current-users: Re: pppd doesn't handle LCP echo-response; fixed

Subject: Re: pppd doesn't handle LCP echo-response; fixed
To: None <current-users@sun-lamp.cs.berkeley.edu>
From: Mark Treacy <mark@labtam.oz.au>
List: current-users
Date: 11/02/1994 23:51:46
You wrote,
>pppd does not properly understand LCP echo-response packets.
this is true of 2.1.2.  Here is a copy of what I sent to Paul
back in August.

> To: Paul Mackerras <Paul.Mackerras@cs.anu.edu.au>
> Subject: Patch for lcp echo request/reply bug, ppp 2.1.2
> Date: Mon, 22 Aug 1994 14:16:30 +1000
> From: Mark Treacy <mark@labtam.labtam.OZ.AU>
>
> Hi Paul,
> The lcp Echo-Reply packet construction and processing is not correct.
> When an Echo-Request is received and the reply generated the packet
> is incorrectly padded out with an additional 2 bytes.
> When processing echo replies the length of the received reply is checked
> to make sure it includes these additional 2 bytes.
> This bug comes about because CILONG was used as the length of the
> magic number field of the Echo packets.  As you know CIxxxx only pertains
> to the length of the Configuration Information and should only be used
> when manipulating configuration options (and the echo packets are not
> configuration options, they're additional packet types).
> I also added some syslog warnings to notify a user of the receive
> processing problems.
> Unfortunately older ppp code neglected to copy it's own magic number in
> when constructing the reply, this, and the length errors, reduces the
> utility of setting lcp-echo-failure to anything non zero.
>
> - Mark.
> A patch to lcp.c follows,
>
> ------- lcp.c -------
> *** /tmp/da0052J	Thu Jan  1 10:00:00 1970
> --- lcp.c	Mon Aug 22 13:44:37 1994
> ***************
> *** 290,297 ****
>  	LCPDEBUG((LOG_INFO, "lcp: Echo-Request, Rcvd id %d", id));
>  	magp = inp;
>  	PUTLONG(lcp_gotoptions[f->unit].magicnumber, magp);
> - 	if (len < CILEN_LONG)
> - 	    len = CILEN_LONG;
>  	fsm_sdata(f, ECHOREP, id, inp, len);
>  	break;
>      
> --- 290,295 ----
> ***************
> *** 1567,1578 ****
>      u_long magic;
>  
>      /* Check the magic number - don't count replies from ourselves. */
> !     if (len < CILEN_LONG)
>  	return;
>      GETLONG(magic, inp);
>      if (lcp_gotoptions[f->unit].neg_magicnumber
> ! 	&& magic == lcp_gotoptions[f->unit].magicnumber)
>  	return;
>  
>      /* Reset the number of outstanding echo frames */
>      lcp_echos_pending = 0;
> --- 1565,1582 ----
>      u_long magic;
>  
>      /* Check the magic number - don't count replies from ourselves. */
> !     if (len < 4) {
> !     	syslog(LOG_WARNING, "lcp: received short Echo-Reply, len %d", len);
>  	return;
> +     }
>      GETLONG(magic, inp);
>      if (lcp_gotoptions[f->unit].neg_magicnumber
> ! 	&& magic == lcp_gotoptions[f->unit].magicnumber) {
> !     	syslog(LOG_WARNING,
> ! 	    "lcp: Echo-Reply magic number error - sent %x, received %x",
> ! 	    lcp_gotoptions[f->unit].magicnumber, magic);
>  	return;
> +     }
>  
>      /* Reset the number of outstanding echo frames */
>      lcp_echos_pending = 0;