From owner-freebsd-bugs@FreeBSD.ORG Fri Apr 3 10:19:34 2015 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0EEA283A for ; Fri, 3 Apr 2015 10:19:34 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E86731F7 for ; Fri, 3 Apr 2015 10:19:33 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t33AJX9R021859 for ; Fri, 3 Apr 2015 10:19:33 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 199144] [patch] ppp(8): spontaneous connectivity losses when using MPPE in the stateless mode Date: Fri, 03 Apr 2015 10:19:33 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: alex@zagrebin.ru X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status keywords bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2015 10:19:34 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199144 Bug ID: 199144 Summary: [patch] ppp(8): spontaneous connectivity losses when using MPPE in the stateless mode Product: Base System Version: 10.1-RELEASE Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Some People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: alex@zagrebin.ru Keywords: patch Created attachment 155154 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=155154&action=edit patch I'm using PPPoE connection to my ISP. I've noticed, that there are spontaneous connectivity losses, when MPPE in the stateless mode is used for data encryption. During such losses the ppp.log contains a tons of messages like: ... ppp[83292]: tun0: Phase: Unknown protocol 0xd198 (unrecognised protocol) ppp[83292]: tun0: Phase: Unknown protocol 0xfbd7 (unrecognised protocol) ppp[83292]: tun0: Phase: Unknown protocol 0x600e (unrecognised protocol) ppp[83292]: tun0: Phase: Unknown protocol 0x4aef (unrecognised protocol) ppp[83292]: tun0: Phase: Unknown protocol 0x2ed7 (unrecognised protocol) ppp[83292]: tun0: Phase: Unknown protocol 0xc6a1 (unrecognised protocol) ppp[83292]: tun0: Phase: Unknown protocol 0x4511 (unrecognised protocol) ppp[83292]: tun0: Phase: Unknown protocol 0x0166 (unrecognised protocol) ppp[83292]: tun0: Phase: Unknown protocol 0x36a2 (unrecognised protocol) ppp[83292]: tun0: Phase: Unknown protocol 0xa294 (unrecognised protocol) ... At the same time the ppp peers successfuly exchanges with a LCP keepalive packets, so formally the link is alive and there is the one workaround only - to restart ppp. After doing some debugging I've found that this issue occurs because MPPE keys, used for encryption/decryption, goes out of sync. To ensure that a keys are synchronized, ppp tracks the coherency count, which is a part of a MPPE-encrypted packet. When packet with an unexpected coherency count is received, ppp assumes that some packets are lost and performs a corresponding number of key changes to synchronize the key. This approach works fine for serial link, but for PPPoE there is another problem: packets reordering. For example: if packet with coherency count N-1 is delayed and it was received after the packet with coherency count N, then ppp will assume that 4094 packet are lost (a coherency count's size is 12 bit) and will perform 4095 [unnecessary] key changes to synchronize key. So the MPPE key goes out of sync. To fix this issue I've written the patch (see attached file). With this patch applied, ppp(8) distinguishes lost and delayed packets. To have the chance to decrypt a delayed packets, it keeps small history of MPPE keys (I think that 64 is a reasonable value). -- You are receiving this mail because: You are the assignee for the bug.