Import version 1.5 of ppp.

<sales>
This is a user-level ppp implementation that uses the
tun driver.  It was originally created by a Japanese
ISP.  It's now piled with features.  Check the man pages
for details.
</sales>

The sources are identical to the ones in FreeBSD, except
for the Makefile.

IP aliasing (NAT) is disabled, and can be enabled by simply
doing a ``make install'' of libalias, then rebuilding
ppp.  I'll create libalias as a port soon.

4 files changed, 419 insertions, 0 deletions

diff --git a/etc/ppp/ppp.conf.sample b/etc/ppp/ppp.conf.sample
new file mode 100644
index 00000000000..6543fff16c2
--- /dev/null
+++ b/etc/ppp/ppp.conf.sample
@@ -0,0 +1,315 @@
+#################################################################
+#
+#  	PPP  Sample Configuration File
+#
+#	  Originally written by Toshiharu OHNO
+#
+# $Id: ppp.conf.sample,v 1.1 1997/11/23 20:27:39 brian Exp $
+#
+#################################################################
+
+# This file is separated into sections.  Each section is named with
+# a label starting in column 0 and followed directly by a ``:''.  The
+# section continues until the next section.  Blank lines and lines
+# beginning with ``#'' are ignored.
+#
+# Lines beginning with "!include" will ``include'' another file.  You
+# may want to ``!include ~/.ppp.conf'' for backwards compatibility.
+#
+
+# Default setup. Always executed when PPP is invoked.
+#  This section is *not* loaded by the ``load'' or ``dial'' commands.
+#
+#  This is the best place to specify your modem device, it's DTR rate,
+#  and any logging specification.  Logging specs should be done first
+#  so that subsequent commands are logged.
+#
+default:
+ set log Phase Chat Connect Carrier LCP IPCP CCP tun command
+ set device /dev/cuaa1
+ set speed 115200
+ deny lqr
+ set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
+
+# Client side PPP
+#
+#  Although the PPP protocol is a peer to peer protocol, we normally
+#  consider the side that makes the connection as the client and the
+#  side that receives the connection as the server.  Authentication
+#  is required by the server either using a unix-style login proceedure
+#  or by demanding PAP or CHAP authentication from the client.
+#
+
+# An on demand example where we have dynamic IP addresses:
+#  If the peer assigns us an arbitrary IP (most ISPs do this) and we
+#  can't predict what their IP will be either, take a wild guess at
+#  some IPs that you can't currently route to.  Ensure that the "delete"
+#  and "add" lines are also present in the pmdemand section of ppp.linkup
+#  so that when we connect, things will be put straight.
+#
+#  This will work with static IP numbers too.  You can also use this entry
+#  if you don't want on-demand dialup.  The "set ifaddr", "delete" and
+#  "add" lines are required for on-demand.  Note, for dynamic IP numbers,
+#  whether dialing manually or on demand, there should *always* be an entry
+#  in ppp.linkup.
+#
+#  The /0 bit in "set ifaddr" says that we insist on 0 bits of the
+#  specified IP actually being correct, therefore, the other side can assign
+#  any IP numbers.
+#
+#  The forth arg to "set ifaddr" makes us send "0.0.0.0" as our requested
+#  IP number, forcing the peer to make the decision.
+#
+pmdemand:
+ set phone 1234567
+ set login "TIMEOUT 5 ogin:--ogin: ppp word: ppp"
+ set timeout 120
+ set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
+ delete ALL
+ add 0 0 HISADDR
+
+# When we want to use PAP or CHAP instead of using a unix-style login
+# proceedure, we do the following.  Note, the peer suggests whether we
+# should send PAP or CHAP.  By default, we send whatever we're asked for.
+#
+PAPorCHAPpmdemand:
+ set phone 1234567
+ set login
+ set authname MyName
+ set authkey MyKey
+ set timeout 120
+ set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
+ delete ALL
+ add 0 0 HISADDR
+
+# On demand dialup example with static IP addresses:
+#  Here, the local side uses 192.244.185.226 and the remote side
+#  uses 192.244.176.44.
+#
+#  # ppp -auto ondemand
+#
+#  It is not necessary to have an entry in ppp.linkup when both IP numbers
+#  are static.  Be warned though, the MYADDR: label is executed from
+#  ppp.linkup if the "ondemand:" and "192.244.176.44" labels are not found.
+#
+ondemand:
+ set phone 1234567
+ set login "TIMEOUT 5 ogin:--ogin: ppp word: ppp"
+ set timeout 120
+ set ifaddr 192.244.185.226 192.244.176.44 255.255.255.0
+ delete ALL
+ add 0 0 HISADDR
+
+#                          Example segments
+#
+# The following lines may be included as part of your configuration
+# section and aren't themselves complete.  They're provided as examples
+# of how to achieve different things.
+
+examples:
+# Multi-phone example.  Numbers separated by a : are used sequentially.
+# Numbers separated by a | are used if the previous dial or login script
+# failed.  Usually, you will prefer to use only one of | or :, but both
+# are allowed.
+#
+    set phone 12345678|12345679:12345670|12345671
+#
+# When in -auto, -ddial, -direct or -background mode, ppp can accept
+# control instructions from the ``pppctl'' program.  First, you must
+# set up your control socket.  It's safest to use a UNIX domain socket:
+#
+    set server /var/run/internet 0660
+#
+# Although a TCP port may be used if you want to allow control
+# connections from other machines:
+#
+    set server 6670
+#
+# If we have a ``strange'' modem that must be re-initialized when we
+# hangup:
+#
+    set hangup "\"\" AT OK-AT-OK ATZ OK"
+#
+# To adjust logging withouth blasting the setting in default:
+#
+    set log -command +tcp/ip
+#
+# To see log messages on the screen in interactive mode:
+#
+    set log local LCP IPCP CCP
+#
+# If you're seeing a lot of magic number problems and failed connections,
+# try this (check out the FAQ):
+#
+    set openmode passive
+#
+# For noisy lines, we may want to reconnect (up to 20 times) after loss
+# of carrier:
+#
+    set reconnect 3 20
+#
+# When playing server for M$ clients, tell them who our name servers are:
+#
+    set ns 10.0.0.1 10.0.0.2
+    set nbns 10.0.0.1 10.0.0.2
+    enable msext
+#
+# If we're using the -alias switch, redirect ftp and http to an internal
+# machine:
+#
+    alias port 10.0.0.2:ftp ftp
+    alias port 10.0.0.2:http http
+#
+# or don't trust the outside at all
+#
+    alias deny_incoming yes
+#
+# I trust user brian to run ppp, so this goes in the `default' section:
+#
+    allow user brian
+#
+# But label `internet' contains passwords that even brian can't have, so
+# I empty out the user access list in that section:
+#
+    allow users
+#
+# I also may wish to set up my ppp login script so that it asks the client
+# for the label they wish to use.  I may only want user ``dodgy'' to access
+# their own label in direct mode:
+#
+dodgy:
+    allow user dodgy
+    allow mode direct
+#
+# If we don't want ICMP and DNS packets to keep the connection alive:
+#
+    set afilter 0 deny icmp
+    set afilter 1 deny udp src eq 53
+    set afilter 2 deny udp dst eq 53
+    set afilter 3 permit 0/0 0/0
+#
+# And we don't want ICMPs to cause a dialup:
+#
+    set dfilter 0 deny icmp
+    set dfilter 1 permit 0/0 0/0
+#
+# Once the line's up, allow connections for ident (113), telnet (23),
+# ftp (20 & 21), DNS (53), my place of work (192.244.191.0/24),
+# ICMP (ping) and traceroute (>33433).
+#
+# Anything else is blocked by default
+#
+    set ifilter 0 permit tcp dst eq 113
+    set ofilter 0 permit tcp src eq 113
+    set ifilter 1 permit tcp src eq 23 estab
+    set ofilter 1 permit tcp dst eq 23
+    set ifilter 2 permit tcp src eq 21 estab
+    set ofilter 2 permit tcp dst eq 21
+    set ifilter 3 permit tcp src eq 20 dst gt 1023
+    set ofilter 3 permit tcp dst eq 20
+    set ifilter 4 permit udp src eq 53
+    set ofilter 4 permit udp dst eq 53
+    set ifilter 5 permit 192.244.191.0/24 0/0
+    set ofilter 5 permit 0/0 192.244.191.0/24
+    set ifilter 6 permit icmp
+    set ofilter 6 permit icmp
+    set ifilter 7 permit udp dst gt 33433
+    set ofilter 7 permit udp dst gt 33433
+
+
+# Server side PPP
+#  If you want the remote system to authenticate itself, you insist
+#  that the peer uses CHAP (or PAP) with the "enable" keyword.  Both CHAP and
+#  PAP are disabled by default (we usually only "enable" on of them if the
+#  other side is dialing into our server).
+#  When the peer authenticates itself, we use ppp.secret for verification.
+#
+#  Ppp is launched with:
+#   # ppp -direct CHAPserver
+#
+#  Note:  We can supply a third field in ppp.secret specifying the IP address
+#         for that user.
+#
+CHAPserver:
+ enable chap
+ enable proxy
+ set ifaddr 192.244.176.44 292.244.184.31
+
+# If we wish to act as a server, allowing PAP access according to
+# accounts in /etc/passwd, we do this:
+#
+PAPServerwithPASSWD:
+ enable pap
+ enable passwdauth
+ enable proxy
+ set ifaddr 192.244.176.44 292.244.184.31
+
+
+# Example to connect using a null-modem cable:
+#  The important thing here is to allow the lqr packets on both sides.
+#  Without them enabled, we can't tell if the line's dropped - there
+#  should always be carrier on a direct connection.
+#  Here, the server sends lqr's every 10 seconds and quits if three in a
+#  row fail.
+#
+#  Make sure you don't have "deny lqr" in your default: on the client !
+#
+direct-client:
+ set dial ""
+ set line /dev/cuaa0
+ set sp 115200
+ set timeout 900 10 3
+ set log Phase Chat LQM
+ set login "TIMEOUT 5 ogin:--ogin: ppp word: ppp HELLO"
+ set ifaddr 10.0.4.2 10.0.4.1
+ enable lqr
+ accept lqr
+ 
+direct-server:
+ set timeout 900 10 3
+ set log Phase LQM
+ set ifaddr 10.0.4.1 10.0.4.2
+ enable lqr
+ accept lqr
+
+
+# Example for PPP over TCP.
+#  We assume that inetd on tcpsrv.mynet has been
+#  configured to run "ppp -direct tcp-server" when it gets a connection on
+#  port 1234.  Read the man page for further details
+#
+tcp-client:
+ set device tcpsrv.mynet:1234
+ set dial
+ set login
+ set escape 0xff
+ set ifaddr 10.0.5.1 10.0.4.1 255.255.255.0
+
+tcp-server:
+ set escape 0xff
+ set ifaddr 10.0.4.1 10.0.5.1 255.255.255.0
+
+# If you want to test ppp, do it through a loopback:
+#
+# Requires a line in /etc/services:
+#   ppploop 6671/tcp # loopback ppp daemon
+#
+# and a line in /etc/inetd.conf:
+#   ppploop stream tcp nowait root /usr/sbin/ppp ppp -direct loop-in
+#
+loop:
+ set timeout 0
+ set log phase chat connect lcp ipcp command
+ set device localhost:ppploop
+ set dial
+ set login
+ set escape 0xff
+ set ifaddr 127.0.0.2 127.0.0.3
+ set openmode passive
+ set server /tmp/loop ""
+ 
+loop-in:
+ set timeout 0
+ set log phase chat connect lcp ipcp command
+ set escape 0xff
+ allow mode direct
diff --git a/etc/ppp/ppp.linkdown.sample b/etc/ppp/ppp.linkdown.sample
new file mode 100644
index 00000000000..24f75d37895
--- /dev/null
+++ b/etc/ppp/ppp.linkdown.sample
@@ -0,0 +1,26 @@
+#########################################################################
+#
+#          Example of ppp.linkdown file
+#
+#  This file is checked when ppp closes a connection.
+#  ppp searches the labels in this file as follows:
+#
+#  1) The label that matches the IP number assigned to our side.
+#
+#  2) The label specified on the command line to ppp.
+#
+#  3) If no label has been found, use MYADDR if it exists.
+#
+#
+# $Id: ppp.linkdown.sample,v 1.1 1997/11/23 20:27:39 brian Exp $
+#
+#########################################################################
+
+# We don't really need to do much here.  If we have notified a DNS
+# of our temporary IP number, we may want to ``un-notify'' them.
+#
+# If you're into sound effects when the link goes down, you can run
+# ``auplay'' (assuming NAS is installed and configured).
+#
+MYADDR:
+ !bg /usr/X11R6/bin/auplay /etc/ppp/linkdown.au
diff --git a/etc/ppp/ppp.linkup.sample b/etc/ppp/ppp.linkup.sample
new file mode 100644
index 00000000000..81e190d08c9
--- /dev/null
+++ b/etc/ppp/ppp.linkup.sample
@@ -0,0 +1,55 @@
+#########################################################################
+#
+#          Example of ppp.linkup file
+#
+#  This file is checked when ppp establishes a connection.
+#  ppp searches the labels in this file as follows:
+#
+#  1) The label that matches the IP number assigned to our side.
+#
+#  2) The label specified on the command line to ppp.
+#
+#  3) If no label has been found, use MYADDR if it exists.
+#
+#
+# $Id: ppp.linkup.sample,v 1.1 1997/11/23 20:27:40 brian Exp $
+#
+#########################################################################
+
+# By default, simply delete any existing default route and add the peer
+# as default gateway.
+# If you're into sound effects when the link comes up, you can run
+# ``auplay'' (assuming NAS is installed and configured).
+#
+MYADDR:
+ delete 0
+ add 0 0 HISADDR
+ !bg /usr/X11R6/bin/auplay /etc/ppp/linkup.au
+
+# If we've got 192.244.176.32 as our address, then regard peer as a gateway
+# to 192.244.176.0 network.
+#
+192.244.176.32:
+ add 192.244.176.0 0 HISADDR
+
+# If we are invoked with an argument ``pmdemand'', then
+# delete all existing (wrong) routing entries and add the peer IP
+# as our default gateway.
+# This is vital if you don't already know either sides IP number.
+#
+# We also want to execute a script on startup.  This script can do
+# nice things such as kick off "sendmail -q", "popclient my.isp" and
+# "slurp -d news".  It can be passed MYADDR, HISADDR and INTERFACE
+# as arguments too - useful for informing a DNS of your assigned IP.
+#
+pmdemand:
+ delete ALL
+ add 0 0 HISADDR
+ !bg /etc/ppp/ppp.etherup.pmdemand
+
+# If your minimum call charge is 5 minutes, you may as well stay on
+# the line for that amount of time.  If we want a 60 second subsequent
+# timeout, set your timeout to 300 in ppp.conf and then do this:
+# 
+min5minutes:
+ !bg sh -c "sleep 240; pppctl -p mypassword 3000 set timeout 60"
diff --git a/etc/ppp/ppp.secret.sample b/etc/ppp/ppp.secret.sample
new file mode 100644
index 00000000000..4eae552a5ab
--- /dev/null
+++ b/etc/ppp/ppp.secret.sample
@@ -0,0 +1,23 @@
+##################################################
+#
+#          Example of ppp.secret file
+#
+#  This file is used to authenticate incoming connections.
+#  You must ``enable'' either PAP or CHAP in your ppp.conf file.
+#  The peer may then use any of the Authname/Authkey pairs listed.
+#  If an IP address is given, it will be assigned to the peer.
+#  
+#  If an entry exists for your local machine (as given by the
+#  ``hostname -s'' command), the password specified will be
+#  required for all server socket connections.  Refer to the ppp(8)
+#  and pppctl(8) man pages for further details.
+#
+# $Id: ppp.secret.sample,v 1.1 1997/11/23 20:27:40 brian Exp $
+#
+##################################################
+
+# Authname	Authkey			Peer's IP address
+
+oscar		OurSecretKey		192.244.184.34/24
+BigBird		X4dWg9327		192.244.184.33/32
+tama		localPasswdForControl