:man| Alphabetical   Categories   About us 
NG_MPPC (4) | Special files and drivers | Unix Manual Pages | :man


ng_mppc - Microsoft MPPC/MPPE compression and encryption netgraph node type


Control Messages
See Also


.In sys/types.h
.In netgraph/ng_mppc.h


The mppc node type implements the Microsoft Point-to-Point Compression (MPPC) and Microsoft Point-to-Point Encryption (MPPE) sub-protocols of the PPP protocol. These protocols are often used in conjunction with the Point-to-Point Tunneling Protocol (PPTP).

The node has two hooks, "comp" for compression and "decomp" for decompression. Typically one or both of these hooks would be connected to the ng_ppp(4) node type hook of the same name. Each direction of traffic flow is independent of the other.


This node type supports the following hooks:

comp Connection to ng_ppp(4) "comp" hook. Incoming frames are compressed and/or encrypted, and sent back out the same hook.
decomp Connection to ng_ppp(4) "decomp" hook. Incoming frames are decompressed and/or decrypted, and sent back out the same hook.


This node type supports the generic control messages, plus the following:
This command resets and configures the node for a session in the outgoing traffic direction (i.e., for compression and/or encryption). This command takes a "struct ng_mppc_config" as an argument:
/* Length of MPPE key */
#define MPPE_KEY_LEN 16

/* MPPC/MPPE PPP negotiation bits */
#define MPPC_BIT0x00000001 /* mppc compression bits */
#define MPPE_40 0x00000020 /* use 40 bit key */
#define MPPE_56 0x00000080 /* use 56 bit key */
#define MPPE_1280x00000040 /* use 128 bit key */
#define MPPE_BITS 0x000000e0 /* mppe encryption bits */
#define MPPE_STATELESS 0x01000000 /* use stateless mode */
#define MPPC_VALID_BITS 0x010000e1 /* possibly valid bits */

/* Configuration for a session */
struct ng_mppc_config {
u_char enable; /* enable */
u_int32_t bits; /* config bits */
u_char startkey[MPPE_KEY_LEN]; /* start key */

The enabled field enables traffic flow through the node. The bits field contains the bits as negotiated by the Compression Control Protocol (CCP) in PPP. The startkey is only necessary if MPPE was negotiated, and must be equal to the session start key as defined for MPPE. This key is based on the MS-CHAP credentials used at link authentication time.

This command resets and configures the node for a session in the incoming traffic direction (i.e., for decompression and/or decryption). This command takes a "struct ng_mppc_config" as an argument.
This message contains no arguments, and is bi-directional. If an error is detected during decompression, this message is sent by the node to the originator of the NGM_MPPC_CONFIG_DECOMP message that initiated the session. The receiver should respond by sending a PPP CCP Reset-Request to the peer.

This message may also be received by this node type when a CCP Reset-Request is received by the local PPP entity. The node will respond by flushing its outgoing compression and encryption state so the remote side can resynchronize.


This node shuts down upon receipt of a NGM_SHUTDOWN control message, or when both hooks have been disconnected.


The kernel options NETGRAPH_MPPC_COMPRESSION and NETGRAPH_MPPC_ENCRYPTION are supplied to selectively compile in either or both capabilities. At least one of these must be defined, or else this node type is useless.

The MPPC protocol requires proprietary compression code available from Hi/Fn (formerly STAC). These files must be obtained elsewhere and added to the kernel sources before this node type will compile with the NETGRAPH_MPPC_COMPRESSION option.


netgraph(4), ng_ppp(4), ngctl(8)
.Rs "Microsoft Point-To-Point Compression (MPPC) Protocol"
.Rs "Microsoft Point-To-Point Encryption (MPPE) Protocol"
.Rs "Point-to-Point Tunneling Protocol (PPTP)"



Created by Blin Media, 2008-2013