RE: ppp_mppe+pptp for 2.6.14?
[EMAIL PROTECTED] wrote: > On Mon, Aug 29, 2005 at 05:10:34PM -0500, Matt Domsch wrote: >> I've asked James Cameron, pptp project lead, to try a test to force >> the server side to issue a CCP DOWN, to make sure the client-side >> kernel ppp_generic module does the right thing and drops packets. > > I've tested this now with a host running kernel 2.6.13 with Matt's > SC_MUST_COMP patch to the kernel and to ppp 2.4.4b1, sending SIGUSR2 > to the pppd while flooding the connection with pings from the server. > > The result is an LCP TermReq from the server to the client, after > which no further data packets appear. All the data packets up to the > LCP TermReq are encrypted. The client sends an LCP TermAck, then > takes down the interface. There's sign of CCP down, in that a CCP > ConfReq appears from the server just after the LCP TermReq. > > I'm not sure this is an adequate test, and will take advice on that. > > Test configuration; > > - server, 2.6.13 + SC_MUST_COMP, ppp 2.4.4b1 + SC_MUST_COMP, pptpd > 1.3.1 > - client, 2.6.12.5 + SC_MUST_COMP, ppp 2.4.4b1 + SC_MUST_COMP, pptp > 1.5.0 > > Client side pppd log fragment; > > local IP address 10.8.0.2 > remote IP address 10.8.0.1 > Script /etc/ppp/ip-up started (pid 5036) Script /etc/ppp/ip-up > finished (pid 5036), status = 0x0 rcvd [LCP TermReq id=0x2 "MPPE > disabled"] LCP terminated by peer (MPPE disabled) Connect time 0.4 > minutes. > Sent 262920 bytes, received 262920 bytes. > Script /etc/ppp/ip-down started (pid 5048) sent [LCP TermAck id=0x2] > rcvd [CCP ConfReq id=0x2 ] Discarded non-LCP > packet when LCP not open Script /etc/ppp/ip-down finished (pid 5048), > status = 0x0 Connection terminated. > Modem hangup This looks good. One more thing I would ask, please repeat with a server that doesn't have the SC_MUST_COMP pppd patch. On SIGUSR2 the unmodified server should still send CCP DOWN to the client, which should start dropping packets. Thanks, Matt -- Matt Domsch Software Architect Dell Linux Solutions linux.dell.com & www.dell.com/linux Linux on Dell mailing lists @ http://lists.us.dell.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: ppp_mppe+pptp for 2.6.14?
[EMAIL PROTECTED] wrote: On Mon, Aug 29, 2005 at 05:10:34PM -0500, Matt Domsch wrote: I've asked James Cameron, pptp project lead, to try a test to force the server side to issue a CCP DOWN, to make sure the client-side kernel ppp_generic module does the right thing and drops packets. I've tested this now with a host running kernel 2.6.13 with Matt's SC_MUST_COMP patch to the kernel and to ppp 2.4.4b1, sending SIGUSR2 to the pppd while flooding the connection with pings from the server. The result is an LCP TermReq from the server to the client, after which no further data packets appear. All the data packets up to the LCP TermReq are encrypted. The client sends an LCP TermAck, then takes down the interface. There's sign of CCP down, in that a CCP ConfReq appears from the server just after the LCP TermReq. I'm not sure this is an adequate test, and will take advice on that. Test configuration; - server, 2.6.13 + SC_MUST_COMP, ppp 2.4.4b1 + SC_MUST_COMP, pptpd 1.3.1 - client, 2.6.12.5 + SC_MUST_COMP, ppp 2.4.4b1 + SC_MUST_COMP, pptp 1.5.0 Client side pppd log fragment; local IP address 10.8.0.2 remote IP address 10.8.0.1 Script /etc/ppp/ip-up started (pid 5036) Script /etc/ppp/ip-up finished (pid 5036), status = 0x0 rcvd [LCP TermReq id=0x2 MPPE disabled] LCP terminated by peer (MPPE disabled) Connect time 0.4 minutes. Sent 262920 bytes, received 262920 bytes. Script /etc/ppp/ip-down started (pid 5048) sent [LCP TermAck id=0x2] rcvd [CCP ConfReq id=0x2 mppe +H -M +S -L -D -C] Discarded non-LCP packet when LCP not open Script /etc/ppp/ip-down finished (pid 5048), status = 0x0 Connection terminated. Modem hangup This looks good. One more thing I would ask, please repeat with a server that doesn't have the SC_MUST_COMP pppd patch. On SIGUSR2 the unmodified server should still send CCP DOWN to the client, which should start dropping packets. Thanks, Matt -- Matt Domsch Software Architect Dell Linux Solutions linux.dell.com www.dell.com/linux Linux on Dell mailing lists @ http://lists.us.dell.com - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: ppp_mppe+pptp for 2.6.14?
My problems with ENOPROTOOPT were due to lack of coffee. They were caused by ICMP protocol unreachable responses from the test server because I'd taken away it's pppd. My mistake. On Mon, Aug 29, 2005 at 05:10:34PM -0500, Matt Domsch wrote: > I've asked James Cameron, pptp project lead, to try a test to force > the server side to issue a CCP DOWN, to make sure the client-side > kernel ppp_generic module does the right thing and drops packets. I've tested this now with a host running kernel 2.6.13 with Matt's SC_MUST_COMP patch to the kernel and to ppp 2.4.4b1, sending SIGUSR2 to the pppd while flooding the connection with pings from the server. The result is an LCP TermReq from the server to the client, after which no further data packets appear. All the data packets up to the LCP TermReq are encrypted. The client sends an LCP TermAck, then takes down the interface. There's sign of CCP down, in that a CCP ConfReq appears from the server just after the LCP TermReq. I'm not sure this is an adequate test, and will take advice on that. Test configuration; - server, 2.6.13 + SC_MUST_COMP, ppp 2.4.4b1 + SC_MUST_COMP, pptpd 1.3.1 - client, 2.6.12.5 + SC_MUST_COMP, ppp 2.4.4b1 + SC_MUST_COMP, pptp 1.5.0 Client side pppd log fragment; local IP address 10.8.0.2 remote IP address 10.8.0.1 Script /etc/ppp/ip-up started (pid 5036) Script /etc/ppp/ip-up finished (pid 5036), status = 0x0 rcvd [LCP TermReq id=0x2 "MPPE disabled"] LCP terminated by peer (MPPE disabled) Connect time 0.4 minutes. Sent 262920 bytes, received 262920 bytes. Script /etc/ppp/ip-down started (pid 5048) sent [LCP TermAck id=0x2] rcvd [CCP ConfReq id=0x2 ] Discarded non-LCP packet when LCP not open Script /etc/ppp/ip-down finished (pid 5048), status = 0x0 Connection terminated. Modem hangup -- James Cameron signature.asc Description: Digital signature
Re: ppp_mppe+pptp for 2.6.14?
On Mon, Aug 29, 2005 at 05:10:34PM -0500, Matt Domsch wrote: > I've asked James Cameron, pptp project lead, to try a test to force > the server side to issue a CCP DOWN, to make sure the client-side > kernel ppp_generic module does the right thing and drops packets. I'm still working on this; tried Matt's patch against 2.6.13 last night, but it seems 2.6.13 has broken raw sockets for pptp and pptpd ... ENOPROTOOPT returned from the read() on the raw socket carrying the GRE stream from pptp to the net. Wasn't happening with 2.6.12.5. My plan is to try Matt's patch against 2.6.12.5, and try 2.6.13 bare, to isolate the cause of the ENOPROTOOPT changed behaviour. The previous version of Matt's patch (before the SC_MUST_COMP feature) is working fine for me with 2.6.12.5. (If anyone has any ideas on raw socket breakage, let me know. 2.6.13 changed net/ipv4/raw.c but the changes look to me to be minor.) -- James Cameron signature.asc Description: Digital signature
Re: ppp_mppe+pptp for 2.6.14?
On Mon, Aug 29, 2005 at 06:12:20PM +0100, Daniel Drake wrote: > Hi, > > If there are no known issues it would be nice to push this for inclusion in > 2.6.14. The relevant patches from -mm are named > ppp_mppe-add-ppp-mppe-encryption-module.patch and > ppp_mppe-add-ppp-mppe-encryption-module-update.patch > > Judging by the feedback I get from Gentoo users, there is high demand for > this :) This patch has been working fine for me for several weeks now. I've asked James Cameron, pptp project lead, to try a test to force the server side to issue a CCP DOWN, to make sure the client-side kernel ppp_generic module does the right thing and drops packets. I don't have a testbed that allows such, but he does. Thanks, Matt -- Matt Domsch Software Architect Dell Linux Solutions linux.dell.com & www.dell.com/linux Linux on Dell mailing lists @ http://lists.us.dell.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
re: ppp_mppe+pptp for 2.6.14?
-- Forwarded message -- From: Anshuman Gholap <[EMAIL PROTECTED]> Date: Aug 29, 2005 10:57 PM Subject: Re: ppp_mppe+pptp for 2.6.14? To: Daniel Drake <[EMAIL PROTECTED]> I might die by excitement if this is implemented :D. for years and years i am waiting for some inbuilt solution to this . here is my saga on a forum http://www.neowin.net/forum/index.php?showtopic=318733=findpost=585899290 regards, anshuman gholap hosting server admin india. On 8/29/05, Daniel Drake <[EMAIL PROTECTED]> wrote: > Hi, > > If there are no known issues it would be nice to push this for inclusion in > 2.6.14. The relevant patches from -mm are named > ppp_mppe-add-ppp-mppe-encryption-module.patch and > ppp_mppe-add-ppp-mppe-encryption-module-update.patch > > Judging by the feedback I get from Gentoo users, there is high demand for > this :) > > Thanks, > Daniel > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
ppp_mppe+pptp for 2.6.14?
Hi, If there are no known issues it would be nice to push this for inclusion in 2.6.14. The relevant patches from -mm are named ppp_mppe-add-ppp-mppe-encryption-module.patch and ppp_mppe-add-ppp-mppe-encryption-module-update.patch Judging by the feedback I get from Gentoo users, there is high demand for this :) Thanks, Daniel - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
ppp_mppe+pptp for 2.6.14?
Hi, If there are no known issues it would be nice to push this for inclusion in 2.6.14. The relevant patches from -mm are named ppp_mppe-add-ppp-mppe-encryption-module.patch and ppp_mppe-add-ppp-mppe-encryption-module-update.patch Judging by the feedback I get from Gentoo users, there is high demand for this :) Thanks, Daniel - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
re: ppp_mppe+pptp for 2.6.14?
-- Forwarded message -- From: Anshuman Gholap [EMAIL PROTECTED] Date: Aug 29, 2005 10:57 PM Subject: Re: ppp_mppe+pptp for 2.6.14? To: Daniel Drake [EMAIL PROTECTED] I might die by excitement if this is implemented :D. for years and years i am waiting for some inbuilt solution to this . here is my saga on a forum http://www.neowin.net/forum/index.php?showtopic=318733view=findpostp=585899290 regards, anshuman gholap hosting server admin india. On 8/29/05, Daniel Drake [EMAIL PROTECTED] wrote: Hi, If there are no known issues it would be nice to push this for inclusion in 2.6.14. The relevant patches from -mm are named ppp_mppe-add-ppp-mppe-encryption-module.patch and ppp_mppe-add-ppp-mppe-encryption-module-update.patch Judging by the feedback I get from Gentoo users, there is high demand for this :) Thanks, Daniel - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: ppp_mppe+pptp for 2.6.14?
On Mon, Aug 29, 2005 at 06:12:20PM +0100, Daniel Drake wrote: Hi, If there are no known issues it would be nice to push this for inclusion in 2.6.14. The relevant patches from -mm are named ppp_mppe-add-ppp-mppe-encryption-module.patch and ppp_mppe-add-ppp-mppe-encryption-module-update.patch Judging by the feedback I get from Gentoo users, there is high demand for this :) This patch has been working fine for me for several weeks now. I've asked James Cameron, pptp project lead, to try a test to force the server side to issue a CCP DOWN, to make sure the client-side kernel ppp_generic module does the right thing and drops packets. I don't have a testbed that allows such, but he does. Thanks, Matt -- Matt Domsch Software Architect Dell Linux Solutions linux.dell.com www.dell.com/linux Linux on Dell mailing lists @ http://lists.us.dell.com - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: ppp_mppe+pptp for 2.6.14?
On Mon, Aug 29, 2005 at 05:10:34PM -0500, Matt Domsch wrote: I've asked James Cameron, pptp project lead, to try a test to force the server side to issue a CCP DOWN, to make sure the client-side kernel ppp_generic module does the right thing and drops packets. I'm still working on this; tried Matt's patch against 2.6.13 last night, but it seems 2.6.13 has broken raw sockets for pptp and pptpd ... ENOPROTOOPT returned from the read() on the raw socket carrying the GRE stream from pptp to the net. Wasn't happening with 2.6.12.5. My plan is to try Matt's patch against 2.6.12.5, and try 2.6.13 bare, to isolate the cause of the ENOPROTOOPT changed behaviour. The previous version of Matt's patch (before the SC_MUST_COMP feature) is working fine for me with 2.6.12.5. (If anyone has any ideas on raw socket breakage, let me know. 2.6.13 changed net/ipv4/raw.c but the changes look to me to be minor.) -- James Cameron signature.asc Description: Digital signature
Re: ppp_mppe+pptp for 2.6.14?
My problems with ENOPROTOOPT were due to lack of coffee. They were caused by ICMP protocol unreachable responses from the test server because I'd taken away it's pppd. My mistake. On Mon, Aug 29, 2005 at 05:10:34PM -0500, Matt Domsch wrote: I've asked James Cameron, pptp project lead, to try a test to force the server side to issue a CCP DOWN, to make sure the client-side kernel ppp_generic module does the right thing and drops packets. I've tested this now with a host running kernel 2.6.13 with Matt's SC_MUST_COMP patch to the kernel and to ppp 2.4.4b1, sending SIGUSR2 to the pppd while flooding the connection with pings from the server. The result is an LCP TermReq from the server to the client, after which no further data packets appear. All the data packets up to the LCP TermReq are encrypted. The client sends an LCP TermAck, then takes down the interface. There's sign of CCP down, in that a CCP ConfReq appears from the server just after the LCP TermReq. I'm not sure this is an adequate test, and will take advice on that. Test configuration; - server, 2.6.13 + SC_MUST_COMP, ppp 2.4.4b1 + SC_MUST_COMP, pptpd 1.3.1 - client, 2.6.12.5 + SC_MUST_COMP, ppp 2.4.4b1 + SC_MUST_COMP, pptp 1.5.0 Client side pppd log fragment; local IP address 10.8.0.2 remote IP address 10.8.0.1 Script /etc/ppp/ip-up started (pid 5036) Script /etc/ppp/ip-up finished (pid 5036), status = 0x0 rcvd [LCP TermReq id=0x2 MPPE disabled] LCP terminated by peer (MPPE disabled) Connect time 0.4 minutes. Sent 262920 bytes, received 262920 bytes. Script /etc/ppp/ip-down started (pid 5048) sent [LCP TermAck id=0x2] rcvd [CCP ConfReq id=0x2 mppe +H -M +S -L -D -C] Discarded non-LCP packet when LCP not open Script /etc/ppp/ip-down finished (pid 5048), status = 0x0 Connection terminated. Modem hangup -- James Cameron signature.asc Description: Digital signature
