1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
2: <HTML>
3: <HEAD>
4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
5: <TITLE>Change history</TITLE>
6: </HEAD>
7: <BODY text="#000000" bgcolor="#ffffff">
8:
9: <A HREF="mpd.html"><EM>Mpd 5.9 User Manual</EM></A>
10: <b>:</b> <A HREF="mpd1.html"><EM>Introduction</EM></A>
11: <b>:</b> <EM>Change history</EM><BR>
12: <b>Previous:</b> <A HREF="mpd3.html"><EM>Organization of this manual</EM></A><BR>
13: <b>Next:</b> <A HREF="mpd5.html"><EM>Installation</EM></A>
14:
15:
16: <HR NOSHADE>
17: <H2><A NAME="4"></A>1.3. Change history<A NAME="changes"></A></H2>
18: <p>Changes since version 5.8:
19: <ul>
20: <li> New features:
21: <ul>
22: <li> Added new option `override` for the command `set iface mtu`.</li>
23: </ul>
24: </li>
25: <li> Changes:
26: <ul>
27: <li> Improve compatibility with new implementation of ipfw tables
28: for FreeBSD versions when ipfw table delete command takes
29: list of addresses.</li>
30: <li> Use only 64-bit counters on modern FreeBSD.</li>
31: </ul>
32: </li>
33: <li> Bugfixes:
34: <ul>
35: <li> Properly clean console mutex lock in case of thread
36: cancellation to prevent deadlock.</li>
37: <li> Fix buffer overflow introduced in version 5.8:
38: processing of template %aX in a RADIUS authentication response
39: might lead to unexpected termination of the mpd5 process.
40: Installations not using RADIUS or not using %aX templates
41: in RADIUS attributes were not affected.</li>
42: <li>LCP negotiation fixed for rare case of remote peer restarting it
43: when in phase AUTHENTICATE or NETWORK.</li>
44: <li> Fix buffer overflow in parsing of L2TP control packets
45: introduced in version 4.0 that initially brought in L2TP support:
46: a specially crafted incoming L2TP control packet
47: might lead to unexpected termination of the process.
48: Installations not using L2TP clients nor L2TP server configuration
49: were not affected.</li>
50: </ul>
51: </li>
52: </ul>
53: </p>
54: <p>Changes since version 5.7:
55: <ul>
56: <li> New features:
57: <ul>
58: <li> Added JSON format output into the web console.</li>
59: <li> Added `set l2tp pmask ...` command.</li>
60: <li> Added `set pppoe mac-format ...` command.</li>
61: <li> Added `set pppoe max-payload ...` command from RFC 4638.</li>
62: <li> Added 'set radius src-addr ...' command.</li>
63: <li> Added `set iface keep-timeout` options.</li>
64: <li> Added `set console auth` options.</li>
65: <li> Added `agent-cid` global option to control display
66: PPPoE ADSL-Agent-Circuit-Id option in `show session` command.
67: Default is disabled.</li>
68: <li> Added `session-time` global option to control display
69: session time in seconds in `show session` command.
70: Default is disabled.</li>
71: <li> Using `peer_addr` in ACL tell to use mpd-table with
72: the peer negotiated IP address.</li>
73: <li> Added more wildcards, passed from ACL's.</li>
74: <li> Added more wildcards, passed from `set iface description ...`
75: command or `mpd-iface-descr` RADIUS attribute.</li>
76: <li> Added `Filter-Id` RADIUS attribute.</li>
77: <li> Added support for Backtrace Access Library.</li>
78: <li> Added support for LibreSSL Library.</li>
79: </ul>
80: </li>
81: <li> Changes:
82: <ul>
83: <li> Rename `quit` command to `shutdown`.</li>
84: <li> `authname ...` command can be case insensitive.</li>
85: </ul>
86: </li>
87: <li> Bugfixes:
88: <ul>
89: <li> Restore send mac address to RADIUS server in unformatted value.</li>
90: <li> Fix long living bug with ECP.</li>
91: <li> Fix ability to use both IPv4 and IPv6 addresses on the same interface.</li>
92: </ul>
93: </li>
94: </ul>
95: </p>
96: <p>Changes since version 5.6:
97: <ul>
98: <li> New features:
99: <ul>
100: <li> Added global `qthreshold` option.</li>
101: <li> Added `unset radius server ...` command.</li>
102: <li> Added `unset nat ...` command.</li>
103: <li> Added `Class` CoA attribute from RFC 2865.</li>
104: <li> New command `show netflow` added.</li>
105: </ul>
106: </li>
107: <li> Changes:
108: <ul>
109: <li> NAT rules may be added/deleted without shutdowning interface.</li>
110: <li> NetFlow can export IPv6 data.</li>
111: <li> Interface description may be construct from predefined
112: variables in bundle template.</li>
113: </ul>
114: </li>
115: <li> Bugfixes:
116: <ul>
117: <li> Restore `show sessions` as unprivileged command.</li>
118: <li> Fix infinite event loop when STDIN redirected to /dev/null
119: after it recently got non-blocking mode support.</li>
120: <li> Fix invalid output of `show nat` command in some times.</li>
121: <li> Fix some possible memory leaks.</li>
122: </ul>
123: </li>
124: </ul>
125: </p>
126: <p>Changes since version 5.5:
127: <ul>
128: <li> New features:
129: <ul>
130: <li> Added `mpd-iface-name` RADIUS attribute.</li>
131: <li> Added `mpd-iface-descr` RADIUS attribute.</li>
132: <li> Added `mpd-iface-group` RADIUS attribute.</li>
133: <li> Added `mpd-peer-ident` RADIUS attribute.</li>
134: <li> Added `set iface name ...` command.</li>
135: <li> Added `set iface description ...` command.</li>
136: <li> Added `set iface group ...` command.</li>
137: <li> Added support for NetFlow v9 export.</li>
138: <li> Added `set l2tp|pptp|tcp|udp resolve-once ...` command.
139: They allow to resolve peer address every time on reconnect.</li>
140: </ul>
141: </li>
142: <li> Changes:
143: <ul>
144: <li> Remove dependency from libpdel library.
145: Import required files into the MPD tree.</li>
146: </ul>
147: </li>
148: <li> Bugfixes:
149: <ul>
150: <li> Fix invoke `set iface up|down-script` without arguments.</li>
151: <li> Fix `show eap` command</li>
152: <li> Fix build on older FreeBSD versions.</li>
153: <li> Fix several memory leaks.</li>
154: <li> Fix building without SYSLOG_FACILITY option.</li>
155: <li> Fix byte order in ports in `set nat red-port`.</li>
156: <li> Fix some potential crashes because of NULL dereferences.</li>
157: </ul>
158: </li>
159: </ul>
160: </p>
161: <p>Changes since version 5.4:
162: <ul>
163: <li> New features:
164: <ul>
165: <li> Added `set link redial-delay ...` command.</li>
166: <li> Print global filters on `show iface|customer` commands.</li>
167: <li> Added protocol/port forwarding support for NAT.</li>
168: <li> Added utmpx support on 9-CURRENT.</li>
169: </ul>
170: </li>
171: <li> Bugfixes:
172: <ul>
173: <li> Fix memory leaks on PPTP and RADIUS on some reason.</li>
174: <li> Really make RESULT a mandatory option in ext-auth.</li>
175: </ul>
176: </li>
177: </ul>
178: </p>
179: <p>Changes since version 5.3 (most of this work was sponsored by
180: <A href="http://ufanet.ru/">JSC 'Ufanet'</A>):
181: <ul>
182: <li> New features:
183: <ul>
184: <li> Added built-in RADIUS server, supporting
185: RFC 3576: Dynamic Authorization Extensions to RADIUS.</li>
186: <li> Added Disconnect-Request extension support from RFC 3576.</li>
187: <li> Added CoA-Request extension support from RFC 3576.</li>
188: <li> Added `authname ...` command to choose active link by peer
189: auth name.</li>
190: <li> Added support for DSL Forum vendor-specific
191: Circuit-ID/Remote-ID PPPoE tags and respective RFC 4679
192: RADIUS VSA.</li>
193: <li> Peer address argument added to interface up/down scripts.</li>
194: </ul>
195: </li>
196: </ul>
197: </p>
198: <p>Changes since version 5.2:
199: <ul>
200: <li> New features:
201: <ul>
202: <li> Added 'drop' link action and 'set link action clear' command.</li>
203: <li> Added ability to receive link action from AAA in auth reply.
204: It allows AAA to select bundle/repeater configuration for
205: specific user or session.</li>
206: <li> Added global traffic filters support to reduce auth reply size.
207: 'set global filter ...' commands.</li>
208: <li> Added ability to include other local or remote config files.
209: 'load ...' command able to accept configuration file path/URI
210: as first argument.</li>
211: <li> Added support for new ng_netflow node features to improve
212: bidirectional accounting performance.</li>
213: <li> Added 'acct-mandatory' auth option to control accounting start
214: errors handeling. Default is enabled.</li>
215: </ul>
216: </li>
217: <li> Changes:
218: <ul>
219: <li> Improved build modularization to allow more customized builds.</li>
220: <li> Reduced memory usage by more effective ACL memory allocation.</li>
221: <li> Allowed MRRU less then 1500 bytes. RFC claims that 1500 must be
222: supported, but lower values are acceptable.</li>
223: </ul>
224: </li>
225: <li> Bugfixes:
226: <ul>
227: <li> Fix possible crash on nonterminated ident string receive.</li>
228: <li> Fix memory leaks on auth failures.</li>
229: <li> Change NCPs join/leave sequences to avoid ENXIO errors on connect.</li>
230: <li> Use separate socket for getting CCP node ID to avoid fake reports.</li>
231: </ul>
232: </li>
233: </ul>
234: </p>
235: <p>Changes since version 5.1:
236: <ul>
237: <li> New features:
238: <ul>
239: <li> Added 'set radius identifier' command.</li>
240: <li> Added '$CallingID' and '$CalledID' modem chat variables.
241: Their values will be reported to the auth backend.</li>
242: <li> Added tunnel related RADIUS attributes of RFC2868 support.</li>
243: <li> 'set auth max-logins' feature can now be case insensitive.</li>
244: <li> Added force ability to the 'set iface addrs' command.</li>
245: <li> IPCP/IPv6CP now closing on interface address assign error
246: or up-script error.</li>
247: <li> Accounting start error now closes link.</li>
248: <li> PPPoE peer address format changed to more traditional.</li>
249: <li> Link peer-as-calling option default changed to disabled.
250: PPTP and L2TP users are advised to check configurations!</li>
251: <li> Some of RADIUS accounting update log messages moved from
252: radius to radius2 log level.</li>
253: </ul>
254: </li>
255: <li> Bugfixes:
256: <ul>
257: <li> Fix PPTP peer address reporting for real LAC/PAC mode.</li>
258: <li> Fix auth thread busy check.</li>
259: <li> Fix incorrect L2TP self address used for outgoing calls
260: when several different addresses configured.</li>
261: </ul>
262: </li>
263: </ul>
264: </p>
265: <p>Changes since version 5.0:
266: <ul>
267: <li> New features:
268: <ul>
269: <li> Added support for NS-related RADIUS attributes from RFC 2548.</li>
270: <li> Added global max-children option.</li>
271: <li> Added link, bundle, iface and iface-index RADIUS VSA.</li>
272: <li> Added 'set link mrru ...' command.
273: Set default MRRU to 2048 and maximum to 4096 bytes.</li>
274: <li> Added USER_NT_HASH and USER_LM_HASH ext-auth attributes
275: for MS-CHAP authentication.</li>
276: <li> Added mpd-input-acct/mpd-output-acct RADIUS attributes
277: to allow sending typed traffic accounting using standard
278: RADIUS attributes.</li>
279: <li> Added support for local side IP management using IP pools.</li>
280: <li> Added support for auth/acct-only RADIUS servers.
281: It allows to specify different servers for authentication
282: and accounting in mpd configuration file.</li>
283: <li> Added support for the new ng_pptpgre node design, supporting
284: multiple calls per node. It improves performance, when multiple
285: calls active between two IPs.</li>
286: </ul>
287: </li>
288: <li> Changes:
289: <ul>
290: <li> peer-as-calling and report-mac options moved from radius
291: to link to improve LAC operation.</li>
292: </ul>
293: </li>
294: <li> Bugfixes:
295: <ul>
296: <li> Fixed incorrect link creation error handeling.</li>
297: <li> Added workaround for some incorrect PAP implementations.</li>
298: <li> Changed processing of NAK on multilink options.
299: NAK enables rejected options back.</li>
300: <li> Added missing multilink parameters check in BundJoin().</li>
301: <li> Fixed sending of incoming traffic typed accounting on accounting stop.</li>
302: <li> Fixed using correct proxy-arp MAC when more then one interface matches.</li>
303: <li> Fixed some L2TP and PPPoE errors processing.</li>
304: <li> Fixed TCP and UDP link type nodes naming.</li>
305: </ul>
306: </li>
307: </ul>
308: </p>
309: <p>Changes since version 5.0rc2:
310: <ul>
311: <li> New features:
312: <ul>
313: <li> Sending LCP Time-Remaining packet implemented.</li>
314: </ul>
315: </li>
316: <li> Bugfixes:
317: <ul>
318: <li> Fixed MPPC options loss on link disconnect.</li>
319: <li> Fixed crash on PPTP CDN sending error.</li>
320: <li> Fixed incorrect IPCP options reject processing.</li>
321: <li> Fixed MP SHORTSEQ option.</li>
322: <li> Fixed packet order on accepting outgoing PPTP call.</li>
323: </ul>
324: </li>
325: </ul>
326: </p>
327: <p>Changes since version 5.0rc1:
328: <ul>
329: <li> New features:
330: <ul>
331: <li> 'auth2' log level added.</li>
332: </ul>
333: </li>
334: <li> Changes:
335: <ul>
336: <li> Always prefer MS-CHAP to others to get encryption keys.</li>
337: </ul>
338: </li>
339: <li> Bugfixes:
340: <ul>
341: <li> Fixed bug in tcpmssfix when compression or encryption is used.</li>
342: <li> Fixed build on FreeBSD 5.x.</li>
343: <li> Fixed build without PPTP or L2TP support.</li>
344: <li> Fixed netflow node creation.</li>
345: </ul>
346: </li>
347: </ul>
348: </p>
349: <p>Changes since version 5.0b4:
350: <ul>
351: <li> New features:
352: <ul>
353: <li> 'show pptp' and 'show l2tp' commands added.</li>
354: </ul>
355: </li>
356: <li> Bugfixes:
357: <ul>
358: <li> Rewritten ippool to avoid races on IPCP renegotiation.</li>
359: </ul>
360: </li>
361: <li> Changes:
362: <ul>
363: <li> Rewritten message engine using internal circular queue
364: instead of system pipe.</li>
365: <li> L2TP/PPTP tunnel shutdown is now delayed for better
366: LAC/PAC interoperation.</li>
367: </ul>
368: </li>
369: </ul>
370: </p>
371: <p>Changes since version 5.0b3:
372: <ul>
373: <li> New features:
374: <ul>
375: <li> If Framed-Netmask RADIUS attribute != 255.255.255.255
376: mpd will create Framed-IP-Address/Framed-Netmask route
377: to the client side.</li>
378: <li> Added reporting peer MAC address and interface to AAA.
379: Added NAS-Port-Id RADIUS attribute support.</li>
380: <li> New 'iface' command added.</li>
381: <li> Added IPv6 support for Tee and DialOnDemand.</li>
382: <li> 'set iface addrs' now able to set IPv6 addresses.</li>
383: <li> ACCT_INTERIM_LIM_RECV and ACCT_INTERIM_LIM_XMIT
384: attributes added to ext-auth.</li>
385: </ul>
386: </li>
387: <li> Bugfixes:
388: <ul>
389: <li> Fixed /32 routes processing.</li>
390: <li> Fixed crash on repeater shutdown.</li>
391: <li> Fixed 'create link ' command syntax check.</li>
392: <li> Fixed redial delay.</li>
393: <li> Many small tunings and fixes.</li>
394: </ul>
395: </li>
396: <li> Performance improvements:
397: <ul>
398: <li> Netgraph management completely rewritten.
399: Now 6 sockets per daemon used to communicate with netgraph
400: instead of 4 sockets per link before. This gives significant
401: performance benefit due to reduced pevent engine overhead.</li>
402: <li> Internal memory management rewritten.</li>
403: </ul>
404: </li>
405: </ul>
406: </p>
407: <p>Changes since version 5.0b1:
408: <ul>
409: <li> New features:
410: <ul>
411: <li> Implemented type-differentiated traffic accounting
412: based on mpd-limit traffic filters.</li>
413: <li> Added 'set link max-children ...' command for DoS protection.</li>
414: <li> Implemented user privilege levels "admin"/"operator"/"user".</li>
415: <li> Web console rewritten and allows now execute any commands
416: allowed by privileges. Added plain-text command interface.</li>
417: <li> New 'show sessions' and 'show customer' commands added.</li>
418: <li> Implemented one-shot operation mode to allow mpd to be used
419: in complicated dial setups.</li>
420: <li> Acct-Session-Id attribute now present in auth request.</li>
421: <li> Show to auth real PPPoE session name received from peer.</li>
422: </ul>
423: </li>
424: <li> Changes:
425: <ul>
426: <li> Rewritten PPPoE, L2TP, TCP and UDP link types to fulfill new
427: dynamic design.</li>
428: <li> MPPC related options moved from 'set ccp' to the new 'set mppc' command.</li>
429: <li> 'set bundle retry' command renamed to 'set bundle fsm-timeout'.</li>
430: <li> Number of auth retries increased to 5.</li>
431: <li> PPTP windowing is disabled by default.</li>
432: <li> Improved unified command error reporting.</li>
433: <li> Users list is now global and the same for console and web.</li>
434: </ul>
435: </li>
436: <li> Bugfixes:
437: <ul>
438: <li> Fixed memory leak on link/bundle shutdown.</li>
439: <li> Fixed reference (memory) leak on console close.</li>
440: <li> Fixed netflow setup errors handeling.</li>
441: <li> Improved IfaceIp[v6]IfaceUp() errors handeling.</li>
442: <li> Restore link MRU to default after use.
443: Should help with some EAP-TLS cases.</li>
444: <li> MPPC now automaically disables unusable subprotocols.
445: For example, it is impossible to use MPPE encryption
446: without MSCHAP.</li>
447: <li> Fixed FSM instantiation to fix LCP keep-alives.</li>
448: <li> Fixed 'set eap ...' context.</li>
449: <li> Implemented PAP-ACK packet retransmit.</li>
450: <li> 'show mem' command now returns output to console instead of stdout.</li>
451: <li> Many small fixes.</li>
452: </ul>
453: </li>
454: </ul>
455: </p>
456: <p>Changes since version 4:
457: <ul>
458: <li> Design changes:
459: <ul>
460: <li> Removed static link - bundle relations.
461: Links now choose their bundles using negotiated parameters
462: when they reach NETWORK phase.
463:
464: The benefit of it is simple and complete client
465: and server multilink operation. Also it gives
466: ability to implement more complicated LAC, PAC and TSA
467: setups then it was possible before.</li>
468: <li> Implemented template based dynamic link/bundle creation.
469: It allows significantly reduce amount of configuration
470: required to operate big access servers.
471:
472: Link may be autocreated by incoming call request from device
473: or by DoD/BoD request from bundle. Bundle may be autocreated
474: by the link reached NETWORK phase.</li>
475: <li> To simplify configuration link and phys layers separated
476: since version 4.2 are now rejoined again into a single link layer.</li>
477: </ul>
478: </li>
479: <li> New features:
480: <ul>
481: <li> Added PAM authentication and accounting.</li>
482: <li> Added dynamic IP addresses pools support.</li>
483: <li> Added new 'ext-acct' accounting backend as full-featured
484: alternative to 'radius-acct'.</li>
485: </ul>
486: </li>
487: <li> Changes:
488: <ul>
489: <li> Massive changes in configuration commands. You should read
490: the manual and examples for the new configuration techniques.</li>
491: <li> FreeBSD 4.x and old DragonFly releases are not supported anymore.</li>
492: </ul>
493: </li>
494: </ul>
495: </p>
496: <p>Changes since version 4.2.2:
497: <ul>
498: <li> New features:
499: <ul>
500: <li> Added L2TP local hostname configuration.</li>
501: <li> Added L2TP length and dataseq options.</li>
502: <li> L2TP local hostname and secret at server side is now configurable
503: depending on client address.</li>
504: <li> Reimplemented RADIUS Class attribute support.</li>
505: <li> Added PPPoE AC-name specification for the server side.</li>
506: <li> Added IP accounting with ng_ipacct node support.</li>
507: <li> Added configure script for better system features detection.</li>
508: <li> 'show version' command now shows compiled-in system features.</li>
509: <li> 'session ...' and 'msession ...' commands to select link/bundle
510: by their current session IDs added.</li>
511: </ul>
512: </li>
513: <li> Bugfixes:
514: <ul>
515: <li> Fixed race condition on PPTP tunnel creation/death.</li>
516: <li> Fixed crash when stdout redirected to /dev/null.</li>
517: <li> Fixed memory leak in proxy-arp.</li>
518: <li> Fixed Dial-on-Demand functionality broken in 4.2.</li>
519: <li> Do not set ACCM for a Sync links.</li>
520: <li> Fixed Sync mode detection for L2TP links.</li>
521: </ul>
522: </li>
523: <li> Performance improvements:
524: <ul>
525: <li> Added support for 64bit ng_ppp counters where available.</li>
526: </ul>
527: </li>
528: </ul>
529: </p>
530: <p>Changes since version 4.2.1:
531: <ul>
532: <li> Bugfixes:
533: <ul>
534: <li> Fixed build and stack overflow on FreeBSD 5.x.</li>
535: <li> Fixed startup script dependencies.</li>
536: </ul>
537: </li>
538: </ul>
539: </p>
540: <p>Changes since version 4.2:
541: <ul>
542: <li> Bugfixes:
543: <ul>
544: <li> Fixed default route support bug.</li>
545: <li> Fixed memory leak in L2TP link creation.</li>
546: </ul>
547: </li>
548: </ul>
549: </p>
550: <p>Changes since version 4.1:
551: <ul>
552: <li> New features:
553: <ul>
554: <li> Implemented link repeater functionality (aka LAC/PAC). New "phys" and "repeater" layers added.</li>
555: <li> PPTP now supports listening on multiple different IPs.</li>
556: <li> L2TP now supports tunnel authentication with shared secret.</li>
557: <li> Implemented traffic filtering using ng_bpf.</li>
558: <li> Implemented fast traffic shaping/rate-limiting using ng_car.</li>
559: <li> Added workaround for Windows 2000 PPPoE MRU negotiation bug.</li>
560: <li> Implemented minimal client side of auth-driven callback (w/o number specification).</li>
561: <li> Restored control console on stdin.</li>
562: <li> Added multiline console command history.</li>
563: <li> Added new 'ext-auth' auth backend as full-featured alternative to 'radius-auth'.</li>
564: <li> Added support for some new ng_nat features.</li>
565: <li> Implemented PPTP/L2TP SetLinkInfo sending to PAC/LAC.</li>
566: <li> NetFlow generation for both incoming and outgoing packets
567: same time is now supported.
568: NOTE: To have more then 1000 interfaces with NetFlow in 6-STABLE
569: you may need to increase NG_NETFLOW_MAXIFACES constant
570: in netflow.h and rebuild ng_netflow kernel module.</li>
571: <li> Added mpd-drop-user vendor specific accounting reply attribute support.</li>
572: </ul>
573: </li>
574: <li> Changes:
575: <ul>
576: <li> 'set link type ...' command is deprecated now. Use 'set phys type ...' instead.</li>
577: <li> -a, -n, -N, and -t bundle options are deprecated now. Use 'set iface enable ...' instead.</li>
578: <li> ng_tee, ng_nat, ng_netflow and other netgraph nodes between ng_ppp anf ng_iface now
579: created when NCP (IPCP/IPV6CP) goes up instead of startup time.</li>
580: <li> Auth subsystem refactored to avoid incorrect cross-level dependencies.</li>
581: <li> Physical device level refactored to remove link and bundle levels dependencies.</li>
582: <li> While accepting calls PPTP, L2TP, TCP and UDP links are now trying
583: to use link with most specific peer address configured.</li>
584: <li> Removed setting up local IPv4 address routing to loopback.
585: /usr/sbin/ppp does not doing it.</li>
586: </ul>
587: </li>
588: <li> Bugfixes:
589: <ul>
590: <li> Fixed thread-safety related crash in accounting.</li>
591: <li> Fixed assertion in PPTP on control connection fail while answering.</li>
592: <li> Fixed assertion in L2TP on control message sending failure.</li>
593: <li> Fixed broken L2TP outcall mode.</li>
594: <li> Updated chat scripts to detect incoming modem calls speed.</li>
595: </ul>
596: </li>
597: <li> Performance improvements:
598: <ul>
599: <li> Calls to ifconfig and route programs replaced by internal functions.</li>
600: <li> Where possible system() calls replaced by fork()+execv()
601: to avoid shell execution.</li>
602: <li> Added connect requests storm overload protection.
603: Mpd will drop incoming requests when message queue
604: reach some defined length.</li>
605: </ul>
606: </li>
607: </ul>
608: </p>
609: <p>Changes since version 4.1rc2:
610: <ul>
611: <li> Changes:
612: <ul>
613: <li> Default value of link's max-redial parameter changed to -1.</li>
614: <li> Bundle's noretry option is enabled by default now.</li>
615: </ul>
616: </li>
617: <li> Bugfixes:
618: <ul>
619: <li> Better up/down reason tracking.</li>
620: </ul>
621: </li>
622: </ul>
623: </p>
624: <p>Mpd version was bumped from 4.0rc2 to 4.1rc2 due to large number of changes
625: done since 4.0b4 and FreeBSD ports version number conflict.</p>
626: <p>Changes since version 4.0rc1:
627: <ul>
628: <li> Bugfixes:
629: <ul>
630: <li> Idle timeout fixed.</li>
631: <li> Fixed bug with 'set l2tp self ' specified at the server side.</li>
632: <li> Device type check for device-specific commands added.</li>
633: <li> IPCP reject is not fatal by itself now.</li>
634: <li> Up/down-script will now be called not for the whole interface,
635: but for each of negotiated protocols. Proto parameter should
636: be checked in the script!</li>
637: <li> Fixed ng_ppp link bandwidth configuration.</li>
638: </ul>
639: </li>
640: </ul>
641: </p>
642: <p>Changes since version 4.0b5:
643: <ul>
644: <li>New features:
645: <ul>
646: <li> Integrated Web server added.</li>
647: <li> NAT support by ng_nat(4) added.</li>
648: <li> L2TP (RFC 2661) device type implemented.</li>
649: <li> UDP device type was completely rewritten. Now it:
650: <ul>
651: <li> does not require manual 'open' command on the server side,
652: it behaves just like any other device type;</li>
653: <li> allows many connections to the same server UDP port;</li>
654: <li> allows not to specify peer address/port for incoming
655: connections (so it will work through different
656: NATs and firewalls);</li>
657: <li> allows not to specify self address/port for outgoing
658: connections (so it is easier to configure);</li>
659: </ul>
660: </li>
661: <li> TCP device type was completely rewritten. It has some minor issues
662: due to limitation of ng_ksocket module, but now IT WORKS! :)</li>
663: <li> Compression Predictor-1 (RFC 1978) added.</li>
664: <li> Compression Deflate (RFC 1979) added.</li>
665: <li> Encryption DESE (RFC 1969) support was reimplemented.</li>
666: <li> Encryption DESE-bis (RFC 2419) support added.</li>
667: <li> New command 'show phys' added.</li>
668: <li> New command 'show summary' added.</li>
669: <li> Support for ipfw tables added to RADIUS ACL's.</li>
670: <li> New commands 'set global start...' added..</li>
671: <li> Added support of calling/called numbers (mostly for PPTP/L2TP).</li>
672: </ul>
673: </li>
674: <li> Changes:
675: <ul>
676: <li> "lcp" layer in open/close commands replaced by "link".</li>
677: <li> Auth configuration (set auth ...) moved from bundle layer to lcp.
678: It works per link now.</li>
679: <li> MPPE policy option moved from auth layer to ccp.</li>
680: </ul>
681: </li>
682: <li> Bugfixes:
683: <ul>
684: <li> Fixed a few bugs on amd64 and sparc64 platforms.</li>
685: <li> Phys layer was made stateless to remove race condition.</li>
686: <li> Link layer changed to remove race conditions on LinkDown().</li>
687: <li> Fixed race condition in accepting PPPoE connections.</li>
688: <li> Link up/down reason recording is now more accurate.</li>
689: <li> Complete link shutdown procedure on auth failure implemented.</li>
690: <li> Fixed several small PPTP level processing issues.</li>
691: <li> Removed limitation about PPTP which must be in the bundle alone.</li>
692: <li> Fixed MSCHAP auth which was broken in 4.0b5.</li>
693: <li> Fixed memory leak in PAP and CHAP auth on the client side.</li>
694: <li> Fixed some CCP negotiation issues.</li>
695: <li> Fixed threads-related crash in internal auth.</li>
696: <li> Fixed crash on incoming when no free PPTP link found.</li>
697: <li> Bug in "rubber bandwidth" algorithm fixed.</li>
698: <li> Bug and possible crash fixed in DoD code.</li>
699: <li> Fixed bug in AUTHPROTO negotiation.</li>
700: <li> Fixed bug in RAD_MICROSOFT_MS_CHAP2_SUCCESS handeling.
701: Needs testing.</li>
702: </ul>
703: </li>
704: </ul>
705: </p>
706: <p>Changes since version 4.0b4:
707: <ul>
708: <li>New features:
709: <ul>
710: <li> IPv6 support:
711: <ul>
712: <li> IPV6CP support added, NCPs and IFACE calls was
713: rewritten to support many NCPs.</li>
714: <li> Console now supports IPv6.</li>
715: <li> UDP and TCP link types now support IPv6.</li>
716: <li> PPTP link type is ready to support IPv6,
717: but requires ng_pptpgre(4) to support IPv6.</li>
718: <li> NetFlow export over IPv6 is supported.</li>
719: <li> The following features do not yet support IPv6:
720: TcpMSSFix, NetFlow, Tee, DialOnDemand.</li>
721: </ul>
722: </li>
723: <li> TCP link type now compiles and works
724: but is not yet ready for production usage.</li>
725: <li> NetFlow data generation on outgoing interface is supported.</li>
726: <li> Added a possibility to use an existing ng_netflow(4) node.</li>
727: <li> Added a possibility to specify network interface names
728: instead of IP addresses.</li>
729: <li> Added more log levels to decrease log file size.</li>
730: </ul>
731: </li>
732: <li> Changes:
733: <ul>
734: <li> Default argument of open/close commands changed from iface to lcp.</li>
735: </ul>
736: </li>
737: <li> Bugfixes:
738: <ul>
739: <li> Fixed races between startup process and client connecting.</li>
740: <li> Fixed a few crashes in console.</li>
741: <li> Incoming call processing significantly reworked to
742: fix some aspects of multilink server functionality.</li>
743: <li> The shutdown of mpd is now much more graceful:
744: the netgraph nodes are closed, the accounting RADIUS
745: packets for closing links are sent, new connections
746: are not accepted during shutdown.</li>
747: <li> Fixed races in filling of RADIUS packets. In particular,
748: RAD_NAS_PORT value in the RADIUS could be wrong.</li>
749: <li> RADIUS support rewritten to use poll(2) instead of
750: select(2), allowing to create a bigger number of links.</li>
751: <li> Fixed a problem with identifying correct interface
752: for proxy-arp when alias addresses are used.</li>
753: <li> Fixed memory leaks and crashes when more than 256 PPTP
754: bundles are in use.</li>
755: <li> Fixed crash in PPPoE when more than 64 parent Ethernet
756: interfaces used.</li>
757: </ul>
758: </li>
759: <li> Performance improvements:
760: <ul>
761: <li> Message and PPPoE subsystems reworked to decrease number
762: of open files per bundle.</li>
763: </ul>
764: </li>
765: </ul>
766: </p>
767: <p>Changes since version 4.0b3:
768: <ul>
769: <li>BugFix: fix crash in processing of MS domain name from
770: RADIUS server.</li>
771: <li>New feature: automatic creation, configuring and attaching
772: of ng_netflow(4) node.</li>
773: <li>ng_tee(4) now can be inserted on a per bundle basis.</li>
774: <li>New feature: on FreeBSD 6.0 and higher ng_tcpmss(4) is
775: utilized if doing TCP MSS fixup.</li>
776: <li>BugFix: tcpmssfix now works for both incoming and outgoing
777: TCP segments.</li>
778: <li>New options: update-limit-in, update-limit-out.</li>
779: <li>Fixed loss of statistics when -t options is used.</li>
780: <li>Fixed chat scripting, modem links not broken anymore.</li>
781: </ul>
782: </p>
783: <p>Changes since version 4.0b2:
784: <ul>
785: <li>BugFix: make PPPoE interface control events recurring, PPPoE is
786: not broken anymore.</li>
787: <li>Added a new <code>startup</code> section to the config-file, wich
788: is loaded once at startup.</li>
789: <li>Added a new <code>global</code> config space for all the global
790: settings.</li>
791: <li>BugFix: do not generate new challenges while retransmitting
792: them.</li>
793: <li>Fix <code>va_args</code> bug on certain non-i386 platforms.</li>
794: <li>Auto-load <code>ng_ether</code> for PPPoE connections;
795: fix default path for undefined service.</li>
796: <li>Rewrite the console-stuff. Multiple telnet connections are now
797: allowed. There is no input-console anymore, must use telnet
798: instead.</li>
799: <li>BugFix: The directly configured password was not taken into
800: account when using PAP.</li>
801: <li>Disallow empty usernames safely.</li>
802: </ul>
803: </p>
804: <p>Changes since version 4.0b1:
805: <ul>
806: <li>Fixed a race-condition wich caused a dead-lock.</li>
807: <li>RADIUS
808: <ul>
809: <li>Fixed several race-conditions when sending accounting requests.</li>
810: <li>Use the username from the access-accept packet (if present) for
811: accounting requests.</li>
812: </ul>
813: </li>
814: </ul>
815: </p>
816: <p>Changes since version 3 (most of this work was sponsored by
817: <A href="http://www.surfnet.nl/">SURFnet</A>):
818: <ul>
819: <li>Design changes:
820: Mpd uses now a thread-based event system using libpdel, these libpdel parts are now
821: integrated:
822: <ul>
823: <li>typed_mem(3)</li>
824: <li>pevent(3)</li>
825: <li>alog(3)</li>
826: </ul>
827:
828: Mpd uses a "Giant Mutex" for protecting its resources.</li>
829: <li>Major new features:
830: <ul>
831: <li>Implemented the Extensible Authentication Protocol RFC 2284 (EAP). Currently only
832: EAP-MD5 is supported (client and server side).
833: EAP negotiaton can be enabled at link level.</li>
834: <li>Implemented OPIE (One-time Passwords In Everything).</li>
835: <li>Implemented authentication against systems password database <code>master.passwd</code>.</li>
836: <li>utmp/wtmp logging.</li>
837: </ul>
838: </li>
839: <li>Rewrites of the authentication subsystem:
840: <ul>
841: <li>Make authentication and accounting requests asynchronous using paction(3).</li>
842: <li>Authentication backends are acting now independently from the rest of Mpd, using
843: some internal structs as interface.</li>
844: <li>The <code>mpd.secret</code> file is now used as one authentication backends of many, it
845: has no special role anymore, i.e. it could be disabled.</li>
846: <li>Generate a session-id at bundle and link level for using with accounting requests.</li>
847: </ul>
848: </li>
849: <li>RADIUS related changes:
850: <ul>
851: <li><b>IMPORTANT</b>: Mpd needs now an enhanced libradius, here are the patchsets:
852: <code><A href="http://www.bretterklieber.com/freebsd/libradius.diff">4-STABLE</A></code>
853: <code><A href="http://www.bretterklieber.com/freebsd/libradius5.diff">5-CURRENT</A></code></li>
854: <li>Remember and send the RAD_STATE attribute.</li>
855: <li>Message-Authenticator support.</li>
856: <li>EAP Proxy Support.</li>
857: </ul>
858: </li>
859: <li>Added a new option for PPTP links for disabling the windowing mechanism
860: specified by the protocol. Disabling this will cause Mpd to violate
861: the protocol, possibly confusing other PPTP peers, but often results
862: in better performance. The windowing mechanism is a design error in
863: the PPTP protocol; L2TP, the successor to PPTP, removes it. You need
864: a recent version of FreeBSD (NGM_PPTPGRE_COOKIE >= 1082548365) in order
865: to get this feature.<br>
866: <code>set pptp disable windowing</code></li>
867: <li>Added a new commandline option <code>-t</code> for adding ng_tee into the netgraph.<br>
868: Submitted by: Gleb Smirnoff, glebius at cell dot sick dot ru</li>
869: <li>Removed configuration parameters:
870: <ul>
871: <li>bundle: <code>radius-fallback</code></li>
872: <li>iface: <code>radius-session</code>, <code>radius-idle</code>, <code>radius-mtu</code>,
873: <code>radius-route</code>, <code>radius-acl</code></li>
874: <li>ipcp: <code>radius-ip</code></li>
875: </ul>
876:
877:
878: Moved configuration parameters:
879: <ul>
880: <li>bundle to auth: <code>radius-auth</code>, <code>radius-acct</code>, <code>authname</code>,
881: <code>password</code>, <code>max-logins</code></li>
882: <li>radius to auth: <code>acct-update</code></li>
883: <li>ccp to auth: <code>radius</code> and renamed to <code>mppc-pol</code></li>
884: </ul>
885:
886:
887: New configuration parameters:
888: <ul>
889: <li>link: <code>keep-ms-domain</code>, this prevents Mpd from stripping the MS-Domain,
890: this is can be useful when using IAS as RADIUS server.</li>
891: <li>radius: <code>message-authentic</code>, this adds the Message-Authenticator
892: attribute to the RADIUS request.</li>
893: <li>auth: <code>internal</code>, controles the usage of the <code>mpd.secret</code> file
894: (internal authentication backend).</li>
895: <li>auth: <code>opie</code>, enables/disables the OPIE authentication backend.</li>
896: <li>auth: <code>system</code>, enables/disables authentication against systems password
897: database.</li>
898: <li>auth: <code>utmp-wtmp</code>, enables/disables utmp/wtmp logging.
899: database.</li>
900: <li>auth: <code>timeout</code>, configureable timeout for the authentication phase.</li>
901: <li>eap: <code>radius-proxy</code>, this causes Mpd to proxy all EAP requests to
902: the RADIUS server, Mpd only makes the initial Identity-Request
903: (this saves one round-trip), every other requests are forwarded to the RADIUS server.
904: This adds the possibility supporting every EAP-Type of the RADIUS server, without
905: implementing each EAP-Type into Mpd.</li>
906: <li>eap: <code>md5</code>, EAP-Type MD5, it's the same as CHAP-MD5, but inside EAP frames.</li>
907: </ul>
908: </li>
909: <li>Removed defines <code>ENCRYPTION_MPPE</code> and <code>COMPRESSION_MPPC</code>, they are now built in.</li>
910: <li>Get rid of <code>IA_CUSTOM</code> define.</li>
911: <li>BugFix: Fixed a mem-leak in the pptp-ctrl stuff.</li>
912: </ul>
913: </p>
914: <HR NOSHADE>
915: <A HREF="mpd.html"><EM>Mpd 5.9 User Manual</EM></A>
916: <b>:</b> <A HREF="mpd1.html"><EM>Introduction</EM></A>
917: <b>:</b> <EM>Change history</EM><BR>
918: <b>Previous:</b> <A HREF="mpd3.html"><EM>Organization of this manual</EM></A><BR>
919: <b>Next:</b> <A HREF="mpd5.html"><EM>Installation</EM></A>
920:
921:
922:
923: </BODY>
924: </HTML>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to mpd4.html CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / doc