Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Make ppp WARNS=5 clean

Include the correct file (stdarg.h) and use va_list rather than _BSD_VA_LIST_

Suggested by: mike

o Clean up some #includes
o Bump version number to 3.0.4
o When talking to a RADIUS server, provide a NAS-Port-Type.

When the NAS-Port-Type is Ethernet, provide a NAS-Port value equal
to the SESSIONID from the environment in direct mode or the
NGM_PPPOE_SESSIONID message in other modes. If no SESSIONID is found,
default to the interface index in client mode or zero in server mode.

When the NAS-Port-Type is ISDN, set the NAS-Port to the minor number
of the physical device (ie, the N in /dev/i4brbchN).

This makes it easier for the RADIUS server to identify the client
WRT accounting data etc.

Prompted by: lsz8425 <lsz8425@mail.cd.hn.cn>

o Add ipv6 support, abstracting most NCP addresses into opaque
structures (well, they're treated as opaque).

It's now possible to manage IPv6 interface addresses and routing
table entries and to filter IPV6 traffic whether encapsulated or
not.

IPV6CP support is crude for now, and hasn't been tested against
any other implementations.

RADIUS and IPv6 are independent of eachother for now.

ppp.linkup/ppp.linkdown aren't currently used by IPV6CP

o Understand all protocols(5) in filter rules rather than only a select
few.

o Allow a mask specification for the ``delete'' command. It's now
possible to specifically delete one of two conflicting routes.

o When creating and deleting proxy arp entries, do it for all IPv4
interface addresses rather than doing it just for the ``current''
peer address.

o When iface-alias isn't in effect, don't blow away manually (via ``iface
add'') added interface addresses.

o When listening on a tcp server (diagnostic) socket, bind so that a
tcp46 socket is created -- allowing both IPv4 and IPv6 connections.

o When displaying ICMP traffic, don't display the icmp type twice.
When display traffic, display at least some information about unrecognised
traffic.

o Bump version

Inspired after filtering work by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>

Convert IIJ copyrights to BSD copyrights.

Approved by: Toshiharu OHNO <tohno@sirius.ocn.ne.jp>

Handle IP over IP (IPPROTO_IPV4) properly.

We now unwrap IP/IP and apply filter rules to both the outer
layer (with ``set filter blah x.x.x.x y.y.y.y ipip'') and to
the payload (reinterpreted by the filter rules).

``set log tcp/ip'' will now show both the outer wrapper and
the (reinterpreted) payload contents.

Various whitespace changes.
Make some functions static.

Allow a ``timeout secs'' filter option to let specific packet types
effect the idle timer in different ways.

Submitted by: Stefan Esser <se@freebsd.org>

With adjustments by me to document the option in the man page and to
give the same semantics for outgoing traffic as incoming.

I made the style more consistent in ip.c - this should really have
been done as a separate commit.

Undo the damage done to this file in my last commit

Add the ``nat target'' command.

Correct address parsing

Pointed out by: Maxim Sobolev <sobomax@altavista.net>

Allow the use of hostnames instead of (and as well as) IP
numbers in all commands.
If people use hostnames and have dodgy resolvers or try to resolve
the hostname before the link is up, they get what they deserve....

Requested by: ru

Add the ``resolv'' command for telling ppp how to deal with resolv.conf.
You can now ``resolv restore'' in ppp.linkdown !
Add DNS0 and DNS1 macros.

Add a bunch of `const's and fix a typo.

Submitted by: Rich Neswold <rneswold@MCS.Net>

Support GRE packets

Submitted by: Harry Starr <starr@gccs.com.au>

Fix the ``lt'' comparison in ``set filter''

PR: 13819
Submitted by: Dean M. Phillips <dphill@inav.net>

$Id$ -> $FreeBSD$

#ifdef IPPROTO_OSPFIGP before expecting it to be defined.
This unbreaks OpenBSD.

Filter ospf and igmp separately.

Kind-of submitted by: phk

Fix a load of typos
Use sizeof, not a hardcode value.

Some of it submitted by: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au>

o Overhaul filtering, adding facilities to jump over rules and to
negate the sense of rules.
o Remove the redundant (and undocumented) ``host'' and ``port''
words (README.changes updated).
o Don't permit (and ignore) garbage instead of the protocol.

Mostly submitted by: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au>

Fix an off-by-one error and correct the man page WRT clearing
filters.

Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>
PR: 12437

Support `igmp' filters.
Mostly submitted by: Timo Geusch <freebsd@sleepycat.ukpeople.net>

Remember if MYADDR or HISADDR is used in a filter add tweak all
filters any time either value changes.

o Redesign the layering mechanism and make the aliasing code part of
the layering.

We now ``stack'' layers as soon as we open the device (when we figure
out what we're dealing with). A static set of `dispatch' routines are
also declared for dealing with incoming packets after they've been
`pulled' up through the stacked layers.

Physical devices are now assigned handlers based on the device type
when they're opened. For the moment there are three device types;
ttys, execs and tcps.

o Increment version number to 2.2
o Make an entry in [uw]tmp for non-tty -direct invocations (after
pap/chap authentication).
o Make throughput counters quad_t's
o Account for the absolute number of mbuf malloc()s and free()s in
``show mem''.
o ``show modem'' becomes ``show physical''.

Initial RADIUS support (using libradius). See the man page for
details. Compiling with -DNORADIUS (the default for `release')
removes support.

TODO: The functionality in libradius::rad_send_request() needs
to be supplied as a set of routines so that ppp doesn't
have to wait indefinitely for the radius server(s). Instead,
we need to get a descriptor back, select() on the descriptor,
and ask libradius to service it when necessary.
For now, ppp blocks SIGALRM while in rad_send_request(), so
it misses PAP/CHAP retries & timeouts if they occur.

Only PAP is functional. When CHAP is attempted, libradius
complains that no User-Password has been specified... rfc2138
says that it *mustn't* be used for CHAP :-(

Sponsored by: Internet Business Solutions Ltd., Switzerland

Solve the ``first connection'' problem that occurs on
demand-dial links with dynamic IP numbers where the program
that causes the dial bind()s to an interface address that is
subsequently changed after ppp negotiation.

The problem is defeated by adding negotiated addresses to the
tun interface as additional alias addresses and providing a set
of ``iface'' commands for managing the interface. Libalias is
also required (and what a name clash!) - it happily IP-aliases
the address so that the source is that of the primary (negotiated)
interface and un-IP-aliases it on the way back.

An ``enable iface-alias'' is done implicitly by the -alias command
line switch. If -alias isn't given, iface-aliasing is disabled by
default and can't be enabled 'till an ``alias enable yes'' is done.
``alias enable no'' silently disables iface-alias.

So, for dynamic-IP-type-connections, running ``ppp -alias -auto blah''
will work for the first connection, although existing bindings will
not survive a disconnect/connect as the TCP peer will be trying to
send to the old IP address - the packets won't route.

It's now a lot easier to add IPXCP to ppp with minor updates to
the new iface.[ch] (if anyone ever gets 'round to it).

It's also now possible to manually add interface aliases with
something like ``iface add 1.2.3.4/24 5.6.7.8''. This allows
multi-homed ppp links :-)

Don't assume ``sizeof(u_long) == 4''
Submitted by: Theo

Fix a rather nasty use of `static'. This caused a SEGV
when running ``link * load label'' as we ended up recursing
back into command_Interpret after nuking our command arg list.

MFMP: Make ppp multilink capable.
See the file README.changes, and re-read the man page.

Remove unused #includes.
Make various bits static.
Remove unused variables.
Submitted by: eivind

Cosmetic (style):
sizeof(var) -> sizeof var
sizeof type -> sizeof(type)

Suggested by: J Wunsch <j@uriah.heep.sax.de>

Allow random IP number allocation to peer.
Validate the peers suggested IP by attempting to make a routing table
entry.
Give up IPCP negotiation if the peer NAKs us with an unusable IP.
Always SIOCDIFADDR then SIOCAIFADDR when configuring the tun device.
Using SIOCSIFDSTADDR allows duplicate dst addresses (which we don't
want)!!!
Allow up to 200 interface names (was 50) (now that ppp can play server
properly).
Up the version number (1.5 -> 1.6).

Cosmetic:
Log unexpected CCP packets in the CCP log rather than the ERROR log.
Log unexpected Config Reqs in the appropriate LCP/IPCP/CCP log rather
than the ERROR log.
Log failed route additions and deletions with WARN, not TCPIP.
Log the option id and length for unrecognised IPCP options.
Change some .Sq to .Ar in the man page.

Fix prototypes.
Remove extraneous decls.
Add ``const'' to several places.
Allow ``make NOALIAS=1'' to remove IP aliasing.
Merge with OpenBSD - only the Makefiles vary.

We can now survive a compile with
-Wall -Wbad-function-cast -Wcast-align -Wcast-qual
-Winline -Wmissing-declarations -Wmissing-prototypes
-Wnested-externs -Wpointer-arith -Wredundant-decls
-Wshadow -Wstrict-prototypes -Wwrite-strings -Wchar-subscripts
(although the Makefile just contains -Wall).

Return correct value from "set loopback".
Output "set ?filter deny host|port" rules correctly
with show ?filter.
Submitted by: Dave Bodenstab <imdave@mcs.net>

Increase chat script sizes to 512
Requested by: Michael Reifenberger <root@totum.plaut.de>

Cosmetic (no functional changes):
o Add missing $Id$s
o Move extern decls from .c -> .h files
o Staticize
o Remove #includes from .h files
o style(9)ify includes
o bcopy -> memcpy
bzero -> memset
bcmp -> memcmp
index -> strchr
rindex -> strrchr
o Move timeout.h -> timer.h (making it consistent w/ timer.c)
o Add -Wmissing-prototypes

Fix various filter problems
PR: 4727
Submitted by: Chiharu Shibata <chi@bd.mbn.or.jp>

Cosmetic: Make LogPrintf() calls consistent.

Make the code format more in line with style(9).
Update loadalias to use the new libalias api.
Update to version 1.1.

Count the "proto" arg after a single address,
Check correctly for "deny" packets.
Submitted by: Dave Bodenstab <imdave@mcs.net>

Deal with HISADDR/MYADDR in filter rules.
Mostly submitted by: kfurge@worldnet.att.net

Allow MYADDR in add/delete commands to facilitate
dynamic additions of a loopback route to MYADDR.

Overhaul ppp:
o Use syslog
o Remove references to stdout/stderr (incl perror())
o Introduce VarTerm - the interactive terminal or zero
o Allow "set timeout" to affect current session
o Change "set debug" to "set log"
o Allow "set log [+|-]flag"
o Make MSEXT and PASSWDAUTH stuff the default
o Move all #ifdef DEBUG stuff into the code - this
shouldn't be too much overhead. It's now controlled
with "set log +debug"
o Add "set log command, debug, tun, warn, error, alert"
o Remove cdefs.h, and assume an ansi compiler.
o Improve all diagnostic output
o Don't trap SIGSEGV
o SIGHUP now terminates again (log files are controlled
by syslog)
o Call CloseModem() when changing devices
o Fix parsing of third arg of "delete"

I think this fixes the "magic is same" problems that some
people have been experiencing.
The man page is being rewritten. It'll follow soon.

Tidy up the code - bounds checking, return
value checking etc.

Submitted by: eivind

Revert $FreeBSD$ to $Id$

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

A random bunch of cleanup changes.

1. All fragments (except the first one) of a fragmented packet were
dropped - devet@adv.IAEhv.nl (Arjan de Vet)
2. Will not read data from telnet connection - John Capo <jc@irbs.com>
3. Using LQM option could be drop the link due to LcpLayerDown() doesn't
stop LQR timer. - Brian <brian@awfulhak.demon.co.uk>
4. Allow to describe a syntax of filters that is not only port number
but also by name in /etc/service. - Rich Murphey <rich@lamprey.utmb.edu>

Reviewed by: Atsushi Murai <amurai@spec.co.jp>
Submitted by: devet@adv.IAEhv.nl, jc@irbs.com, brian@awfulhak.demon.co.uk,
rich@lamprey.utmb.edu

Remove trailing whitespace.

New user Process PPP based on iij-ppp0.94beta2.

o Supporting SYNC SIO device (But need a device driver)
- add "set speed sync"
o Fixing bug for Predictor-1 function.
o Add new parameter that re-sent interval for set timeout commands.
o Improving RTT (Round Trip Time) and reducing processor time.
- Previous Timer service was using polling, and now using
SIGALRM ;-)
- A 0.94beta2 will not work correctly....

-- Follows are additinal feature not including 0.94beta2
o Support Proxy ARP
- add "enable/disable proxy" commands
o Marging common routine in CHAP/PAP.
o Enhancing LCP/IPCP log information.
o Support local Authfication connection on port 300x and tty.
- You can set up pair of your "hostname -s" and
password in ppp.secret. if either ppp.secret file nor
your hostname line don't exist, It will notify a message
and working as same as previous version.(Backword compatibility)
- If you did set up them, It's allow connection but nothing to do
except help and passwd command.
- add "passwd yourpasswd" commands
o Support afilter - keep Alive filter that a packet can send/receiving
according to ifilter/ofilter but doesn't count it as preventing idle
timer expires.
- Same syntax of other filters.
o Fixing bugs reported by current user for previous one. Thanks !!

Reviewed by: Atsushi Murai (amurai@spec.co.jp)

The 'set ifilter'/'set ofilter' commands accept a syntax containing
IP addresses and/or protocol+port, but in the case where both are
supplied, it happily accepts the command but ignores the proto+port
It also attempts to handle the case where the second IP address
is omitted, but this doesn't work.

Reviewed by: amurai@spec.co.jp
Submitted by: Andrew.Gordon@net-tel.co.uk

This commit was generated by cvs2svn to compensate for changes in r6059,
which included commits to RCS files with non-trunk default branches.