From: Daniel Lenski Date: Tue, 19 May 2020 17:54:22 +0000 (-0700) Subject: add standard-based PPP framing (RFC1661, RFC1662) as reference points X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=d774e57e13bbe14e773e4518a2575118f6559418;p=users%2Fdwmw2%2Fopenconnect.git add standard-based PPP framing (RFC1661, RFC1662) as reference points - PPP_ENCAP_RFC1661: Plain PPP. “Synchronous” in the ’90s-era language, because the start and end of the frame are known from external means. In modern instances, this is because they arrive in a complete packet with a known length from its lower-level encapsulation. (TLS or DTLS records in our expected use cases.) This is what `pppd sync` does. - PPP_ENCAP_RFC1662: “PPP in HDLC-like framing.” This is what `pppd` without `sync` does. At some point, we will be able to add automated testing of our PPP implementation's ability to communicate with `pppd`. Signed-off-by: Daniel Lenski --- diff --git a/openconnect-internal.h b/openconnect-internal.h index 4b00da59..4e88f91c 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -176,10 +176,12 @@ struct pkt { #define DTLS_CONNECTING 4 /* ESP probe received; must tell server */ #define DTLS_CONNECTED 5 /* Server informed and should be sending ESP */ -#define PPP_ENCAP_F5 1 /* F5 BigIP no HDLC */ -#define PPP_ENCAP_F5_HDLC 2 /* F5 BigIP HDLC */ -#define PPP_ENCAP_FORTINET_HDLC 3 /* Fortinet HDLC */ -#define PPP_ENCAP_NX_HDLC 4 /* SonicWall NetExtender HDLC */ +#define PPP_ENCAP_RFC1661 1 /* Plain/synchronous/pre-framed PPP (RFC1661) */ +#define PPP_ENCAP_RFC1662_HDLC 2 /* PPP with HDLC-like framing (RFC1662) */ +#define PPP_ENCAP_F5 3 /* F5 BigIP no HDLC */ +#define PPP_ENCAP_F5_HDLC 4 /* F5 BigIP HDLC */ +#define PPP_ENCAP_FORTINET_HDLC 5 /* Fortinet HDLC */ +#define PPP_ENCAP_NX_HDLC 6 /* SonicWall NetExtender HDLC */ #define PPP_ENCAP_MAX PPP_ENCAP_NX_HDLC #define COMPR_DEFLATE (1<<0) diff --git a/ppp.c b/ppp.c index d5164b26..2faa49ff 100644 --- a/ppp.c +++ b/ppp.c @@ -168,6 +168,8 @@ static const char *ppps_names[] = { static const char *encap_names[PPP_ENCAP_MAX+1] = { NULL, + "RFC1661", + "RFC1662 HDLC", "F5", "F5 HDLC", "FORTINET HDLC", @@ -242,6 +244,7 @@ int openconnect_ppp_new(struct openconnect_info *vpninfo, case PPP_ENCAP_F5_HDLC: case PPP_ENCAP_FORTINET_HDLC: + case PPP_ENCAP_RFC1662_HDLC: ppp->encap_len = 0; ppp->hdlc = 1; break; @@ -251,6 +254,10 @@ int openconnect_ppp_new(struct openconnect_info *vpninfo, ppp->hdlc = 1; break; + case PPP_ENCAP_RFC1661: + ppp->encap_len = 0; + break; + default: free(ppp); return -EINVAL; @@ -989,7 +996,7 @@ int ppp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) if (vpninfo->dump_http_traffic) dump_buf_hex(vpninfo, PRG_DEBUG, '<', eh, len); - /* check pre-PPP header */ + /* Deencapsulate from pre-PPP header */ switch (ppp->encap) { case PPP_ENCAP_F5: magic = load_be16(eh); @@ -1022,6 +1029,7 @@ int ppp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) case PPP_ENCAP_F5_HDLC: case PPP_ENCAP_FORTINET_HDLC: + case PPP_ENCAP_RFC1662_HDLC: payload_len = unhdlc_in_place(vpninfo, eh + ppp->encap_len, len - ppp->encap_len, &next); if (payload_len < 0) continue; /* unhdlc_in_place already logged */ @@ -1033,6 +1041,11 @@ int ppp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) vpn_progress(vpninfo, PRG_ERR, _("Invalid PPP encapsulation\n")); vpninfo->quit_reason = "Invalid encapsulation"; return -EINVAL; + + case PPP_ENCAP_RFC1661: + payload_len = len; + next = eh + payload_len; + break; } ph = eh + ppp->encap_len; @@ -1259,7 +1272,7 @@ int ppp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable) vpninfo->current_ssl_pkt = this; } - /* Add pre-PPP encapsulation header */ + /* Encapsulate into pre-PPP header */ eh = this->data - this->ppp.hlen - ppp->encap_len; switch (ppp->encap) { case PPP_ENCAP_F5: