From owner-freebsd-net@FreeBSD.ORG  Sun Oct 26 16:39:41 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B0E4C106566C
	for <freebsd-net@freebsd.org>; Sun, 26 Oct 2008 16:39:41 +0000 (UTC)
	(envelope-from mav@FreeBSD.org)
Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121])
	by mx1.freebsd.org (Postfix) with ESMTP id F0B488FC08
	for <freebsd-net@freebsd.org>; Sun, 26 Oct 2008 16:39:40 +0000 (UTC)
	(envelope-from mav@FreeBSD.org)
X-Spam-Flag: SKIP
X-Spam-Yversion: Spamooborona-2.1.0
Received: from [212.86.226.226] (account mav@alkar.net HELO
	mavbook.mavhome.dp.ua)
	by cmail.optima.ua (CommuniGate Pro SMTP 5.2.9)
	with ESMTPSA id 226156228; Sun, 26 Oct 2008 18:39:39 +0200
Message-ID: <4904AB59.3060101@FreeBSD.org>
Date: Sun, 26 Oct 2008 19:39:37 +0200
From: Alexander Motin <mav@FreeBSD.org>
User-Agent: Thunderbird 2.0.0.16 (X11/20080726)
MIME-Version: 1.0
To: ck@yourserveradmin.com
References: <490368C0.1010704@yourserveradmin.com>
In-Reply-To: <490368C0.1010704@yourserveradmin.com>
Content-Type: multipart/mixed; boundary="------------080800040701040505040506"
Cc: freebsd-net@freebsd.org
Subject: Re: mpd - lcp protocol rejects
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Oct 2008 16:39:41 -0000

This is a multi-part message in MIME format.
--------------080800040701040505040506
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

CK wrote:
> I'm running mpd 4.4 on 6.3-STABLE #4. Connecting with mpd to my ISP's
> VPN server running poptop. Everything is ok for some time, and then all
> of a sudden mpd starts throwing weird protocol rejects to log file and
> vpn connection stops working.
> 
> Oct 19 03:06:16 tazek mpd: [pptp] IPCP: state change Ack-Sent --> Opened
> Oct 19 03:06:16 tazek mpd: [pptp] IPCP: LayerUp
> Oct 19 03:06:16 tazek mpd:   ext_ip -> 172.16.30.42
> Oct 19 03:06:16 tazek mpd: [pptp] IFACE: Up event
> Oct 19 11:10:26 tazek mpd: [pptp] LCP: rec'd Protocol Reject #2 (Opened)
> Oct 19 11:10:26 tazek mpd: [pptp] LCP: protocol 0x000b was rejected
> Oct 19 11:10:26 tazek mpd: [pptp] LCP: rec'd Protocol Reject #3 (Opened)
> Oct 19 11:10:26 tazek mpd: [pptp] LCP: protocol 0xf679 was rejected
> 
> No errors between up event and protocol rejects. Help...
> 
> I've found this post
> http://lists.freebsd.org/pipermail/freebsd-stable/2003-June/001878.html
> but patch is for older ng_ppp.c and I do not speak C well enough to
> write code for kernel modules. Also, saw some other guys having same
> problems - but no solutions. Maybe community has something to say?

That post is too old and not applicable now.

IMO problem is encryption related. It looks like due to some reason 
sides got out of sync. It could happen due to incomplete memory errors 
handling withing ng_mppc node. I have made a patch to improve it. Patch 
is for 8-CURRENT, but I think it should apply to 6-STABLE without 
significant problems.

Write me please about results.

-- 
Alexander Motin

--------------080800040701040505040506
Content-Type: text/plain;
 name="ng_mppc.c.errhandle.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="ng_mppc.c.errhandle.patch"

--- ng_mppc.c.prev	2007-05-18 18:28:01.000000000 +0300
+++ ng_mppc.c	2008-10-26 19:17:38.000000000 +0200
@@ -492,17 +492,18 @@ ng_mppc_compress(node_p node, struct mbu
 		/* Work with contiguous regions of memory. */
 		inlen = m->m_pkthdr.len;
 		inbuf = malloc(inlen, M_NETGRAPH_MPPC, M_NOWAIT);
-		if (inbuf == NULL) {
-			m_freem(m);
-			return (ENOMEM);
-		}
+		if (inbuf == NULL)
+			goto err1;
 		m_copydata(m, 0, inlen, (caddr_t)inbuf);
 
 		outlen = MPPC_MAX_BLOWUP(inlen);
 		outbuf = malloc(outlen, M_NETGRAPH_MPPC, M_NOWAIT);
 		if (outbuf == NULL) {
-			m_freem(m);
 			free(inbuf, M_NETGRAPH_MPPC);
+err1:
+			m_freem(m);
+			MPPC_InitCompressionHistory(d->history);
+			d->flushed = 1;
 			return (ENOMEM);
 		}
 
@@ -538,8 +539,13 @@ ng_mppc_compress(node_p node, struct mbu
 		free(outbuf, M_NETGRAPH_MPPC);
 
 		/* Check m_devget() result. */
-		if (m == NULL)
+		if (m == NULL) {
+			if (!d->flushed) {
+				MPPC_InitCompressionHistory(d->history);
+				d->flushed = 1;
+			}
 			return (ENOMEM);
+		}
 	}
 #endif
 
@@ -551,6 +557,18 @@ ng_mppc_compress(node_p node, struct mbu
 		/* Set header bits */
 		header |= MPPC_FLAG_ENCRYPTED;
 
+		/* We must own the mbuf chain exclusively to modify it. */
+		m = m_unshare(m, M_DONTWAIT);
+		if (m == NULL) {
+			if (!d->flushed) {
+#ifdef NETGRAPH_MPPC_COMPRESSION
+				MPPC_InitCompressionHistory(d->history);
+#endif
+				d->flushed = 1;
+			}
+			return (ENOMEM);
+		}
+
 		/* Update key if it's time */
 		if ((d->cfg.bits & MPPE_STATELESS) != 0
 		    || (d->cc & MPPE_UPDATE_MASK) == MPPE_UPDATE_FLAG) {
@@ -562,11 +580,6 @@ ng_mppc_compress(node_p node, struct mbu
 			rc4_init(&d->rc4, d->key, KEYLEN(d->cfg.bits));
 		}
 
-		/* We must own the mbuf chain exclusively to modify it. */
-		m = m_unshare(m, M_DONTWAIT);
-		if (m == NULL)
-			return (ENOMEM);
-
 		/* Encrypt packet */
 		m1 = m;
 		while (m1) {

--------------080800040701040505040506--