| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY
RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES
RAD_MICROSOFT_MS_MPPE_RECV_KEY
RAD_MICROSOFT_MS_MPPE_SEND_KEY
These attributes may be supplied by a RADIUS server when MSCHAPv2 is
used to authenticate.
It *should* now be possible to build ppp with -DNODES and still support
CHAP/MSCHAP/MSCHAPv2/MPPE via a RADIUS server, but the code isn't yet
smart enough to do that (building with -DNODES just looses these
facilities).
Sponsored by: Monzoon
|
| |
|
|
|
|
|
|
|
|
|
| |
instead of u_char *.
The changes are cosmetic except:
RecvConfigAck() now displays the options that are being ACK'd
Huge (bogus) options sent from the peer won't cause an infinite loop
SendIdent and ReceiveIdent are displayed consistenlty with other FSM data
LCP AUTHPROTO options that aren't understood are NAK'd, not REJ'd
|
| |
|
|
|
|
| |
This is necessary because MPPE will combine the protocol id with the
payload received on the tun interface, encrypt it, then prepend its
own protocol id, effectively increasing the payload by two bytes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
encryption compatibility with Windows 2000. Stateful encryption
uses less CPU but is bad on lossy transports.
The ``set mppe'' command has been expanded. If it's used with any
arguments, ppp will insist on encryption, closing LCP if the other
end refuses.
Unfortunately, Microsoft have abused the CCP reset request so that
receiving a reset request does not result in a reset ack when using
MPPE...
Sponsored by: Monzoon Networks AG and FreeBSD Services Limited
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
is called prior to sending a CCP configure request for a
given protocol. The default is to send the request, but
this is overridden for MPPE which checks to see if the lcp
negotiations agreed CHAP81, and if not fails.
Use the same function to decide if we should reject peer
requests for MPPE.
This should get rid of those boring messages about not being
able to initialise MPPE when we don't negotiate CHAP81.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
o Show more information about missing MP fragments in ``show mp''.
o Do away with mbuf_Log(). It was showing mbuf stats twice on
receipt of LCP/CCP/IPCP packets.... ???!!?
o Pre-allocate a bit extra when creating LQR packets to avoid having
to allocate another mbuf in mbuf_Prepend().
|
| |
|
|
|
|
|
|
|
| |
header in fsm_Input() we often end up with a NULL mbuf.
Deal with a possible NULL mbuf being passed into
mbuf_Prepend().
Adjust some spacing to make things more consistent.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the layering.
We now ``stack'' layers as soon as we open the device (when we figure
out what we're dealing with). A static set of `dispatch' routines are
also declared for dealing with incoming packets after they've been
`pulled' up through the stacked layers.
Physical devices are now assigned handlers based on the device type
when they're opened. For the moment there are three device types;
ttys, execs and tcps.
o Increment version number to 2.2
o Make an entry in [uw]tmp for non-tty -direct invocations (after
pap/chap authentication).
o Make throughput counters quad_t's
o Account for the absolute number of mbuf malloc()s and free()s in
``show mem''.
o ``show modem'' becomes ``show physical''.
|
| |
|
|
|
|
| |
Use a maximum of MAX_MRU + 2 bytes for incoming packets, not
MAX_MTU + 2.
Tidy up some diagnostics.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
when we've simply missed a packet.
When our Predictor1 CRC is wrong (implying we've dropped
a packet), don't send a ResetReq(). Instead, send another
CCP ConfigReq(). *shrug* My tests show this as being far
worse than the ResetReq as we may have further Nak/Rejs etc
and we're basically resetting both our incoming and outgoing
compression dictionaries, but rfc1978 says the ConfigReq is
correct, so we'd better go along...
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(see the new ``set callback'' and ``set cbcp'' commands)
o Add a ``cbcp'' log level and mbuf type.
o Don't dump core when \T is given in ``set login'' or
``set hangup''.
o Allow ``*'' and blanks as placeholders in ppp.secret and
allow a fifth field for specifying auth/cbcp dialback
parameters.
o Remove a few extraneous #includes
o Define the default number of REQs (restart counter) in defs.h
rather than hardcoding ``5'' all over the place.
o Fix a few man page inconsistencies.
|
| |
|
|
| |
See the file README.changes, and re-read the man page.
|
| | |
|
| | |
|
| |
|
|
| |
Add DEFLATE support.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove extraneous decls.
Add ``const'' to several places.
Allow ``make NOALIAS=1'' to remove IP aliasing.
Merge with OpenBSD - only the Makefiles vary.
We can now survive a compile with
-Wall -Wbad-function-cast -Wcast-align -Wcast-qual
-Winline -Wmissing-declarations -Wmissing-prototypes
-Wnested-externs -Wpointer-arith -Wredundant-decls
-Wshadow -Wstrict-prototypes -Wwrite-strings -Wchar-subscripts
(although the Makefile just contains -Wall).
|
| |
|
|
|
|
|
|
| |
Stay as the invoking uid as much as possible.
Execution as a normal user is still forbidden for now,
so these changes are pretty ineffective.
The next commit will implement the modifications suggested
on -hackers a number of days ago.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Add missing $Id$s
o Move extern decls from .c -> .h files
o Staticize
o Remove #includes from .h files
o style(9)ify includes
o bcopy -> memcpy
bzero -> memset
bcmp -> memcmp
index -> strchr
rindex -> strrchr
o Move timeout.h -> timer.h (making it consistent w/ timer.c)
o Add -Wmissing-prototypes
|
| |
|
|
|
| |
Update loadalias to use the new libalias api.
Update to version 1.1.
|
| |
|
|
|
| |
Update the version number to 1.00.
Increase the predictor-1 buffer by 2 bytes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Use syslog
o Remove references to stdout/stderr (incl perror())
o Introduce VarTerm - the interactive terminal or zero
o Allow "set timeout" to affect current session
o Change "set debug" to "set log"
o Allow "set log [+|-]flag"
o Make MSEXT and PASSWDAUTH stuff the default
o Move all #ifdef DEBUG stuff into the code - this
shouldn't be too much overhead. It's now controlled
with "set log +debug"
o Add "set log command, debug, tun, warn, error, alert"
o Remove cdefs.h, and assume an ansi compiler.
o Improve all diagnostic output
o Don't trap SIGSEGV
o SIGHUP now terminates again (log files are controlled
by syslog)
o Call CloseModem() when changing devices
o Fix parsing of third arg of "delete"
I think this fixes the "magic is same" problems that some
people have been experiencing.
The man page is being rewritten. It'll follow soon.
|
| |
|
|
|
|
|
|
| |
ppp link, we gain nothing with a larger mtu.
Suggested by: joerg
Fix pred1 buffer size (must be == MAX_MTU)
|
| |
|
|
|
|
| |
value checking etc.
Submitted by: eivind
|
| | |
|
| |
|
|
|
|
|
|
| |
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
add some logging functionality which I find very useful.
'set debug link' will record just link up/down and address assignments.
'set debug connect' will record the entire chat dialog
'set debug carrier' will record just chat lines including 'CARRIER'
(so that I can be sure I'm getting a 28.8 line).
There was a global change required to permit LogPrintf to take a bit
mask instead of a bit position value (to permit logging some events
on either of two flags, so that no change in 'set debug lcp' would
result from the code supporting 'link'. Thus the diffs are rather
long for such a small change. The man page is also touched.
Oh, and there was a slight syntax problem in route.c
Reviewed by: phk
Submitted by: Tony Kimball <alk@Think.COM>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ppp based on these patches for about 3 weeks with no downtime.
The original submitters comments:
Two features iijppp has over kernel ppp that I like are predictor1
compression and demand dialing. Here are a few bug fixes.
I expanded the priority queueing scheme and discovered it was broken
due to the assignment at ip.c line 300. All packets were being
queued at the same priority.
Fixing priority queueing broke predictor1 compression. Packets
were compressed before being queued and predictor1 worked as long
as the packets were popped off the queue in the same order they
were pushed onto the queue.
There were a few byte order problems in IP header tests also.
There is a recursion problem in SendLqrReport(). LcpClose() is
called when "Too many echo packets are lost" which winds up in
SendLqrReport() again. I believe the original intention was to
just stop the LQR timer with the call to StopLqr() but the side
effects hurt.
Submitted by: John Capo <jc@irbs.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Supporting SYNC SIO device (But need a device driver)
- add "set speed sync"
o Fixing bug for Predictor-1 function.
o Add new parameter that re-sent interval for set timeout commands.
o Improving RTT (Round Trip Time) and reducing processor time.
- Previous Timer service was using polling, and now using
SIGALRM ;-)
- A 0.94beta2 will not work correctly....
-- Follows are additinal feature not including 0.94beta2
o Support Proxy ARP
- add "enable/disable proxy" commands
o Marging common routine in CHAP/PAP.
o Enhancing LCP/IPCP log information.
o Support local Authfication connection on port 300x and tty.
- You can set up pair of your "hostname -s" and
password in ppp.secret. if either ppp.secret file nor
your hostname line don't exist, It will notify a message
and working as same as previous version.(Backword compatibility)
- If you did set up them, It's allow connection but nothing to do
except help and passwd command.
- add "passwd yourpasswd" commands
o Support afilter - keep Alive filter that a packet can send/receiving
according to ifilter/ofilter but doesn't count it as preventing idle
timer expires.
- Same syntax of other filters.
o Fixing bugs reported by current user for previous one. Thanks !!
Reviewed by: Atsushi Murai (amurai@spec.co.jp)
|
| |
|
