From f2ef3c82904113b81244d2532fae0717296518dc Mon Sep 17 00:00:00 2001 From: Jaco Kroon Date: Mon, 18 Dec 2023 15:35:40 +0200 Subject: [PATCH 01/16] pppd: constify log format strings. (#462) Found when trying to do a simple dbglog(__FUNCTION__); Signed-off-by: Jaco Kroon --- pppd/main.c | 2 +- pppd/plugins/pppoe/pppoe-discovery.c | 8 ++++---- pppd/pppd.h | 18 +++++++++--------- pppd/utils.c | 23 ++++++++++++----------- 4 files changed, 26 insertions(+), 25 deletions(-) diff --git a/pppd/main.c b/pppd/main.c index feded14..8310c98 100644 --- a/pppd/main.c +++ b/pppd/main.c @@ -2150,7 +2150,7 @@ notify(struct notifier *notif, int val) * novm - log an error message saying we ran out of memory, and die. */ void -novm(char *msg) +novm(const char *msg) { fatal("Virtual memory exhausted allocating %s\n", msg); } diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c index 15a80fb..5b1b2dc 100644 --- a/pppd/plugins/pppoe/pppoe-discovery.c +++ b/pppd/plugins/pppoe/pppoe-discovery.c @@ -33,7 +33,7 @@ int pppoe_verbose; static FILE *debugFile; void -fatal(char *fmt, ...) +fatal(const char *fmt, ...) { va_list pvar; va_start(pvar, fmt); @@ -44,7 +44,7 @@ fatal(char *fmt, ...) } void -error(char *fmt, ...) +error(const char *fmt, ...) { va_list pvar; va_start(pvar, fmt); @@ -54,7 +54,7 @@ error(char *fmt, ...) } void -warn(char *fmt, ...) +warn(const char *fmt, ...) { va_list pvar; va_start(pvar, fmt); @@ -64,7 +64,7 @@ warn(char *fmt, ...) } void -info(char *fmt, ...) +info(const char *fmt, ...) { va_list pvar; va_start(pvar, fmt); diff --git a/pppd/pppd.h b/pppd/pppd.h index ed50f9b..4f02021 100644 --- a/pppd/pppd.h +++ b/pppd/pppd.h @@ -252,10 +252,10 @@ extern struct channel *the_channel; bool debug_on(); /* Safe sprintf++ */ -int slprintf(char *, int, char *, ...); +int slprintf(char *, int, const char *, ...); /* vsprintf++ */ -int vslprintf(char *, int, char *, va_list); +int vslprintf(char *, int, const char *, va_list); /* safe strcpy */ size_t strlcpy(char *, const char *, size_t); @@ -264,25 +264,25 @@ size_t strlcpy(char *, const char *, size_t); size_t strlcat(char *, const char *, size_t); /* log a debug message */ -void dbglog(char *, ...); +void dbglog(const char *, ...); /* log an informational message */ -void info(char *, ...); +void info(const char *, ...); /* log a notice-level message */ -void notice(char *, ...); +void notice(const char *, ...); /* log a warning message */ -void warn(char *, ...); +void warn(const char *, ...); /* log an error message */ -void error(char *, ...); +void error(const char *, ...); /* log an error message and die(1) */ -void fatal(char *, ...); +void fatal(const char *, ...); /* Say we ran out of memory, and die */ -void novm(char *); +void novm(const char *); /* Format a packet and log it with syslog */ void log_packet(unsigned char *, int, char *, int); diff --git a/pppd/utils.c b/pppd/utils.c index bfeb7a3..bf9923c 100644 --- a/pppd/utils.c +++ b/pppd/utils.c @@ -68,7 +68,7 @@ extern char *strerror(); #endif -static void logit(int, char *, va_list); +static void logit(int, const char *, va_list); static void log_write(int, char *); static void vslp_printer(void *, char *, ...); static void format_packet(u_char *, int, printer_func, void *); @@ -120,7 +120,7 @@ strlcat(char *dest, const char *src, size_t len) * Returns the number of chars put into buf. */ int -slprintf(char *buf, int buflen, char *fmt, ...) +slprintf(char *buf, int buflen, const char *fmt, ...) { va_list args; int n; @@ -137,14 +137,15 @@ slprintf(char *buf, int buflen, char *fmt, ...) #define OUTCHAR(c) (buflen > 0? (--buflen, *buf++ = (c)): 0) int -vslprintf(char *buf, int buflen, char *fmt, va_list args) +vslprintf(char *buf, int buflen, const char *fmt, va_list args) { int c, i, n; int width, prec, fillch; int base, len, neg, quoted; long lval = 0; unsigned long val = 0; - char *str, *f, *buf0; + char *str, *buf0; + const char *f; unsigned char *p; char num[32]; time_t t; @@ -600,7 +601,7 @@ print_string(char *p, int len, printer_func printer, void *arg) * logit - does the hard work for fatal et al. */ static void -logit(int level, char *fmt, va_list args) +logit(int level, const char *fmt, va_list args) { char buf[1024]; @@ -635,7 +636,7 @@ log_write(int level, char *buf) * fatal - log an error message and die horribly. */ void -fatal(char *fmt, ...) +fatal(const char *fmt, ...) { va_list pvar; @@ -655,7 +656,7 @@ fatal(char *fmt, ...) * error - log an error message. */ void -error(char *fmt, ...) +error(const char *fmt, ...) { va_list pvar; @@ -670,7 +671,7 @@ error(char *fmt, ...) * warn - log a warning message. */ void -warn(char *fmt, ...) +warn(const char *fmt, ...) { va_list pvar; @@ -684,7 +685,7 @@ warn(char *fmt, ...) * notice - log a notice-level message. */ void -notice(char *fmt, ...) +notice(const char *fmt, ...) { va_list pvar; @@ -698,7 +699,7 @@ notice(char *fmt, ...) * info - log an informational message. */ void -info(char *fmt, ...) +info(const char *fmt, ...) { va_list pvar; @@ -712,7 +713,7 @@ info(char *fmt, ...) * dbglog - log a debug message. */ void -dbglog(char *fmt, ...) +dbglog(const char *fmt, ...) { va_list pvar; -- 2.39.2 From 0c131e9942c46cf29ecf69b63dc29b63dd2e05fd Mon Sep 17 00:00:00 2001 From: =?utf8?q?Eivind=20N=C3=A6ss?= Date: Thu, 21 Dec 2023 01:29:29 -0800 Subject: [PATCH 02/16] Fix problem where the detection of openssl failed when pkgconfig isn't available (#468) MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Eivind Næss --- m4/ax_check_openssl.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/m4/ax_check_openssl.m4 b/m4/ax_check_openssl.m4 index 39154c8..de8c524 100644 --- a/m4/ax_check_openssl.m4 +++ b/m4/ax_check_openssl.m4 @@ -68,7 +68,7 @@ AC_DEFUN([AX_CHECK_OPENSSL], [ fi ]) - AS_IF([test "${with_openssl}" != "no" && test ! ${found}], [ + AS_IF([test "${with_openssl}" != "no" && test "${found}" != "true"], [ OPENSSL_INCLUDES= for ssldir in $ssldirs; do AC_MSG_CHECKING([for openssl/ssl.h in $ssldir]) @@ -84,7 +84,7 @@ AC_DEFUN([AX_CHECK_OPENSSL], [ ]) done]) - AS_IF([test "${with_openssl}" != "no" && test ${found}], [ + AS_IF([test "${with_openssl}" != "no" && test "${found}" = "true" ], [ # try the preprocessor and linker with our new flags, # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS -- 2.39.2 From 04f851936555d7157e2d518fa233778eb96d3f23 Mon Sep 17 00:00:00 2001 From: Jaco Kroon Date: Thu, 21 Dec 2023 21:50:58 +0200 Subject: [PATCH 03/16] radius: Fix MPPE key decryption for the second-half of the key block (#463) During he refactor in commit 4cb90c1 the key material used to decrypt the second-half of the encrypted block was accidentally updated from: MD5(radius_secret + crypt[0..15]); to: MD5(radius_secret + crypt[0..15] + salt) Which would obviously mismatch. This also refactors back into what I believe to be a more readable block with lower nesting and more comprehensive error reporting. Closes: #453 Signed-off-by: Jaco Kroon --- pppd/plugins/radius/radius.c | 115 +++++++++++++++++------------------ 1 file changed, 55 insertions(+), 60 deletions(-) diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c index c73ca0b..e99bc75 100644 --- a/pppd/plugins/radius/radius.c +++ b/pppd/plugins/radius/radius.c @@ -897,80 +897,75 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info) memcpy(plain, crypt, 32); ctx = PPP_MD_CTX_new(); - if (ctx) { - - if (PPP_DigestInit(ctx, PPP_md5())) { - - if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) { - - if (PPP_DigestUpdate(ctx, req_info->request_vector, AUTH_VECTOR_LEN)) { - - if (PPP_DigestUpdate(ctx, salt, 2)) { - - buflen = sizeof(buf); - if (PPP_DigestFinal(ctx, buf, &buflen)) { - - status = 1; - } - } - } - } - } - - PPP_MD_CTX_free(ctx); + if (!ctx) { + error("RADIUS: Error creating PPP_MD_CTX for MS-MPPE-%s-Key attribute", type); + return -1; } - if (status) { - - for (i = 0; i < 16; i++) { - plain[i] ^= buf[i]; - } + buflen = sizeof(buf); + if (!PPP_DigestInit(ctx, PPP_md5())) { + error("RADIUS: Error setting hash algorithm to MD5 for MS-MPPE-%s-Key attribute", type); + } else if (!PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) { + error("RADIUS: Error mixing in radius secret for MS-MPPE-%s-Key attribute", type); + } else if (!PPP_DigestUpdate(ctx, req_info->request_vector, AUTH_VECTOR_LEN)) { + error("RADIUS: Error mixing in request vector for MS-MPPE-%s-Key attribute", type); + } else if (!PPP_DigestUpdate(ctx, salt, 2)) { + error("RADIUS: Error mixing in salt for MS-MPPE-%s-Key attribute", type); + } else if (!PPP_DigestFinal(ctx, buf, &buflen)) { + error("RADIUS: Error finalizing key buffer for MS-MPPE-%s-Key attribute", type); + } else { + status = 1; + } - if (plain[0] != 16) { - error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute", - (int) plain[0], type); - return -1; - } + PPP_MD_CTX_free(ctx); - status = 0; - ctx = PPP_MD_CTX_new(); - if (ctx) { - - if (PPP_DigestInit(ctx, PPP_md5())) { + if (!status) + return -1; - if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) { + for (i = 0; i < 16; i++) { + plain[i] ^= buf[i]; + } - if (PPP_DigestUpdate(ctx, crypt, 16)) { + if (plain[0] != 16) { + error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute", + (int) plain[0], type); + return -1; + } - if (PPP_DigestUpdate(ctx, salt, 2)) { + status = 0; + ctx = PPP_MD_CTX_new(); + if (!ctx) { + error("RADIUS: Error creating PPP_MD_CTX for MS-MPPE-%s-Key(2) attribute", type); + return -1; + } - buflen = sizeof(buf); - if (PPP_DigestFinal(ctx, buf, &buflen)) { + buflen = sizeof(buf); - status = 1; - } - } - } - } - } + if (!PPP_DigestInit(ctx, PPP_md5())) { + error("RADIUS: Error setting hash algorithm to MD5 for MS-MPPE-%s-Key(2) attribute", type); + } else if (!PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) { + error("RADIUS: Error mixing in radius secret for MS-MPPE-%s-Key(2) attribute", type); + } else if (!PPP_DigestUpdate(ctx, crypt, 16)) { + error("RADIUS: Error mixing in crypt vector for MS-MPPE-%s-Key(2) attribute", type); + } else if (!PPP_DigestFinal(ctx, buf, &buflen)) { + error("RADIUS: Error finalizing key buffer for MS-MPPE-%s-Key(2) attribute", type); + } else { + status = 1; + } - PPP_MD_CTX_free(ctx); - } + PPP_MD_CTX_free(ctx); - if (status) { + if (!status) + return -1; - plain[16] ^= buf[0]; /* only need the first byte */ + plain[16] ^= buf[0]; /* only need the first byte */ - if (vp->attribute == PW_MS_MPPE_SEND_KEY) { - mppe_set_keys(plain + 1, NULL, 16); - } else { - mppe_set_keys(NULL, plain + 1, 16); - } - return 0; - } + if (vp->attribute == PW_MS_MPPE_SEND_KEY) { + mppe_set_keys(plain + 1, NULL, 16); + } else { + mppe_set_keys(NULL, plain + 1, 16); } - - return -1; + return 0; } #endif /* PPP_WITH_MPPE */ -- 2.39.2 From acd6f47c708f37f3366a73697e4a17c4dd071f22 Mon Sep 17 00:00:00 2001 From: Tomasz Torcz Date: Thu, 21 Dec 2023 20:51:57 +0100 Subject: [PATCH 04/16] scripts/lcp_rtt_exporter: include content length in response (#467) Signed-off-by: Tomasz Torcz --- scripts/lcp_rtt_exporter | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/lcp_rtt_exporter b/scripts/lcp_rtt_exporter index 6fab745..4b57d2a 100644 --- a/scripts/lcp_rtt_exporter +++ b/scripts/lcp_rtt_exporter @@ -21,8 +21,10 @@ use List::Util qw(sum max min); my $stats = compute_statistics($data, 60); my $s = metrics($stats); + my $length = length($s); - print "Content-type: text/plain\n\n$s"; + print "Content-type: text/plain\n"; + print "Content-length: $length\n\n$s"; exit; } -- 2.39.2 From 9ec68f3690b25b968d4ddf1ef316f82e8a61667d Mon Sep 17 00:00:00 2001 From: AtariDreams <83477269+AtariDreams@users.noreply.github.com> Date: Tue, 26 Dec 2023 13:22:23 -0500 Subject: [PATCH 05/16] pppd: Fix calloc calls (#416) Size and number are switched in calloc sometimes. This PR fixes that. Signed-off-by: Seija Kijin Co-authored-by: Seija Kijin --- pppd/tdb.c | 2 +- pppd/tls.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pppd/tdb.c b/pppd/tdb.c index 6264417..ecbee1f 100644 --- a/pppd/tdb.c +++ b/pppd/tdb.c @@ -933,7 +933,7 @@ static int tdb_new_database(TDB_CONTEXT *tdb, int hash_size) /* We make it up in memory, then write it out if not internal */ size = sizeof(struct tdb_header) + (hash_size+1)*sizeof(tdb_off); - if (!(newdb = calloc(size, 1))) + if (!(newdb = calloc(1, size))) return TDB_ERRCODE(TDB_ERR_OOM, -1); /* Fill in the header */ diff --git a/pppd/tls.c b/pppd/tls.c index 8328e20..d57e434 100644 --- a/pppd/tls.c +++ b/pppd/tls.c @@ -235,7 +235,7 @@ int tls_set_verify_info(SSL *ssl, const char *peer_name, const char *peer_cert, bool client, struct tls_info **out) { if (out != NULL) { - struct tls_info *tmp = calloc(sizeof(struct tls_info), 1); + struct tls_info *tmp = calloc(1, sizeof(struct tls_info)); if (!tmp) { fatal("Allocation error"); } -- 2.39.2 From 84fc8a8e675be4bbeeed41d38e99937c9322fdd9 Mon Sep 17 00:00:00 2001 From: Paul Mackerras Date: Wed, 27 Dec 2023 15:30:07 +0000 Subject: [PATCH 06/16] Remove include/net/slcompress.h This is completely unused and not needed here, so remove it. Signed-off-by: Paul Mackerras --- include/Makefile.am | 1 - include/net/slcompress.h | 148 --------------------------------------- 2 files changed, 149 deletions(-) delete mode 100644 include/net/slcompress.h diff --git a/include/Makefile.am b/include/Makefile.am index 4081a02..3777f8c 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -4,7 +4,6 @@ EXTRA_HEADERS = \ net/ppp-comp.h \ net/ppp_defs.h \ net/pppio.h \ - net/slcompress.h \ net/vjcompress.h EXTRA_DIST = \ diff --git a/include/net/slcompress.h b/include/net/slcompress.h deleted file mode 100644 index 3712a1a..0000000 --- a/include/net/slcompress.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Definitions for tcp compression routines. - * - * $Id: slcompress.h,v 1.4 1994/09/21 06:50:08 paulus Exp $ - * - * Copyright (c) 1989 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms are permitted - * provided that the above copyright notice and this paragraph are - * duplicated in all such forms and that any documentation, - * advertising materials, and other materials related to such - * distribution and use acknowledge that the software was developed - * by the University of California, Berkeley. The name of the - * University may not be used to endorse or promote products derived - * from this software without specific prior written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989: - * - Initial distribution. - */ - -#ifndef _SLCOMPRESS_H_ -#define _SLCOMPRESS_H_ - -#define MAX_STATES 16 /* must be > 2 and < 256 */ -#define MAX_HDR MLEN /* XXX 4bsd-ism: should really be 128 */ - -/* - * Compressed packet format: - * - * The first octet contains the packet type (top 3 bits), TCP - * 'push' bit, and flags that indicate which of the 4 TCP sequence - * numbers have changed (bottom 5 bits). The next octet is a - * conversation number that associates a saved IP/TCP header with - * the compressed packet. The next two octets are the TCP checksum - * from the original datagram. The next 0 to 15 octets are - * sequence number changes, one change per bit set in the header - * (there may be no changes and there are two special cases where - * the receiver implicitly knows what changed -- see below). - * - * There are 5 numbers which can change (they are always inserted - * in the following order): TCP urgent pointer, window, - * acknowlegement, sequence number and IP ID. (The urgent pointer - * is different from the others in that its value is sent, not the - * change in value.) Since typical use of SLIP links is biased - * toward small packets (see comments on MTU/MSS below), changes - * use a variable length coding with one octet for numbers in the - * range 1 - 255 and 3 octets (0, MSB, LSB) for numbers in the - * range 256 - 65535 or 0. (If the change in sequence number or - * ack is more than 65535, an uncompressed packet is sent.) - */ - -/* - * Packet types (must not conflict with IP protocol version) - * - * The top nibble of the first octet is the packet type. There are - * three possible types: IP (not proto TCP or tcp with one of the - * control flags set); uncompressed TCP (a normal IP/TCP packet but - * with the 8-bit protocol field replaced by an 8-bit connection id -- - * this type of packet syncs the sender & receiver); and compressed - * TCP (described above). - * - * LSB of 4-bit field is TCP "PUSH" bit (a worthless anachronism) and - * is logically part of the 4-bit "changes" field that follows. Top - * three bits are actual packet type. For backward compatibility - * and in the interest of conserving bits, numbers are chosen so the - * IP protocol version number (4) which normally appears in this nibble - * means "IP packet". - */ - -/* packet types */ -#define TYPE_IP 0x40 -#define TYPE_UNCOMPRESSED_TCP 0x70 -#define TYPE_COMPRESSED_TCP 0x80 -#define TYPE_ERROR 0x00 - -/* Bits in first octet of compressed packet */ -#define NEW_C 0x40 /* flag bits for what changed in a packet */ -#define NEW_I 0x20 -#define NEW_S 0x08 -#define NEW_A 0x04 -#define NEW_W 0x02 -#define NEW_U 0x01 - -/* reserved, special-case values of above */ -#define SPECIAL_I (NEW_S|NEW_W|NEW_U) /* echoed interactive traffic */ -#define SPECIAL_D (NEW_S|NEW_A|NEW_W|NEW_U) /* unidirectional data */ -#define SPECIALS_MASK (NEW_S|NEW_A|NEW_W|NEW_U) - -#define TCP_PUSH_BIT 0x10 - - -/* - * "state" data for each active tcp conversation on the wire. This is - * basically a copy of the entire IP/TCP header from the last packet - * we saw from the conversation together with a small identifier - * the transmit & receive ends of the line use to locate saved header. - */ -struct cstate { - struct cstate *cs_next; /* next most recently used cstate (xmit only) */ - u_short cs_hlen; /* size of hdr (receive only) */ - u_char cs_id; /* connection # associated with this state */ - u_char cs_filler; - union { - char csu_hdr[MAX_HDR]; - struct ip csu_ip; /* ip/tcp hdr from most recent packet */ - } slcs_u; -}; -#define cs_ip slcs_u.csu_ip -#define cs_hdr slcs_u.csu_hdr - -/* - * all the state data for one serial line (we need one of these - * per line). - */ -struct slcompress { - struct cstate *last_cs; /* most recently used tstate */ - u_char last_recv; /* last rcvd conn. id */ - u_char last_xmit; /* last sent conn. id */ - u_short flags; -#ifndef SL_NO_STATS - int sls_packets; /* outbound packets */ - int sls_compressed; /* outbound compressed packets */ - int sls_searches; /* searches for connection state */ - int sls_misses; /* times couldn't find conn. state */ - int sls_uncompressedin; /* inbound uncompressed packets */ - int sls_compressedin; /* inbound compressed packets */ - int sls_errorin; /* inbound unknown type packets */ - int sls_tossed; /* inbound packets tossed because of error */ -#endif - struct cstate tstate[MAX_STATES]; /* xmit connection states */ - struct cstate rstate[MAX_STATES]; /* receive connection states */ -}; -/* flag values */ -#define SLF_TOSS 1 /* tossing rcvd frames because of input err */ - -void sl_compress_init(struct slcompress *); -void sl_compress_setup(struct slcompress *, int); -u_int sl_compress_tcp(struct mbuf *, - struct ip *, struct slcompress *, int); -int sl_uncompress_tcp(u_char **, int, u_int, struct slcompress *); -int sl_uncompress_tcp_core(u_char *, int, int, u_int, - struct slcompress *, u_char **, u_int *); - -#endif /* _SLCOMPRESS_H_ */ -- 2.39.2 From fafbfdf19a3d52e85ec2a445bd72e412a06cb0d0 Mon Sep 17 00:00:00 2001 From: Paul Mackerras Date: Mon, 1 Jan 2024 19:24:34 +1100 Subject: [PATCH 07/16] pppd: Rework use of volatile in lcp-rtt code to eliminate warnings (#469) To eliminate the warnings, the lcp_rtt_buffer variable no longer points to volatile, and instead accesses are made using 'ring_header' local variables, which do point to volatile, and contain the same address. Signed-off-by: Paul Mackerras --- pppd/lcp.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/pppd/lcp.c b/pppd/lcp.c index d174b8f..0876b8a 100644 --- a/pppd/lcp.c +++ b/pppd/lcp.c @@ -216,7 +216,7 @@ static int lcp_echos_pending = 0; /* Number of outstanding echo msgs */ static int lcp_echo_number = 0; /* ID number of next echo frame */ static int lcp_echo_timer_running = 0; /* set if a timer is running */ static int lcp_rtt_file_fd = 0; /* fd for the opened LCP RTT file */ -static volatile u_int32_t *lcp_rtt_buffer = NULL; /* the mmap'ed LCP RTT file */ +static u_int32_t *lcp_rtt_buffer = NULL; /* the mmap'ed LCP RTT file */ static u_char nak_buffer[PPP_MRU]; /* where we construct a nak packet */ @@ -2272,15 +2272,16 @@ LcpEchoTimeout (void *arg) static void lcp_rtt_update_buffer (unsigned long rtt) { + volatile u_int32_t *const ring_header = lcp_rtt_buffer; volatile u_int32_t *const ring_buffer = lcp_rtt_buffer + LCP_RTT_HEADER_LENGTH; unsigned int next_entry, lost; /* choose the next entry where the data will be stored */ - if (ntohl(lcp_rtt_buffer[2]) >= (LCP_RTT_ELEMENTS - 1) * 2) + if (ntohl(ring_header[2]) >= (LCP_RTT_ELEMENTS - 1) * 2) next_entry = 0; /* go back to the beginning */ else - next_entry = ntohl(lcp_rtt_buffer[2]) + 2; /* use the next one */ + next_entry = ntohl(ring_header[2]) + 2; /* use the next one */ /* update the data element */ /* storing the timestamp in an *unsigned* long allows dates up to 2106 */ @@ -2294,7 +2295,7 @@ lcp_rtt_update_buffer (unsigned long rtt) ring_buffer[next_entry + 1] = htonl((u_int32_t) ((lost << 24) + rtt)); /* update the pointer to the (just updated) most current data element */ - lcp_rtt_buffer[2] = htonl(next_entry); + ring_header[2] = htonl(next_entry); /* In theory, CPUs implementing a weakly-consistent memory model do not * guarantee that these three memory store operations to the buffer will @@ -2422,6 +2423,8 @@ LcpSendEchoRequest (fsm *f) static void lcp_rtt_open_file (void) { + volatile u_int32_t *ring_header; + if (!lcp_rtt_file) return; @@ -2438,24 +2441,27 @@ lcp_rtt_open_file (void) MAP_SHARED, lcp_rtt_file_fd, 0); if (lcp_rtt_buffer == MAP_FAILED) fatal("mmap() of %s failed: %m", lcp_rtt_file); + ring_header = lcp_rtt_buffer; /* initialize the ring buffer */ - if (lcp_rtt_buffer[0] != htonl(LCP_RTT_MAGIC)) { + if (ring_header[0] != htonl(LCP_RTT_MAGIC)) { memset(lcp_rtt_buffer, 0, LCP_RTT_FILE_SIZE); - lcp_rtt_buffer[0] = htonl(LCP_RTT_MAGIC); + ring_header[0] = htonl(LCP_RTT_MAGIC); } - lcp_rtt_buffer[3] = htonl(lcp_echo_interval); - lcp_rtt_buffer[1] = htonl(1); /* status: LCP up, file opened */ + ring_header[3] = htonl(lcp_echo_interval); + ring_header[1] = htonl(1); /* status: LCP up, file opened */ } static void lcp_rtt_close_file (void) { + volatile u_int32_t *const ring_header = lcp_rtt_buffer; + if (!lcp_rtt_file_fd) return; - lcp_rtt_buffer[1] = htonl(0); /* status: LCP down, file closed */ + ring_header[1] = htonl(0); /* status: LCP down, file closed */ if (munmap(lcp_rtt_buffer, LCP_RTT_FILE_SIZE) < 0) error("munmap() of %s failed: %m", lcp_rtt_file); -- 2.39.2 From 88563e591766a0cac99c171124d9dd5df2922f4c Mon Sep 17 00:00:00 2001 From: Paul Mackerras Date: Thu, 11 Jan 2024 20:38:08 +1100 Subject: [PATCH 08/16] pppoe: Fix sending of PADT on connection termination (#470) Commit 2b4166d02ed0 ("Close discovery socket after session completed", 2020-11-26) arranged for the discovery socket to be closed when the PPPOE session negotiation was complete. However, the discovery socket is used for sending a PADT message when the connection terminates, and now that doesn't work because the socket has been closed. To fix this, we reopen the discovery socket in order to send the PADT message. Signed-off-by: Paul Mackerras --- pppd/plugins/pppoe/plugin.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c index c7ace96..7d4709e 100644 --- a/pppd/plugins/pppoe/plugin.c +++ b/pppd/plugins/pppoe/plugin.c @@ -310,6 +310,9 @@ PPPOEDisconnectDevice(void) sizeof(struct sockaddr_pppox)) < 0 && errno != EALREADY) error("Failed to disconnect PPPoE socket: %d %m", errno); close(conn->sessionSocket); + if (conn->discoverySocket < 0) + conn->discoverySocket = + openInterface(conn->ifName, Eth_PPPOE_Discovery, NULL); if (conn->discoverySocket >= 0) { sendPADT(conn, NULL); close(conn->discoverySocket); -- 2.39.2 From 4693ad374378bd26512f328d174ea764b139bc2a Mon Sep 17 00:00:00 2001 From: Samuel Thibault Date: Tue, 13 Feb 2024 10:36:08 +0100 Subject: [PATCH 09/16] pppd: Restore adding a default route with different metric (#472) For instance, when using a ppp link as backup link, one would want to add a default route on the ppp link, in *addition* to the existing default route. d0ccb87156c2 ("pppd: Add replacedefaultroute option (#200)") however broke this case: sifdefaultroute was not passing the metric to defaultroute_exists any more. This commit restores this case. Fixes #357 Signed-off-by: Samuel Thibault --- pppd/sys-linux.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c index a16ab12..c0955a0 100644 --- a/pppd/sys-linux.c +++ b/pppd/sys-linux.c @@ -2193,11 +2193,27 @@ int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway, bool replac * - this is normally only the case the doing demand: */ if (defaultroute_exists(&tmp_rt, -1)) del_rt = &tmp_rt; + } else if (!replace) { + /* + * We don't want to replace an existing route. + * We may however add our route along an existing route with a different + * metric. + */ + if (defaultroute_exists(&rt, dfl_route_metric) && strcmp(rt.rt_dev, ifname) != 0) { + if (rt.rt_flags & RTF_GATEWAY) + error("not replacing existing default route via %I with metric %d", + SIN_ADDR(rt.rt_gateway), dfl_route_metric); + else + error("not replacing existing default route through %s with metric %d", + rt.rt_dev, dfl_route_metric); + return 0; + } } else if (defaultroute_exists(&old_def_rt, -1 ) && strcmp( old_def_rt.rt_dev, ifname) != 0) { /* - * We did not yet replace an existing default route, let's - * check if we should save and replace a default route: + * We want to replace an existing route and did not replace an existing + * default route yet, let's check if we should save and replace an + * existing default route: */ u_int32_t old_gateway = SIN_ADDR(old_def_rt.rt_gateway); -- 2.39.2 From e1266c76d1ad39f98f11676e34f180f78c5a510c Mon Sep 17 00:00:00 2001 From: Paul Mackerras Date: Tue, 13 Feb 2024 20:40:56 +1100 Subject: [PATCH 10/16] pppd man page: Update header to refer to pppd 2.5.x Also remove the obsolete $Id$ tag. Signed-off-by: Paul Mackerras --- pppd/pppd.8 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pppd/pppd.8 b/pppd/pppd.8 index 850d21c..903d694 100644 --- a/pppd/pppd.8 +++ b/pppd/pppd.8 @@ -1,5 +1,4 @@ -.\" manual page [] for pppd 2.4 -.\" $Id: pppd.8,v 1.90 2008/03/26 12:09:40 paulus Exp $ +.\" manual page [] for pppd 2.5.x .\" SH section heading .\" SS subsection heading .\" LP paragraph -- 2.39.2 From 7f94eaeb70c0adbf200d48b5f79fbecd435d7fce Mon Sep 17 00:00:00 2001 From: Adrien RICCIARDI Date: Fri, 19 Apr 2024 11:00:10 +0200 Subject: [PATCH 11/16] ci: Used a Solaris VM with all needed build tools preinstalled. (#481) This avoids losing time updating the package cache and installing the needed packages. This also avoids breaking the Solaris build if the Solaris mirrors are temporarily unavailable. Signed-off-by: RICCIARDI-Adrien --- .github/workflows/solaris.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/solaris.yaml b/.github/workflows/solaris.yaml index 7dc2f2e..8d1f448 100644 --- a/.github/workflows/solaris.yaml +++ b/.github/workflows/solaris.yaml @@ -8,11 +8,10 @@ jobs: - name: Checkout PPP sources uses: actions/checkout@v3 - name: Build - uses: vmactions/solaris-vm@v1.0.0 + uses: vmactions/solaris-vm@v1.0.2 with: + release: "11.4-gcc" run: | - pkg update - pkg install gcc automake autoconf libtool ./autogen.sh CFLAGS="-Wno-deprecated-declarations" make make install -- 2.39.2 From c7cf25569a3e8495f5619abc4e81f4ac4662cfdd Mon Sep 17 00:00:00 2001 From: Adrien RICCIARDI Date: Fri, 19 Apr 2024 11:01:06 +0200 Subject: [PATCH 12/16] CI: Updated the Buildroot image to support the RISC-V architecture. (#482) Signed-off-by: RICCIARDI-Adrien --- .github/workflows/buildroot.yaml | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/.github/workflows/buildroot.yaml b/.github/workflows/buildroot.yaml index a131f94..4353069 100644 --- a/.github/workflows/buildroot.yaml +++ b/.github/workflows/buildroot.yaml @@ -4,21 +4,33 @@ on: [push, pull_request] jobs: buildroot: name: Buildroot - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest strategy: matrix: - defconfig_name: [qemu_x86_defconfig, qemu_x86_64_defconfig, raspberrypi4_defconfig, raspberrypi4_64_defconfig, qemu_ppc64le_pseries_defconfig, qemu_mips32r2_malta_defconfig, qemu_mips64_malta_defconfig] - libc_name: [glibc, uclibc, musl] + defconfig_name: + - qemu_x86_defconfig + - qemu_x86_64_defconfig + - raspberrypi4_defconfig + - raspberrypi4_64_defconfig + - qemu_ppc64le_pseries_defconfig + - qemu_mips32r2_malta_defconfig + - qemu_mips64_malta_defconfig + - qemu_riscv32_virt_defconfig + - qemu_riscv64_virt_defconfig + libc_name: + - glibc + - uclibc + - musl env: - PPP_CI_VERSION: v1.0 + CI_VERSION: v1.1 BUILDROOT_DIRECTORY_NAME: buildroot-${{ matrix.defconfig_name }}-${{ matrix.libc_name }} steps: - - name: Retrieve prebuilt Buildroot image... + - name: Retrieve the prebuilt Buildroot image working-directory: /home/runner run: | - wget https://github.com/ppp-project/ppp-ci/releases/download/${{ env.PPP_CI_VERSION }}/${{ env.BUILDROOT_DIRECTORY_NAME }}.tar.zst - tar -xf ${{ env.BUILDROOT_DIRECTORY_NAME }}.tar.zst - - name: Select latest PPP upstream version + wget https://github.com/ppp-project/ppp-ci/releases/download/${{ env.CI_VERSION }}/${{ env.BUILDROOT_DIRECTORY_NAME }}.tar.zst + tar --zstd --strip-components=2 -xf ${{ env.BUILDROOT_DIRECTORY_NAME }}.tar.zst + - name: Select the latest PPP upstream version working-directory: /home/runner/${{ env.BUILDROOT_DIRECTORY_NAME }}/package/pppd run: | # Get package sources from head of current branch -- 2.39.2 From 100afafa365b974cc9761be51ad126e0d9121eed Mon Sep 17 00:00:00 2001 From: Paul Mackerras Date: Tue, 23 Apr 2024 08:35:03 +1000 Subject: [PATCH 13/16] Makefile.am: Add explicit openssl directory to pppd include path When configured with an explicit (non-default) path to the openssl libraries, we need to add an appropriate -I option when compiling pppd code so that it can find the openssl header files. Signed-off-by: Paul Mackerras --- pppd/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pppd/Makefile.am b/pppd/Makefile.am index c5fe107..65880ab 100644 --- a/pppd/Makefile.am +++ b/pppd/Makefile.am @@ -177,6 +177,8 @@ noinst_LTLIBRARIES = libppp_crypto.la libppp_crypto_la_SOURCES=crypto.c ppp-md5.c ppp-md4.c ppp-sha1.c ppp-des.c if PPP_WITH_OPENSSL +pppd_CPPFLAGS += $(OPENSSL_INCLUDES) + libppp_crypto_la_CPPFLAGS=$(OPENSSL_INCLUDES) libppp_crypto_la_LDFLAGS=$(OPENSSL_LDFLAGS) libppp_crypto_la_LIBADD=$(OPENSSL_LIBS) -- 2.39.2 From 9c5701cb4078b1dc2f40da05a0ba715ec3984b62 Mon Sep 17 00:00:00 2001 From: Mike Gilbert Date: Fri, 26 Apr 2024 05:10:16 -0400 Subject: [PATCH 14/16] Use pkg-config to detect PAM when possible (#479) This fixes a link error on Gentoo Linux by not putting -L/usr/lib in the link command on 64-bit systems. The correct path is -L/usr/lib64, and this is the default path used by GCC and clang. Users may override pkg-config by setting PAM_CFLAGS and PAM_LDFLAGS in the environment before calling configure. This is standard behavior for the PKG_CHECK_MODULES macro. The legacy detection logic is maintained when a path is given as an argument to --with-pam. Note that this logic is broken when libdir is not "lib". Signed-off-by: Mike Gilbert --- m4/ax_check_pam.m4 | 56 ++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 29 deletions(-) diff --git a/m4/ax_check_pam.m4 b/m4/ax_check_pam.m4 index b17a757..3b2a48c 100644 --- a/m4/ax_check_pam.m4 +++ b/m4/ax_check_pam.m4 @@ -25,35 +25,33 @@ AC_DEFUN([AX_CHECK_PAM], [ AC_ARG_WITH([pam], - [AS_HELP_STRING([--with-pam=DIR], - [With libpam support, see ftp.redhat.com:/pub/pam])], - [ - case "$withval" in - "" | y | ye | yes) - pamdirs="/usr/local /usr/lib /usr" - ;; - n | no) - with_pam="no" - ;; - *) - pamdirs="$withval" - ;; - esac - ]) + [AS_HELP_STRING([--with-pam=yes|no|DIR], + [With libpam support, see ftp.redhat.com:/pub/pam])]) + + AS_CASE(["$with_pam"], + [ye|y], [with_pam=yes], + [n], [with_pam=no]) - if [ test "x${with_pam}" != "xno" ] ; then - PAM_LIBS="-lpam" - for pamdir in $pamdirs; do - AC_MSG_CHECKING([for pam_appl.h in $pamdir]) - if test -f "$pamdir/include/security/pam_appl.h"; then - PAM_CFLAGS="-I$pamdir/include" - PAM_LDFLAGS="-L$pamdir/lib" - AC_MSG_RESULT([yes]) - break - else - AC_MSG_RESULT([no]) - fi - done + AS_IF([test "x$with_pam" != "xno"], [ + AS_CASE(["$with_pam"], + [""|yes], [PKG_CHECK_MODULES([PAM], [pam], [pamdirs=], + [pamdirs="/usr/local /usr/lib /usr"])], + [pamdirs="$with_pam"]) + + AS_IF([test -n "$pamdirs"], [ + PAM_LIBS="-lpam" + for pamdir in $pamdirs; do + AC_MSG_CHECKING([for pam_appl.h in $pamdir]) + if test -f "$pamdir/include/security/pam_appl.h"; then + PAM_CFLAGS="-I$pamdir/include" + PAM_LDFLAGS="-L$pamdir/lib" + AC_MSG_RESULT([yes]) + break + else + AC_MSG_RESULT([no]) + fi + done + ]) # try the preprocessor and linker with our new flags, # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS @@ -87,7 +85,7 @@ AC_DEFUN([AX_CHECK_PAM], [ AC_SUBST([PAM_CFLAGS]) AC_SUBST([PAM_LIBS]) AC_SUBST([PAM_LDFLAGS]) - fi + ]) AM_CONDITIONAL(WITH_LIBPAM, test "x${with_pam}" != "xno") ]) -- 2.39.2 From 006c81f204a7fa7d09bd2d9289317a010fcb1ce9 Mon Sep 17 00:00:00 2001 From: Adrien RICCIARDI Date: Fri, 26 Apr 2024 11:11:31 +0200 Subject: [PATCH 15/16] CI: Updated the 'checkout' actions that were using Node.js 16 to Node.js 20. (#489) See https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20. Signed-off-by: RICCIARDI-Adrien --- .github/workflows/solaris.yaml | 2 +- .github/workflows/ubuntu.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/solaris.yaml b/.github/workflows/solaris.yaml index 8d1f448..19abce5 100644 --- a/.github/workflows/solaris.yaml +++ b/.github/workflows/solaris.yaml @@ -6,7 +6,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout PPP sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Build uses: vmactions/solaris-vm@v1.0.2 with: diff --git a/.github/workflows/ubuntu.yaml b/.github/workflows/ubuntu.yaml index a678ebc..410daf6 100644 --- a/.github/workflows/ubuntu.yaml +++ b/.github/workflows/ubuntu.yaml @@ -8,7 +8,7 @@ jobs: configure_flags: --enable-multilink --enable-systemd --enable-cbcp steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: install required packages run: | @@ -37,7 +37,7 @@ jobs: LDFLAGS: '-fsanitize=address' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: install required packages run: | -- 2.39.2 From cc12c3d3ca96c79e68ed024bd5df0086a2816178 Mon Sep 17 00:00:00 2001 From: Paul Mackerras Date: Sat, 27 Apr 2024 18:57:29 +1000 Subject: [PATCH 16/16] pppd.8: Document netmask option Signed-off-by: Paul Mackerras --- pppd/pppd.8 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pppd/pppd.8 b/pppd/pppd.8 index 903d694..3765041 100644 --- a/pppd/pppd.8 +++ b/pppd/pppd.8 @@ -759,6 +759,13 @@ will be used as the name to send to the peer when authenticating the local system to the peer. (Note that pppd does not append the domain name to \fIname\fR.) .TP +.B netmask \fImask +Set the IPV4 network mask on the PPP interface to the given +\fImask\fR, which can be given in dotted-quad notation or as a single +hexadecimal number preceded by 0x. This option is not normally +needed because the PPP interface is a point-to-point connection, but +in some specialized circumstances it can be useful. +.TP .B noaccomp Disable Address/Control compression in both directions (send and receive). -- 2.39.2