Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by: re (implicit)

Port ppp(8) to utmpx.

A nice thing about utmpx is that it makes it very easy to log sessions
that don't use TTYs. This is because the file is not indexed by TTY
slots anymore.

Silence from: brian

When ``ppp -direct'' is invoked by a program that uses pipe(2) to
create stdin and stdout, don't blindly try to use stdin as a bi-directional
channel. Instead, detect the pipe and set up a special exec handler
that indirects write() calls through stdout.

This fixes the problem where ``set device "!ssh -e none host ppp
-direct label"'' no longer works with an openssh-5.2 server side as
that version of openssh ignores the USE_PIPES config setting and
*always* uses pipes (rather than socketpair) for stdin/stdout channels.

MFC after: 3 days

Make ppp use <termios.h>, not <sys/tty.h>.

ppp's physical.c is filled with calls to termios. For some reason, it
includes <sys/tty.h>, not <termios.h>. Even though this works with the
current version of FreeBSD, we'd better follow the standards.

Approved by: philip (mentor)

Remove ISDN4BSD (I4B) from HEAD as it is not MPSAFE and
parts relied on the now removed NET_NEEDS_GIANT.
Most of I4B has been disconnected from the build
since July 2007 in HEAD/RELENG_7.

This is what was removed:
- configuration in /etc/isdn
- examples
- man pages
- kernel configuration
- sys/i4b (drivers, layers, include files)
- user space tools
- i4b support from ppp
- further documentation

Discussed with: rwatson, re

Add a bunch of malloc() return checks

PR: 71592
Submitted by: Dan Lukes <dan@obluda.cz> with further changes

Fix the build on 64-bit platforms.

Make ppp WARNS=5 clean

Add configuration option "set pppoe [standard|3Com]" which allows
to configure mode for ng_pppoe(4) node under control.

Reviewed by: brian
Approved by: julian (mentor)

Report the number of bytes not written when complaining about failed writes

utmp.ut_time and lastlog.ll_time are explicitly int32_t rather than
time_t. Deal with the possibility that time_t != int32_t. This boils
down to this sort of thing:
- time(&ut.ut_time);
+ ut.ut_time = time(NULL);
and similar for ctime(3) etc. I've kept it minimal for the stuff
that may need to be portable (or 3rd party code), but used Matt's time32
stuff for cases where that isn't as much of a concern.

Approved by: re (jhb)

Include the correct file (stdarg.h) and use va_list rather than _BSD_VA_LIST_

Suggested by: mike

Show the port number (tty slot, pppoe session id etc) under
``show physical''.

Remove whitespace at the end of lines.

Coerce pid_t to long rather than int for better portability.

Suggested by: Theo de Raadt <deraadt@openbsd.org>

o Clean up some #includes
o Bump version number to 3.0.4
o When talking to a RADIUS server, provide a NAS-Port-Type.

When the NAS-Port-Type is Ethernet, provide a NAS-Port value equal
to the SESSIONID from the environment in direct mode or the
NGM_PPPOE_SESSIONID message in other modes. If no SESSIONID is found,
default to the interface index in client mode or zero in server mode.

When the NAS-Port-Type is ISDN, set the NAS-Port to the minor number
of the physical device (ie, the N in /dev/i4brbchN).

This makes it easier for the RADIUS server to identify the client
WRT accounting data etc.

Prompted by: lsz8425 <lsz8425@mail.cd.hn.cn>

Merge the NETGRAPH branch into HEAD. tty devices now use netgraph's line
discipline to do the async escaping, but no other benefits are available yet.

Change ``ifdef HAVE_DES'' to ``ifndef NODES'' for consistency.

Make the Makefile a little more sane WRT RELEASE_CRUNCH.

o Add ipv6 support, abstracting most NCP addresses into opaque
structures (well, they're treated as opaque).

It's now possible to manage IPv6 interface addresses and routing
table entries and to filter IPV6 traffic whether encapsulated or
not.

IPV6CP support is crude for now, and hasn't been tested against
any other implementations.

RADIUS and IPv6 are independent of eachother for now.

ppp.linkup/ppp.linkdown aren't currently used by IPV6CP

o Understand all protocols(5) in filter rules rather than only a select
few.

o Allow a mask specification for the ``delete'' command. It's now
possible to specifically delete one of two conflicting routes.

o When creating and deleting proxy arp entries, do it for all IPv4
interface addresses rather than doing it just for the ``current''
peer address.

o When iface-alias isn't in effect, don't blow away manually (via ``iface
add'') added interface addresses.

o When listening on a tcp server (diagnostic) socket, bind so that a
tcp46 socket is created -- allowing both IPv4 and IPv6 connections.

o When displaying ICMP traffic, don't display the icmp type twice.
When display traffic, display at least some information about unrecognised
traffic.

o Bump version

Inspired after filtering work by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>

Handle hardware-imposed MTU/MRU limitations. PPPoE will no longer
allow MRU/MTU negotiations to exceed 1492.

Add an optional ``max'' specifier to ``set m[rt]u'', ie.

set mtu max 1480

Bump the ppp version number.

Sponsored by: Monzoon Networks AG and FreeBSD Services Limited

MAXPATHLEN -> PATH_MAX
Don't assume MAXHOSTNAMELEN includes the NUL
Correct a diagnostic
Use "localhost" in our prompt instead of ""

Use fstat to check if descriptor 0 is a socket.

Suggested by: julian

Add ``enable/disable tcpmssfixup'', defaulting to enabled.

Suggested by: julian
Hijacked from: ru (ports/net/tcpmssd)

If write() gives -1/ENOBUFS, keep the packet and sleep for 1/10th
of a second before attempting to write it again (unless there's
something else to do instead).

Support PPPoATM, disabled for now as /usr/include/netnatm doesn't exist

Submitted by: Jakob Stoklund Olesen <stoklund@taxidriver.dk>

Make -DNOSUID (or -DPPP_NOSUID) possible to build ppp without SUID
capabilities.

Maintain input and output throughput averages and choose the highest
of the two when calculating the MP throughput average for the ``set
autoload'' implementation.

This makes more sense as all links I know of are full-duplex. This
also means that people may need to adjust their autoload settings
as 100% bandwidth is now the theoretical maximum rather than 200%
(but of course, halfing the current settings is probably not the
correct answer either!).

This involves a ppp version bump as we need to pass an extra
throughput array through the MP local domain socket.

Calculate the average link throughput using a counter based on the
cumulative total of all active links rather than basing it on the
total of PROTO_MP traffic.

This fixes a problem whereby Cisco routers send PROTO_IP packets only
when there's only one link (hmm, what a good idea!).

Mention it in the log file when we HUP a process that
controls a link.

Fix some printf-style argument bugs

To avoid namespace polution in NetBSD:

``struct descriptor'' -> ``struct fdescriptor''

Cosmetic: Make struct mbuf more like kernel mbufs.

Make -foreground a proper option (allowing ``allow mode foreground'',
``set mode foreground'' etc.

Change ``set cd'' so that its default value is device specific. The
default is still 1 second for ttys, but is now 6 seconds for i4b (ISDN)
devices and 5 seconds for ethernet (PPPoE) devices.

Rewrite the link descriptor transfer code in MP mode.

Previously, ppp attempted to bind() to a local domain tcp socket
based on the peer authname & enddisc. If it succeeded, it listen()ed
and became MP server. If it failed, it connect()ed and became MP
client. The server then select()ed on the descriptor, accept()ed
it and wrote its pid to it then read the link data & link file descriptor,
and finally sent an ack (``!''). The client would read() the server
pid, transfer the link lock to that pid, send the link data & descriptor
and read the ack. It would then close the descriptor and clean up.

There was a race between the bind() and listen() where someone could
attempt to connect() and fail.

This change removes the race. Now ppp makes the RCVBUF big enough on a
socket descriptor and attempts to bind() to a local domain *udp* socket
(same name as before). If it succeeds, it becomes MP server. If it
fails, it sets the SNDBUF and connect()s, becoming MP client. The server
select()s on the descriptor and recvmsg()s the message, insisting on at
least two descriptors (plus the link data). It uses the second descriptor
to write() its pid then read()s an ack (``!''). The client creates a
socketpair() and sendmsg()s the link data, link descriptor and one of
the socketpair descriptors. It then read()s the server pid from the
other socketpair descriptor, transfers any locks and write()s an ack.

Now, there can be no race, and a connect() failure indicates a stale
socket file.

This also fixes MP ppp over ethernet, where the struct msghdr was being
misconstructed when transferring the control socket descriptor.

Also, if we fail to send the link, don't hang around in a ``session
owner'' state, just do the setsid() and fork() if it's required to
disown a tty.

UDP idea suggested by: Chris Bennet from Mindspring at FreeBSDCon

Support PPPoE

Help (lots) from: julian, archie
Facilities from: ahebert@pubnix.net

Don't (unnecessarily) parse wtmp, force ID0logout() to DTRT instead.

Manually create a correct(*) entry in wtmp when logging out a PPPoTCP or
PPPoUDP connection.

(*) This is as correct as ftp and uucp wtmp entries are - that is,
multiple concurrent connections will not record enough information
in wtmp to tell last(1) who was logged in for how long.

If we're running ppp -direct over a tcp or udp connection,
record the IP number in the `from' slot and not the tty slot.
We put ``ppp'' in the tty slot - in line with what ftp (and
probably others) does.

Support ``set cd off'' to tell ppp not to even look for carrier on the
device.

Back out the bogus #ifdef __NetBSD__ #include <signal.h> lines.
The original report was due to a mis-installation of the NetBS
header files :-/

Submitted by: Kazuyoshi Kato <kazk@yyy.or.jp>

NetBSD has moved ``extern int errno;'' to signal.h :-/

Submitted by: Kazuyoshi Kato <kazk@yyy.or.jp>

Cosmetic:
alias_cmd -> nat_cmd after a repo-copy

$Id$ -> $FreeBSD$

o Add the -foreground switch. This switch behaves like -background except
that ppp stays in the foreground.
o Add the -quiet switch to quieten ppps startup
o Add the -nat flag and discourage the use of the -alias flag. Both do
the same thing.
o Correct some nat usage strings.
o Change the internal ``alias'' command to ``nat''.

Add ISDN support via isdnd & i4b. This requires version
0.81.1 of the i4b code - namely support of the I4B_VR_REQ
ioctl via the i4brbchX device.

Ppp controls the phone number, but idle timers and
SYNC/RAW decisions are still made by isdnd (in isdnd.rc).

This involves a new datalink state machine phase. The
``wait for carrier'' phase happens after dialing but
before logging in. The whole dial state should really
be abstracted so that each device type can deal with it
in its own way (thinking about PPPoE) - but that'll have
to wait.

The ``set cd'' symantics remain the same for tty devices,
but we now delay until we either get CD or timeout waiting
(at which time we drop the link if we require CD).

For i4b devices we always insist on carrier.

Thanks to hm@ for his help, and especially for pointing out
that I *don't* need to re-implement isdnd (that was a huge
waste of time !) :-]

o Obsolete the undocumented ``set weight'' command.
o If we're using RADIUS and the RADIUS mtu is less than our
peers mru/mrru, reduce our mtu to this value for NetBSD too.
o Make struct throughput's sample period dynamic and tweak the ppp
version number to reflect the extra stuff being passed through
the local domain socket as a result (MP mode).
o Measure the current throughput based on the number of samples actually
taken rather than on the full sample period.
o Keep the throughput statisics persistent while being passed to
another ppp invocation through the local domain socket.
o When showing throughput statistics after the timer has stopped, use
the stopped time for overall calculations, not the current time.
Also show the stopped time and how long the current throughput has
been sampled for.
o Use time() consistently in throughput.c
o Tighten up the ``show bundle'' output.
o Introduce the ``set bandwidth'' command.
o Rewrite the ``set autoload'' command. It now takes three arguments
and works based on a rolling bundle throughput average compared against
the theoretical bundle bandwidth over a given period (read: it's now
functional).

Show the correct error if we fail to open a device.

Correct the way ppp transfers links on the server side in MP
mode by padding out the ``struct device'' to the maximum
device size.
Bump the ppp version number to indicate the transfer format
change.

This should make MP over tty and udp devices functional again.

Introduce the ``keep-session'' option. Refer to the man
page for details. This allows MP over non-tty devices where
the original ppp process must not exit (such as sshd-spawned
ppp sessions).

Increase the length of an individual device name to LINE_LEN.
Adjust the base physical device name correctly after a link
transfer (allowing correct multilink callbacks).

Correct the ``ignoring sync/async'' warnings so that they show
up with the correct device type.
Reassign the correct tcpdevice or execdevice after transfering
a link in MP server mode.

Move the tty locking stuff back out to physical.c so
that we lock the device *before* we open it.
We still open the device only once - and then ask all
our handlers if they know how to handle it.

Initialise the struct device part of struct ttydevice.

Allow ``host:port/udp'' devices and support ``host:port/tcp'' as
being the same as the previous (still supported) ``host:port''
syntax for tcp socket devices.

A udp device uses synchronous ppp rather than async, and avoids
the double-retransmit overhead that comes with ppp over tcp (it's
usually a bad idea to transport IP over a reliable transport that
itself is using an unreliable transport). PPP over UDP provides
througput of ** 1.5Mb per second ** with all compression disabled,
maxing out a PPro/200 when running ppp twice, back-to-back.

This proves that PPPoE is plausable in userland....

This change adds a few more handler functions to struct device and
allows derivations of struct device (which may contain their own
data etc) to pass themselves through the unix domain socket for MP.
** At last **, struct physical has lost all the tty crud !

iov2physical() is now smart enough to restore the correct stack of
layers so that MP servers will work again.

The version number has bumped as our MP link transfer contents have
changed (they now may contain a `struct device').

Don't extract the protocol twice in MP mode (resulting in protocol
rejects for every MP packet). This was broken with my original
layering changes.

Add ``Physical'' and ``Sync'' log levels for logging the relevent
raw packets and add protocol-tracking LogDEBUG stuff in various
LayerPush & LayerPull functions.

Assign our physical device name for incoming tcp connections by
calling getpeername().

Assign our physical device name for incoming udp connections from
the address retrieved by the first recvfrom().

Revert to the previous behaviour of only doing a utmp
login if we're -direct on a tty device.

o Redesign the layering mechanism and make the aliasing code part of
the layering.

We now ``stack'' layers as soon as we open the device (when we figure
out what we're dealing with). A static set of `dispatch' routines are
also declared for dealing with incoming packets after they've been
`pulled' up through the stacked layers.

Physical devices are now assigned handlers based on the device type
when they're opened. For the moment there are three device types;
ttys, execs and tcps.

o Increment version number to 2.2
o Make an entry in [uw]tmp for non-tty -direct invocations (after
pap/chap authentication).
o Make throughput counters quad_t's
o Account for the absolute number of mbuf malloc()s and free()s in
``show mem''.
o ``show modem'' becomes ``show physical''.

Change ``set device'' so that it parses its arguments as one
device per argument rather than the old way of concatenating
everything then splitting the result at commas and whitespace.

Old syntax of ``set device /dev/cuaa0, /dev/cuaa1''
may no longer contain the comma, but syntax such as
``set device "!ssh host ppp -direct label"'' is now
possible.

Only call isatty() when we open our descriptor, and remember
the answer.

If we later get a descriptor exception from select(), we know
that it's a tty (isatty() returns 0 after the exception on a
tty) and remember to call modem_LogicalClose().

The upshot of it all is that descriptor exceptions dont leave
the tty locked any more.

If we've got a full output buffer queue and cannot send
anything for two mintues (see ``set choked'' and ``show
bundle''), nuke the ip, mp and link level buffer queues.

This should fix problems where ``ppp -auto'' seems to stop
responding after failing to connect to the peer a few times.

o Support callback types NONE, E.164, AUTH and CBCP.
(see the new ``set callback'' and ``set cbcp'' commands)
o Add a ``cbcp'' log level and mbuf type.
o Don't dump core when \T is given in ``set login'' or
``set hangup''.
o Allow ``*'' and blanks as placeholders in ppp.secret and
allow a fifth field for specifying auth/cbcp dialback
parameters.
o Remove a few extraneous #includes
o Define the default number of REQs (restart counter) in defs.h
rather than hardcoding ``5'' all over the place.
o Fix a few man page inconsistencies.

Remove redundant includes

o Move our prompt descriptor list outside of the bundle.
It's now dealt with by the `server' object. This simplifies
things as we only have one list of prompt descriptors and
the log_ routines check prompt::logactive to determine
whether it should be used for output.
o Include the MP socket UpdateSet() result in bundle::UpdateSet().
o Don't select on the tun device unless we're in NETWORK
phase or AUTO mode.
o Stop the idle timer when we go to DEAD phase. We may
have transferred a link and not had a chance to kill
it.
o Don't fail when trying to unlink our transferred datalink
from our descriptor lists just before the transfer.
o Add our link descriptor to the write set if we got a short
write the last time (physical::out is set).
o Log the connection source address when a connection is closed.
o Remove descriptor::next field. Descriptor lists are not required
any more.

MFMP: Make ppp multilink capable.
See the file README.changes, and re-read the man page.