Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Add "iface name" and "iface description" commands.

PR: 151400
Submitted by: Aragon Gouveia - aragon at phat dot za dot net with minor fixes
MFC after: 3 weeks

Send NAS-IP-Address as well as NAS-Identifier
Add ``disable NAS-IP-Address'' and ``disable NAS-Identifier'' options to
support pre-rfc2865 RADIUS servers.
This pushes our enable/disable items over the 32 bit limit, so reoganise
things to allow a bunch more options.
Go to version 3.4.1 so that any compatability problems can be identified.

Fix the build on 64-bit platforms.

Make ppp WARNS=5 clean

Include the correct file (stdarg.h) and use va_list rather than _BSD_VA_LIST_

Suggested by: mike

Remove whitespace at the end of lines.

Coerce pid_t to long rather than int for better portability.

Suggested by: Theo de Raadt <deraadt@openbsd.org>

Understand the Session-Timeout RADIUS attribute
Store the Filter-Id attribute (we don't do anything with it yet)

Submitted mostly by: andrew pavlov <and@kremenchug.net>

Tweak a data type from char * to u_char *

When it's necessary to kldload tun(4), don't forget to re-try to open
tun0.

Submitted by: qhwt@myrealbox.com

Add a sprinkling of mp_Down() calls to ensure that we don't think that
the multi-link NCP is up when it isn't.

Merge the NETGRAPH branch into HEAD. tty devices now use netgraph's line
discipline to do the async escaping, but no other benefits are available yet.

Change ``ifdef HAVE_DES'' to ``ifndef NODES'' for consistency.

Make the Makefile a little more sane WRT RELEASE_CRUNCH.

Add a ``log'' command for logging specific information.
Add an ``UPTIME'' variable to indicate the bundle uptime.

It's now possible to put something like this in ppp.linkdown
for a server setup:

MYADDR:
log Session closing: User USER, address HISADDR, up UPTIME

Fixed some memory leakage with commands that expand words.
Made some functions static.
Fixed a diagnostic bug (iface add .... SIOCDIFADDR)

Hopefully improve control message passing over Unix domain sockets.

1) Allow the sending of more than one control message at a time
over a unix domain socket. This should cover the PR 29499.

2) This requires that unp_{ex,in}ternalize and unp_scan understand
mbufs with more than one control message at a time.

3) Internalize and externalize used to work on the mbuf in-place.
This made life quite complicated and the code for sizeof(int) <
sizeof(file *) could end up doing the wrong thing. The patch always
create a new mbuf/cluster now. This resulted in the change of the
prototype for the domain externalise function.

4) You can now send SCM_TIMESTAMP messages.

5) Always use CMSG_DATA(cm) to determine the start where the data
in unp_{ex,in}ternalize. It was using ((struct cmsghdr *)cm + 1)
in some places, which gives the wrong alignment on the alpha.
(NetBSD made this fix some time ago).

This results in an ABI change for discriptor passing and creds
passing on the alpha. (Probably on the IA64 and Spare ports too).

6) Fix userland programs to use CMSG_* macros too.

7) Be more careful about freeing mbufs containing (file *)s.
This is made possible by the prototype change of externalise.

PR: 29499
MFC after: 6 weeks

o Enable IFF_MULTICAST when first opening the tun device (and keep the flag
when we ioctl(TUNSIFINFO) under OpenBSD)
o Don't bring the interface up immediately
o Don't complain about unrecognised interface flags in ``show iface''.

Back out the previous fix to deal with kernels that don't support IPv6,
and implement a far more subtle and correct fix.

The reason behind the infinite loop was that ppp was trying to make up
initial IPv6 numbers and wasn't giving up when it failed unexpectedly to
assign the addresses it just fabricated to it's interface (thinking that
the reason was because another interface was using the same address).
It now attempts this up to 100 times before just failing and trying to
muddle along (in reality, this should never happen more than a couple
of times unless our random number generator doesn't work).

Also, when IPv6 is not available, don't even try to assign the IPv6
interface address in the first place...

Run correctly on a machine built without AF_INET6 support

Probe for the availability of AF_INET6 at startup. If it's not
available, default ipv6cp to disabled and refuse to let the user
enable it.

o Add ipv6 support, abstracting most NCP addresses into opaque
structures (well, they're treated as opaque).

It's now possible to manage IPv6 interface addresses and routing
table entries and to filter IPV6 traffic whether encapsulated or
not.

IPV6CP support is crude for now, and hasn't been tested against
any other implementations.

RADIUS and IPv6 are independent of eachother for now.

ppp.linkup/ppp.linkdown aren't currently used by IPV6CP

o Understand all protocols(5) in filter rules rather than only a select
few.

o Allow a mask specification for the ``delete'' command. It's now
possible to specifically delete one of two conflicting routes.

o When creating and deleting proxy arp entries, do it for all IPv4
interface addresses rather than doing it just for the ``current''
peer address.

o When iface-alias isn't in effect, don't blow away manually (via ``iface
add'') added interface addresses.

o When listening on a tcp server (diagnostic) socket, bind so that a
tcp46 socket is created -- allowing both IPv4 and IPv6 connections.

o When displaying ICMP traffic, don't display the icmp type twice.
When display traffic, display at least some information about unrecognised
traffic.

o Bump version

Inspired after filtering work by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>

Reduce the interface MTU by 2 when MPPE has been successfully negotiated.

This is necessary because MPPE will combine the protocol id with the
payload received on the tun interface, encrypt it, then prepend its
own protocol id, effectively increasing the payload by two bytes.

Handle hardware-imposed MTU/MRU limitations. PPPoE will no longer
allow MRU/MTU negotiations to exceed 1492.

Add an optional ``max'' specifier to ``set m[rt]u'', ie.

set mtu max 1480

Bump the ppp version number.

Sponsored by: Monzoon Networks AG and FreeBSD Services Limited

When we change the interface MTU, run through the routing table and tweak
all route MTUs too.

Bring the PPPoE interface UP if required

Suggested by: archie

Deal with ENOENT properly on non-devfs machines
Broken in revision 1.109

MAXPATHLEN -> PATH_MAX
Don't assume MAXHOSTNAMELEN includes the NUL
Correct a diagnostic
Use "localhost" in our prompt instead of ""

MPPE_MasterKeyValid is only there if HAVE_DES is defined.

Make the MPPE MasterKey Invalid messages a bit clearer (it now
complains that you can't do MPPE without CHAP81).

Reset MasterKeyValid to zero when we hit phase DEAD.

Untangle some cunfusion between the CLOSE_STAYDOWN, CLOSE_LCP and
CLOSE_NORMAL meanings. CLOSE_NORMAL doesn't change the currently
required state, the others do. This should stop ppp from entering
DATALINK_READY when LCP shutdown doesn't end up happening cleanly.

Bump our version number to reflect this change.

Try to kldload if_tun if we get ENOENT from opening /dev/tunN -
not just if we get ENXIO.

This makes ppp work with DEVFS when if_tun isn't built into
the kernel (without needing to manually kldload it).

Only remove socket files with ``set server open''.
Only show the mask in ``show bundle'' when it's been specified.
Complain about unexpected arguments after ``set server {none,open,closed}''
Log re-open failures as warnings rather than phase messages.
Fix some markup for the ``set server'' man page description.

Allow ``set server closed'' to close the diagnostic socket.
Allow ``set server open'' to re-open the diagnostic socket.
Handle SIGUSR1 by re-opening the diagnostic socket
When receiving SIGUSR2 (and in ``set server none''), don't forget the
socket details so that ``set server open'' and SIGUSR1 open it again.

Don't create the diagnostic socket as uid 0 ! It's far to dangerous.

Add ``enable/disable tcpmssfixup'', defaulting to enabled.

Suggested by: julian
Hijacked from: ru (ports/net/tcpmssd)

Support radius accounting, and add a packet count to throughput
statistics as a side effect.

Submitted by: Marcin Cieslak <saper@system.pl>

with some tweaks to RAD_ACCT_SESSION_ID and
RAD_ACCT_MULTI_SESSION_ID generation by me.

Make -DNOSUID (or -DPPP_NOSUID) possible to build ppp without SUID
capabilities.

setproctitle() doesn't need to be called with root privs, so move
it from id.c into defs.c

Maintain input and output throughput averages and choose the highest
of the two when calculating the MP throughput average for the ``set
autoload'' implementation.

This makes more sense as all links I know of are full-duplex. This
also means that people may need to adjust their autoload settings
as 100% bandwidth is now the theoretical maximum rather than 200%
(but of course, halfing the current settings is probably not the
correct answer either!).

This involves a ppp version bump as we need to pass an extra
throughput array through the MP local domain socket.

Calculate the average link throughput using a counter based on the
cumulative total of all active links rather than basing it on the
total of PROTO_MP traffic.

This fixes a problem whereby Cisco routers send PROTO_IP packets only
when there's only one link (hmm, what a good idea!).

Allow a ``timeout secs'' filter option to let specific packet types
effect the idle timer in different ways.

Submitted by: Stefan Esser <se@freebsd.org>

With adjustments by me to document the option in the man page and to
give the same semantics for outgoing traffic as incoming.

I made the style more consistent in ip.c - this should really have
been done as a separate commit.

Fix -auto breakage introduced with the last commit.

o Log the (payload/size) of all packet types, not just TCP packets

o If the new ``filter-decapsulation'' is enabled, delve into UDP packets
that contain 0xff 0x03 as the first two bytes, and if we recognise it
as PROTO_IP, decapsulate it for the purpose of filter checking.

If we recognise it as PROTO_<anything else> mention this for logging
purposes only.

This change is aimed at people running PPPoUDP where the UDP traffic is
being sent over another PPP link. It's desireable to have the top level
link connected all the time, but to have the bottom level link capable
of decapsulating the traffic and comparing the payload against the filters,
thus allowing ``set filter dial ...'' to work in tunnelled environments.

The caveat here is that the top ppp cannot employ any compression layers
without making the data unreadable for the bottom ppp. ``disable deflate
pred1 vj'' and ``deny deflate pred1 vj'' is suggested.

Fix a printf-style arg cast (again)

Fix a printf-style format error

Add ``set ifqueue'' to control the size of the outgoing packet
queue. Doing ``set ifqueue 0'' and ``set urgent none'' will allow
full use of luigi's WF2Q code.

Requested by: luigi

Use mp_CheckAutoloadTimer() rather than mp_StopAutoloadTimer()
when opening or closing an auto link due to the autoload
setting.

Spotted by: David Hedley <david@inty.co.uk>

When we do a ``dial'' or ``open'' from DATALINK_READY, go to
DATALINK_CARRIER and turn off scripting.

This should fix instances where ``term'' is used followed by ~.
and then ``dial''/``open'' (it currently just sits there looking
at you).

Reported by: Tim Vanderhoek <vanderh@ecf.utoronto.ca>

When running ppp -background, show comfort messages showing
when we're redialing/reconnecting.

While we're here, log redial, reconnect and phone number
announcements to LogCHAT, and reduce some other logging to
LogDEBUG.

I didn't get this right the last time....

When an NCP reaches TLF, *ONLY* datalink_Close() links that are
in DATALINK_OPEN.

When the last link reaches TLD, DOWN all NCPs (as we used to in the
links TLF (which was the wrong place anyway)), as the NCPs aren't
now going to datalink_Close() us unexpectedly, we get to continue
doing what we were told to do in the first place.

The result: When we lose a link, the IPCP layer goes down and
we actually call the stuff in ppp.linkdown !

Correct the parent notification diagnostic emitted from the child
process in -background mode (it should report failure if appropriate).

If a links LCP FSM has reached TLF and it's the last link,
don't bother to re-initialise the NCPs. Instead wait for
bundle_LinkClosed() to be called - IFF it actually is called.

By initialising the NCPs at this point, ppp was recursing
back into the fsm_Down() routing for the link, and losing
track of the reason that the link was being brought down.
The end result was that ``set reconnect'' would never do
anything.

Patiently pointed out by: ru

Add the ``resolv'' command for telling ppp how to deal with resolv.conf.
You can now ``resolv restore'' in ppp.linkdown !
Add DNS0 and DNS1 macros.

Fix some printf-style argument bugs

Correct some typos introduced in the descriptor -> fdescriptor change.

To avoid namespace polution in NetBSD:

``struct descriptor'' -> ``struct fdescriptor''

Handle the availability of TUNSIFHEAD. If it's there, use it.

For the moment this is just overhead, but it'll be used for INET6
support later.

Use TUNSIFPID when we change our PID (if it exists).

Correct usages of getuid() and geteuid()

Pointed out by: billf

Add a bunch of `const's and fix a typo.

Submitted by: Rich Neswold <rneswold@MCS.Net>

Don't bother fork()ing after closing a ctty if ppp is about to
terminate anyway.

Cosmetic: Make struct mbuf more like kernel mbufs.

Change the way we transfer links (again). The previous
method avoided all race conditions, but suffered from
sometimes running out of buffer space if enough clients
were piled up at the same time.

Now, the client pushes the link descriptor, one end of a
socketpair() and the ppp version via sendmsg() at the
server. The server replies with a pid. The client then
transfers any link lock with uu_lock_txfr() and writev()s
the actual link contents. The socketpair is now the only
place we need to have large socket buffers and the bind()ed
socket can keep the default 4k buffer while still handling
around 90 racing clients.

Make -foreground a proper option (allowing ``allow mode foreground'',
``set mode foreground'' etc.

Rewrite the link descriptor transfer code in MP mode.

Previously, ppp attempted to bind() to a local domain tcp socket
based on the peer authname & enddisc. If it succeeded, it listen()ed
and became MP server. If it failed, it connect()ed and became MP
client. The server then select()ed on the descriptor, accept()ed
it and wrote its pid to it then read the link data & link file descriptor,
and finally sent an ack (``!''). The client would read() the server
pid, transfer the link lock to that pid, send the link data & descriptor
and read the ack. It would then close the descriptor and clean up.

There was a race between the bind() and listen() where someone could
attempt to connect() and fail.

This change removes the race. Now ppp makes the RCVBUF big enough on a
socket descriptor and attempts to bind() to a local domain *udp* socket
(same name as before). If it succeeds, it becomes MP server. If it
fails, it sets the SNDBUF and connect()s, becoming MP client. The server
select()s on the descriptor and recvmsg()s the message, insisting on at
least two descriptors (plus the link data). It uses the second descriptor
to write() its pid then read()s an ack (``!''). The client creates a
socketpair() and sendmsg()s the link data, link descriptor and one of
the socketpair descriptors. It then read()s the server pid from the
other socketpair descriptor, transfers any locks and write()s an ack.

Now, there can be no race, and a connect() failure indicates a stale
socket file.

This also fixes MP ppp over ethernet, where the struct msghdr was being
misconstructed when transferring the control socket descriptor.

Also, if we fail to send the link, don't hang around in a ``session
owner'' state, just do the setsid() and fork() if it's required to
disown a tty.

UDP idea suggested by: Chris Bennet from Mindspring at FreeBSDCon

Don't setuid() 'till we've called ID0setproctitle()

Fix ``set proctitle'' by using setproctitle().

Use modfind() to check if a kld is already loaded.

Submitted mostly by: green

Support PPPoE

Help (lots) from: julian, archie
Facilities from: ahebert@pubnix.net

Add the -unit command line switch for specifying the tun device.
Warn about -alias being depricated (but still allow it).
Don't moan twice about failing to open any tun device.
Fix a diagnostic and add the -quiet switch to the usage message.

When we get the last NCP TLD, close all datalinks with CLOSE_STAYDOWN
rather than CLOSE_NORMAL.

Bring links down gently when their throughput isn't enough for
the ``set autoload'' value. Don't just ``down'' the link.
Don't get stuck in ``ready'' the first time we ``close'' a link.

Do a kldload() if we get ENXIO trying to open /dev/tun0

Originally submitted by: green

Back out the bogus #ifdef __NetBSD__ #include <signal.h> lines.
The original report was due to a mis-installation of the NetBS
header files :-/

Submitted by: Kazuyoshi Kato <kazk@yyy.or.jp>

NetBSD has moved ``extern int errno;'' to signal.h :-/

Submitted by: Kazuyoshi Kato <kazk@yyy.or.jp>

o Split the two IPCP queues into three - one for FSM data
(LCP/CCP/IPCP), one for urgent IP traffic and one for
everything else.
o Add the ``set urgent'' command for adjusting the list of
urgent port numbers. The default urgent ports are 21, 22,
23, 513, 514, 543 and 544 (Ports 80 and 81 have been
removed from the default priority list).
o Increase the buffered packet threshold from 20 to 30.
o Report the number of packets in the IP output queue and the
list of urgent ports under ``show ipcp''.

$Id$ -> $FreeBSD$

o Add the -foreground switch. This switch behaves like -background except
that ppp stays in the foreground.
o Add the -quiet switch to quieten ppps startup
o Add the -nat flag and discourage the use of the -alias flag. Both do
the same thing.
o Correct some nat usage strings.
o Change the internal ``alias'' command to ``nat''.

Implement a minimum idle time value as an optional second argument
to ``set timeout''.
This is useful for situations where your minimum call charge is (say)
5 minutes (like mine is)

Change printf formats %q[du] -> %ll[du]

Add ISDN support via isdnd & i4b. This requires version
0.81.1 of the i4b code - namely support of the I4B_VR_REQ
ioctl via the i4brbchX device.

Ppp controls the phone number, but idle timers and
SYNC/RAW decisions are still made by isdnd (in isdnd.rc).

This involves a new datalink state machine phase. The
``wait for carrier'' phase happens after dialing but
before logging in. The whole dial state should really
be abstracted so that each device type can deal with it
in its own way (thinking about PPPoE) - but that'll have
to wait.

The ``set cd'' symantics remain the same for tty devices,
but we now delay until we either get CD or timeout waiting
(at which time we drop the link if we require CD).

For i4b devices we always insist on carrier.

Thanks to hm@ for his help, and especially for pointing out
that I *don't* need to re-implement isdnd (that was a huge
waste of time !) :-]

o Obsolete the undocumented ``set weight'' command.
o If we're using RADIUS and the RADIUS mtu is less than our
peers mru/mrru, reduce our mtu to this value for NetBSD too.
o Make struct throughput's sample period dynamic and tweak the ppp
version number to reflect the extra stuff being passed through
the local domain socket as a result (MP mode).
o Measure the current throughput based on the number of samples actually
taken rather than on the full sample period.
o Keep the throughput statisics persistent while being passed to
another ppp invocation through the local domain socket.
o When showing throughput statistics after the timer has stopped, use
the stopped time for overall calculations, not the current time.
Also show the stopped time and how long the current throughput has
been sampled for.
o Use time() consistently in throughput.c
o Tighten up the ``show bundle'' output.
o Introduce the ``set bandwidth'' command.
o Rewrite the ``set autoload'' command. It now takes three arguments
and works based on a rolling bundle throughput average compared against
the theoretical bundle bandwidth over a given period (read: it's now
functional).

o Overhaul filtering, adding facilities to jump over rules and to
negate the sense of rules.
o Remove the redundant (and undocumented) ``host'' and ``port''
words (README.changes updated).
o Don't permit (and ignore) garbage instead of the protocol.

Mostly submitted by: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au>

Disable TUNSLMODE when we first open the tun device.

Submitted by: Ian West <ian@niw.com.au>

Introduce the ``keep-session'' option. Refer to the man
page for details. This allows MP over non-tty devices where
the original ppp process must not exit (such as sshd-spawned
ppp sessions).

Remember if MYADDR or HISADDR is used in a filter add tweak all
filters any time either value changes.

Move the code for tweaking interface flags into one function.

Allow ``host:port/udp'' devices and support ``host:port/tcp'' as
being the same as the previous (still supported) ``host:port''
syntax for tcp socket devices.

A udp device uses synchronous ppp rather than async, and avoids
the double-retransmit overhead that comes with ppp over tcp (it's
usually a bad idea to transport IP over a reliable transport that
itself is using an unreliable transport). PPP over UDP provides
througput of ** 1.5Mb per second ** with all compression disabled,
maxing out a PPro/200 when running ppp twice, back-to-back.

This proves that PPPoE is plausable in userland....

This change adds a few more handler functions to struct device and
allows derivations of struct device (which may contain their own
data etc) to pass themselves through the unix domain socket for MP.
** At last **, struct physical has lost all the tty crud !

iov2physical() is now smart enough to restore the correct stack of
layers so that MP servers will work again.

The version number has bumped as our MP link transfer contents have
changed (they now may contain a `struct device').

Don't extract the protocol twice in MP mode (resulting in protocol
rejects for every MP packet). This was broken with my original
layering changes.

Add ``Physical'' and ``Sync'' log levels for logging the relevent
raw packets and add protocol-tracking LogDEBUG stuff in various
LayerPush & LayerPull functions.

Assign our physical device name for incoming tcp connections by
calling getpeername().

Assign our physical device name for incoming udp connections from
the address retrieved by the first recvfrom().

o Redesign the layering mechanism and make the aliasing code part of
the layering.

We now ``stack'' layers as soon as we open the device (when we figure
out what we're dealing with). A static set of `dispatch' routines are
also declared for dealing with incoming packets after they've been
`pulled' up through the stacked layers.

Physical devices are now assigned handlers based on the device type
when they're opened. For the moment there are three device types;
ttys, execs and tcps.

o Increment version number to 2.2
o Make an entry in [uw]tmp for non-tty -direct invocations (after
pap/chap authentication).
o Make throughput counters quad_t's
o Account for the absolute number of mbuf malloc()s and free()s in
``show mem''.
o ``show modem'' becomes ``show physical''.

Add support for NetBSD

Undo possible damage done by the new TUNSIFMODE ioctl
in FreeBSD-current.

Read from fd[0] and write to fd[1] where `fd' is the
result of a pipe(). This matters under OpenBSD.

Extend the ``set redial'' command to allow incremental
redial timeouts.

Bring up auto links despite there being no data queued if
we're already in network phase and our autoload values
are set with no minimum threshold (the default).

Tell the autoload timer that it's ``coming up'' *before*
calling AutoLoadTimeout() directly... not after. This
prevents the very first demand-dial connection from
immediately disconnecting when there are other auto links.

Problem diagnosis: Ted Mittelstaedt <tedm@toybox.placo.com>

Don't immediately bring auto links back up in multilink
mode (when there is more than one auto link) if there is
no data queued to go out.
Reviewed by: Tom Torrance <tom@tomqnx.com>

Decouple pap & chap output routines from the corresponding
input routines and take advantage of the new init/continue
interface in libradius. This allows a timely response on
other links in an MP setup while RADIUS requests are in
progress as well as the ability to handle other data from
the peer in parallel. It should also make the future addition
of PAM support trivial.

While I'm in there, validate pap & chap header IDs if
``idcheck'' is enabled (the default) for other FSM packet
types.

NOTE: This involved integrating the generation of chap
challenges and the validation of chap responses
(and commenting what's going on in those routines).
I currently have no way of testing ppps ability
to respond to M$Chap CHALLENGEs correctly, so if
someone could do the honours, it'd be much
appreciated (it *looks* ok!).

Sponsored by: Internet Business Solutions Ltd., Switzerland

Initial RADIUS support (using libradius). See the man page for
details. Compiling with -DNORADIUS (the default for `release')
removes support.

TODO: The functionality in libradius::rad_send_request() needs
to be supplied as a set of routines so that ppp doesn't
have to wait indefinitely for the radius server(s). Instead,
we need to get a descriptor back, select() on the descriptor,
and ask libradius to service it when necessary.
For now, ppp blocks SIGALRM while in rad_send_request(), so
it misses PAP/CHAP retries & timeouts if they occur.

Only PAP is functional. When CHAP is attempted, libradius
complains that no User-Password has been specified... rfc2138
says that it *mustn't* be used for CHAP :-(

Sponsored by: Internet Business Solutions Ltd., Switzerland

Don't warn when ``add xxxx HISADDR'' fails because HISADDR
is 0.0.0.0. This isn't a problem as the sticky route is still
added.
Suggested by: Chris Timmons <skynyrd@opus.cts.cwu.edu>

Rather than interrupting 10 times per second then checking
to see if there's anything to do, schedule the next alarm
based on the next required timeout.
This decreases the load when there are lots of relatively
idle ppp processes.

While I'm in there, handle the possibility that a timeout
makes the timer element go out of scope by grabbing the
enext pointer before executing the timer function.

When using ``set device !someprogram'', when ``someprogram''
exits, it causes a select() exception.
Handle these select() exceptions on link descriptors in pretty
much the same way as loss of carrier rather than dropping out
in confusion.

Don't call PacketAliasIn() when we turn around packets destined
for our interface address. We're about to call ip_Input()
anyway, and ip_Input() does the PacketAliasIn().
Stack trace provided by: Cameron Grant <gandalf@vilnya.demon.co.uk>

Add ``set proctitle'' for changing argv[0]. All substitutions
are done in the same way as command execution.

For example, ``set proctitle USER INTERFACE PROCESSID'' would
be useful in a -direct profile for identifying who's connected.

Add ``enable proxyall'' support. This adds proxy ARP entries
for every machine on every class C or smaller subnet that we
route to.
Add ``set {send,recv}pipe'' for controlling our socket buffer
sizes.
Mention the IP number with the problem in a few error messages.
All submitted by: Craig Leres <leres@ee.lbl.gov>
Modified slightly by: me

Loosen our restrictions on setting enddisc, mrru,
shortseq, authname and authkey.

o Auth{name,key} may additionally be set in PHASE_ESTABLISH.
o The others may be set in PHASE_ESTABLISH as long as no links
have yet reached DATALINK_LCP.

Solve the ``first connection'' problem that occurs on
demand-dial links with dynamic IP numbers where the program
that causes the dial bind()s to an interface address that is
subsequently changed after ppp negotiation.

The problem is defeated by adding negotiated addresses to the
tun interface as additional alias addresses and providing a set
of ``iface'' commands for managing the interface. Libalias is
also required (and what a name clash!) - it happily IP-aliases
the address so that the source is that of the primary (negotiated)
interface and un-IP-aliases it on the way back.

An ``enable iface-alias'' is done implicitly by the -alias command
line switch. If -alias isn't given, iface-aliasing is disabled by
default and can't be enabled 'till an ``alias enable yes'' is done.
``alias enable no'' silently disables iface-alias.

So, for dynamic-IP-type-connections, running ``ppp -alias -auto blah''
will work for the first connection, although existing bindings will
not survive a disconnect/connect as the TCP peer will be trying to
send to the old IP address - the packets won't route.

It's now a lot easier to add IPXCP to ppp with minor updates to
the new iface.[ch] (if anyone ever gets 'round to it).

It's also now possible to manually add interface aliases with
something like ``iface add 1.2.3.4/24 5.6.7.8''. This allows
multi-homed ppp links :-)

Sync with OpenBSD ifdefs

Put the IP buffer queues into struct ipcp.
Forgotten by: me

If we've got a full output buffer queue and cannot send
anything for two mintues (see ``set choked'' and ``show
bundle''), nuke the ip, mp and link level buffer queues.

This should fix problems where ``ppp -auto'' seems to stop
responding after failing to connect to the peer a few times.

When entering ``term'' mode, don't output any messages until
the device is successfully opened. If we fail to open it,
mention the fact.
Also go back into command mode as soon as the device is closed
rather than waiting for the user to type something before noticing.

o Support callback types NONE, E.164, AUTH and CBCP.
(see the new ``set callback'' and ``set cbcp'' commands)
o Add a ``cbcp'' log level and mbuf type.
o Don't dump core when \T is given in ``set login'' or
``set hangup''.
o Allow ``*'' and blanks as placeholders in ppp.secret and
allow a fifth field for specifying auth/cbcp dialback
parameters.
o Remove a few extraneous #includes
o Define the default number of REQs (restart counter) in defs.h
rather than hardcoding ``5'' all over the place.
o Fix a few man page inconsistencies.

On receipt of a sig 15, do a full bundle_Close() even if
our current phase is PHASE_DEAD as it's possible that there
are links stuck in OPENING waiting for a redial timer.

Allow an optional ``!'' in the open, dial & call commands.
When used, the redial timer is ignored and the modem is
opened immediately.

Silence ``Network unreachable'' warnings when using
``add .... HISADDR''. The network will never be
reachable at this point unless we're in -auto or reading
the command from ppp.linkup.

We can now run the following lines and get the expected
results:

set ifaddr 1.2.3.4/0 5.6.7.8/0
add default HISADDR

where a route is added immediately in auto mode and the
whole thing is delayed 'till the IP numbers have been
agreed in other modes.

Essentially, ppp.linkup is no longer required.

Remove redundant includes

Don't dlopen()/dlsym() libalias, use it in the same way
as the rest of the world uses libraries.

Cast void * to char * for log_Printf().

``struct tunnel_header'' -> u_int32_t in OpenBSD.
struct tunnel_header is going soon.

Suggested by: Theo

o If we come out of select() with only write descriptors that
end up writing zero bytes, sleep for 1/10 of a second so that
we don't end up using up too much cpu.
This should only ever happen on systems that wrongly report a
descriptor as writable despite the tty buffer being full.
Discussed with: Jeff Evarts

o Do an initial run-time check to see if select() alters the passed
timeval. This knowledge isn't yet used, but will be soon.

Re-initialise our timer service after fork()ing
to lose our terminal session. Is this a bug in
setitimer() ? - it must be called again in the
child !

Create & use fsm2initial(), a function to bring a
state machine back to ST_INITIAL without going
through any unnecessary TLS/TLF pairs.

Make sure our recvmsg() is a SCM_RIGHTS message when
we receive a link from another ppp.

Change some log levels. ALERTs are only logged when
something that can't happen happens or when everyone
needs to know. ERRORs are only logged when something
unexpected happens.

Don't bring the modem offline or hangup when ``down lcp''
is done. Instead, behave like ``close lcp''.

Fix a rather nasty use of `static'. This caused a SEGV
when running ``link * load label'' as we ended up recursing
back into command_Interpret after nuking our command arg list.

Make `close lcp' just close the LCP layer and not hangup. This is
useful for slirp users that wish to get their shell back after the
ppp session. `close' with no args still hangs up as expected.
Required by: jmz

o Maintain a link-type mask for open datalinks as well as
for all datalinks in a bundle. Ppp now deals correctly
with link types that are changed while open
o When changing the type of the last AUTO link, only clear
the interface if we're not in PHASE_NETWORK. This allows
us to switch to -ddial mode while we have a connection
without suddenly unexpectedly throttling ourselves by
clearing the interface configuration.
Problem area noted by: Aaron Jeremias Luz <aaron@csh.rit.edu>

Update the write descriptor selection set for our data links
*after* shuffling fragments from the IP queue into the
individual link queues.

This fixes a latency problem pointed out by: Bruce Evans <bde@zeta.org.au>

Put the correct pid in /var/run/tunX.pid
Suggested by: many

o If there's a session leader left running for a descriptor
that we're now closing, manually HUP that session leader
so that the tty is fully released.
o Always restart our carrier detect timer in the receiving
process if it was running in the sending process (as we
now *always* pass the descriptor).
o Tweak argv when we go into pause() mode to keep our session
so that ps can see what's going on (without checking for a
`pause' state in `ps -l').

o Make modes consistent throughout ppp. The same strings are used
in `set mode', `allow modes', on the command line and when
outputting mode names. The strings are matched so that only
enough characters to uniquely identify the string are required,
so you can now

ppp -a mylabel (for auto mode)
ppp -b mylabel (for background mode)
ppp -dd mylabel (for direct dial mode)

etc.
o Make -ddial dial when specified on the command line (oops).
Pointed out by: Alex <garbanzo@hooked.net>

o #define the name "tun" in defs.h against the future possibility
of supporting architectures with different device names.
o Close /dev/tunX when destroying the bundle.
o Don't forget to close the parent end of the pipe in the child
process when exec'ing a program from a chat script.
o If we close our controlling terminal, ditch the current session
with it, allowing getty(8) (or whatever) to regain control.
o After transferring our controlling terminal descriptor to another
ppp instance, we now fork a new ppp to continue where we left off,
transferring ownership of all uucp locks and the /var/run/tunX.pid
file. Meanwhile the parent closes all file descriptors, defaults
all signals and does a pause() to wait for a HUP after the
transferred descriptor is finally closed.
We don't run /bin/cat any more (again!).

Suggested by: bde

TODO: It seems clocal devices need their pause()d session leader
to be given a manual HUP, as closing the last open descriptor
doesn't do the job.

o Don't forget to close our transfer socket if we cannot
generate the data to transfer.
o Transfer uucp lock ownership for the transferred device.
o Don't assume we know the correct values of dev_is_modem and
mbits after the transfer.

o Only do the /bin/cat bit when we're transferring our ctty.

o Don't try to transfer tty device descriptors as there's no way of
transferring session rights with them. Instead, create two
`/bin/cat' processes. A new child is spawned and disassociated from
the terminal and the parent, which continues with the rest of the ppp
process. Meanwhile, the parent spawns another child, and both the
parent and child exec the `/bin/cat' commands with the appropriate
descriptors. This way, the session is owned by the parent, and the
tty is held open.
o Close LCPs that have done a TLF and are now in ST_STOPPED before
calling Down. This prevents them from trying to come back up again
after the peer has shut them down (it seems a bit strange that the
rfc says that a Down in ST_STOPPED will cause a TLS etc).
o Don't try to set the physical link name pointer when we're receiving
and renaming a datalink. The physical hasn't been created yet, and as
it happens, the garbage physical pointer happens to be the value of another
physical - so we're pointing that other physical name at ourselves.
yeuck.
o Re-arrange the order of things in main (DoLoop()). We now handle
signals only after the select and not before the UpdateSet. It's
possible that either a signal (FSM timeout) or a descriptor_Read()
brings a link down, after which we'd better tidy up any dead direct
and 1off descriptors before calling UpdateSet() again.
o Mention when we detect a PPP packet when we see one before the link
is up (then start LCP as before).

Show the link mode in `show links'.

Oops - patch failed in last commit ????

o Move our prompt descriptor list outside of the bundle.
It's now dealt with by the `server' object. This simplifies
things as we only have one list of prompt descriptors and
the log_ routines check prompt::logactive to determine
whether it should be used for output.
o Include the MP socket UpdateSet() result in bundle::UpdateSet().
o Don't select on the tun device unless we're in NETWORK
phase or AUTO mode.
o Stop the idle timer when we go to DEAD phase. We may
have transferred a link and not had a chance to kill
it.
o Don't fail when trying to unlink our transferred datalink
from our descriptor lists just before the transfer.
o Add our link descriptor to the write set if we got a short
write the last time (physical::out is set).
o Log the connection source address when a connection is closed.
o Remove descriptor::next field. Descriptor lists are not required
any more.

o Make sure we adjust our min seq and process any outstanding queued
incoming fragments when a link goes down.
o Don't use the minimum sequence numbers of links that aren't open.
o Understand sequence number wrapping when determining the minimum
sequence number.
o Add & adjust a few comments.

MFMP: Make ppp multilink capable.
See the file README.changes, and re-read the man page.