From 030bc39c350d301d3cbca4725e845a752c359c5f Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sun, 3 Jan 2021 03:29:02 +0100 Subject: [PATCH] ppp: Update to version 2.4.9 Upstream integrated multiple patches from Distributions and did other changes: * rp-pppoe.so was renamed to pppoe.so * Converted to ANSI C The following patches were applied upstream: * 100-debian_ip-ip_option.patch * 101-debian_close_dev_ppp.patch * 103-debian_fix_link_pidfile.patch * 106-debian_stripMSdomain.patch * 107-debian_pppoatm_wildcard.patch * 110-debian_defaultroute.patch * 202-no_strip.patch Compilation with musl libc was fixed upstream so 140-pppoe_compile_fix.patch is not needed any more Parts of the 203-opt_flags.patch patch were applied in a different way upstream. Signed-off-by: Hauke Mehrtens --- package/network/services/ppp/Makefile | 10 +- package/network/services/ppp/files/ppp.sh | 4 +- .../010-use_target_for_configure.patch | 22 +- .../ppp/patches/100-debian_ip-ip_option.patch | 96 ------ .../patches/101-debian_close_dev_ppp.patch | 28 -- .../patches/103-debian_fix_link_pidfile.patch | 23 -- .../ppp/patches/105-debian_demand.patch | 30 +- .../patches/106-debian_stripMSdomain.patch | 47 --- .../patches/107-debian_pppoatm_wildcard.patch | 25 -- .../ppp/patches/110-debian_defaultroute.patch | 314 ------------------ .../120-debian_ipv6_updown_option.patch | 18 +- .../ppp/patches/140-pppoe_compile_fix.patch | 36 -- .../services/ppp/patches/200-makefile.patch | 23 +- .../ppp/patches/201-mppe_mppc_1.1.patch | 133 +++++--- .../services/ppp/patches/202-no_strip.patch | 88 ----- .../services/ppp/patches/203-opt_flags.patch | 36 +- .../patches/205-no_exponential_timeout.patch | 4 +- .../ppp/patches/207-lcp_mtu_max.patch | 2 +- .../ppp/patches/208-fix_status_code.patch | 2 +- .../300-filter-pcap-includes-lib.patch | 6 +- .../ppp/patches/310-precompile_filter.patch | 30 +- ...multilink_support_custom_iface_names.patch | 33 +- .../330-retain_foreign_default_routes.patch | 2 +- .../340-populate_default_gateway.patch | 6 +- .../patches/400-simplify_kernel_checks.patch | 32 +- .../ppp/patches/401-no_record_file.patch | 6 +- .../services/ppp/patches/403-no_wtmp.patch | 4 +- .../404-remove_obsolete_protocol_names.patch | 16 +- .../ppp/patches/405-no_multilink_option.patch | 2 +- .../ppp/patches/500-add-pptp-plugin.patch | 14 +- ...openssl-for-the-DES-instead-of-the-l.patch | 25 +- 31 files changed, 226 insertions(+), 891 deletions(-) delete mode 100644 package/network/services/ppp/patches/100-debian_ip-ip_option.patch delete mode 100644 package/network/services/ppp/patches/101-debian_close_dev_ppp.patch delete mode 100644 package/network/services/ppp/patches/103-debian_fix_link_pidfile.patch delete mode 100644 package/network/services/ppp/patches/106-debian_stripMSdomain.patch delete mode 100644 package/network/services/ppp/patches/107-debian_pppoatm_wildcard.patch delete mode 100644 package/network/services/ppp/patches/110-debian_defaultroute.patch delete mode 100644 package/network/services/ppp/patches/140-pppoe_compile_fix.patch delete mode 100644 package/network/services/ppp/patches/202-no_strip.patch diff --git a/package/network/services/ppp/Makefile b/package/network/services/ppp/Makefile index 48d7120a72..10e9bdfdfe 100644 --- a/package/network/services/ppp/Makefile +++ b/package/network/services/ppp/Makefile @@ -13,14 +13,14 @@ PKG_RELEASE:=3 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/paulusmack/ppp -PKG_SOURCE_DATE:=2020-10-03 -PKG_SOURCE_VERSION:=ad3937a0a38a696eb1a37dbf8f92e8e6072cdccb -PKG_MIRROR_HASH:=c5b39615eb62728431b19f3ae5428eb1e2fc705b4b7b960228fe5b5d7b5a4bca +PKG_SOURCE_DATE:=2021-01-04 +PKG_SOURCE_VERSION:=4fb319056f168bb8379865b91b4fd3e1ada73f1e +PKG_MIRROR_HASH:=429cb5fcff36e1d8698766130711d4764347f08b83233dfb4831bea21616efef PKG_MAINTAINER:=Felix Fietkau PKG_LICENSE:=BSD-4-Clause PKG_CPE_ID:=cpe:/a:samba:ppp -PKG_RELEASE_VERSION:=2.4.8 +PKG_RELEASE_VERSION:=2.4.9 PKG_VERSION:=$(PKG_RELEASE_VERSION).git-$(PKG_SOURCE_DATE) PKG_BUILD_DEPENDS:=libpcap @@ -242,7 +242,7 @@ endef define Package/ppp-mod-pppoe/install $(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION) - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/lib/pppd/$(PKG_RELEASE_VERSION)/rp-pppoe.so \ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/lib/pppd/$(PKG_RELEASE_VERSION)/pppoe.so \ $(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION)/ endef diff --git a/package/network/services/ppp/files/ppp.sh b/package/network/services/ppp/files/ppp.sh index b553effd88..7bbc497c43 100755 --- a/package/network/services/ppp/files/ppp.sh +++ b/package/network/services/ppp/files/ppp.sh @@ -234,7 +234,7 @@ proto_pppoe_setup() { json_get_var padi_timeout padi_timeout ppp_generic_setup "$config" \ - plugin rp-pppoe.so \ + plugin pppoe.so \ ${ac:+rp_pppoe_ac "$ac"} \ ${service:+rp_pppoe_service "$service"} \ ${host_uniq:+host-uniq "$host_uniq"} \ @@ -331,7 +331,7 @@ proto_pptp_teardown() { [ -n "$INCLUDE_ONLY" ] || { add_protocol ppp - [ -f /usr/lib/pppd/*/rp-pppoe.so ] && add_protocol pppoe + [ -f /usr/lib/pppd/*/pppoe.so ] && add_protocol pppoe [ -f /usr/lib/pppd/*/pppoatm.so ] && add_protocol pppoa [ -f /usr/lib/pppd/*/pptp.so ] && add_protocol pptp } diff --git a/package/network/services/ppp/patches/010-use_target_for_configure.patch b/package/network/services/ppp/patches/010-use_target_for_configure.patch index 7deac0e446..9e8618f83c 100644 --- a/package/network/services/ppp/patches/010-use_target_for_configure.patch +++ b/package/network/services/ppp/patches/010-use_target_for_configure.patch @@ -9,16 +9,16 @@ Signed-off-by: Jo-Philipp Wich --- a/configure +++ b/configure -@@ -8,9 +8,9 @@ SYSCONF=/etc - # if [ -d /NextApps ]; then - # system="NeXTStep" - # else -- system=`uname -s` -- release=`uname -r` -- arch=`uname -m` -+ system=${UNAME_S:-`uname -s`} -+ release=${UNAME_R:-`uname -r`} -+ arch=${UNAME_M:-`uname -m`} - # fi +@@ -10,9 +10,9 @@ CROSS_COMPILE= + CC=cc + CFLAGS= + +-system=`uname -s` +-release=`uname -r` +-arch=`uname -m` ++system=${UNAME_S:-`uname -s`} ++release=${UNAME_R:-`uname -r`} ++arch=${UNAME_M:-`uname -m`} state="unknown" + case $system in diff --git a/package/network/services/ppp/patches/100-debian_ip-ip_option.patch b/package/network/services/ppp/patches/100-debian_ip-ip_option.patch deleted file mode 100644 index a996622922..0000000000 --- a/package/network/services/ppp/patches/100-debian_ip-ip_option.patch +++ /dev/null @@ -1,96 +0,0 @@ -pppd: Allow specifying ip-up and ip-down scripts - -This patch implements the "ip-up-script" and "ip-down-script" options which -allow to specify the path of the ip-up and ip-down scripts to call. - -These options default to _PATH_IPUP and _PATH_IPDOWN to retain the -existing behaviour. - -The patch originated from the Debian project. - -Signed-off-by: Jo-Philipp Wich - ---- a/pppd/ipcp.c -+++ b/pppd/ipcp.c -@@ -1957,7 +1957,7 @@ ipcp_up(f) - */ - if (ipcp_script_state == s_down && ipcp_script_pid == 0) { - ipcp_script_state = s_up; -- ipcp_script(_PATH_IPUP, 0); -+ ipcp_script(path_ipup, 0); - } - } - -@@ -2007,7 +2007,7 @@ ipcp_down(f) - /* Execute the ip-down script */ - if (ipcp_script_state == s_up && ipcp_script_pid == 0) { - ipcp_script_state = s_down; -- ipcp_script(_PATH_IPDOWN, 0); -+ ipcp_script(path_ipdown, 0); - } - } - -@@ -2061,13 +2061,13 @@ ipcp_script_done(arg) - case s_up: - if (ipcp_fsm[0].state != OPENED) { - ipcp_script_state = s_down; -- ipcp_script(_PATH_IPDOWN, 0); -+ ipcp_script(path_ipdown, 0); - } - break; - case s_down: - if (ipcp_fsm[0].state == OPENED) { - ipcp_script_state = s_up; -- ipcp_script(_PATH_IPUP, 0); -+ ipcp_script(path_ipup, 0); - } - break; - } ---- a/pppd/main.c -+++ b/pppd/main.c -@@ -306,6 +306,9 @@ main(argc, argv) - struct protent *protp; - char numbuf[16]; - -+ strlcpy(path_ipup, _PATH_IPUP, sizeof(path_ipup)); -+ strlcpy(path_ipdown, _PATH_IPDOWN, sizeof(path_ipdown)); -+ - link_stats_valid = 0; - new_phase(PHASE_INITIALIZE); - ---- a/pppd/options.c -+++ b/pppd/options.c -@@ -117,6 +117,8 @@ bool tune_kernel; /* may alter kernel s - int connect_delay = 1000; /* wait this many ms after connect script */ - int req_unit = -1; /* requested interface unit */ - char req_ifname[MAXIFNAMELEN]; /* requested interface name */ -+char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */ -+char path_ipdown[MAXPATHLEN];/* pathname of ip-down script */ - bool multilink = 0; /* Enable multilink operation */ - char *bundle_name = NULL; /* bundle name for multilink */ - bool dump_options; /* print out option values */ -@@ -316,6 +318,13 @@ option_t general_options[] = { - "Metric to use for the default route (Linux only; -1 for default behavior)", - OPT_PRIV|OPT_LLIMIT|OPT_INITONLY, NULL, 0, -1 }, - -+ { "ip-up-script", o_string, path_ipup, -+ "Set pathname of ip-up script", -+ OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN }, -+ { "ip-down-script", o_string, path_ipdown, -+ "Set pathname of ip-down script", -+ OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN }, -+ - #ifdef HAVE_MULTILINK - { "multilink", o_bool, &multilink, - "Enable multilink operation", OPT_PRIO | 1 }, ---- a/pppd/pppd.h -+++ b/pppd/pppd.h -@@ -335,6 +335,8 @@ extern int connect_delay; /* Time to del - extern int max_data_rate; /* max bytes/sec through charshunt */ - extern int req_unit; /* interface unit number to use */ - extern char req_ifname[MAXIFNAMELEN]; /* interface name to use */ -+extern char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */ -+extern char path_ipdown[MAXPATHLEN]; /* pathname of ip-down script */ - extern bool multilink; /* enable multilink operation */ - extern bool noendpoint; /* don't send or accept endpt. discrim. */ - extern char *bundle_name; /* bundle name for multilink */ diff --git a/package/network/services/ppp/patches/101-debian_close_dev_ppp.patch b/package/network/services/ppp/patches/101-debian_close_dev_ppp.patch deleted file mode 100644 index 62830179b6..0000000000 --- a/package/network/services/ppp/patches/101-debian_close_dev_ppp.patch +++ /dev/null @@ -1,28 +0,0 @@ -pppd: Close already open ppp descriptors - -When using the kernel PPPoE driver in conjunction with the "persist" option, -the already open descriptor to /dev/ppp is not closed when the link is -reestablished. This eventually leads to high CPU load because the stray -descriptors are always reported as ready by select(). - -This patch closes the descriptor if it is already open when establishing a -new connection. It originated from the Debian project. - -Signed-off-by: Jo-Philipp Wich - ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -467,6 +467,13 @@ int generic_establish_ppp (int fd) - if (new_style_driver) { - int flags; - -+ /* if a ppp_fd is already open, close it first */ -+ if(ppp_fd > 0) { -+ close(ppp_fd); -+ remove_fd(ppp_fd); -+ ppp_fd = -1; -+ } -+ - /* Open an instance of /dev/ppp and connect the channel to it */ - if (ioctl(fd, PPPIOCGCHAN, &chindex) == -1) { - error("Couldn't get channel number: %m"); diff --git a/package/network/services/ppp/patches/103-debian_fix_link_pidfile.patch b/package/network/services/ppp/patches/103-debian_fix_link_pidfile.patch deleted file mode 100644 index 5a764ab9b2..0000000000 --- a/package/network/services/ppp/patches/103-debian_fix_link_pidfile.patch +++ /dev/null @@ -1,23 +0,0 @@ -pppd: Fix creation of linkpidfile - -When pppd is run without "nodetach" or with "updetach", the linkpidfile is -never created. The call to create_linkpidfile() is protected by a check for -linkpidfile[0] but this is only filled in when create_linkpidfile() is called. - -This patch changes to code to allways uncondiationally call -create_linkpidfile(), it originated from the Debian project. - -Signed-off-by: Jo-Philipp Wich - ---- a/pppd/main.c -+++ b/pppd/main.c -@@ -780,8 +780,7 @@ detach() - /* update pid files if they have been written already */ - if (pidfilename[0]) - create_pidfile(pid); -- if (linkpidfile[0]) -- create_linkpidfile(pid); -+ create_linkpidfile(pid); - exit(0); /* parent dies */ - } - setsid(); diff --git a/package/network/services/ppp/patches/105-debian_demand.patch b/package/network/services/ppp/patches/105-debian_demand.patch index c442f4c8af..ff66aa8ea5 100644 --- a/package/network/services/ppp/patches/105-debian_demand.patch +++ b/package/network/services/ppp/patches/105-debian_demand.patch @@ -18,7 +18,7 @@ #ifdef PPP_FILTER #include #endif -@@ -220,6 +224,14 @@ loop_chars(p, n) +@@ -218,6 +222,14 @@ loop_chars(unsigned char *p, int n) int c, rv; rv = 0; @@ -33,14 +33,12 @@ for (; n > 0; --n) { c = *p++; if (c == PPP_FLAG) { -@@ -298,17 +310,102 @@ loop_frame(frame, len) +@@ -294,16 +306,100 @@ loop_frame(unsigned char *frame, int len * loopback, now that the real serial link is up. */ void --demand_rexmit(proto) -+demand_rexmit(proto, newip) - int proto; -+ u_int32_t newip; +-demand_rexmit(int proto) ++demand_rexmit(int proto, u_int32_t newip) { struct packet *pkt, *prev, *nextpkt; + unsigned short checksum; @@ -139,7 +137,7 @@ } else { --- a/pppd/ipcp.c +++ b/pppd/ipcp.c -@@ -1882,7 +1882,7 @@ ipcp_up(f) +@@ -1850,7 +1850,7 @@ ipcp_up(fsm *f) proxy_arp_set[f->unit] = 1; } @@ -150,7 +148,7 @@ } else { --- a/pppd/ipv6cp.c +++ b/pppd/ipv6cp.c -@@ -1258,7 +1258,7 @@ ipv6cp_up(f) +@@ -1253,7 +1253,7 @@ ipv6cp_up(fsm *f) if (sif6defaultroute(f->unit, go->ourid, ho->hisid)) default_route_set[f->unit] = 1; } @@ -161,12 +159,12 @@ } else { --- a/pppd/pppd.h +++ b/pppd/pppd.h -@@ -602,7 +602,7 @@ void demand_conf __P((void)); /* config - void demand_block __P((void)); /* set all NPs to queue up packets */ - void demand_unblock __P((void)); /* set all NPs to pass packets */ - void demand_discard __P((void)); /* set all NPs to discard packets */ --void demand_rexmit __P((int)); /* retransmit saved frames for an NP */ -+void demand_rexmit __P((int, u_int32_t)); /* retransmit saved frames for an NP*/ - int loop_chars __P((unsigned char *, int)); /* process chars from loopback */ - int loop_frame __P((unsigned char *, int)); /* should we bring link up? */ +@@ -598,7 +598,7 @@ void demand_conf(void); /* config interf + void demand_block(void); /* set all NPs to queue up packets */ + void demand_unblock(void); /* set all NPs to pass packets */ + void demand_discard(void); /* set all NPs to discard packets */ +-void demand_rexmit(int); /* retransmit saved frames for an NP */ ++void demand_rexmit(int, u_int32_t); /* retransmit saved frames for an NP*/ + int loop_chars(unsigned char *, int); /* process chars from loopback */ + int loop_frame(unsigned char *, int); /* should we bring link up? */ diff --git a/package/network/services/ppp/patches/106-debian_stripMSdomain.patch b/package/network/services/ppp/patches/106-debian_stripMSdomain.patch deleted file mode 100644 index 376de64c43..0000000000 --- a/package/network/services/ppp/patches/106-debian_stripMSdomain.patch +++ /dev/null @@ -1,47 +0,0 @@ -pppd: Implement option to strip domain part from MS CHAP response - -This patch implements a new boolean option "chapms-strip-domain" which -strips the leading domain part of the username in a received MS Chap -response. - -When the option is set, all leading chars up to and including the last -backslash in the username are stripped. The option defaults to false. - -The patch originated from the Debian project. - -Signed-off-by: Jo-Philipp Wich - ---- a/pppd/chap-new.c -+++ b/pppd/chap-new.c -@@ -58,6 +58,7 @@ int (*chap_verify_hook)(char *name, char - int chap_timeout_time = 3; - int chap_max_transmits = 10; - int chap_rechallenge_time = 0; -+int chapms_strip_domain = 0; - - /* - * Command-line options. -@@ -69,6 +70,8 @@ static option_t chap_option_list[] = { - "Set max #xmits for challenge", OPT_PRIO }, - { "chap-interval", o_int, &chap_rechallenge_time, - "Set interval for rechallenge", OPT_PRIO }, -+ { "chapms-strip-domain", o_bool, &chapms_strip_domain, -+ "Strip the domain prefix before the Username", 1 }, - { NULL } - }; - -@@ -336,6 +339,14 @@ chap_handle_response(struct chap_server_ - /* Null terminate and clean remote name. */ - slprintf(rname, sizeof(rname), "%.*v", len, name); - name = rname; -+ -+ /* strip the MS domain name */ -+ if (chapms_strip_domain && strrchr(rname, '\\')) { -+ char tmp[MAXNAMELEN+1]; -+ -+ strcpy(tmp, strrchr(rname, '\\') + 1); -+ strcpy(rname, tmp); -+ } - } - - if (chap_verify_hook) diff --git a/package/network/services/ppp/patches/107-debian_pppoatm_wildcard.patch b/package/network/services/ppp/patches/107-debian_pppoatm_wildcard.patch deleted file mode 100644 index 6f559a1231..0000000000 --- a/package/network/services/ppp/patches/107-debian_pppoatm_wildcard.patch +++ /dev/null @@ -1,25 +0,0 @@ -pppoatm: Allow wildcard ATM devices - -When operating pppd's pppoatm plugin with an USB ADSL modem, e.g. an -Alcatel Speedtouch, the ATM device number might change when the modem is -reconnected to the USB port or when the host controller resets the USB -device. - -This patch allows to specify the ATM device as wildcard which gives -enough flexibility to cope with changing device names. - -The patch originated from the Debain project. - -Signed-off-by: Jo-Philipp Wich - ---- a/pppd/plugins/pppoatm/pppoatm.c -+++ b/pppd/plugins/pppoatm/pppoatm.c -@@ -75,7 +75,7 @@ static int setdevname_pppoatm(const char - //info("PPPoATM setdevname_pppoatm: '%s'", cp); - memset(&addr, 0, sizeof addr); - if (text2atm(cp, (struct sockaddr *) &addr, sizeof(addr), -- T2A_PVC | T2A_NAME) < 0) { -+ T2A_PVC | T2A_NAME | T2A_WILDCARD) < 0) { - if(doit) - info("atm does not recognize: %s", cp); - return 0; diff --git a/package/network/services/ppp/patches/110-debian_defaultroute.patch b/package/network/services/ppp/patches/110-debian_defaultroute.patch deleted file mode 100644 index 21b329e5d5..0000000000 --- a/package/network/services/ppp/patches/110-debian_defaultroute.patch +++ /dev/null @@ -1,314 +0,0 @@ -pppd: Add "replacedefaultroute" and "noreplacedefaultroute" options - -This patch implements two new options, "replacedefaultroute" to replace any -existing system default route when specified and "noreplacedefaultroute" to -disable the "replacedefaultroute" option, which is useful in multi user -environments where the administrator wants to allow users to dial pppd -connections but not allow them to change the system default route. - -The patch originated from the Debian project. - -Signed-off-by: Jo-Philipp Wich - ---- a/pppd/ipcp.c -+++ b/pppd/ipcp.c -@@ -197,6 +197,14 @@ static option_t ipcp_option_list[] = { - "disable defaultroute option", OPT_ALIAS | OPT_A2CLR, - &ipcp_wantoptions[0].default_route }, - -+ { "replacedefaultroute", o_bool, -+ &ipcp_wantoptions[0].replace_default_route, -+ "Replace default route", 1 -+ }, -+ { "noreplacedefaultroute", o_bool, -+ &ipcp_allowoptions[0].replace_default_route, -+ "Never replace default route", OPT_A2COPY, -+ &ipcp_wantoptions[0].replace_default_route }, - { "proxyarp", o_bool, &ipcp_wantoptions[0].proxy_arp, - "Add proxy ARP entry", OPT_ENABLE|1, &ipcp_allowoptions[0].proxy_arp }, - { "noproxyarp", o_bool, &ipcp_allowoptions[0].proxy_arp, -@@ -270,7 +278,7 @@ struct protent ipcp_protent = { - ip_active_pkt - }; - --static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t)); -+static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t, bool)); - static void ipcp_script __P((char *, int)); /* Run an up/down script */ - static void ipcp_script_done __P((void *)); - -@@ -1760,7 +1768,8 @@ ip_demand_conf(u) - if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE)) - return 0; - if (wo->default_route) -- if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr)) -+ if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr, -+ wo->replace_default_route)) - default_route_set[u] = 1; - if (wo->proxy_arp) - if (sifproxyarp(u, wo->hisaddr)) -@@ -1848,7 +1857,8 @@ ipcp_up(f) - */ - if (demand) { - if (go->ouraddr != wo->ouraddr || ho->hisaddr != wo->hisaddr) { -- ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr); -+ ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr, -+ wo->replace_default_route); - if (go->ouraddr != wo->ouraddr) { - warn("Local IP address changed to %I", go->ouraddr); - script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0); -@@ -1873,7 +1883,8 @@ ipcp_up(f) - - /* assign a default route through the interface if required */ - if (ipcp_wantoptions[f->unit].default_route) -- if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) -+ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr, -+ wo->replace_default_route)) - default_route_set[f->unit] = 1; - - /* Make a proxy ARP entry if requested. */ -@@ -1923,7 +1934,8 @@ ipcp_up(f) - - /* assign a default route through the interface if required */ - if (ipcp_wantoptions[f->unit].default_route) -- if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) -+ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr, -+ wo->replace_default_route)) - default_route_set[f->unit] = 1; - - /* Make a proxy ARP entry if requested. */ -@@ -2001,7 +2013,7 @@ ipcp_down(f) - sifnpmode(f->unit, PPP_IP, NPMODE_DROP); - sifdown(f->unit); - ipcp_clear_addrs(f->unit, ipcp_gotoptions[f->unit].ouraddr, -- ipcp_hisoptions[f->unit].hisaddr); -+ ipcp_hisoptions[f->unit].hisaddr, 0); - } - - /* Execute the ip-down script */ -@@ -2017,16 +2029,25 @@ ipcp_down(f) - * proxy arp entries, etc. - */ - static void --ipcp_clear_addrs(unit, ouraddr, hisaddr) -+ipcp_clear_addrs(unit, ouraddr, hisaddr, replacedefaultroute) - int unit; - u_int32_t ouraddr; /* local address */ - u_int32_t hisaddr; /* remote address */ -+ bool replacedefaultroute; - { - if (proxy_arp_set[unit]) { - cifproxyarp(unit, hisaddr); - proxy_arp_set[unit] = 0; - } -- if (default_route_set[unit]) { -+ /* If replacedefaultroute, sifdefaultroute will be called soon -+ * with replacedefaultroute set and that will overwrite the current -+ * default route. This is the case only when doing demand, otherwise -+ * during demand, this cifdefaultroute would restore the old default -+ * route which is not what we want in this case. In the non-demand -+ * case, we'll delete the default route and restore the old if there -+ * is one saved by an sifdefaultroute with replacedefaultroute. -+ */ -+ if (!replacedefaultroute && default_route_set[unit]) { - cifdefaultroute(unit, ouraddr, hisaddr); - default_route_set[unit] = 0; - } ---- a/pppd/ipcp.h -+++ b/pppd/ipcp.h -@@ -70,6 +70,7 @@ typedef struct ipcp_options { - bool old_addrs; /* Use old (IP-Addresses) option? */ - bool req_addr; /* Ask peer to send IP address? */ - bool default_route; /* Assign default route through interface? */ -+ bool replace_default_route; /* Replace default route through interface? */ - bool proxy_arp; /* Make proxy ARP entry for peer? */ - bool neg_vj; /* Van Jacobson Compression? */ - bool old_vj; /* use old (short) form of VJ option? */ ---- a/pppd/pppd.8 -+++ b/pppd/pppd.8 -@@ -133,6 +133,11 @@ the gateway, when IPv6CP negotiation is - This entry is removed when the PPP connection is broken. This option - is privileged if the \fInodefaultroute6\fR option has been specified. - .TP -+.B replacedefaultroute -+This option is a flag to the defaultroute option. If defaultroute is -+set and this flag is also set, pppd replaces an existing default route -+with the new default route. -+.TP - .B disconnect \fIscript - Execute the command specified by \fIscript\fR, by passing it to a - shell, after -@@ -756,7 +761,12 @@ disable both forms of hardware flow cont - .TP - .B nodefaultroute - Disable the \fIdefaultroute\fR option. The system administrator who --wishes to prevent users from creating default routes with pppd -+wishes to prevent users from adding a default route with pppd -+can do so by placing this option in the /etc/ppp/options file. -+.TP -+.B noreplacedefaultroute -+Disable the \fIreplacedefaultroute\fR option. The system administrator who -+wishes to prevent users from replacing a default route with pppd - can do so by placing this option in the /etc/ppp/options file. - .TP - .B nodefaultroute6 ---- a/pppd/pppd.h -+++ b/pppd/pppd.h -@@ -684,7 +684,7 @@ int sif6addr __P((int, eui64_t, eui64_t - int cif6addr __P((int, eui64_t, eui64_t)); - /* Remove an IPv6 address from i/f */ - #endif --int sifdefaultroute __P((int, u_int32_t, u_int32_t)); -+int sifdefaultroute __P((int, u_int32_t, u_int32_t, bool replace_default_rt)); - /* Create default route through i/f */ - int cifdefaultroute __P((int, u_int32_t, u_int32_t)); - /* Delete default route through i/f */ ---- a/pppd/sys-linux.c -+++ b/pppd/sys-linux.c -@@ -209,6 +209,8 @@ static int if_is_up; /* Interface has be - static int if6_is_up; /* Interface has been marked up for IPv6, to help differentiate */ - static int have_default_route; /* Gateway for default route added */ - static int have_default_route6; /* Gateway for default IPv6 route added */ -+static struct rtentry old_def_rt; /* Old default route */ -+static int default_rt_repl_rest; /* replace and restore old default rt */ - static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */ - static char proxy_arp_dev[16]; /* Device for proxy arp entry */ - static u_int32_t our_old_addr; /* for detecting address changes */ -@@ -1577,6 +1579,9 @@ static int read_route_table(struct rtent - p = NULL; - } - -+ SET_SA_FAMILY (rt->rt_dst, AF_INET); -+ SET_SA_FAMILY (rt->rt_gateway, AF_INET); -+ - SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16); - SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16); - SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16); -@@ -1649,20 +1654,52 @@ int have_route_to(u_int32_t addr) - /******************************************************************** - * - * sifdefaultroute - assign a default route through the address given. -- */ -- --int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway) --{ -- struct rtentry rt; -- -- if (defaultroute_exists(&rt, dfl_route_metric) && strcmp(rt.rt_dev, ifname) != 0) { -- if (rt.rt_flags & RTF_GATEWAY) -- error("not replacing existing default route via %I with metric %d", -- SIN_ADDR(rt.rt_gateway), dfl_route_metric); -- else -+ * -+ * If the global default_rt_repl_rest flag is set, then this function -+ * already replaced the original system defaultroute with some other -+ * route and it should just replace the current defaultroute with -+ * another one, without saving the current route. Use: demand mode, -+ * when pppd sets first a defaultroute it it's temporary ppp0 addresses -+ * and then changes the temporary addresses to the addresses for the real -+ * ppp connection when it has come up. -+ */ -+ -+int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway, bool replace) -+{ -+ struct rtentry rt, tmp_rt; -+ struct rtentry *del_rt = NULL; -+ -+ if (default_rt_repl_rest) { -+ /* We have already reclaced the original defaultroute, if we -+ are called again, we will delete the current default route -+ and set the new default route in this function. -+ - this is normally only the case the doing demand: */ -+ if (defaultroute_exists(&tmp_rt, dfl_route_metric)) -+ del_rt = &tmp_rt; -+ } else if (defaultroute_exists(&old_def_rt, dfl_route_metric) && -+ strcmp(old_def_rt.rt_dev, ifname) != 0) { -+ /* We did not yet replace an existing default route, let's -+ check if we should save and replace a default route: */ -+ if (old_def_rt.rt_flags & RTF_GATEWAY) { -+ if (!replace) { -+ error("not replacing existing default route via %I with metric %d", -+ SIN_ADDR(old_def_rt.rt_gateway), dfl_route_metric); -+ return 0; -+ } else { -+ /* we need to copy rt_dev because we need it permanent too: */ -+ char *tmp_dev = malloc(strlen(old_def_rt.rt_dev) + 1); -+ strcpy(tmp_dev, old_def_rt.rt_dev); -+ old_def_rt.rt_dev = tmp_dev; -+ -+ notice("replacing old default route to %s [%I] with metric %d", -+ old_def_rt.rt_dev, SIN_ADDR(old_def_rt.rt_gateway), -+ dfl_route_metric); -+ default_rt_repl_rest = 1; -+ del_rt = &old_def_rt; -+ } -+ } else - error("not replacing existing default route through %s with metric %d", -- rt.rt_dev, dfl_route_metric); -- return 0; -+ old_def_rt.rt_dev, dfl_route_metric); - } - - memset (&rt, 0, sizeof (rt)); -@@ -1678,10 +1715,16 @@ int sifdefaultroute (int unit, u_int32_t - - rt.rt_flags = RTF_UP; - if (ioctl(sock_fd, SIOCADDRT, &rt) < 0) { -- if ( ! ok_error ( errno )) -+ if (!ok_error(errno)) - error("default route ioctl(SIOCADDRT): %m"); - return 0; - } -+ if (default_rt_repl_rest && del_rt) -+ if (ioctl(sock_fd, SIOCDELRT, del_rt) < 0) { -+ if (!ok_error(errno)) -+ error("del old default route ioctl(SIOCDELRT): %m"); -+ return 0; -+ } - - have_default_route = 1; - return 1; -@@ -1715,11 +1758,21 @@ int cifdefaultroute (int unit, u_int32_t - rt.rt_flags = RTF_UP; - if (ioctl(sock_fd, SIOCDELRT, &rt) < 0 && errno != ESRCH) { - if (still_ppp()) { -- if ( ! ok_error ( errno )) -+ if (!ok_error(errno)) - error("default route ioctl(SIOCDELRT): %m"); - return 0; - } - } -+ if (default_rt_repl_rest) { -+ notice("restoring old default route to %s [%I]", -+ old_def_rt.rt_dev, SIN_ADDR(old_def_rt.rt_gateway)); -+ if (ioctl(sock_fd, SIOCADDRT, &old_def_rt) < 0) { -+ if (!ok_error(errno)) -+ error("restore default route ioctl(SIOCADDRT): %m"); -+ return 0; -+ } -+ default_rt_repl_rest = 0; -+ } - - return 1; - } ---- a/pppd/sys-solaris.c -+++ b/pppd/sys-solaris.c -@@ -2120,12 +2120,18 @@ cifaddr(u, o, h) - * sifdefaultroute - assign a default route through the address given. - */ - int --sifdefaultroute(u, l, g) -+sifdefaultroute(u, l, g, replace) - int u; - u_int32_t l, g; -+ bool replace; - { - struct rtentry rt; - -+ if (replace) { -+ error("replacedefaultroute not supported on this platform"); -+ return 0; -+ } -+ - #if defined(__USLC__) - g = l; /* use the local address as gateway */ - #endif diff --git a/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch b/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch index a1110caecb..11e8d81f43 100644 --- a/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch +++ b/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch @@ -12,7 +12,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/main.c +++ b/pppd/main.c -@@ -308,6 +308,8 @@ main(argc, argv) +@@ -295,6 +295,8 @@ main(int argc, char *argv[]) strlcpy(path_ipup, _PATH_IPUP, sizeof(path_ipup)); strlcpy(path_ipdown, _PATH_IPDOWN, sizeof(path_ipdown)); @@ -23,16 +23,16 @@ Signed-off-by: Jo-Philipp Wich new_phase(PHASE_INITIALIZE); --- a/pppd/options.c +++ b/pppd/options.c -@@ -119,6 +119,8 @@ int req_unit = -1; /* requested interfa - char req_ifname[MAXIFNAMELEN]; /* requested interface name */ +@@ -118,6 +118,8 @@ int req_unit = -1; /* requested interfa char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */ char path_ipdown[MAXPATHLEN];/* pathname of ip-down script */ + char req_ifname[MAXIFNAMELEN]; /* requested interface name */ +char path_ipv6up[MAXPATHLEN]; /* pathname of ipv6-up script */ +char path_ipv6down[MAXPATHLEN];/* pathname of ipv6-down script */ bool multilink = 0; /* Enable multilink operation */ char *bundle_name = NULL; /* bundle name for multilink */ bool dump_options; /* print out option values */ -@@ -325,6 +327,13 @@ option_t general_options[] = { +@@ -324,6 +326,13 @@ option_t general_options[] = { "Set pathname of ip-down script", OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN }, @@ -48,7 +48,7 @@ Signed-off-by: Jo-Philipp Wich "Enable multilink operation", OPT_PRIO | 1 }, --- a/pppd/ipv6cp.c +++ b/pppd/ipv6cp.c -@@ -1300,7 +1300,7 @@ ipv6cp_up(f) +@@ -1295,7 +1295,7 @@ ipv6cp_up(fsm *f) */ if (ipv6cp_script_state == s_down && ipv6cp_script_pid == 0) { ipv6cp_script_state = s_up; @@ -57,7 +57,7 @@ Signed-off-by: Jo-Philipp Wich } } -@@ -1352,7 +1352,7 @@ ipv6cp_down(f) +@@ -1346,7 +1346,7 @@ ipv6cp_down(fsm *f) /* Execute the ipv6-down script */ if (ipv6cp_script_state == s_up && ipv6cp_script_pid == 0) { ipv6cp_script_state = s_down; @@ -66,7 +66,7 @@ Signed-off-by: Jo-Philipp Wich } } -@@ -1395,13 +1395,13 @@ ipv6cp_script_done(arg) +@@ -1384,13 +1384,13 @@ ipv6cp_script_done(void *arg) case s_up: if (ipv6cp_fsm[0].state != OPENED) { ipv6cp_script_state = s_down; @@ -84,10 +84,10 @@ Signed-off-by: Jo-Philipp Wich } --- a/pppd/pppd.h +++ b/pppd/pppd.h -@@ -337,6 +337,8 @@ extern int req_unit; /* interface unit n - extern char req_ifname[MAXIFNAMELEN]; /* interface name to use */ +@@ -328,6 +328,8 @@ extern int req_unit; /* interface unit n extern char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */ extern char path_ipdown[MAXPATHLEN]; /* pathname of ip-down script */ + extern char req_ifname[MAXIFNAMELEN]; /* interface name to use */ +extern char path_ipv6up[MAXPATHLEN]; /* pathname of ipv6-up script */ +extern char path_ipv6down[MAXPATHLEN]; /* pathname of ipv6-down script */ extern bool multilink; /* enable multilink operation */ diff --git a/package/network/services/ppp/patches/140-pppoe_compile_fix.patch b/package/network/services/ppp/patches/140-pppoe_compile_fix.patch deleted file mode 100644 index 2253d4f3c1..0000000000 --- a/package/network/services/ppp/patches/140-pppoe_compile_fix.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- a/pppd/plugins/rp-pppoe/pppoe.h -+++ b/pppd/plugins/rp-pppoe/pppoe.h -@@ -48,11 +48,7 @@ - #include - - /* Ugly header files on some Linux boxes... */ --#if defined(HAVE_LINUX_IF_H) --#include --#elif defined(HAVE_NET_IF_H) - #include --#endif - - #ifdef HAVE_NET_IF_TYPES_H - #include -@@ -80,20 +76,7 @@ typedef unsigned long UINT32_t; - #error Could not find a 32-bit integer type - #endif - --#ifdef HAVE_LINUX_IF_ETHER_H --#include --#endif -- --#ifdef HAVE_NETINET_IF_ETHER_H --#include -- --#ifdef HAVE_SYS_SOCKET_H --#include --#endif --#ifndef HAVE_SYS_DLPI_H --#include --#endif --#endif -+#include - - - /* Ethernet frame types according to RFC 2516 */ diff --git a/package/network/services/ppp/patches/200-makefile.patch b/package/network/services/ppp/patches/200-makefile.patch index 42351392dc..d0b9a9a99b 100644 --- a/package/network/services/ppp/patches/200-makefile.patch +++ b/package/network/services/ppp/patches/200-makefile.patch @@ -7,7 +7,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/Makefile.linux +++ b/pppd/Makefile.linux -@@ -48,7 +48,7 @@ MPPE=y +@@ -49,7 +49,7 @@ MPPE=y # Uncomment the next line to include support for PPP packet filtering. # This requires that the libpcap library and headers be installed # and that the kernel driver support PPP packet filtering. @@ -16,7 +16,7 @@ Signed-off-by: Jo-Philipp Wich # Uncomment the next line to enable multilink PPP (enabled by default) # Linux distributions: Please leave multilink ENABLED in your builds -@@ -58,7 +58,7 @@ HAVE_MULTILINK=y +@@ -59,7 +59,7 @@ HAVE_MULTILINK=y # Uncomment the next line to enable the TDB database (enabled by default.) # If you enable multilink, then TDB is automatically enabled also. # Linux distributions: Please leave TDB ENABLED in your builds. @@ -25,21 +25,28 @@ Signed-off-by: Jo-Philipp Wich # Uncomment the next line to enable Type=notify services in systemd # If enabled, and the user sets the up_sdnotify option, then -@@ -85,7 +85,7 @@ MAXOCTETS=y +@@ -85,13 +85,13 @@ USE_LIBUTIL=y + endif + + # Enable EAP-TLS authentication (requires MPPE support, libssl and libcrypto) +-USE_EAPTLS=y ++#USE_EAPTLS=y + + MAXOCTETS=y INCLUDE_DIRS= -I../include --COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -+COMPILE_FLAGS= -DHAVE_PATHS_H -DHAVE_MMAP +-COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe ++COMPILE_FLAGS= -DHAVE_PATHS_H -DHAVE_MMAP -pipe CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' -@@ -126,10 +126,10 @@ CFLAGS += -DHAS_SHADOW +@@ -143,10 +143,10 @@ CFLAGS += -DHAS_SHADOW #LIBS += -lshadow $(LIBS) endif --ifneq ($(wildcard $(shell $(CC) --print-sysroot)/usr/include/crypt.h),) -+#ifneq ($(wildcard $(shell $(CC) --print-sysroot)/usr/include/crypt.h),) +-ifeq ($(shell echo '\#include ' | $(CC) -E - >/dev/null 2>&1 && echo yes),yes) ++#ifeq ($(shell echo '\#include ' | $(CC) -E - >/dev/null 2>&1 && echo yes),yes) CFLAGS += -DHAVE_CRYPT_H=1 LIBS += -lcrypt -endif diff --git a/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch b/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch index 9345c10400..3c30517e42 100644 --- a/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch +++ b/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch @@ -88,7 +88,7 @@ Signed-off-by: Jo-Philipp Wich */ --- a/pppd/ccp.c +++ b/pppd/ccp.c -@@ -61,12 +61,10 @@ static int setdeflate __P((char **)); +@@ -61,12 +61,10 @@ static int setdeflate (char **); static char bsd_value[8]; static char deflate_value[8]; @@ -197,7 +197,7 @@ Signed-off-by: Jo-Philipp Wich /* * Local state (mainly for handling reset-reqs and reset-acks). -@@ -343,6 +323,100 @@ setdeflate(argv) +@@ -341,6 +321,100 @@ setdeflate(char **argv) return 1; } @@ -298,7 +298,7 @@ Signed-off-by: Jo-Philipp Wich /* * ccp_init - initialize CCP. */ -@@ -377,6 +451,30 @@ ccp_init(unit) +@@ -374,6 +448,30 @@ ccp_init(int unit) ccp_allowoptions[0].bsd_bits = BSD_MAX_BITS; ccp_allowoptions[0].predictor_1 = 1; @@ -329,7 +329,7 @@ Signed-off-by: Jo-Philipp Wich } /* -@@ -454,11 +552,11 @@ ccp_input(unit, p, len) +@@ -443,11 +541,11 @@ ccp_input(int unit, u_char *p, int len) if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) { notice("Compression disabled by peer."); #ifdef MPPE @@ -343,7 +343,7 @@ Signed-off-by: Jo-Philipp Wich } /* -@@ -486,6 +584,15 @@ ccp_extcode(f, code, id, p, len) +@@ -471,6 +569,15 @@ ccp_extcode(fsm *f, int code, int id, u_ break; /* send a reset-ack, which the transmitter will see and reset its compression state. */ @@ -359,7 +359,7 @@ Signed-off-by: Jo-Philipp Wich fsm_sdata(f, CCP_RESETACK, id, NULL, 0); break; -@@ -514,12 +621,11 @@ ccp_protrej(unit) +@@ -498,12 +605,11 @@ ccp_protrej(int unit) fsm_lowerdown(&ccp_fsm[unit]); #ifdef MPPE @@ -374,7 +374,7 @@ Signed-off-by: Jo-Philipp Wich } /* -@@ -536,7 +642,7 @@ ccp_resetci(f) +@@ -519,7 +625,7 @@ ccp_resetci(fsm *f) all_rejected[f->unit] = 0; #ifdef MPPE @@ -382,11 +382,27 @@ Signed-off-by: Jo-Philipp Wich + if (go->mppe || go->mppc) { ccp_options *ao = &ccp_allowoptions[f->unit]; int auth_mschap_bits = auth_done[f->unit]; - int numbits; -@@ -550,80 +656,109 @@ ccp_resetci(f) + #ifdef USE_EAPTLS +@@ -536,95 +642,124 @@ ccp_resetci(fsm *f) * NB: If MPPE is required, all other compression opts are invalid. * So, we return right away if we can't do it. */ +- +- /* Leave only the mschap auth bits set */ +- auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER | +- CHAP_MS2_WITHPEER | CHAP_MS2_PEER); +- /* Count the mschap auths */ +- auth_mschap_bits >>= CHAP_MS_SHIFT; +- numbits = 0; +- do { +- numbits += auth_mschap_bits & 1; +- auth_mschap_bits >>= 1; +- } while (auth_mschap_bits); +- if (numbits > 1) { +- error("MPPE required, but auth done in both directions."); +- lcp_close(f->unit, "MPPE required but not available"); +- return; +- } + if (ccp_wantoptions[f->unit].mppe) { + /* Leave only the mschap auth bits set */ + auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER | @@ -403,33 +419,42 @@ Signed-off-by: Jo-Philipp Wich + lcp_close(f->unit, "MPPE required but not available"); + return; + } -+ if (!numbits) { -+ error("MPPE required, but MS-CHAP[v2] auth not performed."); -+ lcp_close(f->unit, "MPPE required but not available"); -+ return; -+ } -- /* Leave only the mschap auth bits set */ -- auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER | -- CHAP_MS2_WITHPEER | CHAP_MS2_PEER); -- /* Count the mschap auths */ -- auth_mschap_bits >>= CHAP_MS_SHIFT; -- numbits = 0; -- do { -- numbits += auth_mschap_bits & 1; -- auth_mschap_bits >>= 1; -- } while (auth_mschap_bits); -- if (numbits > 1) { -- error("MPPE required, but auth done in both directions."); -- lcp_close(f->unit, "MPPE required but not available"); -- return; -- } + #ifdef USE_EAPTLS +- /* +- * MPPE is also possible in combination with EAP-TLS. +- * It is not possible to detect if we're doing EAP or EAP-TLS +- * at this stage, hence we accept all forms of EAP. If TLS is +- * not used then the MPPE keys will not be derived anyway. +- */ +- /* Leave only the eap auth bits set */ +- auth_eap_bits &= (EAP_WITHPEER | EAP_PEER ); ++ /* ++ * MPPE is also possible in combination with EAP-TLS. ++ * It is not possible to detect if we're doing EAP or EAP-TLS ++ * at this stage, hence we accept all forms of EAP. If TLS is ++ * not used then the MPPE keys will not be derived anyway. ++ */ ++ /* Leave only the eap auth bits set */ ++ auth_eap_bits &= (EAP_WITHPEER | EAP_PEER ); + +- if ((numbits == 0) && (auth_eap_bits == 0)) { +- error("MPPE required, but MS-CHAP[v2] nor EAP-TLS auth are performed."); ++ if ((numbits == 0) && (auth_eap_bits == 0)) { ++ error("MPPE required, but MS-CHAP[v2] nor EAP-TLS auth are performed."); + #else - if (!numbits) { - error("MPPE required, but MS-CHAP[v2] auth not performed."); ++ if (!numbits) { ++ error("MPPE required, but MS-CHAP[v2] auth not performed."); + #endif - lcp_close(f->unit, "MPPE required but not available"); - return; - } -- ++ lcp_close(f->unit, "MPPE required but not available"); ++ return; ++ } + - /* A plugin (eg radius) may not have obtained key material. */ - if (!mppe_keys_set) { - error("MPPE required, but keys are not available. " @@ -559,7 +584,7 @@ Signed-off-by: Jo-Philipp Wich if (go->bsd_compress) { opt_buf[0] = CI_BSD_COMPRESS; opt_buf[1] = CILEN_BSD_COMPRESS; -@@ -679,7 +814,8 @@ ccp_cilen(f) +@@ -679,7 +814,8 @@ static int + (go->deflate && go->deflate_draft? CILEN_DEFLATE: 0) + (go->predictor_1? CILEN_PREDICTOR_1: 0) + (go->predictor_2? CILEN_PREDICTOR_2: 0) @@ -569,7 +594,7 @@ Signed-off-by: Jo-Philipp Wich } /* -@@ -693,6 +829,8 @@ ccp_addci(f, p, lenp) +@@ -690,6 +826,8 @@ static void { int res; ccp_options *go = &ccp_gotoptions[f->unit]; @@ -578,7 +603,7 @@ Signed-off-by: Jo-Philipp Wich u_char *p0 = p; /* -@@ -701,22 +839,43 @@ ccp_addci(f, p, lenp) +@@ -698,22 +836,43 @@ static void * in case it gets Acked. */ #ifdef MPPE @@ -631,7 +656,7 @@ Signed-off-by: Jo-Philipp Wich if (go->deflate) { p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT; p[1] = CILEN_DEFLATE; -@@ -802,7 +961,7 @@ ccp_addci(f, p, lenp) +@@ -799,30 +958,50 @@ static void /* * ccp_ackci - process a received configure-ack, and return @@ -639,9 +664,7 @@ Signed-off-by: Jo-Philipp Wich + * 1 if the packet was OK. */ static int - ccp_ackci(f, p, len) -@@ -811,24 +970,44 @@ ccp_ackci(f, p, len) - int len; + ccp_ackci(fsm *f, u_char *p, int len) { ccp_options *go = &ccp_gotoptions[f->unit]; + ccp_options *ao = &ccp_allowoptions[f->unit]; @@ -694,8 +717,8 @@ Signed-off-by: Jo-Philipp Wich if (go->deflate) { if (len < CILEN_DEFLATE || p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) -@@ -901,6 +1080,8 @@ ccp_nakci(f, p, len, treat_as_reject) - int treat_as_reject; +@@ -891,6 +1070,8 @@ static int + ccp_nakci(fsm *f, u_char *p, int len, int treat_as_reject) { ccp_options *go = &ccp_gotoptions[f->unit]; + ccp_options *ao = &ccp_allowoptions[f->unit]; @@ -703,7 +726,7 @@ Signed-off-by: Jo-Philipp Wich ccp_options no; /* options we've seen already */ ccp_options try; /* options to ask for next time */ -@@ -908,28 +1089,100 @@ ccp_nakci(f, p, len, treat_as_reject) +@@ -898,28 +1079,100 @@ static int try = *go; #ifdef MPPE @@ -822,7 +845,7 @@ Signed-off-by: Jo-Philipp Wich if (go->deflate && len >= CILEN_DEFLATE && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) && p[1] == CILEN_DEFLATE) { -@@ -1002,14 +1255,50 @@ ccp_rejci(f, p, len) +@@ -989,14 +1242,50 @@ ccp_rejci(fsm *f, u_char *p, int len) return -1; #ifdef MPPE @@ -877,8 +900,8 @@ Signed-off-by: Jo-Philipp Wich if (go->deflate_correct && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) { if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) -@@ -1073,14 +1362,15 @@ ccp_reqci(f, p, lenp, dont_nak) - int dont_nak; +@@ -1056,14 +1345,15 @@ static int + ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak) { int ret, newret, res; - u_char *p0, *retp; @@ -897,7 +920,7 @@ Signed-off-by: Jo-Philipp Wich ret = CONFACK; retp = p0 = p; -@@ -1103,106 +1393,302 @@ ccp_reqci(f, p, lenp, dont_nak) +@@ -1086,106 +1376,302 @@ ccp_reqci(fsm *f, u_char *p, int *lenp, switch (type) { #ifdef MPPE case CI_MPPE: @@ -910,10 +933,6 @@ Signed-off-by: Jo-Philipp Wich - - /* Nak if anything unsupported or unknown are set. */ - if (ho->mppe & MPPE_OPT_UNSUPPORTED) { -- newret = CONFNAK; -- ho->mppe &= ~MPPE_OPT_UNSUPPORTED; -- } -- if (ho->mppe & MPPE_OPT_UNKNOWN) { + p2 = p[2]; + p5 = p[5]; + /* not sure what they want, tell 'em what we got */ @@ -922,6 +941,10 @@ Signed-off-by: Jo-Philipp Wich + MPPE_MPPC)) != 0 || p[5] == 0) || + (p[2] == 0 && p[3] == 0 && p[4] == 0 && p[5] == 0)) { newret = CONFNAK; +- ho->mppe &= ~MPPE_OPT_UNSUPPORTED; +- } +- if (ho->mppe & MPPE_OPT_UNKNOWN) { +- newret = CONFNAK; - ho->mppe &= ~MPPE_OPT_UNKNOWN; - } - @@ -1293,7 +1316,7 @@ Signed-off-by: Jo-Philipp Wich case CI_DEFLATE: case CI_DEFLATE_DRAFT: if (!ao->deflate || clen != CILEN_DEFLATE -@@ -1344,12 +1830,6 @@ ccp_reqci(f, p, lenp, dont_nak) +@@ -1327,12 +1813,6 @@ ccp_reqci(fsm *f, u_char *p, int *lenp, else *lenp = retp - p0; } @@ -1306,7 +1329,7 @@ Signed-off-by: Jo-Philipp Wich return ret; } -@@ -1371,24 +1851,35 @@ method_name(opt, opt2) +@@ -1353,24 +1833,35 @@ method_name(ccp_options *opt, ccp_option char *p = result; char *q = result + sizeof(result); /* 1 past result */ @@ -1358,7 +1381,7 @@ Signed-off-by: Jo-Philipp Wich case CI_DEFLATE: case CI_DEFLATE_DRAFT: if (opt2 != NULL && opt2->deflate_size != opt->deflate_size) -@@ -1444,12 +1935,12 @@ ccp_up(f) +@@ -1425,12 +1916,12 @@ ccp_up(fsm *f) } else if (ANY_COMPRESS(*ho)) notice("%s transmit compression enabled", method_name(ho, NULL)); #ifdef MPPE @@ -1373,7 +1396,7 @@ Signed-off-by: Jo-Philipp Wich } /* -@@ -1472,7 +1963,7 @@ ccp_down(f) +@@ -1452,7 +1943,7 @@ ccp_down(fsm *f) lcp_close(f->unit, "MPPE disabled"); } } @@ -1382,7 +1405,7 @@ Signed-off-by: Jo-Philipp Wich } /* -@@ -1532,24 +2023,28 @@ ccp_printpkt(p, plen, printer, arg) +@@ -1509,24 +2000,28 @@ ccp_printpkt(u_char *p, int plen, #ifdef MPPE case CI_MPPE: if (optlen >= CILEN_MPPE) { @@ -1423,7 +1446,7 @@ Signed-off-by: Jo-Philipp Wich case CI_DEFLATE: case CI_DEFLATE_DRAFT: if (optlen >= CILEN_DEFLATE) { -@@ -1635,6 +2130,7 @@ ccp_datainput(unit, pkt, len) +@@ -1609,6 +2104,7 @@ ccp_datainput(int unit, u_char *pkt, int error("Lost compression sync: disabling compression"); ccp_close(unit, "Lost compression sync"); #ifdef MPPE @@ -1431,7 +1454,7 @@ Signed-off-by: Jo-Philipp Wich /* * If we were doing MPPE, we must also take the link down. */ -@@ -1642,9 +2138,18 @@ ccp_datainput(unit, pkt, len) +@@ -1616,9 +2112,18 @@ ccp_datainput(int unit, u_char *pkt, int error("Too many MPPE errors, closing LCP"); lcp_close(unit, "Too many MPPE errors"); } diff --git a/package/network/services/ppp/patches/202-no_strip.patch b/package/network/services/ppp/patches/202-no_strip.patch deleted file mode 100644 index 0af7b2b2ab..0000000000 --- a/package/network/services/ppp/patches/202-no_strip.patch +++ /dev/null @@ -1,88 +0,0 @@ -build: Do not strip binaries on install - -Strippign executables should be handled by the distro packaging, not by ppp -itself. This patch removes the "-s" (strip) switch from all "install" commands -in order to install unstripped binaries into the destination prefix. - -Signed-off-by: Jo-Philipp Wich - ---- a/chat/Makefile.linux -+++ b/chat/Makefile.linux -@@ -25,7 +25,7 @@ chat.o: chat.c - - install: chat - mkdir -p $(BINDIR) $(MANDIR) -- $(INSTALL) -s -c chat $(BINDIR) -+ $(INSTALL) -c chat $(BINDIR) - $(INSTALL) -c -m 644 chat.8 $(MANDIR) - - clean: ---- a/pppd/Makefile.linux -+++ b/pppd/Makefile.linux -@@ -108,7 +108,7 @@ ifdef USE_SRP - CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include - LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto - TARGETS += srp-entry --EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry -+EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry - MANPAGES += srp-entry.8 - EXTRACLEAN += srp-entry.o - NEEDDES=y -@@ -220,7 +220,7 @@ all: $(TARGETS) - install: pppd - mkdir -p $(BINDIR) $(MANDIR) - $(EXTRAINSTALL) -- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd -+ $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd - if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \ - chmod o-rx,u+s $(BINDIR)/pppd; fi - $(INSTALL) -c -m 444 pppd.8 $(MANDIR) ---- a/pppd/plugins/radius/Makefile.linux -+++ b/pppd/plugins/radius/Makefile.linux -@@ -36,9 +36,9 @@ all: $(PLUGIN) - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR) -- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR) -- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR) -+ $(INSTALL) -c -m 755 radius.so $(LIBDIR) -+ $(INSTALL) -c -m 755 radattr.so $(LIBDIR) -+ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR) - $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR) - $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) - ---- a/pppd/plugins/rp-pppoe/Makefile.linux -+++ b/pppd/plugins/rp-pppoe/Makefile.linux -@@ -43,9 +43,9 @@ rp-pppoe.so: plugin.o discovery.o if.o c - - install: all - $(INSTALL) -d -m 755 $(LIBDIR) -- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR) -+ $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR) - $(INSTALL) -d -m 755 $(BINDIR) -- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR) -+ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR) - - clean: - rm -f *.o *.so pppoe-discovery ---- a/pppdump/Makefile.linux -+++ b/pppdump/Makefile.linux -@@ -17,5 +17,5 @@ clean: - - install: - mkdir -p $(BINDIR) $(MANDIR) -- $(INSTALL) -s -c pppdump $(BINDIR) -+ $(INSTALL) -c pppdump $(BINDIR) - $(INSTALL) -c -m 444 pppdump.8 $(MANDIR) ---- a/pppstats/Makefile.linux -+++ b/pppstats/Makefile.linux -@@ -22,7 +22,7 @@ all: pppstats - - install: pppstats - -mkdir -p $(MANDIR) -- $(INSTALL) -s -c pppstats $(BINDIR) -+ $(INSTALL) -c pppstats $(BINDIR) - $(INSTALL) -c -m 444 pppstats.8 $(MANDIR) - - pppstats: $(PPPSTATSRCS) diff --git a/package/network/services/ppp/patches/203-opt_flags.patch b/package/network/services/ppp/patches/203-opt_flags.patch index 8dfacf3834..705959e7ba 100644 --- a/package/network/services/ppp/patches/203-opt_flags.patch +++ b/package/network/services/ppp/patches/203-opt_flags.patch @@ -8,17 +8,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/plugins/radius/Makefile.linux +++ b/pppd/plugins/radius/Makefile.linux -@@ -12,7 +12,8 @@ VERSION = $(shell awk -F '"' '/VERSION/ - INSTALL = install - - PLUGIN=radius.so radattr.so radrealms.so --CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON -+COPTS = -O2 -+CFLAGS=-I. -I../.. -I../../../include $(COPTS) -fPIC -DRC_LOG_FACILITY=LOG_DAEMON - - # Uncomment the next line to include support for Microsoft's - # MS-CHAP authentication protocol. -@@ -43,13 +44,13 @@ install: all +@@ -47,13 +47,13 @@ install: all $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) radius.so: radius.o libradiusclient.a @@ -35,26 +25,14 @@ Signed-off-by: Jo-Philipp Wich CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \ clientid.o sendserver.o lock.o util.o md5.o ---- a/pppdump/Makefile.linux -+++ b/pppdump/Makefile.linux -@@ -2,7 +2,8 @@ DESTDIR = $(INSTROOT)@DESTDIR@ - BINDIR = $(DESTDIR)/sbin - MANDIR = $(DESTDIR)/share/man/man8 - --CFLAGS= -O -I../include/net -+COPTS = -O -+CFLAGS= $(COPTS) -I../include/net - OBJS = pppdump.o bsd-comp.o deflate.o zlib.o - - INSTALL= install ---- a/pppd/plugins/rp-pppoe/Makefile.linux -+++ b/pppd/plugins/rp-pppoe/Makefile.linux -@@ -39,7 +39,7 @@ debug.o: debug.c +--- a/pppd/plugins/pppoe/Makefile.linux ++++ b/pppd/plugins/pppoe/Makefile.linux +@@ -38,7 +38,7 @@ debug.o: debug.c $(CC) $(CFLAGS) -I../../.. -c -o debug.o debug.c - rp-pppoe.so: plugin.o discovery.o if.o common.o -- $(CC) $(LDFLAGS) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o -+ $(CC) $(LDFLAGS) -fPIC -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o + pppoe.so: plugin.o discovery.o if.o common.o +- $(CC) $(LDFLAGS) -o pppoe.so -shared plugin.o discovery.o if.o common.o ++ $(CC) $(LDFLAGS) -fPIC -o pppoe.so -shared plugin.o discovery.o if.o common.o install: all $(INSTALL) -d -m 755 $(LIBDIR) diff --git a/package/network/services/ppp/patches/205-no_exponential_timeout.patch b/package/network/services/ppp/patches/205-no_exponential_timeout.patch index 7f752e3137..b08c2eff89 100644 --- a/package/network/services/ppp/patches/205-no_exponential_timeout.patch +++ b/package/network/services/ppp/patches/205-no_exponential_timeout.patch @@ -5,8 +5,8 @@ discovery attempts. Signed-off-by: Jo-Philipp Wich ---- a/pppd/plugins/rp-pppoe/discovery.c -+++ b/pppd/plugins/rp-pppoe/discovery.c +--- a/pppd/plugins/pppoe/discovery.c ++++ b/pppd/plugins/pppoe/discovery.c @@ -632,7 +632,9 @@ discovery(PPPoEConnection *conn) conn->discoveryState = STATE_SENT_PADI; waitForPADO(conn, timeout); diff --git a/package/network/services/ppp/patches/207-lcp_mtu_max.patch b/package/network/services/ppp/patches/207-lcp_mtu_max.patch index 7aa8d4e129..522576c627 100644 --- a/package/network/services/ppp/patches/207-lcp_mtu_max.patch +++ b/package/network/services/ppp/patches/207-lcp_mtu_max.patch @@ -8,7 +8,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/lcp.c +++ b/pppd/lcp.c -@@ -1916,12 +1916,12 @@ lcp_up(f) +@@ -1862,12 +1862,12 @@ lcp_up(fsm *f) * the interface MTU is set to the lowest of that, the * MTU we want to use, and our link MRU. */ diff --git a/package/network/services/ppp/patches/208-fix_status_code.patch b/package/network/services/ppp/patches/208-fix_status_code.patch index f1a12006a5..54e6c45e14 100644 --- a/package/network/services/ppp/patches/208-fix_status_code.patch +++ b/package/network/services/ppp/patches/208-fix_status_code.patch @@ -12,7 +12,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/main.c +++ b/pppd/main.c -@@ -1052,7 +1052,8 @@ get_input() +@@ -1034,7 +1034,8 @@ get_input(void) } notice("Modem hangup"); hungup = 1; diff --git a/package/network/services/ppp/patches/300-filter-pcap-includes-lib.patch b/package/network/services/ppp/patches/300-filter-pcap-includes-lib.patch index 40866132e8..87e340b3f1 100644 --- a/package/network/services/ppp/patches/300-filter-pcap-includes-lib.patch +++ b/package/network/services/ppp/patches/300-filter-pcap-includes-lib.patch @@ -7,14 +7,14 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/Makefile.linux +++ b/pppd/Makefile.linux -@@ -190,8 +190,8 @@ endif +@@ -210,8 +210,8 @@ LIBS += -ldl + endif ifdef FILTER - ifneq ($(wildcard /usr/include/pcap-bpf.h),) -LIBS += -lpcap -CFLAGS += -DPPP_FILTER +LIBS += -lpcap -L$(STAGING_DIR)/usr/lib +CFLAGS += -DPPP_FILTER -I$(STAGING_DIR)/usr/include endif - endif + ifdef HAVE_INET6 diff --git a/package/network/services/ppp/patches/310-precompile_filter.patch b/package/network/services/ppp/patches/310-precompile_filter.patch index ec61104423..ca91d153e9 100644 --- a/package/network/services/ppp/patches/310-precompile_filter.patch +++ b/package/network/services/ppp/patches/310-precompile_filter.patch @@ -13,7 +13,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/Makefile.linux +++ b/pppd/Makefile.linux -@@ -50,6 +50,9 @@ MPPE=y +@@ -51,6 +51,9 @@ MPPE=y # and that the kernel driver support PPP packet filtering. #FILTER=y @@ -23,8 +23,8 @@ Signed-off-by: Jo-Philipp Wich # Uncomment the next line to enable multilink PPP (enabled by default) # Linux distributions: Please leave multilink ENABLED in your builds # of pppd! -@@ -195,6 +198,14 @@ CFLAGS += -DPPP_FILTER -I$(STAGING_DIR) - endif +@@ -214,6 +217,14 @@ LIBS += -lpcap -L$(STAGING_DIR)/usr/l + CFLAGS += -DPPP_FILTER -I$(STAGING_DIR)/usr/include endif +ifdef PRECOMPILED_FILTER @@ -40,7 +40,7 @@ Signed-off-by: Jo-Philipp Wich HEADERS += ipv6cp.h eui64.h --- a/pppd/options.c +++ b/pppd/options.c -@@ -57,6 +57,7 @@ +@@ -56,6 +56,7 @@ #ifdef PPP_FILTER #include @@ -48,21 +48,21 @@ Signed-off-by: Jo-Philipp Wich /* * There have been 3 or 4 different names for this in libpcap CVS, but * this seems to be what they have settled on... -@@ -169,6 +170,13 @@ static int setlogfile __P((char **)); - static int loadplugin __P((char **)); +@@ -168,6 +169,13 @@ static int setlogfile(char **); + static int loadplugin(char **); #endif +#ifdef PPP_PRECOMPILED_FILTER +#include "pcap_pcc.h" -+static int setprecompiledpassfilter __P((char **)); -+static int setprecompiledactivefilter __P((char **)); ++static int setprecompiledpassfilter(char **); ++static int setprecompiledactivefilter(char **); +#undef PPP_FILTER +#endif + #ifdef PPP_FILTER - static int setpassfilter __P((char **)); - static int setactivefilter __P((char **)); -@@ -361,6 +369,14 @@ option_t general_options[] = { + static int setpassfilter(char **); + static int setactivefilter(char **); +@@ -360,6 +368,14 @@ option_t general_options[] = { "set filter for active pkts", OPT_PRIO }, #endif @@ -77,7 +77,7 @@ Signed-off-by: Jo-Philipp Wich #ifdef MAXOCTETS { "maxoctets", o_int, &maxoctets, "Set connection traffic limit", -@@ -1516,6 +1532,29 @@ callfile(argv) +@@ -1468,6 +1484,27 @@ callfile(char **argv) return ok; } @@ -87,8 +87,7 @@ Signed-off-by: Jo-Philipp Wich + * precompiled expression + */ +static int -+setprecompiledpassfilter(argv) -+ char **argv; ++setprecompiledpassfilter(char **argv) +{ + return pcap_pre_compiled (*argv, &pass_filter); +} @@ -97,8 +96,7 @@ Signed-off-by: Jo-Philipp Wich + * setactivefilter - Set the active filter for packets + */ +static int -+setprecompiledactivefilter(argv) -+ char **argv; ++setprecompiledactivefilter(char **argv) +{ + return pcap_pre_compiled (*argv, &active_filter); +} diff --git a/package/network/services/ppp/patches/321-multilink_support_custom_iface_names.patch b/package/network/services/ppp/patches/321-multilink_support_custom_iface_names.patch index 75c803650f..0c4d7ea9d6 100644 --- a/package/network/services/ppp/patches/321-multilink_support_custom_iface_names.patch +++ b/package/network/services/ppp/patches/321-multilink_support_custom_iface_names.patch @@ -16,17 +16,17 @@ Signed-off-by: George Kashperko #include "pppd.h" #include "fsm.h" -@@ -56,7 +57,8 @@ static void iterate_bundle_links __P((vo +@@ -56,7 +57,8 @@ static void iterate_bundle_links(void (* - static int get_default_epdisc __P((struct epdisc *)); - static int parse_num __P((char *str, const char *key, int *valp)); --static int owns_unit __P((TDB_DATA pid, int unit)); -+static int parse_str __P((char *str, const char *key, char *buf, int buflen)); -+static int owns_link __P((TDB_DATA pid, char *ifname)); + static int get_default_epdisc(struct epdisc *); + static int parse_num(char *str, const char *key, int *valp); +-static int owns_unit(TDB_DATA pid, int unit); ++static int parse_str(char *str, const char *key, char *buf, int buflen); ++static int owns_link(TDB_DATA pid, char *ifname); #define set_ip_epdisc(ep, addr) do { \ ep->length = 4; \ -@@ -197,35 +199,38 @@ mp_join_bundle() +@@ -197,35 +199,38 @@ mp_join_bundle(void) key.dptr = bundle_id; key.dsize = p - bundle_id; pid = tdb_fetch(pppdb, key); @@ -73,16 +73,12 @@ Signed-off-by: George Kashperko } /* we have to make a new bundle */ -@@ -408,22 +413,45 @@ parse_num(str, key, valp) +@@ -405,20 +410,39 @@ parse_num(char *str, const char *key, in return 0; } +static int -+parse_str(str, key, buf, buflen) -+ char *str; -+ const char *key; -+ char *buf; -+ int buflen; ++parse_str(char *str, const char *key, char *buf, int buflen) +{ + char *p, *endp; + int i; @@ -103,11 +99,8 @@ Signed-off-by: George Kashperko + * Check whether the pppd identified by `key' still owns ppp link `ifname'. */ static int --owns_unit(key, unit) -+owns_link(key, ifname) - TDB_DATA key; -- int unit; -+ char *ifname; +-owns_unit(TDB_DATA key, int unit) ++owns_link(TDB_DATA key, char *ifname) { - char ifkey[32]; + char ifkey[7 + IFNAMSIZ]; @@ -126,7 +119,7 @@ Signed-off-by: George Kashperko && memcmp(vd.dptr, key.dptr, vd.dsize) == 0; --- a/pppd/sys-linux.c +++ b/pppd/sys-linux.c -@@ -700,6 +700,16 @@ void cfg_bundle(int mrru, int mtru, int +@@ -706,6 +706,16 @@ void cfg_bundle(int mrru, int mtru, int add_fd(ppp_dev_fd); } @@ -143,7 +136,7 @@ Signed-off-by: George Kashperko /* * make_new_bundle - create a new PPP unit (i.e. a bundle) * and connect our channel to it. This should only get called -@@ -718,6 +728,8 @@ void make_new_bundle(int mrru, int mtru, +@@ -724,6 +734,8 @@ void make_new_bundle(int mrru, int mtru, /* set the mrru and flags */ cfg_bundle(mrru, mtru, rssn, tssn); diff --git a/package/network/services/ppp/patches/330-retain_foreign_default_routes.patch b/package/network/services/ppp/patches/330-retain_foreign_default_routes.patch index 6c0849cc6c..6ccc4507b2 100644 --- a/package/network/services/ppp/patches/330-retain_foreign_default_routes.patch +++ b/package/network/services/ppp/patches/330-retain_foreign_default_routes.patch @@ -12,7 +12,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/sys-linux.c +++ b/pppd/sys-linux.c -@@ -1767,6 +1767,7 @@ int cifdefaultroute (int unit, u_int32_t +@@ -1770,6 +1770,7 @@ int cifdefaultroute (int unit, u_int32_t SIN_ADDR(rt.rt_genmask) = 0L; } diff --git a/package/network/services/ppp/patches/340-populate_default_gateway.patch b/package/network/services/ppp/patches/340-populate_default_gateway.patch index ae385dfc9b..0f965c705d 100644 --- a/package/network/services/ppp/patches/340-populate_default_gateway.patch +++ b/package/network/services/ppp/patches/340-populate_default_gateway.patch @@ -13,7 +13,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/sys-linux.c +++ b/pppd/sys-linux.c -@@ -1717,6 +1717,9 @@ int sifdefaultroute (int unit, u_int32_t +@@ -1720,6 +1720,9 @@ int sifdefaultroute (int unit, u_int32_t memset (&rt, 0, sizeof (rt)); SET_SA_FAMILY (rt.rt_dst, AF_INET); @@ -23,12 +23,12 @@ Signed-off-by: Jo-Philipp Wich rt.rt_dev = ifname; rt.rt_metric = dfl_route_metric + 1; /* +1 for binary compatibility */ -@@ -1725,7 +1728,7 @@ int sifdefaultroute (int unit, u_int32_t +@@ -1728,7 +1731,7 @@ int sifdefaultroute (int unit, u_int32_t SIN_ADDR(rt.rt_genmask) = 0L; } - rt.rt_flags = RTF_UP; + rt.rt_flags = RTF_UP | RTF_GATEWAY; if (ioctl(sock_fd, SIOCADDRT, &rt) < 0) { - if (!ok_error(errno)) + if ( ! ok_error ( errno )) error("default route ioctl(SIOCADDRT): %m"); diff --git a/package/network/services/ppp/patches/400-simplify_kernel_checks.patch b/package/network/services/ppp/patches/400-simplify_kernel_checks.patch index 0754f8f4d6..3c72048362 100644 --- a/package/network/services/ppp/patches/400-simplify_kernel_checks.patch +++ b/package/network/services/ppp/patches/400-simplify_kernel_checks.patch @@ -10,7 +10,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/sys-linux.c +++ b/pppd/sys-linux.c -@@ -200,7 +200,7 @@ static int driver_is_old = 0; +@@ -206,7 +206,7 @@ static int driver_is_old = 0; static int restore_term = 0; /* 1 => we've munged the terminal */ static struct termios inittermios; /* Initial TTY termios */ @@ -19,7 +19,7 @@ Signed-off-by: Jo-Philipp Wich static char loop_name[20]; static unsigned char inbuf[512]; /* buffer for chars read from loopback */ -@@ -219,8 +219,8 @@ static int looped; /* 1 if using loop +@@ -225,8 +225,8 @@ static int looped; /* 1 if using loop static int link_mtu; /* mtu for the link (not bundle) */ static struct utsname utsname; /* for the kernel version */ @@ -29,7 +29,7 @@ Signed-off-by: Jo-Philipp Wich #define MAX_IFS 100 -@@ -1453,11 +1453,12 @@ int ccp_fatal_error (int unit) +@@ -1455,11 +1455,12 @@ int ccp_fatal_error (int unit) * * path_to_procfs - find the path to the proc file system mount point */ @@ -44,7 +44,7 @@ Signed-off-by: Jo-Philipp Wich struct mntent *mntent; FILE *fp; -@@ -1479,6 +1480,7 @@ static char *path_to_procfs(const char * +@@ -1481,6 +1482,7 @@ static char *path_to_procfs(const char * fclose (fp); } } @@ -52,7 +52,7 @@ Signed-off-by: Jo-Philipp Wich strlcpy(proc_path + proc_path_len, tail, sizeof(proc_path) - proc_path_len); -@@ -2332,15 +2334,19 @@ int ppp_available(void) +@@ -2365,15 +2367,19 @@ int ppp_available(void) int my_version, my_modification, my_patch; int osmaj, osmin, ospatch; @@ -72,7 +72,7 @@ Signed-off-by: Jo-Philipp Wich /* XXX should get from driver */ driver_version = 2; -@@ -2400,6 +2406,7 @@ int ppp_available(void) +@@ -2433,6 +2439,7 @@ int ppp_available(void) if (ok && ((ifr.ifr_hwaddr.sa_family & ~0xFF) != ARPHRD_PPP)) ok = 0; @@ -80,7 +80,7 @@ Signed-off-by: Jo-Philipp Wich /* * This is the PPP device. Validate the version of the driver at this -@@ -2936,6 +2943,7 @@ get_pty(master_fdp, slave_fdp, slave_nam +@@ -3106,6 +3113,7 @@ get_pty(int *master_fdp, int *slave_fdp, } #endif /* TIOCGPTN */ @@ -88,7 +88,7 @@ Signed-off-by: Jo-Philipp Wich if (sfd < 0) { /* the old way - scan through the pty name space */ for (i = 0; i < 64; ++i) { -@@ -2954,6 +2962,7 @@ get_pty(master_fdp, slave_fdp, slave_nam +@@ -3124,6 +3132,7 @@ get_pty(int *master_fdp, int *slave_fdp, } } } @@ -98,11 +98,11 @@ Signed-off-by: Jo-Philipp Wich return 0; --- a/pppd/plugins/pppoatm/pppoatm.c +++ b/pppd/plugins/pppoatm/pppoatm.c -@@ -168,14 +168,6 @@ static void disconnect_pppoatm(void) +@@ -171,14 +171,6 @@ static void disconnect_pppoatm(void) void plugin_init(void) { --#if defined(__linux__) +-#ifdef linux - extern int new_style_driver; /* From sys-linux.c */ - if (!ppp_available() && !new_style_driver) - fatal("Kernel doesn't support ppp_generic - " @@ -110,12 +110,12 @@ Signed-off-by: Jo-Philipp Wich -#else - fatal("No PPPoATM support on this OS"); -#endif - info("PPPoATM plugin_init"); add_options(pppoa_options); } ---- a/pppd/plugins/rp-pppoe/plugin.c -+++ b/pppd/plugins/rp-pppoe/plugin.c -@@ -59,9 +59,6 @@ static char const RCSID[] = + +--- a/pppd/plugins/pppoe/plugin.c ++++ b/pppd/plugins/pppoe/plugin.c +@@ -58,9 +58,6 @@ static char const RCSID[] = char pppd_version[] = VERSION; @@ -125,7 +125,7 @@ Signed-off-by: Jo-Philipp Wich char *pppd_pppoe_service = NULL; static char *acName = NULL; static char *existingSession = NULL; -@@ -394,10 +391,6 @@ PPPoEDevnameHook(char *cmd, char **argv, +@@ -407,10 +404,6 @@ PPPoEDevnameHook(char *cmd, char **argv, void plugin_init(void) { @@ -135,7 +135,7 @@ Signed-off-by: Jo-Philipp Wich - add_options(Options); - info("RP-PPPoE plugin version %s compiled against pppd %s", + info("PPPoE plugin from pppd %s", VERSION); --- a/pppd/plugins/pppol2tp/pppol2tp.c +++ b/pppd/plugins/pppol2tp/pppol2tp.c @@ -490,12 +490,7 @@ static void pppol2tp_cleanup(void) diff --git a/package/network/services/ppp/patches/401-no_record_file.patch b/package/network/services/ppp/patches/401-no_record_file.patch index f707fda8ab..7844260685 100644 --- a/package/network/services/ppp/patches/401-no_record_file.patch +++ b/package/network/services/ppp/patches/401-no_record_file.patch @@ -7,7 +7,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/pppd.h +++ b/pppd/pppd.h -@@ -326,7 +326,6 @@ extern int holdoff; /* Dead time before +@@ -317,7 +317,6 @@ extern int holdoff; /* Dead time before extern bool holdoff_specified; /* true if user gave a holdoff value */ extern bool notty; /* Stdin/out is not a tty */ extern char *pty_socket; /* Socket to connect to pty */ @@ -17,7 +17,7 @@ Signed-off-by: Jo-Philipp Wich extern char linkname[MAXPATHLEN]; /* logical name for link */ --- a/pppd/tty.c +++ b/pppd/tty.c -@@ -145,7 +145,7 @@ char *disconnect_script = NULL; /* Scrip +@@ -143,7 +143,7 @@ char *disconnect_script = NULL; /* Scrip char *welcomer = NULL; /* Script to run after phys link estab. */ char *ptycommand = NULL; /* Command to run on other side of pty */ bool notty = 0; /* Stdin/out is not a tty */ @@ -26,7 +26,7 @@ Signed-off-by: Jo-Philipp Wich int max_data_rate; /* max bytes/sec through charshunt */ bool sync_serial = 0; /* Device is synchronous serial device */ char *pty_socket = NULL; /* Socket to connect to pty */ -@@ -201,8 +201,10 @@ option_t tty_options[] = { +@@ -199,8 +199,10 @@ option_t tty_options[] = { "Send and receive over socket, arg is host:port", OPT_PRIO | OPT_DEVNAM }, diff --git a/package/network/services/ppp/patches/403-no_wtmp.patch b/package/network/services/ppp/patches/403-no_wtmp.patch index 537a1b0c7f..772620ed72 100644 --- a/package/network/services/ppp/patches/403-no_wtmp.patch +++ b/package/network/services/ppp/patches/403-no_wtmp.patch @@ -7,7 +7,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/sys-linux.c +++ b/pppd/sys-linux.c -@@ -2470,6 +2470,7 @@ int ppp_available(void) +@@ -2503,6 +2503,7 @@ int ppp_available(void) void logwtmp (const char *line, const char *name, const char *host) { @@ -15,7 +15,7 @@ Signed-off-by: Jo-Philipp Wich struct utmp ut, *utp; pid_t mypid = getpid(); #if __GLIBC__ < 2 -@@ -2535,6 +2536,7 @@ void logwtmp (const char *line, const ch +@@ -2568,6 +2569,7 @@ void logwtmp (const char *line, const ch close (wtmp); } #endif diff --git a/package/network/services/ppp/patches/404-remove_obsolete_protocol_names.patch b/package/network/services/ppp/patches/404-remove_obsolete_protocol_names.patch index d37fc03539..b9b6f0e593 100644 --- a/package/network/services/ppp/patches/404-remove_obsolete_protocol_names.patch +++ b/package/network/services/ppp/patches/404-remove_obsolete_protocol_names.patch @@ -7,7 +7,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/main.c +++ b/pppd/main.c -@@ -883,14 +883,17 @@ struct protocol_list { +@@ -866,14 +866,17 @@ struct protocol_list { const char *name; } protocol_list[] = { { 0x21, "IP" }, @@ -25,7 +25,7 @@ Signed-off-by: Jo-Philipp Wich { 0x33, "Stream Protocol ST-II" }, { 0x35, "Banyan Vines" }, { 0x39, "AppleTalk EDDP" }, -@@ -904,8 +907,11 @@ struct protocol_list { +@@ -887,8 +890,11 @@ struct protocol_list { { 0x49, "Serial Data Transport Protocol (PPP-SDTP)" }, { 0x4b, "SNA over 802.2" }, { 0x4d, "SNA" }, @@ -37,7 +37,7 @@ Signed-off-by: Jo-Philipp Wich { 0x53, "Encryption" }, { 0x55, "Individual Link Encryption" }, { 0x57, "IPv6" }, -@@ -916,12 +922,15 @@ struct protocol_list { +@@ -899,12 +905,15 @@ struct protocol_list { { 0x65, "RTP IPHC Compressed non-TCP" }, { 0x67, "RTP IPHC Compressed UDP 8" }, { 0x69, "RTP IPHC Compressed RTP 8" }, @@ -53,7 +53,7 @@ Signed-off-by: Jo-Philipp Wich { 0x0203, "IBM Source Routing BPDU" }, { 0x0205, "DEC LANBridge100 Spanning Tree" }, { 0x0207, "Cisco Discovery Protocol" }, -@@ -933,15 +942,19 @@ struct protocol_list { +@@ -916,15 +925,19 @@ struct protocol_list { { 0x0231, "Luxcom" }, { 0x0233, "Sigma Network Systems" }, { 0x0235, "Apple Client Server Protocol" }, @@ -73,7 +73,7 @@ Signed-off-by: Jo-Philipp Wich { 0x4001, "Cray Communications Control Protocol" }, { 0x4003, "CDPD Mobile Network Registration Protocol" }, { 0x4005, "Expand accelerator protocol" }, -@@ -952,8 +965,10 @@ struct protocol_list { +@@ -935,8 +948,10 @@ struct protocol_list { { 0x4023, "RefTek Protocol" }, { 0x4025, "Fibre Channel" }, { 0x4027, "EMIT Protocols" }, @@ -84,7 +84,7 @@ Signed-off-by: Jo-Philipp Wich { 0x8023, "OSI Network Layer Control Protocol" }, { 0x8025, "Xerox NS IDP Control Protocol" }, { 0x8027, "DECnet Phase IV Control Protocol" }, -@@ -962,7 +977,9 @@ struct protocol_list { +@@ -945,7 +960,9 @@ struct protocol_list { { 0x8031, "Bridging NCP" }, { 0x8033, "Stream Protocol Control Protocol" }, { 0x8035, "Banyan Vines Control Protocol" }, @@ -94,7 +94,7 @@ Signed-off-by: Jo-Philipp Wich { 0x803f, "NETBIOS Framing Control Protocol" }, { 0x8041, "Cisco Systems Control Protocol" }, { 0x8043, "Ascom Timeplex" }, -@@ -971,18 +988,24 @@ struct protocol_list { +@@ -954,18 +971,24 @@ struct protocol_list { { 0x8049, "Serial Data Control Protocol (PPP-SDCP)" }, { 0x804b, "SNA over 802.2 Control Protocol" }, { 0x804d, "SNA Control Protocol" }, @@ -119,7 +119,7 @@ Signed-off-by: Jo-Philipp Wich { 0x8207, "Cisco Discovery Protocol Control" }, { 0x8209, "Netcs Twin Routing" }, { 0x820b, "STP - Control Protocol" }, -@@ -991,24 +1014,29 @@ struct protocol_list { +@@ -974,24 +997,29 @@ struct protocol_list { { 0x8281, "MPLSCP" }, { 0x8285, "IEEE p1284.4 standard - Protocol Control" }, { 0x8287, "ETSI TETRA TNP1 Control Protocol" }, diff --git a/package/network/services/ppp/patches/405-no_multilink_option.patch b/package/network/services/ppp/patches/405-no_multilink_option.patch index ce87d039a3..a34ec57b0a 100644 --- a/package/network/services/ppp/patches/405-no_multilink_option.patch +++ b/package/network/services/ppp/patches/405-no_multilink_option.patch @@ -9,7 +9,7 @@ Signed-off-by: Jo-Philipp Wich --- a/pppd/options.c +++ b/pppd/options.c -@@ -349,13 +349,14 @@ option_t general_options[] = { +@@ -348,13 +348,14 @@ option_t general_options[] = { "Enable multilink operation", OPT_PRIOSUB | OPT_ALIAS | 1 }, { "nomultilink", o_bool, &multilink, "Disable multilink operation", OPT_PRIOSUB | 0 }, diff --git a/package/network/services/ppp/patches/500-add-pptp-plugin.patch b/package/network/services/ppp/patches/500-add-pptp-plugin.patch index 5ed861d545..96f4bcaf70 100644 --- a/package/network/services/ppp/patches/500-add-pptp-plugin.patch +++ b/package/network/services/ppp/patches/500-add-pptp-plugin.patch @@ -1,8 +1,8 @@ --- a/configure +++ b/configure -@@ -195,7 +195,7 @@ if [ -d "$ksrc" ]; then +@@ -133,7 +133,7 @@ if [ -d "$ksrc" ]; then mkmkf $ksrc/Makedefs$compiletype Makedefs.com - for dir in pppd pppstats chat pppdump pppd/plugins pppd/plugins/rp-pppoe \ + for dir in pppd pppstats chat pppdump pppd/plugins pppd/plugins/pppoe \ pppd/plugins/radius pppd/plugins/pppoatm \ - pppd/plugins/pppol2tp; do + pppd/plugins/pppol2tp pppd/plugins/pptp ; do @@ -11,12 +11,12 @@ if [ -f $ksrc/Makefile.$makext$archvariant ]; then --- a/pppd/plugins/Makefile.linux +++ b/pppd/plugins/Makefile.linux -@@ -9,7 +9,7 @@ BINDIR = $(DESTDIR)/sbin - MANDIR = $(DESTDIR)/share/man/man8 - LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) +@@ -14,7 +14,7 @@ INSTALL = install + # EAP-TLS + CFLAGS += -DUSE_EAPTLS=1 --SUBDIRS := rp-pppoe pppoatm pppol2tp -+SUBDIRS := rp-pppoe pppoatm pppol2tp pptp +-SUBDIRS := pppoe pppoatm pppol2tp ++SUBDIRS := pppoe pppoatm pppol2tp pptp # Uncomment the next line to include the radius authentication plugin SUBDIRS += radius PLUGINS := minconn.so passprompt.so passwordfd.so winbind.so diff --git a/package/network/services/ppp/patches/600-Revert-pppd-Use-openssl-for-the-DES-instead-of-the-l.patch b/package/network/services/ppp/patches/600-Revert-pppd-Use-openssl-for-the-DES-instead-of-the-l.patch index 5802d6158c..dc18156a04 100644 --- a/package/network/services/ppp/patches/600-Revert-pppd-Use-openssl-for-the-DES-instead-of-the-l.patch +++ b/package/network/services/ppp/patches/600-Revert-pppd-Use-openssl-for-the-DES-instead-of-the-l.patch @@ -15,8 +15,8 @@ This reverts commit 3c7b86229f7bd2600d74db14b1fe5b3896be3875. --- a/pppd/Makefile.linux +++ b/pppd/Makefile.linux -@@ -35,10 +35,10 @@ endif - COPTS = -O2 -pipe -Wall -g +@@ -36,10 +36,10 @@ endif + LIBS = -lrt -# Uncomment the next line to include support for Microsoft's @@ -28,19 +28,19 @@ This reverts commit 3c7b86229f7bd2600d74db14b1fe5b3896be3875. # Don't use MSLANMAN unless you really know what you're doing. #MSLANMAN=y # Uncomment the next line to include support for MPPE. CHAPMS (above) must -@@ -141,8 +141,7 @@ endif +@@ -158,8 +158,7 @@ endif ifdef NEEDDES ifndef USE_CRYPT -CFLAGS += -I$(shell $(CC) --print-sysroot)/usr/include/openssl --LIBS += -lcrypto +-NEEDCRYPTOLIB = y +LIBS += -ldes $(LIBS) else CFLAGS += -DUSE_CRYPT=1 endif --- a/pppd/pppcrypt.c +++ b/pppd/pppcrypt.c -@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key w +@@ -62,7 +62,7 @@ MakeKey(u_char *key, u_char *des_key) des_key[7] = Get7Bits(key, 49); #ifndef USE_CRYPT @@ -49,7 +49,7 @@ This reverts commit 3c7b86229f7bd2600d74db14b1fe5b3896be3875. #endif } -@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */ +@@ -147,30 +147,30 @@ DesDecrypt(u_char *cipher, u_char *clear } #else /* USE_CRYPT */ @@ -57,8 +57,7 @@ This reverts commit 3c7b86229f7bd2600d74db14b1fe5b3896be3875. +static des_key_schedule key_schedule; bool - DesSetkey(key) - u_char *key; + DesSetkey(u_char *key) { - DES_cblock des_key; + des_cblock des_key; @@ -69,10 +68,7 @@ This reverts commit 3c7b86229f7bd2600d74db14b1fe5b3896be3875. } bool --DesEncrypt(clear, cipher) -+DesEncrypt(clear, key, cipher) - u_char *clear; /* IN 8 octets */ - u_char *cipher; /* OUT 8 octets */ + DesEncrypt(u_char *clear, u_char *cipher) { - DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, - &key_schedule, 1); @@ -81,9 +77,8 @@ This reverts commit 3c7b86229f7bd2600d74db14b1fe5b3896be3875. return (1); } -@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear) - u_char *cipher; /* IN 8 octets */ - u_char *clear; /* OUT 8 octets */ + bool + DesDecrypt(u_char *cipher, u_char *clear) { - DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, - &key_schedule, 0); -- 2.30.2