summaryrefslogtreecommitdiff
path: root/packages/linux/opensimpad/mppe-20040216.patch
diff options
context:
space:
mode:
Diffstat (limited to 'packages/linux/opensimpad/mppe-20040216.patch')
-rw-r--r--packages/linux/opensimpad/mppe-20040216.patch1225
1 files changed, 1225 insertions, 0 deletions
diff --git a/packages/linux/opensimpad/mppe-20040216.patch b/packages/linux/opensimpad/mppe-20040216.patch
new file mode 100644
index 0000000000..c4195c1420
--- /dev/null
+++ b/packages/linux/opensimpad/mppe-20040216.patch
@@ -0,0 +1,1225 @@
+
+#
+# Patch managed by http://www.holgerschurig.de/patcher.html
+#
+
+--- linux-2.4.27/drivers/net/Config.in~mppe-20040216
++++ linux-2.4.27/drivers/net/Config.in
+@@ -332,6 +332,7 @@
+ dep_tristate ' PPP support for sync tty ports' CONFIG_PPP_SYNC_TTY $CONFIG_PPP
+ dep_tristate ' PPP Deflate compression' CONFIG_PPP_DEFLATE $CONFIG_PPP
+ dep_tristate ' PPP BSD-Compress compression' CONFIG_PPP_BSDCOMP $CONFIG_PPP
++ dep_tristate ' PPP MPPE compression (encryption)' CONFIG_PPP_MPPE $CONFIG_PPP
+ if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+ dep_tristate ' PPP over Ethernet (EXPERIMENTAL)' CONFIG_PPPOE $CONFIG_PPP
+ fi
+--- /dev/null
++++ linux-2.4.27/drivers/net/arcfour.c
+@@ -0,0 +1,75 @@
++/*
++ * arcfour.c
++ * by Frank Cusack <frank@google.com>
++ * 100% public domain
++ *
++ * Implemented from the description in _Applied Cryptography_, 2nd ed.
++ *
++ * ** Distribution ** of this software is unlimited and unrestricted.
++ *
++ * ** Use ** of this software is almost certainly legal; however, refer
++ * to <http://theory.lcs.mit.edu/~rivest/faq.html>.
++ */
++
++#include "arcfour.h"
++#if defined(__linux__)
++#include <linux/string.h>
++#endif
++
++#define swap(a, b) \
++{ \
++ unsigned char t = b; \
++ b = a; \
++ a = t; \
++}
++
++/*
++ * Initialize arcfour from a key.
++ */
++void
++arcfour_setkey(arcfour_context *context, const unsigned char *key,
++ unsigned keylen)
++{
++ unsigned i, j;
++ unsigned char K[256];
++
++ context->i = context->j = 0;
++
++ for (i = 0; i < 256; i++) {
++ context->S[i] = i;
++ K[i] = key[i % keylen];
++ }
++
++ j = 0;
++ for (i = 0; i < 256; i++) {
++ j = (j + context->S[i] + K[i]) % 256;
++ swap(context->S[i], context->S[j]);
++ }
++
++ memset(K, 0, sizeof(K));
++}
++
++/*
++ * plaintext -> ciphertext (or vice versa)
++ */
++void
++arcfour_encrypt(arcfour_context *context, const unsigned char *in, unsigned len,
++ unsigned char *out)
++{
++ unsigned i = context->i;
++ unsigned j = context->j;
++ unsigned char *S = context->S;
++ unsigned char K;
++
++ while (len--) {
++ i = (i + 1) % 256;
++ j = (j + S[i]) % 256;
++ swap(S[i], S[j]);
++ K = S[(S[i] + S[j]) % 256];
++ *out++ = *in++ ^ K;
++ }
++
++ context->i = i;
++ context->j = j;
++}
++
+--- /dev/null
++++ linux-2.4.27/drivers/net/arcfour.h
+@@ -0,0 +1,17 @@
++/* arcfour.h */
++
++#ifndef _ARCFOUR_H
++#define _ARCFOUR_H
++
++typedef struct {
++ unsigned i;
++ unsigned j;
++ unsigned char S[256];
++} arcfour_context;
++
++extern void arcfour_setkey(arcfour_context *, const unsigned char *, unsigned);
++extern void arcfour_encrypt(arcfour_context *, const unsigned char *, unsigned,
++ unsigned char *);
++#define arcfour_decrypt arcfour_encrypt
++
++#endif /* _ARCFOUR_H */
+--- linux-2.4.27/drivers/net/ppp_generic.c~mppe-20040216
++++ linux-2.4.27/drivers/net/ppp_generic.c
+@@ -102,6 +102,7 @@
+ spinlock_t rlock; /* lock for receive side 58 */
+ spinlock_t wlock; /* lock for transmit side 5c */
+ int mru; /* max receive unit 60 */
++ int mru_alloc; /* MAX(1500,MRU) for dev_alloc_skb() */
+ unsigned int flags; /* control bits 64 */
+ unsigned int xstate; /* transmit state bits 68 */
+ unsigned int rstate; /* receive state bits 6c */
+@@ -129,6 +130,7 @@
+ struct sock_fprog pass_filter; /* filter for packets to pass */
+ struct sock_fprog active_filter;/* filter for pkts to reset idle */
+ #endif /* CONFIG_PPP_FILTER */
++ int xpad; /* ECP or CCP (MPPE) transmit padding */
+ };
+
+ /*
+@@ -552,7 +554,9 @@
+ case PPPIOCSMRU:
+ if (get_user(val, (int *) arg))
+ break;
+- ppp->mru = val;
++ ppp->mru_alloc = ppp->mru = val;
++ if (ppp->mru_alloc < PPP_MRU)
++ ppp->mru_alloc = PPP_MRU; /* increase for broken peers */
+ err = 0;
+ break;
+
+@@ -1031,8 +1035,8 @@
+ /* try to do packet compression */
+ if ((ppp->xstate & SC_COMP_RUN) && ppp->xc_state != 0
+ && proto != PPP_LCP && proto != PPP_CCP) {
+- new_skb = alloc_skb(ppp->dev->mtu + ppp->dev->hard_header_len,
+- GFP_ATOMIC);
++ new_skb = alloc_skb(ppp->dev->mtu + ppp->dev->hard_header_len
++ + ppp->xpad, GFP_ATOMIC);
+ if (new_skb == 0) {
+ printk(KERN_ERR "PPP: no memory (comp pkt)\n");
+ goto drop;
+@@ -1044,15 +1048,28 @@
+ /* compressor still expects A/C bytes in hdr */
+ len = ppp->xcomp->compress(ppp->xc_state, skb->data - 2,
+ new_skb->data, skb->len + 2,
+- ppp->dev->mtu + PPP_HDRLEN);
++ ppp->dev->mtu + ppp->xpad
++ + PPP_HDRLEN);
+ if (len > 0 && (ppp->flags & SC_CCP_UP)) {
+ kfree_skb(skb);
+ skb = new_skb;
+ skb_put(skb, len);
+ skb_pull(skb, 2); /* pull off A/C bytes */
+- } else {
++ } else if (len == 0) {
+ /* didn't compress, or CCP not up yet */
+ kfree_skb(new_skb);
++ } else {
++ /*
++ * (len < 0)
++ * MPPE requires that we do not send unencrypted
++ * frames. The compressor will return -1 if we
++ * should drop the frame. We cannot simply test
++ * the compress_proto because MPPE and MPPC share
++ * the same number.
++ */
++ printk(KERN_ERR "ppp: compressor dropped pkt\n");
++ kfree_skb(new_skb);
++ goto drop;
+ }
+ }
+
+@@ -1540,14 +1557,15 @@
+ int len;
+
+ if (proto == PPP_COMP) {
+- ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN);
++ ns = dev_alloc_skb(ppp->mru_alloc + PPP_HDRLEN);
+ if (ns == 0) {
+ printk(KERN_ERR "ppp_decompress_frame: no memory\n");
+ goto err;
+ }
+ /* the decompressor still expects the A/C bytes in the hdr */
+ len = ppp->rcomp->decompress(ppp->rc_state, skb->data - 2,
+- skb->len + 2, ns->data, ppp->mru + PPP_HDRLEN);
++ skb->len + 2, ns->data,
++ ppp->mru_alloc + PPP_HDRLEN);
+ if (len < 0) {
+ /* Pass the compressed frame to pppd as an
+ error indication. */
+@@ -1982,6 +2000,20 @@
+ ocomp->comp_free(ostate);
+ err = 0;
+ }
++ if (ccp_option[0] == CI_MPPE)
++ /*
++ * pppd (userland) has reduced the MTU by MPPE_PAD,
++ * to accomodate "compressor" growth. We must
++ * increase the space allocated for compressor
++ * output in ppp_send_frame() accordingly. Note
++ * that from a purist's view, it may be more correct
++ * to require multilink and fragment large packets,
++ * but that seems inefficient compared to this
++ * little trick.
++ */
++ ppp->xpad = MPPE_PAD;
++ else
++ ppp->xpad = 0;
+
+ } else {
+ state = cp->decomp_alloc(ccp_option, data.length);
+@@ -2253,6 +2285,7 @@
+ /* Initialize the new ppp unit */
+ ppp->file.index = unit;
+ ppp->mru = PPP_MRU;
++ ppp->mru_alloc = PPP_MRU;
+ init_ppp_file(&ppp->file, INTERFACE);
+ ppp->file.hdrlen = PPP_HDRLEN - 2; /* don't count proto bytes */
+ for (i = 0; i < NUM_NP; ++i)
+--- /dev/null
++++ linux-2.4.27/drivers/net/ppp_mppe_compress.c
+@@ -0,0 +1,643 @@
++/*
++ * ==FILEVERSION 20020521==
++ *
++ * ppp_mppe_compress.c - interface MPPE to the PPP code.
++ * This version is for use with Linux kernel 2.2.19+ and 2.4.x.
++ *
++ * By Frank Cusack <frank@google.com>.
++ * Copyright (c) 2002 Google, Inc.
++ * All rights reserved.
++ *
++ * Permission to use, copy, modify, and distribute this software and its
++ * documentation is hereby granted, provided that the above copyright
++ * notice appears in all copies. This software is provided without any
++ * warranty, express or implied.
++ *
++ * Changelog:
++ * 2/15/04 - TS: added #include <version.h> and testing for Kernel
++ * version before using
++ * MOD_DEC_USAGE_COUNT/MOD_INC_USAGE_COUNT which are
++ * depreciated in 2.6
++ */
++
++#include <linux/module.h>
++#include <linux/kernel.h>
++#include <linux/version.h>
++#include <linux/init.h>
++#include <linux/types.h>
++#include <linux/slab.h>
++#include <linux/string.h>
++
++#include <linux/ppp_defs.h>
++#include <linux/ppp-comp.h>
++
++#include "arcfour.h"
++#include "sha1.h"
++
++/*
++ * State for an MPPE (de)compressor.
++ */
++typedef struct ppp_mppe_state {
++ unsigned char master_key[MPPE_MAX_KEY_LEN];
++ unsigned char session_key[MPPE_MAX_KEY_LEN];
++ arcfour_context arcfour_context; /* encryption state */
++ unsigned keylen; /* key length in bytes */
++ /* NB: 128-bit == 16, 40-bit == 8! */
++ /* If we want to support 56-bit, */
++ /* the unit has to change to bits */
++ unsigned char bits; /* MPPE control bits */
++ unsigned ccount; /* 12-bit coherency count (seqno) */
++ unsigned stateful; /* stateful mode flag */
++ int discard; /* stateful mode packet loss flag */
++ int sanity_errors; /* take down LCP if too many */
++ int unit;
++ int debug;
++ struct compstat stats;
++} ppp_mppe_state;
++
++/* ppp_mppe_state.bits definitions */
++#define MPPE_BIT_A 0x80 /* Encryption table were (re)inititalized */
++#define MPPE_BIT_B 0x40 /* MPPC only (not implemented) */
++#define MPPE_BIT_C 0x20 /* MPPC only (not implemented) */
++#define MPPE_BIT_D 0x10 /* This is an encrypted frame */
++
++#define MPPE_BIT_FLUSHED MPPE_BIT_A
++#define MPPE_BIT_ENCRYPTED MPPE_BIT_D
++
++#define MPPE_BITS(p) ((p)[4] & 0xf0)
++#define MPPE_CCOUNT(p) ((((p)[4] & 0x0f) << 8) + (p)[5])
++#define MPPE_CCOUNT_SPACE 0x1000 /* The size of the ccount space */
++
++#define MPPE_OVHD 2 /* MPPE overhead/packet */
++#define SANITY_MAX 1600 /* Max bogon factor we will tolerate */
++
++static void GetNewKeyFromSHA __P((unsigned char *StartKey,
++ unsigned char *SessionKey,
++ unsigned SessionKeyLength,
++ unsigned char *InterimKey));
++static void mppe_rekey __P((ppp_mppe_state *state, int));
++static void *mppe_alloc __P((unsigned char *options, int optlen));
++static void mppe_free __P((void *state));
++static int mppe_init __P((void *state, unsigned char *options,
++ int optlen, int unit, int debug, const char *));
++static int mppe_comp_init __P((void *state, unsigned char *options,
++ int optlen,
++ int unit, int hdrlen, int debug));
++static int mppe_decomp_init __P((void *state, unsigned char *options,
++ int optlen, int unit,
++ int hdrlen, int mru, int debug));
++static int mppe_compress __P((void *state, unsigned char *ibuf,
++ unsigned char *obuf,
++ int isize, int osize));
++static void mppe_incomp __P((void *state, unsigned char *ibuf, int icnt));
++static int mppe_decompress __P((void *state, unsigned char *ibuf,
++ int isize, unsigned char *obuf,int osize));
++static void mppe_comp_reset __P((void *state));
++static void mppe_decomp_reset __P((void *state));
++static void mppe_comp_stats __P((void *state, struct compstat *stats));
++
++
++/*
++ * Key Derivation, from RFC 3078, RFC 3079.
++ * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
++ */
++static void
++GetNewKeyFromSHA(unsigned char *MasterKey, unsigned char *SessionKey,
++ unsigned SessionKeyLength, unsigned char *InterimKey)
++{
++ SHA1_CTX Context;
++ unsigned char Digest[SHA1_SIGNATURE_SIZE];
++
++ unsigned char SHApad1[40] =
++ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
++ unsigned char SHApad2[40] =
++ { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
++ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
++ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
++ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
++
++ /* assert(SessionKeyLength <= SHA1_SIGNATURE_SIZE); */
++
++ SHA1_Init(&Context);
++ SHA1_Update(&Context, MasterKey, SessionKeyLength);
++ SHA1_Update(&Context, SHApad1, sizeof(SHApad1));
++ SHA1_Update(&Context, SessionKey, SessionKeyLength);
++ SHA1_Update(&Context, SHApad2, sizeof(SHApad2));
++ SHA1_Final(Digest, &Context);
++
++ memcpy(InterimKey, Digest, SessionKeyLength);
++}
++
++/*
++ * Perform the MPPE rekey algorithm, from RFC 3078, sec. 7.3.
++ * Well, not what's written there, but rather what they meant.
++ */
++static void
++mppe_rekey(ppp_mppe_state *state, int initial_key)
++{
++ unsigned char InterimKey[MPPE_MAX_KEY_LEN];
++
++ GetNewKeyFromSHA(state->master_key, state->session_key,
++ state->keylen, InterimKey);
++ if (!initial_key) {
++ arcfour_setkey(&state->arcfour_context, InterimKey, state->keylen);
++ arcfour_encrypt(&state->arcfour_context, InterimKey, state->keylen,
++ state->session_key);
++ } else {
++ memcpy(state->session_key, InterimKey, state->keylen);
++ }
++ if (state->keylen == 8) {
++ /* See RFC 3078 */
++ state->session_key[0] = 0xd1;
++ state->session_key[1] = 0x26;
++ state->session_key[2] = 0x9e;
++ }
++ arcfour_setkey(&state->arcfour_context, state->session_key, state->keylen);
++}
++
++
++/*
++ * Allocate space for a (de)compressor.
++ */
++static void *
++mppe_alloc(unsigned char *options, int optlen)
++{
++ ppp_mppe_state *state;
++
++ if (optlen != CILEN_MPPE + sizeof(state->master_key)
++ || options[0] != CI_MPPE
++ || options[1] != CILEN_MPPE)
++ return NULL;
++
++ state = (ppp_mppe_state *) kmalloc(sizeof(*state), GFP_KERNEL);
++ if (state == NULL)
++ return NULL;
++
++/*
++ Added to avoid module warnings about MOD_INC
++ being depreciated in 2.6.x
++*/
++#if ( LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) )
++ try_module_get(THIS_MODULE);
++#else
++ MOD_INC_USE_COUNT;
++#endif
++ memset(state, 0, sizeof(*state));
++
++ /* Save keys. */
++ memcpy(state->master_key, &options[CILEN_MPPE], sizeof(state->master_key));
++ memcpy(state->session_key, state->master_key, sizeof(state->master_key));
++ /*
++ * We defer initial key generation until mppe_init(), as mppe_alloc()
++ * is called frequently during negotiation.
++ */
++
++ return (void *) state;
++}
++
++/*
++ * Deallocate space for a (de)compressor.
++ */
++static void
++mppe_free(void *arg)
++{
++ ppp_mppe_state *state = (ppp_mppe_state *) arg;
++
++ if (state) {
++ kfree(state);
++/*
++ Added to avoid module warnings about MOD_DEC_USE_COUNT
++ being depreciated in 2.6.x
++*/
++#if ( LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) )
++ module_put(THIS_MODULE);
++#else
++ MOD_DEC_USE_COUNT;
++#endif
++ }
++}
++
++
++/*
++ * Initialize (de)compressor state.
++ */
++static int
++mppe_init(void *arg, unsigned char *options, int optlen, int unit, int debug,
++ const char *debugstr)
++{
++ ppp_mppe_state *state = (ppp_mppe_state *) arg;
++ unsigned char mppe_opts;
++
++ if (optlen != CILEN_MPPE
++ || options[0] != CI_MPPE
++ || options[1] != CILEN_MPPE)
++ return 0;
++
++ MPPE_CI_TO_OPTS(&options[2], mppe_opts);
++ if (mppe_opts & MPPE_OPT_128)
++ state->keylen = 16;
++ else if (mppe_opts & MPPE_OPT_40)
++ state->keylen = 8;
++ else {
++ printk(KERN_WARNING "%s[%d]: unknown key length\n", debugstr, unit);
++ return 0;
++ }
++ if (mppe_opts & MPPE_OPT_STATEFUL)
++ state->stateful = 1;
++
++ /* Generate the initial session key. */
++ mppe_rekey(state, 1);
++
++ if (debug) {
++ int i;
++ char mkey[sizeof(state->master_key) * 2 + 1];
++ char skey[sizeof(state->session_key) * 2 + 1];
++
++ printk(KERN_DEBUG "%s[%d]: initialized with %d-bit %s mode\n", debugstr,
++ unit, (state->keylen == 16)? 128: 40,
++ (state->stateful)? "stateful": "stateless");
++
++ for (i = 0; i < sizeof(state->master_key); i++)
++ sprintf(mkey + i * 2, "%.2x", state->master_key[i]);
++ for (i = 0; i < sizeof(state->session_key); i++)
++ sprintf(skey + i * 2, "%.2x", state->session_key[i]);
++ printk(KERN_DEBUG "%s[%d]: keys: master: %s initial session: %s\n",
++ debugstr, unit, mkey, skey);
++ }
++
++ /*
++ * Initialize the coherency count. The initial value is not specified
++ * in RFC 3078, but we can make a reasonable assumption that it will
++ * start at 0. Setting it to the max here makes the comp/decomp code
++ * do the right thing (determined through experiment).
++ */
++ state->ccount = MPPE_CCOUNT_SPACE - 1;
++
++ /*
++ * Note that even though we have initialized the key table, we don't
++ * set the FLUSHED bit. This is contrary to RFC 3078, sec. 3.1.
++ */
++ state->bits = MPPE_BIT_ENCRYPTED;
++
++ state->unit = unit;
++ state->debug = debug;
++
++ return 1;
++}
++
++
++
++static int
++mppe_comp_init(void *arg, unsigned char *options, int optlen, int unit,
++ int hdrlen, int debug)
++{
++ /* ARGSUSED */
++ return mppe_init(arg, options, optlen, unit, debug, "mppe_comp_init");
++}
++
++/*
++ * We received a CCP Reset-Request (actually, we are sending a Reset-Ack),
++ * tell the compressor to rekey. Note that we MUST NOT rekey for
++ * every CCP Reset-Request; we only rekey on the next xmit packet.
++ * We might get multiple CCP Reset-Requests if our CCP Reset-Ack is lost.
++ * So, rekeying for every CCP Reset-Request is broken as the peer will not
++ * know how many times we've rekeyed. (If we rekey and THEN get another
++ * CCP Reset-Request, we must rekey again.)
++ */
++static void
++mppe_comp_reset(void *arg)
++{
++ ppp_mppe_state *state = (ppp_mppe_state *) arg;
++
++ state->bits |= MPPE_BIT_FLUSHED;
++}
++
++/*
++ * Compress (encrypt) a packet.
++ * It's strange to call this a compressor, since the output is always
++ * MPPE_OVHD + 2 bytes larger than the input.
++ */
++int
++mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf,
++ int isize, int osize)
++{
++ ppp_mppe_state *state = (ppp_mppe_state *) arg;
++ int proto;
++
++ /*
++ * Check that the protocol is in the range we handle.
++ */
++ proto = PPP_PROTOCOL(ibuf);
++ if (proto < 0x0021 || proto > 0x00fa)
++ return 0;
++
++ /* Make sure we have enough room to generate an encrypted packet. */
++ if (osize < isize + MPPE_OVHD + 2) {
++ /* Drop the packet if we should encrypt it, but can't. */
++ printk(KERN_DEBUG "mppe_compress[%d]: osize too small! "
++ "(have: %d need: %d)\n", state->unit,
++ osize, osize + MPPE_OVHD + 2);
++ return -1;
++ }
++
++ osize = isize + MPPE_OVHD + 2;
++
++ /*
++ * Copy over the PPP header and set control bits.
++ */
++ obuf[0] = PPP_ADDRESS(ibuf);
++ obuf[1] = PPP_CONTROL(ibuf);
++ obuf[2] = PPP_COMP >> 8; /* isize + MPPE_OVHD + 1 */
++ obuf[3] = PPP_COMP; /* isize + MPPE_OVHD + 2 */
++ obuf += PPP_HDRLEN;
++
++ state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
++ if (state->debug >= 7)
++ printk(KERN_DEBUG "mppe_compress[%d]: ccount %d\n", state->unit,
++ state->ccount);
++ obuf[0] = state->ccount >> 8;
++ obuf[1] = state->ccount & 0xff;
++
++ if (!state->stateful || /* stateless mode */
++ ((state->ccount & 0xff) == 0xff) || /* "flag" packet */
++ (state->bits & MPPE_BIT_FLUSHED)) { /* CCP Reset-Request */
++ /* We must rekey */
++ if (state->debug && state->stateful)
++ printk(KERN_DEBUG "mppe_compress[%d]: rekeying\n", state->unit);
++ mppe_rekey(state, 0);
++ state->bits |= MPPE_BIT_FLUSHED;
++ }
++ obuf[0] |= state->bits;
++ state->bits &= ~MPPE_BIT_FLUSHED; /* reset for next xmit */
++
++ obuf += MPPE_OVHD;
++ ibuf += 2; /* skip to proto field */
++ isize -= 2;
++
++ /* Encrypt packet */
++ arcfour_encrypt(&state->arcfour_context, ibuf, isize, obuf);
++
++ state->stats.unc_bytes += isize;
++ state->stats.unc_packets++;
++ state->stats.comp_bytes += osize;
++ state->stats.comp_packets++;
++
++ return osize;
++}
++
++/*
++ * Since every frame grows by MPPE_OVHD + 2 bytes, this is always going
++ * to look bad ... and the longer the link is up the worse it will get.
++ */
++static void
++mppe_comp_stats(void *arg, struct compstat *stats)
++{
++ ppp_mppe_state *state = (ppp_mppe_state *) arg;
++
++ *stats = state->stats;
++}
++
++
++static int
++mppe_decomp_init(void *arg, unsigned char *options, int optlen, int unit,
++ int hdrlen, int mru, int debug)
++{
++ /* ARGSUSED */
++ return mppe_init(arg, options, optlen, unit, debug, "mppe_decomp_init");
++}
++
++/*
++ * We received a CCP Reset-Ack. Just ignore it.
++ */
++static void
++mppe_decomp_reset(void *arg)
++{
++ /* ARGSUSED */
++ return;
++}
++
++/*
++ * Decompress (decrypt) an MPPE packet.
++ */
++int
++mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf,
++ int osize)
++{
++ ppp_mppe_state *state = (ppp_mppe_state *) arg;
++ unsigned ccount;
++ int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED;
++ int sanity = 0;
++
++ if (isize <= PPP_HDRLEN + MPPE_OVHD) {
++ if (state->debug)
++ printk(KERN_DEBUG "mppe_decompress[%d]: short pkt (%d)\n",
++ state->unit, isize);
++ return DECOMP_ERROR;
++ }
++
++ /* Make sure we have enough room to decrypt the packet. */
++ if (osize < isize - MPPE_OVHD - 2) {
++ printk(KERN_DEBUG "mppe_decompress[%d]: osize too small! "
++ "(have: %d need: %d)\n", state->unit,
++ osize, isize - MPPE_OVHD - 2);
++ return DECOMP_ERROR;
++ }
++ osize = isize - MPPE_OVHD - 2;
++
++ ccount = MPPE_CCOUNT(ibuf);
++ if (state->debug >= 7)
++ printk(KERN_DEBUG "mppe_decompress[%d]: ccount %d\n", state->unit,
++ ccount);
++
++ /* sanity checks -- terminate with extreme prejudice */
++ if (!(MPPE_BITS(ibuf) & MPPE_BIT_ENCRYPTED)) {
++ printk(KERN_DEBUG "mppe_decompress[%d]: ENCRYPTED bit not set!\n",
++ state->unit);
++ state->sanity_errors += 100;
++ sanity = 1;
++ }
++ if (!state->stateful && !flushed) {
++ printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set in "
++ "stateless mode!\n", state->unit);
++ state->sanity_errors += 100;
++ sanity = 1;
++ }
++ if (state->stateful && ((ccount & 0xff) == 0xff) && !flushed) {
++ printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set on "
++ "flag packet!\n", state->unit);
++ state->sanity_errors += 100;
++ sanity = 1;
++ }
++
++ if (sanity) {
++ if (state->sanity_errors < SANITY_MAX)
++ return DECOMP_ERROR;
++ else
++ /*
++ * Take LCP down if the peer is sending too many bogons.
++ * We don't want to do this for a single or just a few
++ * instances since it could just be due to packet corruption.
++ */
++ return DECOMP_FATALERROR;
++ }
++
++ /*
++ * Check the coherency count.
++ */
++
++ if (!state->stateful) {
++ /* RFC 3078, sec 8.1. Rekey for every packet. */
++ while (state->ccount != ccount) {
++ mppe_rekey(state, 0);
++ state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
++ }
++ } else {
++ /* RFC 3078, sec 8.2. */
++ if (!state->discard) {
++ /* normal state */
++ state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
++ if (ccount != state->ccount) {
++ /*
++ * (ccount > state->ccount)
++ * Packet loss detected, enter the discard state.
++ * Signal the peer to rekey (by sending a CCP Reset-Request).
++ */
++ state->discard = 1;
++ return DECOMP_ERROR;
++ }
++ } else {
++ /* discard state */
++ if (!flushed) {
++ /* ccp.c will be silent (no additional CCP Reset-Requests). */
++ return DECOMP_ERROR;
++ } else {
++ /* Rekey for every missed "flag" packet. */
++ while ((ccount & ~0xff) != (state->ccount & ~0xff)) {
++ mppe_rekey(state, 0);
++ state->ccount = (state->ccount + 256) % MPPE_CCOUNT_SPACE;
++ }
++
++ /* reset */
++ state->discard = 0;
++ state->ccount = ccount;
++ /*
++ * Another problem with RFC 3078 here. It implies that the
++ * peer need not send a Reset-Ack packet. But RFC 1962
++ * requires it. Hopefully, M$ does send a Reset-Ack; even
++ * though it isn't required for MPPE synchronization, it is
++ * required to reset CCP state.
++ */
++ }
++ }
++ if (flushed)
++ mppe_rekey(state, 0);
++ }
++
++ /*
++ * Fill in the first part of the PPP header. The protocol field
++ * comes from the decrypted data.
++ */
++ obuf[0] = PPP_ADDRESS(ibuf); /* +1 */
++ obuf[1] = PPP_CONTROL(ibuf); /* +1 */
++ obuf += 2;
++ ibuf += PPP_HDRLEN + MPPE_OVHD;
++ isize -= PPP_HDRLEN + MPPE_OVHD; /* -6 */
++ /* net osize: isize-4 */
++
++ /* And finally, decrypt the packet. */
++ arcfour_decrypt(&state->arcfour_context, ibuf, isize, obuf);
++
++ state->stats.unc_bytes += osize;
++ state->stats.unc_packets++;
++ state->stats.comp_bytes += isize;
++ state->stats.comp_packets++;
++
++ /* good packet credit */
++ state->sanity_errors >>= 1;
++
++ return osize;
++}
++
++/*
++ * Incompressible data has arrived (this should never happen!).
++ * We should probably drop the link if the protocol is in the range
++ * of what should be encrypted. At the least, we should drop this
++ * packet. (How to do this?)
++ */
++static void
++mppe_incomp(void *arg, unsigned char *ibuf, int icnt)
++{
++ ppp_mppe_state *state = (ppp_mppe_state *) arg;
++
++ if (state->debug &&
++ (PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa))
++ printk(KERN_DEBUG "mppe_incomp[%d]: incompressible (unencrypted) data! "
++ "(proto %04x)\n", state->unit, PPP_PROTOCOL(ibuf));
++
++ state->stats.inc_bytes += icnt;
++ state->stats.inc_packets++;
++ state->stats.unc_bytes += icnt;
++ state->stats.unc_packets++;
++}
++
++/*************************************************************
++ * Module interface table
++ *************************************************************/
++
++/* These are in ppp.c (2.2.x) or ppp_generic.c (2.4.x) */
++extern int ppp_register_compressor (struct compressor *cp);
++extern void ppp_unregister_compressor (struct compressor *cp);
++
++/*
++ * Procedures exported to if_ppp.c.
++ */
++struct compressor ppp_mppe = {
++ CI_MPPE, /* compress_proto */
++ mppe_alloc, /* comp_alloc */
++ mppe_free, /* comp_free */
++ mppe_comp_init, /* comp_init */
++ mppe_comp_reset, /* comp_reset */
++ mppe_compress, /* compress */
++ mppe_comp_stats, /* comp_stat */
++ mppe_alloc, /* decomp_alloc */
++ mppe_free, /* decomp_free */
++ mppe_decomp_init, /* decomp_init */
++ mppe_decomp_reset, /* decomp_reset */
++ mppe_decompress, /* decompress */
++ mppe_incomp, /* incomp */
++ mppe_comp_stats, /* decomp_stat */
++};
++
++/* 2.2 compatibility defines */
++#ifndef __init
++#define __init
++#endif
++#ifndef __exit
++#define __exit
++#endif
++#ifndef MODULE_LICENSE
++#define MODULE_LICENSE(license)
++#endif
++
++int __init
++ppp_mppe_init(void)
++{
++ int answer = ppp_register_compressor(&ppp_mppe);
++
++ if (answer == 0)
++ printk(KERN_INFO "PPP MPPE Compression module registered\n");
++ return answer;
++}
++
++void __exit
++ppp_mppe_cleanup(void)
++{
++ ppp_unregister_compressor(&ppp_mppe);
++}
++
++module_init(ppp_mppe_init);
++module_exit(ppp_mppe_cleanup);
++MODULE_LICENSE("BSD without advertisement clause");
+--- /dev/null
++++ linux-2.4.27/drivers/net/sha1.c
+@@ -0,0 +1,185 @@
++/*
++ * ftp://ftp.funet.fi/pub/crypt/hash/sha/sha1.c
++ *
++ * SHA-1 in C
++ * By Steve Reid <steve@edmweb.com>
++ * 100% Public Domain
++ *
++ * Test Vectors (from FIPS PUB 180-1)
++ * "abc"
++ * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
++ * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
++ * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
++ * A million repetitions of "a"
++ * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
++ */
++
++/* #define SHA1HANDSOFF * Copies data before messing with it. */
++
++#if defined(__linux__)
++#include <asm/byteorder.h>
++#include <linux/string.h>
++#elif defined(__solaris__)
++#include <sys/isa_defs.h>
++#include <sys/ddi.h>
++#include <sys/sunddi.h>
++#define memcpy(d, s, c) bcopy(s, d, c)
++#define memset(d, b, c) bzero(d, c)
++#endif
++
++#include "sha1.h"
++
++static void SHA1_Transform(unsigned long[5], const unsigned char[64]);
++
++#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
++
++/* blk0() and blk() perform the initial expand. */
++/* I got the idea of expanding during the round function from SSLeay */
++#if defined(__LITTLE_ENDIAN) || defined(_LITTLE_ENDIAN)
++#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
++ |(rol(block->l[i],8)&0x00FF00FF))
++#elif defined(__BIG_ENDIAN) || defined(_BIG_ENDIAN)
++#define blk0(i) block->l[i]
++#else
++#error Endianness not defined
++#endif
++#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
++ ^block->l[(i+2)&15]^block->l[i&15],1))
++
++/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
++#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
++#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
++#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
++#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
++#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
++
++
++/* Hash a single 512-bit block. This is the core of the algorithm. */
++
++static void
++SHA1_Transform(unsigned long state[5], const unsigned char buffer[64])
++{
++ unsigned long a, b, c, d, e;
++ typedef union {
++ unsigned char c[64];
++ unsigned long l[16];
++ } CHAR64LONG16;
++ CHAR64LONG16 *block;
++
++#ifdef SHA1HANDSOFF
++ static unsigned char workspace[64];
++ block = (CHAR64LONG16 *) workspace;
++ memcpy(block, buffer, 64);
++#else
++ block = (CHAR64LONG16 *) buffer;
++#endif
++ /* Copy context->state[] to working vars */
++ a = state[0];
++ b = state[1];
++ c = state[2];
++ d = state[3];
++ e = state[4];
++ /* 4 rounds of 20 operations each. Loop unrolled. */
++ R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
++ R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
++ R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
++ R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
++ R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
++ R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
++ R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
++ R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
++ R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
++ R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
++ R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
++ R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
++ R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
++ R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
++ R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
++ R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
++ R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
++ R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
++ R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
++ R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
++ /* Add the working vars back into context.state[] */
++ state[0] += a;
++ state[1] += b;
++ state[2] += c;
++ state[3] += d;
++ state[4] += e;
++ /* Wipe variables */
++ a = b = c = d = e = 0;
++}
++
++
++/* SHA1Init - Initialize new context */
++
++void
++SHA1_Init(SHA1_CTX *context)
++{
++ /* SHA1 initialization constants */
++ context->state[0] = 0x67452301;
++ context->state[1] = 0xEFCDAB89;
++ context->state[2] = 0x98BADCFE;
++ context->state[3] = 0x10325476;
++ context->state[4] = 0xC3D2E1F0;
++ context->count[0] = context->count[1] = 0;
++}
++
++
++/* Run your data through this. */
++
++void
++SHA1_Update(SHA1_CTX *context, const unsigned char *data, unsigned int len)
++{
++ unsigned int i, j;
++
++ j = (context->count[0] >> 3) & 63;
++ if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
++ context->count[1] += (len >> 29);
++ if ((j + len) > 63) {
++ memcpy(&context->buffer[j], data, (i = 64-j));
++ SHA1_Transform(context->state, context->buffer);
++ for ( ; i + 63 < len; i += 64) {
++ SHA1_Transform(context->state, &data[i]);
++ }
++ j = 0;
++ }
++ else
++ i = 0;
++
++ memcpy(&context->buffer[j], &data[i], len - i);
++}
++
++
++/* Add padding and return the message digest. */
++
++void
++SHA1_Final(unsigned char digest[20], SHA1_CTX *context)
++{
++ unsigned long i, j;
++ unsigned char finalcount[8];
++
++ for (i = 0; i < 8; i++) {
++ finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
++ >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
++ }
++ SHA1_Update(context, (unsigned char *) "\200", 1);
++ while ((context->count[0] & 504) != 448) {
++ SHA1_Update(context, (unsigned char *) "\0", 1);
++ }
++ SHA1_Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
++ for (i = 0; i < 20; i++) {
++ digest[i] = (unsigned char)
++ ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
++ }
++ /* Wipe variables */
++ i = j = 0;
++ memset(context->buffer, 0, 64);
++ memset(context->state, 0, 20);
++ memset(context->count, 0, 8);
++ memset(&finalcount, 0, 8);
++#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
++ SHA1Transform(context->state, context->buffer);
++#endif
++}
++
+--- /dev/null
++++ linux-2.4.27/drivers/net/sha1.h
+@@ -0,0 +1,18 @@
++/* sha1.h */
++
++#ifndef _SHA1_H
++#define _SHA1_H
++
++typedef struct {
++ unsigned long state[5];
++ unsigned long count[2];
++ unsigned char buffer[64];
++} SHA1_CTX;
++
++#define SHA1_SIGNATURE_SIZE 20
++
++extern void SHA1_Init(SHA1_CTX *);
++extern void SHA1_Update(SHA1_CTX *, const unsigned char *, unsigned int);
++extern void SHA1_Final(unsigned char[SHA1_SIGNATURE_SIZE], SHA1_CTX *);
++
++#endif /* _SHA1_H */
+--- linux-2.4.27/include/linux/ppp-comp.h~mppe-20040216
++++ linux-2.4.27/include/linux/ppp-comp.h
+@@ -187,6 +187,100 @@
+ #define DEFLATE_CHK_SEQUENCE 0
+
+ /*
++ * Definitions for MPPE.
++ */
++
++#define CI_MPPE 18 /* config option for MPPE */
++#define CILEN_MPPE 6 /* length of config option */
++
++#define MPPE_PAD 4 /* MPPE growth per frame */
++#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */
++
++/* option bits for ccp_options.mppe */
++#define MPPE_OPT_40 0x01 /* 40 bit */
++#define MPPE_OPT_128 0x02 /* 128 bit */
++#define MPPE_OPT_STATEFUL 0x04 /* stateful mode */
++/* unsupported opts */
++#define MPPE_OPT_56 0x08 /* 56 bit */
++#define MPPE_OPT_MPPC 0x10 /* MPPC compression */
++#define MPPE_OPT_D 0x20 /* Unknown */
++#define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56|MPPE_OPT_MPPC|MPPE_OPT_D)
++#define MPPE_OPT_UNKNOWN 0x40 /* Bits !defined in RFC 3078 were set */
++
++/*
++ * This is not nice ... the alternative is a bitfield struct though.
++ * And unfortunately, we cannot share the same bits for the option
++ * names above since C and H are the same bit. We could do a u_int32
++ * but then we have to do a htonl() all the time and/or we still need
++ * to know which octet is which.
++ */
++#define MPPE_C_BIT 0x01 /* MPPC */
++#define MPPE_D_BIT 0x10 /* Obsolete, usage unknown */
++#define MPPE_L_BIT 0x20 /* 40-bit */
++#define MPPE_S_BIT 0x40 /* 128-bit */
++#define MPPE_M_BIT 0x80 /* 56-bit, not supported */
++#define MPPE_H_BIT 0x01 /* Stateless (in a different byte) */
++
++/* Does not include H bit; used for least significant octet only. */
++#define MPPE_ALL_BITS (MPPE_D_BIT|MPPE_L_BIT|MPPE_S_BIT|MPPE_M_BIT|MPPE_H_BIT)
++
++/* Build a CI from mppe opts (see RFC 3078) */
++#define MPPE_OPTS_TO_CI(opts, ci) \
++ do { \
++ u_char *ptr = ci; /* u_char[4] */ \
++ \
++ /* H bit */ \
++ if (opts & MPPE_OPT_STATEFUL) \
++ *ptr++ = 0x0; \
++ else \
++ *ptr++ = MPPE_H_BIT; \
++ *ptr++ = 0; \
++ *ptr++ = 0; \
++ \
++ /* S,L bits */ \
++ *ptr = 0; \
++ if (opts & MPPE_OPT_128) \
++ *ptr |= MPPE_S_BIT; \
++ if (opts & MPPE_OPT_40) \
++ *ptr |= MPPE_L_BIT; \
++ /* M,D,C bits not supported */ \
++ } while (/* CONSTCOND */ 0)
++
++/* The reverse of the above */
++#define MPPE_CI_TO_OPTS(ci, opts) \
++ do { \
++ u_char *ptr = ci; /* u_char[4] */ \
++ \
++ opts = 0; \
++ \
++ /* H bit */ \
++ if (!(ptr[0] & MPPE_H_BIT)) \
++ opts |= MPPE_OPT_STATEFUL; \
++ \
++ /* S,L bits */ \
++ if (ptr[3] & MPPE_S_BIT) \
++ opts |= MPPE_OPT_128; \
++ if (ptr[3] & MPPE_L_BIT) \
++ opts |= MPPE_OPT_40; \
++ \
++ /* M,D,C bits */ \
++ if (ptr[3] & MPPE_M_BIT) \
++ opts |= MPPE_OPT_56; \
++ if (ptr[3] & MPPE_D_BIT) \
++ opts |= MPPE_OPT_D; \
++ if (ptr[3] & MPPE_C_BIT) \
++ opts |= MPPE_OPT_MPPC; \
++ \
++ /* Other bits */ \
++ if (ptr[0] & ~MPPE_H_BIT) \
++ opts |= MPPE_OPT_UNKNOWN; \
++ if (ptr[1] || ptr[2]) \
++ opts |= MPPE_OPT_UNKNOWN; \
++ if (ptr[3] & ~MPPE_ALL_BITS) \
++ opts |= MPPE_OPT_UNKNOWN; \
++ } while (/* CONSTCOND */ 0)
++
++/*
+ * Definitions for other, as yet unsupported, compression methods.
+ */
+
+--- linux-2.4.27/drivers/net/Makefile~mppe-20040216
++++ linux-2.4.27/drivers/net/Makefile
+@@ -18,8 +18,9 @@
+ export-objs := 8390.o arlan.o aironet4500_core.o aironet4500_card.o \
+ ppp_async.o ppp_generic.o slhc.o pppox.o auto_irq.o \
+ net_init.o mii.o
+-list-multi := rcpci.o
++list-multi := rcpci.o ppp_mppe.o
+ rcpci-objs := rcpci45.o rclanmtl.o
++ppp_mppe-objs := ppp_mppe_compress.o sha1.o arcfour.o
+
+ ifeq ($(CONFIG_TULIP),y)
+ obj-y += tulip/tulip.o
+@@ -164,6 +165,14 @@
+ obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o
+ obj-$(CONFIG_PPPOE) += pppox.o pppoe.o
+
++ifeq ($(CONFIG_PPP_MPPE),y)
++ obj-y += $(ppp_mppe-objs)
++else
++ ifeq ($(CONFIG_PPP_MPPE),m)
++ obj-m += ppp_mppe.o
++ endif
++endif
++
+ obj-$(CONFIG_SLIP) += slip.o
+ ifeq ($(CONFIG_SLIP_COMPRESSED),y)
+ obj-$(CONFIG_SLIP) += slhc.o
+@@ -272,3 +281,7 @@
+
+ rcpci.o: $(rcpci-objs)
+ $(LD) -r -o $@ $(rcpci-objs)
++
++ppp_mppe.o: $(ppp_mppe-objs)
++ $(LD) -r -o $@ $(ppp_mppe-objs)
++