Annotation of embedaddon/mpd/doc/mpd4.html, revision 1.1
1.1 ! misho 1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
! 2: <HTML>
! 3: <HEAD>
! 4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
! 5: <TITLE>Change history</TITLE>
! 6: </HEAD>
! 7: <BODY text="#000000" bgcolor="#ffffff">
! 8:
! 9: <A HREF="mpd.html"><EM>Mpd 5.6 User Manual</EM></A>
! 10: <b>:</b> <A HREF="mpd1.html"><EM>Introduction</EM></A>
! 11: <b>:</b> <EM>Change history</EM><BR>
! 12: <b>Previous:</b> <A HREF="mpd3.html"><EM>Organization of this manual</EM></A><BR>
! 13: <b>Next:</b> <A HREF="mpd5.html"><EM>Installation</EM></A>
! 14:
! 15:
! 16: <HR NOSHADE>
! 17: <H2><A NAME="4"></A>1.3. Change history<A NAME="changes"></A></H2>
! 18: <p>Changes since version 5.5:
! 19: <ul>
! 20: <li> New features:
! 21: <ul>
! 22: <li> Added `mpd-iface-name` RADIUS arrtibute.</li>
! 23: <li> Added `mpd-iface-descr` RADIUS arrtibute.</li>
! 24: <li> Added `mpd-iface-group` RADIUS arrtibute.</li>
! 25: <li> Added `mpd-peer-ident` RADIUS arrtibute.</li>
! 26: <li> Added `set iface name ...` command.</li>
! 27: <li> Added `set iface description ...` command.</li>
! 28: <li> Added `set iface group ...` command.</li>
! 29: <li> Added support for NetFlow v9 export.</li>
! 30: <li> Added `set l2tp|pptp|tcp|udp resolve-once ...` command.
! 31: They allow to resolve peer address every time on reconnect.</li>
! 32: </ul>
! 33: </li>
! 34: <li> Changes:
! 35: <ul>
! 36: <li> Remove dependency from libpdel library.
! 37: Import required files into the MPD tree.</li>
! 38: </ul>
! 39: </li>
! 40: <li> Bugfixes:
! 41: <ul>
! 42: <li> Fix invoke `set iface up|down-script` without arguments.</li>
! 43: <li> Fix `show eap` command</li>
! 44: <li> Fix build on older FreeBSD versions.</li>
! 45: <li> Fix several memory leaks.</li>
! 46: <li> Fix building without SYSLOG_FACILITY option.</li>
! 47: <li> Fix byte order in ports in `set nat red-port`.</li>
! 48: <li> Fix some potential crashes because of NULL dereferences.</li>
! 49: </ul>
! 50: </li>
! 51: </ul>
! 52: </p>
! 53: <p>Changes since version 5.4:
! 54: <ul>
! 55: <li> New features:
! 56: <ul>
! 57: <li> Added `set link redial-delay ...` command.</li>
! 58: <li> Print global filters on `show iface|customer` commands.</li>
! 59: <li> Added protocol/port forwarding support for NAT.</li>
! 60: <li> Added utmpx support on 9-CURRENT.</li>
! 61: </ul>
! 62: </li>
! 63: <li> Bugfixes:
! 64: <ul>
! 65: <li> Fix memory leaks on pptp and radius on some reason.</li>
! 66: <li> Really make RESULT a mandatory option in ext-auth.</li>
! 67: </ul>
! 68: </li>
! 69: </ul>
! 70: </p>
! 71: <p>Changes since version 5.3 (most of this work was sponsored by
! 72: <A href="http://ufanet.ru/">http://ufanet.ru/</A>):
! 73: <ul>
! 74: <li> New features:
! 75: <ul>
! 76: <li> Added built-in RADIUS server, supporting
! 77: RFC 3576: Dynamic Authorization Extensions to RADIUS.</li>
! 78: <li> Added Disconnect-Request extension support from RFC 3576.</li>
! 79: <li> Added CoA-Request extension support from RFC 3576.</li>
! 80: <li> Added `authname ...` command to choose active link by peer
! 81: auth name.</li>
! 82: <li> Added support for DSL Forum vendor-specific
! 83: Circuit-ID/Remote-ID PPPoE tags and respective RFC 4679
! 84: RADIUS VSA.</li>
! 85: <li> Peer address argument added to interface up/down scripts.</li>
! 86: </ul>
! 87: </li>
! 88: </ul>
! 89: </p>
! 90: <p>Changes since version 5.2:
! 91: <ul>
! 92: <li> New features:
! 93: <ul>
! 94: <li> Added 'drop' link action and 'set link action clear' command.</li>
! 95: <li> Added ability to receive link action from AAA in auth reply.
! 96: It allows AAA to select bundle/repeater configuration for
! 97: specific user or session.</li>
! 98: <li> Added global traffic filters support to reduce auth reply size.
! 99: 'set global filter ...' commands.</li>
! 100: <li> Added ability to include other local or remote config files.
! 101: 'load ...' command able to accept configuration file path/URI
! 102: as first argument.</li>
! 103: <li> Added support for new ng_netflow node features to improve
! 104: bidirectional accounting performance.</li>
! 105: <li> Added 'acct-mandatory' auth option to control accounting start
! 106: errors handeling. Default is enabled.</li>
! 107: </ul>
! 108: </li>
! 109: <li> Changes:
! 110: <ul>
! 111: <li> Improved build modularization to allow more customized builds.</li>
! 112: <li> Reduced memory usage by more effective ACL memory allocation.</li>
! 113: <li> Allowed MRRU less then 1500 bytes. RFC claims that 1500 must be
! 114: supported, but lower values are acceptable.</li>
! 115: </ul>
! 116: </li>
! 117: <li> Bugfixes:
! 118: <ul>
! 119: <li> Fix possible crash on nonterminated ident string receive.</li>
! 120: <li> Fix memory leaks on auth failures.</li>
! 121: <li> Change NCPs join/leave sequences to avoid ENXIO errors on connect.</li>
! 122: <li> Use separate socket for getting CCP node ID to avoid fake reports.</li>
! 123: </ul>
! 124: </li>
! 125: </ul>
! 126: </p>
! 127: <p>Changes since version 5.1:
! 128: <ul>
! 129: <li> New features:
! 130: <ul>
! 131: <li> Added 'set radius identifier' command.</li>
! 132: <li> Added '$CallingID' and '$CalledID' modem chat variables.
! 133: Their values will be reported to the auth backend.</li>
! 134: <li> Added tunnel related RADIUS attributes of RFC2868 support.</li>
! 135: <li> 'set auth max-logins' feature can now be case insensitive.</li>
! 136: <li> Added force ability to the 'set iface addrs' command.</li>
! 137: <li> IPCP/IPv6CP now closing on interface address assign error
! 138: or up-script error.</li>
! 139: <li> Accounting start error now closes link.</li>
! 140: <li> PPPoE peer address format changed to more traditional.</li>
! 141: <li> Link peer-as-calling option default changed to disabled.
! 142: PPTP and L2TP users are advised to check configurations!</li>
! 143: <li> Some of RADIUS accounting update log messages moved from
! 144: radius to radius2 log level.</li>
! 145: </ul>
! 146: </li>
! 147: <li> Bugfixes:
! 148: <ul>
! 149: <li> Fix PPTP peer address reporting for real LAC/PAC mode.</li>
! 150: <li> Fix auth thread busy check.</li>
! 151: <li> Fix incorrect L2TP self address used for outgoing calls
! 152: when several different addresses configured.</li>
! 153: </ul>
! 154: </li>
! 155: </ul>
! 156: </p>
! 157: <p>Changes since version 5.0:
! 158: <ul>
! 159: <li> New features:
! 160: <ul>
! 161: <li> Added support for NS-related RADIUS attributes from RFC 2548.</li>
! 162: <li> Added global max-children option.</li>
! 163: <li> Added link, bundle, iface and iface-index RADIUS VSA.</li>
! 164: <li> Added 'set link mrru ...' command.
! 165: Set default MRRU to 2048 and maximum to 4096 bytes.</li>
! 166: <li> Added USER_NT_HASH and USER_LM_HASH ext-auth attributes
! 167: for MS-CHAP authentication.</li>
! 168: <li> Added mpd-input-acct/mpd-output-acct RADIUS attributes
! 169: to allow sending typed traffic accounting using standard
! 170: RADIUS attributes.</li>
! 171: <li> Added support for local side IP management using IP pools.</li>
! 172: <li> Added support for auth/acct-only RADIUS servers.
! 173: It allows to specify different servers for authentication
! 174: and accounting in mpd configuration file.</li>
! 175: <li> Added support for the new ng_pptpgre node design, supporting
! 176: multiple calls per node. It improves performance, when multiple
! 177: calls active between two IPs.</li>
! 178: </ul>
! 179: </li>
! 180: <li> Changes:
! 181: <ul>
! 182: <li> peer-as-calling and report-mac options moved from radius
! 183: to link to improve LAC operation.</li>
! 184: </ul>
! 185: </li>
! 186: <li> Bugfixes:
! 187: <ul>
! 188: <li> Fixed incorrect link creation error handeling.</li>
! 189: <li> Added workaround for some incorrect PAP implementations.</li>
! 190: <li> Changed processing of NAK on multilink options.
! 191: NAK enables rejected options back.</li>
! 192: <li> Added missing multilink parameters check in BundJoin().</li>
! 193: <li> Fixed sending of incoming traffic typed accounting on accounting stop.</li>
! 194: <li> Fixed using correct proxy-arp MAC when more then one interface matches.</li>
! 195: <li> Fixed some L2TP and PPPoE errors processing.</li>
! 196: <li> Fixed TCP and UDP link type nodes naming.</li>
! 197: </ul>
! 198: </li>
! 199: </ul>
! 200: </p>
! 201: <p>Changes since version 5.0rc2:
! 202: <ul>
! 203: <li> New features:
! 204: <ul>
! 205: <li> Sending LCP Time-Remaining packet implemented.</li>
! 206: </ul>
! 207: </li>
! 208: <li> Bugfixes:
! 209: <ul>
! 210: <li> Fixed MPPC options loss on link disconnect.</li>
! 211: <li> Fixed crash on PPTP CDN sending error.</li>
! 212: <li> Fixed incorrect IPCP options reject processing.</li>
! 213: <li> Fixed MP SHORTSEQ option.</li>
! 214: <li> Fixed packet order on accepting outgoing PPTP call.</li>
! 215: </ul>
! 216: </li>
! 217: </ul>
! 218: </p>
! 219: <p>Changes since version 5.0rc1:
! 220: <ul>
! 221: <li> New features:
! 222: <ul>
! 223: <li> 'auth2' log level added.</li>
! 224: </ul>
! 225: </li>
! 226: <li> Changes:
! 227: <ul>
! 228: <li> Always prefer MS-CHAP to others to get encryption keys.</li>
! 229: </ul>
! 230: </li>
! 231: <li> Bugfixes:
! 232: <ul>
! 233: <li> Fixed bug in tcpmssfix when compression or encryption is used.</li>
! 234: <li> Fixed build on FreeBSD 5.x.</li>
! 235: <li> Fixed build without PPTP or L2TP support.</li>
! 236: <li> Fixed netflow node creation.</li>
! 237: </ul>
! 238: </li>
! 239: </ul>
! 240: </p>
! 241: <p>Changes since version 5.0b4:
! 242: <ul>
! 243: <li> New features:
! 244: <ul>
! 245: <li> 'show pptp' and 'show l2tp' commands added.</li>
! 246: </ul>
! 247: </li>
! 248: <li> Bugfixes:
! 249: <ul>
! 250: <li> Rewritten ippool to avoid races on IPCP renegotiation.</li>
! 251: </ul>
! 252: </li>
! 253: <li> Changes:
! 254: <ul>
! 255: <li> Rewritten message engine using internal circular queue
! 256: instead of system pipe.</li>
! 257: <li> L2TP/PPTP tunnel shutdown is now delayed for better
! 258: LAC/PAC interoperation.</li>
! 259: </ul>
! 260: </li>
! 261: </ul>
! 262: </p>
! 263: <p>Changes since version 5.0b3:
! 264: <ul>
! 265: <li> New features:
! 266: <ul>
! 267: <li> If Framed-Netmask RADIUS attribute != 255.255.255.255
! 268: mpd will create Framed-IP-Address/Framed-Netmask route
! 269: to the client side.</li>
! 270: <li> Added reporting peer MAC address and interface to AAA.
! 271: Added NAS-Port-Id RADIUS attribute support.</li>
! 272: <li> New 'iface' command added.</li>
! 273: <li> Added IPv6 support for Tee and DialOnDemand.</li>
! 274: <li> 'set iface addrs' now able to set IPv6 addresses.</li>
! 275: <li> ACCT_INTERIM_LIM_RECV and ACCT_INTERIM_LIM_XMIT
! 276: attributes added to ext-auth.</li>
! 277: </ul>
! 278: </li>
! 279: <li> Bugfixes:
! 280: <ul>
! 281: <li> Fixed /32 routes processing.</li>
! 282: <li> Fixed crash on repeater shutdown.</li>
! 283: <li> Fixed 'create link ' command syntax check.</li>
! 284: <li> Fixed redial delay.</li>
! 285: <li> Many small tunings and fixes.</li>
! 286: </ul>
! 287: </li>
! 288: <li> Performance improvements:
! 289: <ul>
! 290: <li> Netgraph management completely rewritten.
! 291: Now 6 sockets per daemon used to communicate with netgraph
! 292: instead of 4 sockets per link before. This gives significant
! 293: performance benefit due to reduced pevent engine overhead.</li>
! 294: <li> Internal memory management rewritten.</li>
! 295: </ul>
! 296: </li>
! 297: </ul>
! 298: </p>
! 299: <p>Changes since version 5.0b1:
! 300: <ul>
! 301: <li> New features:
! 302: <ul>
! 303: <li> Implemented type-differentiated traffic accounting
! 304: based on mpd-limit traffic filters.</li>
! 305: <li> Added 'set link max-children ...' command for DoS protection.</li>
! 306: <li> Implemented user privilege levels "admin"/"operator"/"user".</li>
! 307: <li> Web console rewritten and allows now execute any commands
! 308: allowed by privileges. Added plain-text command interface.</li>
! 309: <li> New 'show sessions' and 'show customer' commands added.</li>
! 310: <li> Implemented one-shot operation mode to allow mpd to be used
! 311: in complicated dial setups.</li>
! 312: <li> Acct-Session-Id attribute now present in auth request.</li>
! 313: <li> Show to auth real PPPoE session name received from peer.</li>
! 314: </ul>
! 315: </li>
! 316: <li> Changes:
! 317: <ul>
! 318: <li> Rewritten PPPoE, L2TP, TCP and UDP link types to fulfill new
! 319: dynamic design.</li>
! 320: <li> MPPC related options moved from 'set ccp' to the new 'set mppc' command.</li>
! 321: <li> 'set bundle retry' commend renamed to 'set bundle fsm-timeout'.</li>
! 322: <li> Number of auth retries increased to 5.</li>
! 323: <li> PPTP windowing is disabled by default.</li>
! 324: <li> Improved unified command error reporting.</li>
! 325: <li> Users list is now global and the same for console and web.</li>
! 326: </ul>
! 327: </li>
! 328: <li> Bugfixes:
! 329: <ul>
! 330: <li> Fixed memory leak on link/bundle shutdown.</li>
! 331: <li> Fixed reference (memory) leak on console close.</li>
! 332: <li> Fixed netflow setup errors handeling.</li>
! 333: <li> Improved IfaceIp[v6]IfaceUp() errors handeling.</li>
! 334: <li> Restore link MRU to default after use.
! 335: Should help with some EAP-TLS cases.</li>
! 336: <li> MPPC now automaically disables unusable subprotocols.
! 337: For example, it is impossible to use MPPE encryption
! 338: without MSCHAP.</li>
! 339: <li> Fixed FSM instantiation to fix LCP keep-alives.</li>
! 340: <li> Fixed 'set eap ...' context.</li>
! 341: <li> Implemented PAP-ACK packet retransmit.</li>
! 342: <li> 'show mem' command now returns output to console instead of stdout.</li>
! 343: <li> Many small fixes.</li>
! 344: </ul>
! 345: </li>
! 346: </ul>
! 347: </p>
! 348: <p>Changes since version 4:
! 349: <ul>
! 350: <li> Design changes:
! 351: <ul>
! 352: <li> Removed static link - bundle relations.
! 353: Links now choose their bundles using negotiated parameters
! 354: when they reach NETWORK phase.
! 355:
! 356: The benefit of it is simple and complete client
! 357: and server multilink operation. Also it gives
! 358: ability to implement more complicated LAC, PAC and TSA
! 359: setups then it was possible before.</li>
! 360: <li> Implemented template based dynamic link/bundle creation.
! 361: It allows significantly reduce amount of configuration
! 362: required to operate big access servers.
! 363:
! 364: Link may be autocreated by incoming call request from device
! 365: or by DoD/BoD request from bundle. Bundle may be autocreated
! 366: by the link reached NETWORK phase.</li>
! 367: <li> To simplify configuration link and phys layers separated
! 368: since version 4.2 are now rejoined again into a single link layer.</li>
! 369: </ul>
! 370: </li>
! 371: <li> New features:
! 372: <ul>
! 373: <li> Added PAM authentication and accounting.</li>
! 374: <li> Added dynamic IP addresses pools support.</li>
! 375: <li> Added new 'ext-acct' accounting backend as full-featured
! 376: alternative to 'radius-acct'.</li>
! 377: </ul>
! 378: </li>
! 379: <li> Changes:
! 380: <ul>
! 381: <li> Massive changes in configuration commands. You should read
! 382: the manual and examples for the new configuration techniques.</li>
! 383: <li> FreeBSD 4.x and old DragonFly releases are not supported anymore.</li>
! 384: </ul>
! 385: </li>
! 386: </ul>
! 387: </p>
! 388: <p>Changes since version 4.2.2:
! 389: <ul>
! 390: <li> New features:
! 391: <ul>
! 392: <li> Added L2TP local hostname configuration.</li>
! 393: <li> Added L2TP length and dataseq options.</li>
! 394: <li> L2TP local hostname and secret at server side is now configurable
! 395: depending on client address.</li>
! 396: <li> Reimplemented RADIUS Class attribute support.</li>
! 397: <li> Added PPPoE AC-name specification for the server side.</li>
! 398: <li> Added IP accounting with ng_ipacct node support.</li>
! 399: <li> Added configure script for better system features detection.</li>
! 400: <li> 'show version' command now shows compiled-in system features.</li>
! 401: <li> 'session ...' and 'msession ...' commands to select link/bundle
! 402: by their current session IDs added.</li>
! 403: </ul>
! 404: </li>
! 405: <li> Bugfixes:
! 406: <ul>
! 407: <li> Fixed race condition on PPTP tunnel creation/death.</li>
! 408: <li> Fixed crash when stdout redirected to /dev/null.</li>
! 409: <li> Fixed memory leak in proxy-arp.</li>
! 410: <li> Fixed Dial-on-Demand functionality broken in 4.2.</li>
! 411: <li> Do not set ACCM for a Sync links.</li>
! 412: <li> Fixed Sync mode detection for L2TP links.</li>
! 413: </ul>
! 414: </li>
! 415: <li> Performance improvements:
! 416: <ul>
! 417: <li> Added support for 64bit ng_ppp counters where available.</li>
! 418: </ul>
! 419: </li>
! 420: </ul>
! 421: </p>
! 422: <p>Changes since version 4.2.1:
! 423: <ul>
! 424: <li> Bugfixes:
! 425: <ul>
! 426: <li> Fixed build and stack overflow on FreeBSD 5.x.</li>
! 427: <li> Fixed startup script dependencies.</li>
! 428: </ul>
! 429: </li>
! 430: </ul>
! 431: </p>
! 432: <p>Changes since version 4.2:
! 433: <ul>
! 434: <li> Bugfixes:
! 435: <ul>
! 436: <li> Fixed default route support bug.</li>
! 437: <li> Fixed memory leak in L2TP link creation.</li>
! 438: </ul>
! 439: </li>
! 440: </ul>
! 441: </p>
! 442: <p>Changes since version 4.1:
! 443: <ul>
! 444: <li> New features:
! 445: <ul>
! 446: <li> Implemented link repeater functionality (aka LAC/PAC). New "phys" and "repeater" layers added.</li>
! 447: <li> PPTP now supports listening on multiple different IPs.</li>
! 448: <li> L2TP now supports tunnel authentication with shared secret.</li>
! 449: <li> Implemented traffic filtering using ng_bpf.</li>
! 450: <li> Implemented fast traffic shaping/rate-limiting using ng_car.</li>
! 451: <li> Added workaround for Windows 2000 PPPoE MRU negotiation bug.</li>
! 452: <li> Implemented minimal client side of auth-driven callback (w/o number specification).</li>
! 453: <li> Restored control console on stdin.</li>
! 454: <li> Added multiline console command history.</li>
! 455: <li> Added new 'ext-auth' auth backend as full-featured alternative to 'radius-auth'.</li>
! 456: <li> Added support for some new ng_nat features.</li>
! 457: <li> Implemented PPTP/L2TP SetLinkInfo sending to PAC/LAC.</li>
! 458: <li> NetFlow generation for both incoming and outgoing packets
! 459: same time is now supported.
! 460: NOTE: To have more then 1000 interfaces with NetFlow in 6-STABLE
! 461: you may need to increase NG_NETFLOW_MAXIFACES constant
! 462: in netflow.h and rebuild ng_netflow kernel module.</li>
! 463: <li> Added mpd-drop-user vendor specific accounting reply attribute support.</li>
! 464: </ul>
! 465: </li>
! 466: <li> Changes:
! 467: <ul>
! 468: <li> 'set link type ...' command is deprecated now. Use 'set phys type ...' instead.</li>
! 469: <li> -a, -n, -N, and -t bundle options are deprecated now. Use 'set iface enable ...' instead.</li>
! 470: <li> ng_tee, ng_nat, ng_netflow and other netgraph nodes between ng_ppp anf ng_iface now
! 471: created when NCP (IPCP/IPV6CP) goes up instead of startup time.</li>
! 472: <li> Auth subsystem refactored to avoid incorrect cross-level dependencies.</li>
! 473: <li> Physical device level refactored to remove link and bundle levels dependencies.</li>
! 474: <li> While accepting calls PPTP, L2TP, TCP and UDP links are now trying
! 475: to use link with most specific peer address configured.</li>
! 476: <li> Removed setting up local IPv4 address routing to loopback.
! 477: /usr/sbin/ppp does not doing it.</li>
! 478: </ul>
! 479: </li>
! 480: <li> Bugfixes:
! 481: <ul>
! 482: <li> Fixed thread-safety related crash in accounting.</li>
! 483: <li> Fixed assertion in PPTP on control connection fail while answering.</li>
! 484: <li> Fixed assertion in L2TP on control message sending failure.</li>
! 485: <li> Fixed broken L2TP outcall mode.</li>
! 486: <li> Updated chat scripts to detect incoming modem calls speed.</li>
! 487: </ul>
! 488: </li>
! 489: <li> Performance improvements:
! 490: <ul>
! 491: <li> Calls to ifconfig and route programs replaced by internal functions.</li>
! 492: <li> Where possible system() calls replaced by fork()+execv()
! 493: to avoid shell execution.</li>
! 494: <li> Added connect requests storm overload protection.
! 495: Mpd will drop incoming requests when message queue
! 496: reach some defined length.</li>
! 497: </ul>
! 498: </li>
! 499: </ul>
! 500: </p>
! 501: <p>Changes since version 4.1rc2:
! 502: <ul>
! 503: <li> Changes:
! 504: <ul>
! 505: <li> Default value of link's max-redial parameter changed to -1.</li>
! 506: <li> Bundle's noretry option is enabled by default now.</li>
! 507: </ul>
! 508: </li>
! 509: <li> Bugfixes:
! 510: <ul>
! 511: <li> Better up/down reason tracking.</li>
! 512: </ul>
! 513: </li>
! 514: </ul>
! 515: </p>
! 516: <p>Mpd version was bumped from 4.0rc2 to 4.1rc2 due to large number of changes
! 517: done since 4.0b4 and FreeBSD ports version number conflict.</p>
! 518: <p>Changes since version 4.0rc1:
! 519: <ul>
! 520: <li> Bugfixes:
! 521: <ul>
! 522: <li> Idle timeout fixed.</li>
! 523: <li> Fixed bug with 'set l2tp self ' specified at the server side.</li>
! 524: <li> Device type check for device-specific commands added.</li>
! 525: <li> IPCP reject is not fatal by itself now.</li>
! 526: <li> Up/down-script will now be called not for the whole interface,
! 527: but for each of negotiated protocols. Proto parameter should
! 528: be checked in the script!</li>
! 529: <li> Fixed ng_ppp link bandwidth configuration.</li>
! 530: </ul>
! 531: </li>
! 532: </ul>
! 533: </p>
! 534: <p>Changes since version 4.0b5:
! 535: <ul>
! 536: <li>New features:
! 537: <ul>
! 538: <li> Integrated Web server added.</li>
! 539: <li> NAT support by ng_nat(4) added.</li>
! 540: <li> L2TP (RFC 2661) device type implemented.</li>
! 541: <li> UDP device type was completely rewritten. Now it:
! 542: <ul>
! 543: <li> does not require manual 'open' command on the server side,
! 544: it behaves just like any other device type;</li>
! 545: <li> allows many connections to the same server UDP port;</li>
! 546: <li> allows not to specify peer address/port for incoming
! 547: connections (so it will work through different
! 548: NATs and firewalls);</li>
! 549: <li> allows not to specify self address/port for outgoing
! 550: connections (so it is easier to configure);</li>
! 551: </ul>
! 552: </li>
! 553: <li> TCP device type was completely rewritten. It has some minor issues
! 554: due to limitation of ng_ksocket module, but now IT WORKS! :)</li>
! 555: <li> Compression Predictor-1 (RFC 1978) added.</li>
! 556: <li> Compression Deflate (RFC 1979) added.</li>
! 557: <li> Encryption DESE (RFC 1969) support was reimplemented.</li>
! 558: <li> Encryption DESE-bis (RFC 2419) support added.</li>
! 559: <li> New command 'show phys' added.</li>
! 560: <li> New command 'show summary' added.</li>
! 561: <li> Support for ipfw tables added to RADIUS ACL's.</li>
! 562: <li> New commands 'set global start...' added..</li>
! 563: <li> Added support of calling/called numbers (mostly for PPTP/L2TP).</li>
! 564: </ul>
! 565: </li>
! 566: <li> Changes:
! 567: <ul>
! 568: <li> "lcp" layer in open/close commands replaced by "link".</li>
! 569: <li> Auth configuration (set auth ...) moved from bundle layer to lcp.
! 570: It works per link now.</li>
! 571: <li> MPPE policy option moved from auth layer to ccp.</li>
! 572: </ul>
! 573: </li>
! 574: <li> Bugfixes:
! 575: <ul>
! 576: <li> Fixed a few bugs on amd64 and sparc64 platforms.</li>
! 577: <li> Phys layer was made stateless to remove race condition.</li>
! 578: <li> Link layer changed to remove race conditions on LinkDown().</li>
! 579: <li> Fixed race condition in accepting PPPoE connections.</li>
! 580: <li> Link up/down reason recording is now more accurate.</li>
! 581: <li> Complete link shutdown procedure on auth failure implemented.</li>
! 582: <li> Fixed several small PPTP level processing issues.</li>
! 583: <li> Removed limitation about PPTP which must be in the bundle alone.</li>
! 584: <li> Fixed MSCHAP auth which was broken in 4.0b5.</li>
! 585: <li> Fixed memory leak in PAP and CHAP auth on the client side.</li>
! 586: <li> Fixed some CCP negotiation issues.</li>
! 587: <li> Fixed threads-related crash in internal auth.</li>
! 588: <li> Fixed crash on incoming when no free PPTP link found.</li>
! 589: <li> Bug in "rubber bandwidth" algorithm fixed.</li>
! 590: <li> Bug and possible crash fixed in DoD code.</li>
! 591: <li> Fixed bug in AUTHPROTO negotiation.</li>
! 592: <li> Fixed bug in RAD_MICROSOFT_MS_CHAP2_SUCCESS handeling.
! 593: Needs testing.</li>
! 594: </ul>
! 595: </li>
! 596: </ul>
! 597: </p>
! 598: <p>Changes since version 4.0b4:
! 599: <ul>
! 600: <li>New features:
! 601: <ul>
! 602: <li> IPv6 support:
! 603: <ul>
! 604: <li> IPV6CP support added, NCPs and IFACE calls was
! 605: rewritten to support many NCPs.</li>
! 606: <li> Console now supports IPv6.</li>
! 607: <li> UDP and TCP link types now support IPv6.</li>
! 608: <li> PPTP link type is ready to support IPv6,
! 609: but requires ng_pptpgre(4) to support IPv6.</li>
! 610: <li> NetFlow export over IPv6 is supported.</li>
! 611: <li> The following features don't yet support IPv6:
! 612: TcpMSSFix, NetFlow, Tee, DialOnDemand.</li>
! 613: </ul>
! 614: </li>
! 615: <li> TCP link type now compiles and works
! 616: (but isn't yet ready for production usage).</li>
! 617: <li> NetFlow data generation on outgoing interface is supported.</li>
! 618: <li> Added a possibility to use an existing ng_netflow(4) node.</li>
! 619: <li> Added a possibility to specify network interface names
! 620: instead of IP addresses.</li>
! 621: <li> Added more log levels to decrease log file size.</li>
! 622: </ul>
! 623: </li>
! 624: <li> Changes:
! 625: <ul>
! 626: <li> Default argument of open/close commands changed from iface to lcp.</li>
! 627: </ul>
! 628: </li>
! 629: <li> Bugfixes:
! 630: <ul>
! 631: <li> Fixed races between startup process and client connecting.</li>
! 632: <li> Fixed a few crashes in console.</li>
! 633: <li> Incoming call processing significantly reworked to
! 634: fix some aspects of multilink server functionality.</li>
! 635: <li> The shutdown of mpd is now much more graceful:
! 636: the netgraph nodes are closed, the accounting RADIUS
! 637: packets for closing links are sent, new connections
! 638: aren't accepted during shutdown.</li>
! 639: <li> Fixed races in filling of RADIUS packets. In particular,
! 640: RAD_NAS_PORT value in the RADIUS could be wrong.</li>
! 641: <li> RADIUS support rewritten to use poll(2) instead of
! 642: select(2), allowing to create a bigger number of links.</li>
! 643: <li> Fixed a problem with identifying correct interface
! 644: for proxy-arp when alias addresses are used.</li>
! 645: <li> Fixed memory leaks and crashes when more than 256 PPTP
! 646: bundles are in use.</li>
! 647: <li> Fixed crash in PPPoE when more than 64 parent Ethernet
! 648: interfaces used.</li>
! 649: </ul>
! 650: </li>
! 651: <li> Performance improvements:
! 652: <ul>
! 653: <li> Message and PPPoE subsystems reworked to decrease number
! 654: of open files per bundle.</li>
! 655: </ul>
! 656: </li>
! 657: </ul>
! 658: </p>
! 659: <p>Changes since version 4.0b3:
! 660: <ul>
! 661: <li>BugFix: fix crash in processing of MS domain name from
! 662: RADIUS server.</li>
! 663: <li>New feature: automatic creation, configuring and attaching
! 664: of ng_netflow(4) node.</li>
! 665: <li>ng_tee(4) now can be inserted on a per bundle basis.</li>
! 666: <li>New feature: on FreeBSD 6.0 and higher ng_tcpmss(4) is
! 667: utilized if doing TCP MSS fixup.</li>
! 668: <li>BugFix: tcpmssfix now works for both incoming and outgoing
! 669: TCP segments.</li>
! 670: <li>New options: update-limit-in, update-limit-out.</li>
! 671: <li>Fixed loss of statistics when -t options is used.</li>
! 672: <li>Fixed chat scripting, modem links not broken anymore.</li>
! 673: </ul>
! 674: </p>
! 675: <p>Changes since version 4.0b2:
! 676: <ul>
! 677: <li>BugFix: make PPPoE interface control events recurring, PPPoE is
! 678: not broken anymore.</li>
! 679: <li>Added a new <code>startup</code> section to the config-file, wich
! 680: is loaded once at startup.</li>
! 681: <li>Added a new <code>global</code> config space for all the global
! 682: settings.</li>
! 683: <li>BugFix: don't generate new challenges, while retransmitting
! 684: them.</li>
! 685: <li>Fix <code>va_args</code> bug on certain non-i386 platforms.</li>
! 686: <li>Auto-load <code>ng_ether</code> for PPPoE connections;
! 687: fix default path for undefined service.</li>
! 688: <li>Rewrite the console-stuff. Multiple telnet connections are now
! 689: allowed. There is no input-console anymore, must use telnet
! 690: instead.</li>
! 691: <li>BugFix: The directly configured password wasn't taken into
! 692: account when using PAP.</li>
! 693: <li>Disallow empty usernames safely.</li>
! 694: </ul>
! 695: </p>
! 696: <p>Changes since version 4.0b1:
! 697: <ul>
! 698: <li>Fixed a race-condition wich caused a dead-lock.</li>
! 699: <li>RADIUS
! 700: <ul>
! 701: <li>Fixed several race-conditions when sending accounting requests.</li>
! 702: <li>Use the username from the access-accept packet (if present) for
! 703: accounting requests.</li>
! 704: </ul>
! 705: </li>
! 706: </ul>
! 707: </p>
! 708: <p>Changes since version 3 (most of this work was sponsored by
! 709: <A href="http://www.surfnet.nl/">http://www.surfnet.nl/</A>):
! 710: <ul>
! 711: <li>Design changes:
! 712: Mpd uses now a thread-based event system using libpdel, these libpdel parts are now
! 713: integrated:
! 714: <ul>
! 715: <li>typed_mem(3)</li>
! 716: <li>pevent(3)</li>
! 717: <li>alog(3)</li>
! 718: </ul>
! 719:
! 720: Mpd uses a "Giant Mutex" for protecting its resources.</li>
! 721: <li>Major new features:
! 722: <ul>
! 723: <li>Implemented the Extensible Authentication Protocol RFC 2284 (EAP). Currently only
! 724: EAP-MD5 is supported (client and server side).
! 725: EAP negotiaton can be enabled at link level.</li>
! 726: <li>Implemented OPIE (One-time Passwords In Everything).</li>
! 727: <li>Implemented authentication against systems password database <code>master.passwd</code>.</li>
! 728: <li>utmp/wtmp logging.</li>
! 729: </ul>
! 730: </li>
! 731: <li>Rewrites of the authentication subsystem:
! 732: <ul>
! 733: <li>Make authentication and accounting requests asynchronous using paction(3).</li>
! 734: <li>Authentication backends are acting now independently from the rest of Mpd, using
! 735: some internal structs as interface.</li>
! 736: <li>The <code>mpd.secret</code> file is now used as one authentication backends of many, it
! 737: has no special role anymore, i.e. it could be disabled.</li>
! 738: <li>Generate a session-id at bundle and link level for using with accounting requests.</li>
! 739: </ul>
! 740: </li>
! 741: <li>RADIUS related changes:
! 742: <ul>
! 743: <li><b>IMPORTANT</b>: Mpd needs now an enhanced libradius, here are the patchsets:
! 744: <code><A href="http://www.bretterklieber.com/freebsd/libradius.diff">http://www.bretterklieber.com/freebsd/libradius.diff</A></code>
! 745: <code><A href="http://www.bretterklieber.com/freebsd/libradius5.diff">http://www.bretterklieber.com/freebsd/libradius5.diff</A></code></li>
! 746: <li>Remember and send the RAD_STATE attribute.</li>
! 747: <li>Message-Authenticator support.</li>
! 748: <li>EAP Proxy Support.</li>
! 749: </ul>
! 750: </li>
! 751: <li>Added a new option for PPTP links for disabling the windowing mechanism
! 752: specified by the protocol. Disabling this will cause Mpd to violate
! 753: the protocol, possibly confusing other PPTP peers, but often results
! 754: in better performance. The windowing mechanism is a design error in
! 755: the PPTP protocol; L2TP, the successor to PPTP, removes it. You need
! 756: a recent version of FreeBSD (NGM_PPTPGRE_COOKIE >= 1082548365) in order
! 757: to get this feature.<br>
! 758: <code>set pptp disable windowing</code></li>
! 759: <li>Added a new commandline option <code>-t</code> for adding ng_tee into the netgraph.<br>
! 760: Submitted by: Gleb Smirnoff, glebius at cell dot sick dot ru</li>
! 761: <li>Removed configuration parameters:
! 762: <ul>
! 763: <li>bundle: <code>radius-fallback</code></li>
! 764: <li>iface: <code>radius-session</code>, <code>radius-idle</code>, <code>radius-mtu</code>,
! 765: <code>radius-route</code>, <code>radius-acl</code></li>
! 766: <li>ipcp: <code>radius-ip</code></li>
! 767: </ul>
! 768:
! 769:
! 770: Moved configuration parameters:
! 771: <ul>
! 772: <li>bundle to auth: <code>radius-auth</code>, <code>radius-acct</code>, <code>authname</code>,
! 773: <code>password</code>, <code>max-logins</code></li>
! 774: <li>radius to auth: <code>acct-update</code></li>
! 775: <li>ccp to auth: <code>radius</code> and renamed to <code>mppc-pol</code></li>
! 776: </ul>
! 777:
! 778:
! 779: New configuration parameters:
! 780: <ul>
! 781: <li>link: <code>keep-ms-domain</code>, this prevents Mpd from stripping the MS-Domain,
! 782: this is can be useful when using IAS as RADIUS server.</li>
! 783: <li>radius: <code>message-authentic</code>, this adds the Message-Authenticator
! 784: attribute to the RADIUS request.</li>
! 785: <li>auth: <code>internal</code>, controles the usage of the <code>mpd.secret</code> file
! 786: (internal authentication backend).</li>
! 787: <li>auth: <code>opie</code>, enables/disables the OPIE authentication backend.</li>
! 788: <li>auth: <code>system</code>, enables/disables authentication against systems password
! 789: database.</li>
! 790: <li>auth: <code>utmp-wtmp</code>, enables/disables utmp/wtmp logging.
! 791: database.</li>
! 792: <li>auth: <code>timeout</code>, configureable timeout for the authentication phase.</li>
! 793: <li>eap: <code>radius-proxy</code>, this causes Mpd to proxy all EAP requests to
! 794: the RADIUS server, Mpd only makes the initial Identity-Request
! 795: (this saves one round-trip), every other requests are forwarded to the RADIUS server.
! 796: This adds the possibility supporting every EAP-Type of the RADIUS server, without
! 797: implementing each EAP-Type into Mpd.</li>
! 798: <li>eap: <code>md5</code>, EAP-Type MD5, it's the same as CHAP-MD5, but inside EAP frames.</li>
! 799: </ul>
! 800: </li>
! 801: <li>Removed defines <code>ENCRYPTION_MPPE</code> and <code>COMPRESSION_MPPC</code>, they are now built in.</li>
! 802: <li>Get rid of <code>IA_CUSTOM</code> define.</li>
! 803: <li>BugFix: Fixed a mem-leak in the pptp-ctrl stuff.</li>
! 804: </ul>
! 805: </p>
! 806: <HR NOSHADE>
! 807: <A HREF="mpd.html"><EM>Mpd 5.6 User Manual</EM></A>
! 808: <b>:</b> <A HREF="mpd1.html"><EM>Introduction</EM></A>
! 809: <b>:</b> <EM>Change history</EM><BR>
! 810: <b>Previous:</b> <A HREF="mpd3.html"><EM>Organization of this manual</EM></A><BR>
! 811: <b>Next:</b> <A HREF="mpd5.html"><EM>Installation</EM></A>
! 812:
! 813:
! 814:
! 815: </BODY>
! 816: </HTML>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to mpd4.html CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / doc