No detection of incoming SPA on PPPoE

[pavm1654]

Hi,

Fwknopd appears not to detect incoming SPA packets on my PPPoE interface. pcap_dispatch receives a message, but fwknop doesn't detect the usual "candidate SPA payload."

openbsd# fwknopd -f -vvv                                                                  
Opened access file: /etc/fwknop/access.conf  
Initialize access stanzas           
Warning: REQUIRE_SOURCE_ADDRESS not enabled for access stanza source: 'ANY'
[+] Writing my PID (42764) to the lock file: /var/fwknop/fwknopd.pid
Starting fwknopd                       
Current fwknopd config settings:       
  0. CONFIG_FILE                  =  '/etc/fwknop/fwknopd.conf'
  1. OVERRIDE_CONFIG              =  '<not set>'        
  2. PCAP_INTF                    =  'pppoe0'           
  3. PCAP_FILE                    =  '<not set>'
  4. ENABLE_PCAP_PROMISC          =  'N'                                                   
  5. PCAP_FILTER                  =  'udp port 62201'   
  6. PCAP_DISPATCH_COUNT          =  '100'
  7. PCAP_LOOP_SLEEP              =  '100000' 
  8. ENABLE_PCAP_ANY_DIRECTION    =  '<not set>'
  9. EXIT_AT_INTF_DOWN            =  'Y'
 10. MAX_SNIFF_BYTES              =  '1500'
 11. ENABLE_SPA_PACKET_AGING      =  'Y'
 12. MAX_SPA_PACKET_AGE           =  '120'
 13. ENABLE_DIGEST_PERSISTENCE    =  'Y'
 14. RULES_CHECK_THRESHOLD        =  '20'
 15. CMD_EXEC_TIMEOUT             =  '<not set>'
 16. ENABLE_SPA_OVER_HTTP         =  'N'                                                   
 17. ENABLE_TCP_SERVER            =  'N'                                                   
 18. TCPSERV_PORT                 =  '62201'
 19. ENABLE_UDP_SERVER            =  'N'
 20. UDPSERV_PORT                 =  '62201'
 21. UDPSERV_SELECT_TIMEOUT       =  '500000' 
 22. LOCALE                       =  '<not set>'
 23. SYSLOG_IDENTITY              =  'fwknopd'
 24. SYSLOG_FACILITY              =  'LOG_DAEMON'
 25. ENABLE_X_FORWARDED_FOR       =  'N'
 26. ENABLE_DESTINATION_RULE      =  'N'
 27. ENABLE_RULE_PREPEND          =  'N'
 28. ENABLE_NAT_DNS               =  'Y'
 29. PF_ANCHOR_NAME               =  'fwknop' 
 30. PF_EXPIRE_INTERVAL           =  '30'
 31. FWKNOP_RUN_DIR               =  '/var/fwknop'
 32. FWKNOP_CONF_DIR              =  '/etc/fwknop'
 33. ACCESS_FILE                  =  '/etc/fwknop/access.conf'
 34. ACCESS_FOLDER                =  '<not set>'
 35. FWKNOP_PID_FILE              =  '/var/fwknop/fwknopd.pid'
 36. DIGEST_FILE                  =  '/var/fwknop/digest.cache'                            
 37. GPG_HOME_DIR                 =  '/root/.gnupg'                                        
 38. GPG_EXE                      =  '/usr/local/bin/gpg'       
 39. SUDO_EXE                     =  '/usr/bin/sudo'                                       
 40. FIREWALL_EXE                 =  '/sbin/pfctl'                                                                                                                                     
 41. VERBOSE                      =  '<not set>'                                           
 42. FAULT_INJECTION_TAG          =  '<not set>'                                           
                                             
Current fwknopd access settings:    
SOURCE (1):  ANY                                                                           
==============================================================      
                DESTINATION:  <not set>
                 OPEN_PORTS:  tcp/48266
             RESTRICT_PORTS:  <not set>                                                    
                        KEY:  <see the access.conf file>
                 KEY_BASE64:  <see the access.conf file>
                    KEY_LEN:  32                                                           
                   HMAC_KEY:  <see the access.conf file>                                   
            HMAC_KEY_BASE64:  <see the access.conf file>
               HMAC_KEY_LEN:  64          
           HMAC_DIGEST_TYPE:  3                                                            
          FW_ACCESS_TIMEOUT:  30                                                           
             MAX_FW_TIMEOUT:  300       
            ENABLE_CMD_EXEC:  No           
       ENABLE_CMD_SUDO_EXEC:  No        
         CMD_SUDO_EXEC_USER:  <not set>   
        CMD_SUDO_EXEC_GROUP:  <not set> 
              CMD_EXEC_USER:  <not set>  
             CMD_EXEC_GROUP:  <not set>                                                    
             CMD_CYCLE_OPEN:  <not set>                                  
            CMD_CYCLE_CLOSE:  <not set>
            CMD_CYCLE_TIMER:  60            
           REQUIRE_USERNAME:  <not set> 
     REQUIRE_SOURCE_ADDRESS:  No            
             FORCE_NAT (ip):  <not set>                                                    
          FORCE_NAT (proto):  <not set>                                                    
           FORCE_NAT (port):  0                                                            
            FORCE_SNAT (ip):  <not set>                                                    
           FORCE_MASQUERADE:  No        
               DISABLE_DNAT:  No        
                FORWARD_ALL:  No        
              ACCESS_EXPIRE:  <not set> 
               GPG_HOME_DIR:  <not set>                                                    
                    GPG_EXE:  <not set>  
             GPG_DECRYPT_ID:  <not set>                                                    
             GPG_DECRYPT_PW:  <not set>                                                    
            GPG_REQUIRE_SIG:  No                                                           
GPG_IGNORE_SIG_VERIFY_ERROR:  No                                                           
              GPG_REMOTE_ID:  <not set>                           
         GPG_FINGERPRINT_ID:  <not set>                                                    
                                                                                           
                                                                                           
Using Digest Cache: '/var/fwknop/digest.cache' (entry count = 0)                           
Sniffing interface: pppoe0                                                                                                                                                             
PCAP filter is: 'udp port 62201'                                                           
Starting fwknopd main event loop.                                                          
pcap_dispatch() processed: 1 packets         
pcap_dispatch() processed: 1 packets

Adjusting the data link offset on PPPoE fixes the issue on my end.

--- server/pcap_capture.c.orig
+++ server/pcap_capture.c
@@ -140,6 +140,9 @@ 
         case DLT_EN10MB:
             opts->data_link_offset = 14;
             break;
+        case DLT_PPP_ETHER:
+            opts->data_link_offset = 8;
+            break;
 #if defined(__linux__)
         case DLT_LINUX_SLL:
             opts->data_link_offset = 16;