[PPP]: add PPP MPPE encryption module

From: Matt Domsch <Matt_Domsch@dell.com> The patch below implements the Microsoft Point-to-Point Encryption method as a PPP compressor/decompressor. This is necessary for Linux clients and servers to interoperate with Microsoft Point-to-Point Tunneling Protocol (PPTP) servers (either Microsoft PPTP servers or the poptop project) which use MPPE to encrypt data when creating a VPN. This patch differs from the kernel_ppp_mppe DKMS pacakge at pptpclient.sourceforge.net by utilizing the kernel crypto routines rather than providing its own SHA1 and arcfour implementations. Minor changes to ppp_generic.c try to prevent a link from disabling compression (in our case, the encryption) after it has started using compression (encryption). Feedback to <pptpclient-devel@lists.sourceforge.net> please. Signed-off-by: Matt Domsch <Matt_Domsch@dell.com> Cc: James Cameron <james.cameron@hp.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Brice Goglin <Brice.Goglin@ens-lyon.org> Acked-by: Paul Mackerras <paulus@samba.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Matt Domsch <Matt_Domsch@dell.com> 2005-11-08 12:40:47 -0500
committer: David S. Miller <davem@davemloft.net> 2005-11-08 12:40:47 -0500
commit: b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c (patch)
tree: 7ca8e019573362620638e14e32bb519770ee6945 /drivers/net/ppp_generic.c
parent: 6722e78c90054101e6797d5944cdc81af9897a0a (diff)
1 files changed, 64 insertions, 24 deletions
diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c
index d3c9958b00d0..50430f79f8cf 100644
--- a/drivers/net/ppp_generic.c
+++ b/drivers/net/ppp_generic.c
@@ -137,13 +137,14 @@ struct ppp {
 /*
 * Bits in flags: SC_NO_TCP_CCID, SC_CCP_OPEN, SC_CCP_UP, SC_LOOP_TRAFFIC,
- * SC_MULTILINK, SC_MP_SHORTSEQ, SC_MP_XSHORTSEQ, SC_COMP_TCP, SC_REJ_COMP_TCP.
+ * SC_MULTILINK, SC_MP_SHORTSEQ, SC_MP_XSHORTSEQ, SC_COMP_TCP, SC_REJ_COMP_TCP,
+ * SC_MUST_COMP
 * Bits in rstate: SC_DECOMP_RUN, SC_DC_ERROR, SC_DC_FERROR.
 * Bits in xstate: SC_COMP_RUN
 */
 #define SC_FLAG_BITS    (SC_NO_TCP_CCID|SC_CCP_OPEN|SC_CCP_UP|SC_LOOP_TRAFFIC \
                         |SC_MULTILINK|SC_MP_SHORTSEQ|SC_MP_XSHORTSEQ \
-                         |SC_COMP_TCP|SC_REJ_COMP_TCP)
+                         |SC_COMP_TCP|SC_REJ_COMP_TCP|SC_MUST_COMP)
 /*
 * Private data structure for each channel.
@@ -1027,6 +1028,56 @@ ppp_xmit_process(struct ppp *ppp)
        ppp_xmit_unlock(ppp);
 }
+static inline struct sk_buff *
+pad_compress_skb(struct ppp *ppp, struct sk_buff *skb)
+{
+        struct sk_buff *new_skb;
+        int len;
+        int new_skb_size = ppp->dev->mtu +
+                ppp->xcomp->comp_extra + ppp->dev->hard_header_len;
+        int compressor_skb_size = ppp->dev->mtu +
+                ppp->xcomp->comp_extra + PPP_HDRLEN;
+        new_skb = alloc_skb(new_skb_size, GFP_ATOMIC);
+        if (!new_skb) {
+                if (net_ratelimit())
+                        printk(KERN_ERR "PPP: no memory (comp pkt)\n");
+                return NULL;
+        }
+        if (ppp->dev->hard_header_len > PPP_HDRLEN)
+                skb_reserve(new_skb,
+                            ppp->dev->hard_header_len - PPP_HDRLEN);
+        /* compressor still expects A/C bytes in hdr */
+        len = ppp->xcomp->compress(ppp->xc_state, skb->data - 2,
+                                   new_skb->data, skb->len + 2,
+                                   compressor_skb_size);
+        if (len > 0 && (ppp->flags & SC_CCP_UP)) {
+                kfree_skb(skb);
+                skb = new_skb;
+                skb_put(skb, len);
+                skb_pull(skb, 2);       /* pull off A/C bytes */
+        } else if (len == 0) {
+                /* didn't compress, or CCP not up yet */
+                kfree_skb(new_skb);
+                new_skb = skb;
+        } else {
+                /*
+                 * (len < 0)
+                 * MPPE requires that we do not send unencrypted
+                 * frames.  The compressor will return -1 if we
+                 * should drop the frame.  We cannot simply test
+                 * the compress_proto because MPPE and MPPC share
+                 * the same number.
+                 */
+                if (net_ratelimit())
+                        printk(KERN_ERR "ppp: compressor dropped pkt\n");
+                kfree_skb(skb);
+                kfree_skb(new_skb);
+                new_skb = NULL;
+        }
+        return new_skb;
+}
 /*
 * Compress and send a frame.
 * The caller should have locked the xmit path,
@@ -1113,29 +1164,14 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb)
        /* try to do packet compression */
        if ((ppp->xstate & SC_COMP_RUN) && ppp->xc_state != 0
            && proto != PPP_LCP && proto != PPP_CCP) {
-                new_skb = alloc_skb(ppp->dev->mtu + ppp->dev->hard_header_len,
+                if (!(ppp->flags & SC_CCP_UP) && (ppp->flags & SC_MUST_COMP)) {
-                                    GFP_ATOMIC);
+                        if (net_ratelimit())
-                if (new_skb == 0) {
+                                printk(KERN_ERR "ppp: compression required but down - pkt dropped.\n");
-                        printk(KERN_ERR "PPP: no memory (comp pkt)\n");
                        goto drop;
                }
-                if (ppp->dev->hard_header_len > PPP_HDRLEN)
+                skb = pad_compress_skb(ppp, skb);
-                        skb_reserve(new_skb,
+                if (!skb)
-                                    ppp->dev->hard_header_len - PPP_HDRLEN);
+                        goto drop;
-                /* compressor still expects A/C bytes in hdr */
-                len = ppp->xcomp->compress(ppp->xc_state, skb->data - 2,
-                                           new_skb->data, skb->len + 2,
-                                           ppp->dev->mtu + PPP_HDRLEN);
-                if (len > 0 && (ppp->flags & SC_CCP_UP)) {
-                        kfree_skb(skb);
-                        skb = new_skb;
-                        skb_put(skb, len);
-                        skb_pull(skb, 2);       /* pull off A/C bytes */
-                } else {
-                        /* didn't compress, or CCP not up yet */
-                        kfree_skb(new_skb);
-                }
        }
        /*
@@ -1155,7 +1191,8 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb)
        return;
 drop:
-        kfree_skb(skb);
+        if (skb)
+                kfree_skb(skb);
        ++ppp->stats.tx_errors;
 }
@@ -1552,6 +1589,9 @@ ppp_receive_nonmp_frame(struct ppp *ppp, struct sk_buff *skb)
            && (ppp->rstate & (SC_DC_FERROR | SC_DC_ERROR)) == 0)
                skb = ppp_decompress_frame(ppp, skb);
+        if (ppp->flags & SC_MUST_COMP && ppp->rstate & SC_DC_FERROR)
+                goto err;
        proto = PPP_PROTO(skb);
        switch (proto) {
        case PPP_VJC_COMP:
author	Matt Domsch <Matt_Domsch@dell.com>	2005-11-08 12:40:47 -0500
committer	David S. Miller <davem@davemloft.net>	2005-11-08 12:40:47 -0500
commit	b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c (patch)
tree	7ca8e019573362620638e14e32bb519770ee6945 /drivers/net/ppp_generic.c
parent	6722e78c90054101e6797d5944cdc81af9897a0a (diff)