Commit Graph

853 Commits

Author SHA1 Message Date
Brian Somers
0f203c7e2e Undo possible damage done by the new TUNSIFMODE ioctl
in FreeBSD-current.
1999-03-25 11:37:51 +00:00
Brian Somers
4a948cab8b Do away with some literal text that is never switched
off - I *think* these were groff bugs.
1999-03-19 09:00:08 +00:00
Brian Somers
24a6ccfc38 Replace hardcoded quoting with Sq or Dq. 1999-03-19 01:42:45 +00:00
Brian Somers
521e2a5300 Don't forget to fully initialise the configured values
for MYADDR and HISADDR in ``set ifaddr'' so that unspecified
values don't end up retaining their `width'.
1999-03-19 00:05:32 +00:00
Brian Somers
8b9e9093a0 Use ``Sx'' when xref'ing sections. 1999-03-18 21:53:56 +00:00
Brian Somers
7919e54037 Remove all remaining [ and ] characters (and do things properly). 1999-03-18 21:50:52 +00:00
Brian Somers
38ab56c440 Remove all hardcoded [...] syntax.
With help from: Daniel C. Sobral <dcs@newsguy.com>
1999-03-17 00:25:43 +00:00
Brian Somers
516bf2ccb8 Mention changes to the default authentication behaviour. 1999-03-16 11:54:02 +00:00
Brian Somers
615beb1f86 Detect pred1 packets where the length != the packet length
Use a maximum of MAX_MRU + 2 bytes for incoming packets, not
MAX_MTU + 2.
Tidy up some diagnostics.
1999-03-16 01:24:23 +00:00
Brian Somers
a36ca3cc08 Tone down the log levels (Log{ERROR,WARN} -> LogCCP)
when we've simply missed a packet.

When our Predictor1 CRC is wrong (implying we've dropped
a packet), don't send a ResetReq().  Instead, send another
CCP ConfigReq().  *shrug*  My tests show this as being far
worse than the ResetReq as we may have further Nak/Rejs etc
and we're basically resetting both our incoming and outgoing
compression dictionaries, but rfc1978 says the ConfigReq is
correct, so we'd better go along...
1999-03-11 01:49:15 +00:00
Brian Somers
1322e9adf8 If /etc/ppp/ppp.conf doesn't exist, mention that the
configuration file can't be found rather than saying
that the label can't be found.
Pointed out by: Greg Black <gjb@comkey.com.au>
1999-03-09 20:39:03 +00:00
Brian Somers
661a0e900d Don't destroy the old server socket another ``set server''
call fails.
1999-03-08 22:35:19 +00:00
Brian Somers
bf1d816501 Don't forget to call modem_Found() when connecting
via an external program - otherwise we get no
throughput stats and connection count increase.
1999-03-07 20:58:48 +00:00
Guy Helmer
d5f39fc1d1 Add leading 0 in front of octal file permissions number.
OK'ed by:	Brian Somers <brian@freebsd.org>
PR:		docs/9843
1999-03-07 20:27:45 +00:00
Brian Somers
50a63ab997 Support PPTP via libalias (``alias pptp addr''). 1999-03-07 18:13:44 +00:00
Brian Somers
d318fe8e17 Support proxying & transparent proxying curtesy of libalias(3).
Order the alias command descriptions.
Order the SEE ALSO entries.
1999-03-07 15:02:38 +00:00
Brian Somers
a39fd2143c Correctly drop existing connections when reopening the diagnostic
socket.
1999-03-07 11:54:43 +00:00
Brian Somers
4be0e57de1 Read from fd[0] and write to fd[1] where `fd' is the
result of a pipe().  This matters under OpenBSD.
1999-03-07 01:41:40 +00:00
Brian Somers
da42fa6060 Use socketpair() instead of pipe()... pipe() doesn't return
two bi-directional descriptors under OpenBSD.
1999-03-07 01:41:27 +00:00
Brian Somers
a611383fee Reopen descriptor 0 as /dev/tty when in interactive mode
in OpenBSD as well as FreeBSD (I still don't know why).
Add a debug diagnostic when creating a child process as
a link.
1999-03-07 01:02:39 +00:00
Brian Somers
c11e57a340 Extend the ``set redial'' command to allow incremental
redial timeouts.
1999-03-04 17:42:15 +00:00
Brian Somers
bc76350ef9 Correct some ntohl/htonl bogons in the netmask handling.
This was pretty harmless as netmasks on a POINTOPOINT
interface are pretty much ignored, but it looked funny.

Mention the configured netmask in ``show ipcp''.

Describe in more detail what a proxy arp entry is.
1999-03-03 23:00:41 +00:00
Brian Somers
536d5b3331 When negotiating ACCMAPs, sync our ACCMAP with the
peers by ORing the two together and NAKing or REQing
the result rather than allowing seperate local/peer
values.
If the peer REJs our ACCMAP and our ACCMAP isn't 0,
warn about it and ignore the rejection.
1999-03-01 13:46:45 +00:00
Brian Somers
8a8d99276f Comment why we do a TLF when we get a ``Down'' event in state
``closing''.

Pointed out by: archie

Don't do a TLF when we get a ``Catastrphic Protocol Reject'' event
in state ``closed'' or ``stopped''.

Pointed out but not suggested by: archie

This makes no difference in the current implementation as
LcpLayerFinish() does nothing but log the event, but I disagree
in principle because it unbalances the TLF/TLS calls which
(IMHO) doesn't fit with the intentions of the RFC.

Maybe the RFC author had a reason for this.  It can only happen
in two circumstances:

- if LCP has already been negotiated then stopped or closed and we
  receive a protocol reject, then we must already have done a TLF.
  Why do one again and stay in the same state ?

- if LCP hasn't yet been started and we receive an unsolicted
  protocol reject, why should we TLF when we haven't done a TLS ?
1999-03-01 02:52:39 +00:00
Brian Somers
ec5e7f36dc Bring up auto links despite there being no data queued if
we're already in network phase and our autoload values
are set with no minimum threshold (the default).

Tell the autoload timer that it's ``coming up'' *before*
calling AutoLoadTimeout() directly... not after.  This
prevents the very first demand-dial connection from
immediately disconnecting when there are other auto links.

Problem diagnosis:  Ted Mittelstaedt <tedm@toybox.placo.com>
1999-03-01 00:43:48 +00:00
Brian Somers
479508cf28 Allow control over the number of ConfigREQ & TermREQ attempts
that are made in each of the FSMs (LCP, CCP & IPCP) and the
number of REQs/Challenges for PAP/CHAP by accepting more arguments
in the ``set {c,ip,l}cpretry'' and ``set {ch,p}apretry'' commands.

Change the non-convergence thresholds to 3 times the number of configured
REQ tries (rather than the previous fixed ``10'').  We now notice
repeated NAKs and REJs rather than just REQs.

Don't suggest that CHAP 0x05 isn't supported when it's not configured.

Fix some bugs that expose themselves with smaller numbers of retries:
o Handle instantaneous disconnects (set device /dev/null) correctly
  by stopping all fsm timers in fsm2initial.
o Don't forget to uu_unlock() devices that are files but are not
  ttys (set device /dev/zero).

Fix a *HORRENDOUS* bug in RFC1661 (already fixed for an Open event in state
``Closed''):
  According to the state transition table, a RCR+ or RCR- received in
  the ``Stopped'' state are supposed to InitRestartCounter, SendConfigReq
  and SendConfig{Ack,Nak}.  However, in ``Stopped'', we haven't yet
  done a TLS (or the last thing we did is a TLF).  We must therefore
  do the TLS at this point !

  This was never noticed before because LCP and CCP used not use
  LayerStart() for anything interesting, and IPCP tends to go into
  Stopped then get a Down because of an LCP RTR rather than getting a
  RCR again.
1999-02-26 21:28:14 +00:00
Brian Somers
26baedc5e4 Parse IP addresses more securely - specifically, don't allow
a bum name to return as 0.0.0.0... we don't want ``delete xxx''
to delete the default route when xxx doesn't resolve.

Support IP number specifications as the host when specifying
a tcp-style device (rather than *just* hostnames).
1999-02-25 20:05:55 +00:00
Brian Somers
b5c347a37a When our dial timeout is ``random'', display its value
correctly by invoking the timer to get the value before
displaying the message.
Don't assume that a value of 0 is ``random'' in
``show datalink''.
Make the random value between 1 and DIAL_TIMEOUT rather
than between 0 and DIAL_TIMEOUT-1
1999-02-25 12:00:04 +00:00
Brian Somers
f4007327ae Don't immediately bring auto links back up in multilink
mode (when there is more than one auto link) if there is
no data queued to go out.
Reviewed by: Tom Torrance <tom@tomqnx.com>
1999-02-25 11:59:36 +00:00
Brian Somers
b7ff18add2 Handle empty PAP & CHAP packets (containing only an FSM header).
Some CHAP implementations send no welcome message with their
SUCCESS/FAILURE packets.  This was being mis-identified as
a truncated packet by the new authentication code :-(
1999-02-20 01:12:45 +00:00
Brian Somers
b31a24cad8 Be a little more verbose about dodgy looking authentication
packets before dropping them in the bit-bucket.
1999-02-19 10:48:42 +00:00
Brian Somers
f522bee006 Build correctly when -DNOCRYPT is used. 1999-02-18 19:45:06 +00:00
Brian Somers
4043c04fa5 Don't expect a chap response if we haven't negotiated
chap 0x80.
1999-02-18 19:11:46 +00:00
Brian Somers
5e31549897 Fully support both NT and LANMan CHAP type 0x80 as both
authenticator and authenticatee.
1999-02-18 00:52:15 +00:00
Brian Somers
64cfdfc6fb Nuke any remaining auth timers when datalinks come back down
to DATALINK_LCP.
1999-02-17 02:11:28 +00:00
Brian Somers
6b4286e0f5 Wait by default for one second after the login script
is complete before checking carrier.  If it's there,
the device supports carrier.  If it's not it doesn't.

Add the ``set cd'' command for deciding how soon to check
for carrier, and for deciding if carrier is REQUIRED.

The default has changed:  Pre 2.0 versions of ppp waited
for 1 second.  Version 2 didn't wait, but this causes
problems with some (few?) modems that don't assert carrier
immediately on reporting CONNECT.  The one second delay
is back now and can be removed with ``set cd 0''.

Bump the ppp version number in case this needs to be changed
again....
1999-02-16 00:16:56 +00:00
Brian Somers
9576e3690f Describe manual dialing in greater detail.
Mention more rfc numbers.
Don't ``.Nm Ppp'' (just use ``.Nm'').
1999-02-14 12:16:41 +00:00
Brian Somers
a8103305cb When executing a command as part of a dial/login/hangup
script, expand words in the same way as !bg does.
1999-02-12 00:52:30 +00:00
Brian Somers
00b001185c /etc/ppp/ppp.*.sample -> /usr/share/examples/ppp/ppp.*.sample 1999-02-11 16:34:15 +00:00
Brian Somers
58330d7bfa When resending chap challenges, resend the same challenge
each time rather than making up a new one.

Increase the authname/authkey max sizes to 100 characters.

Allow ``authkey'' specifications beginning with ``!''.
When a challenge is received, the text following the
``!'' is executed as a program (expanding stuff in the same
way that ``sh'' and ``!bg'' do).  The program is passed the
peer name, peer challenge and local ``authname'' on standard
input and is expected to output the name/key combination that
should be used to build the CHAP response.

This provides support for Secure ID cards (guess what I was
given at work recently!) using CHAP.

Examples will follow.
1999-02-11 10:14:08 +00:00
Brian Somers
10c76ef5a2 Correct server-side chap authentication comparison
(broken with last commit).
1999-02-07 13:56:29 +00:00
Brian Somers
35f456775d Remove forgotten diagnostics 1999-02-07 13:48:38 +00:00
Brian Somers
f0cdd9c021 Decouple pap & chap output routines from the corresponding
input routines and take advantage of the new init/continue
interface in libradius.  This allows a timely response on
other links in an MP setup while RADIUS requests are in
progress as well as the ability to handle other data from
the peer in parallel.  It should also make the future addition
of PAM support trivial.

While I'm in there, validate pap & chap header IDs if
``idcheck'' is enabled (the default) for other FSM packet
types.

NOTE: This involved integrating the generation of chap
      challenges and the validation of chap responses
      (and commenting what's going on in those routines).
      I currently have no way of testing ppps ability
      to respond to M$Chap CHALLENGEs correctly, so if
      someone could do the honours, it'd be much
      appreciated (it *looks* ok!).

Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
Brian Somers
7686a20048 Encode & Decode the PROTOCOMP fields correctly.
When NAKing the peer, get as close as we can to what
he REQd.
When the peer NAKs us, get as close as we can to what
they NAKd with on our next REQ.
1999-02-02 20:27:12 +00:00
Brian Somers
ed0e926999 Don't allow root to specify non-existent labels on
the command line.
Revise the error diagnostics so that invalid labels
are reported immediately.
1999-02-02 09:35:30 +00:00
Brian Somers
aceaed9283 Reimplement the previous fix (no response to PAP requests)
at the authentication layer rather than at the PAP layer
so that it also applies to CHAP (no response to CHAP
challenges).
1999-02-02 09:35:17 +00:00
Brian Somers
8db502bbfd If we receive no answer from the server when sending PAP
requests, give up (don't sit there indefinitely).
1999-02-01 13:42:25 +00:00
Brian Somers
82d6780c9e o Send a CHAP challenge of 16 random digits when RADIUS is
configured.  This isn't strictly necessary according to the
  rfc, but it's suggested there....
o Don't forget to include our authname when sending a
  CHAP challenge when RADIUS is configured.
o Don't supply the ``16'' representing the chap answer
  length to radius_Authenticate() - libradius does this
  for us.
o When we successfully authenticate via radius_Authenticate(),
  continue with datalink_AuthOk() as expected.

Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-29 22:46:31 +00:00
Bill Fumerola
65aaeb15d5 Reflect syslog(8)'s acceptance of either tabs or spaces.
PR:		docs/9660
Submitted by:	Kris Kennaway <kkennawa@physics.adelaide.edu.au>
1999-01-28 22:55:08 +00:00
Brian Somers
0b67236810 MAINTAINER=brian@FreeBSD.org 1999-01-28 15:16:38 +00:00