ng_mppc(4)
NAME
- ng_mppc - Microsoft MPPC/MPPE compression and encryption
- netgraph node type
SYNOPSIS
#include <sys/types.h> #include <netgraph/ng_mppc.h>
DESCRIPTION
- The mppc node type implements the Microsoft Point-to-Point
- Compression (MPPC) and Microsoft Point-to-Point Encryption (MPPE) sub
- protocols of the PPP protocol. These protocols are often used in con
- junction with the Point-to-Point Tunneling Protocol (PPTP).
- The node has two hooks, comp for compression and decomp for
- decompression. Typically one or both of these hooks would be con
- nected to the ng_ppp(4) node type hook of the same name. Each direction
- of traffic flow is independent of the other.
HOOKS
This node type supports the following hooks:
- comp Connection to ng_ppp(4) comp hook. Incoming
- frames are
- compressed and/or encrypted, and sent back out
- the same hook.
- decomp Connection to ng_ppp(4) decomp hook. Incoming
- frames are
- decompressed and/or decrypted, and sent back
- out the same hook.
CONTROL MESSAGES
- This node type supports the generic control messages, plus
- the following:
- NGM_MPPC_CONFIG_COMP
- This command resets and configures the node for a ses
- sion in the outgoing traffic direction (i.e., for compression
- and/or encryption). This command takes a struct ng_mppc_config as
- an argument:
- /* Length of MPPE key */ #define MPPE_KEY_LEN 16
- /* MPPC/MPPE PPP negotiation bits */ #define MPPC_BIT 0x00000001 /* mppc com
- pression bits */ #define MPPE_40 0x00000020 /* use 40 bit
- key */ #define MPPE_56 0x00000080 /* use 56 bit
- key */ #define MPPE_128 0x00000040 /* use 128
- bit key */ #define MPPE_BITS 0x000000e0 /* mppe en
- cryption bits */ #define MPPE_STATELESS 0x01000000 /* use state
- less mode */ #define MPPC_VALID_BITS 0x010000e1 /* possibly
- valid bits */
- /* Configuration for a session */
struct ng_mppc_config {
u_char enable; /* enable */ u_int32_t bits; /* config bits */ u_char startkey[MPPE_KEY_LEN]; /* start key */
- };
- The enabled field enables traffic flow through the
- node. The bits field contains the bits as negotiated by the Compres
- sion Control Protocol (CCP) in PPP. The startkey is only necessary
- if MPPE was negotiated, and must be equal to the session start key
- as defined for MPPE. This key is based on the MS-CHAP credentials
- used at link authentication time.
- NGM_MPPC_CONFIG_DECOMP
- This command resets and configures the node for a ses
- sion in the incoming traffic direction (i.e., for decompression
- and/or decryption). This command takes a struct ng_mppc_config as
- an argument.
- NGM_MPPC_RESETREQ
- This message contains no arguments, and is bi-direc
- tional. If an error is detected during decompression, this message is
- sent by the node to the originator of the NGM_MPPC_CONFIG_DECOMP
- message that initiated the session. The receiver should respond by
- sending a PPP CCP Reset-Request to the peer.
- This message may also be received by this node type
- when a CCP Reset-Request is received by the local PPP entity. The
- node will respond by flushing its outgoing compression and en
- cryption state so the remote side can resynchronize.
SHUTDOWN
- This node shuts down upon receipt of a NGM_SHUTDOWN control
- message, or when both hooks have been disconnected.
COMPILATION
- The kernel options NETGRAPH_MPPC_COMPRESSION and NET
- GRAPH_MPPC_ENCRYPTION are supplied to selectively compile in either or both capa
- bilities. At least one of these must be defined, or else this node type
- is useless.
- The MPPC protocol requires proprietary compression code
- available from Hi/Fn (formerly STAC). These files must be obtained else
- where and added to the kernel sources before this node type will compile
- with the NETGRAPH_MPPC_COMPRESSION option.
SEE ALSO
netgraph(4), ng_ppp(4), ngctl(8)
- G. Pall, Microsoft Point-To-Point Compression (MPPC)
- Protocol, RFC 2118.
- G. S. Pall and G. Zorn, Microsoft Point-To-Point Encryption
- (MPPE) Protocol, draft-ietf-pppext-mppe-04.txt.
- K. Hamzeh, G. Pall, W. Verthein, J. Taarud, W. Little, and
- G. Zorn, Point-to-Point Tunneling Protocol (PPTP), RFC 2637.
AUTHORS
Archie Cobbs <archie@FreeBSD.org>
BUGS
- In PPP, encryption should be handled by the Encryption Con
- trol Protocol (ECP) rather than CCP. However, Microsoft combined both
- compression and encryption into their ``compression'' algorithm, which is
- confusing.
- BSD December 8, 1999