Commit Graph

1488 Commits

Author SHA1 Message Date
Brian Somers
ebdcbc6744 o Enable IFF_MULTICAST when first opening the tun device (and keep the flag
when we ioctl(TUNSIFINFO) under OpenBSD)
o Don't bring the interface up immediately
o Don't complain about unrecognised interface flags in ``show iface''.
2001-08-21 11:07:58 +00:00
Brian Somers
2313781df2 Handle snprintf() returning < 0 (not just -1)
MFC after:	2 weeks
2001-08-20 15:09:34 +00:00
Brian Somers
84b0fe8197 Properly change old interface addresses so that their destination is
255.255.255.255 if our new destination address conflicts.
2001-08-20 11:06:21 +00:00
Brian Somers
428217f76c Add some comments to explain what's going on here 2001-08-20 10:25:23 +00:00
Brian Somers
d42d9220c7 When attempting to change the default route, don't write the gateway
and mask to the routing socket, otherwise the update fails.

Warning provided by: markm

The code here was broken for FreeBSD when IPv6 support was added, but
was fixed for OpenBSD.  OpenBSD expects the gateway and mask to be
supplied and fails the update otherwise.
2001-08-20 00:46:33 +00:00
Brian Somers
260799afa4 Add some casts.
Not spotted by: FreeBSD's gcc version 2.95.3 20010315 (release)
Spotted by: OpenBSD's gcc version 2.95.3 20010125 (prerelease)
2001-08-19 22:23:28 +00:00
Brian Somers
5cbe92e7e8 Add a missing % in a format string.
Not spotted by: FreeBSD's gcc version 2.95.3 20010315 (release)
Spotted by: OpenBSD's gcc version 2.95.3 20010125 (prerelease)
2001-08-19 22:23:23 +00:00
Brian Somers
856cf6873b Avoid a compiler warning
Not spotted by: FreeBSD's gcc version 2.95.3 20010315 (release)
Spotted by: OpenBSD's gcc version 2.95.3 20010125 (prerelease)
2001-08-19 22:23:22 +00:00
Brian Somers
1433aa5dff Better handling for the return of snprintf(). 2001-08-18 22:43:11 +00:00
Brian Somers
1a2b4e4a5c If AF_INET6 isn't available in the kernel, revert to creating AF_INET
listening sockets in ``set server''.
2001-08-18 19:16:56 +00:00
Brian Somers
1136c6ac64 Back out the previous fix to deal with kernels that don't support IPv6,
and implement a far more subtle and correct fix.

The reason behind the infinite loop was that ppp was trying to make up
initial IPv6 numbers and wasn't giving up when it failed unexpectedly to
assign the addresses it just fabricated to it's interface (thinking that
the reason was because another interface was using the same address).
It now attempts this up to 100 times before just failing and trying to
muddle along (in reality, this should never happen more than a couple
of times unless our random number generator doesn't work).

Also, when IPv6 is not available, don't even try to assign the IPv6
interface address in the first place...
2001-08-18 19:07:13 +00:00
Brian Somers
c5109a323c Run correctly on a machine built without AF_INET6 support 2001-08-18 13:04:52 +00:00
Brian Somers
1d3d76d47f Build properly with -DNOINET6 2001-08-18 12:31:54 +00:00
Brian Somers
6c764d89cd Build properly with -DNOIPV6 2001-08-18 12:30:41 +00:00
Brian Somers
cb41bad03f Add two missing includes 2001-08-16 16:58:12 +00:00
Brian Somers
e1a94c3dcf Remove an unused variable 2001-08-16 16:58:02 +00:00
Ruslan Ermilov
8ab59f7093 mdoc(7) police: markup nit, removed whitespace at EOL. 2001-08-16 08:26:04 +00:00
Brian Somers
5ae083292b Specify the gateway address when updating the MTU and send/recv pipe
sizes on a route.

IMHO this shouldn't be necessary (the destination & mask/prefixlen
should be enough), but without it, the default route update under
OpenBSD will fail.

Thanks to: Russell T Hunt <alaric@MIT.EDU>
2001-08-16 02:01:05 +00:00
Brian Somers
6de54bbe7a Fix a couple of forgotten comments 2001-08-16 02:00:55 +00:00
Brian Somers
971abb295e Probe for the availability of AF_INET6 at startup. If it's not
available, default ipv6cp to disabled and refuse to let the user
enable it.
2001-08-15 13:53:38 +00:00
Brian Somers
a886247185 Don't show a prefixlen when a destination address is present
in ``show iface''.
2001-08-15 13:05:39 +00:00
Brian Somers
ad1f9eaedb Add a missing newline 2001-08-15 12:48:09 +00:00
Brian Somers
bcd13e2e67 Don't forget to attache the sticky route change to the ncp structure.
PR:	29726
2001-08-15 12:47:51 +00:00
Brian Somers
2f4da197f1 Avoid calling bits2mask4() when bits is -1. 2001-08-15 12:07:39 +00:00
Brian Somers
30949fd4b5 o Add ipv6 support, abstracting most NCP addresses into opaque
structures (well, they're treated as opaque).

  It's now possible to manage IPv6 interface addresses and routing
  table entries and to filter IPV6 traffic whether encapsulated or
  not.

  IPV6CP support is crude for now, and hasn't been tested against
  any other implementations.

  RADIUS and IPv6 are independent of eachother for now.

  ppp.linkup/ppp.linkdown aren't currently used by IPV6CP

o Understand all protocols(5) in filter rules rather than only a select
  few.

o Allow a mask specification for the ``delete'' command.  It's now
  possible to specifically delete one of two conflicting routes.

o When creating and deleting proxy arp entries, do it for all IPv4
  interface addresses rather than doing it just for the ``current''
  peer address.

o When iface-alias isn't in effect, don't blow away manually (via ``iface
  add'') added interface addresses.

o When listening on a tcp server (diagnostic) socket, bind so that a
  tcp46 socket is created -- allowing both IPv4 and IPv6 connections.

o When displaying ICMP traffic, don't display the icmp type twice.
  When display traffic, display at least some information about unrecognised
  traffic.

o Bump version

Inspired after filtering work by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
2001-08-14 16:05:52 +00:00
Ruslan Ermilov
04da392069 mdoc(7) police: s/OpenBSD/.Ox/ where appropriate. 2001-08-13 16:43:02 +00:00
Brian Somers
f48ce56286 Preprocess ppp.8.m4 into ppp.8, taking into account any compile time
options used to build ppp.

Currently, this is a no-op and only handles LOCALNAT and LOCALRAD cases.

This will be used for the upcoming ipv6 changes, and allows a shared
man page between OpenBSD and FreeBSD.
2001-08-11 18:27:14 +00:00
Brian Somers
915ce3bc2a Change copyright to BSD-style copyright.
Ok'd by:	Gabor Kincses <gabor@acm.org>
2001-08-10 17:42:58 +00:00
Ruslan Ermilov
c4d9468ea0 mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
Brian Somers
d8c3658bb5 Warn when a CHAP81 SUCCESS packet is invalid due to an incorrect S= value. 2001-08-03 09:28:21 +00:00
Brian Somers
1a40cd082a The wrong-last-byte bug on win98 chap responses is also in winME 2001-08-02 20:12:48 +00:00
Brian Somers
686e8c8b12 Add a ``nat punch_fw'' command for punching FTP and IRC DCC holes through
the firewall.
2001-08-02 10:16:32 +00:00
Brian Somers
317e74fd2b Don't include a NUL at the end of our CHAP SUCCESS packet.
When encryption (MPPE) is enabled, WindowsME and Windows98 both
fail because of the extra byte, suggesting that they autheticated
successfully in their log and then dropping the connection, telling
the user that the peer doesn't support compatible encryption
options.

MFC after: 1 week
2001-07-31 21:36:00 +00:00
Brian Somers
65cacad456 Remove an irritating diagnostic emitted to LogPHASE when a
static proxy arp entry is deleted.

Rename a function (for consistency) and remove some whitespace
(for readability).

MFC after:	1 week
2001-07-31 15:19:07 +00:00
Brian Somers
ed09c8a4a0 When we receive a CHAP81 challenge response, we always expect the last
byte of the packet to contain '\0'.

Windows 98 gets this wrong, dropping garbage into the last byte and
failing authentication.

Now, we notice this and whinge to our log file that we're compensating
for the corrupt data.
2001-07-31 08:21:39 +00:00
Brian Somers
5a0827311e If the peer REJects our MRU REQ, stop REQing it -- *EVEN* if we're
doing PPPoE and the default MRU is therefore too big.

When negotiating with win2k, we ask for MRU 1492 and the win2k box
NAKs us saying ``MRU 1492''.  This doesn't make sense to me.  When
we continue to request MRU 1492, the win2k box eventually REJs our
MRU.  This fix allows negotiations to continue at that point,
bringing the link up and potentially allowing the win2k box to send
us frames that are too large.  AFAICT this is better than failing
to bring the link up.... probably !

I have no idea how to do the equivalent of ``route get'' or
``ifconfig -a'' under win2k, so I can't tell what MTU it actually
ends up using.

I believe the bug is in win2k (it's certainly mis-negotiating).
I'll MFC given the release engineers permission as code freeze
begins on August 1.

PR:		29277
MFC after:	3 days
2001-07-30 17:04:39 +00:00
Brian Somers
fe17bea378 Change permissions back to 4554/554
Suggested by:	kris
2001-07-28 11:58:41 +00:00
Brian Somers
5e3b2d6847 If the peer sends a REQ without the IPADDR option, only reject it
once.  If they repeat the request (again without the IPADDR option)
ACK it.

I've had reports that some ppp implementations will not assign
themselves an IP number.  This should negotiate with such things.

MFC after:	3 days
2001-07-28 11:32:08 +00:00
Brian Somers
525b58c9ce Handle peer REQ/NAKs of >1500 byte MRUs when we have no preference.
MFC after: 3 days
2001-07-26 11:33:53 +00:00
Brian Somers
1e0a94b6a0 Change permissions from [4]554 to [4]551
MFC after: 3 days
2001-07-25 11:44:04 +00:00
David E. O'Brien
90e655ea4e Perform a major cleanup of the usr.sbin Makefiles.
These are not perfectly in agreement with each other style-wise, but they
are orders of orders of magnitude more consistent style-wise than before.
2001-07-20 06:20:32 +00:00
David E. O'Brien
ac24b049cc Remove GCC'isms in CFLAGS. 2001-07-20 04:23:13 +00:00
Brian Somers
8152dca8b2 Bring the PPPoE Ethernet interface up *BEFORE* we send the node a
CONNECT message.

MFC after: 1 week
2001-07-18 09:33:45 +00:00
Brian Somers
17462195a8 Ignore (with a warning message) mtu/mru configurations that are greater
than the maximum physical values.

MFC after: 1 week
2001-07-17 01:06:13 +00:00
Brian Somers
c4498e7de4 TCPMSS adjusts all TCP SYN packets, not just outgoing ones.
Pointed out by: ru
2001-07-16 17:02:10 +00:00
Dima Dorfman
f247324df7 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
Brian Somers
6cee8a8317 Perform MSS fixups on incoming packets as well as outgoing.
MFC after: 1 week
2001-07-13 02:04:19 +00:00
Dima Dorfman
70d51341bf mdoc(7) police: remove extraneous .Pp before and/or after .Sh. 2001-07-09 09:54:33 +00:00
Brian Somers
b5b15b9e7f Fix the type of the last arg to execl()
Obtained from: OpenBSD
2001-07-09 08:17:47 +00:00
Brian Somers
543b7124d2 Staticise the OpenBSD SHA1_End() function 2001-07-09 00:45:57 +00:00
Brian Somers
4016f9e0c4 Stay (backwards-)compatible with OpenBSD's groff 2001-07-09 00:13:49 +00:00
Brian Somers
8829899405 Add a ``nat proto'' command -- similar to natd(8)'s -redirect_proto switch.
MFC after: 3 weeks
2001-07-09 00:07:56 +00:00
Brian Somers
7e62c63844 Don't try to dereference the -1th ccp algorithm array entry when we
open CCP with no algorithm.
2001-07-07 13:12:07 +00:00
Brian Somers
662a42f752 When we miss one or more packets in stateful mode *and* need to
perform a key change, *and* our sequence numbers have wrapped,
ensure that the number of key changes is calculated correctly.

The previous code counted down from a negative number to zero,
re-encrypting the current key on each iteration - this took some
time and strangely enough got the answer wrong !!!

Fix a(nother) spelling mistake while I'm there.
2001-07-07 03:06:20 +00:00
Brian Somers
80a18377e9 Spell stateful properly
Inconsistently done by:	brian
Spotted by:		ru
2001-07-06 23:45:32 +00:00
Ruslan Ermilov
8fa6936ded mdoc(7) police: removed hard sentence breaks, sorted xrefs. 2001-07-05 11:01:12 +00:00
Brian Somers
dd1a52b9e4 Make the last fix work properly on descriptors 1 and 2 (not just 0) 2001-07-04 09:32:34 +00:00
Brian Somers
108e336ab5 Handle any of descriptors 0, 1 or 2 being closed when we're
envoked -- don't use them (as return values from open()), then
(say) close(STDIN_FILENO) when daemonising.

This is done by grabbing 3 descriptors to /dev/null at startup and
releasing them after we've daemonised.

MFC after: 1 week
2001-07-04 03:34:20 +00:00
Brian Somers
6301d506fb Reduce the interface MTU by 2 when MPPE has been successfully negotiated.
This is necessary because MPPE will combine the protocol id with the
payload received on the tun interface, encrypt it, then prepend its
own protocol id, effectively increasing the payload by two bytes.
2001-07-03 22:20:19 +00:00
Brian Somers
4bb6aac05e Don't accept chap80lm by default - it doesn't work.
MFC after: 1 week
2001-07-03 22:20:11 +00:00
Brian Somers
f2e587a36c Silence some gcc warnings 2001-07-03 22:20:06 +00:00
Brian Somers
7aab014be6 Do away with the ``err'' variable.
Inspired by: kris
2001-07-03 01:02:26 +00:00
Kris Kennaway
0c50e5287e Silence some of the -Wnon-const-format warnings and add __printflike()
to a function prototype which needs it.

Approved by:	brian
MFC After:	2 weeks
2001-07-02 12:27:49 +00:00
Brian Somers
3ffb2555f4 Avoid using too many args for ``set m[tr]u''
This needs to work with OpenBSD's groff too :(
2001-06-20 19:55:58 +00:00
Brian Somers
90d259217c Call va_start/va_end for each call to vfprintf
Obtained from: OpenBSD
2001-06-18 23:24:26 +00:00
Brian Somers
6cf6ee7625 Add support for stateful MPPE (microsoft encryption) providing
encryption compatibility with Windows 2000.  Stateful encryption
uses less CPU but is bad on lossy transports.

The ``set mppe'' command has been expanded.  If it's used with any
arguments, ppp will insist on encryption, closing LCP if the other
end refuses.

Unfortunately, Microsoft have abused the CCP reset request so that
receiving a reset request does not result in a reset ack when using
MPPE...

Sponsored by:	Monzoon Networks AG and FreeBSD Services Limited
2001-06-18 15:00:22 +00:00
Brian Somers
c8b9fb53a1 Handle hardware-imposed MTU/MRU limitations. PPPoE will no longer
allow MRU/MTU negotiations to exceed 1492.

Add an optional ``max'' specifier to ``set m[rt]u'', ie.

	set mtu max 1480

Bump the ppp version number.

Sponsored by:	Monzoon Networks AG and FreeBSD Services Limited
2001-06-18 14:59:36 +00:00
Brian Somers
797c04a7a3 Correct the arg count after parsing a line with an unescaped # that isn't
preceeded with whitespace.

MFC after: 3 weeks
2001-06-15 13:58:06 +00:00
Brian Somers
65309e5cda Convert IIJ copyrights to BSD copyrights.
Approved by: Toshiharu OHNO <tohno@sirius.ocn.ne.jp>
2001-06-13 21:52:19 +00:00
Maxim Sobolev
fe11f6f605 Correct cross-references:
ng_bpf.8    --> ng_bpf.4
  ng_ether.8  --> ng_ether.4
  ng_iface.8  --> ng_iface.4
  ng_pppoe.8  --> ng_pppoe.4
  ng_socket.8 --> ng_socket.4
  ng_tty.8    --> ng_tty.4
  ng_{type}.4 --> /dev/null

MFC after:	1 week
2001-06-05 12:40:03 +00:00
Brian Somers
8b5baf7aea Renamed to README.nat 2001-06-04 14:40:06 +00:00
Brian Somers
057fee78cc Add BSD style copyrights (with permission from Charles Mott where appropriate)
Deprecate -alias further (after a repo-copy)
2001-06-04 14:38:29 +00:00
Brian Somers
47fe010cf3 Fix an alignment error
PR:		27766
Submitted by:	Sudish Joseph <sudish@mindspring.com>
MFC after:	2 weeks
2001-05-30 15:52:24 +00:00
Brian Somers
a65be2273d Don't say ``Enter pause (-1) for redialing when we're using a random interval.
Show the calculated random value instead.

Suggested by: Bill Richter <richterb@binkley.foothill.net>
2001-05-22 19:42:14 +00:00
Brian Somers
5f73635b93 If we don't receive a TY_IPADDR option as part of a configure request, NAK
as if we received one with 0.0.0.0 as the argument.
2001-05-22 09:03:30 +00:00
Brian Somers
448374baae Bring the interface IFF_UP from ipcp_InterfaceUp() (called from IPCP's
TLU event handler).

This used to be done as a side effect of SIOCAIFADDR'ing the interface,
but now that duplicate SIOCAIFADDRs are optimised out, we can't depend
on that behaviour.
2001-05-11 23:42:03 +00:00
Brian Somers
0272404f73 Handle situations where we've already got a P2P interface address
of a/x -> b and then negotiate a/x -> c by simply expecting SIOCAIFADDR
to do the change.

This was broken by the last commit that optimised out the deletion and
re-addition of the same a/x -> b combination, and forgot to compare
the old/new destination addresses.

Conveniently enough, this problem didn't effect setups where the
default route goes via the ppp link, and most other setups don't
care what the the destination address is actually set to.  It broke
test environments where ppp connects to the local machine rather
badly though....
2001-05-02 16:35:24 +00:00
Brian Somers
c8c946d45d Fix some quotes and mention that it's usually necessary to train
your modem to the correct speed when setting up an incoming getty.
2001-04-26 13:10:59 +00:00
Brian Somers
da70ad6081 Handle IP over IP (IPPROTO_IPV4) properly.
We now unwrap IP/IP and apply filter rules to both the outer
  layer (with ``set filter blah x.x.x.x y.y.y.y ipip'') and to
  the payload (reinterpreted by the filter rules).

  ``set log tcp/ip'' will now show both the outer wrapper and
  the (reinterpreted) payload contents.
2001-04-24 02:13:34 +00:00
Brian Somers
cef1df887e kldload ng_pppoe as necessary 2001-04-10 08:31:13 +00:00
Brian Somers
6ccdc30b6d It's possible to kldload netgraph (as well as the other ng_* bits),
so do it if required.
2001-04-05 22:53:35 +00:00
Brian Somers
03a2501aa5 When we change the interface MTU, run through the routing table and tweak
all route MTUs too.
2001-04-05 02:23:48 +00:00
Brian Somers
152a439010 Be a bit more persistent when the NET_RT_IFLIST sysctl returns ENOMEM
rather than dropping out immediately.
2001-04-03 08:21:28 +00:00
Brian Somers
0fea4ed0d0 Don't say ``PPP enabled'' if we're given the -quiet switch 2001-04-03 08:20:20 +00:00
Brian Somers
50ca6ec387 Don't assume challenges and responses don't contain embedded '\0's.
Mschapv2 response generation may produce embedded NULs... causing
us to send a bogus response to the radius server and end up
failing the client's valid response.

Problem pointed out by: Eugene Vigovskiy <vigov@com2com.ru>
2001-04-01 22:39:17 +00:00
Ruslan Ermilov
eb09fd4a2f -DRELEASE_CRUNCH moved into crunchgen(1) config files for
release building.  Remove a hack that is no longer needed.
2001-03-31 17:07:55 +00:00
Brian Somers
dc744e1949 Bring the PPPoE interface UP if required
Suggested by: archie
2001-03-28 09:45:27 +00:00
Brian Somers
e0f2c6088b Add some comments to two examples and extend a ``set ifaddr''. 2001-03-28 00:23:30 +00:00
Ruslan Ermilov
345e52e742 - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:42:20 +00:00
Brian Somers
16004197c4 If we're adding an interface address that is already one of the interface's
aliases with the same netmask and destination, don't remove it and then
re-add exactly the same thing.

This means that static (non-sticky) routes that use the interface address
(or destination address) as a destination will not suddenly evaporate when
IPCP comes up (not unless the negotiated IPs have changed anyway).
2001-03-25 01:34:27 +00:00
Brian Somers
1f39538d63 Quote PPP_CONFDIR in CFLAGS 2001-03-23 13:28:28 +00:00
Brian Somers
7a66a36d2a Change _PATH_PPP to PPP_CONFDIR and allow it to be overridden at compile time 2001-03-23 11:43:22 +00:00
Ruslan Ermilov
c73e22c3d4 Set the default manual section for usr.sbin/ to 8. 2001-03-20 18:17:26 +00:00
Roger Hardiman
e3771825e4 Allow LQR periods of 1 second and FSM retry periods of 1 second. This allows us
to run PPP over Radiocontact T-Link Radio Modems which run best when something
is transmitted at least every 1.5 seconds.

Tested by:	Jennifer Clark <jen@telepresence.strath.ac.uk>
Approved by:	Brian
2001-03-19 19:47:54 +00:00
Brian Somers
c4c6616ad6 Deal with ENOENT properly on non-devfs machines
Broken in revision 1.109
2001-03-12 12:53:53 +00:00
Brian Somers
26e6a622c0 MAXHOSTNAME includes space for a NUL 2001-03-09 20:31:02 +00:00
Brian Somers
c6fde08927 Talk a little more about the differences between PPPoE on FreeBSD & OpenBSD. 2001-03-09 00:12:09 +00:00
Brian Somers
5284761414 MAXPATHLEN -> PATH_MAX
Don't assume MAXHOSTNAMELEN includes the NUL
Correct a diagnostic
Use "localhost" in our prompt instead of ""
2001-03-08 23:51:50 +00:00
Brian Somers
2a2877b836 TUNSIFINFO now requires uid 0 to change the interface MTU.
Reviewed by:	Mark Knight <markk@knigma.org>
2001-03-08 10:33:30 +00:00
Ruslan Ermilov
c2d03ea879 Eliminate mdocNG warnings caused by misplaced or extraneous macro calls. 2001-02-28 17:38:53 +00:00
Brian Somers
6d110b1be0 Don't even look at af_family if accept() returns sa->sa_len == 0 2001-02-13 12:33:34 +00:00
Brian Somers
49ed07a3c0 A better fix for the PacketAliasProxyRule() call.
Submitted by: Ian Dowse <iedowse@maths.tcd.ie>
2001-02-10 17:26:14 +00:00
Ruslan Ermilov
036f8336fa mdoc(7) police: replace two -unfilled displays with -tag lists.
This works only because of bugs in current implementation: the
first .It after ``.Bd -unfilled'' re-enables filling mode and
does not restore (disable) it back afterwards.
2001-02-07 16:02:21 +00:00
Brian Somers
7f89db65f5 Add a ``Usable'' function to the ccp switch. The function
is called prior to sending a CCP configure request for a
given protocol.  The default is to send the request, but
this is overridden for MPPE which checks to see if the lcp
negotiations agreed CHAP81, and if not fails.

Use the same function to decide if we should reject peer
requests for MPPE.

This should get rid of those boring messages about not being
able to initialise MPPE when we don't negotiate CHAP81.
2001-02-04 22:53:11 +00:00
Brian Somers
64602637c7 MPPE_MasterKeyValid is only there if HAVE_DES is defined. 2001-02-04 01:20:33 +00:00
Brian Somers
c42627ffff Don't send an authentication failure response if we fail sending
a radius accounting packet.
2001-02-04 01:08:26 +00:00
Brian Somers
019d32bf74 Make the MPPE MasterKey Invalid messages a bit clearer (it now
complains that you can't do MPPE without CHAP81).

Reset MasterKeyValid to zero when we hit phase DEAD.
2001-02-04 01:08:24 +00:00
Brian Somers
2fc2f70582 Untangle some cunfusion between the CLOSE_STAYDOWN, CLOSE_LCP and
CLOSE_NORMAL meanings.  CLOSE_NORMAL doesn't change the currently
required state, the others do.  This should stop ppp from entering
DATALINK_READY when LCP shutdown doesn't end up happening cleanly.

Bump our version number to reflect this change.
2001-02-04 01:08:22 +00:00
Brian Somers
728ef5b2b0 Try to kldload if_tun if we get ENOENT from opening /dev/tunN -
not just if we get ENXIO.

This makes ppp work with DEVFS when if_tun isn't built into
the kernel (without needing to manually kldload it).
2001-02-02 01:41:26 +00:00
Ruslan Ermilov
610a5778c5 mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:44:04 +00:00
Brian Somers
2525421508 Fix some log_Printf() casting
Obtained from: NetBSD (pkgsrc)
2001-01-29 08:46:58 +00:00
Brian Somers
37b8a5c7bd Only remove socket files with ``set server open''.
Only show the mask in ``show bundle'' when it's been specified.
Complain about unexpected arguments after ``set server {none,open,closed}''
Log re-open failures as warnings rather than phase messages.
Fix some markup for the ``set server'' man page description.
2001-01-29 01:35:06 +00:00
Brian Somers
021996f177 Don't pass PacketAliasProxyRule() a buffer with leading whitespace as it
can't handle it.
2001-01-28 21:56:27 +00:00
Brian Somers
501fe45f67 Fix arg count 2001-01-26 01:48:16 +00:00
Brian Somers
15c8dc2a03 If executing the stuff from ppp.linkdown results in a state change,
don't continue adjusting the ipcp state machine.

This allows ``down'' to work in ppp.linkdown - useful for a tunnel
setup.
2001-01-26 01:43:38 +00:00
Brian Somers
74457d3d43 Allow ``set server closed'' to close the diagnostic socket.
Allow ``set server open'' to re-open the diagnostic socket.
Handle SIGUSR1 by re-opening the diagnostic socket
When receiving SIGUSR2 (and in ``set server none''), don't forget the
socket details so that ``set server open'' and SIGUSR1 open it again.

Don't create the diagnostic socket as uid 0 !  It's far to dangerous.
2001-01-26 01:41:34 +00:00
Brian Somers
d8a8ae09ed Fix for NetBSD where
.Oc Oc
  .Xc

doesn't seem to work....
2001-01-22 11:35:00 +00:00
Brian Somers
7d39b1e3be Handle SECDNS being rejected when PRIDNS is not
Submitted by:	OGAWA Takaya <t-ogawa@triaez.kaisei.org>
PR:		24518
2001-01-22 01:43:46 +00:00
Brian Somers
165fbe2672 Use fstat to check if descriptor 0 is a socket.
Suggested by: julian
2001-01-14 00:54:48 +00:00
Brian Somers
12df0d6c58 Log the ``MPPE: MasterKey is invalid...'' message as a CCP
diagnostic rather than a warning.
2000-12-29 22:25:56 +00:00
Ruslan Ermilov
8b5c4af3ff Prepare for mdoc(7)NG. 2000-12-27 15:30:30 +00:00
Ruslan Ermilov
88895b252c Add a missing dot. 2000-12-15 07:34:01 +00:00
Brian Somers
690a66afb0 Correct the documented default behaviour of mschap, mschap81 and MPPE.
Pointed out by: Mark Knight <markk@knigma.org>
2000-12-15 01:09:38 +00:00
Ruslan Ermilov
7a2650d625 mdoc(7) police: use canonical form of .Dd macro. 2000-12-11 15:57:16 +00:00
Brian Somers
723aebe85e Mention the MTU in ``show iface''. 2000-12-01 03:22:18 +00:00
Brian Somers
c63c8e7638 Call MSCHAP CHAP80 in ``show lcp'' so that it's consistent with CHAP81. 2000-11-29 15:47:35 +00:00
Brian Somers
17aa4afba3 Use only the bit after the ``\'' when hashing the challenge in
MSChapv2

Submitted by: Ustimenko Semen <semen@iclub.nsu.ru>
2000-11-28 22:50:40 +00:00
Brian Somers
94d7be5294 Add ``enable/disable tcpmssfixup'', defaulting to enabled.
Suggested by:	julian
Hijacked from:	ru (ports/net/tcpmssd)
2000-11-28 13:18:35 +00:00
Ben Smithurst
aa11a6dde4 various typo and minor punctuation changes.
PR:		23111
Submitted by:	Jimmy Olgeni <olgeni@uli.it>
2000-11-28 11:35:14 +00:00
Ruslan Ermilov
e97407b4f2 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
Brian Somers
b43607b7f2 Some gratuitous whitespace changes. 2000-11-19 16:58:59 +00:00
Brian Somers
a080fda810 Describe how to tunnel properly.
Requested by: Greg Quinlan <greg@macquarrie.com.au>
2000-11-19 16:54:57 +00:00
Brian Somers
385167a6b0 Accept MSCHAPv2 by default.
Enable and accept MPPE by default.
2000-11-19 16:53:50 +00:00
Brian Somers
80e2e6b62f Go back to populating data_len in struct ngpppoe_init_data. 2000-11-16 23:15:42 +00:00
Brian Somers
d9374c913e Be a bit more precise about what ``nat deny_incoming yes'' does. 2000-11-16 21:50:50 +00:00
Brian Somers
9100871e60 Increase M_MAXBUF so that it's greater than HDLCSIZE 2000-11-11 01:31:32 +00:00
Ruslan Ermilov
726b61ab5f Avoid use of direct troff requests in mdoc(7) manual pages. 2000-11-10 17:46:15 +00:00
Brian Somers
542962ddf9 Introduce another global (MPPE_IsServer) so that we initiate the
MPPE session keys correctly.

I'm a bit dubious about this code.  It seems that the session keys
are initialised differently based on whether you're the client or
the server.  One side is the server if it issues the first challenge,
but of course you can issue a challenge from both sides.... at the
same time.  Sounds like another wonderful M$ assumption...

Ppp can now talk to itself correctly using encryption.

Problem solved by:	Ustimenko Semen <semen@iclub.nsu.ru>
Hair torn out by:	me
2000-11-07 23:19:11 +00:00
Brian Somers
527a86a3ba Handle being given a connect()ed udp descriptor as stdin rather
than assuming it's unconnected.
2000-11-07 04:29:46 +00:00
Brian Somers
e1e8b15e7a Pass the correct output options to the ccp output initialisation
routine rather than passing it the first requested output option.

Ensure that options are freed correctly even if we don't reach
TLU.
2000-11-07 04:29:33 +00:00
Brian Somers
1c25c5e077 Merge some OpenBSD/NetBSD fixes to the recent MPPE/CHAP0x81 update. 2000-11-05 03:25:09 +00:00
Brian Somers
fca09861d8 Don't ignore the return from tcsetattr() - moan about it instead.
Suggested by: Andre Albsmeier <andre@akademie3000.de>
2000-10-31 23:27:35 +00:00
Tatsumi Hosokawa
85c2b43f35 Forgotten RELEASE_CRUNCH hack for mppe.c.
This fix is for "make release" and "make boot.flp".
2000-10-31 05:00:25 +00:00
Brian Somers
fbf0385368 Use the new-style ngpppoe_init_data structure.
Approved by: archie
2000-10-31 02:46:12 +00:00
Brian Somers
58b1e45d5d Mention that ``nat deny_incoming'' drops unrecognised IP packets.
Requested by: kris
2000-10-31 02:25:54 +00:00
Brian Somers
cf881f54ca Drop PKT_ALIAS_IGNORED packets if ``nat deny_incoming yes'' is in effect.
Approved by: rwatson, ru
2000-10-30 18:02:01 +00:00
Brian Somers
7f03ca53aa Add ``all'' logging.
Submitted by: eivind
2000-10-30 00:15:35 +00:00
Brian Somers
2388e045c4 Bump our version to reflect the recent MPPE additions (and ccp struct
size change).
2000-10-30 00:15:34 +00:00
Brian Somers
ba6fcad9cf Move the MPPE keysize display in ``show ccp''. 2000-10-30 00:15:33 +00:00
Brian Somers
9b9967924b Various whitespace changes.
Make some functions static.
2000-10-30 00:15:29 +00:00
Brian Somers
46c20a0ec0 staticise mbuftype() 2000-10-30 00:15:27 +00:00
Brian Somers
a8d604ab74 Add MPPE and MSChap v2 support (denied and disabled by default)
Submitted by: Ustimenko Semen <semen@iclub.nsu.ru>
2000-10-30 00:15:04 +00:00
Brian Somers
2661ef38a2 Ignore ``#'' properly when told to 2000-10-28 23:56:03 +00:00
Brian Somers
7c0833500d Report the type of mbuf that couldn't be allocated before
aborting ppp.
2000-10-27 05:34:40 +00:00
Brian Somers
ba093e813d Use rad_acct_open() instead of rad_auth_open().
Suggested by: Victor Ivanov <v0rbiz@icon.bg>
2000-10-15 01:05:57 +00:00
Brian Somers
2000bfb4cd Don't define NOATM now that /usr/include/netnatm/ is created properly. 2000-10-15 00:46:58 +00:00
Brian Somers
b2c374decb If write() gives -1/ENOBUFS, keep the packet and sleep for 1/10th
of a second before attempting to write it again (unless there's
something else to do instead).
2000-10-09 22:49:44 +00:00
Brian Somers
8a52f3ecfe Create fd_sets big enough to handle getdtablesize() descriptors. 2000-10-09 21:18:23 +00:00
Brian Somers
495d24ec4a Fix some style nits 2000-09-14 22:03:13 +00:00
Brian Somers
481a4f6155 Support PPPoATM, disabled for now as /usr/include/netnatm doesn't exist
Submitted by: Jakob Stoklund Olesen <stoklund@taxidriver.dk>
2000-09-14 22:02:54 +00:00
Brian Somers
2231246bb3 Understand IPPROTO_ESP and IPPROTO_AH packets
Submitted by: Angelos D. Keromytis <angelos@dsl.cis.upenn.edu>
2000-09-14 18:01:54 +00:00
Brian Somers
1a0f89e02b Spelling police
Submitted by:	des
2000-09-06 21:02:06 +00:00
Brian Somers
57c94dd3bc libutil.h is no longer required for setproctitle() 2000-09-02 02:16:51 +00:00
Ralf S. Engelschall
573365d5ad Fix resolv.conf line hint: "name-server" -> "nameserver" 2000-08-31 11:13:20 +00:00
Brian Somers
8507c35e67 Use arc4random() instead of random() 2000-08-31 00:45:24 +00:00
Brian Somers
4c066cf9f1 Don't treat two or more whitespace followed by a comment as
an empty argument

PR:	20937 (maybe)
PR:	20938
2000-08-30 20:51:13 +00:00
Brian Somers
106ae3d065 Complain about invalid arguments passed to ``set ifaddr'' 2000-08-30 20:49:50 +00:00
Brian Somers
43df7f1485 Correct LogMAX
Broken by:	me
Submitted by:	Mark Hannon <markhannon@one.net.au>
2000-08-29 17:00:52 +00:00
Brian Somers
75fbd185a0 Use srandom() under OpenBSD
Submitted by:	Matt Behrens <matt@megaweapon.zigg.com>
2000-08-29 16:47:45 +00:00
Brian Somers
06a43ce058 Add LogFILTER logging to log packets allowed by the dial filter and
dropped by any filter.

Submitted by: Mark Hannon <markhannon@one.net.au>

with some small tweaks by me.
2000-08-28 23:24:52 +00:00
Brian Somers
794c9bbc80 Support radius accounting, and add a packet count to throughput
statistics as a side effect.

Submitted by: Marcin Cieslak <saper@system.pl>

with some tweaks to RAD_ACCT_SESSION_ID and
RAD_ACCT_MULTI_SESSION_ID generation by me.
2000-08-28 22:44:54 +00:00
Brian Somers
68602c3ee0 Make -DNOSUID (or -DPPP_NOSUID) possible to build ppp without SUID
capabilities.
2000-08-18 00:01:44 +00:00
Brian Somers
c1a6c9e21c Warn that the ``alias'' command is depricated.
We still process it for now though.
2000-08-18 00:01:30 +00:00
Brian Somers
3fd1e17c02 If we're in MP mode with a single open link, MP link level compression
isn't open and the links MRU >= our MRRU, send outbound traffic as
PROTO_IP rather than PROTO_MP.  This shaves some bytes off the front
of each packet 'till the second link is brought up.

Idea obtained from: Cisco
2000-08-17 14:14:54 +00:00
Brian Somers
242373a7ee ISDN B channels have a bandwidth of 64000, not 65536
Pointed out by: Christian Weisgerber <naddy@mips.inka.de>
2000-08-16 13:54:04 +00:00
Brian Somers
ebe96675ee setproctitle() doesn't need to be called with root privs, so move
it from id.c into defs.c
2000-08-16 09:07:23 +00:00
Brian Somers
2ceee5e9a7 Default the bandwidth of an ISDN B channel to 65536bps 2000-08-16 09:06:59 +00:00
Brian Somers
91cbd2eec0 Maintain input and output throughput averages and choose the highest
of the two when calculating the MP throughput average for the ``set
autoload'' implementation.

This makes more sense as all links I know of are full-duplex.  This
also means that people may need to adjust their autoload settings
as 100% bandwidth is now the theoretical maximum rather than 200%
(but of course, halfing the current settings is probably not the
correct answer either!).

This involves a ppp version bump as we need to pass an extra
throughput array through the MP local domain socket.
2000-08-15 10:25:42 +00:00
Brian Somers
11572abf62 Calculate the average link throughput using a counter based on the
cumulative total of all active links rather than basing it on the
total of PROTO_MP traffic.

This fixes a problem whereby Cisco routers send PROTO_IP packets only
when there's only one link (hmm, what a good idea!).
2000-08-15 00:59:21 +00:00
Brian Somers
c837ca39c6 Don't delete sticky routes when unconfiguring the interface.
Deleting all routes that match the interface is sufficient.
2000-08-14 08:43:40 +00:00
Brian Somers
689f6effbb Index: ppp.8
===================================================================
RCS file: /home/ncvs/src/usr.sbin/ppp/ppp.8,v
retrieving revision 1.233
diff -u -r1.233 ppp.8
--- ppp.8	2000/08/10 13:26:01	1.233
+++ ppp.8	2000/08/12 19:50:41
@@ -1,8 +1,8 @@
 .\" $FreeBSD: src/usr.sbin/ppp/ppp.8,v 1.233 2000/08/10 13:26:01 brian Exp $
 .Dd 20 September 1995
 .nr XX \w'\fC00'
-.Os FreeBSD
 .Dt PPP 8
+.Os
 .Sh NAME
 .Nm ppp
 .Nd Point to Point Protocol (a.k.a. user-ppp)
2000-08-13 22:03:42 +00:00
Brian Somers
d0cd375a1d Mention that pppoe requires netgraph(4) and without it, an external
pppoe program must be used (such as pppoe(8) on OpenBSD).
2000-08-10 13:26:01 +00:00
Brian Somers
a2240f353a Allow leading ``!'' characters in authkeys and chat scripts to
be doubled up to mean a single literaly ``!''.
2000-08-09 19:29:50 +00:00
Brian Somers
4e9d6a7fc5 If the first character of the `set title'' argument is -',
put it into the format string, supporting ps's tweak to
setproctitle().
2000-08-09 10:22:48 +00:00
Brian Somers
759c81cbad Don't mis-interpret sockaddr_in6 structures as sockaddr_in structures
when purging routes.
2000-07-20 10:38:12 +00:00
Brian Somers
c8e376b582 Describe the new VERSION and COMPILATIONDATE macros and mention that the
``ident'' command will expand macros.
2000-07-19 10:14:00 +00:00
Brian Somers
1038894eb0 Support link identification from rfc1570
Two new commands are available; ``ident'' and ``sendident''.
2000-07-19 02:10:35 +00:00
Brian Somers
dd49e719c1 Permit multiple ``allow user'' lines in any given section
This avoids line length limits when large numbers of users are allowed
access to ppp.
2000-07-12 23:13:52 +00:00
Brian Somers
60498ea783 Correct ``set filter'' usage
Spotted by:	sheldonh
2000-07-12 16:31:47 +00:00
Brian Somers
cb8bd8dd72 Fix a rather nasty latency problem that occurs with single tcp sessions
thorough an MP setup with only a single link.
2000-07-12 15:08:03 +00:00
Brian Somers
0a4b6c5c5c Allow a ``timeout secs'' filter option to let specific packet types
effect the idle timer in different ways.

Submitted by: Stefan Esser <se@freebsd.org>

With adjustments by me to document the option in the man page and to
give the same semantics for outgoing traffic as incoming.

I made the style more consistent in ip.c - this should really have
been done as a separate commit.
2000-07-11 22:11:36 +00:00
Brian Somers
040cfe28d1 Fix -auto breakage introduced with the last commit. 2000-07-11 09:26:02 +00:00
Brian Somers
9825166754 o Log the (payload/size) of all packet types, not just TCP packets
o  If the new ``filter-decapsulation'' is enabled, delve into UDP packets
   that contain 0xff 0x03 as the first two bytes, and if we recognise it
   as PROTO_IP, decapsulate it for the purpose of filter checking.

   If we recognise it as PROTO_<anything else> mention this for logging
   purposes only.

This change is aimed at people running PPPoUDP where the UDP traffic is
being sent over another PPP link.  It's desireable to have the top level
link connected all the time, but to have the bottom level link capable
of decapsulating the traffic and comparing the payload against the filters,
thus allowing ``set filter dial ...'' to work in tunnelled environments.

The caveat here is that the top ppp cannot employ any compression layers
without making the data unreadable for the bottom ppp.  ``disable deflate
pred1 vj'' and ``deny deflate pred1 vj'' is suggested.
2000-07-07 14:22:08 +00:00
Brian Somers
a61800c2f3 kldload ng_ether if we need to. 2000-06-28 09:30:30 +00:00
Brian Somers
ec37734aeb Don't assign an MTU based on the peers first-link MRU in MP mode.
Use the peers MRRU as we're supposed to.
2000-06-24 23:37:14 +00:00
Brian Somers
77fc031d50 Fix a printf-style arg cast (again) 2000-06-23 09:48:26 +00:00
Brian Somers
b25838b462 e.g. -> e.g.,
Obtained from: OpenBSD
2000-06-23 09:48:02 +00:00
Brian Somers
a1bc3dccac Correct PPPoE in multi-link mode
Submitted by: jason@OpenBSD.org
2000-06-22 20:51:03 +00:00
Brian Somers
86c5e1ea4d Remove ``nat pptp'' as this is now done transparently by libalias. 2000-06-20 12:18:40 +00:00
Brian Somers
bee32c7928 Allow padding in LQR ECHO requests
Problem found by: Tomaz Borstnar <tomaz.borstnar@over.net>
2000-06-20 09:13:25 +00:00