ng_mppc(4)

NAME

ng_mppc - Microsoft MPPC/MPPE compression and encryption
netgraph node
type

SYNOPSIS

#include <sys/types.h>
#include <netgraph/ng_mppc.h>

DESCRIPTION

The mppc node type implements the Microsoft Point-to-Point
Compression
(MPPC) and Microsoft Point-to-Point Encryption (MPPE) sub
protocols of
the PPP protocol. These protocols are often used in con
junction with the
Point-to-Point Tunneling Protocol (PPTP).
The node has two hooks, comp for compression and decomp for
decompression. Typically one or both of these hooks would be con
nected to the
ng_ppp(4) node type hook of the same name. Each direction
of traffic
flow is independent of the other.

HOOKS

This node type supports the following hooks:

comp Connection to ng_ppp(4) comp hook. Incoming
frames are
compressed and/or encrypted, and sent back out
the same
hook.
decomp Connection to ng_ppp(4) decomp hook. Incoming
frames are
decompressed and/or decrypted, and sent back
out the same
hook.

CONTROL MESSAGES

This node type supports the generic control messages, plus
the following:
NGM_MPPC_CONFIG_COMP
This command resets and configures the node for a ses
sion in the
outgoing traffic direction (i.e., for compression
and/or encryption). This command takes a struct ng_mppc_config as
an argument:
/* Length of MPPE key */
#define MPPE_KEY_LEN 16
/* MPPC/MPPE PPP negotiation bits */
#define MPPC_BIT 0x00000001 /* mppc com
pression bits */
#define MPPE_40 0x00000020 /* use 40 bit
key */
#define MPPE_56 0x00000080 /* use 56 bit
key */
#define MPPE_128 0x00000040 /* use 128
bit key */
#define MPPE_BITS 0x000000e0 /* mppe en
cryption bits */
#define MPPE_STATELESS 0x01000000 /* use state
less mode */
#define MPPC_VALID_BITS 0x010000e1 /* possibly
valid bits */
/* Configuration for a session */
struct ng_mppc_config {
u_char enable; /* enable */
u_int32_t bits; /* config bits */
u_char startkey[MPPE_KEY_LEN]; /* start key */
};
The enabled field enables traffic flow through the
node. The bits
field contains the bits as negotiated by the Compres
sion Control
Protocol (CCP) in PPP. The startkey is only necessary
if MPPE was
negotiated, and must be equal to the session start key
as defined
for MPPE. This key is based on the MS-CHAP credentials
used at link
authentication time.
NGM_MPPC_CONFIG_DECOMP
This command resets and configures the node for a ses
sion in the
incoming traffic direction (i.e., for decompression
and/or decryption). This command takes a struct ng_mppc_config as
an argument.
NGM_MPPC_RESETREQ
This message contains no arguments, and is bi-direc
tional. If an
error is detected during decompression, this message is
sent by the
node to the originator of the NGM_MPPC_CONFIG_DECOMP
message that
initiated the session. The receiver should respond by
sending a PPP
CCP Reset-Request to the peer.
This message may also be received by this node type
when a CCP
Reset-Request is received by the local PPP entity. The
node will
respond by flushing its outgoing compression and en
cryption state so
the remote side can resynchronize.

SHUTDOWN

This node shuts down upon receipt of a NGM_SHUTDOWN control
message, or
when both hooks have been disconnected.

COMPILATION

The kernel options NETGRAPH_MPPC_COMPRESSION and NET
GRAPH_MPPC_ENCRYPTION
are supplied to selectively compile in either or both capa
bilities. At
least one of these must be defined, or else this node type
is useless.
The MPPC protocol requires proprietary compression code
available from
Hi/Fn (formerly STAC). These files must be obtained else
where and added
to the kernel sources before this node type will compile
with the
NETGRAPH_MPPC_COMPRESSION option.

SEE ALSO

netgraph(4), ng_ppp(4), ngctl(8)

G. Pall, Microsoft Point-To-Point Compression (MPPC)
Protocol, RFC 2118.
G. S. Pall and G. Zorn, Microsoft Point-To-Point Encryption
(MPPE)
Protocol, draft-ietf-pppext-mppe-04.txt.
K. Hamzeh, G. Pall, W. Verthein, J. Taarud, W. Little, and
G. Zorn,
Point-to-Point Tunneling Protocol (PPTP), RFC 2637.

AUTHORS

Archie Cobbs <archie@FreeBSD.org>

BUGS

In PPP, encryption should be handled by the Encryption Con
trol Protocol
(ECP) rather than CCP. However, Microsoft combined both
compression and
encryption into their ``compression'' algorithm, which is
confusing.
BSD December 8, 1999
Copyright © 2010-2024 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout