From 14c759072729b46587cc6be7a8c0c551abef5bf7 Mon Sep 17 00:00:00 2001 From: archie Date: Sun, 9 Apr 2000 21:07:39 +0000 Subject: Add ng_mppc(8) netgraph node as a KLD module. Obtained from: Whistle source tree --- share/man/man4/ng_mppc.4 | 192 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 192 insertions(+) create mode 100644 share/man/man4/ng_mppc.4 (limited to 'share/man/man4/ng_mppc.4') diff --git a/share/man/man4/ng_mppc.4 b/share/man/man4/ng_mppc.4 new file mode 100644 index 0000000..bfee4e4 --- /dev/null +++ b/share/man/man4/ng_mppc.4 @@ -0,0 +1,192 @@ +.\" Copyright (c) 1996-2000 Whistle Communications, Inc. +.\" All rights reserved. +.\" +.\" Subject to the following obligations and disclaimer of warranty, use and +.\" redistribution of this software, in source or object code forms, with or +.\" without modifications are expressly permitted by Whistle Communications; +.\" provided, however, that: +.\" 1. Any and all reproductions of the source or object code must include the +.\" copyright notice above and the following disclaimer of warranties; and +.\" 2. No rights are granted, in any manner or form, to use Whistle +.\" Communications, Inc. trademarks, including the mark "WHISTLE +.\" COMMUNICATIONS" on advertising, endorsements, or otherwise except as +.\" such appears in the above copyright notice or in the software. +.\" +.\" THIS SOFTWARE IS BEING PROVIDED BY WHISTLE COMMUNICATIONS "AS IS", AND +.\" TO THE MAXIMUM EXTENT PERMITTED BY LAW, WHISTLE COMMUNICATIONS MAKES NO +.\" REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THIS SOFTWARE, +.\" INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. +.\" WHISTLE COMMUNICATIONS DOES NOT WARRANT, GUARANTEE, OR MAKE ANY +.\" REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THIS +.\" SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE. +.\" IN NO EVENT SHALL WHISTLE COMMUNICATIONS BE LIABLE FOR ANY DAMAGES +.\" RESULTING FROM OR ARISING OUT OF ANY USE OF THIS SOFTWARE, INCLUDING +.\" WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +.\" PUNITIVE, OR CONSEQUENTIAL DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR +.\" SERVICES, LOSS OF USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY +.\" OF SUCH DAMAGE. +.\" +.\" Author: Archie Cobbs +.\" +.\" $Whistle: ng_mppc.8,v 1.1 1999/12/08 20:20:39 archie Exp $ +.\" $FreeBSD$ +.\" +.Dd December 8, 1999 +.Dt NG_MPPC 8 +.Os FreeBSD +.Sh NAME +.Nm ng_mppc +.Nd Microsoft MPPC/MPPE compression and encryption netgraph node type +.Sh SYNOPSIS +.Fd #include +.Sh DESCRIPTION +The +.Nm mppc +node type implements the Microsoft Point-to-Point Compression (MPPC) +and Microsoft Point-to-Point Encryption (MPPE) sub-protocols of +the PPP protocol. +These protocols are often used in conjunction with the Point-to-Point +Tunneling Protocol (PPTP). +.Pp +The node has two hooks, +.Dv "comp" +for compression and +.Dv "decomp" +for decompression. +Typically one or both of these hooks would be connected to the +.Xr ng_ppp 8 +node type hook of the same name. +Each direction of traffic flow is independent of the other. +.Sh HOOKS +This node type supports the following hooks: +.Pp +.Bl -tag -compact -width vjc_vjuncomp +.It Dv comp +Connection to +.Xr ng_ppp 8 +.Dv "comp" +hook. +Incoming frames are compressed and/or encrypted, and sent +back out the same hook. +.It Dv decomp +Connection to +.Xr ng_ppp 8 +.Dv "decomp" +hook. +Incoming frames are decompressed and/or decrypted, and sent +back out the same hook. +.El +.Sh CONTROL MESSAGES +This node type supports the generic control messages, plus the following: +.Bl -tag -width foo +.It Dv NGM_MPPC_CONFIG_COMP +This command resets and configures the node for a session in the +outgoing traffic direction (i.e., for compression and/or encryption). +This command takes a +.Dv "struct ng_mppc_config" +as an argument: +.Bd -literal -offset 0 +/* Length of MPPE key */ +#define MPPE_KEY_LEN 16 + +/* MPPC/MPPE PPP negotiation bits */ +#define MPPC_BIT 0x00000001 /* mppc compression bits */ +#define MPPE_40 0x00000020 /* use 40 bit key */ +#define MPPE_128 0x00000040 /* use 128 bit key */ +#define MPPE_BITS 0x00000060 /* mppe encryption bits */ +#define MPPE_STATELESS 0x01000000 /* use stateless mode */ +#define MPPC_VALID_BITS 0x01000061 /* possibly valid bits */ + +/* Configuration for a session */ +struct ng_mppc_config { + u_char enable; /* enable */ + u_int32_t bits; /* config bits */ + u_char startkey[MPPE_KEY_LEN]; /* start key */ +}; + +.Ed +The +.Dv enabled +field enables traffic flow through the node. +The +.Dv bits +field contains the bits as negotiated by the Compression Control Protocol +(CCP) in PPP. +The +.Dv startkey +is only necessary if MPPE was negotiated, and must be equal to the +session start key as defined for MPPE. +This key is based on the MS-CHAP credentials used at link authentication time. +.It Dv NGM_MPPC_CONFIG_DECOMP +This command resets and configures the node for a session in the +incoming traffic direction (i.e., for decompression and/or decryption). +This command takes a +.Dv "struct ng_mppc_config" +as an argument. +.It Dv NGM_MPPC_RESETREQ +This message contains no arguments, and is bi-directional. +If an error is detected during decompression, this message is sent by the +node to the originator of the +.Dv NGM_MPPC_CONFIG_DECOMP +message that initiated the session. +The receiver should respond by sending a PPP CCP Reset-Request to the peer. +.Pp +This message may also be received by this node type when a CCP Reset-Request +is received by the local PPP entity. +The node will respond by flushing its outgoing compression and encryption +state so the remote side can resynchronize. +.El +.Sh SHUTDOWN +This node shuts down upon receipt of a +.Dv NGM_SHUTDOWN +control message, or when both hooks have been disconnected. +.Sh COMPILATION +The kernel options +.Dv NETGRAPH_MPPC_COMPRESSION +and +.Dv NETGRAPH_MPPC_ENCRYPTION +are supplied to selectively compile in either or both capabilities. +At least one of these must be defined, or else this node type is useless. +.Pp +The MPPC protocol requires proprietary compression code available +from Hi/Fn (formerly STAC). +These files must be obtained elsewhere and added to the kernel +sources before this node type will compile with the +.Dv NETGRAPH_MPPC_COMPRESSION +option. +.Sh BUGS +In PPP, encryption should be handled by the Encryption Control Procotol (ECP) +rather than CCP. +However, Microsoft combined both compression and encryption into their +``compression'' algorithm, which is confusing. +.Sh SEE ALSO +.Xr netgraph 4 , +.Xr ng_ppp 8 , +.Xr ngctl 8 +.Rs +.%A G. Pall +.%T "Microsoft Point-To-Point Compression (MPPC) Protocol" +.%O RFC 2118 +.Re +.Rs +.%A G. S. Pall +.%A G. Zorn +.%T "Microsoft Point-To-Point Encryption (MPPE) Protocol" +.%O draft-ietf-pppext-mppe-04.txt +.Re +.Rs +.%A K. Hamzeh +.%A G. Pall +.%A W. Verthein +.%A J. Taarud +.%A W. Little +.%A G. Zorn +.%T "Point-to-Point Tunneling Protocol (PPTP)" +.%O RFC 2637 +.Re +.Sh AUTHOR +Archie Cobbs -- cgit v1.1