Annotation of embedaddon/mpd/doc/mpd4.html, revision 1.1.1.2
1.1 misho 1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
2: <HTML>
3: <HEAD>
4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
5: <TITLE>Change history</TITLE>
6: </HEAD>
7: <BODY text="#000000" bgcolor="#ffffff">
8:
1.1.1.2 ! misho 9: <A HREF="mpd.html"><EM>Mpd 5.7 User Manual</EM></A>
1.1 misho 10: <b>:</b> <A HREF="mpd1.html"><EM>Introduction</EM></A>
11: <b>:</b> <EM>Change history</EM><BR>
12: <b>Previous:</b> <A HREF="mpd3.html"><EM>Organization of this manual</EM></A><BR>
13: <b>Next:</b> <A HREF="mpd5.html"><EM>Installation</EM></A>
14:
15:
16: <HR NOSHADE>
17: <H2><A NAME="4"></A>1.3. Change history<A NAME="changes"></A></H2>
1.1.1.2 ! misho 18: <p>Changes since version 5.6:
! 19: <ul>
! 20: <li> New features:
! 21: <ul>
! 22: <li> Added global `qthreshold` option.</li>
! 23: <li> Added `unset radius server ...` command.</li>
! 24: <li> Added `unset nat ...` command.</li>
! 25: <li> Added `Class` CoA attribute from RFC 2865.</li>
! 26: <li> New command 'show netflow' added.</li>
! 27: </ul>
! 28: </li>
! 29: <li> Changes:
! 30: <ul>
! 31: <li> NAT rules may be added/deleted without shutdowning interface.</li>
! 32: <li> NetFlow can export IPv6 data.</li>
! 33: <li> Interface description may be construct from predefined
! 34: variables in bundle template.</li>
! 35: </ul>
! 36: </li>
! 37: <li> Bugfixes:
! 38: <ul>
! 39: <li> Restore `show sessions` as unprivileged command.</li>
! 40: <li> Fix infinite event loop when STDIN redirected to /dev/null
! 41: after it recently got non-blocking mode support.</li>
! 42: <li> Fix invalid output of `show nat` command in some times.</li>
! 43: <li> Fix some possible memory leaks.</li>
! 44: </ul>
! 45: </li>
! 46: </ul>
! 47: </p>
1.1 misho 48: <p>Changes since version 5.5:
49: <ul>
50: <li> New features:
51: <ul>
1.1.1.2 ! misho 52: <li> Added `mpd-iface-name` RADIUS attribute.</li>
! 53: <li> Added `mpd-iface-descr` RADIUS attribute.</li>
! 54: <li> Added `mpd-iface-group` RADIUS attribute.</li>
! 55: <li> Added `mpd-peer-ident` RADIUS attribute.</li>
1.1 misho 56: <li> Added `set iface name ...` command.</li>
57: <li> Added `set iface description ...` command.</li>
58: <li> Added `set iface group ...` command.</li>
59: <li> Added support for NetFlow v9 export.</li>
60: <li> Added `set l2tp|pptp|tcp|udp resolve-once ...` command.
61: They allow to resolve peer address every time on reconnect.</li>
62: </ul>
63: </li>
64: <li> Changes:
65: <ul>
66: <li> Remove dependency from libpdel library.
67: Import required files into the MPD tree.</li>
68: </ul>
69: </li>
70: <li> Bugfixes:
71: <ul>
72: <li> Fix invoke `set iface up|down-script` without arguments.</li>
73: <li> Fix `show eap` command</li>
74: <li> Fix build on older FreeBSD versions.</li>
75: <li> Fix several memory leaks.</li>
76: <li> Fix building without SYSLOG_FACILITY option.</li>
77: <li> Fix byte order in ports in `set nat red-port`.</li>
78: <li> Fix some potential crashes because of NULL dereferences.</li>
79: </ul>
80: </li>
81: </ul>
82: </p>
83: <p>Changes since version 5.4:
84: <ul>
85: <li> New features:
86: <ul>
87: <li> Added `set link redial-delay ...` command.</li>
88: <li> Print global filters on `show iface|customer` commands.</li>
89: <li> Added protocol/port forwarding support for NAT.</li>
90: <li> Added utmpx support on 9-CURRENT.</li>
91: </ul>
92: </li>
93: <li> Bugfixes:
94: <ul>
95: <li> Fix memory leaks on pptp and radius on some reason.</li>
96: <li> Really make RESULT a mandatory option in ext-auth.</li>
97: </ul>
98: </li>
99: </ul>
100: </p>
101: <p>Changes since version 5.3 (most of this work was sponsored by
102: <A href="http://ufanet.ru/">http://ufanet.ru/</A>):
103: <ul>
104: <li> New features:
105: <ul>
106: <li> Added built-in RADIUS server, supporting
107: RFC 3576: Dynamic Authorization Extensions to RADIUS.</li>
108: <li> Added Disconnect-Request extension support from RFC 3576.</li>
109: <li> Added CoA-Request extension support from RFC 3576.</li>
110: <li> Added `authname ...` command to choose active link by peer
111: auth name.</li>
112: <li> Added support for DSL Forum vendor-specific
113: Circuit-ID/Remote-ID PPPoE tags and respective RFC 4679
114: RADIUS VSA.</li>
115: <li> Peer address argument added to interface up/down scripts.</li>
116: </ul>
117: </li>
118: </ul>
119: </p>
120: <p>Changes since version 5.2:
121: <ul>
122: <li> New features:
123: <ul>
124: <li> Added 'drop' link action and 'set link action clear' command.</li>
125: <li> Added ability to receive link action from AAA in auth reply.
126: It allows AAA to select bundle/repeater configuration for
127: specific user or session.</li>
128: <li> Added global traffic filters support to reduce auth reply size.
129: 'set global filter ...' commands.</li>
130: <li> Added ability to include other local or remote config files.
131: 'load ...' command able to accept configuration file path/URI
132: as first argument.</li>
133: <li> Added support for new ng_netflow node features to improve
134: bidirectional accounting performance.</li>
135: <li> Added 'acct-mandatory' auth option to control accounting start
136: errors handeling. Default is enabled.</li>
137: </ul>
138: </li>
139: <li> Changes:
140: <ul>
141: <li> Improved build modularization to allow more customized builds.</li>
142: <li> Reduced memory usage by more effective ACL memory allocation.</li>
143: <li> Allowed MRRU less then 1500 bytes. RFC claims that 1500 must be
144: supported, but lower values are acceptable.</li>
145: </ul>
146: </li>
147: <li> Bugfixes:
148: <ul>
149: <li> Fix possible crash on nonterminated ident string receive.</li>
150: <li> Fix memory leaks on auth failures.</li>
151: <li> Change NCPs join/leave sequences to avoid ENXIO errors on connect.</li>
152: <li> Use separate socket for getting CCP node ID to avoid fake reports.</li>
153: </ul>
154: </li>
155: </ul>
156: </p>
157: <p>Changes since version 5.1:
158: <ul>
159: <li> New features:
160: <ul>
161: <li> Added 'set radius identifier' command.</li>
162: <li> Added '$CallingID' and '$CalledID' modem chat variables.
163: Their values will be reported to the auth backend.</li>
164: <li> Added tunnel related RADIUS attributes of RFC2868 support.</li>
165: <li> 'set auth max-logins' feature can now be case insensitive.</li>
166: <li> Added force ability to the 'set iface addrs' command.</li>
167: <li> IPCP/IPv6CP now closing on interface address assign error
168: or up-script error.</li>
169: <li> Accounting start error now closes link.</li>
170: <li> PPPoE peer address format changed to more traditional.</li>
171: <li> Link peer-as-calling option default changed to disabled.
172: PPTP and L2TP users are advised to check configurations!</li>
173: <li> Some of RADIUS accounting update log messages moved from
174: radius to radius2 log level.</li>
175: </ul>
176: </li>
177: <li> Bugfixes:
178: <ul>
179: <li> Fix PPTP peer address reporting for real LAC/PAC mode.</li>
180: <li> Fix auth thread busy check.</li>
181: <li> Fix incorrect L2TP self address used for outgoing calls
182: when several different addresses configured.</li>
183: </ul>
184: </li>
185: </ul>
186: </p>
187: <p>Changes since version 5.0:
188: <ul>
189: <li> New features:
190: <ul>
191: <li> Added support for NS-related RADIUS attributes from RFC 2548.</li>
192: <li> Added global max-children option.</li>
193: <li> Added link, bundle, iface and iface-index RADIUS VSA.</li>
194: <li> Added 'set link mrru ...' command.
195: Set default MRRU to 2048 and maximum to 4096 bytes.</li>
196: <li> Added USER_NT_HASH and USER_LM_HASH ext-auth attributes
197: for MS-CHAP authentication.</li>
198: <li> Added mpd-input-acct/mpd-output-acct RADIUS attributes
199: to allow sending typed traffic accounting using standard
200: RADIUS attributes.</li>
201: <li> Added support for local side IP management using IP pools.</li>
202: <li> Added support for auth/acct-only RADIUS servers.
203: It allows to specify different servers for authentication
204: and accounting in mpd configuration file.</li>
205: <li> Added support for the new ng_pptpgre node design, supporting
206: multiple calls per node. It improves performance, when multiple
207: calls active between two IPs.</li>
208: </ul>
209: </li>
210: <li> Changes:
211: <ul>
212: <li> peer-as-calling and report-mac options moved from radius
213: to link to improve LAC operation.</li>
214: </ul>
215: </li>
216: <li> Bugfixes:
217: <ul>
218: <li> Fixed incorrect link creation error handeling.</li>
219: <li> Added workaround for some incorrect PAP implementations.</li>
220: <li> Changed processing of NAK on multilink options.
221: NAK enables rejected options back.</li>
222: <li> Added missing multilink parameters check in BundJoin().</li>
223: <li> Fixed sending of incoming traffic typed accounting on accounting stop.</li>
224: <li> Fixed using correct proxy-arp MAC when more then one interface matches.</li>
225: <li> Fixed some L2TP and PPPoE errors processing.</li>
226: <li> Fixed TCP and UDP link type nodes naming.</li>
227: </ul>
228: </li>
229: </ul>
230: </p>
231: <p>Changes since version 5.0rc2:
232: <ul>
233: <li> New features:
234: <ul>
235: <li> Sending LCP Time-Remaining packet implemented.</li>
236: </ul>
237: </li>
238: <li> Bugfixes:
239: <ul>
240: <li> Fixed MPPC options loss on link disconnect.</li>
241: <li> Fixed crash on PPTP CDN sending error.</li>
242: <li> Fixed incorrect IPCP options reject processing.</li>
243: <li> Fixed MP SHORTSEQ option.</li>
244: <li> Fixed packet order on accepting outgoing PPTP call.</li>
245: </ul>
246: </li>
247: </ul>
248: </p>
249: <p>Changes since version 5.0rc1:
250: <ul>
251: <li> New features:
252: <ul>
253: <li> 'auth2' log level added.</li>
254: </ul>
255: </li>
256: <li> Changes:
257: <ul>
258: <li> Always prefer MS-CHAP to others to get encryption keys.</li>
259: </ul>
260: </li>
261: <li> Bugfixes:
262: <ul>
263: <li> Fixed bug in tcpmssfix when compression or encryption is used.</li>
264: <li> Fixed build on FreeBSD 5.x.</li>
265: <li> Fixed build without PPTP or L2TP support.</li>
266: <li> Fixed netflow node creation.</li>
267: </ul>
268: </li>
269: </ul>
270: </p>
271: <p>Changes since version 5.0b4:
272: <ul>
273: <li> New features:
274: <ul>
275: <li> 'show pptp' and 'show l2tp' commands added.</li>
276: </ul>
277: </li>
278: <li> Bugfixes:
279: <ul>
280: <li> Rewritten ippool to avoid races on IPCP renegotiation.</li>
281: </ul>
282: </li>
283: <li> Changes:
284: <ul>
285: <li> Rewritten message engine using internal circular queue
286: instead of system pipe.</li>
287: <li> L2TP/PPTP tunnel shutdown is now delayed for better
288: LAC/PAC interoperation.</li>
289: </ul>
290: </li>
291: </ul>
292: </p>
293: <p>Changes since version 5.0b3:
294: <ul>
295: <li> New features:
296: <ul>
297: <li> If Framed-Netmask RADIUS attribute != 255.255.255.255
298: mpd will create Framed-IP-Address/Framed-Netmask route
299: to the client side.</li>
300: <li> Added reporting peer MAC address and interface to AAA.
301: Added NAS-Port-Id RADIUS attribute support.</li>
302: <li> New 'iface' command added.</li>
303: <li> Added IPv6 support for Tee and DialOnDemand.</li>
304: <li> 'set iface addrs' now able to set IPv6 addresses.</li>
305: <li> ACCT_INTERIM_LIM_RECV and ACCT_INTERIM_LIM_XMIT
306: attributes added to ext-auth.</li>
307: </ul>
308: </li>
309: <li> Bugfixes:
310: <ul>
311: <li> Fixed /32 routes processing.</li>
312: <li> Fixed crash on repeater shutdown.</li>
313: <li> Fixed 'create link ' command syntax check.</li>
314: <li> Fixed redial delay.</li>
315: <li> Many small tunings and fixes.</li>
316: </ul>
317: </li>
318: <li> Performance improvements:
319: <ul>
320: <li> Netgraph management completely rewritten.
321: Now 6 sockets per daemon used to communicate with netgraph
322: instead of 4 sockets per link before. This gives significant
323: performance benefit due to reduced pevent engine overhead.</li>
324: <li> Internal memory management rewritten.</li>
325: </ul>
326: </li>
327: </ul>
328: </p>
329: <p>Changes since version 5.0b1:
330: <ul>
331: <li> New features:
332: <ul>
333: <li> Implemented type-differentiated traffic accounting
334: based on mpd-limit traffic filters.</li>
335: <li> Added 'set link max-children ...' command for DoS protection.</li>
336: <li> Implemented user privilege levels "admin"/"operator"/"user".</li>
337: <li> Web console rewritten and allows now execute any commands
338: allowed by privileges. Added plain-text command interface.</li>
339: <li> New 'show sessions' and 'show customer' commands added.</li>
340: <li> Implemented one-shot operation mode to allow mpd to be used
341: in complicated dial setups.</li>
342: <li> Acct-Session-Id attribute now present in auth request.</li>
343: <li> Show to auth real PPPoE session name received from peer.</li>
344: </ul>
345: </li>
346: <li> Changes:
347: <ul>
348: <li> Rewritten PPPoE, L2TP, TCP and UDP link types to fulfill new
349: dynamic design.</li>
350: <li> MPPC related options moved from 'set ccp' to the new 'set mppc' command.</li>
1.1.1.2 ! misho 351: <li> 'set bundle retry' command renamed to 'set bundle fsm-timeout'.</li>
1.1 misho 352: <li> Number of auth retries increased to 5.</li>
353: <li> PPTP windowing is disabled by default.</li>
354: <li> Improved unified command error reporting.</li>
355: <li> Users list is now global and the same for console and web.</li>
356: </ul>
357: </li>
358: <li> Bugfixes:
359: <ul>
360: <li> Fixed memory leak on link/bundle shutdown.</li>
361: <li> Fixed reference (memory) leak on console close.</li>
362: <li> Fixed netflow setup errors handeling.</li>
363: <li> Improved IfaceIp[v6]IfaceUp() errors handeling.</li>
364: <li> Restore link MRU to default after use.
365: Should help with some EAP-TLS cases.</li>
366: <li> MPPC now automaically disables unusable subprotocols.
367: For example, it is impossible to use MPPE encryption
368: without MSCHAP.</li>
369: <li> Fixed FSM instantiation to fix LCP keep-alives.</li>
370: <li> Fixed 'set eap ...' context.</li>
371: <li> Implemented PAP-ACK packet retransmit.</li>
372: <li> 'show mem' command now returns output to console instead of stdout.</li>
373: <li> Many small fixes.</li>
374: </ul>
375: </li>
376: </ul>
377: </p>
378: <p>Changes since version 4:
379: <ul>
380: <li> Design changes:
381: <ul>
382: <li> Removed static link - bundle relations.
383: Links now choose their bundles using negotiated parameters
384: when they reach NETWORK phase.
385:
386: The benefit of it is simple and complete client
387: and server multilink operation. Also it gives
388: ability to implement more complicated LAC, PAC and TSA
389: setups then it was possible before.</li>
390: <li> Implemented template based dynamic link/bundle creation.
391: It allows significantly reduce amount of configuration
392: required to operate big access servers.
393:
394: Link may be autocreated by incoming call request from device
395: or by DoD/BoD request from bundle. Bundle may be autocreated
396: by the link reached NETWORK phase.</li>
397: <li> To simplify configuration link and phys layers separated
398: since version 4.2 are now rejoined again into a single link layer.</li>
399: </ul>
400: </li>
401: <li> New features:
402: <ul>
403: <li> Added PAM authentication and accounting.</li>
404: <li> Added dynamic IP addresses pools support.</li>
405: <li> Added new 'ext-acct' accounting backend as full-featured
406: alternative to 'radius-acct'.</li>
407: </ul>
408: </li>
409: <li> Changes:
410: <ul>
411: <li> Massive changes in configuration commands. You should read
412: the manual and examples for the new configuration techniques.</li>
413: <li> FreeBSD 4.x and old DragonFly releases are not supported anymore.</li>
414: </ul>
415: </li>
416: </ul>
417: </p>
418: <p>Changes since version 4.2.2:
419: <ul>
420: <li> New features:
421: <ul>
422: <li> Added L2TP local hostname configuration.</li>
423: <li> Added L2TP length and dataseq options.</li>
424: <li> L2TP local hostname and secret at server side is now configurable
425: depending on client address.</li>
426: <li> Reimplemented RADIUS Class attribute support.</li>
427: <li> Added PPPoE AC-name specification for the server side.</li>
428: <li> Added IP accounting with ng_ipacct node support.</li>
429: <li> Added configure script for better system features detection.</li>
430: <li> 'show version' command now shows compiled-in system features.</li>
431: <li> 'session ...' and 'msession ...' commands to select link/bundle
432: by their current session IDs added.</li>
433: </ul>
434: </li>
435: <li> Bugfixes:
436: <ul>
437: <li> Fixed race condition on PPTP tunnel creation/death.</li>
438: <li> Fixed crash when stdout redirected to /dev/null.</li>
439: <li> Fixed memory leak in proxy-arp.</li>
440: <li> Fixed Dial-on-Demand functionality broken in 4.2.</li>
441: <li> Do not set ACCM for a Sync links.</li>
442: <li> Fixed Sync mode detection for L2TP links.</li>
443: </ul>
444: </li>
445: <li> Performance improvements:
446: <ul>
447: <li> Added support for 64bit ng_ppp counters where available.</li>
448: </ul>
449: </li>
450: </ul>
451: </p>
452: <p>Changes since version 4.2.1:
453: <ul>
454: <li> Bugfixes:
455: <ul>
456: <li> Fixed build and stack overflow on FreeBSD 5.x.</li>
457: <li> Fixed startup script dependencies.</li>
458: </ul>
459: </li>
460: </ul>
461: </p>
462: <p>Changes since version 4.2:
463: <ul>
464: <li> Bugfixes:
465: <ul>
466: <li> Fixed default route support bug.</li>
467: <li> Fixed memory leak in L2TP link creation.</li>
468: </ul>
469: </li>
470: </ul>
471: </p>
472: <p>Changes since version 4.1:
473: <ul>
474: <li> New features:
475: <ul>
476: <li> Implemented link repeater functionality (aka LAC/PAC). New "phys" and "repeater" layers added.</li>
477: <li> PPTP now supports listening on multiple different IPs.</li>
478: <li> L2TP now supports tunnel authentication with shared secret.</li>
479: <li> Implemented traffic filtering using ng_bpf.</li>
480: <li> Implemented fast traffic shaping/rate-limiting using ng_car.</li>
481: <li> Added workaround for Windows 2000 PPPoE MRU negotiation bug.</li>
482: <li> Implemented minimal client side of auth-driven callback (w/o number specification).</li>
483: <li> Restored control console on stdin.</li>
484: <li> Added multiline console command history.</li>
485: <li> Added new 'ext-auth' auth backend as full-featured alternative to 'radius-auth'.</li>
486: <li> Added support for some new ng_nat features.</li>
487: <li> Implemented PPTP/L2TP SetLinkInfo sending to PAC/LAC.</li>
488: <li> NetFlow generation for both incoming and outgoing packets
489: same time is now supported.
490: NOTE: To have more then 1000 interfaces with NetFlow in 6-STABLE
491: you may need to increase NG_NETFLOW_MAXIFACES constant
492: in netflow.h and rebuild ng_netflow kernel module.</li>
493: <li> Added mpd-drop-user vendor specific accounting reply attribute support.</li>
494: </ul>
495: </li>
496: <li> Changes:
497: <ul>
498: <li> 'set link type ...' command is deprecated now. Use 'set phys type ...' instead.</li>
499: <li> -a, -n, -N, and -t bundle options are deprecated now. Use 'set iface enable ...' instead.</li>
500: <li> ng_tee, ng_nat, ng_netflow and other netgraph nodes between ng_ppp anf ng_iface now
501: created when NCP (IPCP/IPV6CP) goes up instead of startup time.</li>
502: <li> Auth subsystem refactored to avoid incorrect cross-level dependencies.</li>
503: <li> Physical device level refactored to remove link and bundle levels dependencies.</li>
504: <li> While accepting calls PPTP, L2TP, TCP and UDP links are now trying
505: to use link with most specific peer address configured.</li>
506: <li> Removed setting up local IPv4 address routing to loopback.
507: /usr/sbin/ppp does not doing it.</li>
508: </ul>
509: </li>
510: <li> Bugfixes:
511: <ul>
512: <li> Fixed thread-safety related crash in accounting.</li>
513: <li> Fixed assertion in PPTP on control connection fail while answering.</li>
514: <li> Fixed assertion in L2TP on control message sending failure.</li>
515: <li> Fixed broken L2TP outcall mode.</li>
516: <li> Updated chat scripts to detect incoming modem calls speed.</li>
517: </ul>
518: </li>
519: <li> Performance improvements:
520: <ul>
521: <li> Calls to ifconfig and route programs replaced by internal functions.</li>
522: <li> Where possible system() calls replaced by fork()+execv()
523: to avoid shell execution.</li>
524: <li> Added connect requests storm overload protection.
525: Mpd will drop incoming requests when message queue
526: reach some defined length.</li>
527: </ul>
528: </li>
529: </ul>
530: </p>
531: <p>Changes since version 4.1rc2:
532: <ul>
533: <li> Changes:
534: <ul>
535: <li> Default value of link's max-redial parameter changed to -1.</li>
536: <li> Bundle's noretry option is enabled by default now.</li>
537: </ul>
538: </li>
539: <li> Bugfixes:
540: <ul>
541: <li> Better up/down reason tracking.</li>
542: </ul>
543: </li>
544: </ul>
545: </p>
546: <p>Mpd version was bumped from 4.0rc2 to 4.1rc2 due to large number of changes
547: done since 4.0b4 and FreeBSD ports version number conflict.</p>
548: <p>Changes since version 4.0rc1:
549: <ul>
550: <li> Bugfixes:
551: <ul>
552: <li> Idle timeout fixed.</li>
553: <li> Fixed bug with 'set l2tp self ' specified at the server side.</li>
554: <li> Device type check for device-specific commands added.</li>
555: <li> IPCP reject is not fatal by itself now.</li>
556: <li> Up/down-script will now be called not for the whole interface,
557: but for each of negotiated protocols. Proto parameter should
558: be checked in the script!</li>
559: <li> Fixed ng_ppp link bandwidth configuration.</li>
560: </ul>
561: </li>
562: </ul>
563: </p>
564: <p>Changes since version 4.0b5:
565: <ul>
566: <li>New features:
567: <ul>
568: <li> Integrated Web server added.</li>
569: <li> NAT support by ng_nat(4) added.</li>
570: <li> L2TP (RFC 2661) device type implemented.</li>
571: <li> UDP device type was completely rewritten. Now it:
572: <ul>
573: <li> does not require manual 'open' command on the server side,
574: it behaves just like any other device type;</li>
575: <li> allows many connections to the same server UDP port;</li>
576: <li> allows not to specify peer address/port for incoming
577: connections (so it will work through different
578: NATs and firewalls);</li>
579: <li> allows not to specify self address/port for outgoing
580: connections (so it is easier to configure);</li>
581: </ul>
582: </li>
583: <li> TCP device type was completely rewritten. It has some minor issues
584: due to limitation of ng_ksocket module, but now IT WORKS! :)</li>
585: <li> Compression Predictor-1 (RFC 1978) added.</li>
586: <li> Compression Deflate (RFC 1979) added.</li>
587: <li> Encryption DESE (RFC 1969) support was reimplemented.</li>
588: <li> Encryption DESE-bis (RFC 2419) support added.</li>
589: <li> New command 'show phys' added.</li>
590: <li> New command 'show summary' added.</li>
591: <li> Support for ipfw tables added to RADIUS ACL's.</li>
592: <li> New commands 'set global start...' added..</li>
593: <li> Added support of calling/called numbers (mostly for PPTP/L2TP).</li>
594: </ul>
595: </li>
596: <li> Changes:
597: <ul>
598: <li> "lcp" layer in open/close commands replaced by "link".</li>
599: <li> Auth configuration (set auth ...) moved from bundle layer to lcp.
600: It works per link now.</li>
601: <li> MPPE policy option moved from auth layer to ccp.</li>
602: </ul>
603: </li>
604: <li> Bugfixes:
605: <ul>
606: <li> Fixed a few bugs on amd64 and sparc64 platforms.</li>
607: <li> Phys layer was made stateless to remove race condition.</li>
608: <li> Link layer changed to remove race conditions on LinkDown().</li>
609: <li> Fixed race condition in accepting PPPoE connections.</li>
610: <li> Link up/down reason recording is now more accurate.</li>
611: <li> Complete link shutdown procedure on auth failure implemented.</li>
612: <li> Fixed several small PPTP level processing issues.</li>
613: <li> Removed limitation about PPTP which must be in the bundle alone.</li>
614: <li> Fixed MSCHAP auth which was broken in 4.0b5.</li>
615: <li> Fixed memory leak in PAP and CHAP auth on the client side.</li>
616: <li> Fixed some CCP negotiation issues.</li>
617: <li> Fixed threads-related crash in internal auth.</li>
618: <li> Fixed crash on incoming when no free PPTP link found.</li>
619: <li> Bug in "rubber bandwidth" algorithm fixed.</li>
620: <li> Bug and possible crash fixed in DoD code.</li>
621: <li> Fixed bug in AUTHPROTO negotiation.</li>
622: <li> Fixed bug in RAD_MICROSOFT_MS_CHAP2_SUCCESS handeling.
623: Needs testing.</li>
624: </ul>
625: </li>
626: </ul>
627: </p>
628: <p>Changes since version 4.0b4:
629: <ul>
630: <li>New features:
631: <ul>
632: <li> IPv6 support:
633: <ul>
634: <li> IPV6CP support added, NCPs and IFACE calls was
635: rewritten to support many NCPs.</li>
636: <li> Console now supports IPv6.</li>
637: <li> UDP and TCP link types now support IPv6.</li>
638: <li> PPTP link type is ready to support IPv6,
639: but requires ng_pptpgre(4) to support IPv6.</li>
640: <li> NetFlow export over IPv6 is supported.</li>
641: <li> The following features don't yet support IPv6:
642: TcpMSSFix, NetFlow, Tee, DialOnDemand.</li>
643: </ul>
644: </li>
645: <li> TCP link type now compiles and works
646: (but isn't yet ready for production usage).</li>
647: <li> NetFlow data generation on outgoing interface is supported.</li>
648: <li> Added a possibility to use an existing ng_netflow(4) node.</li>
649: <li> Added a possibility to specify network interface names
650: instead of IP addresses.</li>
651: <li> Added more log levels to decrease log file size.</li>
652: </ul>
653: </li>
654: <li> Changes:
655: <ul>
656: <li> Default argument of open/close commands changed from iface to lcp.</li>
657: </ul>
658: </li>
659: <li> Bugfixes:
660: <ul>
661: <li> Fixed races between startup process and client connecting.</li>
662: <li> Fixed a few crashes in console.</li>
663: <li> Incoming call processing significantly reworked to
664: fix some aspects of multilink server functionality.</li>
665: <li> The shutdown of mpd is now much more graceful:
666: the netgraph nodes are closed, the accounting RADIUS
667: packets for closing links are sent, new connections
668: aren't accepted during shutdown.</li>
669: <li> Fixed races in filling of RADIUS packets. In particular,
670: RAD_NAS_PORT value in the RADIUS could be wrong.</li>
671: <li> RADIUS support rewritten to use poll(2) instead of
672: select(2), allowing to create a bigger number of links.</li>
673: <li> Fixed a problem with identifying correct interface
674: for proxy-arp when alias addresses are used.</li>
675: <li> Fixed memory leaks and crashes when more than 256 PPTP
676: bundles are in use.</li>
677: <li> Fixed crash in PPPoE when more than 64 parent Ethernet
678: interfaces used.</li>
679: </ul>
680: </li>
681: <li> Performance improvements:
682: <ul>
683: <li> Message and PPPoE subsystems reworked to decrease number
684: of open files per bundle.</li>
685: </ul>
686: </li>
687: </ul>
688: </p>
689: <p>Changes since version 4.0b3:
690: <ul>
691: <li>BugFix: fix crash in processing of MS domain name from
692: RADIUS server.</li>
693: <li>New feature: automatic creation, configuring and attaching
694: of ng_netflow(4) node.</li>
695: <li>ng_tee(4) now can be inserted on a per bundle basis.</li>
696: <li>New feature: on FreeBSD 6.0 and higher ng_tcpmss(4) is
697: utilized if doing TCP MSS fixup.</li>
698: <li>BugFix: tcpmssfix now works for both incoming and outgoing
699: TCP segments.</li>
700: <li>New options: update-limit-in, update-limit-out.</li>
701: <li>Fixed loss of statistics when -t options is used.</li>
702: <li>Fixed chat scripting, modem links not broken anymore.</li>
703: </ul>
704: </p>
705: <p>Changes since version 4.0b2:
706: <ul>
707: <li>BugFix: make PPPoE interface control events recurring, PPPoE is
708: not broken anymore.</li>
709: <li>Added a new <code>startup</code> section to the config-file, wich
710: is loaded once at startup.</li>
711: <li>Added a new <code>global</code> config space for all the global
712: settings.</li>
713: <li>BugFix: don't generate new challenges, while retransmitting
714: them.</li>
715: <li>Fix <code>va_args</code> bug on certain non-i386 platforms.</li>
716: <li>Auto-load <code>ng_ether</code> for PPPoE connections;
717: fix default path for undefined service.</li>
718: <li>Rewrite the console-stuff. Multiple telnet connections are now
719: allowed. There is no input-console anymore, must use telnet
720: instead.</li>
721: <li>BugFix: The directly configured password wasn't taken into
722: account when using PAP.</li>
723: <li>Disallow empty usernames safely.</li>
724: </ul>
725: </p>
726: <p>Changes since version 4.0b1:
727: <ul>
728: <li>Fixed a race-condition wich caused a dead-lock.</li>
729: <li>RADIUS
730: <ul>
731: <li>Fixed several race-conditions when sending accounting requests.</li>
732: <li>Use the username from the access-accept packet (if present) for
733: accounting requests.</li>
734: </ul>
735: </li>
736: </ul>
737: </p>
738: <p>Changes since version 3 (most of this work was sponsored by
739: <A href="http://www.surfnet.nl/">http://www.surfnet.nl/</A>):
740: <ul>
741: <li>Design changes:
742: Mpd uses now a thread-based event system using libpdel, these libpdel parts are now
743: integrated:
744: <ul>
745: <li>typed_mem(3)</li>
746: <li>pevent(3)</li>
747: <li>alog(3)</li>
748: </ul>
749:
750: Mpd uses a "Giant Mutex" for protecting its resources.</li>
751: <li>Major new features:
752: <ul>
753: <li>Implemented the Extensible Authentication Protocol RFC 2284 (EAP). Currently only
754: EAP-MD5 is supported (client and server side).
755: EAP negotiaton can be enabled at link level.</li>
756: <li>Implemented OPIE (One-time Passwords In Everything).</li>
757: <li>Implemented authentication against systems password database <code>master.passwd</code>.</li>
758: <li>utmp/wtmp logging.</li>
759: </ul>
760: </li>
761: <li>Rewrites of the authentication subsystem:
762: <ul>
763: <li>Make authentication and accounting requests asynchronous using paction(3).</li>
764: <li>Authentication backends are acting now independently from the rest of Mpd, using
765: some internal structs as interface.</li>
766: <li>The <code>mpd.secret</code> file is now used as one authentication backends of many, it
767: has no special role anymore, i.e. it could be disabled.</li>
768: <li>Generate a session-id at bundle and link level for using with accounting requests.</li>
769: </ul>
770: </li>
771: <li>RADIUS related changes:
772: <ul>
773: <li><b>IMPORTANT</b>: Mpd needs now an enhanced libradius, here are the patchsets:
774: <code><A href="http://www.bretterklieber.com/freebsd/libradius.diff">http://www.bretterklieber.com/freebsd/libradius.diff</A></code>
775: <code><A href="http://www.bretterklieber.com/freebsd/libradius5.diff">http://www.bretterklieber.com/freebsd/libradius5.diff</A></code></li>
776: <li>Remember and send the RAD_STATE attribute.</li>
777: <li>Message-Authenticator support.</li>
778: <li>EAP Proxy Support.</li>
779: </ul>
780: </li>
781: <li>Added a new option for PPTP links for disabling the windowing mechanism
782: specified by the protocol. Disabling this will cause Mpd to violate
783: the protocol, possibly confusing other PPTP peers, but often results
784: in better performance. The windowing mechanism is a design error in
785: the PPTP protocol; L2TP, the successor to PPTP, removes it. You need
786: a recent version of FreeBSD (NGM_PPTPGRE_COOKIE >= 1082548365) in order
787: to get this feature.<br>
788: <code>set pptp disable windowing</code></li>
789: <li>Added a new commandline option <code>-t</code> for adding ng_tee into the netgraph.<br>
790: Submitted by: Gleb Smirnoff, glebius at cell dot sick dot ru</li>
791: <li>Removed configuration parameters:
792: <ul>
793: <li>bundle: <code>radius-fallback</code></li>
794: <li>iface: <code>radius-session</code>, <code>radius-idle</code>, <code>radius-mtu</code>,
795: <code>radius-route</code>, <code>radius-acl</code></li>
796: <li>ipcp: <code>radius-ip</code></li>
797: </ul>
798:
799:
800: Moved configuration parameters:
801: <ul>
802: <li>bundle to auth: <code>radius-auth</code>, <code>radius-acct</code>, <code>authname</code>,
803: <code>password</code>, <code>max-logins</code></li>
804: <li>radius to auth: <code>acct-update</code></li>
805: <li>ccp to auth: <code>radius</code> and renamed to <code>mppc-pol</code></li>
806: </ul>
807:
808:
809: New configuration parameters:
810: <ul>
811: <li>link: <code>keep-ms-domain</code>, this prevents Mpd from stripping the MS-Domain,
812: this is can be useful when using IAS as RADIUS server.</li>
813: <li>radius: <code>message-authentic</code>, this adds the Message-Authenticator
814: attribute to the RADIUS request.</li>
815: <li>auth: <code>internal</code>, controles the usage of the <code>mpd.secret</code> file
816: (internal authentication backend).</li>
817: <li>auth: <code>opie</code>, enables/disables the OPIE authentication backend.</li>
818: <li>auth: <code>system</code>, enables/disables authentication against systems password
819: database.</li>
820: <li>auth: <code>utmp-wtmp</code>, enables/disables utmp/wtmp logging.
821: database.</li>
822: <li>auth: <code>timeout</code>, configureable timeout for the authentication phase.</li>
823: <li>eap: <code>radius-proxy</code>, this causes Mpd to proxy all EAP requests to
824: the RADIUS server, Mpd only makes the initial Identity-Request
825: (this saves one round-trip), every other requests are forwarded to the RADIUS server.
826: This adds the possibility supporting every EAP-Type of the RADIUS server, without
827: implementing each EAP-Type into Mpd.</li>
828: <li>eap: <code>md5</code>, EAP-Type MD5, it's the same as CHAP-MD5, but inside EAP frames.</li>
829: </ul>
830: </li>
831: <li>Removed defines <code>ENCRYPTION_MPPE</code> and <code>COMPRESSION_MPPC</code>, they are now built in.</li>
832: <li>Get rid of <code>IA_CUSTOM</code> define.</li>
833: <li>BugFix: Fixed a mem-leak in the pptp-ctrl stuff.</li>
834: </ul>
835: </p>
836: <HR NOSHADE>
1.1.1.2 ! misho 837: <A HREF="mpd.html"><EM>Mpd 5.7 User Manual</EM></A>
1.1 misho 838: <b>:</b> <A HREF="mpd1.html"><EM>Introduction</EM></A>
839: <b>:</b> <EM>Change history</EM><BR>
840: <b>Previous:</b> <A HREF="mpd3.html"><EM>Organization of this manual</EM></A><BR>
841: <b>Next:</b> <A HREF="mpd5.html"><EM>Installation</EM></A>
842:
843:
844:
845: </BODY>
846: </HTML>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to mpd4.html CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / doc