more CHAP changes

author bodea <bodea>

Sat, 7 May 2005 08:17:25 +0000 (08:17 +0000)

committer bodea <bodea>

Sat, 7 May 2005 08:17:25 +0000 (08:17 +0000)
author bodea <bodea>
Sat, 7 May 2005 08:17:25 +0000 (08:17 +0000)
committer bodea <bodea>
Sat, 7 May 2005 08:17:25 +0000 (08:17 +0000)
diff --git a/garden.c b/garden.c

index 61e76da..97a36b0 100644 (file)
--- a/garden.c
+++ b/garden.c
@@ -9,7 +9,7 @@
  
  /* walled garden */
  
  
  /* walled garden */
  
-char const *cvs_id = "$Id: garden.c,v 1.21 2005/03/10 03:31:25 bodea Exp $";
+char const *cvs_id = "$Id: garden.c,v 1.22 2005/05/07 08:17:25 bodea Exp $";
  
  int plugin_api_version = PLUGIN_API_VERSION;
  static struct pluginfuncs *p = 0;
  
  int plugin_api_version = PLUGIN_API_VERSION;
  static struct pluginfuncs *p = 0;
@@ -223,7 +223,7 @@ int garden_session(sessiont *s, int flag, char *newuser)
                 {
                         /* OK, we're up! */
                         uint16_t r = p->radiusnew(p->get_id_by_session(s));
                 {
                         /* OK, we're up! */
                         uint16_t r = p->radiusnew(p->get_id_by_session(s));
-                       p->radiussend(r, RADIUSSTART);
+                       if (r) p->radiussend(r, RADIUSSTART);
                 }
         }
  
                 }
         }
  
diff --git a/l2tpns.c b/l2tpns.c

index d1de108..28eca3b 100644 (file)
--- a/l2tpns.c
+++ b/l2tpns.c
@@ -4,7 +4,7 @@
  // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
  // vim: sw=8 ts=8
  
  // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
  // vim: sw=8 ts=8
  
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.95 2005/05/06 23:31:50 bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.96 2005/05/07 08:17:25 bodea Exp $";
  
  #include <arpa/inet.h>
  #include <assert.h>
  
  #include <arpa/inet.h>
  #include <assert.h>
@@ -1458,20 +1458,16 @@ void sessionshutdown(sessionidt s, char *reason, int result, int error)
                 // RADIUS Stop message
                 uint16_t r = sess_local[s].radius;
                 if (!r)
                 // RADIUS Stop message
                 uint16_t r = sess_local[s].radius;
                 if (!r)
+                       r = radiusnew(s);
+
+               if (r)
                 {
                 {
-                       if (!(r = radiusnew(s)))
-                       {
-                               LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Stop message\n");
-                               STAT(radius_overflow);
-                       }
-                       else
-                       {
-                               random_data(radius[r].auth, sizeof(radius[r].auth));
-                       }
+                       // stop, if not already trying
+                       if (radius[r].state != RADIUSSTOP)
+                               radiussend(r, RADIUSSTOP);
                 }
                 }
-
-               if (r && radius[r].state != RADIUSSTOP)
-                       radiussend(r, RADIUSSTOP); // stop, if not already trying
+               else
+                       LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Stop message\n");
  
                 // Save counters to dump to accounting file
                 if (*config->accounting_dir && shut_acct_n < sizeof(shut_acct) / sizeof(*shut_acct))
  
                 // Save counters to dump to accounting file
                 if (*config->accounting_dir && shut_acct_n < sizeof(shut_acct) / sizeof(*shut_acct))
@@ -1546,6 +1542,12 @@ void sendipcp(tunnelidt t, sessionidt s)
         if (!r)
                 r = radiusnew(s);
  
         if (!r)
                 r = radiusnew(s);
  
+       if (!r)
+       {
+               sessionshutdown(s, "No free RADIUS sessions for IPCP");
+               return;
+       }
+
         if (radius[r].state != RADIUSIPCP)
         {
                 radius[r].state = RADIUSIPCP;
         if (radius[r].state != RADIUSIPCP)
         {
                 radius[r].state = RADIUSIPCP;
@@ -1600,6 +1602,17 @@ void sendipcp(tunnelidt t, sessionidt s)
         }
  }
  
         }
  }
  
+static void sessionclear(sessionidt s)
+{
+       memset(&session[s], 0, sizeof(session[s]));
+       memset(&sess_local[s], 0, sizeof(sess_local[s]));
+       memset(&cli_session_actions[s], 0, sizeof(cli_session_actions[s]));
+
+       session[s].tunnel = T_FREE;     // Mark it as free.
+       session[s].next = sessionfree;
+       sessionfree = s;
+}
+
  // kill a session now
  void sessionkill(sessionidt s, char *reason)
  {
  // kill a session now
  void sessionkill(sessionidt s, char *reason)
  {
@@ -1621,12 +1634,7 @@ void sessionkill(sessionidt s, char *reason)
                 radiusclear(sess_local[s].radius, s); // cant send clean accounting data, session is killed
  
         LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason);
                 radiusclear(sess_local[s].radius, s); // cant send clean accounting data, session is killed
  
         LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason);
-
-       memset(&session[s], 0, sizeof(session[s]));
-       session[s].tunnel = T_FREE;     // Mark it as free.
-       session[s].next = sessionfree;
-       sessionfree = s;
-       cli_session_actions[s].action = 0;
+       sessionclear(s);
         cluster_send_session(s);
  }
  
         cluster_send_session(s);
  }
  
@@ -2081,14 +2089,14 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
  //                                     LOG(4, s, t, "Firmware revision\n");
                                         break;
                                 case 7:     // host name
  //                                     LOG(4, s, t, "Firmware revision\n");
                                         break;
                                 case 7:     // host name
-                                       memset(tunnel[t].hostname, 0, 128);
-                                       memcpy(tunnel[t].hostname, b, (n >= 127) ? 127 : n);
+                                       memset(tunnel[t].hostname, 0, sizeof(tunnel[t].hostname));
+                                       memcpy(tunnel[t].hostname, b, (n < sizeof(tunnel[t].hostname)) ? n : sizeof(tunnel[t].hostname) - 1);
                                         LOG(4, s, t, "   Tunnel hostname = \"%s\"\n", tunnel[t].hostname);
                                         // TBA - to send to RADIUS
                                         break;
                                 case 8:     // vendor name
                                         memset(tunnel[t].vendor, 0, sizeof(tunnel[t].vendor));
                                         LOG(4, s, t, "   Tunnel hostname = \"%s\"\n", tunnel[t].hostname);
                                         // TBA - to send to RADIUS
                                         break;
                                 case 8:     // vendor name
                                         memset(tunnel[t].vendor, 0, sizeof(tunnel[t].vendor));
-                                       memcpy(tunnel[t].vendor, b, (n >= sizeof(tunnel[t].vendor) - 1) ? sizeof(tunnel[t].vendor) - 1 : n);
+                                       memcpy(tunnel[t].vendor, b, (n < sizeof(tunnel[t].vendor)) ? n : sizeof(tunnel[t].vendor) - 1);
                                         LOG(4, s, t, "   Vendor name = \"%s\"\n", tunnel[t].vendor);
                                         break;
                                 case 9:     // assigned tunnel
                                         LOG(4, s, t, "   Vendor name = \"%s\"\n", tunnel[t].vendor);
                                         break;
                                 case 9:     // assigned tunnel
@@ -2128,13 +2136,13 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
                                         // TBA
                                         break;
                                 case 21:    // called number
                                         // TBA
                                         break;
                                 case 21:    // called number
-                                       memset(called, 0, MAXTEL);
-                                       memcpy(called, b, (n >= MAXTEL) ? (MAXTEL-1) : n);
+                                       memset(called, 0, sizeof(called));
+                                       memcpy(called, b, (n < sizeof(called)) ? n : sizeof(called) - 1);
                                         LOG(4, s, t, "   Called <%s>\n", called);
                                         break;
                                 case 22:    // calling number
                                         LOG(4, s, t, "   Called <%s>\n", called);
                                         break;
                                 case 22:    // calling number
-                                       memset(calling, 0, MAXTEL);
-                                       memcpy(calling, b, (n >= MAXTEL) ? (MAXTEL-1) : n);
+                                       memset(calling, 0, sizeof(calling));
+                                       memcpy(calling, b, (n < sizeof(calling)) ? n : sizeof(calling) - 1);
                                         LOG(4, s, t, "   Calling <%s>\n", calling);
                                         break;
                                 case 23:    // subtype
                                         LOG(4, s, t, "   Calling <%s>\n", calling);
                                         break;
                                 case 23:    // subtype
@@ -2147,8 +2155,9 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
                                         else
                                         {
                                                 // AS5300s send connect speed as a string
                                         else
                                         {
                                                 // AS5300s send connect speed as a string
-                                               char tmp[30] = {0};
-                                               memcpy(tmp, b, (n >= 30) ? 30 : n);
+                                               char tmp[30];
+                                               memset(tmp, 0, sizeof(tmp));
+                                               memcpy(tmp, b, (n < sizeof(tmp)) ? n : sizeof(tmp) - 1);
                                                 session[s].tx_connect_speed = atol(tmp);
                                         }
                                         LOG(4, s, t, "   TX connect speed <%u>\n", session[s].tx_connect_speed);
                                                 session[s].tx_connect_speed = atol(tmp);
                                         }
                                         LOG(4, s, t, "   TX connect speed <%u>\n", session[s].tx_connect_speed);
@@ -2161,8 +2170,9 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
                                         else
                                         {
                                                 // AS5300s send connect speed as a string
                                         else
                                         {
                                                 // AS5300s send connect speed as a string
-                                               char tmp[30] = {0};
-                                               memcpy(tmp, b, (n >= 30) ? 30 : n);
+                                               char tmp[30];
+                                               memset(tmp, 0, sizeof(tmp));
+                                               memcpy(tmp, b, (n < sizeof(tmp)) ? n : sizeof(tmp) - 1);
                                                 session[s].rx_connect_speed = atol(tmp);
                                         }
                                         LOG(4, s, t, "   RX connect speed <%u>\n", session[s].rx_connect_speed);
                                                 session[s].rx_connect_speed = atol(tmp);
                                         }
                                         LOG(4, s, t, "   RX connect speed <%u>\n", session[s].rx_connect_speed);
@@ -2182,8 +2192,9 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
                                         }
                                 case 30:    // Proxy Authentication Name
                                         {
                                         }
                                 case 30:    // Proxy Authentication Name
                                         {
-                                               char authname[64] = {0};
-                                               memcpy(authname, b, (n > 63) ? 63 : n);
+                                               char authname[64];
+                                               memset(authname, 0, sizeof(authname));
+                                               memcpy(authname, b, (n < sizeof(authname)) ? n : sizeof(authname) - 1);
                                                 LOG(4, s, t, "   Proxy Auth Name (%s)\n",
                                                         authname);
                                                 break;
                                                 LOG(4, s, t, "   Proxy Auth Name (%s)\n",
                                                         authname);
                                                 break;
@@ -2204,13 +2215,9 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
                                                 break;
                                         }
                                 case 33:    // Proxy Authentication Response
                                                 break;
                                         }
                                 case 33:    // Proxy Authentication Response
-                                       {
-                                               char authresp[64] = {0};
-                                               memcpy(authresp, b, (n > 63) ? 63 : n);
-                                               LOG(4, s, t, "   Proxy Auth Response\n");
-                                               break;
-                                       }
-                               case 27:    // last send lcp
+                                       LOG(4, s, t, "   Proxy Auth Response\n");
+                                       break;
+                               case 27:    // last sent lcp
                                         {        // find magic number
                                                 uint8_t *p = b, *e = p + n;
                                                 while (p + 1 < e && p[1] && p + p[1] <= e)
                                         {        // find magic number
                                                 uint8_t *p = b, *e = p + n;
                                                 while (p + 1 < e && p[1] && p + p[1] <= e)
@@ -2315,7 +2322,7 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
                                                 if (!(r = radiusnew(s)))
                                                 {
                                                         LOG(1, s, t, "No free RADIUS sessions for ICRQ\n");
                                                 if (!(r = radiusnew(s)))
                                                 {
                                                         LOG(1, s, t, "No free RADIUS sessions for ICRQ\n");
-                                                       sessionkill(s, "no free RADIUS sesions");
+                                                       sessionclear(s);
                                                         return;
                                                 }
  
                                                         return;
                                                 }
  
@@ -2328,8 +2335,6 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
                                                 control16(c, 14, s, 1); // assigned session
                                                 controladd(c, t, s); // send the reply
  
                                                 control16(c, 14, s, 1); // assigned session
                                                 controladd(c, t, s); // send the reply
  
-                                               // Generate a random challenge
-                                               random_data(radius[r].auth, sizeof(radius[r].auth));
                                                 strncpy(radius[r].calling, calling, sizeof(radius[r].calling) - 1);
                                                 strncpy(session[s].called, called, sizeof(session[s].called) - 1);
                                                 strncpy(session[s].calling, calling, sizeof(session[s].calling) - 1);
                                                 strncpy(radius[r].calling, calling, sizeof(radius[r].calling) - 1);
                                                 strncpy(session[s].called, called, sizeof(session[s].called) - 1);
                                                 strncpy(session[s].calling, calling, sizeof(session[s].calling) - 1);
@@ -2748,8 +2753,6 @@ static int regular_cleanups(void)
                                 continue;
                         }
  
                                 continue;
                         }
  
-                       random_data(radius[r].auth, sizeof(radius[r].auth));
-
                         LOG(3, s, session[s].tunnel, "Sending RADIUS Interim for %s (%u)\n",
                                 session[s].user, session[s].unique_id);
  
                         LOG(3, s, session[s].tunnel, "Sending RADIUS Interim for %s (%u)\n",
                                 session[s].user, session[s].unique_id);
  
diff --git a/ppp.c b/ppp.c

index 5ba0279..c665d74 100644 (file)
--- a/ppp.c
+++ b/ppp.c
@@ -1,6 +1,6 @@
  // L2TPNS PPP Stuff
  
  // L2TPNS PPP Stuff
  
-char const *cvs_id_ppp = "$Id: ppp.c,v 1.48 2005/05/05 10:02:08 bodea Exp $";
+char const *cvs_id_ppp = "$Id: ppp.c,v 1.49 2005/05/07 08:17:25 bodea Exp $";
  
  #include <stdio.h>
  #include <string.h>
  
  #include <stdio.h>
  #include <string.h>
@@ -279,8 +279,14 @@ static void dumplcp(uint8_t *p, int l)
                                 {
                                         int proto = ntohs(*(uint16_t *)(o + 2));
                                         LOG(4, 0, 0, "   %s 0x%x (%s)\n", lcp_type(type), proto,
                                 {
                                         int proto = ntohs(*(uint16_t *)(o + 2));
                                         LOG(4, 0, 0, "   %s 0x%x (%s)\n", lcp_type(type), proto,
-                                               proto == PPPCHAP ? "CHAP" :
-                                               proto == PPPPAP  ? "PAP"  : "UNKNOWN");
+                                               proto == PPPPAP  ? "PAP"  : "UNSUPPORTED");
+                               }
+                               else if (length == 5)
+                               {
+                                       int proto = ntohs(*(uint16_t *)(o + 2));
+                                       int algo = *(uint8_t *)(o + 4);
+                                       LOG(4, 0, 0, "   %s 0x%x 0x%x (%s)\n", lcp_types[type], proto, algo,
+                                               (proto == PPPCHAP && algo == 5) ? "CHAP MD5"  : "UNSUPPORTED");
                                 }
                                 else
                                         LOG(4, 0, 0, "   %s odd length %d\n", lcp_type(type), length);
                                 }
                                 else
                                         LOG(4, 0, 0, "   %s odd length %d\n", lcp_type(type), length);
@@ -397,18 +403,30 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l)
                                 case 3: // Authentication-Protocol
                                         {
                                                 int proto = ntohs(*(uint16_t *)(o + 2));
                                 case 3: // Authentication-Protocol
                                         {
                                                 int proto = ntohs(*(uint16_t *)(o + 2));
+                                               uint16_t wanted_proto;
                                                 char proto_name[] = "0x0000";
                                                 char proto_name[] = "0x0000";
+
                                                 if (proto == PPPPAP)
                                                 if (proto == PPPPAP)
-                                                       break;
+                                               {
+                                                       if (config->radius_authtypes & AUTHPAP)
+                                                               break;
  
  
-                                               if (response && *response != ConfigNak) // rej already queued
-                                                       break;
+                                                       strcpy(proto_name, "PAP");
+                                               }
+                                               else if (proto == PPPCHAP)
+                                               {
+                                                       if (config->radius_authtypes & AUTHCHAP
+                                                           && *(o + 4) == 5) // MD5
+                                                               break;
  
  
-                                               if (proto == PPPCHAP)
                                                         strcpy(proto_name, "CHAP");
                                                         strcpy(proto_name, "CHAP");
+                                               }
                                                 else
                                                         sprintf(proto_name, "%#4.4x", proto);
  
                                                 else
                                                         sprintf(proto_name, "%#4.4x", proto);
  
+                                               if (response && *response != ConfigNak) // rej already queued
+                                                       break;
+
                                                 LOG(2, s, t, "    Remote requesting %s authentication.  Rejecting.\n", proto_name);
  
                                                 if (!response)
                                                 LOG(2, s, t, "    Remote requesting %s authentication.  Rejecting.\n", proto_name);
  
                                                 if (!response)
@@ -419,16 +437,27 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l)
                                                         q += 4;
                                                 }
  
                                                         q += 4;
                                                 }
  
-                                               if ((q - b + length) > sizeof(b))
+                                               if ((q - b + 5) > sizeof(b)) // 5 is the larger (CHAP+MD5) of the two NAKs
                                                 {
                                                         LOG(2, s, t, "LCP overflow for %s ConfigNak.\n", proto_name);
                                                         break;
                                                 }
  
                                                 {
                                                         LOG(2, s, t, "LCP overflow for %s ConfigNak.\n", proto_name);
                                                         break;
                                                 }
  
-                                               memcpy(q, o, length);
-                                               *(uint16_t *)(q += 2) = htons(PPPPAP); // NAK -> Use PAP instead
-                                               q += length;
-                                               *((uint16_t *) (response + 2)) = htons(q - response);
+                                               *q++ = type;
+                                               if (config->radius_authprefer == AUTHCHAP)
+                                               {
+                                                       *q++ = 5;
+                                                       *(uint16_t *) q = htons(PPPCHAP); q += 2;
+                                                       *q++ = 5; // MD5
+                                               }
+                                               else
+                                               {
+                                                       *q++ = 4;
+                                                       *(uint16_t *) q = htons(PPPPAP); q += 2;
+                                               }
+
+                                               *((uint16_t *) (response + 2)) = htons(q - response); // LCP header length
+                                               break;
                                         }
                                         break;
  
                                         }
                                         break;
  
@@ -483,7 +512,7 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l)
         {
                 LOG(1, s, t, "Remote end sent a ConfigNak.  Ignoring\n");
                 if (config->debug > 3) dumplcp(p, l);
         {
                 LOG(1, s, t, "Remote end sent a ConfigNak.  Ignoring\n");
                 if (config->debug > 3) dumplcp(p, l);
-               return ;
+               return;
         }
         else if (*p == TerminateReq)
         {
         }
         else if (*p == TerminateReq)
         {
@@ -1098,8 +1127,6 @@ void sendchap(tunnelidt t, sessionidt s)
  
         LOG(1, s, t, "Send CHAP challenge\n");
  
  
         LOG(1, s, t, "Send CHAP challenge\n");
  
-       // new challenge
-       random_data(radius[r].auth, sizeof(radius[r].auth));
         radius[r].chap = 1;             // CHAP not PAP
         radius[r].id++;
         if (radius[r].state != RADIUSCHAP)
         radius[r].chap = 1;             // CHAP not PAP
         radius[r].id++;
         if (radius[r].state != RADIUSCHAP)
@@ -1173,6 +1200,7 @@ uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, tunnelidt t, sessionid
  void initlcp(tunnelidt t, sessionidt s)
  {
         char b[500], *q;
  void initlcp(tunnelidt t, sessionidt s)
  {
         char b[500], *q;
+       int size;
  
         if (!(q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP)))
                 return;
  
         if (!(q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP)))
                 return;
@@ -1185,11 +1213,22 @@ void initlcp(tunnelidt t, sessionidt s)
         *(uint8_t *)(q + 5) = 6;
         *(uint32_t *)(q + 6) = htonl(session[s].magic);
         *(uint8_t *)(q + 10) = 3;
         *(uint8_t *)(q + 5) = 6;
         *(uint32_t *)(q + 6) = htonl(session[s].magic);
         *(uint8_t *)(q + 10) = 3;
-       *(uint8_t *)(q + 11) = 4;
-       *(uint16_t *)(q + 12) = htons(PPPPAP); // PAP
+       if (config->radius_authprefer == AUTHCHAP)
+       {
+               *(uint8_t *)(q + 11) = 5;
+               *(uint16_t *)(q + 12) = htons(PPPCHAP);
+               *(uint8_t *)(q + 14) = 5; // MD5
+               size = 15;
+       }
+       else
+       {
+               *(uint8_t *)(q + 11) = 4;
+               *(uint16_t *)(q + 12) = htons(PPPPAP);
+               size = 14;
+       }
  
  
-       LOG_HEX(5, "PPPLCP", q, 14);
-       tunnelsend(b, (q - b) + 14, t);
+       LOG_HEX(5, "PPPLCP", q, size);
+       tunnelsend(b, (q - b) + size, t);
  }
  
  // Send CCP request for no compression
  }
  
  // Send CCP request for no compression
diff --git a/radius.c b/radius.c

index 5d94720..395e7a0 100644 (file)
--- a/radius.c
+++ b/radius.c
@@ -1,6 +1,6 @@
  // L2TPNS Radius Stuff
  
  // L2TPNS Radius Stuff
  
-char const *cvs_id_radius = "$Id: radius.c,v 1.29 2005/05/05 10:02:08 bodea Exp $";
+char const *cvs_id_radius = "$Id: radius.c,v 1.30 2005/05/07 08:17:26 bodea Exp $";
  
  #include <time.h>
  #include <stdio.h>
  
  #include <time.h>
  #include <stdio.h>
@@ -91,6 +91,8 @@ uint16_t radiusnew(sessionidt s)
         radius[r].state = RADIUSWAIT;
         radius[r].retry = TIME + 1200; // Wait at least 120 seconds to re-claim this.
  
         radius[r].state = RADIUSWAIT;
         radius[r].retry = TIME + 1200; // Wait at least 120 seconds to re-claim this.
  
+       random_data(radius[r].auth, sizeof(radius[r].auth));
+
         LOG(3, s, session[s].tunnel, "Allocated radius %d\n", r);
         return r;
  }
         LOG(3, s, session[s].tunnel, "Allocated radius %d\n", r);
         return r;
  }
author	bodea <bodea>
	Sat, 7 May 2005 08:17:25 +0000 (08:17 +0000)
committer	bodea <bodea>
	Sat, 7 May 2005 08:17:25 +0000 (08:17 +0000)
garden.c		patch \| blob \| history
l2tpns.c		patch \| blob \| history
ppp.c		patch \| blob \| history
radius.c		patch \| blob \| history