Remove $FreeBSD$: two-line nroff pattern

Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/

Bump .Dd for recently modified manual pages

During the removal of named(8) references, some pages were modified but their
.Dd where not updated accordingly.

Reported by: lwhsu@
Fixes: 942e234d868d

Remove references to named(8)

named(8) hasn't been in base for some time. Remove all references to it in
manual pages.

Approved by: manpages (Pau Amma)
Differential Revision: https://reviews.freebsd.org/D35586

sys/*/conf/*, docs: fix links to handbook

While here, fix all links to older en_US.ISO8859-1 documentation
in the src/ tree.

PR: 255026
Reported by: Michael Büker <freebsd@michael-bueker.de>
Reviewed by: dbaio
Approved by: blackend (mentor), re (gjb)
MFC after: 10 days
Differential Revision: https://reviews.freebsd.org/D30265

ppp: Document the fact that ppp_nat is enabled by default

No functional change.

PR: 243062
Submitted by: Evilham <contact@evilham.com> (original version)
MFC after: 2 weeks
Sponsored by: Klara Inc.
Event: July 2020 Bugathon
Differential Revision: https://reviews.freebsd.org/D25623

Add the possibility to mark packets urgent based on their length.

This allows preferring small (e.g. ACK) packets, in upload heavy
environments.

It was already possible to mark packets urgent based on destination
port. This option piggy backs on that feature.

Update several more URLs

- Primarily http -> https
- Primarily FreeBSD project URLs

ftp.microsoft.com is dead and the document was not archived, point to the full
protocol spec document instead.
Fix spelling mistake flagged by igor.
Rephrase bad sentence flagged by igor.

Approved by: bcr (mentor)
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D10111

Fix a ton of speelling errors

arc lint is helpful

Reviewed By: allanjude, wblock, #manpages, chris@bsdjunk.com
Differential Revision: https://reviews.freebsd.org/D3337

use .Mt to mark up email addresses consistently (part2)

PR: 191174
Submitted by: Franco Fichtner <franco@lastsummer.de>

mdoc: minor paragraph fixes.

Move ppp.8.m4 back to ppp.8 and de-ifdef it.

Requested by: joel

MFC after: 1 week

Preprocess ppp.8.m4 into ppp.8, taking into account any compile time
options used to build ppp.

Currently, this is a no-op and only handles LOCALNAT and LOCALRAD cases.

This will be used for the upcoming ipv6 changes, and allows a shared
man page between OpenBSD and FreeBSD.

mdoc(7) police:

Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.

Add a ``nat punch_fw'' command for punching FTP and IRC DCC holes through
the firewall.

TCPMSS adjusts all TCP SYN packets, not just outgoing ones.

Pointed out by: ru

Remove whitespace at EOL.

mdoc(7) police: remove extraneous .Pp before and/or after .Sh.

Stay (backwards-)compatible with OpenBSD's groff

Add a ``nat proto'' command -- similar to natd(8)'s -redirect_proto switch.

MFC after: 3 weeks

Spell stateful properly

Inconsistently done by: brian
Spotted by: ru

mdoc(7) police: removed hard sentence breaks, sorted xrefs.

Avoid using too many args for ``set m[tr]u''

This needs to work with OpenBSD's groff too :(

Add support for stateful MPPE (microsoft encryption) providing
encryption compatibility with Windows 2000. Stateful encryption
uses less CPU but is bad on lossy transports.

The ``set mppe'' command has been expanded. If it's used with any
arguments, ppp will insist on encryption, closing LCP if the other
end refuses.

Unfortunately, Microsoft have abused the CCP reset request so that
receiving a reset request does not result in a reset ack when using
MPPE...

Sponsored by: Monzoon Networks AG and FreeBSD Services Limited

Handle hardware-imposed MTU/MRU limitations. PPPoE will no longer
allow MRU/MTU negotiations to exceed 1492.

Add an optional ``max'' specifier to ``set m[rt]u'', ie.

set mtu max 1480

Bump the ppp version number.

Sponsored by: Monzoon Networks AG and FreeBSD Services Limited

Correct cross-references:
ng_bpf.8 --> ng_bpf.4
ng_ether.8 --> ng_ether.4
ng_iface.8 --> ng_iface.4
ng_pppoe.8 --> ng_pppoe.4
ng_socket.8 --> ng_socket.4
ng_tty.8 --> ng_tty.4
ng_{type}.4 --> /dev/null

MFC after: 1 week

Add BSD style copyrights (with permission from Charles Mott where appropriate)
Deprecate -alias further (after a repo-copy)

Fix some quotes and mention that it's usually necessary to train
your modem to the correct speed when setting up an incoming getty.

Handle IP over IP (IPPROTO_IPV4) properly.

We now unwrap IP/IP and apply filter rules to both the outer
layer (with ``set filter blah x.x.x.x y.y.y.y ipip'') and to
the payload (reinterpreted by the filter rules).

``set log tcp/ip'' will now show both the outer wrapper and
the (reinterpreted) payload contents.

Add some comments to two examples and extend a ``set ifaddr''.

Talk a little more about the differences between PPPoE on FreeBSD & OpenBSD.

Eliminate mdocNG warnings caused by misplaced or extraneous macro calls.

mdoc(7) police: replace two -unfilled displays with -tag lists.
This works only because of bugs in current implementation: the
first .It after ``.Bd -unfilled'' re-enables filling mode and
does not restore (disable) it back afterwards.

mdoc(7) police: split punctuation characters + misc fixes.

Only remove socket files with ``set server open''.
Only show the mask in ``show bundle'' when it's been specified.
Complain about unexpected arguments after ``set server {none,open,closed}''
Log re-open failures as warnings rather than phase messages.
Fix some markup for the ``set server'' man page description.

Fix arg count

Allow ``set server closed'' to close the diagnostic socket.
Allow ``set server open'' to re-open the diagnostic socket.
Handle SIGUSR1 by re-opening the diagnostic socket
When receiving SIGUSR2 (and in ``set server none''), don't forget the
socket details so that ``set server open'' and SIGUSR1 open it again.

Don't create the diagnostic socket as uid 0 ! It's far to dangerous.

Fix for NetBSD where

.Oc Oc
.Xc

doesn't seem to work....

Prepare for mdoc(7)NG.

Add a missing dot.

Correct the documented default behaviour of mschap, mschap81 and MPPE.

Pointed out by: Mark Knight <markk@knigma.org>

mdoc(7) police: use canonical form of .Dd macro.

Add ``enable/disable tcpmssfixup'', defaulting to enabled.

Suggested by: julian
Hijacked from: ru (ports/net/tcpmssd)

various typo and minor punctuation changes.

PR: 23111
Submitted by: Jimmy Olgeni <olgeni@uli.it>

mdoc(7) police: use the new features of the Nm macro.

Some gratuitous whitespace changes.

Describe how to tunnel properly.

Requested by: Greg Quinlan <greg@macquarrie.com.au>

Be a bit more precise about what ``nat deny_incoming yes'' does.

Avoid use of direct troff requests in mdoc(7) manual pages.

Mention that ``nat deny_incoming'' drops unrecognised IP packets.

Requested by: kris

Add ``all'' logging.

Submitted by: eivind

Add MPPE and MSChap v2 support (denied and disabled by default)

Submitted by: Ustimenko Semen <semen@iclub.nsu.ru>

Fix resolv.conf line hint: "name-server" -> "nameserver"

Add LogFILTER logging to log packets allowed by the dial filter and
dropped by any filter.

Submitted by: Mark Hannon <markhannon@one.net.au>

with some small tweaks by me.

Maintain input and output throughput averages and choose the highest
of the two when calculating the MP throughput average for the ``set
autoload'' implementation.

This makes more sense as all links I know of are full-duplex. This
also means that people may need to adjust their autoload settings
as 100% bandwidth is now the theoretical maximum rather than 200%
(but of course, halfing the current settings is probably not the
correct answer either!).

This involves a ppp version bump as we need to pass an extra
throughput array through the MP local domain socket.

Index: ppp.8
===================================================================
RCS file: /home/ncvs/src/usr.sbin/ppp/ppp.8,v
retrieving revision 1.233
diff -u -r1.233 ppp.8
--- ppp.8 2000/08/10 13:26:01 1.233
+++ ppp.8 2000/08/12 19:50:41
@@ -1,8 +1,8 @@
.\" $FreeBSD: src/usr.sbin/ppp/ppp.8,v 1.233 2000/08/10 13:26:01 brian Exp $
.Dd 20 September 1995
.nr XX \w'\fC00'
-.Os FreeBSD
.Dt PPP 8
+.Os
.Sh NAME
.Nm ppp
.Nd Point to Point Protocol (a.k.a. user-ppp)

Mention that pppoe requires netgraph(4) and without it, an external
pppoe program must be used (such as pppoe(8) on OpenBSD).

Allow leading ``!'' characters in authkeys and chat scripts to
be doubled up to mean a single literaly ``!''.

Describe the new VERSION and COMPILATIONDATE macros and mention that the
``ident'' command will expand macros.

Support link identification from rfc1570
Two new commands are available; ``ident'' and ``sendident''.

Permit multiple ``allow user'' lines in any given section
This avoids line length limits when large numbers of users are allowed
access to ppp.

Correct ``set filter'' usage

Spotted by: sheldonh

Allow a ``timeout secs'' filter option to let specific packet types
effect the idle timer in different ways.

Submitted by: Stefan Esser <se@freebsd.org>

With adjustments by me to document the option in the man page and to
give the same semantics for outgoing traffic as incoming.

I made the style more consistent in ip.c - this should really have
been done as a separate commit.

o Log the (payload/size) of all packet types, not just TCP packets

o If the new ``filter-decapsulation'' is enabled, delve into UDP packets
that contain 0xff 0x03 as the first two bytes, and if we recognise it
as PROTO_IP, decapsulate it for the purpose of filter checking.

If we recognise it as PROTO_<anything else> mention this for logging
purposes only.

This change is aimed at people running PPPoUDP where the UDP traffic is
being sent over another PPP link. It's desireable to have the top level
link connected all the time, but to have the bottom level link capable
of decapsulating the traffic and comparing the payload against the filters,
thus allowing ``set filter dial ...'' to work in tunnelled environments.

The caveat here is that the top ppp cannot employ any compression layers
without making the data unreadable for the bottom ppp. ``disable deflate
pred1 vj'' and ``deny deflate pred1 vj'' is suggested.

e.g. -> e.g.,

Obtained from: OpenBSD

Remove ``nat pptp'' as this is now done transparently by libalias.

A few more hard-sentence breaks.

Hard sentence breaks and trailing space tidy-ups

Obtained from: OpenBSD

Add ``set ifqueue'' to control the size of the outgoing packet
queue. Doing ``set ifqueue 0'' and ``set urgent none'' will allow
full use of luigi's WF2Q code.

Requested by: luigi

Allow ``set urgent none'' to disable all urgent ports and IPTOS_LOWDELAY
prioritisation.

Requested by: luigi

The name /var/log/alias.log is *not* likely to change in the near
future...

Mention what ``enable proxy'' actually does

Mention that the default is to let external traffic route to
the internal network when NAT is enabled.

Allow ``set target MYADDR'' to stop packets at the gateway.

Use INADDR_NONE with PacketAliasSetTarget() if no args are given to
``nat target'', and suggest the use of ``nat target default'' as an
interesting possibility.

Add the ``nat target'' command.

Move a comment to make things a bit more readable.

Suggested by: sheldonh
Forgotten by: me

ppps -> ppp's; suggested by sheldonh
.Nm ppp -> .Nm; overlooked by me
Microsofts -> Microsoft's; OpenBSD

Add the ``resolv'' command for telling ppp how to deal with resolv.conf.
You can now ``resolv restore'' in ppp.linkdown !
Add DNS0 and DNS1 macros.

Fix some typos

Obtained from: OpenBSD

Add ``set log dns'' to log DNS QUERY packets.

This is invaluable for dial-on-demand connections...
In ppp.linkup:

set log -dns -tcp/ip

and in ppp.linkdown

set log +dns +tcp/ip

giving a much better account of why the link came up.

Remove more single-space hard sentence breaks.

Unbroke the reference to libalias(3).

Call serial devices ``cuaXX'' instead of ``cuaaX'' (in line
with OpenBSD conventions).

.Bl -tag requires -width too

Obtained from: OpenBSD

Mention that it's only necessary to escape the '-' in chat scripts
twice (once for the arg parsing and once to make it a normal character).
Make the man page example consistent.

Reminded by: Bryan Liesner <bleez@netaxs.com>

Change ``set cd'' so that its default value is device specific. The
default is still 1 second for ttys, but is now 6 seconds for i4b (ISDN)
devices and 5 seconds for ethernet (PPPoE) devices.

Don't insist on 4 digit umasks in ``set server''.

Pointed out by: joerg

Make the meaning of the provider part of the PPPoE device spec clearer.

Support PPPoE

Help (lots) from: julian, archie
Facilities from: ahebert@pubnix.net

Introduce ``set logout''; another chat script. This is in preparation
for the abstraction of ``set dial'' and ``set hangup''.

Add the -unit command line switch for specifying the tun device.
Warn about -alias being depricated (but still allow it).
Don't moan twice about failing to open any tun device.
Fix a diagnostic and add the -quiet switch to the usage message.

Support ``set cd off'' to tell ppp not to even look for carrier on the
device.

Typo

Submitted by: Alex Nash <nash@mcs.net>

Correct spelling : ascii -> ASCII

PR: docs/13702
Submitted by: Stephen J. Roznowski <sjr@home.com>
Reviewed by: mpp

Introduce a forth IP packet queue. Urgent packets with
ip_tos == IPTOS_LOWDELAY now get precidence over urgent
packets with ip_tos != IPTOS_LOWDELAY and non-urgent packets
with ip_tos == IPTOS_LOWDELAY.

Enhance the ``set urgent'' syntax to allow for urgent UDP
packets as well as urgent TCP packets.

o Split the two IPCP queues into three - one for FSM data
(LCP/CCP/IPCP), one for urgent IP traffic and one for
everything else.
o Add the ``set urgent'' command for adjusting the list of
urgent port numbers. The default urgent ports are 21, 22,
23, 513, 514, 543 and 544 (Ports 80 and 81 have been
removed from the default priority list).
o Increase the buffered packet threshold from 20 to 30.
o Report the number of packets in the IP output queue and the
list of urgent ports under ``show ipcp''.

$Id$ -> $FreeBSD$

Fix some mdoc(7) style inconsistences
Submitted by: Alexey M. Zelkin" <phantom@cris.net>

o Add the -foreground switch. This switch behaves like -background except
that ppp stays in the foreground.
o Add the -quiet switch to quieten ppps startup
o Add the -nat flag and discourage the use of the -alias flag. Both do
the same thing.
o Correct some nat usage strings.
o Change the internal ``alias'' command to ``nat''.

Mention ``alias enable no'', not ``alias enable off''.

Implement a minimum idle time value as an optional second argument
to ``set timeout''.
This is useful for situations where your minimum call charge is (say)
5 minutes (like mine is)

Add ISDN support via isdnd & i4b. This requires version
0.81.1 of the i4b code - namely support of the I4B_VR_REQ
ioctl via the i4brbchX device.

Ppp controls the phone number, but idle timers and
SYNC/RAW decisions are still made by isdnd (in isdnd.rc).

This involves a new datalink state machine phase. The
``wait for carrier'' phase happens after dialing but
before logging in. The whole dial state should really
be abstracted so that each device type can deal with it
in its own way (thinking about PPPoE) - but that'll have
to wait.

The ``set cd'' symantics remain the same for tty devices,
but we now delay until we either get CD or timeout waiting
(at which time we drop the link if we require CD).

For i4b devices we always insist on carrier.

Thanks to hm@ for his help, and especially for pointing out
that I *don't* need to re-implement isdnd (that was a huge
waste of time !) :-]

o Obsolete the undocumented ``set weight'' command.
o If we're using RADIUS and the RADIUS mtu is less than our
peers mru/mrru, reduce our mtu to this value for NetBSD too.
o Make struct throughput's sample period dynamic and tweak the ppp
version number to reflect the extra stuff being passed through
the local domain socket as a result (MP mode).
o Measure the current throughput based on the number of samples actually
taken rather than on the full sample period.
o Keep the throughput statisics persistent while being passed to
another ppp invocation through the local domain socket.
o When showing throughput statistics after the timer has stopped, use
the stopped time for overall calculations, not the current time.
Also show the stopped time and how long the current throughput has
been sampled for.
o Use time() consistently in throughput.c
o Tighten up the ``show bundle'' output.
o Introduce the ``set bandwidth'' command.
o Rewrite the ``set autoload'' command. It now takes three arguments
and works based on a rolling bundle throughput average compared against
the theoretical bundle bandwidth over a given period (read: it's now
functional).

Reorganise ppp's usage to avoid some mandoc limitations.
Suggested by: wollman

Mention that ospf is a possible filter protocol.

Mention which rfc the DNS/NBNS IPCP extensions come from.

Fix a load of typos
Use sizeof, not a hardcode value.

Some of it submitted by: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au>

o Overhaul filtering, adding facilities to jump over rules and to
negate the sense of rules.
o Remove the redundant (and undocumented) ``host'' and ``port''
words (README.changes updated).
o Don't permit (and ignore) garbage instead of the protocol.

Mostly submitted by: Peter Jeremy <jeremyp@gsmx07.alcatel.com.au>

If we've negotiated CBCP and have also specified ``none'' as a possible
callback option, and the server sends us CBCP_NONUM, proceed directly
to the network phase rather than insisting on our configured CBCP
option.

Mostly submitted by: kkphang <phang@dgate.po.my>

Be a bit more consistent with variable names.

Fix an off-by-one error and correct the man page WRT clearing
filters.

Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>
PR: 12437

Fix a typo
Submitted by: Rich Wood <rich@chugaboom.net>

Support `igmp' filters.
Mostly submitted by: Timo Geusch <freebsd@sleepycat.ukpeople.net>

Come up with something useful when someone searches for
``dynamic IP''.

Describe why a ``magic'' enddisc is not always a good idea.

Allow a remote IP and port range specification in the
``alias port'' command.

Allow our endpoint discriminator to be enabled, disabled, accepted
and denied. This is necessary for some MP implementations that
get confused if you accept their endpoint discriminator but reject
their MRRU.

Make the ``load'', ``dial'' and ``open'' commands a big clearer.
Requested by: Michael Heitmeier <MICHAEL_HEITMEIER@HP-Germany-om12.om.hp.com>

Introduce the ``keep-session'' option. Refer to the man
page for details. This allows MP over non-tty devices where
the original ppp process must not exit (such as sshd-spawned
ppp sessions).

Mention that using MYADDR and HISADDR with ``set filter''
will result in the rules being updated any time MYADDR
or HISADDR change.

Mention ``show layers''

Allow ``host:port/udp'' devices and support ``host:port/tcp'' as
being the same as the previous (still supported) ``host:port''
syntax for tcp socket devices.

A udp device uses synchronous ppp rather than async, and avoids
the double-retransmit overhead that comes with ppp over tcp (it's
usually a bad idea to transport IP over a reliable transport that
itself is using an unreliable transport). PPP over UDP provides
througput of ** 1.5Mb per second ** with all compression disabled,
maxing out a PPro/200 when running ppp twice, back-to-back.

This proves that PPPoE is plausable in userland....

This change adds a few more handler functions to struct device and
allows derivations of struct device (which may contain their own
data etc) to pass themselves through the unix domain socket for MP.
** At last **, struct physical has lost all the tty crud !

iov2physical() is now smart enough to restore the correct stack of
layers so that MP servers will work again.

The version number has bumped as our MP link transfer contents have
changed (they now may contain a `struct device').

Don't extract the protocol twice in MP mode (resulting in protocol
rejects for every MP packet). This was broken with my original
layering changes.

Add ``Physical'' and ``Sync'' log levels for logging the relevent
raw packets and add protocol-tracking LogDEBUG stuff in various
LayerPush & LayerPull functions.

Assign our physical device name for incoming tcp connections by
calling getpeername().

Assign our physical device name for incoming udp connections from
the address retrieved by the first recvfrom().

o Redesign the layering mechanism and make the aliasing code part of
the layering.

We now ``stack'' layers as soon as we open the device (when we figure
out what we're dealing with). A static set of `dispatch' routines are
also declared for dealing with incoming packets after they've been
`pulled' up through the stacked layers.

Physical devices are now assigned handlers based on the device type
when they're opened. For the moment there are three device types;
ttys, execs and tcps.

o Increment version number to 2.2
o Make an entry in [uw]tmp for non-tty -direct invocations (after
pap/chap authentication).
o Make throughput counters quad_t's
o Account for the absolute number of mbuf malloc()s and free()s in
``show mem''.
o ``show modem'' becomes ``show physical''.

Mention ``show mp''.
Describe ACFComp correctly.

Spelling police

Allow port ranges in ``alias port''.

Do away with some literal text that is never switched
off - I *think* these were groff bugs.

Replace hardcoded quoting with Sq or Dq.

Use ``Sx'' when xref'ing sections.

Remove all remaining [ and ] characters (and do things properly).

Remove all hardcoded [...] syntax.
With help from: Daniel C. Sobral <dcs@newsguy.com>

Add leading 0 in front of octal file permissions number.

OK'ed by: Brian Somers <brian@freebsd.org>
PR: docs/9843

Support PPTP via libalias (``alias pptp addr'').

Support proxying & transparent proxying curtesy of libalias(3).
Order the alias command descriptions.
Order the SEE ALSO entries.

Correctly drop existing connections when reopening the diagnostic
socket.

Extend the ``set redial'' command to allow incremental
redial timeouts.

Correct some ntohl/htonl bogons in the netmask handling.
This was pretty harmless as netmasks on a POINTOPOINT
interface are pretty much ignored, but it looked funny.

Mention the configured netmask in ``show ipcp''.

Describe in more detail what a proxy arp entry is.

Allow control over the number of ConfigREQ & TermREQ attempts
that are made in each of the FSMs (LCP, CCP & IPCP) and the
number of REQs/Challenges for PAP/CHAP by accepting more arguments
in the ``set {c,ip,l}cpretry'' and ``set {ch,p}apretry'' commands.

Change the non-convergence thresholds to 3 times the number of configured
REQ tries (rather than the previous fixed ``10''). We now notice
repeated NAKs and REJs rather than just REQs.

Don't suggest that CHAP 0x05 isn't supported when it's not configured.

Fix some bugs that expose themselves with smaller numbers of retries:
o Handle instantaneous disconnects (set device /dev/null) correctly
by stopping all fsm timers in fsm2initial.
o Don't forget to uu_unlock() devices that are files but are not
ttys (set device /dev/zero).

Fix a *HORRENDOUS* bug in RFC1661 (already fixed for an Open event in state
``Closed''):
According to the state transition table, a RCR+ or RCR- received in
the ``Stopped'' state are supposed to InitRestartCounter, SendConfigReq
and SendConfig{Ack,Nak}. However, in ``Stopped'', we haven't yet
done a TLS (or the last thing we did is a TLF). We must therefore
do the TLS at this point !

This was never noticed before because LCP and CCP used not use
LayerStart() for anything interesting, and IPCP tends to go into
Stopped then get a Down because of an LCP RTR rather than getting a
RCR again.

When our dial timeout is ``random'', display its value
correctly by invoking the timer to get the value before
displaying the message.
Don't assume that a value of 0 is ``random'' in
``show datalink''.
Make the random value between 1 and DIAL_TIMEOUT rather
than between 0 and DIAL_TIMEOUT-1

Fully support both NT and LANMan CHAP type 0x80 as both
authenticator and authenticatee.

Wait by default for one second after the login script
is complete before checking carrier. If it's there,
the device supports carrier. If it's not it doesn't.

Add the ``set cd'' command for deciding how soon to check
for carrier, and for deciding if carrier is REQUIRED.

The default has changed: Pre 2.0 versions of ppp waited
for 1 second. Version 2 didn't wait, but this causes
problems with some (few?) modems that don't assert carrier
immediately on reporting CONNECT. The one second delay
is back now and can be removed with ``set cd 0''.

Bump the ppp version number in case this needs to be changed
again....

Describe manual dialing in greater detail.
Mention more rfc numbers.
Don't ``.Nm Ppp'' (just use ``.Nm'').

When executing a command as part of a dial/login/hangup
script, expand words in the same way as !bg does.

/etc/ppp/ppp.*.sample -> /usr/share/examples/ppp/ppp.*.sample

When resending chap challenges, resend the same challenge
each time rather than making up a new one.

Increase the authname/authkey max sizes to 100 characters.

Allow ``authkey'' specifications beginning with ``!''.
When a challenge is received, the text following the
``!'' is executed as a program (expanding stuff in the same
way that ``sh'' and ``!bg'' do). The program is passed the
peer name, peer challenge and local ``authname'' on standard
input and is expected to output the name/key combination that
should be used to build the CHAP response.

This provides support for Secure ID cards (guess what I was
given at work recently!) using CHAP.

Examples will follow.

Reflect syslog(8)'s acceptance of either tabs or spaces.

PR: docs/9660
Submitted by: Kris Kennaway <kkennawa@physics.adelaide.edu.au>

Initial RADIUS support (using libradius). See the man page for
details. Compiling with -DNORADIUS (the default for `release')
removes support.

TODO: The functionality in libradius::rad_send_request() needs
to be supplied as a set of routines so that ppp doesn't
have to wait indefinitely for the radius server(s). Instead,
we need to get a descriptor back, select() on the descriptor,
and ask libradius to service it when necessary.
For now, ppp blocks SIGALRM while in rad_send_request(), so
it misses PAP/CHAP retries & timeouts if they occur.

Only PAP is functional. When CHAP is attempted, libradius
complains that no User-Password has been specified... rfc2138
says that it *mustn't* be used for CHAP :-(

Sponsored by: Internet Business Solutions Ltd., Switzerland

Change the maximum number of filters from 20 to 40.
Increase requested by: "Clement T. Cole" <clemc@echo.ccc.com>

Suggest that ``set proctitle'' is used in ppp.linkup when
USER is expected to be expanded.

Correct some formatting errors (one is a groff bug)
Noted & partially submitted by: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
PR: 9432

Typo: /etc/ppp/ppp.conf.example -> ppp.conf.sample
Submitted by: Sugiura Shiro <ssugiura@duo.co.jp>

Typo: The idle timer is ignored in -ddial and -dedicated
mode, not in -ddial and -direct.
Pointed out by: Chris Timmons <skynyrd@opus.cts.cwu.edu>

Typo and formatting updates.

PR: docs/8504
Approved by: Brian Somers
Submitted by: Kazuo Horikawa <horikawa@jp.FreeBSD.org>

Explain what the command line switches do and what the
various prompts signify.

Fix a few typos
Submitted by: Forgotten (sorry)

Don't delete the primary interface address when
``iface clean'' is used in auto mode while there
are no active links.

Allow multiple systems (config labels) on the command
line and in the ``load'' & ``dial'' commands. The last
label loaded becomes the current label name.
Only require a label for -auto mode.

Add ``set proctitle'' for changing argv[0]. All substitutions
are done in the same way as command execution.

For example, ``set proctitle USER INTERFACE PROCESSID'' would
be useful in a -direct profile for identifying who's connected.

Add ``PROCESSID'' as a constant expanded when running
commands.

Stress that ``none'' must be specified on the `set callback'
line if callback is to be optional.
Requested by: Andrzej Tobola <san@koziolek.lublin.top.pl>

Add ``enable proxyall'' support. This adds proxy ARP entries
for every machine on every class C or smaller subnet that we
route to.
Add ``set {send,recv}pipe'' for controlling our socket buffer
sizes.
Mention the IP number with the problem in a few error messages.
All submitted by: Craig Leres <leres@ee.lbl.gov>
Modified slightly by: me

Fix the interface alias code. Previously, I was expecting something
like

tun0: flags=blah
10.0.0.1 -> 10.0.0.100
10.0.0.2 -> 10.0.0.100
10.0.0.3 -> 10.0.0.100

to DTRT, despite the SIOCAIFADDR for each new alias returning
-1 & EEXIST while adding the alias anyway. In real life, once
we have the second alias with the same destination, nothing will
route any more ! Also, because I was ignoring EEXIST, the
dynamic IP assignment code was assigning duplicate addresses
('cos it was being lied to by iface_inAdd()).

Now we have

tun0: flags=blah
10.0.0.1 -> 255.255.255.255
10.0.0.2 -> 10.0.0.100
10.0.0.3 -> 255.255.255.255

This works - stuff bound to 10.1 & 10.3 will be considered alive
by the kernel, and when they route back to the tun device, the
packets get aliased to 10.2 and go out to 10.100 (as with the
original plan).

We still see the EEXIST in SIOCAIFADDR, but ignore it when our
destination is 255.255.255.255, assuming that the alias *was*
actually added.

Additionally, ``iface add'' may now optionally be given only
the interface address. The mask & destination default to
255.255.255.255.

Solve the ``first connection'' problem that occurs on
demand-dial links with dynamic IP numbers where the program
that causes the dial bind()s to an interface address that is
subsequently changed after ppp negotiation.

The problem is defeated by adding negotiated addresses to the
tun interface as additional alias addresses and providing a set
of ``iface'' commands for managing the interface. Libalias is
also required (and what a name clash!) - it happily IP-aliases
the address so that the source is that of the primary (negotiated)
interface and un-IP-aliases it on the way back.

An ``enable iface-alias'' is done implicitly by the -alias command
line switch. If -alias isn't given, iface-aliasing is disabled by
default and can't be enabled 'till an ``alias enable yes'' is done.
``alias enable no'' silently disables iface-alias.

So, for dynamic-IP-type-connections, running ``ppp -alias -auto blah''
will work for the first connection, although existing bindings will
not survive a disconnect/connect as the TCP peer will be trying to
send to the old IP address - the packets won't route.

It's now a lot easier to add IPXCP to ppp with minor updates to
the new iface.[ch] (if anyone ever gets 'round to it).

It's also now possible to manually add interface aliases with
something like ``iface add 1.2.3.4/24 5.6.7.8''. This allows
multi-homed ppp links :-)

Revert SEE ALSO ordering to version 1.124
Patched correctly by: wosch
Blunder pointed out by: bde

Alphabeticalize SEE ALSO section.

Sort cross references.

Don't use ``-width 20'', it's misleading. Use ``-width XX''
instead.

Don't claim that the alias library isn't loaded until
used.

Add the following word substitutions when running a shell
command:
AUTHNAME: The local authname
ENDDISC: The local endpoint discriminator
LABEL: The configuration label in use
PEER_ENDDISC: The peers endpoint discriminator
USER: The peers authname

Mention what ``set authname'' does in -direct mode.

If we've got a full output buffer queue and cannot send
anything for two mintues (see ``set choked'' and ``show
bundle''), nuke the ip, mp and link level buffer queues.

This should fix problems where ``ppp -auto'' seems to stop
responding after failing to connect to the peer a few times.

Be careful about using ``.Bd -literal'' as groff sometimes keeps
the `-literal' after the closing .Ed.
Where this happens, use ``.Bd -unfilled'' with ``.It Li'' to dodge
the problem - it looks better too.
Problem reported by: Dom Mitchell <dom@phmit.demon.co.uk>

`dns' option defaults to disabled, not enabled.

Add missing .El

/var/run/tunX.pid is created regardless of ppps mode.
Spotted by: Alex <garbanzo@hooked.net>

o Support callback types NONE, E.164, AUTH and CBCP.
(see the new ``set callback'' and ``set cbcp'' commands)
o Add a ``cbcp'' log level and mbuf type.
o Don't dump core when \T is given in ``set login'' or
``set hangup''.
o Allow ``*'' and blanks as placeholders in ppp.secret and
allow a fifth field for specifying auth/cbcp dialback
parameters.
o Remove a few extraneous #includes
o Define the default number of REQs (restart counter) in defs.h
rather than hardcoding ``5'' all over the place.
o Fix a few man page inconsistencies.

Always dial immediately on ``open'', ``dial'' and ``call''.
We don't need a ``!''.

Allow an optional ``!'' in the open, dial & call commands.
When used, the redial timer is ignored and the modem is
opened immediately.

o Fix remaining sizeof problems for 64 bit machines.
o Allow ``set ....'' when we have multiple links but aren't in
multilink mode.
o Do a TLS when we receive a ``Open'' event in ``Closed'' state,
despite the rfc state transition table. This is clearly an
error in the RFC as TLS cannot have yet been called (without
TLF) in the ``Closed'' state.
I've posted a message to comp.protocols.ppp for confirmation.

Add ``ipcp'' as an optional argument to ``open'', and make
open capable of re-negotiatiating the various layers.

It is now possible to change various link options and then
re-open the relevant layer, making the changes effective -
for example, switching off VJ compression or starting ECHO
LQRs on-the-fly.

Suggest the use of ``accept dns'', not ``enable dns'' in
server mode.

Mention the ``allow users'' command when describing
how to set things up for incoming connections.

o Allow ``set mrru'' or ``set mrru 0'' to disable
multi-link mode.
o Fix a typo in the ``set mrru'' description.

Don't bring the modem offline or hangup when ``down lcp''
is done. Instead, behave like ``close lcp''.

Make `close lcp' just close the LCP layer and not hangup. This is
useful for slirp users that wish to get their shell back after the
ppp session. `close' with no args still hangs up as expected.
Required by: jmz

Add the ``clear'' function.
Mostly submitted by: "Stephane E. Potvin" <sepotvin@videotron.ca>

Correct arg hack
Submitted by: David Leonard <leonard@csee.uq.edu.au>

Some documentation corrections & typo fixes....

Don't give .It too many args.

o Add `set autoload'. You can now set the minimum and maximum
thresholds (in terms of queued packets for a period of time)
where -auto links will be brought up and down. By default,
all auto links come up when we reach NETWORK phase and never
go down.
o Display current autoload state in `show bundle'.
o Disable the idle timer as soon as it's called.
o Disable the idle and autoload timers when exiting (in case
we're abending).

o Indicate which commands require context and which have optional
context in the `help' text.
o Remove some redundant code.
o Fix some comments.

Talk about multilink ppp

Add the `rename' command for renaming links.

o Add the `set mode' command for change a links current mode. It
is not possible to switch to or from dedicated or direct mode,
but all other combinations are ok (eg. -auto -> -ddial).
o Cope with the fact that commands with optional context may not
be able to obtain a link with command_ChooseLink() (if all links
have been deleted for example).
o Allow `clone'ing in non-multilink mode. We may for example want
to configure two links in unilink mode and dial them both, using
the one that comes up first. It's also possible to rename
``deflink'' by cloning it, deleting the original, then setting
the mode of the new link.

o Activate link-level CCPs in multilink mode, by bringing them
into the ST_STOPPED state.
o Allow an optional ccp|lcp argument to `down'. The default is
still lcp (as before). You can now call down with no context
in multilink mode, in which case it'll down the multilink ccp
or the entire bundle (*very* rude).
o Allow an optional `!' after `close ccp' (close ccp!) to tell
ccp to stay in the CLOSED state after the terminate ACK. The
default is now to re-enter STOPPED so that the peer can bring
the layer back up if desired.
o Always handle proto-compressed packets, even if we've agreed
(in LCP) that the peer will not send us 1 byte protocols.
If the peer violates the LCP agreement, log it to the HDLC
log.
o Fix some comments.

Add support for devices beginning with ``!'', where we execute
the given program, using stdin/stdout/stderr as our link
descriptor.

Allow /nn specifications in the `add' command.
Suggested by: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>

It's now possible to

add myaddr 127.0.0.1 (add myaddr 255.255.255.255 127.0.0.1)
add hisaddr/24 hisaddr (add hisaddr 255.255.255.0 hisaddr)
add 0 hisaddr (add 0 0 hisaddr)
add default hisaddr (add 0 0 hisaddr)

o When specifying the diagnostic port (`set server'), replace
the first ``%d'' in the unix-domain socket name with the
current interface unit number. In the case of tcp ports, allow
a ``+'' prefix to add the unit number to the specified port
number.
o Remove all mention of SIGUSR1 (was already #ifdef'd out). We
can't create diagnostic sockets on-the-fly with a signal any
more because there's no way of specifying the password without
confusing matters with the previous ppp.secret scenario.

Make the `link' and `clone' commands understand a comma-separated
list of links, and make `link' understand `*' for all links. This
allows (for example):

clone 1,2,3,4,5
link 1,3 open
link 2,4,5 rm
close
link * rm

Create `struct sticky_route'.

Any `add' or `delete' command that uses MYADDR or HISADDR
will be added to the sticky route list (show ipcp). When
MYADDR or HISADDR change due to IPCP negotiations, and if
`sroutes' is enabled (the default), all sticky route
entries are updated in the routing table.

The end result is that `add default hisaddr' will ``stick'',
as will ``add myaddr 255.255.255.255 127.0.0.1'' and
``add 1.2.3.4 255.255.255.0 hisaddr''.

o Display current link throughput in `show links' (assuming
throughput measurement is enabled).
o Load balance the links based on weight *and* on a round-robin
basis. This makes things fairly even on an output basis. We
don't try to allow for the peer sending all his data down one
link (and try to send ours back up the other).
o Show the number of pending input buffers that can't be processed
in ``show mp''.
o Fix a typo in the man page.

o Mention the ``timer'' log in the man page.
o Remove an escaped mention of ``carrier'' logging.
o Alphabeticalise timer logging in the log list.

o Create a new ``timer'' log level. This lets us ``set
log debug'' without filling our filesystem/screen with
junk that we don't really want to see.
o change PHYS_STDIN to PHYS_DIRECT - we can handle incoming
connections that aren't on STDIN_FILENO now.
o Allow return values from our FSM LayerUp functions. If
LayerUp() fails, the FSM does an immediate FsmDown() without
calling the fsm_parent's Layer{Up,Down} functions.
o Clear the close-on-exec flag of file descriptor 3 when executing
chat programs so that our documented ability to communicate with
/dev/tty via that descriptor works. Also document it as
descriptor 3, not 4 :-O
o Allow a ``rm'' command as an alias for ``remove''.
o Fix the bind()/connect()/accept() calls made by the MP server.
o Create bundle_SendDatalink() and bundle_ReceiveDatalink().
This allows `struct datalink's to flatten themselves, pass
through a pipe (read: the eye of a needle !) and come alive
at the other end. The donator then fork()s & exec()s pppmpipe,
``passing'' the connection to another ppp instance.

*** PPP NOW TALKS MULTILINK :-))) ***

Our link utilization is hideous, and lots of code needs
tidying still. It's also probably riddled with bugs !
It's been tested against itself only, and has hung once,
so confidence isn't high....

o Defer setting up pap/chap based IP numbers & labels until after
we've determined if we're going to join another ppp invocation.
o Make ``show link'' show all link details, and ``show links''
just give a list of links and their current status.
o Show our current label in ``show bundle''.
o Allow link cloning and removal as soon as our MRRU is set.
o Make ``show lcp'' require context as nothing will ever change
in our MP LCP (it's auto-configured as per rfc1990).
o Initialise our LQM owner in hdlc_Init().
o Store our endpoint discriminator and authentication name at both
the datalink and multilink level and compare them when we've
finished AUTHENTICATE phase and before entering NETWORK phase.
If they don't match, close the link again.
Display the information in the appropriate ``show'' command.
o Initialise datalink::phone and datalink::fsmp.object properly
when we're cloning the link.
o Show which link we're passing LQRs on in our diagnostics.
o Reject endpoint discriminator REQs at the logical multilink
level.
o Remove the rest of our CARRIER and LINK logging setup.

o Remove LINK level logging.
o change the default link name to ``deflink'' rather
than ``default''.
o Prepend the link name to CCP and LCP FSM diagnostics.
o Protect against 0 length options in CCP and IPCP REQ
interpreters (already done for LCP).
o Allow optional context for the `show' command.
o Use MPs link when interpreting commands if the multilink
mrru is configured rather than when multilink is active.
This means that once we've ``set mrru xxx'', we then need
to ``link deflink show ccp'' etc if we want to do link-level
stuff (based on the command requiring optional or manditory
context).
o Use the ifconfig'd interface address in `set enddisc {ip,mac}'
if it's there, otherwise the configuration file value.

Create #defines for all endpoint discriptor classes,
and allow `set enddisc mac'.

Mention how to set an ACCMAP for ^Q & ^S.

Negotiate MRRU, SHORTSEQ and ENDDISC. ENDDISC doesn't imply
multilink ('cos I've seen my ISP REQ it without multilink).

Setting MRRU is ifdef'd out until it's debugged and we can
merge -direct links with other running programs.

Fix MTU setting.

Add the ``open'' command and expand ``close''. It's now
possible to ``close ccp'', change your compression algorithm,
then ``open ccp'' while the link is up without losing data.

Support client side DNS server negotiation, disabled
and denied by default (POLA).

o Remove ``enable'' msext. Now, doing a ``set nbns'' will
automatically enable a NBNS ACK/NAK rather than a REJ.
o Add accept|disable|deny|enable dns. If we ``accept'',
we'll tell the peer what our nameservers are (if he asks).
The values in resolv.conf can be overridden with the
``set dns'' command. If we ``enable'', we'll REQ using
our resolv.conf entries, and any NAKs are written back to
resolv.conf.
o Remove ``show msext'' and show the relevent IP numbers in
``show ipcp''.

o Understand ``syn'' and ``finrst'' in filter rules. This
is particularily useful when creating dial filters.
Original work by: Junichi SATOH (junichi@astec.co.jp)
o Parse a filter IP of ``0.0.0.0'' as having a width of 0,
not 32.
o Correct "set filter" usage message.
o Warn about bad filter names.
o Expand and correct a number of the man page sections.

o Move the accept/deny/disable/enable globals either to the
bundle (non-negotiated vars) or to their respective IPCP,
LCP or CCP.
o Enable rolling throughput statistics by default.
o Remove the `display' command. These values now appear in
`show bundle', `show ipcp', `show ccp' and `show lcp'.
o Initialise auth name & key at bundle create time (oops).
o Rename pppd-deflate (the id-24 hack) to deflate24.
o Don't send both a REJ and a NAK to an IPCP or LCP REQ.
Favour the REJ (already done at the CCP level).
o Recurse in datalink_UpdateSet() when we change state, otherwise
we end up setting no descriptors and getting jammed in the
imminent select() instead of doing the dial/login/hangup.
o Display our CHAP encryption method despite being built with DES.
o Display VJ as not negotiated in ``show ipcp'' when necessary.

Remove ``show timeout'' and ``show auth'' and add ``show bundle''.
Mention ``show timer'' in the man page.

o Remove the `mode' global - it's now per physical device.
o Shuffle things that live at the datalink level into
``show link'' rather than ``show modem''.
o Make both ``show'' commands prettier and more consistent,
and display carrier status, link type and our name in
``show modem''.
o Show redial and reconnect information in ``show link''
and remove ``show redial'' and ``show reconnect''.
o Down the correct link in bundle_LinkLost().
o Remove stale -direct and -background links at the end
of our main loop, not when we know they're going. This
prevents unexpected pointer-invalidations...
o If we ``set server'' with the same values twice, notice
and don't moan about failure.
o Record dial script despite our link mode. The mode may
be changed later (next mod) :-) We never run scripts
in -direct and -dedicated modes.
o Make ``set server none'' functional again.
o Correct datalink state array so that we don't report an
``unknown'' state.
o Pass struct ipcp to IpcpCleanInterface, not struct fsm.
o Create TUN_PREFIX define rather than hard-coding in main.c
o prompt_TtyInit now handles a NULL prompt for -direct mode
rather than having to create one then destroy it uncleanly.
o Mention our mode in the "PPP Started" LogPHASE message.
o Bring all auto links up when we have something to send.
o Remove some redundant Physical_*() functions.
o Show which connection is running a command when logging
commands.
o Initialise throughput uptime correctly.

Add the `clone' and `remove' commands for creating and destroying
links.

o Move VarMSChap into struct chap, and remove `set encrypt'
option. We never ask a client for MSChap when we've got
chap `enabled', and we dynamically answer using MSChap
if the peer demands it.
o Remove all of the bundle2*() series of functions except
bundle2datalink() as they're too expensive. The only
calls to bundle2datalink() are made from command.c when
determining context.
o Write to the correct modem in term mode, and check the
return value, dropping back to command mode if the write
fails.

Cosmetic:
Make the PPP COMMAND LIST section of the man page
prettier, better and more consistent. Alphabeticalise
all command lists and document missing commands.

Deglobalise `struct prompt':
o Our diagnostic socket has its password set in the `set socket'
line only (not in ppp.secret).
o Passwords are per server socket (*VarAuthKey are gone)
o Authority is per prompt (VarLocalAuth is gone).
o Local logging is per prompt.
o Add a `show who' command to see who's connected. No identd
routine - just a `where the connection came from' display.
o SIGUSR1 is disabled for now - we have no way of choosing a
password for the socket created :-(

Prompts are attached as a list of `struct descriptor's in
struct bundle, and serviced under the bundles descriptor
service routines. Ultimately, everything should be done
like this.

Cosmetic:
o alphabeticalise SRCS in Makefile.
o Add a few comments in command.h

TODO: Start checking that we don't overflow the descriptor sets
in select() now that we can have any number of descriptors.

Cosmetic:
Sort & tidy command lists.
Give help on command alias, not just command names.

Remove `set loopback' and `show loopback' and add
`enable loopback' and `disable loopback'. Re-write
the explaination of `enable idcheck'.

o Move default MRU, MTU, ACCMAP and OPENMODE config values into
struct lcp and display them in `show lcp'.
o Remove `show mru' and `show mtu' and make the data part of
`show lcp'. Also merge `set m[tr]u' and `set openmode'
implementations into the SetVariable function.
o `set timeout' only accepts the idle timer value as an argument.
o Move our lqr period into struct lcp, and create a `set lqrperiod'
command. Display it in `show lcp'.
o Remove VarRetryTimeout, and implement it at the LCP, PAP, CHAP,
CCP and IPCP levels, creating individual `set XXXretry' commands
for each. They must be separate because they have different
context requirements in multilink mode.
o Display default config values in `show ccp'.
o Tart the man page up a bit (wrt PPP/TCP, compression and LQR) and
explain the new commands.

o Check the LCP Identifier field for correctness and drop
dodgy packets by default.
The old behaviour is still available with ``disable idcheck''.
o Make all FSM diagnostics consistent and tidy up the way
we build our LCP/CCP/IPCP requests.
o Don't assume sizeof(u_long) == 4.

Make all CCP negotiation data dynamic and add a
``set deflate'' command to configure the DEFLATE
default window size.

Move filter sets into struct bundle.

MFC: Cosmetic: .Dq -> .It

Cosmetic: .Dq -> .It

De-staticise LQR information
Increment OutPackets for any packet - not just LQRs

MFC:
o Fix a few comment typos.
o Fix ``set timeout'' usage message and documentation.
o Change ifOutPackets, ifOutOctets and ifOutLQRs to `u_int32_t's
so that they wrap correctly.
o Put the LQR in network byte order using the correct struct size
(sizeof u_int32_t, not sizeof u_long).
o Wrap LQR ECHO counters correctly.
o Don't increment OutLQR count if the last LQR hasn't been replied
to.
o Initialise last received LQR in StartLqm.
o Don't start the LQR timer if we're `disabled' and `accepted'.
o Generate LQR responses when both sides are using a timer and
we're not going to send our next LQR before the peers max timeout.

o Fix a few comment typos.
o Fix ``set timeout'' usage message and documentation.
o Change ifOutPackets, ifOutOctets and ifOutLQRs to `u_int32_t's
so that they wrap correctly.
o Put the LQR in network byte order using the correct struct size
(sizeof u_int32_t, not sizeof u_long).
o Wrap LQR ECHO counters correctly.
o Don't increment OutLQR count if the last LQR hasn't been replied
to.
o Initialise HisLqrData (last received LQR) in StartLqm.
o Don't start the LQR timer if we're `disabled' and `accepted'.
o Generate LQR responses when both sides are using a timer and
we're not going to send our next LQR before the peers max timeout.

LQR should now be fully functional.

o Allow "*" in the password field in ppp.secret (forcing a
getpwnam() lookup).
o Don't use chat_ExpandString on the password field in ppp.secret.
It's still possible to quote the string for embedded spaces.
o Don't allow multiple entries with the same name in ppp.secret.

o Remove the global CcpInfo. It's now part of the datalink.
Struct bundle will have its own struct ccp in the future
too.
o The ``set stopped'' command now requires context and doesn't
work on the IPCP FSM.
o Check if it's time to break out of our top level loop before
doing a select - otherwise, we'll select forever :-(
o Remove `struct link'::ccp (a temporary hack). It turns out
that IpStartOutput() calls link_Output() and link_Output()
incorrectly calls StartOutput() (really modem_StartOutput)
requiring the ccp knowledge so that it can call
IpStartOutput()... The end result is that the whole IP
output queue gets dumped into the modem output queue
and a pile of physical writes are done prematurely. This
makes the (original) code in main() actually work in that
it would not bother selecting() on the tun descriptor when
our modem queue length was 20 or greater. Instead, we now
make that decision based on the overall queue length.

This will need improvement later.

This commit was manufactured by cvs2svn to create branch 'MP'.

Cosmetic:
Don't mention the authors name at startup. He's already credited
in the man page. Instead, make the message consistent with the
one given to the diagnostic port (and fix the grammar when entering
`term' mode).
Don't credit the zlib author in the man page as ppp isn't linked
directly with zlib (it's shared).
Mention when the OpenBSD port was first made available.

Allow an optional delay when specifying "set openmode active".
The delay defaults to 1 sec (as it always has) unless we've done
a ~p in interactive mode or we've actually detected a HDLC frame.
This is now cleanly implemented (via async timers) so that it is
possible for LCP to come up despite the delay if an LCP REQ is
received.

This will hopefully solve situations with slow servers or slirp
scenarios (where ECHO is left on the port for a second or so before
the peer enters packet mode).

Also, ~p in interactive mode no longer changes the value of the default
openmode delay and -dedicated mode enters packet mode in the right state
according to the value of openmode.

Allow "set vj" for changing the default number of slots
and whether slot compression is requested.
Don't show current values with "show ipcp" if IPCP isn't
"opened".

o Allow the use of HISADDR as the first arg to "add".
o Allow a forth argument in ppp.secret, specifying a new
label. This gives control over which section of
ppp.link{up,down} is used based on the authenticated user.
o Support random address ranges in ppp.secret (not just in ppp.conf).
o Add a AUTHENTICATING INCOMING CONNECTIONS section to the man page.
o Add a bit more about DEFLATE in the man page.
o Fix the incorrect "you must specify a password in interactive
mode" bit of the manual.
o Space things in the man page consistently.
o Be more precice about where you can use MYADDR, HISADDR and INTERFACE
in the "add" command documentation.

Make it clear that using "add ...." in ppp.conf when
not in -auto mode isn't a good idea, and that the
add should be done in ppp.linkup instead.

Change "add 0 0 HISADDR" to "add default HISADDR". It's
more intuitive.

Allow "add! dst mask gw" (note the ``!'') to do an
RTM_CHANGE if the RTM_ADD fails with an EEXIST.
Allow "delete! dst" (note the ``!'') to silently
fail if the RTM_DELETE fails with an ESRCH.
Also, make the ESRCH and EEXIST error conditions
more understandable to the casual observer.

Allow (and document) execution of commands from within
our chat script.
You can now even run chat(8) - see ppp.conf.sample.

Allow multiple (comma seperated) devices on the "set device" line.
Submitted by: Derek Inksetter <derek@saidev.com>

Mention that leading whitespace is ignored when identifying comments.

Cosmetic: Remove blank lines, add .Pp where necessary.
Submitted by: Theo de Raadt <deraadt@cvs.openbsd.org>

Don't log the actual password when command-logging
"passwd xxxx".

o Log ******** instead of the actual password for "set authkey"
when command logging is switched on.
o Display ******** for the authkey for "show auth"
o Document how \P should be used, and document the other chat escapes
while I'm there.
o Make sure the full command is displayed when a compound command
fails - ie, "set novar rubbish" should say "set novar: Invalid command"
rather than "novar: Invalid command"

Problem pointed out by: Theo de Raadt <deraadt@cvs.openbsd.org> (among others)

Wrap long lines
Submitted by: Greg Lehey <grog@lemis.com>

Allow random IP number allocation to peer.
Validate the peers suggested IP by attempting to make a routing table
entry.
Give up IPCP negotiation if the peer NAKs us with an unusable IP.
Always SIOCDIFADDR then SIOCAIFADDR when configuring the tun device.
Using SIOCSIFDSTADDR allows duplicate dst addresses (which we don't
want)!!!
Allow up to 200 interface names (was 50) (now that ppp can play server
properly).
Up the version number (1.5 -> 1.6).

Cosmetic:
Log unexpected CCP packets in the CCP log rather than the ERROR log.
Log unexpected Config Reqs in the appropriate LCP/IPCP/CCP log rather
than the ERROR log.
Log failed route additions and deletions with WARN, not TCPIP.
Log the option id and length for unrecognised IPCP options.
Change some .Sq to .Ar in the man page.

Only allow one arg to `delete' - the mask & gateway aren't necessary.
Delete AF_LINK routes as well as AF_INET.
Allow the word `default' as the arg to `delete' or in place of the
first two args (dest & netmask) to `add'.
Accept INTERFACE as the third arg to `add'.

You can now say `add default interface' to create a default route
through the tun interface. It's reported that subsequent bind()s
will bind to a broadcast address and not to the address currently
assigned to the tun device - this is the first step towards
supporting that first connection that was around from before the
dynamic IP negotiation....

Fix the CCP Type field value for DEFLATE.
(I *really* meant to do this *before* committing the
deflate changes in the first place - oops).

Pppd is horribly broken in this respect - refer to the
ppp man page for details. Ppp *WON'T* negotiate deflate
with pppd by default - you must ``enable'' and ``accept''
``pppd-deflate'' in your config.

While I'm in there, update the cftypes in ccp.c so that
we recognise some more protocols (we don't actually do
anything with them - just send a REJ).

Abstract the CCP layer a level.
Add DEFLATE support.

Add throughput logging (disabled by default).
Use "enable throughput" to see modem & IPCP throughput.
Removed an extraneous prompt()

uucplock is in section 3 not section 8 !

Finish the security improvements:
o Add "allow" command:
"allow users a b c" gives access to users a, b and c.
"allow modes auto" gives those users access to auto mode only.
"allow users *" and "allow modes *" are accepted.
No users and all modes are allowed by default.
UID 0 can do anything.
o Set the current label with the "load" and "dial" commands
so that the call to ppp.linkdown makes sense.
o Up the verison number.
o Don't OR MODE_AUTO for -background and -ddial.
o Don't OR MODE_INTER when we get a diagnostic connection.
o Allow up to 40 args per line (was 20).
o "set ifaddr" only changes the interface in AUTO mode (with other
modes, it happens after IPCP negotiation).
o Sort command descriptions in the man page.
o Support -dedicated mode where we just talk ppp forever (no login etc).

Don't create a diagnostic socket by default.
Allow a password spec on the "set server" command line.
Use SIGUSR2 to close the diagnostic socket.
Some man page corrections.

Add the "!include" syntax.
Return 0 from "show" commands.

Remove the use of $HOME/.ppp.*

Introduce ID0 logging.
Stay as the invoking uid as much as possible.
Execution as a normal user is still forbidden for now,
so these changes are pretty ineffective.
The next commit will implement the modifications suggested
on -hackers a number of days ago.

Typo police.

o Spelling police.
o Emphasize ``PPP''
o x-ref other programs
o Some minor clarifications

Introduce [local] to "set log [local] ...". This spits
logging out to the screen in terminal mode - should be
good for installation problem diagnosis.

Refer a bit to pppctl.
Suggested (far to subtly for his own good) by: joerg

Cosmetic: Be specific about using TABs in syslog.conf.

Allow Microsoft CHAP authentication.
This is a combination of MD4 & DES.
Submitted by: Gabor Kincses <gabor@acm.org>

Don't allow accept/deny when it's not appropriate.
Log PAP/CHAP users in utmp & wtmp, allowing it to
be avoided with "disable utmp"

Add a pppctl(8) xref.
Suggested by: joerg

Support CHAP using MD4
Suggested by: jordan

Cosmetic: Remove unused variables and build on OpenBSD.

Document the use of PAP/CHAP properly.

Disable LQR by default. It causes too many problems
with too many ISPs to be a good default. LQR is still
accepted by default.

Install as group ``network''
Insist that uid == 0 for client ppp
Disallow client sockets if no password is specified
Don't exit on failure to open client socket for listening
Allow specification of null local password
Use reasonable size (smaller) ``vector''s in auth.c
Fix "passwd ..." usage message
Insist on "all" as arg to "quit" (if any)
Drop client socket connection before Cleanup() when "quit all"

Remove use of login_progok()
Suggested by: guido

Use login_progok().

Check the "prog.deny" login.conf capability and
refuse to run if "ppp" is in the list.
Suggested by: "Daniel O'Callaghan" <danny@panda.hilink.com.au>

Phone the number after the ``|'' whether the dial
OR login script fails.

Catch a small typo in the man page.

Update doc to use MYADDR in ppp.conf.

Add "set loopback on|off", defaulting to "on".
This tells ppp to loopback packets addressed to
the ppp interface IP coming *from* the tun
device.

This means that you can ping the tun interface IP
from inside :-)

Expand the "set stopped" command so that it can
idependently time out any of the FSMs.

Split LCP logging into LCP, IPCP and CCP logging,
and make room in "struct fsm" for the log level
that the state machine should use.

Spelling police.

Typo fixes.

Correct the forth arg to "set ifaddr". If specified,
it gives the IP number that should be used for initial
IPCP config requests, irrespective of MYADDR.

Introduce the "bg" command. It's pretty
much the same as "shell", but it's in the
background.

Typo police

Allow the use of a "stopped" timeout via the
"set stopped" directive. If the timeout occurs
it will cause a "Down" event, hanging up the line
if it's still up. This *isn't* part of the FSM
diagram, but I consider it ok as a "higher level
implementation specific timeout" as specified in
the rfc ;-}

Discussed briefly with: joerg

Allow specification of fallback phone numbers to
be used only if the dial script fails.
PR: 4262

Correct default log file name.
PR: 4065
Prompted by: Steve Price <sprice@hiwaay.net>
Submitted by: sjr1@flash.net

Allow a "hangup" capability.
You can now "ATZ" your modem when it's closed.

Submitted by: peter@citylink.dinoex.sub.org (Peter Much)

Make HUP cause an exit (as it used to), and make
INT cause a hangup - not exiting for -ddial & -auto.

HUP must exit because init sends this at system shutdown
time (why, I don't know), and we don't want to end up
redialing after the HUP (due to another dfilter packet).

Pointed out by and discussed with: ache

Allow specification of a umask for local socket
creation in "set server" command.

Add "set server" to control the server socket.
Catch SIGUSR1 to re-init listening socket.
Document signal behaviour.

Add missing '\n's to LogPrintf(LogWARN,...)
Main() returns int not void.

AF_LOCAL ideal suggested a long time ago by: joerg

Fix "delete all".

PR: 3913

Correct filter docs.

PR: 3464
Submitted by: Stephen J. Roznowski <sjr1@flash.net>

Fix "delete ...", it now only insists on
one arg too.

Discovered by: Rikk Salamat <rikks@web-impact.com>

Add ppp.linkdown file to compliment ppp.linkup.

Submitted by: Forgotten
Passed on by: Terry Dwyer 61 8 9491 5161 <tdwyer@io.telstra.com.au>

Also remove extraneous setuid(0) - it's only undone by
the subsequent call to SelectSystem().

Document ppp over tcp (how to tunnel)

Make the man page a little more detailed.
Update the version number to 1.00.
Increase the predictor-1 buffer by 2 bytes.

Remove mis-leading version info.

Mega update to sort out bad implementations
of reconnect & -background.

o Fix reconnect anomolies.
o Make reconnect apply to failed LQR hangups (& mention in man page).
o Make reconnect effective in -background mode.
o Listen on socket in -background mode.
o Try all phone numbers in -background mode.
o Insist on system arg in -background mode.
o Make a control-connection close command exit in -background mode.
o Output status message to stdout on exit of parent in -background mode.
o Don't notify parent of success too soon.
o Describe termination EX_* code.
o Miscelaneous diagnostic corrections.
o Remove redundant connect_time from modem.c.
o Don't repeatedly DownConnection().

Correct the files section for tunX.pid and ttyXX.if

Correct sample file name.

Log each ppp line to separate /var/log/ppp.tunX.log instead mixing of
all lines into single /var/log/ppp.log

Add a reconnect capability directing ppp to re-establish
the connection after an unexpected loss of carrier:

set reconnect timer ntries

The man page warns against using this command when your
timeout value is slightly more than the other sides :{}

Suggested by: burton@bsampley.vip.best.com (Burton Sampley)

Make the next number redial ability configurable. The
"set redial pause [times]" command becomes
"set redial end-pause[.next-pause] [times]" and next-pause
defaults to 3 seconds. This keeps things backwards
compatable.

Suggested by: ache

Make -background option attempt each phone number at most
once. Make -background ignore redial. Output exit value
to syslog with "PPP Terminated" message.

Only wait for the redial timeout when the last phone number in the
list has been dialed. Alternate number dialing has no "pause".

Suggested by: joerg

Document this behaviour. Document that the number of dial attempts
applies to the number of phone calls rather than the number of times
each number is dialed. Add a missing .El. Give a decent description
of how to connect to an ISP.

Oops - forgot to document the new -HUP action.
This should make 2.2 if the HUP stuff (earlier today) does.

Revert $FreeBSD$ to $Id$

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

For /usr/sbin/ppp, you must choose between running ppp in the background or
connecting to a host immediately in the foreground.

I would like to be able to run ppp from a script so that my script can be
sure that it is connected to the 'net before it continues running:

# Dial up the internet.
ppp -background myprovider || exit 1

do-some-net-command

# Hang up the modem.
kill -HUP `cat /var/run/ppp.tun0.pid`

Another problem is that the current ppp calls its process id file
`/var/run/PPP.server', which may conflict if you have more than one IP
tunnel interface available.

Closes PR#1469
Submitted by: Gord Matzigkeit <gord@enci.ucalgary.ca>

Make CRTSTS selection a runtime option. Closes PR#1392
Submitted by: Mike McGaughey <mmcg@heraclitus.cs.monash.edu.au>

The infamous IP aliasing code for ppp, modified to work as a runtime option
(otherwise ppp's behavior remains unchanged) and documented by myself,
Steve Sims, Nate Williams, Martin Renters and god-only-knows who else. :-)
Submitted by: nate
Obtained from: Charles Mott <cmott@srv.net>

Added my 'ddial' patches to user-PPP. The new mode tries it's darndest
to keep the link up, so it re-dials whenever it detects the link go
down. This is useful for 'dedicated' links who use PPP.

It's been used for over a year w/out problems at different sites.

Improve the sample login script now that our sh(1) understands -p.

Closes PR # docs/1383: ppp(8) man page suggests using shell script...

Add support for the Evil Microsoft ppp extentions. Yes, they did it
on their own without even attempting to get concensus in the IETF, but
there are also lots of Win95/NT boxes out there.

CLoses PR#1494
Submitted-By: Peter Childs <pjchilds@imforei.apana.org.au>

Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs
add some logging functionality which I find very useful.
'set debug link' will record just link up/down and address assignments.
'set debug connect' will record the entire chat dialog
'set debug carrier' will record just chat lines including 'CARRIER'
(so that I can be sure I'm getting a 28.8 line).

There was a global change required to permit LogPrintf to take a bit
mask instead of a bit position value (to permit logging some events
on either of two flags, so that no change in 'set debug lcp' would
result from the code supporting 'link'. Thus the diffs are rather
long for such a small change. The man page is also touched.

Oh, and there was a slight syntax problem in route.c

Reviewed by: phk
Submitted by: Tony Kimball <alk@Think.COM>

Xref chat(8) and pppd(8). Also change .It references to .Pa for file
name references in the file section.

1) Open /dev/null for std* after setsid() to be shure that modem is
*not* our controlling terminal (SIGHUP can coming in other case)

2) Add HUPCL for non-dedicated lines to be shure that modem
properly resetted.

3) Correct usage string.

1) Add multi-phone dialing/redialing, several phones separated by ':'
2) Improve on-line help subsystem
3) Make 'term' mode works even carrier dropped (old code
close line forever here)
4) Make 'term' mode 8bit clean.
5) Improve manual page
6) #ifdef DEBUG diagnostic about missing optional files.
7) Don't put interactive dialing info to logfile

Fix a bunch of spelling errors in a bunch of man pages.

1. Add a settable redial timer and logging of the process id in a file.
A settable redial timer helps to avoid the problem where both ends
of a link want to dial at the same time and the line winds up busy
for both ends. The process id is logged in /var/run/PPP.system where
system is the name of the called system. When both ends of a link
are running in demand dial mode, you need an easy way to get the pid
of the ppp on the called end so it can be killed and re-started with
-direct or pppd started to handle the incoming ppp session.

2. Add secret description for "set timeout" to man.

Reviewed by: Atsushi Murai <amurai@spec.co.jp>
Submitted by: John Capo <jc@irbs.com>

Completely re-wrote the man-page using -mandoc macros. More cleanups in
sentence structure to include more articles, plus fix some mis-spellings
and typos.

Reviewed by: gpalmer (Gary Paler)

1. All fragments (except the first one) of a fragmented packet were
dropped - devet@adv.IAEhv.nl (Arjan de Vet)
2. Will not read data from telnet connection - John Capo <jc@irbs.com>
3. Using LQM option could be drop the link due to LcpLayerDown() doesn't
stop LQR timer. - Brian <brian@awfulhak.demon.co.uk>
4. Allow to describe a syntax of filters that is not only port number
but also by name in /etc/service. - Rich Murphey <rich@lamprey.utmb.edu>

Reviewed by: Atsushi Murai <amurai@spec.co.jp>
Submitted by: devet@adv.IAEhv.nl, jc@irbs.com, brian@awfulhak.demon.co.uk,
rich@lamprey.utmb.edu

`pred1' was documented as `pred'. The problem was not obvious because
`disable pred' is silently ignored.

Some edits suggested by Atsushi. Also remove my name from the bottom;
just because I edited it doesn't mean I should stick myself in the authors
line, even with the qualification I used.

A few more typos fixed and some general cleanup done.

Do my best to translate this into english.. :-)

Some parts were so incomprehensible that I had to excise them
entirely, but I did my best with the material provided.

Change device name from cua01 to cuaa0. I'm going to use this doc in
the installation, so it was necessary.

Adding GETTING START and so on.
Submitted by: amurai@spec.co.jp

Add BUGS and few explanation.
Submitted by: amurai@spec.co.jp

New user Process PPP based on iij-ppp0.94beta2.

o Supporting SYNC SIO device (But need a device driver)
- add "set speed sync"
o Fixing bug for Predictor-1 function.
o Add new parameter that re-sent interval for set timeout commands.
o Improving RTT (Round Trip Time) and reducing processor time.
- Previous Timer service was using polling, and now using
SIGALRM ;-)
- A 0.94beta2 will not work correctly....

-- Follows are additinal feature not including 0.94beta2
o Support Proxy ARP
- add "enable/disable proxy" commands
o Marging common routine in CHAP/PAP.
o Enhancing LCP/IPCP log information.
o Support local Authfication connection on port 300x and tty.
- You can set up pair of your "hostname -s" and
password in ppp.secret. if either ppp.secret file nor
your hostname line don't exist, It will notify a message
and working as same as previous version.(Backword compatibility)
- If you did set up them, It's allow connection but nothing to do
except help and passwd command.
- add "passwd yourpasswd" commands
o Support afilter - keep Alive filter that a packet can send/receiving
according to ifilter/ofilter but doesn't count it as preventing idle
timer expires.
- Same syntax of other filters.
o Fixing bugs reported by current user for previous one. Thanks !!

Reviewed by: Atsushi Murai (amurai@spec.co.jp)