perform a key change, *and* our sequence numbers have wrapped,
ensure that the number of key changes is calculated correctly.
The previous code counted down from a negative number to zero,
re-encrypting the current key on each iteration - this took some
time and strangely enough got the answer wrong !!!
Fix a(nother) spelling mistake while I'm there.
envoked -- don't use them (as return values from open()), then
(say) close(STDIN_FILENO) when daemonising.
This is done by grabbing 3 descriptors to /dev/null at startup and
releasing them after we've daemonised.
MFC after: 1 week
This is necessary because MPPE will combine the protocol id with the
payload received on the tun interface, encrypt it, then prepend its
own protocol id, effectively increasing the payload by two bytes.
encryption compatibility with Windows 2000. Stateful encryption
uses less CPU but is bad on lossy transports.
The ``set mppe'' command has been expanded. If it's used with any
arguments, ppp will insist on encryption, closing LCP if the other
end refuses.
Unfortunately, Microsoft have abused the CCP reset request so that
receiving a reset request does not result in a reset ack when using
MPPE...
Sponsored by: Monzoon Networks AG and FreeBSD Services Limited
allow MRU/MTU negotiations to exceed 1492.
Add an optional ``max'' specifier to ``set m[rt]u'', ie.
set mtu max 1480
Bump the ppp version number.
Sponsored by: Monzoon Networks AG and FreeBSD Services Limited
TLU event handler).
This used to be done as a side effect of SIOCAIFADDR'ing the interface,
but now that duplicate SIOCAIFADDRs are optimised out, we can't depend
on that behaviour.
of a/x -> b and then negotiate a/x -> c by simply expecting SIOCAIFADDR
to do the change.
This was broken by the last commit that optimised out the deletion and
re-addition of the same a/x -> b combination, and forgot to compare
the old/new destination addresses.
Conveniently enough, this problem didn't effect setups where the
default route goes via the ppp link, and most other setups don't
care what the the destination address is actually set to. It broke
test environments where ppp connects to the local machine rather
badly though....
We now unwrap IP/IP and apply filter rules to both the outer
layer (with ``set filter blah x.x.x.x y.y.y.y ipip'') and to
the payload (reinterpreted by the filter rules).
``set log tcp/ip'' will now show both the outer wrapper and
the (reinterpreted) payload contents.
Mschapv2 response generation may produce embedded NULs... causing
us to send a bogus response to the radius server and end up
failing the client's valid response.
Problem pointed out by: Eugene Vigovskiy <vigov@com2com.ru>
aliases with the same netmask and destination, don't remove it and then
re-add exactly the same thing.
This means that static (non-sticky) routes that use the interface address
(or destination address) as a destination will not suddenly evaporate when
IPCP comes up (not unless the negotiated IPs have changed anyway).
