interrupted with a SIGALRM. In fact, select() sets the
passed time to zero, making the previous implementation
terminate always after 1/10th of a second !
Also, deal with someone changing the clock while we're
sleeping (and restart the whole sleep).
Dangers pointed out by: Theo de Raadt <deraadt@cvs.openbsd.org>
When CCP is originally negotiated, the only thing we can be
sure about is that we've started adding data to the inflate
dictionary either before or at the same time as the peer. This
is ok, 'cos DEFLATE is a `sliding window' compressor.
Show the IP range (if specified) in "show ipcp".
Close unused descriptors 0 and 2 in interactive mode.
Pass (size_t *) rather than (int *) to sysctl().
strcpy(a, b); /* a and b are the same size */
with
strncpy(a, b, sizeof(a));
a[sizeof(a)-1] = '\0';
Making the code `correct at a glance'.
Suggested by: Theo de Raadt <deraadt@cvs.openbsd.org>
Disallow connections from port numbers <1024 as low port numbers
can only really mean trouble (ftp bounces etc.).
Discussed at length with: Theo de Raadt <deraadt@cvs.openbsd.org>
fd_set, make sure that all descriptors >2 are closed
when we start - otherwise we're asking for a dump in
FD_SET().
Problem pointed out by: Theo de Raadt <deraadt@cvs.openbsd.org>
when command logging is switched on.
o Display ******** for the authkey for "show auth"
o Document how \P should be used, and document the other chat escapes
while I'm there.
o Make sure the full command is displayed when a compound command
fails - ie, "set novar rubbish" should say "set novar: Invalid command"
rather than "novar: Invalid command"
Problem pointed out by: Theo de Raadt <deraadt@cvs.openbsd.org> (among others)
line is > LINE_LEN (512 bytes), we scribble (*blush*).
Hinted at by: Theo de Raadt <deraadt@cvs.openbsd.org>
Change sprintf(buf, "fixedstring") to strcpy(buf, "fixedstring").
all RTF_WASCLONED routes, and the second removes the
others. This avoids the situation where we've added an
RTF_CLONING route (such as ``default''), created some
clones, then deleted the CLONING route before the
WASCLONED route(s). Without the two passes, we get
errno (not rtm_errno) set to ESRCH when deleting the
WASCLONED route, despite the deletion succeeding !
Also:
Enhance the route operation failure diagnostics.
Make portability #ifdefs a bit more generic.
Validate the peers suggested IP by attempting to make a routing table
entry.
Give up IPCP negotiation if the peer NAKs us with an unusable IP.
Always SIOCDIFADDR then SIOCAIFADDR when configuring the tun device.
Using SIOCSIFDSTADDR allows duplicate dst addresses (which we don't
want)!!!
Allow up to 200 interface names (was 50) (now that ppp can play server
properly).
Up the version number (1.5 -> 1.6).
Cosmetic:
Log unexpected CCP packets in the CCP log rather than the ERROR log.
Log unexpected Config Reqs in the appropriate LCP/IPCP/CCP log rather
than the ERROR log.
Log failed route additions and deletions with WARN, not TCPIP.
Log the option id and length for unrecognised IPCP options.
Change some .Sq to .Ar in the man page.
We must call inflate again in case there's any pending output
despite our input buffer being empty. If the output buffer
is in fact already flushed, inflate() returns Z_BUF_ERROR.
There isn't really an error !
I did the deflate re-org).
Make PAP & CHAP negotiation prettier in the log file.
If both PAP & CHAP are `enabled' and the peer NAKs CHAP
suggesting PAP, be friendly and REQ PAP the next time.
This is in line with the rfc.
Delete AF_LINK routes as well as AF_INET.
Allow the word `default' as the arg to `delete' or in place of the
first two args (dest & netmask) to `add'.
Accept INTERFACE as the third arg to `add'.
You can now say `add default interface' to create a default route
through the tun interface. It's reported that subsequent bind()s
will bind to a broadcast address and not to the address currently
assigned to the tun device - this is the first step towards
supporting that first connection that was around from before the
dynamic IP negotiation....
(I *really* meant to do this *before* committing the
deflate changes in the first place - oops).
Pppd is horribly broken in this respect - refer to the
ppp man page for details. Ppp *WON'T* negotiate deflate
with pppd by default - you must ``enable'' and ``accept''
``pppd-deflate'' in your config.
While I'm in there, update the cftypes in ccp.c so that
we recognise some more protocols (we don't actually do
anything with them - just send a REJ).
Remove extraneous decls.
Add ``const'' to several places.
Allow ``make NOALIAS=1'' to remove IP aliasing.
Merge with OpenBSD - only the Makefiles vary.
We can now survive a compile with
-Wall -Wbad-function-cast -Wcast-align -Wcast-qual
-Winline -Wmissing-declarations -Wmissing-prototypes
-Wnested-externs -Wpointer-arith -Wredundant-decls
-Wshadow -Wstrict-prototypes -Wwrite-strings -Wchar-subscripts
(although the Makefile just contains -Wall).
avoids the situation where we specify label ``x'' on the command
line, and label ``x'' has a ``load y'' command embedded in it.
When the line comes up, we want to use ``x'' from ppp.linkup,
not ``y''.
allowing for a possible header on the front of all packets.
In OpenBSD, there's a structure containing the address
family here.
If we're building under OpenBSD, set up the ``flags'' part
of struct tuninfo (not there under FreeBSD) so that we config
the interface as POINTOPOINT.
Prefix prototypes with ``extern'' in os.c for consistency.
These changes are cosmetic under FreeBSD, but allow ppp to
build & work under OpenBSD (bar the srandomdev() stuff,
the inclusing of <net/if_var.h> and some Makefile symantecs).
Print out inteface names rather than numbers, and use the
same "find out the names" code in SetIfAddr(). This means
that the nasty ioctl(,SIOCGIFCONF,)/realloc loop is now
buried :-)
o Add "allow" command:
"allow users a b c" gives access to users a, b and c.
"allow modes auto" gives those users access to auto mode only.
"allow users *" and "allow modes *" are accepted.
No users and all modes are allowed by default.
UID 0 can do anything.
o Set the current label with the "load" and "dial" commands
so that the call to ppp.linkdown makes sense.
o Up the verison number.
o Don't OR MODE_AUTO for -background and -ddial.
o Don't OR MODE_INTER when we get a diagnostic connection.
o Allow up to 40 args per line (was 20).
o "set ifaddr" only changes the interface in AUTO mode (with other
modes, it happens after IPCP negotiation).
o Sort command descriptions in the man page.
o Support -dedicated mode where we just talk ppp forever (no login etc).
Stay as the invoking uid as much as possible.
Execution as a normal user is still forbidden for now,
so these changes are pretty ineffective.
The next commit will implement the modifications suggested
on -hackers a number of days ago.
ppp.secret to get a key value based on the peers name,
then send the value of AuthName with the encrypted result.
This is *way* too confusing.
Instead, always use AuthName and AuthKey as the documentation
says.
o Report modem connect time properly
o Report bytes in/out over physical media
o Fix phases (TERMINATE is *higher than* DEAD)
o Do a LayerFinish from LcpDown
o Bring down IPCP & CCP when we enter PHASE_TERMINATE
o Give a new prompt when we go to PHASE_DEAD
o Stop the modem timer properly when idle
o Treat sig 15 like an exiting carrier loss
o Log (DEBUG) offline & online transitions
