From 032838b1b05bbb1ea61eb0654d74abb9f1da44ef Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Wed, 25 Nov 2009 12:37:32 +0100 Subject: [PATCH] Add new cmdmon status codes for packet version and length mismatch With next procotol version this will allow chronyc to report that chronyd is using a different protocol version. --- candm.h | 6 ++++++ client.c | 10 +++++++++- cmdmon.c | 38 +++++++++++++++++++++++++------------- 3 files changed, 40 insertions(+), 14 deletions(-) diff --git a/candm.h b/candm.h index d721325..bedc834 100644 --- a/candm.h +++ b/candm.h @@ -328,6 +328,10 @@ typedef struct { #define PROTO_VERSION_NUMBER 4 +/* The oldest protocol version that is compatible enough with + the current version to report a version mismatch */ +#define PROTO_VERSION_MISMATCH_COMPAT 4 + /* ================================================== */ typedef struct { @@ -434,6 +438,8 @@ typedef struct { #define STT_INACTIVE 15 #define STT_BADSAMPLE 16 #define STT_INVALIDAF 17 +#define STT_BADPKTVERSION 18 +#define STT_BADPKTLENGTH 19 typedef struct { int32_t EOR; diff --git a/client.c b/client.c index 8885d66..0dd8ede 100644 --- a/client.c +++ b/client.c @@ -1305,7 +1305,9 @@ submit_request(CMD_Request *request, CMD_Reply *reply, int *reply_auth_ok) continue; } - bad_header = ((reply->version != PROTO_VERSION_NUMBER) || + bad_header = ((reply->version != PROTO_VERSION_NUMBER && + !(reply->version >= PROTO_VERSION_MISMATCH_COMPAT && + ntohs(reply->status) == STT_BADPKTVERSION)) || (reply->pkt_type != PKT_TYPE_CMD_REPLY) || (reply->res1 != 0) || (reply->res2 != 0) || @@ -1428,6 +1430,12 @@ request_reply(CMD_Request *request, CMD_Reply *reply, int requested_reply, int v case STT_BADSAMPLE: printf("516 Sample index out of range"); break; + case STT_BADPKTVERSION: + printf("517 Protocol version mismatch"); + break; + case STT_BADPKTLENGTH: + printf("518 Packet length mismatch"); + break; case STT_INACTIVE: printf("519 Client logging is not active in the daemon"); break; diff --git a/cmdmon.c b/cmdmon.c index 98d84bb..c8d22d5 100644 --- a/cmdmon.c +++ b/cmdmon.c @@ -1822,19 +1822,10 @@ read_from_cmd_socket(void *anything) return; } - - if (read_length != expected_length) { - LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToString(&remote_ip), remote_port); - CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); - /* For now, just ignore the packet. We may want to send a reply - back eventually */ - return; - } - - if ((rx_message.version != PROTO_VERSION_NUMBER) || - (rx_message.pkt_type != PKT_TYPE_CMD_REQUEST) || - (rx_message.res1 != 0) || - (rx_message.res2 != 0)) { + if (read_length < offsetof(CMD_Request, data) || + rx_message.pkt_type != PKT_TYPE_CMD_REQUEST || + rx_message.res1 != 0 || + rx_message.res2 != 0) { /* We don't know how to process anything like this */ CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); @@ -1842,6 +1833,27 @@ read_from_cmd_socket(void *anything) return; } + if (rx_message.version != PROTO_VERSION_NUMBER) { + tx_message.status = htons(STT_NOHOSTACCESS); + LOG(LOGS_WARN, LOGF_CmdMon, "Read packet with protocol version %d (expected %d) from %s:%hu", rx_message.version, PROTO_VERSION_NUMBER, UTI_IPToString(&remote_ip), remote_port); + CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); + + if (rx_message.version >= PROTO_VERSION_MISMATCH_COMPAT) { + tx_message.status = htons(STT_BADPKTVERSION); + transmit_reply(&tx_message, &where_from); + } + return; + } + + if (read_length != expected_length) { + LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToString(&remote_ip), remote_port); + CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); + + tx_message.status = htons(STT_BADPKTLENGTH); + transmit_reply(&tx_message, &where_from); + return; + } + rx_command = ntohs(rx_message.command); /* OK, we have a valid message. Now dispatch on message type and process it. */