X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/f52d66ff00b24111f87c274d3d7085ef2e1d27b1..a6e86dfede9e41ca29aba09133236a5fa8c885b3:/package/ppp/patches/201-mppe_mppc_1.1.patch diff --git a/package/ppp/patches/201-mppe_mppc_1.1.patch b/package/ppp/patches/201-mppe_mppc_1.1.patch index 7e09f1a79..93312baee 100644 --- a/package/ppp/patches/201-mppe_mppc_1.1.patch +++ b/package/ppp/patches/201-mppe_mppc_1.1.patch @@ -1,6 +1,5 @@ -diff -ruN ppp-2.4.3.orig/include/linux/ppp-comp.h ppp-2.4.3/include/linux/ppp-comp.h ---- ppp-2.4.3.orig/include/linux/ppp-comp.h 2002-12-06 10:49:15.000000000 +0100 -+++ ppp-2.4.3/include/linux/ppp-comp.h 2004-11-21 13:54:09.000000000 +0100 +--- a/include/linux/ppp-comp.h ++++ b/include/linux/ppp-comp.h @@ -36,7 +36,7 @@ */ @@ -10,7 +9,7 @@ diff -ruN ppp-2.4.3.orig/include/linux/ppp-comp.h ppp-2.4.3/include/linux/ppp-co * * NOTE TO MAINTAINERS: * If you modify this file at all, please set the above date. -@@ -86,7 +86,7 @@ +@@ -86,7 +86,7 @@ struct compressor { /* Compress a packet */ int (*compress) (void *state, unsigned char *rptr, @@ -19,7 +18,7 @@ diff -ruN ppp-2.4.3.orig/include/linux/ppp-comp.h ppp-2.4.3/include/linux/ppp-co /* Return compression statistics */ void (*comp_stat) (void *state, struct compstat *stats); -@@ -107,7 +107,7 @@ +@@ -107,7 +107,7 @@ struct compressor { /* Decompress a packet. */ int (*decompress) (void *state, unsigned char *ibuf, int isize, @@ -28,7 +27,7 @@ diff -ruN ppp-2.4.3.orig/include/linux/ppp-comp.h ppp-2.4.3/include/linux/ppp-co /* Update state for an incompressible packet received */ void (*incomp) (void *state, unsigned char *ibuf, int icnt); -@@ -288,6 +288,33 @@ +@@ -288,6 +288,33 @@ struct compressor { opts |= MPPE_OPT_UNKNOWN; \ } while (/* CONSTCOND */ 0) @@ -62,10 +61,9 @@ diff -ruN ppp-2.4.3.orig/include/linux/ppp-comp.h ppp-2.4.3/include/linux/ppp-co /* * Definitions for other, as yet unsupported, compression methods. */ -diff -ruN ppp-2.4.3.orig/include/net/ppp-comp.h ppp-2.4.3/include/net/ppp-comp.h ---- ppp-2.4.3.orig/include/net/ppp-comp.h 2002-12-06 10:49:15.000000000 +0100 -+++ ppp-2.4.3/include/net/ppp-comp.h 2004-11-21 13:54:09.000000000 +0100 -@@ -255,6 +255,33 @@ +--- a/include/net/ppp-comp.h ++++ b/include/net/ppp-comp.h +@@ -255,6 +255,33 @@ struct compressor { opts |= MPPE_OPT_UNKNOWN; \ } while (/* CONSTCOND */ 0) @@ -99,10 +97,9 @@ diff -ruN ppp-2.4.3.orig/include/net/ppp-comp.h ppp-2.4.3/include/net/ppp-comp.h /* * Definitions for other, as yet unsupported, compression methods. */ -diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c ---- ppp-2.4.3.orig/pppd/ccp.c 2004-11-13 03:28:15.000000000 +0100 -+++ ppp-2.4.3/pppd/ccp.c 2004-11-21 13:54:09.000000000 +0100 -@@ -62,12 +62,10 @@ +--- a/pppd/ccp.c ++++ b/pppd/ccp.c +@@ -62,12 +62,10 @@ static int setdeflate __P((char **)); static char bsd_value[8]; static char deflate_value[8]; @@ -118,7 +115,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c static option_t ccp_option_list[] = { { "noccp", o_bool, &ccp_protent.enabled_flag, -@@ -108,54 +106,36 @@ +@@ -108,54 +106,36 @@ static option_t ccp_option_list[] = { "don't allow Predictor-1", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR, &ccp_allowoptions[0].predictor_1 }, @@ -202,7 +199,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c #endif /* MPPE */ { NULL } -@@ -241,7 +221,7 @@ +@@ -241,7 +221,7 @@ static fsm_callbacks ccp_callbacks = { */ #define ANY_COMPRESS(opt) ((opt).deflate || (opt).bsd_compress \ || (opt).predictor_1 || (opt).predictor_2 \ @@ -211,7 +208,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c /* * Local state (mainly for handling reset-reqs and reset-acks). -@@ -344,6 +324,100 @@ +@@ -344,6 +324,100 @@ setdeflate(argv) return 1; } @@ -312,7 +309,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c /* * ccp_init - initialize CCP. */ -@@ -378,6 +452,30 @@ +@@ -378,6 +452,30 @@ ccp_init(unit) ccp_allowoptions[0].bsd_bits = BSD_MAX_BITS; ccp_allowoptions[0].predictor_1 = 1; @@ -343,7 +340,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c } /* -@@ -455,11 +553,11 @@ +@@ -455,11 +553,11 @@ ccp_input(unit, p, len) if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) { notice("Compression disabled by peer."); #ifdef MPPE @@ -357,7 +354,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c } /* -@@ -487,6 +585,15 @@ +@@ -487,6 +585,15 @@ ccp_extcode(f, code, id, p, len) break; /* send a reset-ack, which the transmitter will see and reset its compression state. */ @@ -373,7 +370,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c fsm_sdata(f, CCP_RESETACK, id, NULL, 0); break; -@@ -515,12 +622,11 @@ +@@ -515,12 +622,11 @@ ccp_protrej(unit) fsm_lowerdown(&ccp_fsm[unit]); #ifdef MPPE @@ -388,7 +385,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c } /* -@@ -537,7 +643,7 @@ +@@ -537,7 +643,7 @@ ccp_resetci(f) all_rejected[f->unit] = 0; #ifdef MPPE @@ -397,7 +394,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c ccp_options *ao = &ccp_allowoptions[f->unit]; int auth_mschap_bits = auth_done[f->unit]; int numbits; -@@ -551,80 +657,109 @@ +@@ -551,80 +657,109 @@ ccp_resetci(f) * NB: If MPPE is required, all other compression opts are invalid. * So, we return right away if we can't do it. */ @@ -573,7 +570,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c if (go->bsd_compress) { opt_buf[0] = CI_BSD_COMPRESS; opt_buf[1] = CILEN_BSD_COMPRESS; -@@ -679,7 +814,8 @@ +@@ -679,7 +814,8 @@ ccp_cilen(f) + (go->deflate? CILEN_DEFLATE: 0) + (go->predictor_1? CILEN_PREDICTOR_1: 0) + (go->predictor_2? CILEN_PREDICTOR_2: 0) @@ -583,7 +580,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c } /* -@@ -693,6 +829,8 @@ +@@ -693,6 +829,8 @@ ccp_addci(f, p, lenp) { int res; ccp_options *go = &ccp_gotoptions[f->unit]; @@ -592,7 +589,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c u_char *p0 = p; /* -@@ -701,22 +839,43 @@ +@@ -701,22 +839,43 @@ ccp_addci(f, p, lenp) * in case it gets Acked. */ #ifdef MPPE @@ -645,7 +642,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c if (go->deflate) { p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT; p[1] = CILEN_DEFLATE; -@@ -802,7 +961,7 @@ +@@ -802,7 +961,7 @@ ccp_addci(f, p, lenp) /* * ccp_ackci - process a received configure-ack, and return @@ -654,7 +651,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c */ static int ccp_ackci(f, p, len) -@@ -811,24 +970,44 @@ +@@ -811,24 +970,44 @@ ccp_ackci(f, p, len) int len; { ccp_options *go = &ccp_gotoptions[f->unit]; @@ -708,7 +705,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c if (go->deflate) { if (len < CILEN_DEFLATE || p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) -@@ -891,7 +1070,7 @@ +@@ -891,7 +1070,7 @@ ccp_ackci(f, p, len) /* * ccp_nakci - process received configure-nak. @@ -717,8 +714,8 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c */ static int ccp_nakci(f, p, len, treat_as_reject) -@@ -900,6 +1079,8 @@ - int len; +@@ -901,6 +1080,8 @@ ccp_nakci(f, p, len, treat_as_reject) + int treat_as_reject; { ccp_options *go = &ccp_gotoptions[f->unit]; + ccp_options *ao = &ccp_allowoptions[f->unit]; @@ -726,7 +723,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c ccp_options no; /* options we've seen already */ ccp_options try; /* options to ask for next time */ -@@ -907,28 +1088,100 @@ +@@ -908,28 +1089,100 @@ ccp_nakci(f, p, len, treat_as_reject) try = *go; #ifdef MPPE @@ -845,7 +842,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c if (go->deflate && len >= CILEN_DEFLATE && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) && p[1] == CILEN_DEFLATE) { -@@ -1001,14 +1254,50 @@ +@@ -1002,14 +1255,50 @@ ccp_rejci(f, p, len) return -1; #ifdef MPPE @@ -900,7 +897,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c if (go->deflate_correct && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) { if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) -@@ -1072,14 +1361,15 @@ +@@ -1073,14 +1362,15 @@ ccp_reqci(f, p, lenp, dont_nak) int dont_nak; { int ret, newret, res; @@ -920,42 +917,34 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c ret = CONFACK; retp = p0 = p; -@@ -1102,103 +1392,305 @@ +@@ -1103,106 +1393,302 @@ ccp_reqci(f, p, lenp, dont_nak) switch (type) { #ifdef MPPE case CI_MPPE: - if (!ao->mppe || clen != CILEN_MPPE) { -+ if ((!ao->mppc && !ao->mppe) || clen != CILEN_MPPE) { ++ if ((!ao->mppc && !ao->mppe) || clen != CILEN_MPPE) { newret = CONFREJ; break; } - MPPE_CI_TO_OPTS(&p[2], ho->mppe); - +- - /* Nak if anything unsupported or unknown are set. */ - if (ho->mppe & MPPE_OPT_UNSUPPORTED) { -- newret = CONFNAK; ++ p2 = p[2]; ++ p5 = p[5]; ++ /* not sure what they want, tell 'em what we got */ ++ if (((p[2] & ~MPPE_STATELESS) != 0 || p[3] != 0 || p[4] != 0 || ++ (p[5] & ~(MPPE_40BIT | MPPE_56BIT | MPPE_128BIT | ++ MPPE_MPPC)) != 0 || p[5] == 0) || ++ (p[2] == 0 && p[3] == 0 && p[4] == 0 && p[5] == 0)) { + newret = CONFNAK; - ho->mppe &= ~MPPE_OPT_UNSUPPORTED; - } - if (ho->mppe & MPPE_OPT_UNKNOWN) { -+ p2 = p[2]; -+ p5 = p[5]; -+ /* not sure what they want, tell 'em what we got */ -+ if (((p[2] & ~MPPE_STATELESS) != 0 || p[3] != 0 || p[4] != 0 || -+ (p[5] & ~(MPPE_40BIT | MPPE_56BIT | MPPE_128BIT | -+ MPPE_MPPC)) != 0 || p[5] == 0) || -+ (p[2] == 0 && p[3] == 0 && p[4] == 0 && p[5] == 0)) { - newret = CONFNAK; +- newret = CONFNAK; - ho->mppe &= ~MPPE_OPT_UNKNOWN; -+ p[2] = (wo->mppe_stateless ? MPPE_STATELESS : 0); -+ p[3] = 0; -+ p[4] = 0; -+ p[5] = (wo->mppe_40 ? MPPE_40BIT : 0) | -+ (wo->mppe_56 ? MPPE_56BIT : 0) | -+ (wo->mppe_128 ? MPPE_128BIT : 0) | -+ (wo->mppc ? MPPE_MPPC : 0); -+ break; - } - +- } +- - /* Check state opt */ - if (ho->mppe & MPPE_OPT_STATEFUL) { - /* @@ -966,58 +955,43 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c - */ - if (refuse_mppe_stateful) { - error("Refusing MPPE stateful mode offered by peer"); -+ if ((p[5] & MPPE_MPPC)) { -+ if (ao->mppc) { -+ ho->mppc = 1; -+ BCOPY(p, opt_buf, CILEN_MPPE); -+ opt_buf[2] = opt_buf[3] = opt_buf[4] = 0; -+ opt_buf[5] = MPPE_MPPC; -+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE, 1) <= 0) { -+ ho->mppc = 0; -+ p[5] &= ~MPPE_MPPC; -+ newret = CONFNAK; -+ } -+ } else { - newret = CONFREJ; +- newret = CONFREJ; - break; -+ if (wo->mppe || ao->mppe) { -+ p[5] &= ~MPPE_MPPC; -+ newret = CONFNAK; -+ } -+ } -+ } -+ -+ if (ao->mppe) -+ ho->mppe = 1; ++ p[2] = (wo->mppe_stateless ? MPPE_STATELESS : 0); ++ p[3] = 0; ++ p[4] = 0; ++ p[5] = (wo->mppe_40 ? MPPE_40BIT : 0) | ++ (wo->mppe_56 ? MPPE_56BIT : 0) | ++ (wo->mppe_128 ? MPPE_128BIT : 0) | ++ (wo->mppc ? MPPE_MPPC : 0); ++ break; ++ } + -+ if ((p[2] & MPPE_STATELESS)) { -+ if (ao->mppe_stateless) { -+ if (wo->mppe_stateless) -+ ho->mppe_stateless = 1; -+ else { -+ newret = CONFNAK; -+ if (!dont_nak) -+ p[2] &= ~MPPE_STATELESS; -+ } -+ } else { -+ newret = CONFNAK; -+ if (!dont_nak) -+ p[2] &= ~MPPE_STATELESS; -+ } -+ } else { -+ if (wo->mppe_stateless && !dont_nak) { -+ wo->mppe_stateless = 0; -+ newret = CONFNAK; -+ p[2] |= MPPE_STATELESS; ++ if ((p[5] & MPPE_MPPC)) { ++ if (ao->mppc) { ++ ho->mppc = 1; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ opt_buf[2] = opt_buf[3] = opt_buf[4] = 0; ++ opt_buf[5] = MPPE_MPPC; ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE, 1) <= 0) { ++ ho->mppc = 0; ++ p[5] &= ~MPPE_MPPC; ++ newret = CONFNAK; ++ } ++ } else { ++ newret = CONFREJ; ++ if (wo->mppe || ao->mppe) { ++ p[5] &= ~MPPE_MPPC; ++ newret = CONFNAK; ++ } } } - +- - /* Find out which of {S,L} are set. */ - if ((ho->mppe & MPPE_OPT_128) - && (ho->mppe & MPPE_OPT_40)) { - /* Both are set, negotiate the strongest. */ -+ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_56BIT|MPPE_128BIT)) { - newret = CONFNAK; +- newret = CONFNAK; - if (ao->mppe & MPPE_OPT_128) - ho->mppe &= ~MPPE_OPT_40; - else if (ao->mppe & MPPE_OPT_40) @@ -1025,179 +999,200 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c - else { - newret = CONFREJ; - break; -+ if (ao->mppe_128) { -+ ho->mppe_128 = 1; -+ p[5] &= ~(MPPE_40BIT|MPPE_56BIT); -+ BCOPY(p, opt_buf, CILEN_MPPE); -+ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], -+ MPPE_MAX_KEY_LEN); -+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + -+ MPPE_MAX_KEY_LEN, 1) <= 0) { -+ ho->mppe_128 = 0; -+ p[5] |= (MPPE_40BIT|MPPE_56BIT); -+ p[5] &= ~MPPE_128BIT; -+ goto check_mppe_56_40; -+ } -+ goto check_mppe; - } +- } - } else if (ho->mppe & MPPE_OPT_128) { - if (!(ao->mppe & MPPE_OPT_128)) { - newret = CONFREJ; - break; -+ p[5] &= ~MPPE_128BIT; -+ goto check_mppe_56_40; -+ } -+ if ((p[5] & ~MPPE_MPPC) == (MPPE_56BIT|MPPE_128BIT)) { -+ newret = CONFNAK; -+ if (ao->mppe_128) { -+ ho->mppe_128 = 1; -+ p[5] &= ~MPPE_56BIT; -+ BCOPY(p, opt_buf, CILEN_MPPE); -+ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], -+ MPPE_MAX_KEY_LEN); -+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + -+ MPPE_MAX_KEY_LEN, 1) <= 0) { -+ ho->mppe_128 = 0; -+ p[5] |= MPPE_56BIT; -+ p[5] &= ~MPPE_128BIT; -+ goto check_mppe_56; -+ } -+ goto check_mppe; - } +- } - } else if (ho->mppe & MPPE_OPT_40) { - if (!(ao->mppe & MPPE_OPT_40)) { - newret = CONFREJ; - break; -+ p[5] &= ~MPPE_128BIT; -+ goto check_mppe_56; -+ } -+ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_128BIT)) { -+ newret = CONFNAK; -+ if (ao->mppe_128) { -+ ho->mppe_128 = 1; -+ p[5] &= ~MPPE_40BIT; -+ BCOPY(p, opt_buf, CILEN_MPPE); +- } ++ if (ao->mppe) ++ ho->mppe = 1; ++ ++ if ((p[2] & MPPE_STATELESS)) { ++ if (ao->mppe_stateless) { ++ if (wo->mppe_stateless) ++ ho->mppe_stateless = 1; ++ else { ++ newret = CONFNAK; ++ if (!dont_nak) ++ p[2] &= ~MPPE_STATELESS; ++ } ++ } else { ++ newret = CONFNAK; ++ if (!dont_nak) ++ p[2] &= ~MPPE_STATELESS; ++ } ++ } else { ++ if (wo->mppe_stateless && !dont_nak) { ++ wo->mppe_stateless = 0; ++ newret = CONFNAK; ++ p[2] |= MPPE_STATELESS; ++ } ++ } ++ ++ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_56BIT|MPPE_128BIT)) { ++ newret = CONFNAK; ++ if (ao->mppe_128) { ++ ho->mppe_128 = 1; ++ p[5] &= ~(MPPE_40BIT|MPPE_56BIT); ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_128 = 0; ++ p[5] |= (MPPE_40BIT|MPPE_56BIT); ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_56_40; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_56_40; ++ } ++ if ((p[5] & ~MPPE_MPPC) == (MPPE_56BIT|MPPE_128BIT)) { ++ newret = CONFNAK; ++ if (ao->mppe_128) { ++ ho->mppe_128 = 1; ++ p[5] &= ~MPPE_56BIT; ++ BCOPY(p, opt_buf, CILEN_MPPE); + BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], -+ MPPE_MAX_KEY_LEN); -+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + -+ MPPE_MAX_KEY_LEN, 1) <= 0) { -+ ho->mppe_128 = 0; -+ p[5] |= MPPE_40BIT; -+ p[5] &= ~MPPE_128BIT; -+ goto check_mppe_40; -+ } -+ goto check_mppe; -+ } ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_128 = 0; ++ p[5] |= MPPE_56BIT; ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_56; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_56; ++ } ++ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_128BIT)) { ++ newret = CONFNAK; ++ if (ao->mppe_128) { ++ ho->mppe_128 = 1; ++ p[5] &= ~MPPE_40BIT; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_128 = 0; ++ p[5] |= MPPE_40BIT; ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_40; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_40; ++ } ++ if ((p[5] & ~MPPE_MPPC) == MPPE_128BIT) { ++ if (ao->mppe_128) { ++ ho->mppe_128 = 1; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_128 = 0; ++ p[5] &= ~MPPE_128BIT; ++ newret = CONFNAK; ++ } ++ goto check_mppe; ++ } + p[5] &= ~MPPE_128BIT; -+ goto check_mppe_40; -+ } -+ if ((p[5] & ~MPPE_MPPC) == MPPE_128BIT) { -+ if (ao->mppe_128) { -+ ho->mppe_128 = 1; -+ BCOPY(p, opt_buf, CILEN_MPPE); -+ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], -+ MPPE_MAX_KEY_LEN); -+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + -+ MPPE_MAX_KEY_LEN, 1) <= 0) { -+ ho->mppe_128 = 0; -+ p[5] &= ~MPPE_128BIT; -+ newret = CONFNAK; -+ } -+ goto check_mppe; -+ } -+ p[5] &= ~MPPE_128BIT; -+ newret = CONFNAK; -+ goto check_mppe; -+ } -+ check_mppe_56_40: ++ newret = CONFNAK; ++ goto check_mppe; ++ } ++ check_mppe_56_40: + if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_56BIT)) { -+ newret = CONFNAK; -+ if (ao->mppe_56) { -+ ho->mppe_56 = 1; -+ p[5] &= ~MPPE_40BIT; ++ newret = CONFNAK; ++ if (ao->mppe_56) { ++ ho->mppe_56 = 1; ++ p[5] &= ~MPPE_40BIT; + BCOPY(p, opt_buf, CILEN_MPPE); -+ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], -+ MPPE_MAX_KEY_LEN); -+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + + MPPE_MAX_KEY_LEN, 1) <= 0) { -+ ho->mppe_56 = 0; -+ p[5] |= MPPE_40BIT; -+ p[5] &= ~MPPE_56BIT; ++ ho->mppe_56 = 0; ++ p[5] |= MPPE_40BIT; ++ p[5] &= ~MPPE_56BIT; + newret = CONFNAK; -+ goto check_mppe_40; -+ } ++ goto check_mppe_40; ++ } + goto check_mppe; -+ } ++ } + p[5] &= ~MPPE_56BIT; -+ goto check_mppe_40; -+ } -+ check_mppe_56: ++ goto check_mppe_40; ++ } ++ check_mppe_56: + if ((p[5] & ~MPPE_MPPC) == MPPE_56BIT) { -+ if (ao->mppe_56) { -+ ho->mppe_56 = 1; -+ BCOPY(p, opt_buf, CILEN_MPPE); -+ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ if (ao->mppe_56) { ++ ho->mppe_56 = 1; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], + MPPE_MAX_KEY_LEN); -+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + -+ MPPE_MAX_KEY_LEN, 1) <= 0) { -+ ho->mppe_56 = 0; -+ p[5] &= ~MPPE_56BIT; ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_56 = 0; ++ p[5] &= ~MPPE_56BIT; + newret = CONFNAK; -+ } ++ } + goto check_mppe; -+ } -+ p[5] &= ~MPPE_56BIT; -+ newret = CONFNAK; ++ } ++ p[5] &= ~MPPE_56BIT; ++ newret = CONFNAK; + goto check_mppe; -+ } -+ check_mppe_40: ++ } ++ check_mppe_40: + if ((p[5] & ~MPPE_MPPC) == MPPE_40BIT) { -+ if (ao->mppe_40) { -+ ho->mppe_40 = 1; -+ BCOPY(p, opt_buf, CILEN_MPPE); ++ if (ao->mppe_40) { ++ ho->mppe_40 = 1; ++ BCOPY(p, opt_buf, CILEN_MPPE); + BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], -+ MPPE_MAX_KEY_LEN); -+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + -+ MPPE_MAX_KEY_LEN, 1) <= 0) { -+ ho->mppe_40 = 0; ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_40 = 0; + p[5] &= ~MPPE_40BIT; -+ newret = CONFNAK; -+ } -+ goto check_mppe; -+ } -+ p[5] &= ~MPPE_40BIT; -+ } -+ -+ check_mppe: -+ if (!ho->mppe_40 && !ho->mppe_56 && !ho->mppe_128) { -+ if (wo->mppe_40 || wo->mppe_56 || wo->mppe_128) { -+ newret = CONFNAK; -+ p[2] |= (wo->mppe_stateless ? MPPE_STATELESS : 0); ++ newret = CONFNAK; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_40BIT; ++ } ++ ++ check_mppe: ++ if (!ho->mppe_40 && !ho->mppe_56 && !ho->mppe_128) { ++ if (wo->mppe_40 || wo->mppe_56 || wo->mppe_128) { ++ newret = CONFNAK; ++ p[2] |= (wo->mppe_stateless ? MPPE_STATELESS : 0); + p[5] |= (wo->mppe_40 ? MPPE_40BIT : 0) | -+ (wo->mppe_56 ? MPPE_56BIT : 0) | -+ (wo->mppe_128 ? MPPE_128BIT : 0) | -+ (wo->mppc ? MPPE_MPPC : 0); -+ } else { -+ ho->mppe = ho->mppe_stateless = 0; - } ++ (wo->mppe_56 ? MPPE_56BIT : 0) | ++ (wo->mppe_128 ? MPPE_128BIT : 0) | ++ (wo->mppc ? MPPE_MPPC : 0); ++ } else { ++ ho->mppe = ho->mppe_stateless = 0; ++ } } else { - /* Neither are set. */ -+ /* MPPE is not compatible with other compression types */ -+ if (wo->mppe) { -+ ao->bsd_compress = 0; -+ ao->predictor_1 = 0; -+ ao->predictor_2 = 0; -+ ao->deflate = 0; -+ ao->lzs = 0; -+ } -+ } -+ if ((!ho->mppc || !ao->mppc) && !ho->mppe) { -+ p[2] = p2; -+ p[5] = p5; - newret = CONFREJ; - break; - } - +- /* We cannot accept this. */ +- newret = CONFNAK; +- /* Give the peer our idea of what can be used, +- so it can choose and confirm */ +- ho->mppe = ao->mppe; +- } +- - /* rebuild the opts */ - MPPE_OPTS_TO_CI(ho->mppe, &p[2]); - if (newret == CONFACK) { @@ -1226,79 +1221,99 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c - else - newret = CONFREJ; - } -+ /* -+ * I have commented the code below because according to RFC1547 -+ * MTU is only information for higher level protocols about -+ * "the maximum allowable length for a packet (q.v.) transmitted -+ * over a point-to-point link without incurring network layer -+ * fragmentation." Of course a PPP implementation should be able -+ * to handle overhead added by MPPE - in our case apropriate code -+ * is located in drivers/net/ppp_generic.c in the kernel sources. -+ * -+ * According to RFC1661: -+ * - when negotiated MRU is less than 1500 octets, a PPP -+ * implementation must still be able to receive at least 1500 -+ * octets, -+ * - when PFC is negotiated, a PPP implementation is still -+ * required to receive frames with uncompressed protocol field. -+ * -+ * So why not to handle MPPE overhead without changing MTU value? -+ * I am sure that RFC3078, unfortunately silently, assumes that. -+ */ - - /* +- +- /* - * We have accepted MPPE or are willing to negotiate - * MPPE parameters. A CONFREJ is due to subsequent - * (non-MPPE) processing. -+ * We need to decrease the interface MTU by MPPE_PAD -+ * because MPPE frames **grow**. The kernel [must] -+ * allocate MPPE_PAD extra bytes in xmit buffers. - */ +- */ - rej_for_ci_mppe = 0; -+/* -+ mtu = netif_get_mtu(f->unit); -+ if (mtu) { -+ netif_set_mtu(f->unit, mtu - MPPE_PAD); -+ } else { +- break; +-#endif /* MPPE */ ++ /* MPPE is not compatible with other compression types */ ++ if (wo->mppe) { ++ ao->bsd_compress = 0; ++ ao->predictor_1 = 0; ++ ao->predictor_2 = 0; ++ ao->deflate = 0; ++ ao->lzs = 0; ++ } ++ } ++ if ((!ho->mppc || !ao->mppc) && !ho->mppe) { ++ p[2] = p2; ++ p[5] = p5; ++ newret = CONFREJ; ++ break; ++ } ++ ++ /* ++ * I have commented the code below because according to RFC1547 ++ * MTU is only information for higher level protocols about ++ * "the maximum allowable length for a packet (q.v.) transmitted ++ * over a point-to-point link without incurring network layer ++ * fragmentation." Of course a PPP implementation should be able ++ * to handle overhead added by MPPE - in our case apropriate code ++ * is located in drivers/net/ppp_generic.c in the kernel sources. ++ * ++ * According to RFC1661: ++ * - when negotiated MRU is less than 1500 octets, a PPP ++ * implementation must still be able to receive at least 1500 ++ * octets, ++ * - when PFC is negotiated, a PPP implementation is still ++ * required to receive frames with uncompressed protocol field. ++ * ++ * So why not to handle MPPE overhead without changing MTU value? ++ * I am sure that RFC3078, unfortunately silently, assumes that. ++ */ ++ ++ /* ++ * We need to decrease the interface MTU by MPPE_PAD ++ * because MPPE frames **grow**. The kernel [must] ++ * allocate MPPE_PAD extra bytes in xmit buffers. ++ */ ++ /* ++ mtu = netif_get_mtu(f->unit); ++ if (mtu) { ++ netif_set_mtu(f->unit, mtu - MPPE_PAD); ++ } else { + newret = CONFREJ; -+ if (ccp_wantoptions[f->unit].mppe) { -+ error("Cannot adjust MTU needed by MPPE."); -+ lcp_close(f->unit, "Cannot adjust MTU needed by MPPE."); -+ } -+ } -+*/ - break; - #endif /* MPPE */ -+ ++ if (ccp_wantoptions[f->unit].mppe) { ++ error("Cannot adjust MTU needed by MPPE."); ++ lcp_close(f->unit, "Cannot adjust MTU needed by MPPE."); ++ } ++ } ++ */ ++ break; ++ #endif /* MPPE */ ++ + case CI_LZS: -+ if (!ao->lzs || clen != CILEN_LZS) { -+ newret = CONFREJ; -+ break; -+ } -+ -+ ho->lzs = 1; ++ if (!ao->lzs || clen != CILEN_LZS) { ++ newret = CONFREJ; ++ break; ++ } ++ ++ ho->lzs = 1; + ho->lzs_hists = (p[2] << 8) | p[3]; -+ ho->lzs_mode = p[4]; -+ if ((ho->lzs_hists != ao->lzs_hists) || ++ ho->lzs_mode = p[4]; ++ if ((ho->lzs_hists != ao->lzs_hists) || + (ho->lzs_mode != ao->lzs_mode)) { -+ newret = CONFNAK; -+ if (!dont_nak) { -+ p[2] = ao->lzs_hists >> 8; -+ p[3] = ao->lzs_hists & 0xff; -+ p[4] = ao->lzs_mode; -+ } else -+ break; -+ } -+ -+ if (p == p0 && ccp_test(f->unit, p, CILEN_LZS, 1) <= 0) { -+ newret = CONFREJ; -+ } -+ break; -+ ++ newret = CONFNAK; ++ if (!dont_nak) { ++ p[2] = ao->lzs_hists >> 8; ++ p[3] = ao->lzs_hists & 0xff; ++ p[4] = ao->lzs_mode; ++ } else ++ break; ++ } ++ ++ if (p == p0 && ccp_test(f->unit, p, CILEN_LZS, 1) <= 0) { ++ newret = CONFREJ; ++ } ++ break; case CI_DEFLATE: case CI_DEFLATE_DRAFT: if (!ao->deflate || clen != CILEN_DEFLATE -@@ -1340,12 +1832,6 @@ +@@ -1344,12 +1830,6 @@ ccp_reqci(f, p, lenp, dont_nak) else *lenp = retp - p0; } @@ -1311,7 +1326,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c return ret; } -@@ -1367,24 +1853,35 @@ +@@ -1371,24 +1851,35 @@ method_name(opt, opt2) char *p = result; char *q = result + sizeof(result); /* 1 past result */ @@ -1363,7 +1378,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c case CI_DEFLATE: case CI_DEFLATE_DRAFT: if (opt2 != NULL && opt2->deflate_size != opt->deflate_size) -@@ -1440,12 +1937,12 @@ +@@ -1444,12 +1935,12 @@ ccp_up(f) } else if (ANY_COMPRESS(*ho)) notice("%s transmit compression enabled", method_name(ho, NULL)); #ifdef MPPE @@ -1378,7 +1393,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c } /* -@@ -1468,7 +1965,7 @@ +@@ -1472,7 +1963,7 @@ ccp_down(f) lcp_close(f->unit, "MPPE disabled"); } } @@ -1387,7 +1402,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c } /* -@@ -1528,24 +2025,28 @@ +@@ -1532,24 +2023,28 @@ ccp_printpkt(p, plen, printer, arg) #ifdef MPPE case CI_MPPE: if (optlen >= CILEN_MPPE) { @@ -1428,7 +1443,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c case CI_DEFLATE: case CI_DEFLATE_DRAFT: if (optlen >= CILEN_DEFLATE) { -@@ -1631,6 +2132,7 @@ +@@ -1635,6 +2130,7 @@ ccp_datainput(unit, pkt, len) error("Lost compression sync: disabling compression"); ccp_close(unit, "Lost compression sync"); #ifdef MPPE @@ -1436,7 +1451,7 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c /* * If we were doing MPPE, we must also take the link down. */ -@@ -1638,9 +2140,18 @@ +@@ -1642,9 +2138,18 @@ ccp_datainput(unit, pkt, len) error("Too many MPPE errors, closing LCP"); lcp_close(unit, "Too many MPPE errors"); } @@ -1456,15 +1471,14 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c * Send a reset-request to reset the peer's compressor. * We don't do that if we are still waiting for an * acknowledgement to a previous reset-request. -@@ -1671,4 +2182,3 @@ +@@ -1675,4 +2180,3 @@ ccp_rack_timeout(arg) } else ccp_localstate[f->unit] &= ~RACK_PENDING; } - -diff -ruN ppp-2.4.3.orig/pppd/ccp.h ppp-2.4.3/pppd/ccp.h ---- ppp-2.4.3.orig/pppd/ccp.h 2004-11-04 11:02:26.000000000 +0100 -+++ ppp-2.4.3/pppd/ccp.h 2004-11-21 13:54:09.000000000 +0100 -@@ -37,9 +37,17 @@ +--- a/pppd/ccp.h ++++ b/pppd/ccp.h +@@ -37,9 +37,17 @@ typedef struct ccp_options { bool predictor_2; /* do Predictor-2? */ bool deflate_correct; /* use correct code for deflate? */ bool deflate_draft; /* use draft RFC code for deflate? */ @@ -1482,10 +1496,9 @@ diff -ruN ppp-2.4.3.orig/pppd/ccp.h ppp-2.4.3/pppd/ccp.h short method; /* code for chosen compression method */ } ccp_options; -diff -ruN ppp-2.4.3.orig/pppd/chap_ms.c ppp-2.4.3/pppd/chap_ms.c ---- ppp-2.4.3.orig/pppd/chap_ms.c 2004-11-12 10:57:43.000000000 +0100 -+++ ppp-2.4.3/pppd/chap_ms.c 2004-11-21 13:54:09.000000000 +0100 -@@ -895,13 +895,17 @@ +--- a/pppd/chap_ms.c ++++ b/pppd/chap_ms.c +@@ -897,13 +897,17 @@ set_mppe_enc_types(int policy, int types /* * Disable undesirable encryption types. Note that we don't ENABLE * any encryption types, to avoid overriding manual configuration. @@ -1505,81 +1518,3 @@ diff -ruN ppp-2.4.3.orig/pppd/chap_ms.c ppp-2.4.3/pppd/chap_ms.c break; default: break; -diff -ruN ppp-2.4.3.orig/pppd/pppd.8 ppp-2.4.3/pppd/pppd.8 ---- ppp-2.4.3.orig/pppd/pppd.8 2004-11-13 13:22:49.000000000 +0100 -+++ ppp-2.4.3/pppd/pppd.8 2004-11-21 14:24:47.000000000 +0100 -@@ -622,9 +622,29 @@ - Enables the use of PPP multilink; this is an alias for the `multilink' - option. This option is currently only available under Linux. - .TP --.B mppe\-stateful --Allow MPPE to use stateful mode. Stateless mode is still attempted first. --The default is to disallow stateful mode. -+.B mppc -+Enables MPPC (Microsoft Point to Point Compression). This is the default. -+.TP -+.B mppe \fIsubopt1[,subopt2[,subopt3[..]]] -+Modify MPPE (Microsoft Point to Point Encryption) parameters. In order -+for MPPE to successfully come up, you must have authenticated with either -+MS-CHAP or MS-CHAPv2. By default MPPE is optional, it means that pppd will -+not propose MPPE to the peer, but will negotiate MPPE if peer wants that. -+You can change this using \fIrequired\fR suboption. -+This option is presently only supported under Linux, and only if your -+kernel has been configured to include MPPE support. -+.IP -+MPPE suboptions: -+.br -+\fIrequired\fR - require MPPE; disconnect if peer doesn't support it, -+.br -+\fIstateless\fR - try to negotiate stateless mode; default is stateful, -+.br -+\fIno40\fR - disable 40 bit keys, -+.br -+\fIno56\fR - disable 56 bit keys, -+.br -+\fIno128\fR - disable 128 bit keys - .TP - .B mpshortseq - Enables the use of short (12-bit) sequence numbers in multilink -@@ -757,17 +777,11 @@ - Disables the use of PPP multilink. This option is currently only - available under Linux. - .TP --.B nomppe --Disables MPPE (Microsoft Point to Point Encryption). This is the default. --.TP --.B nomppe\-40 --Disable 40-bit encryption with MPPE. -+.B nomppc -+Disables MPPC (Microsoft Point to Point Compression). - .TP --.B nomppe\-128 --Disable 128-bit encryption with MPPE. --.TP --.B nomppe\-stateful --Disable MPPE stateful mode. This is the default. -+.B nomppe -+Disables MPPE (Microsoft Point to Point Encryption). - .TP - .B nompshortseq - Disables the use of short (12-bit) sequence numbers in the PPP -@@ -948,19 +962,6 @@ - Require the peer to authenticate itself using CHAP [Challenge - Handshake Authentication Protocol] authentication. - .TP --.B require\-mppe --Require the use of MPPE (Microsoft Point to Point Encryption). This --option disables all other compression types. This option enables --both 40-bit and 128-bit encryption. In order for MPPE to successfully --come up, you must have authenticated with either MS\-CHAP or MS\-CHAPv2. --This option is presently only supported under Linux, and only if your --kernel has been configured to include MPPE support. --.TP --.B require\-mppe\-40 --Require the use of MPPE, with 40-bit encryption. --.TP --.B require\-mppe\-128 --Require the use of MPPE, with 128-bit encryption. - .TP - .B require\-mschap - Require the peer to authenticate itself using MS\-CHAP [Microsoft Challenge