Mention that ospf is a possible filter protocol.

Support `igmp' filters.
Mostly submitted by: Timo Geusch <freebsd@sleepycat.ukpeople.net>

Allow reserved substitution strings to be escaped by preceeding them
with a backslash.

Allow our endpoint discriminator to be enabled, disabled, accepted
and denied. This is necessary for some MP implementations that
get confused if you accept their endpoint discriminator but reject
t

Allow our endpoint discriminator to be enabled, disabled, accepted
and denied. This is necessary for some MP implementations that
get confused if you accept their endpoint discriminator but reject
their MRRU.

show more ...

Use the correct pid when substituting PROCESSID.
Problem reported by: Amedeo Beck Peccoz <gea@gressoney.it>

Don't use static variables if we don't have to.

Correct the way ppp transfers links on the server side in MP
mode by padding out the ``struct device'' to the maximum
device size.
Bump the ppp version number to indicate the transfer format
change.

Correct the way ppp transfers links on the server side in MP
mode by padding out the ``struct device'' to the maximum
device size.
Bump the ppp version number to indicate the transfer format
change.

This should make MP over tty and udp devices functional again.

show more ...

Mention physical and sync logging in the ``set log''
usage message.

Introduce the ``keep-session'' option. Refer to the man
page for details. This allows MP over non-tty devices where
the original ppp process must not exit (such as sshd-spawned
ppp sessions).

Remember if MYADDR or HISADDR is used in a filter add tweak all
filters any time either value changes.

Add ``show layers'' to see the protocol layering for a link.

Allow ``host:port/udp'' devices and support ``host:port/tcp'' as
being the same as the previous (still supported) ``host:port''
syntax for tcp socket devices.

A udp device uses synchronous ppp rathe

Allow ``host:port/udp'' devices and support ``host:port/tcp'' as
being the same as the previous (still supported) ``host:port''
syntax for tcp socket devices.

A udp device uses synchronous ppp rather than async, and avoids
the double-retransmit overhead that comes with ppp over tcp (it's
usually a bad idea to transport IP over a reliable transport that
itself is using an unreliable transport). PPP over UDP provides
througput of ** 1.5Mb per second ** with all compression disabled,
maxing out a PPro/200 when running ppp twice, back-to-back.

This proves that PPPoE is plausable in userland....

This change adds a few more handler functions to struct device and
allows derivations of struct device (which may contain their own
data etc) to pass themselves through the unix domain socket for MP.
** At last **, struct physical has lost all the tty crud !

iov2physical() is now smart enough to restore the correct stack of
layers so that MP servers will work again.

The version number has bumped as our MP link transfer contents have
changed (they now may contain a `struct device').

Don't extract the protocol twice in MP mode (resulting in protocol
rejects for every MP packet). This was broken with my original
layering changes.

Add ``Physical'' and ``Sync'' log levels for logging the relevent
raw packets and add protocol-tracking LogDEBUG stuff in various
LayerPush & LayerPull functions.

Assign our physical device name for incoming tcp connections by
calling getpeername().

Assign our physical device name for incoming udp connections from
the address retrieved by the first recvfrom().

show more ...

o Redesign the layering mechanism and make the aliasing code part of
the layering.

We now ``stack'' layers as soon as we open the device (when we figure
out what we're dealing with). A static

o Redesign the layering mechanism and make the aliasing code part of
the layering.

We now ``stack'' layers as soon as we open the device (when we figure
out what we're dealing with). A static set of `dispatch' routines are
also declared for dealing with incoming packets after they've been
`pulled' up through the stacked layers.

Physical devices are now assigned handlers based on the device type
when they're opened. For the moment there are three device types;
ttys, execs and tcps.

o Increment version number to 2.2
o Make an entry in [uw]tmp for non-tty -direct invocations (after
pap/chap authentication).
o Make throughput counters quad_t's
o Account for the absolute number of mbuf malloc()s and free()s in
``show mem''.
o ``show modem'' becomes ``show physical''.

show more ...

Add support for NetBSD

Allow port ranges in ``alias port''.

Don't forget to fully initialise the configured values
for MYADDR and HISADDR in ``set ifaddr'' so that unspecified
values don't end up retaining their `width'.

Support PPTP via libalias (``alias pptp addr'').

Support proxying & transparent proxying curtesy of libalias(3).
Order the alias command descriptions.
Order the SEE ALSO entries.

Extend the ``set redial'' command to allow incremental
redial timeouts.

Correct some ntohl/htonl bogons in the netmask handling.
This was pretty harmless as netmasks on a POINTOPOINT
interface are pretty much ignored, but it looked funny.

Mention the configured netmask

Correct some ntohl/htonl bogons in the netmask handling.
This was pretty harmless as netmasks on a POINTOPOINT
interface are pretty much ignored, but it looked funny.

Mention the configured netmask in ``show ipcp''.

Describe in more detail what a proxy arp entry is.

show more ...

Allow control over the number of ConfigREQ & TermREQ attempts
that are made in each of the FSMs (LCP, CCP & IPCP) and the
number of REQs/Challenges for PAP/CHAP by accepting more arguments
in the ``s

Allow control over the number of ConfigREQ & TermREQ attempts
that are made in each of the FSMs (LCP, CCP & IPCP) and the
number of REQs/Challenges for PAP/CHAP by accepting more arguments
in the ``set {c,ip,l}cpretry'' and ``set {ch,p}apretry'' commands.

Change the non-convergence thresholds to 3 times the number of configured
REQ tries (rather than the previous fixed ``10''). We now notice
repeated NAKs and REJs rather than just REQs.

Don't suggest that CHAP 0x05 isn't supported when it's not configured.

Fix some bugs that expose themselves with smaller numbers of retries:
o Handle instantaneous disconnects (set device /dev/null) correctly
by stopping all fsm timers in fsm2initial.
o Don't forget to uu_unlock() devices that are files but are not
ttys (set device /dev/zero).

Fix a *HORRENDOUS* bug in RFC1661 (already fixed for an Open event in state
``Closed''):
According to the state transition table, a RCR+ or RCR- received in
the ``Stopped'' state are supposed to InitRestartCounter, SendConfigReq
and SendConfig{Ack,Nak}. However, in ``Stopped'', we haven't yet
done a TLS (or the last thing we did is a TLF). We must therefore
do the TLS at this point !

This was never noticed before because LCP and CCP used not use
LayerStart() for anything interesting, and IPCP tends to go into
Stopped then get a Down because of an LCP RTR rather than getting a
RCR again.

show more ...

Parse IP addresses more securely - specifically, don't allow
a bum name to return as 0.0.0.0... we don't want ``delete xxx''
to delete the default route when xxx doesn't resolve.

Support IP number s

Parse IP addresses more securely - specifically, don't allow
a bum name to return as 0.0.0.0... we don't want ``delete xxx''
to delete the default route when xxx doesn't resolve.

Support IP number specifications as the host when specifying
a tcp-style device (rather than *just* hostnames).

show more ...

Fully support both NT and LANMan CHAP type 0x80 as both
authenticator and authenticatee.

Wait by default for one second after the login script
is complete before checking carrier. If it's there,
the device supports carrier. If it's not it doesn't.

Add the ``set cd'' command for decidi

Wait by default for one second after the login script
is complete before checking carrier. If it's there,
the device supports carrier. If it's not it doesn't.

Add the ``set cd'' command for deciding how soon to check
for carrier, and for deciding if carrier is REQUIRED.

The default has changed: Pre 2.0 versions of ppp waited
for 1 second. Version 2 didn't wait, but this causes
problems with some (few?) modems that don't assert carrier
immediately on reporting CONNECT. The one second delay
is back now and can be removed with ``set cd 0''.

Bump the ppp version number in case this needs to be changed
again....

show more ...

When resending chap challenges, resend the same challenge
each time rather than making up a new one.

Increase the authname/authkey max sizes to 100 characters.

Allow ``authkey'' specifications begi

When resending chap challenges, resend the same challenge
each time rather than making up a new one.

Increase the authname/authkey max sizes to 100 characters.

Allow ``authkey'' specifications beginning with ``!''.
When a challenge is received, the text following the
``!'' is executed as a program (expanding stuff in the same
way that ``sh'' and ``!bg'' do). The program is passed the
peer name, peer challenge and local ``authname'' on standard
input and is expected to output the name/key combination that
should be used to build the CHAP response.

This provides support for Secure ID cards (guess what I was
given at work recently!) using CHAP.

Examples will follow.

show more ...