summaryrefslogtreecommitdiffstats
path: root/usr.sbin/ppp/ip.c
Commit message (Collapse)AuthorAgeFilesLines
* Build with -DNOINET6...brian2004-09-061-1/+6
|
* Fix the build on 64-bit platforms.marcel2004-09-061-3/+4
|
* Make ppp WARNS=5 cleanbrian2004-09-051-11/+13
|
* Make getprotobynumber() calls in FilterCheck conditional on the logdds2004-05-131-13/+43
| | | | | | | | | | | | | | | | | | | | | | levels by which they are used. On a typical production setting (no debug or filter logging) this will save an open/read/close system call sequence per packet, approximately halving the system overhead and reducing the overall overhead by 38%. dd bs=1k count=512 if=/usr/share/dict/web2 | ssh ppp-linked-host dd of=/dev/null # time original-ppp -nat -foreground connection Working in foreground mode Using interface: tun0 2.822u 2.404s 2:00.31 4.3% 392+496k 8+18io 3pf+0w # time new-ppp -nat -foreground connection Working in foreground mode Using interface: tun0 2.082u 1.173s 1:26.06 3.7% 379+450k 0+18io 0pf+0w MFC after: 3 weeks
* Passing a u_char to ntohs() is guaranteed to give the wrong answer !brian2003-03-261-2/+2
| | | | Submitted by: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
* Remove whitespace at the end of lines.brian2002-06-151-8/+8
|
* o Clean up some #includesbrian2002-05-141-2/+0
| | | | | | | | | | | | | | | | | | o Bump version number to 3.0.4 o When talking to a RADIUS server, provide a NAS-Port-Type. When the NAS-Port-Type is Ethernet, provide a NAS-Port value equal to the SESSIONID from the environment in direct mode or the NGM_PPPOE_SESSIONID message in other modes. If no SESSIONID is found, default to the interface index in client mode or zero in server mode. When the NAS-Port-Type is ISDN, set the NAS-Port to the minor number of the physical device (ie, the N in /dev/i4brbchN). This makes it easier for the RADIUS server to identify the client WRT accounting data etc. Prompted by: lsz8425 <lsz8425@mail.cd.hn.cn>
* Back out the previous fix to deal with kernels that don't support IPv6,brian2001-08-181-2/+1
| | | | | | | | | | | | | | | and implement a far more subtle and correct fix. The reason behind the infinite loop was that ppp was trying to make up initial IPv6 numbers and wasn't giving up when it failed unexpectedly to assign the addresses it just fabricated to it's interface (thinking that the reason was because another interface was using the same address). It now attempts this up to 100 times before just failing and trying to muddle along (in reality, this should never happen more than a couple of times unless our random number generator doesn't work). Also, when IPv6 is not available, don't even try to assign the IPv6 interface address in the first place...
* Run correctly on a machine built without AF_INET6 supportbrian2001-08-181-1/+2
|
* Fix a couple of forgotten commentsbrian2001-08-161-3/+3
|
* o Add ipv6 support, abstracting most NCP addresses into opaquebrian2001-08-141-290/+310
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | structures (well, they're treated as opaque). It's now possible to manage IPv6 interface addresses and routing table entries and to filter IPV6 traffic whether encapsulated or not. IPV6CP support is crude for now, and hasn't been tested against any other implementations. RADIUS and IPv6 are independent of eachother for now. ppp.linkup/ppp.linkdown aren't currently used by IPV6CP o Understand all protocols(5) in filter rules rather than only a select few. o Allow a mask specification for the ``delete'' command. It's now possible to specifically delete one of two conflicting routes. o When creating and deleting proxy arp entries, do it for all IPv4 interface addresses rather than doing it just for the ``current'' peer address. o When iface-alias isn't in effect, don't blow away manually (via ``iface add'') added interface addresses. o When listening on a tcp server (diagnostic) socket, bind so that a tcp46 socket is created -- allowing both IPv4 and IPv6 connections. o When displaying ICMP traffic, don't display the icmp type twice. When display traffic, display at least some information about unrecognised traffic. o Bump version Inspired after filtering work by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
* Add support for stateful MPPE (microsoft encryption) providingbrian2001-06-181-0/+8
| | | | | | | | | | | | | | | encryption compatibility with Windows 2000. Stateful encryption uses less CPU but is bad on lossy transports. The ``set mppe'' command has been expanded. If it's used with any arguments, ppp will insist on encryption, closing LCP if the other end refuses. Unfortunately, Microsoft have abused the CCP reset request so that receiving a reset request does not result in a reset ack when using MPPE... Sponsored by: Monzoon Networks AG and FreeBSD Services Limited
* Convert IIJ copyrights to BSD copyrights.brian2001-06-131-20/+25
| | | | Approved by: Toshiharu OHNO <tohno@sirius.ocn.ne.jp>
* Fix an alignment errorbrian2001-05-301-5/+10
| | | | | | PR: 27766 Submitted by: Sudish Joseph <sudish@mindspring.com> MFC after: 2 weeks
* Handle IP over IP (IPPROTO_IPV4) properly.brian2001-04-241-6/+17
| | | | | | | | | We now unwrap IP/IP and apply filter rules to both the outer layer (with ``set filter blah x.x.x.x y.y.y.y ipip'') and to the payload (reinterpreted by the filter rules). ``set log tcp/ip'' will now show both the outer wrapper and the (reinterpreted) payload contents.
* MAXHOSTNAME includes space for a NULbrian2001-03-091-6/+6
|
* MAXPATHLEN -> PATH_MAXbrian2001-03-081-2/+2
| | | | | | Don't assume MAXHOSTNAMELEN includes the NUL Correct a diagnostic Use "localhost" in our prompt instead of ""
* Fix some log_Printf() castingbrian2001-01-291-6/+4
| | | | Obtained from: NetBSD (pkgsrc)
* Understand IPPROTO_ESP and IPPROTO_AH packetsbrian2000-09-141-0/+34
| | | | Submitted by: Angelos D. Keromytis <angelos@dsl.cis.upenn.edu>
* Add LogFILTER logging to log packets allowed by the dial filter andbrian2000-08-281-12/+61
| | | | | | | | dropped by any filter. Submitted by: Mark Hannon <markhannon@one.net.au> with some small tweaks by me.
* Allow a ``timeout secs'' filter option to let specific packet typesbrian2000-07-111-180/+215
| | | | | | | | | | | | effect the idle timer in different ways. Submitted by: Stefan Esser <se@freebsd.org> With adjustments by me to document the option in the man page and to give the same semantics for outgoing traffic as incoming. I made the style more consistent in ip.c - this should really have been done as a separate commit.
* o Log the (payload/size) of all packet types, not just TCP packetsbrian2000-07-071-8/+60
| | | | | | | | | | | | | | | | | | | o If the new ``filter-decapsulation'' is enabled, delve into UDP packets that contain 0xff 0x03 as the first two bytes, and if we recognise it as PROTO_IP, decapsulate it for the purpose of filter checking. If we recognise it as PROTO_<anything else> mention this for logging purposes only. This change is aimed at people running PPPoUDP where the UDP traffic is being sent over another PPP link. It's desireable to have the top level link connected all the time, but to have the bottom level link capable of decapsulating the traffic and comparing the payload against the filters, thus allowing ``set filter dial ...'' to work in tunnelled environments. The caveat here is that the top ppp cannot employ any compression layers without making the data unreadable for the bottom ppp. ``disable deflate pred1 vj'' and ``deny deflate pred1 vj'' is suggested.
* Allow ``set urgent none'' to disable all urgent ports and IPTOS_LOWDELAYbrian2000-06-081-2/+2
| | | | | | prioritisation. Requested by: luigi
* Log information about packets being dropped (probably due tobrian2000-03-291-5/+9
| | | | ``nat deny_incoming yes'') by libalias.
* When ppp can't identify the relevant name, don't use "???", usebrian2000-03-141-4/+2
| | | | <nnn> or <0xxxx> instead.
* Add ``set log dns'' to log DNS QUERY packets.brian2000-03-141-10/+137
| | | | | | | | | | | | | This is invaluable for dial-on-demand connections... In ppp.linkup: set log -dns -tcp/ip and in ppp.linkdown set log +dns +tcp/ip giving a much better account of why the link came up.
* Handle the availability of TUNSIFHEAD. If it's there, use it.brian2000-01-231-5/+9
| | | | | For the moment this is just overhead, but it'll be used for INET6 support later.
* Add a bunch of `const's and fix a typo.brian1999-12-271-1/+3
| | | | Submitted by: Rich Neswold <rneswold@MCS.Net>
* Cosmetic: Make struct mbuf more like kernel mbufs.brian1999-12-201-20/+21
|
* Support GRE packetsbrian1999-09-301-0/+22
| | | | Submitted by: Harry Starr <starr@gccs.com.au>
* Back out the bogus #ifdef __NetBSD__ #include <signal.h> lines.brian1999-09-211-3/+0
| | | | | | | The original report was due to a mis-installation of the NetBS header files :-/ Submitted by: Kazuyoshi Kato <kazk@yyy.or.jp>
* NetBSD has moved ``extern int errno;'' to signal.h :-/brian1999-09-201-0/+3
| | | | Submitted by: Kazuyoshi Kato <kazk@yyy.or.jp>
* Correct the return from FilterCheck for fragmentsbrian1999-09-161-1/+1
| | | | | PR: 13771 Submitted by: Dean M. Phillips <dphill@inav.net>
* Introduce a forth IP packet queue. Urgent packets withbrian1999-09-071-4/+18
| | | | | | | | | ip_tos == IPTOS_LOWDELAY now get precidence over urgent packets with ip_tos != IPTOS_LOWDELAY and non-urgent packets with ip_tos == IPTOS_LOWDELAY. Enhance the ``set urgent'' syntax to allow for urgent UDP packets as well as urgent TCP packets.
* o Split the two IPCP queues into three - one for FSM databrian1999-09-041-19/+15
| | | | | | | | | | | | (LCP/CCP/IPCP), one for urgent IP traffic and one for everything else. o Add the ``set urgent'' command for adjusting the list of urgent port numbers. The default urgent ports are 21, 22, 23, 513, 514, 543 and 544 (Ports 80 and 81 have been removed from the default priority list). o Increase the buffered packet threshold from 20 to 30. o Report the number of packets in the IP output queue and the list of urgent ports under ``show ipcp''.
* $Id$ -> $FreeBSD$peter1999-08-281-1/+1
|
* Add ISDN support via isdnd & i4b. This requires versionbrian1999-08-061-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | 0.81.1 of the i4b code - namely support of the I4B_VR_REQ ioctl via the i4brbchX device. Ppp controls the phone number, but idle timers and SYNC/RAW decisions are still made by isdnd (in isdnd.rc). This involves a new datalink state machine phase. The ``wait for carrier'' phase happens after dialing but before logging in. The whole dial state should really be abstracted so that each device type can deal with it in its own way (thinking about PPPoE) - but that'll have to wait. The ``set cd'' symantics remain the same for tty devices, but we now delay until we either get CD or timeout waiting (at which time we drop the link if we require CD). For i4b devices we always insist on carrier. Thanks to hm@ for his help, and especially for pointing out that I *don't* need to re-implement isdnd (that was a huge waste of time !) :-]
* #ifdef IPPROTO_OSPFIGP before expecting it to be defined.brian1999-08-021-1/+5
| | | | This unbreaks OpenBSD.
* Filter ospf and igmp separately.brian1999-08-021-1/+18
| | | | Kind-of submitted by: phk
* o Overhaul filtering, adding facilities to jump over rules and tobrian1999-07-271-131/+182
| | | | | | | | | negate the sense of rules. o Remove the redundant (and undocumented) ``host'' and ``port'' words (README.changes updated). o Don't permit (and ignore) garbage instead of the protocol. Mostly submitted by: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au>
* Support `igmp' filters.brian1999-06-231-2/+6
| | | | Mostly submitted by: Timo Geusch <freebsd@sleepycat.ukpeople.net>
* o Alter the mbuf type as it's processed by different layers.brian1999-06-021-2/+3
| | | | | | | | o Show more information about missing MP fragments in ``show mp''. o Do away with mbuf_Log(). It was showing mbuf stats twice on receipt of LCP/CCP/IPCP packets.... ???!!? o Pre-allocate a bit extra when creating LQR packets to avoid having to allocate another mbuf in mbuf_Prepend().
* Remember if MYADDR or HISADDR is used in a filter add tweak allbrian1999-05-311-6/+6
| | | | filters any time either value changes.
* Ensure that we're not going to overflow our ``struct tun''brian1999-05-141-3/+10
| | | | | when we mbuf_Read() into it. Add the link name to a few diagnostics.
* Deal with the fact that as we now mbuf_Read the fsmbrian1999-05-091-2/+2
| | | | | | | | | header in fsm_Input() we often end up with a NULL mbuf. Deal with a possible NULL mbuf being passed into mbuf_Prepend(). Adjust some spacing to make things more consistent.
* o Redesign the layering mechanism and make the aliasing code part ofbrian1999-05-081-128/+48
| | | | | | | | | | | | | | | | | | | | | the layering. We now ``stack'' layers as soon as we open the device (when we figure out what we're dealing with). A static set of `dispatch' routines are also declared for dealing with incoming packets after they've been `pulled' up through the stacked layers. Physical devices are now assigned handlers based on the device type when they're opened. For the moment there are three device types; ttys, execs and tcps. o Increment version number to 2.2 o Make an entry in [uw]tmp for non-tty -direct invocations (after pap/chap authentication). o Make throughput counters quad_t's o Account for the absolute number of mbuf malloc()s and free()s in ``show mem''. o ``show modem'' becomes ``show physical''.
* Make ports 80 & 81 ``interactive''.brian1999-05-011-2/+2
|
* Add support for NetBSDbrian1999-04-261-5/+5
|
* Ensure that the thing we're casting to struct ipbrian1999-03-291-2/+2
| | | | is aligned for non-i386 architectures.
* Initial RADIUS support (using libradius). See the man page forbrian1999-01-281-2/+5
| | | | | | | | | | | | | | | | | | | details. Compiling with -DNORADIUS (the default for `release') removes support. TODO: The functionality in libradius::rad_send_request() needs to be supplied as a set of routines so that ppp doesn't have to wait indefinitely for the radius server(s). Instead, we need to get a descriptor back, select() on the descriptor, and ask libradius to service it when necessary. For now, ppp blocks SIGALRM while in rad_send_request(), so it misses PAP/CHAP retries & timeouts if they occur. Only PAP is functional. When CHAP is attempted, libradius complains that no User-Password has been specified... rfc2138 says that it *mustn't* be used for CHAP :-( Sponsored by: Internet Business Solutions Ltd., Switzerland
OpenPOWER on IntegriCloud