1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
<table class="head">
<tr>
<td class="head-ltitle">NG_MPPC(4)</td>
<td class="head-vol">Device Drivers Manual</td>
<td class="head-rtitle">NG_MPPC(4)</td>
</tr>
</table>
<div class="manual-text">
<section class="Sh">
<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
<p class="Pp"><code class="Nm">ng_mppc</code> —
<span class="Nd">Microsoft MPPC/MPPE compression and encryption netgraph
node type</span></p>
</section>
<section class="Sh">
<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
<p class="Pp"><code class="In">#include
<<a class="In">sys/types.h</a>></code>
<br/>
<code class="In">#include
<<a class="In">netgraph/ng_mppc.h</a>></code></p>
</section>
<section class="Sh">
<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
<p class="Pp">The <code class="Nm">mppc</code> node type implements the
Microsoft Point-to-Point Compression (MPPC) and Microsoft Point-to-Point
Encryption (MPPE) sub-protocols of the PPP protocol. These protocols are
often used in conjunction with the Point-to-Point Tunneling Protocol
(PPTP).</p>
<p class="Pp">The node has two hooks, <code class="Dv">comp</code> for
compression and <code class="Dv">decomp</code> for decompression. Typically
one or both of these hooks would be connected to the
<a class="Xr">ng_ppp(4)</a> node type hook of the same name. Each direction
of traffic flow is independent of the other.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="HOOKS"><a class="permalink" href="#HOOKS">HOOKS</a></h1>
<p class="Pp">This node type supports the following hooks:</p>
<dl class="Bl-tag">
<dt id="comp"><var class="Va">comp</var></dt>
<dd>Connection to <a class="Xr">ng_ppp(4)</a> <code class="Dv">comp</code>
hook. Incoming frames are compressed and/or encrypted, and sent back out
the same hook.</dd>
<dt id="decomp"><var class="Va">decomp</var></dt>
<dd>Connection to <a class="Xr">ng_ppp(4)</a> <code class="Dv">decomp</code>
hook. Incoming frames are decompressed and/or decrypted, and sent back out
the same hook.</dd>
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="CONTROL_MESSAGES"><a class="permalink" href="#CONTROL_MESSAGES">CONTROL
MESSAGES</a></h1>
<p class="Pp">This node type supports the generic control messages, plus the
following:</p>
<dl class="Bl-tag">
<dt id="NGM_MPPC_CONFIG_COMP"><a class="permalink" href="#NGM_MPPC_CONFIG_COMP"><code class="Dv">NGM_MPPC_CONFIG_COMP</code></a></dt>
<dd>This command resets and configures the node for a session in the outgoing
traffic direction (i.e., for compression and/or encryption). This command
takes a <code class="Dv">struct ng_mppc_config</code> as an argument:
<div class="Bd Pp Bd-indent Li">
<pre>/* Length of MPPE key */
#define MPPE_KEY_LEN 16
/* MPPC/MPPE PPP negotiation bits */
#define MPPC_BIT 0x00000001 /* mppc compression bits */
#define MPPE_40 0x00000020 /* use 40 bit key */
#define MPPE_56 0x00000080 /* use 56 bit key */
#define MPPE_128 0x00000040 /* use 128 bit key */
#define MPPE_BITS 0x000000e0 /* mppe encryption bits */
#define MPPE_STATELESS 0x01000000 /* use stateless mode */
#define MPPC_VALID_BITS 0x010000e1 /* possibly valid bits */
/* Configuration for a session */
struct ng_mppc_config {
u_char enable; /* enable */
uint32_t bits; /* config bits */
u_char startkey[MPPE_KEY_LEN]; /* start key */
};
</pre>
</div>
The <code class="Dv">enabled</code> field enables traffic flow through the
node. The <code class="Dv">bits</code> field contains the bits as
negotiated by the Compression Control Protocol (CCP) in PPP. The
<code class="Dv">startkey</code> is only necessary if MPPE was negotiated,
and must be equal to the session start key as defined for MPPE. This key
is based on the MS-CHAP credentials used at link authentication time.</dd>
<dt id="NGM_MPPC_CONFIG_DECOMP"><a class="permalink" href="#NGM_MPPC_CONFIG_DECOMP"><code class="Dv">NGM_MPPC_CONFIG_DECOMP</code></a></dt>
<dd>This command resets and configures the node for a session in the incoming
traffic direction (i.e., for decompression and/or decryption). This
command takes a <code class="Dv">struct ng_mppc_config</code> as an
argument.</dd>
<dt id="NGM_MPPC_RESETREQ"><a class="permalink" href="#NGM_MPPC_RESETREQ"><code class="Dv">NGM_MPPC_RESETREQ</code></a></dt>
<dd>This message contains no arguments, and is bi-directional. If an error is
detected during decompression, this message is sent by the node to the
originator of the <code class="Dv">NGM_MPPC_CONFIG_DECOMP</code> message
that initiated the session. The receiver should respond by sending a PPP
CCP Reset-Request to the peer.
<p class="Pp">This message may also be received by this node type when a CCP
Reset-Request is received by the local PPP entity. The node will respond
by flushing its outgoing compression and encryption state so the remote
side can resynchronize.</p>
</dd>
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="SHUTDOWN"><a class="permalink" href="#SHUTDOWN">SHUTDOWN</a></h1>
<p class="Pp">This node shuts down upon receipt of a
<code class="Dv">NGM_SHUTDOWN</code> control message, or when both hooks
have been disconnected.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="COMPILATION"><a class="permalink" href="#COMPILATION">COMPILATION</a></h1>
<p class="Pp">The kernel options
<code class="Dv">NETGRAPH_MPPC_COMPRESSION</code> and
<code class="Dv">NETGRAPH_MPPC_ENCRYPTION</code> are supplied to selectively
compile in either or both capabilities. At least one of these must be
defined, or else this node type is useless.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE
ALSO</a></h1>
<p class="Pp"><a class="Xr">netgraph(4)</a>, <a class="Xr">ng_ppp(4)</a>,
<a class="Xr">ngctl(8)</a></p>
<p class="Pp"><cite class="Rs"><span class="RsA">G. Pall</span>,
<span class="RsT">Microsoft Point-To-Point Compression (MPPC)
Protocol</span>, <span class="RsO">RFC 2118</span>.</cite></p>
<p class="Pp"><cite class="Rs"><span class="RsA">G. S. Pall</span> and
<span class="RsA">G. Zorn</span>, <span class="RsT">Microsoft Point-To-Point
Encryption (MPPE) Protocol</span>,
<span class="RsO">draft-ietf-pppext-mppe-04.txt</span>.</cite></p>
<p class="Pp"><cite class="Rs"><span class="RsA">K. Hamzeh</span>,
<span class="RsA">G. Pall</span>, <span class="RsA">W. Verthein</span>,
<span class="RsA">J. Taarud</span>, <span class="RsA">W. Little</span>, and
<span class="RsA">G. Zorn</span>, <span class="RsT">Point-to-Point Tunneling
Protocol (PPTP)</span>, <span class="RsO">RFC 2637</span>.</cite></p>
</section>
<section class="Sh">
<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1>
<p class="Pp"><span class="An">Archie Cobbs</span>
<<a class="Mt" href="mailto:archie@FreeBSD.org">archie@FreeBSD.org</a>></p>
</section>
<section class="Sh">
<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1>
<p class="Pp">In PPP, encryption should be handled by the Encryption Control
Protocol (ECP) rather than CCP. However, Microsoft combined both compression
and encryption into their ``compression'' algorithm, which is confusing.</p>
</section>
</div>
<table class="foot">
<tr>
<td class="foot-date">June 7, 2016</td>
<td class="foot-os">FreeBSD 15.0</td>
</tr>
</table>
|
