mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-10-05 22:29:49 +00:00
PPP, MPPE, drop unencrypted input packet if MPPE is required
This commit is contained in:
parent
b302cad46d
commit
ced24f9215
@ -173,9 +173,6 @@ void mppe_comp_reset(ppp_pcb *pcb, ppp_mppe_state *state);
|
|||||||
err_t mppe_compress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb, u16_t protocol);
|
err_t mppe_compress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb, u16_t protocol);
|
||||||
void mppe_decomp_reset(ppp_pcb *pcb, ppp_mppe_state *state);
|
void mppe_decomp_reset(ppp_pcb *pcb, ppp_mppe_state *state);
|
||||||
err_t mppe_decompress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb);
|
err_t mppe_decompress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb);
|
||||||
#if 0 /* unused */
|
|
||||||
void mppe_incomp(ppp_pcb *pcb, ppp_mppe_state *state, unsigned char *ibuf, int icnt);
|
|
||||||
#endif /* unused */
|
|
||||||
|
|
||||||
#endif /* MPPE_H */
|
#endif /* MPPE_H */
|
||||||
#endif /* PPP_SUPPORT && MPPE_SUPPORT */
|
#endif /* PPP_SUPPORT && MPPE_SUPPORT */
|
||||||
|
@ -389,24 +389,4 @@ mppe_decompress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb)
|
|||||||
return ERR_OK;
|
return ERR_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if 0 /* unused */
|
|
||||||
/*
|
|
||||||
* Incompressible data has arrived (this should never happen!).
|
|
||||||
* We should probably drop the link if the protocol is in the range
|
|
||||||
* of what should be encrypted. At the least, we should drop this
|
|
||||||
* packet. (How to do this?)
|
|
||||||
*/
|
|
||||||
void mppe_incomp(ppp_pcb *pcb, ppp_mppe_state *state, unsigned char *ibuf, int icnt)
|
|
||||||
{
|
|
||||||
LWIP_UNUSED_ARG(state);
|
|
||||||
LWIP_UNUSED_ARG(icnt);
|
|
||||||
|
|
||||||
if (PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa) {
|
|
||||||
PPPDEBUG(LOG_DEBUG,
|
|
||||||
("mppe_incomp[%d]: incompressible (unencrypted) data! "
|
|
||||||
"(proto %04x)\n", pcb->netif->num, PPP_PROTOCOL(ibuf)));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif /* unused */
|
|
||||||
|
|
||||||
#endif /* PPP_SUPPORT && MPPE_SUPPORT */
|
#endif /* PPP_SUPPORT && MPPE_SUPPORT */
|
||||||
|
@ -760,6 +760,26 @@ void ppp_input(ppp_pcb *pcb, struct pbuf *pb) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if CCP_SUPPORT
|
#if CCP_SUPPORT
|
||||||
|
#if MPPE_SUPPORT
|
||||||
|
/*
|
||||||
|
* MPPE is required and unencrypted data has arrived (this
|
||||||
|
* should never happen!). We should probably drop the link if
|
||||||
|
* the protocol is in the range of what should be encrypted.
|
||||||
|
* At the least, we drop this packet.
|
||||||
|
*/
|
||||||
|
if (pcb->settings.require_mppe && (0
|
||||||
|
#if PPP_IPV4_SUPPORT
|
||||||
|
|| protocol == PPP_IP
|
||||||
|
#endif /* PPP_IPV4_SUPPORT */
|
||||||
|
#if PPP_IPV6_SUPPORT
|
||||||
|
|| protocol == PPP_IPV6
|
||||||
|
#endif /* PPP_IPV6_SUPPORT */
|
||||||
|
)) {
|
||||||
|
PPPDEBUG(LOG_ERR, ("ppp_input[%d]: MPPE required, received unencrypted data!\n", pcb->netif->num));
|
||||||
|
goto drop;
|
||||||
|
}
|
||||||
|
#endif /* MPPE_SUPPORT */
|
||||||
|
|
||||||
if (protocol == PPP_COMP) {
|
if (protocol == PPP_COMP) {
|
||||||
u8_t *pl;
|
u8_t *pl;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user