diff options
| author | David S. Miller <davem@davemloft.net> | 2015-04-26 23:25:13 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-04-26 23:25:13 -0400 |
| commit | 8e9b29cc716c7940f9ad1d635fb3f725435b8ae9 (patch) | |
| tree | 9bdcae74269b9fc448ca746aedf6b61cc6af3240 | |
| parent | 73b5a6f2a7a1cb78ccdec3900afc8657e11bc6bf (diff) | |
| parent | 03654763148f9a3878b8b70c30d1ffce2fca3dff (diff) | |
Merge branch 'ppp_mppe_desync'
Sylvain Rochet says:
====================
ppp: mppe: fixes MPPE desync on links which don't guarantee packet ordering
I am currently having an issue with PPP over L2TP (UDP) and MPPE in
stateless mode (default mode), UDP does not guarantee packet ordering so
we might get out of order packet. MPPE needs to be continuously synched
so we should drop late UDP packet.
I added a printk on the number of time we rekeyed in MPPE decompressor,
this is what we currently have if we receive a slightly out of order UDP
packet:
[1731001.049206] mppe_decompress[1]: ccount 1559
[1731001.049216] mppe_decompress[1]: rekeyed 1 times
[1731001.049228] mppe_decompress[1]: ccount 1560
[1731001.049232] mppe_decompress[1]: rekeyed 1 times
[1731001.050170] mppe_decompress[1]: ccount 1562
[1731001.050182] mppe_decompress[1]: rekeyed 2 times
[1731001.050191] mppe_decompress[1]: ccount 1561
[1731001.062576] mppe_decompress[1]: rekeyed 4095 times
^^^^
This is obviously wrong, we missed packet 1561 and we already rekeyed 2
times for 1562 we previously received, we can't recover the decryption
key we need for 1561, we should drop it instead of rekeying 4095 times.
This patch series drop any packet with are not within the 4096/2 forward
window.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | drivers/net/ppp/ppp_mppe.c | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp/ppp_mppe.c index 911b21602ff2..05005c660d4d 100644 --- a/drivers/net/ppp/ppp_mppe.c +++ b/drivers/net/ppp/ppp_mppe.c | |||
| @@ -478,7 +478,6 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, | |||
| 478 | struct blkcipher_desc desc = { .tfm = state->arc4 }; | 478 | struct blkcipher_desc desc = { .tfm = state->arc4 }; |
| 479 | unsigned ccount; | 479 | unsigned ccount; |
| 480 | int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED; | 480 | int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED; |
| 481 | int sanity = 0; | ||
| 482 | struct scatterlist sg_in[1], sg_out[1]; | 481 | struct scatterlist sg_in[1], sg_out[1]; |
| 483 | 482 | ||
| 484 | if (isize <= PPP_HDRLEN + MPPE_OVHD) { | 483 | if (isize <= PPP_HDRLEN + MPPE_OVHD) { |
| @@ -514,31 +513,19 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, | |||
| 514 | "mppe_decompress[%d]: ENCRYPTED bit not set!\n", | 513 | "mppe_decompress[%d]: ENCRYPTED bit not set!\n", |
| 515 | state->unit); | 514 | state->unit); |
| 516 | state->sanity_errors += 100; | 515 | state->sanity_errors += 100; |
| 517 | sanity = 1; | 516 | goto sanity_error; |
| 518 | } | 517 | } |
| 519 | if (!state->stateful && !flushed) { | 518 | if (!state->stateful && !flushed) { |
| 520 | printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set in " | 519 | printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set in " |
| 521 | "stateless mode!\n", state->unit); | 520 | "stateless mode!\n", state->unit); |
| 522 | state->sanity_errors += 100; | 521 | state->sanity_errors += 100; |
| 523 | sanity = 1; | 522 | goto sanity_error; |
| 524 | } | 523 | } |
| 525 | if (state->stateful && ((ccount & 0xff) == 0xff) && !flushed) { | 524 | if (state->stateful && ((ccount & 0xff) == 0xff) && !flushed) { |
| 526 | printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set on " | 525 | printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set on " |
| 527 | "flag packet!\n", state->unit); | 526 | "flag packet!\n", state->unit); |
| 528 | state->sanity_errors += 100; | 527 | state->sanity_errors += 100; |
| 529 | sanity = 1; | 528 | goto sanity_error; |
| 530 | } | ||
| 531 | |||
| 532 | if (sanity) { | ||
| 533 | if (state->sanity_errors < SANITY_MAX) | ||
| 534 | return DECOMP_ERROR; | ||
| 535 | else | ||
| 536 | /* | ||
| 537 | * Take LCP down if the peer is sending too many bogons. | ||
| 538 | * We don't want to do this for a single or just a few | ||
| 539 | * instances since it could just be due to packet corruption. | ||
| 540 | */ | ||
| 541 | return DECOMP_FATALERROR; | ||
| 542 | } | 529 | } |
| 543 | 530 | ||
| 544 | /* | 531 | /* |
| @@ -546,6 +533,13 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, | |||
| 546 | */ | 533 | */ |
| 547 | 534 | ||
| 548 | if (!state->stateful) { | 535 | if (!state->stateful) { |
| 536 | /* Discard late packet */ | ||
| 537 | if ((ccount - state->ccount) % MPPE_CCOUNT_SPACE | ||
| 538 | > MPPE_CCOUNT_SPACE / 2) { | ||
| 539 | state->sanity_errors++; | ||
| 540 | goto sanity_error; | ||
| 541 | } | ||
| 542 | |||
| 549 | /* RFC 3078, sec 8.1. Rekey for every packet. */ | 543 | /* RFC 3078, sec 8.1. Rekey for every packet. */ |
| 550 | while (state->ccount != ccount) { | 544 | while (state->ccount != ccount) { |
| 551 | mppe_rekey(state, 0); | 545 | mppe_rekey(state, 0); |
| @@ -649,6 +643,16 @@ mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, | |||
| 649 | state->sanity_errors >>= 1; | 643 | state->sanity_errors >>= 1; |
| 650 | 644 | ||
| 651 | return osize; | 645 | return osize; |
| 646 | |||
| 647 | sanity_error: | ||
| 648 | if (state->sanity_errors < SANITY_MAX) | ||
| 649 | return DECOMP_ERROR; | ||
| 650 | else | ||
| 651 | /* Take LCP down if the peer is sending too many bogons. | ||
| 652 | * We don't want to do this for a single or just a few | ||
| 653 | * instances since it could just be due to packet corruption. | ||
| 654 | */ | ||
| 655 | return DECOMP_FATALERROR; | ||
| 652 | } | 656 | } |
| 653 | 657 | ||
| 654 | /* | 658 | /* |