mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-10-05 22:29:49 +00:00
PPP, MPPE, drop unencrypted input packet if MPPE is required
This commit is contained in:
parent
b302cad46d
commit
ced24f9215
@ -173,9 +173,6 @@ void mppe_comp_reset(ppp_pcb *pcb, ppp_mppe_state *state);
|
||||
err_t mppe_compress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb, u16_t protocol);
|
||||
void mppe_decomp_reset(ppp_pcb *pcb, ppp_mppe_state *state);
|
||||
err_t mppe_decompress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb);
|
||||
#if 0 /* unused */
|
||||
void mppe_incomp(ppp_pcb *pcb, ppp_mppe_state *state, unsigned char *ibuf, int icnt);
|
||||
#endif /* unused */
|
||||
|
||||
#endif /* MPPE_H */
|
||||
#endif /* PPP_SUPPORT && MPPE_SUPPORT */
|
||||
|
@ -389,24 +389,4 @@ mppe_decompress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb)
|
||||
return ERR_OK;
|
||||
}
|
||||
|
||||
#if 0 /* unused */
|
||||
/*
|
||||
* Incompressible data has arrived (this should never happen!).
|
||||
* We should probably drop the link if the protocol is in the range
|
||||
* of what should be encrypted. At the least, we should drop this
|
||||
* packet. (How to do this?)
|
||||
*/
|
||||
void mppe_incomp(ppp_pcb *pcb, ppp_mppe_state *state, unsigned char *ibuf, int icnt)
|
||||
{
|
||||
LWIP_UNUSED_ARG(state);
|
||||
LWIP_UNUSED_ARG(icnt);
|
||||
|
||||
if (PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa) {
|
||||
PPPDEBUG(LOG_DEBUG,
|
||||
("mppe_incomp[%d]: incompressible (unencrypted) data! "
|
||||
"(proto %04x)\n", pcb->netif->num, PPP_PROTOCOL(ibuf)));
|
||||
}
|
||||
}
|
||||
#endif /* unused */
|
||||
|
||||
#endif /* PPP_SUPPORT && MPPE_SUPPORT */
|
||||
|
@ -760,6 +760,26 @@ void ppp_input(ppp_pcb *pcb, struct pbuf *pb) {
|
||||
}
|
||||
|
||||
#if CCP_SUPPORT
|
||||
#if MPPE_SUPPORT
|
||||
/*
|
||||
* MPPE is required and unencrypted data has arrived (this
|
||||
* should never happen!). We should probably drop the link if
|
||||
* the protocol is in the range of what should be encrypted.
|
||||
* At the least, we drop this packet.
|
||||
*/
|
||||
if (pcb->settings.require_mppe && (0
|
||||
#if PPP_IPV4_SUPPORT
|
||||
|| protocol == PPP_IP
|
||||
#endif /* PPP_IPV4_SUPPORT */
|
||||
#if PPP_IPV6_SUPPORT
|
||||
|| protocol == PPP_IPV6
|
||||
#endif /* PPP_IPV6_SUPPORT */
|
||||
)) {
|
||||
PPPDEBUG(LOG_ERR, ("ppp_input[%d]: MPPE required, received unencrypted data!\n", pcb->netif->num));
|
||||
goto drop;
|
||||
}
|
||||
#endif /* MPPE_SUPPORT */
|
||||
|
||||
if (protocol == PPP_COMP) {
|
||||
u8_t *pl;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user