summaryrefslogtreecommitdiffstats
path: root/usr.sbin/ppp/filter.c
Commit message (Collapse)AuthorAgeFilesLines
* Convert IIJ copyrights to BSD copyrights.brian2001-06-131-18/+24
| | | | Approved by: Toshiharu OHNO <tohno@sirius.ocn.ne.jp>
* Handle IP over IP (IPPROTO_IPV4) properly.brian2001-04-241-1/+7
| | | | | | | | | We now unwrap IP/IP and apply filter rules to both the outer layer (with ``set filter blah x.x.x.x y.y.y.y ipip'') and to the payload (reinterpreted by the filter rules). ``set log tcp/ip'' will now show both the outer wrapper and the (reinterpreted) payload contents.
* Various whitespace changes.brian2000-10-301-2/+4
| | | | Make some functions static.
* Allow a ``timeout secs'' filter option to let specific packet typesbrian2000-07-111-0/+7
| | | | | | | | | | | | effect the idle timer in different ways. Submitted by: Stefan Esser <se@freebsd.org> With adjustments by me to document the option in the man page and to give the same semantics for outgoing traffic as incoming. I made the style more consistent in ip.c - this should really have been done as a separate commit.
* Undo the damage done to this file in my last commitbrian2000-03-311-1/+1
|
* Add the ``nat target'' command.brian2000-03-311-1/+1
|
* Correct address parsingbrian2000-03-301-1/+1
| | | | Pointed out by: Maxim Sobolev <sobomax@altavista.net>
* Allow the use of hostnames instead of (and as well as) IPbrian2000-03-291-4/+5
| | | | | | | | numbers in all commands. If people use hostnames and have dodgy resolvers or try to resolve the hostname before the link is up, they get what they deserve.... Requested by: ru
* Add the ``resolv'' command for telling ppp how to deal with resolv.conf.brian2000-03-141-1/+23
| | | | | You can now ``resolv restore'' in ppp.linkdown ! Add DNS0 and DNS1 macros.
* Add a bunch of `const's and fix a typo.brian1999-12-271-4/+4
| | | | Submitted by: Rich Neswold <rneswold@MCS.Net>
* Support GRE packetsbrian1999-09-301-1/+24
| | | | Submitted by: Harry Starr <starr@gccs.com.au>
* Fix the ``lt'' comparison in ``set filter''brian1999-09-211-1/+1
| | | | | PR: 13819 Submitted by: Dean M. Phillips <dphill@inav.net>
* $Id$ -> $FreeBSD$peter1999-08-281-1/+1
|
* #ifdef IPPROTO_OSPFIGP before expecting it to be defined.brian1999-08-021-1/+5
| | | | This unbreaks OpenBSD.
* Filter ospf and igmp separately.brian1999-08-021-5/+29
| | | | Kind-of submitted by: phk
* Fix a load of typosbrian1999-07-281-2/+2
| | | | | | Use sizeof, not a hardcode value. Some of it submitted by: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au>
* o Overhaul filtering, adding facilities to jump over rules and tobrian1999-07-271-115/+140
| | | | | | | | | negate the sense of rules. o Remove the redundant (and undocumented) ``host'' and ``port'' words (README.changes updated). o Don't permit (and ignore) garbage instead of the protocol. Mostly submitted by: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au>
* Fix an off-by-one error and correct the man page WRT clearingbrian1999-07-261-2/+2
| | | | | | | filters. Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au> PR: 12437
* Support `igmp' filters.brian1999-06-231-2/+17
| | | | Mostly submitted by: Timo Geusch <freebsd@sleepycat.ukpeople.net>
* Remember if MYADDR or HISADDR is used in a filter add tweak allbrian1999-05-311-12/+64
| | | | filters any time either value changes.
* o Redesign the layering mechanism and make the aliasing code part ofbrian1999-05-081-1/+2
| | | | | | | | | | | | | | | | | | | | | the layering. We now ``stack'' layers as soon as we open the device (when we figure out what we're dealing with). A static set of `dispatch' routines are also declared for dealing with incoming packets after they've been `pulled' up through the stacked layers. Physical devices are now assigned handlers based on the device type when they're opened. For the moment there are three device types; ttys, execs and tcps. o Increment version number to 2.2 o Make an entry in [uw]tmp for non-tty -direct invocations (after pap/chap authentication). o Make throughput counters quad_t's o Account for the absolute number of mbuf malloc()s and free()s in ``show mem''. o ``show modem'' becomes ``show physical''.
* Initial RADIUS support (using libradius). See the man page forbrian1999-01-281-21/+33
| | | | | | | | | | | | | | | | | | | details. Compiling with -DNORADIUS (the default for `release') removes support. TODO: The functionality in libradius::rad_send_request() needs to be supplied as a set of routines so that ppp doesn't have to wait indefinitely for the radius server(s). Instead, we need to get a descriptor back, select() on the descriptor, and ask libradius to service it when necessary. For now, ppp blocks SIGALRM while in rad_send_request(), so it misses PAP/CHAP retries & timeouts if they occur. Only PAP is functional. When CHAP is attempted, libradius complains that no User-Password has been specified... rfc2138 says that it *mustn't* be used for CHAP :-( Sponsored by: Internet Business Solutions Ltd., Switzerland
* Solve the ``first connection'' problem that occurs onbrian1998-10-221-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | demand-dial links with dynamic IP numbers where the program that causes the dial bind()s to an interface address that is subsequently changed after ppp negotiation. The problem is defeated by adding negotiated addresses to the tun interface as additional alias addresses and providing a set of ``iface'' commands for managing the interface. Libalias is also required (and what a name clash!) - it happily IP-aliases the address so that the source is that of the primary (negotiated) interface and un-IP-aliases it on the way back. An ``enable iface-alias'' is done implicitly by the -alias command line switch. If -alias isn't given, iface-aliasing is disabled by default and can't be enabled 'till an ``alias enable yes'' is done. ``alias enable no'' silently disables iface-alias. So, for dynamic-IP-type-connections, running ``ppp -alias -auto blah'' will work for the first connection, although existing bindings will not survive a disconnect/connect as the TCP peer will be trying to send to the old IP address - the packets won't route. It's now a lot easier to add IPXCP to ppp with minor updates to the new iface.[ch] (if anyone ever gets 'round to it). It's also now possible to manually add interface aliases with something like ``iface add 1.2.3.4/24 5.6.7.8''. This allows multi-homed ppp links :-)
* Don't assume ``sizeof(u_long) == 4''brian1998-06-271-2/+2
| | | | Submitted by: Theo
* Fix a rather nasty use of `static'. This caused a SEGVbrian1998-06-151-2/+2
| | | | | when running ``link * load label'' as we ended up recursing back into command_Interpret after nuking our command arg list.
* MFMP: Make ppp multilink capable.brian1998-05-211-197/+231
| | | | See the file README.changes, and re-read the man page.
* Remove unused #includes.brian1998-01-211-3/+2
| | | | | | Make various bits static. Remove unused variables. Submitted by: eivind
* Cosmetic (style):brian1997-12-241-2/+2
| | | | | | | sizeof(var) -> sizeof var sizeof type -> sizeof(type) Suggested by: J Wunsch <j@uriah.heep.sax.de>
* Allow random IP number allocation to peer.brian1997-12-131-5/+10
| | | | | | | | | | | | | | | | | | | | Validate the peers suggested IP by attempting to make a routing table entry. Give up IPCP negotiation if the peer NAKs us with an unusable IP. Always SIOCDIFADDR then SIOCAIFADDR when configuring the tun device. Using SIOCSIFDSTADDR allows duplicate dst addresses (which we don't want)!!! Allow up to 200 interface names (was 50) (now that ppp can play server properly). Up the version number (1.5 -> 1.6). Cosmetic: Log unexpected CCP packets in the CCP log rather than the ERROR log. Log unexpected Config Reqs in the appropriate LCP/IPCP/CCP log rather than the ERROR log. Log failed route additions and deletions with WARN, not TCPIP. Log the option id and length for unrecognised IPCP options. Change some .Sq to .Ar in the man page.
* Fix prototypes.brian1997-11-221-42/+47
| | | | | | | | | | | | | | Remove extraneous decls. Add ``const'' to several places. Allow ``make NOALIAS=1'' to remove IP aliasing. Merge with OpenBSD - only the Makefiles vary. We can now survive a compile with -Wall -Wbad-function-cast -Wcast-align -Wcast-qual -Winline -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-prototypes -Wwrite-strings -Wchar-subscripts (although the Makefile just contains -Wall).
* Return correct value from "set loopback".brian1997-11-121-2/+8
| | | | | | Output "set ?filter deny host|port" rules correctly with show ?filter. Submitted by: Dave Bodenstab <imdave@mcs.net>
* Increase chat script sizes to 512brian1997-11-091-1/+2
| | | | Requested by: Michael Reifenberger <root@totum.plaut.de>
* Cosmetic (no functional changes):brian1997-10-261-25/+31
| | | | | | | | | | | | | | | o Add missing $Id$s o Move extern decls from .c -> .h files o Staticize o Remove #includes from .h files o style(9)ify includes o bcopy -> memcpy bzero -> memset bcmp -> memcmp index -> strchr rindex -> strrchr o Move timeout.h -> timer.h (making it consistent w/ timer.c) o Add -Wmissing-prototypes
* Fix various filter problemsbrian1997-10-231-11/+12
| | | | | PR: 4727 Submitted by: Chiharu Shibata <chi@bd.mbn.or.jp>
* Cosmetic: Make LogPrintf() calls consistent.brian1997-08-311-4/+4
|
* Make the code format more in line with style(9).brian1997-08-251-122/+87
| | | | | Update loadalias to use the new libalias api. Update to version 1.1.
* Count the "proto" arg after a single address,brian1997-07-271-2/+4
| | | | | Check correctly for "deny" packets. Submitted by: Dave Bodenstab <imdave@mcs.net>
* Deal with HISADDR/MYADDR in filter rules.brian1997-06-281-4/+8
| | | | | | | Mostly submitted by: kfurge@worldnet.att.net Allow MYADDR in add/delete commands to facilitate dynamic additions of a loopback route to MYADDR.
* Overhaul ppp:brian1997-06-091-58/+67
| | | | | | | | | | | | | | | | | | | | | | | | | o Use syslog o Remove references to stdout/stderr (incl perror()) o Introduce VarTerm - the interactive terminal or zero o Allow "set timeout" to affect current session o Change "set debug" to "set log" o Allow "set log [+|-]flag" o Make MSEXT and PASSWDAUTH stuff the default o Move all #ifdef DEBUG stuff into the code - this shouldn't be too much overhead. It's now controlled with "set log +debug" o Add "set log command, debug, tun, warn, error, alert" o Remove cdefs.h, and assume an ansi compiler. o Improve all diagnostic output o Don't trap SIGSEGV o SIGHUP now terminates again (log files are controlled by syslog) o Call CloseModem() when changing devices o Fix parsing of third arg of "delete" I think this fixes the "magic is same" problems that some people have been experiencing. The man page is being rewritten. It'll follow soon.
* Tidy up the code - bounds checking, returnbrian1997-05-101-2/+2
| | | | | | value checking etc. Submitted by: eivind
* Revert $FreeBSD$ to $Id$peter1997-02-221-1/+1
|
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-141-1/+1
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* A random bunch of cleanup changes.phk1996-01-101-4/+2
|
* 1. All fragments (except the first one) of a fragmented packet wereamurai1995-09-171-57/+56
| | | | | | | | | | | | | dropped - devet@adv.IAEhv.nl (Arjan de Vet) 2. Will not read data from telnet connection - John Capo <jc@irbs.com> 3. Using LQM option could be drop the link due to LcpLayerDown() doesn't stop LQR timer. - Brian <brian@awfulhak.demon.co.uk> 4. Allow to describe a syntax of filters that is not only port number but also by name in /etc/service. - Rich Murphey <rich@lamprey.utmb.edu> Reviewed by: Atsushi Murai <amurai@spec.co.jp> Submitted by: devet@adv.IAEhv.nl, jc@irbs.com, brian@awfulhak.demon.co.uk, rich@lamprey.utmb.edu
* Remove trailing whitespace.rgrimes1995-05-301-5/+5
|
* New user Process PPP based on iij-ppp0.94beta2.amurai1995-02-261-6/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
* The 'set ifilter'/'set ofilter' commands accept a syntax containingamurai1995-02-221-5/+6
| | | | | | | | | | IP addresses and/or protocol+port, but in the case where both are supplied, it happily accepts the command but ignores the proto+port It also attempts to handle the case where the second IP address is omitted, but this doesn't work. Reviewed by: amurai@spec.co.jp Submitted by: Andrew.Gordon@net-tel.co.uk
* (no commit message)amurai1995-01-311-0/+475
OpenPOWER on IntegriCloud