Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE
cycle.

Prune svn:mergeinfo from the new branch, and rename it to RC1.

Update __FreeBSD_version.

Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and
the dvd1.iso packages population.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Use NULL instead of 0 for pointers.

getenv(3) returns NULL if the variable name is not in the current
environment.
getservent(3) returns NULL on EOF or error

MFC after: 4 weeks

Fix multiple instances of the following clang 3.6.0 warning in ppp:

usr.sbin/ppp/command.c:2054:74: error: address of array 'arg->bundle->radius.cfg.file'
will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
if (arg->bundle->radius.alive.interval && !arg->bundle->radius.cfg.file) {
~~~~~~~~~~~~~~~~~~~~~~~~~^~~~

In all cases, the file field of struct radius is a char array, but the
intent was to check whether the string is empty, so add an indirection
to achieve that. Use a similar approach for the sockname field of
struct server.

- Correct mispellings of the word occurrence

Submitted by: Christoph Mallon <christoph.mallon@gmx.de> (via private mail)

Spelling fixes for usr.sbin/

Add "iface name" and "iface description" commands.

PR: 151400
Submitted by: Aragon Gouveia - aragon at phat dot za dot net with minor fixes
MFC after: 3 weeks

Update to the "new" libalias API (and thus fix world breakage).

Add a new option for ppp.conf: rad_port_id. It allows to
change the way of what ppp submits to the RADIUS server
as NAS-Port-Id. Possible options are: the PID of the process
owning the corresponding interface, tun(4) interface number,
interface index (as it would get returned by if_nametoindex(3)),
or it's possible to keep the default behavior. Check the ppp(8)
manual page for details.

PR: bin/112764
Submitted by: novel (myself)
Reviewed by: flz
Approved by: flz
MFC after: 1 month

Remove __DATE__ so that compiling the same source produces the same binary
(for non-static binaries at least).

Use the correct length when copying trailing data!!

PR: 77104
Submitted by: Martin Birgmeier martin at email dot aon dot at
MFC after: 3 days

Implement an ``enable/disable echo'' option, defaults to off.
This allows LCP ECHOs to be enabled independently of LQR reports.

Note: This introduces a change in the default behaviour (search for lqr and
echo in the man page). I'll update UPDATING to reflect this.

PR: 74821

Send NAS-IP-Address as well as NAS-Identifier
Add ``disable NAS-IP-Address'' and ``disable NAS-Identifier'' options to
support pre-rfc2865 RADIUS servers.
This pushes our enable/disable items over the 32 bit limit, so reoganise
things to allow a bunch more options.
Go to version 3.4.1 so that any compatability problems can be identified.

Add a bunch of malloc() return checks

PR: 71592
Submitted by: Dan Lukes <dan@obluda.cz> with further changes

Make ppp WARNS=5 clean

Add configuration option "set pppoe [standard|3Com]" which allows
to configure mode for ng_pppoe(4) node under control.

Reviewed by: brian
Approved by: julian (mentor)

Support a ``set rad_alive N'' command to enable periodic RADIUS accounting
information being sent to the RADIUS server.

Logging of RADIUS accounting information moves to a ``set log [+-]radius''
level, along with the RADIUS alive info, and the version number is bumped
to 3.2 to reflect this.

Mostly submitted by: alx@sm.ukrtel.net (back in January)
MFC after: 3 weeks

Fix ``set ifaddr''. The code was actually using an uninitialised variable,
but conveniently, because ncpaddr.ncpaddr_family != AF_INET, the call to
ncpaddr_getip4addr() became a no-op leaving the local address as it was
(defaulting to whatever my hostname resolves to).

PR: 62050
Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>
MFC after: 3 days

Add Cisco Skinny Station protocol support to libalias, natd, and ppp.
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers. With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.

Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.

PR: 55843
Reviewed by: ru
Approved by: ru
MFC after: 30 days

IPV6PREFIX is set when Framed-IPv6-Prefix is defined, You may
want to pass the value to upper layer protocol such as DHCPv6
for prefix delegation.

MFC after: 1 week

Don't install wrong IPv6 route by add command.

Add a ``force-scripts'' option for using chat scripts with -direct and
-dedicated links.

Submitted by: Maksim Yevmenkin <myevmenk@exodus.net>

Unbreak -DNOINET6

Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
MFC after: 1 day

- made ppp compliant to RFC 2472 (based on a patch from another
contributor)
- support ipv6cpretry and ipv6cpretries, which are IPv6 versions
of ipcpretry and ipcpretries.
- improve handling of IPv6 link-local addresses

Submitted by: JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>

Include the correct file (stdarg.h) and use va_list rather than _BSD_VA_LIST_

Suggested by: mike

Remove whitespace at the end of lines.

Bump the version number to reflect the recent RADIUS commits

Coerce pid_t to long rather than int for better portability.

Suggested by: Theo de Raadt <deraadt@openbsd.org>

Handle MS-CHAPv2 authentication correctly via the RADIUS server (if it's
configured).
Handle internal failures in radius_Authenticate() correctly.
Bump the ppp version number.

This doesn't yet work with MPPE. More will follow.

Sponsored by: Mozoon

o Clean up some #includes
o Bump version number to 3.0.4
o When talking to a RADIUS server, provide a NAS-Port-Type.

When the NAS-Port-Type is Ethernet, provide a NAS-Port value equal
to the SESSIONID from the environment in direct mode or the
NGM_PPPOE_SESSIONID message in other modes. If no SESSIONID is found,
default to the interface index in client mode or zero in server mode.

When the NAS-Port-Type is ISDN, set the NAS-Port to the minor number
of the physical device (ie, the N in /dev/i4brbchN).

This makes it easier for the RADIUS server to identify the client
WRT accounting data etc.

Prompted by: lsz8425 <lsz8425@mail.cd.hn.cn>

Make ``set mru'' require a context. In multi-link mode, there's no
point in being allowed to ``set mru'' for the MP lcp layer.

Spotted by: Richard Browne <richb@timestone.com.au>
MFC after: 1 month

Bump the version to mark the fixed FSM TLD ordering

Usage style sweep: spell "usage" with a small 'u'.
Also change one case of blatant __progname abuse (several more remain)
This commit does not touch anything in src/{contrib,crypto,gnu}/.

Add variable substitutions for SOCKNAME, IPOCTETSIN, IPOCTETSOUT, IPPACKETSIN,
IPPACKETSOUT, IPV6OCTETSIN, IPV6OCTETSOUT, IPV6PACKETSIN, IPV6PACKETSOUT,
OCTETSIN, OCTETSOUT, PACKETSIN, PACKETSOUT and SOCKNAME.

Make the way FSM options are processed easier to read by using structures
instead of u_char *.

The changes are cosmetic except:

RecvConfigAck() now displays the options that are being ACK'd
Huge (bogus) options sent from the peer won't cause an infinite loop
SendIdent and ReceiveIdent are displayed consistenlty with other FSM data
LCP AUTHPROTO options that aren't understood are NAK'd, not REJ'd

Merge the NETGRAPH branch into HEAD. tty devices now use netgraph's line
discipline to do the async escaping, but no other benefits are available yet.

Change ``ifdef HAVE_DES'' to ``ifndef NODES'' for consistency.

Make the Makefile a little more sane WRT RELEASE_CRUNCH.

Expand the first argument of the ``log'' command if it's a variable.

Remove unused variables

Add a ``log'' command for logging specific information.
Add an ``UPTIME'' variable to indicate the bundle uptime.

It's now possible to put something like this in ppp.linkdown
for a server setup:

MYADDR:
log Session closing: User USER, address HISADDR, up UPTIME

Fixed some memory leakage with commands that expand words.
Made some functions static.
Fixed a diagnostic bug (iface add .... SIOCDIFADDR)

Don't avoid setting a 0 second timer in datalink_StartDialTimer() by
not setting any timer. Instead, set a 1 millisecond timer.

This ensures that ppp will come out of it's select() call after
losing carrier in -ddial mode with a reconnect period of 0 and
going to ST_OPENING, rather than waiting indefinitely for some
other event to wake ppp up.

Bump the ppp version number to indicate the event.

MFC after: 3 days

Handle snprintf() returning < 0 (not just -1)

MFC after: 2 weeks

Better handling for the return of snprintf().

Back out the previous fix to deal with kernels that don't support IPv6,
and implement a far more subtle and correct fix.

The reason behind the infinite loop was that ppp was trying to make up
initial IPv6 numbers and wasn't giving up when it failed unexpectedly to
assign the addresses it just fabricated to it's interface (thinking that
the reason was because another interface was using the same address).
It now attempts this up to 100 times before just failing and trying to
muddle along (in reality, this should never happen more than a couple
of times unless our random number generator doesn't work).

Also, when IPv6 is not available, don't even try to assign the IPv6
interface address in the first place...

Run correctly on a machine built without AF_INET6 support

Build properly with -DNOIPV6

Remove an unused variable

Probe for the availability of AF_INET6 at startup. If it's not
available, default ipv6cp to disabled and refuse to let the user
enable it.

o Add ipv6 support, abstracting most NCP addresses into opaque
structures (well, they're treated as opaque).

It's now possible to manage IPv6 interface addresses and routing
table entries and to filter IPV6 traffic whether encapsulated or
not.

IPV6CP support is crude for now, and hasn't been tested against
any other implementations.

RADIUS and IPv6 are independent of eachother for now.

ppp.linkup/ppp.linkdown aren't currently used by IPV6CP

o Understand all protocols(5) in filter rules rather than only a select
few.

o Allow a mask specification for the ``delete'' command. It's now
possible to specifically delete one of two conflicting routes.

o When creating and deleting proxy arp entries, do it for all IPv4
interface addresses rather than doing it just for the ``current''
peer address.

o When iface-alias isn't in effect, don't blow away manually (via ``iface
add'') added interface addresses.

o When listening on a tcp server (diagnostic) socket, bind so that a
tcp46 socket is created -- allowing both IPv4 and IPv6 connections.

o When displaying ICMP traffic, don't display the icmp type twice.
When display traffic, display at least some information about unrecognised
traffic.

o Bump version

Inspired after filtering work by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>

Add a ``nat punch_fw'' command for punching FTP and IRC DCC holes through
the firewall.

Handle peer REQ/NAKs of >1500 byte MRUs when we have no preference.

MFC after: 3 days

Fix the type of the last arg to execl()

Obtained from: OpenBSD

Add a ``nat proto'' command -- similar to natd(8)'s -redirect_proto switch.

MFC after: 3 weeks

Spell stateful properly

Inconsistently done by: brian
Spotted by: ru

Silence some gcc warnings

Do away with the ``err'' variable.

Inspired by: kris

Silence some of the -Wnon-const-format warnings and add __printflike()
to a function prototype which needs it.

Approved by: brian
MFC After: 2 weeks

Add support for stateful MPPE (microsoft encryption) providing
encryption compatibility with Windows 2000. Stateful encryption
uses less CPU but is bad on lossy transports.

The ``set mppe'' command has been expanded. If it's used with any
arguments, ppp will insist on encryption, closing LCP if the other
end refuses.

Unfortunately, Microsoft have abused the CCP reset request so that
receiving a reset request does not result in a reset ack when using
MPPE...

Sponsored by: Monzoon Networks AG and FreeBSD Services Limited

Handle hardware-imposed MTU/MRU limitations. PPPoE will no longer
allow MRU/MTU negotiations to exceed 1492.

Add an optional ``max'' specifier to ``set m[rt]u'', ie.

set mtu max 1480

Bump the ppp version number.

Sponsored by: Monzoon Networks AG and FreeBSD Services Limited

Convert IIJ copyrights to BSD copyrights.

Approved by: Toshiharu OHNO <tohno@sirius.ocn.ne.jp>

When we change the interface MTU, run through the routing table and tweak
all route MTUs too.

Untangle some cunfusion between the CLOSE_STAYDOWN, CLOSE_LCP and
CLOSE_NORMAL meanings. CLOSE_NORMAL doesn't change the currently
required state, the others do. This should stop ppp from entering
DATALINK_READY when LCP shutdown doesn't end up happening cleanly.

Bump our version number to reflect this change.

Only remove socket files with ``set server open''.
Only show the mask in ``show bundle'' when it's been specified.
Complain about unexpected arguments after ``set server {none,open,closed}''
Log re-open failures as warnings rather than phase messages.
Fix some markup for the ``set server'' man page description.

Allow ``set server closed'' to close the diagnostic socket.
Allow ``set server open'' to re-open the diagnostic socket.
Handle SIGUSR1 by re-opening the diagnostic socket
When receiving SIGUSR2 (and in ``set server none''), don't forget the
socket details so that ``set server open'' and SIGUSR1 open it again.

Don't create the diagnostic socket as uid 0 ! It's far to dangerous.

Add ``enable/disable tcpmssfixup'', defaulting to enabled.

Suggested by: julian
Hijacked from: ru (ports/net/tcpmssd)

Add ``all'' logging.

Submitted by: eivind

Bump our version to reflect the recent MPPE additions (and ccp struct
size change).

Add MPPE and MSChap v2 support (denied and disabled by default)

Submitted by: Ustimenko Semen <semen@iclub.nsu.ru>

Spelling police

Submitted by: des

Complain about invalid arguments passed to ``set ifaddr''

Make -DNOSUID (or -DPPP_NOSUID) possible to build ppp without SUID
capabilities.

Warn that the ``alias'' command is depricated.
We still process it for now though.

setproctitle() doesn't need to be called with root privs, so move
it from id.c into defs.c

Maintain input and output throughput averages and choose the highest
of the two when calculating the MP throughput average for the ``set
autoload'' implementation.

This makes more sense as all links I know of are full-duplex. This
also means that people may need to adjust their autoload settings
as 100% bandwidth is now the theoretical maximum rather than 200%
(but of course, halfing the current settings is probably not the
correct answer either!).

This involves a ppp version bump as we need to pass an extra
throughput array through the MP local domain socket.

Calculate the average link throughput using a counter based on the
cumulative total of all active links rather than basing it on the
total of PROTO_MP traffic.

This fixes a problem whereby Cisco routers send PROTO_IP packets only
when there's only one link (hmm, what a good idea!).

Support link identification from rfc1570
Two new commands are available; ``ident'' and ``sendident''.

o Log the (payload/size) of all packet types, not just TCP packets

o If the new ``filter-decapsulation'' is enabled, delve into UDP packets
that contain 0xff 0x03 as the first two bytes, and if we recognise it
as PROTO_IP, decapsulate it for the purpose of filter checking.

If we recognise it as PROTO_<anything else> mention this for logging
purposes only.

This change is aimed at people running PPPoUDP where the UDP traffic is
being sent over another PPP link. It's desireable to have the top level
link connected all the time, but to have the bottom level link capable
of decapsulating the traffic and comparing the payload against the filters,
thus allowing ``set filter dial ...'' to work in tunnelled environments.

The caveat here is that the top ppp cannot employ any compression layers
without making the data unreadable for the bottom ppp. ``disable deflate
pred1 vj'' and ``deny deflate pred1 vj'' is suggested.

Remove ``nat pptp'' as this is now done transparently by libalias.

Add ``set ifqueue'' to control the size of the outgoing packet
queue. Doing ``set ifqueue 0'' and ``set urgent none'' will allow
full use of luigi's WF2Q code.

Requested by: luigi

Allow ``set urgent none'' to disable all urgent ports and IPTOS_LOWDELAY
prioritisation.

Requested by: luigi

Allow authname to be changed at any phase, just emit a warning
if it's not DEAD or ESTABLISH

Add the ``nat target'' command.

Understand environment variables in commands

Submitted by: Mark Knight <markk@knigma.org>

Add the ``resolv'' command for telling ppp how to deal with resolv.conf.
You can now ``resolv restore'' in ppp.linkdown !
Add DNS0 and DNS1 macros.

Introduce LOCALNAT and LOCALRAD defines so that the sources can stay
exactly the same in FreeBSD & OpenBSD despite libalias and libradius
being local to the ppp sources under OpenBSD.

Add ``set log dns'' to log DNS QUERY packets.

This is invaluable for dial-on-demand connections...
In ppp.linkup:

set log -dns -tcp/ip

and in ppp.linkdown

set log +dns +tcp/ip

giving a much better account of why the link came up.

Correct usages of getuid() and geteuid()

Pointed out by: billf

Don't allowt '#' as a comment when it's embedded in quotes:

set something "xxx yyy # zzz" aaa

shouldn't be interpreted as

set something "xxx yyy" aaa

Don't munge ``set dial|login|logout|hangup'' arguments before
ExpandString() has a chance to do its own substitutions.

Add missing linefeed.

Notice and warn about unterminated quoted strings in commands.
The entire command is ignored if the syntax is invalid...

Change the way we transfer links (again). The previous
method avoided all race conditions, but suffered from
sometimes running out of buffer space if enough clients
were piled up at the same time.

Now, the client pushes the link descriptor, one end of a
socketpair() and the ppp version via sendmsg() at the
server. The server replies with a pid. The client then
transfers any link lock with uu_lock_txfr() and writev()s
the actual link contents. The socketpair is now the only
place we need to have large socket buffers and the bind()ed
socket can keep the default 4k buffer while still handling
around 90 racing clients.

Change ``set cd'' so that its default value is device specific. The
default is still 1 second for ttys, but is now 6 seconds for i4b (ISDN)
devices and 5 seconds for ethernet (PPPoE) devices.

Rewrite the link descriptor transfer code in MP mode.

Previously, ppp attempted to bind() to a local domain tcp socket
based on the peer authname & enddisc. If it succeeded, it listen()ed
and became MP server. If it failed, it connect()ed and became MP
client. The server then select()ed on the descriptor, accept()ed
it and wrote its pid to it then read the link data & link file descriptor,
and finally sent an ack (``!''). The client would read() the server
pid, transfer the link lock to that pid, send the link data & descriptor
and read the ack. It would then close the descriptor and clean up.

There was a race between the bind() and listen() where someone could
attempt to connect() and fail.

This change removes the race. Now ppp makes the RCVBUF big enough on a
socket descriptor and attempts to bind() to a local domain *udp* socket
(same name as before). If it succeeds, it becomes MP server. If it
fails, it sets the SNDBUF and connect()s, becoming MP client. The server
select()s on the descriptor and recvmsg()s the message, insisting on at
least two descriptors (plus the link data). It uses the second descriptor
to write() its pid then read()s an ack (``!''). The client creates a
socketpair() and sendmsg()s the link data, link descriptor and one of
the socketpair descriptors. It then read()s the server pid from the
other socketpair descriptor, transfers any locks and write()s an ack.

Now, there can be no race, and a connect() failure indicates a stale
socket file.

This also fixes MP ppp over ethernet, where the struct msghdr was being
misconstructed when transferring the control socket descriptor.

Also, if we fail to send the link, don't hang around in a ``session
owner'' state, just do the setsid() and fork() if it's required to
disown a tty.

UDP idea suggested by: Chris Bennet from Mindspring at FreeBSDCon

Fix ``set proctitle'' by using setproctitle().

Don't insist on 4 digit umasks in ``set server''.

Pointed out by: joerg

Support PPPoE

Help (lots) from: julian, archie
Facilities from: ahebert@pubnix.net

Introduce ``set logout''; another chat script. This is in preparation
for the abstraction of ``set dial'' and ``set hangup''.

Support ``set cd off'' to tell ppp not to even look for carrier on the
device.

Back out the bogus #ifdef __NetBSD__ #include <signal.h> lines.
The original report was due to a mis-installation of the NetBS
header files :-/

Submitted by: Kazuyoshi Kato <kazk@yyy.or.jp>

NetBSD has moved ``extern int errno;'' to signal.h :-/

Submitted by: Kazuyoshi Kato <kazk@yyy.or.jp>

Cosmetic:
alias_cmd -> nat_cmd after a repo-copy

Introduce a forth IP packet queue. Urgent packets with
ip_tos == IPTOS_LOWDELAY now get precidence over urgent
packets with ip_tos != IPTOS_LOWDELAY and non-urgent packets
with ip_tos == IPTOS_LOWDELAY.

Enhance the ``set urgent'' syntax to allow for urgent UDP
packets as well as urgent TCP packets.

$FreeBSD$ -> __DATE__

This is probably more appropriate that $Date$ anyway

$Date$ -> $FreeBSD$

o Split the two IPCP queues into three - one for FSM data
(LCP/CCP/IPCP), one for urgent IP traffic and one for
everything else.
o Add the ``set urgent'' command for adjusting the list of
urgent port numbers. The default urgent ports are 21, 22,
23, 513, 514, 543 and 544 (Ports 80 and 81 have been
removed from the default priority list).
o Increase the buffered packet threshold from 20 to 30.
o Report the number of packets in the IP output queue and the
list of urgent ports under ``show ipcp''.

$Id$ -> $FreeBSD$

Allow authkey to be changed independently of the current phase.

o Add the -foreground switch. This switch behaves like -background except
that ppp stays in the foreground.
o Add the -quiet switch to quieten ppps startup
o Add the -nat flag and discourage the use of the -alias flag. Both do
the same thing.
o Correct some nat usage strings.
o Change the internal ``alias'' command to ``nat''.

Implement a minimum idle time value as an optional second argument
to ``set timeout''.
This is useful for situations where your minimum call charge is (say)
5 minutes (like mine is)

Set the close-on-exec flag for all unused descriptors when
exec()ing other programs.

o Obsolete the undocumented ``set weight'' command.
o If we're using RADIUS and the RADIUS mtu is less than our
peers mru/mrru, reduce our mtu to this value for NetBSD too.
o Make struct throughput's sample period dynamic and tweak the ppp
version number to reflect the extra stuff being passed through
the local domain socket as a result (MP mode).
o Measure the current throughput based on the number of samples actually
taken rather than on the full sample period.
o Keep the throughput statisics persistent while being passed to
another ppp invocation through the local domain socket.
o When showing throughput statistics after the timer has stopped, use
the stopped time for overall calculations, not the current time.
Also show the stopped time and how long the current throughput has
been sampled for.
o Use time() consistently in throughput.c
o Tighten up the ``show bundle'' output.
o Introduce the ``set bandwidth'' command.
o Rewrite the ``set autoload'' command. It now takes three arguments
and works based on a rolling bundle throughput average compared against
the theoretical bundle bandwidth over a given period (read: it's now
functional).

Mention that ospf is a possible filter protocol.

Support `igmp' filters.
Mostly submitted by: Timo Geusch <freebsd@sleepycat.ukpeople.net>

Allow reserved substitution strings to be escaped by preceeding them
with a backslash.

Allow our endpoint discriminator to be enabled, disabled, accepted
and denied. This is necessary for some MP implementations that
get confused if you accept their endpoint discriminator but reject
their MRRU.

Use the correct pid when substituting PROCESSID.
Problem reported by: Amedeo Beck Peccoz <gea@gressoney.it>

Don't use static variables if we don't have to.

Correct the way ppp transfers links on the server side in MP
mode by padding out the ``struct device'' to the maximum
device size.
Bump the ppp version number to indicate the transfer format
change.

This should make MP over tty and udp devices functional again.

Mention physical and sync logging in the ``set log''
usage message.

Introduce the ``keep-session'' option. Refer to the man
page for details. This allows MP over non-tty devices where
the original ppp process must not exit (such as sshd-spawned
ppp sessions).

Remember if MYADDR or HISADDR is used in a filter add tweak all
filters any time either value changes.

Add ``show layers'' to see the protocol layering for a link.

Allow ``host:port/udp'' devices and support ``host:port/tcp'' as
being the same as the previous (still supported) ``host:port''
syntax for tcp socket devices.

A udp device uses synchronous ppp rather than async, and avoids
the double-retransmit overhead that comes with ppp over tcp (it's
usually a bad idea to transport IP over a reliable transport that
itself is using an unreliable transport). PPP over UDP provides
througput of ** 1.5Mb per second ** with all compression disabled,
maxing out a PPro/200 when running ppp twice, back-to-back.

This proves that PPPoE is plausable in userland....

This change adds a few more handler functions to struct device and
allows derivations of struct device (which may contain their own
data etc) to pass themselves through the unix domain socket for MP.
** At last **, struct physical has lost all the tty crud !

iov2physical() is now smart enough to restore the correct stack of
layers so that MP servers will work again.

The version number has bumped as our MP link transfer contents have
changed (they now may contain a `struct device').

Don't extract the protocol twice in MP mode (resulting in protocol
rejects for every MP packet). This was broken with my original
layering changes.

Add ``Physical'' and ``Sync'' log levels for logging the relevent
raw packets and add protocol-tracking LogDEBUG stuff in various
LayerPush & LayerPull functions.

Assign our physical device name for incoming tcp connections by
calling getpeername().

Assign our physical device name for incoming udp connections from
the address retrieved by the first recvfrom().

o Redesign the layering mechanism and make the aliasing code part of
the layering.

We now ``stack'' layers as soon as we open the device (when we figure
out what we're dealing with). A static set of `dispatch' routines are
also declared for dealing with incoming packets after they've been
`pulled' up through the stacked layers.

Physical devices are now assigned handlers based on the device type
when they're opened. For the moment there are three device types;
ttys, execs and tcps.

o Increment version number to 2.2
o Make an entry in [uw]tmp for non-tty -direct invocations (after
pap/chap authentication).
o Make throughput counters quad_t's
o Account for the absolute number of mbuf malloc()s and free()s in
``show mem''.
o ``show modem'' becomes ``show physical''.

Add support for NetBSD

Allow port ranges in ``alias port''.

Don't forget to fully initialise the configured values
for MYADDR and HISADDR in ``set ifaddr'' so that unspecified
values don't end up retaining their `width'.

Support PPTP via libalias (``alias pptp addr'').

Support proxying & transparent proxying curtesy of libalias(3).
Order the alias command descriptions.
Order the SEE ALSO entries.

Extend the ``set redial'' command to allow incremental
redial timeouts.

Correct some ntohl/htonl bogons in the netmask handling.
This was pretty harmless as netmasks on a POINTOPOINT
interface are pretty much ignored, but it looked funny.

Mention the configured netmask in ``show ipcp''.

Describe in more detail what a proxy arp entry is.

Allow control over the number of ConfigREQ & TermREQ attempts
that are made in each of the FSMs (LCP, CCP & IPCP) and the
number of REQs/Challenges for PAP/CHAP by accepting more arguments
in the ``set {c,ip,l}cpretry'' and ``set {ch,p}apretry'' commands.

Change the non-convergence thresholds to 3 times the number of configured
REQ tries (rather than the previous fixed ``10''). We now notice
repeated NAKs and REJs rather than just REQs.

Don't suggest that CHAP 0x05 isn't supported when it's not configured.

Fix some bugs that expose themselves with smaller numbers of retries:
o Handle instantaneous disconnects (set device /dev/null) correctly
by stopping all fsm timers in fsm2initial.
o Don't forget to uu_unlock() devices that are files but are not
ttys (set device /dev/zero).

Fix a *HORRENDOUS* bug in RFC1661 (already fixed for an Open event in state
``Closed''):
According to the state transition table, a RCR+ or RCR- received in
the ``Stopped'' state are supposed to InitRestartCounter, SendConfigReq
and SendConfig{Ack,Nak}. However, in ``Stopped'', we haven't yet
done a TLS (or the last thing we did is a TLF). We must therefore
do the TLS at this point !

This was never noticed before because LCP and CCP used not use
LayerStart() for anything interesting, and IPCP tends to go into
Stopped then get a Down because of an LCP RTR rather than getting a
RCR again.

Parse IP addresses more securely - specifically, don't allow
a bum name to return as 0.0.0.0... we don't want ``delete xxx''
to delete the default route when xxx doesn't resolve.

Support IP number specifications as the host when specifying
a tcp-style device (rather than *just* hostnames).

Fully support both NT and LANMan CHAP type 0x80 as both
authenticator and authenticatee.

Wait by default for one second after the login script
is complete before checking carrier. If it's there,
the device supports carrier. If it's not it doesn't.

Add the ``set cd'' command for deciding how soon to check
for carrier, and for deciding if carrier is REQUIRED.

The default has changed: Pre 2.0 versions of ppp waited
for 1 second. Version 2 didn't wait, but this causes
problems with some (few?) modems that don't assert carrier
immediately on reporting CONNECT. The one second delay
is back now and can be removed with ``set cd 0''.

Bump the ppp version number in case this needs to be changed
again....

When resending chap challenges, resend the same challenge
each time rather than making up a new one.

Increase the authname/authkey max sizes to 100 characters.

Allow ``authkey'' specifications beginning with ``!''.
When a challenge is received, the text following the
``!'' is executed as a program (expanding stuff in the same
way that ``sh'' and ``!bg'' do). The program is passed the
peer name, peer challenge and local ``authname'' on standard
input and is expected to output the name/key combination that
should be used to build the CHAP response.

This provides support for Secure ID cards (guess what I was
given at work recently!) using CHAP.

Examples will follow.

Version 2.0 > 2.1 to reflection RADIUS additions.

Initial RADIUS support (using libradius). See the man page for
details. Compiling with -DNORADIUS (the default for `release')
removes support.

TODO: The functionality in libradius::rad_send_request() needs
to be supplied as a set of routines so that ppp doesn't
have to wait indefinitely for the radius server(s). Instead,
we need to get a descriptor back, select() on the descriptor,
and ask libradius to service it when necessary.
For now, ppp blocks SIGALRM while in rad_send_request(), so
it misses PAP/CHAP retries & timeouts if they occur.

Only PAP is functional. When CHAP is attempted, libradius
complains that no User-Password has been specified... rfc2138
says that it *mustn't* be used for CHAP :-(

Sponsored by: Internet Business Solutions Ltd., Switzerland

Allow a variable as the first arg to ``set proctitle''.

Don't delete the primary interface address when
``iface clean'' is used in auto mode while there
are no active links.

Allow multiple systems (config labels) on the command
line and in the ``load'' & ``dial'' commands. The last
label loaded becomes the current label name.
Only require a label for -auto mode.

Add ``set proctitle'' for changing argv[0]. All substitutions
are done in the same way as command execution.

For example, ``set proctitle USER INTERFACE PROCESSID'' would
be useful in a -direct profile for identifying who's connected.

Add ``PROCESSID'' as a constant expanded when running
commands.

Shuffle the iface-alias option so that's in alphabetical
order like the rest of the options.

Add ``enable proxyall'' support. This adds proxy ARP entries
for every machine on every class C or smaller subnet that we
route to.
Add ``set {send,recv}pipe'' for controlling our socket buffer
sizes.
Mention the IP number with the problem in a few error messages.
All submitted by: Craig Leres <leres@ee.lbl.gov>
Modified slightly by: me

Fix the interface alias code. Previously, I was expecting something
like

tun0: flags=blah
10.0.0.1 -> 10.0.0.100
10.0.0.2 -> 10.0.0.100
10.0.0.3 -> 10.0.0.100

to DTRT, despite the SIOCAIFADDR for each new alias returning
-1 & EEXIST while adding the alias anyway. In real life, once
we have the second alias with the same destination, nothing will
route any more ! Also, because I was ignoring EEXIST, the
dynamic IP assignment code was assigning duplicate addresses
('cos it was being lied to by iface_inAdd()).

Now we have

tun0: flags=blah
10.0.0.1 -> 255.255.255.255
10.0.0.2 -> 10.0.0.100
10.0.0.3 -> 255.255.255.255

This works - stuff bound to 10.1 & 10.3 will be considered alive
by the kernel, and when they route back to the tun device, the
packets get aliased to 10.2 and go out to 10.100 (as with the
original plan).

We still see the EEXIST in SIOCAIFADDR, but ignore it when our
destination is 255.255.255.255, assuming that the alias *was*
actually added.

Additionally, ``iface add'' may now optionally be given only
the interface address. The mask & destination default to
255.255.255.255.

Loosen our restrictions on setting enddisc, mrru,
shortseq, authname and authkey.

o Auth{name,key} may additionally be set in PHASE_ESTABLISH.
o The others may be set in PHASE_ESTABLISH as long as no links
have yet reached DATALINK_LCP.

Solve the ``first connection'' problem that occurs on
demand-dial links with dynamic IP numbers where the program
that causes the dial bind()s to an interface address that is
subsequently changed after ppp negotiation.

The problem is defeated by adding negotiated addresses to the
tun interface as additional alias addresses and providing a set
of ``iface'' commands for managing the interface. Libalias is
also required (and what a name clash!) - it happily IP-aliases
the address so that the source is that of the primary (negotiated)
interface and un-IP-aliases it on the way back.

An ``enable iface-alias'' is done implicitly by the -alias command
line switch. If -alias isn't given, iface-aliasing is disabled by
default and can't be enabled 'till an ``alias enable yes'' is done.
``alias enable no'' silently disables iface-alias.

So, for dynamic-IP-type-connections, running ``ppp -alias -auto blah''
will work for the first connection, although existing bindings will
not survive a disconnect/connect as the TCP peer will be trying to
send to the old IP address - the packets won't route.

It's now a lot easier to add IPXCP to ppp with minor updates to
the new iface.[ch] (if anyone ever gets 'round to it).

It's also now possible to manually add interface aliases with
something like ``iface add 1.2.3.4/24 5.6.7.8''. This allows
multi-homed ppp links :-)

Move help displays left one column to avoid problems with
broken terminals that can't handle 80 columns followed by
a linefeed.
Pointed out by: bde@FreeBSD.org

Sync with OpenBSD ifdefs

Add the following word substitutions when running a shell
command:
AUTHNAME: The local authname
ENDDISC: The local endpoint discriminator
LABEL: The configuration label in use
PEER_ENDDISC: The peers endpoint discriminator
USER: The peers authname

Allow the use of HISADDR, MYADDR and INTERFACE as words
embedded in the args of a "shell" or "!bg" command, and
only accept upper case versions.

We can now do:
! sh -c "ifconfig INTERFACE >/tmp/myfile"

Mention ``cbcp'' in ``set log ?''

Fix some OpenBSD/alpha warnings

Put the IP buffer queues into struct ipcp.
Forgotten by: me

If we've got a full output buffer queue and cannot send
anything for two mintues (see ``set choked'' and ``show
bundle''), nuke the ip, mp and link level buffer queues.

This should fix problems where ``ppp -auto'' seems to stop
responding after failing to connect to the peer a few times.

o Support callback types NONE, E.164, AUTH and CBCP.
(see the new ``set callback'' and ``set cbcp'' commands)
o Add a ``cbcp'' log level and mbuf type.
o Don't dump core when \T is given in ``set login'' or
``set hangup''.
o Allow ``*'' and blanks as placeholders in ppp.secret and
allow a fifth field for specifying auth/cbcp dialback
parameters.
o Remove a few extraneous #includes
o Define the default number of REQs (restart counter) in defs.h
rather than hardcoding ``5'' all over the place.
o Fix a few man page inconsistencies.

Always dial immediately on ``open'', ``dial'' and ``call''.
We don't need a ``!''.

Allow an optional ``!'' in the open, dial & call commands.
When used, the redial timer is ignored and the modem is
opened immediately.

Silence ``Network unreachable'' warnings when using
``add .... HISADDR''. The network will never be
reachable at this point unless we're in -auto or reading
the command from ppp.linkup.

We can now run the following lines and get the expected
results:

set ifaddr 1.2.3.4/0 5.6.7.8/0
add default HISADDR

where a route is added immediately in auto mode and the
whole thing is delayed 'till the IP numbers have been
agreed in other modes.

Essentially, ppp.linkup is no longer required.

Correct enable/disable handling (broken when ironing out
32/64 bit issues recently).

Don't require context when there's only one link
for ``open lcp''

Version 2.0-beta becomes 2.0 :-)

o Fix remaining sizeof problems for 64 bit machines.
o Allow ``set ....'' when we have multiple links but aren't in
multilink mode.
o Do a TLS when we receive a ``Open'' event in ``Closed'' state,
despite the rfc state transition table. This is clearly an
error in the RFC as TLS cannot have yet been called (without
TLF) in the ``Closed'' state.
I've posted a message to comp.protocols.ppp for confirmation.

Remove redundant includes

Don't dlopen()/dlsym() libalias, use it in the same way
as the rest of the world uses libraries.

Add ``ipcp'' as an optional argument to ``open'', and make
open capable of re-negotiatiating the various layers.

It is now possible to change various link options and then
re-open the relevant layer, making the changes effective -
for example, switching off VJ compression or starting ECHO
LQRs on-the-fly.

Create & use fsm2initial(), a function to bring a
state machine back to ST_INITIAL without going
through any unnecessary TLS/TLF pairs.

o Allow ``set mrru'' or ``set mrru 0'' to disable
multi-link mode.
o Fix a typo in the ``set mrru'' description.

Change some log levels. ALERTs are only logged when
something that can't happen happens or when everyone
needs to know. ERRORs are only logged when something
unexpected happens.

Don't bring the modem offline or hangup when ``down lcp''
is done. Instead, behave like ``close lcp''.

Fix a rather nasty use of `static'. This caused a SEGV
when running ``link * load label'' as we ended up recursing
back into command_Interpret after nuking our command arg list.

Give ``load'' optional context. It's now possible to
``link 1,2,3 load label'' for people that want to set
up their links in a more mpd-like manner.

Make `close lcp' just close the LCP layer and not hangup. This is
useful for slirp users that wish to get their shell back after the
ppp session. `close' with no args still hangs up as expected.
Required by: jmz

Add the ``clear'' function.
Mostly submitted by: "Stephane E. Potvin" <sepotvin@videotron.ca>

o Maintain a link-type mask for open datalinks as well as
for all datalinks in a bundle. Ppp now deals correctly
with link types that are changed while open
o When changing the type of the last AUTO link, only clear
the interface if we're not in PHASE_NETWORK. This allows
us to switch to -ddial mode while we have a connection
without suddenly unexpectedly throttling ourselves by
clearing the interface configuration.
Problem area noted by: Aaron Jeremias Luz <aaron@csh.rit.edu>

Fix a couple of warnings noted with -Wall on FreeBSD-2.1.5.
Pointed out by: Charlie Sorsby <crs@hgo.net>

Correct ``set server'' usage and add mention that ``set ns'' changed
in README.changes.
Suggested by: stuart henderson <stuart@internationalschool.co.uk>

Make ``set ? log'' more verbose.
Suggested by: Paul Dufresne <dufrp@oricom.ca>

o Make modes consistent throughout ppp. The same strings are used
in `set mode', `allow modes', on the command line and when
outputting mode names. The strings are matched so that only
enough characters to uniquely identify the string are required,
so you can now

ppp -a mylabel (for auto mode)
ppp -b mylabel (for background mode)
ppp -dd mylabel (for direct dial mode)

etc.
o Make -ddial dial when specified on the command line (oops).
Pointed out by: Alex <garbanzo@hooked.net>

MFMP: Make ppp multilink capable.
See the file README.changes, and re-read the man page.

Quieten gcc-2.8.1

Add extraneous braces to stiffle warnings from gcc-2.8

o Fix a few comment typos.
o Fix ``set timeout'' usage message and documentation.
o Change ifOutPackets, ifOutOctets and ifOutLQRs to `u_int32_t's
so that they wrap correctly.
o Put the LQR in network byte order using the correct struct size
(sizeof u_int32_t, not sizeof u_long).
o Wrap LQR ECHO counters correctly.
o Don't increment OutLQR count if the last LQR hasn't been replied
to.
o Initialise HisLqrData (last received LQR) in StartLqm.
o Don't start the LQR timer if we're `disabled' and `accepted'.
o Generate LQR responses when both sides are using a timer and
we're not going to send our next LQR before the peers max timeout.

LQR should now be fully functional.

Cosmetic:
Don't mention the authors name at startup. He's already credited
in the man page. Instead, make the message consistent with the
one given to the diagnostic port (and fix the grammar when entering
`term' mode).
Don't credit the zlib author in the man page as ppp isn't linked
directly with zlib (it's shared).
Mention when the OpenBSD port was first made available.

Don't allow manual dialing unless in auto or interactive mode.

Allow an optional delay when specifying "set openmode active".
The delay defaults to 1 sec (as it always has) unless we've done
a ~p in interactive mode or we've actually detected a HDLC frame.
This is now cleanly implemented (via async timers) so that it is
possible for LCP to come up despite the delay if an LCP REQ is
received.

This will hopefully solve situations with slow servers or slirp
scenarios (where ECHO is left on the port for a second or so before
the peer enters packet mode).

Also, ~p in interactive mode no longer changes the value of the default
openmode delay and -dedicated mode enters packet mode in the right state
according to the value of openmode.

Allow "set vj" for changing the default number of slots
and whether slot compression is requested.
Don't show current values with "show ipcp" if IPCP isn't
"opened".

Make things work when sizeof(long) != 32 (hopefully)

Pause according to the redial setting when dialing manually.
Pointed out by: Berend de Boer <berend@compuserve.com>

o Allow the use of HISADDR as the first arg to "add".
o Allow a forth argument in ppp.secret, specifying a new
label. This gives control over which section of
ppp.link{up,down} is used based on the authenticated user.
o Support random address ranges in ppp.secret (not just in ppp.conf).
o Add a AUTHENTICATING INCOMING CONNECTIONS section to the man page.
o Add a bit more about DEFLATE in the man page.
o Fix the incorrect "you must specify a password in interactive
mode" bit of the manual.
o Space things in the man page consistently.
o Be more precice about where you can use MYADDR, HISADDR and INTERFACE
in the "add" command documentation.

Allow "set device" to close the open modem if we're in
interactive mode.
Use `netfd' in fcntl() and tc[gs]etattr() calls rather than
the hard coded descriptor 0.
Use _FILENO constants from unistd.h

This un-breaks things after my recent `close(0)' in interactive
mode.

Close STDIN_FILENO, and open _PATH_TTY O_RDONLY as `netfd'. This
has the effect of allowing `show route' to output more than about
a page of data (on FreeBSD, not OpenBSD....). I have no idea why,
except that it was a direct consequence of the tcsetattr() in
TtyCommandMode(). My previous fix (closing descriptor 0) `fixed'
this because all calls to tcsetattr() failed :-(

Use inet_aton() before gethostbyname()

Suggested by: Christian Sandberg <christian@yes.no>
Eivind Eklund <perhaps@yes.no>

Allow "add! dst mask gw" (note the ``!'') to do an
RTM_CHANGE if the RTM_ADD fails with an EEXIST.
Allow "delete! dst" (note the ``!'') to silently
fail if the RTM_DELETE fails with an ESRCH.
Also, make the ESRCH and EEXIST error conditions
more understandable to the casual observer.

Show how much time is left before timing out in the
`show timeout' output.
Remove ipIdleSecs variable - it's not used.

Show who closes the diagnostic connection.
Show the IP range (if specified) in "show ipcp".
Close unused descriptors 0 and 2 in interactive mode.
Pass (size_t *) rather than (int *) to sysctl().

Allow (and document) execution of commands from within
our chat script.
You can now even run chat(8) - see ppp.conf.sample.

Cosmetic (style):
sizeof(var) -> sizeof var
sizeof type -> sizeof(type)

Suggested by: J Wunsch <j@uriah.heep.sax.de>

strncpy(x,y,sizeof(x)) --> strncpy(x,y,sizeof(x)-1)

Suggested by: Philippe Charnier <charnier@lirmm.fr>
Theo de Raadt <deraadt@cvs.openbsd.org>

Allow multiple (comma seperated) devices on the "set device" line.
Submitted by: Derek Inksetter <derek@saidev.com>

Reset our "ifaddr" to zero if the "set ifaddr" fails in
-auto mode. This makes ppp correctly exit if you kick it
off twice in auto mode with the same label (read: interface).

Replace

strcpy(a, b); /* a and b are the same size */

with

strncpy(a, b, sizeof(a));
a[sizeof(a)-1] = '\0';

Making the code `correct at a glance'.

Suggested by: Theo de Raadt <deraadt@cvs.openbsd.org>

Don't log the actual password when command-logging
"passwd xxxx".

o Log ******** instead of the actual password for "set authkey"
when command logging is switched on.
o Display ******** for the authkey for "show auth"
o Document how \P should be used, and document the other chat escapes
while I'm there.
o Make sure the full command is displayed when a compound command
fails - ie, "set novar rubbish" should say "set novar: Invalid command"
rather than "novar: Invalid command"

Problem pointed out by: Theo de Raadt <deraadt@cvs.openbsd.org> (among others)

Fix a potential overflow where, if the label passed on the command
line is > LINE_LEN (512 bytes), we scribble (*blush*).

Hinted at by: Theo de Raadt <deraadt@cvs.openbsd.org>

Change sprintf(buf, "fixedstring") to strcpy(buf, "fixedstring").

Use LogWARN for command usage messages and unrecognised
commands, not LogCOMMAND.

Allow random IP number allocation to peer.
Validate the peers suggested IP by attempting to make a routing table
entry.
Give up IPCP negotiation if the peer NAKs us with an unusable IP.
Always SIOCDIFADDR then SIOCAIFADDR when configuring the tun device.
Using SIOCSIFDSTADDR allows duplicate dst addresses (which we don't
want)!!!
Allow up to 200 interface names (was 50) (now that ppp can play server
properly).
Up the version number (1.5 -> 1.6).

Cosmetic:
Log unexpected CCP packets in the CCP log rather than the ERROR log.
Log unexpected Config Reqs in the appropriate LCP/IPCP/CCP log rather
than the ERROR log.
Log failed route additions and deletions with WARN, not TCPIP.
Log the option id and length for unrecognised IPCP options.
Change some .Sq to .Ar in the man page.

Correct usage of `add' and `delete'.

Only allow one arg to `delete' - the mask & gateway aren't necessary.
Delete AF_LINK routes as well as AF_INET.
Allow the word `default' as the arg to `delete' or in place of the
first two args (dest & netmask) to `add'.
Accept INTERFACE as the third arg to `add'.

You can now say `add default interface' to create a default route
through the tun interface. It's reported that subsequent bind()s
will bind to a broadcast address and not to the address currently
assigned to the tun device - this is the first step towards
supporting that first connection that was around from before the
dynamic IP negotiation....

Fix the help command (broken when I re-prototyped
all the commands).

Fix prototypes.
Remove extraneous decls.
Add ``const'' to several places.
Allow ``make NOALIAS=1'' to remove IP aliasing.
Merge with OpenBSD - only the Makefiles vary.

We can now survive a compile with
-Wall -Wbad-function-cast -Wcast-align -Wcast-qual
-Winline -Wmissing-declarations -Wmissing-prototypes
-Wnested-externs -Wpointer-arith -Wredundant-decls
-Wshadow -Wstrict-prototypes -Wwrite-strings -Wchar-subscripts
(although the Makefile just contains -Wall).

Allow zero args to "cvs log".

Add and use a DropClient() function for closing the diagnostic port.
Call DropClient() from Cleanup() too.

Fix command logging (broken with the "allow" command).

Return correct value from "set loopback".
Output "set ?filter deny host|port" rules correctly
with show ?filter.
Submitted by: Dave Bodenstab <imdave@mcs.net>

Don't attempt to dial if "dial label" has specified
a restricted label.

Don't warn that we're waiting for the command to complete if
we've put it in the background (!bg).

Finish the security improvements:
o Add "allow" command:
"allow users a b c" gives access to users a, b and c.
"allow modes auto" gives those users access to auto mode only.
"allow users *" and "allow modes *" are accepted.
No users and all modes are allowed by default.
UID 0 can do anything.
o Set the current label with the "load" and "dial" commands
so that the call to ppp.linkdown makes sense.
o Up the verison number.
o Don't OR MODE_AUTO for -background and -ddial.
o Don't OR MODE_INTER when we get a diagnostic connection.
o Allow up to 40 args per line (was 20).
o "set ifaddr" only changes the interface in AUTO mode (with other
modes, it happens after IPCP negotiation).
o Sort command descriptions in the man page.
o Support -dedicated mode where we just talk ppp forever (no login etc).

Don't Cleanup() in background mode when
we get a "close", the LcpClose() will
eventually do it when we get to PHASE_DEAD.

Initialize VarAltPhone.
PR: 4993

Don't create a diagnostic socket by default.
Allow a password spec on the "set server" command line.
Use SIGUSR2 to close the diagnostic socket.
Some man page corrections.

Don't ask for a password if it's specified as empty.

Add the "!include" syntax.
Return 0 from "show" commands.

Introduce ID0 logging.
Stay as the invoking uid as much as possible.
Execution as a normal user is still forbidden for now,
so these changes are pretty ineffective.
The next commit will implement the modifications suggested
on -hackers a number of days ago.

Don't pass global vars as args.
Remove local/global conflicts.

Introduce [local] to "set log [local] ...". This spits
logging out to the screen in terminal mode - should be
good for installation problem diagnosis.

Cosmetic:
Move prototypes into the correct headers.

Cosmetic (no functional changes):
o Add missing $Id$s
o Move extern decls from .c -> .h files
o Staticize
o Remove #includes from .h files
o style(9)ify includes
o bcopy -> memcpy
bzero -> memset
bcmp -> memcmp
index -> strchr
rindex -> strrchr
o Move timeout.h -> timer.h (making it consistent w/ timer.c)
o Add -Wmissing-prototypes

sleep => nointr_sleep
usleep => nointr_usleep
(not just a #define)
Already done by: ache

Cosmetic: Mention that ppp is suspending before
executing a "shell" command.

Allow Microsoft CHAP authentication.
This is a combination of MD4 & DES.
Submitted by: Gabor Kincses <gabor@acm.org>

Correct the way the uucp lock file and the ttyXX.if lock
file get created. We don't create lock files over non-tty
connections, but we *do* create lock files in -direct mode.
This leaves us capable of adding utmp/wtmp support for
successful pap & chap logins (coming soon).

Typo police
Submitted by: Mark Cammidge <mark@gmtunx.ee.uct.ac.za>

Support CHAP using MD4
Suggested by: jordan

o Fix two unlikely descriptor leaks.
o Output the correct device for "show modem"
while in -direct mode.
o Cosmetic: Moan a bit more when we can't open
the [modem] device.
o Call OpenModem() in a more "natural" way.
o Add some LogDEBUG in OpenModem().

Allow dial to work in non-interactive mode.

Print errors correctly (don't adjust
argc/argv for commands).

Don't start an interactive shell from a
telnet prompt.

Install as group ``network''
Insist that uid == 0 for client ppp
Disallow client sockets if no password is specified
Don't exit on failure to open client socket for listening
Allow specification of null local password
Use reasonable size (smaller) ``vector''s in auth.c
Fix "passwd ..." usage message
Insist on "all" as arg to "quit" (if any)
Drop client socket connection before Cleanup() when "quit all"

Cosmetic: Make LogPrintf() calls consistent.

Make the code format more in line with style(9).
Update loadalias to use the new libalias api.
Update to version 1.1.

Allow the use of HISADDR & MYADDR in ppp.conf.

Add "set loopback on|off", defaulting to "on".
This tells ppp to loopback packets addressed to
the ppp interface IP coming *from* the tun
device.

This means that you can ping the tun interface IP
from inside :-)

Correct online usage message for "set ? stopped"

Expand the "set stopped" command so that it can
idependently time out any of the FSMs.

Split LCP logging into LCP, IPCP and CCP logging,
and make room in "struct fsm" for the log level
that the state machine should use.

Correct the forth arg to "set ifaddr". If specified,
it gives the IP number that should be used for initial
IPCP config requests, irrespective of MYADDR.

Introduce the "bg" command. It's pretty
much the same as "shell", but it's in the
background.

Allow the use of a "stopped" timeout via the
"set stopped" directive. If the timeout occurs
it will cause a "Down" event, hanging up the line
if it's still up. This *isn't* part of the FSM
diagram, but I consider it ok as a "higher level
implementation specific timeout" as specified in
the rfc ;-}

Discussed briefly with: joerg

Allow a "hangup" capability.
You can now "ATZ" your modem when it's closed.

Submitted by: peter@citylink.dinoex.sub.org (Peter Much)

Allow service names in "set server"

Allow specification of a umask for local socket
creation in "set server" command.

Deal with HISADDR/MYADDR in filter rules.
Mostly submitted by: kfurge@worldnet.att.net

Allow MYADDR in add/delete commands to facilitate
dynamic additions of a loopback route to MYADDR.

Add "set server" to control the server socket.
Catch SIGUSR1 to re-init listening socket.
Document signal behaviour.

Add missing '\n's to LogPrintf(LogWARN,...)
Main() returns int not void.

AF_LOCAL ideal suggested a long time ago by: joerg

Allow shell commands (still run as original user)
unless defined out - including while a telnet
session with a -auto ppp is in effect. If you
don't create ppp.secrets, you deserve what you
get.

telnet connection capabilities will be configurable
per system soon.

Suggested by: Terry Dwyer <tdwyer@omen.net.au>

o Fix uptime for direct connections.
o Style police
o Make hangup abort the current connection, not
necessarily exiting (-auto/-ddial).
o Trap HUP and INT during DoChat and abort the
connection attempt. This means you can now
type "dial" and change your mind with ^C, or
HUP the process to stop it dialing.

Slapped into doing it by: Chuck Robey <chuckr@glue.umd.edu>

Fix "set parity"

PR: 3881
Actual problem found by: shocking@mailbox.uq.edu.au

Cosmetic: Fix help syntax.

Remove srandomdev fallback code

Fix "delete ...", it now only insists on
one arg too.

Discovered by: Rikk Salamat <rikks@web-impact.com>

Fix "show ?" alignment.

PR: 3830
Submitted by: Josh Gilliam <josh@quick.net>

Sort out ppp over tcp:
o Allow "set var" with no args to blank var (don't req "").
o Zero VarTerm ASAP if not in interactive mode.
o Never print anything to stdout in -direct mode.
o Count redial when failing to open modem.
o Increase device size to 40 characters (for host:port).
o Remove missed "if (fd == 0) fd = 1;".
o Don't give up on incoming non-terminal connections.

Overhaul ppp:
o Use syslog
o Remove references to stdout/stderr (incl perror())
o Introduce VarTerm - the interactive terminal or zero
o Allow "set timeout" to affect current session
o Change "set debug" to "set log"
o Allow "set log [+|-]flag"
o Make MSEXT and PASSWDAUTH stuff the default
o Move all #ifdef DEBUG stuff into the code - this
shouldn't be too much overhead. It's now controlled
with "set log +debug"
o Add "set log command, debug, tun, warn, error, alert"
o Remove cdefs.h, and assume an ansi compiler.
o Improve all diagnostic output
o Don't trap SIGSEGV
o SIGHUP now terminates again (log files are controlled
by syslog)
o Call CloseModem() when changing devices
o Fix parsing of third arg of "delete"

I think this fixes the "magic is same" problems that some
people have been experiencing.
The man page is being rewritten. It'll follow soon.

Implement "set mtu" command to allow the client to
reduce the interface mtu.
Allow max mru spec of 16k.
Add "show m[rt]u" ability.

Remove "set mtu ..." ability. Currently, this is an
"alias" for "set mru ...", but there's no such thing
as setting your mtu in the ppp protocol (rfc1661).

Correct the return of DialModem()

Suggested by: kfurge <kfurge@worldnet.att.net>

De-couple ppp from libalias. If libalias isn't there, the
alias commands simply won't work. Only root may specify the
location of the alias lib (otherwise, it's hard-coded).

Make logprintf silently fail if LogOpen hasn't been called.

Suggested by: eivind

Fix the reconnect option, and add an explanation to vars.h

Use the latest alias engine - now in libalias.

Submitted by: Charles Mott <cmott@srv.net>

Mega update to sort out bad implementations
of reconnect & -background.

o Fix reconnect anomolies.
o Make reconnect apply to failed LQR hangups (& mention in man page).
o Make reconnect effective in -background mode.
o Listen on socket in -background mode.
o Try all phone numbers in -background mode.
o Insist on system arg in -background mode.
o Make a control-connection close command exit in -background mode.
o Output status message to stdout on exit of parent in -background mode.
o Don't notify parent of success too soon.
o Describe termination EX_* code.
o Miscelaneous diagnostic corrections.
o Remove redundant connect_time from modem.c.
o Don't repeatedly DownConnection().

Build pid_filename without a double slash.
Make ``Dial attempt'' diagnostics consistent.

Reset lostCarrier when it has reached max.
Suggested by: Kevin Street <street@iName.com>

Cosmetique fixes:
shorten help message to fit the screen
return to prompt from "show ipcp"

Add a ttyXX.if file in /var/run that points to
the tunX.pid file. Change the ppp.tunX.pid name
to tunX.pid

Requested by: Daniel O Callaghan <danny@panda.hilink.com.au>

Tidy up the code - bounds checking, return
value checking etc.

Submitted by: eivind

Don't reconnect (due to reconnect setting) after
close command.

Allow mixed case commands.
Allow HISADDR, MYADDR, INTERFACE and ALL in mixed case.

Allow up to 40 args in the chat script (was 20).
Ignore subsequent args rather than scribbling.

PR: 1952
Submitted by: Mikael Hybsch <micke@free.dynas.se>

Add a reconnect capability directing ppp to re-establish
the connection after an unexpected loss of carrier:

set reconnect timer ntries

The man page warns against using this command when your
timeout value is slightly more than the other sides :{}

Suggested by: burton@bsampley.vip.best.com (Burton Sampley)

Make the next number redial ability configurable. The
"set redial pause [times]" command becomes
"set redial end-pause[.next-pause] [times]" and next-pause
defaults to 3 seconds. This keeps things backwards
compatable.

Suggested by: ache

Ignore SIGPIPE or any user can quit ppp just telnetting to it
and quitting telnet immediately (while phone number dialed)
Log client connection/disconnection with PHASE_BIT now.
Add more error recovery on client disconnection

Use srandomdev() to initialize RNG

Convert srandom() arg cast to Lite2 style

Do not re-initialize random numbers generator several times.
Use ^ getpid() to produce better initial state.

Don't waste time scanning tun_in+10 descriptors, scan exactly what
we need now.
Don't assume that file descriptor can't be 0 (many places)
Protect FD_* macros from being used with negative descriptors
Shorten MS EXT show help to fit 80 cols

Revert $FreeBSD$ to $Id$

Make it possible to substitute INTERFACE when executing commands.

Fix a benign typo (benign by now, since sizeof(VarLoginScript) ==
sizeof(VarDialScript)).

Submitted by: Arjan.deVet@adv.IAEhv.nl (Arjan de Vet) -- or actually by imp?

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Fix many buffer overruns in the code. Specifically, disallow ExpandString
to be used to expand things beyond the size of the buffer passed in. Also
do a general cleanup of sprintf -> snprintf as well as strcpy and strncat
safety. Also expand some buffers to allow for the largest possible data
that might be used.

This is a 2.2 candidate. However, it needs to be vetted on -current
since little testing has been done on this due to my lack of PPP on
this machine.

Reviewed by: Jordan Hubbard, Peter Wemm, Guido van Rooij

For /usr/sbin/ppp, you must choose between running ppp in the background or
connecting to a host immediately in the foreground.

I would like to be able to run ppp from a script so that my script can be
sure that it is connected to the 'net before it continues running:

# Dial up the internet.
ppp -background myprovider || exit 1

do-some-net-command

# Hang up the modem.
kill -HUP `cat /var/run/ppp.tun0.pid`

Another problem is that the current ppp calls its process id file
`/var/run/PPP.server', which may conflict if you have more than one IP
tunnel interface available.

Closes PR#1469
Submitted by: Gord Matzigkeit <gord@enci.ucalgary.ca>

Make CRTSTS selection a runtime option. Closes PR#1392
Submitted by: Mike McGaughey <mmcg@heraclitus.cs.monash.edu.au>

Added my 'ddial' patches to user-PPP. The new mode tries it's darndest
to keep the link up, so it re-dials whenever it detects the link go
down. This is useful for 'dedicated' links who use PPP.

It's been used for over a year w/out problems at different sites.

Fixed the security leek I introduced the other day, now
shell command is only executabel from command files, not
from the commandline.

1. Room to calculate MD5 for CHAP negotiation is shorter than
required. a core is not dumped at first connecting time and
dumped at second or third time. (patch I)
2. A routine for "show route" refers out of allocated space.
Values pointed by "lp" should be read as CHAR, I think.
there is also no free() for disallocation. (patch II)

Here is also a patch for an improvement: In current imprementation,
even if PPP connection is disconnected by time out, prompt of
interactive mode does not change from "PPP>" to "ppp>" to
indicate the disconnection on a terminal.
So I modified the code to do that. (patch III)

Submitted-By: NAKAMURA Motonori <motonori@econ.kyoto-u.ac.jp>

Allow shell commands in all modes.
Old behavior can be had with define SHELL_ONLY_INTERACTIVELY

Add the feature to use MYADDR & HISADDR macroes as arguments to
a shell escape.

Add support for the Evil Microsoft ppp extentions. Yes, they did it
on their own without even attempting to get concensus in the IETF, but
there are also lots of Win95/NT boxes out there.

CLoses PR#1494
Submitted-By: Peter Childs <pjchilds@imforei.apana.org.au>

Moved getdtablesize() out of a loop.

Prepare for exec properly and check return values
Submitted by: Arjan de Vet <devet@IAEhv.nl>

Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs
add some logging functionality which I find very useful.
'set debug link' will record just link up/down and address assignments.
'set debug connect' will record the entire chat dialog
'set debug carrier' will record just chat lines including 'CARRIER'
(so that I can be sure I'm getting a 28.8 line).

There was a global change required to permit LogPrintf to take a bit
mask instead of a bit position value (to permit logging some events
on either of two flags, so that no change in 'set debug lcp' would
result from the code supporting 'link'. Thus the diffs are rather
long for such a small change. The man page is also touched.

Oh, and there was a slight syntax problem in route.c

Reviewed by: phk
Submitted by: Tony Kimball <alk@Think.COM>

Prevent dial cycling on the last phone from the list, make phone list copy

1) Add multi-phone dialing/redialing, several phones separated by ':'
2) Improve on-line help subsystem
3) Make 'term' mode works even carrier dropped (old code
close line forever here)
4) Make 'term' mode 8bit clean.
5) Improve manual page
6) #ifdef DEBUG diagnostic about missing optional files.
7) Don't put interactive dialing info to logfile

Use libmd's MD5.
inline hdlc checksum calculation.
make big tables const.

Final cleanup for now. -Wall is now silent. A couple of bogons found.

My freshly aborted 'make world' has pointed out that the wait.h include
file is <sys/wait.h>, not <wait.h> as was recently committed.

A random bunch of cleanup changes.

1. Add a settable redial timer and logging of the process id in a file.
A settable redial timer helps to avoid the problem where both ends
of a link want to dial at the same time and the line winds up busy
for both ends. The process id is logged in /var/run/PPP.system where
system is the name of the called system. When both ends of a link
are running in demand dial mode, you need an easy way to get the pid
of the ppp on the called end so it can be killed and re-started with
-direct or pppd started to handle the incoming ppp session.

2. Add secret description for "set timeout" to man.

Reviewed by: Atsushi Murai <amurai@spec.co.jp>
Submitted by: John Capo <jc@irbs.com>

1. Do not log the password itself to ppp.log ( Mr. Rich Murphey )
2. Add ability to execute shell commands and suspend back into
invoking shell (Mr. J Wunsch)

Reviewed by: amurai@spec.co.jp
Submitted by: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
Rich Murphey <rich@lamprey.utmb.edu>

1. Clean up log message.
2. Optimize ModemQlen.
3. Sending ProtoReject for Unknow protocol (i.e. IPX)
4. Avoid select looping by reading tun under the high system load.
5. Adding Local version String for maintenance.
6. Just more speak rather silent ignore if you type invalid key words.

Some implementation of PPP are required that starting a negotiaion by
sending *special* value as my address, even though the standard of PPP
is defined full negotiation based. (e.g. "0.0.0.0" or Not "0.0.0.0")

manupilation -> manipulation.

Remove trailing whitespace.

Fixing follows and John's fruent explnation than my English....

The first problem I found was that descriptor 0 was being closed.
This happens because the modem variable is set to 0 to indicate
that it is not valid but there are not enough tests for the modem
variable being 0. You can see where I have done this in the patch.
Code in OpenModem() dups the modem descriptor if it is < 3. Once
this happened the modem was always open and an incomming call would
have getty and ppp reading the modem.

Descriptor 1 is closed when the quit command was executed from a
telnet connection. The next modem open returns descriptor 1
and this gets duped leaving the modem always open again.

The modem was not being closed when the connection dropped or was
closed from the other end. The UUCP lock was also not removed if
the modem could not be opened.

Reviewed by: Atsushi Murai <amurai@spec.co.jp>
Submitted by: John Capo <jc@irbs.com>

Fixing minor bug and allow help(Not for all command) and quit
but not close line connection by "quit all" command if not
authorized.

Reviewed by: amurai@spec.co.jp
Submitted by: tony-o@iij.ad.jp amurai@spec.co.jp

New user Process PPP based on iij-ppp0.94beta2.

o Supporting SYNC SIO device (But need a device driver)
- add "set speed sync"
o Fixing bug for Predictor-1 function.
o Add new parameter that re-sent interval for set timeout commands.
o Improving RTT (Round Trip Time) and reducing processor time.
- Previous Timer service was using polling, and now using
SIGALRM ;-)
- A 0.94beta2 will not work correctly....

-- Follows are additinal feature not including 0.94beta2
o Support Proxy ARP
- add "enable/disable proxy" commands
o Marging common routine in CHAP/PAP.
o Enhancing LCP/IPCP log information.
o Support local Authfication connection on port 300x and tty.
- You can set up pair of your "hostname -s" and
password in ppp.secret. if either ppp.secret file nor
your hostname line don't exist, It will notify a message
and working as same as previous version.(Backword compatibility)
- If you did set up them, It's allow connection but nothing to do
except help and passwd command.
- add "passwd yourpasswd" commands
o Support afilter - keep Alive filter that a packet can send/receiving
according to ifilter/ofilter but doesn't count it as preventing idle
timer expires.
- Same syntax of other filters.
o Fixing bugs reported by current user for previous one. Thanks !!

Reviewed by: Atsushi Murai (amurai@spec.co.jp)

This commit was generated by cvs2svn to compensate for changes in r6059,
which included commits to RCS files with non-trunk default branches.