No detection of incoming SPA on PPPoE
pavm1654 opened this issue · comments
Hi,
Fwknopd appears not to detect incoming SPA packets on my PPPoE interface. pcap_dispatch receives a message, but fwknop doesn't detect the usual "candidate SPA payload."
openbsd# fwknopd -f -vvv
Opened access file: /etc/fwknop/access.conf
Initialize access stanzas
Warning: REQUIRE_SOURCE_ADDRESS not enabled for access stanza source: 'ANY'
[+] Writing my PID (42764) to the lock file: /var/fwknop/fwknopd.pid
Starting fwknopd
Current fwknopd config settings:
0. CONFIG_FILE = '/etc/fwknop/fwknopd.conf'
1. OVERRIDE_CONFIG = '<not set>'
2. PCAP_INTF = 'pppoe0'
3. PCAP_FILE = '<not set>'
4. ENABLE_PCAP_PROMISC = 'N'
5. PCAP_FILTER = 'udp port 62201'
6. PCAP_DISPATCH_COUNT = '100'
7. PCAP_LOOP_SLEEP = '100000'
8. ENABLE_PCAP_ANY_DIRECTION = '<not set>'
9. EXIT_AT_INTF_DOWN = 'Y'
10. MAX_SNIFF_BYTES = '1500'
11. ENABLE_SPA_PACKET_AGING = 'Y'
12. MAX_SPA_PACKET_AGE = '120'
13. ENABLE_DIGEST_PERSISTENCE = 'Y'
14. RULES_CHECK_THRESHOLD = '20'
15. CMD_EXEC_TIMEOUT = '<not set>'
16. ENABLE_SPA_OVER_HTTP = 'N'
17. ENABLE_TCP_SERVER = 'N'
18. TCPSERV_PORT = '62201'
19. ENABLE_UDP_SERVER = 'N'
20. UDPSERV_PORT = '62201'
21. UDPSERV_SELECT_TIMEOUT = '500000'
22. LOCALE = '<not set>'
23. SYSLOG_IDENTITY = 'fwknopd'
24. SYSLOG_FACILITY = 'LOG_DAEMON'
25. ENABLE_X_FORWARDED_FOR = 'N'
26. ENABLE_DESTINATION_RULE = 'N'
27. ENABLE_RULE_PREPEND = 'N'
28. ENABLE_NAT_DNS = 'Y'
29. PF_ANCHOR_NAME = 'fwknop'
30. PF_EXPIRE_INTERVAL = '30'
31. FWKNOP_RUN_DIR = '/var/fwknop'
32. FWKNOP_CONF_DIR = '/etc/fwknop'
33. ACCESS_FILE = '/etc/fwknop/access.conf'
34. ACCESS_FOLDER = '<not set>'
35. FWKNOP_PID_FILE = '/var/fwknop/fwknopd.pid'
36. DIGEST_FILE = '/var/fwknop/digest.cache'
37. GPG_HOME_DIR = '/root/.gnupg'
38. GPG_EXE = '/usr/local/bin/gpg'
39. SUDO_EXE = '/usr/bin/sudo'
40. FIREWALL_EXE = '/sbin/pfctl'
41. VERBOSE = '<not set>'
42. FAULT_INJECTION_TAG = '<not set>'
Current fwknopd access settings:
SOURCE (1): ANY
==============================================================
DESTINATION: <not set>
OPEN_PORTS: tcp/48266
RESTRICT_PORTS: <not set>
KEY: <see the access.conf file>
KEY_BASE64: <see the access.conf file>
KEY_LEN: 32
HMAC_KEY: <see the access.conf file>
HMAC_KEY_BASE64: <see the access.conf file>
HMAC_KEY_LEN: 64
HMAC_DIGEST_TYPE: 3
FW_ACCESS_TIMEOUT: 30
MAX_FW_TIMEOUT: 300
ENABLE_CMD_EXEC: No
ENABLE_CMD_SUDO_EXEC: No
CMD_SUDO_EXEC_USER: <not set>
CMD_SUDO_EXEC_GROUP: <not set>
CMD_EXEC_USER: <not set>
CMD_EXEC_GROUP: <not set>
CMD_CYCLE_OPEN: <not set>
CMD_CYCLE_CLOSE: <not set>
CMD_CYCLE_TIMER: 60
REQUIRE_USERNAME: <not set>
REQUIRE_SOURCE_ADDRESS: No
FORCE_NAT (ip): <not set>
FORCE_NAT (proto): <not set>
FORCE_NAT (port): 0
FORCE_SNAT (ip): <not set>
FORCE_MASQUERADE: No
DISABLE_DNAT: No
FORWARD_ALL: No
ACCESS_EXPIRE: <not set>
GPG_HOME_DIR: <not set>
GPG_EXE: <not set>
GPG_DECRYPT_ID: <not set>
GPG_DECRYPT_PW: <not set>
GPG_REQUIRE_SIG: No
GPG_IGNORE_SIG_VERIFY_ERROR: No
GPG_REMOTE_ID: <not set>
GPG_FINGERPRINT_ID: <not set>
Using Digest Cache: '/var/fwknop/digest.cache' (entry count = 0)
Sniffing interface: pppoe0
PCAP filter is: 'udp port 62201'
Starting fwknopd main event loop.
pcap_dispatch() processed: 1 packets
pcap_dispatch() processed: 1 packets
Adjusting the data link offset on PPPoE fixes the issue on my end.
--- server/pcap_capture.c.orig
+++ server/pcap_capture.c
@@ -140,6 +140,9 @@
case DLT_EN10MB:
opts->data_link_offset = 14;
break;
+ case DLT_PPP_ETHER:
+ opts->data_link_offset = 8;
+ break;
#if defined(__linux__)
case DLT_LINUX_SLL:
opts->data_link_offset = 16;