aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch
diff options
context:
space:
mode:
authorHauke Mehrtens <hauke@hauke-m.de>2021-01-03 03:29:02 +0100
committerHauke Mehrtens <hauke@hauke-m.de>2021-02-24 00:30:20 +0100
commit030bc39c350d301d3cbca4725e845a752c359c5f (patch)
tree8c8d755375f67586ca56fc5b253ebc71af55fee4 /package/network/services/ppp/patches/201-mppe_mppc_1.1.patch
parent12a80e44b914a00fa39daae5474b3964f246ddc3 (diff)
downloadupstream-030bc39c350d301d3cbca4725e845a752c359c5f.tar.gz
upstream-030bc39c350d301d3cbca4725e845a752c359c5f.tar.bz2
upstream-030bc39c350d301d3cbca4725e845a752c359c5f.zip
ppp: Update to version 2.4.9
Upstream integrated multiple patches from Distributions and did other changes: * rp-pppoe.so was renamed to pppoe.so * Converted to ANSI C The following patches were applied upstream: * 100-debian_ip-ip_option.patch * 101-debian_close_dev_ppp.patch * 103-debian_fix_link_pidfile.patch * 106-debian_stripMSdomain.patch * 107-debian_pppoatm_wildcard.patch * 110-debian_defaultroute.patch * 202-no_strip.patch Compilation with musl libc was fixed upstream so 140-pppoe_compile_fix.patch is not needed any more Parts of the 203-opt_flags.patch patch were applied in a different way upstream. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'package/network/services/ppp/patches/201-mppe_mppc_1.1.patch')
-rw-r--r--package/network/services/ppp/patches/201-mppe_mppc_1.1.patch133
1 files changed, 78 insertions, 55 deletions
diff --git a/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch b/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch
index 9345c10400..3c30517e42 100644
--- a/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch
+++ b/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch
@@ -88,7 +88,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
*/
--- a/pppd/ccp.c
+++ b/pppd/ccp.c
-@@ -61,12 +61,10 @@ static int setdeflate __P((char **));
+@@ -61,12 +61,10 @@ static int setdeflate (char **);
static char bsd_value[8];
static char deflate_value[8];
@@ -197,7 +197,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
/*
* Local state (mainly for handling reset-reqs and reset-acks).
-@@ -343,6 +323,100 @@ setdeflate(argv)
+@@ -341,6 +321,100 @@ setdeflate(char **argv)
return 1;
}
@@ -298,7 +298,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
/*
* ccp_init - initialize CCP.
*/
-@@ -377,6 +451,30 @@ ccp_init(unit)
+@@ -374,6 +448,30 @@ ccp_init(int unit)
ccp_allowoptions[0].bsd_bits = BSD_MAX_BITS;
ccp_allowoptions[0].predictor_1 = 1;
@@ -329,7 +329,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
}
/*
-@@ -454,11 +552,11 @@ ccp_input(unit, p, len)
+@@ -443,11 +541,11 @@ ccp_input(int unit, u_char *p, int len)
if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) {
notice("Compression disabled by peer.");
#ifdef MPPE
@@ -343,7 +343,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
}
/*
-@@ -486,6 +584,15 @@ ccp_extcode(f, code, id, p, len)
+@@ -471,6 +569,15 @@ ccp_extcode(fsm *f, int code, int id, u_
break;
/* send a reset-ack, which the transmitter will see and
reset its compression state. */
@@ -359,7 +359,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
fsm_sdata(f, CCP_RESETACK, id, NULL, 0);
break;
-@@ -514,12 +621,11 @@ ccp_protrej(unit)
+@@ -498,12 +605,11 @@ ccp_protrej(int unit)
fsm_lowerdown(&ccp_fsm[unit]);
#ifdef MPPE
@@ -374,7 +374,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
}
/*
-@@ -536,7 +642,7 @@ ccp_resetci(f)
+@@ -519,7 +625,7 @@ ccp_resetci(fsm *f)
all_rejected[f->unit] = 0;
#ifdef MPPE
@@ -382,11 +382,27 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
+ if (go->mppe || go->mppc) {
ccp_options *ao = &ccp_allowoptions[f->unit];
int auth_mschap_bits = auth_done[f->unit];
- int numbits;
-@@ -550,80 +656,109 @@ ccp_resetci(f)
+ #ifdef USE_EAPTLS
+@@ -536,95 +642,124 @@ ccp_resetci(fsm *f)
* NB: If MPPE is required, all other compression opts are invalid.
* So, we return right away if we can't do it.
*/
+-
+- /* Leave only the mschap auth bits set */
+- auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER |
+- CHAP_MS2_WITHPEER | CHAP_MS2_PEER);
+- /* Count the mschap auths */
+- auth_mschap_bits >>= CHAP_MS_SHIFT;
+- numbits = 0;
+- do {
+- numbits += auth_mschap_bits & 1;
+- auth_mschap_bits >>= 1;
+- } while (auth_mschap_bits);
+- if (numbits > 1) {
+- error("MPPE required, but auth done in both directions.");
+- lcp_close(f->unit, "MPPE required but not available");
+- return;
+- }
+ if (ccp_wantoptions[f->unit].mppe) {
+ /* Leave only the mschap auth bits set */
+ auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER |
@@ -403,33 +419,42 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
+ lcp_close(f->unit, "MPPE required but not available");
+ return;
+ }
-+ if (!numbits) {
-+ error("MPPE required, but MS-CHAP[v2] auth not performed.");
-+ lcp_close(f->unit, "MPPE required but not available");
-+ return;
-+ }
-- /* Leave only the mschap auth bits set */
-- auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER |
-- CHAP_MS2_WITHPEER | CHAP_MS2_PEER);
-- /* Count the mschap auths */
-- auth_mschap_bits >>= CHAP_MS_SHIFT;
-- numbits = 0;
-- do {
-- numbits += auth_mschap_bits & 1;
-- auth_mschap_bits >>= 1;
-- } while (auth_mschap_bits);
-- if (numbits > 1) {
-- error("MPPE required, but auth done in both directions.");
-- lcp_close(f->unit, "MPPE required but not available");
-- return;
-- }
+ #ifdef USE_EAPTLS
+- /*
+- * MPPE is also possible in combination with EAP-TLS.
+- * It is not possible to detect if we're doing EAP or EAP-TLS
+- * at this stage, hence we accept all forms of EAP. If TLS is
+- * not used then the MPPE keys will not be derived anyway.
+- */
+- /* Leave only the eap auth bits set */
+- auth_eap_bits &= (EAP_WITHPEER | EAP_PEER );
++ /*
++ * MPPE is also possible in combination with EAP-TLS.
++ * It is not possible to detect if we're doing EAP or EAP-TLS
++ * at this stage, hence we accept all forms of EAP. If TLS is
++ * not used then the MPPE keys will not be derived anyway.
++ */
++ /* Leave only the eap auth bits set */
++ auth_eap_bits &= (EAP_WITHPEER | EAP_PEER );
+
+- if ((numbits == 0) && (auth_eap_bits == 0)) {
+- error("MPPE required, but MS-CHAP[v2] nor EAP-TLS auth are performed.");
++ if ((numbits == 0) && (auth_eap_bits == 0)) {
++ error("MPPE required, but MS-CHAP[v2] nor EAP-TLS auth are performed.");
+ #else
- if (!numbits) {
- error("MPPE required, but MS-CHAP[v2] auth not performed.");
++ if (!numbits) {
++ error("MPPE required, but MS-CHAP[v2] auth not performed.");
+ #endif
- lcp_close(f->unit, "MPPE required but not available");
- return;
- }
--
++ lcp_close(f->unit, "MPPE required but not available");
++ return;
++ }
+
- /* A plugin (eg radius) may not have obtained key material. */
- if (!mppe_keys_set) {
- error("MPPE required, but keys are not available. "
@@ -559,7 +584,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
if (go->bsd_compress) {
opt_buf[0] = CI_BSD_COMPRESS;
opt_buf[1] = CILEN_BSD_COMPRESS;
-@@ -679,7 +814,8 @@ ccp_cilen(f)
+@@ -679,7 +814,8 @@ static int
+ (go->deflate && go->deflate_draft? CILEN_DEFLATE: 0)
+ (go->predictor_1? CILEN_PREDICTOR_1: 0)
+ (go->predictor_2? CILEN_PREDICTOR_2: 0)
@@ -569,7 +594,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
}
/*
-@@ -693,6 +829,8 @@ ccp_addci(f, p, lenp)
+@@ -690,6 +826,8 @@ static void
{
int res;
ccp_options *go = &ccp_gotoptions[f->unit];
@@ -578,7 +603,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
u_char *p0 = p;
/*
-@@ -701,22 +839,43 @@ ccp_addci(f, p, lenp)
+@@ -698,22 +836,43 @@ static void
* in case it gets Acked.
*/
#ifdef MPPE
@@ -631,7 +656,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
if (go->deflate) {
p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT;
p[1] = CILEN_DEFLATE;
-@@ -802,7 +961,7 @@ ccp_addci(f, p, lenp)
+@@ -799,30 +958,50 @@ static void
/*
* ccp_ackci - process a received configure-ack, and return
@@ -639,9 +664,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
+ * 1 if the packet was OK.
*/
static int
- ccp_ackci(f, p, len)
-@@ -811,24 +970,44 @@ ccp_ackci(f, p, len)
- int len;
+ ccp_ackci(fsm *f, u_char *p, int len)
{
ccp_options *go = &ccp_gotoptions[f->unit];
+ ccp_options *ao = &ccp_allowoptions[f->unit];
@@ -694,8 +717,8 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
if (go->deflate) {
if (len < CILEN_DEFLATE
|| p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
-@@ -901,6 +1080,8 @@ ccp_nakci(f, p, len, treat_as_reject)
- int treat_as_reject;
+@@ -891,6 +1070,8 @@ static int
+ ccp_nakci(fsm *f, u_char *p, int len, int treat_as_reject)
{
ccp_options *go = &ccp_gotoptions[f->unit];
+ ccp_options *ao = &ccp_allowoptions[f->unit];
@@ -703,7 +726,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
ccp_options no; /* options we've seen already */
ccp_options try; /* options to ask for next time */
-@@ -908,28 +1089,100 @@ ccp_nakci(f, p, len, treat_as_reject)
+@@ -898,28 +1079,100 @@ static int
try = *go;
#ifdef MPPE
@@ -822,7 +845,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
if (go->deflate && len >= CILEN_DEFLATE
&& p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
&& p[1] == CILEN_DEFLATE) {
-@@ -1002,14 +1255,50 @@ ccp_rejci(f, p, len)
+@@ -989,14 +1242,50 @@ ccp_rejci(fsm *f, u_char *p, int len)
return -1;
#ifdef MPPE
@@ -877,8 +900,8 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
if (go->deflate_correct && len >= CILEN_DEFLATE
&& p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) {
if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
-@@ -1073,14 +1362,15 @@ ccp_reqci(f, p, lenp, dont_nak)
- int dont_nak;
+@@ -1056,14 +1345,15 @@ static int
+ ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak)
{
int ret, newret, res;
- u_char *p0, *retp;
@@ -897,7 +920,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
ret = CONFACK;
retp = p0 = p;
-@@ -1103,106 +1393,302 @@ ccp_reqci(f, p, lenp, dont_nak)
+@@ -1086,106 +1376,302 @@ ccp_reqci(fsm *f, u_char *p, int *lenp,
switch (type) {
#ifdef MPPE
case CI_MPPE:
@@ -910,10 +933,6 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-
- /* Nak if anything unsupported or unknown are set. */
- if (ho->mppe & MPPE_OPT_UNSUPPORTED) {
-- newret = CONFNAK;
-- ho->mppe &= ~MPPE_OPT_UNSUPPORTED;
-- }
-- if (ho->mppe & MPPE_OPT_UNKNOWN) {
+ p2 = p[2];
+ p5 = p[5];
+ /* not sure what they want, tell 'em what we got */
@@ -922,6 +941,10 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
+ MPPE_MPPC)) != 0 || p[5] == 0) ||
+ (p[2] == 0 && p[3] == 0 && p[4] == 0 && p[5] == 0)) {
newret = CONFNAK;
+- ho->mppe &= ~MPPE_OPT_UNSUPPORTED;
+- }
+- if (ho->mppe & MPPE_OPT_UNKNOWN) {
+- newret = CONFNAK;
- ho->mppe &= ~MPPE_OPT_UNKNOWN;
- }
-
@@ -1293,7 +1316,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
case CI_DEFLATE:
case CI_DEFLATE_DRAFT:
if (!ao->deflate || clen != CILEN_DEFLATE
-@@ -1344,12 +1830,6 @@ ccp_reqci(f, p, lenp, dont_nak)
+@@ -1327,12 +1813,6 @@ ccp_reqci(fsm *f, u_char *p, int *lenp,
else
*lenp = retp - p0;
}
@@ -1306,7 +1329,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
return ret;
}
-@@ -1371,24 +1851,35 @@ method_name(opt, opt2)
+@@ -1353,24 +1833,35 @@ method_name(ccp_options *opt, ccp_option
char *p = result;
char *q = result + sizeof(result); /* 1 past result */
@@ -1358,7 +1381,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
case CI_DEFLATE:
case CI_DEFLATE_DRAFT:
if (opt2 != NULL && opt2->deflate_size != opt->deflate_size)
-@@ -1444,12 +1935,12 @@ ccp_up(f)
+@@ -1425,12 +1916,12 @@ ccp_up(fsm *f)
} else if (ANY_COMPRESS(*ho))
notice("%s transmit compression enabled", method_name(ho, NULL));
#ifdef MPPE
@@ -1373,7 +1396,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
}
/*
-@@ -1472,7 +1963,7 @@ ccp_down(f)
+@@ -1452,7 +1943,7 @@ ccp_down(fsm *f)
lcp_close(f->unit, "MPPE disabled");
}
}
@@ -1382,7 +1405,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
}
/*
-@@ -1532,24 +2023,28 @@ ccp_printpkt(p, plen, printer, arg)
+@@ -1509,24 +2000,28 @@ ccp_printpkt(u_char *p, int plen,
#ifdef MPPE
case CI_MPPE:
if (optlen >= CILEN_MPPE) {
@@ -1423,7 +1446,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
case CI_DEFLATE:
case CI_DEFLATE_DRAFT:
if (optlen >= CILEN_DEFLATE) {
-@@ -1635,6 +2130,7 @@ ccp_datainput(unit, pkt, len)
+@@ -1609,6 +2104,7 @@ ccp_datainput(int unit, u_char *pkt, int
error("Lost compression sync: disabling compression");
ccp_close(unit, "Lost compression sync");
#ifdef MPPE
@@ -1431,7 +1454,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
/*
* If we were doing MPPE, we must also take the link down.
*/
-@@ -1642,9 +2138,18 @@ ccp_datainput(unit, pkt, len)
+@@ -1616,9 +2112,18 @@ ccp_datainput(int unit, u_char *pkt, int
error("Too many MPPE errors, closing LCP");
lcp_close(unit, "Too many MPPE errors");
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 10:14:23 +0000