scratch, it uses parser.c derived from ikectl(8) to have OpenBSD's
fashion. This includes related changes listed below:
- changed npppd control IPC heavyly.
- support IPv6 as tunnel source address.
- deleted support changing the configuration of npppd_ctl on running.
Because it is not so needed but it requires privilege operations.
- refactors.
man page helps from jmc. tested by sebastia.
ok deraadt sebastia sthen
reorder packets to pass to the upper layer without reorder. It
will improve performance (throughput or loss rate) for PPTP or
L2TP(/IPesc) on networks that latency is unstable such as mobile
network.
As our test environment (bandwidth: 6Mbps, latency: 50ms for 97% of
traffic and 52ms for rest of traffic), throughput has changed from
0.76MB to 2.17MB on file upload by PPTP connected Windows Vista
ftp.exe.
Developed by UMEZAWA Takeshi at IIJ.
ok jmatthew@
tested jmatthew@ and myself.
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled
and it will not process packets from wire. Update man pages and
update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
- Changed finalizing way to the privileged process. In old way, the
privileged process could not aware abnormal exit of the process in
jail. Then the processes in jail remained as zombies. Created a
pipe to monitor the privileged process, the privileged process can
exit in peace by using the pipe.
- npppd will exit abnormally when the privileged process exits
abnormally.
- PF_KEY socket requires privileges.
- Return correct "errno" to the jail in priv_open().
- Cleanup.
ok hsuenaga@
- Add functions to radius+.c that are required to implement RADIUS
accounting.
- Send RADIUS Account-Start and Account-Stop messages with attributes that
are defined by RFC 2866, 2868, 2869.
- If any authentication realm is deleted from the configuration, npppd may
exit by segmentation fault.
- Delete radius_common.c, radius_common.h and eap.c because they are not
used.
- Retransmission and failover are reimplemented.
- Cleanup
pppx mode will create a pppx interface for each ppp session in the kernel,
and will rely on the kernel to handle the routing rather than doing it
itself. as a bonus it will configure the interfaces description with the
username of the person connecting (which makes systat if pretty).
ok claudio@ yasuoka@ as part of a larger diff
from jonathan matthew
weve been running all this in production for a month now..
done by IIJ people (MATSUI Yoshihiro, SAITOH Masanobu, Tomoyuki Sahara),
yuo@ and myself.
This diff also includes
- delete part of useless comments, correct spelling.
- add man page of npppdctl.
There is no functional change.
- Drop privilege after daemon initializing.
- Some system calls that requires root privileges were replaced to
wrapper functions that communicate with a separated privileged
process via IPC. And the privileged process checks whether the
operations are acceptable.
