From: Miroslav Lichvar Date: Wed, 25 Nov 2009 11:37:32 +0000 (+0100) Subject: Add new cmdmon status codes for packet version and length mismatch X-Git-Tag: 1.24-pre1~41 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=032838b1b05bbb1ea61eb0654d74abb9f1da44ef;p=thirdparty%2Fchrony.git Add new cmdmon status codes for packet version and length mismatch With next procotol version this will allow chronyc to report that chronyd is using a different protocol version. --- diff --git a/candm.h b/candm.h index d721325e..bedc834e 100644 --- a/candm.h +++ b/candm.h @@ -328,6 +328,10 @@ typedef struct { #define PROTO_VERSION_NUMBER 4 +/* The oldest protocol version that is compatible enough with + the current version to report a version mismatch */ +#define PROTO_VERSION_MISMATCH_COMPAT 4 + /* ================================================== */ typedef struct { @@ -434,6 +438,8 @@ typedef struct { #define STT_INACTIVE 15 #define STT_BADSAMPLE 16 #define STT_INVALIDAF 17 +#define STT_BADPKTVERSION 18 +#define STT_BADPKTLENGTH 19 typedef struct { int32_t EOR; diff --git a/client.c b/client.c index 8885d661..0dd8ede0 100644 --- a/client.c +++ b/client.c @@ -1305,7 +1305,9 @@ submit_request(CMD_Request *request, CMD_Reply *reply, int *reply_auth_ok) continue; } - bad_header = ((reply->version != PROTO_VERSION_NUMBER) || + bad_header = ((reply->version != PROTO_VERSION_NUMBER && + !(reply->version >= PROTO_VERSION_MISMATCH_COMPAT && + ntohs(reply->status) == STT_BADPKTVERSION)) || (reply->pkt_type != PKT_TYPE_CMD_REPLY) || (reply->res1 != 0) || (reply->res2 != 0) || @@ -1428,6 +1430,12 @@ request_reply(CMD_Request *request, CMD_Reply *reply, int requested_reply, int v case STT_BADSAMPLE: printf("516 Sample index out of range"); break; + case STT_BADPKTVERSION: + printf("517 Protocol version mismatch"); + break; + case STT_BADPKTLENGTH: + printf("518 Packet length mismatch"); + break; case STT_INACTIVE: printf("519 Client logging is not active in the daemon"); break; diff --git a/cmdmon.c b/cmdmon.c index 98d84bb6..c8d22d5e 100644 --- a/cmdmon.c +++ b/cmdmon.c @@ -1822,23 +1822,35 @@ read_from_cmd_socket(void *anything) return; } + if (read_length < offsetof(CMD_Request, data) || + rx_message.pkt_type != PKT_TYPE_CMD_REQUEST || + rx_message.res1 != 0 || + rx_message.res2 != 0) { - if (read_length != expected_length) { - LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToString(&remote_ip), remote_port); + /* We don't know how to process anything like this */ CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); - /* For now, just ignore the packet. We may want to send a reply - back eventually */ + return; } - if ((rx_message.version != PROTO_VERSION_NUMBER) || - (rx_message.pkt_type != PKT_TYPE_CMD_REQUEST) || - (rx_message.res1 != 0) || - (rx_message.res2 != 0)) { + if (rx_message.version != PROTO_VERSION_NUMBER) { + tx_message.status = htons(STT_NOHOSTACCESS); + LOG(LOGS_WARN, LOGF_CmdMon, "Read packet with protocol version %d (expected %d) from %s:%hu", rx_message.version, PROTO_VERSION_NUMBER, UTI_IPToString(&remote_ip), remote_port); + CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); - /* We don't know how to process anything like this */ + if (rx_message.version >= PROTO_VERSION_MISMATCH_COMPAT) { + tx_message.status = htons(STT_BADPKTVERSION); + transmit_reply(&tx_message, &where_from); + } + return; + } + + if (read_length != expected_length) { + LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToString(&remote_ip), remote_port); CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); - + + tx_message.status = htons(STT_BADPKTLENGTH); + transmit_reply(&tx_message, &where_from); return; }