Annotation of embedaddon/mpd/doc/mpd4.html, revision 1.1.1.3
1.1 misho 1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
2: <HTML>
3: <HEAD>
4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
5: <TITLE>Change history</TITLE>
6: </HEAD>
7: <BODY text="#000000" bgcolor="#ffffff">
8:
1.1.1.3 ! misho 9: <A HREF="mpd.html"><EM>Mpd 5.8 User Manual</EM></A>
1.1 misho 10: <b>:</b> <A HREF="mpd1.html"><EM>Introduction</EM></A>
11: <b>:</b> <EM>Change history</EM><BR>
12: <b>Previous:</b> <A HREF="mpd3.html"><EM>Organization of this manual</EM></A><BR>
13: <b>Next:</b> <A HREF="mpd5.html"><EM>Installation</EM></A>
14:
15:
16: <HR NOSHADE>
17: <H2><A NAME="4"></A>1.3. Change history<A NAME="changes"></A></H2>
1.1.1.3 ! misho 18: <p>Changes since version 5.7:
! 19: <ul>
! 20: <li> New features:
! 21: <ul>
! 22: <li> Added JSON format output into the web console.</li>
! 23: <li> Added `set l2tp pmask ...` command.</li>
! 24: <li> Added `set pppoe mac-format ...` command.</li>
! 25: <li> Added `set pppoe max-payload ...` command from RFC 4638.</li>
! 26: <li> Added 'set radius src-addr ...' command.</li>
! 27: <li> Added `set iface keep-timeout` options.</li>
! 28: <li> Added `set console auth` options.</li>
! 29: <li> Added `agent-cid` global option to control display
! 30: PPPoE ADSL-Agent-Circuit-Id option in `show session` command.
! 31: Default is disabled.</li>
! 32: <li> Added `session-time` global option to control display
! 33: session time in seconds in `show session` command.
! 34: Default is disabled.</li>
! 35: <li> Using `peer_addr` in ACL tell to use mpd-table with
! 36: the peer negotiated IP address.</li>
! 37: <li> Added more wildcards, passed from ACL's.</li>
! 38: <li> Added more wildcards, passed from `set iface description ...`
! 39: command or `mpd-iface-descr` RADIUS attribute.</li>
! 40: <li> Added `Filter-Id` RADIUS attribute.</li>
! 41: <li> Added support for Backtrace Access Library.</li>
! 42: <li> Added support for LibreSSL Library.</li>
! 43: </ul>
! 44: </li>
! 45: <li> Changes:
! 46: <ul>
! 47: <li> Rename `quit` command to `shutdown`.</li>
! 48: <li> `authname ...` command can be case insensitive.</li>
! 49: </ul>
! 50: </li>
! 51: <li> Bugfixes:
! 52: <ul>
! 53: <li> Restore send mac address to RADIUS server in unformatted value.</li>
! 54: <li> Fix long living bug with ECP.</li>
! 55: <li> Fix ability to use both IPv4 and IPv6 addresses on the same interface.</li>
! 56: </ul>
! 57: </li>
! 58: </ul>
! 59: </p>
1.1.1.2 misho 60: <p>Changes since version 5.6:
61: <ul>
62: <li> New features:
63: <ul>
64: <li> Added global `qthreshold` option.</li>
65: <li> Added `unset radius server ...` command.</li>
66: <li> Added `unset nat ...` command.</li>
67: <li> Added `Class` CoA attribute from RFC 2865.</li>
1.1.1.3 ! misho 68: <li> New command `show netflow` added.</li>
1.1.1.2 misho 69: </ul>
70: </li>
71: <li> Changes:
72: <ul>
73: <li> NAT rules may be added/deleted without shutdowning interface.</li>
74: <li> NetFlow can export IPv6 data.</li>
75: <li> Interface description may be construct from predefined
76: variables in bundle template.</li>
77: </ul>
78: </li>
79: <li> Bugfixes:
80: <ul>
81: <li> Restore `show sessions` as unprivileged command.</li>
82: <li> Fix infinite event loop when STDIN redirected to /dev/null
83: after it recently got non-blocking mode support.</li>
84: <li> Fix invalid output of `show nat` command in some times.</li>
85: <li> Fix some possible memory leaks.</li>
86: </ul>
87: </li>
88: </ul>
89: </p>
1.1 misho 90: <p>Changes since version 5.5:
91: <ul>
92: <li> New features:
93: <ul>
1.1.1.2 misho 94: <li> Added `mpd-iface-name` RADIUS attribute.</li>
95: <li> Added `mpd-iface-descr` RADIUS attribute.</li>
96: <li> Added `mpd-iface-group` RADIUS attribute.</li>
97: <li> Added `mpd-peer-ident` RADIUS attribute.</li>
1.1 misho 98: <li> Added `set iface name ...` command.</li>
99: <li> Added `set iface description ...` command.</li>
100: <li> Added `set iface group ...` command.</li>
101: <li> Added support for NetFlow v9 export.</li>
102: <li> Added `set l2tp|pptp|tcp|udp resolve-once ...` command.
103: They allow to resolve peer address every time on reconnect.</li>
104: </ul>
105: </li>
106: <li> Changes:
107: <ul>
108: <li> Remove dependency from libpdel library.
109: Import required files into the MPD tree.</li>
110: </ul>
111: </li>
112: <li> Bugfixes:
113: <ul>
114: <li> Fix invoke `set iface up|down-script` without arguments.</li>
115: <li> Fix `show eap` command</li>
116: <li> Fix build on older FreeBSD versions.</li>
117: <li> Fix several memory leaks.</li>
118: <li> Fix building without SYSLOG_FACILITY option.</li>
119: <li> Fix byte order in ports in `set nat red-port`.</li>
120: <li> Fix some potential crashes because of NULL dereferences.</li>
121: </ul>
122: </li>
123: </ul>
124: </p>
125: <p>Changes since version 5.4:
126: <ul>
127: <li> New features:
128: <ul>
129: <li> Added `set link redial-delay ...` command.</li>
130: <li> Print global filters on `show iface|customer` commands.</li>
131: <li> Added protocol/port forwarding support for NAT.</li>
132: <li> Added utmpx support on 9-CURRENT.</li>
133: </ul>
134: </li>
135: <li> Bugfixes:
136: <ul>
1.1.1.3 ! misho 137: <li> Fix memory leaks on PPTP and RADIUS on some reason.</li>
1.1 misho 138: <li> Really make RESULT a mandatory option in ext-auth.</li>
139: </ul>
140: </li>
141: </ul>
142: </p>
143: <p>Changes since version 5.3 (most of this work was sponsored by
144: <A href="http://ufanet.ru/">http://ufanet.ru/</A>):
145: <ul>
146: <li> New features:
147: <ul>
148: <li> Added built-in RADIUS server, supporting
149: RFC 3576: Dynamic Authorization Extensions to RADIUS.</li>
150: <li> Added Disconnect-Request extension support from RFC 3576.</li>
151: <li> Added CoA-Request extension support from RFC 3576.</li>
152: <li> Added `authname ...` command to choose active link by peer
153: auth name.</li>
154: <li> Added support for DSL Forum vendor-specific
155: Circuit-ID/Remote-ID PPPoE tags and respective RFC 4679
156: RADIUS VSA.</li>
157: <li> Peer address argument added to interface up/down scripts.</li>
158: </ul>
159: </li>
160: </ul>
161: </p>
162: <p>Changes since version 5.2:
163: <ul>
164: <li> New features:
165: <ul>
166: <li> Added 'drop' link action and 'set link action clear' command.</li>
167: <li> Added ability to receive link action from AAA in auth reply.
168: It allows AAA to select bundle/repeater configuration for
169: specific user or session.</li>
170: <li> Added global traffic filters support to reduce auth reply size.
171: 'set global filter ...' commands.</li>
172: <li> Added ability to include other local or remote config files.
173: 'load ...' command able to accept configuration file path/URI
174: as first argument.</li>
175: <li> Added support for new ng_netflow node features to improve
176: bidirectional accounting performance.</li>
177: <li> Added 'acct-mandatory' auth option to control accounting start
178: errors handeling. Default is enabled.</li>
179: </ul>
180: </li>
181: <li> Changes:
182: <ul>
183: <li> Improved build modularization to allow more customized builds.</li>
184: <li> Reduced memory usage by more effective ACL memory allocation.</li>
185: <li> Allowed MRRU less then 1500 bytes. RFC claims that 1500 must be
186: supported, but lower values are acceptable.</li>
187: </ul>
188: </li>
189: <li> Bugfixes:
190: <ul>
191: <li> Fix possible crash on nonterminated ident string receive.</li>
192: <li> Fix memory leaks on auth failures.</li>
193: <li> Change NCPs join/leave sequences to avoid ENXIO errors on connect.</li>
194: <li> Use separate socket for getting CCP node ID to avoid fake reports.</li>
195: </ul>
196: </li>
197: </ul>
198: </p>
199: <p>Changes since version 5.1:
200: <ul>
201: <li> New features:
202: <ul>
203: <li> Added 'set radius identifier' command.</li>
204: <li> Added '$CallingID' and '$CalledID' modem chat variables.
205: Their values will be reported to the auth backend.</li>
206: <li> Added tunnel related RADIUS attributes of RFC2868 support.</li>
207: <li> 'set auth max-logins' feature can now be case insensitive.</li>
208: <li> Added force ability to the 'set iface addrs' command.</li>
209: <li> IPCP/IPv6CP now closing on interface address assign error
210: or up-script error.</li>
211: <li> Accounting start error now closes link.</li>
212: <li> PPPoE peer address format changed to more traditional.</li>
213: <li> Link peer-as-calling option default changed to disabled.
214: PPTP and L2TP users are advised to check configurations!</li>
215: <li> Some of RADIUS accounting update log messages moved from
216: radius to radius2 log level.</li>
217: </ul>
218: </li>
219: <li> Bugfixes:
220: <ul>
221: <li> Fix PPTP peer address reporting for real LAC/PAC mode.</li>
222: <li> Fix auth thread busy check.</li>
223: <li> Fix incorrect L2TP self address used for outgoing calls
224: when several different addresses configured.</li>
225: </ul>
226: </li>
227: </ul>
228: </p>
229: <p>Changes since version 5.0:
230: <ul>
231: <li> New features:
232: <ul>
233: <li> Added support for NS-related RADIUS attributes from RFC 2548.</li>
234: <li> Added global max-children option.</li>
235: <li> Added link, bundle, iface and iface-index RADIUS VSA.</li>
236: <li> Added 'set link mrru ...' command.
237: Set default MRRU to 2048 and maximum to 4096 bytes.</li>
238: <li> Added USER_NT_HASH and USER_LM_HASH ext-auth attributes
239: for MS-CHAP authentication.</li>
240: <li> Added mpd-input-acct/mpd-output-acct RADIUS attributes
241: to allow sending typed traffic accounting using standard
242: RADIUS attributes.</li>
243: <li> Added support for local side IP management using IP pools.</li>
244: <li> Added support for auth/acct-only RADIUS servers.
245: It allows to specify different servers for authentication
246: and accounting in mpd configuration file.</li>
247: <li> Added support for the new ng_pptpgre node design, supporting
248: multiple calls per node. It improves performance, when multiple
249: calls active between two IPs.</li>
250: </ul>
251: </li>
252: <li> Changes:
253: <ul>
254: <li> peer-as-calling and report-mac options moved from radius
255: to link to improve LAC operation.</li>
256: </ul>
257: </li>
258: <li> Bugfixes:
259: <ul>
260: <li> Fixed incorrect link creation error handeling.</li>
261: <li> Added workaround for some incorrect PAP implementations.</li>
262: <li> Changed processing of NAK on multilink options.
263: NAK enables rejected options back.</li>
264: <li> Added missing multilink parameters check in BundJoin().</li>
265: <li> Fixed sending of incoming traffic typed accounting on accounting stop.</li>
266: <li> Fixed using correct proxy-arp MAC when more then one interface matches.</li>
267: <li> Fixed some L2TP and PPPoE errors processing.</li>
268: <li> Fixed TCP and UDP link type nodes naming.</li>
269: </ul>
270: </li>
271: </ul>
272: </p>
273: <p>Changes since version 5.0rc2:
274: <ul>
275: <li> New features:
276: <ul>
277: <li> Sending LCP Time-Remaining packet implemented.</li>
278: </ul>
279: </li>
280: <li> Bugfixes:
281: <ul>
282: <li> Fixed MPPC options loss on link disconnect.</li>
283: <li> Fixed crash on PPTP CDN sending error.</li>
284: <li> Fixed incorrect IPCP options reject processing.</li>
285: <li> Fixed MP SHORTSEQ option.</li>
286: <li> Fixed packet order on accepting outgoing PPTP call.</li>
287: </ul>
288: </li>
289: </ul>
290: </p>
291: <p>Changes since version 5.0rc1:
292: <ul>
293: <li> New features:
294: <ul>
295: <li> 'auth2' log level added.</li>
296: </ul>
297: </li>
298: <li> Changes:
299: <ul>
300: <li> Always prefer MS-CHAP to others to get encryption keys.</li>
301: </ul>
302: </li>
303: <li> Bugfixes:
304: <ul>
305: <li> Fixed bug in tcpmssfix when compression or encryption is used.</li>
306: <li> Fixed build on FreeBSD 5.x.</li>
307: <li> Fixed build without PPTP or L2TP support.</li>
308: <li> Fixed netflow node creation.</li>
309: </ul>
310: </li>
311: </ul>
312: </p>
313: <p>Changes since version 5.0b4:
314: <ul>
315: <li> New features:
316: <ul>
317: <li> 'show pptp' and 'show l2tp' commands added.</li>
318: </ul>
319: </li>
320: <li> Bugfixes:
321: <ul>
322: <li> Rewritten ippool to avoid races on IPCP renegotiation.</li>
323: </ul>
324: </li>
325: <li> Changes:
326: <ul>
327: <li> Rewritten message engine using internal circular queue
328: instead of system pipe.</li>
329: <li> L2TP/PPTP tunnel shutdown is now delayed for better
330: LAC/PAC interoperation.</li>
331: </ul>
332: </li>
333: </ul>
334: </p>
335: <p>Changes since version 5.0b3:
336: <ul>
337: <li> New features:
338: <ul>
339: <li> If Framed-Netmask RADIUS attribute != 255.255.255.255
340: mpd will create Framed-IP-Address/Framed-Netmask route
341: to the client side.</li>
342: <li> Added reporting peer MAC address and interface to AAA.
343: Added NAS-Port-Id RADIUS attribute support.</li>
344: <li> New 'iface' command added.</li>
345: <li> Added IPv6 support for Tee and DialOnDemand.</li>
346: <li> 'set iface addrs' now able to set IPv6 addresses.</li>
347: <li> ACCT_INTERIM_LIM_RECV and ACCT_INTERIM_LIM_XMIT
348: attributes added to ext-auth.</li>
349: </ul>
350: </li>
351: <li> Bugfixes:
352: <ul>
353: <li> Fixed /32 routes processing.</li>
354: <li> Fixed crash on repeater shutdown.</li>
355: <li> Fixed 'create link ' command syntax check.</li>
356: <li> Fixed redial delay.</li>
357: <li> Many small tunings and fixes.</li>
358: </ul>
359: </li>
360: <li> Performance improvements:
361: <ul>
362: <li> Netgraph management completely rewritten.
363: Now 6 sockets per daemon used to communicate with netgraph
364: instead of 4 sockets per link before. This gives significant
365: performance benefit due to reduced pevent engine overhead.</li>
366: <li> Internal memory management rewritten.</li>
367: </ul>
368: </li>
369: </ul>
370: </p>
371: <p>Changes since version 5.0b1:
372: <ul>
373: <li> New features:
374: <ul>
375: <li> Implemented type-differentiated traffic accounting
376: based on mpd-limit traffic filters.</li>
377: <li> Added 'set link max-children ...' command for DoS protection.</li>
378: <li> Implemented user privilege levels "admin"/"operator"/"user".</li>
379: <li> Web console rewritten and allows now execute any commands
380: allowed by privileges. Added plain-text command interface.</li>
381: <li> New 'show sessions' and 'show customer' commands added.</li>
382: <li> Implemented one-shot operation mode to allow mpd to be used
383: in complicated dial setups.</li>
384: <li> Acct-Session-Id attribute now present in auth request.</li>
385: <li> Show to auth real PPPoE session name received from peer.</li>
386: </ul>
387: </li>
388: <li> Changes:
389: <ul>
390: <li> Rewritten PPPoE, L2TP, TCP and UDP link types to fulfill new
391: dynamic design.</li>
392: <li> MPPC related options moved from 'set ccp' to the new 'set mppc' command.</li>
1.1.1.2 misho 393: <li> 'set bundle retry' command renamed to 'set bundle fsm-timeout'.</li>
1.1 misho 394: <li> Number of auth retries increased to 5.</li>
395: <li> PPTP windowing is disabled by default.</li>
396: <li> Improved unified command error reporting.</li>
397: <li> Users list is now global and the same for console and web.</li>
398: </ul>
399: </li>
400: <li> Bugfixes:
401: <ul>
402: <li> Fixed memory leak on link/bundle shutdown.</li>
403: <li> Fixed reference (memory) leak on console close.</li>
404: <li> Fixed netflow setup errors handeling.</li>
405: <li> Improved IfaceIp[v6]IfaceUp() errors handeling.</li>
406: <li> Restore link MRU to default after use.
407: Should help with some EAP-TLS cases.</li>
408: <li> MPPC now automaically disables unusable subprotocols.
409: For example, it is impossible to use MPPE encryption
410: without MSCHAP.</li>
411: <li> Fixed FSM instantiation to fix LCP keep-alives.</li>
412: <li> Fixed 'set eap ...' context.</li>
413: <li> Implemented PAP-ACK packet retransmit.</li>
414: <li> 'show mem' command now returns output to console instead of stdout.</li>
415: <li> Many small fixes.</li>
416: </ul>
417: </li>
418: </ul>
419: </p>
420: <p>Changes since version 4:
421: <ul>
422: <li> Design changes:
423: <ul>
424: <li> Removed static link - bundle relations.
425: Links now choose their bundles using negotiated parameters
426: when they reach NETWORK phase.
427:
428: The benefit of it is simple and complete client
429: and server multilink operation. Also it gives
430: ability to implement more complicated LAC, PAC and TSA
431: setups then it was possible before.</li>
432: <li> Implemented template based dynamic link/bundle creation.
433: It allows significantly reduce amount of configuration
434: required to operate big access servers.
435:
436: Link may be autocreated by incoming call request from device
437: or by DoD/BoD request from bundle. Bundle may be autocreated
438: by the link reached NETWORK phase.</li>
439: <li> To simplify configuration link and phys layers separated
440: since version 4.2 are now rejoined again into a single link layer.</li>
441: </ul>
442: </li>
443: <li> New features:
444: <ul>
445: <li> Added PAM authentication and accounting.</li>
446: <li> Added dynamic IP addresses pools support.</li>
447: <li> Added new 'ext-acct' accounting backend as full-featured
448: alternative to 'radius-acct'.</li>
449: </ul>
450: </li>
451: <li> Changes:
452: <ul>
453: <li> Massive changes in configuration commands. You should read
454: the manual and examples for the new configuration techniques.</li>
455: <li> FreeBSD 4.x and old DragonFly releases are not supported anymore.</li>
456: </ul>
457: </li>
458: </ul>
459: </p>
460: <p>Changes since version 4.2.2:
461: <ul>
462: <li> New features:
463: <ul>
464: <li> Added L2TP local hostname configuration.</li>
465: <li> Added L2TP length and dataseq options.</li>
466: <li> L2TP local hostname and secret at server side is now configurable
467: depending on client address.</li>
468: <li> Reimplemented RADIUS Class attribute support.</li>
469: <li> Added PPPoE AC-name specification for the server side.</li>
470: <li> Added IP accounting with ng_ipacct node support.</li>
471: <li> Added configure script for better system features detection.</li>
472: <li> 'show version' command now shows compiled-in system features.</li>
473: <li> 'session ...' and 'msession ...' commands to select link/bundle
474: by their current session IDs added.</li>
475: </ul>
476: </li>
477: <li> Bugfixes:
478: <ul>
479: <li> Fixed race condition on PPTP tunnel creation/death.</li>
480: <li> Fixed crash when stdout redirected to /dev/null.</li>
481: <li> Fixed memory leak in proxy-arp.</li>
482: <li> Fixed Dial-on-Demand functionality broken in 4.2.</li>
483: <li> Do not set ACCM for a Sync links.</li>
484: <li> Fixed Sync mode detection for L2TP links.</li>
485: </ul>
486: </li>
487: <li> Performance improvements:
488: <ul>
489: <li> Added support for 64bit ng_ppp counters where available.</li>
490: </ul>
491: </li>
492: </ul>
493: </p>
494: <p>Changes since version 4.2.1:
495: <ul>
496: <li> Bugfixes:
497: <ul>
498: <li> Fixed build and stack overflow on FreeBSD 5.x.</li>
499: <li> Fixed startup script dependencies.</li>
500: </ul>
501: </li>
502: </ul>
503: </p>
504: <p>Changes since version 4.2:
505: <ul>
506: <li> Bugfixes:
507: <ul>
508: <li> Fixed default route support bug.</li>
509: <li> Fixed memory leak in L2TP link creation.</li>
510: </ul>
511: </li>
512: </ul>
513: </p>
514: <p>Changes since version 4.1:
515: <ul>
516: <li> New features:
517: <ul>
518: <li> Implemented link repeater functionality (aka LAC/PAC). New "phys" and "repeater" layers added.</li>
519: <li> PPTP now supports listening on multiple different IPs.</li>
520: <li> L2TP now supports tunnel authentication with shared secret.</li>
521: <li> Implemented traffic filtering using ng_bpf.</li>
522: <li> Implemented fast traffic shaping/rate-limiting using ng_car.</li>
523: <li> Added workaround for Windows 2000 PPPoE MRU negotiation bug.</li>
524: <li> Implemented minimal client side of auth-driven callback (w/o number specification).</li>
525: <li> Restored control console on stdin.</li>
526: <li> Added multiline console command history.</li>
527: <li> Added new 'ext-auth' auth backend as full-featured alternative to 'radius-auth'.</li>
528: <li> Added support for some new ng_nat features.</li>
529: <li> Implemented PPTP/L2TP SetLinkInfo sending to PAC/LAC.</li>
530: <li> NetFlow generation for both incoming and outgoing packets
531: same time is now supported.
532: NOTE: To have more then 1000 interfaces with NetFlow in 6-STABLE
533: you may need to increase NG_NETFLOW_MAXIFACES constant
534: in netflow.h and rebuild ng_netflow kernel module.</li>
535: <li> Added mpd-drop-user vendor specific accounting reply attribute support.</li>
536: </ul>
537: </li>
538: <li> Changes:
539: <ul>
540: <li> 'set link type ...' command is deprecated now. Use 'set phys type ...' instead.</li>
541: <li> -a, -n, -N, and -t bundle options are deprecated now. Use 'set iface enable ...' instead.</li>
542: <li> ng_tee, ng_nat, ng_netflow and other netgraph nodes between ng_ppp anf ng_iface now
543: created when NCP (IPCP/IPV6CP) goes up instead of startup time.</li>
544: <li> Auth subsystem refactored to avoid incorrect cross-level dependencies.</li>
545: <li> Physical device level refactored to remove link and bundle levels dependencies.</li>
546: <li> While accepting calls PPTP, L2TP, TCP and UDP links are now trying
547: to use link with most specific peer address configured.</li>
548: <li> Removed setting up local IPv4 address routing to loopback.
549: /usr/sbin/ppp does not doing it.</li>
550: </ul>
551: </li>
552: <li> Bugfixes:
553: <ul>
554: <li> Fixed thread-safety related crash in accounting.</li>
555: <li> Fixed assertion in PPTP on control connection fail while answering.</li>
556: <li> Fixed assertion in L2TP on control message sending failure.</li>
557: <li> Fixed broken L2TP outcall mode.</li>
558: <li> Updated chat scripts to detect incoming modem calls speed.</li>
559: </ul>
560: </li>
561: <li> Performance improvements:
562: <ul>
563: <li> Calls to ifconfig and route programs replaced by internal functions.</li>
564: <li> Where possible system() calls replaced by fork()+execv()
565: to avoid shell execution.</li>
566: <li> Added connect requests storm overload protection.
567: Mpd will drop incoming requests when message queue
568: reach some defined length.</li>
569: </ul>
570: </li>
571: </ul>
572: </p>
573: <p>Changes since version 4.1rc2:
574: <ul>
575: <li> Changes:
576: <ul>
577: <li> Default value of link's max-redial parameter changed to -1.</li>
578: <li> Bundle's noretry option is enabled by default now.</li>
579: </ul>
580: </li>
581: <li> Bugfixes:
582: <ul>
583: <li> Better up/down reason tracking.</li>
584: </ul>
585: </li>
586: </ul>
587: </p>
588: <p>Mpd version was bumped from 4.0rc2 to 4.1rc2 due to large number of changes
589: done since 4.0b4 and FreeBSD ports version number conflict.</p>
590: <p>Changes since version 4.0rc1:
591: <ul>
592: <li> Bugfixes:
593: <ul>
594: <li> Idle timeout fixed.</li>
595: <li> Fixed bug with 'set l2tp self ' specified at the server side.</li>
596: <li> Device type check for device-specific commands added.</li>
597: <li> IPCP reject is not fatal by itself now.</li>
598: <li> Up/down-script will now be called not for the whole interface,
599: but for each of negotiated protocols. Proto parameter should
600: be checked in the script!</li>
601: <li> Fixed ng_ppp link bandwidth configuration.</li>
602: </ul>
603: </li>
604: </ul>
605: </p>
606: <p>Changes since version 4.0b5:
607: <ul>
608: <li>New features:
609: <ul>
610: <li> Integrated Web server added.</li>
611: <li> NAT support by ng_nat(4) added.</li>
612: <li> L2TP (RFC 2661) device type implemented.</li>
613: <li> UDP device type was completely rewritten. Now it:
614: <ul>
615: <li> does not require manual 'open' command on the server side,
616: it behaves just like any other device type;</li>
617: <li> allows many connections to the same server UDP port;</li>
618: <li> allows not to specify peer address/port for incoming
619: connections (so it will work through different
620: NATs and firewalls);</li>
621: <li> allows not to specify self address/port for outgoing
622: connections (so it is easier to configure);</li>
623: </ul>
624: </li>
625: <li> TCP device type was completely rewritten. It has some minor issues
626: due to limitation of ng_ksocket module, but now IT WORKS! :)</li>
627: <li> Compression Predictor-1 (RFC 1978) added.</li>
628: <li> Compression Deflate (RFC 1979) added.</li>
629: <li> Encryption DESE (RFC 1969) support was reimplemented.</li>
630: <li> Encryption DESE-bis (RFC 2419) support added.</li>
631: <li> New command 'show phys' added.</li>
632: <li> New command 'show summary' added.</li>
633: <li> Support for ipfw tables added to RADIUS ACL's.</li>
634: <li> New commands 'set global start...' added..</li>
635: <li> Added support of calling/called numbers (mostly for PPTP/L2TP).</li>
636: </ul>
637: </li>
638: <li> Changes:
639: <ul>
640: <li> "lcp" layer in open/close commands replaced by "link".</li>
641: <li> Auth configuration (set auth ...) moved from bundle layer to lcp.
642: It works per link now.</li>
643: <li> MPPE policy option moved from auth layer to ccp.</li>
644: </ul>
645: </li>
646: <li> Bugfixes:
647: <ul>
648: <li> Fixed a few bugs on amd64 and sparc64 platforms.</li>
649: <li> Phys layer was made stateless to remove race condition.</li>
650: <li> Link layer changed to remove race conditions on LinkDown().</li>
651: <li> Fixed race condition in accepting PPPoE connections.</li>
652: <li> Link up/down reason recording is now more accurate.</li>
653: <li> Complete link shutdown procedure on auth failure implemented.</li>
654: <li> Fixed several small PPTP level processing issues.</li>
655: <li> Removed limitation about PPTP which must be in the bundle alone.</li>
656: <li> Fixed MSCHAP auth which was broken in 4.0b5.</li>
657: <li> Fixed memory leak in PAP and CHAP auth on the client side.</li>
658: <li> Fixed some CCP negotiation issues.</li>
659: <li> Fixed threads-related crash in internal auth.</li>
660: <li> Fixed crash on incoming when no free PPTP link found.</li>
661: <li> Bug in "rubber bandwidth" algorithm fixed.</li>
662: <li> Bug and possible crash fixed in DoD code.</li>
663: <li> Fixed bug in AUTHPROTO negotiation.</li>
664: <li> Fixed bug in RAD_MICROSOFT_MS_CHAP2_SUCCESS handeling.
665: Needs testing.</li>
666: </ul>
667: </li>
668: </ul>
669: </p>
670: <p>Changes since version 4.0b4:
671: <ul>
672: <li>New features:
673: <ul>
674: <li> IPv6 support:
675: <ul>
676: <li> IPV6CP support added, NCPs and IFACE calls was
677: rewritten to support many NCPs.</li>
678: <li> Console now supports IPv6.</li>
679: <li> UDP and TCP link types now support IPv6.</li>
680: <li> PPTP link type is ready to support IPv6,
681: but requires ng_pptpgre(4) to support IPv6.</li>
682: <li> NetFlow export over IPv6 is supported.</li>
683: <li> The following features don't yet support IPv6:
684: TcpMSSFix, NetFlow, Tee, DialOnDemand.</li>
685: </ul>
686: </li>
687: <li> TCP link type now compiles and works
688: (but isn't yet ready for production usage).</li>
689: <li> NetFlow data generation on outgoing interface is supported.</li>
690: <li> Added a possibility to use an existing ng_netflow(4) node.</li>
691: <li> Added a possibility to specify network interface names
692: instead of IP addresses.</li>
693: <li> Added more log levels to decrease log file size.</li>
694: </ul>
695: </li>
696: <li> Changes:
697: <ul>
698: <li> Default argument of open/close commands changed from iface to lcp.</li>
699: </ul>
700: </li>
701: <li> Bugfixes:
702: <ul>
703: <li> Fixed races between startup process and client connecting.</li>
704: <li> Fixed a few crashes in console.</li>
705: <li> Incoming call processing significantly reworked to
706: fix some aspects of multilink server functionality.</li>
707: <li> The shutdown of mpd is now much more graceful:
708: the netgraph nodes are closed, the accounting RADIUS
709: packets for closing links are sent, new connections
710: aren't accepted during shutdown.</li>
711: <li> Fixed races in filling of RADIUS packets. In particular,
712: RAD_NAS_PORT value in the RADIUS could be wrong.</li>
713: <li> RADIUS support rewritten to use poll(2) instead of
714: select(2), allowing to create a bigger number of links.</li>
715: <li> Fixed a problem with identifying correct interface
716: for proxy-arp when alias addresses are used.</li>
717: <li> Fixed memory leaks and crashes when more than 256 PPTP
718: bundles are in use.</li>
719: <li> Fixed crash in PPPoE when more than 64 parent Ethernet
720: interfaces used.</li>
721: </ul>
722: </li>
723: <li> Performance improvements:
724: <ul>
725: <li> Message and PPPoE subsystems reworked to decrease number
726: of open files per bundle.</li>
727: </ul>
728: </li>
729: </ul>
730: </p>
731: <p>Changes since version 4.0b3:
732: <ul>
733: <li>BugFix: fix crash in processing of MS domain name from
734: RADIUS server.</li>
735: <li>New feature: automatic creation, configuring and attaching
736: of ng_netflow(4) node.</li>
737: <li>ng_tee(4) now can be inserted on a per bundle basis.</li>
738: <li>New feature: on FreeBSD 6.0 and higher ng_tcpmss(4) is
739: utilized if doing TCP MSS fixup.</li>
740: <li>BugFix: tcpmssfix now works for both incoming and outgoing
741: TCP segments.</li>
742: <li>New options: update-limit-in, update-limit-out.</li>
743: <li>Fixed loss of statistics when -t options is used.</li>
744: <li>Fixed chat scripting, modem links not broken anymore.</li>
745: </ul>
746: </p>
747: <p>Changes since version 4.0b2:
748: <ul>
749: <li>BugFix: make PPPoE interface control events recurring, PPPoE is
750: not broken anymore.</li>
751: <li>Added a new <code>startup</code> section to the config-file, wich
752: is loaded once at startup.</li>
753: <li>Added a new <code>global</code> config space for all the global
754: settings.</li>
755: <li>BugFix: don't generate new challenges, while retransmitting
756: them.</li>
757: <li>Fix <code>va_args</code> bug on certain non-i386 platforms.</li>
758: <li>Auto-load <code>ng_ether</code> for PPPoE connections;
759: fix default path for undefined service.</li>
760: <li>Rewrite the console-stuff. Multiple telnet connections are now
761: allowed. There is no input-console anymore, must use telnet
762: instead.</li>
763: <li>BugFix: The directly configured password wasn't taken into
764: account when using PAP.</li>
765: <li>Disallow empty usernames safely.</li>
766: </ul>
767: </p>
768: <p>Changes since version 4.0b1:
769: <ul>
770: <li>Fixed a race-condition wich caused a dead-lock.</li>
771: <li>RADIUS
772: <ul>
773: <li>Fixed several race-conditions when sending accounting requests.</li>
774: <li>Use the username from the access-accept packet (if present) for
775: accounting requests.</li>
776: </ul>
777: </li>
778: </ul>
779: </p>
780: <p>Changes since version 3 (most of this work was sponsored by
781: <A href="http://www.surfnet.nl/">http://www.surfnet.nl/</A>):
782: <ul>
783: <li>Design changes:
784: Mpd uses now a thread-based event system using libpdel, these libpdel parts are now
785: integrated:
786: <ul>
787: <li>typed_mem(3)</li>
788: <li>pevent(3)</li>
789: <li>alog(3)</li>
790: </ul>
791:
792: Mpd uses a "Giant Mutex" for protecting its resources.</li>
793: <li>Major new features:
794: <ul>
795: <li>Implemented the Extensible Authentication Protocol RFC 2284 (EAP). Currently only
796: EAP-MD5 is supported (client and server side).
797: EAP negotiaton can be enabled at link level.</li>
798: <li>Implemented OPIE (One-time Passwords In Everything).</li>
799: <li>Implemented authentication against systems password database <code>master.passwd</code>.</li>
800: <li>utmp/wtmp logging.</li>
801: </ul>
802: </li>
803: <li>Rewrites of the authentication subsystem:
804: <ul>
805: <li>Make authentication and accounting requests asynchronous using paction(3).</li>
806: <li>Authentication backends are acting now independently from the rest of Mpd, using
807: some internal structs as interface.</li>
808: <li>The <code>mpd.secret</code> file is now used as one authentication backends of many, it
809: has no special role anymore, i.e. it could be disabled.</li>
810: <li>Generate a session-id at bundle and link level for using with accounting requests.</li>
811: </ul>
812: </li>
813: <li>RADIUS related changes:
814: <ul>
815: <li><b>IMPORTANT</b>: Mpd needs now an enhanced libradius, here are the patchsets:
816: <code><A href="http://www.bretterklieber.com/freebsd/libradius.diff">http://www.bretterklieber.com/freebsd/libradius.diff</A></code>
817: <code><A href="http://www.bretterklieber.com/freebsd/libradius5.diff">http://www.bretterklieber.com/freebsd/libradius5.diff</A></code></li>
818: <li>Remember and send the RAD_STATE attribute.</li>
819: <li>Message-Authenticator support.</li>
820: <li>EAP Proxy Support.</li>
821: </ul>
822: </li>
823: <li>Added a new option for PPTP links for disabling the windowing mechanism
824: specified by the protocol. Disabling this will cause Mpd to violate
825: the protocol, possibly confusing other PPTP peers, but often results
826: in better performance. The windowing mechanism is a design error in
827: the PPTP protocol; L2TP, the successor to PPTP, removes it. You need
828: a recent version of FreeBSD (NGM_PPTPGRE_COOKIE >= 1082548365) in order
829: to get this feature.<br>
830: <code>set pptp disable windowing</code></li>
831: <li>Added a new commandline option <code>-t</code> for adding ng_tee into the netgraph.<br>
832: Submitted by: Gleb Smirnoff, glebius at cell dot sick dot ru</li>
833: <li>Removed configuration parameters:
834: <ul>
835: <li>bundle: <code>radius-fallback</code></li>
836: <li>iface: <code>radius-session</code>, <code>radius-idle</code>, <code>radius-mtu</code>,
837: <code>radius-route</code>, <code>radius-acl</code></li>
838: <li>ipcp: <code>radius-ip</code></li>
839: </ul>
840:
841:
842: Moved configuration parameters:
843: <ul>
844: <li>bundle to auth: <code>radius-auth</code>, <code>radius-acct</code>, <code>authname</code>,
845: <code>password</code>, <code>max-logins</code></li>
846: <li>radius to auth: <code>acct-update</code></li>
847: <li>ccp to auth: <code>radius</code> and renamed to <code>mppc-pol</code></li>
848: </ul>
849:
850:
851: New configuration parameters:
852: <ul>
853: <li>link: <code>keep-ms-domain</code>, this prevents Mpd from stripping the MS-Domain,
854: this is can be useful when using IAS as RADIUS server.</li>
855: <li>radius: <code>message-authentic</code>, this adds the Message-Authenticator
856: attribute to the RADIUS request.</li>
857: <li>auth: <code>internal</code>, controles the usage of the <code>mpd.secret</code> file
858: (internal authentication backend).</li>
859: <li>auth: <code>opie</code>, enables/disables the OPIE authentication backend.</li>
860: <li>auth: <code>system</code>, enables/disables authentication against systems password
861: database.</li>
862: <li>auth: <code>utmp-wtmp</code>, enables/disables utmp/wtmp logging.
863: database.</li>
864: <li>auth: <code>timeout</code>, configureable timeout for the authentication phase.</li>
865: <li>eap: <code>radius-proxy</code>, this causes Mpd to proxy all EAP requests to
866: the RADIUS server, Mpd only makes the initial Identity-Request
867: (this saves one round-trip), every other requests are forwarded to the RADIUS server.
868: This adds the possibility supporting every EAP-Type of the RADIUS server, without
869: implementing each EAP-Type into Mpd.</li>
870: <li>eap: <code>md5</code>, EAP-Type MD5, it's the same as CHAP-MD5, but inside EAP frames.</li>
871: </ul>
872: </li>
873: <li>Removed defines <code>ENCRYPTION_MPPE</code> and <code>COMPRESSION_MPPC</code>, they are now built in.</li>
874: <li>Get rid of <code>IA_CUSTOM</code> define.</li>
875: <li>BugFix: Fixed a mem-leak in the pptp-ctrl stuff.</li>
876: </ul>
877: </p>
878: <HR NOSHADE>
1.1.1.3 ! misho 879: <A HREF="mpd.html"><EM>Mpd 5.8 User Manual</EM></A>
1.1 misho 880: <b>:</b> <A HREF="mpd1.html"><EM>Introduction</EM></A>
881: <b>:</b> <EM>Change history</EM><BR>
882: <b>Previous:</b> <A HREF="mpd3.html"><EM>Organization of this manual</EM></A><BR>
883: <b>Next:</b> <A HREF="mpd5.html"><EM>Installation</EM></A>
884:
885:
886:
887: </BODY>
888: </HTML>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to mpd4.html CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / doc