Provided by: freebsd-manpages_9.2+1-1_all bug

NAME
       ng_mppc — Microsoft MPPC/MPPE compression and encryption netgraph node type


SYNOPSIS
       #include <sys/types.h>
       #include <netgraph/ng_mppc.h>


DESCRIPTION
       The  mppc  node  type  implements the Microsoft Point-to-Point Compression (MPPC) and Microsoft Point-to-
       Point Encryption (MPPE) sub-protocols of the PPP protocol.  These protocols are often used in conjunction
       with the Point-to-Point Tunneling Protocol (PPTP).

       The node has two hooks, comp for compression and decomp for decompression.   Typically  one  or  both  of
       these  hooks  would  be  connected  to  the ng_ppp(4) node type hook of the same name.  Each direction of
       traffic flow is independent of the other.


HOOKS
       This node type supports the following hooks:

       comp          Connection to ng_ppp(4) comp hook.  Incoming frames are compressed  and/or  encrypted,  and
                     sent back out the same hook.
       decomp        Connection  to  ng_ppp(4)  decomp hook.  Incoming frames are decompressed and/or decrypted,
                     and sent back out the same hook.


CONTROL MESSAGES
       This node type supports the generic control messages, plus the following:

       NGM_MPPC_CONFIG_COMP
            This command resets and configures the node for a session in the outgoing traffic  direction  (i.e.,
            for compression and/or encryption).  This command takes a struct ng_mppc_config as an argument:

            /* Length of MPPE key */
            #define MPPE_KEY_LEN      16

            /* MPPC/MPPE PPP negotiation bits */
            #define MPPC_BIT          0x00000001      /* mppc compression bits */
            #define MPPE_40           0x00000020      /* use 40 bit key */
            #define MPPE_56           0x00000080      /* use 56 bit key */
            #define MPPE_128          0x00000040      /* use 128 bit key */
            #define MPPE_BITS         0x000000e0      /* mppe encryption bits */
            #define MPPE_STATELESS    0x01000000      /* use stateless mode */
            #define MPPC_VALID_BITS   0x010000e1      /* possibly valid bits */

            /* Configuration for a session */
            struct ng_mppc_config {
                u_char    enable;                 /* enable */
                u_int32_t bits;                   /* config bits */
                u_char    startkey[MPPE_KEY_LEN]; /* start key */
            };

            The  enabled  field  enables  traffic  flow  through  the node.  The bits field contains the bits as
            negotiated by the Compression Control Protocol (CCP) in PPP.  The startkey is only necessary if MPPE
            was negotiated, and must be equal to the session start key as defined for MPPE.  This key  is  based
            on the MS-CHAP credentials used at link authentication time.

       NGM_MPPC_CONFIG_DECOMP
            This  command  resets and configures the node for a session in the incoming traffic direction (i.e.,
            for decompression and/or decryption).  This command takes a struct ng_mppc_config as an argument.

       NGM_MPPC_RESETREQ
            This message contains no  arguments,  and  is  bi-directional.   If  an  error  is  detected  during
            decompression,  this  message  is  sent  by the node to the originator of the NGM_MPPC_CONFIG_DECOMP
            message that initiated the session.  The receiver should respond by sending a PPP CCP  Reset-Request
            to the peer.

            This  message  may  also  be  received by this node type when a CCP Reset-Request is received by the
            local PPP entity.  The node will respond by flushing its outgoing compression and  encryption  state
            so the remote side can resynchronize.


SHUTDOWN
       This  node  shuts  down  upon  receipt  of  a  NGM_SHUTDOWN control message, or when both hooks have been
       disconnected.


COMPILATION
       The kernel options NETGRAPH_MPPC_COMPRESSION and NETGRAPH_MPPC_ENCRYPTION  are  supplied  to  selectively
       compile in either or both capabilities.  At least one of these must be defined, or else this node type is
       useless.

       The  MPPC  protocol  requires  proprietary  compression code available from Hi/Fn (formerly STAC).  These
       files must be obtained elsewhere and added to the kernel sources before this node type will compile  with
       the NETGRAPH_MPPC_COMPRESSION option.


SEE ALSO
       netgraph(4), ng_ppp(4), ngctl(8)

       G. Pall, Microsoft Point-To-Point Compression (MPPC) Protocol, RFC 2118.

       G.  S.  Pall  and  G.  Zorn,  Microsoft  Point-To-Point  Encryption  (MPPE)  Protocol, draft-ietf-pppext-
       mppe-04.txt.

       K. Hamzeh, G. Pall, W. Verthein, J. Taarud, W. Little, and G.  Zorn,  Point-to-Point  Tunneling  Protocol
       (PPTP), RFC 2637.


AUTHORS
       Archie Cobbs <archie@FreeBSD.org>


BUGS
       In  PPP, encryption should be handled by the Encryption Control Protocol (ECP) rather than CCP.  However,
       Microsoft combined both compression  and  encryption  into  their  ``compression''  algorithm,  which  is
       confusing.

Debian                                          December 8, 1999                                      NG_MPPC(4)