mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-03 06:45:37 -08:00
Code
237,360 Commits 1 Branch 0 Tags 810 MiB
master
Commit Graph

295 Commits

Author SHA1 Message Date
yasuoka
bc1389e9be Configuration option strip-nt-domain' and strip-atmark-realm' didn't 
work since the parser mistakenly treated them as `eap-capable' option.

Pointed out by markus
 2013-04-16 07:29:08 +00:00
yasuoka
3cdf74ee2a pppoed didn't work since it has been broken after the last 
configuration parser change.

pointed out by todd.
 2013-04-16 07:27:36 +00:00
giovanni
c38b0221bc Turn an error into a warning to be able to start l2tp tunnels even if 
gre is not allowed.
ok yasuoka@
 2013-04-06 17:03:51 +00:00
sthen
fbb5c869be typo: icpp/ipcp; from Renaud Allard 2013-03-19 12:49:30 +00:00
giovanni
20dd5096a6 Install npppd.conf with perms 0640, there could be the radius config on this file 
ok yasuoka@
 2013-03-14 16:20:46 +00:00
mpi
f49f8bc1ca Remove some faith-related #ifdef'd code that was only used for old IIJ 
products and never enabled in our tree.

ok yasuoka@
 2013-03-14 10:21:07 +00:00
deraadt
62e3c25282 handle ECONNABORTED errors from accept(). In many code blocks they can be 
ignored silently and without aborting, much like EINTR and EWOULDBLOCK are.
ok's from various maintainers of these directories...
 2013-03-11 17:40:09 +00:00
giovanni
72613efc38 do not start npppd if a pptp tunnel is configured but the gre protocol is not 
enabled.
ok yasuoka@
 2013-03-11 09:28:02 +00:00
yasuoka
de0a2dd6fb Pipex did panic when the 0 length mppe is given by ioctl. Return 
EINVAL instead of panic.  Also npppd called ioctl with the invalid
argument because of the bugs introduced by the config parser change
commit.  Fixed those bugs and make sure not to use 0 length keys for
MPPE.

reported by csszep at gmail and giovanni
ok giovanni
 2013-02-13 22:10:38 +00:00
yasuoka
90b6ff2cf4 Fix memory leak in privsep.c. Free the memories which were allocated by 
getcap(3).
 2013-02-08 12:35:52 +00:00
yasuoka
0099d8a4d1 add mention about 'mppe' configuration option which is missing. 
pointed out by csszep at gmail.com
 2013-02-08 12:15:33 +00:00
yasuoka
7f3c1c6c72 Because of the getcap(3) limitation, colon(':') can not be used for 
password or username in npppd.conf.  Add this in the BUGS section.

pointed out by and ok giovanni
 2013-02-08 12:04:15 +00:00
yasuoka
36859662cb Listening on IPv6 address is not supported for pptp tunnel. Document 
this to the man page and refuse it by the config parser.
 2013-02-08 11:06:26 +00:00
giovanni
1049b6f43f remove unused constant definition 
ok yasuoka@
 2013-02-06 11:47:18 +00:00
giovanni
e43f5e6d4b remove duplicated CPPFLAGS definition 
ok yasuoka@
 2013-02-06 11:45:48 +00:00
yasuoka
6b35b0758f port numbers for radius servers were not configured correctly. 
pointed out by mxb and Robert Blacquiere
 2013-01-31 09:44:21 +00:00
yasuoka
735f691f12 Deleting ip address of tun inteface was failed. This was caused by 
passing wrong inteface name to ioctl().

pointed out by csszep at gmail.com
 2013-01-31 02:14:46 +00:00
yasuoka
f91bf83594 Add pppx.4 and enable links to it. 
ok dlg@
 2013-01-29 15:42:20 +00:00
brad
565dd868d9 Remove inline from ppp_output() function to fix building with LLVM. 
ok yasuoka@ millert@
 2013-01-07 18:12:08 +00:00
sthen
ae857af592 Remove extra semicolon in "if (...);" which caused an incorrect flag to 
be set in  _this->keylenbits. Found by scanning the tree using coccinelle.
ok yasuoka
 2012-12-19 09:23:54 +00:00
deraadt
4a39ccd02c Remove excessive sys/cdefs.h inclusion 
ok guenther millert kettenis
 2012-12-05 23:19:48 +00:00
yasuoka
98f88edee8 Including ../../Makefile.inc was loop when npppd/obj is not a symbolic link. 
Delete Makefile.inc and define BINDIR at npppd/Makefile directly.
 2012-11-28 08:06:01 +00:00
yasuoka
59408346c5 Add accept.c from ldpd and use it to handle file descriptor exhaustion 
in accept() case.

"go for it" deraadt
 2012-11-13 17:10:40 +00:00
yasuoka
59b960865e Constify arguments to sendto_nat_t and add missing 
#include "recvfromto.h" to l2tp_ctrl.c.  no binary changes.
 2012-11-13 06:34:13 +00:00
yasuoka
32012184f0 framed-ip-address and framed-ip-netmask were not working. 
pointed out by Andrew Ngo.
 2012-09-28 23:46:00 +00:00
espie
dc31617316 gcc2 doesn't like unnamed fields. make this compile on vax again. 
"looks right" deraadt@
 2012-09-22 20:22:48 +00:00
jmc
0fd8ffeaf1 various fixes; ok yasuoka 2012-09-22 14:32:35 +00:00
jmc
a2ec5c8a63 various tweaks; 2012-09-21 09:03:32 +00:00
jmc
0472b88d97 various fixes; ok yasuoka 2012-09-20 20:28:09 +00:00
yasuoka
d483baad4f Enable npppd and npppctl in default build. Add npppd to rc and 
install sample configs to /etc/.

ok claudio deraadt henning mcbride
 2012-09-20 12:51:43 +00:00
yasuoka
05afa5beef tweak man pages. 
- new sentence, new line
- on npppd.8 BUGS section, clarified that what is dropped is L2TP/IPsec
  packets
these must be included the previous commit.
 2012-09-19 19:29:21 +00:00
yasuoka
f892cf2317 tweak man pages. 
- add missing copyright
- delete comment lines from the template
- new sentence, new line
- on npppd.8 BUGS section, clarified that what is dropped is L2TP/IPsec
  packets
 2012-09-19 18:33:56 +00:00
yasuoka
bdfe8fd00b cleanup around the pipex. naming style, delete or update comments. 
no functional changes.
 2012-09-19 17:50:17 +00:00
yasuoka
b4e25641b9 remove files that became unused by new configuration syntax. 2012-09-19 08:58:57 +00:00
yasuoka
5774b263ff fix mandoc -Tlint warnings. 2012-09-18 13:23:39 +00:00
yasuoka
821f7c5673 New configuration syntax for npppd(8). `npppd.conf' will be based on 
parse.y and `npppd-users' will be based on getcap(3).  Add man pages.

feedback from giovanni
 2012-09-18 13:14:08 +00:00
yasuoka
f6b8cd1c9a fix typo and comment 
from umezawa at iij
 2012-09-07 10:47:42 +00:00
yasuoka
a5018c90fb use IPsec flowinfo on pipex(4) to select the IPsec tunnel for sending 
L2TP packets.

ok markus henning
 2012-07-17 03:18:57 +00:00
markus
b56612b66b add IP_IPSECFLOWINFO option to sendmsg() and recvmsg(), so npppd(4) 
can use this to select the IPsec tunnel for sending L2TP packets.
this fixes Windows (always binding to 1701) and Android clients
(negotiating wildcard flows); feedback mpf@ and yasuoka@;
ok henning@ and yasuoka@; ok jmc@ for the manpage
 2012-07-16 18:05:35 +00:00
yasuoka
510ecc0260 npppd used wrong AVPs as a calling number' because break' in switch 
case was missing.

ok claudio henning
 2012-07-13 15:11:14 +00:00
giovanni
6c0f7cb557 Increase maximum number of tun interfaces to 8. 
ok yasuoka@
 2012-07-08 13:21:02 +00:00
yasuoka
ae71319efd don't use reigai' that means exception' in Japanese as labels. 
no binary change.

from Michael W. Bombardieri
 2012-06-05 06:31:27 +00:00
yasuoka
c1d3bc1c93 Delete rtev* that was to work around routing socket overflows. 
This was forgotten on the prior commit.
 2012-05-08 13:40:42 +00:00
yasuoka
84c9ec023f Fix a null reference bug on terminating the process. 
seems ok henning, ok mcbride
 2012-05-08 13:30:16 +00:00
yasuoka
b01648a9c0 Result-Code AVP of StopCCN was not parsed properly. 
seems ok henning, ok mcbride
 2012-05-08 13:28:06 +00:00
yasuoka
d2083829b4 Ignore NAK of authentication protocol option on LCP that was not 
requested.

ok mcbride henning
 2012-05-08 13:26:12 +00:00
yasuoka
2160905138 Fix double free bug in PAP with radius authentication. 
(found by yus at iij)

ok mcbride henning
 2012-05-08 13:23:53 +00:00
yasuoka
45ec9325ae Ignore ACCM option on LCP. This was required by some LAC that uses 
the option in proxied LCP.

ok mcbride henning
 2012-05-08 13:20:44 +00:00
yasuoka
9a200ddf43 Trivial changes from the upstream(IIJ). 
- fix styles, compile errors in some ifdef condition and compiler warnings.
 - delete rtev* that was to work around routing socket overflows.
 - delete is_ctrl argument from l2tp_ctrl_send_packet().  It's not used.
 - tweak returning the exit status.
 - use IPV6_IPSEC_POLICY for IPv6 socket.
   (though npppd cannot set up a ipsec policy to the socket yet.)

ok mcbride henning
 2012-05-08 13:18:37 +00:00
yasuoka
7a7bab9d0f Fix comments and styles. Delete unused variables and labels. 
No binary changes.

ok mcbride henning
 2012-05-08 13:15:11 +00:00
guenther
98c266579d Correct the spelling of "transferred" and "transferring" 
from Tobias Ulmer (tobiasu at tmux.org); ok jmc@, krw@
 2012-02-24 06:19:00 +00:00
yasuoka
18025b7e27 Add handling of `rx connect speed' avp to avoid the bug of xl2tpd. 
Reported and tested by sebastia@
ok sthen sebastia giovanni
 2012-01-23 03:41:21 +00:00
yasuoka
3b5b2d97c8 The ingress filter of pipex and npppd become configurable and disabled 
by default.  After this change we need to add

  ppp.ingress_filter: true

to npppd.conf if it is needed.

ok sthen
 2012-01-23 03:36:21 +00:00
yasuoka
9b9254fe80 npppdctl related files should be removed. Added a mention about that. 2012-01-18 03:21:28 +00:00
yasuoka
363e4d4b0d Replace npppdctl(8) by new npppctl(8). npppctl was written from 
scratch, it uses parser.c derived from ikectl(8) to have OpenBSD's
fashion.  This includes related changes listed below:
- changed npppd control IPC heavyly.
- support IPv6 as tunnel source address.
- deleted support changing the configuration of npppd_ctl on running.
  Because it is not so needed but it requires privilege operations.
- refactors.

man page helps from jmc.  tested by sebastia.
ok deraadt sebastia sthen
 2012-01-18 03:13:04 +00:00
yasuoka
c46ae40308 Fix compiler warnings and some styles. 
ok sebastia sthen
 2012-01-18 02:53:56 +00:00
sebastia
a581e4bf5e mkdir needs -m to set the mode 
OK yasuoka@
 2012-01-06 11:20:36 +00:00
jmc
71c4d082e6 formatting errors, found using freebsd's "igor"; 2011-12-24 08:46:48 +00:00
yasuoka
6cc855c5e3 use existing _ppp instead of _npppd as a user/group id for npppd. 
ok deraadt@ henning@
 2011-10-28 11:53:21 +00:00
yasuoka
e405d423d1 Added "provision for rewound PPP frames" that allows receiving 
reorder packets to pass to the upper layer without reorder.  It
will improve performance (throughput or loss rate) for PPTP or
L2TP(/IPesc) on networks that latency is unstable such as mobile
network.

As our test environment (bandwidth: 6Mbps, latency: 50ms for 97% of
traffic and 52ms for rest of traffic), throughput has changed from
0.76MB to 2.17MB on file upload by PPTP connected Windows Vista
ftp.exe.

Developed by UMEZAWA Takeshi at IIJ.

ok jmatthew@
tested jmatthew@ and myself.
 2011-10-15 03:24:11 +00:00
yasuoka
90b03482cb Include PIPEX in kernel by default. And add new sysctl variable 
`net.pipex.enable' to enable PIPEX.   By default, pipex is disabled
and it will not process packets from wire.  Update man pages and
update HOWTO_PIPEX_NPPPD.txt for testers.

discussed with dlg@, ok deraadt@ mcbride@ claudio@
 2011-07-08 18:30:16 +00:00
yasuoka
5fefcc09de Improved npppd privileged separations: 
- Changed finalizing way to the privileged process.  In old way, the
  privileged process could not aware abnormal exit of the process in
  jail.  Then the processes in jail remained as zombies.  Created a
  pipe to monitor the privileged process, the privileged process can
  exit in peace by using the pipe.
- npppd will exit abnormally when the privileged process exits
  abnormally.
- PF_KEY socket requires privileges.
- Return correct "errno" to the jail in priv_open().
- Cleanup.

ok hsuenaga@
 2011-07-08 06:14:54 +00:00
yasuoka
33a18954b1 I forgot to delete files on my previous commit. sorry. 2011-07-06 22:47:46 +00:00
yasuoka
8daf7599d7 Add RADIUS accounting support and some authentication related changes: 
- Add functions to radius+.c that are required to implement RADIUS
  accounting.
- Send RADIUS Account-Start and Account-Stop messages with attributes that
  are defined by RFC 2866, 2868, 2869.
- If any authentication realm is deleted from the configuration, npppd may
  exit by segmentation fault.
- Delete radius_common.c, radius_common.h and eap.c because they are not
  used.
- Retransmission and failover are reimplemented.
- Cleanup
 2011-07-06 20:52:28 +00:00
yasuoka
44a662e77f Fixed some bugs of priv_send(). The bugs caused sending routing messages 
failures.  'errno' returned by the privileged process was not initialized.
'tolen' in priv_sendto() was garbage.

ok hsuenaga@
 2011-07-05 01:33:40 +00:00
markus
fd218b0665 disable pipex for L2TP on disconnect, too; yasuoka@ agrees. 2011-05-15 15:47:52 +00:00
dlg
cd8e09b979 add support for pppx interfaces instead of tun interfaces. 
pppx mode will create a pppx interface for each ppp session in the kernel,
and will rely on the kernel to handle the routing rather than doing it
itself. as a bonus it will configure the interfaces description with the
username of the person connecting (which makes systat if pretty).

ok claudio@ yasuoka@ as part of a larger diff
from jonathan matthew
weve been running all this in production for a month now..
 2011-04-02 12:04:44 +00:00
okan
c8c4dd3640 spelling. 
ok yasuoka@
 2011-03-16 09:49:11 +00:00
okan
adafb74903 use timerclear macro. while here, fix spelling. 
ok yasuoka@
 2011-03-16 09:48:45 +00:00
dlg
3ff20fd767 fix a buffer overflow in the pppoe receive packet handling. 
diff from yasuoka@
ok deraadt@
 2011-02-28 02:31:55 +00:00
jasper
421b67a148 - tyop, recieve -> receive 
ok sthen@
 2011-01-20 23:12:33 +00:00
yasuoka
2ada098c90 IP_PIPEX mistakenly was applied to the 1723/tcp socket. Apply the option 
to the gre socket.
 2010-09-27 00:12:16 +00:00
yasuoka
71fd4094a4 correct the path of npppd, and use modp1024 on the sample ipsec.conf 
because iPhone doesn't support modp2048.
 2010-09-26 06:54:44 +00:00
yasuoka
886d2b78c3 Add support pipex for L2TP call and L2TP on IPv6. 
- pipex requires unique session-id in protocol, so session-id
  generation algorithm has been changed.
- change to fit the new PIPEX ioctl.
ok dlg@
 2010-09-24 14:50:30 +00:00
yasuoka
0383c4d690 npppd didn't setup a PIPEX session if MPPE is not required by config and 
CCP is failed to be opened because the peer doesn't support MPPE.  Fixed to
setup a PIPEX on such case.
 2010-09-24 02:57:43 +00:00
jsg
4dc6ca78e4 Add the same license text to these files as the rest of npppd. 
ok yasuoka@
 2010-09-23 04:47:40 +00:00
jsg
bcd917bcd8 remove support for talking to the zebra routing socket which 
was not enabled, we use a kernel routing socket for such things.

ok yasuoka@ claudio@
 2010-09-23 01:45:10 +00:00
yasuoka
664c6b8562 unify MS-CHAP implementation to sbin/iked/chap_ms.[ch]. 
copy sbin/iked/chap_ms.[ch] and fixed chap.c and eap.c to compile with it.
 2010-09-22 11:48:38 +00:00
jsg
a33c347575 make the arguments match the format string in usage 
ok yasuoka@
 2010-09-22 00:32:48 +00:00
yasuoka
82d1e7ece7 Update instructions for testing npppd and pipex. The instructions was 
out-of-date-ed after my privilege separation work at n2k10.
 2010-09-20 03:51:31 +00:00
jsg
e74809e1c3 Fix use of logical and where binary and was intended. 
Spotted by Mike Belopuhov, ok yasuoka@
 2010-08-02 09:29:53 +00:00
yasuoka
01c14b6187 delete IIJ local functionalities. 2010-07-31 09:33:09 +00:00
miod
a34540b369 opration -> operation 2010-07-20 20:47:13 +00:00
yasuoka
e109dc1850 add $OpenBSD$ and remove trailing space. no functional change. 2010-07-02 21:20:57 +00:00
yasuoka
b939729674 fix mistakes that have been created by my porting to OpenBSD. 
- delete a change only for debug
 - add missing 'else'
 2010-07-02 19:05:20 +00:00
yasuoka
ef1c7bdec0 add man page of npppdctl. 
(this should be included in my previous commit)
 2010-07-01 03:55:23 +00:00
yasuoka
f0a4e295ec Translate Japanese comments or labels into English. Translation was 
done by IIJ people (MATSUI Yoshihiro, SAITOH Masanobu, Tomoyuki Sahara),
yuo@ and myself.

This diff also includes
 - delete part of useless comments, correct spelling.
 - add man page of npppdctl.

There is no functional change.
 2010-07-01 03:38:17 +00:00
claudio
4cb5359546 Remove the tiny bit of C++ that is not realy needed so that we get a pure 
C application.
OK yasuoka@, reyk@
 2010-05-12 08:12:11 +00:00
yasuoka
b3491dc1d8 add HOWTO_PIPEX_NPPPD.txt for people who try to use pipex and npppd before 
everything is done.
 2010-01-31 13:27:36 +00:00
yasuoka
4a78f66b30 privilege separation of npppd. 
- Drop privilege after daemon initializing.
- Some system calls that requires root privileges were replaced to
  wrapper functions that communicate with a separated privileged
  process via IPC.  And the privileged process checks whether the
  operations are acceptable.
 2010-01-31 05:49:50 +00:00
yasuoka
00ed837c7a Fixed 2 off-by-one problems. 
(found by parfait, reported by jsg@)
 2010-01-27 07:27:02 +00:00
yasuoka
4326fc6541 Address family for UNIX domain socket was mistakenly specified as 
AF_INET.  It should be AF_UNIX.
 2010-01-15 03:29:11 +00:00
yasuoka
386447d660 fix to compile with gcc4. (from jsg@) 2010-01-14 23:35:39 +00:00
yasuoka
53f89ef851 cleanup npppd code. delete IIJ local ifdef switches and fix warnings. 
ok @dlg
 2010-01-13 07:49:44 +00:00
yasuoka
0fbf353719 Initial import npppd(8). npppd is a new PPP daemon that handles many 
ppp sessions as a server.  It supports L2TP, PPTP and PPPoE as
tunneling.

ok mcbride@ dlg@ deraadt@ reyk@.
 2010-01-11 04:20:56 +00:00