Age | Commit message (Collapse) | Author |
|
from Tobias Ulmer (tobiasu at tmux.org); ok jmc@, krw@
|
|
Reported and tested by sebastia@
ok sthen sebastia giovanni
|
|
by default. After this change we need to add
ppp.ingress_filter: true
to npppd.conf if it is needed.
ok sthen
|
|
|
|
scratch, it uses parser.c derived from ikectl(8) to have OpenBSD's
fashion. This includes related changes listed below:
- changed npppd control IPC heavyly.
- support IPv6 as tunnel source address.
- deleted support changing the configuration of npppd_ctl on running.
Because it is not so needed but it requires privilege operations.
- refactors.
man page helps from jmc. tested by sebastia.
ok deraadt sebastia sthen
|
|
ok sebastia sthen
|
|
OK yasuoka@
|
|
|
|
ok deraadt@ henning@
|
|
reorder packets to pass to the upper layer without reorder. It
will improve performance (throughput or loss rate) for PPTP or
L2TP(/IPesc) on networks that latency is unstable such as mobile
network.
As our test environment (bandwidth: 6Mbps, latency: 50ms for 97% of
traffic and 52ms for rest of traffic), throughput has changed from
0.76MB to 2.17MB on file upload by PPTP connected Windows Vista
ftp.exe.
Developed by UMEZAWA Takeshi at IIJ.
ok jmatthew@
tested jmatthew@ and myself.
|
|
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled
and it will not process packets from wire. Update man pages and
update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
|
|
- Changed finalizing way to the privileged process. In old way, the
privileged process could not aware abnormal exit of the process in
jail. Then the processes in jail remained as zombies. Created a
pipe to monitor the privileged process, the privileged process can
exit in peace by using the pipe.
- npppd will exit abnormally when the privileged process exits
abnormally.
- PF_KEY socket requires privileges.
- Return correct "errno" to the jail in priv_open().
- Cleanup.
ok hsuenaga@
|
|
|
|
- Add functions to radius+.c that are required to implement RADIUS
accounting.
- Send RADIUS Account-Start and Account-Stop messages with attributes that
are defined by RFC 2866, 2868, 2869.
- If any authentication realm is deleted from the configuration, npppd may
exit by segmentation fault.
- Delete radius_common.c, radius_common.h and eap.c because they are not
used.
- Retransmission and failover are reimplemented.
- Cleanup
|
|
failures. 'errno' returned by the privileged process was not initialized.
'tolen' in priv_sendto() was garbage.
ok hsuenaga@
|
|
|
|
pppx mode will create a pppx interface for each ppp session in the kernel,
and will rely on the kernel to handle the routing rather than doing it
itself. as a bonus it will configure the interfaces description with the
username of the person connecting (which makes systat if pretty).
ok claudio@ yasuoka@ as part of a larger diff
from jonathan matthew
weve been running all this in production for a month now..
|
|
ok yasuoka@
|
|
ok yasuoka@
|
|
diff from yasuoka@
ok deraadt@
|
|
ok sthen@
|
|
to the gre socket.
|
|
because iPhone doesn't support modp2048.
|
|
- pipex requires unique session-id in protocol, so session-id
generation algorithm has been changed.
- change to fit the new PIPEX ioctl.
ok dlg@
|
|
CCP is failed to be opened because the peer doesn't support MPPE. Fixed to
setup a PIPEX on such case.
|
|
ok yasuoka@
|
|
was not enabled, we use a kernel routing socket for such things.
ok yasuoka@ claudio@
|
|
copy sbin/iked/chap_ms.[ch] and fixed chap.c and eap.c to compile with it.
|
|
ok yasuoka@
|
|
out-of-date-ed after my privilege separation work at n2k10.
|
|
Spotted by Mike Belopuhov, ok yasuoka@
|
|
|
|
|
|
|
|
- delete a change only for debug
- add missing 'else'
|
|
(this should be included in my previous commit)
|
|
done by IIJ people (MATSUI Yoshihiro, SAITOH Masanobu, Tomoyuki Sahara),
yuo@ and myself.
This diff also includes
- delete part of useless comments, correct spelling.
- add man page of npppdctl.
There is no functional change.
|
|
C application.
OK yasuoka@, reyk@
|
|
everything is done.
|
|
- Drop privilege after daemon initializing.
- Some system calls that requires root privileges were replaced to
wrapper functions that communicate with a separated privileged
process via IPC. And the privileged process checks whether the
operations are acceptable.
|
|
(found by parfait, reported by jsg@)
|
|
AF_INET. It should be AF_UNIX.
|
|
|
|
ok @dlg
|
|
ppp sessions as a server. It supports L2TP, PPTP and PPPoE as
tunneling.
ok mcbride@ dlg@ deraadt@ reyk@.
|