2 years agoRename rp-pppoe.so plugin to pppoe.so
Pali Rohár [Thu, 31 Dec 2020 17:46:01 +0000 (18:46 +0100)]
Rename rp-pppoe.so plugin to pppoe.so

Original out-of-tree rp-pppoe plugin for pppd software is still available
at website https://dianne.skoll.ca/projects/rp-pppoe/ and receives new
releases. The last update is from the June 2020.

Currently it is ambiguous if user is using original out-of-tree rp-pppoe
plugin or in-tree pppd's rp-pppoe plugin. These two plugins are different,
come from different sources but share same name.

Some users want to use original rp-pppoe plugin and not pppd's in-tree
rp-pppoe plugin. Also some distribution want to package both plugins,
pppd's in-tree and original rp-pppoe.

So for this reason and also because all other PPP over <something> plugins
have just pppo prefix, rename in-tree rp-pppoe.so plugin to just pppoe.so.

This will allow to distinguish and make it clear what is the original
rp-pppoe plugin and what is pppd's in-tree pppoe plugin.

When installing pppd create a compatibility symlink from pppoe.so to
rp-pppoe.so so nothing would be broken. This compatibility symlink may be
removed by Linux distribution which do not want to have compatibility with
the old name as before and rather use rp-pppoe.so name for original
rp-pppoe software.

Signed-off-by: Pali Rohár <pali@kernel.org>
2 years agopppd: Use a compile test to detect crypt.h (#198)
Samuel Thibault [Thu, 31 Dec 2020 05:35:24 +0000 (06:35 +0100)]
pppd: Use a compile test to detect crypt.h (#198)

ppp checks header for existence of crypt.h looking it up in /usr/include.
That's incompatible with non-glibcs or a glibc with multiarch headers
(https://bugs.debian.org/798955). This patch replaces the file existence
test with a compile test.

Reviewed-by: Chris Boot <bootc@debian.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Co-authored-by: Helmut Grohne <helmut@subdivi.de>
2 years agoAllow overriding the optimization level with CFLAGS (#197)
Samuel Thibault [Thu, 31 Dec 2020 05:34:09 +0000 (06:34 +0100)]
Allow overriding the optimization level with CFLAGS (#197)

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Co-authored-by: Marco d'Itri <md@linux.it>
2 years agoRevert "pppdump: support building with the system zlib (#189)"
Paul Mackerras [Thu, 31 Dec 2020 05:00:37 +0000 (16:00 +1100)]
Revert "pppdump: support building with the system zlib (#189)"

This reverts commit c98cc28f128dffc456488c74b600640057da6994
because of compile errors in pppdump:

cc  -o pppdump pppdump.o deflate.o bsd-comp.o  -lz
/usr/bin/ld: deflate.o: in function `z_incomp':
deflate.c:(.text+0x99): undefined reference to `inflateIncomp'
/usr/bin/ld: deflate.o: in function `z_decomp_alloc':
deflate.c:(.text+0x355): undefined reference to `inflateInit2'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:38: pppdump] Error 1

The copy of zlib here is not the same as the standard upstream zlib;
this version has some extra functions added.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: Export $CALL_FILE to the link scripts (#196)
Samuel Thibault [Thu, 31 Dec 2020 04:50:46 +0000 (05:50 +0100)]
pppd: Export $CALL_FILE to the link scripts (#196)

From https://bugs.debian.org/51880

This would make it much easier for me, and cleaner too, to handle
multiple, mutually exclusive, dialout internet service providers.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Co-authored-by: Marco d'Itri <md@linux.it>
2 years agoChange path to expect in secure-card example script (#195)
Samuel Thibault [Thu, 31 Dec 2020 04:49:39 +0000 (05:49 +0100)]
Change path to expect in secure-card example script (#195)

People would usually just install expect from their distribution

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Co-authored-by: Chris Boot <bootc@debian.org>
2 years agopppd: Make _PATH_CONNERRS world readable (#194)
Samuel Thibault [Thu, 31 Dec 2020 04:49:09 +0000 (05:49 +0100)]
pppd: Make _PATH_CONNERRS world readable (#194)

From https://bugs.debian.org/341853

There is nothing security-sensitive there.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Co-authored-by: Marco d'Itri <md@linux.it>
2 years agoplugins/radius: Add support for the Framed-MTU Radius attribute (#192)
Samuel Thibault [Thu, 31 Dec 2020 04:47:56 +0000 (05:47 +0100)]
plugins/radius: Add support for the Framed-MTU Radius attribute (#192)

This allows radius plugin to deal with Framed-MTU Radius attribute and to
set MTU on interface.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Co-authored-by: Alexander Klepikov <klepikov_a@up.ua>
2 years agoMerge branch 'pppoatm_wildcard' of https://github.com/sthibaul/ppp
Paul Mackerras [Thu, 31 Dec 2020 04:42:15 +0000 (15:42 +1100)]
Merge branch 'pppoatm_wildcard' of https://github.com/sthibaul/ppp

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agoplugins/pppoatm: cosmetic cleanup (#190)
Samuel Thibault [Thu, 31 Dec 2020 04:38:40 +0000 (05:38 +0100)]
plugins/pppoatm: cosmetic cleanup (#190)

Removed some debugging messages and generally cleaned up the source.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Co-authored-by: Marco d'Itri <md@linux.it>
2 years agopppdump: support building with the system zlib (#189)
Samuel Thibault [Thu, 31 Dec 2020 04:37:38 +0000 (05:37 +0100)]
pppdump: support building with the system zlib (#189)

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Co-authored-by: Marco d'Itri <md@linux.it>
2 years agopppd: Add option to strip MS domain name (#188)
Samuel Thibault [Thu, 31 Dec 2020 04:33:45 +0000 (05:33 +0100)]
pppd: Add option to strip MS domain name (#188)

Some Windows 9x/ME clients might be erroneously transmitting the MS domain
along the login name. This allows to strip them on the server side.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Co-authored-by: Marco d'Itri <md@linux.it>
2 years agoDo not strip installed binaries (#186)
Samuel Thibault [Thu, 31 Dec 2020 04:31:43 +0000 (05:31 +0100)]
Do not strip installed binaries (#186)

This should be done by the packaging system, to be able to separate out
debugging symbols into separate packages.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2 years agopppd: Make sure that the linkpidfile is always created (#185)
Samuel Thibault [Thu, 31 Dec 2020 04:30:58 +0000 (05:30 +0100)]
pppd: Make sure that the linkpidfile is always created (#185)

From https://bugs.debian.org/284382

When pppd detaches from the parent normally, that is, without nodetach
or updetach set, the linkpidfile is not created even when linkname is

This is because the create_linkpidfile call in detach() is only made
if the linkpidfile is filled in.  However, linkpidfile is never filled
in until create_linkpidfile has been called.

IMHO the call should be made uncondtionally in detach() since
create_linkpidfile does its own check on linkname anyway.

Please note that the version of pppd in woody always wrote the
linkpidfile after detaching.  It did so in main() however.  That
call has now been removed which is why I'm seeing this problem.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Co-authored-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agopppd: Be sure to close /dev/ppp when reconnecting (#184)
Samuel Thibault [Thu, 31 Dec 2020 04:28:19 +0000 (05:28 +0100)]
pppd: Be sure to close /dev/ppp when reconnecting (#184)

From https://bugs.debian.org/306261

When using the kernel PPPoE driver, pppd never
closes /dev/ppp when the link has come down.

It opens superfluous fds to the device each time it re-opens the
connection, with the unclosed ones falsely reported always ready for
data by select().

This makes pppd eat up 100% CPU time after the first persist because of
the always instantly returning select() on the unclosed fds.

The problem also occurs with the upstream version, but does not occur
when a pty/tty device is used for the ppp connection.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Co-authored-by: Simon Peter <dn.tlp@gmx.net>
2 years agoMerge pull request #183 from sthibaul/path-ip-up-down
Paul Mackerras [Thu, 31 Dec 2020 04:27:11 +0000 (15:27 +1100)]
Merge pull request #183 from sthibaul/path-ip-up-down

Add option to specify ip-up script

2 years agoMerge pull request #182 from pali/get_if_hwaddr
Paul Mackerras [Thu, 31 Dec 2020 04:25:36 +0000 (15:25 +1100)]
Merge pull request #182 from pali/get_if_hwaddr

Fix indicating failure in Linux get_if_hwaddr() function

2 years agoMerge pull request #181 from pali/get_first_ethernet
Paul Mackerras [Thu, 31 Dec 2020 04:23:31 +0000 (15:23 +1100)]
Merge pull request #181 from pali/get_first_ethernet

Implement get_first_ethernet() for Linux systems properly

2 years agoMerge pull request #177 from tisj/eap-mschapv2-server
Paul Mackerras [Thu, 31 Dec 2020 04:19:22 +0000 (15:19 +1100)]
Merge pull request #177 from tisj/eap-mschapv2-server

pppd: Add support for EAP-MSCHAPv2 in server mode

2 years agoradius: Handle IPv6 RADIUS attributes (#176)
Alarig Le Lay [Thu, 31 Dec 2020 01:25:07 +0000 (02:25 +0100)]
radius: Handle IPv6 RADIUS attributes (#176)

Signed-off-by: Alarig Le Lay <alarig@swordarmor.fr>
2 years agoMerge pull request #103 from Low-power/solaris-mtu-fix
Paul Mackerras [Thu, 31 Dec 2020 01:17:27 +0000 (12:17 +1100)]
Merge pull request #103 from Low-power/solaris-mtu-fix

Fix netif_set_mtu for Solaris

2 years agopppd: Add support for EAP-MSCHAPv2 in server mode
Tijs Van Buggenhout [Tue, 24 Nov 2020 15:17:45 +0000 (16:17 +0100)]
pppd: Add support for EAP-MSCHAPv2 in server mode

This implements EAP-MSCHAPv2 as specified by
draft-kamath-pppext-eap-mschapv2-02 [1] in server mode (as the client
mode is already proposed by Thomas [2]).

The flow is camparable to MD5-Challenge, with some additional steps for

* Client sends an EAP request
* Server answers with MD5-Challenge
* Client Naks and requests MSCHAPv2
* Server answers with MSCHAPv2-Challenge
* Client answers with MSCHAPv2-Response
* Server answers with MSCHAPv2-{Success/Failure}
* Client possibly confirms MSCHAPv2-{Success/Failure}

I reused as much as possible from pppd/chap-new.c and pppd/chap_ms.c,
but most of the implementation is protected by static functions.

Therefore eap_chapms2_verify_response is an exact copy of
chapms2_verify_response, likewise for eap_chap_verify which is an exact
copy of chap_verify_response. This is not optimal and subject for

By using a chap_digest_type struct/object with validator
(verify_response), validation is compatible with other (external)
plugins that have a specific CHAP implementation exposed in the
chap_verify_hook (like radius, windbind, ...).

Changes in eap.h are identical to [2], except for the additional
eapMSCHAPv2Chall server state.

[1] https://tools.ietf.org/html/draft-kamath-pppext-eap-mschapv2-02
[2] https://github.com/enaess/ppp-mschap-v2.git

Signed-off-by: Tijs Van Buggenhout <tvbuggen@gmail.com>
2 years agoFix pppoatm plugin for pppd to accept a wildcard argument for an ATM device
Duncan Sands [Wed, 30 Dec 2020 11:22:50 +0000 (12:22 +0100)]
Fix pppoatm plugin for pppd to accept a wildcard argument for an ATM device

From https://bugs.debian.org/376990

This becomes an issue when using a USB ADSL modem (e.g. Alcatel Speedtouch)
and the USB host controller disconnects the modem, then later re-connects it
with a new USB address and consequently a new ATM device number.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2 years agoAdd option to specify ip-up script
Russell Coker [Wed, 30 Dec 2020 10:37:44 +0000 (11:37 +0100)]
Add option to specify ip-up script

From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=101587

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2 years agoFix indicating failure in Linux get_if_hwaddr() function
Pali Rohár [Wed, 30 Dec 2020 10:04:36 +0000 (11:04 +0100)]
Fix indicating failure in Linux get_if_hwaddr() function

This function should return negative value on error.

Signed-off-by: Pali Rohár <pali@kernel.org>
2 years agoImplement get_first_ethernet() for Linux systems properly
Pali Rohár [Wed, 30 Dec 2020 10:00:11 +0000 (11:00 +0100)]
Implement get_first_ethernet() for Linux systems properly

Use if_nameindex() for enumerating network interfaces and choose the first
one with ARPHRD_ETHER ifr_hwaddr.sa_family.

Signed-off-by: Pali Rohár <pali@kernel.org>
2 years agoMerge pull request #54 from shankerwangmiao/master
Paul Mackerras [Wed, 30 Dec 2020 09:28:49 +0000 (20:28 +1100)]
Merge pull request #54 from shankerwangmiao/master


2 years agoMerge pull request #101 from vyos/if-renaming-clean
Paul Mackerras [Wed, 30 Dec 2020 09:27:07 +0000 (20:27 +1100)]
Merge pull request #101 from vyos/if-renaming-clean

Support for interface renaming by pre-up scripts

2 years agorp-pppoe: Fix compilation with musl libc
Paul Mackerras [Wed, 30 Dec 2020 01:04:57 +0000 (12:04 +1100)]
rp-pppoe: Fix compilation with musl libc

Ensure that we don't include both <netinet/if_ether.h> and
<linux/if_ether.h>, and don't include <net/ethernet.h>.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: Fix compilation with uclibc
Paul Mackerras [Wed, 30 Dec 2020 01:04:11 +0000 (12:04 +1100)]
pppd: Fix compilation with uclibc

<stdarg.h> is needed in pppd.h to define va_list.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agoMerge pull request #153 from pali/master
Paul Mackerras [Tue, 29 Dec 2020 23:48:26 +0000 (10:48 +1100)]
Merge pull request #153 from pali/master

Document PPPoE options in pppd.8 manpage

2 years agoMerge branch 'chap-timeout' of https://github.com/nomis/ppp
Paul Mackerras [Tue, 29 Dec 2020 23:45:55 +0000 (10:45 +1100)]
Merge branch 'chap-timeout' of https://github.com/nomis/ppp

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agoConvert to ANSI C
Paul Mackerras [Tue, 29 Dec 2020 05:08:24 +0000 (16:08 +1100)]
Convert to ANSI C

This gets rid of the __P and __V macros that were used so that the
code was in theory compilable by a K&R C compiler, and converts the
function definitions to ANSI C style.  In fact there were already
quite a few function definitions in the ANSI C style, so it would not
have been compilable by a K&R C compiler in fact.

The Solaris and BSD kernel code modules have had __P removed but the
function definitions have not been converted.

There are some other minor changes here to remove warnings.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agoMerge pull request #165 from pali/lcp
Paul Mackerras [Tue, 29 Dec 2020 03:10:40 +0000 (14:10 +1100)]
Merge pull request #165 from pali/lcp

pppd: Do not call update_link_stats() for every LcpSendEchoRequest() call

2 years agoClose discovery socket after session completed
Xing Qingjie [Thu, 26 Nov 2020 11:09:38 +0000 (06:09 -0500)]
Close discovery socket after session completed

After the session is complete, the socket is left unmanaged. When the
interface receives PADIs from other device, the packets is putting
in the socket's Recv-Q, which eat system memory.

[root@test ~]# ss -f link
Netid  Recv-Q Send-Q    Local Address:Port    Peer Address:Port
p_raw  10269952 0          ppp_disc:eth1           *

Signed-off-by: Xing Qingjie <88930741@qq.com>
2 years agoadd $(INSTROOT) to $(DESTDIR)
Miao Wang [Thu, 28 Apr 2016 10:33:17 +0000 (18:33 +0800)]

Signed-off-by: Miao Wang <shankerwangmiao@gmail.com>
2 years agoSupport renaming interfaces from a pre-up script.
Daniil Baturin [Sat, 20 Dec 2008 02:00:15 +0000 (18:00 -0800)]
Support renaming interfaces from a pre-up script.

This is useful for PPP server operators
who want control over the naming of client interfaces.

Originally implemented by Stephen Hemminger.

Signed-off-by: Daniil Baturin <daniil@baturin.org>
2 years agoFixed static analyzer warnings; removed superfluous file
Jan Just Keijser [Mon, 2 Nov 2020 09:07:12 +0000 (10:07 +0100)]
Fixed static analyzer warnings; removed superfluous file

Signed-off-by: Jan Just Keijser <jan.just.keijser@gmail.com>
2 years agoAdd support for EAP-TLS (including experimental TLS v1.3 support).
Jan Just Keijser [Mon, 19 Oct 2020 15:57:36 +0000 (17:57 +0200)]
Add support for EAP-TLS (including experimental TLS v1.3 support).

Signed-off-by: Jan Just Keijser <jan.just.keijser@gmail.com>
2 years agoMerge pull request #169 from SimonTate/fix-pppoe-empty-password
Paul Mackerras [Sat, 3 Oct 2020 08:12:07 +0000 (18:12 +1000)]
Merge pull request #169 from SimonTate/fix-pppoe-empty-password

pppd: Fix blank password usage

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agoEnable IPv6 by default (#171)
pali [Sat, 3 Oct 2020 08:10:29 +0000 (10:10 +0200)]
Enable IPv6 by default (#171)

Now in year 2020 we should not have disabled IPv6 support by default.

So let both IPv4 and IPv6 enabled by default.

Signed-off-by: Pali Rohár <pali@kernel.org>
2 years agopppd: Fix blank password usage
Simon Tate [Sat, 12 Sep 2020 20:13:26 +0000 (21:13 +0100)]
pppd: Fix blank password usage

If a password has been provided as "", CHAP authentication wouldn't
happen. A user providing a username/password, even if blank, should be
expecting authentication to occur with those set.

Added a check for explicit_passwd property, set on finding the password
argument, to allow CHAP authentication with a blank password.

Signed-off-by: Simon Tate <simon.tate@bt.com>
2 years agoDocument PPPoE options in pppd.8 manpage
Pali Rohár [Sun, 5 Jul 2020 13:41:09 +0000 (15:41 +0200)]
Document PPPoE options in pppd.8 manpage

Signed-off-by: Pali Rohár <pali@kernel.org>
2 years agoMerge pull request #162 from pali/ipv6-prefix
Paul Mackerras [Fri, 4 Sep 2020 04:42:27 +0000 (14:42 +1000)]
Merge pull request #162 from pali/ipv6-prefix

Fix setting prefix for IPv6 link-local addresses

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agoMerge pull request #161 from Sander80/master
Paul Mackerras [Fri, 4 Sep 2020 04:41:41 +0000 (14:41 +1000)]
Merge pull request #161 from Sander80/master

Disable asking password again when prompt program returns 128

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: Do not call update_link_stats() for every LcpSendEchoRequest() call
Pali Rohár [Tue, 1 Sep 2020 18:53:30 +0000 (20:53 +0200)]
pppd: Do not call update_link_stats() for every LcpSendEchoRequest() call

Function update_link_stats() is doing more than reading number of received
bytes, e.g. it changes state of link_stats_valid.

This change replace update_link_stats() by get_ppp_stats() in
LcpSendEchoRequest() function to avoid any side effects.

Signed-off-by: Pali Rohár <pali@kernel.org>
2 years agoFix setting prefix for IPv6 link-local addresss
Pali Rohár [Fri, 7 Aug 2020 07:55:04 +0000 (09:55 +0200)]
Fix setting prefix for IPv6 link-local addresss

PPP IPV6CP protocol exchanges only IPv6 Interface Identifiers which are
used for generating IPv6 link-local addresses. As on PPP link cannot be
more hosts and IPv6 link-local addresses are designed for addressing a
single link, set route prefix for local and remote IPv6 link-local
addresses to /128 which means single IPv6 address.

This ensures that Linux kernel would not try to route other IPv6 link-local
addresses over PPP link.

Routable IPv6 prefix on PPP link is later configured either by ICMPv6
Router Advertisement packets or manually/statically. Routable local IPv6
address is then assigned by SLAAC, DHCPv6 or manual/static configuration.

So this change has no effect for routable IPv6 address or routable IPv6

Note that pppd for IPv4 already sets netmask to, one single
IPv4 address.

Fixes: https://github.com/paulusmack/ppp/issues/121
Signed-off-by: Pali Rohár <pali@kernel.org>
2 years agoDisable asking password again when prompt program returns 128
Alexander Smirnov [Fri, 7 Aug 2020 07:52:03 +0000 (10:52 +0300)]
Disable asking password again when prompt program returns 128

Return code 128 is reserved for the case when a user hits cancel on the
prompt program. We should not ask for the password again.

Signed-off-by: Alexander Smirnov <asmirnov80@gmail.com>
2 years agoMerge pull request #145 from sthibaul/ipv6cp-accept-remote
Paul Mackerras [Fri, 7 Aug 2020 00:44:01 +0000 (10:44 +1000)]
Merge pull request #145 from sthibaul/ipv6cp-accept-remote

Add ipv6cp-accept-remote option

2 years agoFix -W option for pppoe-discovery utility (#157)
pali [Fri, 7 Aug 2020 00:24:49 +0000 (02:24 +0200)]
Fix -W option for pppoe-discovery utility (#157)

pppoe-discovery's -W option is totally broken. pppoe-discovery currently
expects that Host-Unique attribute equals to its own process pid if set.

This patch fixes parsing received PPPoE PADO packets when -W option is set.
Same implementation is in pppd pppoe plugin.

Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agoAccept Malformed Windows Success Message (#156)
yannayl [Fri, 7 Aug 2020 00:20:30 +0000 (03:20 +0300)]
Accept Malformed Windows Success Message (#156)

Windows Server 2019 skip a space when sending a success message.
This commit accepts such a malformed message and continues normally.

Signed-off-by: Yannay Linveh <yannayl@gmail.com>
Signed-off-by: yannayl <yannayl@users.noreply.github.com>
2 years agopppd: Add documentation of stop-bits option to pppd man page (#154)
Craig McQueen [Fri, 7 Aug 2020 00:19:16 +0000 (10:19 +1000)]
pppd: Add documentation of stop-bits option to pppd man page (#154)

Signed-off-by: Craig McQueen <craig@mcqueen.id.au>
2 years agopppd: Add client CHAP authentication timeout
Simon Arlott [Sat, 4 Jul 2015 16:32:18 +0000 (17:32 +0100)]
pppd: Add client CHAP authentication timeout

If CHAP authentication is required with the peer but this is never
completed (either because the server never sends the challenge or
because the client doesn't receive the outcome) then the client
will wait forever, relying on the server to terminate the connection.

There are options for server side retries but a client side timeout
option is required to prevent the client from getting stuck if the
server won't terminate the connection. This is defaulted to 60 seconds.

Signed-off-by: Simon Arlott <git@sa.me.uk>
2 years agoAdd ipv6cp-accept-remote option
David Woodhouse [Sat, 25 Apr 2020 16:37:48 +0000 (18:37 +0200)]
Add ipv6cp-accept-remote option

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Fixes #76

2 years agopppd: Fix the default value for ipv6cp-accept-local to false
Samuel Thibault [Sun, 19 Jul 2020 11:43:39 +0000 (13:43 +0200)]
pppd: Fix the default value for ipv6cp-accept-local to false

The ipv6cp-accept-local option was supposed to enable it, but it is
already enabled by default, with no way to disable it.

For coherency with IPv4 and IPX, this disables ipv6cp-accept-local by
default, and the option can be used to enable it.

This also enables it automatically when the local id is not
specified, in coherency with IPv4 and IPX, and as the documentation was

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2 years agopppd: Add lcp-echo-adaptive option
Marco d'Itri [Sat, 4 Apr 2020 17:10:47 +0000 (19:10 +0200)]
pppd: Add lcp-echo-adaptive option

This adds an option that has been added by Debian and other distros
for a while now.

When adaptive LCP echo is enabled, LCP echo requests are only sent if the
link is idle, avoiding the common situation where a congested PPP link
(e.g. during torrenting) is falsely detected as disconnected because the
LCP replies are not received in time.

Signed-off-by: Marco d'Itri <md@linux.it>
2 years agopppd: Handle SIGINT and SIGTERM during interrupted syscalls (#148)
pali [Mon, 25 May 2020 05:35:55 +0000 (07:35 +0200)]
pppd: Handle SIGINT and SIGTERM during interrupted syscalls (#148)

When pppd receives SIGINT or SIGTERM it should handle it and not try to
restart interrupted syscall.

This change fixes problem that pppd cannot be terminated by SIGINT or
SIGTERM signal when pppd plugins are used.

Signed-off-by: Pali Rohár <pali@kernel.org>
2 years agoAdded missing options to manual pages. (#149)
Jaroslav Škarvada [Mon, 25 May 2020 05:34:44 +0000 (07:34 +0200)]
Added missing options to manual pages. (#149)

In Fedora we did man page scan and identified missing options.
This is an attempt to add them to the manual pages.

Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
2 years agoMerge branch 'monotonic-time' of https://github.com/themiron/ppp
Paul Mackerras [Mon, 25 May 2020 03:26:55 +0000 (13:26 +1000)]
Merge branch 'monotonic-time' of https://github.com/themiron/ppp

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: linux: use monotonic time if possible
Vladislav Grishenko [Wed, 15 Aug 2018 17:03:45 +0000 (22:03 +0500)]
pppd: linux: use monotonic time if possible

gettimeofday() suffers from time jumps due ntp or any manual change,
so duration measurements and scheduling can not be accurate.
let's use monotonic time source instead, if available.

it's known glibc (< 2.3.4) & old uclibc don't provide CLOCK_MONOTONIC
denine, but kernel may have it supported. so, use clock_gettime()
with fallback to gettimeofday() if first call has failed.

several gettimeofday()/time() calls still have to be preserved for
debug, pseudoterminal timestamping and string formatting. all the
rest calls are replaced to new get_time() call.

solaris kept with gettimeofday() as before, corresponding get_time()
system implementation can be updated/added in any future.

Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
2 years agopppd: Fixed spelling 'unkown' => 'unknown' (#141)
Nigel Kukard [Sat, 21 Mar 2020 06:46:14 +0000 (06:46 +0000)]
pppd: Fixed spelling 'unkown' => 'unknown' (#141)

Fixed spelling in pppd/plugins/radius/config.c from 'unkown' to 'unknown'.

Signed-off-by: Nigel Kukard <nkukard@lbsd.net>
2 years agopppd: Print version information to stdout instead of stderr (#133)
Lars Wendler [Sat, 21 Mar 2020 06:42:47 +0000 (07:42 +0100)]
pppd: Print version information to stdout instead of stderr (#133)

This makes it easier for scripts to parse the output if necessary

Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
2 years agopppd: Add RFC1990 (Multilink) to the See Also section of the man page
Paul Mackerras [Sat, 21 Mar 2020 04:50:13 +0000 (15:50 +1100)]
pppd: Add RFC1990 (Multilink) to the See Also section of the man page

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: Add mppe.h to the list of headers to install if MPPE is defined
Paul Mackerras [Sat, 21 Mar 2020 04:16:30 +0000 (15:16 +1100)]
pppd: Add mppe.h to the list of headers to install if MPPE is defined

This means that mppe.h will be installed by make install-devel,
as it is needed for compiling chap_ms.c when MPPE=1.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
2 years agopppd: Obfuscate password argument string
Paul Mackerras [Sat, 21 Mar 2020 04:13:42 +0000 (15:13 +1100)]
pppd: Obfuscate password argument string

After processing the argument to the 'password' option, this
overwrites the original argument on the stack with '?' characters,
and for good measure makes the argument pointer point to a constant
string "********" so as not to reveal the length of the password.
This is so that tools such as ps don't show the actual password
when displaying the process arguments.  Nevertheless, it is still
better to get the password from a file, since there is inevitably
still a window of time when the password would be visible.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Ignore received EAP messages when not doing EAP eapfix
Paul Mackerras [Mon, 3 Feb 2020 05:31:42 +0000 (16:31 +1100)]
pppd: Ignore received EAP messages when not doing EAP

This adds some basic checks to the subroutines of eap_input to check
that we have requested or agreed to doing EAP authentication before
doing any processing on the received packet.  The motivation is to
make it harder for a malicious peer to disrupt the operation of pppd
by sending unsolicited EAP packets.  Note that eap_success() already
has a check that the EAP client state is reasonable, and does nothing
(apart from possibly printing a debug message) if not.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Fix bounds check in EAP code
Paul Mackerras [Mon, 3 Feb 2020 04:53:28 +0000 (15:53 +1100)]
pppd: Fix bounds check in EAP code

Given that we have just checked vallen < len, it can never be the case
that vallen >= len + sizeof(rhostname).  This fixes the check so we
actually avoid overflowing the rhostname array.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agoradius: Prevent buffer overflow in rc_mksid()
Paul Mackerras [Sat, 4 Jan 2020 01:01:32 +0000 (12:01 +1100)]
radius: Prevent buffer overflow in rc_mksid()

On some systems getpid() can return a value greater than 65535.
Increase the size of buf[] to allow for this, and use slprintf()
to make sure we never overflow it.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agoUpdate README and patchlevel.h for 2.4.8 release ppp-2.4.8
Paul Mackerras [Mon, 30 Dec 2019 09:40:06 +0000 (20:40 +1100)]
Update README and patchlevel.h for 2.4.8 release

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Avoid use of strnlen (and strlen) in vslprintf
Paul Mackerras [Tue, 31 Dec 2019 00:12:07 +0000 (11:12 +1100)]
pppd: Avoid use of strnlen (and strlen) in vslprintf

Commit b311e98b ("pppd: Limit memory accessed by string formats with
max length specified") added calls to strnlen() in vslprintf().
Unfortunately, strnlen() is not provided in some standard C libraries.
This changes the code to avoid using strnlen().  Using the observation
that the number of characters we can use from the input string is
bounded by buflen, the number of bytes of output buffer available,
we can also avoid doing strlen() on a potentially long string.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Fix IPv6 default route code for Solaris
James Carlson [Tue, 31 Dec 2019 00:18:48 +0000 (11:18 +1100)]
pppd: Fix IPv6 default route code for Solaris

Commit 388597ee ("pppd: Add defaultroute6 and related options") added
code to pppd/sys-solaris.c which only works on Linux.  Solaris doesn't
allow the use of the SICORT* family of ioctls for IPv6.  They're legacy
IPv4 only.  Routing sockets are much more flexible than the ioctls.
This rewrites the Solaris code to use a routing socket to set the
default route.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agoplugins/rp-pppoe: Make tag parsing loop condition more accurate
Paul Mackerras [Sun, 29 Dec 2019 23:22:40 +0000 (10:22 +1100)]
plugins/rp-pppoe: Make tag parsing loop condition more accurate

The loop in parsePacket() that parses the tags in a received PPPoE
packet uses a loop condition that checks if there is at least one
more byte to be read; however, the tag header is 4 bytes.  Thus it
could read 3 bytes past the end of the received data.  However,
there is no possibility of reading past the end of the
packet->payload array, since we previously checked that
len <= ETH_JUMBO_LEN (which is sizeof(packet->payload)) - 6.
Also, the tag length check will always fail (except for a tag
type of TAG_END_OF_LIST, which terminates processing).

This fixes the loop condition to require at least 4 bytes
remaining, so that we know that the tag header is within the
received data.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Make sure word read from options file is null-terminated
Paul Mackerras [Sun, 29 Dec 2019 22:32:18 +0000 (09:32 +1100)]
pppd: Make sure word read from options file is null-terminated

If a word read from an options file was longer than MAXWORDLEN,
we could pass it to option_error() without null termination,
which could have lead to an out-of-bounds access in vslprintf.
Make sure word[] is null terminated in all cases.

Reported-by: Florian Kohnhäuser <florian@kohnhaeuser.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Limit memory accessed by string formats with max length specified
Paul Mackerras [Sun, 29 Dec 2019 22:24:54 +0000 (09:24 +1100)]
pppd: Limit memory accessed by string formats with max length specified

Currently, calls to [v]slprintf that have a string format (%s, %v,
%q) with a maximum length specified (e.g. %.20s) do a strlen() on
the string, and can therefore access memory beyond the maximum
length specified.  If the string is not null-terminated, this could
result in an out-of-bounds read.

This makes vslprintf use strnlen() in cases where a maximum length
has been specified, so that we don't access the string beyond the
maximum length that was given.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Eliminate some more compiler warnings
Paul Mackerras [Sun, 1 Dec 2019 10:32:37 +0000 (21:32 +1100)]
pppd: Eliminate some more compiler warnings

Recent versions of gcc produce warnings on code where strncpy will
produce a result that is not NULL terminated.  This changes the
code to eliminate these warnings.  In two cases this is done by
changing strncpy to strlcpy, which could in principle cause a loss
of the information in the last byte.  This is not a concern in
these cases because:

- In sys-linux.c, the interface names in struct ifreq were possibly
  not NULL terminated.  The Linux kernel clears the last byte to make
  them NULL terminated anyway, so there is no loss of information.

- In session.c, the lastlog ll_line and ll_host fields were possibly
  not NULL terminated.  These fields are quite long and it is unlikely
  that the last byte is needed.

In the other cases strlcpy and strlcat are used to give the same
effect as the old code but without warnings.

This also changes %ld to %d in one place to eliminate a format warning.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Include time.h header before using time_t
Kurt Van Dijck [Fri, 4 Oct 2019 17:40:46 +0000 (19:40 +0200)]
pppd: Include time.h header before using time_t

Since include/net/ppp_defs.h is used in both kernelspace and userland
it is hard to include <time.h> there.
This commit fixes the problems in userspace code individually and leaves
ppp_defs.h as-is.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agoMerge branch 'patch-1' of https://github.com/neheb/ppp
Paul Mackerras [Sun, 1 Dec 2019 03:37:23 +0000 (14:37 +1100)]
Merge branch 'patch-1' of https://github.com/neheb/ppp

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Don't free static string
Paul Mackerras [Sun, 1 Dec 2019 03:30:55 +0000 (14:30 +1100)]
pppd: Don't free static string

Commit fcb076c2 ("Various fixes for errors found by coverity static
analysis (#109)", 2019-05-06) added statements to free the result
returned from get_first_ethernet().  However, the result of
get_first_ethernet() is not dynamically allocated, either on Linux
or Solaris.  Hence this removes the unnecessary (and dangerous)
free() statements.

Fixes: fcb076c2 ("Various fixes for errors found by coverity static analysis (#109)")
Reported-by: Florian Kohnhäuser <florian@kohnhaeuser.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd.h: Add missing headers
Rosen Penev [Tue, 2 Jul 2019 19:53:12 +0000 (12:53 -0700)]
pppd.h: Add missing headers

Signed-off-by: Rosen Penev <rosenp@gmail.com>
3 years agopppd: Add defaultroute6 and related options
Samuel Thibault [Sat, 19 Oct 2019 06:29:39 +0000 (08:29 +0200)]
pppd: Add defaultroute6 and related options

Which behave like IPv4's defaultroute etc.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Avoid declarations within statements in main.c
Paul Mackerras [Sat, 19 Oct 2019 06:13:47 +0000 (17:13 +1100)]
pppd: Avoid declarations within statements in main.c

Since we still have old-style function declarations for now, avoid
putting declarations within statements, which old compilers didn't

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Fix `ifname` option in case of multilink (#105)
fhost [Sat, 19 Oct 2019 06:05:28 +0000 (08:05 +0200)]
pppd: Fix `ifname` option in case of multilink (#105)

Make pppd use the unit and not the interface name to get the bundle.

pppd was looking for the default interface name (`pppX`) in the
database to retreive the bundle id on which a new link should
attach, and fails if the `ifname` option is used.

Signed-off-by: Alexis Cellier <alexis.cellier@smile.fr>
3 years agopppd: Fix variable reference syntax in Makefile.linux
Paul Mackerras [Sat, 19 Oct 2019 06:02:59 +0000 (17:02 +1100)]
pppd: Fix variable reference syntax in Makefile.linux

References to the variable called CC in makefiles need to be
written as $(CC) not $CC.  Make interprets the latter as a reference
to the (nonexistent) variable C followed by a literal C.

Fixes: 4e713175 ("make: Avoid using host include for cross-compiling")
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Check tdb pointer before closing
Alfonso Sánchez-Beato [Thu, 6 Jun 2019 15:36:29 +0000 (17:36 +0200)]
pppd: Check tdb pointer before closing

Check that pointer to the tdb is not NULL before calling tdb_close().
It is possible that the file could not be opened/created due to
permission issues. This change prevents the crash that happens in that

Signed-off-by: Alfonso Sánchez-Beato <alfonso.sanchez-beato@canonical.com>
3 years agoRevert "pppd: Include time.h before using time_t"
Paul Mackerras [Thu, 3 Oct 2019 22:31:48 +0000 (08:31 +1000)]
Revert "pppd: Include time.h before using time_t"

This reverts commit b6cd5586f72852f56428749202779af596353b9e
because it break compilation on Solaris with the following error:

-I../include -O -Xa -xO2 -xspace -W0,-Lt -c ppp.c
"ppp.c", line 113: identifier redeclared: time
        current : long
        previous: function(pointer to long) returning long :
"/usr/include/iso/time_iso.h", line 91
cc: acomp failed for ppp.c

The include/net/ppp_defs.h header is used in the Solaris kernel
driver and hence can't include userland headers.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppdump: Eliminate printf format warning by using %zd
Paul Mackerras [Tue, 1 Oct 2019 23:04:09 +0000 (09:04 +1000)]
pppdump: Eliminate printf format warning by using %zd

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Refactor setjmp/longjmp with pipe pair in event wait loop
Kurt Van Dijck [Thu, 26 Sep 2019 07:21:06 +0000 (09:21 +0200)]
pppd: Refactor setjmp/longjmp with pipe pair in event wait loop

setjmp/longjmp isn't supported by all compilers.
Having a pipe pair to wake an event wait loop from within a signal handler
is rather portable and common enough.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agomake: Avoid using host include for cross-compiling
Kurt Van Dijck [Thu, 26 Sep 2019 07:21:05 +0000 (09:21 +0200)]
make: Avoid using host include for cross-compiling

Prepend include paths with the toolchain's sysroot directory.
In case of a non-sysroot-aware toolchain, this does not help,
but does not break either.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppoe: Remove the use of cdefs
Kurt Van Dijck [Mon, 30 Sep 2019 12:45:08 +0000 (14:45 +0200)]
pppoe: Remove the use of cdefs

sys/cdefs.h contains the __P() macro.
The header doesn't exist in my musl toolchain,
the __P() macro has been obsoleted even by glibc,
and it's never used in the code.
This commit removes the need for this remainder.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Remove unused rcsid variables
Kurt Van Dijck [Thu, 26 Sep 2019 07:21:03 +0000 (09:21 +0200)]
pppd: Remove unused rcsid variables

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Fix GLIBC version test for non-glibc toolchains
Kurt Van Dijck [Thu, 26 Sep 2019 07:21:02 +0000 (09:21 +0200)]
pppd: Fix GLIBC version test for non-glibc toolchains

Non-glibc toolchains have their include files arranged more similar
to newer glibc's than to older.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppd: Include time.h before using time_t
Kurt Van Dijck [Thu, 26 Sep 2019 07:21:01 +0000 (09:21 +0200)]
pppd: Include time.h before using time_t

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agoradius: Fix compiler warning
Kurt Van Dijck [Thu, 26 Sep 2019 07:20:59 +0000 (09:20 +0200)]
radius: Fix compiler warning

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agomagic: Remove K&R style of arguments
Kurt Van Dijck [Thu, 26 Sep 2019 07:20:58 +0000 (09:20 +0200)]
magic: Remove K&R style of arguments

The __P() macro does not exist in libmusl so
I switched magic.{c,h} to using the std-c argument style, which had
already been used in some functions.

Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agoAdd Submitting-patches.md
Paul Mackerras [Mon, 10 Jun 2019 07:58:07 +0000 (17:58 +1000)]
Add Submitting-patches.md

This adds a file that describes the standards expected for patches and
pull requests.  The standards are different from those for most
projects on github.com and hence need to be spelled out.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agoFix netif_set_mtu for Solaris
WHR [Tue, 10 Jul 2018 01:10:24 +0000 (09:10 +0800)]
Fix netif_set_mtu for Solaris

The MTU setting for PPP interface is originally applied in function
ppp_send_config, this funcion sets a static variable 'link_mtu' from the
function argument 'mtu', then apply it to interface later using ioctl(2).
However during commit cffe80d, this ioctl(2) calling code was moved into a
separate function netif_set_mtu, with variable name 'link_mtu' unchanged.

This new function netif_set_mtu is intended to apply the MTU for interface,
from the passed argument 'mtu'; and it is called before ppp_send_config,
so 'link_mtu' won't get updated to the correct value when ioctl(2) is called;
the MTU value should be taken from argument 'mtu' instead of 'link_mtu'.

Signed-off-by: WHR <msl0000023508@gmail.com>
3 years agorp-pppoe plugin: Add options to tune discovery timeout and number of attempts
Alexis Cellier [Wed, 11 Jul 2018 14:16:42 +0000 (16:16 +0200)]
rp-pppoe plugin: Add options to tune discovery timeout and number of attempts

Add new options pppoe-padi-timeout and pppoe-padi-attempts.

These modifications are the similar to the ones done on
pppoe-discovery in commit 70a8ad3d ("pppoe-discovery: add options to
tune discovery timeout and attempts", 2017-12-07).

Signed-off-by: Alexis Cellier <alexis.cellier@smile.fr>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 years agopppoe: Custom host-uniq tag
Matteo Croce [Sat, 4 May 2019 16:48:53 +0000 (18:48 +0200)]
pppoe: Custom host-uniq tag

Add pppoe 'host-uniq' option to set an arbitrary
host-uniq tag instead of the pppd pid.
Some ISPs use such tag to authenticate the CPE,
so it must be set to a proper value to connect.

Signed-off-by: Matteo Croce <mcroce@redhat.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Paul Mackerras <paulus@samba.org>
3 years agoplugins/rp-pppoe: Fix compile errors
Paul Mackerras [Sat, 18 May 2019 08:18:53 +0000 (18:18 +1000)]
plugins/rp-pppoe: Fix compile errors

This fixes compile errors introduced in commit fcb076c ("Various fixes
for errors found by coverity static analysis (#109)", 2019-05-06).
Including pppd.h gave errors on some systems (e.g. recent Debian and
Ubuntu) regarding the type 'u_char' being undefined.  To fix this, we
simply take out the lines that define _POSIX_SOURCE.

Signed-off-by: Paul Mackerras <paulus@samba.org>
3 years agoVarious fixes for errors found by coverity static analysis (#109)
Jaroslav Škarvada [Sun, 5 May 2019 22:46:02 +0000 (00:46 +0200)]
Various fixes for errors found by coverity static analysis (#109)

Fixes #108

Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>