From 99f64f4d328c965a69b639098282f027b7dc5aca Mon Sep 17 00:00:00 2001 From: Nikolay Popov Date: Wed, 6 Jul 2016 18:37:28 +0300 Subject: [PATCH 1/6] added bypass-net configuration option for ipoe --- accel-pppd/accel-ppp.conf.5 | 3 + accel-pppd/ctrl/ipoe/ipoe.c | 79 ++++- accel-pppd/ctrl/ipoe/ipoe.h | 2 + accel-pppd/ctrl/ipoe/ipoe_netlink.c | 69 +++- drivers/ipoe/ipoe.c | 487 ++++++++++++++++------------ drivers/ipoe/ipoe.h | 33 +- 6 files changed, 436 insertions(+), 237 deletions(-) diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 index 648fd247..09081e64 100644 --- a/accel-pppd/accel-ppp.conf.5 +++ b/accel-pppd/accel-ppp.conf.5 @@ -354,6 +354,9 @@ The .B proxy-arp parameter specifies whether accel-ppp should reply to arp requests. .TP +.BI "bypass-net=" x.x.x.x/mask +Specifies networks to which packets will be bypassed and therefore automatically allowed without session creation. +TP .BI "local-net=" x.x.x.x/mask Specifies networks from which packets will be treated as unclassified. You may specify multiple local-net options. .TP diff --git a/accel-pppd/ctrl/ipoe/ipoe.c b/accel-pppd/ctrl/ipoe/ipoe.c index 95b75338..1f2aa429 100644 --- a/accel-pppd/ctrl/ipoe/ipoe.c +++ b/accel-pppd/ctrl/ipoe/ipoe.c @@ -570,7 +570,7 @@ static void auth_result(struct ipoe_session *ses, int r) ap_session_set_username(&ses->ses, username); log_ppp_info1("%s: authentication succeeded\n", ses->ses.username); -cont: + cont: triton_event_fire(EV_SES_AUTHORIZED, &ses->ses); if (ses->serv->opt_nat) @@ -1250,7 +1250,7 @@ static struct ipoe_session *ipoe_session_create_dhcpv4(struct ipoe_serv *serv, s ptr = ses->hwaddr; sprintf(ses->ctrl.calling_station_id, "%02x:%02x:%02x:%02x:%02x:%02x", - ptr[0], ptr[1], ptr[2], ptr[3], ptr[4], ptr[5]); + ptr[0], ptr[1], ptr[2], ptr[3], ptr[4], ptr[5]); ses->ses.ctrl = &ses->ctrl; ses->ses.chan_name = ses->ctrl.calling_station_id; @@ -1438,7 +1438,7 @@ static void ipoe_serv_disc_timer(struct triton_timer_t *t) clock_gettime(CLOCK_MONOTONIC, &ts); while (!list_empty(&serv->disc_list)) { - d = list_entry(serv->disc_list.next, typeof(*d), entry); + d = list_entry(serv->disc_list.next, typeof(*d), entry); delay = (ts.tv_sec - d->ts.tv_sec) * 1000 + (ts.tv_nsec - d->ts.tv_nsec) / 1000000; offer_delay = get_offer_delay(); @@ -1678,7 +1678,7 @@ static void __ipoe_recv_dhcpv4(struct dhcpv4_serv *dhcpv4, struct dhcpv4_packet } } -out: + out: pthread_mutex_unlock(&serv->lock); } @@ -2469,7 +2469,7 @@ static void add_interface(const char *ifname, int ifindex, const char *opt, int if (strcmp(ptr1, "ifname") == 0) opt_username = USERNAME_IFNAME; #ifdef USE_LUA - else if (strlen(ptr1) > 4 && memcmp(ptr1, "lua:", 4) == 0) { + else if (strlen(ptr1) > 4 && memcmp(ptr1, "lua:", 4) == 0) { opt_username = USERNAME_LUA; opt_lua_username_func = _strdup(ptr1 + 4); } @@ -2539,7 +2539,7 @@ static void add_interface(const char *ifname, int ifindex, const char *opt, int } if (serv->dhcpv4_relay && - (serv->dhcpv4_relay->addr != relay_addr || serv->dhcpv4_relay->giaddr != opt_giaddr)) { + (serv->dhcpv4_relay->addr != relay_addr || serv->dhcpv4_relay->giaddr != opt_giaddr)) { if (serv->opt_ifcfg) ipoe_serv_del_addr(serv, serv->dhcpv4_relay->giaddr, 0); dhcpv4_relay_free(serv->dhcpv4_relay, &serv->ctx); @@ -2672,9 +2672,9 @@ static void add_interface(const char *ifname, int ifindex, const char *opt, int return; -parse_err: + parse_err: log_error("ipoe: failed to parse '%s'\n", opt); -out_err: + out_err: _free(str0); } @@ -2768,7 +2768,7 @@ static void load_interfaces(struct conf_sect_t *sect) ipoe_nl_delete_interfaces(); list_for_each_entry(serv, &serv_list, entry) - serv->active = 0; + serv->active = 0; list_for_each_entry(opt, §->items, entry) { if (strcmp(opt->name, "interface")) @@ -2819,10 +2819,43 @@ static void parse_local_net(const char *opt) return; -out_err: + out_err: log_error("ipoe: failed to parse 'local-net=%s'\n", opt); } +static void parse_bypass_net(const char *opt) +{ + const char *ptr; + char str[17]; + in_addr_t addr; + int mask; + char *endptr; + + ptr = strchr(opt, '/'); + if (ptr) { + memcpy(str, opt, ptr - opt); + str[ptr - opt] = 0; + addr = inet_addr(str); + if (addr == INADDR_NONE) + goto out_err; + mask = strtoul(ptr + 1, &endptr, 10); + if (mask > 32) + goto out_err; + } else { + addr = inet_addr(opt); + if (addr == INADDR_NONE) + goto out_err; + mask = 24; + } + + ipoe_nl_add_bypass_net(addr, mask); + + return; + + out_err: + log_error("ipoe: failed to parse 'bypass-net=%s'\n", opt); +} + static void load_local_nets(struct conf_sect_t *sect) { struct conf_option_t *opt; @@ -2838,6 +2871,21 @@ static void load_local_nets(struct conf_sect_t *sect) } } +static void load_bypass_nets(struct conf_sect_t *sect) +{ + struct conf_option_t *opt; + + ipoe_nl_delete_bypass_nets(); + + list_for_each_entry(opt, §->items, entry) { + if (strcmp(opt->name, "bypass-net")) + continue; + if (!opt->val) + continue; + parse_bypass_net(opt->val); + } +} + static void load_gw_addr(struct conf_sect_t *sect) { struct conf_option_t *opt; @@ -2987,7 +3035,7 @@ int parse_offer_delay(const char *str) _free(str1); return 0; -out_err: + out_err: _free(str1); log_error("ipoe: failed to parse offer-delay\n"); return -1; @@ -3041,7 +3089,7 @@ static int parse_vlan_mon(const char *opt, long *mask) return 0; -out_err: + out_err: log_error("ipoe: vlan-mon=%s: failed to parse\n", opt); return -1; } @@ -3193,7 +3241,7 @@ static void load_config(void) if (strcmp(opt, "ifname") == 0) conf_username = USERNAME_IFNAME; #ifdef USE_LUA - else if (strlen(opt) > 4 && memcmp(opt, "lua:", 4) == 0) { + else if (strlen(opt) > 4 && memcmp(opt, "lua:", 4) == 0) { conf_username = USERNAME_LUA; conf_lua_username_func = opt + 4; } @@ -3438,16 +3486,17 @@ static void load_config(void) load_interfaces(s); load_local_nets(s); + load_bypass_nets(s); load_vlan_mon(s); load_gw_addr(s); } static struct triton_context_t l4_redirect_ctx = { - .close = l4_redirect_ctx_close, + .close = l4_redirect_ctx_close, }; static struct triton_timer_t l4_redirect_timer = { - .expire = l4_redirect_list_timer, + .expire = l4_redirect_list_timer, }; static void ipoe_init(void) diff --git a/accel-pppd/ctrl/ipoe/ipoe.h b/accel-pppd/ctrl/ipoe/ipoe.h index 036eda80..b82c6de1 100644 --- a/accel-pppd/ctrl/ipoe/ipoe.h +++ b/accel-pppd/ctrl/ipoe/ipoe.h @@ -123,6 +123,8 @@ struct ipoe_serv *ipoe_find_serv(const char *ifname); void ipoe_nl_add_net(uint32_t addr, int mask); void ipoe_nl_delete_nets(void); +void ipoe_nl_add_bypass_net(uint32_t addr, int mask); +void ipoe_nl_delete_bypass_nets(void); void ipoe_nl_add_interface(int ifindex); void ipoe_nl_delete_interfaces(void); int ipoe_nl_create(uint32_t peer_addr, uint32_t addr, const char *ifname, uint8_t *hwaddr); diff --git a/accel-pppd/ctrl/ipoe/ipoe_netlink.c b/accel-pppd/ctrl/ipoe/ipoe_netlink.c index c0610367..d4283622 100644 --- a/accel-pppd/ctrl/ipoe/ipoe_netlink.c +++ b/accel-pppd/ctrl/ipoe/ipoe_netlink.c @@ -84,6 +84,61 @@ void ipoe_nl_add_net(uint32_t addr, int mask) log_error("ipoe: nl_add_net: error talking to kernel\n"); } +void ipoe_nl_delete_bypass_nets(void) +{ + struct nlmsghdr *nlh; + struct genlmsghdr *ghdr; + struct { + struct nlmsghdr n; + char buf[1024]; + } req; + + if (rth.fd == -1) + return; + + nlh = &req.n; + nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN); + nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; + nlh->nlmsg_type = ipoe_genl_id; + + ghdr = NLMSG_DATA(&req.n); + ghdr->cmd = IPOE_CMD_DEL_BYPASS_NET; + + addattr32(nlh, 1024, IPOE_ATTR_ADDR, 0); + + if (rtnl_talk(&rth, nlh, 0, 0, nlh, NULL, NULL, 0) < 0 ) + log_error("ipoe: nl_del_net: error talking to kernel\n"); +} + +void ipoe_nl_add_bypass_net(uint32_t addr, int mask) +{ + struct nlmsghdr *nlh; + struct genlmsghdr *ghdr; + struct { + struct nlmsghdr n; + char buf[1024]; + } req; + + if (rth.fd == -1) + return; + + nlh = &req.n; + nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN); + nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; + nlh->nlmsg_type = ipoe_genl_id; + + ghdr = NLMSG_DATA(&req.n); + ghdr->cmd = IPOE_CMD_ADD_BYPASS_NET; + + mask = ((1 << mask) - 1) << (32 - mask); + + addattr32(nlh, 1024, IPOE_ATTR_ADDR, addr); + addattr32(nlh, 1024, IPOE_ATTR_MASK, mask); + + if (rtnl_talk(&rth, nlh, 0, 0, nlh, NULL, NULL, 0) < 0 ) + log_error("ipoe: nl_add_bypass_net: error talking to kernel\n"); +} + int ipoe_nl_add_exclude(uint32_t addr, int mask) { struct rtnl_handle rth; @@ -282,7 +337,7 @@ int ipoe_nl_create(uint32_t peer_addr, uint32_t addr, const char *ifname, uint8_ ret = *(uint32_t *)(RTA_DATA(tb[IPOE_ATTR_IFINDEX])); -out: + out: rtnl_close(&rth); return ret; @@ -632,10 +687,10 @@ static int ipoe_mc_read(struct triton_md_handler_t *h) struct sockaddr_nl nladdr; struct iovec iov; struct msghdr msg = { - .msg_name = &nladdr, - .msg_namelen = sizeof(nladdr), - .msg_iov = &iov, - .msg_iovlen = 1, + .msg_name = &nladdr, + .msg_namelen = sizeof(nladdr), + .msg_iov = &iov, + .msg_iovlen = 1, }; char buf[8192]; @@ -713,11 +768,11 @@ static void ipoe_mc_close(struct triton_context_t *ctx) } static struct triton_context_t mc_ctx = { - .close = ipoe_mc_close, + .close = ipoe_mc_close, }; static struct triton_md_handler_t mc_hnd = { - .read = ipoe_mc_read, + .read = ipoe_mc_read, }; static void init(void) diff --git a/drivers/ipoe/ipoe.c b/drivers/ipoe/ipoe.c index 3fc266e6..0c77438f 100644 --- a/drivers/ipoe/ipoe.c +++ b/drivers/ipoe/ipoe.c @@ -126,6 +126,7 @@ static LIST_HEAD(ipoe_list2); static LIST_HEAD(ipoe_list2_u); static DEFINE_SEMAPHORE(ipoe_wlock); static LIST_HEAD(ipoe_networks); +static LIST_HEAD(ipoe_bypass_nets); static LIST_HEAD(ipoe_interfaces); static struct work_struct ipoe_queue_work; static struct sk_buff_head ipoe_queue; @@ -217,6 +218,25 @@ static int ipoe_check_network(__be32 addr) return r; } +static int ipoe_check_bypass(__be32 addr) +{ + struct ipoe_network *n; + int r = 0; + + rcu_read_lock(); + + list_for_each_entry_rcu(n, &ipoe_bypass_nets, entry) { + if ((ntohl(addr) & n->mask) == n->addr) { + r = 1; + break; + } + } + + rcu_read_unlock(); + + return r; +} + static int ipoe_check_exclude(__be32 addr) { struct ipoe_network *n; @@ -275,8 +295,8 @@ static int ipoe_do_nat(struct sk_buff *skb, __be32 new_addr, int to_peer) addr = iph->saddr; if (skb_cloned(skb) && - !skb_clone_writable(skb, sizeof(*iph) + noff) && - pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) + !skb_clone_writable(skb, sizeof(*iph) + noff) && + pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) return -1; iph = ip_hdr(skb); @@ -291,77 +311,77 @@ static int ipoe_do_nat(struct sk_buff *skb, __be32 new_addr, int to_peer) ihl = iph->ihl * 4; switch (iph->frag_off & htons(IP_OFFSET) ? 0 : iph->protocol) { - case IPPROTO_TCP: - { - struct tcphdr *tcph; + case IPPROTO_TCP: + { + struct tcphdr *tcph; - if (!pskb_may_pull(skb, ihl + sizeof(*tcph) + noff) || + if (!pskb_may_pull(skb, ihl + sizeof(*tcph) + noff) || (skb_cloned(skb) && !skb_clone_writable(skb, ihl + sizeof(*tcph) + noff) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC))) - return -1; + return -1; - tcph = (void *)(skb_network_header(skb) + ihl); - inet_proto_csum_replace4(&tcph->check, skb, addr, new_addr, 1); - break; - } - case IPPROTO_UDP: - { - struct udphdr *udph; + tcph = (void *)(skb_network_header(skb) + ihl); + inet_proto_csum_replace4(&tcph->check, skb, addr, new_addr, 1); + break; + } + case IPPROTO_UDP: + { + struct udphdr *udph; - if (!pskb_may_pull(skb, ihl + sizeof(*udph) + noff) || + if (!pskb_may_pull(skb, ihl + sizeof(*udph) + noff) || (skb_cloned(skb) && !skb_clone_writable(skb, ihl + sizeof(*udph) + noff) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC))) - return -1; + return -1; - udph = (void *)(skb_network_header(skb) + ihl); - if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { - inet_proto_csum_replace4(&udph->check, skb, addr, new_addr, 1); - if (!udph->check) - udph->check = CSUM_MANGLED_0; + udph = (void *)(skb_network_header(skb) + ihl); + if (udph->check || skb->ip_summed == CHECKSUM_PARTIAL) { + inet_proto_csum_replace4(&udph->check, skb, addr, new_addr, 1); + if (!udph->check) + udph->check = CSUM_MANGLED_0; + } + break; } - break; - } - case IPPROTO_ICMP: - { - struct icmphdr *icmph; + case IPPROTO_ICMP: + { + struct icmphdr *icmph; - if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + noff)) - return -1; + if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + noff)) + return -1; - icmph = (void *)(skb_network_header(skb) + ihl); + icmph = (void *)(skb_network_header(skb) + ihl); - if ((icmph->type != ICMP_DEST_UNREACH) && + if ((icmph->type != ICMP_DEST_UNREACH) && (icmph->type != ICMP_TIME_EXCEEDED) && (icmph->type != ICMP_PARAMETERPROB)) - break; + break; - if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph) + - noff)) - return -1; + if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph) + + noff)) + return -1; - icmph = (void *)(skb_network_header(skb) + ihl); - iph = (void *)(icmph + 1); + icmph = (void *)(skb_network_header(skb) + ihl); + iph = (void *)(icmph + 1); - if (skb_cloned(skb) && + if (skb_cloned(skb) && !skb_clone_writable(skb, ihl + sizeof(*icmph) + - sizeof(*iph) + noff) && + sizeof(*iph) + noff) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) - return -1; + return -1; - icmph = (void *)(skb_network_header(skb) + ihl); - iph = (void *)(icmph + 1); - if (to_peer) - iph->saddr = new_addr; - else - iph->daddr = new_addr; + icmph = (void *)(skb_network_header(skb) + ihl); + iph = (void *)(icmph + 1); + if (to_peer) + iph->saddr = new_addr; + else + iph->daddr = new_addr; - inet_proto_csum_replace4(&icmph->checksum, skb, addr, new_addr, 0); - break; - } - default: - break; + inet_proto_csum_replace4(&icmph->checksum, skb, addr, new_addr, 0); + break; + } + default: + break; } return 0; @@ -556,7 +576,7 @@ static netdev_tx_t ipoe_xmit(struct sk_buff *skb, struct net_device *dev) return NETDEV_TX_OK; } -drop: + drop: stats->tx_dropped++; dev_kfree_skb(skb); return NETDEV_TX_OK; @@ -703,7 +723,7 @@ static void ipoe_process_queue(struct work_struct *w) kfree_skb(skb); continue; -nl_err: + nl_err: nlmsg_free(report_skb); report_skb = NULL; } @@ -801,7 +821,7 @@ static unsigned int ipt_in_hook(const struct nf_hook_ops *ops, struct sk_buff *s if (!iph->saddr) return NF_ACCEPT; - //pr_info("ipoe: recv %08x %08x\n", iph->saddr, iph->daddr); + // pr_info("ipoe: recv %08x %08x\n", iph->saddr, iph->daddr); ses = ipoe_lookup(iph->saddr); @@ -812,6 +832,9 @@ static unsigned int ipt_in_hook(const struct nf_hook_ops *ops, struct sk_buff *s if (!ipoe_check_network(iph->saddr)) return NF_ACCEPT; + if(ipoe_check_bypass(iph->daddr)) + return NF_ACCEPT; + #if LINUX_VERSION_CODE < KERNEL_VERSION(4,1,0) if (!ipoe_check_interface(in->ifindex)) #else @@ -875,7 +898,7 @@ static unsigned int ipt_in_hook(const struct nf_hook_ops *ops, struct sk_buff *s stats->rx_bytes += skb->len; #endif -out: + out: atomic_dec(&ses->refs); return ret; } @@ -987,7 +1010,7 @@ static int vlan_pt_recv(struct sk_buff *skb, struct net_device *dev, struct pack schedule_work(&vlan_notify_work); -out: + out: kfree_skb(skb); return 0; } @@ -1059,7 +1082,7 @@ static void vlan_do_notify(struct work_struct *w) kfree(n); continue; -nl_err: + nl_err: nlmsg_free(report_skb); report_skb = NULL; } @@ -1136,26 +1159,26 @@ static void ipoe_free_netdev(struct net_device *dev) } static int ipoe_hard_header(struct sk_buff *skb, struct net_device *dev, - unsigned short type, const void *daddr, - const void *saddr, unsigned len) + unsigned short type, const void *daddr, + const void *saddr, unsigned len) { const struct ipoe_session *ses = netdev_priv(dev); if (ses->link_dev) return dev_hard_header(skb, ses->link_dev, type, daddr, - saddr, len); + saddr, len); else return eth_header(skb, dev, type, daddr, saddr, len); } static const struct header_ops ipoe_hard_header_ops = { - .create = ipoe_hard_header, + .create = ipoe_hard_header, #if LINUX_VERSION_CODE < KERNEL_VERSION(4,1,0) - .rebuild = eth_rebuild_header, + .rebuild = eth_rebuild_header, #endif - .parse = eth_header_parse, - .cache = eth_header_cache, - .cache_update = eth_header_cache_update, + .parse = eth_header_parse, + .cache = eth_header_cache, + .cache_update = eth_header_cache_update, }; static void ipoe_netdev_setup(struct net_device *dev) @@ -1270,9 +1293,9 @@ static int ipoe_create(__be32 peer_addr, __be32 addr, const char *link_ifname, c return r; -failed_free: + failed_free: free_netdev(dev); -failed: + failed: if (link_dev) dev_put(link_dev); return r; @@ -1295,7 +1318,7 @@ static int ipoe_nl_cmd_noop(struct sk_buff *skb, struct genl_info *info) #else hdr = genlmsg_put(msg, info->snd_portid, info->snd_seq, #endif - &ipoe_nl_family, 0, IPOE_CMD_NOOP); + &ipoe_nl_family, 0, IPOE_CMD_NOOP); if (IS_ERR(hdr)) { ret = PTR_ERR(hdr); goto err_out; @@ -1311,10 +1334,10 @@ static int ipoe_nl_cmd_noop(struct sk_buff *skb, struct genl_info *info) return genlmsg_unicast(genl_info_net(info), msg, info->snd_portid); #endif -err_out: + err_out: nlmsg_free(msg); -out: + out: return ret; } @@ -1362,7 +1385,7 @@ static int ipoe_nl_cmd_create(struct sk_buff *skb, struct genl_info *info) #else hdr = genlmsg_put(msg, info->snd_portid, info->snd_seq, #endif - &ipoe_nl_family, 0, IPOE_CMD_CREATE); + &ipoe_nl_family, 0, IPOE_CMD_CREATE); if (IS_ERR(hdr)) { ret = PTR_ERR(hdr); goto err_out; @@ -1388,10 +1411,10 @@ static int ipoe_nl_cmd_create(struct sk_buff *skb, struct genl_info *info) return genlmsg_unicast(genl_info_net(info), msg, info->snd_portid); #endif -err_out: + err_out: nlmsg_free(msg); -out: + out: return ret; } @@ -1450,7 +1473,7 @@ static int ipoe_nl_cmd_delete(struct sk_buff *skb, struct genl_info *info) ret = 0; -out_unlock: + out_unlock: up(&ipoe_wlock); return ret; } @@ -1563,7 +1586,7 @@ static int ipoe_nl_cmd_modify(struct sk_buff *skb, struct genl_info *info) ret = 0; -out_unlock: + out_unlock: up(&ipoe_wlock); return ret; } @@ -1577,8 +1600,8 @@ static int fill_info(struct sk_buff *skb, struct ipoe_session *ses, u32 pid, u32 return -EMSGSIZE; if (nla_put_u32(skb, IPOE_ATTR_IFINDEX, ses->dev->ifindex) || - nla_put_u32(skb, IPOE_ATTR_PEER_ADDR, ses->peer_addr) || - nla_put_u32(skb, IPOE_ATTR_ADDR, ses->addr)) + nla_put_u32(skb, IPOE_ATTR_PEER_ADDR, ses->peer_addr) || + nla_put_u32(skb, IPOE_ATTR_ADDR, ses->addr)) goto nla_put_failure; #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,0,0) @@ -1588,7 +1611,7 @@ static int fill_info(struct sk_buff *skb, struct ipoe_session *ses, u32 pid, u32 return genlmsg_end(skb, hdr); #endif -nla_put_failure: + nla_put_failure: genlmsg_cancel(skb, hdr); return -EMSGSIZE; } @@ -1674,6 +1697,58 @@ static int ipoe_nl_cmd_del_net(struct sk_buff *skb, struct genl_info *info) return 0; } +static int ipoe_nl_cmd_add_bypass_net(struct sk_buff *skb, struct genl_info *info) +{ + struct ipoe_network *n; + + if (!info->attrs[IPOE_ATTR_ADDR] || !info->attrs[IPOE_ATTR_MASK]) + return -EINVAL; + + n = kmalloc(sizeof(*n), GFP_KERNEL); + if (!n) + return -ENOMEM; + + n->addr = nla_get_u32(info->attrs[IPOE_ATTR_ADDR]); + n->mask = nla_get_u32(info->attrs[IPOE_ATTR_MASK]); + n->addr = ntohl(n->addr) & n->mask; + //pr_info("add net %08x/%08x\n", n->addr, n->mask); + + down(&ipoe_wlock); + list_add_tail_rcu(&n->entry, &ipoe_bypass_nets); + up(&ipoe_wlock); + + return 0; +} + +static int ipoe_nl_cmd_del_bypass_net(struct sk_buff *skb, struct genl_info *info) +{ + struct ipoe_network *n; + __be32 addr; + + if (!info->attrs[IPOE_ATTR_ADDR]) + return -EINVAL; + + addr = nla_get_u32(info->attrs[IPOE_ATTR_ADDR]); + + rcu_read_lock(); + list_for_each_entry_rcu(n, &ipoe_bypass_nets, entry) { + if (!addr || addr == n->addr) { + //pr_info("del net %08x/%08x\n", n->addr, n->mask); + list_del_rcu(&n->entry); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0) + kfree_rcu(n, rcu_head); +#else + call_rcu(&n->rcu_head, ipoe_kfree_rcu); +#endif + } + } + rcu_read_unlock(); + + synchronize_rcu(); + + return 0; +} + static int ipoe_nl_cmd_add_exclude(struct sk_buff *skb, struct genl_info *info) { struct ipoe_network *n; @@ -1996,108 +2071,122 @@ static int ipoe_nl_cmd_del_vlan_mon(struct sk_buff *skb, struct genl_info *info) static struct nla_policy ipoe_nl_policy[IPOE_ATTR_MAX + 1] = { - [IPOE_ATTR_NONE] = { .type = NLA_UNSPEC, }, - [IPOE_ATTR_ADDR] = { .type = NLA_U32, }, - [IPOE_ATTR_PEER_ADDR] = { .type = NLA_U32, }, - [IPOE_ATTR_IFNAME] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, - [IPOE_ATTR_HWADDR] = { .type = NLA_U64 }, - [IPOE_ATTR_IFNAME] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, - [IPOE_ATTR_MASK] = { .type = NLA_U32, }, - [IPOE_ATTR_VLAN_MASK] = { .type = NLA_BINARY, .len = 4096/8 }, + [IPOE_ATTR_NONE] = { .type = NLA_UNSPEC, }, + [IPOE_ATTR_ADDR] = { .type = NLA_U32, }, + [IPOE_ATTR_PEER_ADDR] = { .type = NLA_U32, }, + [IPOE_ATTR_IFNAME] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, + [IPOE_ATTR_HWADDR] = { .type = NLA_U64 }, + [IPOE_ATTR_IFNAME] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, + [IPOE_ATTR_MASK] = { .type = NLA_U32, }, + [IPOE_ATTR_VLAN_MASK] = { .type = NLA_BINARY, .len = 4096/8 }, }; static struct genl_ops ipoe_nl_ops[] = { - { - .cmd = IPOE_CMD_NOOP, - .doit = ipoe_nl_cmd_noop, - .policy = ipoe_nl_policy, - /* can be retrieved by unprivileged users */ - }, - { - .cmd = IPOE_CMD_CREATE, - .doit = ipoe_nl_cmd_create, - .policy = ipoe_nl_policy, - .flags = GENL_ADMIN_PERM, - }, - { - .cmd = IPOE_CMD_DELETE, - .doit = ipoe_nl_cmd_delete, - .policy = ipoe_nl_policy, - .flags = GENL_ADMIN_PERM, - }, - { - .cmd = IPOE_CMD_MODIFY, - .doit = ipoe_nl_cmd_modify, - .policy = ipoe_nl_policy, - .flags = GENL_ADMIN_PERM, - }, - { - .cmd = IPOE_CMD_GET, - .dumpit = ipoe_nl_cmd_dump_sessions, - .policy = ipoe_nl_policy, - }, - { - .cmd = IPOE_CMD_ADD_NET, - .doit = ipoe_nl_cmd_add_net, - .policy = ipoe_nl_policy, - .flags = GENL_ADMIN_PERM, - }, - { - .cmd = IPOE_CMD_DEL_NET, - .doit = ipoe_nl_cmd_del_net, - .policy = ipoe_nl_policy, - .flags = GENL_ADMIN_PERM, - }, - { - .cmd = IPOE_CMD_ADD_IF, - .doit = ipoe_nl_cmd_add_interface, - .policy = ipoe_nl_policy, - .flags = GENL_ADMIN_PERM, - }, - { - .cmd = IPOE_CMD_DEL_IF, - .doit = ipoe_nl_cmd_del_interface, - .policy = ipoe_nl_policy, - .flags = GENL_ADMIN_PERM, - }, - { - .cmd = IPOE_CMD_ADD_VLAN_MON, - .doit = ipoe_nl_cmd_add_vlan_mon, - .policy = ipoe_nl_policy, - .flags = GENL_ADMIN_PERM, - }, - { - .cmd = IPOE_CMD_ADD_VLAN_MON_VID, - .doit = ipoe_nl_cmd_add_vlan_mon_vid, - .policy = ipoe_nl_policy, - .flags = GENL_ADMIN_PERM, - }, - { - .cmd = IPOE_CMD_DEL_VLAN_MON, - .doit = ipoe_nl_cmd_del_vlan_mon, - .policy = ipoe_nl_policy, - .flags = GENL_ADMIN_PERM, - }, - { - .cmd = IPOE_CMD_ADD_EXCLUDE, - .doit = ipoe_nl_cmd_add_exclude, - .policy = ipoe_nl_policy, - .flags = GENL_ADMIN_PERM, - }, - { - .cmd = IPOE_CMD_DEL_EXCLUDE, - .doit = ipoe_nl_cmd_del_exclude, - .policy = ipoe_nl_policy, - .flags = GENL_ADMIN_PERM, - }, + { + .cmd = IPOE_CMD_NOOP, + .doit = ipoe_nl_cmd_noop, + .policy = ipoe_nl_policy, + /* can be retrieved by unprivileged users */ + }, + { + .cmd = IPOE_CMD_CREATE, + .doit = ipoe_nl_cmd_create, + .policy = ipoe_nl_policy, + .flags = GENL_ADMIN_PERM, + }, + { + .cmd = IPOE_CMD_DELETE, + .doit = ipoe_nl_cmd_delete, + .policy = ipoe_nl_policy, + .flags = GENL_ADMIN_PERM, + }, + { + .cmd = IPOE_CMD_MODIFY, + .doit = ipoe_nl_cmd_modify, + .policy = ipoe_nl_policy, + .flags = GENL_ADMIN_PERM, + }, + { + .cmd = IPOE_CMD_GET, + .dumpit = ipoe_nl_cmd_dump_sessions, + .policy = ipoe_nl_policy, + }, + { + .cmd = IPOE_CMD_ADD_NET, + .doit = ipoe_nl_cmd_add_net, + .policy = ipoe_nl_policy, + .flags = GENL_ADMIN_PERM, + }, + { + .cmd = IPOE_CMD_DEL_NET, + .doit = ipoe_nl_cmd_del_net, + .policy = ipoe_nl_policy, + .flags = GENL_ADMIN_PERM, + }, + + { + .cmd = IPOE_CMD_ADD_BYPASS_NET, + .doit = ipoe_nl_cmd_add_bypass_net, + .policy = ipoe_nl_policy, + .flags = GENL_ADMIN_PERM, + }, + { + .cmd = IPOE_CMD_DEL_BYPASS_NET, + .doit = ipoe_nl_cmd_del_bypass_net, + .policy = ipoe_nl_policy, + .flags = GENL_ADMIN_PERM, + }, + + { + .cmd = IPOE_CMD_ADD_IF, + .doit = ipoe_nl_cmd_add_interface, + .policy = ipoe_nl_policy, + .flags = GENL_ADMIN_PERM, + }, + { + .cmd = IPOE_CMD_DEL_IF, + .doit = ipoe_nl_cmd_del_interface, + .policy = ipoe_nl_policy, + .flags = GENL_ADMIN_PERM, + }, + { + .cmd = IPOE_CMD_ADD_VLAN_MON, + .doit = ipoe_nl_cmd_add_vlan_mon, + .policy = ipoe_nl_policy, + .flags = GENL_ADMIN_PERM, + }, + { + .cmd = IPOE_CMD_ADD_VLAN_MON_VID, + .doit = ipoe_nl_cmd_add_vlan_mon_vid, + .policy = ipoe_nl_policy, + .flags = GENL_ADMIN_PERM, + }, + { + .cmd = IPOE_CMD_DEL_VLAN_MON, + .doit = ipoe_nl_cmd_del_vlan_mon, + .policy = ipoe_nl_policy, + .flags = GENL_ADMIN_PERM, + }, + { + .cmd = IPOE_CMD_ADD_EXCLUDE, + .doit = ipoe_nl_cmd_add_exclude, + .policy = ipoe_nl_policy, + .flags = GENL_ADMIN_PERM, + }, + { + .cmd = IPOE_CMD_DEL_EXCLUDE, + .doit = ipoe_nl_cmd_del_exclude, + .policy = ipoe_nl_policy, + .flags = GENL_ADMIN_PERM, + }, }; static struct genl_family ipoe_nl_family = { - .id = GENL_ID_GENERATE, - .name = IPOE_GENL_NAME, - .version = IPOE_GENL_VERSION, - .hdrsize = 0, - .maxattr = IPOE_ATTR_MAX, + .id = GENL_ID_GENERATE, + .name = IPOE_GENL_NAME, + .version = IPOE_GENL_VERSION, + .hdrsize = 0, + .maxattr = IPOE_ATTR_MAX, }; #if LINUX_VERSION_CODE < KERNEL_VERSION(3,13,0) @@ -2106,37 +2195,37 @@ static struct genl_multicast_group ipoe_nl_mcg = { }; #else static struct genl_multicast_group ipoe_nl_mcgs[] = { - { .name = IPOE_GENL_MCG_PKT, } + { .name = IPOE_GENL_MCG_PKT, } }; #endif static struct nf_hook_ops ipt_ops[] __read_mostly = { - { - .hook = ipt_out_hook, - .pf = PF_INET, - .hooknum = NF_INET_POST_ROUTING, - .priority = NF_IP_PRI_LAST, - .owner = THIS_MODULE, - }, - { - .hook = ipt_out_hook, - .pf = PF_INET, - .hooknum = NF_INET_LOCAL_OUT, - .priority = NF_IP_PRI_LAST, - .owner = THIS_MODULE, - }, - { - .hook = ipt_in_hook, - .pf = PF_INET, - .hooknum = NF_INET_PRE_ROUTING, - .priority = NF_IP_PRI_FIRST, - .owner = THIS_MODULE, - }, + { + .hook = ipt_out_hook, + .pf = PF_INET, + .hooknum = NF_INET_POST_ROUTING, + .priority = NF_IP_PRI_LAST, + .owner = THIS_MODULE, + }, + { + .hook = ipt_out_hook, + .pf = PF_INET, + .hooknum = NF_INET_LOCAL_OUT, + .priority = NF_IP_PRI_LAST, + .owner = THIS_MODULE, + }, + { + .hook = ipt_in_hook, + .pf = PF_INET, + .hooknum = NF_INET_PRE_ROUTING, + .priority = NF_IP_PRI_FIRST, + .owner = THIS_MODULE, + }, }; static struct packet_type vlan_pt __read_mostly = { - .type = __constant_htons(ETH_P_ALL), - .func = vlan_pt_recv, + .type = __constant_htons(ETH_P_ALL), + .func = vlan_pt_recv, }; #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,32) @@ -2222,9 +2311,9 @@ static int __init ipoe_init(void) return 0; -out_unreg: + out_unreg: genl_unregister_family(&ipoe_nl_family); -out: + out: return err; } diff --git a/drivers/ipoe/ipoe.h b/drivers/ipoe/ipoe.h index 192fa2f2..17cf3986 100644 --- a/drivers/ipoe/ipoe.h +++ b/drivers/ipoe/ipoe.h @@ -11,6 +11,8 @@ enum { IPOE_CMD_GET, IPOE_CMD_ADD_NET, IPOE_CMD_DEL_NET, + IPOE_CMD_ADD_BYPASS_NET, + IPOE_CMD_DEL_BYPASS_NET, IPOE_CMD_ADD_IF, IPOE_CMD_DEL_IF, IPOE_CMD_ADD_VLAN_MON, @@ -23,30 +25,29 @@ enum { __IPOE_CMD_MAX, }; -#define IPOE_CMD_MAX (__IPOE_CMD_MAX - 1) +#define IPOE_CMD_MAX (__IPOE_CMD_MAX - 1) enum { - IPOE_ATTR_NONE, /* no data */ - IPOE_ATTR_ADDR, /* u32 */ - IPOE_ATTR_PEER_ADDR, /* u32 */ - IPOE_ATTR_IFNAME, /* u32 */ - IPOE_ATTR_HWADDR, /* u32 */ - IPOE_ATTR_MASK, /* u32 */ - IPOE_ATTR_IFINDEX, /* u32 */ - IPOE_ATTR_ETH_HDR, /* u32 */ - IPOE_ATTR_IP_HDR, /* u32 */ - IPOE_ATTR_VLAN_MASK, /* u32 */ + IPOE_ATTR_NONE, /* no data */ + IPOE_ATTR_ADDR, /* u32 */ + IPOE_ATTR_PEER_ADDR, /* u32 */ + IPOE_ATTR_IFNAME, /* u32 */ + IPOE_ATTR_HWADDR, /* u32 */ + IPOE_ATTR_MASK, /* u32 */ + IPOE_ATTR_IFINDEX, /* u32 */ + IPOE_ATTR_ETH_HDR, /* u32 */ + IPOE_ATTR_IP_HDR, /* u32 */ + IPOE_ATTR_VLAN_MASK, /* u32 */ __IPOE_ATTR_MAX, }; -#define IPOE_ATTR_MAX (__IPOE_ATTR_MAX - 1) +#define IPOE_ATTR_MAX (__IPOE_ATTR_MAX - 1) /* * NETLINK_GENERIC related info */ -#define IPOE_GENL_NAME "IPoE" -#define IPOE_GENL_MCG_PKT "Packet" -#define IPOE_GENL_VERSION 0x1 +#define IPOE_GENL_NAME "IPoE" +#define IPOE_GENL_MCG_PKT "Packet" +#define IPOE_GENL_VERSION 0x1 #endif - From 4de2380e5ba1441b407bbeaed703aab916b42eff Mon Sep 17 00:00:00 2001 From: Nikolay Popov Date: Wed, 6 Jul 2016 18:49:44 +0300 Subject: [PATCH 2/6] fixed typo in man page --- accel-pppd/accel-ppp.conf.5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 index 09081e64..91a50fa4 100644 --- a/accel-pppd/accel-ppp.conf.5 +++ b/accel-pppd/accel-ppp.conf.5 @@ -356,7 +356,7 @@ parameter specifies whether accel-ppp should reply to arp requests. .TP .BI "bypass-net=" x.x.x.x/mask Specifies networks to which packets will be bypassed and therefore automatically allowed without session creation. -TP +.TP .BI "local-net=" x.x.x.x/mask Specifies networks from which packets will be treated as unclassified. You may specify multiple local-net options. .TP From fdaf893c416b012621bee3dea91250af0c2ee6b0 Mon Sep 17 00:00:00 2001 From: Nikolay Popov Date: Wed, 6 Jul 2016 19:22:19 +0300 Subject: [PATCH 3/6] fixed indentation issues --- accel-pppd/ctrl/ipoe/ipoe.c | 14 ++++++------- accel-pppd/ctrl/ipoe/ipoe_netlink.c | 2 +- drivers/ipoe/ipoe.c | 32 ++++++++++++++--------------- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/accel-pppd/ctrl/ipoe/ipoe.c b/accel-pppd/ctrl/ipoe/ipoe.c index 1f2aa429..ec2d34e5 100644 --- a/accel-pppd/ctrl/ipoe/ipoe.c +++ b/accel-pppd/ctrl/ipoe/ipoe.c @@ -570,7 +570,7 @@ static void auth_result(struct ipoe_session *ses, int r) ap_session_set_username(&ses->ses, username); log_ppp_info1("%s: authentication succeeded\n", ses->ses.username); - cont: +cont: triton_event_fire(EV_SES_AUTHORIZED, &ses->ses); if (ses->serv->opt_nat) @@ -1678,7 +1678,7 @@ static void __ipoe_recv_dhcpv4(struct dhcpv4_serv *dhcpv4, struct dhcpv4_packet } } - out: +out: pthread_mutex_unlock(&serv->lock); } @@ -2672,9 +2672,9 @@ static void add_interface(const char *ifname, int ifindex, const char *opt, int return; - parse_err: +parse_err: log_error("ipoe: failed to parse '%s'\n", opt); - out_err: +out_err: _free(str0); } @@ -2819,7 +2819,7 @@ static void parse_local_net(const char *opt) return; - out_err: +out_err: log_error("ipoe: failed to parse 'local-net=%s'\n", opt); } @@ -3035,7 +3035,7 @@ int parse_offer_delay(const char *str) _free(str1); return 0; - out_err: +out_err: _free(str1); log_error("ipoe: failed to parse offer-delay\n"); return -1; @@ -3089,7 +3089,7 @@ static int parse_vlan_mon(const char *opt, long *mask) return 0; - out_err: +out_err: log_error("ipoe: vlan-mon=%s: failed to parse\n", opt); return -1; } diff --git a/accel-pppd/ctrl/ipoe/ipoe_netlink.c b/accel-pppd/ctrl/ipoe/ipoe_netlink.c index d4283622..f7385aa1 100644 --- a/accel-pppd/ctrl/ipoe/ipoe_netlink.c +++ b/accel-pppd/ctrl/ipoe/ipoe_netlink.c @@ -337,7 +337,7 @@ int ipoe_nl_create(uint32_t peer_addr, uint32_t addr, const char *ifname, uint8_ ret = *(uint32_t *)(RTA_DATA(tb[IPOE_ATTR_IFINDEX])); - out: +out: rtnl_close(&rth); return ret; diff --git a/drivers/ipoe/ipoe.c b/drivers/ipoe/ipoe.c index 0c77438f..4aed36ea 100644 --- a/drivers/ipoe/ipoe.c +++ b/drivers/ipoe/ipoe.c @@ -576,7 +576,7 @@ static netdev_tx_t ipoe_xmit(struct sk_buff *skb, struct net_device *dev) return NETDEV_TX_OK; } - drop: +drop: stats->tx_dropped++; dev_kfree_skb(skb); return NETDEV_TX_OK; @@ -723,7 +723,7 @@ static void ipoe_process_queue(struct work_struct *w) kfree_skb(skb); continue; - nl_err: +nl_err: nlmsg_free(report_skb); report_skb = NULL; } @@ -821,7 +821,7 @@ static unsigned int ipt_in_hook(const struct nf_hook_ops *ops, struct sk_buff *s if (!iph->saddr) return NF_ACCEPT; - // pr_info("ipoe: recv %08x %08x\n", iph->saddr, iph->daddr); + //pr_info("ipoe: recv %08x %08x\n", iph->saddr, iph->daddr); ses = ipoe_lookup(iph->saddr); @@ -898,7 +898,7 @@ static unsigned int ipt_in_hook(const struct nf_hook_ops *ops, struct sk_buff *s stats->rx_bytes += skb->len; #endif - out: +out: atomic_dec(&ses->refs); return ret; } @@ -1010,7 +1010,7 @@ static int vlan_pt_recv(struct sk_buff *skb, struct net_device *dev, struct pack schedule_work(&vlan_notify_work); - out: +out: kfree_skb(skb); return 0; } @@ -1293,9 +1293,9 @@ static int ipoe_create(__be32 peer_addr, __be32 addr, const char *link_ifname, c return r; - failed_free: +failed_free: free_netdev(dev); - failed: +failed: if (link_dev) dev_put(link_dev); return r; @@ -1334,10 +1334,10 @@ static int ipoe_nl_cmd_noop(struct sk_buff *skb, struct genl_info *info) return genlmsg_unicast(genl_info_net(info), msg, info->snd_portid); #endif - err_out: +err_out: nlmsg_free(msg); - out: +out: return ret; } @@ -1411,10 +1411,10 @@ static int ipoe_nl_cmd_create(struct sk_buff *skb, struct genl_info *info) return genlmsg_unicast(genl_info_net(info), msg, info->snd_portid); #endif - err_out: +err_out: nlmsg_free(msg); - out: +out: return ret; } @@ -1473,7 +1473,7 @@ static int ipoe_nl_cmd_delete(struct sk_buff *skb, struct genl_info *info) ret = 0; - out_unlock: +out_unlock: up(&ipoe_wlock); return ret; } @@ -1586,7 +1586,7 @@ static int ipoe_nl_cmd_modify(struct sk_buff *skb, struct genl_info *info) ret = 0; - out_unlock: +out_unlock: up(&ipoe_wlock); return ret; } @@ -1611,7 +1611,7 @@ static int fill_info(struct sk_buff *skb, struct ipoe_session *ses, u32 pid, u32 return genlmsg_end(skb, hdr); #endif - nla_put_failure: +nla_put_failure: genlmsg_cancel(skb, hdr); return -EMSGSIZE; } @@ -2311,9 +2311,9 @@ static int __init ipoe_init(void) return 0; - out_unreg: +out_unreg: genl_unregister_family(&ipoe_nl_family); - out: +out: return err; } From f7f75e874bc4a519db7965f5c16055791e6a4a70 Mon Sep 17 00:00:00 2001 From: Nikolay Popov Date: Fri, 8 Jul 2016 00:49:37 +0300 Subject: [PATCH 4/6] fixed bug with /32 subnet mask calculation during local and bypass prefixes load --- accel-pppd/ctrl/ipoe/ipoe_netlink.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/accel-pppd/ctrl/ipoe/ipoe_netlink.c b/accel-pppd/ctrl/ipoe/ipoe_netlink.c index f7385aa1..76536744 100644 --- a/accel-pppd/ctrl/ipoe/ipoe_netlink.c +++ b/accel-pppd/ctrl/ipoe/ipoe_netlink.c @@ -75,7 +75,7 @@ void ipoe_nl_add_net(uint32_t addr, int mask) ghdr = NLMSG_DATA(&req.n); ghdr->cmd = IPOE_CMD_ADD_NET; - mask = ((1 << mask) - 1) << (32 - mask); + mask = (0xffffffff) << (32 - mask); addattr32(nlh, 1024, IPOE_ATTR_ADDR, addr); addattr32(nlh, 1024, IPOE_ATTR_MASK, mask); @@ -130,7 +130,7 @@ void ipoe_nl_add_bypass_net(uint32_t addr, int mask) ghdr = NLMSG_DATA(&req.n); ghdr->cmd = IPOE_CMD_ADD_BYPASS_NET; - mask = ((1 << mask) - 1) << (32 - mask); + mask = (0xffffffff) << (32 - mask); addattr32(nlh, 1024, IPOE_ATTR_ADDR, addr); addattr32(nlh, 1024, IPOE_ATTR_MASK, mask); From 33fcf4d2f6852ec2863e83df074482e29dbae929 Mon Sep 17 00:00:00 2001 From: Nikolay Popov Date: Fri, 8 Jul 2016 01:09:53 +0300 Subject: [PATCH 5/6] added client ip to "out of client-ip-range" error message --- accel-pppd/ctrl/pptp/pptp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/accel-pppd/ctrl/pptp/pptp.c b/accel-pppd/ctrl/pptp/pptp.c index 94cfd7fd..9291a96b 100644 --- a/accel-pppd/ctrl/pptp/pptp.c +++ b/accel-pppd/ctrl/pptp/pptp.c @@ -646,7 +646,7 @@ static int pptp_connect(struct triton_md_handler_t *h) log_info2("pptp: new connection from %s\n", inet_ntoa(addr.sin_addr)); if (iprange_client_check(addr.sin_addr.s_addr)) { - log_warn("pptp: IP is out of client-ip-range, droping connection...\n"); + log_warn("pptp: IP %s is out of client-ip-range, droping connection...\n", inet_ntoa(addr.sin_addr)); close(sock); continue; } From 8f9fa00d7ed945c42d4f3a71c49838166a842ccc Mon Sep 17 00:00:00 2001 From: Nikolay Popov Date: Sat, 9 Jul 2016 00:05:31 +0300 Subject: [PATCH 6/6] moved bypass check after interface match code --- drivers/ipoe/ipoe.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/ipoe/ipoe.c b/drivers/ipoe/ipoe.c index 4aed36ea..cd8f7ecc 100644 --- a/drivers/ipoe/ipoe.c +++ b/drivers/ipoe/ipoe.c @@ -832,9 +832,6 @@ static unsigned int ipt_in_hook(const struct nf_hook_ops *ops, struct sk_buff *s if (!ipoe_check_network(iph->saddr)) return NF_ACCEPT; - if(ipoe_check_bypass(iph->daddr)) - return NF_ACCEPT; - #if LINUX_VERSION_CODE < KERNEL_VERSION(4,1,0) if (!ipoe_check_interface(in->ifindex)) #else @@ -842,6 +839,9 @@ static unsigned int ipt_in_hook(const struct nf_hook_ops *ops, struct sk_buff *s #endif return NF_ACCEPT; + if(ipoe_check_bypass(iph->daddr)) + return NF_ACCEPT; + ipoe_queue_u(skb, iph->saddr); return NF_DROP; }