Re: MPPE in kernel?

Frank Cusack (fcusack@fcusack.com)
Mon, 12 May 2003 15:13:12 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Valdis.Kletnieks@vt.edu: "Re: The disappearing sys_call_table export."
Previous message: Andrew Morton: "Re: Improved DRM support for cant_use_aperture platforms"

On Mon, May 12, 2003 at 11:07:20PM +1000, Paul Mackerras wrote:
> Frank Cusack writes:
>
> > I have the compressor return a 3-valued return code (<0, 0, >0) instead of
> > two-valued (>0, other). A negative value tells ppp_generic to drop the
> > packet. 0 means the same as it does now--the compressor failed for some
> > reason. (All current compressors always return 0 or >0, so the negative
> > return is compatible.)
> >
> > 0 could also mean that CCP isn't up yet, but pppd userland doesn't allow
> > NCP's to come up until CCP completes (iff trying to negotiate MPPE).
>
> Hmmm, and are you sure that nothing can cause CCP to go down? If it
> does then ppp_generic will send data uncompressed. What would happen
> if an attacker managed to insert a CCP terminate-request into the
> receive stream somehow?

When (if) CCP goes down, pppd shuts down LCP if MPPE was running. This
could move into the kernel if you think it's better that way, but I think
userland is ok.

static void
ccp_input(unit, p, len)
{
...
#ifdef MPPE
if (ccp_gotoptions[unit].mppe) {
error("MPPE disabled, closing LCP");
lcp_close(unit, "MPPE disabled by peer");
}
#endif
}

/fc
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Valdis.Kletnieks@vt.edu: "Re: The disappearing sys_call_table export."
Previous message: Andrew Morton: "Re: Improved DRM support for cant_use_aperture platforms"