1 diff -ruN ppp-2.4.2.orig/include/linux/ppp-comp.h ppp-2.4.2-stdopt/include/linux/ppp-comp.h
2 --- ppp-2.4.2.orig/include/linux/ppp-comp.h 2002-12-06 10:49:15.000000000 +0100
3 +++ ppp-2.4.2-stdopt/include/linux/ppp-comp.h 2004-01-21 06:51:09.000000000 +0100
8 - * ==FILEVERSION 20020319==
9 + * ==FILEVERSION 20020715==
11 * NOTE TO MAINTAINERS:
12 * If you modify this file at all, please set the above date.
15 /* Compress a packet */
16 int (*compress) (void *state, unsigned char *rptr,
17 - unsigned char *obuf, int isize, int osize);
18 + unsigned char *obuf, int isize, int osize);
20 /* Return compression statistics */
21 void (*comp_stat) (void *state, struct compstat *stats);
24 /* Decompress a packet. */
25 int (*decompress) (void *state, unsigned char *ibuf, int isize,
26 - unsigned char *obuf, int osize);
27 + unsigned char *obuf, int osize);
29 /* Update state for an incompressible packet received */
30 void (*incomp) (void *state, unsigned char *ibuf, int icnt);
32 opts |= MPPE_OPT_UNKNOWN; \
33 } while (/* CONSTCOND */ 0)
35 +/* MPPE/MPPC definitions by J.D.*/
36 +#define MPPE_STATELESS MPPE_H_BIT /* configuration bit H */
37 +#define MPPE_40BIT MPPE_L_BIT /* configuration bit L */
38 +#define MPPE_56BIT MPPE_M_BIT /* configuration bit M */
39 +#define MPPE_128BIT MPPE_S_BIT /* configuration bit S */
40 +#define MPPE_MPPC MPPE_C_BIT /* configuration bit C */
43 + * Definitions for Stac LZS.
46 +#define CI_LZS 17 /* config option for Stac LZS */
47 +#define CILEN_LZS 5 /* length of config option */
49 +#define LZS_OVHD 4 /* max. LZS overhead */
50 +#define LZS_HIST_LEN 2048 /* LZS history size */
51 +#define LZS_MAX_CCOUNT 0x0FFF /* max. coherency counter value */
53 +#define LZS_MODE_NONE 0
54 +#define LZS_MODE_LCB 1
55 +#define LZS_MODE_CRC 2
56 +#define LZS_MODE_SEQ 3
57 +#define LZS_MODE_EXT 4
59 +#define LZS_EXT_BIT_FLUSHED 0x80 /* bit A */
60 +#define LZS_EXT_BIT_COMP 0x20 /* bit C */
63 * Definitions for other, as yet unsupported, compression methods.
65 diff -ruN ppp-2.4.2.orig/include/net/ppp-comp.h ppp-2.4.2-stdopt/include/net/ppp-comp.h
66 --- ppp-2.4.2.orig/include/net/ppp-comp.h 2002-12-06 10:49:15.000000000 +0100
67 +++ ppp-2.4.2-stdopt/include/net/ppp-comp.h 2004-01-21 06:51:09.000000000 +0100
69 opts |= MPPE_OPT_UNKNOWN; \
70 } while (/* CONSTCOND */ 0)
72 +/* MPPE/MPPC definitions by J.D.*/
73 +#define MPPE_STATELESS MPPE_H_BIT /* configuration bit H */
74 +#define MPPE_40BIT MPPE_L_BIT /* configuration bit L */
75 +#define MPPE_56BIT MPPE_M_BIT /* configuration bit M */
76 +#define MPPE_128BIT MPPE_S_BIT /* configuration bit S */
77 +#define MPPE_MPPC MPPE_C_BIT /* configuration bit C */
80 + * Definitions for Stac LZS.
83 +#define CI_LZS 17 /* config option for Stac LZS */
84 +#define CILEN_LZS 5 /* length of config option */
86 +#define LZS_OVHD 4 /* max. LZS overhead */
87 +#define LZS_HIST_LEN 2048 /* LZS history size */
88 +#define LZS_MAX_CCOUNT 0x0FFF /* max. coherency counter value */
90 +#define LZS_MODE_NONE 0
91 +#define LZS_MODE_LCB 1
92 +#define LZS_MODE_CRC 2
93 +#define LZS_MODE_SEQ 3
94 +#define LZS_MODE_EXT 4
96 +#define LZS_EXT_BIT_FLUSHED 0x80 /* bit A */
97 +#define LZS_EXT_BIT_COMP 0x20 /* bit C */
100 * Definitions for other, as yet unsupported, compression methods.
102 diff -ruN ppp-2.4.2.orig/pppd/ccp.c ppp-2.4.2-stdopt/pppd/ccp.c
103 --- ppp-2.4.2.orig/pppd/ccp.c 2003-05-01 14:30:28.000000000 +0200
104 +++ ppp-2.4.2-stdopt/pppd/ccp.c 2004-05-02 14:10:04.000000000 +0200
106 static char bsd_value[8];
107 static char deflate_value[8];
110 - * Option variables.
113 -bool refuse_mppe_stateful = 1; /* Allow stateful mode? */
116 static option_t ccp_option_list[] = {
117 { "noccp", o_bool, &ccp_protent.enabled_flag,
118 "Disable CCP negotiation" },
119 @@ -113,54 +106,87 @@
120 "don't allow Predictor-1", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
121 &ccp_allowoptions[0].predictor_1 },
123 + { "lzs", o_bool, &ccp_wantoptions[0].lzs,
124 + "request Stac LZS", 1, &ccp_allowoptions[0].lzs, OPT_PRIO },
125 + { "+lzs", o_bool, &ccp_wantoptions[0].lzs,
126 + "request Stac LZS", 1, &ccp_allowoptions[0].lzs, OPT_ALIAS | OPT_PRIO },
127 + { "nolzs", o_bool, &ccp_wantoptions[0].lzs,
128 + "don't allow Stac LZS", OPT_PRIOSUB | OPT_A2CLR,
129 + &ccp_allowoptions[0].lzs },
130 + { "-lzs", o_bool, &ccp_wantoptions[0].lzs,
131 + "don't allow Stac LZS", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
132 + &ccp_allowoptions[0].lzs },
135 - /* MPPE options are symmetrical ... we only set wantoptions here */
136 + { "mppc", o_bool, &ccp_wantoptions[0].mppc,
137 + "request MPPC compression", 1, &ccp_allowoptions[0].mppc, OPT_PRIO },
138 + { "+mppc", o_bool, &ccp_wantoptions[0].mppc,
139 + "request MPPC compression", 1, &ccp_allowoptions[0].mppc,
140 + OPT_ALIAS | OPT_PRIO },
141 + { "nomppc", o_bool, &ccp_wantoptions[0].mppc,
142 + "don't allow MPPC compression", OPT_PRIOSUB | OPT_A2CLR,
143 + &ccp_allowoptions[0].mppc },
144 + { "-mppc", o_bool, &ccp_wantoptions[0].mppc,
145 + "don't allow MPPC compression", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
146 + &ccp_allowoptions[0].mppc },
148 { "require-mppe", o_bool, &ccp_wantoptions[0].mppe,
149 - "require MPPE encryption",
150 - OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 },
151 + "require MPPE encryption", 1, &ccp_allowoptions[0].mppe, OPT_PRIO },
152 { "+mppe", o_bool, &ccp_wantoptions[0].mppe,
153 - "require MPPE encryption",
154 - OPT_ALIAS | OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 },
155 + "require MPPE encryption", 1, &ccp_allowoptions[0].mppe,
156 + OPT_ALIAS | OPT_PRIO },
157 { "nomppe", o_bool, &ccp_wantoptions[0].mppe,
158 - "don't allow MPPE encryption", OPT_PRIO },
159 + "don't allow MPPE encryption", OPT_PRIOSUB | OPT_A2CLR,
160 + &ccp_allowoptions[0].mppe },
161 { "-mppe", o_bool, &ccp_wantoptions[0].mppe,
162 - "don't allow MPPE encryption", OPT_ALIAS | OPT_PRIO },
163 + "don't allow MPPE encryption", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
164 + &ccp_allowoptions[0].mppe },
166 - /* We use ccp_allowoptions[0].mppe as a junk var ... it is reset later */
167 - { "require-mppe-40", o_bool, &ccp_allowoptions[0].mppe,
168 - "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40,
169 - &ccp_wantoptions[0].mppe },
170 - { "+mppe-40", o_bool, &ccp_allowoptions[0].mppe,
171 - "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40,
172 - &ccp_wantoptions[0].mppe },
173 - { "nomppe-40", o_bool, &ccp_allowoptions[0].mppe,
174 - "don't allow MPPE 40-bit encryption",
175 - OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40, &ccp_wantoptions[0].mppe },
176 - { "-mppe-40", o_bool, &ccp_allowoptions[0].mppe,
177 - "don't allow MPPE 40-bit encryption",
178 - OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40,
179 - &ccp_wantoptions[0].mppe },
181 - { "require-mppe-128", o_bool, &ccp_allowoptions[0].mppe,
182 - "require MPPE 128-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_128,
183 - &ccp_wantoptions[0].mppe },
184 - { "+mppe-128", o_bool, &ccp_allowoptions[0].mppe,
185 - "require MPPE 128-bit encryption",
186 - OPT_ALIAS | OPT_PRIO | OPT_A2OR | MPPE_OPT_128,
187 - &ccp_wantoptions[0].mppe },
188 - { "nomppe-128", o_bool, &ccp_allowoptions[0].mppe,
189 - "don't allow MPPE 128-bit encryption",
190 - OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128, &ccp_wantoptions[0].mppe },
191 - { "-mppe-128", o_bool, &ccp_allowoptions[0].mppe,
192 - "don't allow MPPE 128-bit encryption",
193 - OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128,
194 - &ccp_wantoptions[0].mppe },
196 - /* strange one; we always request stateless, but will we allow stateful? */
197 - { "mppe-stateful", o_bool, &refuse_mppe_stateful,
198 - "allow MPPE stateful mode", OPT_PRIO },
199 - { "nomppe-stateful", o_bool, &refuse_mppe_stateful,
200 - "disallow MPPE stateful mode", OPT_PRIO | 1 },
201 + { "require-mppe-40", o_bool, &ccp_wantoptions[0].mppe_40,
202 + "require MPPE 40-bit encryption", 1, &ccp_allowoptions[0].mppe_40,
204 + { "+mppe-40", o_bool, &ccp_wantoptions[0].mppe_40,
205 + "require MPPE 40-bit encryption", 1, &ccp_allowoptions[0].mppe_40,
206 + OPT_ALIAS | OPT_PRIO },
207 + { "nomppe-40", o_bool, &ccp_wantoptions[0].mppe_40,
208 + "don't allow MPPE 40-bit encryption", OPT_PRIOSUB | OPT_A2CLR,
209 + &ccp_allowoptions[0].mppe_40 },
210 + { "-mppe-40", o_bool, &ccp_wantoptions[0].mppe_40,
211 + "don't allow MPPE 40-bit encryption", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
212 + &ccp_allowoptions[0].mppe_40 },
214 + { "require-mppe-56", o_bool, &ccp_wantoptions[0].mppe_56,
215 + "require MPPE 56-bit encryption", 1, &ccp_allowoptions[0].mppe_56,
217 + { "+mppe-56", o_bool, &ccp_wantoptions[0].mppe_56,
218 + "require MPPE 56-bit encryption", 1, &ccp_allowoptions[0].mppe_56,
219 + OPT_ALIAS | OPT_PRIO },
220 + { "nomppe-56", o_bool, &ccp_wantoptions[0].mppe_56,
221 + "don't allow MPPE 56-bit encryption", OPT_PRIOSUB | OPT_A2CLR,
222 + &ccp_allowoptions[0].mppe_56 },
223 + { "-mppe-56", o_bool, &ccp_wantoptions[0].mppe_56,
224 + "don't allow MPPE 56-bit encryption", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
225 + &ccp_allowoptions[0].mppe_56 },
227 + { "require-mppe-128", o_bool, &ccp_wantoptions[0].mppe_128,
228 + "require MPPE 128-bit encryption", 1, &ccp_allowoptions[0].mppe_128,
230 + { "+mppe-128", o_bool, &ccp_wantoptions[0].mppe_128,
231 + "require MPPE 128-bit encryption", 1, &ccp_allowoptions[0].mppe_128,
232 + OPT_ALIAS | OPT_PRIO },
233 + { "nomppe-128", o_bool, &ccp_wantoptions[0].mppe_40,
234 + "don't allow MPPE 128-bit encryption", OPT_PRIOSUB | OPT_A2CLR,
235 + &ccp_allowoptions[0].mppe_128 },
236 + { "-mppe-128", o_bool, &ccp_wantoptions[0].mppe_128,
237 + "don't allow MPPE 128-bit encryption", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
238 + &ccp_allowoptions[0].mppe_128 },
240 + { "nomppe-stateful", o_bool, &ccp_wantoptions[0].mppe_stateless,
241 + "disallow MPPE stateful mode", 1, &ccp_allowoptions[0].mppe_stateless,
243 + { "mppe-stateful", o_bool, &ccp_wantoptions[0].mppe_stateless,
244 + "allow MPPE stateful mode", OPT_PRIOSUB | OPT_A2CLR,
245 + &ccp_allowoptions[0].mppe_stateless },
251 #define ANY_COMPRESS(opt) ((opt).deflate || (opt).bsd_compress \
252 || (opt).predictor_1 || (opt).predictor_2 \
254 + || (opt).lzs || (opt).mppc || (opt).mppe)
257 * Local state (mainly for handling reset-reqs and reset-acks).
259 ccp_allowoptions[0].bsd_bits = BSD_MAX_BITS;
261 ccp_allowoptions[0].predictor_1 = 1;
263 + ccp_wantoptions[0].lzs = 0; /* Stac LZS - will be enabled in the future */
264 + ccp_wantoptions[0].lzs_mode = LZS_MODE_SEQ;
265 + ccp_wantoptions[0].lzs_hists = 1;
266 + ccp_allowoptions[0].lzs = 0; /* Stac LZS - will be enabled in the future */
267 + ccp_allowoptions[0].lzs_mode = LZS_MODE_SEQ;
268 + ccp_allowoptions[0].lzs_hists = 1;
271 + /* by default allow and request MPPC... */
272 + ccp_wantoptions[0].mppc = ccp_allowoptions[0].mppc = 1;
274 + /* ... and allow but don't request MPPE */
275 + ccp_allowoptions[0].mppe = 1;
276 + ccp_allowoptions[0].mppe_40 = 1;
277 + ccp_allowoptions[0].mppe_56 = 1;
278 + ccp_allowoptions[0].mppe_128 = 1;
279 + ccp_allowoptions[0].mppe_stateless = 1;
280 + ccp_wantoptions[0].mppe = 0;
281 + ccp_wantoptions[0].mppe_40 = 0;
282 + ccp_wantoptions[0].mppe_56 = 0;
283 + ccp_wantoptions[0].mppe_128 = 0;
284 + ccp_wantoptions[0].mppe_stateless = 0;
289 @@ -460,11 +510,11 @@
290 if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) {
291 notice("Compression disabled by peer.");
293 - if (ccp_gotoptions[unit].mppe) {
294 + if (ccp_wantoptions[unit].mppe) {
295 error("MPPE disabled, closing LCP");
296 lcp_close(unit, "MPPE disabled by peer");
305 /* send a reset-ack, which the transmitter will see and
306 reset its compression state. */
308 + /* In case of MPPE/MPPC or LZS we shouldn't send CCP_RESETACK,
309 + but we do it in order to reset compressor; CCP_RESETACK is
310 + then silently discarded. See functions ppp_send_frame and
311 + ppp_ccp_peek in ppp_generic.c (Linux only !!!). All the
312 + confusion is caused by the fact that CCP code is splited
313 + into two parts - one part is handled by pppd, the other one
314 + is handled by kernel. */
316 fsm_sdata(f, CCP_RESETACK, id, NULL, 0);
319 @@ -520,12 +579,11 @@
320 fsm_lowerdown(&ccp_fsm[unit]);
323 - if (ccp_gotoptions[unit].mppe) {
324 + if (ccp_wantoptions[unit].mppe) {
325 error("MPPE required but peer negotiation failed");
326 lcp_close(unit, "MPPE required but peer negotiation failed");
335 all_rejected[f->unit] = 0;
339 + if (go->mppe || go->mppc) {
340 ccp_options *ao = &ccp_allowoptions[f->unit];
341 int auth_mschap_bits = auth_done[f->unit];
343 @@ -556,80 +614,109 @@
344 * NB: If MPPE is required, all other compression opts are invalid.
345 * So, we return right away if we can't do it.
347 + if (ccp_wantoptions[f->unit].mppe) {
348 + /* Leave only the mschap auth bits set */
349 + auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER |
350 + CHAP_MS2_WITHPEER | CHAP_MS2_PEER);
351 + /* Count the mschap auths */
352 + auth_mschap_bits >>= CHAP_MS_SHIFT;
355 + numbits += auth_mschap_bits & 1;
356 + auth_mschap_bits >>= 1;
357 + } while (auth_mschap_bits);
359 + error("MPPE required, but auth done in both directions.");
360 + lcp_close(f->unit, "MPPE required but not available");
364 + error("MPPE required, but MS-CHAP[v2] auth not performed.");
365 + lcp_close(f->unit, "MPPE required but not available");
369 - /* Leave only the mschap auth bits set */
370 - auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER |
371 - CHAP_MS2_WITHPEER | CHAP_MS2_PEER);
372 - /* Count the mschap auths */
373 - auth_mschap_bits >>= CHAP_MS_SHIFT;
376 - numbits += auth_mschap_bits & 1;
377 - auth_mschap_bits >>= 1;
378 - } while (auth_mschap_bits);
380 - error("MPPE required, but auth done in both directions.");
381 - lcp_close(f->unit, "MPPE required but not available");
385 - error("MPPE required, but MS-CHAP[v2] auth not performed.");
386 - lcp_close(f->unit, "MPPE required but not available");
390 - /* A plugin (eg radius) may not have obtained key material. */
391 - if (!mppe_keys_set) {
392 - error("MPPE required, but keys are not available. "
393 - "Possible plugin problem?");
394 - lcp_close(f->unit, "MPPE required but not available");
398 - /* LM auth not supported for MPPE */
399 - if (auth_done[f->unit] & (CHAP_MS_WITHPEER | CHAP_MS_PEER)) {
400 - /* This might be noise */
401 - if (go->mppe & MPPE_OPT_40) {
402 - notice("Disabling 40-bit MPPE; MS-CHAP LM not supported");
403 - go->mppe &= ~MPPE_OPT_40;
404 - ccp_wantoptions[f->unit].mppe &= ~MPPE_OPT_40;
405 + /* A plugin (eg radius) may not have obtained key material. */
406 + if (!mppe_keys_set) {
407 + error("MPPE required, but keys are not available. "
408 + "Possible plugin problem?");
409 + lcp_close(f->unit, "MPPE required but not available");
414 - /* Last check: can we actually negotiate something? */
415 - if (!(go->mppe & (MPPE_OPT_40 | MPPE_OPT_128))) {
416 - /* Could be misconfig, could be 40-bit disabled above. */
417 - error("MPPE required, but both 40-bit and 128-bit disabled.");
418 - lcp_close(f->unit, "MPPE required but not available");
421 + * Check whether the kernel knows about the various
422 + * compression methods we might request. Key material
423 + * unimportant here.
426 + opt_buf[0] = CI_MPPE;
427 + opt_buf[1] = CILEN_MPPE;
431 + opt_buf[5] = MPPE_MPPC;
432 + if (ccp_test(f->unit, opt_buf, CILEN_MPPE, 0) <= 0)
436 + opt_buf[0] = CI_MPPE;
437 + opt_buf[1] = CILEN_MPPE;
438 + opt_buf[2] = MPPE_STATELESS;
441 + opt_buf[5] = MPPE_40BIT;
442 + if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0)
446 + opt_buf[0] = CI_MPPE;
447 + opt_buf[1] = CILEN_MPPE;
448 + opt_buf[2] = MPPE_STATELESS;
451 + opt_buf[5] = MPPE_56BIT;
452 + if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0)
455 + if (go->mppe_128) {
456 + opt_buf[0] = CI_MPPE;
457 + opt_buf[1] = CILEN_MPPE;
458 + opt_buf[2] = MPPE_STATELESS;
461 + opt_buf[5] = MPPE_128BIT;
462 + if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0)
465 + if (!go->mppe_40 && !go->mppe_56 && !go->mppe_128) {
466 + if (ccp_wantoptions[f->unit].mppe) {
467 + error("MPPE required, but kernel has no support.");
468 + lcp_close(f->unit, "MPPE required but not available");
470 + go->mppe = go->mppe_stateless = 0;
472 + /* MPPE is not compatible with other compression types */
473 + if (ccp_wantoptions[f->unit].mppe) {
474 + ao->bsd_compress = go->bsd_compress = 0;
475 + ao->predictor_1 = go->predictor_1 = 0;
476 + ao->predictor_2 = go->predictor_2 = 0;
477 + ao->deflate = go->deflate = 0;
478 + ao->lzs = go->lzs = 0;
483 - ao->mppe = go->mppe;
484 - /* MPPE is not compatible with other compression types */
485 - ao->bsd_compress = go->bsd_compress = 0;
486 - ao->predictor_1 = go->predictor_1 = 0;
487 - ao->predictor_2 = go->predictor_2 = 0;
488 - ao->deflate = go->deflate = 0;
493 - * Check whether the kernel knows about the various
494 - * compression methods we might request.
498 - opt_buf[0] = CI_MPPE;
499 - opt_buf[1] = CILEN_MPPE;
500 - MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
501 - /* Key material unimportant here. */
502 - if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0) {
503 - error("MPPE required, but kernel has no support.");
504 - lcp_close(f->unit, "MPPE required but not available");
507 + opt_buf[0] = CI_LZS;
508 + opt_buf[1] = CILEN_LZS;
509 + opt_buf[2] = go->lzs_hists >> 8;
510 + opt_buf[3] = go->lzs_hists & 0xff;
511 + opt_buf[4] = LZS_MODE_SEQ;
512 + if (ccp_test(f->unit, opt_buf, CILEN_LZS, 0) <= 0)
516 if (go->bsd_compress) {
517 opt_buf[0] = CI_BSD_COMPRESS;
518 opt_buf[1] = CILEN_BSD_COMPRESS;
520 + (go->deflate? CILEN_DEFLATE: 0)
521 + (go->predictor_1? CILEN_PREDICTOR_1: 0)
522 + (go->predictor_2? CILEN_PREDICTOR_2: 0)
523 - + (go->mppe? CILEN_MPPE: 0);
524 + + (go->lzs? CILEN_LZS: 0)
525 + + ((go->mppe || go->mppc)? CILEN_MPPE: 0);
532 ccp_options *go = &ccp_gotoptions[f->unit];
533 + ccp_options *ao = &ccp_allowoptions[f->unit];
534 + ccp_options *wo = &ccp_wantoptions[f->unit];
538 @@ -706,22 +796,43 @@
539 * in case it gets Acked.
543 + if (go->mppe || go->mppc || (!wo->mppe && ao->mppe)) {
544 u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
546 - p[0] = opt_buf[0] = CI_MPPE;
547 - p[1] = opt_buf[1] = CILEN_MPPE;
548 - MPPE_OPTS_TO_CI(go->mppe, &p[2]);
549 - MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
552 + p[2] = (go->mppe_stateless ? MPPE_STATELESS : 0);
555 + p[5] = (go->mppe_40 ? MPPE_40BIT : 0) | (go->mppe_56 ? MPPE_56BIT : 0) |
556 + (go->mppe_128 ? MPPE_128BIT : 0) | (go->mppc ? MPPE_MPPC : 0);
558 + BCOPY(p, opt_buf, CILEN_MPPE);
559 BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
560 res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0);
566 /* This shouldn't happen, we've already tested it! */
567 - lcp_close(f->unit, "MPPE required but not available in kernel");
568 + go->mppe = go->mppe_40 = go->mppe_56 = go->mppe_128 =
569 + go->mppe_stateless = go->mppc = 0;
570 + if (ccp_wantoptions[f->unit].mppe)
571 + lcp_close(f->unit, "MPPE required but not available in kernel");
578 + p[2] = go->lzs_hists >> 8;
579 + p[3] = go->lzs_hists & 0xff;
580 + p[4] = LZS_MODE_SEQ;
581 + res = ccp_test(f->unit, p, CILEN_LZS, 0);
589 p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT;
590 p[1] = CILEN_DEFLATE;
594 * ccp_ackci - process a received configure-ack, and return
595 - * 1 iff the packet was OK.
596 + * 1 if the packet was OK.
600 @@ -816,24 +927,44 @@
603 ccp_options *go = &ccp_gotoptions[f->unit];
604 + ccp_options *ao = &ccp_allowoptions[f->unit];
605 + ccp_options *wo = &ccp_wantoptions[f->unit];
610 - u_char opt_buf[CILEN_MPPE];
612 - opt_buf[0] = CI_MPPE;
613 - opt_buf[1] = CILEN_MPPE;
614 - MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
615 - if (len < CILEN_MPPE || memcmp(opt_buf, p, CILEN_MPPE))
616 + if (go->mppe || go->mppc || (!wo->mppe && ao->mppe)) {
617 + if (len < CILEN_MPPE
618 + || p[1] != CILEN_MPPE || p[0] != CI_MPPE
619 + || p[2] != (go->mppe_stateless ? MPPE_STATELESS : 0)
622 + || (p[5] != ((go->mppe_40 ? MPPE_40BIT : 0) |
623 + (go->mppc ? MPPE_MPPC : 0))
624 + && p[5] != ((go->mppe_56 ? MPPE_56BIT : 0) |
625 + (go->mppc ? MPPE_MPPC : 0))
626 + && p[5] != ((go->mppe_128 ? MPPE_128BIT : 0) |
627 + (go->mppc ? MPPE_MPPC : 0))))
629 + if (go->mppe_40 || go->mppe_56 || go->mppe_128)
633 + /* Cope with first/fast ack */
634 + if (p == p0 && len == 0)
639 + if (len < CILEN_LZS || p[0] != CI_LZS || p[1] != CILEN_LZS
640 + || p[2] != go->lzs_hists>>8 || p[3] != (go->lzs_hists&0xff)
641 + || p[4] != LZS_MODE_SEQ)
645 /* XXX Cope with first/fast ack */
647 + if (p == p0 && len == 0)
652 if (len < CILEN_DEFLATE
653 || p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
657 * ccp_nakci - process received configure-nak.
658 - * Returns 1 iff the nak was OK.
659 + * Returns 1 if the nak was OK.
666 ccp_options *go = &ccp_gotoptions[f->unit];
667 + ccp_options *ao = &ccp_allowoptions[f->unit];
668 + ccp_options *wo = &ccp_wantoptions[f->unit];
669 ccp_options no; /* options we've seen already */
670 ccp_options try; /* options to ask for next time */
672 @@ -912,28 +1045,100 @@
676 - if (go->mppe && len >= CILEN_MPPE
677 - && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
680 - * Peer wants us to use a different strength or other setting.
681 - * Fail if we aren't willing to use his suggestion.
683 - MPPE_CI_TO_OPTS(&p[2], try.mppe);
684 - if ((try.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful) {
685 - error("Refusing MPPE stateful mode offered by peer");
687 - } else if (((go->mppe | MPPE_OPT_STATEFUL) & try.mppe) != try.mppe) {
688 - /* Peer must have set options we didn't request (suggest) */
691 + if ((go->mppe || go->mppc || (!wo->mppe && ao->mppe)) &&
692 + len >= CILEN_MPPE && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
695 - error("MPPE required but peer negotiation failed");
696 - lcp_close(f->unit, "MPPE required but peer negotiation failed");
699 + if (!(p[5] & MPPE_MPPC))
711 + if (go->mppe_stateless)
712 + no.mppe_stateless = 1;
715 + if ((p[5] & MPPE_40BIT))
718 + try.mppe_40 = (p[5] == 0) ? 1 : 0;
721 + if ((p[5] & MPPE_56BIT))
724 + try.mppe_56 = (p[5] == 0) ? 1 : 0;
726 + if (ao->mppe_128) {
727 + if ((p[5] & MPPE_128BIT))
730 + try.mppe_128 = (p[5] == 0) ? 1 : 0;
733 + if (ao->mppe_stateless) {
734 + if ((p[2] & MPPE_STATELESS) || wo->mppe_stateless)
735 + try.mppe_stateless = 1;
737 + try.mppe_stateless = 0;
740 + if (!try.mppe_56 && !try.mppe_40 && !try.mppe_128) {
741 + try.mppe = try.mppe_stateless = 0;
743 + /* we require encryption, but peer doesn't support it
744 + so we close connection */
745 + wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 =
746 + wo->mppe_56 = wo->mppe_128 = 0;
747 + lcp_close(f->unit, "MPPE required but cannot negotiate MPPE "
751 + if (wo->mppe && (wo->mppe_40 != try.mppe_40) &&
752 + (wo->mppe_56 != try.mppe_56) && (wo->mppe_128 != try.mppe_128)) {
753 + /* cannot negotiate key length */
754 + wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 =
755 + wo->mppe_56 = wo->mppe_128 = 0;
756 + lcp_close(f->unit, "Cannot negotiate MPPE key length");
758 + if (try.mppe_40 && try.mppe_56 && try.mppe_128)
759 + try.mppe_40 = try.mppe_56 = 0;
761 + if (try.mppe_56 && try.mppe_128)
764 + if (try.mppe_40 && try.mppe_128)
767 + if (try.mppe_40 && try.mppe_56)
775 + if (go->lzs && len >= CILEN_LZS && p[0] == CI_LZS && p[1] == CILEN_LZS) {
777 + if (((p[2]<<8)|p[3]) > 1 || (p[4] != LZS_MODE_SEQ &&
778 + p[4] != LZS_MODE_EXT))
781 + try.lzs_mode = p[4];
782 + try.lzs_hists = (p[2] << 8) | p[3];
788 if (go->deflate && len >= CILEN_DEFLATE
789 && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
790 && p[1] == CILEN_DEFLATE) {
791 @@ -1006,14 +1211,50 @@
795 - if (go->mppe && len >= CILEN_MPPE
796 + if ((go->mppe || go->mppc) && len >= CILEN_MPPE
797 && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
798 - error("MPPE required but peer refused");
799 - lcp_close(f->unit, "MPPE required but peer refused");
800 + ccp_options *wo = &ccp_wantoptions[f->unit];
801 + if (p[2] != (go->mppe_stateless ? MPPE_STATELESS : 0) ||
804 + p[5] != ((go->mppe_40 ? MPPE_40BIT : 0) |
805 + (go->mppe_56 ? MPPE_56BIT : 0) |
806 + (go->mppe_128 ? MPPE_128BIT : 0) |
807 + (go->mppc ? MPPE_MPPC : 0)))
819 + if (go->mppe_stateless)
820 + try.mppe_stateless = 0;
821 + if (!try.mppe_56 && !try.mppe_40 && !try.mppe_128)
822 + try.mppe = try.mppe_stateless = 0;
823 + if (wo->mppe) { /* we want MPPE but cannot negotiate key length */
824 + wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 =
825 + wo->mppe_56 = wo->mppe_128 = 0;
826 + lcp_close(f->unit, "MPPE required but cannot negotiate MPPE "
835 + if (go->lzs && len >= CILEN_LZS && p[0] == CI_LZS && p[1] == CILEN_LZS) {
836 + if (p[2] != go->lzs_hists>>8 || p[3] != (go->lzs_hists&0xff)
837 + || p[4] != go->lzs_mode)
843 if (go->deflate_correct && len >= CILEN_DEFLATE
844 && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) {
845 if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
846 @@ -1077,14 +1318,15 @@
849 int ret, newret, res;
851 + u_char *p0, *retp, p2, p5;
852 int len, clen, type, nb;
853 ccp_options *ho = &ccp_hisoptions[f->unit];
854 ccp_options *ao = &ccp_allowoptions[f->unit];
855 + ccp_options *wo = &ccp_wantoptions[f->unit];
857 - bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */
858 - /* CI_MPPE, or due to other options? */
860 + u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
866 @@ -1107,103 +1349,305 @@
870 - if (!ao->mppe || clen != CILEN_MPPE) {
871 + if ((!ao->mppc && !ao->mppe) || clen != CILEN_MPPE) {
875 - MPPE_CI_TO_OPTS(&p[2], ho->mppe);
877 - /* Nak if anything unsupported or unknown are set. */
878 - if (ho->mppe & MPPE_OPT_UNSUPPORTED) {
880 - ho->mppe &= ~MPPE_OPT_UNSUPPORTED;
882 - if (ho->mppe & MPPE_OPT_UNKNOWN) {
885 + /* not sure what they want, tell 'em what we got */
886 + if (((p[2] & ~MPPE_STATELESS) != 0 || p[3] != 0 || p[4] != 0 ||
887 + (p[5] & ~(MPPE_40BIT | MPPE_56BIT | MPPE_128BIT |
888 + MPPE_MPPC)) != 0 || p[5] == 0) ||
889 + (p[2] == 0 && p[3] == 0 && p[4] == 0 && p[5] == 0)) {
891 - ho->mppe &= ~MPPE_OPT_UNKNOWN;
892 + p[2] = (wo->mppe_stateless ? MPPE_STATELESS : 0);
895 + p[5] = (wo->mppe_40 ? MPPE_40BIT : 0) |
896 + (wo->mppe_56 ? MPPE_56BIT : 0) |
897 + (wo->mppe_128 ? MPPE_128BIT : 0) |
898 + (wo->mppc ? MPPE_MPPC : 0);
902 - /* Check state opt */
903 - if (ho->mppe & MPPE_OPT_STATEFUL) {
905 - * We can Nak and request stateless, but it's a
906 - * lot easier to just assume the peer will request
907 - * it if he can do it; stateful mode is bad over
908 - * the Internet -- which is where we expect MPPE.
910 - if (refuse_mppe_stateful) {
911 - error("Refusing MPPE stateful mode offered by peer");
912 + if ((p[5] & MPPE_MPPC)) {
915 + BCOPY(p, opt_buf, CILEN_MPPE);
916 + opt_buf[2] = opt_buf[3] = opt_buf[4] = 0;
917 + opt_buf[5] = MPPE_MPPC;
918 + if (ccp_test(f->unit, opt_buf, CILEN_MPPE, 1) <= 0) {
920 + p[5] &= ~MPPE_MPPC;
926 + if (wo->mppe || ao->mppe) {
927 + p[5] &= ~MPPE_MPPC;
936 + if ((p[2] & MPPE_STATELESS)) {
937 + if (ao->mppe_stateless) {
938 + if (wo->mppe_stateless)
939 + ho->mppe_stateless = 1;
943 + p[2] &= ~MPPE_STATELESS;
948 + p[2] &= ~MPPE_STATELESS;
951 + if (wo->mppe_stateless && !dont_nak) {
952 + wo->mppe_stateless = 0;
954 + p[2] |= MPPE_STATELESS;
958 - /* Find out which of {S,L} are set. */
959 - if ((ho->mppe & MPPE_OPT_128)
960 - && (ho->mppe & MPPE_OPT_40)) {
961 - /* Both are set, negotiate the strongest. */
962 + if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_56BIT|MPPE_128BIT)) {
964 - if (ao->mppe & MPPE_OPT_128)
965 - ho->mppe &= ~MPPE_OPT_40;
966 - else if (ao->mppe & MPPE_OPT_40)
967 - ho->mppe &= ~MPPE_OPT_128;
971 + if (ao->mppe_128) {
973 + p[5] &= ~(MPPE_40BIT|MPPE_56BIT);
974 + BCOPY(p, opt_buf, CILEN_MPPE);
975 + BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
977 + if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
978 + MPPE_MAX_KEY_LEN, 1) <= 0) {
980 + p[5] |= (MPPE_40BIT|MPPE_56BIT);
981 + p[5] &= ~MPPE_128BIT;
982 + goto check_mppe_56_40;
986 - } else if (ho->mppe & MPPE_OPT_128) {
987 - if (!(ao->mppe & MPPE_OPT_128)) {
990 + p[5] &= ~MPPE_128BIT;
991 + goto check_mppe_56_40;
993 + if ((p[5] & ~MPPE_MPPC) == (MPPE_56BIT|MPPE_128BIT)) {
995 + if (ao->mppe_128) {
997 + p[5] &= ~MPPE_56BIT;
998 + BCOPY(p, opt_buf, CILEN_MPPE);
999 + BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
1000 + MPPE_MAX_KEY_LEN);
1001 + if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
1002 + MPPE_MAX_KEY_LEN, 1) <= 0) {
1004 + p[5] |= MPPE_56BIT;
1005 + p[5] &= ~MPPE_128BIT;
1006 + goto check_mppe_56;
1010 - } else if (ho->mppe & MPPE_OPT_40) {
1011 - if (!(ao->mppe & MPPE_OPT_40)) {
1014 + p[5] &= ~MPPE_128BIT;
1015 + goto check_mppe_56;
1017 + if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_128BIT)) {
1019 + if (ao->mppe_128) {
1021 + p[5] &= ~MPPE_40BIT;
1022 + BCOPY(p, opt_buf, CILEN_MPPE);
1023 + BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
1024 + MPPE_MAX_KEY_LEN);
1025 + if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
1026 + MPPE_MAX_KEY_LEN, 1) <= 0) {
1028 + p[5] |= MPPE_40BIT;
1029 + p[5] &= ~MPPE_128BIT;
1030 + goto check_mppe_40;
1034 + p[5] &= ~MPPE_128BIT;
1035 + goto check_mppe_40;
1037 + if ((p[5] & ~MPPE_MPPC) == MPPE_128BIT) {
1038 + if (ao->mppe_128) {
1040 + BCOPY(p, opt_buf, CILEN_MPPE);
1041 + BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
1042 + MPPE_MAX_KEY_LEN);
1043 + if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
1044 + MPPE_MAX_KEY_LEN, 1) <= 0) {
1046 + p[5] &= ~MPPE_128BIT;
1051 + p[5] &= ~MPPE_128BIT;
1056 + if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_56BIT)) {
1058 + if (ao->mppe_56) {
1060 + p[5] &= ~MPPE_40BIT;
1061 + BCOPY(p, opt_buf, CILEN_MPPE);
1062 + BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
1063 + MPPE_MAX_KEY_LEN);
1064 + if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
1065 + MPPE_MAX_KEY_LEN, 1) <= 0) {
1067 + p[5] |= MPPE_40BIT;
1068 + p[5] &= ~MPPE_56BIT;
1070 + goto check_mppe_40;
1074 + p[5] &= ~MPPE_56BIT;
1075 + goto check_mppe_40;
1078 + if ((p[5] & ~MPPE_MPPC) == MPPE_56BIT) {
1079 + if (ao->mppe_56) {
1081 + BCOPY(p, opt_buf, CILEN_MPPE);
1082 + BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
1083 + MPPE_MAX_KEY_LEN);
1084 + if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
1085 + MPPE_MAX_KEY_LEN, 1) <= 0) {
1087 + p[5] &= ~MPPE_56BIT;
1092 + p[5] &= ~MPPE_56BIT;
1097 + if ((p[5] & ~MPPE_MPPC) == MPPE_40BIT) {
1098 + if (ao->mppe_40) {
1100 + BCOPY(p, opt_buf, CILEN_MPPE);
1101 + BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
1102 + MPPE_MAX_KEY_LEN);
1103 + if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
1104 + MPPE_MAX_KEY_LEN, 1) <= 0) {
1106 + p[5] &= ~MPPE_40BIT;
1111 + p[5] &= ~MPPE_40BIT;
1115 + if (!ho->mppe_40 && !ho->mppe_56 && !ho->mppe_128) {
1116 + if (wo->mppe_40 || wo->mppe_56 || wo->mppe_128) {
1118 + p[2] |= (wo->mppe_stateless ? MPPE_STATELESS : 0);
1119 + p[5] |= (wo->mppe_40 ? MPPE_40BIT : 0) |
1120 + (wo->mppe_56 ? MPPE_56BIT : 0) |
1121 + (wo->mppe_128 ? MPPE_128BIT : 0) |
1122 + (wo->mppc ? MPPE_MPPC : 0);
1124 + ho->mppe = ho->mppe_stateless = 0;
1127 - /* Neither are set. */
1128 + /* MPPE is not compatible with other compression types */
1130 + ao->bsd_compress = 0;
1131 + ao->predictor_1 = 0;
1132 + ao->predictor_2 = 0;
1137 + if ((!ho->mppc || !ao->mppc) && !ho->mppe) {
1144 - /* rebuild the opts */
1145 - MPPE_OPTS_TO_CI(ho->mppe, &p[2]);
1146 - if (newret == CONFACK) {
1147 - u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
1150 - BCOPY(p, opt_buf, CILEN_MPPE);
1151 - BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
1152 - MPPE_MAX_KEY_LEN);
1153 - if (ccp_test(f->unit, opt_buf,
1154 - CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) {
1155 - /* This shouldn't happen, we've already tested it! */
1156 - error("MPPE required, but kernel has no support.");
1157 - lcp_close(f->unit, "MPPE required but not available");
1162 - * We need to decrease the interface MTU by MPPE_PAD
1163 - * because MPPE frames **grow**. The kernel [must]
1164 - * allocate MPPE_PAD extra bytes in xmit buffers.
1166 - mtu = netif_get_mtu(f->unit);
1168 - netif_set_mtu(f->unit, mtu - MPPE_PAD);
1173 + * I have commented the code below because according to RFC1547
1174 + * MTU is only information for higher level protocols about
1175 + * "the maximum allowable length for a packet (q.v.) transmitted
1176 + * over a point-to-point link without incurring network layer
1177 + * fragmentation." Of course a PPP implementation should be able
1178 + * to handle overhead added by MPPE - in our case apropriate code
1179 + * is located in drivers/net/ppp_generic.c in the kernel sources.
1181 + * According to RFC1661:
1182 + * - when negotiated MRU is less than 1500 octets, a PPP
1183 + * implementation must still be able to receive at least 1500
1185 + * - when PFC is negotiated, a PPP implementation is still
1186 + * required to receive frames with uncompressed protocol field.
1188 + * So why not to handle MPPE overhead without changing MTU value?
1189 + * I am sure that RFC3078, unfortunately silently, assumes that.
1193 - * We have accepted MPPE or are willing to negotiate
1194 - * MPPE parameters. A CONFREJ is due to subsequent
1195 - * (non-MPPE) processing.
1196 + * We need to decrease the interface MTU by MPPE_PAD
1197 + * because MPPE frames **grow**. The kernel [must]
1198 + * allocate MPPE_PAD extra bytes in xmit buffers.
1200 - rej_for_ci_mppe = 0;
1202 + mtu = netif_get_mtu(f->unit);
1204 + netif_set_mtu(f->unit, mtu - MPPE_PAD);
1207 + if (ccp_wantoptions[f->unit].mppe) {
1208 + error("Cannot adjust MTU needed by MPPE.");
1209 + lcp_close(f->unit, "Cannot adjust MTU needed by MPPE.");
1217 + if (!ao->lzs || clen != CILEN_LZS) {
1223 + ho->lzs_hists = (p[2] << 8) | p[3];
1224 + ho->lzs_mode = p[4];
1225 + if ((ho->lzs_hists != ao->lzs_hists) ||
1226 + (ho->lzs_mode != ao->lzs_mode)) {
1229 + p[2] = ao->lzs_hists >> 8;
1230 + p[3] = ao->lzs_hists & 0xff;
1231 + p[4] = ao->lzs_mode;
1236 + if (p == p0 && ccp_test(f->unit, p, CILEN_LZS, 1) <= 0) {
1242 case CI_DEFLATE_DRAFT:
1243 if (!ao->deflate || clen != CILEN_DEFLATE
1244 @@ -1345,12 +1789,6 @@
1249 - if (ret == CONFREJ && ao->mppe && rej_for_ci_mppe) {
1250 - error("MPPE required but peer negotiation failed");
1251 - lcp_close(f->unit, "MPPE required but peer negotiation failed");
1257 @@ -1372,24 +1810,35 @@
1259 char *q = result + sizeof(result); /* 1 past result */
1261 - slprintf(p, q - p, "MPPE ");
1263 - if (opt->mppe & MPPE_OPT_128) {
1264 - slprintf(p, q - p, "128-bit ");
1267 - if (opt->mppe & MPPE_OPT_40) {
1268 - slprintf(p, q - p, "40-bit ");
1271 - if (opt->mppe & MPPE_OPT_STATEFUL)
1272 - slprintf(p, q - p, "stateful");
1274 - slprintf(p, q - p, "stateless");
1278 + slprintf(p, q - p, "MPPC/MPPE ");
1281 + slprintf(p, q - p, "MPPE ");
1284 + if (opt->mppe_128) {
1285 + slprintf(p, q - p, "128-bit ");
1287 + } else if (opt->mppe_56) {
1288 + slprintf(p, q - p, "56-bit ");
1290 + } else if (opt->mppe_40) {
1291 + slprintf(p, q - p, "40-bit ");
1294 + if (opt->mppe_stateless)
1295 + slprintf(p, q - p, "stateless");
1297 + slprintf(p, q - p, "stateful");
1298 + } else if (opt->mppc)
1299 + slprintf(p, q - p, "MPPC");
1305 + return "Stac LZS";
1307 case CI_DEFLATE_DRAFT:
1308 if (opt2 != NULL && opt2->deflate_size != opt->deflate_size)
1309 @@ -1445,12 +1894,12 @@
1310 } else if (ANY_COMPRESS(*ho))
1311 notice("%s transmit compression enabled", method_name(ho, NULL));
1314 + if (go->mppe || go->mppc) {
1315 BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN);
1316 BZERO(mppe_send_key, MPPE_MAX_KEY_LEN);
1317 continue_networks(f->unit); /* Bring up IP et al */
1324 @@ -1473,7 +1922,7 @@
1325 lcp_close(f->unit, "MPPE disabled");
1333 @@ -1533,24 +1982,28 @@
1336 if (optlen >= CILEN_MPPE) {
1339 - MPPE_CI_TO_OPTS(&p[2], mppe_opts);
1340 - printer(arg, "mppe %s %s %s %s %s %s%s",
1341 - (p[2] & MPPE_H_BIT)? "+H": "-H",
1342 - (p[5] & MPPE_M_BIT)? "+M": "-M",
1343 - (p[5] & MPPE_S_BIT)? "+S": "-S",
1344 - (p[5] & MPPE_L_BIT)? "+L": "-L",
1345 + printer(arg, "mppe %s %s %s %s %s %s",
1346 + (p[2] & MPPE_STATELESS)? "+H": "-H",
1347 + (p[5] & MPPE_56BIT)? "+M": "-M",
1348 + (p[5] & MPPE_128BIT)? "+S": "-S",
1349 + (p[5] & MPPE_40BIT)? "+L": "-L",
1350 (p[5] & MPPE_D_BIT)? "+D": "-D",
1351 - (p[5] & MPPE_C_BIT)? "+C": "-C",
1352 - (mppe_opts & MPPE_OPT_UNKNOWN)? " +U": "");
1353 - if (mppe_opts & MPPE_OPT_UNKNOWN)
1354 + (p[5] & MPPE_MPPC)? "+C": "-C");
1355 + if ((p[5] & ~(MPPE_56BIT | MPPE_128BIT | MPPE_40BIT |
1356 + MPPE_D_BIT | MPPE_MPPC)) ||
1357 + (p[2] & ~MPPE_STATELESS))
1358 printer(arg, " (%.2x %.2x %.2x %.2x)",
1359 p[2], p[3], p[4], p[5]);
1366 + if (optlen >= CILEN_LZS) {
1367 + printer(arg, "lzs %.2x %.2x %.2x", p[2], p[3], p[4]);
1372 case CI_DEFLATE_DRAFT:
1373 if (optlen >= CILEN_DEFLATE) {
1374 @@ -1636,6 +2089,7 @@
1375 error("Lost compression sync: disabling compression");
1376 ccp_close(unit, "Lost compression sync");
1378 + /* My module dosn't need this. J.D., 2003-07-06 */
1380 * If we were doing MPPE, we must also take the link down.
1382 @@ -1643,9 +2097,18 @@
1383 error("Too many MPPE errors, closing LCP");
1384 lcp_close(unit, "Too many MPPE errors");
1390 + * When LZS or MPPE/MPPC is negotiated we just send CCP_RESETREQ
1391 + * and don't wait for CCP_RESETACK
1393 + if ((ccp_gotoptions[f->unit].method == CI_LZS) ||
1394 + (ccp_gotoptions[f->unit].method == CI_MPPE)) {
1395 + fsm_sdata(f, CCP_RESETREQ, f->reqid = ++f->id, NULL, 0);
1399 * Send a reset-request to reset the peer's compressor.
1400 * We don't do that if we are still waiting for an
1401 * acknowledgement to a previous reset-request.
1402 @@ -1676,4 +2139,3 @@
1404 ccp_localstate[f->unit] &= ~RACK_PENDING;
1407 diff -ruN ppp-2.4.2.orig/pppd/ccp.h ppp-2.4.2-stdopt/pppd/ccp.h
1408 --- ppp-2.4.2.orig/pppd/ccp.h 2002-12-05 00:03:32.000000000 +0100
1409 +++ ppp-2.4.2-stdopt/pppd/ccp.h 2004-01-21 06:51:09.000000000 +0100
1411 bool predictor_2; /* do Predictor-2? */
1412 bool deflate_correct; /* use correct code for deflate? */
1413 bool deflate_draft; /* use draft RFC code for deflate? */
1414 + bool lzs; /* do Stac LZS? */
1415 + bool mppc; /* do MPPC? */
1416 bool mppe; /* do MPPE? */
1417 + bool mppe_40; /* allow 40 bit encryption? */
1418 + bool mppe_56; /* allow 56 bit encryption? */
1419 + bool mppe_128; /* allow 128 bit encryption? */
1420 + bool mppe_stateless; /* allow stateless encryption */
1421 u_short bsd_bits; /* # bits/code for BSD Compress */
1422 u_short deflate_size; /* lg(window size) for Deflate */
1423 + u_short lzs_mode; /* LZS check mode */
1424 + u_short lzs_hists; /* number of LZS histories */
1425 short method; /* code for chosen compression method */
1428 diff -ruN ppp-2.4.2.orig/pppd/chap_ms.c ppp-2.4.2-stdopt/pppd/chap_ms.c
1429 --- ppp-2.4.2.orig/pppd/chap_ms.c 2003-11-18 11:42:56.000000000 +0100
1430 +++ ppp-2.4.2-stdopt/pppd/chap_ms.c 2004-01-21 06:51:09.000000000 +0100
1431 @@ -858,13 +858,17 @@
1433 * Disable undesirable encryption types. Note that we don't ENABLE
1434 * any encryption types, to avoid overriding manual configuration.
1436 + * It seems that 56 bit keys are unsupported in MS-RADIUS (see RFC 2548)
1439 case MPPE_ENC_TYPES_RC4_40:
1440 - ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
1441 + ccp_wantoptions[0].mppe_128 = 0; /* disable 128-bit */
1442 + ccp_wantoptions[0].mppe_56 = 0; /* disable 56-bit */
1444 case MPPE_ENC_TYPES_RC4_128:
1445 - ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
1446 + ccp_wantoptions[0].mppe_56 = 0; /* disable 56-bit */
1447 + ccp_wantoptions[0].mppe_40 = 0; /* disable 40-bit */
1451 diff -ruN ppp-2.4.2.orig/pppd/pppd.8 ppp-2.4.2-stdopt/pppd/pppd.8
1452 --- ppp-2.4.2.orig/pppd/pppd.8 2004-01-15 06:09:00.000000000 +0100
1453 +++ ppp-2.4.2-stdopt/pppd/pppd.8 2004-01-21 06:51:09.000000000 +0100
1455 Enables the use of PPP multilink; this is an alias for the `multilink'
1456 option. This option is currently only available under Linux.
1459 +Enables MPPC (Microsoft Point to Point Compression). This is the default.
1462 Allow MPPE to use stateful mode. Stateless mode is still attempted first.
1463 The default is to disallow stateful mode.
1464 @@ -749,12 +752,18 @@
1465 Disables the use of PPP multilink. This option is currently only
1466 available under Linux.
1469 +Diasables MPPC (Microsoft Point to Point Compression).
1472 Disables MPPE (Microsoft Point to Point Encryption). This is the default.
1475 Disable 40\-bit encryption with MPPE.
1478 +Disable 56\-bit encryption with MPPE.
1481 Disable 128\-bit encryption with MPPE.
1485 Require the use of MPPE, with 40\-bit encryption.
1488 +Require the use of MPPE, with 56\-bit encryption.
1491 Require the use of MPPE, with 128\-bit encryption.
1493 diff -ruN ppp-2.4.2.orig/pppd/sha1.c ppp-2.4.2-stdopt/pppd/sha1.c
1494 --- ppp-2.4.2.orig/pppd/sha1.c 2002-04-02 15:54:59.000000000 +0200
1495 +++ ppp-2.4.2-stdopt/pppd/sha1.c 2004-08-15 15:00:55.000000000 +0200
1500 -SHA1_Transform(unsigned long[5], const unsigned char[64]);
1501 +SHA1_Transform(u_int32_t state[5], const u_int8_t buffer[64]);
1503 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
1506 /* Hash a single 512-bit block. This is the core of the algorithm. */
1509 -SHA1_Transform(unsigned long state[5], const unsigned char buffer[64])
1510 +SHA1_Transform(u_int32_t state[5], const u_int8_t buffer[64])
1512 - unsigned long a, b, c, d, e;
1513 + u_int32_t a, b, c, d, e;
1515 - unsigned char c[64];
1516 - unsigned long l[16];
1520 CHAR64LONG16 *block;
1523 - static unsigned char workspace[64];
1524 + static u_int8_t workspace[64];
1525 block = (CHAR64LONG16 *) workspace;
1526 memcpy(block, buffer, 64);
1529 /* Run your data through this. */
1532 -SHA1_Update(SHA1_CTX *context, const unsigned char *data, unsigned int len)
1533 +SHA1_Update(SHA1_CTX *context, const u_int8_t *data, u_int32_t len)
1535 - unsigned int i, j;
1538 j = (context->count[0] >> 3) & 63;
1539 if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
1540 @@ -139,22 +139,24 @@
1541 /* Add padding and return the message digest. */
1544 -SHA1_Final(unsigned char digest[20], SHA1_CTX *context)
1545 +SHA1_Final(u_int8_t digest[SHA1_SIGNATURE_SIZE], SHA1_CTX *context)
1547 - unsigned long i, j;
1548 - unsigned char finalcount[8];
1550 + u_int8_t finalcount[8];
1552 for (i = 0; i < 8; i++) {
1553 - finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
1554 + finalcount[i] = (u_int8_t) ((context->count[(i >= 4 ? 0 : 1)]
1555 >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
1557 - SHA1_Update(context, (unsigned char *) "\200", 1);
1558 + SHA1_Update(context, (u_int8_t *) "\200", 1);
1559 while ((context->count[0] & 504) != 448) {
1560 - SHA1_Update(context, (unsigned char *) "\0", 1);
1561 + SHA1_Update(context, (u_int8_t *) "\0", 1);
1564 SHA1_Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
1566 for (i = 0; i < 20; i++) {
1567 - digest[i] = (unsigned char)
1568 + digest[i] = (u_int8_t)
1569 ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
1571 /* Wipe variables */
1573 SHA1Transform(context->state, context->buffer);
1577 diff -ruN ppp-2.4.2.orig/pppd/sha1.h ppp-2.4.2-stdopt/pppd/sha1.h
1578 --- ppp-2.4.2.orig/pppd/sha1.h 2002-11-09 12:24:42.000000000 +0100
1579 +++ ppp-2.4.2-stdopt/pppd/sha1.h 2004-08-15 15:00:55.000000000 +0200
1582 #ifndef __SHA1_INCLUDE_
1584 +#include <sys/types.h>
1586 #ifndef SHA1_SIGNATURE_SIZE
1587 #ifdef SHA_DIGESTSIZE
1588 #define SHA1_SIGNATURE_SIZE SHA_DIGESTSIZE
1593 - unsigned long state[5];
1594 - unsigned long count[2];
1595 - unsigned char buffer[64];
1596 + u_int32_t state[5];
1597 + u_int32_t count[2];
1598 + u_int8_t buffer[64];
1601 extern void SHA1_Init(SHA1_CTX *);
1602 -extern void SHA1_Update(SHA1_CTX *, const unsigned char *, unsigned int);
1603 -extern void SHA1_Final(unsigned char[SHA1_SIGNATURE_SIZE], SHA1_CTX *);
1604 +extern void SHA1_Update(SHA1_CTX *, const u_int8_t *, u_int32_t);
1605 +extern void SHA1_Final(u_int8_t[SHA1_SIGNATURE_SIZE], SHA1_CTX *);
1607 #define __SHA1_INCLUDE_
1608 #endif /* __SHA1_INCLUDE_ */
projects / librecmc / librecmc.git / blob