kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

PPP daemon and LKM with MPPE - Microsoft Point-to-Point Encryption

Browse source
This commit is contained in:
dbj 1999-10-08 04:34:43 +00:00
parent ab6f85f54a
commit ff1c7a9985
60 changed files with 9731 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
net/ppp-mppe/Makefile Normal file
View file

@ -0,0 +1,47 @@
# $NetBSD: Makefile,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
DISTNAME= ppp-2.3.9
PKGNAME= ppp-mppe-2.3.9
CATEGORIES= net
MASTER_SITES= ftp://cs.anu.edu.au/pub/software/ppp/
MAINTAINER= dbj@netbsd.org
HOMEPAGE= http://www.moretonbay.com/vpn/releases/
BUILD_DEPENDS= ${BUILD_ROOT}/security/openssl/${WRKDIR:T}/openssl-0.9.2b/crypto/rc4:../../security/openssl:extract
HAS_CONFIGURE= yes
MANCOMPRESSED_IF_MANZ= yes
post-extract:
@${MKDIR} ${WRKSRC}/netbsd-1.4
@${CP} ${BUILD_ROOT}/security/openssl/${WRKDIR:T}/openssl-0.9.2b/crypto/sha/sha.h ${WRKSRC}/pppd/sha.h
@${CP} ${BUILD_ROOT}/security/openssl/${WRKDIR:T}/openssl-0.9.2b/crypto/sha/sha1dgst.c ${WRKSRC}/pppd/sha1dgst.c
@${CP} ${BUILD_ROOT}/security/openssl/${WRKDIR:T}/openssl-0.9.2b/crypto/sha/sha_locl.h ${WRKSRC}/pppd/sha_locl.h
@${CP} ${BUILD_ROOT}/security/openssl/${WRKDIR:T}/openssl-0.9.2b/crypto/opensslv.h ${WRKSRC}/pppd/opensslv.h
@${CP} ${BUILD_ROOT}/security/openssl/${WRKDIR:T}/openssl-0.9.2b/crypto/rc4/rc4_skey.c ${WRKSRC}/netbsd-1.4/rc4_skey.c
@${CP} ${BUILD_ROOT}/security/openssl/${WRKDIR:T}/openssl-0.9.2b/crypto/rc4/rc4.h ${WRKSRC}/netbsd-1.4/rc4.h
@${CP} ${BUILD_ROOT}/security/openssl/${WRKDIR:T}/openssl-0.9.2b/crypto/rc4/rc4_locl.h ${WRKSRC}/netbsd-1.4/rc4_locl.h
@${CP} ${BUILD_ROOT}/security/openssl/${WRKDIR:T}/openssl-0.9.2b/crypto/rc4/rc4_enc.c ${WRKSRC}/netbsd-1.4/rc4_enc.c
@${CP} ${BUILD_ROOT}/security/openssl/${WRKDIR:T}/openssl-0.9.2b/crypto/opensslv.h ${WRKSRC}/netbsd-1.4/opensslv.h
@${CP} ${BUILD_ROOT}/security/openssl/${WRKDIR:T}/openssl-0.9.2b/crypto/sha/sha1dgst.c ${WRKSRC}/netbsd-1.4/sha1dgst.c
@${CP} ${BUILD_ROOT}/security/openssl/${WRKDIR:T}/openssl-0.9.2b/crypto/sha/sha_locl.h ${WRKSRC}/netbsd-1.4/sha_locl.h
@${CP} ${BUILD_ROOT}/security/openssl/${WRKDIR:T}/openssl-0.9.2b/crypto/sha/sha.h ${WRKSRC}/netbsd-1.4/sha.h
@${MV} ${WRKSRC}/pppd/md4.h ${WRKSRC}/pppd/md4.h.hide
@${MV} ${WRKSRC}/pppd/md5.h ${WRKSRC}/pppd/md5.h.hide
pre-install:
${INSTALL_PROGRAM_DIR} ${PREFIX}/lkm
SYSDIR?=/sys
MAKE_ENV+= SYSDIR="${SYSDIR}"
# until PR 5377 is addressed, we need kernel src around to build lkm's
pre-build:
.if !exists(${SYSDIR}/lib/libkern/libkern.h)
@${ECHO} "This package requires the kernel source to build its lkm."
@${ECHO} "Install it in ${SYSDIR} or set the SYSDIR variable to its location."
@${FALSE}
.endif
.include "../../mk/bsd.pkg.mk"

4
net/ppp-mppe/files/md5 Normal file
View file

@ -0,0 +1,4 @@
$NetBSD: md5,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
MD5 (ppp-2.3.9.tar.gz) = 3bda111ae5391ac8b875c14a49514fd1
MD5 (ppp-2.3.8-mppe-others-norc4_TH7.diff.gz) = 07480c9f47268d66fe93cf42b3a7ed9a

15
net/ppp-mppe/patches/patch-aa Normal file
View file

@ -0,0 +1,15 @@
$NetBSD: patch-aa,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
Index: chat/chat.8
diff -u chat/chat.8:1.1.1.5 chat/chat.8:1.11
--- chat/chat.8:1.1.1.5 Tue Aug 24 19:50:05 1999
+++ chat/chat.8 Tue Aug 24 19:52:15 1999
@@ -424,7 +425,7 @@
.B \\\\s
Represents a space character in the string. This may be used when it
is not desirable to quote the strings which contains spaces. The
-sequence 'HI TIM' and HI\\sTIM are the same.
+sequence 'HI\ TIM' and HI\\sTIM are the same.
.TP
.B \\\\t
Send or expect a tab character.

133
net/ppp-mppe/patches/patch-ab Normal file
View file

@ -0,0 +1,133 @@
$NetBSD: patch-ab,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
Index: chat/chat.c
diff -u chat/chat.c:1.1.1.5 chat/chat.c:1.18
--- chat/chat.c:1.1.1.5 Tue Aug 24 19:50:04 1999
+++ chat/chat.c Tue Aug 24 20:15:00 1999
@@ -144,18 +150,6 @@
"unknown error")
#endif
-/*************** Micro getopt() *********************************************/
-#define OPTION(c,v) (_O&2&&**v?*(*v)++:!c||_O&4?0:(!(_O&1)&& \
- (--c,++v),_O=4,c&&**v=='-'&&v[0][1]?*++*v=='-'\
- &&!v[0][1]?(--c,++v,0):(_O=2,*(*v)++):0))
-#define OPTARG(c,v) (_O&2?**v||(++v,--c)?(_O=1,--c,*v++): \
- (_O=4,(char*)0):(char*)0)
-#define OPTONLYARG(c,v) (_O&2&&**v?(_O=1,--c,*v++):(char*)0)
-#define ARG(c,v) (c?(--c,*v++):(char*)0)
-
-static int _O = 0; /* Internal state */
-/*************** Micro getopt() *********************************************/
-
char *program_name;
#define MAX_ABORTS 50
@@ -269,12 +263,12 @@
char **argv;
{
int option;
- char *arg;
+ int i;
program_name = *argv;
tzset();
- while ((option = OPTION(argc, argv)) != 0) {
+ while ((option = getopt(argc, argv, ":evVf:t:r:sST:U:")) != -1) {
switch (option) {
case 'e':
++echo;
@@ -297,25 +291,24 @@
break;
case 'f':
- if ((arg = OPTARG(argc, argv)) != NULL)
- chat_file = copy_of(arg);
+ if (optarg != NULL)
+ chat_file = copy_of(optarg);
else
usage();
break;
case 't':
- if ((arg = OPTARG(argc, argv)) != NULL)
- timeout = atoi(arg);
+ if (optarg != NULL)
+ timeout = atoi(optarg);
else
usage();
break;
case 'r':
- arg = OPTARG (argc, argv);
- if (arg) {
+ if (optarg) {
if (report_fp != NULL)
fclose (report_fp);
- report_file = copy_of (arg);
+ report_file = copy_of (optarg);
report_fp = fopen (report_file, "a");
if (report_fp != NULL) {
if (verbose)
@@ -327,15 +320,15 @@
break;
case 'T':
- if ((arg = OPTARG(argc, argv)) != NULL)
- phone_num = copy_of(arg);
+ if (optarg != NULL)
+ phone_num = copy_of(optarg);
else
usage();
break;
case 'U':
- if ((arg = OPTARG(argc, argv)) != NULL)
- phone_num2 = copy_of(arg);
+ if (optarg != NULL)
+ phone_num2 = copy_of(optarg);
else
usage();
break;
@@ -345,6 +338,8 @@
break;
}
}
+ argc -= optind;
+ argv += optind;
/*
* Default the report file to the stderr location
*/
@@ -367,17 +362,15 @@
init();
if (chat_file != NULL) {
- arg = ARG(argc, argv);
- if (arg != NULL)
+ if (argc)
usage();
else
do_file (chat_file);
} else {
- while ((arg = ARG(argc, argv)) != NULL) {
- chat_expect(arg);
-
- if ((arg = ARG(argc, argv)) != NULL)
- chat_send(arg);
+ for (i = 0; i < argc; i++) {
+ chat_expect(argv[i]);
+ if (++i < argc)
+ chat_send(argv[i]);
}
}
@@ -590,7 +583,7 @@
have_tty_parameters = 1;
t.c_iflag |= IGNBRK | ISTRIP | IGNPAR;
- t.c_oflag = 0;
+ t.c_oflag |= OPOST | ONLCR;
t.c_lflag = 0;
t.c_cc[VERASE] =
t.c_cc[VKILL] = 0;

16
net/ppp-mppe/patches/patch-ac Normal file
View file

@ -0,0 +1,16 @@
$NetBSD: patch-ac,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
Index: pppd/auth.c
diff -u pppd/auth.c:1.1.1.5 pppd/auth.c:1.25
--- pppd/auth.c:1.1.1.5 Tue Aug 24 13:25:45 1999
+++ pppd/auth.c Tue Aug 24 19:07:41 1999
@@ -450,7 +461,8 @@
phase = PHASE_NETWORK;
#if 0
if (!demand)
- set_filters(&pass_filter, &active_filter);
+ set_filters(&pass_filter_in, &pass_filter_out,
+ &active_filter_int, &active_filter_out);
#endif
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->protocol < 0xC000 && protp->enabled_flag

27
net/ppp-mppe/patches/patch-ad Normal file
View file

@ -0,0 +1,27 @@
$NetBSD: patch-ad,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
Index: pppd/demand.c
diff -u pppd/demand.c:1.1.1.5 pppd/demand.c:1.9
--- pppd/demand.c:1.1.1.5 Tue Aug 24 13:25:44 1999
+++ pppd/demand.c Tue Aug 24 19:07:42 1999
@@ -89,7 +100,8 @@
ppp_recv_config(0, PPP_MRU, (u_int32_t) 0, 0, 0);
#ifdef PPP_FILTER
- set_filters(&pass_filter, &active_filter);
+ set_filters(&pass_filter_in, &pass_filter_out,
+ &active_filter_in, &active_filter_out);
#endif
/*
@@ -330,8 +342,8 @@
return 0;
proto = PPP_PROTOCOL(p);
#ifdef PPP_FILTER
- if (active_filter.bf_len != 0
- && bpf_filter(active_filter.bf_insns, frame, len, len) == 0)
+ if (active_filter_out.bf_len != 0
+ && bpf_filter(active_filter_out.bf_insns, frame, len, len) == 0)
return 0;
#endif
for (i = 0; (protp = protocols[i]) != NULL; ++i) {

17
net/ppp-mppe/patches/patch-ae Normal file
View file

@ -0,0 +1,17 @@
$NetBSD: patch-ae,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/eui64.c.orig Sat Sep 18 00:27:38 1999
+++ pppd/eui64.c Sat Sep 18 00:27:59 1999
@@ -24,6 +24,7 @@
static const char rcsid[] = RCSID;
+#ifdef INET6
/*
* eui64_ntoa - Make an ascii representation of an interface identifier
*/
@@ -38,3 +39,4 @@
e.e8[4], e.e8[5], e.e8[6], e.e8[7]);
return buf;
}
+#endif

42
net/ppp-mppe/patches/patch-af Normal file
View file

@ -0,0 +1,42 @@
$NetBSD: patch-af,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/ipv6cp.c.orig Fri Aug 13 02:46:13 1999
+++ pppd/ipv6cp.c Sat Sep 18 00:53:19 1999
@@ -50,12 +50,15 @@
#include "pppd.h"
#include "fsm.h"
#include "ipcp.h"
+#ifdef INET6
#include "ipv6cp.h"
+#endif
#include "magic.h"
#include "pathnames.h"
static const char rcsid[] = RCSID;
+#ifdef INET6
/* global vars */
ipv6cp_options ipv6cp_wantoptions[NUM_PPP]; /* Options that we want to request */
ipv6cp_options ipv6cp_gotoptions[NUM_PPP]; /* Options that peer ack'd */
@@ -79,6 +82,7 @@
static void ipv6cp_up __P((fsm *)); /* We're UP */
static void ipv6cp_down __P((fsm *)); /* We're DOWN */
static void ipv6cp_finished __P((fsm *)); /* Don't need lower layer */
+static char *llv6_ntoa __P((eui64_t));
fsm ipv6cp_fsm[NUM_PPP]; /* IPV6CP fsm structure */
@@ -242,7 +246,7 @@
/*
* Make a string representation of a network address.
*/
-char *
+static char *
llv6_ntoa(ifaceid)
eui64_t ifaceid;
{
@@ -1360,3 +1364,4 @@
return 0;
return 1;
}
+#endif

148
net/ppp-mppe/patches/patch-ag Normal file
View file

@ -0,0 +1,148 @@
$NetBSD: patch-ag,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
Index: pppd/options.c
diff -u pppd/options.c:1.1.1.5 pppd/options.c:1.30
--- pppd/options.c:1.1.1.5 Tue Aug 24 13:25:41 1999
+++ pppd/options.c Tue Aug 24 19:07:44 1999
@@ -108,8 +119,14 @@
struct option_info ptycommand_info;
#ifdef PPP_FILTER
-struct bpf_program pass_filter;/* Filter program for packets to pass */
-struct bpf_program active_filter; /* Filter program for link-active pkts */
+/* Filter program for packets to pass */
+struct bpf_program pass_filter_in;
+struct bpf_program pass_filter_out;
+
+/* Filter program for link-active packets */
+struct bpf_program active_filter_in;
+struct bpf_program active_filter_out;
+
pcap_t pc; /* Fake struct pcap so we can compile expr */
#endif
@@ -136,11 +153,12 @@
static int setlogfile __P((char **));
#ifdef PPP_FILTER
-static int setpassfilter __P((char **));
-static int setactivefilter __P((char **));
+static int setpassfilter_in __P((char **));
+static int setpassfilter_out __P((char **));
+static int setactivefilter_in __P((char **));
+static int setactivefilter_out __P((char **));
#endif
-
static option_t *find_option __P((char *name));
static int process_option __P((option_t *, char **));
static int n_arguments __P((option_t *));
@@ -250,10 +268,14 @@
#ifdef PPP_FILTER
{ "pdebug", o_int, &dflag,
"libpcap debugging" },
- { "pass-filter", 1, setpassfilter,
- "set filter for packets to pass" },
- { "active-filter", 1, setactivefilter,
- "set filter for active pkts" },
+ { "pass-filter-in", 1, setpassfilter_in,
+ "set filter for packets to pass inwards" },
+ { "pass-filter-out", 1, setpassfilter_out,
+ "set filter for packets to pass outwards" },
+ { "active-filter-in", 1, setactivefilter_in,
+ "set filter for active pkts inwards" },
+ { "active-filter-out", 1, setactivefilter_out,
+ "set filter for active pkts outwards" },
#endif
{ NULL }
@@ -274,6 +296,7 @@
auth Require authentication from peer\n\
connect <p> Invoke shell command <p> to set up the serial line\n\
crtscts Use hardware RTS/CTS flow control\n\
+ cdtrcts Use hardware DTR/CTS flow control (if supported)\n\
defaultroute Add default route through interface\n\
file <f> Take options from file <f>\n\
modem Use modem control lines\n\
@@ -1185,44 +1208,68 @@
#ifdef PPP_FILTER
/*
- * setpdebug - Set libpcap debugging level.
+ * setpassfilter_in - Set the incoming pass filter
*/
static int
-setpdebug(argv)
+setpassfilter_in(argv)
char **argv;
{
- return int_option(*argv, &dflag);
+ pc.linktype = DLT_PPP_SERIAL;
+ pc.snapshot = PPP_HDRLEN;
+
+ if (pcap_compile(&pc, &pass_filter_in, *argv, 1, netmask) == 0)
+ return 1;
+ option_error("error in pass-filter-in expression: %s\n", pcap_geterr(&pc));
+ return 0;
}
/*
- * setpassfilter - Set the pass filter for packets
+ * setpassfilter_out - Set the outgoing pass filter
*/
static int
-setpassfilter(argv)
+setpassfilter_out(argv)
char **argv;
{
- pc.linktype = DLT_PPP;
+ pc.linktype = DLT_PPP_SERIAL;
pc.snapshot = PPP_HDRLEN;
- if (pcap_compile(&pc, &pass_filter, *argv, 1, netmask) == 0)
+ if (pcap_compile(&pc, &pass_filter_out, *argv, 1, netmask) == 0)
+ return 1;
+ option_error("error in pass-filter-out expression: %s\n", pcap_geterr(&pc));
+ return 0;
+}
+
+/*
+ * setactivefilter_in - Set the incoming active filter
+ */
+static int
+setactivefilter_in(argv)
+ char **argv;
+{
+ pc.linktype = DLT_PPP_SERIAL;
+ pc.snapshot = PPP_HDRLEN;
+
+ if (pcap_compile(&pc, &active_filter_in, *argv, 1, netmask) == 0)
return 1;
- option_error("error in pass-filter expression: %s\n", pcap_geterr(&pc));
+ option_error("error in active-filter-in expression: %s\n",
+ pcap_geterr(&pc));
return 0;
}
/*
- * setactivefilter - Set the active filter for packets
+ * setactivefilter_out - Set the outgoing active filter
*/
static int
-setactivefilter(argv)
+setactivefilter_out(argv)
char **argv;
{
- pc.linktype = DLT_PPP;
+ pc.linktype = DLT_PPP_SERIAL;
pc.snapshot = PPP_HDRLEN;
- if (pcap_compile(&pc, &active_filter, *argv, 1, netmask) == 0)
+ if (pcap_compile(&pc, &active_filter_out, *argv, 1, netmask) == 0)
return 1;
- option_error("error in active-filter expression: %s\n", pcap_geterr(&pc));
+ option_error("error in active-filter-out expression: %s\n",
+ pcap_geterr(&pc));
return 0;
}
#endif

78
net/ppp-mppe/patches/patch-ah Normal file
View file

@ -0,0 +1,78 @@
$NetBSD: patch-ah,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
Index: pppd/pppd.8
diff -u pppd/pppd.8:1.1.1.5 pppd/pppd.8:1.25
--- pppd/pppd.8:1.1.1.5 Tue Aug 24 13:25:40 1999
+++ pppd/pppd.8 Tue Aug 24 19:07:45 1999
@@ -45,6 +46,24 @@
4.4BSD and NetBSD, any speed can be specified. Other systems
(e.g. SunOS) allow only a limited set of speeds.
.TP
+.B active-filter-in \fIfilter-expression
+.TP
+.B active-filter-out \fIfilter-expression
+Specifies an incoming and outgoing packet filter to be applied to data
+packets to determine which packets are to be regarded as link activity,
+and therefore reset the idle timer, or cause the link to be brought up
+in demand-dialling mode. This option is useful in conjunction with the
+\fBidle\fR option if there are packets being sent or received
+regularly over the link (for example, routing information packets)
+which would otherwise prevent the link from ever appearing to be idle.
+The \fIfilter-expression\fR syntax is as described for tcpdump(8),
+except that qualifiers which are inappropriate for a PPP link, such as
+\fBether\fR and \fBarp\fR, are not permitted. Generally the filter
+expression should be enclosed in single-quotes to prevent whitespace
+in the expression from being interpreted by the shell. This option
+is currently only available under NetBSD, and then only
+if both the kernel and pppd were compiled with PPP_FILTER defined.
+.TP
.B asyncmap \fI<map>
Set the async character map to <map>. This map describes which
control characters cannot be successfully received over the serial
@@ -296,8 +315,8 @@
seconds. The link is idle when no data packets (i.e. IP packets) are
being sent or received. Note: it is not advisable to use this option
with the \fIpersist\fR option without the \fIdemand\fR option.
-If the \fBactive-filter\fR
-option is given, data packets which are rejected by the specified
+If the \fBactive-filter-in\fR and/or \fBactive-filter-out\fR
+options are given, data packets which are rejected by the specified
activity filter also count as the link being idle.
.TP
.B ipcp-accept-local
@@ -664,23 +683,23 @@
.B pap-timeout \fIn
Set the maximum time that pppd will wait for the peer to authenticate
itself with PAP to \fIn\fR seconds (0 means no limit).
+.TP
+.B pass-filter-in \fIfilter-expression
.TP
-.B pass-filter \fIfilter-expression
-Specifies a packet filter to applied to data packets being sent or
-received to determine which packets should be allowed to pass.
-Packets which are rejected by the filter are silently discarded. This
-option can be used to prevent specific network daemons (such as
-routed) using up link bandwidth, or to provide a basic firewall
+.B pass-filter-out \fIfilter-expression
+Specifies an incoming and outgoing packet filter to applied to data
+packets being sent or received to determine which packets should be
+allowed to pass. Packets which are rejected by the filter are silently
+discarded. This option can be used to prevent specific network daemons
+(such as routed) using up link bandwidth, or to provide a basic firewall
capability.
-The \fIfilter-expression\fR syntax is as described for tcpdump(1),
+The \fIfilter-expression\fR syntax is as described for tcpdump(8),
except that qualifiers which are inappropriate for a PPP link, such as
\fBether\fR and \fBarp\fR, are not permitted. Generally the filter
expression should be enclosed in single-quotes to prevent whitespace
-in the expression from being interpreted by the shell. Note that it
-is possible to apply different constraints to incoming and outgoing
-packets using the \fBinbound\fR and \fBoutbound\fR qualifiers. This
-option is currently only available under NetBSD, and then only if both
-the kernel and pppd were compiled with PPP_FILTER defined.
+in the expression from being interpreted by the shell. This option is
+currently only available under NetBSD, and then only if both the kernel
+and pppd were compiled with PPP_FILTER defined.
.TP
.B persist
Do not exit after a connection is terminated; instead try to reopen

32
net/ppp-mppe/patches/patch-ai Normal file
View file

@ -0,0 +1,32 @@
$NetBSD: patch-ai,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
Index: pppd/pppd.h
diff -u pppd/pppd.h:1.1.1.5 pppd/pppd.h:1.19
--- pppd/pppd.h:1.1.1.5 Tue Aug 24 13:25:39 1999
+++ pppd/pppd.h Tue Aug 24 19:07:45 1999
@@ -207,8 +209,13 @@
extern char linkname[MAXPATHLEN]; /* logical name for link */
#ifdef PPP_FILTER
-extern struct bpf_program pass_filter; /* Filter for pkts to pass */
-extern struct bpf_program active_filter; /* Filter for link-active pkts */
+/* Filter for packets to pass */
+extern struct bpf_program pass_filter_in;
+extern struct bpf_program pass_filter_out;
+
+/* Filter for link-active packets */
+extern struct bpf_program active_filter_in;
+extern struct bpf_program active_filter_out;
#endif
#ifdef MSLANMAN
@@ -422,7 +429,8 @@
int get_host_seed __P((void)); /* Get host-dependent random number seed */
int have_route_to __P((u_int32_t)); /* Check if route to addr exists */
#ifdef PPP_FILTER
-int set_filters __P((struct bpf_program *pass, struct bpf_program *active));
+int set_filters __P((struct bpf_program *pass_in, struct bpf_program *pass_out,
+ struct bpf_program *active_in, struct bpf_program *active_out));
/* Set filter programs in kernel */
#endif
#ifdef IPX_CHANGE

293
net/ppp-mppe/patches/patch-aj Normal file
View file

@ -0,0 +1,293 @@
$NetBSD: patch-aj,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/sys-bsd.c.orig Fri Aug 13 02:46:18 1999
+++ pppd/sys-bsd.c Sat Sep 18 02:28:45 1999
@@ -25,4 +25,3 @@
-#endif
/*
* TODO:
@@ -42,7 +41,7 @@
#include <sys/time.h>
#include <sys/stat.h>
#include <sys/param.h>
-#ifdef NetBSD1_2
+#if defined(NetBSD1_2) || defined(__NetBSD_Version__)
#include <util.h>
#endif
#ifdef PPP_FILTER
@@ -55,6 +54,10 @@
#include <net/route.h>
#include <net/if_dl.h>
#include <netinet/in.h>
+#ifdef __KAME__
+#include <netinet6/in6_var.h>
+#include <netinet6/nd6.h>
+#endif
#if RTM_VERSION >= 3
#include <sys/param.h>
@@ -91,6 +94,9 @@
static unsigned char inbuf[512]; /* buffer for chars read from loopback */
static int sockfd; /* socket for doing interface ioctls */
+#ifdef INET6
+static int sock6_fd = -1; /* socket for doing ipv6 interface ioctls */
+#endif /* INET6 */
static fd_set in_fds; /* set of fds that wait_input waits for */
static int max_in_fd; /* highest fd set in in_fds */
@@ -115,6 +121,11 @@
if ((sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
fatal("Couldn't create IP socket: %m");
+#ifdef INET6
+ if ((sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0)
+ fatal("Couldn't create IPv6 socket: %m");
+#endif
+
FD_ZERO(&in_fds);
max_in_fd = 0;
}
@@ -191,10 +202,16 @@
ok = ioctl(s, SIOCGIFFLAGS, (caddr_t) &ifr) >= 0;
close(s);
+#ifdef __NetBSD__
+ no_ppp_msg = "\
+This system lacks kernel support for PPP. To include PPP support\n\
+in the kernel, please read the ppp(4) manual page.\n";
+#else
no_ppp_msg = "\
This system lacks kernel support for PPP. To include PPP support\n\
in the kernel, please follow the steps detailed in the README.bsd\n\
file in the ppp-2.2 distribution.\n";
+#endif
return ok;
}
@@ -459,6 +476,176 @@
ioctl(fd, (on? TIOCMBIS: TIOCMBIC), &modembits);
}
+#ifdef INET6
+/*
+ * sif6addr - Config the interface with an IPv6 link-local address
+ */
+int
+sif6addr(unit, our_eui64, his_eui64)
+ int unit;
+ eui64_t our_eui64, his_eui64;
+{
+#ifdef __KAME__
+ int ifindex;
+ struct in6_aliasreq addreq6;
+
+ /* actually, this part is not kame local - RFC2553 conformant */
+ ifindex = if_nametoindex(ifname);
+ if (ifindex == 0) {
+ error("sifaddr6: no interface %s", ifname);
+ return 0;
+ }
+
+ memset(&addreq6, 0, sizeof(addreq6));
+ strlcpy(addreq6.ifra_name, ifname, sizeof(addreq6.ifra_name));
+
+ /* my addr */
+ addreq6.ifra_addr.sin6_family = AF_INET6;
+ addreq6.ifra_addr.sin6_len = sizeof(struct sockaddr_in6);
+ addreq6.ifra_addr.sin6_addr.s6_addr[0] = 0xfe;
+ addreq6.ifra_addr.sin6_addr.s6_addr[1] = 0x80;
+ memcpy(&addreq6.ifra_addr.sin6_addr.s6_addr[8], &our_eui64,
+ sizeof(our_eui64));
+ /* KAME ifindex hack */
+ *(u_int16_t *)&addreq6.ifra_addr.sin6_addr.s6_addr[2] = htons(ifindex);
+
+ /* his addr */
+ addreq6.ifra_dstaddr.sin6_family = AF_INET6;
+ addreq6.ifra_dstaddr.sin6_len = sizeof(struct sockaddr_in6);
+ addreq6.ifra_dstaddr.sin6_addr.s6_addr[0] = 0xfe;
+ addreq6.ifra_dstaddr.sin6_addr.s6_addr[1] = 0x80;
+ memcpy(&addreq6.ifra_dstaddr.sin6_addr.s6_addr[8], &his_eui64,
+ sizeof(our_eui64));
+ /* KAME ifindex hack */
+ *(u_int16_t *)&addreq6.ifra_dstaddr.sin6_addr.s6_addr[2] = htons(ifindex);
+
+ /* prefix mask: 128bit (correct?) */
+ addreq6.ifra_prefixmask.sin6_family = AF_INET6;
+ addreq6.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
+ memset(&addreq6.ifra_prefixmask.sin6_addr, 0xff,
+ sizeof(addreq6.ifra_prefixmask.sin6_addr));
+
+ /* address lifetime (infty) */
+ addreq6.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
+ addreq6.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME;
+
+ if (ioctl(sock6_fd, SIOCAIFADDR_IN6, &addreq6) < 0) {
+ error("sif6addr: ioctl(SIOCAIFADDR_IN6): %m");
+ return 0;
+ }
+
+ return 1;
+#else
+ struct in6_ifreq ifr6;
+ struct ifreq ifr;
+ struct in6_rtmsg rt6;
+
+ memset(&ifr, 0, sizeof (ifr));
+ strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+ if (ioctl(sock6_fd, SIOCGIFINDEX, (caddr_t) &ifr) < 0) {
+ error("sif6addr: ioctl(SIOCGIFINDEX): %m");
+ return 0;
+ }
+
+ /* Local interface */
+ memset(&ifr6, 0, sizeof(ifr6));
+ IN6_LLADDR_FROM_EUI64(ifr6.ifr6_addr, our_eui64);
+ ifr6.ifr6_ifindex = ifindex;
+ ifr6.ifr6_prefixlen = 10;
+
+ if (ioctl(sock6_fd, SIOCSIFADDR, &ifr6) < 0) {
+ error("sif6addr: ioctl(SIOCSIFADDR): %m");
+ return 0;
+ }
+
+ /* Route to remote host */
+ memset(&rt6, 0, sizeof(rt6));
+ IN6_LLADDR_FROM_EUI64(rt6.rtmsg_dst, his_eui64);
+ rt6.rtmsg_flags = RTF_UP | RTF_HOST;
+ rt6.rtmsg_dst_len = 128;
+ rt6.rtmsg_ifindex = ifr.ifr_ifindex;
+ rt6.rtmsg_metric = 1;
+
+ if (ioctl(sock6_fd, SIOCADDRT, &rt6) < 0) {
+ error("sif6addr: ioctl(SIOCADDRT): %m");
+ return 0;
+ }
+
+ return 1;
+#endif
+}
+
+
+/*
+ * cif6addr - Remove IPv6 address from interface
+ */
+int
+cif6addr(unit, our_eui64, his_eui64)
+ int unit;
+ eui64_t our_eui64, his_eui64;
+{
+#ifdef __KAME__
+ int ifindex;
+ struct in6_ifreq delreq6;
+
+ /* actually, this part is not kame local - RFC2553 conformant */
+ ifindex = if_nametoindex(ifname);
+ if (ifindex == 0) {
+ error("cifaddr6: no interface %s", ifname);
+ return 0;
+ }
+
+ memset(&delreq6, 0, sizeof(delreq6));
+ strlcpy(delreq6.ifr_name, ifname, sizeof(delreq6.ifr_name));
+
+ /* my addr */
+ delreq6.ifr_ifru.ifru_addr.sin6_family = AF_INET6;
+ delreq6.ifr_ifru.ifru_addr.sin6_len = sizeof(struct sockaddr_in6);
+ delreq6.ifr_ifru.ifru_addr.sin6_addr.s6_addr[0] = 0xfe;
+ delreq6.ifr_ifru.ifru_addr.sin6_addr.s6_addr[1] = 0x80;
+ memcpy(&delreq6.ifr_ifru.ifru_addr.sin6_addr.s6_addr[8], &our_eui64,
+ sizeof(our_eui64));
+ /* KAME ifindex hack */
+ *(u_int16_t *)&delreq6.ifr_ifru.ifru_addr.sin6_addr.s6_addr[2] =
+ htons(ifindex);
+
+ if (ioctl(sock6_fd, SIOCDIFADDR_IN6, &delreq6) < 0) {
+ error("cif6addr: ioctl(SIOCDIFADDR_IN6): %m");
+ return 0;
+ }
+
+ return 1;
+#else
+ struct ifreq ifr;
+ struct in6_ifreq ifr6;
+
+ memset(&ifr, 0, sizeof(ifr));
+ strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+ if (ioctl(sock6_fd, SIOCGIFINDEX, (caddr_t) &ifr) < 0) {
+ error("cif6addr: ioctl(SIOCGIFINDEX): %m");
+ return 0;
+ }
+
+ memset(&ifr6, 0, sizeof(ifr6));
+ IN6_LLADDR_FROM_EUI64(ifr6.ifr6_addr, our_eui64);
+ ifr6.ifr6_ifindex = ifr.ifr_ifindex;
+ ifr6.ifr6_prefixlen = 10;
+
+ if (ioctl(sock6_fd, SIOCDIFADDR, &ifr6) < 0) {
+ if (errno != EADDRNOTAVAIL) {
+ if (! ok_error (errno))
+ error("cif6addr: ioctl(SIOCDIFADDR): %m");
+ }
+ else {
+ warn("cif6addr: ioctl(SIOCDIFADDR): No such address");
+ }
+ return (0);
+ }
+ return 1;
+#endif
+}
+#endif /* INET6 */
+
/*
* get_pty - get a pty master/slave pair and chown the slave side
* to the uid given. Assumes slave_name points to >= 12 bytes of space.
@@ -851,23 +1038,39 @@
* set_filters - transfer the pass and active filters to the kernel.
*/
int
-set_filters(pass, active)
- struct bpf_program *pass, *active;
+set_filters(pass_in, pass_out, active_in, active_out)
+ struct bpf_program *pass_in, *pass_out, *active_in, *active_out;
{
int ret = 1;
- if (pass->bf_len > 0) {
- if (ioctl(ppp_fd, PPPIOCSPASS, pass) < 0) {
- error("Couldn't set pass-filter in kernel: %m");
+ if (pass_in->bf_len > 0) {
+ if (ioctl(ppp_fd, PPPIOCSIPASS, pass_in) < 0) {
+ error("Couldn't set pass-filter-in in kernel: %m");
+ ret = 0;
+ }
+ }
+
+ if (pass_out->bf_len > 0) {
+ if (ioctl(ppp_fd, PPPIOCSOPASS, pass_out) < 0) {
+ error("Couldn't set pass-filter-out in kernel: %m");
ret = 0;
}
}
- if (active->bf_len > 0) {
- if (ioctl(ppp_fd, PPPIOCSACTIVE, active) < 0) {
- error("Couldn't set active-filter in kernel: %m");
+
+ if (active_in->bf_len > 0) {
+ if (ioctl(ppp_fd, PPPIOCSIACTIVE, active_in) < 0) {
+ error("Couldn't set active-filter-in in kernel: %m");
ret = 0;
}
}
+
+ if (active_out->bf_len > 0) {
+ if (ioctl(ppp_fd, PPPIOCSOACTIVE, active_out) < 0) {
+ error("Couldn't set active-filter-out in kernel: %m");
+ ret = 0;
+ }
+ }
+
return ret;
}
#endif

15
net/ppp-mppe/patches/patch-ak Normal file
View file

@ -0,0 +1,15 @@
$NetBSD: patch-ak,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
Index: pppstats/pppstats.8
diff -u pppstats/pppstats.8:1.1.1.5 pppstats/pppstats.8:1.12
--- pppstats/pppstats.8:1.1.1.5 Tue Aug 24 19:57:32 1999
+++ pppstats/pppstats.8 Tue Aug 24 20:00:12 1999
@@ -172,7 +173,7 @@
When the
.B -z
option is specified,
-.Nm pppstats
+.B pppstats
instead displays the following fields, relating to the packet
compression algorithm currently in use. If packet compression is not
in use, these fields will all display zeroes. The fields displayed on

17
net/ppp-mppe/patches/patch-al Normal file
View file

@ -0,0 +1,17 @@
$NetBSD: patch-al,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- configure.orig Wed May 12 20:31:38 1999
+++ configure Sat Sep 18 01:30:26 1999
@@ -17,8 +17,10 @@
1.0*) state="ancient";;
1.1*) state="known"; ksrc="netbsd-1.1";;
1.2*) state="known"; ksrc="netbsd-1.2"; makext="netbsd-1.2";;
- 1.[3-9]*|[2-9]*)
- state="late"; ksrc="netbsd-1.2";;
+ 1.3*) state="late"; ksrc="netbsd-1.2";;
+ 1.4*) state="known"; ksrc="netbsd-1.4"; makext="netbsd-1.4";;
+ 1.[5-9]*|[2-9]*)
+ state="late"; ksrc="netbsd-1.4"; makext="netbsd-1.4";;
esac;;
SunOS)
case $release in

62
net/ppp-mppe/patches/patch-am Normal file
View file

@ -0,0 +1,62 @@
$NetBSD: patch-am,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
Index: Makefile
diff -u /dev/null Makefile:1.17
--- /dev/null Fri Sep 17 20:40:08 1999
+++ netbsd-1.4/Makefile.top Fri Sep 26 12:52:08 1997
@@ -0,0 +1,5 @@
+# NetBSD: Makefile,v 1.17 1997/09/26 19:52:08 christos Exp
+
+SUBDIR= chat pppd pppstats
+
+.include <bsd.subdir.mk>
Index: chat/Makefile
diff -u /dev/null chat/Makefile:1.8
--- /dev/null Fri Sep 17 20:40:09 1999
+++ chat/Makefile.netbsd-1.4 Fri Oct 17 05:07:34 1997
@@ -0,0 +1,6 @@
+# NetBSD: Makefile,v 1.8 1997/10/17 12:07:34 lukem Exp
+
+PROG= chat
+MAN= chat.8
+
+.include <bsd.prog.mk>
Index: pppd/Makefile
diff -u /dev/null pppd/Makefile:1.26
--- /dev/null Fri Sep 17 20:40:09 1999
+++ pppd/Makefile.netbsd-1.4 Tue Aug 24 19:07:41 1999
@@ -0,0 +1,23 @@
+# NetBSD: Makefile,v 1.26 1999/08/25 02:07:41 christos Exp
+
+PCAPDIR=${.CURDIR}/../../../lib/libpcap
+
+PROG= pppd
+SRCS= auth.c cbcp.c ccp.c chap.c chap_ms.c demand.c eui64.c fsm.c \
+ ipcp.c ipv6cp.c ipxcp.c lcp.c magic.c main.c options.c sys-bsd.c \
+ upap.c utils.c
+
+.PATH: ${PCAPDIR}
+MAN= pppd.8
+BINMODE=4555
+BINOWN= root
+
+LDADD= -lpcap -lcrypt -lutil
+DPADD= ${LIBPCAP} ${LIBCRYPT} ${LIBUTIL}
+CPPFLAGS+= -I. -DHAVE_PATHS_H
+CPPFLAGS+= -I${PCAPDIR} -DPPP_FILTER
+CPPFLAGS+= -DCBCP_SUPPORT -DCHAPMS -DUSE_CRYPT -DMSLANMAN
+# XXX: Does not work (yet)
+#CPPFLAGS+= -DINET6
+
+.include <bsd.prog.mk>
Index: pppstats/Makefile
diff -u /dev/null pppstats/Makefile:1.14
--- /dev/null Fri Sep 17 20:40:12 1999
+++ pppstats/Makefile.netbsd-1.4 Fri Oct 17 05:07:47 1997
@@ -0,0 +1,6 @@
+# NetBSD: Makefile,v 1.14 1997/10/17 12:07:47 lukem Exp
+
+PROG= pppstats
+MAN= pppstats.8
+
+.include <bsd.prog.mk>

27
net/ppp-mppe/patches/patch-an Normal file
View file

@ -0,0 +1,27 @@
$NetBSD: patch-an,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- include/net/if_ppp.h.orig Sat Sep 18 03:06:38 1999
+++ include/net/if_ppp.h Sat Sep 18 03:09:15 1999
@@ -107,8 +109,22 @@
#define PPPIOCSNPMODE _IOW('t', 75, struct npioctl) /* set NP mode */
#define PPPIOCGIDLE _IOR('t', 74, struct ppp_idle) /* get idle time */
#ifdef PPP_FILTER
+/*
+ * XXX These are deprecated; they can no longer be used, because they
+ * XXX don't play well with multiple encaps. The defs are here so that
+ * XXX we can return decent errors to old pppds, and so that new pppds
+ * XXX will work with old kernels.
+ */
#define PPPIOCSPASS _IOW('t', 71, struct bpf_program) /* set pass filter */
#define PPPIOCSACTIVE _IOW('t', 70, struct bpf_program) /* set active filt */
+
+/*
+ * Use these instead.
+ */
+#define PPPIOCSIPASS _IOW('t', 69, struct bpf_program) /* set in pass flt */
+#define PPPIOCSOPASS _IOW('t', 68, struct bpf_program) /* set out pass flt */
+#define PPPIOCSIACTIVE _IOW('t', 67, struct bpf_program) /* set in act flt */
+#define PPPIOCSOACTIVE _IOW('t', 66, struct bpf_program) /* set out act flt */
#endif /* PPP_FILTER */
/* PPPIOC[GS]MTU are alternatives to SIOC[GS]IFMTU, used under Ultrix */

22
net/ppp-mppe/patches/patch-ao Normal file
View file

@ -0,0 +1,22 @@
$NetBSD: patch-ao,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- include/net/slcompress.h.orig Sat Sep 18 03:06:38 1999
+++ include/net/slcompress.h Sat Sep 18 03:09:30 1999
@@ -101,7 +122,7 @@
*/
struct cstate {
struct cstate *cs_next; /* next most recently used cstate (xmit only) */
- u_short cs_hlen; /* size of hdr (receive only) */
+ u_int16_t cs_hlen; /* size of hdr (receive only) */
u_char cs_id; /* connection # associated with this state */
u_char cs_filler;
union {
@@ -120,7 +141,7 @@
struct cstate *last_cs; /* most recently used tstate */
u_char last_recv; /* last rcvd conn. id */
u_char last_xmit; /* last sent conn. id */
- u_short flags;
+ u_int16_t flags;
#ifndef SL_NO_STATS
int sls_packets; /* outbound packets */
int sls_compressed; /* outbound compressed packets */

1621
net/ppp-mppe/patches/patch-ap Normal file
View file

File diff suppressed because it is too large Load diff

131
net/ppp-mppe/patches/patch-aq Normal file
View file

@ -0,0 +1,131 @@
$NetBSD: patch-aq,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /dev/null Sat Sep 18 04:00:15 1999
+++ netbsd-1.4/if_pppvar.h Sat Sep 18 04:06:25 1999
@@ -0,0 +1,126 @@
+/* NetBSD: if_pppvar.h,v 1.10 1999/07/30 10:35:38 itojun Exp */
+/* Id: if_pppvar.h,v 1.3 1996/07/01 01:04:37 paulus Exp */
+
+/*
+ * if_pppvar.h - private structures and declarations for PPP.
+ *
+ * Copyright (c) 1994 The Australian National University.
+ * All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation is hereby granted, provided that the above copyright
+ * notice appears in all copies. This software is provided without any
+ * warranty, express or implied. The Australian National University
+ * makes no representations about the suitability of this software for
+ * any purpose.
+ *
+ * IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY
+ * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
+ * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF
+ * THE AUSTRALIAN NATIONAL UNIVERSITY HAVE BEEN ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
+ * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO
+ * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS,
+ * OR MODIFICATIONS.
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University. The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef _NET_IF_PPPVAR_H_
+#define _NET_IF_PPPVAR_H_
+
+/*
+ * Supported network protocols. These values are used for
+ * indexing sc_npmode.
+ */
+#define NP_IP 0 /* Internet Protocol */
+#define NP_IPV6 1 /* Internet Protocol version 6 */
+#define NUM_NP 2 /* Number of NPs. */
+
+/*
+ * Structure describing each ppp unit.
+ */
+struct ppp_softc {
+ struct ifnet sc_if; /* network-visible interface */
+ int sc_unit; /* XXX unit number */
+ u_int sc_flags; /* control/status bits; see if_ppp.h */
+ void *sc_devp; /* pointer to device-dep structure */
+ void (*sc_start) __P((struct ppp_softc *)); /* start output proc */
+ void (*sc_ctlp) __P((struct ppp_softc *)); /* rcvd control pkt */
+ void (*sc_relinq) __P((struct ppp_softc *)); /* relinquish ifunit */
+ u_int16_t sc_mru; /* max receive unit */
+ pid_t sc_xfer; /* used in transferring unit */
+ struct ifqueue sc_rawq; /* received packets */
+ struct ifqueue sc_inq; /* queue of input packets for daemon */
+ struct ifqueue sc_fastq; /* interactive output packet q */
+ struct mbuf *sc_togo; /* output packet ready to go */
+ struct mbuf *sc_npqueue; /* output packets not to be sent yet */
+ struct mbuf **sc_npqtail; /* ptr to last next ptr in npqueue */
+ struct pppstat sc_stats; /* count of bytes/pkts sent/rcvd */
+ caddr_t sc_bpf; /* hook for BPF */
+ enum NPmode sc_npmode[NUM_NP]; /* what to do with each NP */
+ struct compressor *sc_xcomp; /* transmit compressor */
+ void *sc_xc_state; /* transmit compressor state */
+ struct compressor *sc_rcomp; /* receive decompressor */
+ void *sc_rc_state; /* receive decompressor state */
+ time_t sc_last_sent; /* time (secs) last NP pkt sent */
+ time_t sc_last_recv; /* time (secs) last NP pkt rcvd */
+#ifdef PPP_FILTER
+ /* Filter for packets to pass. */
+ struct bpf_program sc_pass_filt_in;
+ struct bpf_program sc_pass_filt_out;
+
+ /* Filter for "non-idle" packets. */
+ struct bpf_program sc_active_filt_in;
+ struct bpf_program sc_active_filt_out;
+#endif /* PPP_FILTER */
+#ifdef VJC
+ struct slcompress *sc_comp; /* vjc control buffer */
+#endif
+
+ /* Device-dependent part for async lines. */
+ ext_accm sc_asyncmap; /* async control character map */
+ u_int32_t sc_rasyncmap; /* receive async control char map */
+ struct mbuf *sc_outm; /* mbuf chain currently being output */
+ struct mbuf *sc_m; /* pointer to input mbuf chain */
+ struct mbuf *sc_mc; /* pointer to current input mbuf */
+ char *sc_mp; /* ptr to next char in input mbuf */
+ u_int16_t sc_ilen; /* length of input packet so far */
+ u_int16_t sc_fcs; /* FCS so far (input) */
+ u_int16_t sc_outfcs; /* FCS so far for output packet */
+ u_char sc_rawin[16]; /* chars as received */
+ int sc_rawin_count; /* # in sc_rawin */
+};
+
+#ifdef _KERNEL
+struct ppp_softc ppp_softc[NPPP];
+
+struct ppp_softc *pppalloc __P((pid_t pid));
+void pppdealloc __P((struct ppp_softc *sc));
+int pppioctl __P((struct ppp_softc *sc, u_long cmd, caddr_t data,
+ int flag, struct proc *p));
+void ppp_restart __P((struct ppp_softc *sc));
+void ppppktin __P((struct ppp_softc *sc, struct mbuf *m, int lost));
+struct mbuf *ppp_dequeue __P((struct ppp_softc *sc));
+int pppoutput __P((struct ifnet *, struct mbuf *,
+ struct sockaddr *, struct rtentry *));
+#endif /* _KERNEL */
+
+#endif /* _NET_IF_PPPVAR_H_ */

685
net/ppp-mppe/patches/patch-ar Normal file
View file

@ -0,0 +1,685 @@
$NetBSD: patch-ar,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /dev/null Sat Sep 18 04:00:15 1999
+++ netbsd-1.4/ppp-deflate.c Sat Sep 18 04:06:29 1999
@@ -0,0 +1,680 @@
+/* NetBSD: ppp-deflate.c,v 1.6 1998/05/02 14:34:25 christos Exp */
+/* Id: ppp-deflate.c,v 1.5 1997/03/04 03:33:28 paulus Exp */
+
+/*
+ * ppp_deflate.c - interface the zlib procedures for Deflate compression
+ * and decompression (as used by gzip) to the PPP code.
+ * This version is for use with mbufs on BSD-derived systems.
+ *
+ * Copyright (c) 1994 The Australian National University.
+ * All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation is hereby granted, provided that the above copyright
+ * notice appears in all copies. This software is provided without any
+ * warranty, express or implied. The Australian National University
+ * makes no representations about the suitability of this software for
+ * any purpose.
+ *
+ * IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY
+ * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
+ * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF
+ * THE AUSTRALIAN NATIONAL UNIVERSITY HAS BEEN ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
+ * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO
+ * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS,
+ * OR MODIFICATIONS.
+ */
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/systm.h>
+#include <sys/mbuf.h>
+#include <net/ppp_defs.h>
+#include <net/zlib.h>
+
+#define PACKETPTR struct mbuf *
+#include <net/ppp-comp.h>
+
+#if DO_DEFLATE
+
+#define DEFLATE_DEBUG 1
+
+/*
+ * State for a Deflate (de)compressor.
+ */
+struct deflate_state {
+ int seqno;
+ int w_size;
+ int unit;
+ int hdrlen;
+ int mru;
+ int debug;
+ z_stream strm;
+ struct compstat stats;
+};
+
+#define DEFLATE_OVHD 2 /* Deflate overhead/packet */
+
+static void *zalloc __P((void *, u_int items, u_int size));
+static void zfree __P((void *, void *ptr));
+static void *z_comp_alloc __P((u_char *options, int opt_len));
+static void *z_decomp_alloc __P((u_char *options, int opt_len));
+static void z_comp_free __P((void *state));
+static void z_decomp_free __P((void *state));
+static int z_comp_init __P((void *state, u_char *options, int opt_len,
+ int unit, int hdrlen, int debug));
+static int z_decomp_init __P((void *state, u_char *options, int opt_len,
+ int unit, int hdrlen, int mru, int debug));
+static int z_compress __P((void *state, struct mbuf **mret,
+ struct mbuf *mp, int slen, int maxolen));
+static void z_incomp __P((void *state, struct mbuf *dmsg));
+static int z_decompress __P((void *state, struct mbuf *cmp,
+ struct mbuf **dmpp));
+static void z_comp_reset __P((void *state));
+static void z_decomp_reset __P((void *state));
+static void z_comp_stats __P((void *state, struct compstat *stats));
+
+/*
+ * Procedures exported to if_ppp.c.
+ */
+struct compressor ppp_deflate = {
+ CI_DEFLATE, /* compress_proto */
+ z_comp_alloc, /* comp_alloc */
+ z_comp_free, /* comp_free */
+ z_comp_init, /* comp_init */
+ z_comp_reset, /* comp_reset */
+ z_compress, /* compress */
+ z_comp_stats, /* comp_stat */
+ z_decomp_alloc, /* decomp_alloc */
+ z_decomp_free, /* decomp_free */
+ z_decomp_init, /* decomp_init */
+ z_decomp_reset, /* decomp_reset */
+ z_decompress, /* decompress */
+ z_incomp, /* incomp */
+ z_comp_stats, /* decomp_stat */
+};
+
+struct compressor ppp_deflate_draft = {
+ CI_DEFLATE_DRAFT, /* compress_proto */
+ z_comp_alloc, /* comp_alloc */
+ z_comp_free, /* comp_free */
+ z_comp_init, /* comp_init */
+ z_comp_reset, /* comp_reset */
+ z_compress, /* compress */
+ z_comp_stats, /* comp_stat */
+ z_decomp_alloc, /* decomp_alloc */
+ z_decomp_free, /* decomp_free */
+ z_decomp_init, /* decomp_init */
+ z_decomp_reset, /* decomp_reset */
+ z_decompress, /* decompress */
+ z_incomp, /* incomp */
+ z_comp_stats, /* decomp_stat */
+};
+/*
+ * Space allocation and freeing routines for use by zlib routines.
+ */
+void *
+zalloc(notused, items, size)
+ void *notused;
+ u_int items, size;
+{
+ void *ptr;
+
+ MALLOC(ptr, void *, items * size, M_DEVBUF, M_NOWAIT);
+ return ptr;
+}
+
+void
+zfree(notused, ptr)
+ void *notused;
+ void *ptr;
+{
+ FREE(ptr, M_DEVBUF);
+}
+
+/*
+ * Allocate space for a compressor.
+ */
+static void *
+z_comp_alloc(options, opt_len)
+ u_char *options;
+ int opt_len;
+{
+ struct deflate_state *state;
+ int w_size;
+
+ if (opt_len != CILEN_DEFLATE
+ || (options[0] != CI_DEFLATE && options[0] != CI_DEFLATE_DRAFT)
+ || options[1] != CILEN_DEFLATE
+ || DEFLATE_METHOD(options[2]) != DEFLATE_METHOD_VAL
+ || options[3] != DEFLATE_CHK_SEQUENCE)
+ return NULL;
+ w_size = DEFLATE_SIZE(options[2]);
+ if (w_size < DEFLATE_MIN_SIZE || w_size > DEFLATE_MAX_SIZE)
+ return NULL;
+
+ MALLOC(state, struct deflate_state *, sizeof(struct deflate_state),
+ M_DEVBUF, M_NOWAIT);
+ if (state == NULL)
+ return NULL;
+
+ state->strm.next_in = NULL;
+ state->strm.zalloc = zalloc;
+ state->strm.zfree = zfree;
+ if (deflateInit2(&state->strm, Z_DEFAULT_COMPRESSION, DEFLATE_METHOD_VAL,
+ -w_size, 8, Z_DEFAULT_STRATEGY) != Z_OK) {
+ FREE(state, M_DEVBUF);
+ return NULL;
+ }
+
+ state->w_size = w_size;
+ bzero(&state->stats, sizeof(state->stats));
+ return (void *) state;
+}
+
+static void
+z_comp_free(arg)
+ void *arg;
+{
+ struct deflate_state *state = (struct deflate_state *) arg;
+
+ deflateEnd(&state->strm);
+ FREE(state, M_DEVBUF);
+}
+
+static int
+z_comp_init(arg, options, opt_len, unit, hdrlen, debug)
+ void *arg;
+ u_char *options;
+ int opt_len, unit, hdrlen, debug;
+{
+ struct deflate_state *state = (struct deflate_state *) arg;
+
+ if (opt_len < CILEN_DEFLATE
+ || (options[0] != CI_DEFLATE && options[0] != CI_DEFLATE_DRAFT)
+ || options[1] != CILEN_DEFLATE
+ || DEFLATE_METHOD(options[2]) != DEFLATE_METHOD_VAL
+ || DEFLATE_SIZE(options[2]) != state->w_size
+ || options[3] != DEFLATE_CHK_SEQUENCE)
+ return 0;
+
+ state->seqno = 0;
+ state->unit = unit;
+ state->hdrlen = hdrlen;
+ state->debug = debug;
+
+ deflateReset(&state->strm);
+
+ return 1;
+}
+
+static void
+z_comp_reset(arg)
+ void *arg;
+{
+ struct deflate_state *state = (struct deflate_state *) arg;
+
+ state->seqno = 0;
+ deflateReset(&state->strm);
+}
+
+int
+z_compress(arg, mret, mp, orig_len, maxolen)
+ void *arg;
+ struct mbuf **mret; /* compressed packet (out) */
+ struct mbuf *mp; /* uncompressed packet (in) */
+ int orig_len, maxolen;
+{
+ struct deflate_state *state = (struct deflate_state *) arg;
+ u_char *rptr, *wptr;
+ int proto, olen, wspace, r, flush;
+ struct mbuf *m;
+
+ /*
+ * Check that the protocol is in the range we handle.
+ */
+ rptr = mtod(mp, u_char *);
+ proto = PPP_PROTOCOL(rptr);
+ if (proto > 0x3fff || proto == 0xfd || proto == 0xfb) {
+ *mret = NULL;
+ return orig_len;
+ }
+
+ /* Allocate one mbuf initially. */
+ if (maxolen > orig_len)
+ maxolen = orig_len;
+ MGET(m, M_DONTWAIT, MT_DATA);
+ *mret = m;
+ if (m != NULL) {
+ m->m_len = 0;
+ if (maxolen + state->hdrlen > MLEN)
+ MCLGET(m, M_DONTWAIT);
+ wspace = M_TRAILINGSPACE(m);
+ if (state->hdrlen + PPP_HDRLEN + 2 < wspace) {
+ m->m_data += state->hdrlen;
+ wspace -= state->hdrlen;
+ }
+ wptr = mtod(m, u_char *);
+
+ /*
+ * Copy over the PPP header and store the 2-byte sequence number.
+ */
+ wptr[0] = PPP_ADDRESS(rptr);
+ wptr[1] = PPP_CONTROL(rptr);
+ wptr[2] = PPP_COMP >> 8;
+ wptr[3] = PPP_COMP;
+ wptr += PPP_HDRLEN;
+ wptr[0] = state->seqno >> 8;
+ wptr[1] = state->seqno;
+ wptr += 2;
+ state->strm.next_out = wptr;
+ state->strm.avail_out = wspace - (PPP_HDRLEN + 2);
+ } else {
+ state->strm.next_out = NULL;
+ state->strm.avail_out = 1000000;
+ wptr = NULL;
+ wspace = 0;
+ }
+ ++state->seqno;
+
+ rptr += (proto > 0xff)? 2: 3; /* skip 1st proto byte if 0 */
+ state->strm.next_in = rptr;
+ state->strm.avail_in = mtod(mp, u_char *) + mp->m_len - rptr;
+ mp = mp->m_next;
+ flush = (mp == NULL)? Z_PACKET_FLUSH: Z_NO_FLUSH;
+ olen = 0;
+ for (;;) {
+ r = deflate(&state->strm, flush);
+ if (r != Z_OK) {
+ printf("z_compress: deflate returned %d (%s)\n",
+ r, (state->strm.msg? state->strm.msg: ""));
+ break;
+ }
+ if (flush != Z_NO_FLUSH && state->strm.avail_out != 0)
+ break; /* all done */
+ if (state->strm.avail_in == 0 && mp != NULL) {
+ state->strm.next_in = mtod(mp, u_char *);
+ state->strm.avail_in = mp->m_len;
+ mp = mp->m_next;
+ if (mp == NULL)
+ flush = Z_PACKET_FLUSH;
+ }
+ if (state->strm.avail_out == 0) {
+ if (m != NULL) {
+ m->m_len = wspace;
+ olen += wspace;
+ MGET(m->m_next, M_DONTWAIT, MT_DATA);
+ m = m->m_next;
+ if (m != NULL) {
+ m->m_len = 0;
+ if (maxolen - olen > MLEN)
+ MCLGET(m, M_DONTWAIT);
+ state->strm.next_out = mtod(m, u_char *);
+ state->strm.avail_out = wspace = M_TRAILINGSPACE(m);
+ }
+ }
+ if (m == NULL) {
+ state->strm.next_out = NULL;
+ state->strm.avail_out = 1000000;
+ }
+ }
+ }
+ if (m != NULL)
+ olen += (m->m_len = wspace - state->strm.avail_out);
+
+ /*
+ * See if we managed to reduce the size of the packet.
+ */
+ if (m != NULL && olen < orig_len) {
+ state->stats.comp_bytes += olen;
+ state->stats.comp_packets++;
+ } else {
+ if (*mret != NULL) {
+ m_freem(*mret);
+ *mret = NULL;
+ }
+ state->stats.inc_bytes += orig_len;
+ state->stats.inc_packets++;
+ olen = orig_len;
+ }
+ state->stats.unc_bytes += orig_len;
+ state->stats.unc_packets++;
+
+ return olen;
+}
+
+static void
+z_comp_stats(arg, stats)
+ void *arg;
+ struct compstat *stats;
+{
+ struct deflate_state *state = (struct deflate_state *) arg;
+ u_int out;
+
+ *stats = state->stats;
+ stats->ratio = stats->unc_bytes;
+ out = stats->comp_bytes + stats->inc_bytes;
+ if (stats->ratio <= 0x7ffffff)
+ stats->ratio <<= 8;
+ else
+ out >>= 8;
+ if (out != 0)
+ stats->ratio /= out;
+}
+
+/*
+ * Allocate space for a decompressor.
+ */
+static void *
+z_decomp_alloc(options, opt_len)
+ u_char *options;
+ int opt_len;
+{
+ struct deflate_state *state;
+ int w_size;
+
+ if (opt_len != CILEN_DEFLATE
+ || (options[0] != CI_DEFLATE && options[0] != CI_DEFLATE_DRAFT)
+ || options[1] != CILEN_DEFLATE
+ || DEFLATE_METHOD(options[2]) != DEFLATE_METHOD_VAL
+ || options[3] != DEFLATE_CHK_SEQUENCE)
+ return NULL;
+ w_size = DEFLATE_SIZE(options[2]);
+ if (w_size < DEFLATE_MIN_SIZE || w_size > DEFLATE_MAX_SIZE)
+ return NULL;
+
+ MALLOC(state, struct deflate_state *, sizeof(struct deflate_state),
+ M_DEVBUF, M_NOWAIT);
+ if (state == NULL)
+ return NULL;
+
+ state->strm.next_out = NULL;
+ state->strm.zalloc = zalloc;
+ state->strm.zfree = zfree;
+ if (inflateInit2(&state->strm, -w_size) != Z_OK) {
+ FREE(state, M_DEVBUF);
+ return NULL;
+ }
+
+ state->w_size = w_size;
+ bzero(&state->stats, sizeof(state->stats));
+ return (void *) state;
+}
+
+static void
+z_decomp_free(arg)
+ void *arg;
+{
+ struct deflate_state *state = (struct deflate_state *) arg;
+
+ inflateEnd(&state->strm);
+ FREE(state, M_DEVBUF);
+}
+
+static int
+z_decomp_init(arg, options, opt_len, unit, hdrlen, mru, debug)
+ void *arg;
+ u_char *options;
+ int opt_len, unit, hdrlen, mru, debug;
+{
+ struct deflate_state *state = (struct deflate_state *) arg;
+
+ if (opt_len < CILEN_DEFLATE
+ || (options[0] != CI_DEFLATE && options[0] != CI_DEFLATE_DRAFT)
+ || options[1] != CILEN_DEFLATE
+ || DEFLATE_METHOD(options[2]) != DEFLATE_METHOD_VAL
+ || DEFLATE_SIZE(options[2]) != state->w_size
+ || options[3] != DEFLATE_CHK_SEQUENCE)
+ return 0;
+
+ state->seqno = 0;
+ state->unit = unit;
+ state->hdrlen = hdrlen;
+ state->debug = debug;
+ state->mru = mru;
+
+ inflateReset(&state->strm);
+
+ return 1;
+}
+
+static void
+z_decomp_reset(arg)
+ void *arg;
+{
+ struct deflate_state *state = (struct deflate_state *) arg;
+
+ state->seqno = 0;
+ inflateReset(&state->strm);
+}
+
+/*
+ * Decompress a Deflate-compressed packet.
+ *
+ * Because of patent problems, we return DECOMP_ERROR for errors
+ * found by inspecting the input data and for system problems, but
+ * DECOMP_FATALERROR for any errors which could possibly be said to
+ * be being detected "after" decompression. For DECOMP_ERROR,
+ * we can issue a CCP reset-request; for DECOMP_FATALERROR, we may be
+ * infringing a patent of Motorola's if we do, so we take CCP down
+ * instead.
+ *
+ * Given that the frame has the correct sequence number and a good FCS,
+ * errors such as invalid codes in the input most likely indicate a
+ * bug, so we return DECOMP_FATALERROR for them in order to turn off
+ * compression, even though they are detected by inspecting the input.
+ */
+int
+z_decompress(arg, mi, mop)
+ void *arg;
+ struct mbuf *mi, **mop;
+{
+ struct deflate_state *state = (struct deflate_state *) arg;
+ struct mbuf *mo, *mo_head;
+ u_char *rptr, *wptr;
+ int rlen, olen, ospace;
+ int seq, i, flush, r, decode_proto;
+ u_char hdr[PPP_HDRLEN + DEFLATE_OVHD];
+
+ *mop = NULL;
+ rptr = mtod(mi, u_char *);
+ rlen = mi->m_len;
+ for (i = 0; i < PPP_HDRLEN + DEFLATE_OVHD; ++i) {
+ while (rlen <= 0) {
+ mi = mi->m_next;
+ if (mi == NULL)
+ return DECOMP_ERROR;
+ rptr = mtod(mi, u_char *);
+ rlen = mi->m_len;
+ }
+ hdr[i] = *rptr++;
+ --rlen;
+ }
+
+ /* Check the sequence number. */
+ seq = (hdr[PPP_HDRLEN] << 8) + hdr[PPP_HDRLEN+1];
+ if (seq != state->seqno) {
+ if (state->debug)
+ printf("z_decompress%d: bad seq # %d, expected %d\n",
+ state->unit, seq, state->seqno);
+ return DECOMP_ERROR;
+ }
+ ++state->seqno;
+
+ /* Allocate an output mbuf. */
+ MGETHDR(mo, M_DONTWAIT, MT_DATA);
+ if (mo == NULL)
+ return DECOMP_ERROR;
+ mo_head = mo;
+ mo->m_len = 0;
+ mo->m_next = NULL;
+ MCLGET(mo, M_DONTWAIT);
+ ospace = M_TRAILINGSPACE(mo);
+ if (state->hdrlen + PPP_HDRLEN < ospace) {
+ mo->m_data += state->hdrlen;
+ ospace -= state->hdrlen;
+ }
+
+ /*
+ * Fill in the first part of the PPP header. The protocol field
+ * comes from the decompressed data.
+ */
+ wptr = mtod(mo, u_char *);
+ wptr[0] = PPP_ADDRESS(hdr);
+ wptr[1] = PPP_CONTROL(hdr);
+ wptr[2] = 0;
+
+ /*
+ * Set up to call inflate. We set avail_out to 1 initially so we can
+ * look at the first byte of the output and decide whether we have
+ * a 1-byte or 2-byte protocol field.
+ */
+ state->strm.next_in = rptr;
+ state->strm.avail_in = rlen;
+ mi = mi->m_next;
+ flush = (mi == NULL)? Z_PACKET_FLUSH: Z_NO_FLUSH;
+ rlen += PPP_HDRLEN + DEFLATE_OVHD;
+ state->strm.next_out = wptr + 3;
+ state->strm.avail_out = 1;
+ decode_proto = 1;
+ olen = PPP_HDRLEN;
+
+ /*
+ * Call inflate, supplying more input or output as needed.
+ */
+ for (;;) {
+ r = inflate(&state->strm, flush);
+ if (r != Z_OK) {
+#if !DEFLATE_DEBUG
+ if (state->debug)
+#endif
+ printf("z_decompress%d: inflate returned %d (%s)\n",
+ state->unit, r, (state->strm.msg? state->strm.msg: ""));
+ m_freem(mo_head);
+ return DECOMP_FATALERROR;
+ }
+ if (flush != Z_NO_FLUSH && state->strm.avail_out != 0)
+ break; /* all done */
+ if (state->strm.avail_in == 0 && mi != NULL) {
+ state->strm.next_in = mtod(mi, u_char *);
+ state->strm.avail_in = mi->m_len;
+ rlen += mi->m_len;
+ mi = mi->m_next;
+ if (mi == NULL)
+ flush = Z_PACKET_FLUSH;
+ }
+ if (state->strm.avail_out == 0) {
+ if (decode_proto) {
+ state->strm.avail_out = ospace - PPP_HDRLEN;
+ if ((wptr[3] & 1) == 0) {
+ /* 2-byte protocol field */
+ wptr[2] = wptr[3];
+ --state->strm.next_out;
+ ++state->strm.avail_out;
+ --olen;
+ }
+ decode_proto = 0;
+ } else {
+ mo->m_len = ospace;
+ olen += ospace;
+ MGET(mo->m_next, M_DONTWAIT, MT_DATA);
+ mo = mo->m_next;
+ if (mo == NULL) {
+ m_freem(mo_head);
+ return DECOMP_ERROR;
+ }
+ MCLGET(mo, M_DONTWAIT);
+ state->strm.next_out = mtod(mo, u_char *);
+ state->strm.avail_out = ospace = M_TRAILINGSPACE(mo);
+ }
+ }
+ }
+ if (decode_proto) {
+ m_freem(mo_head);
+ return DECOMP_ERROR;
+ }
+ olen += (mo->m_len = ospace - state->strm.avail_out);
+#if DEFLATE_DEBUG
+ if (olen > state->mru + PPP_HDRLEN)
+ printf("ppp_deflate%d: exceeded mru (%d > %d)\n",
+ state->unit, olen, state->mru + PPP_HDRLEN);
+#endif
+
+ state->stats.unc_bytes += olen;
+ state->stats.unc_packets++;
+ state->stats.comp_bytes += rlen;
+ state->stats.comp_packets++;
+
+ *mop = mo_head;
+ return DECOMP_OK;
+}
+
+/*
+ * Incompressible data has arrived - add it to the history.
+ */
+static void
+z_incomp(arg, mi)
+ void *arg;
+ struct mbuf *mi;
+{
+ struct deflate_state *state = (struct deflate_state *) arg;
+ u_char *rptr;
+ int rlen, proto, r;
+
+ /*
+ * Check that the protocol is one we handle.
+ */
+ rptr = mtod(mi, u_char *);
+ proto = PPP_PROTOCOL(rptr);
+ if (proto > 0x3fff || proto == 0xfd || proto == 0xfb)
+ return;
+
+ ++state->seqno;
+
+ /*
+ * Iterate through the mbufs, adding the characters in them
+ * to the decompressor's history. For the first mbuf, we start
+ * at the either the 1st or 2nd byte of the protocol field,
+ * depending on whether the protocol value is compressible.
+ */
+ rlen = mi->m_len;
+ state->strm.next_in = rptr + 3;
+ state->strm.avail_in = rlen - 3;
+ if (proto > 0xff) {
+ --state->strm.next_in;
+ ++state->strm.avail_in;
+ }
+ for (;;) {
+ r = inflateIncomp(&state->strm);
+ if (r != Z_OK) {
+ /* gak! */
+#if !DEFLATE_DEBUG
+ if (state->debug)
+#endif
+ printf("z_incomp%d: inflateIncomp returned %d (%s)\n",
+ state->unit, r, (state->strm.msg? state->strm.msg: ""));
+ return;
+ }
+ mi = mi->m_next;
+ if (mi == NULL)
+ break;
+ state->strm.next_in = mtod(mi, u_char *);
+ state->strm.avail_in = mi->m_len;
+ rlen += mi->m_len;
+ }
+
+ /*
+ * Update stats.
+ */
+ state->stats.inc_bytes += rlen;
+ state->stats.inc_packets++;
+ state->stats.unc_bytes += rlen;
+ state->stats.unc_packets++;
+}
+
+#endif /* DO_DEFLATE */

1287
net/ppp-mppe/patches/patch-as Normal file
View file

File diff suppressed because it is too large Load diff

633
net/ppp-mppe/patches/patch-at Normal file
View file

@ -0,0 +1,633 @@
$NetBSD: patch-at,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /dev/null Sat Sep 18 04:00:15 1999
+++ netbsd-1.4/slcompress.c Sat Sep 18 04:06:38 1999
@@ -0,0 +1,628 @@
+/* NetBSD: slcompress.c,v 1.20 1999/03/13 14:09:46 drochner Exp */
+/* Id: slcompress.c,v 1.3 1996/05/24 07:04:47 paulus Exp */
+
+/*
+ * Copyright (c) 1989, 1993, 1994
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)slcompress.c 8.2 (Berkeley) 4/16/94
+ */
+
+/*
+ * Routines to compress and uncompess tcp packets (for transmission
+ * over low speed serial lines.
+ *
+ * Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989:
+ * - Initial distribution.
+ */
+
+#include <sys/param.h>
+#include <sys/mbuf.h>
+#include <sys/systm.h>
+
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+
+#include <net/slcompress.h>
+
+#ifndef SL_NO_STATS
+#define INCR(counter) ++comp->counter;
+#else
+#define INCR(counter)
+#endif
+
+#define BCMP(p1, p2, n) bcmp((char *)(p1), (char *)(p2), (int)(n))
+#define BCOPY(p1, p2, n) bcopy((char *)(p1), (char *)(p2), (int)(n))
+
+
+void
+sl_compress_init(comp)
+ struct slcompress *comp;
+{
+ register u_int i;
+ register struct cstate *tstate = comp->tstate;
+
+ bzero((char *)comp, sizeof(*comp));
+ for (i = MAX_STATES - 1; i > 0; --i) {
+ tstate[i].cs_id = i;
+ tstate[i].cs_next = &tstate[i - 1];
+ }
+ tstate[0].cs_next = &tstate[MAX_STATES - 1];
+ tstate[0].cs_id = 0;
+ comp->last_cs = &tstate[0];
+ comp->last_recv = 255;
+ comp->last_xmit = 255;
+ comp->flags = SLF_TOSS;
+}
+
+
+/*
+ * Like sl_compress_init, but we get to specify the maximum connection
+ * ID to use on transmission.
+ */
+void
+sl_compress_setup(comp, max_state)
+ struct slcompress *comp;
+ int max_state;
+{
+ register u_int i;
+ register struct cstate *tstate = comp->tstate;
+
+ if (max_state == -1) {
+ max_state = MAX_STATES - 1;
+ bzero((char *)comp, sizeof(*comp));
+ } else {
+ /* Don't reset statistics */
+ bzero((char *)comp->tstate, sizeof(comp->tstate));
+ bzero((char *)comp->rstate, sizeof(comp->rstate));
+ }
+ for (i = max_state; i > 0; --i) {
+ tstate[i].cs_id = i;
+ tstate[i].cs_next = &tstate[i - 1];
+ }
+ tstate[0].cs_next = &tstate[max_state];
+ tstate[0].cs_id = 0;
+ comp->last_cs = &tstate[0];
+ comp->last_recv = 255;
+ comp->last_xmit = 255;
+ comp->flags = SLF_TOSS;
+}
+
+
+/* ENCODE encodes a number that is known to be non-zero. ENCODEZ
+ * checks for zero (since zero has to be encoded in the long, 3 byte
+ * form).
+ */
+#define ENCODE(n) { \
+ if ((u_int16_t)(n) >= 256) { \
+ *cp++ = 0; \
+ cp[1] = (n); \
+ cp[0] = (n) >> 8; \
+ cp += 2; \
+ } else { \
+ *cp++ = (n); \
+ } \
+}
+#define ENCODEZ(n) { \
+ if ((u_int16_t)(n) >= 256 || (u_int16_t)(n) == 0) { \
+ *cp++ = 0; \
+ cp[1] = (n); \
+ cp[0] = (n) >> 8; \
+ cp += 2; \
+ } else { \
+ *cp++ = (n); \
+ } \
+}
+
+#define DECODEL(f) { \
+ if (*cp == 0) {\
+ (f) = htonl(ntohl(f) + ((cp[1] << 8) | cp[2])); \
+ cp += 3; \
+ } else { \
+ (f) = htonl(ntohl(f) + (u_int32_t)*cp++); \
+ } \
+}
+
+#define DECODES(f) { \
+ if (*cp == 0) {\
+ (f) = htons(ntohs(f) + ((cp[1] << 8) | cp[2])); \
+ cp += 3; \
+ } else { \
+ (f) = htons(ntohs(f) + (u_int32_t)*cp++); \
+ } \
+}
+
+#define DECODEU(f) { \
+ if (*cp == 0) {\
+ (f) = htons((cp[1] << 8) | cp[2]); \
+ cp += 3; \
+ } else { \
+ (f) = htons((u_int32_t)*cp++); \
+ } \
+}
+
+u_int
+sl_compress_tcp(m, ip, comp, compress_cid)
+ struct mbuf *m;
+ register struct ip *ip;
+ struct slcompress *comp;
+ int compress_cid;
+{
+ register struct cstate *cs = comp->last_cs->cs_next;
+ register u_int hlen = ip->ip_hl;
+ register struct tcphdr *oth;
+ register struct tcphdr *th;
+ register u_int deltaS, deltaA;
+ register u_int changes = 0;
+ u_char new_seq[16];
+ register u_char *cp = new_seq;
+
+ /*
+ * Bail if this is an IP fragment or if the TCP packet isn't
+ * `compressible' (i.e., ACK isn't set or some other control bit is
+ * set). (We assume that the caller has already made sure the
+ * packet is IP proto TCP).
+ */
+ if ((ip->ip_off & htons(0x3fff)) || m->m_len < 40)
+ return (TYPE_IP);
+
+ th = (struct tcphdr *)&((int32_t *)ip)[hlen];
+ if ((th->th_flags & (TH_SYN|TH_FIN|TH_RST|TH_ACK)) != TH_ACK)
+ return (TYPE_IP);
+ /*
+ * Packet is compressible -- we're going to send either a
+ * COMPRESSED_TCP or UNCOMPRESSED_TCP packet. Either way we need
+ * to locate (or create) the connection state. Special case the
+ * most recently used connection since it's most likely to be used
+ * again & we don't have to do any reordering if it's used.
+ */
+ INCR(sls_packets)
+ if (ip->ip_src.s_addr != cs->cs_ip.ip_src.s_addr ||
+ ip->ip_dst.s_addr != cs->cs_ip.ip_dst.s_addr ||
+ *(int32_t *)th != ((int32_t *)&cs->cs_ip)[cs->cs_ip.ip_hl]) {
+ /*
+ * Wasn't the first -- search for it.
+ *
+ * States are kept in a circularly linked list with
+ * last_cs pointing to the end of the list. The
+ * list is kept in lru order by moving a state to the
+ * head of the list whenever it is referenced. Since
+ * the list is short and, empirically, the connection
+ * we want is almost always near the front, we locate
+ * states via linear search. If we don't find a state
+ * for the datagram, the oldest state is (re-)used.
+ */
+ register struct cstate *lcs;
+ register struct cstate *lastcs = comp->last_cs;
+
+ do {
+ lcs = cs; cs = cs->cs_next;
+ INCR(sls_searches)
+ if (ip->ip_src.s_addr == cs->cs_ip.ip_src.s_addr
+ && ip->ip_dst.s_addr == cs->cs_ip.ip_dst.s_addr
+ && *(int32_t *)th ==
+ ((int32_t *)&cs->cs_ip)[cs->cs_ip.ip_hl])
+ goto found;
+ } while (cs != lastcs);
+
+ /*
+ * Didn't find it -- re-use oldest cstate. Send an
+ * uncompressed packet that tells the other side what
+ * connection number we're using for this conversation.
+ * Note that since the state list is circular, the oldest
+ * state points to the newest and we only need to set
+ * last_cs to update the lru linkage.
+ */
+ INCR(sls_misses)
+ comp->last_cs = lcs;
+ hlen += th->th_off;
+ hlen <<= 2;
+ if (hlen > m->m_len)
+ return (TYPE_IP);
+ goto uncompressed;
+
+ found:
+ /*
+ * Found it -- move to the front on the connection list.
+ */
+ if (cs == lastcs)
+ comp->last_cs = lcs;
+ else {
+ lcs->cs_next = cs->cs_next;
+ cs->cs_next = lastcs->cs_next;
+ lastcs->cs_next = cs;
+ }
+ }
+
+ /*
+ * Make sure that only what we expect to change changed. The first
+ * line of the `if' checks the IP protocol version, header length &
+ * type of service. The 2nd line checks the "Don't fragment" bit.
+ * The 3rd line checks the time-to-live and protocol (the protocol
+ * check is unnecessary but costless). The 4th line checks the TCP
+ * header length. The 5th line checks IP options, if any. The 6th
+ * line checks TCP options, if any. If any of these things are
+ * different between the previous & current datagram, we send the
+ * current datagram `uncompressed'.
+ */
+ oth = (struct tcphdr *)&((int32_t *)&cs->cs_ip)[hlen];
+ deltaS = hlen;
+ hlen += th->th_off;
+ hlen <<= 2;
+ if (hlen > m->m_len)
+ return (TYPE_IP);
+
+ if (((u_int16_t *)ip)[0] != ((u_int16_t *)&cs->cs_ip)[0] ||
+ ((u_int16_t *)ip)[3] != ((u_int16_t *)&cs->cs_ip)[3] ||
+ ((u_int16_t *)ip)[4] != ((u_int16_t *)&cs->cs_ip)[4] ||
+ th->th_off != oth->th_off ||
+ (deltaS > 5 &&
+ BCMP(ip + 1, &cs->cs_ip + 1, (deltaS - 5) << 2)) ||
+ (th->th_off > 5 &&
+ BCMP(th + 1, oth + 1, (th->th_off - 5) << 2)))
+ goto uncompressed;
+
+ /*
+ * Figure out which of the changing fields changed. The
+ * receiver expects changes in the order: urgent, window,
+ * ack, seq (the order minimizes the number of temporaries
+ * needed in this section of code).
+ */
+ if (th->th_flags & TH_URG) {
+ deltaS = ntohs(th->th_urp);
+ ENCODEZ(deltaS);
+ changes |= NEW_U;
+ } else if (th->th_urp != oth->th_urp)
+ /* argh! URG not set but urp changed -- a sensible
+ * implementation should never do this but RFC793
+ * doesn't prohibit the change so we have to deal
+ * with it. */
+ goto uncompressed;
+
+ deltaS = (u_int16_t)(ntohs(th->th_win) - ntohs(oth->th_win));
+ if (deltaS) {
+ ENCODE(deltaS);
+ changes |= NEW_W;
+ }
+
+ deltaA = ntohl(th->th_ack) - ntohl(oth->th_ack);
+ if (deltaA) {
+ if (deltaA > 0xffff)
+ goto uncompressed;
+ ENCODE(deltaA);
+ changes |= NEW_A;
+ }
+
+ deltaS = ntohl(th->th_seq) - ntohl(oth->th_seq);
+ if (deltaS) {
+ if (deltaS > 0xffff)
+ goto uncompressed;
+ ENCODE(deltaS);
+ changes |= NEW_S;
+ }
+
+ switch(changes) {
+
+ case 0:
+ /*
+ * Nothing changed. If this packet contains data and the
+ * last one didn't, this is probably a data packet following
+ * an ack (normal on an interactive connection) and we send
+ * it compressed. Otherwise it's probably a retransmit,
+ * retransmitted ack or window probe. Send it uncompressed
+ * in case the other side missed the compressed version.
+ */
+ if (ip->ip_len != cs->cs_ip.ip_len &&
+ ntohs(cs->cs_ip.ip_len) == hlen)
+ break;
+
+ /* (fall through) */
+
+ case SPECIAL_I:
+ case SPECIAL_D:
+ /*
+ * actual changes match one of our special case encodings --
+ * send packet uncompressed.
+ */
+ goto uncompressed;
+
+ case NEW_S|NEW_A:
+ if (deltaS == deltaA &&
+ deltaS == ntohs(cs->cs_ip.ip_len) - hlen) {
+ /* special case for echoed terminal traffic */
+ changes = SPECIAL_I;
+ cp = new_seq;
+ }
+ break;
+
+ case NEW_S:
+ if (deltaS == ntohs(cs->cs_ip.ip_len) - hlen) {
+ /* special case for data xfer */
+ changes = SPECIAL_D;
+ cp = new_seq;
+ }
+ break;
+ }
+
+ deltaS = ntohs(ip->ip_id) - ntohs(cs->cs_ip.ip_id);
+ if (deltaS != 1) {
+ ENCODEZ(deltaS);
+ changes |= NEW_I;
+ }
+ if (th->th_flags & TH_PUSH)
+ changes |= TCP_PUSH_BIT;
+ /*
+ * Grab the cksum before we overwrite it below. Then update our
+ * state with this packet's header.
+ */
+ deltaA = ntohs(th->th_sum);
+ BCOPY(ip, &cs->cs_ip, hlen);
+
+ /*
+ * We want to use the original packet as our compressed packet.
+ * (cp - new_seq) is the number of bytes we need for compressed
+ * sequence numbers. In addition we need one byte for the change
+ * mask, one for the connection id and two for the tcp checksum.
+ * So, (cp - new_seq) + 4 bytes of header are needed. hlen is how
+ * many bytes of the original packet to toss so subtract the two to
+ * get the new packet size.
+ */
+ deltaS = cp - new_seq;
+ cp = (u_char *)ip;
+ if (compress_cid == 0 || comp->last_xmit != cs->cs_id) {
+ comp->last_xmit = cs->cs_id;
+ hlen -= deltaS + 4;
+ cp += hlen;
+ *cp++ = changes | NEW_C;
+ *cp++ = cs->cs_id;
+ } else {
+ hlen -= deltaS + 3;
+ cp += hlen;
+ *cp++ = changes;
+ }
+ m->m_len -= hlen;
+ m->m_data += hlen;
+ *cp++ = deltaA >> 8;
+ *cp++ = deltaA;
+ BCOPY(new_seq, cp, deltaS);
+ INCR(sls_compressed)
+ return (TYPE_COMPRESSED_TCP);
+
+ /*
+ * Update connection state cs & send uncompressed packet ('uncompressed'
+ * means a regular ip/tcp packet but with the 'conversation id' we hope
+ * to use on future compressed packets in the protocol field).
+ */
+uncompressed:
+ BCOPY(ip, &cs->cs_ip, hlen);
+ ip->ip_p = cs->cs_id;
+ comp->last_xmit = cs->cs_id;
+ return (TYPE_UNCOMPRESSED_TCP);
+}
+
+
+int
+sl_uncompress_tcp(bufp, len, type, comp)
+ u_char **bufp;
+ int len;
+ u_int type;
+ struct slcompress *comp;
+{
+ u_char *hdr, *cp;
+ int vjlen;
+ u_int hlen;
+
+ cp = bufp? *bufp: NULL;
+ vjlen = sl_uncompress_tcp_core(cp, len, len, type, comp, &hdr, &hlen);
+ if (vjlen < 0)
+ return (0); /* error */
+ if (vjlen == 0)
+ return (len); /* was uncompressed already */
+
+ cp += vjlen;
+ len -= vjlen;
+
+ /*
+ * At this point, cp points to the first byte of data in the
+ * packet. If we're not aligned on a 4-byte boundary, copy the
+ * data down so the ip & tcp headers will be aligned. Then back up
+ * cp by the tcp/ip header length to make room for the reconstructed
+ * header (we assume the packet we were handed has enough space to
+ * prepend 128 bytes of header).
+ */
+ if ((long)cp & 3) {
+ if (len > 0)
+ memmove((caddr_t)((long)cp &~ 3), cp, len);
+ cp = (u_char *)((long)cp &~ 3);
+ }
+ cp -= hlen;
+ len += hlen;
+ BCOPY(hdr, cp, hlen);
+
+ *bufp = cp;
+ return (len);
+}
+
+/*
+ * Uncompress a packet of total length total_len. The first buflen
+ * bytes are at buf; this must include the entire (compressed or
+ * uncompressed) TCP/IP header. This procedure returns the length
+ * of the VJ header, with a pointer to the uncompressed IP header
+ * in *hdrp and its length in *hlenp.
+ */
+int
+sl_uncompress_tcp_core(buf, buflen, total_len, type, comp, hdrp, hlenp)
+ u_char *buf;
+ int buflen, total_len;
+ u_int type;
+ struct slcompress *comp;
+ u_char **hdrp;
+ u_int *hlenp;
+{
+ register u_char *cp;
+ register u_int hlen, changes;
+ register struct tcphdr *th;
+ register struct cstate *cs;
+ register struct ip *ip;
+ register u_int16_t *bp;
+ register u_int vjlen;
+
+ switch (type) {
+
+ case TYPE_UNCOMPRESSED_TCP:
+ ip = (struct ip *) buf;
+ if (ip->ip_p >= MAX_STATES)
+ goto bad;
+ cs = &comp->rstate[comp->last_recv = ip->ip_p];
+ comp->flags &=~ SLF_TOSS;
+ ip->ip_p = IPPROTO_TCP;
+ /*
+ * Calculate the size of the TCP/IP header and make sure that
+ * we don't overflow the space we have available for it.
+ */
+ hlen = ip->ip_hl << 2;
+ if (hlen + sizeof(struct tcphdr) > buflen)
+ goto bad;
+ hlen += ((struct tcphdr *)&((char *)ip)[hlen])->th_off << 2;
+ if (hlen > MAX_HDR || hlen > buflen)
+ goto bad;
+ BCOPY(ip, &cs->cs_ip, hlen);
+ cs->cs_hlen = hlen;
+ INCR(sls_uncompressedin)
+ *hdrp = (u_char *) &cs->cs_ip;
+ *hlenp = hlen;
+ return (0);
+
+ default:
+ goto bad;
+
+ case TYPE_COMPRESSED_TCP:
+ break;
+ }
+ /* We've got a compressed packet. */
+ INCR(sls_compressedin)
+ cp = buf;
+ changes = *cp++;
+ if (changes & NEW_C) {
+ /* Make sure the state index is in range, then grab the state.
+ * If we have a good state index, clear the 'discard' flag. */
+ if (*cp >= MAX_STATES)
+ goto bad;
+
+ comp->flags &=~ SLF_TOSS;
+ comp->last_recv = *cp++;
+ } else {
+ /* this packet has an implicit state index. If we've
+ * had a line error since the last time we got an
+ * explicit state index, we have to toss the packet. */
+ if (comp->flags & SLF_TOSS) {
+ INCR(sls_tossed)
+ return (-1);
+ }
+ }
+ cs = &comp->rstate[comp->last_recv];
+ hlen = cs->cs_ip.ip_hl << 2;
+ th = (struct tcphdr *)&((u_char *)&cs->cs_ip)[hlen];
+ th->th_sum = htons((*cp << 8) | cp[1]);
+ cp += 2;
+ if (changes & TCP_PUSH_BIT)
+ th->th_flags |= TH_PUSH;
+ else
+ th->th_flags &=~ TH_PUSH;
+
+ switch (changes & SPECIALS_MASK) {
+ case SPECIAL_I:
+ {
+ register u_int i = ntohs(cs->cs_ip.ip_len) - cs->cs_hlen;
+ th->th_ack = htonl(ntohl(th->th_ack) + i);
+ th->th_seq = htonl(ntohl(th->th_seq) + i);
+ }
+ break;
+
+ case SPECIAL_D:
+ th->th_seq = htonl(ntohl(th->th_seq) + ntohs(cs->cs_ip.ip_len)
+ - cs->cs_hlen);
+ break;
+
+ default:
+ if (changes & NEW_U) {
+ th->th_flags |= TH_URG;
+ DECODEU(th->th_urp)
+ } else
+ th->th_flags &=~ TH_URG;
+ if (changes & NEW_W)
+ DECODES(th->th_win)
+ if (changes & NEW_A)
+ DECODEL(th->th_ack)
+ if (changes & NEW_S)
+ DECODEL(th->th_seq)
+ break;
+ }
+ if (changes & NEW_I) {
+ DECODES(cs->cs_ip.ip_id)
+ } else
+ cs->cs_ip.ip_id = htons(ntohs(cs->cs_ip.ip_id) + 1);
+
+ /*
+ * At this point, cp points to the first byte of data in the
+ * packet. Fill in the IP total length and update the IP
+ * header checksum.
+ */
+ vjlen = cp - buf;
+ buflen -= vjlen;
+ if (buflen < 0)
+ /* we must have dropped some characters (crc should detect
+ * this but the old slip framing won't) */
+ goto bad;
+
+ total_len += cs->cs_hlen - vjlen;
+ cs->cs_ip.ip_len = htons(total_len);
+
+ /* recompute the ip header checksum */
+ bp = (u_int16_t *) &cs->cs_ip;
+ cs->cs_ip.ip_sum = 0;
+ for (changes = 0; hlen > 0; hlen -= 2)
+ changes += *bp++;
+ changes = (changes & 0xffff) + (changes >> 16);
+ changes = (changes & 0xffff) + (changes >> 16);
+ cs->cs_ip.ip_sum = ~ changes;
+
+ *hdrp = (u_char *) &cs->cs_ip;
+ *hlenp = cs->cs_hlen;
+ return vjlen;
+
+bad:
+ comp->flags |= SLF_TOSS;
+ INCR(sls_errorin)
+ return (-1);
+}

83
net/ppp-mppe/patches/patch-au Normal file
View file

@ -0,0 +1,83 @@
$NetBSD: patch-au,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /dev/null Sat Sep 18 04:13:35 1999
+++ netbsd-1.4/kinstall.sh Sat Sep 18 04:15:32 1999
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+# This script modifies the kernel sources in /sys to install
+# ppp-2.3. It is intended to be run in the ppp-2.3 directory.
+#
+# Paul Mackerras 11-Dec-95
+
+ARCH=$(uname -m)
+CONF=$(uname -v | sed 's/.*(\(.*\)).*/\1/')
+SYS=/sys
+ARCHDIR=$SYS/arch/$ARCH
+CFILE=$ARCHDIR/conf/$CONF
+SRC=netbsd-1.4
+DOCONF=
+DOMAKE=
+CONFIG=config
+
+# Copy new versions of files into /sys/net
+
+for f in include/net/if_ppp.h include/net/ppp-comp.h include/net/ppp_defs.h \
+ $SRC/bsd-comp.c $SRC/ppp-deflate.c $SRC/if_ppp.c $SRC/if_pppvar.h \
+ $SRC/ppp_tty.c $SRC/slcompress.c include/net/slcompress.h \
+ common/zlib.c common/zlib.h; do
+ dest=$SYS/net/$(basename $f)
+ if [ -f $dest ]; then
+ if ! diff -qBI '[ ]\$[IN][de].*:.*\$' $f $dest >/dev/null; then
+ echo "Copying $f to $dest"
+ mv -f $dest $dest.orig && echo " (old version saved in $dest.orig)"
+ cp $f $dest
+ DOMAKE=yes
+ fi
+ else
+ echo "Copying $f to $dest"
+ cp $f $dest
+ DOMAKE=yes
+ fi
+done
+
+# Tell the user to add a pseudo-device line to the configuration file
+# and remake the kernel, if necessary.
+
+if [ -f $CFILE ]; then
+ if ! grep -q '^[ ]*pseudo-device[ ][ ]*ppp' $CFILE; then
+ echo
+ echo "The currently-running kernel was built from configuration file"
+ echo "$CFILE, which does not include PPP."
+ echo "You need either to add a line like 'pseudo-device ppp 2' to"
+ echo "this file, or use another configuration file which includes"
+ echo "a line like this."
+ DOCONF=yes
+ fi
+fi
+
+if [ $DOCONF ]; then
+ echo
+ echo "You need to configure and build a new kernel."
+ echo "The procedure for doing this involves the following commands:"
+ echo "(\"$CONF\" may be replaced by the name of another config file.)"
+ echo
+ echo " cd $ARCHDIR/conf"
+ echo " /usr/sbin/$CONFIG $CONF"
+ echo " cd ../compile/$CONF"
+ echo " make depend"
+ DOMAKE=yes
+elif [ $DOMAKE ]; then
+ echo
+ echo "You need to build a new kernel."
+ echo "The procedure for doing this involves the following commands:"
+ echo
+ echo " cd $ARCHDIR/compile/$CONF"
+fi
+if [ $DOMAKE ]; then
+ echo " make"
+ echo
+ echo "Then copy the new kernel ($ARCHDIR/compile/$CONF/netbsd)"
+ echo "to /netbsd and reboot. (Keep a copy of the old /netbsd,"
+ echo "just in case.)"
+fi

50
net/ppp-mppe/patches/patch-ba Normal file
View file

@ -0,0 +1,50 @@
$NetBSD: patch-ba,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /dev/null Wed Dec 31 16:00:00 1969
+++ README.MPPE Tue Jun 29 10:24:14 1999
@@ -0,0 +1,45 @@
+Just a few quick notes.
+
+MPPE support was started by Árpád Magosányi <mag@bunuel.tii.matav.hu> in 1994,
+and was finished by Tim Hockin, Cobalt Networks Inc. <thockin@cobaltnet.com>
+in 1999. If you helped, and I don't know it (which could be) please notify
+the maintainer of this code, and it will be rectified. As far as I know, only i
+Linux is supported (sorry - it's all we had available).
+
+MPPE - Microsoft Point-to-Point Encryption uses rc4 (40 or 128 bit) as a
+bi-directional encryption algorithm. The keys are based on your MS-CHAP
+authentication info, so you must use chapms or chapms-v2. Rc4 is owned by
+RSA Data Security, and you may have to pay to use it, or not use it at all,
+depending on your place of residence. No author listed in this file claims
+any responsibility for misuse of this software. Copyright for some code is
+owned by Eric Young (see ./linux/rc4.h for details). Depending on where you
+got this code from (either in patch or tar.gz form), you may need to obtain
+the actual rc4 code from a different site. The implementation of rc4 found in
+the SSLeay package, by Eric Young, version 0.6.6. This package can be found
+at ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/. Newer versions than 0.6.6 may
+require some minor source code or header file changes. Once obtained, copy
+rc4.h and rc4_enc.c to the linux/ subdir of this package.
+
+This is NOT a particularly secure mode of operation. For maximum possible
+security using MPPE, it is advised in the RFC's to use the highest mode of
+encryption that is legal, and to enable stateless mode (which renogotiates
+keys with every packet). Even with these precautions, MPPE is not very secure,
+but anything is better than nothing, right?
+
+That said, it seems to work pretty well, for what it is. MSChap-v2 support
+was added by someone along the way, and MPPE needed some finishing. It
+appears to work with Windows (tm) clients, with encryption specified.
+
+How to use it:
+* Compile this pppd, and teh associated kernel modules.
+* Add +chapms and/or +chapms-v2 to your pppd command line.
+* Add mppe-40 and/or mppe-128 and/or mppe-stateless to your pppd command line.
+* Either load ppp_mppe.o manually or put this line in your /etc/conf.modules.
+ alias ppp-compress-18 ppp_mppe
+* Go for it.
+
+
+For further reading:
+ Use the source, Luke.
+ draft-ietf-pppext-mppe-03.txt (any RFC site should have this)
+ draft-ietf-pppext-mppe-keys-00.txt (ditto)

181
net/ppp-mppe/patches/patch-bb Normal file
View file

@ -0,0 +1,181 @@
$NetBSD: patch-bb,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/auth.c.orig2 Sat Sep 25 12:36:32 1999
+++ pppd/auth.c Sat Sep 25 12:48:02 1999
@@ -74,8 +74,16 @@
#ifdef CBCP_SUPPORT
#include "cbcp.h"
#endif
+#ifdef CHAPMS
+#include "chap_ms.h"
+#endif
#include "pathnames.h"
+#ifdef DYNAMIC
+#define _PATH_DYNAMIC "/etc/ppp/getaddr"
+#endif
+static char xuser[MAXNAMELEN];
+
static const char rcsid[] = RCSID;
/* Bits in scan_authfile return value */
@@ -108,6 +116,11 @@
/* Set if we got the contents of passwd[] from the pap-secrets file. */
static int passwd_from_file;
+#ifdef CBCP_SUPPORT
+/* Set if we have done call-back sequences. */
+static int did_callback;
+#endif
+
/*
* This is used to ensure that we don't start an auth-up/down
* script while one is already running.
@@ -144,7 +157,7 @@
/* Prototypes for procedures local to this file. */
-static void network_phase __P((int));
+void network_phase __P((int));
static void check_idle __P((void *));
static void connect_time_expired __P((void *));
static int plogin __P((char *, char *, char **, int *));
@@ -177,14 +190,36 @@
"Don't agree to auth to peer with PAP", 1 },
{ "-pap", o_bool, &refuse_pap,
"Don't allow PAP authentication with peer", 1 },
- { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap,
- "Require CHAP authentication from peer", 1, &auth_required },
- { "+chap", o_bool, &lcp_wantoptions[0].neg_chap,
- "Require CHAP authentication from peer", 1, &auth_required },
+ { "require-chap", o_special_noarg, reqchap,
+ "Require CHAP authentication from peer" },
+ { "+chap", o_special_noarg, reqchap,
+ "Require CHAP authentication from peer" },
{ "refuse-chap", o_bool, &refuse_chap,
"Don't agree to auth to peer with CHAP", 1 },
{ "-chap", o_bool, &refuse_chap,
"Don't allow CHAP authentication with peer", 1 },
+ { "refuse-chap-md5", o_bool, &lcp_wantoptions[0].use_digest,
+ "Don't allow md5-digest style CHAP", 0 },
+ { "-chap-md5", o_bool, &lcp_wantoptions[0].use_digest,
+ "Don't allow md5-digest style CHAP", 0 },
+#ifdef CHAPMS
+ { "require-chapms", o_special_noarg, reqchapms,
+ "Require MSCHAP (v1) authentication" },
+ { "+chapms", o_special_noarg, reqchapms,
+ "Require MSCHAP (v1) authentication" },
+ { "refuse-chapms", o_special_noarg, nochapms,
+ "Refuse MSCHAP (v1) authentication" },
+ { "-chapms", o_special_noarg, nochapms,
+ "Refuse MSCHAP (v1) authentication" },
+ { "require-chapms-v2", o_special_noarg, reqchapms_v2,
+ "Require MSCHAP-v2 authentication" },
+ { "+chapms-v2", o_special_noarg, reqchapms_v2,
+ "Require MSCHAP-v2 authentication" },
+ { "refuse-chapms-v2", o_special_noarg, nochapms_v2,
+ "Refuse MSCHAP-v2 authentication" },
+ { "-chapms-v2", o_special_noarg, nochapms_v2,
+ "Refuse MSCHAP-v2 authentication" },
+#endif
{ "name", o_string, our_name,
"Set local name for authentication",
OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN },
@@ -402,11 +437,14 @@
/*
* Proceed to the network phase.
*/
-static void
+void
network_phase(unit)
int unit;
{
lcp_options *go = &lcp_gotoptions[unit];
+#ifdef CBCP_SUPPORT
+ lcp_options *ho = &lcp_hisoptions[unit];
+#endif
/*
* If the peer had to authenticate, run the auth-up script now.
@@ -423,8 +461,9 @@
/*
* If we negotiated callback, do it now.
*/
- if (go->neg_cbcp) {
+ if ((go->neg_cbcp || ho->neg_cbcp) && !did_callback) {
phase = PHASE_CALLBACK;
+ did_callback = 1;
(*cbcp_protent.open)(unit);
return;
}
@@ -510,6 +549,8 @@
namelen = sizeof(peer_authname) - 1;
BCOPY(name, peer_authname, namelen);
peer_authname[namelen] = 0;
+ BCOPY(name, xuser, namelen);
+ xuser[namelen] = 0;
script_setenv("PEERNAME", peer_authname);
/*
@@ -1291,6 +1332,61 @@
return 1;
}
+
+#ifdef DYNAMIC
+/*
+ * get_ip_addr_dynamic - scans dynamic-givable address space for
+ * most recently used address for given user.
+ */
+int
+get_ip_addr_dynamic(unit, addr)
+ int unit;
+ u_int32_t *addr;
+{
+ u_int32_t a;
+ struct wordlist *addrs;
+ FILE *fd;
+ int dfd;
+ char command[256];
+ char mypid[40], *s;
+ char address[50];
+ u_int32_t mask;
+
+ if ((addrs = addresses[unit]) == NULL)
+ return 0; /* no restriction */
+
+ fd = (FILE *)NULL;
+ for(; addrs != NULL; addrs = addrs->next) {
+ if(strcmp(addrs->word, "*") != 0)
+ continue;
+ sprintf(mypid, "/var/tmp/ppp_dynamic.%d", getpid());
+ sprintf(command, "%s %s %s %s", _PATH_DYNAMIC, xuser, devnam, mypid);
+ dfd = open("/dev/null", O_RDWR);
+ device_script(command, dfd, dfd);
+ close(dfd);
+ fd = fopen(mypid, "r");
+ if(fd == (FILE *)NULL)
+ break;
+ if(fgets(address, sizeof(address), fd) == (char *)NULL)
+ break;
+ if((s = strchr(address, '\n')) != (char *)NULL)
+ *s = '\0';
+ a = inet_addr(address);
+ if(a == -1L)
+ break;
+ fclose(fd);
+ unlink(mypid);
+ *addr = a;
+ return 1;
+ }
+ if(fd != (FILE *)NULL)
+ {
+ fclose(fd);
+ unlink(mypid);
+ }
+ return 0;
+}
+#endif
/*
* set_allowed_addrs() - set the list of allowed addresses.

520
net/ppp-mppe/patches/patch-bc Normal file
View file

@ -0,0 +1,520 @@
$NetBSD: patch-bc,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/cbcp.c.orig2 Sat Sep 25 12:51:36 1999
+++ pppd/cbcp.c Sat Sep 25 13:11:31 1999
@@ -17,4 +17,25 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
+
+/*
+ * Microsoft Call Back Configuration Protocol.
+ * by Pedro Roque Marques
+ *
+ * The CBCP is a method by which the Microsoft Windows NT Server may
+ * implement additional security. It is possible to configure the server
+ * in such a manner so as to require that the client systems which
+ * connect with it are required that following a valid authentication to
+ * leave a method by which the number may be returned call.
+ *
+ * It is a requirement of servers so configured that the protocol be
+ * exchanged.
+ *
+ * So, this set of patches may be applied to the pppd process to enable
+ * the cbcp client *only* portion of the specification. It is primarily
+ * meant to permit connection with Windows NT Servers.
+ *
+ * The ietf-working specification may be obtained from ftp.microsoft.com
+ * in the developr/rfc directory.
+ */
@@ -32,14 +52,25 @@
static const char rcsid[] = RCSID;
+void network_phase __P((int));
+
/*
* Options.
*/
static int setcbcp __P((char **));
+static int setcbcpreq __P((char **));
+static int setnocbcp __P((char **));
static option_t cbcp_option_list[] = {
{ "callback", o_special, setcbcp,
"Ask for callback" },
+ { "+callback", o_special_noarg, setcbcpreq,
+ "Ask for callback" },
+ { "nocallback", o_special, setnocbcp,
+ "Don't allow callbacks" },
+ { "-callback", o_special, setnocbcp,
+ "Don't allow callbacks" },
+
{ NULL }
};
@@ -48,7 +79,9 @@
*/
static void cbcp_init __P((int unit));
static void cbcp_open __P((int unit));
+static void cbcp_close __P((int unit, char *));
static void cbcp_lowerup __P((int unit));
+static void cbcp_lowerdown __P((int unit));
static void cbcp_input __P((int unit, u_char *pkt, int len));
static void cbcp_protrej __P((int unit));
static int cbcp_printpkt __P((u_char *pkt, int len,
@@ -61,12 +94,12 @@
cbcp_input,
cbcp_protrej,
cbcp_lowerup,
- NULL,
+ cbcp_lowerdown,
cbcp_open,
- NULL,
+ cbcp_close,
cbcp_printpkt,
NULL,
- 0,
+ 1,
"CBCP",
NULL,
cbcp_option_list,
@@ -80,23 +113,46 @@
/* internal prototypes */
static void cbcp_recvreq __P((cbcp_state *us, char *pckt, int len));
-static void cbcp_resp __P((cbcp_state *us));
-static void cbcp_up __P((cbcp_state *us));
static void cbcp_recvack __P((cbcp_state *us, char *pckt, int len));
+static void cbcp_recvresp __P((cbcp_state *us, char *pckt, int len));
+static void cbcp_resp __P((cbcp_state *us));
+static void cbcp_req __P((cbcp_state *us));
+static void cbcp_ack __P((cbcp_state *us));
static void cbcp_send __P((cbcp_state *us, u_char code, u_char *buf, int len));
+static void cbcp_up __P((cbcp_state *us));
/* option processing */
static int
setcbcp(argv)
char **argv;
{
- lcp_wantoptions[0].neg_cbcp = 1;
- cbcp_protent.enabled_flag = 1;
+ lcp_allowoptions[0].neg_cbcp = 1;
cbcp[0].us_number = strdup(*argv);
if (cbcp[0].us_number == 0)
novm("callback number");
- cbcp[0].us_type |= (1 << CB_CONF_USER);
- cbcp[0].us_type |= (1 << CB_CONF_ADMIN);
+ if (cbcp[0].us_number[0] == '-')
+ cbcp[0].us_type = (1 << CB_CONF_NO);
+ else
+ {
+ cbcp[0].us_type = (1 << CB_CONF_USER);
+ cbcp[0].us_type |= (1 << CB_CONF_ADMIN);
+ }
+ return (1);
+}
+
+static int
+setnocbcp(argv)
+ char **argv;
+{
+ lcp_allowoptions[0].neg_cbcp = lcp_wantoptions[0].neg_cbcp = 0;
+ return (1);
+}
+
+static int
+setcbcpreq(argv)
+ char **argv;
+{
+ lcp_wantoptions[0].neg_cbcp = 1;
return (1);
}
@@ -110,7 +166,8 @@
us = &cbcp[iface];
memset(us, 0, sizeof(cbcp_state));
us->us_unit = iface;
- us->us_type |= (1 << CB_CONF_NO);
+ us->us_type = (1 << CB_CONF_NO);
+ us->us_id = 1;
}
/* lower layer is up */
@@ -120,18 +177,60 @@
{
cbcp_state *us = &cbcp[iface];
- dbglog("cbcp_lowerup");
- dbglog("want: %d", us->us_type);
+ if (debug)
+ {
+ dbglog("cbcp_lowerup");
+ dbglog("want: %d", us->us_type);
- if (us->us_type == CB_CONF_USER)
- dbglog("phone no: %s", us->us_number);
+ if (us->us_type & (1 << CB_CONF_USER))
+ dbglog("phone no: %s", us->us_number);
+ }
+}
+
+static void
+cbcp_lowerdown(iface)
+ int iface;
+{
+ if(debug)
+ dbglog("cbcp_lowerdown");
}
static void
cbcp_open(unit)
int unit;
{
- dbglog("cbcp_open");
+ lcp_options *ho = &lcp_hisoptions[unit];
+ lcp_options *ao = &lcp_allowoptions[unit];
+ lcp_options *wo = &lcp_wantoptions[unit];
+ lcp_options *go = &lcp_gotoptions[unit];
+ cbcp_state *us = &cbcp[unit];
+
+ if(debug)
+ dbglog("cbcp_open");
+ if(ao->neg_cbcp)
+ {
+ if(ho->neg_cbcp)
+ {
+ cbcp_req(us);
+ return;
+ }
+ }
+ else if(wo->neg_cbcp)
+ {
+ if(!go->neg_cbcp)
+ lcp_close(0, "Callback required");
+ return;
+ }
+ cbcp_up(us);
+}
+
+static void
+cbcp_close(unit, reason)
+ int unit;
+ char *reason;
+{
+ if(debug)
+ dbglog("cbcp_close: %s", reason);
}
/* process an incomming packet */
@@ -174,11 +273,13 @@
break;
case CBCP_RESP:
- dbglog("CBCP_RESP received");
+ if (id != us->us_id && debug)
+ dbglog("id doesn't match: expected %d recv %d", us->us_id, id);
+ cbcp_recvresp(us, inp, len);
break;
case CBCP_ACK:
- if (id != us->us_id)
+ if (id != us->us_id && debug)
dbglog("id doesn't match: expected %d recv %d",
us->us_id, id);
@@ -298,7 +399,8 @@
address[0] = 0;
while (len) {
- dbglog("length: %d", len);
+ if (debug)
+ dbglog("length: %d", len);
GETCHAR(type, pckt);
GETCHAR(opt_len, pckt);
@@ -310,22 +412,22 @@
switch(type) {
case CB_CONF_NO:
- dbglog("no callback allowed");
+ dbglog("Callback: none");
break;
case CB_CONF_USER:
- dbglog("user callback allowed");
if (opt_len > 4) {
GETCHAR(addr_type, pckt);
memcpy(address, pckt, opt_len - 4);
address[opt_len - 4] = 0;
- if (address[0])
- dbglog("address: %s", address);
+ dbglog("Callback: user callback, address: '%s'", address);
}
+ else
+ dbglog("Callback: user callback");
break;
case CB_CONF_ADMIN:
- dbglog("user admin defined allowed");
+ dbglog("Callback: user admin defined");
break;
case CB_CONF_LIST:
@@ -347,29 +449,35 @@
int len = 0;
cb_type = us->us_allowed & us->us_type;
- dbglog("cbcp_resp cb_type=%d", cb_type);
+ if (debug)
+ dbglog("cbcp_resp cb_type=%d", cb_type);
+ if (!cb_type) {
+ dbglog("Your remote side wanted a callback-type you don't allow -> doing no callback");
+ cb_type = 1 << CB_CONF_NO;
#if 0
- if (!cb_type)
lcp_down(us->us_unit);
#endif
+ }
if (cb_type & ( 1 << CB_CONF_USER ) ) {
- dbglog("cbcp_resp CONF_USER");
+ if (debug)
+ dbglog("cbcp_resp CONF_USER");
PUTCHAR(CB_CONF_USER, bufp);
- len = 3 + 1 + strlen(us->us_number) + 1;
+ len = 2 + 1 + strlen(us->us_number);
PUTCHAR(len , bufp);
PUTCHAR(5, bufp); /* delay */
PUTCHAR(1, bufp);
- BCOPY(us->us_number, bufp, strlen(us->us_number) + 1);
+ BCOPY(us->us_number, bufp, strlen(us->us_number));
cbcp_send(us, CBCP_RESP, buf, len);
return;
}
if (cb_type & ( 1 << CB_CONF_ADMIN ) ) {
- dbglog("cbcp_resp CONF_ADMIN");
+ if (debug)
+ dbglog("cbcp_resp CONF_ADMIN");
PUTCHAR(CB_CONF_ADMIN, bufp);
- len = 3;
+ len = 2 + 1;
PUTCHAR(len, bufp);
PUTCHAR(5, bufp); /* delay */
cbcp_send(us, CBCP_RESP, buf, len);
@@ -377,18 +485,181 @@
}
if (cb_type & ( 1 << CB_CONF_NO ) ) {
- dbglog("cbcp_resp CONF_NO");
+ if (debug)
+ dbglog("cbcp_resp CONF_NO");
PUTCHAR(CB_CONF_NO, bufp);
- len = 3;
+ len = 2;
PUTCHAR(len , bufp);
- PUTCHAR(0, bufp);
cbcp_send(us, CBCP_RESP, buf, len);
- start_networks();
return;
}
}
static void
+cbcp_ack(us)
+ cbcp_state *us;
+{
+ u_char cb_type;
+ u_char buf[256];
+ u_char *bufp = buf;
+ int len = 0;
+
+ cb_type = us->us_allowed & us->us_type;
+ if(debug)
+ dbglog("cbcp_ack cb_type=%d", cb_type);
+
+ if (!cb_type) {
+ dbglog("Your remote side wanted a callback-type you don't allow -> doing no callback");
+ cb_type = 1 << CB_CONF_NO;
+ lcp_close(us->us_unit, "Invalid callback requested");
+ return;
+ }
+
+ if (cb_type & ( 1 << CB_CONF_USER ) ) {
+ if(debug)
+ dbglog("cbcp_ack CONF_USER");
+ PUTCHAR(CB_CONF_USER, bufp);
+ len = 2 + 1 + strlen(us->us_number);
+ PUTCHAR(len , bufp);
+ PUTCHAR(5, bufp); /* delay */
+ PUTCHAR(1, bufp);
+ BCOPY(us->us_number, bufp, strlen(us->us_number));
+ cbcp_send(us, CBCP_ACK, buf, len);
+ cbcp_up(us);
+ return;
+ }
+
+ if (cb_type & ( 1 << CB_CONF_ADMIN ) ) {
+ if(debug)
+ dbglog("cbcp_ack CONF_ADMIN");
+ PUTCHAR(CB_CONF_ADMIN, bufp);
+ len = 2 + 1;
+ PUTCHAR(len , bufp);
+ PUTCHAR(5, bufp); /* delay */
+ PUTCHAR(0, bufp);
+ cbcp_send(us, CBCP_ACK, buf, len);
+ cbcp_up(us);
+ return;
+ }
+
+ if (cb_type & ( 1 << CB_CONF_NO ) ) {
+ if(debug)
+ dbglog("cbcp_ack CONF_NO");
+ PUTCHAR(CB_CONF_NO, bufp);
+ len = 2;
+ PUTCHAR(len , bufp);
+ cbcp_send(us, CBCP_ACK, buf, len);
+ cbcp_up(us);
+ return;
+ }
+}
+
+static void
+cbcp_req(us)
+ cbcp_state *us;
+{
+ u_char cb_type;
+ u_char buf[256];
+ u_char *bufp = buf;
+ int len = 0;
+
+ cb_type = us->us_type;
+
+ if (cb_type & ( 1 << CB_CONF_USER ) ) {
+ if(debug)
+ dbglog("cbcp_req CONF_USER");
+ PUTCHAR(CB_CONF_USER, bufp);
+ len = 2 + 1 + strlen(us->us_number);
+ PUTCHAR(len , bufp);
+ PUTCHAR(5, bufp); /* delay */
+ PUTCHAR(1, bufp);
+ BCOPY(us->us_number, bufp, strlen(us->us_number));
+ cbcp_send(us, CBCP_REQ, buf, len);
+ return;
+ }
+
+ if (cb_type & ( 1 << CB_CONF_ADMIN ) ) {
+ if(debug)
+ dbglog("cbcp_req CONF_ADMIN");
+ PUTCHAR(CB_CONF_ADMIN, bufp);
+ len = 2 + 1;
+ PUTCHAR(len , bufp);
+ PUTCHAR(5, bufp); /* delay */
+ PUTCHAR(0, bufp);
+ cbcp_send(us, CBCP_REQ, buf, len);
+ return;
+ }
+
+ if (cb_type & ( 1 << CB_CONF_NO ) ) {
+ if(debug)
+ dbglog("cbcp_req CONF_NO");
+ PUTCHAR(CB_CONF_NO, bufp);
+ len = 2;
+ PUTCHAR(len , bufp);
+ cbcp_send(us, CBCP_REQ, buf, len);
+ return;
+ }
+}
+
+/* received CBCP request */
+static void
+cbcp_recvresp(us, pckt, pcktlen)
+ cbcp_state *us;
+ char *pckt;
+ int pcktlen;
+{
+ u_char type, opt_len, delay, addr_type;
+ char address[256];
+ int len = pcktlen;
+
+ address[0] = 0;
+
+ if(debug)
+ dbglog("CBCP_RESP received");
+
+ while (len) {
+ if(debug)
+ dbglog("length: %d", len);
+
+ GETCHAR(type, pckt);
+ GETCHAR(opt_len, pckt);
+
+ if (opt_len > 2)
+ GETCHAR(delay, pckt);
+
+ us->us_allowed |= (1 << type);
+
+ switch(type) {
+ case CB_CONF_NO:
+ dbglog("Callback: none");
+ break;
+
+ case CB_CONF_USER:
+ if (opt_len > 4) {
+ GETCHAR(addr_type, pckt);
+ memcpy(address, pckt, opt_len - 4);
+ address[opt_len - 4] = 0;
+ dbglog("Callback: user callback, address: '%s'", address);
+ }
+ else
+ dbglog("Callback: user callback");
+ break;
+
+ case CB_CONF_ADMIN:
+ dbglog("Callback: user admin defined");
+ break;
+
+ case CB_CONF_LIST:
+ break;
+ }
+ len -= opt_len;
+ }
+
+ cbcp_ack(us);
+}
+
+
+static void
cbcp_send(us, code, buf, len)
cbcp_state *us;
u_char code;
@@ -436,10 +707,14 @@
memcpy(address, pckt, opt_len - 4);
address[opt_len - 4] = 0;
if (address[0])
- dbglog("peer will call: %s", address);
+ dbglog("Callback: peer will call: '%s'", address);
}
- if (type == CB_CONF_NO)
+ if (type != CB_CONF_NO)
+ {
+ persist = 0;
+ lcp_close(0, "Call me back, please");
return;
+ }
}
cbcp_up(us);
@@ -450,7 +725,6 @@
cbcp_up(us)
cbcp_state *us;
{
- persist = 0;
- lcp_close(0, "Call me back, please");
+ network_phase(us->us_unit);
status = EXIT_CALLBACK;
}

356
net/ppp-mppe/patches/patch-bd Normal file
View file

@ -0,0 +1,356 @@
$NetBSD: patch-bd,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/ccp.c.orig Fri Aug 13 02:46:11 1999
+++ pppd/ccp.c Sat Sep 25 14:31:25 1999
@@ -33,6 +33,9 @@
#include "pppd.h"
#include "fsm.h"
#include "ccp.h"
+#ifdef MPPE
+#include "mppe.h"
+#endif
#include <net/ppp-comp.h>
static const char rcsid[] = RCSID;
@@ -75,6 +78,32 @@
{ "-predictor1", o_bool, &ccp_wantoptions[0].predictor_1,
"don't allow Predictor-1", OPT_A2COPY,
&ccp_allowoptions[0].predictor_1 },
+#ifdef MPPE
+ { "mppe-40", o_special_noarg, setmppe_40,
+ "Allow 40 bit MPPE encryption" },
+ { "+mppe-40", o_special_noarg, setmppe_40,
+ "Allow 40 bit MPPE encryption" },
+ { "nomppe-40", o_special_noarg, setnomppe_40,
+ "Disallow 40 bit MPPE encryption" },
+ { "-mppe-40", o_special_noarg, setnomppe_40,
+ "Disallow 40 bit MPPE encryption" },
+ { "mppe-128", o_special_noarg, setmppe_128,
+ "Allow 128 bit MPPE encryption" },
+ { "+mppe-128", o_special_noarg, setmppe_128,
+ "Allow 128 bit MPPE encryption" },
+ { "nomppe-128", o_special_noarg, setnomppe_128,
+ "Disallow 128 bit MPPE encryption" },
+ { "-mppe-128", o_special_noarg, setnomppe_128,
+ "Disallow 128 bit MPPE encryption" },
+ { "mppe-stateless", o_special_noarg, setmppe_stateless,
+ "Allow stateless MPPE encryption" },
+ { "+mppe-stateless", o_special_noarg, setmppe_stateless,
+ "Allow stateless MPPE encryption" },
+ { "nomppe-stateless", o_special_noarg, setnomppe_stateless,
+ "Disallow stateless MPPE encryption" },
+ { "-mppe-stateless", o_special_noarg, setnomppe_stateless,
+ "Disallow stateless MPPE encryption" },
+#endif
{ NULL }
};
@@ -157,8 +186,14 @@
/*
* Do we want / did we get any compression?
*/
+#ifdef MPPE
+#define ANY_COMPRESS(opt) ((opt).deflate || (opt).bsd_compress \
+ || (opt).predictor_1 || (opt).predictor_2 \
+ || (opt).mppe )
+#else
#define ANY_COMPRESS(opt) ((opt).deflate || (opt).bsd_compress \
|| (opt).predictor_1 || (opt).predictor_2)
+#endif
/*
* Local state (mainly for handling reset-reqs and reset-acks).
@@ -282,6 +317,16 @@
ccp_allowoptions[0].bsd_bits = BSD_MAX_BITS;
ccp_allowoptions[0].predictor_1 = 1;
+#ifdef MPPE
+ ccp_wantoptions[0].mppe = 0;
+ ccp_wantoptions[0].mppe_stateless = 0;
+ ccp_wantoptions[0].mppe_40 = 0;
+ ccp_wantoptions[0].mppe_128 = 0;
+ ccp_allowoptions[0].mppe_stateless = 1;
+ ccp_allowoptions[0].mppe = 1;
+ ccp_allowoptions[0].mppe_40 = 1;
+ ccp_allowoptions[0].mppe_128 = 1;
+#endif /* MPPE*/
}
/*
@@ -420,7 +465,7 @@
fsm *f;
{
ccp_options *go = &ccp_gotoptions[f->unit];
- u_char opt_buf[16];
+ u_char opt_buf[256];
*go = ccp_wantoptions[f->unit];
all_rejected[f->unit] = 0;
@@ -436,6 +481,18 @@
if (ccp_test(f->unit, opt_buf, CILEN_BSD_COMPRESS, 0) <= 0)
go->bsd_compress = 0;
}
+#ifdef MPPE
+ if (go->mppe) {
+ opt_buf[0] = CI_MPPE;
+ opt_buf[1] = CILEN_MPPE;
+ opt_buf[2] = 0;
+ /* keysize is 8 here */
+ BCOPY(mppe_master_send_key_40, opt_buf+3, 8);
+ BCOPY(mppe_master_recv_key_40, opt_buf+11, 8);
+ if (ccp_test(f->unit, opt_buf, (2*8)+3, 0) <= 0)
+ go->mppe = 0;
+ }
+#endif /*MPPE*/
if (go->deflate) {
if (go->deflate_correct) {
opt_buf[0] = CI_DEFLATE;
@@ -481,6 +538,9 @@
return (go->bsd_compress? CILEN_BSD_COMPRESS: 0)
+ (go->deflate? CILEN_DEFLATE: 0)
+#ifdef MPPE
+ + (go->mppe? CILEN_MPPE: 0)
+#endif
+ (go->predictor_1? CILEN_PREDICTOR_1: 0)
+ (go->predictor_2? CILEN_PREDICTOR_2: 0);
}
@@ -529,6 +589,41 @@
p += CILEN_DEFLATE;
}
}
+#ifdef MPPE
+ if (go->mppe) {
+ u_char opt_buf[64];
+ u_int keysize = 0;
+
+ if(!mppe_allowed)
+ go->mppe_stateless = go->mppe_40 = go->mppe_128 = 0;
+ p[0]=CI_MPPE;
+ p[1]=CILEN_MPPE;
+ p[2]=(go->mppe_stateless ? MPPE_STATELESS : 0);
+ p[3]=0;
+ p[4]=0;
+ p[5]=(go->mppe_40 ? MPPE_40BIT : 0) | (go->mppe_128 ? MPPE_128BIT : 0);
+ if(p[5] & MPPE_40BIT) {
+ keysize = 8;
+ BCOPY(mppe_master_send_key_40, opt_buf+3, keysize);
+ BCOPY(mppe_master_recv_key_40, opt_buf+11, keysize);
+ } else if(p[5] & MPPE_128BIT) {
+ keysize = 16;
+ BCOPY(mppe_master_send_key_128, opt_buf+3, keysize);
+ BCOPY(mppe_master_recv_key_128, opt_buf+19, keysize);
+ }
+ if(p[5] != 0) {
+ opt_buf[0]=CI_MPPE;
+ opt_buf[1]=CILEN_MPPE;
+ opt_buf[2] = (go->mppe_stateless) ? 1 : 0;
+ res = ccp_test(f->unit, opt_buf, (2*keysize)+3, 0);
+ } else {
+ res = -1;
+ }
+ if (res > 0) {
+ p += CILEN_MPPE;
+ }
+ }
+#endif /* MPPE*/
if (go->bsd_compress) {
p[0] = CI_BSD_COMPRESS;
p[1] = CILEN_BSD_COMPRESS;
@@ -612,6 +707,22 @@
len -= CILEN_DEFLATE;
}
}
+#ifdef MPPE
+ if (go->mppe) {
+ if ( len < CILEN_MPPE
+ || p[1] != CILEN_MPPE || p[0] != CI_MPPE
+ || p[2] != (go->mppe_stateless ? MPPE_STATELESS : 0)
+ || p[3] != 0
+ || p[4] != 0
+ || p[5] != ((go->mppe_40 ? MPPE_40BIT : 0) | (go->mppe_128 ? MPPE_128BIT : 0)))
+ return 0;
+ p += CILEN_MPPE;
+ len -= CILEN_MPPE;
+ /* Cope with first/fast ack */
+ if (len == 0)
+ return 1;
+ }
+#endif /* MPPE */
if (go->bsd_compress) {
if (len < CILEN_BSD_COMPRESS
|| p[0] != CI_BSD_COMPRESS || p[1] != CILEN_BSD_COMPRESS
@@ -690,6 +801,23 @@
}
}
+#ifdef MPPE
+ if (len >= CILEN_MPPE && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
+ no.mppe = 1;
+ if((p[5] & MPPE_128BIT) == 0)
+ try.mppe_128 = 0;
+ if((p[5] & MPPE_40BIT) == 0)
+ try.mppe_40 = 0;
+ if((p[2] & MPPE_STATELESS) == 0)
+ try.mppe_stateless = 0;
+ if(!try.mppe_128 && !try.mppe_40) {
+ no.mppe = 0;
+ try.mppe = 0;
+ }
+ p += CILEN_MPPE;
+ len -= CILEN_MPPE;
+ }
+#endif /* MPPE */
if (go->bsd_compress && len >= CILEN_BSD_COMPRESS
&& p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) {
no.bsd_compress = 1;
@@ -762,6 +890,14 @@
if (!try.deflate_correct && !try.deflate_draft)
try.deflate = 0;
}
+#ifdef MPPE
+ if (go->mppe && len >= CILEN_MPPE
+ && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
+ try.mppe = 0;
+ p += CILEN_MPPE;
+ len -= CILEN_MPPE;
+ }
+#endif /*MPPE*/
if (go->bsd_compress && len >= CILEN_BSD_COMPRESS
&& p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) {
if (p[2] != BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits))
@@ -875,6 +1011,78 @@
}
break;
+#ifdef MPPE
+ case CI_MPPE:
+ if (!ao->mppe || clen != CILEN_MPPE) {
+ newret = CONFREJ;
+ break;
+ }
+ if(!mppe_allowed)
+ {
+ newret = CONFREJ;
+ break;
+ }
+ ho->mppe = 1;
+ if((p[5]&(MPPE_40BIT|MPPE_128BIT)) == (MPPE_40BIT|MPPE_128BIT))
+ {
+ /* if both are available, select the stronger */
+ p[5] &= ~MPPE_40BIT;
+ newret = CONFNAK;
+ }
+ if((p[2] & ~MPPE_STATELESS) != 0
+ || p[3] != 0
+ || p[4] != 0
+ || (p[5] & ~(MPPE_40BIT | MPPE_128BIT)) != 0)
+ {
+ ccp_options *wo = &ccp_wantoptions[f->unit];
+ /* not sure what they want, tell 'em what we got */
+ p[2] &= MPPE_STATELESS;
+ p[3] &= 0;
+ p[4] &= 0;
+ p[5] &= MPPE_40BIT | MPPE_128BIT;
+ if(wo->mppe_40)
+ p[5] |= MPPE_40BIT;
+ if(wo->mppe_128)
+ p[5] |= MPPE_128BIT;
+ newret = CONFNAK;
+ }
+
+ if((newret == CONFACK) || (newret == CONFNAK))
+ {
+ /*
+ * The kernel ppp driver needs the session key
+ * which is not sent via CCP :(
+ */
+ unsigned int keysize;
+ unsigned char opt_buf[64];
+ opt_buf[0] = CI_MPPE;
+ opt_buf[1] = CILEN_MPPE;
+ opt_buf[2] = ((p[2] & MPPE_STATELESS) ? 1 : 0);
+ /* push in our send/receive keys */
+ if(p[5] & MPPE_40BIT) {
+ ho->mppe_40 = 1;
+ keysize = 8;
+ BCOPY(mppe_master_send_key_40, opt_buf+3, keysize);
+ BCOPY(mppe_master_recv_key_40, opt_buf+11, keysize);
+ } else if(p[5] & MPPE_128BIT) {
+ ho->mppe_128 = 1;
+ keysize = 16;
+ BCOPY(mppe_master_send_key_128, opt_buf+3, keysize);
+ BCOPY(mppe_master_recv_key_128, opt_buf+19, keysize);
+ } else {
+ ho->mppe = 0;
+ newret = CONFREJ;
+ break;
+ }
+ /* call ioctl and pass this nasty stuff to the kernel */
+ if (ccp_test(f->unit, opt_buf, (2*keysize)+3, 1) <= 0){
+ ho->mppe = 0;
+ newret = CONFREJ;
+ break;
+ }
+ }
+ break;
+#endif /* MPPE */
case CI_BSD_COMPRESS:
if (!ao->bsd_compress || clen != CILEN_BSD_COMPRESS) {
newret = CONFREJ;
@@ -996,6 +1204,28 @@
(opt->method == CI_DEFLATE_DRAFT? "(old#)": ""),
opt->deflate_size);
break;
+#ifdef MPPE
+ case CI_MPPE:
+ if (opt->mppe_40) {
+ if (opt->mppe_stateless) {
+ return "MPPE 40 bit, stateless";
+ } else {
+ return "MPPE 40 bit, non-stateless";
+ }
+ } else if (opt->mppe_128) {
+ if (opt->mppe_stateless) {
+ return "MPPE 128 bit, stateless";
+ } else {
+ return "MPPE 128 bit, non-stateless";
+ }
+ } else {
+ if (opt->mppe_stateless) {
+ return "MPPE unknown strength, stateless";
+ } else {
+ return "MPPE unknown strength, stateless";
+ }
+ }
+#endif
case CI_BSD_COMPRESS:
if (opt2 != NULL && opt2->bsd_bits != opt->bsd_bits)
slprintf(result, sizeof(result), "BSD-Compress (%d/%d)",
@@ -1134,6 +1364,14 @@
p += CILEN_PREDICTOR_1;
}
break;
+#ifdef MPPE
+ case CI_MPPE:
+ if (optlen >= CILEN_MPPE) {
+ printer(arg, "mppe %x %x %x %x",p[2],p[3],p[4],p[5]);
+ p += CILEN_MPPE;
+ }
+ break;
+#endif
case CI_PREDICTOR_2:
if (optlen >= CILEN_PREDICTOR_2) {
printer(arg, "predictor 2");
@@ -1193,6 +1431,11 @@
error("Lost compression sync: disabling compression");
ccp_close(unit, "Lost compression sync");
} else {
+#ifdef MPPE
+ /* MPPE/MPPC does not requires CCP_RESETREQ */
+ if (ccp_gotoptions[f->unit].method == CI_MPPE)
+ return;
+#endif
/*
* Send a reset-request to reset the peer's compressor.
* We don't do that if we are still waiting for an

24
net/ppp-mppe/patches/patch-be Normal file
View file

@ -0,0 +1,24 @@
$NetBSD: patch-be,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/ccp.h Fri Nov 6 22:58:11 1998
+++ pppd/ccp.h Tue Jun 22 15:27:31 1999
@@ -34,6 +34,10 @@
bool predictor_2; /* do Predictor-2? */
bool deflate_correct; /* use correct code for deflate? */
bool deflate_draft; /* use draft RFC code for deflate? */
+ bool mppe; /* do M$ encryption? */
+ bool mppe_40; /* allow 40 bit encryption */
+ bool mppe_128; /* allow 128 bit encryption */
+ bool mppe_stateless; /* allow stateless encryption */
u_short bsd_bits; /* # bits/code for BSD Compress */
u_short deflate_size; /* lg(window size) for Deflate */
short method; /* code for chosen compression method */
@@ -46,3 +50,8 @@
extern ccp_options ccp_hisoptions[];
extern struct protent ccp_protent;
+
+#ifdef MPPE
+size_t mppe_generate_session_key(char *optbuf);
+#endif
+

206
net/ppp-mppe/patches/patch-bf Normal file
View file

@ -0,0 +1,206 @@
$NetBSD: patch-bf,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/chap.c.orig Fri Aug 13 02:46:11 1999
+++ pppd/chap.c Sat Sep 25 13:23:26 1999
@@ -47,6 +47,8 @@
#include "pppd.h"
#include "chap.h"
#include "md5.h"
+#include "fsm.h"
+#include "lcp.h"
#ifdef CHAPMS
#include "chap_ms.h"
#endif
@@ -113,7 +115,7 @@
static void ChapSendStatus __P((chap_state *, int));
static void ChapSendChallenge __P((chap_state *));
static void ChapSendResponse __P((chap_state *));
-static void ChapGenChallenge __P((chap_state *));
+void ChapGenChallenge __P((chap_state *));
extern double drand48 __P((void));
extern void srand48 __P((long));
@@ -460,6 +462,7 @@
switch (cstate->resp_type) {
case CHAP_DIGEST_MD5:
+ CHAPDEBUG(("ChapReceiveChallenge: rcvd type CHAP-DIGEST-MD5"));
MD5Init(&mdContext);
MD5Update(&mdContext, &cstate->resp_id, 1);
MD5Update(&mdContext, secret, secret_len);
@@ -471,8 +474,24 @@
#ifdef CHAPMS
case CHAP_MICROSOFT:
+ CHAPDEBUG(("ChapReceiveChallenge: rcvd type MS-CHAP-V1."));
+ if(rchallenge_len != 8)
+ {
+ CHAPDEBUG(("Invalid challenge length for MS-CHAP-V1"));
+ return;
+ }
ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len);
break;
+
+ case CHAP_MICROSOFT_V2:
+ CHAPDEBUG(("ChapReceiveChallenge: rcvd type MS-CHAP-V2."));
+ if(rchallenge_len != 16)
+ {
+ CHAPDEBUG(("Invalid challenge length for MS-CHAP-V2"));
+ return;
+ }
+ ChapMS_v2(cstate, rchallenge, rchallenge_len, secret, secret_len);
+ break;
#endif
default:
@@ -560,7 +579,8 @@
/* generate MD based on negotiated type */
switch (cstate->chal_type) {
- case CHAP_DIGEST_MD5: /* only MD5 is defined for now */
+ case CHAP_DIGEST_MD5:
+ CHAPDEBUG(("ChapReceiveResponse: rcvd type CHAP-DIGEST-MD5"));
if (remmd_len != MD5_SIGNATURE_SIZE)
break; /* it's not even the right length */
MD5Init(&mdContext);
@@ -574,6 +594,27 @@
code = CHAP_SUCCESS; /* they are the same! */
break;
+#ifdef CHAPMS
+ case CHAP_MICROSOFT:
+ CHAPDEBUG(("ChapReceiveResponse: rcvd type MS-CHAP-V1"));
+ if(remmd_len != MS_CHAP_RESPONSE_LEN)
+ break;
+ if(ChapMS_Resp(cstate, secret, secret_len, remmd) == 0)
+ code = CHAP_SUCCESS;
+ break;
+
+ case CHAP_MICROSOFT_V2:
+ CHAPDEBUG(("ChapReceiveResponse: rcvd type MS-CHAP-V2"));
+ if(remmd_len != MS_CHAP_RESPONSE_LEN)
+ break;
+ if(ChapMS_v2_Resp(cstate,secret,secret_len,remmd,rhostname) == 0)
+ {
+ code = CHAP_SUCCESS_R;
+ ChapMS_v2_Auth(cstate, secret, secret_len, remmd, rhostname);
+ }
+ break;
+#endif
+
default:
CHAPDEBUG(("unknown digest type %d", cstate->chal_type));
}
@@ -582,7 +623,7 @@
BZERO(secret, sizeof(secret));
ChapSendStatus(cstate, code);
- if (code == CHAP_SUCCESS) {
+ if ((code == CHAP_SUCCESS) || (code == CHAP_SUCCESS_R)) {
old_state = cstate->serverstate;
cstate->serverstate = CHAPSS_OPEN;
if (old_state == CHAPSS_INITIAL_CHAL) {
@@ -590,10 +631,43 @@
}
if (cstate->chal_interval != 0)
TIMEOUT(ChapRechallenge, cstate, cstate->chal_interval);
- notice("CHAP peer authentication succeeded for %q", rhostname);
-
+ switch (cstate->chal_type) {
+ case CHAP_DIGEST_MD5:
+ notice("CHAP peer authentication succeeded for %q", rhostname);
+ break;
+#ifdef CHAPMS
+ case CHAP_MICROSOFT:
+ notice("MSCHAP peer authentication succeeded for %q", rhostname);
+ break;
+ case CHAP_MICROSOFT_V2:
+ notice("MSCHAP-v2 peer authentication succeeded for %q", rhostname);
+ break;
+#endif
+ default:
+ notice("CHAP (unknown) peer authentication succeeded for %q",
+ rhostname);
+ break;
+ }
} else {
- error("CHAP peer authentication failed for remote host %q", rhostname);
+ switch (cstate->chal_type) {
+ case CHAP_DIGEST_MD5:
+ error("CHAP peer authentication failed for remote host %q",
+ rhostname);
+ break;
+#ifdef CHAPMS
+ case CHAP_MICROSOFT:
+ error("MSCHAP peer authentication failed for remote host %q",
+ rhostname);
+ break;
+ case CHAP_MICROSOFT_V2:
+ error("MSCHAP-v2 peer authentication failed for remote host %q",
+ rhostname);
+ break;
+#endif
+ default:
+ error("CHAP (unknown) peer authentication failed for remote host %q", rhostname);
+ break;
+ }
cstate->serverstate = CHAPSS_BADAUTH;
auth_peer_fail(cstate->unit, PPP_CHAP);
}
@@ -712,6 +786,8 @@
if (code == CHAP_SUCCESS)
slprintf(msg, sizeof(msg), "Welcome to %s.", hostname);
+ else if(code == CHAP_SUCCESS_R)
+ strcpy(msg, cstate->response);
else
slprintf(msg, sizeof(msg), "I don't like you. Go 'way.");
msglen = strlen(msg);
@@ -721,7 +797,7 @@
MAKEHEADER(outp, PPP_CHAP); /* paste in a header */
- PUTCHAR(code, outp);
+ PUTCHAR(code == CHAP_SUCCESS_R ? CHAP_SUCCESS : code, outp);
PUTCHAR(cstate->chal_id, outp);
PUTSHORT(outlen, outp);
BCOPY(msg, outp, msglen);
@@ -735,7 +811,7 @@
* *cstate are initialized.
*/
-static void
+void
ChapGenChallenge(cstate)
chap_state *cstate;
{
@@ -743,6 +819,14 @@
u_char *ptr = cstate->challenge;
unsigned int i;
+#ifdef CHAPMS
+ if(cstate->chal_type == CHAP_MICROSOFT)
+ chal_len = 8;
+ else if(cstate->chal_type == CHAP_MICROSOFT_V2)
+ chal_len = 16;
+ else
+#endif
+
/* pick a random challenge length between MIN_CHALLENGE_LENGTH and
MAX_CHALLENGE_LENGTH */
chal_len = (unsigned) ((drand48() *
@@ -857,4 +941,14 @@
}
return len + CHAP_HEADERLEN;
+}
+
+int
+reqchap(argv)
+ char **argv;
+{
+ lcp_wantoptions[0].neg_chap = 1;
+ lcp_wantoptions[0].use_digest = 1;
+ auth_required = 1;
+ return 1;
}

28
net/ppp-mppe/patches/patch-bg Normal file
View file

@ -0,0 +1,28 @@
$NetBSD: patch-bg,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/chap.h Fri Nov 6 22:55:38 1998
+++ pppd/chap.h Thu Jun 24 13:06:30 1999
@@ -46,11 +46,13 @@
#define MD5_SIGNATURE_SIZE 16 /* 16 bytes in a MD5 message digest */
#define CHAP_MICROSOFT 0x80 /* use Microsoft-compatible alg. */
#define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */
+#define CHAP_MICROSOFT_V2 0x81 /* use MS-CHAP v2 */
#define CHAP_CHALLENGE 1
#define CHAP_RESPONSE 2
#define CHAP_SUCCESS 3
#define CHAP_FAILURE 4
+#define CHAP_SUCCESS_R 13 /* Send response, not text message */
/*
* Challenge lengths (for challenges we send) and other limits.
@@ -117,6 +119,9 @@
void ChapAuthWithPeer __P((int, char *, int));
void ChapAuthPeer __P((int, char *, int));
+void ChapGenChallenge __P((chap_state *));
+
+int reqchap(char **);
extern struct protent chap_protent;

470
net/ppp-mppe/patches/patch-bh Normal file
View file

@ -0,0 +1,470 @@
$NetBSD$
--- pppd/chap_ms.c Mon Mar 15 19:14:24 1999
+++ pppd/chap_ms.c Thu Jun 24 16:05:42 1999
@@ -31,4 +31,12 @@
* You should also use DOMAIN\\USERNAME as described in README.MSCHAP80
*/
+
+/*
+ * Mods by Tim Hockin, Cobalt Networks Inc. <thockin@cobaltnet.com> June 1999
+ *
+ * Cleanup, fixes and major reorganization.
+ * Migrated all MPPE code to mppe.c, shared crypto code to extra_crypto.c
+ *
+ */
#ifndef lint
@@ -51,11 +59,13 @@
#include "pppd.h"
#include "chap.h"
#include "chap_ms.h"
-#include "md4.h"
-
-#ifndef USE_CRYPT
-#include <des.h>
+#include "sha.h"
+#include "fsm.h"
+#include "lcp.h"
+#ifdef MPPE
+#include "mppe.h"
#endif
+#include "extra_crypto.h"
typedef struct {
u_char LANManResp[24];
@@ -65,21 +75,19 @@
/* We use MS_CHAP_RESPONSE_LEN, rather than sizeof(MS_ChapResponse),
in case this struct gets padded. */
+typedef struct {
+ u_char PeerChallenge[16];
+ u_char Reserved[8];
+ u_char NTResp[24];
+ u_char Flags;
+} MS_ChapResponse_v2;
static void ChallengeResponse __P((u_char *, u_char *, u_char *));
-static void DesEncrypt __P((u_char *, u_char *, u_char *));
-static void MakeKey __P((u_char *, u_char *));
-static u_char Get7Bits __P((u_char *, int));
static void ChapMS_NT __P((char *, int, char *, int, MS_ChapResponse *));
#ifdef MSLANMAN
static void ChapMS_LANMan __P((char *, int, char *, int, MS_ChapResponse *));
#endif
-#ifdef USE_CRYPT
-static void Expand __P((u_char *, u_char *));
-static void Collapse __P((u_char *, u_char *));
-#endif
-
#ifdef MSLANMAN
bool ms_lanman = 0; /* Use LanMan password instead of NT */
/* Has meaning only with MS-CHAP challenges */
@@ -110,142 +118,6 @@
#endif
}
-
-#ifdef USE_CRYPT
-static void
-DesEncrypt(clear, key, cipher)
- u_char *clear; /* IN 8 octets */
- u_char *key; /* IN 7 octets */
- u_char *cipher; /* OUT 8 octets */
-{
- u_char des_key[8];
- u_char crypt_key[66];
- u_char des_input[66];
-
- MakeKey(key, des_key);
-
- Expand(des_key, crypt_key);
- setkey(crypt_key);
-
-#if 0
- CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet input : %.8B", clear));
-#endif
-
- Expand(clear, des_input);
- encrypt(des_input, 0);
- Collapse(des_input, cipher);
-
-#if 0
- CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet output: %.8B", cipher));
-#endif
-}
-
-#else /* USE_CRYPT */
-
-static void
-DesEncrypt(clear, key, cipher)
- u_char *clear; /* IN 8 octets */
- u_char *key; /* IN 7 octets */
- u_char *cipher; /* OUT 8 octets */
-{
- des_cblock des_key;
- des_key_schedule key_schedule;
-
- MakeKey(key, des_key);
-
- des_set_key(&des_key, key_schedule);
-
-#if 0
- CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet input : %.8B", clear));
-#endif
-
- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, key_schedule, 1);
-
-#if 0
- CHAPDEBUG((LOG_INFO, "DesEncrypt: 8 octet output: %.8B", cipher));
-#endif
-}
-
-#endif /* USE_CRYPT */
-
-
-static u_char Get7Bits(input, startBit)
- u_char *input;
- int startBit;
-{
- register unsigned int word;
-
- word = (unsigned)input[startBit / 8] << 8;
- word |= (unsigned)input[startBit / 8 + 1];
-
- word >>= 15 - (startBit % 8 + 7);
-
- return word & 0xFE;
-}
-
-#ifdef USE_CRYPT
-
-/* in == 8-byte string (expanded version of the 56-bit key)
- * out == 64-byte string where each byte is either 1 or 0
- * Note that the low-order "bit" is always ignored by by setkey()
- */
-static void Expand(in, out)
- u_char *in;
- u_char *out;
-{
- int j, c;
- int i;
-
- for(i = 0; i < 64; in++){
- c = *in;
- for(j = 7; j >= 0; j--)
- *out++ = (c >> j) & 01;
- i += 8;
- }
-}
-
-/* The inverse of Expand
- */
-static void Collapse(in, out)
- u_char *in;
- u_char *out;
-{
- int j;
- int i;
- unsigned int c;
-
- for (i = 0; i < 64; i += 8, out++) {
- c = 0;
- for (j = 7; j >= 0; j--, in++)
- c |= *in << j;
- *out = c & 0xff;
- }
-}
-#endif
-
-static void MakeKey(key, des_key)
- u_char *key; /* IN 56 bit DES key missing parity bits */
- u_char *des_key; /* OUT 64 bit DES key with parity bits added */
-{
- des_key[0] = Get7Bits(key, 0);
- des_key[1] = Get7Bits(key, 7);
- des_key[2] = Get7Bits(key, 14);
- des_key[3] = Get7Bits(key, 21);
- des_key[4] = Get7Bits(key, 28);
- des_key[5] = Get7Bits(key, 35);
- des_key[6] = Get7Bits(key, 42);
- des_key[7] = Get7Bits(key, 49);
-
-#ifndef USE_CRYPT
- des_set_odd_parity((des_cblock *)des_key);
-#endif
-
-#if 0
- CHAPDEBUG((LOG_INFO, "MakeKey: 56-bit input : %.7B", key));
- CHAPDEBUG((LOG_INFO, "MakeKey: 64-bit output: %.8B", des_key));
-#endif
-}
-
static void
ChapMS_NT(rchallenge, rchallenge_len, secret, secret_len, response)
char *rchallenge;
@@ -254,34 +126,13 @@
int secret_len;
MS_ChapResponse *response;
{
- int i;
-#ifdef __NetBSD__
- /* NetBSD uses the libc md4 routines which take bytes instead of bits */
- int mdlen = secret_len * 2;
-#else
- int mdlen = secret_len * 2 * 8;
-#endif
- MD4_CTX md4Context;
u_char hash[MD4_SIGNATURE_SIZE];
- u_char unicodePassword[MAX_NT_PASSWORD * 2];
-
- /* Initialize the Unicode version of the secret (== password). */
- /* This implicitly supports 8-bit ISO8859/1 characters. */
- BZERO(unicodePassword, sizeof(unicodePassword));
- for (i = 0; i < secret_len; i++)
- unicodePassword[i * 2] = (u_char)secret[i];
-
- MD4Init(&md4Context);
- MD4Update(&md4Context, unicodePassword, mdlen);
-
- MD4Final(hash, &md4Context); /* Tell MD4 we're done */
+ NtPasswordHash(secret, secret_len, hash);
ChallengeResponse(rchallenge, hash, response->NTResp);
}
#ifdef MSLANMAN
-static u_char *StdText = (u_char *)"KGS!@#$%"; /* key from rasapi32.dll */
-
static void
ChapMS_LANMan(rchallenge, rchallenge_len, secret, secret_len, response)
char *rchallenge;
@@ -290,16 +141,9 @@
int secret_len;
MS_ChapResponse *response;
{
- int i;
- u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */
u_char PasswordHash[MD4_SIGNATURE_SIZE];
- /* LANMan password is case insensitive */
- BZERO(UcasePassword, sizeof(UcasePassword));
- for (i = 0; i < secret_len; i++)
- UcasePassword[i] = (u_char)toupper(secret[i]);
- DesEncrypt( StdText, UcasePassword + 0, PasswordHash + 0 );
- DesEncrypt( StdText, UcasePassword + 7, PasswordHash + 8 );
+ LmPasswordHash(secret, secret_len, PasswordHash);
ChallengeResponse(rchallenge, PasswordHash, response->LANManResp);
}
#endif
@@ -331,8 +175,209 @@
response.UseNT = 1;
#endif
+#ifdef MPPE
+ mppe_gen_master_key(secret, secret_len, rchallenge);
+#endif
BCOPY(&response, cstate->response, MS_CHAP_RESPONSE_LEN);
cstate->resp_length = MS_CHAP_RESPONSE_LEN;
+}
+
+int
+ChapMS_Resp(cstate, secret, secret_len, remmd)
+ chap_state *cstate;
+ char *secret;
+ int secret_len;
+ u_char *remmd;
+{
+ MS_ChapResponse local;
+ MS_ChapResponse *response = (MS_ChapResponse *)remmd;
+ int i;
+
+ BZERO(&local, sizeof(response));
+
+ if(response->UseNT)
+ {
+ ChapMS_NT(cstate->challenge,cstate->chal_len, secret, secret_len, &local);
+ i = memcmp(local.NTResp, response->NTResp, sizeof(local.NTResp));
+
+#ifdef MPPE
+ if(i == 0)
+ mppe_gen_master_key(secret, secret_len, cstate->challenge);
+#endif
+ return(i);
+ }
+
+#ifdef MSLANMAN
+ ChapMS_LANMan(cstate->challenge, cstate->chal_len, secret, secret_len,
+ &local);
+ if(memcmp(local.LANManResp, response->LANManResp,
+ sizeof(local.LANManResp)) == 0) {
+#ifdef MPPE
+ mppe_gen_master_key(secret, secret_len, cstate->challenge);
+#endif
+ return(0);
+ }
+#endif /* MSLANMAN */
+ return(1);
+}
+
+void
+ChallengeHash(PeerChallenge, AuthenticatorChallenge, UserName, Challenge)
+ char *PeerChallenge;
+ char *AuthenticatorChallenge;
+ char *UserName;
+ char *Challenge;
+{
+ SHA_CTX Context;
+ u_char Digest[SHA_DIGEST_LENGTH];
+ char *username;
+
+ if((username = strrchr(UserName, '\\')) != (char *)NULL)
+ ++username;
+ else
+ username = UserName;
+ SHA1_Init(&Context);
+ SHA1_Update(&Context, PeerChallenge, 16);
+ SHA1_Update(&Context, AuthenticatorChallenge, 16);
+ SHA1_Update(&Context, username, strlen(username));
+ SHA1_Final(Digest, &Context);
+ BCOPY(Digest, Challenge, 8);
+}
+
+void
+ChapMS_v2(cstate, AuthenticatorChallenge, AuthenticatorChallengeLen, Password, PasswordLen)
+ chap_state *cstate;
+ char *AuthenticatorChallenge;
+ int AuthenticatorChallengeLen;
+ char *Password;
+ int PasswordLen;
+{
+ u_char Challenge[8];
+ u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ MS_ChapResponse_v2 response;
+
+ BZERO(&response, sizeof(response));
+ ChapGenChallenge(cstate);
+ BCOPY(cstate->challenge, response.PeerChallenge,
+ sizeof(response.PeerChallenge));
+ ChallengeHash(response.PeerChallenge, AuthenticatorChallenge,
+ cstate->resp_name, Challenge);
+ NtPasswordHash(Password, PasswordLen, PasswordHash);
+ ChallengeResponse(Challenge, PasswordHash, response.NTResp);
+ BCOPY(&response, cstate->response, MS_CHAP_RESPONSE_LEN);
+ cstate->resp_length = MS_CHAP_RESPONSE_LEN;
+#ifdef MPPE
+ mppe_gen_master_key_v2(Password, PasswordLen, response.NTResp, 0);
+#endif
+}
+
+int
+ChapMS_v2_Resp(cstate, Password, PasswordLen, remmd, UserName)
+ chap_state *cstate;
+ char *Password;
+ int PasswordLen;
+ u_char *remmd;
+ char *UserName;
+{
+ u_char Challenge[8];
+ u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ MS_ChapResponse_v2 response, response1;
+ int i;
+
+ BCOPY(remmd, &response, MS_CHAP_RESPONSE_LEN);
+ ChallengeHash(response.PeerChallenge,cstate->challenge,UserName,Challenge);
+ NtPasswordHash(Password, PasswordLen, PasswordHash);
+ ChallengeResponse(Challenge, PasswordHash, response1.NTResp);
+ i = memcmp(response.NTResp, response1.NTResp, sizeof(response.NTResp));
+#ifdef MPPE
+ if(i == 0)
+ mppe_gen_master_key_v2(Password, PasswordLen, response1.NTResp, 1);
+#endif
+ return(i);
+}
+
+void
+ChapMS_v2_Auth(cstate, Password, PasswordLen, remmd, UserName)
+ chap_state *cstate;
+ char *Password;
+ int PasswordLen;
+ u_char *remmd;
+ char *UserName;
+{
+ u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
+ u_char Challenge[8];
+ static char Magic1[] = "Magic server to client signing constant";
+ static char Magic2[] = "Pad to make it do more than one iteration";
+
+ SHA_CTX Context;
+ u_char Digest[SHA_DIGEST_LENGTH];
+ MS_ChapResponse_v2 *response = (MS_ChapResponse_v2 *)remmd;
+ char StrResponse[SHA_DIGEST_LENGTH * 2 + 3], *s;
+ int i;
+ static char HexDigs[] = "0123456789ABCDEF";
+
+ NtPasswordHash(Password, PasswordLen, PasswordHash);
+ md4(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
+
+ SHA1_Init(&Context);
+ SHA1_Update(&Context, PasswordHashHash, 16);
+ SHA1_Update(&Context, response->NTResp, 24);
+ SHA1_Update(&Context, Magic1, sizeof(Magic1) - 1);
+ SHA1_Final(Digest, &Context);
+
+ ChallengeHash(response->PeerChallenge,cstate->challenge,UserName,Challenge);
+
+ SHA1_Init(&Context);
+ SHA1_Update(&Context, Digest, SHA_DIGEST_LENGTH);
+ SHA1_Update(&Context, Challenge, 8);
+ SHA1_Update(&Context, Magic2, sizeof(Magic2) - 1);
+ SHA1_Final(Digest, &Context);
+ s = strcpy(StrResponse, "S=")+2;
+ for(i = 0; i < SHA_DIGEST_LENGTH; ++i) {
+ *s++ = HexDigs[Digest[i] >> 4];
+ *s++ = HexDigs[Digest[i] & 0x0F];
+ }
+ *s = '\0';
+ BCOPY(StrResponse, cstate->response, sizeof(StrResponse));
+ cstate->resp_length = sizeof(StrResponse) - 1;
+}
+
+/*
+ * functions called from config options
+ */
+int
+reqchapms(char **argv)
+{
+ lcp_wantoptions[0].neg_chap = 1;
+ lcp_wantoptions[0].use_chapms = 1;
+ auth_required = 1;
+
+ return 1;
+}
+
+int
+nochapms(char **argv)
+{
+ lcp_wantoptions[0].use_chapms = 0;
+ return 1;
+}
+
+int
+reqchapms_v2(char **argv)
+{
+ lcp_wantoptions[0].neg_chap = 1;
+ lcp_wantoptions[0].use_chapms_v2 = 1;
+ auth_required = 1;
+
+ return 1;
+}
+
+int
+nochapms_v2(char **argv)
+{
+ lcp_wantoptions[0].use_chapms_v2 = 0;
+ return 1;
}
#endif /* CHAPMS */

24
net/ppp-mppe/patches/patch-bi Normal file
View file

@ -0,0 +1,24 @@
$NetBSD: patch-bi,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/chap_ms.h Fri Nov 6 22:55:39 1998
+++ pppd/chap_ms.h Tue Jun 22 18:52:12 1999
@@ -24,10 +24,16 @@
#ifndef __CHAPMS_INCLUDE__
-#define MD4_SIGNATURE_SIZE 16 /* 16 bytes in a MD4 message digest */
-#define MAX_NT_PASSWORD 256 /* Maximum number of (Unicode) chars in an NT password */
-
void ChapMS __P((chap_state *, char *, int, char *, int));
+int ChapMS_Resp __P((chap_state *, char *, int, u_char *));
+void ChapMS_v2 __P((chap_state *, char *, int, char *, int));
+int ChapMS_v2_Resp __P((chap_state *, char *, int, u_char *, char *));
+void ChapMS_v2_Auth __P((chap_state *, char *, int, u_char *, char *));
+
+int reqchapms(char **);
+int nochapms(char **);
+int reqchapms_v2(char **);
+int nochapms_v2(char **);
#define __CHAPMS_INCLUDE__
#endif /* __CHAPMS_INCLUDE__ */

167
net/ppp-mppe/patches/patch-bj Normal file
View file

@ -0,0 +1,167 @@
$NetBSD: patch-bj,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/extra_crypto.c Wed Dec 31 16:00:00 1969
+++ pppd/extra_crypto.c Thu Jun 24 16:05:42 1999
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) Tim Hockin, Cobalt Networks Inc. and others
+ *
+ * crypto routines used by multiple c files
+ */
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include "extra_crypto.h"
+#include "pppd.h"
+#include "md4.h"
+#ifndef USE_CRYPT
+#include <des.h>
+#endif
+
+/* quick wrapper for easy md4 */
+void
+md4(unsigned char *from, int from_len, unsigned char *to)
+{
+ MD4_CTX Context;
+
+#ifndef __NetBSD__
+ from_len <<= 3; /* bytes->bits */
+#endif
+
+ MD4Init(&Context);
+ MD4Update(&Context, from, from_len);
+ MD4Final(to, &Context);
+}
+
+
+/* Microsoft LANMAN Password hashing */
+static u_char *MSStdText = (u_char *)"KGS!@#$%"; /* key from rasapi32.dll */
+
+void
+LmPasswordHash(char *password, int len, char *hash)
+{
+ int i;
+ u_char up_pass[MAX_NT_PASSWORD]; /* max is actually 14 */
+
+ /* LANMan password is case insensitive */
+ BZERO(up_pass, sizeof(up_pass));
+ for (i = 0; i < len; i++)
+ up_pass[i] = (u_char)toupper(up_pass[i]);
+ DesEncrypt(MSStdText, up_pass + 0, hash + 0);
+ DesEncrypt(MSStdText, up_pass + 7, hash + 8);
+}
+
+void
+NtPasswordHash(char *secret, int secret_len, unsigned char *hash)
+{
+ int i;
+ u_char unicodePassword[MAX_NT_PASSWORD * 2];
+
+ /* Initialize the Unicode version of the secret (== password). */
+ /* This implicitly supports 8-bit ISO8859/1 characters. */
+ BZERO(unicodePassword, sizeof(unicodePassword));
+ for (i = 0; i < secret_len; i++)
+ unicodePassword[i * 2] = (u_char)secret[i];
+
+ /* Unicode is 2 bytes per char */
+ md4(unicodePassword, secret_len * 2, hash);
+}
+
+
+static u_char Get7Bits(unsigned char *input, int startBit)
+{
+ register unsigned int word;
+
+ word = (unsigned)input[startBit / 8] << 8;
+ word |= (unsigned)input[startBit / 8 + 1];
+
+ word >>= 15 - (startBit % 8 + 7);
+
+ return word & 0xFE;
+}
+
+
+static void MakeKey(unsigned char *key, unsigned char *des_key)
+{
+ des_key[0] = Get7Bits(key, 0);
+ des_key[1] = Get7Bits(key, 7);
+ des_key[2] = Get7Bits(key, 14);
+ des_key[3] = Get7Bits(key, 21);
+ des_key[4] = Get7Bits(key, 28);
+ des_key[5] = Get7Bits(key, 35);
+ des_key[6] = Get7Bits(key, 42);
+ des_key[7] = Get7Bits(key, 49);
+
+#ifndef USE_CRYPT
+ des_set_odd_parity((des_cblock *)des_key);
+#endif
+}
+
+
+#ifdef USE_CRYPT
+/* in == 8-byte string (expanded version of the 56-bit key)
+ * out == 64-byte string where each byte is either 1 or 0
+ * Note that the low-order "bit" is always ignored by by setkey()
+ */
+static void Expand(unsigned char *in, unsigned char *out)
+{
+ int j, c;
+ int i;
+
+ for(i = 0; i < 64; in++){
+ c = *in;
+ for(j = 7; j >= 0; j--)
+ *out++ = (c >> j) & 01;
+ i += 8;
+ }
+}
+
+/* The inverse of Expand
+ */
+static void Collapse(unsigned char *in, unsigned char *out)
+{
+ int j;
+ int i;
+ unsigned int c;
+
+ for (i = 0; i < 64; i += 8, out++) {
+ c = 0;
+ for (j = 7; j >= 0; j--, in++)
+ c |= *in << j;
+ *out = c & 0xff;
+ }
+}
+void
+DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher)
+{
+ u_char des_key[8];
+ u_char crypt_key[66];
+ u_char des_input[66];
+
+ MakeKey(key, des_key);
+
+ Expand(des_key, crypt_key);
+ setkey(crypt_key);
+
+ Expand(clear, des_input);
+ encrypt(des_input, 0);
+ Collapse(des_input, cipher);
+}
+#else /* don't USE_CRYPT */
+void
+DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher)
+{
+ des_cblock des_key;
+ des_key_schedule key_schedule;
+
+ MakeKey(key, des_key);
+
+ des_set_key(&des_key, key_schedule);
+
+ des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, key_schedule, 1);
+}
+#endif /* USE_CRYPT */
+
+

21
net/ppp-mppe/patches/patch-bk Normal file
View file

@ -0,0 +1,21 @@
$NetBSD: patch-bk,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/extra_crypto.h Wed Dec 31 16:00:00 1969
+++ pppd/extra_crypto.h Tue Jun 22 13:52:28 1999
@@ -0,0 +1,16 @@
+#ifndef __EXTRA_CRYPTO_INCLUDE__
+/*
+ * This is just a bunch of crypto routines that are needed by more than one
+ * piece of functionality, so they were broken out
+ */
+
+void md4 __P((unsigned char *, int, unsigned char *));
+void LmPasswordHash __P((char *, int, char *));
+void NtPasswordHash __P((char *, int, unsigned char *));
+void DesEncrypt __P((unsigned char *, unsigned char *, unsigned char *));
+
+#define MAX_NT_PASSWORD 256 /* Max len of a (Unicode) NT passwd */
+#define MD4_SIGNATURE_SIZE 16 /* 16 bytes in a MD4 message digest */
+
+#define __EXTRA_CRYPTO_INCLUDE__
+#endif /* __EXTRA_CRYPTO_INCLUDE__ */

43
net/ppp-mppe/patches/patch-bl Normal file
View file

@ -0,0 +1,43 @@
$NetBSD: patch-bl,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/ipcp.c.orig Fri Aug 13 02:46:12 1999
+++ pppd/ipcp.c Sat Sep 25 13:48:29 1999
@@ -121,6 +121,8 @@
"Don't use name for default IP adrs", 1 },
{ "ms-dns", 1, setdnsaddr,
"DNS address for the peer's use" },
+ { "dns-addr", 1, setdnsaddr,
+ "DNS address for the peer's use" },
{ "ms-wins", 1, setwinsaddr,
"Nameserver for SMB over TCP/IP for peer" },
{ "ipcp-restart", o_int, &ipcp_fsm[0].timeouttime,
@@ -1057,6 +1059,14 @@
*/
GETLONG(tl, p); /* Parse source address (his) */
ciaddr1 = htonl(tl);
+#ifdef DYNAMIC
+ if(!auth_ip_addr(f->unit, ciaddr1))
+ if(get_ip_addr_dynamic(f->unit, &tl))
+ {
+ wo->hisaddr = tl;
+ ciaddr1 = 0;
+ }
+#endif
if (ciaddr1 != wo->hisaddr
&& (ciaddr1 == 0 || !wo->accept_remote)) {
orc = CONFNAK;
@@ -1114,6 +1124,14 @@
*/
GETLONG(tl, p); /* Parse source address (his) */
ciaddr1 = htonl(tl);
+#ifdef DYNAMIC
+ if(!auth_ip_addr(f->unit, ciaddr1))
+ if(get_ip_addr_dynamic(f->unit, &tl))
+ {
+ wo->hisaddr = tl;
+ ciaddr1 = 0;
+ }
+#endif
if (ciaddr1 != wo->hisaddr
&& (ciaddr1 == 0 || !wo->accept_remote)) {
orc = CONFNAK;

207
net/ppp-mppe/patches/patch-bm Normal file
View file

@ -0,0 +1,207 @@
$NetBSD: patch-bm,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/lcp.c.orig Wed May 12 17:33:32 1999
+++ pppd/lcp.c Thu Jun 24 16:05:42 1999
@@ -35,6 +35,8 @@
#include "chap.h"
#include "magic.h"
+extern bool refuse_chap;
+
/*
* LCP-related command-line options.
*/
@@ -277,19 +279,47 @@
wo->asyncmap = 0;
wo->neg_chap = 0; /* Set to 1 on server */
wo->neg_upap = 0; /* Set to 1 on server */
- wo->chap_mdtype = CHAP_DIGEST_MD5;
+ wo->use_digest = 1;
+#ifdef CHAPMS
+ if(wo->use_chapms_v2)
+ wo->chap_mdtype = CHAP_MICROSOFT_V2;
+ else if(wo->use_chapms)
+ wo->chap_mdtype = CHAP_MICROSOFT;
+ else
+#endif
+ if(wo->use_digest)
+ wo->chap_mdtype = CHAP_DIGEST_MD5;
+ else
+ refuse_chap = 1;
wo->neg_magicnumber = 1;
wo->neg_pcompression = 1;
wo->neg_accompression = 1;
wo->neg_lqr = 0; /* no LQR implementation yet */
+#ifdef CBCP_SUPPORT
+ wo->neg_cbcp = 1;
+#else
wo->neg_cbcp = 0;
+#endif
ao->neg_mru = 1;
ao->mru = MAXMRU;
ao->neg_asyncmap = 1;
ao->asyncmap = 0;
ao->neg_chap = 1;
- ao->chap_mdtype = CHAP_DIGEST_MD5;
+ ao->use_digest = 1;
+#ifdef CHAPMS
+ ao->use_chapms_v2 = ao->use_chapms = 1;
+ if(ao->use_chapms_v2)
+ ao->chap_mdtype = CHAP_MICROSOFT_V2;
+ else if(ao->use_chapms)
+ ao->chap_mdtype = CHAP_MICROSOFT;
+ else
+#else
+ if(ao->use_digest)
+ ao->chap_mdtype = CHAP_DIGEST_MD5;
+ else
+ refuse_chap = 1;
+#endif
ao->neg_upap = 1;
ao->neg_magicnumber = 1;
ao->neg_pcompression = 1;
@@ -557,6 +587,18 @@
* NB: we only ask for one of CHAP and UPAP, even if we will
* accept either.
*/
+#ifdef CHAPMS
+ if(go->use_chapms_v2)
+ go->chap_mdtype = CHAP_MICROSOFT_V2;
+ else if(go->use_chapms)
+ go->chap_mdtype = CHAP_MICROSOFT;
+ else
+#endif
+ if(go->use_digest)
+ go->chap_mdtype = CHAP_DIGEST_MD5;
+ else
+ go->neg_chap = 0;
+
return (LENCISHORT(go->neg_mru && go->mru != DEFMRU) +
LENCILONG(go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) +
LENCICHAP(go->neg_chap) +
@@ -922,7 +964,34 @@
* algorithm. If they can't do MD5, we'll have to stop
* asking for CHAP.
*/
- if (cichar != go->chap_mdtype)
+ if (go->chap_mdtype == CHAP_MICROSOFT_V2)
+ {
+ try.use_chapms_v2 = 0;
+ if(try.use_chapms)
+ try.chap_mdtype = CHAP_MICROSOFT;
+ else if(try.use_digest)
+ try.chap_mdtype = CHAP_DIGEST_MD5;
+ else
+ try.neg_chap = 0;
+ }
+ else if(go->chap_mdtype == CHAP_MICROSOFT)
+ {
+ try.use_chapms = 0;
+ if(try.use_digest)
+ try.chap_mdtype = CHAP_DIGEST_MD5;
+ else
+ try.neg_chap = 0;
+ }
+ else if(go->chap_mdtype == CHAP_DIGEST_MD5)
+ {
+ try.use_digest = 0;
+ try.neg_chap = 0;
+ }
+ else
+ try.neg_chap = 0;
+ if ((cichar != CHAP_MICROSOFT_V2) &&
+ (cichar != CHAP_MICROSOFT) &&
+ (cichar != CHAP_DIGEST_MD5))
try.neg_chap = 0;
} else {
/*
@@ -1133,8 +1202,22 @@
/* Check rejected value. */ \
if (cishort != val || cichar != digest) \
goto bad; \
- try.neg = 0; \
- try.neg_upap = 0; \
+ switch(digest) \
+ { \
+ case CHAP_MICROSOFT_V2: \
+ try.use_chapms_v2 = 0; \
+ break; \
+ case CHAP_MICROSOFT: \
+ try.use_chapms = 0; \
+ break; \
+ case CHAP_DIGEST_MD5: \
+ try.use_digest = 0; \
+ } \
+ if(!try.use_chapms_v2 && !try.use_chapms && !try.use_digest) \
+ { \
+ try.neg = 0; \
+ try.neg_upap = 0; \
+ } \
}
#define REJCILONG(opt, neg, val) \
if (go->neg && \
@@ -1370,9 +1453,10 @@
if (cichar != CHAP_DIGEST_MD5
#ifdef CHAPMS
&& cichar != CHAP_MICROSOFT
+ && cichar != CHAP_MICROSOFT_V2
#endif
) {
- orc = CONFNAK;
+ orc = CONFREJ; /* !!! CONFNAK !!! */
PUTCHAR(CI_AUTHTYPE, nakp);
PUTCHAR(CILEN_CHAP, nakp);
PUTSHORT(PPP_CHAP, nakp);
@@ -1449,6 +1533,23 @@
ho->magicnumber = cilong;
break;
+#ifdef CBCP_SUPPORT
+ case CI_CALLBACK:
+ LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd CBCP"));
+ if (!ao->neg_cbcp ||
+ cilen != CILEN_CHAR) {
+ orc = CONFREJ;
+ break;
+ }
+ GETCHAR(cichar, p);
+ if(cichar != CBCP_OPT)
+ {
+ orc = CONFREJ;
+ break;
+ }
+ ho->neg_cbcp = 1;
+ break;
+#endif
case CI_PCOMPRESSION:
if (!ao->neg_pcompression ||
@@ -1721,20 +1822,23 @@
}
}
break;
+#ifdef CBCP_SUPPORT
case CI_CALLBACK:
- if (olen >= CILEN_CHAR) {
+ if (olen == CILEN_CHAR) {
+ u_char cichar;
p += 2;
printer(arg, "callback ");
- GETCHAR(cishort, p);
- switch (cishort) {
+ GETCHAR(cichar, p);
+ switch (cichar) {
case CBCP_OPT:
printer(arg, "CBCP");
break;
default:
- printer(arg, "0x%x", cishort);
+ printer(arg, "0x%x", cichar);
}
}
break;
+#endif
case CI_MAGICNUMBER:
if (olen == CILEN_LONG) {
p += 2;

14
net/ppp-mppe/patches/patch-bn Normal file
View file

@ -0,0 +1,14 @@
$NetBSD: patch-bn,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/lcp.h Fri Nov 6 22:58:13 1998
+++ pppd/lcp.h Tue Jun 22 17:13:59 1999
@@ -56,6 +56,9 @@
bool neg_accompression; /* HDLC Address/Control Field Compression? */
bool neg_lqr; /* Negotiate use of Link Quality Reports */
bool neg_cbcp; /* Negotiate use of CBCP */
+ bool use_digest;
+ bool use_chapms;
+ bool use_chapms_v2;
int mru; /* Value of MRU */
u_char chap_mdtype; /* which MD type (hashing algorithm) */
u_int32_t asyncmap; /* Value of async map */

234
net/ppp-mppe/patches/patch-bo Normal file
View file

@ -0,0 +1,234 @@
$NetBSD: patch-bo,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /dev/null Wed Dec 31 16:00:00 1969
+++ pppd/mppe.c Thu Jun 24 16:05:42 1999
@@ -0,0 +1,229 @@
+/*
+ * mppe - Mucking with PpP Encription
+ *
+ * Copyright (c) 1995 Árpád Magossányi
+ * All rights reserved.
+ *
+ * Copyright (c) 1999 Tim Hockin, Cobalt Networks Inc.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Pedro Roque Marques. The name of the author may not be used to
+ * endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifdef MPPE
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <string.h>
+#include <ctype.h>
+#include <syslog.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include "pppd.h"
+#include "chap.h"
+#include "fsm.h"
+#include "ccp.h"
+#include "md4.h"
+#include "sha.h"
+#include "chap_ms.h"
+#include "extra_crypto.h"
+
+static void
+mppe_get_start_key __P((unsigned char *, unsigned char *, unsigned char *));
+static void
+mppe_get_master_key __P((unsigned char *, unsigned char *, unsigned char *));
+static void
+GetAsymetricStartKey __P((unsigned char *, unsigned char *, int, int, int));
+
+unsigned char mppe_master_send_key_40[8];
+unsigned char mppe_master_recv_key_40[8];
+unsigned char mppe_master_send_key_128[16];
+unsigned char mppe_master_recv_key_128[16];
+unsigned int mppe_allowed = 0;
+
+/*
+ * Pads used in key derivation - from sha1dgst.c
+ */
+static unsigned char SHApad1[40] =
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+static unsigned char SHApad2[40] =
+ {0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2,
+ 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2,
+ 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2,
+ 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2};
+
+
+/* This is used with chap-ms (v1) */
+void
+mppe_gen_master_key(char *secret, int secret_len, unsigned char *challenge)
+{
+ unsigned char PasswordHash[MD4_SIGNATURE_SIZE];
+ unsigned char PasswordHashHash[MD4_SIGNATURE_SIZE];
+
+ /* 40 bit */
+ LmPasswordHash(secret, secret_len, PasswordHash);
+ BCOPY(PasswordHash, mppe_master_send_key_40, 8);
+ BCOPY(mppe_master_send_key_40, mppe_master_recv_key_40, 8);
+
+ /* 128 bit */
+ NtPasswordHash(secret, secret_len, PasswordHash);
+ md4(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
+ mppe_get_start_key(challenge, PasswordHashHash, mppe_master_send_key_128);
+ BCOPY(mppe_master_send_key_128, mppe_master_recv_key_128, 16);
+
+ mppe_allowed = 1;
+}
+
+
+/* This is used with chap-ms-v2 (per MS' draft RFC) - 2 different keys */
+void
+mppe_gen_master_key_v2(char *secret, int secret_len, unsigned char *response,
+ int is_server)
+{
+ unsigned char PasswordHash[MD4_SIGNATURE_SIZE];
+ unsigned char PasswordHashHash[MD4_SIGNATURE_SIZE];
+ unsigned char MasterKey[MD4_SIGNATURE_SIZE];
+
+ /* 128 bit - 2 keys */
+ NtPasswordHash(secret, secret_len, PasswordHash);
+ md4(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
+ mppe_get_master_key(PasswordHashHash, response, MasterKey);
+ GetAsymetricStartKey(MasterKey, mppe_master_send_key_128, 16,1, is_server);
+ GetAsymetricStartKey(MasterKey, mppe_master_recv_key_128, 16,0, is_server);
+
+ /* 40 bit - 2 keys */
+ BCOPY(mppe_master_send_key_128, mppe_master_send_key_40, 8);
+ BCOPY(mppe_master_recv_key_128, mppe_master_recv_key_40, 8);
+
+ mppe_allowed = 1;
+}
+
+
+static void
+mppe_get_start_key(unsigned char *Challenge, unsigned char *NtPasswordHashHash,
+ unsigned char *InitialSessionKey)
+{
+ unsigned char Digest[SHA_DIGEST_LENGTH];
+ SHA_CTX Context;
+
+ SHA1_Init(&Context);
+ SHA1_Update(&Context, NtPasswordHashHash, 16);
+ SHA1_Update(&Context, Challenge, 24);
+ SHA1_Final(Digest, &Context);
+ BCOPY(Digest, InitialSessionKey, 16);
+}
+
+static void
+mppe_get_master_key(unsigned char *PasswordHashHash, unsigned char *NtResponse,
+ unsigned char *MasterKey)
+{
+ unsigned char Digest[SHA_DIGEST_LENGTH];
+ SHA_CTX Context;
+ static char Magic1[] = "This is the MPPE Master Key";
+
+ BZERO(Digest, sizeof(Digest));
+
+ SHA1_Init(&Context);
+ SHA1_Update(&Context, PasswordHashHash, 16);
+ SHA1_Update(&Context, NtResponse, 24);
+ SHA1_Update(&Context, Magic1, sizeof(Magic1) - 1);
+ SHA1_Final(Digest, &Context);
+
+ BCOPY(Digest, MasterKey, 16);
+}
+
+static void
+GetAsymetricStartKey(unsigned char *MasterKey, unsigned char *SessionKey,
+ int SessionKeyLength, int IsSend, int IsServer)
+{
+ unsigned char Digest[SHA_DIGEST_LENGTH];
+ SHA_CTX Context;
+ char *s;
+ static char Magic2[] = "On the client side, this is the send key; on the server side, it is the receive key.";
+ static char Magic3[] = "On the client side, this is the receive key; on the server side, it is the send key.";
+
+ BZERO(Digest, sizeof(Digest));
+ if(IsSend)
+ {
+ if(IsServer)
+ s = Magic3;
+ else
+ s = Magic2;
+ }
+ else
+ {
+ if(IsServer)
+ s = Magic2;
+ else
+ s = Magic3;
+ }
+
+ SHA1_Init(&Context);
+ SHA1_Update(&Context, MasterKey, 16);
+ SHA1_Update(&Context, SHApad1, 40);
+ SHA1_Update(&Context, s, 84);
+ SHA1_Update(&Context, SHApad2, 40);
+ SHA1_Final(Digest, &Context);
+ BCOPY(Digest, SessionKey, SessionKeyLength);
+}
+
+/*
+ * Functions called from config options
+ */
+int
+setmppe_40(char **argv)
+{
+ ccp_allowoptions[0].mppe = ccp_wantoptions[0].mppe = 1;
+ ccp_allowoptions[0].mppe_40 = ccp_wantoptions[0].mppe_40 = 1;
+ return 1;
+}
+
+int
+setnomppe_40(char **argv)
+{
+ ccp_allowoptions[0].mppe_40 = ccp_wantoptions[0].mppe_40 = 0;
+ return 1;
+}
+
+int
+setmppe_128(char **argv)
+{
+ ccp_allowoptions[0].mppe = ccp_wantoptions[0].mppe = 1;
+ ccp_allowoptions[0].mppe_128 = ccp_wantoptions[0].mppe_128 = 1;
+ return 1;
+}
+
+int
+setnomppe_128(char **argv)
+{
+ ccp_allowoptions[0].mppe_128 = ccp_wantoptions[0].mppe_128 = 0;
+ return 1;
+}
+
+int
+setmppe_stateless(char **argv)
+{
+ ccp_allowoptions[0].mppe_stateless = ccp_wantoptions[0].mppe_stateless = 1;
+ return 1;
+}
+
+int
+setnomppe_stateless(char **argv)
+{
+ ccp_allowoptions[0].mppe_stateless = ccp_wantoptions[0].mppe_stateless = 0;
+ return 1;
+}
+#endif /* MPPE */

68
net/ppp-mppe/patches/patch-bp Normal file
View file

@ -0,0 +1,68 @@
$NetBSD: patch-bp,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /dev/null Wed Dec 31 16:00:00 1969
+++ pppd/mppe.h Tue Jun 22 18:44:01 1999
@@ -0,0 +1,63 @@
+#ifndef __MPPE_INCLUDE__
+
+#ifndef CI_MPPE
+#define CI_MPPE 18 /* config. option for MPPE */
+#endif CI_MPPE
+#ifndef CILEN_MPPE
+#define CILEN_MPPE 6 /* length of config. option */
+#endif CILEN_MPPE
+
+typedef struct mppe_state {
+ int us_unit; /* Interface unit number */
+ u_char us_id; /* Current id */
+ u_char us_allowed;
+ int us_type;
+ char *us_number; /* Telefone Number */
+} mppe_state;
+
+
+extern struct protent mppe_protent;
+
+#define MPPE_CONFOPTION CI_MPPE /* p[0] */
+#define MPPE_STATELESS 0x01 /* p[2] */
+#define MPPE_40BIT 0x20 /* p[5] */
+#define MPPE_128BIT 0x40 /* p[5] */
+
+#define PPP_MPPE 0x00FD
+
+#define MPPE_BIT_A 0x80
+#define MPPE_BIT_B 0x40
+#define MPPE_BIT_C 0x20
+#define MPPE_BIT_D 0x10
+#define MPPE_BIT_FLUSHED MPPE_BIT_A
+#define MPPE_BIT_ENCRYPTED MPPE_BIT_D
+#define MPPE_CCOUNT 0x0FFF
+
+#define MPPE_40_SALT0 0xD1
+#define MPPE_40_SALT1 0x26
+#define MPPE_40_SALT2 0x9E
+
+#define MPPE_MINLEN 4
+
+#define MPPE_REQ 1
+#define MPPE_RESP 2
+#define MPPE_ACK 3
+
+extern char mppe_master_send_key_40[8];
+extern char mppe_master_send_key_128[16];
+extern char mppe_master_recv_key_40[8];
+extern char mppe_master_recv_key_128[16];
+extern unsigned int mppe_allowed;
+
+void mppe_gen_master_key __P((char *, int, unsigned char *));
+void mppe_gen_master_key_v2 __P((char *, int, unsigned char *, int));
+
+int setmppe_40(char **);
+int setnomppe_40(char **);
+int setmppe_128(char **);
+int setnomppe_128(char **);
+int setmppe_stateless(char **);
+int setnomppe_stateless(char **);
+
+#define __MPPE_INCLUDE__
+#endif /* __MPPE_INCLUDE__ */

160
net/ppp-mppe/patches/patch-bq Normal file
View file

@ -0,0 +1,160 @@
$NetBSD: patch-bq,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/pppd.8.orig Sat Sep 25 13:47:24 1999
+++ pppd/pppd.8 Sat Sep 25 13:57:21 1999
@@ -27,9 +27,14 @@
and configuring different network-layer protocols.
.LP
The encapsulation scheme is provided by driver code in the kernel.
-Pppd provides the basic LCP, authentication support, and an NCP for
+PPPD provides the basic LCP, authentication support, and an NCP for
establishing and configuring the Internet Protocol (IP) (called the IP
Control Protocol, IPCP).
+.LP
+This version includes support for multilink operations, Microsoft
+specific CHAP authentication algorithms (known as CHAP-MS-V1 and
+CHAP-MS-V2) and transparent encryption (Microsoft Point-to-Point
+Encryption, MPPE) also.
.SH FREQUENTLY USED OPTIONS
.TP
.I <tty_name>
@@ -90,6 +95,15 @@
or include .. as a pathname component. The format of the options file
is described below.
.TP
+.B callback \fIphone
+Request client to call back to specified \fIphone\fR number.
+.TP
+.B nocallback
+Don't argee to use callback negotiation.
+.TP
+.B +callback
+Request server to negotiate callback and log negotiated results.
+.TP
.B connect \fIscript
Use the executable or shell command specified by \fIscript\fR to set
up the serial line. This script would typically use the chat(8)
@@ -309,6 +323,10 @@
options are given, data packets which are rejected by the specified
activity filter also count as the link being idle.
.TP
+.B ip
+Enable IPCP and IP protocols. You can disable IP negotiation if you
+want to use other protocols only.
+.TP
.B ipcp-accept-local
With this option, pppd will accept the peer's idea of our local IP
address, even if the local IP address was specified in an option.
@@ -493,7 +511,7 @@
the connect script. On Ultrix, this option implies hardware flow
control, as for the \fIcrtscts\fR option.
.TP
-.B ms-dns \fI<addr>
+.B ms-dns \fI<addr>\fR
If pppd is acting as a server for Microsoft Windows clients, this
option allows pppd to supply one or two DNS (Domain Name Server)
addresses to the clients. The first instance of this option specifies
@@ -723,7 +741,11 @@
.TP
.B refuse-chap
With this option, pppd will not agree to authenticate itself to the
-peer using CHAP.
+peer using any CHAP protocol.
+.TP
+.B refuse-chap-md5
+With this option, pppd will not agree to authenticate itself to the
+peer using standard MD5 CHAP.
.TP
.B refuse-pap
With this option, pppd will not agree to authenticate itself to the
@@ -783,6 +805,48 @@
.B xonxoff
Use software flow control (i.e. XON/XOFF) to control the flow of data on
the serial port.
+.SH MICROSOFT SPECIFIC EXTENSIONS
+This version of PPPD supports some Microsoft-specific extensions such
+as non-standard CHAP algorithms (known as CHAP-MS-V1 and CHAP-MS-V2) and
+transparent encryption of all sending and receiving traffic.
+.LP
+Those options allows to configure PPPD to work with Microsoft extensions of
+standard PPP protocol.
+.TP
+.B require-chapms
+Require the peer to authenticate itself using CHAP [Challenge
+Handshake Authentication Protocol] authentication with Microsoft
+extensions [known as CHAP-MS-V1].
+.TP
+.B require-chapms-v2
+Require the peer to authenticate itself using CHAP authentication
+with Microsoft extensions [known as CHAP-MS-V2].
+.TP
+.B refuse-chapms
+With this option, pppd will not agree to authenticate itself to the
+peer using CHAP-MS-V1.
+.TP
+.B refuse-chapms-v2
+With this option, pppd will not agree to authenticate itself to the
+peer using CHAP-MS-V2.
+.TP
+.B mppe-40
+This option enables use of Microsoft Point-to-point Encryption (MPPE)
+using 40-bit encryption keys. These keys can be used with any Microsoft
+software (Windows 95, Windows 98, Windows NT) because their cryptographic
+strength is relatively low. This option requires that chapms or chapms-v2
+be enabled.
+.TP
+.B mppe-128
+This option enables use of Microsoft Point-to-Point Encryption (MPPE)
+using 128-bit encryption keys. These keys can be used with software designed
+for domestic usage (within US and Canada). This option requires that chapms
+or chapms-v2 be enabled.
+.TP
+.B mppe-stateless
+This option negotiates stateless mode for Microsoft Point-to-Point Encryption
+(MPPE), which changes the encryption keys on every packet. The default mode is
+stateful (non-stateless, or single key).
.SH OPTIONS FILES
Options can be taken from files as well as the command line. Pppd
reads options from the files /etc/ppp/options, ~/.ppprc and
@@ -1093,9 +1157,40 @@
rlogin implementations are not transparent; they will remove the
sequence [0xff, 0xff, 0x73, 0x73, followed by any 8 bytes] from the
stream.
+.SH EXAMPLES OF MICROSOFT EXTENSIONS
+To enable full-featured Microsoft encryption you must add those options
+to your \fI/etc/ppp/options/fR file:
+.IP
++chapms
+.br
++chapms-v2
+.br
+mppe-40
+.br
+mppe-128
+.br
+mppe-stateless
+.LP
+To authentificate client with Microsoft CHAP version 1 or 2, you need to
+use those options:
+.IP
+auth
+.br
++chap
+.br
++chapms
+.br
++chapms-v2
+.LP
+To make possible to authentificate itself with Microsoft CHAP version 1
+or 2, you need to add those options:
+.IP
++chapms
+.br
++chapms-v2
.SH DIAGNOSTICS
.LP
-Messages are sent to the syslog daemon using facility LOG_DAEMON.
+.Messages are sent to the syslog daemon using facility LOG_DAEMON.
(This can be overriden by recompiling pppd with the macro
LOG_PPP defined as the desired facility.) In order to see the error
and debug messages, you will need to edit your /etc/syslog.conf file

13
net/ppp-mppe/patches/patch-br Normal file
View file

@ -0,0 +1,13 @@
$NetBSD: patch-br,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/pppd.h.orig Thu May 13 18:09:08 1999
+++ pppd/pppd.h Thu Jun 24 13:41:46 1999
@@ -320,6 +320,8 @@
/* check if IP address is authorized */
int bad_ip_adrs __P((u_int32_t));
/* check if IP address is unreasonable */
+int get_ip_addr_dynamic __P((int, u_int32_t *));
+ /* get dynamically-allocated IP address */
/* Procedures exported from demand.c */
void demand_conf __P((void)); /* config interface(s) for demand-dial */

21
net/ppp-mppe/patches/patch-bs Normal file
View file

@ -0,0 +1,21 @@
$NetBSD: patch-bs,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/Makefile.netbsd-1.4.orig2 Sat Sep 25 15:23:52 1999
+++ pppd/Makefile.netbsd-1.4 Sat Sep 25 15:26:56 1999
@@ -5,7 +5,7 @@
PROG= pppd
SRCS= auth.c cbcp.c ccp.c chap.c chap_ms.c demand.c eui64.c fsm.c \
ipcp.c ipv6cp.c ipxcp.c lcp.c magic.c main.c options.c sys-bsd.c \
- upap.c utils.c
+ upap.c utils.c mppe.c sha1dgst.c extra_crypto.c
.PATH: ${PCAPDIR}
MAN= pppd.8
@@ -17,6 +17,7 @@
CPPFLAGS+= -I. -DHAVE_PATHS_H
CPPFLAGS+= -I${PCAPDIR} -DPPP_FILTER
CPPFLAGS+= -DCBCP_SUPPORT -DCHAPMS -DUSE_CRYPT -DMSLANMAN
+CPPFLAGS+= -DMPPE
# XXX: Does not work (yet)
#CPPFLAGS+= -DINET6

790
net/ppp-mppe/patches/patch-bt Normal file
View file

@ -0,0 +1,790 @@
$NetBSD: patch-bt,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /dev/null Mon Sep 27 01:09:07 1999
+++ netbsd-1.4/ppp_mppe.c Mon Sep 27 02:11:53 1999
@@ -0,0 +1,785 @@
+/* NetBSD
+ *
+ * taken from: FILEVERSION 9906180
+ *
+ * ppp_mppe.c - MPPE "compressor/decompressor" module.
+ *
+ * Copyright (c) 1994 Árpád Magosányi <mag@bunuel.tii.matav.hu>
+ * All rights reserved.
+ * Copyright (c) 1999 Tim Hockin, Cobalt Networks Inc. <thockin@cobaltnet.com>
+ * Copyright (c) 1999 Darrin B. Jewell <dbj@netbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation is hereby granted, provided that the above copyright
+ * notice appears in all copies. This software is provided without any
+ * warranty, express or implied. The Australian National University
+ * makes no representations about the suitability of this software for
+ * any purpose.
+ *
+ * IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY
+ * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
+ * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF
+ * THE AUSTRALIAN NATIONAL UNIVERSITY HAS BEEN ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
+ * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO
+ * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS,
+ * OR MODIFICATIONS.
+ *
+ * From: deflate.c,v 1.1 1996/01/18 03:17:48 paulus Exp
+ */
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/systm.h>
+#include <sys/mbuf.h>
+#include <sys/malloc.h>
+
+#include <net/ppp_defs.h>
+
+#define PACKETPTR struct mbuf *
+#include <net/ppp-comp.h>
+
+#include "rc4.h"
+#include "rc4_enc.c"
+#include "sha1dgst.c"
+#include "mppe.h"
+
+extern void
+GetNewKeyFromSHA(unsigned char *StartKey,
+ unsigned char *SessionKey,
+ unsigned long SessionKeyLength,
+ unsigned char *InterimKey);
+
+#if defined(LKM) || defined(_LKM)
+int mppe_in_use = 0;
+#define MOD_DEC_USE_COUNT (mppe_in_use--)
+#define MOD_INC_USE_COUNT (mppe_in_use++)
+#else
+#define MOD_DEC_USE_COUNT while (0)
+#define MOD_INC_USE_COUNT while (0)
+#endif
+
+#ifndef CI_MPPE
+#define CI_MPPE 18 /* config. option for MPPE */
+#define CILEN_MPPE 6 /* length of config. option */
+#endif
+
+#ifdef MPPE_DEBUG
+#define DPRINTF(x) printf x
+#else
+#define DPRINTF(x)
+#endif
+
+/*
+ * State for a mppe "(de)compressor".
+ */
+struct ppp_mppe_state {
+ unsigned int ccount; /*coherency count */
+ RC4_KEY RC4_send_key; /* chap-ms-v2 dictates 2 keys */
+ RC4_KEY RC4_recv_key;
+ unsigned char session_send_key[16];
+ unsigned char session_recv_key[16];
+ unsigned char master_send_key[16];
+ unsigned char master_recv_key[16];
+ int keylen;
+ int stateless;
+ int decomp_error;
+ unsigned int bits;
+ int unit;
+ int debug;
+ int mru;
+ struct compstat stats;
+};
+
+#define MPPE_CCOUNT_FROM_PACKET(ibuf) ((((ibuf)[4] & 0x0f) << 8) + (ibuf)[5])
+#define MPPE_BITS(ibuf) ((ibuf)[4] & 0xf0 )
+#define MPPE_CTRLHI(state) ((((state)->ccount & 0xf00)>>8)|((state)->bits))
+#define MPPE_CTRLLO(state) ((state)->ccount & 0xff)
+
+#define MPPE_OVHD 4
+
+void mppe_synchronize_key(struct ppp_mppe_state *);
+void mppe_initialize_key(struct ppp_mppe_state *);
+void mppe_change_key(struct ppp_mppe_state *);
+void mppe_update_count(struct ppp_mppe_state *);
+
+/* Procedures from the MPPE draft */
+void
+mppe_synchronize_key(struct ppp_mppe_state *state)
+{
+ /* get new keys and flag our state as such */
+ RC4_set_key(&(state->RC4_send_key),state->keylen,state->session_send_key);
+ RC4_set_key(&(state->RC4_recv_key),state->keylen,state->session_recv_key);
+
+ state->bits=MPPE_BIT_FLUSHED|MPPE_BIT_ENCRYPTED;
+}
+
+
+void
+mppe_initialize_key(struct ppp_mppe_state *state)
+{
+ /* generate new session keys */
+ GetNewKeyFromSHA(state->master_send_key, state->master_send_key,
+ state->keylen, state->session_send_key);
+ GetNewKeyFromSHA(state->master_recv_key, state->master_recv_key,
+ state->keylen, state->session_recv_key);
+
+ if(state->keylen == 8) {
+ /* cripple them from 64bit->40bit */
+ state->session_send_key[0]=state->session_recv_key[0] = MPPE_40_SALT0;
+ state->session_send_key[1]=state->session_recv_key[1] = MPPE_40_SALT1;
+ state->session_send_key[2]=state->session_recv_key[2] = MPPE_40_SALT2;
+ }
+
+ mppe_synchronize_key(state);
+}
+
+
+void
+mppe_change_key(struct ppp_mppe_state *state)
+{
+ unsigned char InterimSendKey[16];
+ unsigned char InterimRecvKey[16];
+
+ /* get temp keys */
+ GetNewKeyFromSHA(state->master_send_key, state->session_send_key,
+ state->keylen, InterimSendKey);
+ GetNewKeyFromSHA(state->master_recv_key, state->session_recv_key,
+ state->keylen, InterimRecvKey);
+
+ /* build RC4 keys from the temp keys */
+ RC4_set_key(&(state->RC4_send_key), state->keylen, InterimSendKey);
+ RC4_set_key(&(state->RC4_recv_key), state->keylen, InterimRecvKey);
+
+ /* make new session keys */
+ RC4(&(state->RC4_send_key), state->keylen, InterimSendKey,
+ state->session_send_key);
+ RC4(&(state->RC4_recv_key), state->keylen, InterimRecvKey,
+ state->session_recv_key);
+
+ if(state->keylen == 8)
+ {
+ /* cripple them from 64->40 bits*/
+ state->session_send_key[0]=state->session_recv_key[0] = MPPE_40_SALT0;
+ state->session_send_key[1]=state->session_recv_key[1] = MPPE_40_SALT1;
+ state->session_send_key[2]=state->session_recv_key[2] = MPPE_40_SALT2;
+ }
+
+ /* make the final rc4 keys */
+ RC4_set_key(&(state->RC4_send_key), state->keylen, state->session_send_key);
+ RC4_set_key(&(state->RC4_recv_key), state->keylen, state->session_recv_key);
+
+ state->bits=MPPE_BIT_ENCRYPTED;
+}
+
+
+#if defined(MPPE_DEBUG) && (MPEE_DEBUG > 1)
+typedef u_int8_t __u8;
+/* Utility procedures to print a buffer in hex/ascii */
+static void
+ppp_print_hex (register __u8 *out, const __u8 *in, int count)
+{
+ register __u8 next_ch;
+ static char hex[] = "0123456789ABCDEF";
+
+ while (count-- > 0) {
+ next_ch = *in++;
+ *out++ = hex[(next_ch >> 4) & 0x0F];
+ *out++ = hex[next_ch & 0x0F];
+ ++out;
+ }
+}
+
+
+static void
+ppp_print_char (register __u8 *out, const __u8 *in, int count)
+{
+ register __u8 next_ch;
+
+ while (count-- > 0) {
+ next_ch = *in++;
+
+ if (next_ch < 0x20 || next_ch > 0x7e)
+ *out++ = '.';
+ else {
+ *out++ = next_ch;
+ if (next_ch == '%') /* printk/syslogd has a bug !! */
+ *out++ = '%';
+ }
+ }
+ *out = '\0';
+}
+
+static void
+ppp_print_buffer (const __u8 *name, const __u8 *buf, int count)
+{
+ __u8 line[44];
+
+ if (name != (__u8 *) NULL)
+ printf("ppp: %s, count = %d\n", name, count);
+
+ while (count > 8) {
+ memset (line, 32, 44);
+ ppp_print_hex (line, buf, 8);
+ ppp_print_char (&line[8 * 3], buf, 8);
+ printf("%s\n", line);
+ count -= 8;
+ buf += 8;
+ }
+
+ if (count > 0) {
+ memset (line, 32, 44);
+ ppp_print_hex (line, buf, count);
+ ppp_print_char (&line[8 * 3], buf, count);
+ printf("%s\n", line);
+ }
+}
+#endif
+
+/* our 'compressor' proper */
+void *mppe_comp_alloc __P((unsigned char *, int));
+void mppe_comp_free __P((void *));
+int mppe_comp_init __P((void *, unsigned char *,
+ int, int, int, int));
+int mppe_decomp_init __P((void *, unsigned char *,
+ int, int, int, int, int));
+int mppe_compress __P((void *, struct mbuf **,
+ struct mbuf *,int, int));
+void mppe_incomp __P((void *, struct mbuf *));
+int mppe_decompress __P((void *, struct mbuf *, struct mbuf **));
+void mppe_comp_reset __P((void *));
+void mppe_comp_stats __P((void *, struct compstat *));
+
+
+/* cleanup the compressor */
+void
+mppe_comp_free(void *arg)
+{
+ struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
+
+ if (state) {
+ free(state,M_DEVBUF);
+ MOD_DEC_USE_COUNT;
+ }
+}
+
+
+/* allocate space for a compressor. */
+void *
+mppe_comp_alloc(unsigned char *options, int opt_len)
+{
+ struct ppp_mppe_state *state;
+
+ if (((2*8)+3 != opt_len && (2*16)+3 != opt_len) /* 2 keys + 3 */
+ || options[0] != CI_MPPE || options[1] != CILEN_MPPE) {
+ DPRINTF(("ppp/mppe: compress rejected: opt_len=%u,o[0]=%x,o[1]=%x\n",
+ opt_len,options[0],options[1]));
+ if (opt_len == 32) {
+ DPRINTF(("ppp/mppe: try increasing CCP_MAX_OPTION_LENGTH in ppp-comp.h\n"));
+ }
+ return NULL;
+ }
+
+ state = (struct ppp_mppe_state *)malloc(sizeof(*state), M_DEVBUF, M_NOWAIT);
+ if (state == NULL)
+ return NULL;
+
+ MOD_INC_USE_COUNT;
+
+ memset (state, 0, sizeof (struct ppp_mppe_state));
+
+ /* write the data in options to the right places */
+ memcpy(&state->stateless,options+2,1);
+
+ state->keylen = (opt_len-3)/2;
+ memcpy(state->master_send_key,options+3,state->keylen);
+ memcpy(state->master_recv_key,options+3+state->keylen,state->keylen);
+
+ mppe_initialize_key(state);
+
+ return (void *) state;
+}
+
+
+int
+mppe_comp_init(void *arg, unsigned char *options, int opt_len, int unit,
+ int hdrlen, int debug)
+{
+ struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg;
+
+ if (options[0] != CI_MPPE || options[1] != CILEN_MPPE) {
+ DPRINTF(("ppp%d/mppe: compress rejected: opt_len=%u,o[0]=%x,o[1]=%x\n",
+ state->unit,opt_len,options[0],options[1]));
+ return 0;
+ }
+
+ state->ccount = 0;
+ state->unit = unit;
+ state->debug = debug;
+
+ /* 19 is the min (2*keylen) + 3 */
+ if(opt_len >= 19) {
+ memcpy(&state->stateless,options+2,1);
+
+ state->keylen = (opt_len-3)/2;
+ memcpy(state->master_send_key,options+3,state->keylen);
+ memcpy(state->master_recv_key,options+3+state->keylen,state->keylen);
+
+ mppe_initialize_key(state);
+ }
+
+ return 1;
+}
+
+
+int
+mppe_decomp_init(void *arg, unsigned char *options, int opt_len, int unit,
+ int hdrlen, int mru, int debug)
+{
+ struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg;
+
+ if (options[0] != CI_MPPE || options[1] != CILEN_MPPE) {
+ DPRINTF(("ppp%d/MPPE: options are bad: %x %x\n",
+ state->unit,options[0],options[1]));
+ return 0;
+ }
+
+ state->ccount = 0;
+ state->unit = unit;
+ state->debug = debug;
+ state->mru = mru;
+
+ /* 19 is the min (2*keylen)+3 */
+ if(opt_len >= 19) {
+ memcpy(&state->stateless,options+2,1);
+
+ state->keylen = (opt_len-3)/2;
+ memcpy(state->master_send_key,options+3,state->keylen);
+ memcpy(state->master_recv_key,options+3+state->keylen,state->keylen);
+
+ mppe_initialize_key(state);
+ }
+
+ return 1;
+}
+
+
+void
+mppe_comp_reset(void *arg)
+{
+ struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg;
+
+ DPRINTF(("mppe_comp_reset\n"));
+
+ (state->stats).ratio = 0;
+
+ mppe_synchronize_key(state);
+}
+
+
+void
+mppe_update_count(struct ppp_mppe_state *state)
+{
+ if(!state->stateless)
+ {
+ if ( 0xff == (state->ccount&0xff)){
+ /* time to change keys */
+ if ( 0xfff == (state->ccount&0xfff)){
+ state->ccount = 0;
+ } else {
+ (state->ccount)++;
+ }
+ mppe_change_key(state);
+ } else {
+ state->ccount++;
+ }
+ } else {
+ if ( 0xFFF == (state->ccount & 0xFFF)) {
+ state->ccount = 0;
+ } else {
+ (state->ccount)++;
+ }
+ mppe_change_key(state);
+ }
+}
+
+
+/* the big nasty */
+int
+mppe_compress(void *arg, struct mbuf **mret, struct mbuf *mp,
+ int isize, int osize)
+{
+ unsigned char *rptr;
+ struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
+ int proto, olen;
+ unsigned char *wptr;
+
+ *mret = NULL;
+
+#ifdef DIAGNOSTIC
+ /* XXX: dbj -- we cheat, and allow ourselves to go up to MPPE_OVHD
+ * past the osize handed to us. This implies we may send a packet
+ * greater than the mtu. We don't have much other choice.
+ */
+ if (osize+MPPE_OVHD < isize+MPPE_OVHD) {
+ /* XXX: what should we do here? If we return NULL, the data
+ * will go out unencrypted!
+ */
+ panic("ppp%d/mppe: Not enough space to encrypt packet: %d<%d+%d!\n",
+ state->unit,isize, osize, MPPE_OVHD);
+ }
+
+ /* Sanity check that at least the header is contigous,
+ * if this ever fails, we should just copy the header out by hand
+ * rather than actually do a pullup. This can't happen
+ * with the current if_ppp implementation
+ */
+ if (mp->m_len < PPP_HDRLEN) {
+ panic("ppp%d/mppe: m_pullup required to get ppp header!",
+ state->unit);
+ }
+#endif
+
+#if defined(MPPE_DEBUG) && (MPEE_DEBUG > 1)
+ ppp_print_buffer("mppe_encrypt",rptr,isize);
+#endif
+
+ rptr = mtod(mp, unsigned char *);
+
+ /* Check that the protocol is in the range we handle. */
+ proto = PPP_PROTOCOL(rptr);
+ if (proto < 0x0021 || proto > 0x00FA )
+ return 0;
+
+#ifdef DIAGNOSTIC
+ if (!(mp->m_flags & M_PKTHDR)) {
+ panic("ppp%d/mppe: expecting pkthdr in mbuf",state->unit);
+ }
+#endif
+
+ /* Allocate an mbuf chain to hold the encrypted packet */
+ {
+ struct mbuf *mfirst = NULL;
+ struct mbuf *mprev;
+ struct mbuf *m = NULL;
+ int bleft = isize+MPPE_OVHD;
+ do {
+ mprev = m;
+ MGET(m,M_DONTWAIT, MT_DATA);
+ if (m == NULL) {
+ m_freem(mfirst);
+ /* XXX: what should we do here? If we return NULL, the data
+ * will go out unencrypted. We can't use M_WAITOK, since this
+ * will get get called from splsoftnet()
+ */
+ panic("ppp%d/mppe: unable to allocate mbuf to encrypt packet",
+ state->unit);
+ }
+ m->m_len = 0;
+ if (mfirst == NULL) {
+ mfirst = m;
+ M_COPY_PKTHDR(m,mp);
+ if (bleft > MHLEN) {
+ MCLGET(m, M_DONTWAIT);
+ }
+ } else {
+ mprev->m_next = m;
+ if (bleft > MLEN) {
+ MCLGET(m, M_DONTWAIT);
+ }
+ }
+ bleft -= M_TRAILINGSPACE(m);
+ } while (bleft > 0);
+ *mret = mfirst;
+ }
+
+ wptr = mtod(*mret, unsigned char *);
+
+ /* Copy over the PPP header and store the 2-byte sequence number. */
+ wptr[0] = PPP_ADDRESS(rptr);
+ wptr[1] = PPP_CONTROL(rptr);
+ wptr[2] = PPP_MPPE >>8;
+ wptr[3] = PPP_MPPE;
+ wptr += PPP_HDRLEN;
+ wptr[0] = MPPE_CTRLHI(state);
+ wptr[1] = MPPE_CTRLLO(state);
+ wptr += 2;
+ (*mret)->m_len = PPP_HDRLEN+2;
+
+ state->bits=MPPE_BIT_ENCRYPTED;
+ mppe_update_count(state);
+
+ /* March down input and output mbuf chains, encoding with RC4 */
+ {
+ struct mbuf *mi = mp; /* mbuf in */
+ struct mbuf *mo = *mret; /* mbuf out */
+ int maxi, maxo;
+ maxi = mi->m_len-2;
+ maxo = M_TRAILINGSPACE(mo);
+ while (mi) {
+ if (maxi < maxo) {
+ RC4(&(state->RC4_send_key),maxi,
+ mtod(mi,unsigned char *)+mi->m_len-maxi,
+ mtod(mo,unsigned char *)+mo->m_len);
+ mo->m_len += maxi;
+ maxo -= maxi;
+ mi = mi->m_next;
+ if (mi) {
+ maxi = mi->m_len;
+ }
+ } else if (maxi > maxo) {
+ RC4(&(state->RC4_send_key),maxo,
+ mtod(mi,unsigned char *)+mi->m_len-maxi,
+ mtod(mo,unsigned char *)+mo->m_len);
+ mo->m_len += maxo;
+ maxi -= maxo;
+ mo = mo->m_next;
+ if (mo) {
+ maxo = M_TRAILINGSPACE(mo);
+ }
+ } else {
+ RC4(&(state->RC4_send_key),maxi,
+ mtod(mi,unsigned char *)+mi->m_len-maxi,
+ mtod(mo,unsigned char *)+mo->m_len);
+ mo->m_len += maxi;
+ mi = mi->m_next;
+ mo = mo->m_next;
+ if (mi) {
+ maxi = mi->m_len;
+ maxo = M_TRAILINGSPACE(mo);
+ }
+ }
+ }
+ }
+ olen=isize+MPPE_OVHD;
+
+ (state->stats).comp_bytes += isize;
+ (state->stats).comp_packets++;
+
+#if defined(MPPE_DEBUG) && (MPEE_DEBUG > 1)
+ ppp_print_buffer("mppe_encrypt out",obuf,olen);
+#endif
+
+ return olen;
+}
+
+
+void
+mppe_comp_stats(void *arg, struct compstat *stats)
+{
+ struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg;
+
+ /* this _SHOULD_ always be 1 */
+ (state->stats).ratio = (state->stats).unc_bytes/(state->stats).comp_bytes;
+
+ *stats = state->stats;
+
+}
+
+
+/* the other big nasty */
+int
+mppe_decompress(void *arg, struct mbuf *mp, struct mbuf **mret)
+{
+ struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg;
+ int seq;
+ unsigned char *ibuf;
+ int isize;
+ unsigned char *obuf;
+
+ if (!mp) {
+ DPRINTF(("ppp%d/mppe: null input packet\n",state->unit));
+ return DECOMP_ERROR;
+ }
+
+ /* Sanity check that at least the header is contigous,
+ * and the packet is long enough.
+ */
+ if (mp->m_len <= PPP_HDRLEN + MPPE_OVHD) {
+ if (state->debug) {
+ DPRINTF(("ppp%d/mppe: short start mbuf (len=%d)\n",
+ state->unit, mp->m_len));
+ }
+
+ return DECOMP_ERROR;
+ }
+
+ ibuf = mtod(mp,unsigned char *);
+
+ /* Check the sequence number. */
+ seq = MPPE_CCOUNT_FROM_PACKET(ibuf);
+
+ if(!state->stateless && (MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED)) {
+ state->decomp_error = 0;
+ state->ccount = seq;
+ }
+
+ if(state->decomp_error) {
+ return DECOMP_ERROR;
+ }
+
+ if (seq != state->ccount) {
+ if (state->debug) {
+ DPRINTF(("ppp%d/mppe: decompress: bad seq # %d, expected %d\n",
+ state->unit, seq, state->ccount));
+ }
+
+ while(state->ccount != seq) {
+ mppe_update_count(state);
+ }
+
+ mppe_update_count(state);
+
+ return DECOMP_ERROR;
+ }
+
+ if(!(MPPE_BITS(ibuf) & MPPE_BIT_ENCRYPTED)) {
+ DPRINTF(("ppp%d/mppe: ERROR: not an encrypted packet\n",state->unit));
+ mppe_synchronize_key(state);
+ return DECOMP_ERROR;
+ }
+
+ /* Allocate an mbuf chain to hold the decrypted packet */
+ {
+ struct mbuf *mfirst = 0;
+ struct mbuf *mprev;
+ struct mbuf *m = 0;
+ int bleft;
+ isize = 0;
+ for (m=mp; m; m= m->m_next) isize += m->m_len;
+ bleft = isize-MPPE_OVHD;
+ do {
+ mprev = m;
+ MGET(m,M_DONTWAIT, MT_DATA);
+ if (m == NULL) {
+ m_freem(mfirst);
+ DPRINTF(("ppp%d/mppe: unable to allocate mbuf to decrypt packet\n",
+ state->unit));
+ return DECOMP_ERROR;
+ }
+ m->m_len = 0;
+ if (mfirst == NULL) {
+ mfirst=m;
+ M_COPY_PKTHDR(m,mp);
+ if (bleft > MHLEN) {
+ MCLGET(m, M_DONTWAIT);
+ }
+ } else {
+ mprev->m_next = m;
+ if (bleft > MLEN) {
+ MCLGET(m, M_DONTWAIT);
+ }
+ }
+ bleft -= M_TRAILINGSPACE(m);
+ } while (bleft > 0);
+ *mret = mfirst;
+ }
+
+ obuf = mtod(*mret,unsigned char *);
+
+ /*
+ * Fill in the first part of the PPP header. The protocol field
+ * comes from the decompressed data.
+ */
+ obuf[0] = PPP_ADDRESS(ibuf);
+ obuf[1] = PPP_CONTROL(ibuf);
+ obuf += 2;
+ (*mret)->m_len += 2;
+
+ {
+ if(!state->stateless && (MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED))
+ mppe_synchronize_key(state);
+ mppe_update_count(state);
+
+ /* March down input and output mbuf chains, decoding with RC4 */
+ {
+ struct mbuf *mi = mp; /* mbuf in */
+ struct mbuf *mo = *mret; /* mbuf out */
+ int maxi, maxo;
+ maxi = mi->m_len-6; /* adjust for PPP_HDRLEN and MPPE_OVERHEAD */
+ maxo = M_TRAILINGSPACE(mo);
+ while (mi) {
+ if (maxi < maxo) {
+ RC4(&(state->RC4_recv_key),maxi,
+ mtod(mi,unsigned char *)+mi->m_len-maxi,
+ mtod(mo,unsigned char *)+mo->m_len);
+ mo->m_len += maxi;
+ maxo -= maxi;
+ mi = mi->m_next;
+ if (mi) {
+ maxi = mi->m_len;
+ }
+ } else if (maxi > maxo) {
+ RC4(&(state->RC4_recv_key),maxo,
+ mtod(mi,unsigned char *)+mi->m_len-maxi,
+ mtod(mo,unsigned char *)+mo->m_len);
+ mo->m_len += maxo;
+ maxi -= maxo;
+ mo = mo->m_next;
+ if (mo) {
+ maxo = M_TRAILINGSPACE(mo);
+ }
+ } else {
+ RC4(&(state->RC4_recv_key),maxi,
+ mtod(mi,unsigned char *)+mi->m_len-maxi,
+ mtod(mo,unsigned char *)+mo->m_len);
+ mo->m_len += maxi;
+ mi = mi->m_next;
+ mo = mo->m_next;
+ if (mi) {
+ maxi = mi->m_len;
+ maxo = M_TRAILINGSPACE(mo);
+ }
+ }
+ }
+ }
+
+ (state->stats).unc_bytes += (isize-MPPE_OVHD);
+ (state->stats).unc_packets ++;
+
+ return DECOMP_OK;
+ }
+}
+
+
+/* Incompressible data has arrived - add it to the history. */
+void
+mppe_incomp(void *arg, struct mbuf *mp)
+{
+ struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg;
+ struct mbuf *m;
+ for (m=mp;m;m = m->m_next) {
+ (state->stats).inc_bytes += m->m_len;
+ }
+ (state->stats).inc_packets++;
+}
+
+
+/*************************************************************
+ * Module interface table
+ *************************************************************/
+
+/*
+ * Procedures exported to if_ppp.c.
+ */
+struct compressor ppp_mppe = {
+ CI_MPPE, /* compress_proto */
+ mppe_comp_alloc, /* comp_alloc */
+ mppe_comp_free, /* comp_free */
+ mppe_comp_init, /* comp_init */
+ mppe_comp_reset, /* comp_reset */
+ mppe_compress, /* compress */
+ mppe_comp_stats, /* comp_stat */
+ mppe_comp_alloc, /* decomp_alloc */
+ mppe_comp_free, /* decomp_free */
+ mppe_decomp_init, /* decomp_init */
+ mppe_comp_reset, /* decomp_reset */
+ mppe_decompress, /* decompress */
+ mppe_incomp, /* incomp */
+ mppe_comp_stats, /* decomp_stat */
+};
+

56
net/ppp-mppe/patches/patch-bu Normal file
View file

@ -0,0 +1,56 @@
$NetBSD: patch-bu,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /dev/null Sat Sep 25 16:45:44 1999
+++ netbsd-1.4/getkey.c Sat Sep 25 17:06:23 1999
@@ -0,0 +1,51 @@
+/*
+ * Microsoft's Get_Key() per mppe draft by mag <mag@bunuel.tii.matav.hu>
+ */
+#include <sys/param.h>
+#include <sys/systm.h>
+#include "sha.h"
+
+ /*
+ * Pads used in key derivation
+ */
+static unsigned char SHAPad1[40] =
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+static unsigned char SHAPad2[40] =
+ {0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2,
+ 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2,
+ 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2,
+ 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2};
+
+ /*
+ * SHAInit(), SHAUpdate() and SHAFinal() functions are an
+ * implementation of Secure Hash Algorithm (SHA-1) [7]. These are
+ * available in public domain or can be licensed from
+ * RSA Data Security, Inc.
+ *
+ * 1) H is 8 bytes long for 40 bit session keys.
+ * 2) H is 16 bytes long for 128 bit session keys.
+ * 3) H' is same as H when this routine is called for the first time
+ * for the session.
+ * 4) The generated key is returned in H'. This is the "current" key.
+ */
+void
+GetNewKeyFromSHA(StartKey, SessionKey, SessionKeyLength, InterimKey)
+ unsigned char *StartKey;
+ unsigned char *SessionKey;
+ unsigned long SessionKeyLength;
+ unsigned char *InterimKey;
+{
+ SHA_CTX Context;
+ unsigned char Digest[SHA_DIGEST_LENGTH];
+
+ SHA1_Init(&Context);
+ SHA1_Update(&Context, StartKey, SessionKeyLength);
+ SHA1_Update(&Context, SHAPad1, 40);
+ SHA1_Update(&Context, SessionKey, SessionKeyLength);
+ SHA1_Update(&Context, SHAPad2, 40);
+ SHA1_Final(Digest,&Context);
+ memcpy(InterimKey, Digest, SessionKeyLength);
+}

37
net/ppp-mppe/patches/patch-bv Normal file
View file

@ -0,0 +1,37 @@
$NetBSD: patch-bv,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /u1/tmp/ppp-2.3.9/include/net/ppp-comp.h Tue Mar 24 22:33:32 1998
+++ include/net/ppp-comp.h Wed Sep 29 23:00:54 1999
@@ -42,6 +42,9 @@
#endif
#define DO_PREDICTOR_1 0
#define DO_PREDICTOR_2 0
+#ifndef DO_MPPENCRYPT
+#define DO_MPPENCRYPT 1
+#endif
/*
* Structure giving methods for compression/decompression.
@@ -109,7 +112,7 @@
/*
* Max # bytes for a CCP option
*/
-#define CCP_MAX_OPTION_LENGTH 32
+#define CCP_MAX_OPTION_LENGTH 64
/*
* Parts of a CCP packet.
@@ -153,6 +156,13 @@
#define DEFLATE_MAKE_OPT(w) ((((w) - DEFLATE_MIN_SIZE) << 4) \
+ DEFLATE_METHOD_VAL)
#define DEFLATE_CHK_SEQUENCE 0
+
+/*
+ * Definitions for MPPE.
+ */
+
+#define CI_MPPE 18 /* config. option for MPPE */
+#define CILEN_MPPE 6 /* length of config. option */
/*
* Definitions for other, as yet unsupported, compression methods.

22
net/ppp-mppe/patches/patch-bw Normal file
View file

@ -0,0 +1,22 @@
$NetBSD: patch-bw,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- netbsd-1.4/if_ppp.c.orig2 Wed Sep 29 22:46:03 1999
+++ netbsd-1.4/if_ppp.c Wed Sep 29 22:55:33 1999
@@ -176,6 +176,7 @@
extern struct compressor ppp_bsd_compress;
extern struct compressor ppp_deflate, ppp_deflate_draft;
+extern struct compressor ppp_mppe;
struct compressor *ppp_compressors[8] = {
#if DO_BSD_COMPRESS && defined(PPP_BSDCOMP)
@@ -184,6 +185,9 @@
#if DO_DEFLATE && defined(PPP_DEFLATE)
&ppp_deflate,
&ppp_deflate_draft,
+#endif
+#ifdef DO_MPPE && defined(PPP_MPPENCRYPT)
+ &ppp_mppe,
#endif
NULL
};

13
net/ppp-mppe/patches/patch-bx Normal file
View file

@ -0,0 +1,13 @@
$NetBSD: patch-bx,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- netbsd-1.4/sha_locl.h.orig Wed Sep 29 23:42:05 1999
+++ netbsd-1.4/sha_locl.h Wed Sep 29 23:44:04 1999
@@ -56,8 +56,6 @@
* [including the GNU Public Licence.]
*/
-#include <stdlib.h>
-#include <string.h>
#ifdef undef
/* one or the other needs to be defined */

13
net/ppp-mppe/patches/patch-by Normal file
View file

@ -0,0 +1,13 @@
$NetBSD: patch-by,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- netbsd-1.4/sha1dgst.c.orig Wed Sep 29 23:42:05 1999
+++ netbsd-1.4/sha1dgst.c Wed Sep 29 23:43:55 1999
@@ -56,8 +56,6 @@
* [including the GNU Public Licence.]
*/
-#include <stdio.h>
-#include <string.h>
#undef SHA_0
#define SHA_1
#include "sha.h"

14
net/ppp-mppe/patches/patch-bz Normal file
View file

@ -0,0 +1,14 @@
$NetBSD: patch-bz,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- netbsd-1.4/kinstall.sh.orig2 Wed Sep 29 23:48:37 1999
+++ netbsd-1.4/kinstall.sh Wed Sep 29 23:54:34 1999
@@ -20,6 +20,9 @@
for f in include/net/if_ppp.h include/net/ppp-comp.h include/net/ppp_defs.h \
$SRC/bsd-comp.c $SRC/ppp-deflate.c $SRC/if_ppp.c $SRC/if_pppvar.h \
$SRC/ppp_tty.c $SRC/slcompress.c include/net/slcompress.h \
+ $SRC/ppp_mppe.c $SRC/rc4_skey.c $SRC/getkey.c $SRC/opensslv.h \
+ $SRC/rc4.h $SRC/rc4.h $SRC/rc4_locl.h $SRC/sha.h $SRC/sha1dgst.c \
+ $SRC/sha_locl.h pppd/mppe.h \
common/zlib.c common/zlib.h; do
dest=$SYS/net/$(basename $f)
if [ -f $dest ]; then

121
net/ppp-mppe/patches/patch-ca Normal file
View file

@ -0,0 +1,121 @@
$NetBSD: patch-ca,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /dev/null Mon Sep 27 01:09:07 1999
+++ netbsd-1.4/lkm_mppe.c Mon Sep 27 02:03:12 1999
@@ -0,0 +1,116 @@
+/* NetBSD */
+/*
+ * Copyright (c) 1999 Darrin B. Jewell
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Darrin B. Jewell
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/conf.h>
+#include <sys/exec.h>
+#include <sys/lkm.h>
+
+#include <sys/tty.h>
+#include <sys/ttycom.h>
+
+MOD_MISC("mppe");
+
+extern struct compressor ppp_mppe;
+extern struct compressor *ppp_compressors[];
+extern int mppe_in_use;
+
+int mppe_lkmentry __P((struct lkm_table *, int, int));
+int mppe_lkm_load __P((struct lkm_table *, int));
+
+int
+mppe_lkm_load(lkmtp, cmd)
+ struct lkm_table *lkmtp;
+ int cmd;
+{
+ int i;
+ if (lkmexists(lkmtp)) return EEXIST;
+
+ for(i=0;i<7;i++) {
+ if (ppp_compressors[i] == NULL) {
+ ppp_compressors[i] = &ppp_mppe;
+ ppp_compressors[i+1] = NULL;
+ break;
+ }
+ }
+ if (i==7) {
+ printf("MPPE: no free compressor slots\n");
+ return ENODEV;
+ }
+
+ printf("MPPE: loaded into ppp at slot %d\n",i);
+
+ return 0;
+}
+
+int
+mppe_lkm_unload(lkmtp, cmd)
+ struct lkm_table *lkmtp;
+ int cmd;
+{
+ int i;
+ if (mppe_in_use) {
+ printf("MPPE: cannot unload lkm while in use (count=%d)\n",
+ mppe_in_use);
+ return EBUSY;
+ }
+ for(i=0;ppp_compressors[i];i++) {
+ if (ppp_compressors[i] == &ppp_mppe) break;
+ }
+ if (ppp_compressors[i] == NULL) {
+ printf("MPPE: cannot find mppe in ppp compressor slots\n");
+ return ENODEV;
+ }
+ printf("MPPE: unloaded from ppp at slot %d\n",i);
+ do {
+ ppp_compressors[i] = ppp_compressors[i+1];
+ } while(ppp_compressors[i++]);
+
+ return 0;
+}
+
+int
+mppe_lkm_stat(lkmtp, cmd)
+ struct lkm_table *lkmtp;
+ int cmd;
+{
+ printf("MPPE: use count %d\n",mppe_in_use);
+ return 0;
+}
+
+int
+mppe_lkmentry(lkmtp, cmd, ver)
+ struct lkm_table *lkmtp;
+ int cmd, ver;
+{
+ DISPATCH(lkmtp, cmd, ver, mppe_lkm_load,mppe_lkm_unload,mppe_lkm_stat);
+}

21
net/ppp-mppe/patches/patch-cb Normal file
View file

@ -0,0 +1,21 @@
$NetBSD: patch-cb,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /dev/null Sat Sep 25 16:21:45 1999
+++ netbsd-1.4/Makefile Sat Sep 25 16:38:19 1999
@@ -0,0 +1,16 @@
+
+.if defined(SYSDIR)
+S=${SYSDIR}
+.endif
+.PATH: $S/net
+
+CFLAGS+= -DMPPE_DEBUG=1 -DDIAGNOSTIC -I ${.CURDIR}/../pppd
+
+KMOD= mppe
+SRCS= ppp_mppe.c lkm_mppe.c rc4_skey.c getkey.c
+MKMAN= no
+
+# We set LDFLAGS becuase bsd.pkg.mk will put cc specific flags in it.
+LDFLAGS=
+
+.include <bsd.kmod.mk>

63
net/ppp-mppe/patches/patch-da Normal file
View file

@ -0,0 +1,63 @@
$NetBSD: patch-da,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
Index: Makefile.inc
diff -u /dev/null Makefile.inc
--- /dev/null Fri Sep 17 20:40:08 1999
+++ Makefile.inc Fri Sep 26 12:52:08 1997
@@ -0,0 +1,3 @@
+BINDIR=${PREFIX}/sbin
+MANDIR=${PREFIX}/man
+KMODDIR=${PREFIX}/lkm
--- netbsd-1.4/Makefile.top.orig2 Sat Sep 18 11:32:36 1999
+++ netbsd-1.4/Makefile.top Sat Sep 18 11:33:06 1999
@@ -1,5 +1,5 @@
# NetBSD: Makefile,v 1.17 1997/09/26 19:52:08 christos Exp
-SUBDIR= chat pppd pppstats
+SUBDIR= chat pppd pppstats netbsd-1.4
.include <bsd.subdir.mk>
--- pppd/Makefile.netbsd-1.4.orig2 Sat Sep 25 17:30:52 1999
+++ pppd/Makefile.netbsd-1.4 Sat Sep 25 17:33:27 1999
@@ -1,13 +1,11 @@
# NetBSD: Makefile,v 1.26 1999/08/25 02:07:41 christos Exp
-PCAPDIR=${.CURDIR}/../../../lib/libpcap
PROG= pppd
SRCS= auth.c cbcp.c ccp.c chap.c chap_ms.c demand.c eui64.c fsm.c \
ipcp.c ipv6cp.c ipxcp.c lcp.c magic.c main.c options.c sys-bsd.c \
upap.c utils.c mppe.c sha1dgst.c extra_crypto.c
-.PATH: ${PCAPDIR}
MAN= pppd.8
BINMODE=4555
BINOWN= root
@@ -15,7 +13,8 @@
LDADD= -lpcap -lcrypt -lutil
DPADD= ${LIBPCAP} ${LIBCRYPT} ${LIBUTIL}
CPPFLAGS+= -I. -DHAVE_PATHS_H
-CPPFLAGS+= -I${PCAPDIR} -DPPP_FILTER
+CPPFLAGS+= -I ${.CURDIR}/../include
+CPPFLAGS+= -DPPP_FILTER
CPPFLAGS+= -DCBCP_SUPPORT -DCHAPMS -DUSE_CRYPT -DMSLANMAN
CPPFLAGS+= -DMPPE
# XXX: Does not work (yet)
--- chat/Makefile.netbsd-1.4.orig2 Sat Sep 25 17:38:55 1999
+++ chat/Makefile.netbsd-1.4 Sat Sep 25 17:39:34 1999
@@ -2,5 +2,6 @@
PROG= chat
MAN= chat.8
+CPPFLAGS+= -I ${.CURDIR}/../include
.include <bsd.prog.mk>
--- pppstats/Makefile.netbsd-1.4.orig2 Sat Sep 25 17:40:19 1999
+++ pppstats/Makefile.netbsd-1.4 Sat Sep 25 17:40:36 1999
@@ -2,5 +2,6 @@
PROG= pppstats
MAN= pppstats.8
+CPPFLAGS+= -I ${.CURDIR}/../include
.include <bsd.prog.mk>

68
net/ppp-mppe/patches/patch-db Normal file
View file

@ -0,0 +1,68 @@
$NetBSD: patch-db,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- pppd/options.c.orig2 Sat Sep 18 02:11:16 1999
+++ pppd/options.c Sat Sep 18 02:22:19 1999
@@ -36,7 +36,15 @@
#include <arpa/inet.h>
#ifdef PPP_FILTER
#include <pcap.h>
+#if 0
#include <pcap-int.h> /* XXX: To get struct pcap */
+#else
+struct pcap {
+ int fd;
+ int snapshot;
+ int linktype;
+};
+#endif
#endif
#include "pppd.h"
@@ -1203,7 +1212,11 @@
setpassfilter_in(argv)
char **argv;
{
+#ifdef DLT_PPP_SERIAL
pc.linktype = DLT_PPP_SERIAL;
+#else
+ pc.linktype = DLT_PPP;
+#endif
pc.snapshot = PPP_HDRLEN;
if (pcap_compile(&pc, &pass_filter_in, *argv, 1, netmask) == 0)
@@ -1219,7 +1232,11 @@
setpassfilter_out(argv)
char **argv;
{
+#ifdef DLT_PPP_SERIAL
pc.linktype = DLT_PPP_SERIAL;
+#else
+ pc.linktype = DLT_PPP;
+#endif
pc.snapshot = PPP_HDRLEN;
if (pcap_compile(&pc, &pass_filter_out, *argv, 1, netmask) == 0)
@@ -1235,7 +1252,11 @@
setactivefilter_in(argv)
char **argv;
{
+#ifdef DLT_PPP_SERIAL
pc.linktype = DLT_PPP_SERIAL;
+#else
+ pc.linktype = DLT_PPP;
+#endif
pc.snapshot = PPP_HDRLEN;
if (pcap_compile(&pc, &active_filter_in, *argv, 1, netmask) == 0)
@@ -1252,7 +1273,11 @@
setactivefilter_out(argv)
char **argv;
{
+#ifdef DLT_PPP_SERIAL
pc.linktype = DLT_PPP_SERIAL;
+#else
+ pc.linktype = DLT_PPP;
+#endif
pc.snapshot = PPP_HDRLEN;
if (pcap_compile(&pc, &active_filter_out, *argv, 1, netmask) == 0)

87
net/ppp-mppe/patches/patch-dc Normal file
View file

@ -0,0 +1,87 @@
$NetBSD: patch-dc,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- netbsd-1.4/ppp_tty.c.orig2 Sat Sep 18 11:06:15 1999
+++ netbsd-1.4/ppp_tty.c Sat Sep 18 11:09:46 1999
@@ -123,9 +123,13 @@
int pppinput __P((int c, struct tty *tp));
int pppstart __P((struct tty *tp));
+#ifdef TIOCRCVFRAME
static void ppprcvframe __P((struct ppp_softc *sc, struct mbuf *m));
+#endif
static u_int16_t pppfcs __P((u_int16_t fcs, u_char *cp, int len));
+#ifdef TIOCXMTFRAME
static void pppsyncstart __P((struct ppp_softc *sc));
+#endif
static void pppasyncstart __P((struct ppp_softc *));
static void pppasyncctlp __P((struct ppp_softc *));
static void pppasyncrelinq __P((struct ppp_softc *));
@@ -202,7 +206,11 @@
#if NBPFILTER > 0
/* Switch DLT to PPP-over-serial. */
+#ifdef DLT_PPP_SERIAL
bpf_change_type(&sc->sc_bpf, DLT_PPP_SERIAL, PPP_HDRLEN);
+#else
+ bpf_change_type(&sc->sc_bpf, DLT_PPP, PPP_HDRLEN);
+#endif
#endif
sc->sc_ilen = 0;
@@ -414,9 +422,11 @@
error = 0;
switch (cmd) {
+#ifdef TIOCRCVFRAME
case TIOCRCVFRAME:
ppprcvframe(sc,*((struct mbuf **)data));
break;
+#endif
case PPPIOCSASYNCMAP:
if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
@@ -462,6 +472,7 @@
return error;
}
+#ifdef TIOCRCVFRAME
/* receive a complete ppp frame from device in synchronous
* hdlc mode. caller gives up ownership of mbuf
*/
@@ -570,6 +581,7 @@
m_freem(m);
splx(s);
}
+#endif
/*
* FCS lookup table as calculated by genfcstab.
@@ -623,6 +635,7 @@
return (fcs);
}
+#ifdef TIOCXMTFRAME
/* This gets called at splsoftnet from pppasyncstart at various times
* when there is data ready to be sent.
*/
@@ -657,6 +670,7 @@
sc->sc_stats.ppp_obytes += len;
}
}
+#endif
/*
* This gets called at splsoftnet from if_ppp.c at various times
@@ -674,10 +688,12 @@
struct mbuf *m2;
int s;
+#ifdef TIOCXMTFRAME
if (sc->sc_flags & SC_SYNC){
pppsyncstart(sc);
return;
}
+#endif
idle = 0;
while (CCOUNT(&tp->t_outq) < PPP_HIWAT) {

25
net/ppp-mppe/patches/patch-dd Normal file
View file

@ -0,0 +1,25 @@
$NetBSD: patch-dd,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /dev/null Sat Sep 18 04:53:17 1999
+++ netbsd-1.4/ppp.h Sat Sep 18 05:06:12 1999
@@ -0,0 +1 @@
+#define NPPP 4
--- /dev/null Sat Sep 18 04:53:17 1999
+++ netbsd-1.4/opt_gateway.h Sat Sep 18 05:06:09 1999
@@ -0,0 +1 @@
+/* option `GATEWAY' not defined */
--- /dev/null Sat Sep 18 04:53:17 1999
+++ netbsd-1.4/opt_inet.h Sat Sep 18 05:06:09 1999
@@ -0,0 +1,2 @@
+/* option `INET6' not defined */
+#define INET 1
--- /dev/null Sat Sep 18 04:53:17 1999
+++ netbsd-1.4/opt_ppp.h Sat Sep 18 05:06:09 1999
@@ -0,0 +1,3 @@
+#define PPP_FILTER 1
+#define PPP_BSDCOMP 1
+#define PPP_DEFLATE 1
--- /dev/null Sat Sep 18 04:53:17 1999
+++ netbsd-1.4/bpfilter.h Sat Sep 18 05:10:37 1999
@@ -0,0 +1 @@
+#define NBPFILTER 8

24
net/ppp-mppe/patches/patch-de Normal file
View file

@ -0,0 +1,24 @@
$NetBSD: patch-de,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /dev/null Sat Sep 18 10:57:59 1999
+++ netbsd-1.4/Makefile.lkm_ppp Sat Sep 18 11:04:00 1999
@@ -0,0 +1,19 @@
+
+.PATH: ${.CURDIR}/../common
+CFLAGS+= -I ${.CURDIR}/../include
+KMOD= if_ppp_lkm
+SRCS= lkm_ppp.c if_ppp.c ppp-deflate.c ppp_tty.c slcompress.c zlib.c
+MKMAN= no
+
+# We set LDFLAGS becuase bsd.pkg.mk will put cc specific flags in it.
+LDFLAGS=
+
+.PHONY: net-links
+depend: net-links
+all: net-links
+net-links:
+ -rm -f net && ln -s ${.CURDIR} net
+
+CLEANFILES+=net
+
+.include <bsd.kmod.mk>

99
net/ppp-mppe/patches/patch-df Normal file
View file

@ -0,0 +1,99 @@
$NetBSD: patch-df,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
--- /dev/null Sat Sep 18 11:13:03 1999
+++ netbsd-1.4/lkm_ppp.c Sat Sep 18 11:16:47 1999
@@ -0,0 +1,94 @@
+/* NetBSD */
+/*
+ * Copyright (c) 1999 Darrin B. Jewell
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Darrin B. Jewell
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/conf.h>
+#include <sys/exec.h>
+#include <sys/lkm.h>
+
+#include <sys/tty.h>
+#include <sys/ttycom.h>
+
+void pppattach __P((void));
+int pppopen __P((dev_t dev, struct tty *tp));
+int pppclose __P((struct tty *tp, int flags));
+int ppptioctl __P((struct tty *tp, u_long cmd, caddr_t data,
+ int flag, struct proc *p));
+int pppinput __P((int c, struct tty *tp));
+int pppstart __P((struct tty *tp));
+int pppread __P((struct tty *tp, struct uio *uio, int flag));
+int pppwrite __P((struct tty *tp, struct uio *uio, int flag));
+
+MOD_MISC("ppp");
+
+int if_ppp_lkm_lkmentry __P((struct lkm_table *, int, int));
+int if_ppp_lkm_load __P((struct lkm_table *, int));
+
+struct linesw ppp_linesw = {
+ pppopen,
+ pppclose,
+ pppread,
+ pppwrite,
+ ppptioctl,
+ pppinput,
+ pppstart,
+ ttymodem
+};
+
+int
+if_ppp_lkm_load(lkmtp, cmd)
+ struct lkm_table *lkmtp;
+ int cmd;
+{
+ if (lkmexists(lkmtp)) return EEXIST;
+
+ linesw[PPPDISC] = ppp_linesw;
+ pppattach();
+
+ /* XXX, in order for this lkm to work, we would need to
+ * arrange to have pppintr() called at splsoftnet()
+ * I might at some point use a kernel thread to invoke
+ * this when needed instead, but for now, I just plan
+ * to use ppp compiled into the kernel. --darrin
+ */
+#error "Not Yet Implemented, if_ppp_lkm_load"
+
+ return 0;
+}
+
+int
+if_ppp_lkm_lkmentry(lkmtp, cmd, ver)
+ struct lkm_table *lkmtp;
+ int cmd, ver;
+{
+ DISPATCH(lkmtp, cmd, ver, if_ppp_lkm_load,lkm_nofunc,lkm_nofunc);
+}

1
net/ppp-mppe/pkg/COMMENT Normal file
View file

@ -0,0 +1 @@
PPP daemon and LKM with MPPE - Microsoft Point-to-Point Encryption

23
net/ppp-mppe/pkg/DESCR Normal file
View file

@ -0,0 +1,23 @@
The Point-to-Point Protocol (PPP) provides a standard way to establish a
network connection over a serial link. At present, this package supports
IP and the protocols layered above IP, such as TCP and UDP.
This software consists of two parts:
- Loadable Kernel module, which establishes a network interface and
passes packets between the serial port, the kernel networking code and
the PPP daemon (pppd).
- The PPP daemon (pppd), which negotiates with the peer to establish the
link and sets up the ppp network interface. Pppd includes support for
authentication, so you can control which other systems may make a PPP
connection and what IP addresses they may use.
This version is patched to support MPPE:
MPPE - Microsoft Point-to-Point Encryption uses rc4 (40 or 128 bit) as a
bi-directional encryption algorithm. The keys are based on your MS-CHAP
authentication info, so you must use chapms or chapms-v2.
MPPE is NOT a particularly secure mode of operation. For maximum possible
security using MPPE, it is advised in the RFC's to use the highest mode of
encryption that is legal, and to enable stateless mode (which renogotiates
keys with every packet). Even with these precautions, MPPE is not very
secure, but anything is better than nothing, right?

12
net/ppp-mppe/pkg/PLIST Normal file
View file

@ -0,0 +1,12 @@
@comment $NetBSD: PLIST,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
sbin/chat
man/man8/chat.8
man/cat8/chat.0
sbin/pppd
man/man8/pppd.8
man/cat8/pppd.0
sbin/pppstats
man/man8/pppstats.8
man/cat8/pppstats.0
lkm/mppe.o
@dirrm lkm