1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-23 11:18:54 +00:00
Commit Graph

1356 Commits

Author SHA1 Message Date
Brian Somers
317e74fd2b Don't include a NUL at the end of our CHAP SUCCESS packet.
When encryption (MPPE) is enabled, WindowsME and Windows98 both
fail because of the extra byte, suggesting that they autheticated
successfully in their log and then dropping the connection, telling
the user that the peer doesn't support compatible encryption
options.

MFC after: 1 week
2001-07-31 21:36:00 +00:00
Brian Somers
65cacad456 Remove an irritating diagnostic emitted to LogPHASE when a
static proxy arp entry is deleted.

Rename a function (for consistency) and remove some whitespace
(for readability).

MFC after:	1 week
2001-07-31 15:19:07 +00:00
Brian Somers
ed09c8a4a0 When we receive a CHAP81 challenge response, we always expect the last
byte of the packet to contain '\0'.

Windows 98 gets this wrong, dropping garbage into the last byte and
failing authentication.

Now, we notice this and whinge to our log file that we're compensating
for the corrupt data.
2001-07-31 08:21:39 +00:00
Brian Somers
5a0827311e If the peer REJects our MRU REQ, stop REQing it -- *EVEN* if we're
doing PPPoE and the default MRU is therefore too big.

When negotiating with win2k, we ask for MRU 1492 and the win2k box
NAKs us saying ``MRU 1492''.  This doesn't make sense to me.  When
we continue to request MRU 1492, the win2k box eventually REJs our
MRU.  This fix allows negotiations to continue at that point,
bringing the link up and potentially allowing the win2k box to send
us frames that are too large.  AFAICT this is better than failing
to bring the link up.... probably !

I have no idea how to do the equivalent of ``route get'' or
``ifconfig -a'' under win2k, so I can't tell what MTU it actually
ends up using.

I believe the bug is in win2k (it's certainly mis-negotiating).
I'll MFC given the release engineers permission as code freeze
begins on August 1.

PR:		29277
MFC after:	3 days
2001-07-30 17:04:39 +00:00
Brian Somers
fe17bea378 Change permissions back to 4554/554
Suggested by:	kris
2001-07-28 11:58:41 +00:00
Brian Somers
5e3b2d6847 If the peer sends a REQ without the IPADDR option, only reject it
once.  If they repeat the request (again without the IPADDR option)
ACK it.

I've had reports that some ppp implementations will not assign
themselves an IP number.  This should negotiate with such things.

MFC after:	3 days
2001-07-28 11:32:08 +00:00
Brian Somers
525b58c9ce Handle peer REQ/NAKs of >1500 byte MRUs when we have no preference.
MFC after: 3 days
2001-07-26 11:33:53 +00:00
Brian Somers
1e0a94b6a0 Change permissions from [4]554 to [4]551
MFC after: 3 days
2001-07-25 11:44:04 +00:00
David E. O'Brien
90e655ea4e Perform a major cleanup of the usr.sbin Makefiles.
These are not perfectly in agreement with each other style-wise, but they
are orders of orders of magnitude more consistent style-wise than before.
2001-07-20 06:20:32 +00:00
David E. O'Brien
ac24b049cc Remove GCC'isms in CFLAGS. 2001-07-20 04:23:13 +00:00
Brian Somers
8152dca8b2 Bring the PPPoE Ethernet interface up *BEFORE* we send the node a
CONNECT message.

MFC after: 1 week
2001-07-18 09:33:45 +00:00
Brian Somers
17462195a8 Ignore (with a warning message) mtu/mru configurations that are greater
than the maximum physical values.

MFC after: 1 week
2001-07-17 01:06:13 +00:00
Brian Somers
c4498e7de4 TCPMSS adjusts all TCP SYN packets, not just outgoing ones.
Pointed out by: ru
2001-07-16 17:02:10 +00:00
Dima Dorfman
f247324df7 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
Brian Somers
6cee8a8317 Perform MSS fixups on incoming packets as well as outgoing.
MFC after: 1 week
2001-07-13 02:04:19 +00:00
Dima Dorfman
70d51341bf mdoc(7) police: remove extraneous .Pp before and/or after .Sh. 2001-07-09 09:54:33 +00:00
Brian Somers
b5b15b9e7f Fix the type of the last arg to execl()
Obtained from: OpenBSD
2001-07-09 08:17:47 +00:00
Brian Somers
543b7124d2 Staticise the OpenBSD SHA1_End() function 2001-07-09 00:45:57 +00:00
Brian Somers
4016f9e0c4 Stay (backwards-)compatible with OpenBSD's groff 2001-07-09 00:13:49 +00:00
Brian Somers
8829899405 Add a ``nat proto'' command -- similar to natd(8)'s -redirect_proto switch.
MFC after: 3 weeks
2001-07-09 00:07:56 +00:00
Brian Somers
7e62c63844 Don't try to dereference the -1th ccp algorithm array entry when we
open CCP with no algorithm.
2001-07-07 13:12:07 +00:00
Brian Somers
662a42f752 When we miss one or more packets in stateful mode *and* need to
perform a key change, *and* our sequence numbers have wrapped,
ensure that the number of key changes is calculated correctly.

The previous code counted down from a negative number to zero,
re-encrypting the current key on each iteration - this took some
time and strangely enough got the answer wrong !!!

Fix a(nother) spelling mistake while I'm there.
2001-07-07 03:06:20 +00:00
Brian Somers
80a18377e9 Spell stateful properly
Inconsistently done by:	brian
Spotted by:		ru
2001-07-06 23:45:32 +00:00
Ruslan Ermilov
8fa6936ded mdoc(7) police: removed hard sentence breaks, sorted xrefs. 2001-07-05 11:01:12 +00:00
Brian Somers
dd1a52b9e4 Make the last fix work properly on descriptors 1 and 2 (not just 0) 2001-07-04 09:32:34 +00:00
Brian Somers
108e336ab5 Handle any of descriptors 0, 1 or 2 being closed when we're
envoked -- don't use them (as return values from open()), then
(say) close(STDIN_FILENO) when daemonising.

This is done by grabbing 3 descriptors to /dev/null at startup and
releasing them after we've daemonised.

MFC after: 1 week
2001-07-04 03:34:20 +00:00
Brian Somers
6301d506fb Reduce the interface MTU by 2 when MPPE has been successfully negotiated.
This is necessary because MPPE will combine the protocol id with the
payload received on the tun interface, encrypt it, then prepend its
own protocol id, effectively increasing the payload by two bytes.
2001-07-03 22:20:19 +00:00
Brian Somers
4bb6aac05e Don't accept chap80lm by default - it doesn't work.
MFC after: 1 week
2001-07-03 22:20:11 +00:00
Brian Somers
f2e587a36c Silence some gcc warnings 2001-07-03 22:20:06 +00:00
Brian Somers
7aab014be6 Do away with the ``err'' variable.
Inspired by: kris
2001-07-03 01:02:26 +00:00
Kris Kennaway
0c50e5287e Silence some of the -Wnon-const-format warnings and add __printflike()
to a function prototype which needs it.

Approved by:	brian
MFC After:	2 weeks
2001-07-02 12:27:49 +00:00
Brian Somers
3ffb2555f4 Avoid using too many args for ``set m[tr]u''
This needs to work with OpenBSD's groff too :(
2001-06-20 19:55:58 +00:00
Brian Somers
90d259217c Call va_start/va_end for each call to vfprintf
Obtained from: OpenBSD
2001-06-18 23:24:26 +00:00
Brian Somers
6cf6ee7625 Add support for stateful MPPE (microsoft encryption) providing
encryption compatibility with Windows 2000.  Stateful encryption
uses less CPU but is bad on lossy transports.

The ``set mppe'' command has been expanded.  If it's used with any
arguments, ppp will insist on encryption, closing LCP if the other
end refuses.

Unfortunately, Microsoft have abused the CCP reset request so that
receiving a reset request does not result in a reset ack when using
MPPE...

Sponsored by:	Monzoon Networks AG and FreeBSD Services Limited
2001-06-18 15:00:22 +00:00
Brian Somers
c8b9fb53a1 Handle hardware-imposed MTU/MRU limitations. PPPoE will no longer
allow MRU/MTU negotiations to exceed 1492.

Add an optional ``max'' specifier to ``set m[rt]u'', ie.

	set mtu max 1480

Bump the ppp version number.

Sponsored by:	Monzoon Networks AG and FreeBSD Services Limited
2001-06-18 14:59:36 +00:00
Brian Somers
797c04a7a3 Correct the arg count after parsing a line with an unescaped # that isn't
preceeded with whitespace.

MFC after: 3 weeks
2001-06-15 13:58:06 +00:00
Brian Somers
65309e5cda Convert IIJ copyrights to BSD copyrights.
Approved by: Toshiharu OHNO <tohno@sirius.ocn.ne.jp>
2001-06-13 21:52:19 +00:00
Maxim Sobolev
fe11f6f605 Correct cross-references:
ng_bpf.8    --> ng_bpf.4
  ng_ether.8  --> ng_ether.4
  ng_iface.8  --> ng_iface.4
  ng_pppoe.8  --> ng_pppoe.4
  ng_socket.8 --> ng_socket.4
  ng_tty.8    --> ng_tty.4
  ng_{type}.4 --> /dev/null

MFC after:	1 week
2001-06-05 12:40:03 +00:00
Brian Somers
8b5baf7aea Renamed to README.nat 2001-06-04 14:40:06 +00:00
Brian Somers
057fee78cc Add BSD style copyrights (with permission from Charles Mott where appropriate)
Deprecate -alias further (after a repo-copy)
2001-06-04 14:38:29 +00:00
Brian Somers
47fe010cf3 Fix an alignment error
PR:		27766
Submitted by:	Sudish Joseph <sudish@mindspring.com>
MFC after:	2 weeks
2001-05-30 15:52:24 +00:00
Brian Somers
a65be2273d Don't say ``Enter pause (-1) for redialing when we're using a random interval.
Show the calculated random value instead.

Suggested by: Bill Richter <richterb@binkley.foothill.net>
2001-05-22 19:42:14 +00:00
Brian Somers
5f73635b93 If we don't receive a TY_IPADDR option as part of a configure request, NAK
as if we received one with 0.0.0.0 as the argument.
2001-05-22 09:03:30 +00:00
Brian Somers
448374baae Bring the interface IFF_UP from ipcp_InterfaceUp() (called from IPCP's
TLU event handler).

This used to be done as a side effect of SIOCAIFADDR'ing the interface,
but now that duplicate SIOCAIFADDRs are optimised out, we can't depend
on that behaviour.
2001-05-11 23:42:03 +00:00
Brian Somers
0272404f73 Handle situations where we've already got a P2P interface address
of a/x -> b and then negotiate a/x -> c by simply expecting SIOCAIFADDR
to do the change.

This was broken by the last commit that optimised out the deletion and
re-addition of the same a/x -> b combination, and forgot to compare
the old/new destination addresses.

Conveniently enough, this problem didn't effect setups where the
default route goes via the ppp link, and most other setups don't
care what the the destination address is actually set to.  It broke
test environments where ppp connects to the local machine rather
badly though....
2001-05-02 16:35:24 +00:00
Brian Somers
c8c946d45d Fix some quotes and mention that it's usually necessary to train
your modem to the correct speed when setting up an incoming getty.
2001-04-26 13:10:59 +00:00
Brian Somers
da70ad6081 Handle IP over IP (IPPROTO_IPV4) properly.
We now unwrap IP/IP and apply filter rules to both the outer
  layer (with ``set filter blah x.x.x.x y.y.y.y ipip'') and to
  the payload (reinterpreted by the filter rules).

  ``set log tcp/ip'' will now show both the outer wrapper and
  the (reinterpreted) payload contents.
2001-04-24 02:13:34 +00:00
Brian Somers
cef1df887e kldload ng_pppoe as necessary 2001-04-10 08:31:13 +00:00
Brian Somers
6ccdc30b6d It's possible to kldload netgraph (as well as the other ng_* bits),
so do it if required.
2001-04-05 22:53:35 +00:00
Brian Somers
03a2501aa5 When we change the interface MTU, run through the routing table and tweak
all route MTUs too.
2001-04-05 02:23:48 +00:00
Brian Somers
152a439010 Be a bit more persistent when the NET_RT_IFLIST sysctl returns ENOMEM
rather than dropping out immediately.
2001-04-03 08:21:28 +00:00
Brian Somers
0fea4ed0d0 Don't say ``PPP enabled'' if we're given the -quiet switch 2001-04-03 08:20:20 +00:00
Brian Somers
50ca6ec387 Don't assume challenges and responses don't contain embedded '\0's.
Mschapv2 response generation may produce embedded NULs... causing
us to send a bogus response to the radius server and end up
failing the client's valid response.

Problem pointed out by: Eugene Vigovskiy <vigov@com2com.ru>
2001-04-01 22:39:17 +00:00
Ruslan Ermilov
eb09fd4a2f -DRELEASE_CRUNCH moved into crunchgen(1) config files for
release building.  Remove a hack that is no longer needed.
2001-03-31 17:07:55 +00:00
Brian Somers
dc744e1949 Bring the PPPoE interface UP if required
Suggested by: archie
2001-03-28 09:45:27 +00:00
Brian Somers
e0f2c6088b Add some comments to two examples and extend a ``set ifaddr''. 2001-03-28 00:23:30 +00:00
Ruslan Ermilov
345e52e742 - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:42:20 +00:00
Brian Somers
16004197c4 If we're adding an interface address that is already one of the interface's
aliases with the same netmask and destination, don't remove it and then
re-add exactly the same thing.

This means that static (non-sticky) routes that use the interface address
(or destination address) as a destination will not suddenly evaporate when
IPCP comes up (not unless the negotiated IPs have changed anyway).
2001-03-25 01:34:27 +00:00
Brian Somers
1f39538d63 Quote PPP_CONFDIR in CFLAGS 2001-03-23 13:28:28 +00:00
Brian Somers
7a66a36d2a Change _PATH_PPP to PPP_CONFDIR and allow it to be overridden at compile time 2001-03-23 11:43:22 +00:00
Ruslan Ermilov
c73e22c3d4 Set the default manual section for usr.sbin/ to 8. 2001-03-20 18:17:26 +00:00
Roger Hardiman
e3771825e4 Allow LQR periods of 1 second and FSM retry periods of 1 second. This allows us
to run PPP over Radiocontact T-Link Radio Modems which run best when something
is transmitted at least every 1.5 seconds.

Tested by:	Jennifer Clark <jen@telepresence.strath.ac.uk>
Approved by:	Brian
2001-03-19 19:47:54 +00:00
Brian Somers
c4c6616ad6 Deal with ENOENT properly on non-devfs machines
Broken in revision 1.109
2001-03-12 12:53:53 +00:00
Brian Somers
26e6a622c0 MAXHOSTNAME includes space for a NUL 2001-03-09 20:31:02 +00:00
Brian Somers
c6fde08927 Talk a little more about the differences between PPPoE on FreeBSD & OpenBSD. 2001-03-09 00:12:09 +00:00
Brian Somers
5284761414 MAXPATHLEN -> PATH_MAX
Don't assume MAXHOSTNAMELEN includes the NUL
Correct a diagnostic
Use "localhost" in our prompt instead of ""
2001-03-08 23:51:50 +00:00
Brian Somers
2a2877b836 TUNSIFINFO now requires uid 0 to change the interface MTU.
Reviewed by:	Mark Knight <markk@knigma.org>
2001-03-08 10:33:30 +00:00
Ruslan Ermilov
c2d03ea879 Eliminate mdocNG warnings caused by misplaced or extraneous macro calls. 2001-02-28 17:38:53 +00:00
Brian Somers
6d110b1be0 Don't even look at af_family if accept() returns sa->sa_len == 0 2001-02-13 12:33:34 +00:00
Brian Somers
49ed07a3c0 A better fix for the PacketAliasProxyRule() call.
Submitted by: Ian Dowse <iedowse@maths.tcd.ie>
2001-02-10 17:26:14 +00:00
Ruslan Ermilov
036f8336fa mdoc(7) police: replace two -unfilled displays with -tag lists.
This works only because of bugs in current implementation: the
first .It after ``.Bd -unfilled'' re-enables filling mode and
does not restore (disable) it back afterwards.
2001-02-07 16:02:21 +00:00
Brian Somers
7f89db65f5 Add a ``Usable'' function to the ccp switch. The function
is called prior to sending a CCP configure request for a
given protocol.  The default is to send the request, but
this is overridden for MPPE which checks to see if the lcp
negotiations agreed CHAP81, and if not fails.

Use the same function to decide if we should reject peer
requests for MPPE.

This should get rid of those boring messages about not being
able to initialise MPPE when we don't negotiate CHAP81.
2001-02-04 22:53:11 +00:00
Brian Somers
64602637c7 MPPE_MasterKeyValid is only there if HAVE_DES is defined. 2001-02-04 01:20:33 +00:00
Brian Somers
c42627ffff Don't send an authentication failure response if we fail sending
a radius accounting packet.
2001-02-04 01:08:26 +00:00
Brian Somers
019d32bf74 Make the MPPE MasterKey Invalid messages a bit clearer (it now
complains that you can't do MPPE without CHAP81).

Reset MasterKeyValid to zero when we hit phase DEAD.
2001-02-04 01:08:24 +00:00
Brian Somers
2fc2f70582 Untangle some cunfusion between the CLOSE_STAYDOWN, CLOSE_LCP and
CLOSE_NORMAL meanings.  CLOSE_NORMAL doesn't change the currently
required state, the others do.  This should stop ppp from entering
DATALINK_READY when LCP shutdown doesn't end up happening cleanly.

Bump our version number to reflect this change.
2001-02-04 01:08:22 +00:00
Brian Somers
728ef5b2b0 Try to kldload if_tun if we get ENOENT from opening /dev/tunN -
not just if we get ENXIO.

This makes ppp work with DEVFS when if_tun isn't built into
the kernel (without needing to manually kldload it).
2001-02-02 01:41:26 +00:00
Ruslan Ermilov
610a5778c5 mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:44:04 +00:00
Brian Somers
2525421508 Fix some log_Printf() casting
Obtained from: NetBSD (pkgsrc)
2001-01-29 08:46:58 +00:00
Brian Somers
37b8a5c7bd Only remove socket files with ``set server open''.
Only show the mask in ``show bundle'' when it's been specified.
Complain about unexpected arguments after ``set server {none,open,closed}''
Log re-open failures as warnings rather than phase messages.
Fix some markup for the ``set server'' man page description.
2001-01-29 01:35:06 +00:00
Brian Somers
021996f177 Don't pass PacketAliasProxyRule() a buffer with leading whitespace as it
can't handle it.
2001-01-28 21:56:27 +00:00
Brian Somers
501fe45f67 Fix arg count 2001-01-26 01:48:16 +00:00
Brian Somers
15c8dc2a03 If executing the stuff from ppp.linkdown results in a state change,
don't continue adjusting the ipcp state machine.

This allows ``down'' to work in ppp.linkdown - useful for a tunnel
setup.
2001-01-26 01:43:38 +00:00
Brian Somers
74457d3d43 Allow ``set server closed'' to close the diagnostic socket.
Allow ``set server open'' to re-open the diagnostic socket.
Handle SIGUSR1 by re-opening the diagnostic socket
When receiving SIGUSR2 (and in ``set server none''), don't forget the
socket details so that ``set server open'' and SIGUSR1 open it again.

Don't create the diagnostic socket as uid 0 !  It's far to dangerous.
2001-01-26 01:41:34 +00:00
Brian Somers
d8a8ae09ed Fix for NetBSD where
.Oc Oc
  .Xc

doesn't seem to work....
2001-01-22 11:35:00 +00:00
Brian Somers
7d39b1e3be Handle SECDNS being rejected when PRIDNS is not
Submitted by:	OGAWA Takaya <t-ogawa@triaez.kaisei.org>
PR:		24518
2001-01-22 01:43:46 +00:00
Brian Somers
165fbe2672 Use fstat to check if descriptor 0 is a socket.
Suggested by: julian
2001-01-14 00:54:48 +00:00
Brian Somers
12df0d6c58 Log the ``MPPE: MasterKey is invalid...'' message as a CCP
diagnostic rather than a warning.
2000-12-29 22:25:56 +00:00
Ruslan Ermilov
8b5c4af3ff Prepare for mdoc(7)NG. 2000-12-27 15:30:30 +00:00
Ruslan Ermilov
88895b252c Add a missing dot. 2000-12-15 07:34:01 +00:00
Brian Somers
690a66afb0 Correct the documented default behaviour of mschap, mschap81 and MPPE.
Pointed out by: Mark Knight <markk@knigma.org>
2000-12-15 01:09:38 +00:00
Ruslan Ermilov
7a2650d625 mdoc(7) police: use canonical form of .Dd macro. 2000-12-11 15:57:16 +00:00
Brian Somers
723aebe85e Mention the MTU in ``show iface''. 2000-12-01 03:22:18 +00:00
Brian Somers
c63c8e7638 Call MSCHAP CHAP80 in ``show lcp'' so that it's consistent with CHAP81. 2000-11-29 15:47:35 +00:00
Brian Somers
17aa4afba3 Use only the bit after the ``\'' when hashing the challenge in
MSChapv2

Submitted by: Ustimenko Semen <semen@iclub.nsu.ru>
2000-11-28 22:50:40 +00:00
Brian Somers
94d7be5294 Add ``enable/disable tcpmssfixup'', defaulting to enabled.
Suggested by:	julian
Hijacked from:	ru (ports/net/tcpmssd)
2000-11-28 13:18:35 +00:00
Ben Smithurst
aa11a6dde4 various typo and minor punctuation changes.
PR:		23111
Submitted by:	Jimmy Olgeni <olgeni@uli.it>
2000-11-28 11:35:14 +00:00
Ruslan Ermilov
e97407b4f2 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
Brian Somers
b43607b7f2 Some gratuitous whitespace changes. 2000-11-19 16:58:59 +00:00
Brian Somers
a080fda810 Describe how to tunnel properly.
Requested by: Greg Quinlan <greg@macquarrie.com.au>
2000-11-19 16:54:57 +00:00