Commit Graph

1630 Commits

Author SHA1 Message Date
Hajimu UMEMOTO
0fe74aa4e3 Install routes specified by Framed-IPv6-Route. Since the format
of Framed-IPv6-Route is user defined, it follows Framed-IP-route.

MFC after:	1 week
2003-06-19 18:19:31 +00:00
Hajimu UMEMOTO
1f8db65a89 MYADDR6 in ppp.link{up,down} should match even when IPCP is enabled.
MFC after:	1 week
2003-06-16 15:19:25 +00:00
Kris Kennaway
5ba934c38d Add missing header for system_Select() prototype 2003-06-12 07:48:45 +00:00
Peter Wemm
7dd6838582 Add a pretty cheesy hack to avoid a gcc-3.2.2 ICE (internal compiler
error) on amd64 when doing pointer subtraction.  This bug is already
fixed in gcc-3.3 (waiting for after the branch), and the hack will be
backed out at the first opportunity.  This is in the ipv6 code path.

Approved by:  re (scottl)
2003-05-25 07:39:06 +00:00
Ruslan Ermilov
db1e3a4f98 Erase whitespace at EOL.
Approved by:	re (blanket)
2003-05-22 11:56:41 +00:00
Ruslan Ermilov
f490cb986f Previous revision broke release building, unbreak it.
Prodded by:	scottl
2003-05-20 07:07:48 +00:00
Dag-Erling Smørgrav
7691f66abf Retire the useless NOSECURE knob.
Approved by:	re (scottl)
2003-05-19 15:52:01 +00:00
Hajimu UMEMOTO
b706c03da0 When session is over, IPv6 default route to tun should be
removed, too.

MFC after:	1 week
2003-04-05 10:10:33 +00:00
Hajimu UMEMOTO
977e6c08fe Set link-local address of tun interface with prefixlen = 64
instead of 128.  It makes RA happy.

Reported by:	rafa@dif.um.es,
		SHIRASAKI Yasuhiro <yasuhiro@nttv6.jp>
Reviewed by:	SHIRASAKI Yasuhiro <yasuhiro@nttv6.jp>
MFC after:	1 week
2003-04-04 11:09:08 +00:00
Hajimu UMEMOTO
bbdd270714 If IPCP is disabled, susccess of IPV6CP negotiation is sufficient
to communicate by IPv6.  So, the prompt should be `PPP' rather
than `PPp'.
2003-03-28 18:23:43 +00:00
Hajimu UMEMOTO
34894c56bc Don't install wrong IPv6 route by add command. 2003-03-26 06:30:11 +00:00
Brian Somers
92941b9076 Passing a u_char to ntohs() is guaranteed to give the wrong answer !
Submitted by:	Francis Dupont <Francis.Dupont@enst-bretagne.fr>
2003-03-26 02:27:32 +00:00
Brian Somers
9603d5b40d Add a ``force-scripts'' option for using chat scripts with -direct and
-dedicated links.

Submitted by:	Maksim Yevmenkin <myevmenk@exodus.net>
2003-03-26 02:03:08 +00:00
Hajimu UMEMOTO
3efad8b488 Once ppp session is over, the route to ff02::tun0/32 was
deleted, and never came back.  Now, the route to
ff02::tun0/32 is installed at the end of IPV6CP negitiaton.
2003-03-25 17:01:39 +00:00
Hajimu UMEMOTO
93193fc76c We need filling scopeid to install routes for link-local
scope addresses.
2003-03-25 16:49:08 +00:00
Hajimu UMEMOTO
11f9e243a2 Since ppp.link{up,down} is invoked at the end of IPCP negotiation, if
we need ppp.link{up,down}, we couldn't disable IPCP.  Now, if IPCP is
disabled, ppp.link{up,down} is invoked at the end of IPV6CP
negotiation.
2003-03-25 15:59:27 +00:00
Jens Schweikhardt
9d5abbddbf Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
Peter Wemm
6ceeb6902a utmp.ut_time and lastlog.ll_time are explicitly int32_t rather than
time_t.  Deal with the possibility that time_t != int32_t.  This boils
down to this sort of thing:
 -   time(&ut.ut_time);
 +   ut.ut_time = time(NULL);
and similar for ctime(3) etc.  I've kept it minimal for the stuff
that may need to be portable (or 3rd party code), but used Matt's time32
stuff for cases where that isn't as much of a concern.

Approved by: re (jhb)
2002-11-15 22:42:00 +00:00
Brian Somers
3c34956a21 If the peer gives us 0.0.0.0 as his IP number, NAK it rather than accepting
it as being in range.

  set ifaddr 1.2.3.4/0 5.6.7.8/0

no longer allows 0.0.0.0 as a valid IP.

Reported/tested by:	Bohdan Horst <nexus@hoth.amu.edu.pl>
MFC after:		3 days
2002-09-23 22:40:43 +00:00
Brian Somers
31c759c0ef Unbreak -DNOINET6
Submitted by:	Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
MFC after:	1 day
2002-09-02 13:34:27 +00:00
Maxim Sobolev
88202a1f33 Correctly handle ifr.ifr_flags/ifr.ifr_flagshigh like ifconfig(8) does.
MFC after:	1 day
2002-08-29 12:52:28 +00:00
Brian Somers
a3c48b40e9 - made ppp compliant to RFC 2472 (based on a patch from another
contributor)
- support ipv6cpretry and ipv6cpretries, which are IPv6 versions
  of ipcpretry and ipcpretries.
- improve handling of IPv6 link-local addresses

Submitted by: JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
2002-08-29 02:44:58 +00:00
Brian Somers
6eafd35305 Include the correct file (stdarg.h) and use va_list rather than _BSD_VA_LIST_
Suggested by: mike
2002-08-27 20:11:58 +00:00
Brian Somers
90f28f9c3b Use _BSD_VA_LIST_ rather than __va_list if it's defined 2002-08-27 04:37:04 +00:00
Brian Somers
abc1373d37 Correct the FAQ url
Submitted by: Olivier Tharan <olive@oban.frmug.org>
2002-08-26 20:48:07 +00:00
Philippe Charnier
f0067240a1 Replace various spelling with FALLTHROUGH which is lint()able 2002-08-25 13:30:43 +00:00
Mike Barcroft
abbd890233 o Merge <machine/ansi.h> and <machine/types.h> into a new header
called <machine/_types.h>.
o <machine/ansi.h> will continue to live so it can define MD clock
  macros, which are only MD because of gratuitous differences between
  architectures.
o Change all headers to make use of this.  This mainly involves
  changing:
    #ifdef _BSD_FOO_T_
    typedef	_BSD_FOO_T_	foo_t;
    #undef _BSD_FOO_T_
    #endif
  to:
    #ifndef _FOO_T_DECLARED
    typedef	__foo_t	foo_t;
    #define	_FOO_T_DECLARED
    #endif

Concept by:	bde
Reviewed by:	jake, obrien
2002-08-21 16:20:02 +00:00
Ruslan Ermilov
a654c53e16 mdoc(7) police: Removed redundant .Ns calls. 2002-08-13 16:07:28 +00:00
Marc Fonvieille
9a091256a9 Correct URL to the FAQ
MFC after:	1 week
2002-07-31 10:05:00 +00:00
Marc Fonvieille
1061be04b3 Correct links to Handbook's pages, old URLs does not work anymore.
MFC after:	1 week
2002-07-30 21:04:26 +00:00
Brian Somers
541e4966fc Do a case insensitive comparison when comparing the ms-chap response
string.
2002-07-30 08:09:26 +00:00
Brian Somers
f4359ccbbc Remove unused calls to inet_addr() 2002-07-18 18:50:05 +00:00
Brian Somers
4dc4e1ee89 Back out the previous revision
Objected to by: Andre Oppermann <oppermann@pipeline.ch>

After Andre's objection, I've re-examined rfc 2759 and noted that it
says that the domain name shouldn't be used when generating the
NT-Response field.  So it looks like the bug is in freeradius rather
than in ppp.
2002-07-04 23:33:35 +00:00
Brian Somers
27dc75f10c If we've given a domain name prefix as the authentication name, strip
it off before passing it on to the RADIUS server for authentication.
2002-07-03 20:51:13 +00:00
Brian Somers
3285bb3c97 Don't trust the MPPE key lengths passed back from the RADIUS server.
Instead, use the correct values based on the number of bits actually
negotiated.

Spotted by: Sergey Korolew <ds@rt.balakovo.ru>
2002-07-02 00:47:24 +00:00
Brian Somers
e0efa79664 Remove some misleading/wrong diagnostics 2002-07-02 00:12:24 +00:00
Brian Somers
dfc1b4ac01 Show the port number (tty slot, pppoe session id etc) under
``show physical''.
2002-06-30 01:46:22 +00:00
Brian Somers
6ca7707b44 When a netgraph message is read, look for another before returning.
This removes a bad latency problem during initial setup where we
end up waiting for too long before reading the connected message
and time the connection out.

Problem figured out by:	Andre Albsmeier <andre@albsmeier.net>
2002-06-29 18:49:08 +00:00
Brian Somers
23ddebe20f Don't use SignalBundle if it's not set
Submitted by: Federico G. Schwindt <fgsch@olimpo.com.br>
2002-06-28 09:33:25 +00:00
Brian Somers
579abfd895 Complain about (and fix) misformatted RADIUS attributes rather than silently
fixing them.
2002-06-28 09:18:15 +00:00
Brian Somers
2f11f09fee When a RADIUS server is being used, don't use MPPE unless the RADIUS
server says it's ok.
2002-06-28 08:46:21 +00:00
Brian Somers
99cfc2e2b2 Add a hack to handle RADIUS responses from peers that forget that
there's an ``Ident'' field in the MS-CHAP2-Response and
MS-CHAP-Error attributes.

The RADIATOR server seems to be guilty of this.
2002-06-23 23:38:06 +00:00
Brian Somers
dbc46ca401 Don't expect NUL terminated data in all netgraph messages received.
Only display message hook values we understand.
2002-06-22 21:01:47 +00:00
Brian Somers
250be50b72 Compensate for dodgy Win98/WinME MSCHAPv2 responses later in the code
path... after we've talked to any RADIUS servers involved, so that we
haven't touched the data before it gets to the server.

Make it clearer in the code that this compensation is done by setting
a flag to a value of zero, a flag which rfc2759 says *MUST* be zero.

While we're here, don't bother passing the peer challenge into
radius_Authenticate().  It's already part of the key we're passing in
(this becomes obvious now that I've structured that data...).

This ``fix'' doesn't help to authenticate Win98/WinME users in my test
environment as ports/net/freeradius seems to ignore the flag
completely anyway, but it may help with other RADIUS servers.
2002-06-17 01:12:38 +00:00
Brian Somers
3627fe880c A better prinflike fix... 2002-06-15 08:03:59 +00:00
Brian Somers
10be78d3ae Remove whitespace at the end of lines. 2002-06-15 08:03:30 +00:00
Brian Somers
3db951841c Fix a printflike format error 2002-06-15 01:36:36 +00:00
Brian Somers
61fe3f63bc Remove a forgotten diagnostic 2002-06-15 01:35:03 +00:00
Brian Somers
635ad5f021 If a RAD_FILTER_ID is supplied by the RADIUS server, treat it as an
additional label from ppp.linkup & ppp.linkdown to load.

Suggested and mostly submitted by: andrew pavlov <and@kremenchug.net>
2002-06-12 23:45:15 +00:00
Brian Somers
aea6acb6da Bump the version number to reflect the recent RADIUS commits 2002-06-12 23:00:12 +00:00
Brian Somers
a95b23a6b2 Don't forget to process the Ident field on the front of
RAD_MICROSOFT_MS_CHAP_ERROR and RAD_MICROSOFT_MS_CHAP2_SUCCESS
messages, and remove the hack in chap.c to ignore that ident field
on the client side.

This anomoly was hacked around during development, and I forgot to
go back and fix it properly.

Spotted by: Sergey Korolew <ds@rt.balakovo.ru>
2002-06-12 21:36:07 +00:00
Brian Somers
8fb5ef5ae2 Understand the following Microsoft Vendor Specific RADIUS attributes:
RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY
  RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES
  RAD_MICROSOFT_MS_MPPE_RECV_KEY
  RAD_MICROSOFT_MS_MPPE_SEND_KEY

These attributes may be supplied by a RADIUS server when MSCHAPv2 is
used to authenticate.

It *should* now be possible to build ppp with -DNODES and still support
CHAP/MSCHAP/MSCHAPv2/MPPE via a RADIUS server, but the code isn't yet
smart enough to do that (building with -DNODES just looses these
facilities).

Sponsored by: Monzoon
2002-06-12 00:33:17 +00:00
Brian Somers
12b5aaba39 Cast pid_t to long for printf()ing
Obtained from:	OpenBSD
2002-06-06 01:39:46 +00:00
Brian Somers
7b5e6f62fb Add a missing ``a''. 2002-06-03 21:36:20 +00:00
Brian Somers
aadbb4eab1 Don't send a RAD_NAS_IP_ADDRESS attribute as RAD_NAS_IDENTIFIER is
sufficient.

In fact, using both breaks the radiator RADIUS daemon when used with
a db as it maps both attributes to the same field value and then
fails the insert.

I decided to remove RAD_NAS_IP_ADDRESS on the basis that rfc2138 says:

      An Access-Request MUST contain a User-Name attribute.  It SHOULD
      contain either a NAS-IP-Address attribute or NAS-Identifier
      attribute (or both, although that is not recommended).  It MUST

despite the fact that this not recommended bit was removed from the
updated rfc.
2002-06-02 14:27:02 +00:00
Brian Somers
42df3c252e Coerce pid_t to long rather than int for better portability.
Suggested by: Theo de Raadt <deraadt@openbsd.org>
2002-05-27 23:19:53 +00:00
Brian Somers
d4ff125fc1 Increase the maximum FSM option length to 50 2002-05-22 21:17:13 +00:00
Brian Somers
b08bf2de64 Add some missing #includes that weren't required due to namespace polution
in our headers.

Submitted by: bde
2002-05-22 21:08:58 +00:00
Brian Somers
3eaa768da0 Mention our support of the authentication side of rfc2548 2002-05-21 10:54:07 +00:00
Brian Somers
d5caaf02c1 Document RAD_MICROSOFT_MS_CHAP2_SUCCESS. 2002-05-18 23:58:15 +00:00
Brian Somers
5bc74cd68f Put back <string.h> 2002-05-17 00:44:54 +00:00
Brian Somers
52c555907f Add some OpenBSD includes 2002-05-16 14:47:19 +00:00
Brian Somers
6573c25286 Fix a mis-placed #else/#endif 2002-05-16 14:28:32 +00:00
Brian Somers
a16061b236 Handle MS-CHAPv2 authentication correctly via the RADIUS server (if it's
configured).
Handle internal failures in radius_Authenticate() correctly.
Bump the ppp version number.

This doesn't yet work with MPPE.  More will follow.

Sponsored by: Mozoon
2002-05-16 13:34:20 +00:00
Brian Somers
6f4cd65600 Fix an include for NetBSD 2002-05-14 17:50:25 +00:00
Brian Somers
d76a00091c Avoid a rather bizarre warning from gcc 3.1:
/usr/src/usr.sbin/ppp/cbcp.c:566:61: warning: trigraph ??! ignored
2002-05-14 13:32:30 +00:00
Brian Somers
de59e178aa o Clean up some #includes
o Bump version number to 3.0.4
o When talking to a RADIUS server, provide a NAS-Port-Type.

  When the NAS-Port-Type is Ethernet, provide a NAS-Port value equal
  to the SESSIONID from the environment in direct mode or the
  NGM_PPPOE_SESSIONID message in other modes.  If no SESSIONID is found,
  default to the interface index in client mode or zero in server mode.

  When the NAS-Port-Type is ISDN, set the NAS-Port to the minor number
  of the physical device (ie, the N in /dev/i4brbchN).

  This makes it easier for the RADIUS server to identify the client
  WRT accounting data etc.

Prompted by:	lsz8425 <lsz8425@mail.cd.hn.cn>
2002-05-14 12:55:39 +00:00
Brian Somers
a43e859d63 Calculate the number of open links properly when deciding on whether to
just send PROTO_IP packets when we've got only one link up in multi-link
mode.

Problem noted by:	Adrian Close <adrian@fernhilltec.com.au>
MFC after:		1 week
2002-05-14 00:59:28 +00:00
Brian Somers
e0ae8e1950 Fix a syntax error 2002-05-13 20:25:47 +00:00
Brian Somers
413205628d We don't need to include arpa/inet.h here. In fact, only FreeBSD needs
netinet/in.h.
2002-05-11 17:04:01 +00:00
Brian Somers
b50574e8bc #include netinet/in.h when !__FreeBSD__ to silence some warnings from
the inclusion of arpa/inet.h
2002-05-11 10:54:45 +00:00
Brian Somers
35bed99ba9 NetBSD keeps des.h in /usr/include/openssl these days 2002-05-11 03:47:15 +00:00
Brian Somers
ff8e577bc6 Add support for MS-CHAP authentication via a RADIUS server.
Add support for Reply-Message and MS-CHAP-Error.

Sponsored by:	Monzoon
2002-05-10 03:11:35 +00:00
Brian Somers
299920e5ed Don't corrupt MP fragments when they're put back on the front of our
inbound queue.

Submitted by:	"Amit K. Rao" <arao@niksun.com>
PR:		37813
MFC after:	1 week

Also fix a typo while I'm here.
2002-05-07 12:48:45 +00:00
Brian Somers
bf1eaec5e8 Understand the Session-Timeout RADIUS attribute
Store the Filter-Id attribute (we don't do anything with it yet)

Submitted mostly by: andrew pavlov <and@kremenchug.net>
2002-05-07 10:06:54 +00:00
Brian Somers
c1d57c383a Tweak a data type from char * to u_char * 2002-05-04 21:47:43 +00:00
Brian Somers
e1e3d2ca69 Make ``set mru'' require a context. In multi-link mode, there's no
point in being allowed to ``set mru'' for the MP lcp layer.

Spotted by:	Richard Browne <richb@timestone.com.au>
MFC after:	1 month
2002-05-04 19:38:43 +00:00
Brian Somers
d9c83d7b81 Bump the version to mark the fixed FSM TLD ordering 2002-05-01 10:08:10 +00:00
Brian Somers
d14cc5f96a If we receive a config request while Open, call TLD *before* decoding
the request as TLD may initialise fields that are set when decoding the
request.

MFC after:	1 week
2002-05-01 10:04:49 +00:00
Brian Somers
69f6ed253d Allow the peer to modify the LQR interval 2002-05-01 07:49:07 +00:00
Dag-Erling Smørgrav
d397408818 Usage style sweep: spell "usage" with a small 'u'.
Also change one case of blatant __progname abuse (several more remain)
This commit does not touch anything in src/{contrib,crypto,gnu}/.
2002-04-22 13:44:47 +00:00
Brian Somers
768dc55092 Don't load the netgraph line discipline. When it's in use, TIOCMGET
fails and on loss of carrier, the device doesn't become selectable with
0 bytes to read.

Problem reported by: ache
2002-04-21 02:00:29 +00:00
Brian Somers
d5f694305a Add variable substitutions for SOCKNAME, IPOCTETSIN, IPOCTETSOUT, IPPACKETSIN,
IPPACKETSOUT, IPV6OCTETSIN, IPV6OCTETSOUT, IPV6PACKETSIN, IPV6PACKETSOUT,
OCTETSIN, OCTETSOUT, PACKETSIN, PACKETSOUT and SOCKNAME.
2002-04-17 12:38:59 +00:00
Brian Somers
7e1c2e33be Don't display an extraneous ``: '' with some packets in/packets out diagnostics 2002-04-16 23:57:21 +00:00
Brian Somers
ff360cc91b Make the way FSM options are processed easier to read by using structures
instead of u_char *.

The changes are cosmetic except:

  RecvConfigAck() now displays the options that are being ACK'd
  Huge (bogus) options sent from the peer won't cause an infinite loop
  SendIdent and ReceiveIdent are displayed consistenlty with other FSM data
  LCP AUTHPROTO options that aren't understood are NAK'd, not REJ'd
2002-04-16 23:57:09 +00:00
Brian Somers
5476d2e5aa When it's necessary to kldload tun(4), don't forget to re-try to open
tun0.

Submitted by:	qhwt@myrealbox.com
2002-04-15 00:14:40 +00:00
Tatsumi Hosokawa
33b47634a8 Get tun P2P address from the local pool if RADIUS server returned
255.255.255.254 as client ipaddr.

Reviewed-By:	freebsd-net mailing list
2002-04-04 08:43:00 +00:00
Brian Somers
c007b10217 Fix a typo 2002-03-31 01:57:06 +00:00
Brian Somers
97486b090f Add a missing ``#ifndef NONETGRAPH'' 2002-03-31 01:56:34 +00:00
Brian Somers
3089715715 Remove some extraneous whitespace 2002-03-31 01:51:15 +00:00
Brian Somers
25f2690c32 Include arpa/inet.h 2002-03-31 01:36:08 +00:00
Ruslan Ermilov
dabd255998 Fix CLEANFILES. 2002-03-30 17:57:51 +00:00
Brian Somers
356bf92dce Add a sprinkling of mp_Down() calls to ensure that we don't think that
the multi-link NCP is up when it isn't.
2002-03-30 12:52:55 +00:00
Brian Somers
afb28bf732 Don't use the RTF_GATEWAY flag and pass the RTA_GATEWAY address when updating
routes.
2002-03-30 12:50:49 +00:00
Brian Somers
ad65ae3a27 Add a missing break 2002-03-30 12:47:29 +00:00
Brian Somers
fb11a9c23d Merge the NETGRAPH branch into HEAD. tty devices now use netgraph's line
discipline to do the async escaping, but no other benefits are available yet.

Change ``ifdef HAVE_DES'' to ``ifndef NODES'' for consistency.

Make the Makefile a little more sane WRT RELEASE_CRUNCH.
2002-03-30 12:30:09 +00:00
Brian Somers
af154d5ce6 Fix a typo
Submitted by:	dirk
2002-03-25 14:14:31 +00:00
Ruslan Ermilov
bd41558c17 mdoc(7) police: .Va -> .Ev. 2002-03-15 17:03:05 +00:00
Brian Somers
d919580716 Use the return value from snprintf() to keep a track of the length of
the display string in MPPEDispOpts.

PR:		35836
MFC After:	2 weeks
2002-03-13 10:21:19 +00:00
Brian Somers
dc65642605 Handle B460800 and B921600 being defined in <termios.h> 2002-03-12 16:05:26 +00:00
Brian Somers
b84271d866 Don't drop the last character from ut_line in ID0logout().
PR:		35531
MFC after:	2 weeks
2002-03-05 13:03:11 +00:00
Brian Somers
ea59de3733 Don't blow away ``set escape'' settings when we've completed the
login phase.  Just initialise the correct parts.

Originially submitted by:	Vladimir B. Machulsky <bofhmail@yahoo.com>
2002-03-04 10:08:57 +00:00
Brian Somers
bb9e8c0380 Document NGM_PPPOE_ACNAME handling. 2002-02-20 15:53:47 +00:00
Brian Somers
7f77b55938 Handle NGM_PPPOE_ACNAME messages.
Submitted by:	Andre Albsmeier <andre@albsmeier.net>
Approved by:	julian
2002-02-20 15:52:20 +00:00
Mike Barcroft
fd8e4ebc8c o Move NTOHL() and associated macros into <sys/param.h>. These are
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
  source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
  Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
  POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
  and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
  complexities associated with having MD (asm and inline) versions, and
  having to prevent exposure of these functions in other headers that
  happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
  third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.

Tested on:	alpha, i386
Reviewed by:	bde, jake, tmm
2002-02-18 20:35:27 +00:00
Brian Somers
c3805e0152 Detect if a udp socket on STDIN_FILENO is connected by calling
getpeername() and don't set PASSIVE mode if it's is.
2002-01-23 23:36:35 +00:00
Brian Somers
97dd5500aa Cross reference the NETWORK ADDRESS TRANSLATION section when describing
the -nat flag.

Requested by:	eivind
2002-01-23 21:11:33 +00:00
Brian Somers
63c6cac940 socket()s first argument should be a protocol family rather than an
address family.
2002-01-16 14:03:52 +00:00
Brian Somers
c87436f341 socket's first argument is an address family, not a protocol family. 2002-01-16 13:15:47 +00:00
Brian Somers
af1e766495 When authenticating a name containing a ``\'', attempt to autenticate
using the part after the ``\'' if the original name is not found.

This allows M$ clients to use domain\user as their authname.

Reviewed by: Ian West <ian@niw.com.au>
2002-01-08 11:24:39 +00:00
Brian Somers
c03b8e5e60 Consider PROTO_IPV6 as compressible by CCP.
Spotted by: Nick Sayer <nsayer@quack.kfu.com>
2001-12-09 01:29:12 +00:00
Brian Somers
add3c04151 Pay attention to failures to SIOCAIFADDR and SIOCDIFFADDR. 2001-11-30 14:01:21 +00:00
Brian Somers
c4a913b6b8 Don't provide an RTA_GATEWAY sockaddr when we write RTM_CHANGE messages
to the routing socket.

The local address on a point-to-point interface is not actually a
gateway address - despite it appearing in the second column of
netstat -r's output.  Providing a gateway to an RTM_CHANGE will
currently change the route's interface so that it's using the
specified gateway - not what we want.

Patiently explained to me by:	ru
2001-11-30 14:01:20 +00:00
Brian Somers
2ea80d6d37 Add some DEBUG logging to tell us when interface addresses are being
added and removed
2001-11-30 14:01:18 +00:00
Brian Somers
0ed9882caa Remove the hack that ensures that rt_Update() works on FreeBSD. Now
that the ncpaddr code doesn't create default routes with non-zero
masks, everything works as it should.
2001-11-23 19:20:45 +00:00
Brian Somers
361a7b933f When writing messages to the routing socket, round sockaddr sizes
up in the same way that we expect them to be when we read them.

This is a no-op on i386 and probably on alphas, as we currently
only support AF_INET and AF_INET6.
2001-11-23 17:19:36 +00:00
Brian Somers
a3d71c3de1 Be paranoid about non-zero netmasks being associated with INET addresses
of 0.0.0.0.

The OpenBSD PF_ROUTE/NET_RT_DUMP sysctl is sending back routes with
RTAX_NETMASK set, but the corresponding sockaddr being 4 zero bytes
(with an address family of zero).  ppp was getting confused by this
and ending up interpreting it as a 0.0.0.0/32 routing table
destination and subsequently failing to do anything with the route.

Specifically, after this fix, ppp under OpenBSD can successfully
change and delete the default route again !
2001-11-23 17:19:27 +00:00
Brian Somers
846e7227be Remove an unused variable (oops) 2001-11-23 15:47:04 +00:00
Brian Somers
26dceef0a6 Don't adjust_linklocal() when pulling a sockaddr out of an ncpaddr or
ncprange structure.

Don't write() the netmask for IPv6 sockaddrs to the routing socket if
the prefixlen is 128.

It seems that messages written to the routing socket with the scopeid
set for link local addresses are not understood.  Instead, we have to
put the scopeid in the 5th and 6th bytes of the address (see
adjust_linklocal() in ncpaddr.c).  I think this may be a bug in the
KAME implementation - it should really understand both forms.
2001-11-23 12:39:20 +00:00
Brian Somers
412649a38d Remove a bogus log_Id() decl 2001-11-23 11:15:35 +00:00
Brian Somers
eea438f87a Fix usage for the log command 2001-11-23 11:07:43 +00:00
Brian Somers
a1c634637f Whitespace tweak 2001-11-23 10:46:28 +00:00
Brian Somers
a12856cfee Expand the first argument of the ``log'' command if it's a variable. 2001-11-22 04:23:49 +00:00
Brian Somers
3b0c289136 Document that an UPTIME variable is now available 2001-11-22 01:44:23 +00:00
Brian Somers
39d2e655ee Remove unused variables 2001-11-04 16:19:05 +00:00
Brian Somers
46df5aa7bc Add a ``log'' command for logging specific information.
Add an ``UPTIME'' variable to indicate the bundle uptime.

It's now possible to put something like this in ppp.linkdown
for a server setup:

  MYADDR:
    log Session closing: User USER, address HISADDR, up UPTIME

Fixed some memory leakage with commands that expand words.
Made some functions static.
Fixed a diagnostic bug (iface add .... SIOCDIFADDR)
2001-11-03 21:45:32 +00:00
Brian Somers
9ea6970784 Call CCP protocol -1 ``none'' 2001-11-03 19:29:30 +00:00
Brian Somers
de97d73d11 cmott@scientech.com -> cm@linktel.net
Requested by: Charless Mott <cmott@scientech.com>
2001-11-03 11:36:17 +00:00
Brian Somers
dad51e5ce8 Don't avoid setting a 0 second timer in datalink_StartDialTimer() by
not setting any timer.  Instead, set a 1 millisecond timer.

This ensures that ppp will come out of it's select() call after
losing carrier in -ddial mode with a reconnect period of 0 and
going to ST_OPENING, rather than waiting indefinitely for some
other event to wake ppp up.

Bump the ppp version number to indicate the event.

MFC after: 3 days
2001-10-23 13:52:19 +00:00
Peter Wemm
0407540adf ia64 support. Due to the bogus placement of some i4b includes, it is
i386-only, even though it would work on all the isa-capable platforms.
Change the NOI4B so that instead of excluding alpha, it only includes i386.
2001-10-23 10:20:24 +00:00
Brian Somers
0860ce5d69 Include the right i4b files for NetBSD 2001-10-19 15:56:56 +00:00
Brian Somers
542a7fe08a Fix AUTH callback negotiations.
MFC after: 1 week
2001-10-18 08:48:04 +00:00
Brian Somers
2a772845ff When the peer fails to specify an MRU and a 1500 byte MRU is not
allowed either because of the transport or configuration, send a
MRU NAK only once, then allow the negotiations to proceed.

rfc1661 says that 1500 should always be allowed and rfc2516 says
that 1492 is the maximum for PPPoE.  This changes ppp so that it
only weakly suggests 1492, then goes with the default (leaving
the problem in the hands of the peer WRT how they set their MTU).

MFC after: 1 week
2001-10-18 08:47:56 +00:00
David Malone
2bc21ed985 Hopefully improve control message passing over Unix domain sockets.
1) Allow the sending of more than one control message at a time
over a unix domain socket. This should cover the PR 29499.

2) This requires that unp_{ex,in}ternalize and unp_scan understand
mbufs with more than one control message at a time.

3) Internalize and externalize used to work on the mbuf in-place.
This made life quite complicated and the code for sizeof(int) <
sizeof(file *) could end up doing the wrong thing. The patch always
create a new mbuf/cluster now. This resulted in the change of the
prototype for the domain externalise function.

4) You can now send SCM_TIMESTAMP messages.

5) Always use CMSG_DATA(cm) to determine the start where the data
in unp_{ex,in}ternalize. It was using ((struct cmsghdr *)cm + 1)
in some places, which gives the wrong alignment on the alpha.
(NetBSD made this fix some time ago).

This results in an ABI change for discriptor passing and creds
passing on the alpha. (Probably on the IA64 and Spare ports too).

6) Fix userland programs to use CMSG_* macros too.

7) Be more careful about freeing mbufs containing (file *)s.
This is made possible by the prototype change of externalise.

PR:		29499
MFC after:	6 weeks
2001-10-04 13:11:48 +00:00
Ruslan Ermilov
72736552c4 Keep up with sys/net/rtsock.c,v 1.58.
Prodded by:	brian
2001-09-21 16:14:53 +00:00
Brian Somers
ed1e8460bd sigpause() -> sigsuspend()
sigblock() -> sigprocmask()
2001-09-13 10:03:30 +00:00
Brian Somers
d9dc3116bf Correct alignment issues
Obtained from: OpenBSD
2001-09-13 10:03:20 +00:00
Brian Somers
ee52a08baa Spell syslog.conf correctly
Submitted by:	Tony Finch <dot@dotat.at>
PR:		30545
2001-09-13 09:06:51 +00:00
Brian Somers
156a04e466 Fix a diagnostic 2001-09-04 22:07:56 +00:00
Brian Somers
f0ea3513c9 Some cosmetic changes to sync with OpenBSD 2001-08-27 19:08:43 +00:00
Brian Somers
a7428f1858 Send a reset request for every packet received when our encryption
dictionaries are out of sync.

This avoids the complications that happen when our original reset
request gets lost in transit (quite likely in hind sight, given a
lossy link) when we end up ignoring the peer for the next (up to)
256 packets.

Submitted by:	Nick Sayer <nsayer@quack.kfu.com>
2001-08-27 10:42:21 +00:00
Brian Somers
1a939a075f Handle return values of 0 from NgRecvMsg() properly. 2001-08-24 14:53:41 +00:00
Brian Somers
ebdcbc6744 o Enable IFF_MULTICAST when first opening the tun device (and keep the flag
when we ioctl(TUNSIFINFO) under OpenBSD)
o Don't bring the interface up immediately
o Don't complain about unrecognised interface flags in ``show iface''.
2001-08-21 11:07:58 +00:00
Brian Somers
2313781df2 Handle snprintf() returning < 0 (not just -1)
MFC after:	2 weeks
2001-08-20 15:09:34 +00:00
Brian Somers
84b0fe8197 Properly change old interface addresses so that their destination is
255.255.255.255 if our new destination address conflicts.
2001-08-20 11:06:21 +00:00
Brian Somers
428217f76c Add some comments to explain what's going on here 2001-08-20 10:25:23 +00:00
Brian Somers
d42d9220c7 When attempting to change the default route, don't write the gateway
and mask to the routing socket, otherwise the update fails.

Warning provided by: markm

The code here was broken for FreeBSD when IPv6 support was added, but
was fixed for OpenBSD.  OpenBSD expects the gateway and mask to be
supplied and fails the update otherwise.
2001-08-20 00:46:33 +00:00
Brian Somers
260799afa4 Add some casts.
Not spotted by: FreeBSD's gcc version 2.95.3 20010315 (release)
Spotted by: OpenBSD's gcc version 2.95.3 20010125 (prerelease)
2001-08-19 22:23:28 +00:00
Brian Somers
5cbe92e7e8 Add a missing % in a format string.
Not spotted by: FreeBSD's gcc version 2.95.3 20010315 (release)
Spotted by: OpenBSD's gcc version 2.95.3 20010125 (prerelease)
2001-08-19 22:23:23 +00:00
Brian Somers
856cf6873b Avoid a compiler warning
Not spotted by: FreeBSD's gcc version 2.95.3 20010315 (release)
Spotted by: OpenBSD's gcc version 2.95.3 20010125 (prerelease)
2001-08-19 22:23:22 +00:00
Brian Somers
1433aa5dff Better handling for the return of snprintf(). 2001-08-18 22:43:11 +00:00
Brian Somers
1a2b4e4a5c If AF_INET6 isn't available in the kernel, revert to creating AF_INET
listening sockets in ``set server''.
2001-08-18 19:16:56 +00:00
Brian Somers
1136c6ac64 Back out the previous fix to deal with kernels that don't support IPv6,
and implement a far more subtle and correct fix.

The reason behind the infinite loop was that ppp was trying to make up
initial IPv6 numbers and wasn't giving up when it failed unexpectedly to
assign the addresses it just fabricated to it's interface (thinking that
the reason was because another interface was using the same address).
It now attempts this up to 100 times before just failing and trying to
muddle along (in reality, this should never happen more than a couple
of times unless our random number generator doesn't work).

Also, when IPv6 is not available, don't even try to assign the IPv6
interface address in the first place...
2001-08-18 19:07:13 +00:00
Brian Somers
c5109a323c Run correctly on a machine built without AF_INET6 support 2001-08-18 13:04:52 +00:00
Brian Somers
1d3d76d47f Build properly with -DNOINET6 2001-08-18 12:31:54 +00:00
Brian Somers
6c764d89cd Build properly with -DNOIPV6 2001-08-18 12:30:41 +00:00
Brian Somers
cb41bad03f Add two missing includes 2001-08-16 16:58:12 +00:00
Brian Somers
e1a94c3dcf Remove an unused variable 2001-08-16 16:58:02 +00:00
Ruslan Ermilov
8ab59f7093 mdoc(7) police: markup nit, removed whitespace at EOL. 2001-08-16 08:26:04 +00:00
Brian Somers
5ae083292b Specify the gateway address when updating the MTU and send/recv pipe
sizes on a route.

IMHO this shouldn't be necessary (the destination & mask/prefixlen
should be enough), but without it, the default route update under
OpenBSD will fail.

Thanks to: Russell T Hunt <alaric@MIT.EDU>
2001-08-16 02:01:05 +00:00
Brian Somers
6de54bbe7a Fix a couple of forgotten comments 2001-08-16 02:00:55 +00:00
Brian Somers
971abb295e Probe for the availability of AF_INET6 at startup. If it's not
available, default ipv6cp to disabled and refuse to let the user
enable it.
2001-08-15 13:53:38 +00:00
Brian Somers
a886247185 Don't show a prefixlen when a destination address is present
in ``show iface''.
2001-08-15 13:05:39 +00:00
Brian Somers
ad1f9eaedb Add a missing newline 2001-08-15 12:48:09 +00:00
Brian Somers
bcd13e2e67 Don't forget to attache the sticky route change to the ncp structure.
PR:	29726
2001-08-15 12:47:51 +00:00
Brian Somers
2f4da197f1 Avoid calling bits2mask4() when bits is -1. 2001-08-15 12:07:39 +00:00
Brian Somers
30949fd4b5 o Add ipv6 support, abstracting most NCP addresses into opaque
structures (well, they're treated as opaque).

  It's now possible to manage IPv6 interface addresses and routing
  table entries and to filter IPV6 traffic whether encapsulated or
  not.

  IPV6CP support is crude for now, and hasn't been tested against
  any other implementations.

  RADIUS and IPv6 are independent of eachother for now.

  ppp.linkup/ppp.linkdown aren't currently used by IPV6CP

o Understand all protocols(5) in filter rules rather than only a select
  few.

o Allow a mask specification for the ``delete'' command.  It's now
  possible to specifically delete one of two conflicting routes.

o When creating and deleting proxy arp entries, do it for all IPv4
  interface addresses rather than doing it just for the ``current''
  peer address.

o When iface-alias isn't in effect, don't blow away manually (via ``iface
  add'') added interface addresses.

o When listening on a tcp server (diagnostic) socket, bind so that a
  tcp46 socket is created -- allowing both IPv4 and IPv6 connections.

o When displaying ICMP traffic, don't display the icmp type twice.
  When display traffic, display at least some information about unrecognised
  traffic.

o Bump version

Inspired after filtering work by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
2001-08-14 16:05:52 +00:00
Ruslan Ermilov
04da392069 mdoc(7) police: s/OpenBSD/.Ox/ where appropriate. 2001-08-13 16:43:02 +00:00
Brian Somers
f48ce56286 Preprocess ppp.8.m4 into ppp.8, taking into account any compile time
options used to build ppp.

Currently, this is a no-op and only handles LOCALNAT and LOCALRAD cases.

This will be used for the upcoming ipv6 changes, and allows a shared
man page between OpenBSD and FreeBSD.
2001-08-11 18:27:14 +00:00
Brian Somers
915ce3bc2a Change copyright to BSD-style copyright.
Ok'd by:	Gabor Kincses <gabor@acm.org>
2001-08-10 17:42:58 +00:00
Ruslan Ermilov
c4d9468ea0 mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
Brian Somers
d8c3658bb5 Warn when a CHAP81 SUCCESS packet is invalid due to an incorrect S= value. 2001-08-03 09:28:21 +00:00
Brian Somers
1a40cd082a The wrong-last-byte bug on win98 chap responses is also in winME 2001-08-02 20:12:48 +00:00
Brian Somers
686e8c8b12 Add a ``nat punch_fw'' command for punching FTP and IRC DCC holes through
the firewall.
2001-08-02 10:16:32 +00:00
Brian Somers
317e74fd2b Don't include a NUL at the end of our CHAP SUCCESS packet.
When encryption (MPPE) is enabled, WindowsME and Windows98 both
fail because of the extra byte, suggesting that they autheticated
successfully in their log and then dropping the connection, telling
the user that the peer doesn't support compatible encryption
options.

MFC after: 1 week
2001-07-31 21:36:00 +00:00
Brian Somers
65cacad456 Remove an irritating diagnostic emitted to LogPHASE when a
static proxy arp entry is deleted.

Rename a function (for consistency) and remove some whitespace
(for readability).

MFC after:	1 week
2001-07-31 15:19:07 +00:00
Brian Somers
ed09c8a4a0 When we receive a CHAP81 challenge response, we always expect the last
byte of the packet to contain '\0'.

Windows 98 gets this wrong, dropping garbage into the last byte and
failing authentication.

Now, we notice this and whinge to our log file that we're compensating
for the corrupt data.
2001-07-31 08:21:39 +00:00
Brian Somers
5a0827311e If the peer REJects our MRU REQ, stop REQing it -- *EVEN* if we're
doing PPPoE and the default MRU is therefore too big.

When negotiating with win2k, we ask for MRU 1492 and the win2k box
NAKs us saying ``MRU 1492''.  This doesn't make sense to me.  When
we continue to request MRU 1492, the win2k box eventually REJs our
MRU.  This fix allows negotiations to continue at that point,
bringing the link up and potentially allowing the win2k box to send
us frames that are too large.  AFAICT this is better than failing
to bring the link up.... probably !

I have no idea how to do the equivalent of ``route get'' or
``ifconfig -a'' under win2k, so I can't tell what MTU it actually
ends up using.

I believe the bug is in win2k (it's certainly mis-negotiating).
I'll MFC given the release engineers permission as code freeze
begins on August 1.

PR:		29277
MFC after:	3 days
2001-07-30 17:04:39 +00:00
Brian Somers
fe17bea378 Change permissions back to 4554/554
Suggested by:	kris
2001-07-28 11:58:41 +00:00
Brian Somers
5e3b2d6847 If the peer sends a REQ without the IPADDR option, only reject it
once.  If they repeat the request (again without the IPADDR option)
ACK it.

I've had reports that some ppp implementations will not assign
themselves an IP number.  This should negotiate with such things.

MFC after:	3 days
2001-07-28 11:32:08 +00:00
Brian Somers
525b58c9ce Handle peer REQ/NAKs of >1500 byte MRUs when we have no preference.
MFC after: 3 days
2001-07-26 11:33:53 +00:00
Brian Somers
1e0a94b6a0 Change permissions from [4]554 to [4]551
MFC after: 3 days
2001-07-25 11:44:04 +00:00
David E. O'Brien
90e655ea4e Perform a major cleanup of the usr.sbin Makefiles.
These are not perfectly in agreement with each other style-wise, but they
are orders of orders of magnitude more consistent style-wise than before.
2001-07-20 06:20:32 +00:00
David E. O'Brien
ac24b049cc Remove GCC'isms in CFLAGS. 2001-07-20 04:23:13 +00:00
Brian Somers
8152dca8b2 Bring the PPPoE Ethernet interface up *BEFORE* we send the node a
CONNECT message.

MFC after: 1 week
2001-07-18 09:33:45 +00:00
Brian Somers
17462195a8 Ignore (with a warning message) mtu/mru configurations that are greater
than the maximum physical values.

MFC after: 1 week
2001-07-17 01:06:13 +00:00
Brian Somers
c4498e7de4 TCPMSS adjusts all TCP SYN packets, not just outgoing ones.
Pointed out by: ru
2001-07-16 17:02:10 +00:00
Dima Dorfman
f247324df7 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
Brian Somers
6cee8a8317 Perform MSS fixups on incoming packets as well as outgoing.
MFC after: 1 week
2001-07-13 02:04:19 +00:00
Dima Dorfman
70d51341bf mdoc(7) police: remove extraneous .Pp before and/or after .Sh. 2001-07-09 09:54:33 +00:00
Brian Somers
b5b15b9e7f Fix the type of the last arg to execl()
Obtained from: OpenBSD
2001-07-09 08:17:47 +00:00
Brian Somers
543b7124d2 Staticise the OpenBSD SHA1_End() function 2001-07-09 00:45:57 +00:00
Brian Somers
4016f9e0c4 Stay (backwards-)compatible with OpenBSD's groff 2001-07-09 00:13:49 +00:00
Brian Somers
8829899405 Add a ``nat proto'' command -- similar to natd(8)'s -redirect_proto switch.
MFC after: 3 weeks
2001-07-09 00:07:56 +00:00
Brian Somers
7e62c63844 Don't try to dereference the -1th ccp algorithm array entry when we
open CCP with no algorithm.
2001-07-07 13:12:07 +00:00
Brian Somers
662a42f752 When we miss one or more packets in stateful mode *and* need to
perform a key change, *and* our sequence numbers have wrapped,
ensure that the number of key changes is calculated correctly.

The previous code counted down from a negative number to zero,
re-encrypting the current key on each iteration - this took some
time and strangely enough got the answer wrong !!!

Fix a(nother) spelling mistake while I'm there.
2001-07-07 03:06:20 +00:00
Brian Somers
80a18377e9 Spell stateful properly
Inconsistently done by:	brian
Spotted by:		ru
2001-07-06 23:45:32 +00:00
Ruslan Ermilov
8fa6936ded mdoc(7) police: removed hard sentence breaks, sorted xrefs. 2001-07-05 11:01:12 +00:00
Brian Somers
dd1a52b9e4 Make the last fix work properly on descriptors 1 and 2 (not just 0) 2001-07-04 09:32:34 +00:00
Brian Somers
108e336ab5 Handle any of descriptors 0, 1 or 2 being closed when we're
envoked -- don't use them (as return values from open()), then
(say) close(STDIN_FILENO) when daemonising.

This is done by grabbing 3 descriptors to /dev/null at startup and
releasing them after we've daemonised.

MFC after: 1 week
2001-07-04 03:34:20 +00:00