2 years agoFix setting prefix for IPv6 link-local addresss
Pali Rohár [Fri, 7 Aug 2020 07:55:04 +0000 (09:55 +0200)]
Fix setting prefix for IPv6 link-local addresss

PPP IPV6CP protocol exchanges only IPv6 Interface Identifiers which are
used for generating IPv6 link-local addresses. As on PPP link cannot be
more hosts and IPv6 link-local addresses are designed for addressing a
single link, set route prefix for local and remote IPv6 link-local
addresses to /128 which means single IPv6 address.

This ensures that Linux kernel would not try to route other IPv6 link-local
addresses over PPP link.

Routable IPv6 prefix on PPP link is later configured either by ICMPv6
Router Advertisement packets or manually/statically. Routable local IPv6
address is then assigned by SLAAC, DHCPv6 or manual/static configuration.

So this change has no effect for routable IPv6 address or routable IPv6

Note that pppd for IPv4 already sets netmask to, one single
IPv4 address.

Fixes: https://github.com/paulusmack/ppp/issues/121
Signed-off-by: Pali Rohár <pali@kernel.org>
2 years agoMerge pull request #145 from sthibaul/ipv6cp-accept-remote
Paul Mackerras [Fri, 7 Aug 2020 00:44:01 +0000 (10:44 +1000)]
Merge pull request #145 from sthibaul/ipv6cp-accept-remote

Add ipv6cp-accept-remote option

2 years agoFix -W option for pppoe-discovery utility (#157)
pali [Fri, 7 Aug 2020 00:24:49 +0000 (02:24 +0200)]
Fix -W option for pppoe-discovery utility (#157)

pppoe-discovery's -W option is totally broken. pppoe-discovery currently
expects that Host-Unique attribute equals to its own process pid if set.

This patch fixes parsing received PPPoE PADO packets when -W option is set.
Same implementation is in pppd pppoe plugin.

Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agoAccept Malformed Windows Success Message (#156)
yannayl [Fri, 7 Aug 2020 00:20:30 +0000 (03:20 +0300)]
Accept Malformed Windows Success Message (#156)

Windows Server 2019 skip a space when sending a success message.
This commit accepts such a malformed message and continues normally.

Signed-off-by: Yannay Linveh <yannayl@gmail.com>
Signed-off-by: yannayl <yannayl@users.noreply.github.com>
2 years agopppd: Add documentation of stop-bits option to pppd man page (#154)
Craig McQueen [Fri, 7 Aug 2020 00:19:16 +0000 (10:19 +1000)]
pppd: Add documentation of stop-bits option to pppd man page (#154)

Signed-off-by: Craig McQueen <craig@mcqueen.id.au>
2 years agoAdd ipv6cp-accept-remote option
David Woodhouse [Sat, 25 Apr 2020 16:37:48 +0000 (18:37 +0200)]
Add ipv6cp-accept-remote option

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Fixes #76

2 years agopppd: Fix the default value for ipv6cp-accept-local to false
Samuel Thibault [Sun, 19 Jul 2020 11:43:39 +0000 (13:43 +0200)]
pppd: Fix the default value for ipv6cp-accept-local to false

The ipv6cp-accept-local option was supposed to enable it, but it is
already enabled by default, with no way to disable it.

For coherency with IPv4 and IPX, this disables ipv6cp-accept-local by
default, and the option can be used to enable it.

This also enables it automatically when the local id is not
specified, in coherency with IPv4 and IPX, and as the documentation was

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2 years agopppd: Add lcp-echo-adaptive option
Marco d'Itri [Sat, 4 Apr 2020 17:10:47 +0000 (19:10 +0200)]
pppd: Add lcp-echo-adaptive option

This adds an option that has been added by Debian and other distros
for a while now.

When adaptive LCP echo is enabled, LCP echo requests are only sent if the
link is idle, avoiding the common situation where a congested PPP link
(e.g. during torrenting) is falsely detected as disconnected because the
LCP replies are not received in time.

Signed-off-by: Marco d'Itri <md@linux.it>
2 years agopppd: Handle SIGINT and SIGTERM during interrupted syscalls (#148)
pali [Mon, 25 May 2020 05:35:55 +0000 (07:35 +0200)]
pppd: Handle SIGINT and SIGTERM during interrupted syscalls (#148)

When pppd receives SIGINT or SIGTERM it should handle it and not try to
restart interrupted syscall.

This change fixes problem that pppd cannot be terminated by SIGINT or
SIGTERM signal when pppd plugins are used.

Signed-off-by: Pali Rohár <pali@kernel.org>
2 years agoAdded missing options to manual pages. (#149)
Jaroslav Škarvada [Mon, 25 May 2020 05:34:44 +0000 (07:34 +0200)]
Added missing options to manual pages. (#149)

In Fedora we did man page scan and identified missing options.
This is an attempt to add them to the manual pages.

Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
2 years agoMerge branch 'monotonic-time' of https://github.com/themiron/ppp
Paul Mackerras [Mon, 25 May 2020 03:26:55 +0000 (13:26 +1000)]
Merge branch 'monotonic-time' of https://github.com/themiron/ppp

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: linux: use monotonic time if possible
Vladislav Grishenko [Wed, 15 Aug 2018 17:03:45 +0000 (22:03 +0500)]
pppd: linux: use monotonic time if possible

gettimeofday() suffers from time jumps due ntp or any manual change,
so duration measurements and scheduling can not be accurate.
let's use monotonic time source instead, if available.

it's known glibc (< 2.3.4) & old uclibc don't provide CLOCK_MONOTONIC
denine, but kernel may have it supported. so, use clock_gettime()
with fallback to gettimeofday() if first call has failed.

several gettimeofday()/time() calls still have to be preserved for
debug, pseudoterminal timestamping and string formatting. all the
rest calls are replaced to new get_time() call.

solaris kept with gettimeofday() as before, corresponding get_time()
system implementation can be updated/added in any future.

Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
2 years agopppd: Fixed spelling 'unkown' => 'unknown' (#141)
Nigel Kukard [Sat, 21 Mar 2020 06:46:14 +0000 (06:46 +0000)]
pppd: Fixed spelling 'unkown' => 'unknown' (#141)

Fixed spelling in pppd/plugins/radius/config.c from 'unkown' to 'unknown'.

Signed-off-by: Nigel Kukard <nkukard@lbsd.net>
2 years agopppd: Print version information to stdout instead of stderr (#133)
Lars Wendler [Sat, 21 Mar 2020 06:42:47 +0000 (07:42 +0100)]
pppd: Print version information to stdout instead of stderr (#133)

This makes it easier for scripts to parse the output if necessary

Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
2 years agopppd: Add RFC1990 (Multilink) to the See Also section of the man page
Paul Mackerras [Sat, 21 Mar 2020 04:50:13 +0000 (15:50 +1100)]
pppd: Add RFC1990 (Multilink) to the See Also section of the man page

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: Add mppe.h to the list of headers to install if MPPE is defined
Paul Mackerras [Sat, 21 Mar 2020 04:16:30 +0000 (15:16 +1100)]
pppd: Add mppe.h to the list of headers to install if MPPE is defined

This means that mppe.h will be installed by make install-devel,
as it is needed for compiling chap_ms.c when MPPE=1.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: Obfuscate password argument string
Paul Mackerras [Sat, 21 Mar 2020 04:13:42 +0000 (15:13 +1100)]
pppd: Obfuscate password argument string

After processing the argument to the 'password' option, this
overwrites the original argument on the stack with '?' characters,
and for good measure makes the argument pointer point to a constant
string "********" so as not to reveal the length of the password.
This is so that tools such as ps don't show the actual password
when displaying the process arguments.  Nevertheless, it is still
better to get the password from a file, since there is inevitably
still a window of time when the password would be visible.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: Ignore received EAP messages when not doing EAP eapfix
Paul Mackerras [Mon, 3 Feb 2020 05:31:42 +0000 (16:31 +1100)]
pppd: Ignore received EAP messages when not doing EAP

This adds some basic checks to the subroutines of eap_input to check
that we have requested or agreed to doing EAP authentication before
doing any processing on the received packet.  The motivation is to
make it harder for a malicious peer to disrupt the operation of pppd
by sending unsolicited EAP packets.  Note that eap_success() already
has a check that the EAP client state is reasonable, and does nothing
(apart from possibly printing a debug message) if not.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: Fix bounds check in EAP code
Paul Mackerras [Mon, 3 Feb 2020 04:53:28 +0000 (15:53 +1100)]
pppd: Fix bounds check in EAP code

Given that we have just checked vallen < len, it can never be the case
that vallen >= len + sizeof(rhostname).  This fixes the check so we
actually avoid overflowing the rhostname array.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agoradius: Prevent buffer overflow in rc_mksid()
Paul Mackerras [Sat, 4 Jan 2020 01:01:32 +0000 (12:01 +1100)]
radius: Prevent buffer overflow in rc_mksid()

On some systems getpid() can return a value greater than 65535.
Increase the size of buf[] to allow for this, and use slprintf()
to make sure we never overflow it.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agoUpdate README and patchlevel.h for 2.4.8 release ppp-2.4.8
Paul Mackerras [Mon, 30 Dec 2019 09:40:06 +0000 (20:40 +1100)]
Update README and patchlevel.h for 2.4.8 release

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: Avoid use of strnlen (and strlen) in vslprintf
Paul Mackerras [Tue, 31 Dec 2019 00:12:07 +0000 (11:12 +1100)]
pppd: Avoid use of strnlen (and strlen) in vslprintf

Commit b311e98b ("pppd: Limit memory accessed by string formats with
max length specified") added calls to strnlen() in vslprintf().
Unfortunately, strnlen() is not provided in some standard C libraries.
This changes the code to avoid using strnlen().  Using the observation
that the number of characters we can use from the input string is
bounded by buflen, the number of bytes of output buffer available,
we can also avoid doing strlen() on a potentially long string.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: Fix IPv6 default route code for Solaris
James Carlson [Tue, 31 Dec 2019 00:18:48 +0000 (11:18 +1100)]
pppd: Fix IPv6 default route code for Solaris

Commit 388597ee ("pppd: Add defaultroute6 and related options") added
code to pppd/sys-solaris.c which only works on Linux.  Solaris doesn't
allow the use of the SICORT* family of ioctls for IPv6.  They're legacy
IPv4 only.  Routing sockets are much more flexible than the ioctls.
This rewrites the Solaris code to use a routing socket to set the
default route.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agoplugins/rp-pppoe: Make tag parsing loop condition more accurate
Paul Mackerras [Sun, 29 Dec 2019 23:22:40 +0000 (10:22 +1100)]
plugins/rp-pppoe: Make tag parsing loop condition more accurate

The loop in parsePacket() that parses the tags in a received PPPoE
packet uses a loop condition that checks if there is at least one
more byte to be read; however, the tag header is 4 bytes.  Thus it
could read 3 bytes past the end of the received data.  However,
there is no possibility of reading past the end of the
packet->payload array, since we previously checked that
len <= ETH_JUMBO_LEN (which is sizeof(packet->payload)) - 6.
Also, the tag length check will always fail (except for a tag
type of TAG_END_OF_LIST, which terminates processing).

This fixes the loop condition to require at least 4 bytes
remaining, so that we know that the tag header is within the
received data.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: Make sure word read from options file is null-terminated
Paul Mackerras [Sun, 29 Dec 2019 22:32:18 +0000 (09:32 +1100)]
pppd: Make sure word read from options file is null-terminated

If a word read from an options file was longer than MAXWORDLEN,
we could pass it to option_error() without null termination,
which could have lead to an out-of-bounds access in vslprintf.
Make sure word[] is null terminated in all cases.

Reported-by: Florian Kohnhäuser <florian@kohnhaeuser.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: Limit memory accessed by string formats with max length specified
Paul Mackerras [Sun, 29 Dec 2019 22:24:54 +0000 (09:24 +1100)]
pppd: Limit memory accessed by string formats with max length specified

Currently, calls to [v]slprintf that have a string format (%s, %v,
%q) with a maximum length specified (e.g. %.20s) do a strlen() on
the string, and can therefore access memory beyond the maximum
length specified.  If the string is not null-terminated, this could
result in an out-of-bounds read.

This makes vslprintf use strnlen() in cases where a maximum length
has been specified, so that we don't access the string beyond the
maximum length that was given.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Eliminate some more compiler warnings
Paul Mackerras [Sun, 1 Dec 2019 10:32:37 +0000 (21:32 +1100)]
pppd: Eliminate some more compiler warnings

Recent versions of gcc produce warnings on code where strncpy will
produce a result that is not NULL terminated.  This changes the
code to eliminate these warnings.  In two cases this is done by
changing strncpy to strlcpy, which could in principle cause a loss
of the information in the last byte.  This is not a concern in
these cases because:

- In sys-linux.c, the interface names in struct ifreq were possibly
  not NULL terminated.  The Linux kernel clears the last byte to make
  them NULL terminated anyway, so there is no loss of information.

- In session.c, the lastlog ll_line and ll_host fields were possibly
  not NULL terminated.  These fields are quite long and it is unlikely
  that the last byte is needed.

In the other cases strlcpy and strlcat are used to give the same
effect as the old code but without warnings.

This also changes %ld to %d in one place to eliminate a format warning.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Include time.h header before using time_t
Kurt Van Dijck [Fri, 4 Oct 2019 17:40:46 +0000 (19:40 +0200)]
pppd: Include time.h header before using time_t

Since include/net/ppp_defs.h is used in both kernelspace and userland
it is hard to include <time.h> there.
This commit fixes the problems in userspace code individually and leaves
ppp_defs.h as-is.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agoMerge branch 'patch-1' of https://github.com/neheb/ppp
Paul Mackerras [Sun, 1 Dec 2019 03:37:23 +0000 (14:37 +1100)]
Merge branch 'patch-1' of https://github.com/neheb/ppp

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Don't free static string
Paul Mackerras [Sun, 1 Dec 2019 03:30:55 +0000 (14:30 +1100)]
pppd: Don't free static string

Commit fcb076c2 ("Various fixes for errors found by coverity static
analysis (#109)", 2019-05-06) added statements to free the result
returned from get_first_ethernet().  However, the result of
get_first_ethernet() is not dynamically allocated, either on Linux
or Solaris.  Hence this removes the unnecessary (and dangerous)
free() statements.

Fixes: fcb076c2 ("Various fixes for errors found by coverity static analysis (#109)")
Reported-by: Florian Kohnhäuser <florian@kohnhaeuser.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd.h: Add missing headers
Rosen Penev [Tue, 2 Jul 2019 19:53:12 +0000 (12:53 -0700)]
pppd.h: Add missing headers

Signed-off-by: Rosen Penev <rosenp@gmail.com>
3 years agopppd: Add defaultroute6 and related options
Samuel Thibault [Sat, 19 Oct 2019 06:29:39 +0000 (08:29 +0200)]
pppd: Add defaultroute6 and related options

Which behave like IPv4's defaultroute etc.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Avoid declarations within statements in main.c
Paul Mackerras [Sat, 19 Oct 2019 06:13:47 +0000 (17:13 +1100)]
pppd: Avoid declarations within statements in main.c

Since we still have old-style function declarations for now, avoid
putting declarations within statements, which old compilers didn't

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Fix `ifname` option in case of multilink (#105)
fhost [Sat, 19 Oct 2019 06:05:28 +0000 (08:05 +0200)]
pppd: Fix `ifname` option in case of multilink (#105)

Make pppd use the unit and not the interface name to get the bundle.

pppd was looking for the default interface name (`pppX`) in the
database to retreive the bundle id on which a new link should
attach, and fails if the `ifname` option is used.

Signed-off-by: Alexis Cellier <alexis.cellier@smile.fr>
3 years agopppd: Fix variable reference syntax in Makefile.linux
Paul Mackerras [Sat, 19 Oct 2019 06:02:59 +0000 (17:02 +1100)]
pppd: Fix variable reference syntax in Makefile.linux

References to the variable called CC in makefiles need to be
written as $(CC) not $CC.  Make interprets the latter as a reference
to the (nonexistent) variable C followed by a literal C.

Fixes: 4e713175 ("make: Avoid using host include for cross-compiling")
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Check tdb pointer before closing
Alfonso Sánchez-Beato [Thu, 6 Jun 2019 15:36:29 +0000 (17:36 +0200)]
pppd: Check tdb pointer before closing

Check that pointer to the tdb is not NULL before calling tdb_close().
It is possible that the file could not be opened/created due to
permission issues. This change prevents the crash that happens in that

Signed-off-by: Alfonso Sánchez-Beato <alfonso.sanchez-beato@canonical.com>
3 years agoRevert "pppd: Include time.h before using time_t"
Paul Mackerras [Thu, 3 Oct 2019 22:31:48 +0000 (08:31 +1000)]
Revert "pppd: Include time.h before using time_t"

This reverts commit b6cd5586f72852f56428749202779af596353b9e
because it break compilation on Solaris with the following error:

-I../include -O -Xa -xO2 -xspace -W0,-Lt -c ppp.c
"ppp.c", line 113: identifier redeclared: time
        current : long
        previous: function(pointer to long) returning long :
"/usr/include/iso/time_iso.h", line 91
cc: acomp failed for ppp.c

The include/net/ppp_defs.h header is used in the Solaris kernel
driver and hence can't include userland headers.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppdump: Eliminate printf format warning by using %zd
Paul Mackerras [Tue, 1 Oct 2019 23:04:09 +0000 (09:04 +1000)]
pppdump: Eliminate printf format warning by using %zd

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Refactor setjmp/longjmp with pipe pair in event wait loop
Kurt Van Dijck [Thu, 26 Sep 2019 07:21:06 +0000 (09:21 +0200)]
pppd: Refactor setjmp/longjmp with pipe pair in event wait loop

setjmp/longjmp isn't supported by all compilers.
Having a pipe pair to wake an event wait loop from within a signal handler
is rather portable and common enough.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agomake: Avoid using host include for cross-compiling
Kurt Van Dijck [Thu, 26 Sep 2019 07:21:05 +0000 (09:21 +0200)]
make: Avoid using host include for cross-compiling

Prepend include paths with the toolchain's sysroot directory.
In case of a non-sysroot-aware toolchain, this does not help,
but does not break either.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppoe: Remove the use of cdefs
Kurt Van Dijck [Mon, 30 Sep 2019 12:45:08 +0000 (14:45 +0200)]
pppoe: Remove the use of cdefs

sys/cdefs.h contains the __P() macro.
The header doesn't exist in my musl toolchain,
the __P() macro has been obsoleted even by glibc,
and it's never used in the code.
This commit removes the need for this remainder.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Remove unused rcsid variables
Kurt Van Dijck [Thu, 26 Sep 2019 07:21:03 +0000 (09:21 +0200)]
pppd: Remove unused rcsid variables

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Fix GLIBC version test for non-glibc toolchains
Kurt Van Dijck [Thu, 26 Sep 2019 07:21:02 +0000 (09:21 +0200)]
pppd: Fix GLIBC version test for non-glibc toolchains

Non-glibc toolchains have their include files arranged more similar
to newer glibc's than to older.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Include time.h before using time_t
Kurt Van Dijck [Thu, 26 Sep 2019 07:21:01 +0000 (09:21 +0200)]
pppd: Include time.h before using time_t

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agoradius: Fix compiler warning
Kurt Van Dijck [Thu, 26 Sep 2019 07:20:59 +0000 (09:20 +0200)]
radius: Fix compiler warning

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agomagic: Remove K&R style of arguments
Kurt Van Dijck [Thu, 26 Sep 2019 07:20:58 +0000 (09:20 +0200)]
magic: Remove K&R style of arguments

The __P() macro does not exist in libmusl so
I switched magic.{c,h} to using the std-c argument style, which had
already been used in some functions.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agoAdd Submitting-patches.md
Paul Mackerras [Mon, 10 Jun 2019 07:58:07 +0000 (17:58 +1000)]
Add Submitting-patches.md

This adds a file that describes the standards expected for patches and
pull requests.  The standards are different from those for most
projects on github.com and hence need to be spelled out.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agorp-pppoe plugin: Add options to tune discovery timeout and number of attempts
Alexis Cellier [Wed, 11 Jul 2018 14:16:42 +0000 (16:16 +0200)]
rp-pppoe plugin: Add options to tune discovery timeout and number of attempts

Add new options pppoe-padi-timeout and pppoe-padi-attempts.

These modifications are the similar to the ones done on
pppoe-discovery in commit 70a8ad3d ("pppoe-discovery: add options to
tune discovery timeout and attempts", 2017-12-07).

Signed-off-by: Alexis Cellier <alexis.cellier@smile.fr>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppoe: Custom host-uniq tag
Matteo Croce [Sat, 4 May 2019 16:48:53 +0000 (18:48 +0200)]
pppoe: Custom host-uniq tag

Add pppoe 'host-uniq' option to set an arbitrary
host-uniq tag instead of the pppd pid.
Some ISPs use such tag to authenticate the CPE,
so it must be set to a proper value to connect.

Signed-off-by: Matteo Croce <mcroce@redhat.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Paul Mackerras <paulus@samba.org>
3 years agoplugins/rp-pppoe: Fix compile errors
Paul Mackerras [Sat, 18 May 2019 08:18:53 +0000 (18:18 +1000)]
plugins/rp-pppoe: Fix compile errors

This fixes compile errors introduced in commit fcb076c ("Various fixes
for errors found by coverity static analysis (#109)", 2019-05-06).
Including pppd.h gave errors on some systems (e.g. recent Debian and
Ubuntu) regarding the type 'u_char' being undefined.  To fix this, we
simply take out the lines that define _POSIX_SOURCE.

Signed-off-by: Paul Mackerras <paulus@samba.org>
3 years agoVarious fixes for errors found by coverity static analysis (#109)
Jaroslav Škarvada [Sun, 5 May 2019 22:46:02 +0000 (00:46 +0200)]
Various fixes for errors found by coverity static analysis (#109)

Fixes #108

Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
4 years agoMerge branch 'pppd_print_changes' of https://github.com/nlhintz/ppp into nlhintz...
Paul Mackerras [Sat, 23 Jun 2018 10:36:22 +0000 (20:36 +1000)]
Merge branch 'pppd_print_changes' of https://github.com/nlhintz/ppp into nlhintz-pppd_print_changes

4 years agoMerge branch 'pppoe-discovery-cleanup' of https://github.com/TDT-AG/ppp
Paul Mackerras [Sat, 23 Jun 2018 10:16:25 +0000 (20:16 +1000)]
Merge branch 'pppoe-discovery-cleanup' of https://github.com/TDT-AG/ppp

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
4 years agopppd: Use openssl for the DES instead of the libcrypt / glibc
Jaroslav Škarvada [Fri, 6 Apr 2018 12:27:18 +0000 (14:27 +0200)]
pppd: Use openssl for the DES instead of the libcrypt / glibc

It seems the latest glibc (in Fedora glibc-2.27.9000-12.fc29) dropped
libcrypt.  The libxcrypt standalone package can be used instead, but
it dropped the old setkey/encrypt API which ppp uses for DES.  There
is support for using openssl in pppcrypt.c, but it contains typos
preventing it from compiling and seems to be written for an ancient
openssl version.

This updates the code to use current openssl.

[paulus@ozlabs.org - wrote the commit description, fixed comment in

Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
4 years agoradius.c: Include CLASS attribute in radius_acct_interim and radius_acct_stop
Hauras Wigelstukas Alex [Fri, 17 Feb 2017 12:38:36 +0000 (19:38 +0700)]
radius.c: Include CLASS attribute in radius_acct_interim and radius_acct_stop

Some radius servers will not accept accounting packets without CLASS
attribute, so this includes it.

Signed-off-by: Hauras Wigelstukas Alex <sysop@880.ru>
4 years agopppd: Don't try to free(NULL - 1)
Paul Mackerras [Sat, 23 Jun 2018 07:26:42 +0000 (17:26 +1000)]
pppd: Don't try to free(NULL - 1)

A logic bug in update_script_environment() means that it can call
remove_script_env() even when the variable being removed is not
present in the script_env array.  The result of that is that
remove_script_env() will call free() with argument NULL - 1.
To fix this, we avoid calling remove_script_env() in this case.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
4 years agopppd: Fix compile warning due to comparing pointer to NUL character
Paul Mackerras [Sat, 23 Jun 2018 06:40:27 +0000 (16:40 +1000)]
pppd: Fix compile warning due to comparing pointer to NUL character

Evidently this means to check for arg pointing to an empty string,
not arg being NULL, since the ensuing error talks about the variable
name being missing.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
4 years agopppd: Fix printing call in print_option()
Vegard Nossum [Wed, 13 Jun 2018 10:38:53 +0000 (12:38 +0200)]
pppd: Fix printing call in print_option()

print_option() was in this case passing p/opt->addr2 as the format string
instead of the string to be printed (as a quoted string). That could lead
to a nasty crash.

Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
4 years agoHonor LDFLAGS
Jaroslav Škarvada [Wed, 4 Apr 2018 09:29:12 +0000 (11:29 +0200)]

This makes the makefiles include $(LDFLAGS) as a parameter when
linking executables.  Distros use this as a way of applying linker
flags across all the executables they build.

[paulus@ozlabs.org - supplied the patch description]

Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
4 years agoUse systemd's sd_notify with option up_sdnotify
Jacob Floyd [Sat, 11 Mar 2017 05:25:23 +0000 (23:25 -0600)]
Use systemd's sd_notify with option up_sdnotify

This adds an up_sdnotify option so that systemd services of
Type=notify can have pppd send the READY=1 signal to systemd
once a network protocol (typically IP) is up.

To use up_sdnotify, pppd must be compiled with SYSTEMD=y.

up_sdnotify is safe as a non-priveleged option because systemd will
ignore any notifications that it is not expecting. If systemd starts
pppd in a unit-file that is Type=notify, then (and only then) will it
handle the READY=1 signal. If systemd didn't start the process, it
ignroes any notifications unless the signaling process was started by a
service that systemd is monitoring (directly or indirectly, such as a
grandchild process in the same cgroup as a process that systemd started)
AND that service is Type=notify, AND that service is explicitly
configured to allow other processes to send a notification on behalf of
that service by setting NotifyAccess=all.

Also, the socket used is defined in an environment variable provided and
deleted by systemd, allowing system and user services to use a different
socket. I really don't think there's any way to use that socket (even via
the sd_notify api of their library) to gain elevated privileges.

Another reason that up_sdnotify is a non-priveleged option is for cases
where ppp should be started as a system service under a non-priveleged
account. There may be other issues with running ppp under other
accounts, but systemd does not require root--or other privileged--access
in order to use the notification feature. Instead the security for this
feature is provided at the process level in that systemd knows which
processes it did and did not start, and which processes those processes
started (ie other processes in the systemd unit's cgroup), as explained

Signed-off-by: Jacob Floyd <cognifloyd@gmail.com>
4 years agopppoe-discovery: add options to tune discovery timeout and attempts
Martin Schiller [Thu, 7 Dec 2017 08:30:40 +0000 (09:30 +0100)]
pppoe-discovery: add options to tune discovery timeout and attempts

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
4 years agopppoe-discovery: add quiet-mode option
Martin Schiller [Thu, 7 Dec 2017 08:20:56 +0000 (09:20 +0100)]
pppoe-discovery: add quiet-mode option

In quiet-mode, no AC information is printed and the program
exits after the first PADO was received.

This is very useful if you use the tool in shell script
environments where you just want to evaluate the exit code.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
4 years agopppoe-discovery: use correct exit code depending on PADO replies.
Martin Schiller [Thu, 7 Dec 2017 07:55:53 +0000 (08:55 +0100)]
pppoe-discovery: use correct exit code depending on PADO replies.

This makes it possible to evaluate the exit code of the tool,
e.g. if you just want to know if there is an access concentrator
or not.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
4 years agopppoe-discovery: show real usage information
Martin Schiller [Thu, 7 Dec 2017 07:49:58 +0000 (08:49 +0100)]
pppoe-discovery: show real usage information

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
5 years agoMerge branch 'master' of https://github.com/gburgessiv/ppp
Paul Mackerras [Sat, 18 Mar 2017 11:24:25 +0000 (22:24 +1100)]
Merge branch 'master' of https://github.com/gburgessiv/ppp

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
5 years agoMerge branch 'rp-pppoe-error' of https://github.com/snickl/lpppd
Paul Mackerras [Sat, 18 Mar 2017 11:20:37 +0000 (22:20 +1100)]
Merge branch 'rp-pppoe-error' of https://github.com/snickl/lpppd

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
5 years agoMerge branch 'sys-to-errno-h' of https://github.com/snickl/lpppd
Paul Mackerras [Sat, 18 Mar 2017 11:18:36 +0000 (22:18 +1100)]
Merge branch 'sys-to-errno-h' of https://github.com/snickl/lpppd

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
5 years agoMerge https://github.com/yasuoka/ppp
Paul Mackerras [Sat, 18 Mar 2017 11:12:36 +0000 (22:12 +1100)]
Merge https://github.com/yasuoka/ppp

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
5 years agoMerge branch 'lr/linux-4.8' of https://github.com/NetworkManager/ppp
Paul Mackerras [Sat, 18 Mar 2017 11:10:00 +0000 (22:10 +1100)]
Merge branch 'lr/linux-4.8' of https://github.com/NetworkManager/ppp

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
5 years agopppoe: include netinet/in.h before linux/in.h
Lubomir Rintel [Mon, 9 Jan 2017 13:34:23 +0000 (13:34 +0000)]
pppoe: include netinet/in.h before linux/in.h

This fixes builds with newer kernels. Basically, <netinet/in.h> needs to be
included before <linux/in.h> otherwise the earlier, unaware of the latter,
tries to redefine symbols and structures. Also, <linux/if_pppox.h> doesn't work
alone anymore, since it pulls the headers in the wrong order, so we better
include <netinet/in.h> early.

5 years agopppd: fix pppol2tp option printing
Nathan Hintz [Sun, 4 Dec 2016 20:37:33 +0000 (12:37 -0800)]
pppd: fix pppol2tp option printing

PPPD crashes (SEGV) when the 'dump' or 'dryrun' options are specified and
the 'pppol2tp' option is specified.  The crash occurs because the
'pppol2tp' option value is not saved when the parameter is processed (in
the pppol2tp plugin), but is then referenced when printed.  This was
encountered using xl2tpd and the l2tp_ppp kernel module.

Modify the 'pppol2tp' plugin to save the option value.

Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>

Note: This patch resolves issue #32 (https://github.com/paulusmack/ppp/issues/32).

5 years agopppd: add missing parameter in call to 'printer'
Nathan Hintz [Sun, 4 Dec 2016 20:35:50 +0000 (12:35 -0800)]
pppd: add missing parameter in call to 'printer'

The 'arg' parameter is missing from a call to the 'printer'
function; modify the call to use the correct parameter set.

Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
5 years agoppp: fix printing of DNS/WINS addresses
Nathan Hintz [Sat, 4 Apr 2015 19:26:05 +0000 (12:26 -0700)]
ppp: fix printing of DNS/WINS addresses

Options "ms-dns" and "ms-wins" may be specified several times.  This
allows the second occurrence to be printed.

Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
6 years agopppd: Provide error() implementation in pppoe-discovery
Stefan Nickl [Wed, 10 Aug 2016 14:52:12 +0000 (16:52 +0200)]
pppd: Provide error() implementation in pppoe-discovery

The pppoe-discovery program calls error() from the CHECK_ROOM macro
defined in pppoe.h. Since pppoe-discovery is a standalone program not
linked with the rest of pppd, the only way this could build is by
linking to glibc's proprietary error(3) function instead of the function
of the same name (but with different arguments) defined in pppd/utils.c.

So with glibc this builds, but will probably crash when the assertion is
triggered. As the assertion is unlikely to fail, nobody has noticed.

The build however fails with musl libc or uClibc since they don't
provide the doppelganger.

Signed-off-by: Stefan Nickl <Stefan.Nickl@gmail.com>
6 years agopppd: Remove unused declaration of ttyname.
George Burgess IV [Sat, 10 Sep 2016 00:36:54 +0000 (17:36 -0700)]
pppd: Remove unused declaration of ttyname.

Signed-off-by: George Burgess IV <george@gbiv.net>
6 years agopppd: allow use of arbitrary interface names
Paul Mackerras [Tue, 23 Aug 2016 06:10:21 +0000 (16:10 +1000)]
pppd: allow use of arbitrary interface names

This is a modified version of a patch from openSUSE that enables PPP interfaces
to be called arbitrary names, rather than simply pppX where X is the unit

The modifications from the stock openSUSE patch are:
- refresh patch on top of 018_ip-up_option.diff
- fix a printf format-string vulnerability in pppd/main.c:set_ifunit()
- clarify the pppd.8 manpage additions
- patch pppstats/pppstats.c to query renamed interfaces without complaint

Origin: SUSE
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458646
Forwarded: no
Reviewed-by: Chris Boot <bootc@debian.org>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
6 years agoChange include from sys/errno.h to errno.h
Stefan Nickl [Wed, 10 Aug 2016 19:32:21 +0000 (21:32 +0200)]
Change include from sys/errno.h to errno.h

According to POSIX, the canonical location for errno.h is on the top level.

Signed-off-by: Stefan Nickl <Stefan.Nickl@gmail.com>
6 years agoMerge branch 'plog-usability' of https://github.com/mityada/ppp
Paul Mackerras [Sat, 9 Jul 2016 11:02:05 +0000 (12:02 +0100)]
Merge branch 'plog-usability' of https://github.com/mityada/ppp

Signed-off-by: Paul Mackerras <paulus@samba.org>
6 years agoplog: count only relevant lines from syslog
Dmitry Deshevoy [Thu, 31 Mar 2016 19:39:32 +0000 (23:39 +0400)]
plog: count only relevant lines from syslog

Closes paulusmack/ppp#42

6 years agoFix a typo in comment. Diff from Yuuichi Someya.
YASUOKA Masahiko [Wed, 16 Mar 2016 04:39:19 +0000 (13:39 +0900)]
Fix a typo in comment.  Diff from Yuuichi Someya.

7 years agoMerge branch 'send-padt-on-disconnect' of git://github.com/farnz/ppp
Paul Mackerras [Fri, 14 Aug 2015 10:32:43 +0000 (20:32 +1000)]
Merge branch 'send-padt-on-disconnect' of git://github.com/farnz/ppp

Signed-off-by: Paul Mackerras <paulus@samba.org>
7 years agoMerge branch 'no-error-on-already-closed' of git://github.com/farnz/ppp
Paul Mackerras [Fri, 14 Aug 2015 10:31:15 +0000 (20:31 +1000)]
Merge branch 'no-error-on-already-closed' of git://github.com/farnz/ppp

Signed-off-by: Paul Mackerras <paulus@samba.org>
7 years agoMerge branch 'master' of git://github.com/pprindeville/ppp
Paul Mackerras [Fri, 14 Aug 2015 10:28:39 +0000 (20:28 +1000)]
Merge branch 'master' of git://github.com/pprindeville/ppp

Signed-off-by: Paul Mackerras <paulus@samba.org>
7 years agoMerge branch 'bug_fix' of git://github.com/radaiming/ppp
Paul Mackerras [Fri, 14 Aug 2015 10:27:41 +0000 (20:27 +1000)]
Merge branch 'bug_fix' of git://github.com/radaiming/ppp

Signed-off-by: Paul Mackerras <paulus@samba.org>
7 years agoMerge branch 'master' of git://github.com/vapier/ppp
Paul Mackerras [Fri, 14 Aug 2015 10:16:16 +0000 (20:16 +1000)]
Merge branch 'master' of git://github.com/vapier/ppp

Signed-off-by: Paul Mackerras <paulus@samba.org>
7 years agoMerge branch 'master' of https://github.com/ncopa/ppp
Paul Mackerras [Fri, 14 Aug 2015 10:11:23 +0000 (20:11 +1000)]
Merge branch 'master' of https://github.com/ncopa/ppp

This merges in one commit, which adds the new "defaultroute-metric" option.

Signed-off-by: Paul Mackerras <paulus@samba.org>
7 years agopppd: Fix ccp_cilen calculated size if both deflate_correct and deflate_draft are...
Sylvain Rochet [Tue, 24 Mar 2015 20:21:40 +0000 (21:21 +0100)]
pppd: Fix ccp_cilen calculated size if both deflate_correct and deflate_draft are enabled

This fixes a bug where ccp_cilen() will return 4 bytes less than
necessary for the addci buffer if both deflate_correct and
deflate_draft are enabled.

Signed-off-by: Sylvain Rochet <gradator@gradator.net>
Signed-off-by: Paul Mackerras <paulus@samba.org>
7 years agopppd: Fix ccp_options.mppe type
Sylvain Rochet [Tue, 24 Mar 2015 23:25:18 +0000 (00:25 +0100)]
pppd: Fix ccp_options.mppe type

This corrects the type of ccp_options.mppe; it is actually a bitfield of
MPPE_OPT_* and not a boolean.

Signed-off-by: Sylvain Rochet <gradator@gradator.net>
Signed-off-by: Paul Mackerras <paulus@samba.org>
7 years agopppd: ipxcp: Prevent buffer overrun on remote router name
Paul Mackerras [Fri, 14 Aug 2015 07:56:26 +0000 (17:56 +1000)]
pppd: ipxcp: Prevent buffer overrun on remote router name

This fixes an if condition to prevent a possible 1-byte overrun
on ipxcp_hisoptions[0].name.

Reported-by: "Sabas Rosales, Blanca E" <blanca.e.sabas.rosales@intel.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
7 years agoSend PADT on PPPoE disconnect
Simon Farnsworth [Sun, 1 Mar 2015 11:53:58 +0000 (11:53 +0000)]
Send PADT on PPPoE disconnect

Once we've terminated the PPP session, there is no chance of a PPP layer
disconnect. Some PPPoE relays don't detect the PPP session going down, and
depend on a long timeout or a PPPoE PADT to terminate the session.

Send a PADT on disconnect to work around these buggy relays.

Signed-off-by: Simon Farnsworth <simon@farnz.org.uk>
7 years agoSuppress false error message on PPPoE disconnect
Simon Farnsworth [Sun, 1 Mar 2015 11:49:06 +0000 (11:49 +0000)]
Suppress false error message on PPPoE disconnect

Once the kernel handles PPPoE PADTs correctly[1], a PADT triggered
disconnect will result in EALREADY when pppd tries to clear the session ID.

Simply ignore the error if, and only if, the error is EALREADY

[1] https://patchwork.ozlabs.org/patch/444717/

Signed-off-by: Simon Farnsworth <simon@farnz.org.uk>
7 years agopppd: Fix sign-extension when displaying bytes in octal
Philip A. Prindeville [Sat, 20 Dec 2014 00:52:58 +0000 (17:52 -0700)]
pppd: Fix sign-extension when displaying bytes in octal

print_string() displays characters as \\%.03o but without first
casting it from "char" to "unsigned char" so it gets sign-extended
to an int. This causes output like \37777777630 instead of \230.

Signed-off-by: Philip A. Prindeville <philipp@redfish-solutions.com>
7 years ago scripts: Avoid killing wrong pppd
radaiming [Sat, 13 Dec 2014 06:42:34 +0000 (14:42 +0800)]
 scripts: Avoid killing wrong pppd

 poff could kill other pppd processes when there are many pppd
 running on different serial port.

Signed-off-by: Ming Dai <radaiming@gmail.com>
8 years agopppd: add support for defaultroute-metric option
Natanael Copa [Tue, 3 Jun 2014 08:53:47 +0000 (08:53 +0000)]
pppd: add support for defaultroute-metric option

This allows user to specify the 'metric' (or 'prio') for the default
route set by pppd. This is useful in multi-ISP setups where there
might be more than one default gateway.

Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
8 years agoabort on errors in subdir builds
Martin von Gagern [Sun, 10 Aug 2014 02:44:45 +0000 (22:44 -0400)]
abort on errors in subdir builds

The current recursive loops do not check the exit status of make
in subdirs which leads to `make` passing even when a subdir failed
to compile or install.

URL: https://bugs.gentoo.org/334727
Signed-off-by: Martin von Gagern <Martin.vGagern@gmx.net>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
8 years agoUpdate README and patchlevel for 2.4.7 release ppp-2.4.7
Paul Mackerras [Sat, 9 Aug 2014 12:31:39 +0000 (22:31 +1000)]
Update README and patchlevel for 2.4.7 release

Signed-off-by: Paul Mackerras <paulus@samba.org>
8 years agoMerge branch 'master' of git://github.com/cmcqueen/ppp
Paul Mackerras [Fri, 1 Aug 2014 11:41:27 +0000 (21:41 +1000)]
Merge branch 'master' of git://github.com/cmcqueen/ppp

This merges in one commit, which adds the new "stop-bits" option.

Signed-off-by: Paul Mackerras <paulus@samba.org>
8 years agowinbind plugin: Add -DMPPE=1 to eliminate compiler warnings
Paul Mackerras [Fri, 1 Aug 2014 11:40:18 +0000 (21:40 +1000)]
winbind plugin: Add -DMPPE=1 to eliminate compiler warnings

When compiling the winbind plugin, we need an equivalent definition
of the MPPE symbol to that which applied when the main pppd was
compiled.  This adds that to Makefile.linux.

Reported-by: Mike Gilbert <floppym@gentoo.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
8 years agopppd: Fix a stack variable overflow in MSCHAP-v2
John Crispin [Fri, 1 Aug 2014 08:12:36 +0000 (18:12 +1000)]
pppd: Fix a stack variable overflow in MSCHAP-v2

This fixes a bug introduced in 08ef47ca ("pppd: Make MSCHAP-v2 cope
better with packet loss").

Signed-off-by: Paul Mackerras <paulus@samba.org>
8 years agopppd: Eliminate memory leak with multiple instances of a string option
Paul Mackerras [Fri, 1 Aug 2014 07:32:15 +0000 (17:32 +1000)]
pppd: Eliminate memory leak with multiple instances of a string option

This eliminates the memory leak which occurs when a user gives the
same string option multiple times.  Although the leak is trivial under
normal conditions, the fact that it can be triggered by the user
means that it may be of interest to attackers, so let's plug the leak.

This also means that any o_string option without OPT_STATIC set needs
to have opt->addr pointing to a pointer which starts out NULL.  That
is the case for all current uses of o_string.

Signed-off-by: Paul Mackerras <paulus@samba.org>