config BR2_PACKAGE_PPP
+ prompt "ppp - PPP (Point-to-Point Protocol) daemon"
tristate
- select BR2_PACKAGE_KMOD_PPP
- prompt "PPP daemon"
default y
+ select BR2_PACKAGE_KMOD_PPP
-config BR2_PACKAGE_PPP_PPPOE
+config BR2_PACKAGE_PPP_MOD_PPPOE
+ prompt "mod-pppoe - PPPoE (PPP over Ethernet) plugin"
tristate
- prompt "PPP over Ethernet plugin"
- select BR2_PACKAGE_KMOD_PPPOE
default y
depends on BR2_PACKAGE_PPP
+ select BR2_PACKAGE_KMOD_PPPOE
-config BR2_PACKAGE_PPP_RADIUS
+config BR2_PACKAGE_PPP_MOD_RADIUS
+ prompt "mod-radius - RADIUS (Remote Authentication Dial-In User Service) plugin"
tristate
- prompt "PPP RADIUS plugin"
default m
depends on BR2_PACKAGE_PPP
-config BR2_PACKAGE_PPP_CHAT
+config BR2_PACKAGE_CHAT
+ prompt "chat - an utility to establish conversation with other PPP servers (via a modem)"
tristate
- prompt "chat utility"
default m
depends on BR2_PACKAGE_PPP
config BR2_PACKAGE_PPPDUMP
+ prompt "pppdump - an utility to read PPP record file"
tristate
- prompt "pppdump utility"
default m
depends on BR2_PACKAGE_PPP
config BR2_PACKAGE_PPPSTATS
+ prompt "pppstats - an utility to report PPP statistics"
tristate
- prompt "pppstats utility"
default m
depends on BR2_PACKAGE_PPP
-
-
include $(TOPDIR)/rules.mk
-PKG_NAME := ppp
-PKG_VERSION := 2.4.3
-PKG_RELEASE := 4
-PKG_MD5SUM := 848f6c3cafeb6074ffeb293c3af79b7c
-
-PKG_SOURCE_SITE := ftp://ftp.samba.org/pub/ppp/
-PKG_SOURCE_FILE := $(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_CAT := zcat
-PKG_SOURCE_DIR := $(PKG_NAME)-$(PKG_VERSION)
-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_SOURCE_DIR)
-
-PKG_PPP := $(PACKAGE_DIR)/ppp_$(PKG_VERSION)-$(PKG_RELEASE)_$(ARCH).ipk
-PKG_PPP_PPPOE_PLUGIN := $(PACKAGE_DIR)/ppp-pppoe-plugin_$(PKG_VERSION)-$(PKG_RELEASE)_$(ARCH).ipk
-PKG_PPP_RADIUS_PLUGIN := $(PACKAGE_DIR)/ppp-radius-plugin_$(PKG_VERSION)-$(PKG_RELEASE)_$(ARCH).ipk
-PKG_PPPSTATS := $(PACKAGE_DIR)/pppstats_$(PKG_VERSION)-$(PKG_RELEASE)_$(ARCH).ipk
-PKG_PPPDUMP := $(PACKAGE_DIR)/pppdump_$(PKG_VERSION)-$(PKG_RELEASE)_$(ARCH).ipk
-
-I_PPP := $(PKG_BUILD_DIR)/ipkg/ppp
-I_PPP_PPPOE_PLUGIN := $(PKG_BUILD_DIR)/ipkg/ppp-pppoe-plugin
-I_PPP_RADIUS_PLUGIN := $(PKG_BUILD_DIR)/ipkg/ppp-radius-plugin
-I_PPPDUMP := $(PKG_BUILD_DIR)/ipkg/pppdump
-I_PPPSTATS := $(PKG_BUILD_DIR)/ipkg/pppstats
-
-TARGETS := $(PKG_PPP)
-ifneq ($(BR2_PACKAGE_PPP_PPPOE),)
-TARGETS += $(PKG_PPP_PPPOE_PLUGIN)
-endif
-ifneq ($(BR2_PACKAGE_PPP_RADIUS),)
-TARGETS += $(PKG_PPP_RADIUS_PLUGIN)
-endif
-ifneq ($(BR2_PACKAGE_PPPDUMP),)
-TARGETS += $(PKG_PPPDUMP)
-endif
-ifneq ($(BR2_PACKAGE_PPPSTATS),)
-TARGETS += $(PKG_PPPSTATS)
-endif
-
-INSTALL_TARGETS := $(IPKG_STATE_DIR)/info/ppp.list
-ifeq ($(BR2_PACKAGE_PPP_PPPOE),y)
-INSTALL_TARGETS += $(IPKG_STATE_DIR)/info/ppp-pppoe-plugin.list
-endif
-ifeq ($(BR2_PACKAGE_PPP_RADIUS),y)
-INSTALL_TARGETS += $(IPKG_STATE_DIR)/info/ppp-radius-plugin.list
-endif
-ifeq ($(BR2_PACKAGE_PPPDUMP),y)
-INSTALL_TARGETS += $(IPKG_STATE_DIR)/info/pppdump.list
-endif
-ifeq ($(BR2_PACKAGE_PPPSTATS),y)
-INSTALL_TARGETS += $(IPKG_STATE_DIR)/info/pppstats.list
-endif
-
-$(DL_DIR)/$(PKG_SOURCE_FILE):
- mkdir -p $(DL_DIR)
- $(SCRIPT_DIR)/download.pl $(DL_DIR) $(PKG_SOURCE_FILE) $(PKG_MD5SUM) $(PKG_SOURCE_SITE)
-
-$(PKG_BUILD_DIR)/.patched: $(DL_DIR)/$(PKG_SOURCE_FILE)
- mkdir -p $(TOOL_BUILD_DIR)
- $(PKG_SOURCE_CAT) $(DL_DIR)/$(PKG_SOURCE_FILE) | tar -C $(BUILD_DIR) $(TAR_OPTIONS) -
- $(PATCH) $(PKG_BUILD_DIR) . $(PKG_NAME).patch
- touch $(PKG_BUILD_DIR)/.patched
-
-$(PKG_BUILD_DIR)/.configured: $(PKG_BUILD_DIR)/.patched
- (cd $(PKG_BUILD_DIR); \
- rm -f config.cache; \
- $(TARGET_CONFIGURE_OPTS) \
- CFLAGS="$(TARGET_CFLAGS)" \
- ./configure \
- --target=$(GNU_TARGET_NAME) \
- --host=$(GNU_TARGET_NAME) \
- --build=$(GNU_HOST_NAME) \
- --prefix=/usr \
- --exec-prefix=/usr \
- --bindir=/usr/bin \
- --datadir=/usr/share \
- --infodir=/usr/share/info \
- --libexecdir=/usr/lib \
- --localstatedir=/var \
- --mandir=/usr/share/man \
- --sbindir=/usr/sbin \
- --sysconfdir=/etc \
- $(DISABLE_NLS))
+PKG_NAME:=ppp
+PKG_VERSION:=2.4.3
+PKG_RELEASE:=4
+PKG_MD5SUM:=848f6c3cafeb6074ffeb293c3af79b7c
+
+PKG_SOURCE_URL:=ftp://ftp.samba.org/pub/ppp/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_CAT:=zcat
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
+
+include $(TOPDIR)/package/rules.mk
+
+define PKG_mod_template
+
+$$(IPKG_$(1)):
+ install -d -m0755 $$(IDIR_$(1))/usr/lib/pppd/$(PKG_VERSION)
+ install -m0755 $(PKG_INSTALL_DIR)/usr/lib/pppd/$(PKG_VERSION)/$(2).so \
+ $$(IDIR_$(1))/usr/lib/pppd/$(PKG_VERSION)/
+ $(RSTRIP) $$(IDIR_$(1))
+ $(IPKG_BUILD) $$(IDIR_$(1)) $(PACKAGE_DIR)
+
+endef
+
+$(eval $(call PKG_template,PPP,ppp,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,PPP_MOD_PPPOE,ppp-mod-pppoe,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,PPP_MOD_RADIUS,ppp-mod-radius,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,CHAT,chat,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,PPPDUMP,pppdump,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,PPPSTATS,pppstats,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+
+$(eval $(call PKG_mod_template,PPP_MOD_PPPOE,rp-pppoe))
+$(eval $(call PKG_mod_template,PPP_MOD_RADIUS,radius))
+
+$(PKG_BUILD_DIR)/.configured:
+ (cd $(PKG_BUILD_DIR); rm -rf config.{cache,status} ; \
+ $(TARGET_CONFIGURE_OPTS) \
+ CFLAGS="$(TARGET_CFLAGS)" \
+ ./configure \
+ --target=$(GNU_TARGET_NAME) \
+ --host=$(GNU_TARGET_NAME) \
+ --build=$(GNU_HOST_NAME) \
+ --program-prefix="" \
+ --program-suffix="" \
+ --prefix=/usr \
+ --exec-prefix=/usr \
+ --bindir=/usr/bin \
+ --datadir=/usr/share \
+ --includedir=/usr/include \
+ --infodir=/usr/share/info \
+ --libdir=/usr/lib \
+ --libexecdir=/usr/lib \
+ --localstatedir=/var \
+ --mandir=/usr/share/man \
+ --sbindir=/usr/sbin \
+ --sysconfdir=/etc \
+ $(DISABLE_LARGEFILE) \
+ $(DISABLE_NLS) \
+ )
touch $(PKG_BUILD_DIR)/.configured
-$(PKG_BUILD_DIR)/pppd/pppd $(PKG_BUILD_DIR)/pppd/plugins/radius/radius.so: $(PKG_BUILD_DIR)/.configured
+$(PKG_BUILD_DIR)/.built:
+ rm -rf $(PKG_INSTALL_DIR)
+ mkdir -p $(PKG_INSTALL_DIR)/usr
$(MAKE) -C $(PKG_BUILD_DIR) \
- CC=$(TARGET_CC) \
- COPTS="$(TARGET_CFLAGS)" \
- all
-
-$(PKG_PPP): $(PKG_BUILD_DIR)/pppd/pppd
- mkdir -p $(I_PPP)
- cp -af ./ipkg/ppp/* $(I_PPP)
- $(SCRIPT_DIR)/make-ipkg-dir.sh $(I_PPP) control/ppp.control $(PKG_VERSION)-$(PKG_RELEASE) $(ARCH)
- mkdir -p $(I_PPP)/etc/ppp
- ln -sf /tmp/resolv.conf $(I_PPP)/etc/ppp/resolv.conf
- mkdir -p $(I_PPP)/usr/sbin
- cp -af $(PKG_BUILD_DIR)/pppd/pppd $(I_PPP)/usr/sbin/
- $(STRIP) $(I_PPP)/usr/sbin/*
- mkdir -p $(I_PPP)/usr/lib/pppd
- cp $(PKG_BUILD_DIR)/pppd/plugins/*.so $(I_PPP)/usr/lib/pppd/
- $(STRIP) $(I_PPP)/usr/lib/pppd/*.so
- mkdir -p $(I_PPP)/$(MODULES_SUBDIR)
- cp $(MODULES_DIR)/kernel/drivers/net/ppp_async.o $(I_PPP)/$(MODULES_SUBDIR)
- cp $(MODULES_DIR)/kernel/drivers/net/ppp_deflate.o $(I_PPP)/$(MODULES_SUBDIR)
- cp $(MODULES_DIR)/kernel/drivers/net/bsd_comp.o $(I_PPP)/$(MODULES_SUBDIR)
- find $(I_PPP) -name CVS | xargs rm -rf
- $(IPKG_BUILD) $(I_PPP) $(PACKAGE_DIR)
+ CC=$(TARGET_CC) \
+ COPTS="$(TARGET_CFLAGS)" \
+ DESTDIR="$(PKG_INSTALL_DIR)/usr" \
+ all install
+ touch $(PKG_BUILD_DIR)/.built
+
+$(IPKG_PPP):
+ install -d -m0755 $(IDIR_PPP)/etc/ppp
+ ln -sf /tmp/resolv.conf $(IDIR_PPP)/etc/ppp/resolv.conf
+ install -m0600 ./files/etc/ppp/chap-secrets $(IDIR_PPP)/etc/ppp/
+ install -m0644 ./files/etc/ppp/options $(IDIR_PPP)/etc/ppp/
+ install -d -m0755 $(IDIR_PPP)/etc/ppp/peers
+ install -m0644 ./files/etc/ppp/peers/sample $(IDIR_PPP)/etc/ppp/peers/
+ install -d -m0755 $(IDIR_PPP)/usr/sbin
+ install -m0755 $(PKG_INSTALL_DIR)/usr/sbin/pppd $(IDIR_PPP)/usr/sbin/
+ install -d -m0755 $(IDIR_PPP)/usr/lib/pppd
+ $(RSTRIP) $(IDIR_PPP)
+ $(IPKG_BUILD) $(IDIR_PPP) $(PACKAGE_DIR)
-$(IPKG_STATE_DIR)/info/ppp.list: $(PKG_PPP)
- $(IPKG) install $(PKG_PPP)
-
-$(PKG_PPP_PPPOE_PLUGIN): $(PKG_PPP)
- $(SCRIPT_DIR)/make-ipkg-dir.sh $(I_PPP_PPPOE_PLUGIN) control/ppp-pppoe-plugin.control $(PKG_VERSION)-$(PKG_RELEASE) $(ARCH)
- cp -af ./ipkg/ppp-pppoe-plugin/* $(I_PPP_PPPOE_PLUGIN)
- mkdir -p $(I_PPP_PPPOE_PLUGIN)/usr/lib/pppd/$(PKG_VERSION)
- cp -af $(PKG_BUILD_DIR)/pppd/plugins/rp-pppoe/rp-pppoe.so \
- $(I_PPP_PPPOE_PLUGIN)/usr/lib/pppd/$(PKG_VERSION)
- $(STRIP) $(I_PPP_PPPOE_PLUGIN)/usr/lib/pppd/$(PKG_VERSION)/*.so
- mkdir -p $(I_PPP_PPPOE_PLUGIN)/$(MODULES_SUBDIR)
- cp $(MODULES_DIR)/kernel/drivers/net/pppo*.o $(I_PPP_PPPOE_PLUGIN)/$(MODULES_SUBDIR)
- find $(I_PPP_PPPOE_PLUGIN) -name CVS | xargs rm -rf
- $(IPKG_BUILD) $(I_PPP_PPPOE_PLUGIN) $(PACKAGE_DIR)
-
-$(IPKG_STATE_DIR)/info/ppp-pppoe-plugin.list: $(PKG_PPP_PPPOE_PLUGIN)
- $(IPKG) install $(PKG_PPP_PPPOE_PLUGIN)
-
-$(PKG_PPP_RADIUS_PLUGIN): $(PKG_PPP)
- $(SCRIPT_DIR)/make-ipkg-dir.sh $(I_PPP_RADIUS_PLUGIN) control/ppp-radius-plugin.control $(PKG_VERSION)-$(PKG_RELEASE) $(ARCH)
- mkdir -p $(I_PPP_RADIUS_PLUGIN)/usr/lib/pppd/$(PKG_VERSION)
- cp -af $(PKG_BUILD_DIR)/pppd/plugins/radius/radius.so \
- $(I_PPP_RADIUS_PLUGIN)/usr/lib/pppd/$(PKG_VERSION)
- $(STRIP) $(I_PPP_RADIUS_PLUGIN)/usr/lib/pppd/$(PKG_VERSION)/*.so
- find $(I_PPP_RADIUS_PLUGIN) -name CVS | xargs rm -rf
- $(IPKG_BUILD) $(I_PPP_RADIUS_PLUGIN) $(PACKAGE_DIR)
-
-$(IPKG_STATE_DIR)/info/ppp-radius-plugin.list: $(PKG_PPP_RADIUS_PLUGIN)
- $(IPKG) install $(PKG_PPP_RADIUS_PLUGIN)
-
-$(PKG_PPPDUMP): $(PKG_PPP)
- $(SCRIPT_DIR)/make-ipkg-dir.sh $(I_PPPDUMP) control/pppdump.control $(PKG_VERSION)-$(PKG_RELEASE) $(ARCH)
- mkdir -p $(I_PPPDUMP)/usr/sbin
- cp -af $(PKG_BUILD_DIR)/pppdump/pppdump $(I_PPPDUMP)/usr/sbin/
- $(STRIP) $(I_PPPDUMP)/usr/sbin/*
- find $(I_PPPDUMP) -name CVS | xargs rm -rf
- $(IPKG_BUILD) $(I_PPPDUMP) $(PACKAGE_DIR)
-
-$(IPKG_STATE_DIR)/info/pppdump.list: $(PKG_PPPDUMP)
- $(IPKG) install $(PKG_PPPDUMP)
-
-$(PKG_PPPSTATS): $(PKG_PPP)
- $(SCRIPT_DIR)/make-ipkg-dir.sh $(I_PPPSTATS) control/pppstats.control $(PKG_VERSION)-$(PKG_RELEASE) $(ARCH)
- mkdir -p $(I_PPPSTATS)/usr/sbin
- cp -af $(PKG_BUILD_DIR)/pppstats/pppstats $(I_PPPSTATS)/usr/sbin/
- $(STRIP) $(I_PPPSTATS)/usr/sbin/*
- find $(I_PPPSTATS) -name CVS | xargs rm -rf
- $(IPKG_BUILD) $(I_PPPSTATS) $(PACKAGE_DIR)
-
-$(IPKG_STATE_DIR)/info/pppstats.list: $(PKG_PPPSTATS)
- $(IPKG) install $(PKG_PPPSTATS)
-
-source: $(DL_DIR)/$(PKG_SOURCE_FILE)
-prepare: $(PKG_BUILD_DIR)/.patched
-compile: $(TARGETS)
-install: $(INSTALL_TARGETS)
-
-clean:
- rm -rf $(PKG_BUILD_DIR)
- rm -f $(PKG_PPP) $(PKG_PPP_PPPOE_PLUGIN) $(PKG_PPP_RADIUS_PLUGIN) $(PKG_PPPSTATS) $(PKG_PPPDUMP)
+$(IDIR_PPP_MOD_PPPOE)/etc/init.d/S50pppoe:
+ install -d -m0755 $(IDIR_PPP_MOD_PPPOE)/etc/init.d
+ install -m0755 ./files/pppoe.init $(IDIR_PPP_MOD_PPPOE)/etc/init.d/S50pppoe
+
+$(IPKG_PPP_MOD_PPPOE): $(IDIR_PPP_MOD_PPPOE)/etc/init.d/S50pppoe
+
+$(IDIR_PPP_MOD_RADIUS)/etc/ppp/radius.conf:
+
+ install -d -m0755 $(IDIR_PPP_MOD_RADIUS)/etc/ppp
+ install -m644 ./files/etc/ppp/radius.conf $(IDIR_PPP_MOD_RADIUS)/etc/ppp/
+ install -d -m0755 $(IDIR_PPP_MOD_RADIUS)/etc/ppp/radius
+ install -m644 ./files/etc/ppp/radius/dictionary* \
+ $(IDIR_PPP_MOD_RADIUS)/etc/ppp/radius/
+ install -m600 ./files/etc/ppp/radius/servers \
+ $(IDIR_PPP_MOD_RADIUS)/etc/ppp/radius/
+
+$(IPKG_PPP_MOD_RADIUS): $(IDIR_PPP_MOD_RADIUS)/etc/ppp/radius.conf
+
+$(IPKG_CHAT):
+ install -d -m0755 $(IDIR_CHAT)/usr/sbin
+ cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/chat $(IDIR_CHAT)/usr/sbin/
+ $(RSTRIP) $(IDIR_CHAT)
+ $(IPKG_BUILD) $(IDIR_CHAT) $(PACKAGE_DIR)
+
+$(IPKG_PPPDUMP):
+ install -d -m0755 $(IDIR_PPPDUMP)/usr/sbin
+ cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/pppdump $(IDIR_PPPDUMP)/usr/sbin/
+ $(RSTRIP) $(IDIR_PPPDUMP)
+ $(IPKG_BUILD) $(IDIR_PPPDUMP) $(PACKAGE_DIR)
+
+$(IPKG_PPPSTATS): $(IPKG_PPP)
+ install -d -m0755 $(IDIR_PPPSTATS)/usr/sbin
+ cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/pppstats $(IDIR_PPPSTATS)/usr/sbin/
+ $(RSTRIP) $(IDIR_PPPSTATS)
+ $(IPKG_BUILD) $(IDIR_PPPSTATS) $(PACKAGE_DIR)
+
+++ /dev/null
-Package: chat
-Priority: optional
-Section: net
-Maintainer: Felix Fietkau <nbd@vd-s.ath.cx>
-Source: buildroot internal
-Description: Utility for establishing a connection with the ISP's PPP server (e.g. via Modem)
-Depends: ppp
+++ /dev/null
-Package: ppp-pppoe-plugin
-Priority: optional
-Section: net
-Maintainer: Felix Fietkau <nbd@vd-s.ath.cx>
-Source: buildroot internal
-Description: a PPPoE (PPP over Ethernet) plugin for PPP
-Depends: ppp, kmod-pppoe
+++ /dev/null
-Package: ppp-radius-plugin
-Priority: optional
-Section: net
-Maintainer: Felix Fietkau <nbd@vd-s.ath.cx>
-Source: buildroot internal
-Description: a RADIUS plugin for PPP
-Depends: ppp
+++ /dev/null
-Package: ppp
-Priority: optional
-Section: net
-Maintainer: Felix Fietkau <nbd@vd-s.ath.cx>
-Source: buildroot internal
-Depends: kmod-ppp
-Description: a PPP (Point-to-Point Protocol) daemon (with MPPE/MPPC support)
+++ /dev/null
-Package: pppdump
-Priority: optional
-Section: net
-Maintainer: Felix Fietkau <nbd@vd-s.ath.cx>
-Source: buildroot internal
-Description: an utility to read PPP record file
-Depends: ppp
+++ /dev/null
-Package: pppstats
-Priority: optional
-Section: net
-Maintainer: Felix Fietkau <nbd@vd-s.ath.cx>
-Source: buildroot internal
-Description: an utility to report PPP statistics
-Depends: ppp
--- /dev/null
+#USERNAME PROVIDER PASSWORD IPADDRESS
--- /dev/null
+#debug
+noaccomp
+nopcomp
+nocrtscts
+lock
--- /dev/null
+#name USERNAME
+#remotename PROVIDER
+#file /etc/ppp/sample-options
--- /dev/null
+authserver localhost:1812
+acctserver localhost:1813
+dictionary /etc/ppp/radius/dictionary
+servers /etc/ppp/radius/servers
+mapfile /dev/null
+seqfile /tmp/radius.seq
+radius_timeout 5
+radius_retries 3
--- /dev/null
+#
+# Updated 97/06/13 to livingston-radius-2.01 miquels@cistron.nl
+#
+# This file contains dictionary translations for parsing
+# requests and generating responses. All transactions are
+# composed of Attribute/Value Pairs. The value of each attribute
+# is specified as one of 4 data types. Valid data types are:
+#
+# string - 0-253 octets
+# ipaddr - 4 octets in network byte order
+# integer - 32 bit value in big endian order (high byte first)
+# date - 32 bit value in big endian order - seconds since
+# 00:00:00 GMT, Jan. 1, 1970
+#
+# Enumerated values are stored in the user file with dictionary
+# VALUE translations for easy administration.
+#
+# Example:
+#
+# ATTRIBUTE VALUE
+# --------------- -----
+# Framed-Protocol = PPP
+# 7 = 1 (integer encoding)
+#
+
+# The dictionary format now supports vendor-specific attributes.
+# Vendors are introduced like this:
+#
+# VENDOR vendor_name vendor_number
+#
+# For example:
+#
+# VENDOR RoaringPenguin 10055
+#
+# Vendor-specific attributes have a fifth field with the name of the
+# vendor. For example:
+#
+# ATTRIBUTE RP-Upstream-Speed-Limit 1 integer RoaringPenguin
+#
+# introduces a Roaring Penguin vendor-specific attribbute with name
+# RP-Upstream-Speed-Limit, number 1, type integer and vendor RoaringPenguin.
+
+#
+# Following are the proper new names. Use these.
+#
+ATTRIBUTE User-Name 1 string
+ATTRIBUTE Password 2 string
+ATTRIBUTE CHAP-Password 3 string
+ATTRIBUTE NAS-IP-Address 4 ipaddr
+ATTRIBUTE NAS-Port-Id 5 integer
+ATTRIBUTE Service-Type 6 integer
+ATTRIBUTE Framed-Protocol 7 integer
+ATTRIBUTE Framed-IP-Address 8 ipaddr
+ATTRIBUTE Framed-IP-Netmask 9 ipaddr
+ATTRIBUTE Framed-Routing 10 integer
+ATTRIBUTE Filter-Id 11 string
+ATTRIBUTE Framed-MTU 12 integer
+ATTRIBUTE Framed-Compression 13 integer
+ATTRIBUTE Login-IP-Host 14 ipaddr
+ATTRIBUTE Login-Service 15 integer
+ATTRIBUTE Login-TCP-Port 16 integer
+ATTRIBUTE Reply-Message 18 string
+ATTRIBUTE Callback-Number 19 string
+ATTRIBUTE Callback-Id 20 string
+ATTRIBUTE Framed-Route 22 string
+ATTRIBUTE Framed-IPX-Network 23 ipaddr
+ATTRIBUTE State 24 string
+ATTRIBUTE Class 25 string
+ATTRIBUTE Session-Timeout 27 integer
+ATTRIBUTE Idle-Timeout 28 integer
+ATTRIBUTE Termination-Action 29 integer
+ATTRIBUTE Called-Station-Id 30 string
+ATTRIBUTE Calling-Station-Id 31 string
+ATTRIBUTE NAS-Identifier 32 string
+ATTRIBUTE Acct-Status-Type 40 integer
+ATTRIBUTE Acct-Delay-Time 41 integer
+ATTRIBUTE Acct-Input-Octets 42 integer
+ATTRIBUTE Acct-Output-Octets 43 integer
+ATTRIBUTE Acct-Session-Id 44 string
+ATTRIBUTE Acct-Authentic 45 integer
+ATTRIBUTE Acct-Session-Time 46 integer
+ATTRIBUTE Acct-Input-Packets 47 integer
+ATTRIBUTE Acct-Output-Packets 48 integer
+ATTRIBUTE Acct-Terminate-Cause 49 integer
+ATTRIBUTE Chap-Challenge 60 string
+ATTRIBUTE NAS-Port-Type 61 integer
+ATTRIBUTE Port-Limit 62 integer
+ATTRIBUTE Connect-Info 77 string
+
+# RFC 2869
+ATTRIBUTE Acct-Interim-Interval 85 integer
+
+#
+# Experimental Non Protocol Attributes used by Cistron-Radiusd
+#
+ATTRIBUTE Huntgroup-Name 221 string
+ATTRIBUTE User-Category 1029 string
+ATTRIBUTE Group-Name 1030 string
+ATTRIBUTE Simultaneous-Use 1034 integer
+ATTRIBUTE Strip-User-Name 1035 integer
+ATTRIBUTE Fall-Through 1036 integer
+ATTRIBUTE Add-Port-To-IP-Address 1037 integer
+ATTRIBUTE Exec-Program 1038 string
+ATTRIBUTE Exec-Program-Wait 1039 string
+ATTRIBUTE Hint 1040 string
+
+#
+# Non-Protocol Attributes
+# These attributes are used internally by the server
+#
+ATTRIBUTE Expiration 21 date
+ATTRIBUTE Auth-Type 1000 integer
+ATTRIBUTE Menu 1001 string
+ATTRIBUTE Termination-Menu 1002 string
+ATTRIBUTE Prefix 1003 string
+ATTRIBUTE Suffix 1004 string
+ATTRIBUTE Group 1005 string
+ATTRIBUTE Crypt-Password 1006 string
+ATTRIBUTE Connect-Rate 1007 integer
+
+#
+# Experimental, implementation specific attributes
+#
+# Limit session traffic
+ATTRIBUTE Session-Octets-Limit 227 integer
+# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out)
+ATTRIBUTE Octets-Direction 228 integer
+
+#
+# Integer Translations
+#
+
+# User Types
+
+VALUE Service-Type Login-User 1
+VALUE Service-Type Framed-User 2
+VALUE Service-Type Callback-Login-User 3
+VALUE Service-Type Callback-Framed-User 4
+VALUE Service-Type Outbound-User 5
+VALUE Service-Type Administrative-User 6
+VALUE Service-Type NAS-Prompt-User 7
+
+# Framed Protocols
+
+VALUE Framed-Protocol PPP 1
+VALUE Framed-Protocol SLIP 2
+
+# Framed Routing Values
+
+VALUE Framed-Routing None 0
+VALUE Framed-Routing Broadcast 1
+VALUE Framed-Routing Listen 2
+VALUE Framed-Routing Broadcast-Listen 3
+
+# Framed Compression Types
+
+VALUE Framed-Compression None 0
+VALUE Framed-Compression Van-Jacobson-TCP-IP 1
+
+# Login Services
+
+VALUE Login-Service Telnet 0
+VALUE Login-Service Rlogin 1
+VALUE Login-Service TCP-Clear 2
+VALUE Login-Service PortMaster 3
+
+# Status Types
+
+VALUE Acct-Status-Type Start 1
+VALUE Acct-Status-Type Stop 2
+VALUE Acct-Status-Type Accounting-On 7
+VALUE Acct-Status-Type Accounting-Off 8
+
+# Authentication Types
+
+VALUE Acct-Authentic RADIUS 1
+VALUE Acct-Authentic Local 2
+VALUE Acct-Authentic PowerLink128 100
+
+# Termination Options
+
+VALUE Termination-Action Default 0
+VALUE Termination-Action RADIUS-Request 1
+
+# NAS Port Types, available in 3.3.1 and later
+
+VALUE NAS-Port-Type Async 0
+VALUE NAS-Port-Type Sync 1
+VALUE NAS-Port-Type ISDN 2
+VALUE NAS-Port-Type ISDN-V120 3
+VALUE NAS-Port-Type ISDN-V110 4
+
+# Acct Terminate Causes, available in 3.3.2 and later
+
+VALUE Acct-Terminate-Cause User-Request 1
+VALUE Acct-Terminate-Cause Lost-Carrier 2
+VALUE Acct-Terminate-Cause Lost-Service 3
+VALUE Acct-Terminate-Cause Idle-Timeout 4
+VALUE Acct-Terminate-Cause Session-Timeout 5
+VALUE Acct-Terminate-Cause Admin-Reset 6
+VALUE Acct-Terminate-Cause Admin-Reboot 7
+VALUE Acct-Terminate-Cause Port-Error 8
+VALUE Acct-Terminate-Cause NAS-Error 9
+VALUE Acct-Terminate-Cause NAS-Request 10
+VALUE Acct-Terminate-Cause NAS-Reboot 11
+VALUE Acct-Terminate-Cause Port-Unneeded 12
+VALUE Acct-Terminate-Cause Port-Preempted 13
+VALUE Acct-Terminate-Cause Port-Suspended 14
+VALUE Acct-Terminate-Cause Service-Unavailable 15
+VALUE Acct-Terminate-Cause Callback 16
+VALUE Acct-Terminate-Cause User-Error 17
+VALUE Acct-Terminate-Cause Host-Request 18
+
+#
+# Non-Protocol Integer Translations
+#
+
+VALUE Auth-Type Local 0
+VALUE Auth-Type System 1
+VALUE Auth-Type SecurID 2
+VALUE Auth-Type Crypt-Local 3
+VALUE Auth-Type Reject 4
+
+#
+# Cistron extensions
+#
+VALUE Auth-Type Pam 253
+VALUE Auth-Type None 254
+
+#
+# Experimental Non-Protocol Integer Translations for Cistron-Radiusd
+#
+VALUE Fall-Through No 0
+VALUE Fall-Through Yes 1
+VALUE Add-Port-To-IP-Address No 0
+VALUE Add-Port-To-IP-Address Yes 1
+
+#
+# Configuration Values
+# uncomment these two lines to turn account expiration on
+#
+
+#VALUE Server-Config Password-Expiration 30
+#VALUE Server-Config Password-Warning 5
+
+# Octets-Direction
+VALUE Octets-Direction Sum 0
+VALUE Octets-Direction Input 1
+VALUE Octets-Direction Output 2
+VALUE Octets-Direction MaxOveral 3
+VALUE Octets-Direction MaxSession 4
+
+INCLUDE /etc/ppp/radius/dictionary.microsoft
--- /dev/null
+VENDOR ASNET 50000
+ATTRIBUTE Speed-Down 1 string ASNET
+ATTRIBUTE Speed-Up 2 string ASNET
--- /dev/null
+#
+# Microsoft's VSA's, from RFC 2548
+#
+# $Id$
+#
+
+VENDOR Microsoft 311 Microsoft
+
+ATTRIBUTE MS-CHAP-Response 1 string Microsoft
+ATTRIBUTE MS-CHAP-Error 2 string Microsoft
+ATTRIBUTE MS-CHAP-CPW-1 3 string Microsoft
+ATTRIBUTE MS-CHAP-CPW-2 4 string Microsoft
+ATTRIBUTE MS-CHAP-LM-Enc-PW 5 string Microsoft
+ATTRIBUTE MS-CHAP-NT-Enc-PW 6 string Microsoft
+ATTRIBUTE MS-MPPE-Encryption-Policy 7 string Microsoft
+# This is referred to as both singular and plural in the RFC.
+# Plural seems to make more sense.
+ATTRIBUTE MS-MPPE-Encryption-Type 8 string Microsoft
+ATTRIBUTE MS-MPPE-Encryption-Types 8 string Microsoft
+ATTRIBUTE MS-RAS-Vendor 9 integer Microsoft
+ATTRIBUTE MS-CHAP-Domain 10 string Microsoft
+ATTRIBUTE MS-CHAP-Challenge 11 string Microsoft
+ATTRIBUTE MS-CHAP-MPPE-Keys 12 string Microsoft
+ATTRIBUTE MS-BAP-Usage 13 integer Microsoft
+ATTRIBUTE MS-Link-Utilization-Threshold 14 integer Microsoft
+ATTRIBUTE MS-Link-Drop-Time-Limit 15 integer Microsoft
+ATTRIBUTE MS-MPPE-Send-Key 16 string Microsoft
+ATTRIBUTE MS-MPPE-Recv-Key 17 string Microsoft
+ATTRIBUTE MS-RAS-Version 18 string Microsoft
+ATTRIBUTE MS-Old-ARAP-Password 19 string Microsoft
+ATTRIBUTE MS-New-ARAP-Password 20 string Microsoft
+ATTRIBUTE MS-ARAP-PW-Change-Reason 21 integer Microsoft
+
+ATTRIBUTE MS-Filter 22 string Microsoft
+ATTRIBUTE MS-Acct-Auth-Type 23 integer Microsoft
+ATTRIBUTE MS-Acct-EAP-Type 24 integer Microsoft
+
+ATTRIBUTE MS-CHAP2-Response 25 string Microsoft
+ATTRIBUTE MS-CHAP2-Success 26 string Microsoft
+ATTRIBUTE MS-CHAP2-CPW 27 string Microsoft
+
+ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr Microsoft
+ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr Microsoft
+ATTRIBUTE MS-Primary-NBNS-Server 30 ipaddr Microsoft
+ATTRIBUTE MS-Secondary-NBNS-Server 31 ipaddr Microsoft
+
+#ATTRIBUTE MS-ARAP-Challenge 33 string Microsoft
+
+
+#
+# Integer Translations
+#
+
+# MS-BAP-Usage Values
+
+VALUE MS-BAP-Usage Not-Allowed 0
+VALUE MS-BAP-Usage Allowed 1
+VALUE MS-BAP-Usage Required 2
+
+# MS-ARAP-Password-Change-Reason Values
+
+VALUE MS-ARAP-PW-Change-Reason Just-Change-Password 1
+VALUE MS-ARAP-PW-Change-Reason Expired-Password 2
+VALUE MS-ARAP-PW-Change-Reason Admin-Requires-Password-Change 3
+VALUE MS-ARAP-PW-Change-Reason Password-Too-Short 4
+
+# MS-Acct-Auth-Type Values
+
+VALUE MS-Acct-Auth-Type PAP 1
+VALUE MS-Acct-Auth-Type CHAP 2
+VALUE MS-Acct-Auth-Type MS-CHAP-1 3
+VALUE MS-Acct-Auth-Type MS-CHAP-2 4
+VALUE MS-Acct-Auth-Type EAP 5
+
+# MS-Acct-EAP-Type Values
+
+VALUE MS-Acct-EAP-Type MD5 4
+VALUE MS-Acct-EAP-Type OTP 5
+VALUE MS-Acct-EAP-Type Generic-Token-Card 6
+VALUE MS-Acct-EAP-Type TLS 13
+
--- /dev/null
+# SERVER SECRET
+localhost secret
--- /dev/null
+#!/bin/sh
+
+. /etc/functions.sh
+
+WAN_PROTO=$(nvram get wan_proto)
+[ "$WAN_PROTO" = "pppoe" ] || exit 0
+
+for module in slhc ppp_generic pppox pppoe; do
+ /sbin/insmod $module 2>/dev/null >/dev/null
+done
+
+(
+ while true; do
+ IFNAME=$(nvram get pppoe_ifname)
+ USERNAME=$(nvram get ppp_username)
+ PASSWORD=$(nvram get ppp_passwd)
+ REDIAL=$(nvram get ppp_redialperiod)
+ REDIAL=${REDIAL:+lcp-echo-interval $REDIAL}
+ IDLETIME=$(nvram get ppp_idletime)
+ IDLETIME=${IDLETIME:+lcp-echo-failure $IDLETIME}
+ MTUV=$(nvram get ppp_mtu)
+ MTU=${MTUV:+mtu $MTUV}
+ MRU=${MTUV:+mru $MTUV}
+
+ ifconfig $IFNAME up
+ echo -e "plugin rp-pppoe.so\nconnect /bin/true\nusepeerdns\ndefaultroute\nuser \"$USERNAME\"\npassword \"$PASSWORD\"\n$MTU\n$MRU\n$IDLETIME\n$REDIAL" > /tmp/.pppoe-data
+ /usr/sbin/pppd nodetach file /tmp/.pppoe-data $IFNAME
+ done
+) &
--- /dev/null
+Package: chat
+Priority: optional
+Section: net
+Maintainer: Felix Fietkau <nbd@vd-s.ath.cx>
+Source: buildroot internal
+Description: Utility for establishing a connection with the ISP's PPP server (e.g. via Modem)
+Depends: ppp
--- /dev/null
+Package: ppp-mod-pppoe
+Priority: optional
+Section: net
+Maintainer: Felix Fietkau <nbd@vd-s.ath.cx>
+Source: buildroot internal
+Description: a PPPoE (PPP over Ethernet) plugin for PPP
+Depends: ppp, kmod-pppoe
--- /dev/null
+/etc/ppp/radius.conf
+/etc/ppp/radius/servers
--- /dev/null
+Package: ppp-mod-radius
+Priority: optional
+Section: net
+Maintainer: Felix Fietkau <nbd@vd-s.ath.cx>
+Source: buildroot internal
+Description: a RADIUS plugin for PPP
+Depends: ppp
+++ /dev/null
-#!/bin/sh
-
-. /etc/functions.sh
-
-WAN_PROTO=$(nvram get wan_proto)
-[ "$WAN_PROTO" = "pppoe" ] || exit 0
-
-for module in slhc ppp_generic pppox pppoe; do
- /sbin/insmod $module 2>/dev/null >/dev/null
-done
-
-(
- while true; do
- IFNAME=$(nvram get pppoe_ifname)
- USERNAME=$(nvram get ppp_username)
- PASSWORD=$(nvram get ppp_passwd)
- REDIAL=$(nvram get ppp_redialperiod)
- REDIAL=${REDIAL:+lcp-echo-interval $REDIAL}
- IDLETIME=$(nvram get ppp_idletime)
- IDLETIME=${IDLETIME:+lcp-echo-failure $IDLETIME}
- MTUV=$(nvram get ppp_mtu)
- MTU=${MTUV:+mtu $MTUV}
- MRU=${MTUV:+mru $MTUV}
-
- ifconfig $IFNAME up
- echo -e "plugin rp-pppoe.so\nconnect /bin/true\nusepeerdns\ndefaultroute\nuser \"$USERNAME\"\npassword \"$PASSWORD\"\n$MTU\n$MRU\n$IDLETIME\n$REDIAL" > /tmp/.pppoe-data
- /usr/sbin/pppd nodetach file /tmp/.pppoe-data $IFNAME
- done
-) &
+++ /dev/null
-#!/bin/sh
-/usr/sbin/rdate $(/usr/sbin/nvram get ntp_server)
+++ /dev/null
-/etc/ppp/radius.conf
-/etc/ppp/radius/servers
+++ /dev/null
-plugin radius.so
-radius-config-file /etc/ppp/radius.conf
+++ /dev/null
-authserver localhost:1812
-acctserver localhost:1813
-dictionary /etc/ppp/radius/dictionary
-servers /etc/ppp/radius/servers
-mapfile /dev/null
-seqfile /tmp/radius.seq
-radius_timeout 5
-radius_retries 3
+++ /dev/null
-#
-# Updated 97/06/13 to livingston-radius-2.01 miquels@cistron.nl
-#
-# This file contains dictionary translations for parsing
-# requests and generating responses. All transactions are
-# composed of Attribute/Value Pairs. The value of each attribute
-# is specified as one of 4 data types. Valid data types are:
-#
-# string - 0-253 octets
-# ipaddr - 4 octets in network byte order
-# integer - 32 bit value in big endian order (high byte first)
-# date - 32 bit value in big endian order - seconds since
-# 00:00:00 GMT, Jan. 1, 1970
-#
-# Enumerated values are stored in the user file with dictionary
-# VALUE translations for easy administration.
-#
-# Example:
-#
-# ATTRIBUTE VALUE
-# --------------- -----
-# Framed-Protocol = PPP
-# 7 = 1 (integer encoding)
-#
-
-# The dictionary format now supports vendor-specific attributes.
-# Vendors are introduced like this:
-#
-# VENDOR vendor_name vendor_number
-#
-# For example:
-#
-# VENDOR RoaringPenguin 10055
-#
-# Vendor-specific attributes have a fifth field with the name of the
-# vendor. For example:
-#
-# ATTRIBUTE RP-Upstream-Speed-Limit 1 integer RoaringPenguin
-#
-# introduces a Roaring Penguin vendor-specific attribbute with name
-# RP-Upstream-Speed-Limit, number 1, type integer and vendor RoaringPenguin.
-
-#
-# Following are the proper new names. Use these.
-#
-ATTRIBUTE User-Name 1 string
-ATTRIBUTE Password 2 string
-ATTRIBUTE CHAP-Password 3 string
-ATTRIBUTE NAS-IP-Address 4 ipaddr
-ATTRIBUTE NAS-Port-Id 5 integer
-ATTRIBUTE Service-Type 6 integer
-ATTRIBUTE Framed-Protocol 7 integer
-ATTRIBUTE Framed-IP-Address 8 ipaddr
-ATTRIBUTE Framed-IP-Netmask 9 ipaddr
-ATTRIBUTE Framed-Routing 10 integer
-ATTRIBUTE Filter-Id 11 string
-ATTRIBUTE Framed-MTU 12 integer
-ATTRIBUTE Framed-Compression 13 integer
-ATTRIBUTE Login-IP-Host 14 ipaddr
-ATTRIBUTE Login-Service 15 integer
-ATTRIBUTE Login-TCP-Port 16 integer
-ATTRIBUTE Reply-Message 18 string
-ATTRIBUTE Callback-Number 19 string
-ATTRIBUTE Callback-Id 20 string
-ATTRIBUTE Framed-Route 22 string
-ATTRIBUTE Framed-IPX-Network 23 ipaddr
-ATTRIBUTE State 24 string
-ATTRIBUTE Class 25 string
-ATTRIBUTE Session-Timeout 27 integer
-ATTRIBUTE Idle-Timeout 28 integer
-ATTRIBUTE Termination-Action 29 integer
-ATTRIBUTE Called-Station-Id 30 string
-ATTRIBUTE Calling-Station-Id 31 string
-ATTRIBUTE NAS-Identifier 32 string
-ATTRIBUTE Acct-Status-Type 40 integer
-ATTRIBUTE Acct-Delay-Time 41 integer
-ATTRIBUTE Acct-Input-Octets 42 integer
-ATTRIBUTE Acct-Output-Octets 43 integer
-ATTRIBUTE Acct-Session-Id 44 string
-ATTRIBUTE Acct-Authentic 45 integer
-ATTRIBUTE Acct-Session-Time 46 integer
-ATTRIBUTE Acct-Input-Packets 47 integer
-ATTRIBUTE Acct-Output-Packets 48 integer
-ATTRIBUTE Acct-Terminate-Cause 49 integer
-ATTRIBUTE Chap-Challenge 60 string
-ATTRIBUTE NAS-Port-Type 61 integer
-ATTRIBUTE Port-Limit 62 integer
-ATTRIBUTE Connect-Info 77 string
-
-# RFC 2869
-ATTRIBUTE Acct-Interim-Interval 85 integer
-
-#
-# Experimental Non Protocol Attributes used by Cistron-Radiusd
-#
-ATTRIBUTE Huntgroup-Name 221 string
-ATTRIBUTE User-Category 1029 string
-ATTRIBUTE Group-Name 1030 string
-ATTRIBUTE Simultaneous-Use 1034 integer
-ATTRIBUTE Strip-User-Name 1035 integer
-ATTRIBUTE Fall-Through 1036 integer
-ATTRIBUTE Add-Port-To-IP-Address 1037 integer
-ATTRIBUTE Exec-Program 1038 string
-ATTRIBUTE Exec-Program-Wait 1039 string
-ATTRIBUTE Hint 1040 string
-
-#
-# Non-Protocol Attributes
-# These attributes are used internally by the server
-#
-ATTRIBUTE Expiration 21 date
-ATTRIBUTE Auth-Type 1000 integer
-ATTRIBUTE Menu 1001 string
-ATTRIBUTE Termination-Menu 1002 string
-ATTRIBUTE Prefix 1003 string
-ATTRIBUTE Suffix 1004 string
-ATTRIBUTE Group 1005 string
-ATTRIBUTE Crypt-Password 1006 string
-ATTRIBUTE Connect-Rate 1007 integer
-
-#
-# Experimental, implementation specific attributes
-#
-# Limit session traffic
-ATTRIBUTE Session-Octets-Limit 227 integer
-# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out)
-ATTRIBUTE Octets-Direction 228 integer
-
-#
-# Integer Translations
-#
-
-# User Types
-
-VALUE Service-Type Login-User 1
-VALUE Service-Type Framed-User 2
-VALUE Service-Type Callback-Login-User 3
-VALUE Service-Type Callback-Framed-User 4
-VALUE Service-Type Outbound-User 5
-VALUE Service-Type Administrative-User 6
-VALUE Service-Type NAS-Prompt-User 7
-
-# Framed Protocols
-
-VALUE Framed-Protocol PPP 1
-VALUE Framed-Protocol SLIP 2
-
-# Framed Routing Values
-
-VALUE Framed-Routing None 0
-VALUE Framed-Routing Broadcast 1
-VALUE Framed-Routing Listen 2
-VALUE Framed-Routing Broadcast-Listen 3
-
-# Framed Compression Types
-
-VALUE Framed-Compression None 0
-VALUE Framed-Compression Van-Jacobson-TCP-IP 1
-
-# Login Services
-
-VALUE Login-Service Telnet 0
-VALUE Login-Service Rlogin 1
-VALUE Login-Service TCP-Clear 2
-VALUE Login-Service PortMaster 3
-
-# Status Types
-
-VALUE Acct-Status-Type Start 1
-VALUE Acct-Status-Type Stop 2
-VALUE Acct-Status-Type Accounting-On 7
-VALUE Acct-Status-Type Accounting-Off 8
-
-# Authentication Types
-
-VALUE Acct-Authentic RADIUS 1
-VALUE Acct-Authentic Local 2
-VALUE Acct-Authentic PowerLink128 100
-
-# Termination Options
-
-VALUE Termination-Action Default 0
-VALUE Termination-Action RADIUS-Request 1
-
-# NAS Port Types, available in 3.3.1 and later
-
-VALUE NAS-Port-Type Async 0
-VALUE NAS-Port-Type Sync 1
-VALUE NAS-Port-Type ISDN 2
-VALUE NAS-Port-Type ISDN-V120 3
-VALUE NAS-Port-Type ISDN-V110 4
-
-# Acct Terminate Causes, available in 3.3.2 and later
-
-VALUE Acct-Terminate-Cause User-Request 1
-VALUE Acct-Terminate-Cause Lost-Carrier 2
-VALUE Acct-Terminate-Cause Lost-Service 3
-VALUE Acct-Terminate-Cause Idle-Timeout 4
-VALUE Acct-Terminate-Cause Session-Timeout 5
-VALUE Acct-Terminate-Cause Admin-Reset 6
-VALUE Acct-Terminate-Cause Admin-Reboot 7
-VALUE Acct-Terminate-Cause Port-Error 8
-VALUE Acct-Terminate-Cause NAS-Error 9
-VALUE Acct-Terminate-Cause NAS-Request 10
-VALUE Acct-Terminate-Cause NAS-Reboot 11
-VALUE Acct-Terminate-Cause Port-Unneeded 12
-VALUE Acct-Terminate-Cause Port-Preempted 13
-VALUE Acct-Terminate-Cause Port-Suspended 14
-VALUE Acct-Terminate-Cause Service-Unavailable 15
-VALUE Acct-Terminate-Cause Callback 16
-VALUE Acct-Terminate-Cause User-Error 17
-VALUE Acct-Terminate-Cause Host-Request 18
-
-#
-# Non-Protocol Integer Translations
-#
-
-VALUE Auth-Type Local 0
-VALUE Auth-Type System 1
-VALUE Auth-Type SecurID 2
-VALUE Auth-Type Crypt-Local 3
-VALUE Auth-Type Reject 4
-
-#
-# Cistron extensions
-#
-VALUE Auth-Type Pam 253
-VALUE Auth-Type None 254
-
-#
-# Experimental Non-Protocol Integer Translations for Cistron-Radiusd
-#
-VALUE Fall-Through No 0
-VALUE Fall-Through Yes 1
-VALUE Add-Port-To-IP-Address No 0
-VALUE Add-Port-To-IP-Address Yes 1
-
-#
-# Configuration Values
-# uncomment these two lines to turn account expiration on
-#
-
-#VALUE Server-Config Password-Expiration 30
-#VALUE Server-Config Password-Warning 5
-
-# Octets-Direction
-VALUE Octets-Direction Sum 0
-VALUE Octets-Direction Input 1
-VALUE Octets-Direction Output 2
-VALUE Octets-Direction MaxOveral 3
-VALUE Octets-Direction MaxSession 4
-
-INCLUDE /etc/ppp/radius/dictionary.microsoft
+++ /dev/null
-VENDOR ASNET 50000
-ATTRIBUTE Speed-Down 1 string ASNET
-ATTRIBUTE Speed-Up 2 string ASNET
+++ /dev/null
-#
-# Microsoft's VSA's, from RFC 2548
-#
-# $Id$
-#
-
-VENDOR Microsoft 311 Microsoft
-
-ATTRIBUTE MS-CHAP-Response 1 string Microsoft
-ATTRIBUTE MS-CHAP-Error 2 string Microsoft
-ATTRIBUTE MS-CHAP-CPW-1 3 string Microsoft
-ATTRIBUTE MS-CHAP-CPW-2 4 string Microsoft
-ATTRIBUTE MS-CHAP-LM-Enc-PW 5 string Microsoft
-ATTRIBUTE MS-CHAP-NT-Enc-PW 6 string Microsoft
-ATTRIBUTE MS-MPPE-Encryption-Policy 7 string Microsoft
-# This is referred to as both singular and plural in the RFC.
-# Plural seems to make more sense.
-ATTRIBUTE MS-MPPE-Encryption-Type 8 string Microsoft
-ATTRIBUTE MS-MPPE-Encryption-Types 8 string Microsoft
-ATTRIBUTE MS-RAS-Vendor 9 integer Microsoft
-ATTRIBUTE MS-CHAP-Domain 10 string Microsoft
-ATTRIBUTE MS-CHAP-Challenge 11 string Microsoft
-ATTRIBUTE MS-CHAP-MPPE-Keys 12 string Microsoft
-ATTRIBUTE MS-BAP-Usage 13 integer Microsoft
-ATTRIBUTE MS-Link-Utilization-Threshold 14 integer Microsoft
-ATTRIBUTE MS-Link-Drop-Time-Limit 15 integer Microsoft
-ATTRIBUTE MS-MPPE-Send-Key 16 string Microsoft
-ATTRIBUTE MS-MPPE-Recv-Key 17 string Microsoft
-ATTRIBUTE MS-RAS-Version 18 string Microsoft
-ATTRIBUTE MS-Old-ARAP-Password 19 string Microsoft
-ATTRIBUTE MS-New-ARAP-Password 20 string Microsoft
-ATTRIBUTE MS-ARAP-PW-Change-Reason 21 integer Microsoft
-
-ATTRIBUTE MS-Filter 22 string Microsoft
-ATTRIBUTE MS-Acct-Auth-Type 23 integer Microsoft
-ATTRIBUTE MS-Acct-EAP-Type 24 integer Microsoft
-
-ATTRIBUTE MS-CHAP2-Response 25 string Microsoft
-ATTRIBUTE MS-CHAP2-Success 26 string Microsoft
-ATTRIBUTE MS-CHAP2-CPW 27 string Microsoft
-
-ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr Microsoft
-ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr Microsoft
-ATTRIBUTE MS-Primary-NBNS-Server 30 ipaddr Microsoft
-ATTRIBUTE MS-Secondary-NBNS-Server 31 ipaddr Microsoft
-
-#ATTRIBUTE MS-ARAP-Challenge 33 string Microsoft
-
-
-#
-# Integer Translations
-#
-
-# MS-BAP-Usage Values
-
-VALUE MS-BAP-Usage Not-Allowed 0
-VALUE MS-BAP-Usage Allowed 1
-VALUE MS-BAP-Usage Required 2
-
-# MS-ARAP-Password-Change-Reason Values
-
-VALUE MS-ARAP-PW-Change-Reason Just-Change-Password 1
-VALUE MS-ARAP-PW-Change-Reason Expired-Password 2
-VALUE MS-ARAP-PW-Change-Reason Admin-Requires-Password-Change 3
-VALUE MS-ARAP-PW-Change-Reason Password-Too-Short 4
-
-# MS-Acct-Auth-Type Values
-
-VALUE MS-Acct-Auth-Type PAP 1
-VALUE MS-Acct-Auth-Type CHAP 2
-VALUE MS-Acct-Auth-Type MS-CHAP-1 3
-VALUE MS-Acct-Auth-Type MS-CHAP-2 4
-VALUE MS-Acct-Auth-Type EAP 5
-
-# MS-Acct-EAP-Type Values
-
-VALUE MS-Acct-EAP-Type MD5 4
-VALUE MS-Acct-EAP-Type OTP 5
-VALUE MS-Acct-EAP-Type Generic-Token-Card 6
-VALUE MS-Acct-EAP-Type TLS 13
-
+++ /dev/null
-localhost secret
--- /dev/null
+/etc/ppp/chap-secrets
+/etc/ppp/options
--- /dev/null
+Package: ppp
+Priority: optional
+Section: net
+Maintainer: Felix Fietkau <nbd@vd-s.ath.cx>
+Source: buildroot internal
+Depends: kmod-ppp
+Description: a PPP (Point-to-Point Protocol) daemon (with MPPE/MPPC support)
+++ /dev/null
-/etc/ppp/chap-secrets
-/etc/ppp/options
+++ /dev/null
-#USERNAME PROVIDER PASSWORD IPADDRESS
+++ /dev/null
-#debug
-noaccomp
-nopcomp
-nocrtscts
-lock
+++ /dev/null
-#name USERNAME
-#remotename PROVIDER
-#file /etc/ppp/sample-options
--- /dev/null
+Package: pppdump
+Priority: optional
+Section: net
+Maintainer: Felix Fietkau <nbd@vd-s.ath.cx>
+Source: buildroot internal
+Description: an utility to read PPP record file
+Depends: ppp
--- /dev/null
+Package: pppstats
+Priority: optional
+Section: net
+Maintainer: Felix Fietkau <nbd@vd-s.ath.cx>
+Source: buildroot internal
+Description: an utility to report PPP statistics
+Depends: ppp
--- /dev/null
+diff -ruN ppp-2.4.3-orig/pppd/Makefile.linux ppp-2.4.3-3/pppd/Makefile.linux
+--- ppp-2.4.3-orig/pppd/Makefile.linux 2004-11-13 13:02:22.000000000 +0100
++++ ppp-2.4.3-3/pppd/Makefile.linux 2004-12-16 04:43:41.000000000 +0100
+@@ -48,19 +48,19 @@
+ # Uncomment the next line to include support for PPP packet filtering.
+ # This requires that the libpcap library and headers be installed
+ # and that the kernel driver support PPP packet filtering.
+-FILTER=y
++#FILTER=y
+
+ # Uncomment the next line to enable multilink PPP (enabled by default)
+ # Linux distributions: Please leave multilink ENABLED in your builds
+ # of pppd!
+-HAVE_MULTILINK=y
++#HAVE_MULTILINK=y
+
+ # Uncomment the next line to enable the TDB database (enabled by default.)
+ # If you enable multilink, then TDB is automatically enabled also.
+ # Linux distributions: Please leave TDB ENABLED in your builds.
+-USE_TDB=y
++#USE_TDB=y
+
+-HAS_SHADOW=y
++#HAS_SHADOW=y
+ #USE_PAM=y
+ #HAVE_INET6=y
+
+@@ -77,7 +77,7 @@
+
+ INCLUDE_DIRS= -I../include
+
+-COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP
++COMPILE_FLAGS= -DHAVE_PATHS_H -DHAVE_MMAP
+
+ CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS)
+
+@@ -117,12 +117,12 @@
+ #LIBS += -lshadow $(LIBS)
+ endif
+
+-ifneq ($(wildcard /usr/include/crypt.h),)
++#ifneq ($(wildcard /usr/include/crypt.h),)
+ CFLAGS += -DHAVE_CRYPT_H=1
+-endif
+-ifneq ($(wildcard /usr/lib/libcrypt.*),)
++#endif
++#ifneq ($(wildcard /usr/lib/libcrypt.*),)
+ LIBS += -lcrypt
+-endif
++#endif
+
+ ifdef NEEDDES
+ ifndef USE_CRYPT
--- /dev/null
+diff -ruN ppp-2.4.3.orig/include/linux/ppp-comp.h ppp-2.4.3/include/linux/ppp-comp.h
+--- ppp-2.4.3.orig/include/linux/ppp-comp.h 2002-12-06 10:49:15.000000000 +0100
++++ ppp-2.4.3/include/linux/ppp-comp.h 2004-11-21 13:54:09.000000000 +0100
+@@ -36,7 +36,7 @@
+ */
+
+ /*
+- * ==FILEVERSION 20020319==
++ * ==FILEVERSION 20020715==
+ *
+ * NOTE TO MAINTAINERS:
+ * If you modify this file at all, please set the above date.
+@@ -86,7 +86,7 @@
+
+ /* Compress a packet */
+ int (*compress) (void *state, unsigned char *rptr,
+- unsigned char *obuf, int isize, int osize);
++ unsigned char *obuf, int isize, int osize);
+
+ /* Return compression statistics */
+ void (*comp_stat) (void *state, struct compstat *stats);
+@@ -107,7 +107,7 @@
+
+ /* Decompress a packet. */
+ int (*decompress) (void *state, unsigned char *ibuf, int isize,
+- unsigned char *obuf, int osize);
++ unsigned char *obuf, int osize);
+
+ /* Update state for an incompressible packet received */
+ void (*incomp) (void *state, unsigned char *ibuf, int icnt);
+@@ -288,6 +288,33 @@
+ opts |= MPPE_OPT_UNKNOWN; \
+ } while (/* CONSTCOND */ 0)
+
++/* MPPE/MPPC definitions by J.D.*/
++#define MPPE_STATELESS MPPE_H_BIT /* configuration bit H */
++#define MPPE_40BIT MPPE_L_BIT /* configuration bit L */
++#define MPPE_56BIT MPPE_M_BIT /* configuration bit M */
++#define MPPE_128BIT MPPE_S_BIT /* configuration bit S */
++#define MPPE_MPPC MPPE_C_BIT /* configuration bit C */
++
++/*
++ * Definitions for Stac LZS.
++ */
++
++#define CI_LZS 17 /* config option for Stac LZS */
++#define CILEN_LZS 5 /* length of config option */
++
++#define LZS_OVHD 4 /* max. LZS overhead */
++#define LZS_HIST_LEN 2048 /* LZS history size */
++#define LZS_MAX_CCOUNT 0x0FFF /* max. coherency counter value */
++
++#define LZS_MODE_NONE 0
++#define LZS_MODE_LCB 1
++#define LZS_MODE_CRC 2
++#define LZS_MODE_SEQ 3
++#define LZS_MODE_EXT 4
++
++#define LZS_EXT_BIT_FLUSHED 0x80 /* bit A */
++#define LZS_EXT_BIT_COMP 0x20 /* bit C */
++
+ /*
+ * Definitions for other, as yet unsupported, compression methods.
+ */
+diff -ruN ppp-2.4.3.orig/include/net/ppp-comp.h ppp-2.4.3/include/net/ppp-comp.h
+--- ppp-2.4.3.orig/include/net/ppp-comp.h 2002-12-06 10:49:15.000000000 +0100
++++ ppp-2.4.3/include/net/ppp-comp.h 2004-11-21 13:54:09.000000000 +0100
+@@ -255,6 +255,33 @@
+ opts |= MPPE_OPT_UNKNOWN; \
+ } while (/* CONSTCOND */ 0)
+
++/* MPPE/MPPC definitions by J.D.*/
++#define MPPE_STATELESS MPPE_H_BIT /* configuration bit H */
++#define MPPE_40BIT MPPE_L_BIT /* configuration bit L */
++#define MPPE_56BIT MPPE_M_BIT /* configuration bit M */
++#define MPPE_128BIT MPPE_S_BIT /* configuration bit S */
++#define MPPE_MPPC MPPE_C_BIT /* configuration bit C */
++
++/*
++ * Definitions for Stac LZS.
++ */
++
++#define CI_LZS 17 /* config option for Stac LZS */
++#define CILEN_LZS 5 /* length of config option */
++
++#define LZS_OVHD 4 /* max. LZS overhead */
++#define LZS_HIST_LEN 2048 /* LZS history size */
++#define LZS_MAX_CCOUNT 0x0FFF /* max. coherency counter value */
++
++#define LZS_MODE_NONE 0
++#define LZS_MODE_LCB 1
++#define LZS_MODE_CRC 2
++#define LZS_MODE_SEQ 3
++#define LZS_MODE_EXT 4
++
++#define LZS_EXT_BIT_FLUSHED 0x80 /* bit A */
++#define LZS_EXT_BIT_COMP 0x20 /* bit C */
++
+ /*
+ * Definitions for other, as yet unsupported, compression methods.
+ */
+diff -ruN ppp-2.4.3.orig/pppd/ccp.c ppp-2.4.3/pppd/ccp.c
+--- ppp-2.4.3.orig/pppd/ccp.c 2004-11-13 03:28:15.000000000 +0100
++++ ppp-2.4.3/pppd/ccp.c 2004-11-21 13:54:09.000000000 +0100
+@@ -62,12 +62,10 @@
+ static char bsd_value[8];
+ static char deflate_value[8];
+
+-/*
+- * Option variables.
+- */
+ #ifdef MPPE
+-bool refuse_mppe_stateful = 1; /* Allow stateful mode? */
+-#endif
++static int setmppe(char **);
++static int setnomppe(void);
++#endif /* MPPE */
+
+ static option_t ccp_option_list[] = {
+ { "noccp", o_bool, &ccp_protent.enabled_flag,
+@@ -108,54 +106,36 @@
+ "don't allow Predictor-1", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
+ &ccp_allowoptions[0].predictor_1 },
+
++ { "lzs", o_bool, &ccp_wantoptions[0].lzs,
++ "request Stac LZS", 1, &ccp_allowoptions[0].lzs, OPT_PRIO },
++ { "+lzs", o_bool, &ccp_wantoptions[0].lzs,
++ "request Stac LZS", 1, &ccp_allowoptions[0].lzs, OPT_ALIAS | OPT_PRIO },
++ { "nolzs", o_bool, &ccp_wantoptions[0].lzs,
++ "don't allow Stac LZS", OPT_PRIOSUB | OPT_A2CLR,
++ &ccp_allowoptions[0].lzs },
++ { "-lzs", o_bool, &ccp_wantoptions[0].lzs,
++ "don't allow Stac LZS", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
++ &ccp_allowoptions[0].lzs },
++
+ #ifdef MPPE
+- /* MPPE options are symmetrical ... we only set wantoptions here */
+- { "require-mppe", o_bool, &ccp_wantoptions[0].mppe,
+- "require MPPE encryption",
+- OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 },
+- { "+mppe", o_bool, &ccp_wantoptions[0].mppe,
+- "require MPPE encryption",
+- OPT_ALIAS | OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 },
+- { "nomppe", o_bool, &ccp_wantoptions[0].mppe,
+- "don't allow MPPE encryption", OPT_PRIO },
+- { "-mppe", o_bool, &ccp_wantoptions[0].mppe,
+- "don't allow MPPE encryption", OPT_ALIAS | OPT_PRIO },
+-
+- /* We use ccp_allowoptions[0].mppe as a junk var ... it is reset later */
+- { "require-mppe-40", o_bool, &ccp_allowoptions[0].mppe,
+- "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40,
+- &ccp_wantoptions[0].mppe },
+- { "+mppe-40", o_bool, &ccp_allowoptions[0].mppe,
+- "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40,
+- &ccp_wantoptions[0].mppe },
+- { "nomppe-40", o_bool, &ccp_allowoptions[0].mppe,
+- "don't allow MPPE 40-bit encryption",
+- OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40, &ccp_wantoptions[0].mppe },
+- { "-mppe-40", o_bool, &ccp_allowoptions[0].mppe,
+- "don't allow MPPE 40-bit encryption",
+- OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40,
+- &ccp_wantoptions[0].mppe },
+-
+- { "require-mppe-128", o_bool, &ccp_allowoptions[0].mppe,
+- "require MPPE 128-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_128,
+- &ccp_wantoptions[0].mppe },
+- { "+mppe-128", o_bool, &ccp_allowoptions[0].mppe,
+- "require MPPE 128-bit encryption",
+- OPT_ALIAS | OPT_PRIO | OPT_A2OR | MPPE_OPT_128,
+- &ccp_wantoptions[0].mppe },
+- { "nomppe-128", o_bool, &ccp_allowoptions[0].mppe,
+- "don't allow MPPE 128-bit encryption",
+- OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128, &ccp_wantoptions[0].mppe },
+- { "-mppe-128", o_bool, &ccp_allowoptions[0].mppe,
+- "don't allow MPPE 128-bit encryption",
+- OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128,
+- &ccp_wantoptions[0].mppe },
+-
+- /* strange one; we always request stateless, but will we allow stateful? */
+- { "mppe-stateful", o_bool, &refuse_mppe_stateful,
+- "allow MPPE stateful mode", OPT_PRIO },
+- { "nomppe-stateful", o_bool, &refuse_mppe_stateful,
+- "disallow MPPE stateful mode", OPT_PRIO | 1 },
++ { "mppc", o_bool, &ccp_wantoptions[0].mppc,
++ "request MPPC compression", 1, &ccp_allowoptions[0].mppc },
++ { "+mppc", o_bool, &ccp_wantoptions[0].mppc,
++ "request MPPC compression", 1, &ccp_allowoptions[0].mppc, OPT_ALIAS },
++ { "nomppc", o_bool, &ccp_wantoptions[0].mppc,
++ "don't allow MPPC compression", OPT_PRIOSUB | OPT_A2CLR,
++ &ccp_allowoptions[0].mppc },
++ { "-mppc", o_bool, &ccp_wantoptions[0].mppc,
++ "don't allow MPPC compression", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
++ &ccp_allowoptions[0].mppc },
++ { "mppe", o_special, (void *)setmppe,
++ "request MPPE encryption" },
++ { "+mppe", o_special, (void *)setmppe,
++ "request MPPE encryption" },
++ { "nomppe", o_special_noarg, (void *)setnomppe,
++ "don't allow MPPE encryption" },
++ { "-mppe", o_special_noarg, (void *)setnomppe,
++ "don't allow MPPE encryption" },
+ #endif /* MPPE */
+
+ { NULL }
+@@ -241,7 +221,7 @@
+ */
+ #define ANY_COMPRESS(opt) ((opt).deflate || (opt).bsd_compress \
+ || (opt).predictor_1 || (opt).predictor_2 \
+- || (opt).mppe)
++ || (opt).lzs || (opt).mppc || (opt).mppe)
+
+ /*
+ * Local state (mainly for handling reset-reqs and reset-acks).
+@@ -344,6 +324,100 @@
+ return 1;
+ }
+
++#ifdef MPPE
++/*
++ * Functions called from config options
++ */
++/*
++ MPPE suboptions:
++ required - require MPPE; disconnect if peer doesn't support it
++ stateless - use stateless mode
++ no40 - disable 40 bit keys
++ no56 - disable 56 bit keys
++ no128 - disable 128 bit keys
++*/
++int setmppe(char **argv)
++{
++ int i;
++ char *str, cmdbuf[16];
++
++ ccp_allowoptions[0].mppe = 1;
++ ccp_allowoptions[0].mppe_40 = 1;
++ ccp_allowoptions[0].mppe_56 = 1;
++ ccp_allowoptions[0].mppe_128 = 1;
++ ccp_allowoptions[0].mppe_stateless = 0;
++ ccp_wantoptions[0].mppe = 0;
++
++ str = *argv;
++
++ while (1) {
++ i = 0;
++ memset(cmdbuf, '\0', 16);
++ while ((i < 16) && (*str != ',') && (*str != '\0'))
++ cmdbuf[i++] = *str++;
++ cmdbuf[i] = '\0';
++ if (!strncasecmp(cmdbuf, "no40", strlen("no40"))) {
++ ccp_allowoptions[0].mppe_40 = 0;
++ goto next_param;
++ } else if (!strncasecmp(cmdbuf, "no56", strlen("no56"))) {
++ ccp_allowoptions[0].mppe_56 = 0;
++ goto next_param;
++ } else if (!strncasecmp(cmdbuf, "no128", strlen("no128"))) {
++ ccp_allowoptions[0].mppe_128 = 0;
++ goto next_param;
++ } else if (!strncasecmp(cmdbuf, "stateless", strlen("stateless"))) {
++ ccp_allowoptions[0].mppe_stateless = 1;
++ goto next_param;
++ } else if (!strncasecmp(cmdbuf, "required", strlen("required"))) {
++ ccp_wantoptions[0].mppe = 1;
++ goto next_param;
++ } else {
++ option_error("invalid parameter '%s' for mppe option", cmdbuf);
++ return 0;
++ }
++
++ next_param:
++ if (*str == ',') {
++ str++;
++ continue;
++ }
++ if (*str == '\0') {
++ if (!(ccp_allowoptions[0].mppe_40 || ccp_allowoptions[0].mppe_56 ||
++ ccp_allowoptions[0].mppe_128)) {
++ if (ccp_wantoptions[0].mppe == 1) {
++ option_error("You require MPPE but you have switched off "
++ "all encryption key lengths.");
++ return 0;
++ }
++ ccp_wantoptions[0].mppe = ccp_allowoptions[0].mppe = 0;
++ ccp_wantoptions[0].mppe_stateless =
++ ccp_allowoptions[0].mppe_stateless = 0;
++ } else {
++ ccp_allowoptions[0].mppe = 1;
++ ccp_wantoptions[0].mppe_stateless =
++ ccp_allowoptions[0].mppe_stateless;
++ if (ccp_wantoptions[0].mppe == 1) {
++ ccp_wantoptions[0].mppe_40 = ccp_allowoptions[0].mppe_40;
++ ccp_wantoptions[0].mppe_56 = ccp_allowoptions[0].mppe_56;
++ ccp_wantoptions[0].mppe_128 = ccp_allowoptions[0].mppe_128;
++ }
++ }
++ return 1;
++ }
++ }
++}
++
++int setnomppe(void)
++{
++ ccp_wantoptions[0].mppe = ccp_allowoptions[0].mppe = 0;
++ ccp_wantoptions[0].mppe_40 = ccp_allowoptions[0].mppe_40 = 0;
++ ccp_wantoptions[0].mppe_56 = ccp_allowoptions[0].mppe_56 = 0;
++ ccp_wantoptions[0].mppe_128 = ccp_allowoptions[0].mppe_128 = 0;
++ ccp_wantoptions[0].mppe_stateless = ccp_allowoptions[0].mppe_stateless = 0;
++ return 1;
++}
++#endif /* MPPE */
++
+ /*
+ * ccp_init - initialize CCP.
+ */
+@@ -378,6 +452,30 @@
+ ccp_allowoptions[0].bsd_bits = BSD_MAX_BITS;
+
+ ccp_allowoptions[0].predictor_1 = 1;
++
++ ccp_wantoptions[0].lzs = 0; /* Stac LZS - will be enabled in the future */
++ ccp_wantoptions[0].lzs_mode = LZS_MODE_SEQ;
++ ccp_wantoptions[0].lzs_hists = 1;
++ ccp_allowoptions[0].lzs = 0; /* Stac LZS - will be enabled in the future */
++ ccp_allowoptions[0].lzs_mode = LZS_MODE_SEQ;
++ ccp_allowoptions[0].lzs_hists = 1;
++
++#ifdef MPPE
++ /* by default allow and request MPPC... */
++ ccp_wantoptions[0].mppc = ccp_allowoptions[0].mppc = 1;
++
++ /* ... and allow but don't request MPPE */
++ ccp_allowoptions[0].mppe = 1;
++ ccp_allowoptions[0].mppe_40 = 1;
++ ccp_allowoptions[0].mppe_56 = 1;
++ ccp_allowoptions[0].mppe_128 = 1;
++ ccp_allowoptions[0].mppe_stateless = 1;
++ ccp_wantoptions[0].mppe = 0;
++ ccp_wantoptions[0].mppe_40 = 0;
++ ccp_wantoptions[0].mppe_56 = 0;
++ ccp_wantoptions[0].mppe_128 = 0;
++ ccp_wantoptions[0].mppe_stateless = 0;
++#endif /* MPPE */
+ }
+
+ /*
+@@ -455,11 +553,11 @@
+ if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) {
+ notice("Compression disabled by peer.");
+ #ifdef MPPE
+- if (ccp_gotoptions[unit].mppe) {
++ if (ccp_wantoptions[unit].mppe) {
+ error("MPPE disabled, closing LCP");
+ lcp_close(unit, "MPPE disabled by peer");
+ }
+-#endif
++#endif /* MPPE */
+ }
+
+ /*
+@@ -487,6 +585,15 @@
+ break;
+ /* send a reset-ack, which the transmitter will see and
+ reset its compression state. */
++
++ /* In case of MPPE/MPPC or LZS we shouldn't send CCP_RESETACK,
++ but we do it in order to reset compressor; CCP_RESETACK is
++ then silently discarded. See functions ppp_send_frame and
++ ppp_ccp_peek in ppp_generic.c (Linux only !!!). All the
++ confusion is caused by the fact that CCP code is splited
++ into two parts - one part is handled by pppd, the other one
++ is handled by kernel. */
++
+ fsm_sdata(f, CCP_RESETACK, id, NULL, 0);
+ break;
+
+@@ -515,12 +622,11 @@
+ fsm_lowerdown(&ccp_fsm[unit]);
+
+ #ifdef MPPE
+- if (ccp_gotoptions[unit].mppe) {
++ if (ccp_wantoptions[unit].mppe) {
+ error("MPPE required but peer negotiation failed");
+ lcp_close(unit, "MPPE required but peer negotiation failed");
+ }
+-#endif
+-
++#endif /* MPPE */
+ }
+
+ /*
+@@ -537,7 +643,7 @@
+ all_rejected[f->unit] = 0;
+
+ #ifdef MPPE
+- if (go->mppe) {
++ if (go->mppe || go->mppc) {
+ ccp_options *ao = &ccp_allowoptions[f->unit];
+ int auth_mschap_bits = auth_done[f->unit];
+ int numbits;
+@@ -551,80 +657,109 @@
+ * NB: If MPPE is required, all other compression opts are invalid.
+ * So, we return right away if we can't do it.
+ */
++ if (ccp_wantoptions[f->unit].mppe) {
++ /* Leave only the mschap auth bits set */
++ auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER |
++ CHAP_MS2_WITHPEER | CHAP_MS2_PEER);
++ /* Count the mschap auths */
++ auth_mschap_bits >>= CHAP_MS_SHIFT;
++ numbits = 0;
++ do {
++ numbits += auth_mschap_bits & 1;
++ auth_mschap_bits >>= 1;
++ } while (auth_mschap_bits);
++ if (numbits > 1) {
++ error("MPPE required, but auth done in both directions.");
++ lcp_close(f->unit, "MPPE required but not available");
++ return;
++ }
++ if (!numbits) {
++ error("MPPE required, but MS-CHAP[v2] auth not performed.");
++ lcp_close(f->unit, "MPPE required but not available");
++ return;
++ }
+
+- /* Leave only the mschap auth bits set */
+- auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER |
+- CHAP_MS2_WITHPEER | CHAP_MS2_PEER);
+- /* Count the mschap auths */
+- auth_mschap_bits >>= CHAP_MS_SHIFT;
+- numbits = 0;
+- do {
+- numbits += auth_mschap_bits & 1;
+- auth_mschap_bits >>= 1;
+- } while (auth_mschap_bits);
+- if (numbits > 1) {
+- error("MPPE required, but auth done in both directions.");
+- lcp_close(f->unit, "MPPE required but not available");
+- return;
+- }
+- if (!numbits) {
+- error("MPPE required, but MS-CHAP[v2] auth not performed.");
+- lcp_close(f->unit, "MPPE required but not available");
+- return;
+- }
+-
+- /* A plugin (eg radius) may not have obtained key material. */
+- if (!mppe_keys_set) {
+- error("MPPE required, but keys are not available. "
+- "Possible plugin problem?");
+- lcp_close(f->unit, "MPPE required but not available");
+- return;
+- }
+-
+- /* LM auth not supported for MPPE */
+- if (auth_done[f->unit] & (CHAP_MS_WITHPEER | CHAP_MS_PEER)) {
+- /* This might be noise */
+- if (go->mppe & MPPE_OPT_40) {
+- notice("Disabling 40-bit MPPE; MS-CHAP LM not supported");
+- go->mppe &= ~MPPE_OPT_40;
+- ccp_wantoptions[f->unit].mppe &= ~MPPE_OPT_40;
++ /* A plugin (eg radius) may not have obtained key material. */
++ if (!mppe_keys_set) {
++ error("MPPE required, but keys are not available. "
++ "Possible plugin problem?");
++ lcp_close(f->unit, "MPPE required but not available");
++ return;
+ }
+ }
+
+- /* Last check: can we actually negotiate something? */
+- if (!(go->mppe & (MPPE_OPT_40 | MPPE_OPT_128))) {
+- /* Could be misconfig, could be 40-bit disabled above. */
+- error("MPPE required, but both 40-bit and 128-bit disabled.");
+- lcp_close(f->unit, "MPPE required but not available");
+- return;
++ /*
++ * Check whether the kernel knows about the various
++ * compression methods we might request. Key material
++ * unimportant here.
++ */
++ if (go->mppc) {
++ opt_buf[0] = CI_MPPE;
++ opt_buf[1] = CILEN_MPPE;
++ opt_buf[2] = 0;
++ opt_buf[3] = 0;
++ opt_buf[4] = 0;
++ opt_buf[5] = MPPE_MPPC;
++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE, 0) <= 0)
++ go->mppc = 0;
++ }
++ if (go->mppe_40) {
++ opt_buf[0] = CI_MPPE;
++ opt_buf[1] = CILEN_MPPE;
++ opt_buf[2] = MPPE_STATELESS;
++ opt_buf[3] = 0;
++ opt_buf[4] = 0;
++ opt_buf[5] = MPPE_40BIT;
++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0)
++ go->mppe_40 = 0;
++ }
++ if (go->mppe_56) {
++ opt_buf[0] = CI_MPPE;
++ opt_buf[1] = CILEN_MPPE;
++ opt_buf[2] = MPPE_STATELESS;
++ opt_buf[3] = 0;
++ opt_buf[4] = 0;
++ opt_buf[5] = MPPE_56BIT;
++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0)
++ go->mppe_56 = 0;
++ }
++ if (go->mppe_128) {
++ opt_buf[0] = CI_MPPE;
++ opt_buf[1] = CILEN_MPPE;
++ opt_buf[2] = MPPE_STATELESS;
++ opt_buf[3] = 0;
++ opt_buf[4] = 0;
++ opt_buf[5] = MPPE_128BIT;
++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0)
++ go->mppe_128 = 0;
++ }
++ if (!go->mppe_40 && !go->mppe_56 && !go->mppe_128) {
++ if (ccp_wantoptions[f->unit].mppe) {
++ error("MPPE required, but kernel has no support.");
++ lcp_close(f->unit, "MPPE required but not available");
++ }
++ go->mppe = go->mppe_stateless = 0;
++ } else {
++ /* MPPE is not compatible with other compression types */
++ if (ccp_wantoptions[f->unit].mppe) {
++ ao->bsd_compress = go->bsd_compress = 0;
++ ao->predictor_1 = go->predictor_1 = 0;
++ ao->predictor_2 = go->predictor_2 = 0;
++ ao->deflate = go->deflate = 0;
++ ao->lzs = go->lzs = 0;
++ }
+ }
+-
+- /* sync options */
+- ao->mppe = go->mppe;
+- /* MPPE is not compatible with other compression types */
+- ao->bsd_compress = go->bsd_compress = 0;
+- ao->predictor_1 = go->predictor_1 = 0;
+- ao->predictor_2 = go->predictor_2 = 0;
+- ao->deflate = go->deflate = 0;
+ }
+ #endif /* MPPE */
+-
+- /*
+- * Check whether the kernel knows about the various
+- * compression methods we might request.
+- */
+-#ifdef MPPE
+- if (go->mppe) {
+- opt_buf[0] = CI_MPPE;
+- opt_buf[1] = CILEN_MPPE;
+- MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
+- /* Key material unimportant here. */
+- if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0) {
+- error("MPPE required, but kernel has no support.");
+- lcp_close(f->unit, "MPPE required but not available");
+- }
++ if (go->lzs) {
++ opt_buf[0] = CI_LZS;
++ opt_buf[1] = CILEN_LZS;
++ opt_buf[2] = go->lzs_hists >> 8;
++ opt_buf[3] = go->lzs_hists & 0xff;
++ opt_buf[4] = LZS_MODE_SEQ;
++ if (ccp_test(f->unit, opt_buf, CILEN_LZS, 0) <= 0)
++ go->lzs = 0;
+ }
+-#endif
+ if (go->bsd_compress) {
+ opt_buf[0] = CI_BSD_COMPRESS;
+ opt_buf[1] = CILEN_BSD_COMPRESS;
+@@ -679,7 +814,8 @@
+ + (go->deflate? CILEN_DEFLATE: 0)
+ + (go->predictor_1? CILEN_PREDICTOR_1: 0)
+ + (go->predictor_2? CILEN_PREDICTOR_2: 0)
+- + (go->mppe? CILEN_MPPE: 0);
++ + (go->lzs? CILEN_LZS: 0)
++ + ((go->mppe || go->mppc)? CILEN_MPPE: 0);
+ }
+
+ /*
+@@ -693,6 +829,8 @@
+ {
+ int res;
+ ccp_options *go = &ccp_gotoptions[f->unit];
++ ccp_options *ao = &ccp_allowoptions[f->unit];
++ ccp_options *wo = &ccp_wantoptions[f->unit];
+ u_char *p0 = p;
+
+ /*
+@@ -701,22 +839,43 @@
+ * in case it gets Acked.
+ */
+ #ifdef MPPE
+- if (go->mppe) {
++ if (go->mppe || go->mppc || (!wo->mppe && ao->mppe)) {
+ u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
+
+- p[0] = opt_buf[0] = CI_MPPE;
+- p[1] = opt_buf[1] = CILEN_MPPE;
+- MPPE_OPTS_TO_CI(go->mppe, &p[2]);
+- MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
++ p[0] = CI_MPPE;
++ p[1] = CILEN_MPPE;
++ p[2] = (go->mppe_stateless ? MPPE_STATELESS : 0);
++ p[3] = 0;
++ p[4] = 0;
++ p[5] = (go->mppe_40 ? MPPE_40BIT : 0) | (go->mppe_56 ? MPPE_56BIT : 0) |
++ (go->mppe_128 ? MPPE_128BIT : 0) | (go->mppc ? MPPE_MPPC : 0);
++
++ BCOPY(p, opt_buf, CILEN_MPPE);
+ BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
+ res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0);
+- if (res > 0)
++ if (res > 0) {
+ p += CILEN_MPPE;
+- else
++ } else {
+ /* This shouldn't happen, we've already tested it! */
+- lcp_close(f->unit, "MPPE required but not available in kernel");
++ go->mppe = go->mppe_40 = go->mppe_56 = go->mppe_128 =
++ go->mppe_stateless = go->mppc = 0;
++ if (ccp_wantoptions[f->unit].mppe)
++ lcp_close(f->unit, "MPPE required but not available in kernel");
++ }
++ }
++#endif /* MPPE */
++ if (go->lzs) {
++ p[0] = CI_LZS;
++ p[1] = CILEN_LZS;
++ p[2] = go->lzs_hists >> 8;
++ p[3] = go->lzs_hists & 0xff;
++ p[4] = LZS_MODE_SEQ;
++ res = ccp_test(f->unit, p, CILEN_LZS, 0);
++ if (res > 0) {
++ p += CILEN_LZS;
++ } else
++ go->lzs = 0;
+ }
+-#endif
+ if (go->deflate) {
+ p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT;
+ p[1] = CILEN_DEFLATE;
+@@ -802,7 +961,7 @@
+
+ /*
+ * ccp_ackci - process a received configure-ack, and return
+- * 1 iff the packet was OK.
++ * 1 if the packet was OK.
+ */
+ static int
+ ccp_ackci(f, p, len)
+@@ -811,24 +970,44 @@
+ int len;
+ {
+ ccp_options *go = &ccp_gotoptions[f->unit];
++ ccp_options *ao = &ccp_allowoptions[f->unit];
++ ccp_options *wo = &ccp_wantoptions[f->unit];
+ u_char *p0 = p;
+
+ #ifdef MPPE
+- if (go->mppe) {
+- u_char opt_buf[CILEN_MPPE];
+-
+- opt_buf[0] = CI_MPPE;
+- opt_buf[1] = CILEN_MPPE;
+- MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
+- if (len < CILEN_MPPE || memcmp(opt_buf, p, CILEN_MPPE))
++ if (go->mppe || go->mppc || (!wo->mppe && ao->mppe)) {
++ if (len < CILEN_MPPE
++ || p[1] != CILEN_MPPE || p[0] != CI_MPPE
++ || p[2] != (go->mppe_stateless ? MPPE_STATELESS : 0)
++ || p[3] != 0
++ || p[4] != 0
++ || (p[5] != ((go->mppe_40 ? MPPE_40BIT : 0) |
++ (go->mppc ? MPPE_MPPC : 0))
++ && p[5] != ((go->mppe_56 ? MPPE_56BIT : 0) |
++ (go->mppc ? MPPE_MPPC : 0))
++ && p[5] != ((go->mppe_128 ? MPPE_128BIT : 0) |
++ (go->mppc ? MPPE_MPPC : 0))))
+ return 0;
++ if (go->mppe_40 || go->mppe_56 || go->mppe_128)
++ go->mppe = 1;
+ p += CILEN_MPPE;
+ len -= CILEN_MPPE;
++ /* Cope with first/fast ack */
++ if (p == p0 && len == 0)
++ return 1;
++ }
++#endif /* MPPE */
++ if (go->lzs) {
++ if (len < CILEN_LZS || p[0] != CI_LZS || p[1] != CILEN_LZS
++ || p[2] != go->lzs_hists>>8 || p[3] != (go->lzs_hists&0xff)
++ || p[4] != LZS_MODE_SEQ)
++ return 0;
++ p += CILEN_LZS;
++ len -= CILEN_LZS;
+ /* XXX Cope with first/fast ack */
+- if (len == 0)
++ if (p == p0 && len == 0)
+ return 1;
+ }
+-#endif
+ if (go->deflate) {
+ if (len < CILEN_DEFLATE
+ || p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
+@@ -891,7 +1070,7 @@
+
+ /*
+ * ccp_nakci - process received configure-nak.
+- * Returns 1 iff the nak was OK.
++ * Returns 1 if the nak was OK.
+ */
+ static int
+ ccp_nakci(f, p, len, treat_as_reject)
+@@ -900,6 +1079,8 @@
+ int len;
+ {
+ ccp_options *go = &ccp_gotoptions[f->unit];
++ ccp_options *ao = &ccp_allowoptions[f->unit];
++ ccp_options *wo = &ccp_wantoptions[f->unit];
+ ccp_options no; /* options we've seen already */
+ ccp_options try; /* options to ask for next time */
+
+@@ -907,28 +1088,100 @@
+ try = *go;
+
+ #ifdef MPPE
+- if (go->mppe && len >= CILEN_MPPE
+- && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
+- no.mppe = 1;
+- /*
+- * Peer wants us to use a different strength or other setting.
+- * Fail if we aren't willing to use his suggestion.
+- */
+- MPPE_CI_TO_OPTS(&p[2], try.mppe);
+- if ((try.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful) {
+- error("Refusing MPPE stateful mode offered by peer");
+- try.mppe = 0;
+- } else if (((go->mppe | MPPE_OPT_STATEFUL) & try.mppe) != try.mppe) {
+- /* Peer must have set options we didn't request (suggest) */
+- try.mppe = 0;
+- }
++ if ((go->mppe || go->mppc || (!wo->mppe && ao->mppe)) &&
++ len >= CILEN_MPPE && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
+
+- if (!try.mppe) {
+- error("MPPE required but peer negotiation failed");
+- lcp_close(f->unit, "MPPE required but peer negotiation failed");
++ if (go->mppc) {
++ no.mppc = 1;
++ if (!(p[5] & MPPE_MPPC))
++ try.mppc = 0;
++ }
++
++ if (go->mppe)
++ no.mppe = 1;
++ if (go->mppe_40)
++ no.mppe_40 = 1;
++ if (go->mppe_56)
++ no.mppe_56 = 1;
++ if (go->mppe_128)
++ no.mppe_128 = 1;
++ if (go->mppe_stateless)
++ no.mppe_stateless = 1;
++
++ if (ao->mppe_40) {
++ if ((p[5] & MPPE_40BIT))
++ try.mppe_40 = 1;
++ else
++ try.mppe_40 = (p[5] == 0) ? 1 : 0;
++ }
++ if (ao->mppe_56) {
++ if ((p[5] & MPPE_56BIT))
++ try.mppe_56 = 1;
++ else
++ try.mppe_56 = (p[5] == 0) ? 1 : 0;
++ }
++ if (ao->mppe_128) {
++ if ((p[5] & MPPE_128BIT))
++ try.mppe_128 = 1;
++ else
++ try.mppe_128 = (p[5] == 0) ? 1 : 0;
++ }
++
++ if (ao->mppe_stateless) {
++ if ((p[2] & MPPE_STATELESS) || wo->mppe_stateless)
++ try.mppe_stateless = 1;
++ else
++ try.mppe_stateless = 0;
++ }
++
++ if (!try.mppe_56 && !try.mppe_40 && !try.mppe_128) {
++ try.mppe = try.mppe_stateless = 0;
++ if (wo->mppe) {
++ /* we require encryption, but peer doesn't support it
++ so we close connection */
++ wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 =
++ wo->mppe_56 = wo->mppe_128 = 0;
++ lcp_close(f->unit, "MPPE required but cannot negotiate MPPE "
++ "key length");
++ }
++ }
++ if (wo->mppe && (wo->mppe_40 != try.mppe_40) &&
++ (wo->mppe_56 != try.mppe_56) && (wo->mppe_128 != try.mppe_128)) {
++ /* cannot negotiate key length */
++ wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 =
++ wo->mppe_56 = wo->mppe_128 = 0;
++ lcp_close(f->unit, "Cannot negotiate MPPE key length");
+ }
++ if (try.mppe_40 && try.mppe_56 && try.mppe_128)
++ try.mppe_40 = try.mppe_56 = 0;
++ else
++ if (try.mppe_56 && try.mppe_128)
++ try.mppe_56 = 0;
++ else
++ if (try.mppe_40 && try.mppe_128)
++ try.mppe_40 = 0;
++ else
++ if (try.mppe_40 && try.mppe_56)
++ try.mppe_40 = 0;
++
++ p += CILEN_MPPE;
++ len -= CILEN_MPPE;
+ }
+ #endif /* MPPE */
++
++ if (go->lzs && len >= CILEN_LZS && p[0] == CI_LZS && p[1] == CILEN_LZS) {
++ no.lzs = 1;
++ if (((p[2]<<8)|p[3]) > 1 || (p[4] != LZS_MODE_SEQ &&
++ p[4] != LZS_MODE_EXT))
++ try.lzs = 0;
++ else {
++ try.lzs_mode = p[4];
++ try.lzs_hists = (p[2] << 8) | p[3];
++ }
++ p += CILEN_LZS;
++ len -= CILEN_LZS;
++ }
++
+ if (go->deflate && len >= CILEN_DEFLATE
+ && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
+ && p[1] == CILEN_DEFLATE) {
+@@ -1001,14 +1254,50 @@
+ return -1;
+
+ #ifdef MPPE
+- if (go->mppe && len >= CILEN_MPPE
++ if ((go->mppe || go->mppc) && len >= CILEN_MPPE
+ && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
+- error("MPPE required but peer refused");
+- lcp_close(f->unit, "MPPE required but peer refused");
++ ccp_options *wo = &ccp_wantoptions[f->unit];
++ if (p[2] != (go->mppe_stateless ? MPPE_STATELESS : 0) ||
++ p[3] != 0 ||
++ p[4] != 0 ||
++ p[5] != ((go->mppe_40 ? MPPE_40BIT : 0) |
++ (go->mppe_56 ? MPPE_56BIT : 0) |
++ (go->mppe_128 ? MPPE_128BIT : 0) |
++ (go->mppc ? MPPE_MPPC : 0)))
++ return 0;
++ if (go->mppc)
++ try.mppc = 0;
++ if (go->mppe) {
++ try.mppe = 0;
++ if (go->mppe_40)
++ try.mppe_40 = 0;
++ if (go->mppe_56)
++ try.mppe_56 = 0;
++ if (go->mppe_128)
++ try.mppe_128 = 0;
++ if (go->mppe_stateless)
++ try.mppe_stateless = 0;
++ if (!try.mppe_56 && !try.mppe_40 && !try.mppe_128)
++ try.mppe = try.mppe_stateless = 0;
++ if (wo->mppe) { /* we want MPPE but cannot negotiate key length */
++ wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 =
++ wo->mppe_56 = wo->mppe_128 = 0;
++ lcp_close(f->unit, "MPPE required but cannot negotiate MPPE "
++ "key length");
++ }
++ }
+ p += CILEN_MPPE;
+ len -= CILEN_MPPE;
+ }
+-#endif
++#endif /* MPPE */
++ if (go->lzs && len >= CILEN_LZS && p[0] == CI_LZS && p[1] == CILEN_LZS) {
++ if (p[2] != go->lzs_hists>>8 || p[3] != (go->lzs_hists&0xff)
++ || p[4] != go->lzs_mode)
++ return 0;
++ try.lzs = 0;
++ p += CILEN_LZS;
++ len -= CILEN_LZS;
++ }
+ if (go->deflate_correct && len >= CILEN_DEFLATE
+ && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) {
+ if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
+@@ -1072,14 +1361,15 @@
+ int dont_nak;
+ {
+ int ret, newret, res;
+- u_char *p0, *retp;
++ u_char *p0, *retp, p2, p5;
+ int len, clen, type, nb;
+ ccp_options *ho = &ccp_hisoptions[f->unit];
+ ccp_options *ao = &ccp_allowoptions[f->unit];
++ ccp_options *wo = &ccp_wantoptions[f->unit];
+ #ifdef MPPE
+- bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */
+- /* CI_MPPE, or due to other options? */
+-#endif
++ u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
++/* int mtu; */
++#endif /* MPPE */
+
+ ret = CONFACK;
+ retp = p0 = p;
+@@ -1102,103 +1392,305 @@
+ switch (type) {
+ #ifdef MPPE
+ case CI_MPPE:
+- if (!ao->mppe || clen != CILEN_MPPE) {
++ if ((!ao->mppc && !ao->mppe) || clen != CILEN_MPPE) {
+ newret = CONFREJ;
+ break;
+ }
+- MPPE_CI_TO_OPTS(&p[2], ho->mppe);
+
+- /* Nak if anything unsupported or unknown are set. */
+- if (ho->mppe & MPPE_OPT_UNSUPPORTED) {
+- newret = CONFNAK;
+- ho->mppe &= ~MPPE_OPT_UNSUPPORTED;
+- }
+- if (ho->mppe & MPPE_OPT_UNKNOWN) {
++ p2 = p[2];
++ p5 = p[5];
++ /* not sure what they want, tell 'em what we got */
++ if (((p[2] & ~MPPE_STATELESS) != 0 || p[3] != 0 || p[4] != 0 ||
++ (p[5] & ~(MPPE_40BIT | MPPE_56BIT | MPPE_128BIT |
++ MPPE_MPPC)) != 0 || p[5] == 0) ||
++ (p[2] == 0 && p[3] == 0 && p[4] == 0 && p[5] == 0)) {
+ newret = CONFNAK;
+- ho->mppe &= ~MPPE_OPT_UNKNOWN;
++ p[2] = (wo->mppe_stateless ? MPPE_STATELESS : 0);
++ p[3] = 0;
++ p[4] = 0;
++ p[5] = (wo->mppe_40 ? MPPE_40BIT : 0) |
++ (wo->mppe_56 ? MPPE_56BIT : 0) |
++ (wo->mppe_128 ? MPPE_128BIT : 0) |
++ (wo->mppc ? MPPE_MPPC : 0);
++ break;
+ }
+
+- /* Check state opt */
+- if (ho->mppe & MPPE_OPT_STATEFUL) {
+- /*
+- * We can Nak and request stateless, but it's a
+- * lot easier to just assume the peer will request
+- * it if he can do it; stateful mode is bad over
+- * the Internet -- which is where we expect MPPE.
+- */
+- if (refuse_mppe_stateful) {
+- error("Refusing MPPE stateful mode offered by peer");
++ if ((p[5] & MPPE_MPPC)) {
++ if (ao->mppc) {
++ ho->mppc = 1;
++ BCOPY(p, opt_buf, CILEN_MPPE);
++ opt_buf[2] = opt_buf[3] = opt_buf[4] = 0;
++ opt_buf[5] = MPPE_MPPC;
++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE, 1) <= 0) {
++ ho->mppc = 0;
++ p[5] &= ~MPPE_MPPC;
++ newret = CONFNAK;
++ }
++ } else {
+ newret = CONFREJ;
+- break;
++ if (wo->mppe || ao->mppe) {
++ p[5] &= ~MPPE_MPPC;
++ newret = CONFNAK;
++ }
++ }
++ }
++
++ if (ao->mppe)
++ ho->mppe = 1;
++
++ if ((p[2] & MPPE_STATELESS)) {
++ if (ao->mppe_stateless) {
++ if (wo->mppe_stateless)
++ ho->mppe_stateless = 1;
++ else {
++ newret = CONFNAK;
++ if (!dont_nak)
++ p[2] &= ~MPPE_STATELESS;
++ }
++ } else {
++ newret = CONFNAK;
++ if (!dont_nak)
++ p[2] &= ~MPPE_STATELESS;
++ }
++ } else {
++ if (wo->mppe_stateless && !dont_nak) {
++ wo->mppe_stateless = 0;
++ newret = CONFNAK;
++ p[2] |= MPPE_STATELESS;
+ }
+ }
+
+- /* Find out which of {S,L} are set. */
+- if ((ho->mppe & MPPE_OPT_128)
+- && (ho->mppe & MPPE_OPT_40)) {
+- /* Both are set, negotiate the strongest. */
++ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_56BIT|MPPE_128BIT)) {
+ newret = CONFNAK;
+- if (ao->mppe & MPPE_OPT_128)
+- ho->mppe &= ~MPPE_OPT_40;
+- else if (ao->mppe & MPPE_OPT_40)
+- ho->mppe &= ~MPPE_OPT_128;
+- else {
+- newret = CONFREJ;
+- break;
++ if (ao->mppe_128) {
++ ho->mppe_128 = 1;
++ p[5] &= ~(MPPE_40BIT|MPPE_56BIT);
++ BCOPY(p, opt_buf, CILEN_MPPE);
++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
++ MPPE_MAX_KEY_LEN);
++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
++ MPPE_MAX_KEY_LEN, 1) <= 0) {
++ ho->mppe_128 = 0;
++ p[5] |= (MPPE_40BIT|MPPE_56BIT);
++ p[5] &= ~MPPE_128BIT;
++ goto check_mppe_56_40;
++ }
++ goto check_mppe;
+ }
+- } else if (ho->mppe & MPPE_OPT_128) {
+- if (!(ao->mppe & MPPE_OPT_128)) {
+- newret = CONFREJ;
+- break;
++ p[5] &= ~MPPE_128BIT;
++ goto check_mppe_56_40;
++ }
++ if ((p[5] & ~MPPE_MPPC) == (MPPE_56BIT|MPPE_128BIT)) {
++ newret = CONFNAK;
++ if (ao->mppe_128) {
++ ho->mppe_128 = 1;
++ p[5] &= ~MPPE_56BIT;
++ BCOPY(p, opt_buf, CILEN_MPPE);
++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
++ MPPE_MAX_KEY_LEN);
++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
++ MPPE_MAX_KEY_LEN, 1) <= 0) {
++ ho->mppe_128 = 0;
++ p[5] |= MPPE_56BIT;
++ p[5] &= ~MPPE_128BIT;
++ goto check_mppe_56;
++ }
++ goto check_mppe;
+ }
+- } else if (ho->mppe & MPPE_OPT_40) {
+- if (!(ao->mppe & MPPE_OPT_40)) {
+- newret = CONFREJ;
+- break;
++ p[5] &= ~MPPE_128BIT;
++ goto check_mppe_56;
++ }
++ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_128BIT)) {
++ newret = CONFNAK;
++ if (ao->mppe_128) {
++ ho->mppe_128 = 1;
++ p[5] &= ~MPPE_40BIT;
++ BCOPY(p, opt_buf, CILEN_MPPE);
++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
++ MPPE_MAX_KEY_LEN);
++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
++ MPPE_MAX_KEY_LEN, 1) <= 0) {
++ ho->mppe_128 = 0;
++ p[5] |= MPPE_40BIT;
++ p[5] &= ~MPPE_128BIT;
++ goto check_mppe_40;
++ }
++ goto check_mppe;
++ }
++ p[5] &= ~MPPE_128BIT;
++ goto check_mppe_40;
++ }
++ if ((p[5] & ~MPPE_MPPC) == MPPE_128BIT) {
++ if (ao->mppe_128) {
++ ho->mppe_128 = 1;
++ BCOPY(p, opt_buf, CILEN_MPPE);
++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
++ MPPE_MAX_KEY_LEN);
++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
++ MPPE_MAX_KEY_LEN, 1) <= 0) {
++ ho->mppe_128 = 0;
++ p[5] &= ~MPPE_128BIT;
++ newret = CONFNAK;
++ }
++ goto check_mppe;
++ }
++ p[5] &= ~MPPE_128BIT;
++ newret = CONFNAK;
++ goto check_mppe;
++ }
++ check_mppe_56_40:
++ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_56BIT)) {
++ newret = CONFNAK;
++ if (ao->mppe_56) {
++ ho->mppe_56 = 1;
++ p[5] &= ~MPPE_40BIT;
++ BCOPY(p, opt_buf, CILEN_MPPE);
++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
++ MPPE_MAX_KEY_LEN);
++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
++ MPPE_MAX_KEY_LEN, 1) <= 0) {
++ ho->mppe_56 = 0;
++ p[5] |= MPPE_40BIT;
++ p[5] &= ~MPPE_56BIT;
++ newret = CONFNAK;
++ goto check_mppe_40;
++ }
++ goto check_mppe;
++ }
++ p[5] &= ~MPPE_56BIT;
++ goto check_mppe_40;
++ }
++ check_mppe_56:
++ if ((p[5] & ~MPPE_MPPC) == MPPE_56BIT) {
++ if (ao->mppe_56) {
++ ho->mppe_56 = 1;
++ BCOPY(p, opt_buf, CILEN_MPPE);
++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
++ MPPE_MAX_KEY_LEN);
++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
++ MPPE_MAX_KEY_LEN, 1) <= 0) {
++ ho->mppe_56 = 0;
++ p[5] &= ~MPPE_56BIT;
++ newret = CONFNAK;
++ }
++ goto check_mppe;
++ }
++ p[5] &= ~MPPE_56BIT;
++ newret = CONFNAK;
++ goto check_mppe;
++ }
++ check_mppe_40:
++ if ((p[5] & ~MPPE_MPPC) == MPPE_40BIT) {
++ if (ao->mppe_40) {
++ ho->mppe_40 = 1;
++ BCOPY(p, opt_buf, CILEN_MPPE);
++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
++ MPPE_MAX_KEY_LEN);
++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
++ MPPE_MAX_KEY_LEN, 1) <= 0) {
++ ho->mppe_40 = 0;
++ p[5] &= ~MPPE_40BIT;
++ newret = CONFNAK;
++ }
++ goto check_mppe;
++ }
++ p[5] &= ~MPPE_40BIT;
++ }
++
++ check_mppe:
++ if (!ho->mppe_40 && !ho->mppe_56 && !ho->mppe_128) {
++ if (wo->mppe_40 || wo->mppe_56 || wo->mppe_128) {
++ newret = CONFNAK;
++ p[2] |= (wo->mppe_stateless ? MPPE_STATELESS : 0);
++ p[5] |= (wo->mppe_40 ? MPPE_40BIT : 0) |
++ (wo->mppe_56 ? MPPE_56BIT : 0) |
++ (wo->mppe_128 ? MPPE_128BIT : 0) |
++ (wo->mppc ? MPPE_MPPC : 0);
++ } else {
++ ho->mppe = ho->mppe_stateless = 0;
+ }
+ } else {
+- /* Neither are set. */
++ /* MPPE is not compatible with other compression types */
++ if (wo->mppe) {
++ ao->bsd_compress = 0;
++ ao->predictor_1 = 0;
++ ao->predictor_2 = 0;
++ ao->deflate = 0;
++ ao->lzs = 0;
++ }
++ }
++ if ((!ho->mppc || !ao->mppc) && !ho->mppe) {
++ p[2] = p2;
++ p[5] = p5;
+ newret = CONFREJ;
+ break;
+ }
+
+- /* rebuild the opts */
+- MPPE_OPTS_TO_CI(ho->mppe, &p[2]);
+- if (newret == CONFACK) {
+- u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
+- int mtu;
+-
+- BCOPY(p, opt_buf, CILEN_MPPE);
+- BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
+- MPPE_MAX_KEY_LEN);
+- if (ccp_test(f->unit, opt_buf,
+- CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) {
+- /* This shouldn't happen, we've already tested it! */
+- error("MPPE required, but kernel has no support.");
+- lcp_close(f->unit, "MPPE required but not available");
+- newret = CONFREJ;
+- break;
+- }
+- /*
+- * We need to decrease the interface MTU by MPPE_PAD
+- * because MPPE frames **grow**. The kernel [must]
+- * allocate MPPE_PAD extra bytes in xmit buffers.
+- */
+- mtu = netif_get_mtu(f->unit);
+- if (mtu)
+- netif_set_mtu(f->unit, mtu - MPPE_PAD);
+- else
+- newret = CONFREJ;
+- }
++ /*
++ * I have commented the code below because according to RFC1547
++ * MTU is only information for higher level protocols about
++ * "the maximum allowable length for a packet (q.v.) transmitted
++ * over a point-to-point link without incurring network layer
++ * fragmentation." Of course a PPP implementation should be able
++ * to handle overhead added by MPPE - in our case apropriate code
++ * is located in drivers/net/ppp_generic.c in the kernel sources.
++ *
++ * According to RFC1661:
++ * - when negotiated MRU is less than 1500 octets, a PPP
++ * implementation must still be able to receive at least 1500
++ * octets,
++ * - when PFC is negotiated, a PPP implementation is still
++ * required to receive frames with uncompressed protocol field.
++ *
++ * So why not to handle MPPE overhead without changing MTU value?
++ * I am sure that RFC3078, unfortunately silently, assumes that.
++ */
+
+ /*
+- * We have accepted MPPE or are willing to negotiate
+- * MPPE parameters. A CONFREJ is due to subsequent
+- * (non-MPPE) processing.
++ * We need to decrease the interface MTU by MPPE_PAD
++ * because MPPE frames **grow**. The kernel [must]
++ * allocate MPPE_PAD extra bytes in xmit buffers.
+ */
+- rej_for_ci_mppe = 0;
++/*
++ mtu = netif_get_mtu(f->unit);
++ if (mtu) {
++ netif_set_mtu(f->unit, mtu - MPPE_PAD);
++ } else {
++ newret = CONFREJ;
++ if (ccp_wantoptions[f->unit].mppe) {
++ error("Cannot adjust MTU needed by MPPE.");
++ lcp_close(f->unit, "Cannot adjust MTU needed by MPPE.");
++ }
++ }
++*/
+ break;
+ #endif /* MPPE */
++
++ case CI_LZS:
++ if (!ao->lzs || clen != CILEN_LZS) {
++ newret = CONFREJ;
++ break;
++ }
++
++ ho->lzs = 1;
++ ho->lzs_hists = (p[2] << 8) | p[3];
++ ho->lzs_mode = p[4];
++ if ((ho->lzs_hists != ao->lzs_hists) ||
++ (ho->lzs_mode != ao->lzs_mode)) {
++ newret = CONFNAK;
++ if (!dont_nak) {
++ p[2] = ao->lzs_hists >> 8;
++ p[3] = ao->lzs_hists & 0xff;
++ p[4] = ao->lzs_mode;
++ } else
++ break;
++ }
++
++ if (p == p0 && ccp_test(f->unit, p, CILEN_LZS, 1) <= 0) {
++ newret = CONFREJ;
++ }
++ break;
++
+ case CI_DEFLATE:
+ case CI_DEFLATE_DRAFT:
+ if (!ao->deflate || clen != CILEN_DEFLATE
+@@ -1340,12 +1832,6 @@
+ else
+ *lenp = retp - p0;
+ }
+-#ifdef MPPE
+- if (ret == CONFREJ && ao->mppe && rej_for_ci_mppe) {
+- error("MPPE required but peer negotiation failed");
+- lcp_close(f->unit, "MPPE required but peer negotiation failed");
+- }
+-#endif
+ return ret;
+ }
+
+@@ -1367,24 +1853,35 @@
+ char *p = result;
+ char *q = result + sizeof(result); /* 1 past result */
+
+- slprintf(p, q - p, "MPPE ");
+- p += 5;
+- if (opt->mppe & MPPE_OPT_128) {
+- slprintf(p, q - p, "128-bit ");
+- p += 8;
+- }
+- if (opt->mppe & MPPE_OPT_40) {
+- slprintf(p, q - p, "40-bit ");
+- p += 7;
+- }
+- if (opt->mppe & MPPE_OPT_STATEFUL)
+- slprintf(p, q - p, "stateful");
+- else
+- slprintf(p, q - p, "stateless");
+-
++ if (opt->mppe) {
++ if (opt->mppc) {
++ slprintf(p, q - p, "MPPC/MPPE ");
++ p += 10;
++ } else {
++ slprintf(p, q - p, "MPPE ");
++ p += 5;
++ }
++ if (opt->mppe_128) {
++ slprintf(p, q - p, "128-bit ");
++ p += 8;
++ } else if (opt->mppe_56) {
++ slprintf(p, q - p, "56-bit ");
++ p += 7;
++ } else if (opt->mppe_40) {
++ slprintf(p, q - p, "40-bit ");
++ p += 7;
++ }
++ if (opt->mppe_stateless)
++ slprintf(p, q - p, "stateless");
++ else
++ slprintf(p, q - p, "stateful");
++ } else if (opt->mppc)
++ slprintf(p, q - p, "MPPC");
+ break;
+ }
+-#endif
++#endif /* MPPE */
++ case CI_LZS:
++ return "Stac LZS";
+ case CI_DEFLATE:
+ case CI_DEFLATE_DRAFT:
+ if (opt2 != NULL && opt2->deflate_size != opt->deflate_size)
+@@ -1440,12 +1937,12 @@
+ } else if (ANY_COMPRESS(*ho))
+ notice("%s transmit compression enabled", method_name(ho, NULL));
+ #ifdef MPPE
+- if (go->mppe) {
++ if (go->mppe || go->mppc) {
+ BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN);
+ BZERO(mppe_send_key, MPPE_MAX_KEY_LEN);
+ continue_networks(f->unit); /* Bring up IP et al */
+ }
+-#endif
++#endif /* MPPE */
+ }
+
+ /*
+@@ -1468,7 +1965,7 @@
+ lcp_close(f->unit, "MPPE disabled");
+ }
+ }
+-#endif
++#endif /* MPPE */
+ }
+
+ /*
+@@ -1528,24 +2025,28 @@
+ #ifdef MPPE
+ case CI_MPPE:
+ if (optlen >= CILEN_MPPE) {
+- u_char mppe_opts;
+-
+- MPPE_CI_TO_OPTS(&p[2], mppe_opts);
+- printer(arg, "mppe %s %s %s %s %s %s%s",
+- (p[2] & MPPE_H_BIT)? "+H": "-H",
+- (p[5] & MPPE_M_BIT)? "+M": "-M",
+- (p[5] & MPPE_S_BIT)? "+S": "-S",
+- (p[5] & MPPE_L_BIT)? "+L": "-L",
++ printer(arg, "mppe %s %s %s %s %s %s",
++ (p[2] & MPPE_STATELESS)? "+H": "-H",
++ (p[5] & MPPE_56BIT)? "+M": "-M",
++ (p[5] & MPPE_128BIT)? "+S": "-S",
++ (p[5] & MPPE_40BIT)? "+L": "-L",
+ (p[5] & MPPE_D_BIT)? "+D": "-D",
+- (p[5] & MPPE_C_BIT)? "+C": "-C",
+- (mppe_opts & MPPE_OPT_UNKNOWN)? " +U": "");
+- if (mppe_opts & MPPE_OPT_UNKNOWN)
++ (p[5] & MPPE_MPPC)? "+C": "-C");
++ if ((p[5] & ~(MPPE_56BIT | MPPE_128BIT | MPPE_40BIT |
++ MPPE_D_BIT | MPPE_MPPC)) ||
++ (p[2] & ~MPPE_STATELESS))
+ printer(arg, " (%.2x %.2x %.2x %.2x)",
+ p[2], p[3], p[4], p[5]);
+ p += CILEN_MPPE;
+ }
+ break;
+-#endif
++#endif /* MPPE */
++ case CI_LZS:
++ if (optlen >= CILEN_LZS) {
++ printer(arg, "lzs %.2x %.2x %.2x", p[2], p[3], p[4]);
++ p += CILEN_LZS;
++ }
++ break;
+ case CI_DEFLATE:
+ case CI_DEFLATE_DRAFT:
+ if (optlen >= CILEN_DEFLATE) {
+@@ -1631,6 +2132,7 @@
+ error("Lost compression sync: disabling compression");
+ ccp_close(unit, "Lost compression sync");
+ #ifdef MPPE
++ /* My module dosn't need this. J.D., 2003-07-06 */
+ /*
+ * If we were doing MPPE, we must also take the link down.
+ */
+@@ -1638,9 +2140,18 @@
+ error("Too many MPPE errors, closing LCP");
+ lcp_close(unit, "Too many MPPE errors");
+ }
+-#endif
++#endif /* MPPE */
+ } else {
+ /*
++ * When LZS or MPPE/MPPC is negotiated we just send CCP_RESETREQ
++ * and don't wait for CCP_RESETACK
++ */
++ if ((ccp_gotoptions[f->unit].method == CI_LZS) ||
++ (ccp_gotoptions[f->unit].method == CI_MPPE)) {
++ fsm_sdata(f, CCP_RESETREQ, f->reqid = ++f->id, NULL, 0);
++ return;
++ }
++ /*
+ * Send a reset-request to reset the peer's compressor.
+ * We don't do that if we are still waiting for an
+ * acknowledgement to a previous reset-request.
+@@ -1671,4 +2182,3 @@
+ } else
+ ccp_localstate[f->unit] &= ~RACK_PENDING;
+ }
+-
+diff -ruN ppp-2.4.3.orig/pppd/ccp.h ppp-2.4.3/pppd/ccp.h
+--- ppp-2.4.3.orig/pppd/ccp.h 2004-11-04 11:02:26.000000000 +0100
++++ ppp-2.4.3/pppd/ccp.h 2004-11-21 13:54:09.000000000 +0100
+@@ -37,9 +37,17 @@
+ bool predictor_2; /* do Predictor-2? */
+ bool deflate_correct; /* use correct code for deflate? */
+ bool deflate_draft; /* use draft RFC code for deflate? */
++ bool lzs; /* do Stac LZS? */
++ bool mppc; /* do MPPC? */
+ bool mppe; /* do MPPE? */
++ bool mppe_40; /* allow 40 bit encryption? */
++ bool mppe_56; /* allow 56 bit encryption? */
++ bool mppe_128; /* allow 128 bit encryption? */
++ bool mppe_stateless; /* allow stateless encryption */
+ u_short bsd_bits; /* # bits/code for BSD Compress */
+ u_short deflate_size; /* lg(window size) for Deflate */
++ u_short lzs_mode; /* LZS check mode */
++ u_short lzs_hists; /* number of LZS histories */
+ short method; /* code for chosen compression method */
+ } ccp_options;
+
+diff -ruN ppp-2.4.3.orig/pppd/chap_ms.c ppp-2.4.3/pppd/chap_ms.c
+--- ppp-2.4.3.orig/pppd/chap_ms.c 2004-11-12 10:57:43.000000000 +0100
++++ ppp-2.4.3/pppd/chap_ms.c 2004-11-21 13:54:09.000000000 +0100
+@@ -895,13 +895,17 @@
+ /*
+ * Disable undesirable encryption types. Note that we don't ENABLE
+ * any encryption types, to avoid overriding manual configuration.
++ *
++ * It seems that 56 bit keys are unsupported in MS-RADIUS (see RFC 2548)
+ */
+ switch(types) {
+ case MPPE_ENC_TYPES_RC4_40:
+- ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
++ ccp_wantoptions[0].mppe_128 = 0; /* disable 128-bit */
++ ccp_wantoptions[0].mppe_56 = 0; /* disable 56-bit */
+ break;
+ case MPPE_ENC_TYPES_RC4_128:
+- ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
++ ccp_wantoptions[0].mppe_56 = 0; /* disable 56-bit */
++ ccp_wantoptions[0].mppe_40 = 0; /* disable 40-bit */
+ break;
+ default:
+ break;
+diff -ruN ppp-2.4.3.orig/pppd/pppd.8 ppp-2.4.3/pppd/pppd.8
+--- ppp-2.4.3.orig/pppd/pppd.8 2004-11-13 13:22:49.000000000 +0100
++++ ppp-2.4.3/pppd/pppd.8 2004-11-21 14:24:47.000000000 +0100
+@@ -622,9 +622,29 @@
+ Enables the use of PPP multilink; this is an alias for the `multilink'
+ option. This option is currently only available under Linux.
+ .TP
+-.B mppe\-stateful
+-Allow MPPE to use stateful mode. Stateless mode is still attempted first.
+-The default is to disallow stateful mode.
++.B mppc
++Enables MPPC (Microsoft Point to Point Compression). This is the default.
++.TP
++.B mppe \fIsubopt1[,subopt2[,subopt3[..]]]
++Modify MPPE (Microsoft Point to Point Encryption) parameters. In order
++for MPPE to successfully come up, you must have authenticated with either
++MS-CHAP or MS-CHAPv2. By default MPPE is optional, it means that pppd will
++not propose MPPE to the peer, but will negotiate MPPE if peer wants that.
++You can change this using \fIrequired\fR suboption.
++This option is presently only supported under Linux, and only if your
++kernel has been configured to include MPPE support.
++.IP
++MPPE suboptions:
++.br
++\fIrequired\fR - require MPPE; disconnect if peer doesn't support it,
++.br
++\fIstateless\fR - try to negotiate stateless mode; default is stateful,
++.br
++\fIno40\fR - disable 40 bit keys,
++.br
++\fIno56\fR - disable 56 bit keys,
++.br
++\fIno128\fR - disable 128 bit keys
+ .TP
+ .B mpshortseq
+ Enables the use of short (12-bit) sequence numbers in multilink
+@@ -757,17 +777,11 @@
+ Disables the use of PPP multilink. This option is currently only
+ available under Linux.
+ .TP
+-.B nomppe
+-Disables MPPE (Microsoft Point to Point Encryption). This is the default.
+-.TP
+-.B nomppe\-40
+-Disable 40-bit encryption with MPPE.
++.B nomppc
++Disables MPPC (Microsoft Point to Point Compression).
+ .TP
+-.B nomppe\-128
+-Disable 128-bit encryption with MPPE.
+-.TP
+-.B nomppe\-stateful
+-Disable MPPE stateful mode. This is the default.
++.B nomppe
++Disables MPPE (Microsoft Point to Point Encryption).
+ .TP
+ .B nompshortseq
+ Disables the use of short (12-bit) sequence numbers in the PPP
+@@ -948,19 +962,6 @@
+ Require the peer to authenticate itself using CHAP [Challenge
+ Handshake Authentication Protocol] authentication.
+ .TP
+-.B require\-mppe
+-Require the use of MPPE (Microsoft Point to Point Encryption). This
+-option disables all other compression types. This option enables
+-both 40-bit and 128-bit encryption. In order for MPPE to successfully
+-come up, you must have authenticated with either MS\-CHAP or MS\-CHAPv2.
+-This option is presently only supported under Linux, and only if your
+-kernel has been configured to include MPPE support.
+-.TP
+-.B require\-mppe\-40
+-Require the use of MPPE, with 40-bit encryption.
+-.TP
+-.B require\-mppe\-128
+-Require the use of MPPE, with 128-bit encryption.
+ .TP
+ .B require\-mschap
+ Require the peer to authenticate itself using MS\-CHAP [Microsoft Challenge
--- /dev/null
+diff -ruN ppp-2.4.3-orig/pppd/plugins/Makefile.linux ppp-2.4.3-3/pppd/plugins/Makefile.linux
+--- ppp-2.4.3-orig/pppd/plugins/Makefile.linux 2004-11-14 08:57:35.000000000 +0100
++++ ppp-2.4.3-3/pppd/plugins/Makefile.linux 2004-12-05 17:03:59.000000000 +0100
+@@ -9,7 +9,7 @@
+ MANDIR = $(DESTDIR)/share/man/man8
+ LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
+
+-SUBDIRS := rp-pppoe pppoatm radius
++SUBDIRS := rp-pppoe radius
+ # Uncomment the next line to include the radius authentication plugin
+ # SUBDIRS += radius
+ PLUGINS := minconn.so passprompt.so passwordfd.so winbind.so
--- /dev/null
+diff -ruN ppp-2.4.3-orig/chat/Makefile.linux ppp-2.4.3-3/chat/Makefile.linux
+--- ppp-2.4.3-orig/chat/Makefile.linux 2004-11-03 12:51:47.000000000 +0100
++++ ppp-2.4.3-3/chat/Makefile.linux 2004-12-05 17:42:43.000000000 +0100
+@@ -25,7 +25,7 @@
+
+ install: chat
+ mkdir -p $(BINDIR)
+- $(INSTALL) -s -c chat $(BINDIR)
++ $(INSTALL) -c chat $(BINDIR)
+ $(INSTALL) -c -m 644 chat.8 $(MANDIR)
+
+ clean:
+diff -ruN ppp-2.4.3-orig/pppd/Makefile.linux ppp-2.4.3-3/pppd/Makefile.linux
+--- ppp-2.4.3-orig/pppd/Makefile.linux 2004-11-13 13:02:22.000000000 +0100
++++ ppp-2.4.3-3/pppd/Makefile.linux 2004-12-16 04:43:41.000000000 +0100
+@@ -99,7 +99,7 @@
+ CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
+ LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto
+ TARGETS += srp-entry
+-EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry
++EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry
+ MANPAGES += srp-entry.8
+ EXTRACLEAN += srp-entry.o
+ NEEDDES=y
+@@ -202,7 +202,7 @@
+ install: pppd
+ mkdir -p $(BINDIR) $(MANDIR)
+ $(EXTRAINSTALL)
+- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd
++ $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd
+ if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \
+ chmod o-rx,u+s $(BINDIR)/pppd; fi
+ $(INSTALL) -c -m 444 pppd.8 $(MANDIR)
+diff -ruN ppp-2.4.3-orig/pppd/plugins/radius/Makefile.linux ppp-2.4.3-3/pppd/plugins/radius/Makefile.linux
+--- ppp-2.4.3-orig/pppd/plugins/radius/Makefile.linux 2004-11-14 08:02:31.000000000 +0100
++++ ppp-2.4.3-3/pppd/plugins/radius/Makefile.linux 2004-12-05 17:43:17.000000000 +0100
+@@ -36,9 +37,9 @@
+
+ install: all
+ $(INSTALL) -d -m 755 $(LIBDIR)
+- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR)
+- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR)
+- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR)
++ $(INSTALL) -c -m 755 radius.so $(LIBDIR)
++ $(INSTALL) -c -m 755 radattr.so $(LIBDIR)
++ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR)
+ $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR)
+ $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
+
+diff -ruN ppp-2.4.3-orig/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.3-3/pppd/plugins/rp-pppoe/Makefile.linux
+--- ppp-2.4.3-orig/pppd/plugins/rp-pppoe/Makefile.linux 2004-11-14 08:58:37.000000000 +0100
++++ ppp-2.4.3-3/pppd/plugins/rp-pppoe/Makefile.linux 2004-12-05 17:43:23.000000000 +0100
+@@ -39,9 +39,9 @@
+
+ install: all
+ $(INSTALL) -d -m 755 $(LIBDIR)
+- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR)
++ $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR)
+ $(INSTALL) -d -m 755 $(BINDIR)
+- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR)
++ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
+
+ clean:
+ rm -f *.o *.so
+diff -ruN ppp-2.4.3-orig/pppdump/Makefile.linux ppp-2.4.3-3/pppdump/Makefile.linux
+--- ppp-2.4.3-orig/pppdump/Makefile.linux 2004-10-31 02:36:52.000000000 +0200
++++ ppp-2.4.3-3/pppdump/Makefile.linux 2004-12-05 17:50:34.000000000 +0100
+@@ -17,5 +18,5 @@
+
+ install:
+ mkdir -p $(BINDIR) $(MANDIR)
+- $(INSTALL) -s -c pppdump $(BINDIR)
++ $(INSTALL) -c pppdump $(BINDIR)
+ $(INSTALL) -c -m 444 pppdump.8 $(MANDIR)
+diff -ruN ppp-2.4.3-orig/pppstats/Makefile.linux ppp-2.4.3-3/pppstats/Makefile.linux
+--- ppp-2.4.3-orig/pppstats/Makefile.linux 2004-10-31 23:09:03.000000000 +0100
++++ ppp-2.4.3-3/pppstats/Makefile.linux 2004-12-05 17:43:38.000000000 +0100
+@@ -22,7 +22,7 @@
+
+ install: pppstats
+ -mkdir -p $(MANDIR)
+- $(INSTALL) -s -c pppstats $(BINDIR)
++ $(INSTALL) -c pppstats $(BINDIR)
+ $(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
+
+ pppstats: $(PPPSTATSRCS)
--- /dev/null
+diff -ruN ppp-2.4.3-orig/pppd/plugins/radius/Makefile.linux ppp-2.4.3-3/pppd/plugins/radius/Makefile.linux
+--- ppp-2.4.3-orig/pppd/plugins/radius/Makefile.linux 2004-11-14 08:02:31.000000000 +0100
++++ ppp-2.4.3-3/pppd/plugins/radius/Makefile.linux 2004-12-05 17:43:17.000000000 +0100
+@@ -12,7 +12,8 @@
+ INSTALL = install
+
+ PLUGIN=radius.so radattr.so radrealms.so
+-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
++COPTS = -O2
++CFLAGS=-I. -I../.. -I../../../include $(COPTS) -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
+
+ # Uncomment the next line to include support for Microsoft's
+ # MS-CHAP authentication protocol.
+diff -ruN ppp-2.4.3-orig/pppdump/Makefile.linux ppp-2.4.3-3/pppdump/Makefile.linux
+--- ppp-2.4.3-orig/pppdump/Makefile.linux 2004-10-31 02:36:52.000000000 +0200
++++ ppp-2.4.3-3/pppdump/Makefile.linux 2004-12-05 17:50:34.000000000 +0100
+@@ -2,7 +2,8 @@
+ BINDIR = $(DESTDIR)/sbin
+ MANDIR = $(DESTDIR)/share/man/man8
+
+-CFLAGS= -O -I../include/net
++COPTS = -O
++CFLAGS= $(COPTS) -I../include/net
+ OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
+
+ INSTALL= install
--- /dev/null
+diff -ruN ppp-2.4.3-orig/pppd/plugins/rp-pppoe/plugin.c ppp-2.4.3-3/pppd/plugins/rp-pppoe/plugin.c
+--- ppp-2.4.3-orig/pppd/plugins/rp-pppoe/plugin.c 2004-11-04 11:07:37.000000000 +0100
++++ ppp-2.4.3-3/pppd/plugins/rp-pppoe/plugin.c 2004-12-16 01:07:22.000000000 +0100
+@@ -286,7 +286,7 @@
+ /* Strip off "nic-" */
+ cmd += 4;
+ } else if (strlen(cmd) < 4
+- || (strncmp(cmd, "eth", 3) && strncmp(cmd, "nas", 3)
++ || (strncmp(cmd, "eth", 3) && strncmp(cmd, "nas", 3) && strncmp(cmd, "vlan", 4)
+ && strncmp(cmd, "tap", 3) && strncmp(cmd, "br", 2))) {
+ return 0;
+ }
--- /dev/null
+diff -ruN ppp-2.4.3-orig/pppd/plugins/radius/config.c ppp-2.4.3-3/pppd/plugins/radius/config.c
+--- ppp-2.4.3-orig/pppd/plugins/radius/config.c 2004-11-14 08:26:26.000000000 +0100
++++ ppp-2.4.3-3/pppd/plugins/radius/config.c 2004-12-16 04:03:46.000000000 +0100
+@@ -369,31 +369,37 @@
+ }
+ #endif
+
++#if 0
+ if (rc_conf_int("login_tries") <= 0)
+ {
+ error("%s: login_tries <= 0 is illegal", filename);
+ return (-1);
+ }
++#endif
+ if (rc_conf_str("seqfile") == NULL)
+ {
+ error("%s: seqfile not specified", filename);
+ return (-1);
+ }
++#if 0
+ if (rc_conf_int("login_timeout") <= 0)
+ {
+ error("%s: login_timeout <= 0 is illegal", filename);
+ return (-1);
+ }
++#endif
+ if (rc_conf_str("mapfile") == NULL)
+ {
+ error("%s: mapfile not specified", filename);
+ return (-1);
+ }
++#if 0
+ if (rc_conf_str("nologin") == NULL)
+ {
+ error("%s: nologin not specified", filename);
+ return (-1);
+ }
++#endif
+
+ return 0;
+ }
+diff -ruN ppp-2.4.3-orig/pppd/plugins/radius/options.h ppp-2.4.3-3/pppd/plugins/radius/options.h
+--- ppp-2.4.3-orig/pppd/plugins/radius/options.h 2004-11-14 08:26:26.000000000 +0100
++++ ppp-2.4.3-3/pppd/plugins/radius/options.h 2004-12-16 04:09:16.000000000 +0100
+@@ -31,24 +31,21 @@
+ static SERVER acctserver = {0};
+ static SERVER authserver = {0};
+
+-int default_tries = 4;
+-int default_timeout = 60;
+-
+ static OPTION config_options[] = {
+ /* internally used options */
+ {"config_file", OT_STR, ST_UNDEF, NULL},
+ /* General options */
+ {"auth_order", OT_AUO, ST_UNDEF, NULL},
+-{"login_tries", OT_INT, ST_UNDEF, &default_tries},
+-{"login_timeout", OT_INT, ST_UNDEF, &default_timeout},
+-{"nologin", OT_STR, ST_UNDEF, "/etc/nologin"},
+-{"issue", OT_STR, ST_UNDEF, "/etc/radiusclient/issue"},
++{"login_tries", OT_INT, ST_UNDEF, NULL},
++{"login_timeout", OT_INT, ST_UNDEF, NULL},
++{"nologin", OT_STR, ST_UNDEF, NULL},
++{"issue", OT_STR, ST_UNDEF, NULL},
+ /* RADIUS specific options */
+ {"authserver", OT_SRV, ST_UNDEF, &authserver},
+ {"acctserver", OT_SRV, ST_UNDEF, &acctserver},
+ {"servers", OT_STR, ST_UNDEF, NULL},
+ {"dictionary", OT_STR, ST_UNDEF, NULL},
+-{"login_radius", OT_STR, ST_UNDEF, "/usr/sbin/login.radius"},
++{"login_radius", OT_STR, ST_UNDEF, NULL},
+ {"seqfile", OT_STR, ST_UNDEF, NULL},
+ {"mapfile", OT_STR, ST_UNDEF, NULL},
+ {"default_realm", OT_STR, ST_UNDEF, NULL},
+++ /dev/null
-diff -ruN ppp-2.4.3-orig/chat/Makefile.linux ppp-2.4.3-3/chat/Makefile.linux
---- ppp-2.4.3-orig/chat/Makefile.linux 2004-11-03 12:51:47.000000000 +0100
-+++ ppp-2.4.3-3/chat/Makefile.linux 2004-12-05 17:42:43.000000000 +0100
-@@ -25,7 +25,7 @@
-
- install: chat
- mkdir -p $(BINDIR)
-- $(INSTALL) -s -c chat $(BINDIR)
-+ $(INSTALL) -c chat $(BINDIR)
- $(INSTALL) -c -m 644 chat.8 $(MANDIR)
-
- clean:
-diff -ruN ppp-2.4.3-orig/include/linux/ppp-comp.h ppp-2.4.3-3/include/linux/ppp-comp.h
---- ppp-2.4.3-orig/include/linux/ppp-comp.h 2002-12-06 10:49:15.000000000 +0100
-+++ ppp-2.4.3-3/include/linux/ppp-comp.h 2004-12-16 00:50:53.000000000 +0100
-@@ -36,7 +36,7 @@
- */
-
- /*
-- * ==FILEVERSION 20020319==
-+ * ==FILEVERSION 20020715==
- *
- * NOTE TO MAINTAINERS:
- * If you modify this file at all, please set the above date.
-@@ -56,10 +56,10 @@
- */
-
- #ifndef DO_BSD_COMPRESS
--#define DO_BSD_COMPRESS 1 /* by default, include BSD-Compress */
-+#define DO_BSD_COMPRESS 0 /* by default, don't include BSD-Compress */
- #endif
- #ifndef DO_DEFLATE
--#define DO_DEFLATE 1 /* by default, include Deflate */
-+#define DO_DEFLATE 0 /* by default, don't include Deflate */
- #endif
- #define DO_PREDICTOR_1 0
- #define DO_PREDICTOR_2 0
-@@ -86,7 +86,7 @@
-
- /* Compress a packet */
- int (*compress) (void *state, unsigned char *rptr,
-- unsigned char *obuf, int isize, int osize);
-+ unsigned char *obuf, int isize, int osize);
-
- /* Return compression statistics */
- void (*comp_stat) (void *state, struct compstat *stats);
-@@ -107,7 +107,7 @@
-
- /* Decompress a packet. */
- int (*decompress) (void *state, unsigned char *ibuf, int isize,
-- unsigned char *obuf, int osize);
-+ unsigned char *obuf, int osize);
-
- /* Update state for an incompressible packet received */
- void (*incomp) (void *state, unsigned char *ibuf, int icnt);
-@@ -288,6 +288,33 @@
- opts |= MPPE_OPT_UNKNOWN; \
- } while (/* CONSTCOND */ 0)
-
-+/* MPPE/MPPC definitions by J.D.*/
-+#define MPPE_STATELESS MPPE_H_BIT /* configuration bit H */
-+#define MPPE_40BIT MPPE_L_BIT /* configuration bit L */
-+#define MPPE_56BIT MPPE_M_BIT /* configuration bit M */
-+#define MPPE_128BIT MPPE_S_BIT /* configuration bit S */
-+#define MPPE_MPPC MPPE_C_BIT /* configuration bit C */
-+
-+/*
-+ * Definitions for Stac LZS.
-+ */
-+
-+#define CI_LZS 17 /* config option for Stac LZS */
-+#define CILEN_LZS 5 /* length of config option */
-+
-+#define LZS_OVHD 4 /* max. LZS overhead */
-+#define LZS_HIST_LEN 2048 /* LZS history size */
-+#define LZS_MAX_CCOUNT 0x0FFF /* max. coherency counter value */
-+
-+#define LZS_MODE_NONE 0
-+#define LZS_MODE_LCB 1
-+#define LZS_MODE_CRC 2
-+#define LZS_MODE_SEQ 3
-+#define LZS_MODE_EXT 4
-+
-+#define LZS_EXT_BIT_FLUSHED 0x80 /* bit A */
-+#define LZS_EXT_BIT_COMP 0x20 /* bit C */
-+
- /*
- * Definitions for other, as yet unsupported, compression methods.
- */
-diff -ruN ppp-2.4.3-orig/include/net/ppp-comp.h ppp-2.4.3-3/include/net/ppp-comp.h
---- ppp-2.4.3-orig/include/net/ppp-comp.h 2002-12-06 10:49:15.000000000 +0100
-+++ ppp-2.4.3-3/include/net/ppp-comp.h 2004-12-16 00:51:06.000000000 +0100
-@@ -43,10 +43,10 @@
- * various compression methods.
- */
- #ifndef DO_BSD_COMPRESS
--#define DO_BSD_COMPRESS 1 /* by default, include BSD-Compress */
-+#define DO_BSD_COMPRESS 0 /* by default, don't include BSD-Compress */
- #endif
- #ifndef DO_DEFLATE
--#define DO_DEFLATE 1 /* by default, include Deflate */
-+#define DO_DEFLATE 0 /* by default, don't include Deflate */
- #endif
- #define DO_PREDICTOR_1 0
- #define DO_PREDICTOR_2 0
-@@ -255,6 +255,33 @@
- opts |= MPPE_OPT_UNKNOWN; \
- } while (/* CONSTCOND */ 0)
-
-+/* MPPE/MPPC definitions by J.D.*/
-+#define MPPE_STATELESS MPPE_H_BIT /* configuration bit H */
-+#define MPPE_40BIT MPPE_L_BIT /* configuration bit L */
-+#define MPPE_56BIT MPPE_M_BIT /* configuration bit M */
-+#define MPPE_128BIT MPPE_S_BIT /* configuration bit S */
-+#define MPPE_MPPC MPPE_C_BIT /* configuration bit C */
-+
-+/*
-+ * Definitions for Stac LZS.
-+ */
-+
-+#define CI_LZS 17 /* config option for Stac LZS */
-+#define CILEN_LZS 5 /* length of config option */
-+
-+#define LZS_OVHD 4 /* max. LZS overhead */
-+#define LZS_HIST_LEN 2048 /* LZS history size */
-+#define LZS_MAX_CCOUNT 0x0FFF /* max. coherency counter value */
-+
-+#define LZS_MODE_NONE 0
-+#define LZS_MODE_LCB 1
-+#define LZS_MODE_CRC 2
-+#define LZS_MODE_SEQ 3
-+#define LZS_MODE_EXT 4
-+
-+#define LZS_EXT_BIT_FLUSHED 0x80 /* bit A */
-+#define LZS_EXT_BIT_COMP 0x20 /* bit C */
-+
- /*
- * Definitions for other, as yet unsupported, compression methods.
- */
-diff -ruN ppp-2.4.3-orig/pppd/Makefile.linux ppp-2.4.3-3/pppd/Makefile.linux
---- ppp-2.4.3-orig/pppd/Makefile.linux 2004-11-13 13:02:22.000000000 +0100
-+++ ppp-2.4.3-3/pppd/Makefile.linux 2004-12-16 04:43:41.000000000 +0100
-@@ -48,19 +48,19 @@
- # Uncomment the next line to include support for PPP packet filtering.
- # This requires that the libpcap library and headers be installed
- # and that the kernel driver support PPP packet filtering.
--FILTER=y
-+#FILTER=y
-
- # Uncomment the next line to enable multilink PPP (enabled by default)
- # Linux distributions: Please leave multilink ENABLED in your builds
- # of pppd!
--HAVE_MULTILINK=y
-+#HAVE_MULTILINK=y
-
- # Uncomment the next line to enable the TDB database (enabled by default.)
- # If you enable multilink, then TDB is automatically enabled also.
- # Linux distributions: Please leave TDB ENABLED in your builds.
--USE_TDB=y
-+#USE_TDB=y
-
--HAS_SHADOW=y
-+#HAS_SHADOW=y
- #USE_PAM=y
- #HAVE_INET6=y
-
-@@ -77,7 +77,7 @@
-
- INCLUDE_DIRS= -I../include
-
--COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP
-+COMPILE_FLAGS= -DHAVE_PATHS_H -DHAVE_MMAP
-
- CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS)
-
-@@ -99,7 +99,7 @@
- CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
- LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto
- TARGETS += srp-entry
--EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry
-+EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry
- MANPAGES += srp-entry.8
- EXTRACLEAN += srp-entry.o
- NEEDDES=y
-@@ -117,12 +117,12 @@
- #LIBS += -lshadow $(LIBS)
- endif
-
--ifneq ($(wildcard /usr/include/crypt.h),)
-+#ifneq ($(wildcard /usr/include/crypt.h),)
- CFLAGS += -DHAVE_CRYPT_H=1
--endif
--ifneq ($(wildcard /usr/lib/libcrypt.*),)
-+#endif
-+#ifneq ($(wildcard /usr/lib/libcrypt.*),)
- LIBS += -lcrypt
--endif
-+#endif
-
- ifdef NEEDDES
- ifndef USE_CRYPT
-@@ -202,7 +202,7 @@
- install: pppd
- mkdir -p $(BINDIR) $(MANDIR)
- $(EXTRAINSTALL)
-- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd
-+ $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd
- if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \
- chmod o-rx,u+s $(BINDIR)/pppd; fi
- $(INSTALL) -c -m 444 pppd.8 $(MANDIR)
-diff -ruN ppp-2.4.3-orig/pppd/ccp.c ppp-2.4.3-3/pppd/ccp.c
---- ppp-2.4.3-orig/pppd/ccp.c 2004-11-13 03:28:15.000000000 +0100
-+++ ppp-2.4.3-3/pppd/ccp.c 2004-12-05 17:51:27.000000000 +0100
-@@ -62,12 +62,10 @@
- static char bsd_value[8];
- static char deflate_value[8];
-
--/*
-- * Option variables.
-- */
- #ifdef MPPE
--bool refuse_mppe_stateful = 1; /* Allow stateful mode? */
--#endif
-+static int setmppe(char **);
-+static int setnomppe(void);
-+#endif /* MPPE */
-
- static option_t ccp_option_list[] = {
- { "noccp", o_bool, &ccp_protent.enabled_flag,
-@@ -108,54 +106,36 @@
- "don't allow Predictor-1", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
- &ccp_allowoptions[0].predictor_1 },
-
-+ { "lzs", o_bool, &ccp_wantoptions[0].lzs,
-+ "request Stac LZS", 1, &ccp_allowoptions[0].lzs, OPT_PRIO },
-+ { "+lzs", o_bool, &ccp_wantoptions[0].lzs,
-+ "request Stac LZS", 1, &ccp_allowoptions[0].lzs, OPT_ALIAS | OPT_PRIO },
-+ { "nolzs", o_bool, &ccp_wantoptions[0].lzs,
-+ "don't allow Stac LZS", OPT_PRIOSUB | OPT_A2CLR,
-+ &ccp_allowoptions[0].lzs },
-+ { "-lzs", o_bool, &ccp_wantoptions[0].lzs,
-+ "don't allow Stac LZS", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
-+ &ccp_allowoptions[0].lzs },
-+
- #ifdef MPPE
-- /* MPPE options are symmetrical ... we only set wantoptions here */
-- { "require-mppe", o_bool, &ccp_wantoptions[0].mppe,
-- "require MPPE encryption",
-- OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 },
-- { "+mppe", o_bool, &ccp_wantoptions[0].mppe,
-- "require MPPE encryption",
-- OPT_ALIAS | OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 },
-- { "nomppe", o_bool, &ccp_wantoptions[0].mppe,
-- "don't allow MPPE encryption", OPT_PRIO },
-- { "-mppe", o_bool, &ccp_wantoptions[0].mppe,
-- "don't allow MPPE encryption", OPT_ALIAS | OPT_PRIO },
--
-- /* We use ccp_allowoptions[0].mppe as a junk var ... it is reset later */
-- { "require-mppe-40", o_bool, &ccp_allowoptions[0].mppe,
-- "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40,
-- &ccp_wantoptions[0].mppe },
-- { "+mppe-40", o_bool, &ccp_allowoptions[0].mppe,
-- "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40,
-- &ccp_wantoptions[0].mppe },
-- { "nomppe-40", o_bool, &ccp_allowoptions[0].mppe,
-- "don't allow MPPE 40-bit encryption",
-- OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40, &ccp_wantoptions[0].mppe },
-- { "-mppe-40", o_bool, &ccp_allowoptions[0].mppe,
-- "don't allow MPPE 40-bit encryption",
-- OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40,
-- &ccp_wantoptions[0].mppe },
--
-- { "require-mppe-128", o_bool, &ccp_allowoptions[0].mppe,
-- "require MPPE 128-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_128,
-- &ccp_wantoptions[0].mppe },
-- { "+mppe-128", o_bool, &ccp_allowoptions[0].mppe,
-- "require MPPE 128-bit encryption",
-- OPT_ALIAS | OPT_PRIO | OPT_A2OR | MPPE_OPT_128,
-- &ccp_wantoptions[0].mppe },
-- { "nomppe-128", o_bool, &ccp_allowoptions[0].mppe,
-- "don't allow MPPE 128-bit encryption",
-- OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128, &ccp_wantoptions[0].mppe },
-- { "-mppe-128", o_bool, &ccp_allowoptions[0].mppe,
-- "don't allow MPPE 128-bit encryption",
-- OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128,
-- &ccp_wantoptions[0].mppe },
--
-- /* strange one; we always request stateless, but will we allow stateful? */
-- { "mppe-stateful", o_bool, &refuse_mppe_stateful,
-- "allow MPPE stateful mode", OPT_PRIO },
-- { "nomppe-stateful", o_bool, &refuse_mppe_stateful,
-- "disallow MPPE stateful mode", OPT_PRIO | 1 },
-+ { "mppc", o_bool, &ccp_wantoptions[0].mppc,
-+ "request MPPC compression", 1, &ccp_allowoptions[0].mppc },
-+ { "+mppc", o_bool, &ccp_wantoptions[0].mppc,
-+ "request MPPC compression", 1, &ccp_allowoptions[0].mppc, OPT_ALIAS },
-+ { "nomppc", o_bool, &ccp_wantoptions[0].mppc,
-+ "don't allow MPPC compression", OPT_PRIOSUB | OPT_A2CLR,
-+ &ccp_allowoptions[0].mppc },
-+ { "-mppc", o_bool, &ccp_wantoptions[0].mppc,
-+ "don't allow MPPC compression", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
-+ &ccp_allowoptions[0].mppc },
-+ { "mppe", o_special, (void *)setmppe,
-+ "request MPPE encryption" },
-+ { "+mppe", o_special, (void *)setmppe,
-+ "request MPPE encryption" },
-+ { "nomppe", o_special_noarg, (void *)setnomppe,
-+ "don't allow MPPE encryption" },
-+ { "-mppe", o_special_noarg, (void *)setnomppe,
-+ "don't allow MPPE encryption" },
- #endif /* MPPE */
-
- { NULL }
-@@ -241,7 +221,7 @@
- */
- #define ANY_COMPRESS(opt) ((opt).deflate || (opt).bsd_compress \
- || (opt).predictor_1 || (opt).predictor_2 \
-- || (opt).mppe)
-+ || (opt).lzs || (opt).mppc || (opt).mppe)
-
- /*
- * Local state (mainly for handling reset-reqs and reset-acks).
-@@ -344,6 +324,100 @@
- return 1;
- }
-
-+#ifdef MPPE
-+/*
-+ * Functions called from config options
-+ */
-+/*
-+ MPPE suboptions:
-+ required - require MPPE; disconnect if peer doesn't support it
-+ stateless - use stateless mode
-+ no40 - disable 40 bit keys
-+ no56 - disable 56 bit keys
-+ no128 - disable 128 bit keys
-+*/
-+int setmppe(char **argv)
-+{
-+ int i;
-+ char *str, cmdbuf[16];
-+
-+ ccp_allowoptions[0].mppe = 1;
-+ ccp_allowoptions[0].mppe_40 = 1;
-+ ccp_allowoptions[0].mppe_56 = 1;
-+ ccp_allowoptions[0].mppe_128 = 1;
-+ ccp_allowoptions[0].mppe_stateless = 0;
-+ ccp_wantoptions[0].mppe = 0;
-+
-+ str = *argv;
-+
-+ while (1) {
-+ i = 0;
-+ memset(cmdbuf, '\0', 16);
-+ while ((i < 16) && (*str != ',') && (*str != '\0'))
-+ cmdbuf[i++] = *str++;
-+ cmdbuf[i] = '\0';
-+ if (!strncasecmp(cmdbuf, "no40", strlen("no40"))) {
-+ ccp_allowoptions[0].mppe_40 = 0;
-+ goto next_param;
-+ } else if (!strncasecmp(cmdbuf, "no56", strlen("no56"))) {
-+ ccp_allowoptions[0].mppe_56 = 0;
-+ goto next_param;
-+ } else if (!strncasecmp(cmdbuf, "no128", strlen("no128"))) {
-+ ccp_allowoptions[0].mppe_128 = 0;
-+ goto next_param;
-+ } else if (!strncasecmp(cmdbuf, "stateless", strlen("stateless"))) {
-+ ccp_allowoptions[0].mppe_stateless = 1;
-+ goto next_param;
-+ } else if (!strncasecmp(cmdbuf, "required", strlen("required"))) {
-+ ccp_wantoptions[0].mppe = 1;
-+ goto next_param;
-+ } else {
-+ option_error("invalid parameter '%s' for mppe option", cmdbuf);
-+ return 0;
-+ }
-+
-+ next_param:
-+ if (*str == ',') {
-+ str++;
-+ continue;
-+ }
-+ if (*str == '\0') {
-+ if (!(ccp_allowoptions[0].mppe_40 || ccp_allowoptions[0].mppe_56 ||
-+ ccp_allowoptions[0].mppe_128)) {
-+ if (ccp_wantoptions[0].mppe == 1) {
-+ option_error("You require MPPE but you have switched off "
-+ "all encryption key lengths.");
-+ return 0;
-+ }
-+ ccp_wantoptions[0].mppe = ccp_allowoptions[0].mppe = 0;
-+ ccp_wantoptions[0].mppe_stateless =
-+ ccp_allowoptions[0].mppe_stateless = 0;
-+ } else {
-+ ccp_allowoptions[0].mppe = 1;
-+ ccp_wantoptions[0].mppe_stateless =
-+ ccp_allowoptions[0].mppe_stateless;
-+ if (ccp_wantoptions[0].mppe == 1) {
-+ ccp_wantoptions[0].mppe_40 = ccp_allowoptions[0].mppe_40;
-+ ccp_wantoptions[0].mppe_56 = ccp_allowoptions[0].mppe_56;
-+ ccp_wantoptions[0].mppe_128 = ccp_allowoptions[0].mppe_128;
-+ }
-+ }
-+ return 1;
-+ }
-+ }
-+}
-+
-+int setnomppe(void)
-+{
-+ ccp_wantoptions[0].mppe = ccp_allowoptions[0].mppe = 0;
-+ ccp_wantoptions[0].mppe_40 = ccp_allowoptions[0].mppe_40 = 0;
-+ ccp_wantoptions[0].mppe_56 = ccp_allowoptions[0].mppe_56 = 0;
-+ ccp_wantoptions[0].mppe_128 = ccp_allowoptions[0].mppe_128 = 0;
-+ ccp_wantoptions[0].mppe_stateless = ccp_allowoptions[0].mppe_stateless = 0;
-+ return 1;
-+}
-+#endif /* MPPE */
-+
- /*
- * ccp_init - initialize CCP.
- */
-@@ -378,6 +452,30 @@
- ccp_allowoptions[0].bsd_bits = BSD_MAX_BITS;
-
- ccp_allowoptions[0].predictor_1 = 1;
-+
-+ ccp_wantoptions[0].lzs = 0; /* Stac LZS - will be enabled in the future */
-+ ccp_wantoptions[0].lzs_mode = LZS_MODE_SEQ;
-+ ccp_wantoptions[0].lzs_hists = 1;
-+ ccp_allowoptions[0].lzs = 0; /* Stac LZS - will be enabled in the future */
-+ ccp_allowoptions[0].lzs_mode = LZS_MODE_SEQ;
-+ ccp_allowoptions[0].lzs_hists = 1;
-+
-+#ifdef MPPE
-+ /* by default allow and request MPPC... */
-+ ccp_wantoptions[0].mppc = ccp_allowoptions[0].mppc = 1;
-+
-+ /* ... and allow but don't request MPPE */
-+ ccp_allowoptions[0].mppe = 1;
-+ ccp_allowoptions[0].mppe_40 = 1;
-+ ccp_allowoptions[0].mppe_56 = 1;
-+ ccp_allowoptions[0].mppe_128 = 1;
-+ ccp_allowoptions[0].mppe_stateless = 1;
-+ ccp_wantoptions[0].mppe = 0;
-+ ccp_wantoptions[0].mppe_40 = 0;
-+ ccp_wantoptions[0].mppe_56 = 0;
-+ ccp_wantoptions[0].mppe_128 = 0;
-+ ccp_wantoptions[0].mppe_stateless = 0;
-+#endif /* MPPE */
- }
-
- /*
-@@ -455,11 +553,11 @@
- if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) {
- notice("Compression disabled by peer.");
- #ifdef MPPE
-- if (ccp_gotoptions[unit].mppe) {
-+ if (ccp_wantoptions[unit].mppe) {
- error("MPPE disabled, closing LCP");
- lcp_close(unit, "MPPE disabled by peer");
- }
--#endif
-+#endif /* MPPE */
- }
-
- /*
-@@ -487,6 +585,15 @@
- break;
- /* send a reset-ack, which the transmitter will see and
- reset its compression state. */
-+
-+ /* In case of MPPE/MPPC or LZS we shouldn't send CCP_RESETACK,
-+ but we do it in order to reset compressor; CCP_RESETACK is
-+ then silently discarded. See functions ppp_send_frame and
-+ ppp_ccp_peek in ppp_generic.c (Linux only !!!). All the
-+ confusion is caused by the fact that CCP code is splited
-+ into two parts - one part is handled by pppd, the other one
-+ is handled by kernel. */
-+
- fsm_sdata(f, CCP_RESETACK, id, NULL, 0);
- break;
-
-@@ -515,12 +622,11 @@
- fsm_lowerdown(&ccp_fsm[unit]);
-
- #ifdef MPPE
-- if (ccp_gotoptions[unit].mppe) {
-+ if (ccp_wantoptions[unit].mppe) {
- error("MPPE required but peer negotiation failed");
- lcp_close(unit, "MPPE required but peer negotiation failed");
- }
--#endif
--
-+#endif /* MPPE */
- }
-
- /*
-@@ -537,7 +643,7 @@
- all_rejected[f->unit] = 0;
-
- #ifdef MPPE
-- if (go->mppe) {
-+ if (go->mppe || go->mppc) {
- ccp_options *ao = &ccp_allowoptions[f->unit];
- int auth_mschap_bits = auth_done[f->unit];
- int numbits;
-@@ -551,80 +657,109 @@
- * NB: If MPPE is required, all other compression opts are invalid.
- * So, we return right away if we can't do it.
- */
-+ if (ccp_wantoptions[f->unit].mppe) {
-+ /* Leave only the mschap auth bits set */
-+ auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER |
-+ CHAP_MS2_WITHPEER | CHAP_MS2_PEER);
-+ /* Count the mschap auths */
-+ auth_mschap_bits >>= CHAP_MS_SHIFT;
-+ numbits = 0;
-+ do {
-+ numbits += auth_mschap_bits & 1;
-+ auth_mschap_bits >>= 1;
-+ } while (auth_mschap_bits);
-+ if (numbits > 1) {
-+ error("MPPE required, but auth done in both directions.");
-+ lcp_close(f->unit, "MPPE required but not available");
-+ return;
-+ }
-+ if (!numbits) {
-+ error("MPPE required, but MS-CHAP[v2] auth not performed.");
-+ lcp_close(f->unit, "MPPE required but not available");
-+ return;
-+ }
-
-- /* Leave only the mschap auth bits set */
-- auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER |
-- CHAP_MS2_WITHPEER | CHAP_MS2_PEER);
-- /* Count the mschap auths */
-- auth_mschap_bits >>= CHAP_MS_SHIFT;
-- numbits = 0;
-- do {
-- numbits += auth_mschap_bits & 1;
-- auth_mschap_bits >>= 1;
-- } while (auth_mschap_bits);
-- if (numbits > 1) {
-- error("MPPE required, but auth done in both directions.");
-- lcp_close(f->unit, "MPPE required but not available");
-- return;
-- }
-- if (!numbits) {
-- error("MPPE required, but MS-CHAP[v2] auth not performed.");
-- lcp_close(f->unit, "MPPE required but not available");
-- return;
-- }
--
-- /* A plugin (eg radius) may not have obtained key material. */
-- if (!mppe_keys_set) {
-- error("MPPE required, but keys are not available. "
-- "Possible plugin problem?");
-- lcp_close(f->unit, "MPPE required but not available");
-- return;
-- }
--
-- /* LM auth not supported for MPPE */
-- if (auth_done[f->unit] & (CHAP_MS_WITHPEER | CHAP_MS_PEER)) {
-- /* This might be noise */
-- if (go->mppe & MPPE_OPT_40) {
-- notice("Disabling 40-bit MPPE; MS-CHAP LM not supported");
-- go->mppe &= ~MPPE_OPT_40;
-- ccp_wantoptions[f->unit].mppe &= ~MPPE_OPT_40;
-+ /* A plugin (eg radius) may not have obtained key material. */
-+ if (!mppe_keys_set) {
-+ error("MPPE required, but keys are not available. "
-+ "Possible plugin problem?");
-+ lcp_close(f->unit, "MPPE required but not available");
-+ return;
- }
- }
-
-- /* Last check: can we actually negotiate something? */
-- if (!(go->mppe & (MPPE_OPT_40 | MPPE_OPT_128))) {
-- /* Could be misconfig, could be 40-bit disabled above. */
-- error("MPPE required, but both 40-bit and 128-bit disabled.");
-- lcp_close(f->unit, "MPPE required but not available");
-- return;
-+ /*
-+ * Check whether the kernel knows about the various
-+ * compression methods we might request. Key material
-+ * unimportant here.
-+ */
-+ if (go->mppc) {
-+ opt_buf[0] = CI_MPPE;
-+ opt_buf[1] = CILEN_MPPE;
-+ opt_buf[2] = 0;
-+ opt_buf[3] = 0;
-+ opt_buf[4] = 0;
-+ opt_buf[5] = MPPE_MPPC;
-+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE, 0) <= 0)
-+ go->mppc = 0;
-+ }
-+ if (go->mppe_40) {
-+ opt_buf[0] = CI_MPPE;
-+ opt_buf[1] = CILEN_MPPE;
-+ opt_buf[2] = MPPE_STATELESS;
-+ opt_buf[3] = 0;
-+ opt_buf[4] = 0;
-+ opt_buf[5] = MPPE_40BIT;
-+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0)
-+ go->mppe_40 = 0;
-+ }
-+ if (go->mppe_56) {
-+ opt_buf[0] = CI_MPPE;
-+ opt_buf[1] = CILEN_MPPE;
-+ opt_buf[2] = MPPE_STATELESS;
-+ opt_buf[3] = 0;
-+ opt_buf[4] = 0;
-+ opt_buf[5] = MPPE_56BIT;
-+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0)
-+ go->mppe_56 = 0;
-+ }
-+ if (go->mppe_128) {
-+ opt_buf[0] = CI_MPPE;
-+ opt_buf[1] = CILEN_MPPE;
-+ opt_buf[2] = MPPE_STATELESS;
-+ opt_buf[3] = 0;
-+ opt_buf[4] = 0;
-+ opt_buf[5] = MPPE_128BIT;
-+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0)
-+ go->mppe_128 = 0;
-+ }
-+ if (!go->mppe_40 && !go->mppe_56 && !go->mppe_128) {
-+ if (ccp_wantoptions[f->unit].mppe) {
-+ error("MPPE required, but kernel has no support.");
-+ lcp_close(f->unit, "MPPE required but not available");
-+ }
-+ go->mppe = go->mppe_stateless = 0;
-+ } else {
-+ /* MPPE is not compatible with other compression types */
-+ if (ccp_wantoptions[f->unit].mppe) {
-+ ao->bsd_compress = go->bsd_compress = 0;
-+ ao->predictor_1 = go->predictor_1 = 0;
-+ ao->predictor_2 = go->predictor_2 = 0;
-+ ao->deflate = go->deflate = 0;
-+ ao->lzs = go->lzs = 0;
-+ }
- }
--
-- /* sync options */
-- ao->mppe = go->mppe;
-- /* MPPE is not compatible with other compression types */
-- ao->bsd_compress = go->bsd_compress = 0;
-- ao->predictor_1 = go->predictor_1 = 0;
-- ao->predictor_2 = go->predictor_2 = 0;
-- ao->deflate = go->deflate = 0;
- }
- #endif /* MPPE */
--
-- /*
-- * Check whether the kernel knows about the various
-- * compression methods we might request.
-- */
--#ifdef MPPE
-- if (go->mppe) {
-- opt_buf[0] = CI_MPPE;
-- opt_buf[1] = CILEN_MPPE;
-- MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
-- /* Key material unimportant here. */
-- if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0) {
-- error("MPPE required, but kernel has no support.");
-- lcp_close(f->unit, "MPPE required but not available");
-- }
-+ if (go->lzs) {
-+ opt_buf[0] = CI_LZS;
-+ opt_buf[1] = CILEN_LZS;
-+ opt_buf[2] = go->lzs_hists >> 8;
-+ opt_buf[3] = go->lzs_hists & 0xff;
-+ opt_buf[4] = LZS_MODE_SEQ;
-+ if (ccp_test(f->unit, opt_buf, CILEN_LZS, 0) <= 0)
-+ go->lzs = 0;
- }
--#endif
- if (go->bsd_compress) {
- opt_buf[0] = CI_BSD_COMPRESS;
- opt_buf[1] = CILEN_BSD_COMPRESS;
-@@ -679,7 +814,8 @@
- + (go->deflate? CILEN_DEFLATE: 0)
- + (go->predictor_1? CILEN_PREDICTOR_1: 0)
- + (go->predictor_2? CILEN_PREDICTOR_2: 0)
-- + (go->mppe? CILEN_MPPE: 0);
-+ + (go->lzs? CILEN_LZS: 0)
-+ + ((go->mppe || go->mppc)? CILEN_MPPE: 0);
- }
-
- /*
-@@ -693,6 +829,8 @@
- {
- int res;
- ccp_options *go = &ccp_gotoptions[f->unit];
-+ ccp_options *ao = &ccp_allowoptions[f->unit];
-+ ccp_options *wo = &ccp_wantoptions[f->unit];
- u_char *p0 = p;
-
- /*
-@@ -701,22 +839,43 @@
- * in case it gets Acked.
- */
- #ifdef MPPE
-- if (go->mppe) {
-+ if (go->mppe || go->mppc || (!wo->mppe && ao->mppe)) {
- u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
-
-- p[0] = opt_buf[0] = CI_MPPE;
-- p[1] = opt_buf[1] = CILEN_MPPE;
-- MPPE_OPTS_TO_CI(go->mppe, &p[2]);
-- MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
-+ p[0] = CI_MPPE;
-+ p[1] = CILEN_MPPE;
-+ p[2] = (go->mppe_stateless ? MPPE_STATELESS : 0);
-+ p[3] = 0;
-+ p[4] = 0;
-+ p[5] = (go->mppe_40 ? MPPE_40BIT : 0) | (go->mppe_56 ? MPPE_56BIT : 0) |
-+ (go->mppe_128 ? MPPE_128BIT : 0) | (go->mppc ? MPPE_MPPC : 0);
-+
-+ BCOPY(p, opt_buf, CILEN_MPPE);
- BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
- res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0);
-- if (res > 0)
-+ if (res > 0) {
- p += CILEN_MPPE;
-- else
-+ } else {
- /* This shouldn't happen, we've already tested it! */
-- lcp_close(f->unit, "MPPE required but not available in kernel");
-+ go->mppe = go->mppe_40 = go->mppe_56 = go->mppe_128 =
-+ go->mppe_stateless = go->mppc = 0;
-+ if (ccp_wantoptions[f->unit].mppe)
-+ lcp_close(f->unit, "MPPE required but not available in kernel");
-+ }
-+ }
-+#endif /* MPPE */
-+ if (go->lzs) {
-+ p[0] = CI_LZS;
-+ p[1] = CILEN_LZS;
-+ p[2] = go->lzs_hists >> 8;
-+ p[3] = go->lzs_hists & 0xff;
-+ p[4] = LZS_MODE_SEQ;
-+ res = ccp_test(f->unit, p, CILEN_LZS, 0);
-+ if (res > 0) {
-+ p += CILEN_LZS;
-+ } else
-+ go->lzs = 0;
- }
--#endif
- if (go->deflate) {
- p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT;
- p[1] = CILEN_DEFLATE;
-@@ -802,7 +961,7 @@
-
- /*
- * ccp_ackci - process a received configure-ack, and return
-- * 1 iff the packet was OK.
-+ * 1 if the packet was OK.
- */
- static int
- ccp_ackci(f, p, len)
-@@ -811,24 +970,44 @@
- int len;
- {
- ccp_options *go = &ccp_gotoptions[f->unit];
-+ ccp_options *ao = &ccp_allowoptions[f->unit];
-+ ccp_options *wo = &ccp_wantoptions[f->unit];
- u_char *p0 = p;
-
- #ifdef MPPE
-- if (go->mppe) {
-- u_char opt_buf[CILEN_MPPE];
--
-- opt_buf[0] = CI_MPPE;
-- opt_buf[1] = CILEN_MPPE;
-- MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
-- if (len < CILEN_MPPE || memcmp(opt_buf, p, CILEN_MPPE))
-+ if (go->mppe || go->mppc || (!wo->mppe && ao->mppe)) {
-+ if (len < CILEN_MPPE
-+ || p[1] != CILEN_MPPE || p[0] != CI_MPPE
-+ || p[2] != (go->mppe_stateless ? MPPE_STATELESS : 0)
-+ || p[3] != 0
-+ || p[4] != 0
-+ || (p[5] != ((go->mppe_40 ? MPPE_40BIT : 0) |
-+ (go->mppc ? MPPE_MPPC : 0))
-+ && p[5] != ((go->mppe_56 ? MPPE_56BIT : 0) |
-+ (go->mppc ? MPPE_MPPC : 0))
-+ && p[5] != ((go->mppe_128 ? MPPE_128BIT : 0) |
-+ (go->mppc ? MPPE_MPPC : 0))))
- return 0;
-+ if (go->mppe_40 || go->mppe_56 || go->mppe_128)
-+ go->mppe = 1;
- p += CILEN_MPPE;
- len -= CILEN_MPPE;
-+ /* Cope with first/fast ack */
-+ if (p == p0 && len == 0)
-+ return 1;
-+ }
-+#endif /* MPPE */
-+ if (go->lzs) {
-+ if (len < CILEN_LZS || p[0] != CI_LZS || p[1] != CILEN_LZS
-+ || p[2] != go->lzs_hists>>8 || p[3] != (go->lzs_hists&0xff)
-+ || p[4] != LZS_MODE_SEQ)
-+ return 0;
-+ p += CILEN_LZS;
-+ len -= CILEN_LZS;
- /* XXX Cope with first/fast ack */
-- if (len == 0)
-+ if (p == p0 && len == 0)
- return 1;
- }
--#endif
- if (go->deflate) {
- if (len < CILEN_DEFLATE
- || p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
-@@ -891,7 +1070,7 @@
-
- /*
- * ccp_nakci - process received configure-nak.
-- * Returns 1 iff the nak was OK.
-+ * Returns 1 if the nak was OK.
- */
- static int
- ccp_nakci(f, p, len, treat_as_reject)
-@@ -900,6 +1079,8 @@
- int len;
- {
- ccp_options *go = &ccp_gotoptions[f->unit];
-+ ccp_options *ao = &ccp_allowoptions[f->unit];
-+ ccp_options *wo = &ccp_wantoptions[f->unit];
- ccp_options no; /* options we've seen already */
- ccp_options try; /* options to ask for next time */
-
-@@ -907,28 +1088,100 @@
- try = *go;
-
- #ifdef MPPE
-- if (go->mppe && len >= CILEN_MPPE
-- && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
-- no.mppe = 1;
-- /*
-- * Peer wants us to use a different strength or other setting.
-- * Fail if we aren't willing to use his suggestion.
-- */
-- MPPE_CI_TO_OPTS(&p[2], try.mppe);
-- if ((try.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful) {
-- error("Refusing MPPE stateful mode offered by peer");
-- try.mppe = 0;
-- } else if (((go->mppe | MPPE_OPT_STATEFUL) & try.mppe) != try.mppe) {
-- /* Peer must have set options we didn't request (suggest) */
-- try.mppe = 0;
-- }
-+ if ((go->mppe || go->mppc || (!wo->mppe && ao->mppe)) &&
-+ len >= CILEN_MPPE && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
-
-- if (!try.mppe) {
-- error("MPPE required but peer negotiation failed");
-- lcp_close(f->unit, "MPPE required but peer negotiation failed");
-+ if (go->mppc) {
-+ no.mppc = 1;
-+ if (!(p[5] & MPPE_MPPC))
-+ try.mppc = 0;
-+ }
-+
-+ if (go->mppe)
-+ no.mppe = 1;
-+ if (go->mppe_40)
-+ no.mppe_40 = 1;
-+ if (go->mppe_56)
-+ no.mppe_56 = 1;
-+ if (go->mppe_128)
-+ no.mppe_128 = 1;
-+ if (go->mppe_stateless)
-+ no.mppe_stateless = 1;
-+
-+ if (ao->mppe_40) {
-+ if ((p[5] & MPPE_40BIT))
-+ try.mppe_40 = 1;
-+ else
-+ try.mppe_40 = (p[5] == 0) ? 1 : 0;
-+ }
-+ if (ao->mppe_56) {
-+ if ((p[5] & MPPE_56BIT))
-+ try.mppe_56 = 1;
-+ else
-+ try.mppe_56 = (p[5] == 0) ? 1 : 0;
-+ }
-+ if (ao->mppe_128) {
-+ if ((p[5] & MPPE_128BIT))
-+ try.mppe_128 = 1;
-+ else
-+ try.mppe_128 = (p[5] == 0) ? 1 : 0;
-+ }
-+
-+ if (ao->mppe_stateless) {
-+ if ((p[2] & MPPE_STATELESS) || wo->mppe_stateless)
-+ try.mppe_stateless = 1;
-+ else
-+ try.mppe_stateless = 0;
-+ }
-+
-+ if (!try.mppe_56 && !try.mppe_40 && !try.mppe_128) {
-+ try.mppe = try.mppe_stateless = 0;
-+ if (wo->mppe) {
-+ /* we require encryption, but peer doesn't support it
-+ so we close connection */
-+ wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 =
-+ wo->mppe_56 = wo->mppe_128 = 0;
-+ lcp_close(f->unit, "MPPE required but cannot negotiate MPPE "
-+ "key length");
-+ }
-+ }
-+ if (wo->mppe && (wo->mppe_40 != try.mppe_40) &&
-+ (wo->mppe_56 != try.mppe_56) && (wo->mppe_128 != try.mppe_128)) {
-+ /* cannot negotiate key length */
-+ wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 =
-+ wo->mppe_56 = wo->mppe_128 = 0;
-+ lcp_close(f->unit, "Cannot negotiate MPPE key length");
- }
-+ if (try.mppe_40 && try.mppe_56 && try.mppe_128)
-+ try.mppe_40 = try.mppe_56 = 0;
-+ else
-+ if (try.mppe_56 && try.mppe_128)
-+ try.mppe_56 = 0;
-+ else
-+ if (try.mppe_40 && try.mppe_128)
-+ try.mppe_40 = 0;
-+ else
-+ if (try.mppe_40 && try.mppe_56)
-+ try.mppe_40 = 0;
-+
-+ p += CILEN_MPPE;
-+ len -= CILEN_MPPE;
- }
- #endif /* MPPE */
-+
-+ if (go->lzs && len >= CILEN_LZS && p[0] == CI_LZS && p[1] == CILEN_LZS) {
-+ no.lzs = 1;
-+ if (((p[2]<<8)|p[3]) > 1 || (p[4] != LZS_MODE_SEQ &&
-+ p[4] != LZS_MODE_EXT))
-+ try.lzs = 0;
-+ else {
-+ try.lzs_mode = p[4];
-+ try.lzs_hists = (p[2] << 8) | p[3];
-+ }
-+ p += CILEN_LZS;
-+ len -= CILEN_LZS;
-+ }
-+
- if (go->deflate && len >= CILEN_DEFLATE
- && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
- && p[1] == CILEN_DEFLATE) {
-@@ -1001,14 +1254,50 @@
- return -1;
-
- #ifdef MPPE
-- if (go->mppe && len >= CILEN_MPPE
-+ if ((go->mppe || go->mppc) && len >= CILEN_MPPE
- && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
-- error("MPPE required but peer refused");
-- lcp_close(f->unit, "MPPE required but peer refused");
-+ ccp_options *wo = &ccp_wantoptions[f->unit];
-+ if (p[2] != (go->mppe_stateless ? MPPE_STATELESS : 0) ||
-+ p[3] != 0 ||
-+ p[4] != 0 ||
-+ p[5] != ((go->mppe_40 ? MPPE_40BIT : 0) |
-+ (go->mppe_56 ? MPPE_56BIT : 0) |
-+ (go->mppe_128 ? MPPE_128BIT : 0) |
-+ (go->mppc ? MPPE_MPPC : 0)))
-+ return 0;
-+ if (go->mppc)
-+ try.mppc = 0;
-+ if (go->mppe) {
-+ try.mppe = 0;
-+ if (go->mppe_40)
-+ try.mppe_40 = 0;
-+ if (go->mppe_56)
-+ try.mppe_56 = 0;
-+ if (go->mppe_128)
-+ try.mppe_128 = 0;
-+ if (go->mppe_stateless)
-+ try.mppe_stateless = 0;
-+ if (!try.mppe_56 && !try.mppe_40 && !try.mppe_128)
-+ try.mppe = try.mppe_stateless = 0;
-+ if (wo->mppe) { /* we want MPPE but cannot negotiate key length */
-+ wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 =
-+ wo->mppe_56 = wo->mppe_128 = 0;
-+ lcp_close(f->unit, "MPPE required but cannot negotiate MPPE "
-+ "key length");
-+ }
-+ }
- p += CILEN_MPPE;
- len -= CILEN_MPPE;
- }
--#endif
-+#endif /* MPPE */
-+ if (go->lzs && len >= CILEN_LZS && p[0] == CI_LZS && p[1] == CILEN_LZS) {
-+ if (p[2] != go->lzs_hists>>8 || p[3] != (go->lzs_hists&0xff)
-+ || p[4] != go->lzs_mode)
-+ return 0;
-+ try.lzs = 0;
-+ p += CILEN_LZS;
-+ len -= CILEN_LZS;
-+ }
- if (go->deflate_correct && len >= CILEN_DEFLATE
- && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) {
- if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
-@@ -1072,14 +1361,15 @@
- int dont_nak;
- {
- int ret, newret, res;
-- u_char *p0, *retp;
-+ u_char *p0, *retp, p2, p5;
- int len, clen, type, nb;
- ccp_options *ho = &ccp_hisoptions[f->unit];
- ccp_options *ao = &ccp_allowoptions[f->unit];
-+ ccp_options *wo = &ccp_wantoptions[f->unit];
- #ifdef MPPE
-- bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */
-- /* CI_MPPE, or due to other options? */
--#endif
-+ u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
-+/* int mtu; */
-+#endif /* MPPE */
-
- ret = CONFACK;
- retp = p0 = p;
-@@ -1102,103 +1392,305 @@
- switch (type) {
- #ifdef MPPE
- case CI_MPPE:
-- if (!ao->mppe || clen != CILEN_MPPE) {
-+ if ((!ao->mppc && !ao->mppe) || clen != CILEN_MPPE) {
- newret = CONFREJ;
- break;
- }
-- MPPE_CI_TO_OPTS(&p[2], ho->mppe);
-
-- /* Nak if anything unsupported or unknown are set. */
-- if (ho->mppe & MPPE_OPT_UNSUPPORTED) {
-- newret = CONFNAK;
-- ho->mppe &= ~MPPE_OPT_UNSUPPORTED;
-- }
-- if (ho->mppe & MPPE_OPT_UNKNOWN) {
-+ p2 = p[2];
-+ p5 = p[5];
-+ /* not sure what they want, tell 'em what we got */
-+ if (((p[2] & ~MPPE_STATELESS) != 0 || p[3] != 0 || p[4] != 0 ||
-+ (p[5] & ~(MPPE_40BIT | MPPE_56BIT | MPPE_128BIT |
-+ MPPE_MPPC)) != 0 || p[5] == 0) ||
-+ (p[2] == 0 && p[3] == 0 && p[4] == 0 && p[5] == 0)) {
- newret = CONFNAK;
-- ho->mppe &= ~MPPE_OPT_UNKNOWN;
-+ p[2] = (wo->mppe_stateless ? MPPE_STATELESS : 0);
-+ p[3] = 0;
-+ p[4] = 0;
-+ p[5] = (wo->mppe_40 ? MPPE_40BIT : 0) |
-+ (wo->mppe_56 ? MPPE_56BIT : 0) |
-+ (wo->mppe_128 ? MPPE_128BIT : 0) |
-+ (wo->mppc ? MPPE_MPPC : 0);
-+ break;
- }
-
-- /* Check state opt */
-- if (ho->mppe & MPPE_OPT_STATEFUL) {
-- /*
-- * We can Nak and request stateless, but it's a
-- * lot easier to just assume the peer will request
-- * it if he can do it; stateful mode is bad over
-- * the Internet -- which is where we expect MPPE.
-- */
-- if (refuse_mppe_stateful) {
-- error("Refusing MPPE stateful mode offered by peer");
-+ if ((p[5] & MPPE_MPPC)) {
-+ if (ao->mppc) {
-+ ho->mppc = 1;
-+ BCOPY(p, opt_buf, CILEN_MPPE);
-+ opt_buf[2] = opt_buf[3] = opt_buf[4] = 0;
-+ opt_buf[5] = MPPE_MPPC;
-+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE, 1) <= 0) {
-+ ho->mppc = 0;
-+ p[5] &= ~MPPE_MPPC;
-+ newret = CONFNAK;
-+ }
-+ } else {
- newret = CONFREJ;
-- break;
-+ if (wo->mppe || ao->mppe) {
-+ p[5] &= ~MPPE_MPPC;
-+ newret = CONFNAK;
-+ }
-+ }
-+ }
-+
-+ if (ao->mppe)
-+ ho->mppe = 1;
-+
-+ if ((p[2] & MPPE_STATELESS)) {
-+ if (ao->mppe_stateless) {
-+ if (wo->mppe_stateless)
-+ ho->mppe_stateless = 1;
-+ else {
-+ newret = CONFNAK;
-+ if (!dont_nak)
-+ p[2] &= ~MPPE_STATELESS;
-+ }
-+ } else {
-+ newret = CONFNAK;
-+ if (!dont_nak)
-+ p[2] &= ~MPPE_STATELESS;
-+ }
-+ } else {
-+ if (wo->mppe_stateless && !dont_nak) {
-+ wo->mppe_stateless = 0;
-+ newret = CONFNAK;
-+ p[2] |= MPPE_STATELESS;
- }
- }
-
-- /* Find out which of {S,L} are set. */
-- if ((ho->mppe & MPPE_OPT_128)
-- && (ho->mppe & MPPE_OPT_40)) {
-- /* Both are set, negotiate the strongest. */
-+ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_56BIT|MPPE_128BIT)) {
- newret = CONFNAK;
-- if (ao->mppe & MPPE_OPT_128)
-- ho->mppe &= ~MPPE_OPT_40;
-- else if (ao->mppe & MPPE_OPT_40)
-- ho->mppe &= ~MPPE_OPT_128;
-- else {
-- newret = CONFREJ;
-- break;
-+ if (ao->mppe_128) {
-+ ho->mppe_128 = 1;
-+ p[5] &= ~(MPPE_40BIT|MPPE_56BIT);
-+ BCOPY(p, opt_buf, CILEN_MPPE);
-+ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
-+ MPPE_MAX_KEY_LEN);
-+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
-+ MPPE_MAX_KEY_LEN, 1) <= 0) {
-+ ho->mppe_128 = 0;
-+ p[5] |= (MPPE_40BIT|MPPE_56BIT);
-+ p[5] &= ~MPPE_128BIT;
-+ goto check_mppe_56_40;
-+ }
-+ goto check_mppe;
- }
-- } else if (ho->mppe & MPPE_OPT_128) {
-- if (!(ao->mppe & MPPE_OPT_128)) {
-- newret = CONFREJ;
-- break;
-+ p[5] &= ~MPPE_128BIT;
-+ goto check_mppe_56_40;
-+ }
-+ if ((p[5] & ~MPPE_MPPC) == (MPPE_56BIT|MPPE_128BIT)) {
-+ newret = CONFNAK;
-+ if (ao->mppe_128) {
-+ ho->mppe_128 = 1;
-+ p[5] &= ~MPPE_56BIT;
-+ BCOPY(p, opt_buf, CILEN_MPPE);
-+ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
-+ MPPE_MAX_KEY_LEN);
-+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
-+ MPPE_MAX_KEY_LEN, 1) <= 0) {
-+ ho->mppe_128 = 0;
-+ p[5] |= MPPE_56BIT;
-+ p[5] &= ~MPPE_128BIT;
-+ goto check_mppe_56;
-+ }
-+ goto check_mppe;
- }
-- } else if (ho->mppe & MPPE_OPT_40) {
-- if (!(ao->mppe & MPPE_OPT_40)) {
-- newret = CONFREJ;
-- break;
-+ p[5] &= ~MPPE_128BIT;
-+ goto check_mppe_56;
-+ }
-+ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_128BIT)) {
-+ newret = CONFNAK;
-+ if (ao->mppe_128) {
-+ ho->mppe_128 = 1;
-+ p[5] &= ~MPPE_40BIT;
-+ BCOPY(p, opt_buf, CILEN_MPPE);
-+ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
-+ MPPE_MAX_KEY_LEN);
-+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
-+ MPPE_MAX_KEY_LEN, 1) <= 0) {
-+ ho->mppe_128 = 0;
-+ p[5] |= MPPE_40BIT;
-+ p[5] &= ~MPPE_128BIT;
-+ goto check_mppe_40;
-+ }
-+ goto check_mppe;
-+ }
-+ p[5] &= ~MPPE_128BIT;
-+ goto check_mppe_40;
-+ }
-+ if ((p[5] & ~MPPE_MPPC) == MPPE_128BIT) {
-+ if (ao->mppe_128) {
-+ ho->mppe_128 = 1;
-+ BCOPY(p, opt_buf, CILEN_MPPE);
-+ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
-+ MPPE_MAX_KEY_LEN);
-+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
-+ MPPE_MAX_KEY_LEN, 1) <= 0) {
-+ ho->mppe_128 = 0;
-+ p[5] &= ~MPPE_128BIT;
-+ newret = CONFNAK;
-+ }
-+ goto check_mppe;
-+ }
-+ p[5] &= ~MPPE_128BIT;
-+ newret = CONFNAK;
-+ goto check_mppe;
-+ }
-+ check_mppe_56_40:
-+ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_56BIT)) {
-+ newret = CONFNAK;
-+ if (ao->mppe_56) {
-+ ho->mppe_56 = 1;
-+ p[5] &= ~MPPE_40BIT;
-+ BCOPY(p, opt_buf, CILEN_MPPE);
-+ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
-+ MPPE_MAX_KEY_LEN);
-+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
-+ MPPE_MAX_KEY_LEN, 1) <= 0) {
-+ ho->mppe_56 = 0;
-+ p[5] |= MPPE_40BIT;
-+ p[5] &= ~MPPE_56BIT;
-+ newret = CONFNAK;
-+ goto check_mppe_40;
-+ }
-+ goto check_mppe;
-+ }
-+ p[5] &= ~MPPE_56BIT;
-+ goto check_mppe_40;
-+ }
-+ check_mppe_56:
-+ if ((p[5] & ~MPPE_MPPC) == MPPE_56BIT) {
-+ if (ao->mppe_56) {
-+ ho->mppe_56 = 1;
-+ BCOPY(p, opt_buf, CILEN_MPPE);
-+ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
-+ MPPE_MAX_KEY_LEN);
-+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
-+ MPPE_MAX_KEY_LEN, 1) <= 0) {
-+ ho->mppe_56 = 0;
-+ p[5] &= ~MPPE_56BIT;
-+ newret = CONFNAK;
-+ }
-+ goto check_mppe;
-+ }
-+ p[5] &= ~MPPE_56BIT;
-+ newret = CONFNAK;
-+ goto check_mppe;
-+ }
-+ check_mppe_40:
-+ if ((p[5] & ~MPPE_MPPC) == MPPE_40BIT) {
-+ if (ao->mppe_40) {
-+ ho->mppe_40 = 1;
-+ BCOPY(p, opt_buf, CILEN_MPPE);
-+ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
-+ MPPE_MAX_KEY_LEN);
-+ if (ccp_test(f->unit, opt_buf, CILEN_MPPE +
-+ MPPE_MAX_KEY_LEN, 1) <= 0) {
-+ ho->mppe_40 = 0;
-+ p[5] &= ~MPPE_40BIT;
-+ newret = CONFNAK;
-+ }
-+ goto check_mppe;
-+ }
-+ p[5] &= ~MPPE_40BIT;
-+ }
-+
-+ check_mppe:
-+ if (!ho->mppe_40 && !ho->mppe_56 && !ho->mppe_128) {
-+ if (wo->mppe_40 || wo->mppe_56 || wo->mppe_128) {
-+ newret = CONFNAK;
-+ p[2] |= (wo->mppe_stateless ? MPPE_STATELESS : 0);
-+ p[5] |= (wo->mppe_40 ? MPPE_40BIT : 0) |
-+ (wo->mppe_56 ? MPPE_56BIT : 0) |
-+ (wo->mppe_128 ? MPPE_128BIT : 0) |
-+ (wo->mppc ? MPPE_MPPC : 0);
-+ } else {
-+ ho->mppe = ho->mppe_stateless = 0;
- }
- } else {
-- /* Neither are set. */
-+ /* MPPE is not compatible with other compression types */
-+ if (wo->mppe) {
-+ ao->bsd_compress = 0;
-+ ao->predictor_1 = 0;
-+ ao->predictor_2 = 0;
-+ ao->deflate = 0;
-+ ao->lzs = 0;
-+ }
-+ }
-+ if ((!ho->mppc || !ao->mppc) && !ho->mppe) {
-+ p[2] = p2;
-+ p[5] = p5;
- newret = CONFREJ;
- break;
- }
-
-- /* rebuild the opts */
-- MPPE_OPTS_TO_CI(ho->mppe, &p[2]);
-- if (newret == CONFACK) {
-- u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
-- int mtu;
--
-- BCOPY(p, opt_buf, CILEN_MPPE);
-- BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
-- MPPE_MAX_KEY_LEN);
-- if (ccp_test(f->unit, opt_buf,
-- CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) {
-- /* This shouldn't happen, we've already tested it! */
-- error("MPPE required, but kernel has no support.");
-- lcp_close(f->unit, "MPPE required but not available");
-- newret = CONFREJ;
-- break;
-- }
-- /*
-- * We need to decrease the interface MTU by MPPE_PAD
-- * because MPPE frames **grow**. The kernel [must]
-- * allocate MPPE_PAD extra bytes in xmit buffers.
-- */
-- mtu = netif_get_mtu(f->unit);
-- if (mtu)
-- netif_set_mtu(f->unit, mtu - MPPE_PAD);
-- else
-- newret = CONFREJ;
-- }
-+ /*
-+ * I have commented the code below because according to RFC1547
-+ * MTU is only information for higher level protocols about
-+ * "the maximum allowable length for a packet (q.v.) transmitted
-+ * over a point-to-point link without incurring network layer
-+ * fragmentation." Of course a PPP implementation should be able
-+ * to handle overhead added by MPPE - in our case apropriate code
-+ * is located in drivers/net/ppp_generic.c in the kernel sources.
-+ *
-+ * According to RFC1661:
-+ * - when negotiated MRU is less than 1500 octets, a PPP
-+ * implementation must still be able to receive at least 1500
-+ * octets,
-+ * - when PFC is negotiated, a PPP implementation is still
-+ * required to receive frames with uncompressed protocol field.
-+ *
-+ * So why not to handle MPPE overhead without changing MTU value?
-+ * I am sure that RFC3078, unfortunately silently, assumes that.
-+ */
-
- /*
-- * We have accepted MPPE or are willing to negotiate
-- * MPPE parameters. A CONFREJ is due to subsequent
-- * (non-MPPE) processing.
-+ * We need to decrease the interface MTU by MPPE_PAD
-+ * because MPPE frames **grow**. The kernel [must]
-+ * allocate MPPE_PAD extra bytes in xmit buffers.
- */
-- rej_for_ci_mppe = 0;
-+/*
-+ mtu = netif_get_mtu(f->unit);
-+ if (mtu) {
-+ netif_set_mtu(f->unit, mtu - MPPE_PAD);
-+ } else {
-+ newret = CONFREJ;
-+ if (ccp_wantoptions[f->unit].mppe) {
-+ error("Cannot adjust MTU needed by MPPE.");
-+ lcp_close(f->unit, "Cannot adjust MTU needed by MPPE.");
-+ }
-+ }
-+*/
- break;
- #endif /* MPPE */
-+
-+ case CI_LZS:
-+ if (!ao->lzs || clen != CILEN_LZS) {
-+ newret = CONFREJ;
-+ break;
-+ }
-+
-+ ho->lzs = 1;
-+ ho->lzs_hists = (p[2] << 8) | p[3];
-+ ho->lzs_mode = p[4];
-+ if ((ho->lzs_hists != ao->lzs_hists) ||
-+ (ho->lzs_mode != ao->lzs_mode)) {
-+ newret = CONFNAK;
-+ if (!dont_nak) {
-+ p[2] = ao->lzs_hists >> 8;
-+ p[3] = ao->lzs_hists & 0xff;
-+ p[4] = ao->lzs_mode;
-+ } else
-+ break;
-+ }
-+
-+ if (p == p0 && ccp_test(f->unit, p, CILEN_LZS, 1) <= 0) {
-+ newret = CONFREJ;
-+ }
-+ break;
-+
- case CI_DEFLATE:
- case CI_DEFLATE_DRAFT:
- if (!ao->deflate || clen != CILEN_DEFLATE
-@@ -1340,12 +1832,6 @@
- else
- *lenp = retp - p0;
- }
--#ifdef MPPE
-- if (ret == CONFREJ && ao->mppe && rej_for_ci_mppe) {
-- error("MPPE required but peer negotiation failed");
-- lcp_close(f->unit, "MPPE required but peer negotiation failed");
-- }
--#endif
- return ret;
- }
-
-@@ -1367,24 +1853,35 @@
- char *p = result;
- char *q = result + sizeof(result); /* 1 past result */
-
-- slprintf(p, q - p, "MPPE ");
-- p += 5;
-- if (opt->mppe & MPPE_OPT_128) {
-- slprintf(p, q - p, "128-bit ");
-- p += 8;
-- }
-- if (opt->mppe & MPPE_OPT_40) {
-- slprintf(p, q - p, "40-bit ");
-- p += 7;
-- }
-- if (opt->mppe & MPPE_OPT_STATEFUL)
-- slprintf(p, q - p, "stateful");
-- else
-- slprintf(p, q - p, "stateless");
--
-+ if (opt->mppe) {
-+ if (opt->mppc) {
-+ slprintf(p, q - p, "MPPC/MPPE ");
-+ p += 10;
-+ } else {
-+ slprintf(p, q - p, "MPPE ");
-+ p += 5;
-+ }
-+ if (opt->mppe_128) {
-+ slprintf(p, q - p, "128-bit ");
-+ p += 8;
-+ } else if (opt->mppe_56) {
-+ slprintf(p, q - p, "56-bit ");
-+ p += 7;
-+ } else if (opt->mppe_40) {
-+ slprintf(p, q - p, "40-bit ");
-+ p += 7;
-+ }
-+ if (opt->mppe_stateless)
-+ slprintf(p, q - p, "stateless");
-+ else
-+ slprintf(p, q - p, "stateful");
-+ } else if (opt->mppc)
-+ slprintf(p, q - p, "MPPC");
- break;
- }
--#endif
-+#endif /* MPPE */
-+ case CI_LZS:
-+ return "Stac LZS";
- case CI_DEFLATE:
- case CI_DEFLATE_DRAFT:
- if (opt2 != NULL && opt2->deflate_size != opt->deflate_size)
-@@ -1440,12 +1937,12 @@
- } else if (ANY_COMPRESS(*ho))
- notice("%s transmit compression enabled", method_name(ho, NULL));
- #ifdef MPPE
-- if (go->mppe) {
-+ if (go->mppe || go->mppc) {
- BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN);
- BZERO(mppe_send_key, MPPE_MAX_KEY_LEN);
- continue_networks(f->unit); /* Bring up IP et al */
- }
--#endif
-+#endif /* MPPE */
- }
-
- /*
-@@ -1468,7 +1965,7 @@
- lcp_close(f->unit, "MPPE disabled");
- }
- }
--#endif
-+#endif /* MPPE */
- }
-
- /*
-@@ -1528,24 +2025,28 @@
- #ifdef MPPE
- case CI_MPPE:
- if (optlen >= CILEN_MPPE) {
-- u_char mppe_opts;
--
-- MPPE_CI_TO_OPTS(&p[2], mppe_opts);
-- printer(arg, "mppe %s %s %s %s %s %s%s",
-- (p[2] & MPPE_H_BIT)? "+H": "-H",
-- (p[5] & MPPE_M_BIT)? "+M": "-M",
-- (p[5] & MPPE_S_BIT)? "+S": "-S",
-- (p[5] & MPPE_L_BIT)? "+L": "-L",
-+ printer(arg, "mppe %s %s %s %s %s %s",
-+ (p[2] & MPPE_STATELESS)? "+H": "-H",
-+ (p[5] & MPPE_56BIT)? "+M": "-M",
-+ (p[5] & MPPE_128BIT)? "+S": "-S",
-+ (p[5] & MPPE_40BIT)? "+L": "-L",
- (p[5] & MPPE_D_BIT)? "+D": "-D",
-- (p[5] & MPPE_C_BIT)? "+C": "-C",
-- (mppe_opts & MPPE_OPT_UNKNOWN)? " +U": "");
-- if (mppe_opts & MPPE_OPT_UNKNOWN)
-+ (p[5] & MPPE_MPPC)? "+C": "-C");
-+ if ((p[5] & ~(MPPE_56BIT | MPPE_128BIT | MPPE_40BIT |
-+ MPPE_D_BIT | MPPE_MPPC)) ||
-+ (p[2] & ~MPPE_STATELESS))
- printer(arg, " (%.2x %.2x %.2x %.2x)",
- p[2], p[3], p[4], p[5]);
- p += CILEN_MPPE;
- }
- break;
--#endif
-+#endif /* MPPE */
-+ case CI_LZS:
-+ if (optlen >= CILEN_LZS) {
-+ printer(arg, "lzs %.2x %.2x %.2x", p[2], p[3], p[4]);
-+ p += CILEN_LZS;
-+ }
-+ break;
- case CI_DEFLATE:
- case CI_DEFLATE_DRAFT:
- if (optlen >= CILEN_DEFLATE) {
-@@ -1631,6 +2132,7 @@
- error("Lost compression sync: disabling compression");
- ccp_close(unit, "Lost compression sync");
- #ifdef MPPE
-+ /* My module dosn't need this. J.D., 2003-07-06 */
- /*
- * If we were doing MPPE, we must also take the link down.
- */
-@@ -1638,9 +2140,18 @@
- error("Too many MPPE errors, closing LCP");
- lcp_close(unit, "Too many MPPE errors");
- }
--#endif
-+#endif /* MPPE */
- } else {
- /*
-+ * When LZS or MPPE/MPPC is negotiated we just send CCP_RESETREQ
-+ * and don't wait for CCP_RESETACK
-+ */
-+ if ((ccp_gotoptions[f->unit].method == CI_LZS) ||
-+ (ccp_gotoptions[f->unit].method == CI_MPPE)) {
-+ fsm_sdata(f, CCP_RESETREQ, f->reqid = ++f->id, NULL, 0);
-+ return;
-+ }
-+ /*
- * Send a reset-request to reset the peer's compressor.
- * We don't do that if we are still waiting for an
- * acknowledgement to a previous reset-request.
-@@ -1671,4 +2182,3 @@
- } else
- ccp_localstate[f->unit] &= ~RACK_PENDING;
- }
--
-diff -ruN ppp-2.4.3-orig/pppd/ccp.h ppp-2.4.3-3/pppd/ccp.h
---- ppp-2.4.3-orig/pppd/ccp.h 2004-11-04 11:02:26.000000000 +0100
-+++ ppp-2.4.3-3/pppd/ccp.h 2004-12-05 17:51:27.000000000 +0100
-@@ -37,9 +37,17 @@
- bool predictor_2; /* do Predictor-2? */
- bool deflate_correct; /* use correct code for deflate? */
- bool deflate_draft; /* use draft RFC code for deflate? */
-+ bool lzs; /* do Stac LZS? */
-+ bool mppc; /* do MPPC? */
- bool mppe; /* do MPPE? */
-+ bool mppe_40; /* allow 40 bit encryption? */
-+ bool mppe_56; /* allow 56 bit encryption? */
-+ bool mppe_128; /* allow 128 bit encryption? */
-+ bool mppe_stateless; /* allow stateless encryption */
- u_short bsd_bits; /* # bits/code for BSD Compress */
- u_short deflate_size; /* lg(window size) for Deflate */
-+ u_short lzs_mode; /* LZS check mode */
-+ u_short lzs_hists; /* number of LZS histories */
- short method; /* code for chosen compression method */
- } ccp_options;
-
-diff -ruN ppp-2.4.3-orig/pppd/chap_ms.c ppp-2.4.3-3/pppd/chap_ms.c
---- ppp-2.4.3-orig/pppd/chap_ms.c 2004-11-12 10:57:43.000000000 +0100
-+++ ppp-2.4.3-3/pppd/chap_ms.c 2004-12-05 17:51:27.000000000 +0100
-@@ -895,13 +895,17 @@
- /*
- * Disable undesirable encryption types. Note that we don't ENABLE
- * any encryption types, to avoid overriding manual configuration.
-+ *
-+ * It seems that 56 bit keys are unsupported in MS-RADIUS (see RFC 2548)
- */
- switch(types) {
- case MPPE_ENC_TYPES_RC4_40:
-- ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
-+ ccp_wantoptions[0].mppe_128 = 0; /* disable 128-bit */
-+ ccp_wantoptions[0].mppe_56 = 0; /* disable 56-bit */
- break;
- case MPPE_ENC_TYPES_RC4_128:
-- ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
-+ ccp_wantoptions[0].mppe_56 = 0; /* disable 56-bit */
-+ ccp_wantoptions[0].mppe_40 = 0; /* disable 40-bit */
- break;
- default:
- break;
-diff -ruN ppp-2.4.3-orig/pppd/plugins/Makefile.linux ppp-2.4.3-3/pppd/plugins/Makefile.linux
---- ppp-2.4.3-orig/pppd/plugins/Makefile.linux 2004-11-14 08:57:35.000000000 +0100
-+++ ppp-2.4.3-3/pppd/plugins/Makefile.linux 2004-12-05 17:03:59.000000000 +0100
-@@ -9,7 +9,7 @@
- MANDIR = $(DESTDIR)/share/man/man8
- LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
-
--SUBDIRS := rp-pppoe pppoatm radius
-+SUBDIRS := rp-pppoe radius
- # Uncomment the next line to include the radius authentication plugin
- # SUBDIRS += radius
- PLUGINS := minconn.so passprompt.so passwordfd.so winbind.so
-diff -ruN ppp-2.4.3-orig/pppd/plugins/radius/Makefile.linux ppp-2.4.3-3/pppd/plugins/radius/Makefile.linux
---- ppp-2.4.3-orig/pppd/plugins/radius/Makefile.linux 2004-11-14 08:02:31.000000000 +0100
-+++ ppp-2.4.3-3/pppd/plugins/radius/Makefile.linux 2004-12-05 17:43:17.000000000 +0100
-@@ -12,7 +12,8 @@
- INSTALL = install
-
- PLUGIN=radius.so radattr.so radrealms.so
--CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
-+COPTS = -O2
-+CFLAGS=-I. -I../.. -I../../../include $(COPTS) -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
-
- # Uncomment the next line to include support for Microsoft's
- # MS-CHAP authentication protocol.
-@@ -36,9 +37,9 @@
-
- install: all
- $(INSTALL) -d -m 755 $(LIBDIR)
-- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR)
-- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR)
-- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR)
-+ $(INSTALL) -c -m 755 radius.so $(LIBDIR)
-+ $(INSTALL) -c -m 755 radattr.so $(LIBDIR)
-+ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR)
- $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR)
- $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
-
-diff -ruN ppp-2.4.3-orig/pppd/plugins/radius/config.c ppp-2.4.3-3/pppd/plugins/radius/config.c
---- ppp-2.4.3-orig/pppd/plugins/radius/config.c 2004-11-14 08:26:26.000000000 +0100
-+++ ppp-2.4.3-3/pppd/plugins/radius/config.c 2004-12-16 04:03:46.000000000 +0100
-@@ -369,31 +369,37 @@
- }
- #endif
-
-+#if 0
- if (rc_conf_int("login_tries") <= 0)
- {
- error("%s: login_tries <= 0 is illegal", filename);
- return (-1);
- }
-+#endif
- if (rc_conf_str("seqfile") == NULL)
- {
- error("%s: seqfile not specified", filename);
- return (-1);
- }
-+#if 0
- if (rc_conf_int("login_timeout") <= 0)
- {
- error("%s: login_timeout <= 0 is illegal", filename);
- return (-1);
- }
-+#endif
- if (rc_conf_str("mapfile") == NULL)
- {
- error("%s: mapfile not specified", filename);
- return (-1);
- }
-+#if 0
- if (rc_conf_str("nologin") == NULL)
- {
- error("%s: nologin not specified", filename);
- return (-1);
- }
-+#endif
-
- return 0;
- }
-diff -ruN ppp-2.4.3-orig/pppd/plugins/radius/options.h ppp-2.4.3-3/pppd/plugins/radius/options.h
---- ppp-2.4.3-orig/pppd/plugins/radius/options.h 2004-11-14 08:26:26.000000000 +0100
-+++ ppp-2.4.3-3/pppd/plugins/radius/options.h 2004-12-16 04:09:16.000000000 +0100
-@@ -31,24 +31,21 @@
- static SERVER acctserver = {0};
- static SERVER authserver = {0};
-
--int default_tries = 4;
--int default_timeout = 60;
--
- static OPTION config_options[] = {
- /* internally used options */
- {"config_file", OT_STR, ST_UNDEF, NULL},
- /* General options */
- {"auth_order", OT_AUO, ST_UNDEF, NULL},
--{"login_tries", OT_INT, ST_UNDEF, &default_tries},
--{"login_timeout", OT_INT, ST_UNDEF, &default_timeout},
--{"nologin", OT_STR, ST_UNDEF, "/etc/nologin"},
--{"issue", OT_STR, ST_UNDEF, "/etc/radiusclient/issue"},
-+{"login_tries", OT_INT, ST_UNDEF, NULL},
-+{"login_timeout", OT_INT, ST_UNDEF, NULL},
-+{"nologin", OT_STR, ST_UNDEF, NULL},
-+{"issue", OT_STR, ST_UNDEF, NULL},
- /* RADIUS specific options */
- {"authserver", OT_SRV, ST_UNDEF, &authserver},
- {"acctserver", OT_SRV, ST_UNDEF, &acctserver},
- {"servers", OT_STR, ST_UNDEF, NULL},
- {"dictionary", OT_STR, ST_UNDEF, NULL},
--{"login_radius", OT_STR, ST_UNDEF, "/usr/sbin/login.radius"},
-+{"login_radius", OT_STR, ST_UNDEF, NULL},
- {"seqfile", OT_STR, ST_UNDEF, NULL},
- {"mapfile", OT_STR, ST_UNDEF, NULL},
- {"default_realm", OT_STR, ST_UNDEF, NULL},
-diff -ruN ppp-2.4.3-orig/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.3-3/pppd/plugins/rp-pppoe/Makefile.linux
---- ppp-2.4.3-orig/pppd/plugins/rp-pppoe/Makefile.linux 2004-11-14 08:58:37.000000000 +0100
-+++ ppp-2.4.3-3/pppd/plugins/rp-pppoe/Makefile.linux 2004-12-05 17:43:23.000000000 +0100
-@@ -39,9 +39,9 @@
-
- install: all
- $(INSTALL) -d -m 755 $(LIBDIR)
-- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR)
-+ $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR)
- $(INSTALL) -d -m 755 $(BINDIR)
-- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR)
-+ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
-
- clean:
- rm -f *.o *.so
-diff -ruN ppp-2.4.3-orig/pppd/plugins/rp-pppoe/plugin.c ppp-2.4.3-3/pppd/plugins/rp-pppoe/plugin.c
---- ppp-2.4.3-orig/pppd/plugins/rp-pppoe/plugin.c 2004-11-04 11:07:37.000000000 +0100
-+++ ppp-2.4.3-3/pppd/plugins/rp-pppoe/plugin.c 2004-12-16 01:07:22.000000000 +0100
-@@ -286,7 +286,7 @@
- /* Strip off "nic-" */
- cmd += 4;
- } else if (strlen(cmd) < 4
-- || (strncmp(cmd, "eth", 3) && strncmp(cmd, "nas", 3)
-+ || (strncmp(cmd, "eth", 3) && strncmp(cmd, "nas", 3) && strncmp(cmd, "vlan", 4)
- && strncmp(cmd, "tap", 3) && strncmp(cmd, "br", 2))) {
- return 0;
- }
-diff -ruN ppp-2.4.3-orig/pppd/pppd.8 ppp-2.4.3-3/pppd/pppd.8
---- ppp-2.4.3-orig/pppd/pppd.8 2004-11-13 13:22:49.000000000 +0100
-+++ ppp-2.4.3-3/pppd/pppd.8 2004-12-05 17:51:27.000000000 +0100
-@@ -622,9 +622,29 @@
- Enables the use of PPP multilink; this is an alias for the `multilink'
- option. This option is currently only available under Linux.
- .TP
--.B mppe\-stateful
--Allow MPPE to use stateful mode. Stateless mode is still attempted first.
--The default is to disallow stateful mode.
-+.B mppc
-+Enables MPPC (Microsoft Point to Point Compression). This is the default.
-+.TP
-+.B mppe \fIsubopt1[,subopt2[,subopt3[..]]]
-+Modify MPPE (Microsoft Point to Point Encryption) parameters. In order
-+for MPPE to successfully come up, you must have authenticated with either
-+MS-CHAP or MS-CHAPv2. By default MPPE is optional, it means that pppd will
-+not propose MPPE to the peer, but will negotiate MPPE if peer wants that.
-+You can change this using \fIrequired\fR suboption.
-+This option is presently only supported under Linux, and only if your
-+kernel has been configured to include MPPE support.
-+.IP
-+MPPE suboptions:
-+.br
-+\fIrequired\fR - require MPPE; disconnect if peer doesn't support it,
-+.br
-+\fIstateless\fR - try to negotiate stateless mode; default is stateful,
-+.br
-+\fIno40\fR - disable 40 bit keys,
-+.br
-+\fIno56\fR - disable 56 bit keys,
-+.br
-+\fIno128\fR - disable 128 bit keys
- .TP
- .B mpshortseq
- Enables the use of short (12-bit) sequence numbers in multilink
-@@ -757,17 +777,11 @@
- Disables the use of PPP multilink. This option is currently only
- available under Linux.
- .TP
--.B nomppe
--Disables MPPE (Microsoft Point to Point Encryption). This is the default.
--.TP
--.B nomppe\-40
--Disable 40-bit encryption with MPPE.
-+.B nomppc
-+Disables MPPC (Microsoft Point to Point Compression).
- .TP
--.B nomppe\-128
--Disable 128-bit encryption with MPPE.
--.TP
--.B nomppe\-stateful
--Disable MPPE stateful mode. This is the default.
-+.B nomppe
-+Disables MPPE (Microsoft Point to Point Encryption).
- .TP
- .B nompshortseq
- Disables the use of short (12-bit) sequence numbers in the PPP
-@@ -948,19 +962,6 @@
- Require the peer to authenticate itself using CHAP [Challenge
- Handshake Authentication Protocol] authentication.
- .TP
--.B require\-mppe
--Require the use of MPPE (Microsoft Point to Point Encryption). This
--option disables all other compression types. This option enables
--both 40-bit and 128-bit encryption. In order for MPPE to successfully
--come up, you must have authenticated with either MS\-CHAP or MS\-CHAPv2.
--This option is presently only supported under Linux, and only if your
--kernel has been configured to include MPPE support.
--.TP
--.B require\-mppe\-40
--Require the use of MPPE, with 40-bit encryption.
--.TP
--.B require\-mppe\-128
--Require the use of MPPE, with 128-bit encryption.
- .TP
- .B require\-mschap
- Require the peer to authenticate itself using MS\-CHAP [Microsoft Challenge
-diff -ruN ppp-2.4.3-orig/pppdump/Makefile.linux ppp-2.4.3-3/pppdump/Makefile.linux
---- ppp-2.4.3-orig/pppdump/Makefile.linux 2004-10-31 02:36:52.000000000 +0200
-+++ ppp-2.4.3-3/pppdump/Makefile.linux 2004-12-05 17:50:34.000000000 +0100
-@@ -2,7 +2,8 @@
- BINDIR = $(DESTDIR)/sbin
- MANDIR = $(DESTDIR)/share/man/man8
-
--CFLAGS= -O -I../include/net
-+COPTS = -O
-+CFLAGS= $(COPTS) -I../include/net
- OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
-
- INSTALL= install
-@@ -17,5 +18,5 @@
-
- install:
- mkdir -p $(BINDIR) $(MANDIR)
-- $(INSTALL) -s -c pppdump $(BINDIR)
-+ $(INSTALL) -c pppdump $(BINDIR)
- $(INSTALL) -c -m 444 pppdump.8 $(MANDIR)
-diff -ruN ppp-2.4.3-orig/pppstats/Makefile.linux ppp-2.4.3-3/pppstats/Makefile.linux
---- ppp-2.4.3-orig/pppstats/Makefile.linux 2004-10-31 23:09:03.000000000 +0100
-+++ ppp-2.4.3-3/pppstats/Makefile.linux 2004-12-05 17:43:38.000000000 +0100
-@@ -22,7 +22,7 @@
-
- install: pppstats
- -mkdir -p $(MANDIR)
-- $(INSTALL) -s -c pppstats $(BINDIR)
-+ $(INSTALL) -c pppstats $(BINDIR)
- $(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
-
- pppstats: $(PPPSTATSRCS)
projects / openwrt / staging / zorun.git / commitdiff