Date: Sat, 10 Nov 2012 17:49:59 GMT From: Brett Glass <freebsd-prs@brettglass.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/173533: mpd5 PPTP server race condition with some clients Message-ID: <201211101749.qAAHnxWv011596@red.freebsd.org> Resent-Message-ID: <201211101800.qAAI01uq031527@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 173533 >Category: ports >Synopsis: mpd5 PPTP server race condition with some clients >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Nov 10 18:00:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Brett Glass >Release: 9.1-RELEASE >Organization: >Environment: >Description: When some clients (specifically, the very popular routers made by Cisco/Linksys) attempt to connect to a PPTP server running mpd5, the server responds so quickly with the first GRE packet after the PPTP "call" is established that the router is not ready for it. The router sends an ICMP "unreachable" packet and the connection falls apart. Here is a packet trace of a failed connection: 09:14:02.205124 IP client.1079 > pptpserver..pptp: Flags [S], seq 3927283043, win 58 40, options [mss 1460,sackOK,TS val 372091 ecr 0,nop,wscale 0], length 0 09:14:02.205171 IP pptpserver..pptp > client.1079: Flags [S.], seq 3734254182, ack 3 927283044, win 65535, options [mss 1460,nop,wscale 5,sackOK,TS val 1353461580 ecr 372091], length 0 09:14:02.207416 IP client.1079 > pptpserver..pptp: Flags [.], ack 1, win 5840, optio ns [nop,nop,TS val 372092 ecr 1353461580], length 0 09:14:02.211802 IP client.1079 > pptpserver..pptp: Flags [P.], ack 1, win 5840, opti ons [nop,nop,TS val 372092 ecr 1353461580], length 156: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME _CAP(AS) BEARER_CAP(DA) MAX_CHAN(65535) FIRM_REV(1) [|pptp] 09:14:02.211967 IP pptpserver..pptp > client.1079: Flags [P.], ack 157, win 2081, op tions [nop,nop,TS val 1353461593 ecr 372092], length 156: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) RES ULT_CODE(1) ERR_CODE(0) FRAME_CAP(AS) BEARER_CAP(DA) MAX_CHAN(0) FIRM_REV(257) [|pptp] 09:14:02.214361 IP client.1079 > pptpserver..pptp: Flags [.], ack 157, win 5840, opt ions [nop,nop,TS val 372092 ecr 1353461593], length 0 09:14:03.219489 IP client.1079 > pptpserver..pptp: Flags [P.], ack 157, win 5840, op tions [nop,nop,TS val 372193 ecr 1353461593], length 168: pptp CTRL_MSGTYPE=OCRQ CALL_ID(1079) CALL_ SER_NUM(0) MIN_BPS(2400) MAX_BPS(10000000) BEARER_TYPE(Any) [|pptp] 09:14:03.220632 IP pptpserver..pptp > client.1079: Flags [P.], ack 325, win 2081, op tions [nop,nop,TS val 1353463606 ecr 372193], length 32: pptp CTRL_MSGTYPE=OCRP CALL_ID(42668) PEER_ CALL_ID(1079) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(64000) RECV_WIN(16) PROC_DELAY(1) [|pptp] 09:14:03.220854 IP pptpserver. > client: GREv1, call 1079, seq 0, length 54: LCP, Co nf-Request (0x01), id 1, length 40 09:14:03.222960 IP client.1079 > pptpserver..pptp: Flags [.], ack 189, win 5840, opt ions [nop,nop,TS val 372193 ecr 1353463606], length 0 09:14:03.223339 IP client > pptpserver.: ICMP client protocol 47 unreachable, length 82 09:14:03.228750 IP client.1079 > pptpserver..pptp: Flags [P.], ack 189, win 5840, op tions [nop,nop,TS val 372194 ecr 1353463606], length 16: pptp CTRL_MSGTYPE=CCRQ CALL_ID(1079) 09:14:03.229216 IP pptpserver..pptp > client.1079: Flags [P.], ack 341, win 2081, op tions [nop,nop,TS val 1353463624 ecr 372194], length 148: pptp CTRL_MSGTYPE=CDN CALL_ID(42668) RESUL T_CODE(4) ERR_CODE(0) CAUSE_CODE(0) [|pptp] 09:14:03.231639 IP client.1079 > pptpserver..pptp: Flags [P.], ack 337, win 5840, op tions [nop,nop,TS val 372194 ecr 1353463624], length 32: pptp CTRL_MSGTYPE=StopCCRQ REASON(0) 09:14:03.231819 IP pptpserver..pptp > client.1079: Flags [P.], ack 373, win 2081, op tions [nop,nop,TS val 1353463629 ecr 372194], length 16: pptp CTRL_MSGTYPE=StopCCRP RESULT_CODE(1) E RR_CODE(0) 09:14:03.231850 IP pptpserver..pptp > client.1079: Flags [F.], seq 353, ack 373, win 2081, options [nop,nop,TS val 1353463629 ecr 372194], length 0 09:14:03.267388 IP client.1079 > pptpserver..pptp: Flags [.], ack 354, win 5840, opt ions [nop,nop,TS val 372198 ecr 1353463629], length 0 09:14:05.238450 IP client.1079 > pptpserver..pptp: Flags [R.], seq 373, ack 354, win 5840, options [nop,nop,TS val 372395 ecr 1353463629], length 0 Note that the server's first GRE packet, containing an LCP configuration request, is sent so quickly after the one containing its OCRP message that the client does not have time to process the message before the GRE packet arrives. FreeBSD's userland ppp implementation, ppp(8), avoids this problem by default by delaying the LCP configuration request by one second. (The delay can be changed or eliminated via the command "set openmode active [delay]".) But mpd5 has no default delay and offers no way to set one. >How-To-Repeat: Set a Linksys/Cisco E1000 router, with the latest firmware, to connect to a PPTP server running mpd5. Connections will repeatedly fail. However, connections to a PPTP server running PoPToP, with FreeBSD's userland PPTP, will work properly on exactly the same hardware. >Fix: Add a fixed (or, better, configurable) startup delay when mpd5's PPP implementation makes a connection in active mode. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211101749.qAAHnxWv011596>