thresholds (in terms of queued packets for a period of time)
where -auto links will be brought up and down. By default,
all auto links come up when we reach NETWORK phase and never
go down.
o Display current autoload state in `show bundle'.
o Disable the idle timer as soon as it's called.
o Disable the idle and autoload timers when exiting (in case
we're abending).
is not possible to switch to or from dedicated or direct mode,
but all other combinations are ok (eg. -auto -> -ddial).
o Cope with the fact that commands with optional context may not
be able to obtain a link with command_ChooseLink() (if all links
have been deleted for example).
o Allow `clone'ing in non-multilink mode. We may for example want
to configure two links in unilink mode and dial them both, using
the one that comes up first. It's also possible to rename
``deflink'' by cloning it, deleting the original, then setting
the mode of the new link.
into the ST_STOPPED state.
o Allow an optional ccp|lcp argument to `down'. The default is
still lcp (as before). You can now call down with no context
in multilink mode, in which case it'll down the multilink ccp
or the entire bundle (*very* rude).
o Allow an optional `!' after `close ccp' (close ccp!) to tell
ccp to stay in the CLOSED state after the terminate ACK. The
default is now to re-enter STOPPED so that the peer can bring
the layer back up if desired.
o Always handle proto-compressed packets, even if we've agreed
(in LCP) that the peer will not send us 1 byte protocols.
If the peer violates the LCP agreement, log it to the HDLC
log.
o Fix some comments.
the first ``%d'' in the unix-domain socket name with the
current interface unit number. In the case of tcp ports, allow
a ``+'' prefix to add the unit number to the specified port
number.
o Remove all mention of SIGUSR1 (was already #ifdef'd out). We
can't create diagnostic sockets on-the-fly with a signal any
more because there's no way of specifying the password without
confusing matters with the previous ppp.secret scenario.
Any `add' or `delete' command that uses MYADDR or HISADDR
will be added to the sticky route list (show ipcp). When
MYADDR or HISADDR change due to IPCP negotiations, and if
`sroutes' is enabled (the default), all sticky route
entries are updated in the routing table.
The end result is that `add default hisaddr' will ``stick'',
as will ``add myaddr 255.255.255.255 127.0.0.1'' and
``add 1.2.3.4 255.255.255.0 hisaddr''.
throughput measurement is enabled).
o Load balance the links based on weight *and* on a round-robin
basis. This makes things fairly even on an output basis. We
don't try to allow for the peer sending all his data down one
link (and try to send ours back up the other).
o Show the number of pending input buffers that can't be processed
in ``show mp''.
o Fix a typo in the man page.
log debug'' without filling our filesystem/screen with
junk that we don't really want to see.
o change PHYS_STDIN to PHYS_DIRECT - we can handle incoming
connections that aren't on STDIN_FILENO now.
o Allow return values from our FSM LayerUp functions. If
LayerUp() fails, the FSM does an immediate FsmDown() without
calling the fsm_parent's Layer{Up,Down} functions.
o Clear the close-on-exec flag of file descriptor 3 when executing
chat programs so that our documented ability to communicate with
/dev/tty via that descriptor works. Also document it as
descriptor 3, not 4 :-O
o Allow a ``rm'' command as an alias for ``remove''.
o Fix the bind()/connect()/accept() calls made by the MP server.
o Create bundle_SendDatalink() and bundle_ReceiveDatalink().
This allows `struct datalink's to flatten themselves, pass
through a pipe (read: the eye of a needle !) and come alive
at the other end. The donator then fork()s & exec()s pppmpipe,
``passing'' the connection to another ppp instance.
*** PPP NOW TALKS MULTILINK :-))) ***
Our link utilization is hideous, and lots of code needs
tidying still. It's also probably riddled with bugs !
It's been tested against itself only, and has hung once,
so confidence isn't high....
we've determined if we're going to join another ppp invocation.
o Make ``show link'' show all link details, and ``show links''
just give a list of links and their current status.
o Show our current label in ``show bundle''.
o Allow link cloning and removal as soon as our MRRU is set.
o Make ``show lcp'' require context as nothing will ever change
in our MP LCP (it's auto-configured as per rfc1990).
o Initialise our LQM owner in hdlc_Init().
o Store our endpoint discriminator and authentication name at both
the datalink and multilink level and compare them when we've
finished AUTHENTICATE phase and before entering NETWORK phase.
If they don't match, close the link again.
Display the information in the appropriate ``show'' command.
o Initialise datalink::phone and datalink::fsmp.object properly
when we're cloning the link.
o Show which link we're passing LQRs on in our diagnostics.
o Reject endpoint discriminator REQs at the logical multilink
level.
o Remove the rest of our CARRIER and LINK logging setup.
o change the default link name to ``deflink'' rather
than ``default''.
o Prepend the link name to CCP and LCP FSM diagnostics.
o Protect against 0 length options in CCP and IPCP REQ
interpreters (already done for LCP).
o Allow optional context for the `show' command.
o Use MPs link when interpreting commands if the multilink
mrru is configured rather than when multilink is active.
This means that once we've ``set mrru xxx'', we then need
to ``link deflink show ccp'' etc if we want to do link-level
stuff (based on the command requiring optional or manditory
context).
o Use the ifconfig'd interface address in `set enddisc {ip,mac}'
if it's there, otherwise the configuration file value.
multilink ('cos I've seen my ISP REQ it without multilink).
Setting MRRU is ifdef'd out until it's debugged and we can
merge -direct links with other running programs.
Fix MTU setting.
and denied by default (POLA).
o Remove ``enable'' msext. Now, doing a ``set nbns'' will
automatically enable a NBNS ACK/NAK rather than a REJ.
o Add accept|disable|deny|enable dns. If we ``accept'',
we'll tell the peer what our nameservers are (if he asks).
The values in resolv.conf can be overridden with the
``set dns'' command. If we ``enable'', we'll REQ using
our resolv.conf entries, and any NAKs are written back to
resolv.conf.
o Remove ``show msext'' and show the relevent IP numbers in
``show ipcp''.
is particularily useful when creating dial filters.
Original work by: Junichi SATOH (junichi@astec.co.jp)
o Parse a filter IP of ``0.0.0.0'' as having a width of 0,
not 32.
o Correct "set filter" usage message.
o Warn about bad filter names.
o Expand and correct a number of the man page sections.
bundle (non-negotiated vars) or to their respective IPCP,
LCP or CCP.
o Enable rolling throughput statistics by default.
o Remove the `display' command. These values now appear in
`show bundle', `show ipcp', `show ccp' and `show lcp'.
o Initialise auth name & key at bundle create time (oops).
o Rename pppd-deflate (the id-24 hack) to deflate24.
o Don't send both a REJ and a NAK to an IPCP or LCP REQ.
Favour the REJ (already done at the CCP level).
o Recurse in datalink_UpdateSet() when we change state, otherwise
we end up setting no descriptors and getting jammed in the
imminent select() instead of doing the dial/login/hangup.
o Display our CHAP encryption method despite being built with DES.
o Display VJ as not negotiated in ``show ipcp'' when necessary.
o Shuffle things that live at the datalink level into
``show link'' rather than ``show modem''.
o Make both ``show'' commands prettier and more consistent,
and display carrier status, link type and our name in
``show modem''.
o Show redial and reconnect information in ``show link''
and remove ``show redial'' and ``show reconnect''.
o Down the correct link in bundle_LinkLost().
o Remove stale -direct and -background links at the end
of our main loop, not when we know they're going. This
prevents unexpected pointer-invalidations...
o If we ``set server'' with the same values twice, notice
and don't moan about failure.
o Record dial script despite our link mode. The mode may
be changed later (next mod) :-) We never run scripts
in -direct and -dedicated modes.
o Make ``set server none'' functional again.
o Correct datalink state array so that we don't report an
``unknown'' state.
o Pass struct ipcp to IpcpCleanInterface, not struct fsm.
o Create TUN_PREFIX define rather than hard-coding in main.c
o prompt_TtyInit now handles a NULL prompt for -direct mode
rather than having to create one then destroy it uncleanly.
o Mention our mode in the "PPP Started" LogPHASE message.
o Bring all auto links up when we have something to send.
o Remove some redundant Physical_*() functions.
o Show which connection is running a command when logging
commands.
o Initialise throughput uptime correctly.
option. We never ask a client for MSChap when we've got
chap `enabled', and we dynamically answer using MSChap
if the peer demands it.
o Remove all of the bundle2*() series of functions except
bundle2datalink() as they're too expensive. The only
calls to bundle2datalink() are made from command.c when
determining context.
o Write to the correct modem in term mode, and check the
return value, dropping back to command mode if the write
fails.
Cosmetic:
Make the PPP COMMAND LIST section of the man page
prettier, better and more consistent. Alphabeticalise
all command lists and document missing commands.
o Our diagnostic socket has its password set in the `set socket'
line only (not in ppp.secret).
o Passwords are per server socket (*VarAuthKey are gone)
o Authority is per prompt (VarLocalAuth is gone).
o Local logging is per prompt.
o Add a `show who' command to see who's connected. No identd
routine - just a `where the connection came from' display.
o SIGUSR1 is disabled for now - we have no way of choosing a
password for the socket created :-(
Prompts are attached as a list of `struct descriptor's in
struct bundle, and serviced under the bundles descriptor
service routines. Ultimately, everything should be done
like this.
Cosmetic:
o alphabeticalise SRCS in Makefile.
o Add a few comments in command.h
TODO: Start checking that we don't overflow the descriptor sets
in select() now that we can have any number of descriptors.
struct lcp and display them in `show lcp'.
o Remove `show mru' and `show mtu' and make the data part of
`show lcp'. Also merge `set m[tr]u' and `set openmode'
implementations into the SetVariable function.
o `set timeout' only accepts the idle timer value as an argument.
o Move our lqr period into struct lcp, and create a `set lqrperiod'
command. Display it in `show lcp'.
o Remove VarRetryTimeout, and implement it at the LCP, PAP, CHAP,
CCP and IPCP levels, creating individual `set XXXretry' commands
for each. They must be separate because they have different
context requirements in multilink mode.
o Display default config values in `show ccp'.
o Tart the man page up a bit (wrt PPP/TCP, compression and LQR) and
explain the new commands.
dodgy packets by default.
The old behaviour is still available with ``disable idcheck''.
o Make all FSM diagnostics consistent and tidy up the way
we build our LCP/CCP/IPCP requests.
o Don't assume sizeof(u_long) == 4.
Increment OutPackets for any packet - not just LQRs
MFC:
o Fix a few comment typos.
o Fix ``set timeout'' usage message and documentation.
o Change ifOutPackets, ifOutOctets and ifOutLQRs to `u_int32_t's
so that they wrap correctly.
o Put the LQR in network byte order using the correct struct size
(sizeof u_int32_t, not sizeof u_long).
o Wrap LQR ECHO counters correctly.
o Don't increment OutLQR count if the last LQR hasn't been replied
to.
o Initialise last received LQR in StartLqm.
o Don't start the LQR timer if we're `disabled' and `accepted'.
o Generate LQR responses when both sides are using a timer and
we're not going to send our next LQR before the peers max timeout.
o Fix ``set timeout'' usage message and documentation.
o Change ifOutPackets, ifOutOctets and ifOutLQRs to `u_int32_t's
so that they wrap correctly.
o Put the LQR in network byte order using the correct struct size
(sizeof u_int32_t, not sizeof u_long).
o Wrap LQR ECHO counters correctly.
o Don't increment OutLQR count if the last LQR hasn't been replied
to.
o Initialise HisLqrData (last received LQR) in StartLqm.
o Don't start the LQR timer if we're `disabled' and `accepted'.
o Generate LQR responses when both sides are using a timer and
we're not going to send our next LQR before the peers max timeout.
LQR should now be fully functional.
getpwnam() lookup).
o Don't use chat_ExpandString on the password field in ppp.secret.
It's still possible to quote the string for embedded spaces.
o Don't allow multiple entries with the same name in ppp.secret.
Struct bundle will have its own struct ccp in the future
too.
o The ``set stopped'' command now requires context and doesn't
work on the IPCP FSM.
o Check if it's time to break out of our top level loop before
doing a select - otherwise, we'll select forever :-(
o Remove `struct link'::ccp (a temporary hack). It turns out
that IpStartOutput() calls link_Output() and link_Output()
incorrectly calls StartOutput() (really modem_StartOutput)
requiring the ccp knowledge so that it can call
IpStartOutput()... The end result is that the whole IP
output queue gets dumped into the modem output queue
and a pile of physical writes are done prematurely. This
makes the (original) code in main() actually work in that
it would not bother selecting() on the tun descriptor when
our modem queue length was 20 or greater. Instead, we now
make that decision based on the overall queue length.
This will need improvement later.
Don't mention the authors name at startup. He's already credited
in the man page. Instead, make the message consistent with the
one given to the diagnostic port (and fix the grammar when entering
`term' mode).
Don't credit the zlib author in the man page as ppp isn't linked
directly with zlib (it's shared).
Mention when the OpenBSD port was first made available.
The delay defaults to 1 sec (as it always has) unless we've done
a ~p in interactive mode or we've actually detected a HDLC frame.
This is now cleanly implemented (via async timers) so that it is
possible for LCP to come up despite the delay if an LCP REQ is
received.
This will hopefully solve situations with slow servers or slirp
scenarios (where ECHO is left on the port for a second or so before
the peer enters packet mode).
Also, ~p in interactive mode no longer changes the value of the default
openmode delay and -dedicated mode enters packet mode in the right state
according to the value of openmode.
o Allow a forth argument in ppp.secret, specifying a new
label. This gives control over which section of
ppp.link{up,down} is used based on the authenticated user.
o Support random address ranges in ppp.secret (not just in ppp.conf).
o Add a AUTHENTICATING INCOMING CONNECTIONS section to the man page.
o Add a bit more about DEFLATE in the man page.
o Fix the incorrect "you must specify a password in interactive
mode" bit of the manual.
o Space things in the man page consistently.
o Be more precice about where you can use MYADDR, HISADDR and INTERFACE
in the "add" command documentation.
not in -auto mode isn't a good idea, and that the
add should be done in ppp.linkup instead.
Change "add 0 0 HISADDR" to "add default HISADDR". It's
more intuitive.
RTM_CHANGE if the RTM_ADD fails with an EEXIST.
Allow "delete! dst" (note the ``!'') to silently
fail if the RTM_DELETE fails with an ESRCH.
Also, make the ESRCH and EEXIST error conditions
more understandable to the casual observer.
when command logging is switched on.
o Display ******** for the authkey for "show auth"
o Document how \P should be used, and document the other chat escapes
while I'm there.
o Make sure the full command is displayed when a compound command
fails - ie, "set novar rubbish" should say "set novar: Invalid command"
rather than "novar: Invalid command"
Problem pointed out by: Theo de Raadt <deraadt@cvs.openbsd.org> (among others)
Validate the peers suggested IP by attempting to make a routing table
entry.
Give up IPCP negotiation if the peer NAKs us with an unusable IP.
Always SIOCDIFADDR then SIOCAIFADDR when configuring the tun device.
Using SIOCSIFDSTADDR allows duplicate dst addresses (which we don't
want)!!!
Allow up to 200 interface names (was 50) (now that ppp can play server
properly).
Up the version number (1.5 -> 1.6).
Cosmetic:
Log unexpected CCP packets in the CCP log rather than the ERROR log.
Log unexpected Config Reqs in the appropriate LCP/IPCP/CCP log rather
than the ERROR log.
Log failed route additions and deletions with WARN, not TCPIP.
Log the option id and length for unrecognised IPCP options.
Change some .Sq to .Ar in the man page.
Delete AF_LINK routes as well as AF_INET.
Allow the word `default' as the arg to `delete' or in place of the
first two args (dest & netmask) to `add'.
Accept INTERFACE as the third arg to `add'.
You can now say `add default interface' to create a default route
through the tun interface. It's reported that subsequent bind()s
will bind to a broadcast address and not to the address currently
assigned to the tun device - this is the first step towards
supporting that first connection that was around from before the
dynamic IP negotiation....
(I *really* meant to do this *before* committing the
deflate changes in the first place - oops).
Pppd is horribly broken in this respect - refer to the
ppp man page for details. Ppp *WON'T* negotiate deflate
with pppd by default - you must ``enable'' and ``accept''
``pppd-deflate'' in your config.
While I'm in there, update the cftypes in ccp.c so that
we recognise some more protocols (we don't actually do
anything with them - just send a REJ).
o Add "allow" command:
"allow users a b c" gives access to users a, b and c.
"allow modes auto" gives those users access to auto mode only.
"allow users *" and "allow modes *" are accepted.
No users and all modes are allowed by default.
UID 0 can do anything.
o Set the current label with the "load" and "dial" commands
so that the call to ppp.linkdown makes sense.
o Up the verison number.
o Don't OR MODE_AUTO for -background and -ddial.
o Don't OR MODE_INTER when we get a diagnostic connection.
o Allow up to 40 args per line (was 20).
o "set ifaddr" only changes the interface in AUTO mode (with other
modes, it happens after IPCP negotiation).
o Sort command descriptions in the man page.
o Support -dedicated mode where we just talk ppp forever (no login etc).
Stay as the invoking uid as much as possible.
Execution as a normal user is still forbidden for now,
so these changes are pretty ineffective.
The next commit will implement the modifications suggested
on -hackers a number of days ago.
Insist that uid == 0 for client ppp
Disallow client sockets if no password is specified
Don't exit on failure to open client socket for listening
Allow specification of null local password
Use reasonable size (smaller) ``vector''s in auth.c
Fix "passwd ..." usage message
Insist on "all" as arg to "quit" (if any)
Drop client socket connection before Cleanup() when "quit all"
This tells ppp to loopback packets addressed to
the ppp interface IP coming *from* the tun
device.
This means that you can ping the tun interface IP
from inside :-)
idependently time out any of the FSMs.
Split LCP logging into LCP, IPCP and CCP logging,
and make room in "struct fsm" for the log level
that the state machine should use.
"set stopped" directive. If the timeout occurs
it will cause a "Down" event, hanging up the line
if it's still up. This *isn't* part of the FSM
diagram, but I consider it ok as a "higher level
implementation specific timeout" as specified in
the rfc ;-}
Discussed briefly with: joerg
INT cause a hangup - not exiting for -ddial & -auto.
HUP must exit because init sends this at system shutdown
time (why, I don't know), and we don't want to end up
redialing after the HUP (due to another dfilter packet).
Pointed out by and discussed with: ache
Catch SIGUSR1 to re-init listening socket.
Document signal behaviour.
Add missing '\n's to LogPrintf(LogWARN,...)
Main() returns int not void.
AF_LOCAL ideal suggested a long time ago by: joerg