Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Import several improvement from upstream: * r2408,2409 - use SOCK_CLOEXEC for all sockets including PPtP, web and telnet consoles, so that subprocesses like ip-up/down scripts do not inherit such sockets; * r2415 - avoid inadequate MTU undervalueing when bundle compression and/or encryption configured but not negotiated; f.e. PPPoE interface MTU could be set to 1490 instead of 1492 previously; * r2482,2483 - improve client-side implementation of PPP-Max-Payload (RFC4638) and do not limit "set pppoe max-payload {size}" to 1510 but use MTU of parent interface minus 8, as per RFC; also, relax sanity check for "set link mtu/mru" in case of PPPoE, so that it is possible to configure values like 1500 and over, if needed.
- Loading branch information
Eugene Grosbein
authored and
Eugene Grosbein
committed
Mar 30, 2023
1 parent
4ef8f0d
commit c905861
Showing
4 changed files
with
235 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
Index: src/contrib/libpdel/http/http_server.c | ||
=================================================================== | ||
--- src/contrib/libpdel/http/http_server.c (revision 2407) | ||
+++ src/contrib/libpdel/http/http_server.c (revision 2409) | ||
@@ -243,10 +243,16 @@ http_server_start(struct pevent_ctx *ctx, struct in_ad | ||
} | ||
|
||
/* Create socket */ | ||
- if ((serv->sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) { | ||
+#ifdef SOCK_CLOEXEC | ||
+#define hs_stype(x) (x | SOCK_CLOEXEC) | ||
+#else | ||
+#define hs_stype(x) (x) | ||
+#endif | ||
+ if ((serv->sock = socket(PF_INET, hs_stype(SOCK_STREAM), IPPROTO_TCP)) == -1) { | ||
(*serv->logger)(LOG_ERR, "%s: %s", "socket", strerror(errno)); | ||
goto fail; | ||
} | ||
+#undef hs_stype | ||
(void)fcntl(serv->sock, F_SETFD, 1); | ||
if (setsockopt(serv->sock, SOL_SOCKET, | ||
SO_REUSEADDR, &one, sizeof(one)) == -1) { | ||
Index: src/l2tp.c | ||
=================================================================== | ||
--- src/l2tp.c (revision 2407) | ||
+++ src/l2tp.c (revision 2409) | ||
@@ -1632,9 +1632,9 @@ L2tpListen(Link l) | ||
|
||
/* Setup UDP socket that listens for new connections */ | ||
if (s->self_addr.family==AF_INET6) { | ||
- s->sock = socket(PF_INET6, SOCK_DGRAM, IPPROTO_UDP); | ||
+ s->sock = socket(PF_INET6, socktype(SOCK_DGRAM), IPPROTO_UDP); | ||
} else { | ||
- s->sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); | ||
+ s->sock = socket(PF_INET, socktype(SOCK_DGRAM), IPPROTO_UDP); | ||
} | ||
if (s->sock == -1) { | ||
Perror("L2TP: socket"); | ||
Index: src/radsrv.c | ||
=================================================================== | ||
--- src/radsrv.c (revision 2407) | ||
+++ src/radsrv.c (revision 2409) | ||
@@ -661,7 +661,7 @@ RadsrvOpen(Radsrv w) | ||
return (-1); | ||
} | ||
|
||
- if ((w->fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) { | ||
+ if ((w->fd = socket(PF_INET, socktype(SOCK_DGRAM), IPPROTO_UDP)) == -1) { | ||
Perror("%s: Cannot create socket", __FUNCTION__); | ||
return (-1); | ||
} | ||
Index: src/udp.c | ||
=================================================================== | ||
--- src/udp.c (revision 2407) | ||
+++ src/udp.c (revision 2409) | ||
@@ -652,9 +652,9 @@ UdpListen(Link l) | ||
|
||
/* Make listening UDP socket. */ | ||
if (pi->If->self_addr.family==AF_INET6) { | ||
- pi->If->csock = socket(PF_INET6, SOCK_DGRAM, IPPROTO_UDP); | ||
+ pi->If->csock = socket(PF_INET6, socktype(SOCK_DGRAM), IPPROTO_UDP); | ||
} else { | ||
- pi->If->csock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); | ||
+ pi->If->csock = socket(PF_INET, socktype(SOCK_DGRAM), IPPROTO_UDP); | ||
} | ||
(void)fcntl(pi->If->csock, F_SETFD, 1); | ||
|
||
Index: src/util.c | ||
=================================================================== | ||
--- src/util.c (revision 2407) | ||
+++ src/util.c (revision 2409) | ||
@@ -921,7 +921,7 @@ GetInetSocket(int type, struct u_addr *addr, in_port_t | ||
|
||
/* Get and bind non-blocking socket */ | ||
|
||
- if ((sock = socket(sa.ss_family, type, type == SOCK_STREAM ? IPPROTO_TCP : 0)) < 0) | ||
+ if ((sock = socket(sa.ss_family, socktype(type), type == SOCK_STREAM ? IPPROTO_TCP : 0)) < 0) | ||
{ | ||
snprintf(ebuf, len, "socket: %s", strerror(errno)); | ||
return(-1); | ||
Index: src/util.h | ||
=================================================================== | ||
--- src/util.h (revision 2407) | ||
+++ src/util.h (revision 2409) | ||
@@ -103,8 +103,12 @@ extern int IfaceSetFlag(const char *ifname, int value) | ||
|
||
#ifndef HAVE_NTOA_R | ||
extern char *ether_ntoa_r(const struct ether_addr *n, char *a); | ||
- | ||
#endif | ||
|
||
+#ifdef SOCK_CLOEXEC | ||
+#define socktype(x) ((x) | SOCK_CLOEXEC) | ||
+#else | ||
+#define socktype(x) (x) | ||
+#endif | ||
|
||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,118 @@ | ||
Index: src/link.c | ||
=================================================================== | ||
--- src/link.c (revision 2481) | ||
+++ src/link.c (revision 2483) | ||
@@ -1549,7 +1549,7 @@ LinkSetCommand(Context ctx, int ac, const char *const | ||
name = ((intptr_t)arg == SET_MTU) ? "MTU" : "MRU"; | ||
if (val < LCP_MIN_MRU) | ||
Error("min %s is %d", name, LCP_MIN_MRU); | ||
- else if (l->type && (val > l->type->mru)) { | ||
+ else if (l->type && (val > l->type->mtu)) { | ||
Error("max %s on type \"%s\" links is %d", | ||
name, l->type->name, l->type->mru); | ||
} else if ((intptr_t)arg == SET_MTU) | ||
Index: src/pppoe.c | ||
=================================================================== | ||
--- src/pppoe.c (revision 2481) | ||
+++ src/pppoe.c (revision 2483) | ||
@@ -31,7 +31,7 @@ | ||
* DEFINITIONS | ||
*/ | ||
|
||
-#define PPPOE_MTU 1492 /* allow room for PPPoE overhead */ | ||
+#define PPPOE_MTU (ETHER_MAX_LEN_JUMBO - 8) | ||
#define PPPOE_MRU 1492 | ||
|
||
#define PPPOE_CONNECT_TIMEOUT 9 | ||
@@ -1712,6 +1712,7 @@ PppoeSetCommand(Context ctx, int ac, const char *const | ||
unsigned i; | ||
#ifdef NGM_PPPOE_SETMAXP_COOKIE | ||
int ap; | ||
+ uint16_t mtu; | ||
#endif | ||
switch ((intptr_t)arg) { | ||
case SET_IFACE: | ||
@@ -1732,6 +1733,20 @@ PppoeSetCommand(Context ctx, int ac, const char *const | ||
} | ||
} | ||
strlcpy(pi->hook, hookname, sizeof(pi->hook)); | ||
+ | ||
+#ifdef NGM_PPPOE_SETMAXP_COOKIE | ||
+ if (pi->max_payload > 0) { | ||
+ mtu = GetSystemIfaceMTU(pi->iface); | ||
+ if (mtu == 0) | ||
+ mtu = ETHER_MAX_LEN; | ||
+ if (pi->max_payload > mtu - 8) { | ||
+ pi->max_payload = mtu - 8; | ||
+ Perror("[%s] PPPoE: PPP-Max-Payload" | ||
+ " value reduced to %hu", | ||
+ pi->iface, pi->max_payload); | ||
+ } | ||
+ } | ||
+#endif | ||
break; | ||
default: | ||
return(-1); | ||
@@ -1762,8 +1777,18 @@ PppoeSetCommand(Context ctx, int ac, const char *const | ||
if (ac != 1) | ||
return(-1); | ||
ap = atoi(av[0]); | ||
- if (ap < PPPOE_MRU || ap > ETHER_MAX_LEN - 8) | ||
- Error("PPP-Max-Payload value \"%s\"", av[0]); | ||
+ if (pi->iface[0] == '\0') { | ||
+ if (ap < PPPOE_MRU) /* postpone check for MTU */ | ||
+ Error("PPP-Max-Payload value \"%s\" less than %d", | ||
+ av[0], PPPOE_MRU); | ||
+ } else { | ||
+ mtu = GetSystemIfaceMTU(pi->iface); | ||
+ if (mtu == 0) | ||
+ mtu = ETHER_MAX_LEN; | ||
+ if (ap < PPPOE_MRU || ap > mtu - 8) | ||
+ Error("PPP-Max-Payload value \"%s\" not in a range of %d..%hu", | ||
+ av[0], PPPOE_MRU, mtu); | ||
+ } | ||
pi->max_payload = ap; | ||
break; | ||
#endif | ||
Index: src/util.c | ||
=================================================================== | ||
--- src/util.c (revision 2481) | ||
+++ src/util.c (revision 2483) | ||
@@ -1597,3 +1597,25 @@ ssize_t GetDataAddrs(int sock, void *dbuf, size_t dbuf | ||
|
||
return (size); | ||
} | ||
+ | ||
+uint16_t GetSystemIfaceMTU(const char *ifname) | ||
+{ | ||
+ struct ifreq ifr; | ||
+ static int sock = -1; | ||
+ | ||
+ if (sock == -1 && | ||
+ (sock = socket(PF_INET, socktype(SOCK_DGRAM), 0)) == -1) { | ||
+ Perror("[%s] %s: Socket creation error", ifname, __FUNCTION__); | ||
+ return (0); | ||
+ } | ||
+ | ||
+ memset(&ifr, 0, sizeof(ifr)); | ||
+ strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); | ||
+ | ||
+ if (ioctl(sock, SIOCGIFMTU, (caddr_t)&ifr) == -1) { | ||
+ Perror("[%s] %s: SIOCGIFMTU failed", ifname, __FUNCTION__); | ||
+ return (0); | ||
+ } | ||
+ /* Let _exit() close sock */ | ||
+ return (ifr.ifr_mtu); | ||
+} | ||
Index: src/util.h | ||
=================================================================== | ||
--- src/util.h (revision 2481) | ||
+++ src/util.h (revision 2483) | ||
@@ -98,6 +98,7 @@ extern u_int32_t GenerateMagic(void); | ||
extern int GetAnyIpAddress(struct u_addr *ipaddr, const char *ifname); | ||
extern int GetEther(struct u_addr *addr, struct sockaddr_dl *hwaddr); | ||
extern int GetPeerEther(struct u_addr *addr, struct sockaddr_dl *hwaddr); | ||
+extern uint16_t GetSystemIfaceMTU(const char *ifname); | ||
extern void ppp_util_ascify(char *buf, size_t max, const char *bytes, size_t len); | ||
extern int IfaceSetFlag(const char *ifname, unsigned value); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
Index: src/bund.c | ||
=================================================================== | ||
--- src/bund.c (revision 2414) | ||
+++ src/bund.c (revision 2415) | ||
@@ -900,9 +900,11 @@ BundUpdateParams(Bund b) | ||
|
||
/* Subtract to make room for various frame-bloating protocols */ | ||
if (b->n_up > 0) { | ||
- if (Enabled(&b->conf.options, BUND_CONF_COMPRESSION)) | ||
+ if (Enabled(&b->conf.options, BUND_CONF_COMPRESSION) && | ||
+ b->pppConfig.bund.enableCompression) | ||
mtu = CcpSubtractBloat(b, mtu); | ||
- if (Enabled(&b->conf.options, BUND_CONF_ENCRYPTION)) | ||
+ if (Enabled(&b->conf.options, BUND_CONF_ENCRYPTION) && | ||
+ b->pppConfig.bund.enableEncryption) | ||
mtu = EcpSubtractBloat(b, mtu); | ||
} | ||
|