[EMAIL PROTECTED] wrote: > On Mon, Aug 29, 2005 at 05:10:34PM -0500, Matt Domsch wrote: >> I've asked James Cameron, pptp project lead, to try a test to force >> the server side to issue a CCP DOWN, to make sure the client-side >> kernel ppp_generic module does the right thing and drops packets. > > I've tested this now with a host running kernel 2.6.13 with Matt's > SC_MUST_COMP patch to the kernel and to ppp 2.4.4b1, sending SIGUSR2 > to the pppd while flooding the connection with pings from the server. > > The result is an LCP TermReq from the server to the client, after > which no further data packets appear. All the data packets up to the > LCP TermReq are encrypted. The client sends an LCP TermAck, then > takes down the interface. There's sign of CCP down, in that a CCP > ConfReq appears from the server just after the LCP TermReq. > > I'm not sure this is an adequate test, and will take advice on that. > > Test configuration; > > - server, 2.6.13 + SC_MUST_COMP, ppp 2.4.4b1 + SC_MUST_COMP, pptpd > 1.3.1 > - client, 2.6.12.5 + SC_MUST_COMP, ppp 2.4.4b1 + SC_MUST_COMP, pptp > 1.5.0 > > Client side pppd log fragment; > > local IP address 10.8.0.2 > remote IP address 10.8.0.1 > Script /etc/ppp/ip-up started (pid 5036) Script /etc/ppp/ip-up > finished (pid 5036), status = 0x0 rcvd [LCP TermReq id=0x2 "MPPE > disabled"] LCP terminated by peer (MPPE disabled) Connect time 0.4 > minutes. > Sent 262920 bytes, received 262920 bytes. > Script /etc/ppp/ip-down started (pid 5048) sent [LCP TermAck id=0x2] > rcvd [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>] Discarded non-LCP > packet when LCP not open Script /etc/ppp/ip-down finished (pid 5048), > status = 0x0 Connection terminated. > Modem hangup
This looks good. One more thing I would ask, please repeat with a server that doesn't have the SC_MUST_COMP pppd patch. On SIGUSR2 the unmodified server should still send CCP DOWN to the client, which should start dropping packets. Thanks, Matt -- Matt Domsch Software Architect Dell Linux Solutions linux.dell.com & www.dell.com/linux Linux on Dell mailing lists @ http://lists.us.dell.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
