From 97f48a155a49e370a5db25dcdbb61dfb6b084382 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 26 Jun 2013 20:49:48 +0200 Subject: connlimit: Initialise connlimit key (MAC) Initialise 'key' before calling memcpy() to ensure that all bytes are set in the return value. Signed-off-by: Guillaume Nault --- accel-pppd/include/connlimit.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'accel-pppd') diff --git a/accel-pppd/include/connlimit.h b/accel-pppd/include/connlimit.h index a5645ee..8711cf8 100644 --- a/accel-pppd/include/connlimit.h +++ b/accel-pppd/include/connlimit.h @@ -11,7 +11,7 @@ static inline uint64_t cl_key_from_mac(uint8_t hw[6]) union { uint8_t hw[6]; uint64_t key; - } key; + } key = {{ 0 }}; memcpy(key.hw, hw, sizeof(key.hw)); -- cgit v1.2.3 From cafc6f2c69d908f7b534fa3792029d3704b2fe88 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 26 Jun 2013 20:49:54 +0200 Subject: pppoe: Fix mppe option section Read the 'mppe' option value in section 'pppoe' instead of 'l2tp'. Signed-off-by: Guillaume Nault --- accel-pppd/ctrl/pppoe/pppoe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'accel-pppd') diff --git a/accel-pppd/ctrl/pppoe/pppoe.c b/accel-pppd/ctrl/pppoe/pppoe.c index b01369d..21051ed 100644 --- a/accel-pppd/ctrl/pppoe/pppoe.c +++ b/accel-pppd/ctrl/pppoe/pppoe.c @@ -1478,7 +1478,7 @@ static void load_config(void) conf_padi_limit = atoi(opt); conf_mppe = MPPE_UNSET; - opt = conf_get_opt("l2tp", "mppe"); + opt = conf_get_opt("pppoe", "mppe"); if (opt) { if (strcmp(opt, "deny") == 0) conf_mppe = MPPE_DENY; -- cgit v1.2.3 From ca024045c6f8b1fd19c928db861c3437bdc705a6 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 26 Jun 2013 20:50:19 +0200 Subject: l2tp: Unset ephemeral ports by default Disable use of ephemeral ports by default since it poses problems with NAT and wasn't used in earlier versions of accel-ppp. Signed-off-by: Guillaume Nault --- accel-pppd/accel-ppp.conf.5 | 2 +- accel-pppd/ctrl/l2tp/l2tp.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 index 2397023..2faf2ab 100644 --- a/accel-pppd/accel-ppp.conf.5 +++ b/accel-pppd/accel-ppp.conf.5 @@ -462,7 +462,7 @@ AVPs that support it). Specifies if an arbitrary source port is used when replying to a tunnel establishment request. When this option is deactivated, the destination port of the incoming request (SCCRQ) is used as source port for the -reply (SCCRP). Default value is 1. +reply (SCCRP). Default value is 0. .SH [radius] .br Configuration of RADIUS module. diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index 5f73193..146a03e 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -52,7 +52,7 @@ int conf_verbose = 0; int conf_hide_avps = 0; int conf_avp_permissive = 0; static int conf_port = L2TP_PORT; -static int conf_ephemeral_ports = 1; +static int conf_ephemeral_ports = 0; static int conf_timeout = 60; static int conf_rtimeout = 5; static int conf_retransmit = 5; -- cgit v1.2.3 From 6bf07eec92361996df794552e7e4f2ea36886b33 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 26 Jun 2013 20:50:52 +0200 Subject: l2tp: Close tunnel's PPPoL2TP socket The PPPoL2TP socket created upon tunnel connection is never used afterwards. It can be closed right after associating (connecting) the tunnel with the underlying UDP socket (kernel won't cleanup a tunnel as long as its UDP socket is open). Signed-off-by: Vladislav Grishenko Signed-off-by: Guillaume Nault --- accel-pppd/ctrl/l2tp/l2tp.c | 38 ++++++++++++++++---------------------- 1 file changed, 16 insertions(+), 22 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index 146a03e..d81516e 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -97,8 +97,6 @@ struct l2tp_conn_t struct triton_timer_t rtimeout_timer; struct triton_timer_t hello_timer; - int tunnel_fd; - struct sockaddr_in peer_addr; struct sockaddr_in host_addr; uint16_t tid; @@ -706,9 +704,6 @@ static void l2tp_tunnel_free(struct l2tp_conn_t *conn) l2tp_conn[conn->tid] = NULL; pthread_mutex_unlock(&l2tp_lock); - if (conn->tunnel_fd != -1) - close(conn->tunnel_fd); - if (conn->ctx.tpd) triton_context_unregister(&conn->ctx); @@ -1123,8 +1118,6 @@ static struct l2tp_conn_t *l2tp_tunnel_alloc(const struct sockaddr_in *peer, conn->hello_timer.expire = l2tp_send_HELLO; conn->hello_timer.period = conf_hello_interval * 1000; - conn->tunnel_fd = -1; - conn->sessions = NULL; conn->sess_count = 0; conn->lns_mode = lns_mode; @@ -1269,6 +1262,7 @@ out_err: static int l2tp_tunnel_connect(struct l2tp_conn_t *conn) { struct sockaddr_pppol2tp pppox_addr; + int tunnel_fd; int flg; memset(&pppox_addr, 0, sizeof(pppox_addr)); @@ -1280,31 +1274,31 @@ static int l2tp_tunnel_connect(struct l2tp_conn_t *conn) pppox_addr.pppol2tp.s_tunnel = conn->tid; pppox_addr.pppol2tp.d_tunnel = conn->peer_tid; - conn->tunnel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); - if (conn->tunnel_fd < 0) { + tunnel_fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP); + if (tunnel_fd < 0) { log_tunnel(log_error, conn, "impossible to connect tunnel:" " socket(AF_PPPOX) failed: %s\n", strerror(errno)); - goto out_err; + goto err; } - flg = fcntl(conn->tunnel_fd, F_GETFD); + flg = fcntl(tunnel_fd, F_GETFD); if (flg < 0) { log_tunnel(log_error, conn, "impossible to connect tunnel:" " fcntl(F_GETFD) failed: %s\n", strerror(errno)); - goto out_err; + goto err_fd; } - flg = fcntl(conn->tunnel_fd, F_SETFD, flg | FD_CLOEXEC); + flg = fcntl(tunnel_fd, F_SETFD, flg | FD_CLOEXEC); if (flg < 0) { log_tunnel(log_error, conn, "impossible to connect tunnel:" " fcntl(F_SETFD) failed: %s\n", strerror(errno)); - goto out_err; + goto err_fd; } - if (connect(conn->tunnel_fd, + if (connect(tunnel_fd, (struct sockaddr *)&pppox_addr, sizeof(pppox_addr)) < 0) { log_tunnel(log_error, conn, "impossible to connect tunnel:" " connect() failed: %s\n", strerror(errno)); - goto out_err; + goto err_fd; } if (conf_hello_interval) @@ -1312,19 +1306,19 @@ static int l2tp_tunnel_connect(struct l2tp_conn_t *conn) log_tunnel(log_error, conn, "impossible to connect tunnel:" " setting HELLO timer failed\n"); - goto out_err; + goto err_fd; } if (conn->timeout_timer.tpd) triton_timer_del(&conn->timeout_timer); + close(tunnel_fd); + return 0; -out_err: - if (conn->tunnel_fd >= 0) { - close(conn->tunnel_fd); - conn->tunnel_fd = -1; - } +err_fd: + close(tunnel_fd); +err: return -1; } -- cgit v1.2.3 From 2a3606e352b9826b37ffc1414b60dd6a4f5c7b8e Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 26 Jun 2013 20:51:00 +0200 Subject: session: Remove unused call to time() 't' is set using time() but never used afterwards. Signed-off-by: Guillaume Nault --- accel-pppd/session.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/session.c b/accel-pppd/session.c index c6d0a3f..1efad5e 100644 --- a/accel-pppd/session.c +++ b/accel-pppd/session.c @@ -274,7 +274,6 @@ static void generate_sessionid(struct ap_session *ses) int __export ap_session_read_stats(struct ap_session *ses, struct rtnl_link_stats *stats) { struct rtnl_link_stats lstats; - time_t t; if (ses->ifindex == -1) return -1; @@ -282,8 +281,6 @@ int __export ap_session_read_stats(struct ap_session *ses, struct rtnl_link_stat if (!stats) stats = &lstats; - time(&t); - if (iplink_get_stats(ses->ifindex, stats)) { log_ppp_warn("failed to get interface statistics\n"); return -1; -- cgit v1.2.3 From 49b348dd38dcf89a057abebc0ffdf73748effa0a Mon Sep 17 00:00:00 2001 From: Dmitry Kozlov Date: Sun, 30 Jun 2013 11:26:02 +0400 Subject: mempool: set/check magic only if MEMDEBUG defined --- accel-pppd/triton/mempool.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/triton/mempool.c b/accel-pppd/triton/mempool.c index 5323771..ef563e9 100644 --- a/accel-pppd/triton/mempool.c +++ b/accel-pppd/triton/mempool.c @@ -29,9 +29,9 @@ struct _mempool_t struct list_head items; #ifdef MEMDEBUG struct list_head ditems; + uint64_t magic; #endif spinlock_t lock; - uint64_t magic; int mmap:1; int objects; }; @@ -46,9 +46,9 @@ struct _item_t #ifdef MEMDEBUG const char *fname; int line; -#endif uint64_t magic2; uint64_t magic1; +#endif char ptr[0]; }; @@ -69,10 +69,10 @@ mempool_t __export *mempool_create(int size) INIT_LIST_HEAD(&p->items); #ifdef MEMDEBUG INIT_LIST_HEAD(&p->ditems); + p->magic = (uint64_t)random() * (uint64_t)random(); #endif spinlock_init(&p->lock); p->size = size; - p->magic = (uint64_t)random() * (uint64_t)random(); spin_lock(&pools_lock); list_add_tail(&p->entry, &pools); @@ -135,9 +135,6 @@ void __export *mempool_alloc(mempool_t *pool) return NULL; } it->owner = p; - it->magic2 = p->magic; - it->magic1 = MAGIC1; - *(uint64_t*)(it->ptr + p->size) = it->magic2; return it->ptr; } -- cgit v1.2.3 From 0e320ae49fc14b7d299640f0337eb6c20871b61e Mon Sep 17 00:00:00 2001 From: Dmitry Kozlov Date: Sun, 30 Jun 2013 11:30:12 +0400 Subject: Revert "mempool: set/check magic only if MEMDEBUG defined" This reverts commit 49b348dd38dcf89a057abebc0ffdf73748effa0a. --- accel-pppd/triton/mempool.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/triton/mempool.c b/accel-pppd/triton/mempool.c index ef563e9..5323771 100644 --- a/accel-pppd/triton/mempool.c +++ b/accel-pppd/triton/mempool.c @@ -29,9 +29,9 @@ struct _mempool_t struct list_head items; #ifdef MEMDEBUG struct list_head ditems; - uint64_t magic; #endif spinlock_t lock; + uint64_t magic; int mmap:1; int objects; }; @@ -46,9 +46,9 @@ struct _item_t #ifdef MEMDEBUG const char *fname; int line; +#endif uint64_t magic2; uint64_t magic1; -#endif char ptr[0]; }; @@ -69,10 +69,10 @@ mempool_t __export *mempool_create(int size) INIT_LIST_HEAD(&p->items); #ifdef MEMDEBUG INIT_LIST_HEAD(&p->ditems); - p->magic = (uint64_t)random() * (uint64_t)random(); #endif spinlock_init(&p->lock); p->size = size; + p->magic = (uint64_t)random() * (uint64_t)random(); spin_lock(&pools_lock); list_add_tail(&p->entry, &pools); @@ -135,6 +135,9 @@ void __export *mempool_alloc(mempool_t *pool) return NULL; } it->owner = p; + it->magic2 = p->magic; + it->magic1 = MAGIC1; + *(uint64_t*)(it->ptr + p->size) = it->magic2; return it->ptr; } -- cgit v1.2.3 From d9e3b3f468475c5e1c81e65b70806f7d20c7a893 Mon Sep 17 00:00:00 2001 From: Dmitry Kozlov Date: Sun, 30 Jun 2013 11:26:02 +0400 Subject: mempool: set/check magic only if MEMDEBUG defined --- accel-pppd/triton/mempool.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/triton/mempool.c b/accel-pppd/triton/mempool.c index 5323771..1ee00f3 100644 --- a/accel-pppd/triton/mempool.c +++ b/accel-pppd/triton/mempool.c @@ -29,9 +29,9 @@ struct _mempool_t struct list_head items; #ifdef MEMDEBUG struct list_head ditems; + uint64_t magic; #endif spinlock_t lock; - uint64_t magic; int mmap:1; int objects; }; @@ -46,9 +46,9 @@ struct _item_t #ifdef MEMDEBUG const char *fname; int line; -#endif uint64_t magic2; uint64_t magic1; +#endif char ptr[0]; }; @@ -69,10 +69,10 @@ mempool_t __export *mempool_create(int size) INIT_LIST_HEAD(&p->items); #ifdef MEMDEBUG INIT_LIST_HEAD(&p->ditems); + p->magic = (uint64_t)random() * (uint64_t)random(); #endif spinlock_init(&p->lock); p->size = size; - p->magic = (uint64_t)random() * (uint64_t)random(); spin_lock(&pools_lock); list_add_tail(&p->entry, &pools); @@ -106,8 +106,6 @@ void __export *mempool_alloc(mempool_t *pool) --p->objects; __sync_sub_and_fetch(&triton_stat.mempool_available, size); - it->magic1 = MAGIC1; - return it->ptr; #ifdef VALGRIND } @@ -135,9 +133,6 @@ void __export *mempool_alloc(mempool_t *pool) return NULL; } it->owner = p; - it->magic2 = p->magic; - it->magic1 = MAGIC1; - *(uint64_t*)(it->ptr + p->size) = it->magic2; return it->ptr; } -- cgit v1.2.3 From 5b095342160fc5c7e7e5a42b202a2e7d535bb757 Mon Sep 17 00:00:00 2001 From: Dmitry Kozlov Date: Fri, 5 Jul 2013 15:04:26 +0400 Subject: auth_chap: fixed incorrect check for received buffer size --- accel-pppd/auth/auth_chap_md5.c | 2 +- accel-pppd/auth/auth_mschap_v1.c | 2 +- accel-pppd/auth/auth_mschap_v2.c | 2 +- accel-pppd/main.c | 8 ++------ 4 files changed, 5 insertions(+), 9 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/auth/auth_chap_md5.c b/accel-pppd/auth/auth_chap_md5.c index 7e14b8d..8aa3018 100644 --- a/accel-pppd/auth/auth_chap_md5.c +++ b/accel-pppd/auth/auth_chap_md5.c @@ -404,7 +404,7 @@ static void chap_recv(struct ppp_handler_t *h) struct chap_auth_data_t *d = container_of(h, typeof(*d), h); struct chap_hdr_t *hdr = (struct chap_hdr_t *)d->ppp->buf; - if (d->ppp->buf_size < sizeof(*hdr) || ntohs(hdr->len) < HDR_LEN || ntohs(hdr->len) < d->ppp->buf_size - 2) { + if (d->ppp->buf_size < sizeof(*hdr) || ntohs(hdr->len) < HDR_LEN || ntohs(hdr->len) > d->ppp->buf_size - 2) { log_ppp_warn("chap-md5: short packet received\n"); return; } diff --git a/accel-pppd/auth/auth_mschap_v1.c b/accel-pppd/auth/auth_mschap_v1.c index adfbc60..0dcaffd 100644 --- a/accel-pppd/auth/auth_mschap_v1.c +++ b/accel-pppd/auth/auth_mschap_v1.c @@ -470,7 +470,7 @@ static void chap_recv(struct ppp_handler_t *h) struct chap_auth_data_t *d = container_of(h, typeof(*d), h); struct chap_hdr_t *hdr = (struct chap_hdr_t *)d->ppp->buf; - if (d->ppp->buf_size < sizeof(*hdr) || ntohs(hdr->len) < HDR_LEN || ntohs(hdr->len) < d->ppp->buf_size - 2) { + if (d->ppp->buf_size < sizeof(*hdr) || ntohs(hdr->len) < HDR_LEN || ntohs(hdr->len) > d->ppp->buf_size - 2) { log_ppp_warn("mschap-v1: short packet received\n"); return; } diff --git a/accel-pppd/auth/auth_mschap_v2.c b/accel-pppd/auth/auth_mschap_v2.c index 444a9df..3ee2adc 100644 --- a/accel-pppd/auth/auth_mschap_v2.c +++ b/accel-pppd/auth/auth_mschap_v2.c @@ -607,7 +607,7 @@ static void chap_recv(struct ppp_handler_t *h) struct chap_auth_data_t *d = container_of(h, typeof(*d), h); struct chap_hdr_t *hdr = (struct chap_hdr_t *)d->ppp->buf; - if (d->ppp->buf_size < sizeof(*hdr) || ntohs(hdr->len) < HDR_LEN || ntohs(hdr->len) < d->ppp->buf_size - 2) { + if (d->ppp->buf_size < sizeof(*hdr) || ntohs(hdr->len) < HDR_LEN || ntohs(hdr->len) > d->ppp->buf_size - 2) { log_ppp_warn("mschap-v2: short packet received\n"); return; } diff --git a/accel-pppd/main.c b/accel-pppd/main.c index 365aee0..3b94353 100644 --- a/accel-pppd/main.c +++ b/accel-pppd/main.c @@ -146,9 +146,9 @@ void core_restart(int soft) char *argv[16]; char *ptr = cmdline, *endptr; - if (fork()) { + if (soft && fork()) { //close_all_fd(); - _exit(0); + return; } pthread_sigmask(SIG_SETMASK, &orig_set, NULL); @@ -224,11 +224,7 @@ static void sigsegv(int num) } out: -#ifdef USE_BACKUP core_restart(1); -#else - core_restart(0); -#endif if (conf_dump) { lim.rlim_cur = RLIM_INFINITY; -- cgit v1.2.3 From 80a7f62ad9c3fabb929e94ebb0745dcb4e42b93a Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 10 Jul 2013 12:54:28 +0200 Subject: memdbg: Handle memory allocation failures Report memory allocation failures in md_alloc() by returning a NULL pointer. Signed-off-by: Guillaume Nault --- accel-pppd/memdebug.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/memdebug.c b/accel-pppd/memdebug.c index 8e9dd4b..5ca7727 100644 --- a/accel-pppd/memdebug.c +++ b/accel-pppd/memdebug.c @@ -25,7 +25,7 @@ (type *)( (char *)__mptr - offsetof(type,member) );}) -#define MAGIC1 0x1122334455667788llu +#define MAGIC1 UINT64_C(0x1122334455667788) struct mem_t { @@ -41,10 +41,13 @@ struct mem_t static LIST_HEAD(mem_list); static spinlock_t mem_list_lock = SPINLOCK_INITIALIZER; -struct mem_t *_md_malloc(size_t size, const char *fname, int line) +static struct mem_t *_md_malloc(size_t size, const char *fname, int line) { struct mem_t *mem = malloc(sizeof(*mem) + size + 8); + if (mem == NULL) + return NULL; + if (size > 4096) line = 0; @@ -66,7 +69,7 @@ void __export *md_malloc(size_t size, const char *fname, int line) { struct mem_t *mem = _md_malloc(size, fname, line); - return mem->data; + return mem ? mem->data : NULL; } void __export md_free(void *ptr, const char *fname, int line) -- cgit v1.2.3 From 6ce3556e0b1e39fe5474114137fde0d29ab093af Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 10 Jul 2013 12:54:35 +0200 Subject: memdbg: Allow NULL pointer as argument to free free(NULL) is a no-op, but beside that it's a valid call which should be supported. Signed-off-by: Guillaume Nault --- accel-pppd/memdebug.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/memdebug.c b/accel-pppd/memdebug.c index 5ca7727..286ddd8 100644 --- a/accel-pppd/memdebug.c +++ b/accel-pppd/memdebug.c @@ -74,20 +74,21 @@ void __export *md_malloc(size_t size, const char *fname, int line) void __export md_free(void *ptr, const char *fname, int line) { - struct mem_t *mem = container_of(ptr, typeof(*mem), data); + struct mem_t *mem; + + if (!ptr) + return; + + mem = container_of(ptr, typeof(*mem), data); - if (!ptr) { - printf("free null pointer at %s:%i\n", fname, line); - abort(); - } - if (mem->magic1 != MAGIC1) { printf("memory corruption:\nfree at %s:%i\n", fname, line); abort(); } if (mem->magic2 != *(uint64_t*)(mem->data + mem->size)) { - printf("memory corruption:\nmalloc(%lu) at %s:%i\nfree at %s:%i\n", (long unsigned)mem->size, mem->fname, mem->line, fname, line); + printf("memory corruption:\nmalloc(%zu) at %s:%i\nfree at %s:%i\n", + mem->size, mem->fname, mem->line, fname, line); abort(); } -- cgit v1.2.3 From 16b4d40a0f52eed4fd7def096a443670eab96b66 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 10 Jul 2013 12:54:41 +0200 Subject: memdbg: improve md_realloc() compliance with plain realloc() -Allow reallocation of NULL pointers (equivalent to a malloc() call) -Allow 'size' to be 0 (equivalent to a free() call) -Handle case where 'size' is smaller than the original buffer length Signed-off-by: Guillaume Nault --- accel-pppd/memdebug.c | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/memdebug.c b/accel-pppd/memdebug.c index 286ddd8..67c8498 100644 --- a/accel-pppd/memdebug.c +++ b/accel-pppd/memdebug.c @@ -105,23 +105,37 @@ void __export md_free(void *ptr, const char *fname, int line) void __export *md_realloc(void *ptr, size_t size, const char *fname, int line) { - struct mem_t *mem = container_of(ptr, typeof(*mem), data); + struct mem_t *mem = ptr ? container_of(ptr, typeof(*mem), data) : NULL; struct mem_t *mem2; - - if (mem->magic1 != MAGIC1) { - printf("memory corruption:\nfree at %s:%i\n", fname, line); - abort(); - } - if (mem->magic2 != *(uint64_t*)(mem->data + mem->size)) { - printf("memory corruption:\nmalloc(%lu) at %s:%i\nfree at %s:%i\n", (long unsigned)mem->size, mem->fname, mem->line, fname, line); - abort(); + if (mem) { + if (mem->magic1 != MAGIC1) { + printf("memory corruption:\nfree at %s:%i\n", + fname, line); + abort(); + } + + if (mem->magic2 != *(uint64_t*)(mem->data + mem->size)) { + printf("memory corruption:\nmalloc(%zu) at %s:%i\nfree at %s:%i\n", + mem->size, mem->fname, mem->line, fname, line); + abort(); + } + + if (size == 0) { + md_free(mem->data, fname, line); + return NULL; + } } mem2 = _md_malloc(size, fname, line); - memcpy(mem2->data, mem->data, mem->size); - - md_free(mem->data, fname, line); + if (mem2 == NULL) + return NULL; + + if (mem) { + memcpy(mem2->data, mem->data, + (size < mem->size) ? size : mem->size); + md_free(mem->data, fname, line); + } return mem2->data; } -- cgit v1.2.3 From 4925a61bf843462f987def1820a4ad676100d421 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 10 Jul 2013 12:54:46 +0200 Subject: memdbg: Handle memory allocation failures in strdup() Don't fail if _md_malloc() returns NULL. Signed-off-by: Guillaume Nault --- accel-pppd/memdebug.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/memdebug.c b/accel-pppd/memdebug.c index 67c8498..8c3c494 100644 --- a/accel-pppd/memdebug.c +++ b/accel-pppd/memdebug.c @@ -142,9 +142,13 @@ void __export *md_realloc(void *ptr, size_t size, const char *fname, int line) char __export *md_strdup(const char *ptr, const char *fname, int line) { - struct mem_t *mem = _md_malloc(strlen(ptr) + 1, fname, line); - memcpy(mem->data, ptr, strlen(ptr) + 1); - return mem->data; + size_t len = strlen(ptr); + char *str = md_malloc(len + 1, fname, line); + + if (str) + memcpy(str, ptr, len + 1); + + return str; } char __export *md_strndup(const char *ptr, size_t n, const char *fname, int line) -- cgit v1.2.3 From 09de0ff06ef5ebb3b594a42ca8996f92a854078a Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 10 Jul 2013 12:54:52 +0200 Subject: memdbg: Accept short strings in md_strndup() Don't fail if string to duplicate is shorter than the size parameter and handle memory allocation failure. Signed-off-by: Guillaume Nault --- accel-pppd/memdebug.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/memdebug.c b/accel-pppd/memdebug.c index 8c3c494..5629146 100644 --- a/accel-pppd/memdebug.c +++ b/accel-pppd/memdebug.c @@ -153,10 +153,15 @@ char __export *md_strdup(const char *ptr, const char *fname, int line) char __export *md_strndup(const char *ptr, size_t n, const char *fname, int line) { - struct mem_t *mem = _md_malloc(n + 1, fname, line); - memcpy(mem->data, ptr, n); - mem->data[n] = 0; - return mem->data; + size_t len = strnlen(ptr, n); + char *str = md_malloc(len + 1, fname, line); + + if (str) { + memcpy(str, ptr, len); + str[len] = '\0'; + } + + return str; } static void siginfo(int num) -- cgit v1.2.3 From 36070c83907db169f2e6cd443b216dbbea2e7637 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 10 Jul 2013 12:54:57 +0200 Subject: memdbg: Implement asprintf() Define md_asprintf() as an equivalent of the GNU libc's asprintf() (with buffer allocated by md_malloc). Signed-off-by: Guillaume Nault --- accel-pppd/memdebug.c | 36 ++++++++++++++++++++++++++++++++++++ accel-pppd/memdebug.h | 4 +++- 2 files changed, 39 insertions(+), 1 deletion(-) (limited to 'accel-pppd') diff --git a/accel-pppd/memdebug.c b/accel-pppd/memdebug.c index 5629146..1f4af36 100644 --- a/accel-pppd/memdebug.c +++ b/accel-pppd/memdebug.c @@ -1,5 +1,6 @@ #undef MEMDEBUG +#include #include #include #include @@ -164,6 +165,41 @@ char __export *md_strndup(const char *ptr, size_t n, const char *fname, int line return str; } +int __export md_asprintf(const char *fname, int line, + char **strp, const char *fmt, ...) +{ + va_list ap; + va_list aq; + int len; + + va_start(ap, fmt); + va_copy(aq, ap); + + len = vsnprintf(NULL, 0, fmt, ap); + if (len < 0) + goto err; + + *strp = md_malloc(len + 1, fname, line); + if (*strp == NULL) + goto err; + + len = vsnprintf(*strp, len + 1, fmt, aq); + if (len < 0) + goto err_strp; + + va_end(aq); + va_end(ap); + + return len; + +err_strp: + md_free(*strp, fname, line); +err: + va_end(aq); + va_end(ap); + return -1; +} + static void siginfo(int num) { struct mem_t *mem; diff --git a/accel-pppd/memdebug.h b/accel-pppd/memdebug.h index 98e87d0..09978f4 100644 --- a/accel-pppd/memdebug.h +++ b/accel-pppd/memdebug.h @@ -10,12 +10,14 @@ #define _free(ptr) md_free(ptr, __FILE__, __LINE__) #define _strdup(str) md_strdup(str, __FILE__, __LINE__) #define _strndup(str, size) md_strndup(str, size, __FILE__, __LINE__) +#define _asprintf(strp, fmt, ...) md_asprintf(__FILE__, __LINE__, strp, fmt, ##__VA_ARGS__) void *md_malloc(size_t size, const char *fname, int line); void *md_realloc(void *ptr, size_t size, const char *fname, int line); void md_free(void *ptr, const char *fname, int line); char* md_strdup(const char *ptr, const char *fname, int line); char* md_strndup(const char *ptr, size_t size, const char *fname, int line); +int md_asprintf(const char *fname, int line, char **strp, const char *fmt, ...) __attribute__((format(gnu_printf, 4, 5))); void md_check(void *ptr); #else @@ -24,7 +26,7 @@ void md_check(void *ptr); #define _free(ptr) free(ptr) #define _strdup(str) strdup(str) #define _strndup(str, size) strndup(str, size) +#define _asprintf(strp, fmt, ...) asprintf(strp, fmt, ##__VA_ARGS__) #endif #endif - -- cgit v1.2.3 From 004db9a22bf2b860cc36f4a1c24d559136b11c82 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 10 Jul 2013 12:55:10 +0200 Subject: l2tp: use asprintf() to set sessions channel names Now that memdebug implements asprintf() we can simplify session's channel name allocation by replacing the two snprintf() calls. Signed-off-by: Guillaume Nault --- accel-pppd/ctrl/l2tp/l2tp.c | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index d81516e..29ba76c 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -1157,7 +1157,6 @@ static int l2tp_session_connect(struct l2tp_sess_t *sess) struct l2tp_conn_t *conn = sess->paren_conn; int lns_mode = sess->lns_mode; int flg; - int chan_sz; uint16_t peer_port; char addr[17]; @@ -1209,23 +1208,10 @@ static int l2tp_session_connect(struct l2tp_sess_t *sess) u_inet_ntoa(conn->peer_addr.sin_addr.s_addr, addr); peer_port = ntohs(conn->peer_addr.sin_port); - chan_sz = snprintf(NULL, 0, "%s:%i session %i", - addr, peer_port, sess->peer_sid); - if (chan_sz < 0) { + if (_asprintf(&sess->ppp.ses.chan_name, "%s:%i session %i", + addr, peer_port, sess->peer_sid) < 0) { log_session(log_error, sess, "impossible to connect session:" - " snprintf() failed: %s\n", strerror(errno)); - goto out_err; - } - sess->ppp.ses.chan_name = _malloc(chan_sz + 1); - if (sess->ppp.ses.chan_name == NULL) { - log_session(log_error, sess, "impossible to connect session:" - " memory allocation failed\n"); - goto out_err; - } - if (snprintf(sess->ppp.ses.chan_name, chan_sz + 1, "%s:%i session %i", - addr, peer_port, sess->peer_sid) < 0) { - log_session(log_error, sess, "impossible to connect session:" - " snprintf(%i) failed\n", chan_sz + 1); + " setting session's channel name failed\n"); goto out_err; } -- cgit v1.2.3 From 18a593209b5329f042f85a44e446c5b245df473e Mon Sep 17 00:00:00 2001 From: Dmitry Kozlov Date: Fri, 19 Jul 2013 20:09:27 +0400 Subject: ipoe: add missing EV_CTRL_FINISHED event firing --- accel-pppd/ctrl/ipoe/ipoe.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'accel-pppd') diff --git a/accel-pppd/ctrl/ipoe/ipoe.c b/accel-pppd/ctrl/ipoe/ipoe.c index f97c537..f605f2f 100644 --- a/accel-pppd/ctrl/ipoe/ipoe.c +++ b/accel-pppd/ctrl/ipoe/ipoe.c @@ -841,6 +841,8 @@ static void ipoe_session_finished(struct ap_session *s) if (ses->dhcpv4) dhcpv4_free(ses->dhcpv4); + + triton_event_fire(EV_CTRL_FINISHED, s); triton_context_call(&ses->ctx, (triton_event_func)ipoe_session_free, ses); } @@ -870,7 +872,7 @@ static struct ipoe_session *ipoe_session_create_dhcpv4(struct ipoe_serv *serv, s { struct ipoe_session *ses; int dlen = 0; - uint8_t *ptr; + uint8_t *ptr = NULL; ses = mempool_alloc(ses_pool); if (!ses) { -- cgit v1.2.3 From ca2e87fc65cc1b275b127ccee72e51b541b667bb Mon Sep 17 00:00:00 2001 From: Dmitry Kozlov Date: Wed, 24 Jul 2013 15:37:29 +0400 Subject: ipoe: add missing EV_SES_AUTHORIZED event firing --- accel-pppd/ctrl/ipoe/ipoe.c | 3 +++ accel-pppd/ppp/ppp_auth.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'accel-pppd') diff --git a/accel-pppd/ctrl/ipoe/ipoe.c b/accel-pppd/ctrl/ipoe/ipoe.c index f605f2f..bafde68 100644 --- a/accel-pppd/ctrl/ipoe/ipoe.c +++ b/accel-pppd/ctrl/ipoe/ipoe.c @@ -427,6 +427,9 @@ static void ipoe_session_start(struct ipoe_session *ses) } } + log_ppp_info1("%s: authentication succeeded\n", ses->ses.username); + triton_event_fire(EV_SES_AUTHORIZED, &ses->ses); + if (ses->serv->opt_nat) ses->ses.ipv4 = ipdb_get_ipv4(&ses->ses); diff --git a/accel-pppd/ppp/ppp_auth.c b/accel-pppd/ppp/ppp_auth.c index 42bbbc6..0510358 100644 --- a/accel-pppd/ppp/ppp_auth.c +++ b/accel-pppd/ppp/ppp_auth.c @@ -329,7 +329,7 @@ static void __ppp_auth_started(struct ppp_t *ppp) log_ppp_info1("%s: authentication succeeded\n", ppp->ses.username); - triton_event_fire(EV_SES_AUTHORIZED, ppp); + triton_event_fire(EV_SES_AUTHORIZED, &ppp->ses); } int __export ppp_auth_succeeded(struct ppp_t *ppp, char *username) -- cgit v1.2.3 From 4e6cf832cddf523c233ff0f0f3b244e077d87df3 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Tue, 23 Jul 2013 20:35:14 +0200 Subject: l2tp: Add the ppp-max-mtu option As the maximum acceptable MTU for an L2TP link may vary depending on IP and L2TP packet headers options, it is better to make it configurable so that an administrator can adapt it to its network constraints. Use the original value (1420) as default. Signed-off-by: Guillaume Nault --- accel-pppd/accel-ppp.conf.5 | 4 ++++ accel-pppd/ctrl/l2tp/l2tp.c | 11 ++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) (limited to 'accel-pppd') diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 index 2faf2ab..9f7740a 100644 --- a/accel-pppd/accel-ppp.conf.5 +++ b/accel-pppd/accel-ppp.conf.5 @@ -463,6 +463,10 @@ Specifies if an arbitrary source port is used when replying to a tunnel establishment request. When this option is deactivated, the destination port of the incoming request (SCCRQ) is used as source port for the reply (SCCRP). Default value is 0. +.TP +.BI "ppp-max-mtu=" n +Set the maximun MTU value that can be negociated for PPP over L2TP +sessions. Default value is 1420. .SH [radius] .br Configuration of RADIUS module. diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index 29ba76c..b4b20b7 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -48,9 +48,12 @@ #define STATE_FIN 9 #define STATE_CLOSE 0 +#define DEFAULT_PPP_MAX_MTU 1420 + int conf_verbose = 0; int conf_hide_avps = 0; int conf_avp_permissive = 0; +static int conf_ppp_max_mtu = DEFAULT_PPP_MAX_MTU; static int conf_port = L2TP_PORT; static int conf_ephemeral_ports = 0; static int conf_timeout = 60; @@ -878,7 +881,7 @@ static struct l2tp_sess_t *l2tp_tunnel_alloc_session(struct l2tp_conn_t *conn) sess->ctrl.started = l2tp_ppp_started; sess->ctrl.finished = l2tp_ppp_finished; sess->ctrl.terminate = ppp_terminate; - sess->ctrl.max_mtu = 1420; + sess->ctrl.max_mtu = conf_ppp_max_mtu; sess->ctrl.mppe = conf_mppe; sess->ctrl.calling_station_id = _malloc(17); sess->ctrl.called_station_id = _malloc(17); @@ -3813,6 +3816,12 @@ static void load_config(void) if (opt && atoi(opt) > 0) conf_retransmit = atoi(opt); + opt = conf_get_opt("l2tp", "ppp-max-mtu"); + if (opt && atoi(opt) > 0) + conf_ppp_max_mtu = atoi(opt); + else + conf_ppp_max_mtu = DEFAULT_PPP_MAX_MTU; + opt = conf_get_opt("l2tp", "host-name"); if (opt) conf_host_name = opt; -- cgit v1.2.3 From 31e20f0ce4605b7d7ec416bf88a4e98c90aa6b93 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Tue, 23 Jul 2013 20:35:25 +0200 Subject: ppp: Use link local IPv6 prefix by default during IPv6CP When no ipdb backend can assign IPv6 addresses during IPv6CP negociation, generate an ipv6db item with an empty address list. This allows IPv6CP negociation to continue and assign a link-local IPv6 address, without the need for an IPv6 pool or special Radius configuration. Signed-off-by: Guillaume Nault --- accel-pppd/ppp/ipv6cp_opt_intfid.c | 42 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/ppp/ipv6cp_opt_intfid.c b/accel-pppd/ppp/ipv6cp_opt_intfid.c index a46ae17..11b35ff 100644 --- a/accel-pppd/ppp/ipv6cp_opt_intfid.c +++ b/accel-pppd/ppp/ipv6cp_opt_intfid.c @@ -37,6 +37,7 @@ static int ipaddr_send_conf_nak(struct ppp_ipv6cp_t *ipv6cp, struct ipv6cp_optio static int ipaddr_recv_conf_req(struct ppp_ipv6cp_t *ipv6cp, struct ipv6cp_option_t *opt, uint8_t *ptr); //static int ipaddr_recv_conf_ack(struct ppp_ipv6cp_t *ipv6cp, struct ipv6cp_option_t *opt, uint8_t *ptr); static void ipaddr_print(void (*print)(const char *fmt,...),struct ipv6cp_option_t*, uint8_t *ptr); +static void put_ipv6_item(struct ap_session *ses, struct ipv6db_item_t *ip6); struct ipaddr_option_t { @@ -55,6 +56,41 @@ static struct ipv6cp_option_handler_t ipaddr_opt_hnd = .print = ipaddr_print, }; +/* ipdb backend used for generating a link-local address when all other + * backends (like radius and ipv6pool) failed to assign IPv6 addresses. + * This backend isn't registered to ipdb as it's only used as a fallback + * during IPv6CP negociation. + */ +static struct ipdb_t ipv6db = { + .put_ipv6 = put_ipv6_item +}; + +static void put_ipv6_item(struct ap_session *ses, struct ipv6db_item_t *ip6) +{ + _free(ip6); +} + +static int gen_ipv6_item(struct ap_session *ses) +{ + struct ipv6db_item_t *ip6 = NULL; + + ip6 = _malloc(sizeof(*ip6)); + if (ip6 == NULL) { + log_ppp_warn("ppp: allocation of IPv6 address failed\n"); + return -1; + } + + memset(ip6, 0, sizeof(*ip6)); + ip6->owner = &ipv6db; + ip6->intf_id = 0; + ip6->peer_intf_id = 0; + INIT_LIST_HEAD(&ip6->addr_list); + + ses->ipv6 = ip6; + + return 0; +} + static struct ipv6cp_option_t *ipaddr_init(struct ppp_ipv6cp_t *ipv6cp) { struct ipaddr_option_t *ipaddr_opt = _malloc(sizeof(*ipaddr_opt)); @@ -165,8 +201,10 @@ static int alloc_ip(struct ppp_t *ppp) { ppp->ses.ipv6 = ipdb_get_ipv6(&ppp->ses); if (!ppp->ses.ipv6) { - log_ppp_warn("ppp: no free IPv6 address\n"); - return IPV6CP_OPT_CLOSE; + if (gen_ipv6_item(&ppp->ses) < 0) { + log_ppp_warn("ppp: no free IPv6 address\n"); + return IPV6CP_OPT_CLOSE; + } } if (!ppp->ses.ipv6->intf_id) -- cgit v1.2.3 From 37e2a417a6cb6a981c85dfdcd3245a48f99a4165 Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 24 Jul 2013 20:27:45 +0200 Subject: triton: Fix race upon termination The triton_terminate() function works by setting the need_close flag of each triton context, then queues this context for execution by a triton thread if not already running. But if the context is already being run by a triton thread, it may not notice that its need_close flag has been updated (this flag is only checked at the beginning of ctx_thread()). So if no other event wakes up that context (i.e. if ctx_thread() isn't run again), it will never terminate. This patch moves the need_close flag check at the end of ctx_thread() so that a triton context can take the need_close flag into account event if it's updated while running. The context spinlock is also used to protect the need_close flag as it is concurrently updated by triton_terminate(). Signed-off-by: Guillaume Nault --- accel-pppd/triton/triton.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/triton/triton.c b/accel-pppd/triton/triton.c index 267cc2b..d4c21e2 100644 --- a/accel-pppd/triton/triton.c +++ b/accel-pppd/triton/triton.c @@ -185,11 +185,6 @@ static void ctx_thread(struct _triton_context_t *ctx) uint64_t tt; log_debug2("ctx %p %p: enter\n", ctx, ctx->thread); - if (ctx->need_close) { - if (ctx->ud->close) - ctx->ud->close(ctx->ud); - ctx->need_close = 0; - } while (1) { spin_lock(&ctx->lock); @@ -234,6 +229,17 @@ static void ctx_thread(struct _triton_context_t *ctx) break; } + spin_lock(&ctx->lock); + if (ctx->need_close) { + spin_unlock(&ctx->lock); + if (ctx->ud->close) { + ctx->ud->close(ctx->ud); + } + spin_lock(&ctx->lock); + ctx->need_close = 0; + } + spin_unlock(&ctx->lock); + log_debug2("ctx %p %p: exit\n", ctx, ctx->thread); } -- cgit v1.2.3