION ${CMAKE_FIND_ROOT_PATH}/etc RENAME accel-ppp.conf.dist) + INSTALL(FILES accel-ppp.conf DESTINATION "${CMAKE_INSTALL_SYSCONFDIR}" RENAME accel-ppp.conf.dist) - INSTALL(CODE "EXECUTE_PROCESS(COMMAND mkdir -p ${CMAKE_FIND_ROOT_PATH}/var/log/accel-ppp)") - INSTALL(CODE "EXECUTE_PROCESS(COMMAND mkdir -p ${CMAKE_FIND_ROOT_PATH}/var/lib/accel-ppp)") + INSTALL(DIRECTORY DESTINATION "${CMAKE_INSTALL_LOCALSTATEDIR}/log/accel-ppp") + INSTALL(DIRECTORY DESTINATION "${CMAKE_INSTALL_LOCALSTATEDIR}/lib/accel-ppp") ENDIF (NOT DEFINED CPACK_TYPE) -- cgit v1.2.3 From 57d5aa43123b8a8243e8e8e6971597afe352f9ed Mon Sep 17 00:00:00 2001 From: Gabriel Jeanneau Date: Thu, 13 Jan 2022 11:59:49 +0100 Subject: ppp_chan_read: check unit_hnd avoiding proto rej When receiving IPCP packet on channel handler, check unit handler to avoid sending a LCP Protocol Reject because ppp unit has not been created yet. This patch allows accel-ppp to handle higher pressure (handle 300 connections per second). Signed-off-by: Gabriel Jeanneau --- accel-pppd/ppp/ppp.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/accel-pppd/ppp/ppp.c b/accel-pppd/ppp/ppp.c index 49b53b1..8a4cce7 100644 --- a/accel-pppd/ppp/ppp.c +++ b/accel-pppd/ppp/ppp.c @@ -430,6 +430,11 @@ cont: } } + list_for_each_entry(ppp_h, &ppp->unit_handlers, entry) { + if (ppp_h->proto == proto) + goto cont; + } + lcp_send_proto_rej(ppp, proto); //log_ppp_warn("ppp_chan_read: discarding unknown packet %x\n", proto); } -- cgit v1.2.3 From c66678018c1f111bb361c8f2069c67c725ec9e1c Mon Sep 17 00:00:00 2001 From: Gabriel Jeanneau Date: Mon, 17 Jan 2022 15:18:27 +0100 Subject: triton: fix use after free in timer.c When using pppd_compat module, accel-ppp crash with SIGBUS on spin_lock(&t->ctx->lock) of timer_thread. When a moduile call triton_timer_del, fd are close without taking into account epoll function and without removing from polled fd list. File descriptor are removed from polled fd list and then close in timer_thread avoiding use after free. Fixes: 5bac5a2edb7b ("rewriting triton library...") Signed-off-by: Gabriel Jeanneau --- accel-pppd/triton/timer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/accel-pppd/triton/timer.c b/accel-pppd/triton/timer.c index 744b10b..5b5d953 100644 --- a/accel-pppd/triton/timer.c +++ b/accel-pppd/triton/timer.c @@ -108,6 +108,8 @@ void *timer_thread(void *arg) while (!list_empty(&freed_list2)) { t = list_entry(freed_list2.next, typeof(*t), entry); + epoll_ctl(epoll_fd,EPOLL_CTL_DEL, t->fd, &t->epoll_event); + close(t->fd); list_del(&t->entry); triton_context_release(t->ctx); mempool_free(t); @@ -199,8 +201,6 @@ void __export triton_timer_del(struct triton_timer_t *ud) { struct _triton_timer_t *t = (struct _triton_timer_t *)ud->tpd; - close(t->fd); - spin_lock(&t->ctx->lock); t->ud = NULL; list_del(&t->entry); -- cgit v1.2.3 From 39a9eb807ade35cf60edc6f2e209ed74ba1d262f Mon Sep 17 00:00:00 2001 From: Gabriel Jeanneau Date: Fri, 21 Jan 2022 13:59:49 +0100 Subject: auth: fix CHAP challenge with ixia here is the structure of CHAP challenge message for PPP: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Code | Identifier | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value-Size | Value ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Name ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ When sending a CHAP challenge, accel-ppp set NAME to NULL. According to RFC 1994 (PPP CHAP), this field should neither be NULL nor be equal to CR/LF. As ixia does not recognize AUthentication packet when this field is NULL, we set it to "accel-ppp" by default. In MS-CHAPv1 and MS-CHAPv2, authenticator does not provide information in Name field. Signed-off-by: Gabriel Jeanneau --- accel-pppd/auth/auth_chap_md5.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/accel-pppd/auth/auth_chap_md5.c b/accel-pppd/auth/auth_chap_md5.c index c0d78c8..d398233 100644 --- a/accel-pppd/auth/auth_chap_md5.c +++ b/accel-pppd/auth/auth_chap_md5.c @@ -220,26 +220,31 @@ static void chap_send_success(struct chap_auth_data *ad, int id) static void chap_send_challenge(struct chap_auth_data *ad, int new) { - struct chap_challenge msg = { - .hdr.proto = htons(PPP_CHAP), - .hdr.code = CHAP_CHALLENGE, - .hdr.id = ad->id, - .hdr.len = htons(sizeof(msg) - 2), - .val_size = VALUE_SIZE, +#define CHAP_CHALLENGE_NAME "accel-ppp" + struct { + struct chap_challenge m; + char name[sizeof(CHAP_CHALLENGE_NAME)]; + } __attribute__((packed)) msg = { + .m.hdr.proto = htons(PPP_CHAP), + .m.hdr.code = CHAP_CHALLENGE, + .m.hdr.id = ad->id, + .m.hdr.len = htons(sizeof(struct chap_challenge) - 2 + strlen(CHAP_CHALLENGE_NAME)), + .m.val_size = VALUE_SIZE, + .name = CHAP_CHALLENGE_NAME, }; if (new) read(urandom_fd, ad->val, VALUE_SIZE); - memcpy(msg.val, ad->val, VALUE_SIZE); + memcpy(msg.m.val, ad->val, VALUE_SIZE); if (conf_ppp_verbose) { - log_ppp_info2("send [CHAP Challenge id=%x <", msg.hdr.id); - print_buf(msg.val, VALUE_SIZE); + log_ppp_info2("send [CHAP Challenge id=%x <", msg.m.hdr.id); + print_buf(msg.m.val, VALUE_SIZE); log_ppp_info2(">]\n"); } - ppp_chan_send(ad->ppp, &msg, ntohs(msg.hdr.len) + 2); + ppp_chan_send(ad->ppp, &msg, ntohs(msg.m.hdr.len) + 2); if (conf_timeout && !ad->timeout.tpd) triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->timeout, 0); -- cgit v1.2.3