structures (well, they're treated as opaque).
It's now possible to manage IPv6 interface addresses and routing
table entries and to filter IPV6 traffic whether encapsulated or
not.
IPV6CP support is crude for now, and hasn't been tested against
any other implementations.
RADIUS and IPv6 are independent of eachother for now.
ppp.linkup/ppp.linkdown aren't currently used by IPV6CP
o Understand all protocols(5) in filter rules rather than only a select
few.
o Allow a mask specification for the ``delete'' command. It's now
possible to specifically delete one of two conflicting routes.
o When creating and deleting proxy arp entries, do it for all IPv4
interface addresses rather than doing it just for the ``current''
peer address.
o When iface-alias isn't in effect, don't blow away manually (via ``iface
add'') added interface addresses.
o When listening on a tcp server (diagnostic) socket, bind so that a
tcp46 socket is created -- allowing both IPv4 and IPv6 connections.
o When displaying ICMP traffic, don't display the icmp type twice.
When display traffic, display at least some information about unrecognised
traffic.
o Bump version
Inspired after filtering work by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
once. If they repeat the request (again without the IPADDR option)
ACK it.
I've had reports that some ppp implementations will not assign
themselves an IP number. This should negotiate with such things.
MFC after: 3 days
ip_tos == IPTOS_LOWDELAY now get precidence over urgent
packets with ip_tos != IPTOS_LOWDELAY and non-urgent packets
with ip_tos == IPTOS_LOWDELAY.
Enhance the ``set urgent'' syntax to allow for urgent UDP
packets as well as urgent TCP packets.
(LCP/CCP/IPCP), one for urgent IP traffic and one for
everything else.
o Add the ``set urgent'' command for adjusting the list of
urgent port numbers. The default urgent ports are 21, 22,
23, 513, 514, 543 and 544 (Ports 80 and 81 have been
removed from the default priority list).
o Increase the buffered packet threshold from 20 to 30.
o Report the number of packets in the IP output queue and the
list of urgent ports under ``show ipcp''.
the layering.
We now ``stack'' layers as soon as we open the device (when we figure
out what we're dealing with). A static set of `dispatch' routines are
also declared for dealing with incoming packets after they've been
`pulled' up through the stacked layers.
Physical devices are now assigned handlers based on the device type
when they're opened. For the moment there are three device types;
ttys, execs and tcps.
o Increment version number to 2.2
o Make an entry in [uw]tmp for non-tty -direct invocations (after
pap/chap authentication).
o Make throughput counters quad_t's
o Account for the absolute number of mbuf malloc()s and free()s in
``show mem''.
o ``show modem'' becomes ``show physical''.
This was pretty harmless as netmasks on a POINTOPOINT
interface are pretty much ignored, but it looked funny.
Mention the configured netmask in ``show ipcp''.
Describe in more detail what a proxy arp entry is.
that are made in each of the FSMs (LCP, CCP & IPCP) and the
number of REQs/Challenges for PAP/CHAP by accepting more arguments
in the ``set {c,ip,l}cpretry'' and ``set {ch,p}apretry'' commands.
Change the non-convergence thresholds to 3 times the number of configured
REQ tries (rather than the previous fixed ``10''). We now notice
repeated NAKs and REJs rather than just REQs.
Don't suggest that CHAP 0x05 isn't supported when it's not configured.
Fix some bugs that expose themselves with smaller numbers of retries:
o Handle instantaneous disconnects (set device /dev/null) correctly
by stopping all fsm timers in fsm2initial.
o Don't forget to uu_unlock() devices that are files but are not
ttys (set device /dev/zero).
Fix a *HORRENDOUS* bug in RFC1661 (already fixed for an Open event in state
``Closed''):
According to the state transition table, a RCR+ or RCR- received in
the ``Stopped'' state are supposed to InitRestartCounter, SendConfigReq
and SendConfig{Ack,Nak}. However, in ``Stopped'', we haven't yet
done a TLS (or the last thing we did is a TLF). We must therefore
do the TLS at this point !
This was never noticed before because LCP and CCP used not use
LayerStart() for anything interesting, and IPCP tends to go into
Stopped then get a Down because of an LCP RTR rather than getting a
RCR again.
details. Compiling with -DNORADIUS (the default for `release')
removes support.
TODO: The functionality in libradius::rad_send_request() needs
to be supplied as a set of routines so that ppp doesn't
have to wait indefinitely for the radius server(s). Instead,
we need to get a descriptor back, select() on the descriptor,
and ask libradius to service it when necessary.
For now, ppp blocks SIGALRM while in rad_send_request(), so
it misses PAP/CHAP retries & timeouts if they occur.
Only PAP is functional. When CHAP is attempted, libradius
complains that no User-Password has been specified... rfc2138
says that it *mustn't* be used for CHAP :-(
Sponsored by: Internet Business Solutions Ltd., Switzerland
for every machine on every class C or smaller subnet that we
route to.
Add ``set {send,recv}pipe'' for controlling our socket buffer
sizes.
Mention the IP number with the problem in a few error messages.
All submitted by: Craig Leres <leres@ee.lbl.gov>
Modified slightly by: me
demand-dial links with dynamic IP numbers where the program
that causes the dial bind()s to an interface address that is
subsequently changed after ppp negotiation.
The problem is defeated by adding negotiated addresses to the
tun interface as additional alias addresses and providing a set
of ``iface'' commands for managing the interface. Libalias is
also required (and what a name clash!) - it happily IP-aliases
the address so that the source is that of the primary (negotiated)
interface and un-IP-aliases it on the way back.
An ``enable iface-alias'' is done implicitly by the -alias command
line switch. If -alias isn't given, iface-aliasing is disabled by
default and can't be enabled 'till an ``alias enable yes'' is done.
``alias enable no'' silently disables iface-alias.
So, for dynamic-IP-type-connections, running ``ppp -alias -auto blah''
will work for the first connection, although existing bindings will
not survive a disconnect/connect as the TCP peer will be trying to
send to the old IP address - the packets won't route.
It's now a lot easier to add IPXCP to ppp with minor updates to
the new iface.[ch] (if anyone ever gets 'round to it).
It's also now possible to manually add interface aliases with
something like ``iface add 1.2.3.4/24 5.6.7.8''. This allows
multi-homed ppp links :-)
is not possible to switch to or from dedicated or direct mode,
but all other combinations are ok (eg. -auto -> -ddial).
o Cope with the fact that commands with optional context may not
be able to obtain a link with command_ChooseLink() (if all links
have been deleted for example).
o Allow `clone'ing in non-multilink mode. We may for example want
to configure two links in unilink mode and dial them both, using
the one that comes up first. It's also possible to rename
``deflink'' by cloning it, deleting the original, then setting
the mode of the new link.
Any `add' or `delete' command that uses MYADDR or HISADDR
will be added to the sticky route list (show ipcp). When
MYADDR or HISADDR change due to IPCP negotiations, and if
`sroutes' is enabled (the default), all sticky route
entries are updated in the routing table.
The end result is that `add default hisaddr' will ``stick'',
as will ``add myaddr 255.255.255.255 127.0.0.1'' and
``add 1.2.3.4 255.255.255.0 hisaddr''.
call it after link authentication.
o Pretty print our bundle MTU.
o Correct MP header encoding and decoding (should be network byte order).
o Add some debug diagnostics so that we can see MP fragment sending and
re-assembly.
and denied by default (POLA).
o Remove ``enable'' msext. Now, doing a ``set nbns'' will
automatically enable a NBNS ACK/NAK rather than a REJ.
o Add accept|disable|deny|enable dns. If we ``accept'',
we'll tell the peer what our nameservers are (if he asks).
The values in resolv.conf can be overridden with the
``set dns'' command. If we ``enable'', we'll REQ using
our resolv.conf entries, and any NAKs are written back to
resolv.conf.
o Remove ``show msext'' and show the relevent IP numbers in
``show ipcp''.
bundle (non-negotiated vars) or to their respective IPCP,
LCP or CCP.
o Enable rolling throughput statistics by default.
o Remove the `display' command. These values now appear in
`show bundle', `show ipcp', `show ccp' and `show lcp'.
o Initialise auth name & key at bundle create time (oops).
o Rename pppd-deflate (the id-24 hack) to deflate24.
o Don't send both a REJ and a NAK to an IPCP or LCP REQ.
Favour the REJ (already done at the CCP level).
o Recurse in datalink_UpdateSet() when we change state, otherwise
we end up setting no descriptors and getting jammed in the
imminent select() instead of doing the dial/login/hangup.
o Display our CHAP encryption method despite being built with DES.
o Display VJ as not negotiated in ``show ipcp'' when necessary.
o Shuffle things that live at the datalink level into
``show link'' rather than ``show modem''.
o Make both ``show'' commands prettier and more consistent,
and display carrier status, link type and our name in
``show modem''.
o Show redial and reconnect information in ``show link''
and remove ``show redial'' and ``show reconnect''.
o Down the correct link in bundle_LinkLost().
o Remove stale -direct and -background links at the end
of our main loop, not when we know they're going. This
prevents unexpected pointer-invalidations...
o If we ``set server'' with the same values twice, notice
and don't moan about failure.
o Record dial script despite our link mode. The mode may
be changed later (next mod) :-) We never run scripts
in -direct and -dedicated modes.
o Make ``set server none'' functional again.
o Correct datalink state array so that we don't report an
``unknown'' state.
o Pass struct ipcp to IpcpCleanInterface, not struct fsm.
o Create TUN_PREFIX define rather than hard-coding in main.c
o prompt_TtyInit now handles a NULL prompt for -direct mode
rather than having to create one then destroy it uncleanly.
o Mention our mode in the "PPP Started" LogPHASE message.
o Bring all auto links up when we have something to send.
o Remove some redundant Physical_*() functions.
o Show which connection is running a command when logging
commands.
o Initialise throughput uptime correctly.
o Move Var*Version into command.c
o Remove struct pppVars (and there was much rejoicing) !
o Forward-decl some structs in .h files to avoid include
ordering requirements and remove a few more redundant
#includes.
struct lcp and display them in `show lcp'.
o Remove `show mru' and `show mtu' and make the data part of
`show lcp'. Also merge `set m[tr]u' and `set openmode'
implementations into the SetVariable function.
o `set timeout' only accepts the idle timer value as an argument.
o Move our lqr period into struct lcp, and create a `set lqrperiod'
command. Display it in `show lcp'.
o Remove VarRetryTimeout, and implement it at the LCP, PAP, CHAP,
CCP and IPCP levels, creating individual `set XXXretry' commands
for each. They must be separate because they have different
context requirements in multilink mode.
o Display default config values in `show ccp'.
o Tart the man page up a bit (wrt PPP/TCP, compression and LQR) and
explain the new commands.
o Don't remove routes and DOWN the interface when we're
closed in auto mode.
o Initialize the FSMs in bundle_Create.
o Initialize ipcp::if_mine & ipcp::if_peer only once (so
that we don't forget that we've SIOCAIFADDR'd the interface).
o Do a SIOCDIFADDR on the specific address to avoid hurting any
other (still non-existent) NCPs.
o Fix some error/diagnostic messages.
o The FSM layering is now more sane.
o Move a lot of the NCP stuff into our ipcpstate rather than having it
in the bundle, including control of the configured IP addresses. We
don't need hacks like the global `linkup' variable any more as the
FSM decides when our ppp.link* files get run. This is going to eventually
be configurable based on FSM events anyway.
o Fix a few inconsistencies when both sides require authentication.
o We now have "Ppp..." and "PPp" prompts, reflecting authentication
and network phase. We don't print loads of spurious prompts as we
change phases any more.
o Our phase is part of the bundle now.
o Fix a bug where the FSM wasn't calling LayerFinish.
o Close the FSM down correctly with a signal rather than slamming it
down as if the line was dropped (the undocumented ``down'' command
is still available though).
o Remove the forgotten `tunno' variable and fix references to it.
This structure will eventually contain a list of NCPs (currently
only IPCP is supported) and a list of physical `struct link's.
It will also derive from a struct link itself.
Make ModemTimeout() static - it's way to dangerous to be called
from outside !
Bump version to 1.9. Our first MP release should be 2.0.
IPCP, CCP and LCP are now just derived FSMs.
Comment each of the FSM implementations so that we can
tell what's going on.
Revise the state transitions so that CCP and IPCP actually
send terminate REQs when appropriate.
The OS & IPCP layers are still like spagetti (next job).
o Use INADDR_ANY and INADDR_BROADCAST instead of 0 and 0xffffffff
for IP addresses & masks.
o Move struct compreq into ipcp.c (it's none of anyone elses
business).
o Rename MAX_STATES to MAX_VJ_STATES.
o Allow a forth argument in ppp.secret, specifying a new
label. This gives control over which section of
ppp.link{up,down} is used based on the authenticated user.
o Support random address ranges in ppp.secret (not just in ppp.conf).
o Add a AUTHENTICATING INCOMING CONNECTIONS section to the man page.
o Add a bit more about DEFLATE in the man page.
o Fix the incorrect "you must specify a password in interactive
mode" bit of the manual.
o Space things in the man page consistently.
o Be more precice about where you can use MYADDR, HISADDR and INTERFACE
in the "add" command documentation.
Validate the peers suggested IP by attempting to make a routing table
entry.
Give up IPCP negotiation if the peer NAKs us with an unusable IP.
Always SIOCDIFADDR then SIOCAIFADDR when configuring the tun device.
Using SIOCSIFDSTADDR allows duplicate dst addresses (which we don't
want)!!!
Allow up to 200 interface names (was 50) (now that ppp can play server
properly).
Up the version number (1.5 -> 1.6).
Cosmetic:
Log unexpected CCP packets in the CCP log rather than the ERROR log.
Log unexpected Config Reqs in the appropriate LCP/IPCP/CCP log rather
than the ERROR log.
Log failed route additions and deletions with WARN, not TCPIP.
Log the option id and length for unrecognised IPCP options.
Change some .Sq to .Ar in the man page.
