doing PPPoE and the default MRU is therefore too big.
When negotiating with win2k, we ask for MRU 1492 and the win2k box
NAKs us saying ``MRU 1492''. This doesn't make sense to me. When
we continue to request MRU 1492, the win2k box eventually REJs our
MRU. This fix allows negotiations to continue at that point,
bringing the link up and potentially allowing the win2k box to send
us frames that are too large. AFAICT this is better than failing
to bring the link up.... probably !
I have no idea how to do the equivalent of ``route get'' or
``ifconfig -a'' under win2k, so I can't tell what MTU it actually
ends up using.
I believe the bug is in win2k (it's certainly mis-negotiating).
I'll MFC given the release engineers permission as code freeze
begins on August 1.
PR: 29277
MFC after: 3 days
once. If they repeat the request (again without the IPADDR option)
ACK it.
I've had reports that some ppp implementations will not assign
themselves an IP number. This should negotiate with such things.
MFC after: 3 days
perform a key change, *and* our sequence numbers have wrapped,
ensure that the number of key changes is calculated correctly.
The previous code counted down from a negative number to zero,
re-encrypting the current key on each iteration - this took some
time and strangely enough got the answer wrong !!!
Fix a(nother) spelling mistake while I'm there.
envoked -- don't use them (as return values from open()), then
(say) close(STDIN_FILENO) when daemonising.
This is done by grabbing 3 descriptors to /dev/null at startup and
releasing them after we've daemonised.
MFC after: 1 week
This is necessary because MPPE will combine the protocol id with the
payload received on the tun interface, encrypt it, then prepend its
own protocol id, effectively increasing the payload by two bytes.
encryption compatibility with Windows 2000. Stateful encryption
uses less CPU but is bad on lossy transports.
The ``set mppe'' command has been expanded. If it's used with any
arguments, ppp will insist on encryption, closing LCP if the other
end refuses.
Unfortunately, Microsoft have abused the CCP reset request so that
receiving a reset request does not result in a reset ack when using
MPPE...
Sponsored by: Monzoon Networks AG and FreeBSD Services Limited
allow MRU/MTU negotiations to exceed 1492.
Add an optional ``max'' specifier to ``set m[rt]u'', ie.
set mtu max 1480
Bump the ppp version number.
Sponsored by: Monzoon Networks AG and FreeBSD Services Limited
TLU event handler).
This used to be done as a side effect of SIOCAIFADDR'ing the interface,
but now that duplicate SIOCAIFADDRs are optimised out, we can't depend
on that behaviour.
of a/x -> b and then negotiate a/x -> c by simply expecting SIOCAIFADDR
to do the change.
This was broken by the last commit that optimised out the deletion and
re-addition of the same a/x -> b combination, and forgot to compare
the old/new destination addresses.
Conveniently enough, this problem didn't effect setups where the
default route goes via the ppp link, and most other setups don't
care what the the destination address is actually set to. It broke
test environments where ppp connects to the local machine rather
badly though....
We now unwrap IP/IP and apply filter rules to both the outer
layer (with ``set filter blah x.x.x.x y.y.y.y ipip'') and to
the payload (reinterpreted by the filter rules).
``set log tcp/ip'' will now show both the outer wrapper and
the (reinterpreted) payload contents.
Mschapv2 response generation may produce embedded NULs... causing
us to send a bogus response to the radius server and end up
failing the client's valid response.
Problem pointed out by: Eugene Vigovskiy <vigov@com2com.ru>
aliases with the same netmask and destination, don't remove it and then
re-add exactly the same thing.
This means that static (non-sticky) routes that use the interface address
(or destination address) as a destination will not suddenly evaporate when
IPCP comes up (not unless the negotiated IPs have changed anyway).
to run PPP over Radiocontact T-Link Radio Modems which run best when something
is transmitted at least every 1.5 seconds.
Tested by: Jennifer Clark <jen@telepresence.strath.ac.uk>
Approved by: Brian
This works only because of bugs in current implementation: the
first .It after ``.Bd -unfilled'' re-enables filling mode and
does not restore (disable) it back afterwards.
is called prior to sending a CCP configure request for a
given protocol. The default is to send the request, but
this is overridden for MPPE which checks to see if the lcp
negotiations agreed CHAP81, and if not fails.
Use the same function to decide if we should reject peer
requests for MPPE.
This should get rid of those boring messages about not being
able to initialise MPPE when we don't negotiate CHAP81.
CLOSE_NORMAL meanings. CLOSE_NORMAL doesn't change the currently
required state, the others do. This should stop ppp from entering
DATALINK_READY when LCP shutdown doesn't end up happening cleanly.
Bump our version number to reflect this change.
Only show the mask in ``show bundle'' when it's been specified.
Complain about unexpected arguments after ``set server {none,open,closed}''
Log re-open failures as warnings rather than phase messages.
Fix some markup for the ``set server'' man page description.
Allow ``set server open'' to re-open the diagnostic socket.
Handle SIGUSR1 by re-opening the diagnostic socket
When receiving SIGUSR2 (and in ``set server none''), don't forget the
socket details so that ``set server open'' and SIGUSR1 open it again.
Don't create the diagnostic socket as uid 0 ! It's far to dangerous.
MPPE session keys correctly.
I'm a bit dubious about this code. It seems that the session keys
are initialised differently based on whether you're the client or
the server. One side is the server if it issues the first challenge,
but of course you can issue a challenge from both sides.... at the
same time. Sounds like another wonderful M$ assumption...
Ppp can now talk to itself correctly using encryption.
Problem solved by: Ustimenko Semen <semen@iclub.nsu.ru>
Hair torn out by: me
statistics as a side effect.
Submitted by: Marcin Cieslak <saper@system.pl>
with some tweaks to RAD_ACCT_SESSION_ID and
RAD_ACCT_MULTI_SESSION_ID generation by me.
isn't open and the links MRU >= our MRRU, send outbound traffic as
PROTO_IP rather than PROTO_MP. This shaves some bytes off the front
of each packet 'till the second link is brought up.
Idea obtained from: Cisco
of the two when calculating the MP throughput average for the ``set
autoload'' implementation.
This makes more sense as all links I know of are full-duplex. This
also means that people may need to adjust their autoload settings
as 100% bandwidth is now the theoretical maximum rather than 200%
(but of course, halfing the current settings is probably not the
correct answer either!).
This involves a ppp version bump as we need to pass an extra
throughput array through the MP local domain socket.
cumulative total of all active links rather than basing it on the
total of PROTO_MP traffic.
This fixes a problem whereby Cisco routers send PROTO_IP packets only
when there's only one link (hmm, what a good idea!).
effect the idle timer in different ways.
Submitted by: Stefan Esser <se@freebsd.org>
With adjustments by me to document the option in the man page and to
give the same semantics for outgoing traffic as incoming.
I made the style more consistent in ip.c - this should really have
been done as a separate commit.
o If the new ``filter-decapsulation'' is enabled, delve into UDP packets
that contain 0xff 0x03 as the first two bytes, and if we recognise it
as PROTO_IP, decapsulate it for the purpose of filter checking.
If we recognise it as PROTO_<anything else> mention this for logging
purposes only.
This change is aimed at people running PPPoUDP where the UDP traffic is
being sent over another PPP link. It's desireable to have the top level
link connected all the time, but to have the bottom level link capable
of decapsulating the traffic and comparing the payload against the filters,
thus allowing ``set filter dial ...'' to work in tunnelled environments.
The caveat here is that the top ppp cannot employ any compression layers
without making the data unreadable for the bottom ppp. ``disable deflate
pred1 vj'' and ``deny deflate pred1 vj'' is suggested.
DATALINK_CARRIER and turn off scripting.
This should fix instances where ``term'' is used followed by ~.
and then ``dial''/``open'' (it currently just sits there looking
at you).
Reported by: Tim Vanderhoek <vanderh@ecf.utoronto.ca>
used together by creating a SOCK_DGRAM socketpair() between
the processes.
Be polite when closing !program links and send a HUP to the
process. This makes ssh tunnels over unreliable media (such
as via httptunnel) reconnect properly.
when we're redialing/reconnecting.
While we're here, log redial, reconnect and phone number
announcements to LogCHAT, and reduce some other logging to
LogDEBUG.
When an NCP reaches TLF, *ONLY* datalink_Close() links that are
in DATALINK_OPEN.
When the last link reaches TLD, DOWN all NCPs (as we used to in the
links TLF (which was the wrong place anyway)), as the NCPs aren't
now going to datalink_Close() us unexpectedly, we get to continue
doing what we were told to do in the first place.
The result: When we lose a link, the IPCP layer goes down and
we actually call the stuff in ppp.linkdown !
It was not a good idea to remove csu_header from struct cspace, it had
ramifications which I didn't notice.
Restore src/usr.sbin/ppp/slcompress.h to the way it was, since MAX_HDR
was already defined as 128 there and it's a user program anyway.
In sys/net/slcompress.h make MAX_HDR 128 intead of MLEN to avoid
bloat.
My apologies for any inconvenience.
tree. This considerably reduces unnecessary bloat in struct slcompress.
I'm running with this change right now and have seen no negative
side-effects.
On my sytem this reduced kernel BSS by about 25KB.
Submitted by: bde
Approved by: brian for user-ppp
numbers in all commands.
If people use hostnames and have dodgy resolvers or try to resolve
the hostname before the link is up, they get what they deserve....
Requested by: ru
don't bother to re-initialise the NCPs. Instead wait for
bundle_LinkClosed() to be called - IFF it actually is called.
By initialising the NCPs at this point, ppp was recursing
back into the fsm_Down() routing for the link, and losing
track of the reason that the link was being brought down.
The end result was that ``set reconnect'' would never do
anything.
Patiently pointed out by: ru
if the childs exec() has succeeded or failed by taking advantage
of the fact that both processes share the same memory.
FWIW:
I tried to implement this by doing a pipe(), setting the
write desciptors close-on-exec flag in the child and writing
errno to the descriptor if the exec() fails. The parent can
then ``if (read()) got errno else exec worked''.
This didn't work though - the child could write() to fd[1] on
exec failure, but the parent got 0 trying to read() from fd[0] !
Is this a bug in execve() ?
dropping out of background/foreground/direct mode.
This avoids either having to wait for the redial timer before
exiting or jaming up in select() waiting for something that'll
never happen.
This is invaluable for dial-on-demand connections...
In ppp.linkup:
set log -dns -tcp/ip
and in ppp.linkdown
set log +dns +tcp/ip
giving a much better account of why the link came up.
value.
This has minimal impact here, but if ppp ever needs to frequently
remove timers before they've timed out, it can badly skew the next
item in the timer list without this change.
The correct fix would be to store usecs in `rest' rather than
TICKUNITs, but the math is easier if we just round...
that we adjust that timers `rest' value (with the current getitimer()
values) before using that to adjust the next items `rest' value.
After adjusting that value, restart the timer service so that we've
now got the correct setitimer() values.
I don't claim to own the code and certainly don't want to discourage
people from fixing or updating it.
[I know it's the 29th, but the FREEZE hasn't yet been posted to committers]
passed to libalias. If there's not enough space, things like ftp
PORT commands start failing....
Reported by: Gianmarco Giovannelli <gmarco@giovannelli.it>
4096 - sizeof struct mbuf, and set MAX_MRU and MAX_MTU
back to 2048.
2048 is big enough as an MTU/MRU, but we need to be able
to allocate larger mbufs after reassembling IP fragments.
twice (once for the arg parsing and once to make it a normal character).
Make the man page example consistent.
Reminded by: Bryan Liesner <bleez@netaxs.com>
a running timer. This fixes a problem where a dial is manually
aborted, the hangup script kicks in and the chat timer ends up
on the timer queue twice (tick tick tick tick *boom*)
method avoided all race conditions, but suffered from
sometimes running out of buffer space if enough clients
were piled up at the same time.
Now, the client pushes the link descriptor, one end of a
socketpair() and the ppp version via sendmsg() at the
server. The server replies with a pid. The client then
transfers any link lock with uu_lock_txfr() and writev()s
the actual link contents. The socketpair is now the only
place we need to have large socket buffers and the bind()ed
socket can keep the default 4k buffer while still handling
around 90 racing clients.
length field rather than the one byte message length field embedded
in the packet. This steps slightly outside of the protocol boundaries,
but should not cause any problems.
Limitation noted by: Simon Winwood <simon@winwood.org>
Previously, ppp attempted to bind() to a local domain tcp socket
based on the peer authname & enddisc. If it succeeded, it listen()ed
and became MP server. If it failed, it connect()ed and became MP
client. The server then select()ed on the descriptor, accept()ed
it and wrote its pid to it then read the link data & link file descriptor,
and finally sent an ack (``!''). The client would read() the server
pid, transfer the link lock to that pid, send the link data & descriptor
and read the ack. It would then close the descriptor and clean up.
There was a race between the bind() and listen() where someone could
attempt to connect() and fail.
This change removes the race. Now ppp makes the RCVBUF big enough on a
socket descriptor and attempts to bind() to a local domain *udp* socket
(same name as before). If it succeeds, it becomes MP server. If it
fails, it sets the SNDBUF and connect()s, becoming MP client. The server
select()s on the descriptor and recvmsg()s the message, insisting on at
least two descriptors (plus the link data). It uses the second descriptor
to write() its pid then read()s an ack (``!''). The client creates a
socketpair() and sendmsg()s the link data, link descriptor and one of
the socketpair descriptors. It then read()s the server pid from the
other socketpair descriptor, transfers any locks and write()s an ack.
Now, there can be no race, and a connect() failure indicates a stale
socket file.
This also fixes MP ppp over ethernet, where the struct msghdr was being
misconstructed when transferring the control socket descriptor.
Also, if we fail to send the link, don't hang around in a ``session
owner'' state, just do the setsid() and fork() if it's required to
disown a tty.
UDP idea suggested by: Chris Bennet from Mindspring at FreeBSDCon
inserting a new item. Without this, it's possible to
mis-insert quite badly... but only by as much as the load of
the first item, which is almost always 1 second.
Initialise the timerservice with `restart' set if we're inserting
at the start of the list.
doing a HangupDone(). The HangupDone() may fuel
bundle_CleanDatalinks(), and if so, the bogus
UpdateSet() ends up select()ing on a closed
descriptor.....
Change the main `do/while' loop to a `for' loop so
that any `continue's do the bundle_CleanDatalinks()
& bundle_IsDead() bit.
PPPoUDP connection.
(*) This is as correct as ftp and uucp wtmp entries are - that is,
multiple concurrent connections will not record enough information
in wtmp to tell last(1) who was logged in for how long.
re-open a device. The fact that we're in NETWORK phase indicates
that there are other links in DATALINK_OPEN and that we don't want
to stop using them.
Warn about -alias being depricated (but still allow it).
Don't moan twice about failing to open any tun device.
Fix a diagnostic and add the -quiet switch to the usage message.
that the first timer ends up doing a timer_Stop() on the second.
When this happens, remove the timer from the pending list so that
we still call any subsequent timers.
This bug has been here for several years, but has only been tickled
recently with my device layering changes.
With enormous thanks for the perseverance of: Ruslan Ermilov <ru@ucb.crimea.ua>
in struct cstate rather than copying the stored header slot into a
potentially mis-aligned buffer then trying to update the ip_sum
without causing an exception on non-i386 hardware.
I've never been able to reproduce this problem, but it has been
reported by many people... besides, the code is now a bit cleaner.
Testing & patience by: Anthony Solovjoff <asolovjoff@hotmail.com>
carrier instead so that we can set up our carrier detect
timer and eventually notice when we lose carrier.
Honour the script.run value when coming out of carrier state.
PR: 14145
ip_tos == IPTOS_LOWDELAY now get precidence over urgent
packets with ip_tos != IPTOS_LOWDELAY and non-urgent packets
with ip_tos == IPTOS_LOWDELAY.
Enhance the ``set urgent'' syntax to allow for urgent UDP
packets as well as urgent TCP packets.
o If a prompt is executing the command, only display the warning to
that prompt
o If a prompt is executing a ``load'' command, display the warning
to all prompts *and* syslog
o Otherwise, display the warning to all prompts *and* syslog.
(LCP/CCP/IPCP), one for urgent IP traffic and one for
everything else.
o Add the ``set urgent'' command for adjusting the list of
urgent port numbers. The default urgent ports are 21, 22,
23, 513, 514, 543 and 544 (Ports 80 and 81 have been
removed from the default priority list).
o Increase the buffered packet threshold from 20 to 30.
o Report the number of packets in the IP output queue and the
list of urgent ports under ``show ipcp''.
Supply RAD_NAS_IDENTIFIER if we have a `hostname` and
RAD_IP_ADDRESS if that hostname resolves.
Supply RAD_NAS_PORT using the ttyslot() of the tty that
we're authenticating on if it's a tty device.
Partially submitted by: Andriy I Pilipenko <bamby@marka.net.ua>
PR: 12225
going to remove ppp from the installation options in 5 days if ppp is
still broken, however, as it hasn't worked at installation time
for several weeks now and it's only causing people to fill my mailbox
with questions.
that ppp stays in the foreground.
o Add the -quiet switch to quieten ppps startup
o Add the -nat flag and discourage the use of the -alias flag. Both do
the same thing.
o Correct some nat usage strings.
o Change the internal ``alias'' command to ``nat''.