demand-dial links with dynamic IP numbers where the program
that causes the dial bind()s to an interface address that is
subsequently changed after ppp negotiation.
The problem is defeated by adding negotiated addresses to the
tun interface as additional alias addresses and providing a set
of ``iface'' commands for managing the interface. Libalias is
also required (and what a name clash!) - it happily IP-aliases
the address so that the source is that of the primary (negotiated)
interface and un-IP-aliases it on the way back.
An ``enable iface-alias'' is done implicitly by the -alias command
line switch. If -alias isn't given, iface-aliasing is disabled by
default and can't be enabled 'till an ``alias enable yes'' is done.
``alias enable no'' silently disables iface-alias.
So, for dynamic-IP-type-connections, running ``ppp -alias -auto blah''
will work for the first connection, although existing bindings will
not survive a disconnect/connect as the TCP peer will be trying to
send to the old IP address - the packets won't route.
It's now a lot easier to add IPXCP to ppp with minor updates to
the new iface.[ch] (if anyone ever gets 'round to it).
It's also now possible to manually add interface aliases with
something like ``iface add 1.2.3.4/24 5.6.7.8''. This allows
multi-homed ppp links :-)
(see the new ``set callback'' and ``set cbcp'' commands)
o Add a ``cbcp'' log level and mbuf type.
o Don't dump core when \T is given in ``set login'' or
``set hangup''.
o Allow ``*'' and blanks as placeholders in ppp.secret and
allow a fifth field for specifying auth/cbcp dialback
parameters.
o Remove a few extraneous #includes
o Define the default number of REQs (restart counter) in defs.h
rather than hardcoding ``5'' all over the place.
o Fix a few man page inconsistencies.
end up writing zero bytes, sleep for 1/10 of a second so that
we don't end up using up too much cpu.
This should only ever happen on systems that wrongly report a
descriptor as writable despite the tty buffer being full.
Discussed with: Jeff Evarts
o Do an initial run-time check to see if select() alters the passed
timeval. This knowledge isn't yet used, but will be soon.
bundle (non-negotiated vars) or to their respective IPCP,
LCP or CCP.
o Enable rolling throughput statistics by default.
o Remove the `display' command. These values now appear in
`show bundle', `show ipcp', `show ccp' and `show lcp'.
o Initialise auth name & key at bundle create time (oops).
o Rename pppd-deflate (the id-24 hack) to deflate24.
o Don't send both a REJ and a NAK to an IPCP or LCP REQ.
Favour the REJ (already done at the CCP level).
o Recurse in datalink_UpdateSet() when we change state, otherwise
we end up setting no descriptors and getting jammed in the
imminent select() instead of doing the dial/login/hangup.
o Display our CHAP encryption method despite being built with DES.
o Display VJ as not negotiated in ``show ipcp'' when necessary.
o Our diagnostic socket has its password set in the `set socket'
line only (not in ppp.secret).
o Passwords are per server socket (*VarAuthKey are gone)
o Authority is per prompt (VarLocalAuth is gone).
o Local logging is per prompt.
o Add a `show who' command to see who's connected. No identd
routine - just a `where the connection came from' display.
o SIGUSR1 is disabled for now - we have no way of choosing a
password for the socket created :-(
Prompts are attached as a list of `struct descriptor's in
struct bundle, and serviced under the bundles descriptor
service routines. Ultimately, everything should be done
like this.
Cosmetic:
o alphabeticalise SRCS in Makefile.
o Add a few comments in command.h
TODO: Start checking that we don't overflow the descriptor sets
in select() now that we can have any number of descriptors.
o Remove bundle2lcp(), bundle2ccp() and bundle2link().
They're too resource-hungry and we have `owner pointers'
to do their job.
o Make our FSM understand LCPs that are always ST_OPENED
(with a minimum code that != 1).
o Send FSM code rejects for invalid codes.
o Make our bundle fsm_parent deal with multiple links.
o Make timer diagnostics pretty and allow access via ~t
in `term' mode (not just when logging debug) and
`show timers'. Only show timers every second in debug
mode, otherwise we get too many diagnostics to be useful
(we probably still do). Also, don't restrict ~m in term
mode to depend on debug logging.
o Rationalise our bundles' phases.
o Create struct mp (multilink protocol). This is both an
NCP and a type of struct link. It feeds off other NCPs
for output, passing fragmented packets into the queues
of available datalinks. It also gets PROTO_MP input,
reassembles the fragments into ppp frames, and passes
them back to the HDLC layer that the fragments were passed
from.
** It's not yet possible to enter multilink mode :-( **
o Add `set weight' (requires context) for deciding on a links
weighting in multilink mode. Weighting is simplistic (and
probably badly implemented) for now.
o Remove the function pointers in struct link. They ended up
only applying to physical links.
o Configure our tun device with an MTU equal to the MRU from
struct mp's LCP and a speed equal to the sum of our link
speeds.
o `show {lcp,ccp,proto}' and `set deflate' now have optional
context and use ChooseLink() to decide on which `struct link'
to use. This allows behaviour as before when in non-multilink
mode, and allows access to the MP logical link in multilink
mode.
o Ignore reconnect and redial values when in -direct mode and
when cleaning up. Always redial when in -ddial or -dedicated
mode (unless cleaning up).
o Tell our links to `staydown' when we close them due to a signal.
o Remove remaining `#ifdef SIGALRM's (ppp doesn't function without
alarms).
o Don't bother strdup()ing our physical link name.
o Various other cosmetic changes.
This is a type of physical link that can chat and talk
LCP & CCP. A bundle contains a list of these (only one
in the list for the moment).
The datalink is a type of descriptor, and dials, enters
LCP (& does CCP), kicks the bundle when its FSMs do
something interesting and does the hangup chat script
on the way down. It also handles redials and reconnects.
There are lots of loose ends, and probably lots of bugs,
but the data structures are getting there !
o The FSM layering is now more sane.
o Move a lot of the NCP stuff into our ipcpstate rather than having it
in the bundle, including control of the configured IP addresses. We
don't need hacks like the global `linkup' variable any more as the
FSM decides when our ppp.link* files get run. This is going to eventually
be configurable based on FSM events anyway.
o Fix a few inconsistencies when both sides require authentication.
o We now have "Ppp..." and "PPp" prompts, reflecting authentication
and network phase. We don't print loads of spurious prompts as we
change phases any more.
o Our phase is part of the bundle now.
o Fix a bug where the FSM wasn't calling LayerFinish.
o Close the FSM down correctly with a signal rather than slamming it
down as if the line was dropped (the undocumented ``down'' command
is still available though).
o Remove the forgotten `tunno' variable and fix references to it.
This structure will eventually contain a list of NCPs (currently
only IPCP is supported) and a list of physical `struct link's.
It will also derive from a struct link itself.
Make ModemTimeout() static - it's way to dangerous to be called
from outside !
Bump version to 1.9. Our first MP release should be 2.0.
When building a release, RELEASE_CRUNCH is defined for a `make' of
the objects required by the crunch of each program. The object list
is still obtained in the same way, so you must make sure that all
objects are built (empty if necessary) by this make. ppp/Makefile
provides an example.
Reviewed by: jkh
Validate the peers suggested IP by attempting to make a routing table
entry.
Give up IPCP negotiation if the peer NAKs us with an unusable IP.
Always SIOCDIFADDR then SIOCAIFADDR when configuring the tun device.
Using SIOCSIFDSTADDR allows duplicate dst addresses (which we don't
want)!!!
Allow up to 200 interface names (was 50) (now that ppp can play server
properly).
Up the version number (1.5 -> 1.6).
Cosmetic:
Log unexpected CCP packets in the CCP log rather than the ERROR log.
Log unexpected Config Reqs in the appropriate LCP/IPCP/CCP log rather
than the ERROR log.
Log failed route additions and deletions with WARN, not TCPIP.
Log the option id and length for unrecognised IPCP options.
Change some .Sq to .Ar in the man page.
Remove extraneous decls.
Add ``const'' to several places.
Allow ``make NOALIAS=1'' to remove IP aliasing.
Merge with OpenBSD - only the Makefiles vary.
We can now survive a compile with
-Wall -Wbad-function-cast -Wcast-align -Wcast-qual
-Winline -Wmissing-declarations -Wmissing-prototypes
-Wnested-externs -Wpointer-arith -Wredundant-decls
-Wshadow -Wstrict-prototypes -Wwrite-strings -Wchar-subscripts
(although the Makefile just contains -Wall).
allowing for a possible header on the front of all packets.
In OpenBSD, there's a structure containing the address
family here.
If we're building under OpenBSD, set up the ``flags'' part
of struct tuninfo (not there under FreeBSD) so that we config
the interface as POINTOPOINT.
Prefix prototypes with ``extern'' in os.c for consistency.
These changes are cosmetic under FreeBSD, but allow ppp to
build & work under OpenBSD (bar the srandomdev() stuff,
the inclusing of <net/if_var.h> and some Makefile symantecs).
Stay as the invoking uid as much as possible.
Execution as a normal user is still forbidden for now,
so these changes are pretty ineffective.
The next commit will implement the modifications suggested
on -hackers a number of days ago.
o Add missing $Id$s
o Move extern decls from .c -> .h files
o Staticize
o Remove #includes from .h files
o style(9)ify includes
o bcopy -> memcpy
bzero -> memset
bcmp -> memcmp
index -> strchr
rindex -> strrchr
o Move timeout.h -> timer.h (making it consistent w/ timer.c)
o Add -Wmissing-prototypes
than /usr/include/des.h before building with MSChap.
support. Also allow -DNOCRYPT (as well as -DNOSECURE)
as an override
sbin/init example pointed out by: bde
Insist that uid == 0 for client ppp
Disallow client sockets if no password is specified
Don't exit on failure to open client socket for listening
Allow specification of null local password
Use reasonable size (smaller) ``vector''s in auth.c
Fix "passwd ..." usage message
Insist on "all" as arg to "quit" (if any)
Drop client socket connection before Cleanup() when "quit all"
Catch SIGUSR1 to re-init listening socket.
Document signal behaviour.
Add missing '\n's to LogPrintf(LogWARN,...)
Main() returns int not void.
AF_LOCAL ideal suggested a long time ago by: joerg
o Use syslog
o Remove references to stdout/stderr (incl perror())
o Introduce VarTerm - the interactive terminal or zero
o Allow "set timeout" to affect current session
o Change "set debug" to "set log"
o Allow "set log [+|-]flag"
o Make MSEXT and PASSWDAUTH stuff the default
o Move all #ifdef DEBUG stuff into the code - this
shouldn't be too much overhead. It's now controlled
with "set log +debug"
o Add "set log command, debug, tun, warn, error, alert"
o Remove cdefs.h, and assume an ansi compiler.
o Improve all diagnostic output
o Don't trap SIGSEGV
o SIGHUP now terminates again (log files are controlled
by syslog)
o Call CloseModem() when changing devices
o Fix parsing of third arg of "delete"
I think this fixes the "magic is same" problems that some
people have been experiencing.
The man page is being rewritten. It'll follow soon.
alias commands simply won't work. Only root may specify the
location of the alias lib (otherwise, it's hard-coded).
Make logprintf silently fail if LogOpen hasn't been called.
Suggested by: eivind
in uu_lock(). Add uu_lockerr() for turning the results of
uu_lock into something printable. Remove bogus section in man page
about race conditions allowing both processes to get the lock.
Include libutil.h and use uu_lock() correctly where it should.
Suggested by: ache@freebsd.org
These changes should fix the signal "problems" in ppp.
The signal changes should really be put into 2.2 too !
The following patches should do it. There were some other
changes made by Andrey recently that havn't been brought
into 2.2, it may be worth doing them now.
dangerous! Signal handlers themself must be fixed to not call malloc,
but no pended handlers, it will be correct fix. In finite case each signal
handler can set some variable which will be analized later, but calling
handler functions manually is too dangerous (f.e. signals not blocked while
the handler or handlers switch executed in this case). Of course this
code can be fixed instead of removing, but it not worth fixing in any case.
Should go into 2.2
In addition sig.c code shows following dangerous fragments (there can be more,
but I stop after two):
This fragment
if (fn == SIG_DFL || fn == SIG_IGN) {
handler[sig-1] = (sig_type)0;
<------------- here
signal(sig,fn);
} else {
cause NULL pointer reference when signal comes
"here", but more worse fragment is below:
void handle_signals() {
int sig;
if (caused)
for (sig=0; sig<__MAXSIG; sig++, caused>>=1)
if (caused&1)
(*handler[sig])(sig+1);
}
caused is bitmask which set corresponding bit on each signal coming.
And now imagine, what happens when some signal comes (bit sets) while loop
is executed (see caused>>=1 !!!)
In this light carrier drop situation was (as gdb shows)
1. SIGSEGV in handle_signals because some junk called as *handler reference.
2. Since SIGSEGV was pended too (== never happens),
it can cause various range of disasters.
