initial import of NetBSD tree

31 files changed, 15030 insertions, 0 deletions

diff --git a/usr.sbin/pppd/Makefile b/usr.sbin/pppd/Makefile
new file mode 100644
index 00000000000..dc83eae5b9e
--- /dev/null
+++ b/usr.sbin/pppd/Makefile
@@ -0,0 +1,15 @@
+#	$Id: Makefile,v 1.1 1995/10/18 08:47:58 deraadt Exp $
+
+PROG=	pppd
+SRCS=	main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c \
+	auth.c options.c sys-bsd.c
+MAN=	pppd.8
+SUBDIR=	pppstats chat
+BINMODE=4555
+BINOWN=	root
+
+LDADD=	-lcrypt -lutil
+DPADD=	${LIBCRYPT} ${LIBUTIL}
+CFLAGS+= -DHAVE_PATHS_H
+
+.include <bsd.prog.mk>
diff --git a/usr.sbin/pppd/auth.c b/usr.sbin/pppd/auth.c
new file mode 100644
index 00000000000..2af78f6fc94
--- /dev/null
+++ b/usr.sbin/pppd/auth.c
@@ -0,0 +1,934 @@
+/*
+ * auth.c - PPP authentication and phase control.
+ *
+ * Copyright (c) 1993 The Australian National University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the Australian National University.  The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: auth.c,v 1.1 1995/10/18 08:47:58 deraadt Exp $";
+#endif
+
+#include <stdio.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <pwd.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <netdb.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#ifdef HAS_SHADOW
+#include <shadow.h>
+#include <shadow/pwauth.h>
+#ifndef PW_PPP
+#define PW_PPP PW_LOGIN
+#endif
+#endif
+
+#include "pppd.h"
+#include "fsm.h"
+#include "lcp.h"
+#include "upap.h"
+#include "chap.h"
+#include "ipcp.h"
+#include "ccp.h"
+#include "pathnames.h"
+
+#if defined(sun) && defined(sparc)
+#include <alloca.h>
+#endif /*sparc*/
+
+/* Used for storing a sequence of words.  Usually malloced. */
+struct wordlist {
+    struct wordlist	*next;
+    char		word[1];
+};
+
+/* Bits in scan_authfile return value */
+#define NONWILD_SERVER	1
+#define NONWILD_CLIENT	2
+
+#define ISWILD(word)	(word[0] == '*' && word[1] == 0)
+
+#define FALSE	0
+#define TRUE	1
+
+/* Records which authentication operations haven't completed yet. */
+static int auth_pending[NUM_PPP];
+static int logged_in;
+static struct wordlist *addresses[NUM_PPP];
+
+/* Bits in auth_pending[] */
+#define UPAP_WITHPEER	1
+#define UPAP_PEER	2
+#define CHAP_WITHPEER	4
+#define CHAP_PEER	8
+
+/* Prototypes */
+void check_access __P((FILE *, char *));
+
+static void network_phase __P((int));
+static int  login __P((char *, char *, char **, int *));
+static void logout __P((void));
+static int  null_login __P((int));
+static int  get_upap_passwd __P((void));
+static int  have_upap_secret __P((void));
+static int  have_chap_secret __P((char *, char *));
+static int  scan_authfile __P((FILE *, char *, char *, char *,
+				  struct wordlist **, char *));
+static void free_wordlist __P((struct wordlist *));
+
+extern char *crypt __P((char *, char *));
+
+/*
+ * An Open on LCP has requested a change from Dead to Establish phase.
+ * Do what's necessary to bring the physical layer up.
+ */
+void
+link_required(unit)
+    int unit;
+{
+}
+
+/*
+ * LCP has terminated the link; go to the Dead phase and take the
+ * physical layer down.
+ */
+void
+link_terminated(unit)
+    int unit;
+{
+    if (phase == PHASE_DEAD)
+	return;
+    if (logged_in)
+	logout();
+    phase = PHASE_DEAD;
+    syslog(LOG_NOTICE, "Connection terminated.");
+}
+
+/*
+ * LCP has gone down; it will either die or try to re-establish.
+ */
+void
+link_down(unit)
+    int unit;
+{
+    ipcp_close(0);
+    ccp_close(0);
+    phase = PHASE_TERMINATE;
+}
+
+/*
+ * The link is established.
+ * Proceed to the Dead, Authenticate or Network phase as appropriate.
+ */
+void
+link_established(unit)
+    int unit;
+{
+    int auth;
+    lcp_options *wo = &lcp_wantoptions[unit];
+    lcp_options *go = &lcp_gotoptions[unit];
+    lcp_options *ho = &lcp_hisoptions[unit];
+
+    if (auth_required && !(go->neg_chap || go->neg_upap)) {
+	/*
+	 * We wanted the peer to authenticate itself, and it refused:
+	 * treat it as though it authenticated with PAP using a username
+	 * of "" and a password of "".  If that's not OK, boot it out.
+	 */
+	if (!wo->neg_upap || !null_login(unit)) {
+	    syslog(LOG_WARNING, "peer refused to authenticate");
+	    lcp_close(unit);
+	    phase = PHASE_TERMINATE;
+	    return;
+	}
+    }
+
+    phase = PHASE_AUTHENTICATE;
+    auth = 0;
+    if (go->neg_chap) {
+	ChapAuthPeer(unit, our_name, go->chap_mdtype);
+	auth |= CHAP_PEER;
+    } else if (go->neg_upap) {
+	upap_authpeer(unit);
+	auth |= UPAP_PEER;
+    }
+    if (ho->neg_chap) {
+	ChapAuthWithPeer(unit, our_name, ho->chap_mdtype);
+	auth |= CHAP_WITHPEER;
+    } else if (ho->neg_upap) {
+	upap_authwithpeer(unit, user, passwd);
+	auth |= UPAP_WITHPEER;
+    }
+    auth_pending[unit] = auth;
+
+    if (!auth)
+	network_phase(unit);
+}
+
+/*
+ * Proceed to the network phase.
+ */
+static void
+network_phase(unit)
+    int unit;
+{
+    phase = PHASE_NETWORK;
+    ipcp_open(unit);
+    ccp_open(unit);
+}
+
+/*
+ * The peer has failed to authenticate himself using `protocol'.
+ */
+void
+auth_peer_fail(unit, protocol)
+    int unit, protocol;
+{
+    /*
+     * Authentication failure: take the link down
+     */
+    lcp_close(unit);
+    phase = PHASE_TERMINATE;
+}
+
+/*
+ * The peer has been successfully authenticated using `protocol'.
+ */
+void
+auth_peer_success(unit, protocol)
+    int unit, protocol;
+{
+    int bit;
+
+    switch (protocol) {
+    case PPP_CHAP:
+	bit = CHAP_PEER;
+	break;
+    case PPP_PAP:
+	bit = UPAP_PEER;
+	break;
+    default:
+	syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x",
+	       protocol);
+	return;
+    }
+
+    /*
+     * If there is no more authentication still to be done,
+     * proceed to the network phase.
+     */
+    if ((auth_pending[unit] &= ~bit) == 0) {
+	phase = PHASE_NETWORK;
+	ipcp_open(unit);
+	ccp_open(unit);
+    }
+}
+
+/*
+ * We have failed to authenticate ourselves to the peer using `protocol'.
+ */
+void
+auth_withpeer_fail(unit, protocol)
+    int unit, protocol;
+{
+    /*
+     * We've failed to authenticate ourselves to our peer.
+     * He'll probably take the link down, and there's not much
+     * we can do except wait for that.
+     */
+}
+
+/*
+ * We have successfully authenticated ourselves with the peer using `protocol'.
+ */
+void
+auth_withpeer_success(unit, protocol)
+    int unit, protocol;
+{
+    int bit;
+
+    switch (protocol) {
+    case PPP_CHAP:
+	bit = CHAP_WITHPEER;
+	break;
+    case PPP_PAP:
+	bit = UPAP_WITHPEER;
+	break;
+    default:
+	syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x",
+	       protocol);
+	bit = 0;
+    }
+
+    /*
+     * If there is no more authentication still being done,
+     * proceed to the network phase.
+     */
+    if ((auth_pending[unit] &= ~bit) == 0)
+	network_phase(unit);
+}
+
+
+/*
+ * check_auth_options - called to check authentication options.
+ */
+void
+check_auth_options()
+{
+    lcp_options *wo = &lcp_wantoptions[0];
+    lcp_options *ao = &lcp_allowoptions[0];
+
+    /* Default our_name to hostname, and user to our_name */
+    if (our_name[0] == 0 || usehostname)
+	strcpy(our_name, hostname);
+    if (user[0] == 0)
+	strcpy(user, our_name);
+
+    /* If authentication is required, ask peer for CHAP or PAP. */
+    if (auth_required && !wo->neg_chap && !wo->neg_upap) {
+	wo->neg_chap = 1;
+	wo->neg_upap = 1;
+    }
+
+    /*
+     * Check whether we have appropriate secrets to use
+     * to authenticate ourselves and/or the peer.
+     */
+    if (ao->neg_upap && passwd[0] == 0 && !get_upap_passwd())
+	ao->neg_upap = 0;
+    if (wo->neg_upap && !uselogin && !have_upap_secret())
+	wo->neg_upap = 0;
+    if (ao->neg_chap && !have_chap_secret(our_name, remote_name))
+	ao->neg_chap = 0;
+    if (wo->neg_chap && !have_chap_secret(remote_name, our_name))
+	wo->neg_chap = 0;
+
+    if (auth_required && !wo->neg_chap && !wo->neg_upap) {
+	fprintf(stderr, "\
+pppd: peer authentication required but no authentication files accessible\n");
+	exit(1);
+    }
+
+}
+
+
+/*
+ * check_passwd - Check the user name and passwd against the PAP secrets
+ * file.  If requested, also check against the system password database,
+ * and login the user if OK.
+ *
+ * returns:
+ *	UPAP_AUTHNAK: Authentication failed.
+ *	UPAP_AUTHACK: Authentication succeeded.
+ * In either case, msg points to an appropriate message.
+ */
+int
+check_passwd(unit, auser, userlen, apasswd, passwdlen, msg, msglen)
+    int unit;
+    char *auser;
+    int userlen;
+    char *apasswd;
+    int passwdlen;
+    char **msg;
+    int *msglen;
+{
+    int ret;
+    char *filename;
+    FILE *f;
+    struct wordlist *addrs;
+    char passwd[256], user[256];
+    char secret[MAXWORDLEN];
+    static int attempts = 0;
+
+    /*
+     * Make copies of apasswd and auser, then null-terminate them.
+     */
+    BCOPY(apasswd, passwd, passwdlen);
+    passwd[passwdlen] = '\0';
+    BCOPY(auser, user, userlen);
+    user[userlen] = '\0';
+
+    /*
+     * Open the file of upap secrets and scan for a suitable secret
+     * for authenticating this user.
+     */
+    filename = _PATH_UPAPFILE;
+    addrs = NULL;
+    ret = UPAP_AUTHACK;
+    f = fopen(filename, "r");
+    if (f == NULL) {
+	if (!uselogin) {
+	    syslog(LOG_ERR, "Can't open upap password file %s: %m", filename);
+	    ret = UPAP_AUTHNAK;
+	}
+
+    } else {
+	check_access(f, filename);
+	if (scan_authfile(f, user, our_name, secret, &addrs, filename) < 0
+	    || (secret[0] != 0 && (cryptpap || strcmp(passwd, secret) != 0)
+		&& strcmp(crypt(passwd, secret), secret) != 0)) {
+	    syslog(LOG_WARNING, "upap authentication failure for %s", user);
+	    ret = UPAP_AUTHNAK;
+	}
+	fclose(f);
+    }
+
+    if (uselogin && ret == UPAP_AUTHACK) {
+	ret = login(user, passwd, msg, msglen);
+	if (ret == UPAP_AUTHNAK) {
+	    syslog(LOG_WARNING, "upap login failure for %s", user);
+	}
+    }
+
+    if (ret == UPAP_AUTHNAK) {
+	*msg = "Login incorrect";
+	*msglen = strlen(*msg);
+	/*
+	 * Frustrate passwd stealer programs.
+	 * Allow 10 tries, but start backing off after 3 (stolen from login).
+	 * On 10'th, drop the connection.
+	 */
+	if (attempts++ >= 10) {
+	    syslog(LOG_WARNING, "%d LOGIN FAILURES ON %s, %s",
+		   attempts, devnam, user);
+	    quit();
+	}
+	if (attempts > 3)
+	    sleep((u_int) (attempts - 3) * 5);
+	if (addrs != NULL)
+	    free_wordlist(addrs);
+
+    } else {
+	attempts = 0;			/* Reset count */
+	*msg = "Login ok";
+	*msglen = strlen(*msg);
+	if (addresses[unit] != NULL)
+	    free_wordlist(addresses[unit]);
+	addresses[unit] = addrs;
+    }
+
+    return ret;
+}
+
+
+/*
+ * login - Check the user name and password against the system
+ * password database, and login the user if OK.
+ *
+ * returns:
+ *	UPAP_AUTHNAK: Login failed.
+ *	UPAP_AUTHACK: Login succeeded.
+ * In either case, msg points to an appropriate message.
+ */
+static int
+login(user, passwd, msg, msglen)
+    char *user;
+    char *passwd;
+    char **msg;
+    int *msglen;
+{
+    struct passwd *pw;
+    char *epasswd;
+    char *tty;
+
+#ifdef HAS_SHADOW
+    struct spwd *spwd;
+    struct spwd *getspnam();
+#endif
+
+    if ((pw = getpwnam(user)) == NULL) {
+	return (UPAP_AUTHNAK);
+    }
+
+#ifdef HAS_SHADOW
+    if ((spwd = getspnam(user)) == NULL) {
+        pw->pw_passwd = "";
+    } else {
+	pw->pw_passwd = spwd->sp_pwdp;
+    }
+#endif
+
+    /*
+     * XXX If no passwd, let them login without one.
+     */
+    if (pw->pw_passwd == '\0') {
+	return (UPAP_AUTHACK);
+    }
+
+#ifdef HAS_SHADOW
+    if ((pw->pw_passwd && pw->pw_passwd[0] == '@'
+	 && pw_auth (pw->pw_passwd+1, pw->pw_name, PW_PPP, NULL))
+	|| !valid (passwd, pw)) {
+	return (UPAP_AUTHNAK);
+    }
+#else
+    epasswd = crypt(passwd, pw->pw_passwd);
+    if (strcmp(epasswd, pw->pw_passwd)) {
+	return (UPAP_AUTHNAK);
+    }
+#endif
+
+    syslog(LOG_INFO, "user %s logged in", user);
+
+    /*
+     * Write a wtmp entry for this user.
+     */
+    tty = devnam;
+    if (strncmp(tty, "/dev/", 5) == 0)
+	tty += 5;
+    logwtmp(tty, user, "");		/* Add wtmp login entry */
+    logged_in = TRUE;
+
+    return (UPAP_AUTHACK);
+}
+
+/*
+ * logout - Logout the user.
+ */
+static void
+logout()
+{
+    char *tty;
+
+    tty = devnam;
+    if (strncmp(tty, "/dev/", 5) == 0)
+	tty += 5;
+    logwtmp(tty, "", "");		/* Wipe out wtmp logout entry */
+    logged_in = FALSE;
+}
+
+
+/*
+ * null_login - Check if a username of "" and a password of "" are
+ * acceptable, and iff so, set the list of acceptable IP addresses
+ * and return 1.
+ */
+static int
+null_login(unit)
+    int unit;
+{
+    char *filename;
+    FILE *f;
+    int i, ret;
+    struct wordlist *addrs;
+    char secret[MAXWORDLEN];
+
+    /*
+     * Open the file of upap secrets and scan for a suitable secret.
+     * We don't accept a wildcard client.
+     */
+    filename = _PATH_UPAPFILE;
+    addrs = NULL;
+    f = fopen(filename, "r");
+    if (f == NULL)
+	return 0;
+    check_access(f, filename);
+
+    i = scan_authfile(f, "", our_name, secret, &addrs, filename);
+    ret = i >= 0 && (i & NONWILD_CLIENT) != 0 && secret[0] == 0;
+
+    if (ret) {
+	if (addresses[unit] != NULL)
+	    free_wordlist(addresses[unit]);
+	addresses[unit] = addrs;
+    }
+
+    fclose(f);
+    return ret;
+}
+
+
+/*
+ * get_upap_passwd - get a password for authenticating ourselves with
+ * our peer using PAP.  Returns 1 on success, 0 if no suitable password
+ * could be found.
+ */
+static int
+get_upap_passwd()
+{
+    char *filename;
+    FILE *f;
+    struct wordlist *addrs;
+    char secret[MAXWORDLEN];
+
+    filename = _PATH_UPAPFILE;
+    addrs = NULL;
+    f = fopen(filename, "r");
+    if (f == NULL)
+	return 0;
+    check_access(f, filename);
+    if (scan_authfile(f, user, remote_name, secret, NULL, filename) < 0)
+	return 0;
+    strncpy(passwd, secret, MAXSECRETLEN);
+    passwd[MAXSECRETLEN-1] = 0;
+    return 1;
+}
+
+
+/*
+ * have_upap_secret - check whether we have a PAP file with any
+ * secrets that we could possibly use for authenticating the peer.
+ */
+static int
+have_upap_secret()
+{
+    FILE *f;
+    int ret;
+    char *filename;
+
+    filename = _PATH_UPAPFILE;
+    f = fopen(filename, "r");
+    if (f == NULL)
+	return 0;
+
+    ret = scan_authfile(f, NULL, our_name, NULL, NULL, filename);
+    fclose(f);
+    if (ret < 0)
+	return 0;
+
+    return 1;
+}
+
+
+/*
+ * have_chap_secret - check whether we have a CHAP file with a
+ * secret that we could possibly use for authenticating `client'
+ * on `server'.  Either can be the null string, meaning we don't
+ * know the identity yet.
+ */
+static int
+have_chap_secret(client, server)
+    char *client;
+    char *server;
+{
+    FILE *f;
+    int ret;
+    char *filename;
+
+    filename = _PATH_CHAPFILE;
+    f = fopen(filename, "r");
+    if (f == NULL)
+	return 0;
+
+    if (client[0] == 0)
+	client = NULL;
+    else if (server[0] == 0)
+	server = NULL;
+
+    ret = scan_authfile(f, client, server, NULL, NULL, filename);
+    fclose(f);
+    if (ret < 0)
+	return 0;
+
+    return 1;
+}
+
+
+/*
+ * get_secret - open the CHAP secret file and return the secret
+ * for authenticating the given client on the given server.
+ * (We could be either client or server).
+ */
+int
+get_secret(unit, client, server, secret, secret_len, save_addrs)
+    int unit;
+    char *client;
+    char *server;
+    char *secret;
+    int *secret_len;
+    int save_addrs;
+{
+    FILE *f;
+    int ret, len;
+    char *filename;
+    struct wordlist *addrs;
+    char secbuf[MAXWORDLEN];
+
+    filename = _PATH_CHAPFILE;
+    addrs = NULL;
+    secbuf[0] = 0;
+
+    f = fopen(filename, "r");
+    if (f == NULL) {
+	syslog(LOG_ERR, "Can't open chap secret file %s: %m", filename);
+	return 0;
+    }
+    check_access(f, filename);
+
+    ret = scan_authfile(f, client, server, secbuf, &addrs, filename);
+    fclose(f);
+    if (ret < 0)
+	return 0;
+
+    if (save_addrs) {
+	if (addresses[unit] != NULL)
+	    free_wordlist(addresses[unit]);
+	addresses[unit] = addrs;
+    }
+
+    len = strlen(secbuf);
+    if (len > MAXSECRETLEN) {
+	syslog(LOG_ERR, "Secret for %s on %s is too long", client, server);
+	len = MAXSECRETLEN;
+    }
+    BCOPY(secbuf, secret, len);
+    *secret_len = len;
+
+    return 1;
+}
+
+/*
+ * auth_ip_addr - check whether the peer is authorized to use
+ * a given IP address.  Returns 1 if authorized, 0 otherwise.
+ */
+int
+auth_ip_addr(unit, addr)
+    int unit;
+    u_int32_t addr;
+{
+    u_int32_t a;
+    struct hostent *hp;
+    struct wordlist *addrs;
+
+    /* don't allow loopback or multicast address */
+    if (bad_ip_adrs(addr))
+	return 0;
+
+    if ((addrs = addresses[unit]) == NULL)
+	return 1;		/* no restriction */
+
+    for (; addrs != NULL; addrs = addrs->next) {
+	/* "-" means no addresses authorized */
+	if (strcmp(addrs->word, "-") == 0)
+	    break;
+	if ((a = inet_addr(addrs->word)) == -1) {
+	    if ((hp = gethostbyname(addrs->word)) == NULL) {
+		syslog(LOG_WARNING, "unknown host %s in auth. address list",
+		       addrs->word);
+		continue;
+	    } else
+		a = *(u_int32_t *)hp->h_addr;
+	}
+	if (addr == a)
+	    return 1;
+    }
+    return 0;			/* not in list => can't have it */
+}
+
+/*
+ * bad_ip_adrs - return 1 if the IP address is one we don't want
+ * to use, such as an address in the loopback net or a multicast address.
+ * addr is in network byte order.
+ */
+int
+bad_ip_adrs(addr)
+    u_int32_t addr;
+{
+    addr = ntohl(addr);
+    return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
+	|| IN_MULTICAST(addr) || IN_BADCLASS(addr);
+}
+
+/*
+ * check_access - complain if a secret file has too-liberal permissions.
+ */
+void
+check_access(f, filename)
+    FILE *f;
+    char *filename;
+{
+    struct stat sbuf;
+
+    if (fstat(fileno(f), &sbuf) < 0) {
+	syslog(LOG_WARNING, "cannot stat secret file %s: %m", filename);
+    } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) {
+	syslog(LOG_WARNING, "Warning - secret file %s has world and/or group access", filename);
+    }
+}
+
+
+/*
+ * scan_authfile - Scan an authorization file for a secret suitable
+ * for authenticating `client' on `server'.  The return value is -1
+ * if no secret is found, otherwise >= 0.  The return value has
+ * NONWILD_CLIENT set if the secret didn't have "*" for the client, and
+ * NONWILD_SERVER set if the secret didn't have "*" for the server.
+ * Any following words on the line (i.e. address authorization
+ * info) are placed in a wordlist and returned in *addrs.  
+ */
+static int
+scan_authfile(f, client, server, secret, addrs, filename)
+    FILE *f;
+    char *client;
+    char *server;
+    char *secret;
+    struct wordlist **addrs;
+    char *filename;
+{
+    int newline, xxx;
+    int got_flag, best_flag;
+    FILE *sf;
+    struct wordlist *ap, *addr_list, *addr_last;
+    char word[MAXWORDLEN];
+    char atfile[MAXWORDLEN];
+
+    if (addrs != NULL)
+	*addrs = NULL;
+    addr_list = NULL;
+    if (!getword(f, word, &newline, filename))
+	return -1;		/* file is empty??? */
+    newline = 1;
+    best_flag = -1;
+    for (;;) {
+	/*
+	 * Skip until we find a word at the start of a line.
+	 */
+	while (!newline && getword(f, word, &newline, filename))
+	    ;
+	if (!newline)
+	    break;		/* got to end of file */
+
+	/*
+	 * Got a client - check if it's a match or a wildcard.
+	 */
+	got_flag = 0;
+	if (client != NULL && strcmp(word, client) != 0 && !ISWILD(word)) {
+	    newline = 0;
+	    continue;
+	}
+	if (!ISWILD(word))
+	    got_flag = NONWILD_CLIENT;
+
+	/*
+	 * Now get a server and check if it matches.
+	 */
+	if (!getword(f, word, &newline, filename))
+	    break;
+	if (newline)
+	    continue;
+	if (server != NULL && strcmp(word, server) != 0 && !ISWILD(word))
+	    continue;
+	if (!ISWILD(word))
+	    got_flag |= NONWILD_SERVER;
+
+	/*
+	 * Got some sort of a match - see if it's better than what
+	 * we have already.
+	 */
+	if (got_flag <= best_flag)
+	    continue;
+
+	/*
+	 * Get the secret.
+	 */
+	if (!getword(f, word, &newline, filename))
+	    break;
+	if (newline)
+	    continue;
+
+	/*
+	 * Special syntax: @filename means read secret from file.
+	 */
+	if (word[0] == '@') {
+	    strcpy(atfile, word+1);
+	    if ((sf = fopen(atfile, "r")) == NULL) {
+		syslog(LOG_WARNING, "can't open indirect secret file %s",
+		       atfile);
+		continue;
+	    }
+	    check_access(sf, atfile);
+	    if (!getword(sf, word, &xxx, atfile)) {
+		syslog(LOG_WARNING, "no secret in indirect secret file %s",
+		       atfile);
+		fclose(sf);
+		continue;
+	    }
+	    fclose(sf);
+	}
+	if (secret != NULL)
+	    strcpy(secret, word);
+		
+	best_flag = got_flag;
+
+	/*
+	 * Now read address authorization info and make a wordlist.
+	 */
+	if (addr_list)
+	    free_wordlist(addr_list);
+	addr_list = addr_last = NULL;
+	for (;;) {
+	    if (!getword(f, word, &newline, filename) || newline)
+		break;
+	    ap = (struct wordlist *) malloc(sizeof(struct wordlist)
+					    + strlen(word));
+	    if (ap == NULL)
+		novm("authorized addresses");
+	    ap->next = NULL;
+	    strcpy(ap->word, word);
+	    if (addr_list == NULL)
+		addr_list = ap;
+	    else
+		addr_last->next = ap;
+	    addr_last = ap;
+	}
+	if (!newline)
+	    break;
+    }
+
+    if (addrs != NULL)
+	*addrs = addr_list;
+    else if (addr_list != NULL)
+	free_wordlist(addr_list);
+
+    return best_flag;
+}
+
+/*
+ * free_wordlist - release memory allocated for a wordlist.
+ */
+static void
+free_wordlist(wp)
+    struct wordlist *wp;
+{
+    struct wordlist *next;
+
+    while (wp != NULL) {
+	next = wp->next;
+	free(wp);
+	wp = next;
+    }
+}
diff --git a/usr.sbin/pppd/ccp.c b/usr.sbin/pppd/ccp.c
new file mode 100644
index 00000000000..b412f3afdb5
--- /dev/null
+++ b/usr.sbin/pppd/ccp.c
@@ -0,0 +1,652 @@
+/*
+ * ccp.c - PPP Compression Control Protocol.
+ *
+ * Copyright (c) 1994 The Australian National University.
+ * All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation is hereby granted, provided that the above copyright
+ * notice appears in all copies.  This software is provided without any
+ * warranty, express or implied. The Australian National University
+ * makes no representations about the suitability of this software for
+ * any purpose.
+ *
+ * IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY
+ * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
+ * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF
+ * THE AUSTRALIAN NATIONAL UNIVERSITY HAVE BEEN ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE.  THE SOFTWARE PROVIDED HEREUNDER IS
+ * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO
+ * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS,
+ * OR MODIFICATIONS.
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: ccp.c,v 1.1 1995/10/18 08:47:58 deraadt Exp $";
+#endif
+
+#include <string.h>
+#include <syslog.h>
+#include <sys/ioctl.h>
+#include <net/ppp-comp.h>
+
+#include "pppd.h"
+#include "fsm.h"
+#include "ccp.h"
+
+fsm ccp_fsm[NUM_PPP];
+ccp_options ccp_wantoptions[NUM_PPP];	/* what to request the peer to use */
+ccp_options ccp_gotoptions[NUM_PPP];	/* what the peer agreed to do */
+ccp_options ccp_allowoptions[NUM_PPP];	/* what we'll agree to do */
+ccp_options ccp_hisoptions[NUM_PPP];	/* what we agreed to do */
+
+/*
+ * Callbacks for fsm code.
+ */
+static void ccp_resetci __P((fsm *));
+static int  ccp_cilen __P((fsm *));
+static void ccp_addci __P((fsm *, u_char *, int *));
+static int  ccp_ackci __P((fsm *, u_char *, int));
+static int  ccp_nakci __P((fsm *, u_char *, int));
+static int  ccp_rejci __P((fsm *, u_char *, int));
+static int  ccp_reqci __P((fsm *, u_char *, int *, int));
+static void ccp_up __P((fsm *));
+static void ccp_down __P((fsm *));
+static int  ccp_extcode __P((fsm *, int, int, u_char *, int));
+static void ccp_rack_timeout __P(());
+
+static fsm_callbacks ccp_callbacks = {
+    ccp_resetci,
+    ccp_cilen,
+    ccp_addci,
+    ccp_ackci,
+    ccp_nakci,
+    ccp_rejci,
+    ccp_reqci,
+    ccp_up,
+    ccp_down,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    ccp_extcode,
+    "CCP"
+};
+
+/*
+ * Do we want / did we get any compression?
+ */
+#define ANY_COMPRESS(opt)	((opt).bsd_compress)
+
+/*
+ * Local state (mainly for handling reset-reqs and reset-acks
+ */
+static int ccp_localstate[NUM_PPP];
+#define RACK_PENDING	1	/* waiting for reset-ack */
+#define RREQ_REPEAT	2	/* send another reset-req if no reset-ack */
+
+#define RACKTIMEOUT	1	/* second */
+
+/*
+ * ccp_init - initialize CCP.
+ */
+void
+ccp_init(unit)
+    int unit;
+{
+    fsm *f = &ccp_fsm[unit];
+
+    f->unit = unit;
+    f->protocol = PPP_CCP;
+    f->callbacks = &ccp_callbacks;
+    fsm_init(f);
+
+    memset(&ccp_wantoptions[unit],  0, sizeof(ccp_options));
+    memset(&ccp_gotoptions[unit],   0, sizeof(ccp_options));
+    memset(&ccp_allowoptions[unit], 0, sizeof(ccp_options));
+    memset(&ccp_hisoptions[unit],   0, sizeof(ccp_options));
+
+    ccp_wantoptions[0].bsd_compress = 1;
+    ccp_wantoptions[0].bsd_bits = 12;	/* default value */
+
+    ccp_allowoptions[0].bsd_compress = 1;
+    ccp_allowoptions[0].bsd_bits = BSD_MAX_BITS;
+}
+
+/*
+ * ccp_open - CCP is allowed to come up.
+ */
+void
+ccp_open(unit)
+    int unit;
+{
+    fsm *f = &ccp_fsm[unit];
+
+    if (f->state != OPENED)
+	ccp_flags_set(unit, 1, 0);
+    if (!ANY_COMPRESS(ccp_wantoptions[unit]))
+	f->flags |= OPT_SILENT;
+    fsm_open(f);
+}
+
+/*
+ * ccp_close - Terminate CCP.
+ */
+void
+ccp_close(unit)
+    int unit;
+{
+    ccp_flags_set(unit, 0, 0);
+    fsm_close(&ccp_fsm[unit]);
+}
+
+/*
+ * ccp_lowerup - we may now transmit CCP packets.
+ */
+void
+ccp_lowerup(unit)
+    int unit;
+{
+    fsm_lowerup(&ccp_fsm[unit]);
+}
+
+/*
+ * ccp_lowerdown - we may not transmit CCP packets.
+ */
+void
+ccp_lowerdown(unit)
+    int unit;
+{
+    fsm_lowerdown(&ccp_fsm[unit]);
+}
+
+/*
+ * ccp_input - process a received CCP packet.
+ */
+void
+ccp_input(unit, p, len)
+    int unit;
+    u_char *p;
+    int len;
+{
+    fsm *f = &ccp_fsm[unit];
+    int oldstate;
+
+    /*
+     * Check for a terminate-request so we can print a message.
+     */
+    oldstate = f->state;
+    fsm_input(f, p, len);
+    if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED)
+	syslog(LOG_NOTICE, "Compression disabled by peer.");
+
+    /*
+     * If we get a terminate-ack and we're not asking for compression,
+     * close CCP.
+     */
+    if (oldstate == REQSENT && p[0] == TERMACK
+	&& !ANY_COMPRESS(ccp_gotoptions[unit]))
+	ccp_close(unit);
+}
+
+/*
+ * Handle a CCP-specific code.
+ */
+static int
+ccp_extcode(f, code, id, p, len)
+    fsm *f;
+    int code, id;
+    u_char *p;
+    int len;
+{
+    switch (code) {
+    case CCP_RESETREQ:
+	if (f->state != OPENED)
+	    break;
+	/* send a reset-ack, which the transmitter will see and
+	   reset its compression state. */
+	fsm_sdata(f, CCP_RESETACK, id, NULL, 0);
+	break;
+
+    case CCP_RESETACK:
+	if (ccp_localstate[f->unit] & RACK_PENDING && id == f->reqid) {
+	    ccp_localstate[f->unit] &= ~(RACK_PENDING | RREQ_REPEAT);
+	    UNTIMEOUT(ccp_rack_timeout, (caddr_t) f);
+	}
+	break;
+
+    default:
+	return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * ccp_protrej - peer doesn't talk CCP.
+ */
+void
+ccp_protrej(unit)
+    int unit;
+{
+    ccp_flags_set(unit, 0, 0);
+    fsm_lowerdown(&ccp_fsm[unit]);
+}
+
+/*
+ * ccp_resetci - initialize at start of negotiation.
+ */
+static void
+ccp_resetci(f)
+    fsm *f;
+{
+    ccp_options *go = &ccp_gotoptions[f->unit];
+    u_char opt_buf[16];
+
+    *go = ccp_wantoptions[f->unit];
+    if (go->bsd_compress) {
+	opt_buf[0] = CI_BSD_COMPRESS;
+	opt_buf[1] = CILEN_BSD_COMPRESS;
+	opt_buf[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits);
+	if (!ccp_test(f->unit, opt_buf, CILEN_BSD_COMPRESS, 0))
+	    go->bsd_compress = 0;
+    }
+}
+
+/*
+ * ccp_cilen - Return total length of our configuration info.
+ */
+static int
+ccp_cilen(f)
+    fsm *f;
+{
+    ccp_options *go = &ccp_gotoptions[f->unit];
+
+    return (go->bsd_compress? CILEN_BSD_COMPRESS: 0);
+}
+
+/*
+ * ccp_addci - put our requests in a packet.
+ */
+static void
+ccp_addci(f, p, lenp)
+    fsm *f;
+    u_char *p;
+    int *lenp;
+{
+    ccp_options *go = &ccp_gotoptions[f->unit];
+    u_char *p0 = p;
+
+    if (go->bsd_compress) {
+	p[0] = CI_BSD_COMPRESS;
+	p[1] = CILEN_BSD_COMPRESS;
+	p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits);
+	if (ccp_test(f->unit, p, CILEN_BSD_COMPRESS, 0))
+	    p += CILEN_BSD_COMPRESS;
+	else
+	    go->bsd_compress = 0;
+    }
+    *lenp = p - p0;
+}
+
+/*
+ * ccp_ackci - process a received configure-ack, and return
+ * 1 iff the packet was OK.
+ */
+static int
+ccp_ackci(f, p, len)
+    fsm *f;
+    u_char *p;
+    int len;
+{
+    ccp_options *go = &ccp_gotoptions[f->unit];
+
+    if (go->bsd_compress) {
+	if (len < CILEN_BSD_COMPRESS
+	    || p[0] != CI_BSD_COMPRESS || p[1] != CILEN_BSD_COMPRESS
+	    || p[2] != BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits))
+	    return 0;
+	p += CILEN_BSD_COMPRESS;
+	len -= CILEN_BSD_COMPRESS;
+    }
+    if (len != 0)
+	return 0;
+    return 1;
+}
+
+/*
+ * ccp_nakci - process received configure-nak.
+ * Returns 1 iff the nak was OK.
+ */
+static int
+ccp_nakci(f, p, len)
+    fsm *f;
+    u_char *p;
+    int len;
+{
+    ccp_options *go = &ccp_gotoptions[f->unit];
+    ccp_options no;		/* options we've seen already */
+    ccp_options try;		/* options to ask for next time */
+
+    memset(&no, 0, sizeof(no));
+    try = *go;
+
+    if (go->bsd_compress && !no.bsd_compress && len >= CILEN_BSD_COMPRESS
+	&& p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) {
+	no.bsd_compress = 1;
+	/*
+	 * Peer wants us to use a different number of bits
+	 * or a different version.
+	 */
+	if (BSD_VERSION(p[2]) != BSD_CURRENT_VERSION)
+	    try.bsd_compress = 0;
+	else if (BSD_NBITS(p[2]) < go->bsd_bits)
+	    try.bsd_bits = BSD_NBITS(p[2]);
+	p += CILEN_BSD_COMPRESS;
+	len -= CILEN_BSD_COMPRESS;
+    }
+
+    /*
+     * Have a look at any remaining options...???
+     */
+
+    if (len != 0)
+	return 0;
+
+    if (f->state != OPENED)
+	*go = try;
+    return 1;
+}
+
+/*
+ * ccp_rejci - reject some of our suggested compression methods.
+ */
+static int
+ccp_rejci(f, p, len)
+    fsm *f;
+    u_char *p;
+    int len;
+{
+    ccp_options *go = &ccp_gotoptions[f->unit];
+    ccp_options try;		/* options to request next time */
+
+    try = *go;
+
+    if (go->bsd_compress && len >= CILEN_BSD_COMPRESS
+	&& p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) {
+	if (p[2] != BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits))
+	    return 0;
+	try.bsd_compress = 0;
+	p += CILEN_BSD_COMPRESS;
+	len -= CILEN_BSD_COMPRESS;
+    }
+
+    if (len != 0)
+	return 0;
+
+    if (f->state != OPENED)
+	*go = try;
+
+    return 1;
+}
+
+/*
+ * ccp_reqci - processed a received configure-request.
+ * Returns CONFACK, CONFNAK or CONFREJ and the packet modified
+ * appropriately.
+ */
+static int
+ccp_reqci(f, p, lenp, dont_nak)
+    fsm *f;
+    u_char *p;
+    int *lenp;
+    int dont_nak;
+{
+    int ret, newret;
+    u_char *p0, *retp;
+    int len, clen, type, nb;
+    ccp_options *ho = &ccp_hisoptions[f->unit];
+    ccp_options *ao = &ccp_allowoptions[f->unit];
+
+    ret = CONFACK;
+    retp = p0 = p;
+    len = *lenp;
+
+    memset(ho, 0, sizeof(ccp_options));
+
+    while (len > 0) {
+	newret = CONFACK;
+	if (len < 2 || p[1] < 2 || p[1] > len) {
+	    /* length is bad */
+	    clen = len;
+	    newret = CONFREJ;
+
+	} else {
+	    type = p[0];
+	    clen = p[1];
+
+	    switch (type) {
+	    case CI_BSD_COMPRESS:
+		if (!ao->bsd_compress || clen != CILEN_BSD_COMPRESS) {
+		    newret = CONFREJ;
+		    break;
+		}
+
+		ho->bsd_compress = 1;
+		ho->bsd_bits = nb = BSD_NBITS(p[2]);
+		if (BSD_VERSION(p[2]) != BSD_CURRENT_VERSION
+		    || nb > ao->bsd_bits) {
+		    newret = CONFNAK;
+		    nb = ao->bsd_bits;
+		} else if (nb < BSD_MIN_BITS) {
+		    newret = CONFREJ;
+		} else if (!ccp_test(f->unit, p, CILEN_BSD_COMPRESS, 1)) {
+		    if (nb > BSD_MIN_BITS) {
+			--nb;
+			newret = CONFNAK;
+		    } else
+			newret = CONFREJ;
+		}
+		if (newret == CONFNAK && !dont_nak) {
+		    p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, nb);
+		}
+
+		break;
+
+	    default:
+		newret = CONFREJ;
+	    }
+	}
+
+	if (newret == CONFNAK && dont_nak)
+	    newret = CONFREJ;
+	if (!(newret == CONFACK || newret == CONFNAK && ret == CONFREJ)) {
+	    /* we're returning this option */
+	    if (newret == CONFREJ && ret == CONFNAK)
+		retp = p0;
+	    ret = newret;
+	    if (p != retp)
+		BCOPY(p, retp, clen);
+	    retp += clen;
+	}
+
+	p += clen;
+	len -= clen;
+    }
+
+    if (ret != CONFACK)
+	*lenp = retp - p0;
+    return ret;
+}
+
+/*
+ * CCP has come up - inform the kernel driver.
+ */
+static void
+ccp_up(f)
+    fsm *f;
+{
+    ccp_options *go = &ccp_gotoptions[f->unit];
+    ccp_options *ho = &ccp_hisoptions[f->unit];
+
+    ccp_flags_set(f->unit, 1, 1);
+    if (go->bsd_compress || ho->bsd_compress)
+	syslog(LOG_NOTICE, "%s enabled",
+	       go->bsd_compress? ho->bsd_compress? "Compression":
+	       "Receive compression": "Transmit compression");
+}
+
+/*
+ * CCP has gone down - inform the kernel driver.
+ */
+static void
+ccp_down(f)
+    fsm *f;
+{
+    if (ccp_localstate[f->unit] & RACK_PENDING)
+	UNTIMEOUT(ccp_rack_timeout, (caddr_t) f);
+    ccp_localstate[f->unit] = 0;
+    ccp_flags_set(f->unit, 1, 0);
+}
+
+/*
+ * Print the contents of a CCP packet.
+ */
+char *ccp_codenames[] = {
+    "ConfReq", "ConfAck", "ConfNak", "ConfRej",
+    "TermReq", "TermAck", "CodeRej",
+    NULL, NULL, NULL, NULL, NULL, NULL,
+    "ResetReq", "ResetAck",
+};
+
+int
+ccp_printpkt(p, plen, printer, arg)
+    u_char *p;
+    int plen;
+    void (*printer) __P((void *, char *, ...));
+    void *arg;
+{
+    u_char *p0, *optend;
+    int code, id, len;
+    int optlen;
+
+    p0 = p;
+    if (plen < HEADERLEN)
+	return 0;
+    code = p[0];
+    id = p[1];
+    len = (p[2] << 8) + p[3];
+    if (len < HEADERLEN || len > plen)
+	return 0;
+
+    if (code >= 1 && code <= sizeof(ccp_codenames) / sizeof(char *)
+	&& ccp_codenames[code-1] != NULL)
+	printer(arg, " %s", ccp_codenames[code-1]);
+    else
+	printer(arg, " code=0x%x", code);
+    printer(arg, " id=0x%x", id);
+    len -= HEADERLEN;
+    p += HEADERLEN;
+
+    switch (code) {
+    case CONFREQ:
+    case CONFACK:
+    case CONFNAK:
+    case CONFREJ:
+	/* print list of possible compression methods */
+	while (len >= 2) {
+	    code = p[0];
+	    optlen = p[1];
+	    if (optlen < 2 || optlen > len)
+		break;
+	    printer(arg, " <");
+	    len -= optlen;
+	    optend = p + optlen;
+	    switch (code) {
+	    case CI_BSD_COMPRESS:
+		if (optlen >= CILEN_BSD_COMPRESS) {
+		    printer(arg, "bsd v%d %d", BSD_VERSION(p[2]),
+			    BSD_NBITS(p[2]));
+		    p += CILEN_BSD_COMPRESS;
+		}
+		break;
+	    }
+	    while (p < optend)
+		printer(arg, " %.2x", *p++);
+	    printer(arg, ">");
+	}
+	break;
+    }
+
+    /* dump out the rest of the packet in hex */
+    while (--len >= 0)
+	printer(arg, " %.2x", *p++);
+
+    return p - p0;
+}
+
+/*
+ * We have received a packet that the decompressor failed to
+ * decompress.  Here we would expect to issue a reset-request, but
+ * Motorola has a patent on resetting the compressor as a result of
+ * detecting an error in the decompressed data after decompression.
+ * (See US patent 5,130,993; international patent publication number
+ * WO 91/10289; Australian patent 73296/91.)
+ *
+ * So we ask the kernel whether the error was detected after
+ * decompression; if it was, we take CCP down, thus disabling
+ * compression :-(, otherwise we issue the reset-request.
+ */
+void
+ccp_datainput(unit, pkt, len)
+    int unit;
+    u_char *pkt;
+    int len;
+{
+    fsm *f;
+
+    f = &ccp_fsm[unit];
+    if (f->state == OPENED) {
+	if (ccp_fatal_error(unit)) {
+	    /*
+	     * Disable compression by taking CCP down.
+	     */
+	    syslog(LOG_ERR, "Lost compression sync: disabling compression");
+	    ccp_close(unit);
+	} else {
+	    /*
+	     * Send a reset-request to reset the peer's compressor.
+	     * We don't do that if we are still waiting for an
+	     * acknowledgement to a previous reset-request.
+	     */
+	    if (!(ccp_localstate[f->unit] & RACK_PENDING)) {
+		fsm_sdata(f, CCP_RESETREQ, f->reqid = ++f->id, NULL, 0);
+		TIMEOUT(ccp_rack_timeout, (caddr_t) f, RACKTIMEOUT);
+		ccp_localstate[f->unit] |= RACK_PENDING;
+	    } else
+		ccp_localstate[f->unit] |= RREQ_REPEAT;
+	}
+    }
+}
+
+/*
+ * Timeout waiting for reset-ack.
+ */
+static void
+ccp_rack_timeout(arg)
+    caddr_t arg;
+{
+    fsm *f = (fsm *) arg;
+
+    if (f->state == OPENED && ccp_localstate[f->unit] & RREQ_REPEAT) {
+	fsm_sdata(f, CCP_RESETREQ, f->reqid, NULL, 0);
+	TIMEOUT(ccp_rack_timeout, (caddr_t) f, RACKTIMEOUT);
+	ccp_localstate[f->unit] &= ~RREQ_REPEAT;
+    } else
+	ccp_localstate[f->unit] &= ~RACK_PENDING;
+}
+
diff --git a/usr.sbin/pppd/ccp.h b/usr.sbin/pppd/ccp.h
new file mode 100644
index 00000000000..b5b3a1c16f3
--- /dev/null
+++ b/usr.sbin/pppd/ccp.h
@@ -0,0 +1,51 @@
+/*
+ * ccp.h - Definitions for PPP Compression Control Protocol.
+ *
+ * Copyright (c) 1994 The Australian National University.
+ * All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation is hereby granted, provided that the above copyright
+ * notice appears in all copies.  This software is provided without any
+ * warranty, express or implied. The Australian National University
+ * makes no representations about the suitability of this software for
+ * any purpose.
+ *
+ * IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY
+ * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
+ * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF
+ * THE AUSTRALIAN NATIONAL UNIVERSITY HAVE BEEN ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ *
+ * THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE.  THE SOFTWARE PROVIDED HEREUNDER IS
+ * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO
+ * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS,
+ * OR MODIFICATIONS.
+ *
+ * $Id: ccp.h,v 1.1 1995/10/18 08:47:58 deraadt Exp $
+ */
+
+typedef struct ccp_options {
+    u_int bsd_compress: 1;	/* do BSD Compress? */
+    u_short bsd_bits;		/* # bits/code for BSD Compress */
+} ccp_options;
+
+extern fsm ccp_fsm[];
+extern ccp_options ccp_wantoptions[];
+extern ccp_options ccp_gotoptions[];
+extern ccp_options ccp_allowoptions[];
+extern ccp_options ccp_hisoptions[];
+
+void ccp_init __P((int unit));
+void ccp_open __P((int unit));
+void ccp_close __P((int unit));
+void ccp_lowerup __P((int unit));
+void ccp_lowerdown __P((int));
+void ccp_input __P((int unit, u_char *pkt, int len));
+void ccp_protrej __P((int unit));
+int  ccp_printpkt __P((u_char *pkt, int len,
+			  void (*printer) __P((void *, char *, ...)),
+			  void *arg));
+void ccp_datainput __P((int unit, u_char *pkt, int len));
diff --git a/usr.sbin/pppd/chap.c b/usr.sbin/pppd/chap.c
new file mode 100644
index 00000000000..fb3cfd28878
--- /dev/null
+++ b/usr.sbin/pppd/chap.c
@@ -0,0 +1,805 @@
+/*
+ * chap.c - Crytographic Handshake Authentication Protocol.
+ *
+ * Copyright (c) 1991 Gregory M. Christy.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Gregory M. Christy.  The name of the author may not be used to
+ * endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: chap.c,v 1.1 1995/10/18 08:47:58 deraadt Exp $";
+#endif
+
+/*
+ * TODO:
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <syslog.h>
+
+#include "pppd.h"
+#include "chap.h"
+#include "md5.h"
+
+chap_state chap[NUM_PPP];		/* CHAP state; one for each unit */
+
+static void ChapChallengeTimeout __P((caddr_t));
+static void ChapResponseTimeout __P((caddr_t));
+static void ChapReceiveChallenge __P((chap_state *, u_char *, int, int));
+static void ChapReceiveResponse __P((chap_state *, u_char *, int, int));
+static void ChapReceiveSuccess __P((chap_state *, u_char *, int, int));
+static void ChapReceiveFailure __P((chap_state *, u_char *, int, int));
+static void ChapSendStatus __P((chap_state *, int));
+static void ChapSendChallenge __P((chap_state *));
+static void ChapSendResponse __P((chap_state *));
+static void ChapGenChallenge __P((chap_state *));
+
+extern double drand48 __P((void));
+extern void srand48 __P((long));
+
+/*
+ * ChapInit - Initialize a CHAP unit.
+ */
+void
+ChapInit(unit)
+    int unit;
+{
+    chap_state *cstate = &chap[unit];
+
+    BZERO(cstate, sizeof(*cstate));
+    cstate->unit = unit;
+    cstate->clientstate = CHAPCS_INITIAL;
+    cstate->serverstate = CHAPSS_INITIAL;
+    cstate->timeouttime = CHAP_DEFTIMEOUT;
+    cstate->max_transmits = CHAP_DEFTRANSMITS;
+    /* random number generator is initialized in magic_init */
+}
+
+
+/*
+ * ChapAuthWithPeer - Authenticate us with our peer (start client).
+ *
+ */
+void
+ChapAuthWithPeer(unit, our_name, digest)
+    int unit;
+    char *our_name;
+    int digest;
+{
+    chap_state *cstate = &chap[unit];
+
+    cstate->resp_name = our_name;
+    cstate->resp_type = digest;
+
+    if (cstate->clientstate == CHAPCS_INITIAL ||
+	cstate->clientstate == CHAPCS_PENDING) {
+	/* lower layer isn't up - wait until later */
+	cstate->clientstate = CHAPCS_PENDING;
+	return;
+    }
+
+    /*
+     * We get here as a result of LCP coming up.
+     * So even if CHAP was open before, we will 
+     * have to re-authenticate ourselves.
+     */
+    cstate->clientstate = CHAPCS_LISTEN;
+}
+
+
+/*
+ * ChapAuthPeer - Authenticate our peer (start server).
+ */
+void
+ChapAuthPeer(unit, our_name, digest)
+    int unit;
+    char *our_name;
+    int digest;
+{
+    chap_state *cstate = &chap[unit];
+  
+    cstate->chal_name = our_name;
+    cstate->chal_type = digest;
+
+    if (cstate->serverstate == CHAPSS_INITIAL ||
+	cstate->serverstate == CHAPSS_PENDING) {
+	/* lower layer isn't up - wait until later */
+	cstate->serverstate = CHAPSS_PENDING;
+	return;
+    }
+
+    ChapGenChallenge(cstate);
+    ChapSendChallenge(cstate);		/* crank it up dude! */
+    cstate->serverstate = CHAPSS_INITIAL_CHAL;
+}
+
+
+/*
+ * ChapChallengeTimeout - Timeout expired on sending challenge.
+ */
+static void
+ChapChallengeTimeout(arg)
+    caddr_t arg;
+{
+    chap_state *cstate = (chap_state *) arg;
+  
+    /* if we aren't sending challenges, don't worry.  then again we */
+    /* probably shouldn't be here either */
+    if (cstate->serverstate != CHAPSS_INITIAL_CHAL &&
+	cstate->serverstate != CHAPSS_RECHALLENGE)
+	return;
+
+    if (cstate->chal_transmits >= cstate->max_transmits) {
+	/* give up on peer */
+	syslog(LOG_ERR, "Peer failed to respond to CHAP challenge");
+	cstate->serverstate = CHAPSS_BADAUTH;
+	auth_peer_fail(cstate->unit, PPP_CHAP);
+	return;
+    }
+
+    ChapSendChallenge(cstate);		/* Re-send challenge */
+}
+
+
+/*
+ * ChapResponseTimeout - Timeout expired on sending response.
+ */
+static void
+ChapResponseTimeout(arg)
+    caddr_t arg;
+{
+    chap_state *cstate = (chap_state *) arg;
+
+    /* if we aren't sending a response, don't worry. */
+    if (cstate->clientstate != CHAPCS_RESPONSE)
+	return;
+
+    ChapSendResponse(cstate);		/* re-send response */
+}
+
+
+/*
+ * ChapRechallenge - Time to challenge the peer again.
+ */
+static void
+ChapRechallenge(arg)
+    caddr_t arg;
+{
+    chap_state *cstate = (chap_state *) arg;
+
+    /* if we aren't sending a response, don't worry. */
+    if (cstate->serverstate != CHAPSS_OPEN)
+	return;
+
+    ChapGenChallenge(cstate);
+    ChapSendChallenge(cstate);
+    cstate->serverstate = CHAPSS_RECHALLENGE;
+}
+
+
+/*
+ * ChapLowerUp - The lower layer is up.
+ *
+ * Start up if we have pending requests.
+ */
+void
+ChapLowerUp(unit)
+    int unit;
+{
+    chap_state *cstate = &chap[unit];
+  
+    if (cstate->clientstate == CHAPCS_INITIAL)
+	cstate->clientstate = CHAPCS_CLOSED;
+    else if (cstate->clientstate == CHAPCS_PENDING)
+	cstate->clientstate = CHAPCS_LISTEN;
+
+    if (cstate->serverstate == CHAPSS_INITIAL)
+	cstate->serverstate = CHAPSS_CLOSED;
+    else if (cstate->serverstate == CHAPSS_PENDING) {
+	ChapGenChallenge(cstate);
+	ChapSendChallenge(cstate);
+	cstate->serverstate = CHAPSS_INITIAL_CHAL;
+    }
+}
+
+
+/*
+ * ChapLowerDown - The lower layer is down.
+ *
+ * Cancel all timeouts.
+ */
+void
+ChapLowerDown(unit)
+    int unit;
+{
+    chap_state *cstate = &chap[unit];
+  
+    /* Timeout(s) pending?  Cancel if so. */
+    if (cstate->serverstate == CHAPSS_INITIAL_CHAL ||
+	cstate->serverstate == CHAPSS_RECHALLENGE)
+	UNTIMEOUT(ChapChallengeTimeout, (caddr_t) cstate);
+    else if (cstate->serverstate == CHAPSS_OPEN
+	     && cstate->chal_interval != 0)
+	UNTIMEOUT(ChapRechallenge, (caddr_t) cstate);
+    if (cstate->clientstate == CHAPCS_RESPONSE)
+	UNTIMEOUT(ChapResponseTimeout, (caddr_t) cstate);
+
+    cstate->clientstate = CHAPCS_INITIAL;
+    cstate->serverstate = CHAPSS_INITIAL;
+}
+
+
+/*
+ * ChapProtocolReject - Peer doesn't grok CHAP.
+ */
+void
+ChapProtocolReject(unit)
+    int unit;
+{
+    chap_state *cstate = &chap[unit];
+
+    if (cstate->serverstate != CHAPSS_INITIAL &&
+	cstate->serverstate != CHAPSS_CLOSED)
+	auth_peer_fail(unit, PPP_CHAP);
+    if (cstate->clientstate != CHAPCS_INITIAL &&
+	cstate->clientstate != CHAPCS_CLOSED)
+	auth_withpeer_fail(unit, PPP_CHAP);
+    ChapLowerDown(unit);		/* shutdown chap */
+}
+
+
+/*
+ * ChapInput - Input CHAP packet.
+ */
+void
+ChapInput(unit, inpacket, packet_len)
+    int unit;
+    u_char *inpacket;
+    int packet_len;
+{
+    chap_state *cstate = &chap[unit];
+    u_char *inp;
+    u_char code, id;
+    int len;
+  
+    /*
+     * Parse header (code, id and length).
+     * If packet too short, drop it.
+     */
+    inp = inpacket;
+    if (packet_len < CHAP_HEADERLEN) {
+	CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short header."));
+	return;
+    }
+    GETCHAR(code, inp);
+    GETCHAR(id, inp);
+    GETSHORT(len, inp);
+    if (len < CHAP_HEADERLEN) {
+	CHAPDEBUG((LOG_INFO, "ChapInput: rcvd illegal length."));
+	return;
+    }
+    if (len > packet_len) {
+	CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short packet."));
+	return;
+    }
+    len -= CHAP_HEADERLEN;
+  
+    /*
+     * Action depends on code (as in fact it usually does :-).
+     */
+    switch (code) {
+    case CHAP_CHALLENGE:
+	ChapReceiveChallenge(cstate, inp, id, len);
+	break;
+    
+    case CHAP_RESPONSE:
+	ChapReceiveResponse(cstate, inp, id, len);
+	break;
+    
+    case CHAP_FAILURE:
+	ChapReceiveFailure(cstate, inp, id, len);
+	break;
+
+    case CHAP_SUCCESS:
+	ChapReceiveSuccess(cstate, inp, id, len);
+	break;
+
+    default:				/* Need code reject? */
+	syslog(LOG_WARNING, "Unknown CHAP code (%d) received.", code);
+	break;
+    }
+}
+
+
+/*
+ * ChapReceiveChallenge - Receive Challenge and send Response.
+ */
+static void
+ChapReceiveChallenge(cstate, inp, id, len)
+    chap_state *cstate;
+    u_char *inp;
+    int id;
+    int len;
+{
+    int rchallenge_len;
+    u_char *rchallenge;
+    int secret_len;
+    char secret[MAXSECRETLEN];
+    char rhostname[256];
+    MD5_CTX mdContext;
+ 
+    CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: Rcvd id %d.", id));
+    if (cstate->clientstate == CHAPCS_CLOSED ||
+	cstate->clientstate == CHAPCS_PENDING) {
+	CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: in state %d",
+		   cstate->clientstate));
+	return;
+    }
+
+    if (len < 2) {
+	CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet."));
+	return;
+    }
+
+    GETCHAR(rchallenge_len, inp);
+    len -= sizeof (u_char) + rchallenge_len;	/* now name field length */
+    if (len < 0) {
+	CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet."));
+	return;
+    }
+    rchallenge = inp;
+    INCPTR(rchallenge_len, inp);
+
+    if (len >= sizeof(rhostname))
+	len = sizeof(rhostname) - 1;
+    BCOPY(inp, rhostname, len);
+    rhostname[len] = '\000';
+
+    CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: received name field: %s",
+	       rhostname));
+
+    /* get secret for authenticating ourselves with the specified host */
+    if (!get_secret(cstate->unit, cstate->resp_name, rhostname,
+		    secret, &secret_len, 0)) {
+	secret_len = 0;		/* assume null secret if can't find one */
+	syslog(LOG_WARNING, "No CHAP secret found for authenticating us to %s",
+	       rhostname);
+    }
+
+    /* cancel response send timeout if necessary */
+    if (cstate->clientstate == CHAPCS_RESPONSE)
+	UNTIMEOUT(ChapResponseTimeout, (caddr_t) cstate);
+
+    cstate->resp_id = id;
+    cstate->resp_transmits = 0;
+
+    /*  generate MD based on negotiated type */
+    switch (cstate->resp_type) { 
+
+    case CHAP_DIGEST_MD5:		/* only MD5 is defined for now */
+	MD5Init(&mdContext);
+	MD5Update(&mdContext, &cstate->resp_id, 1);
+	MD5Update(&mdContext, secret, secret_len);
+	MD5Update(&mdContext, rchallenge, rchallenge_len);
+	MD5Final(&mdContext);
+	BCOPY(mdContext.digest, cstate->response, MD5_SIGNATURE_SIZE);
+	cstate->resp_length = MD5_SIGNATURE_SIZE;
+	break;
+
+    default:
+	CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->resp_type));
+	return;
+    }
+
+    ChapSendResponse(cstate);
+}
+
+
+/*
+ * ChapReceiveResponse - Receive and process response.
+ */
+static void
+ChapReceiveResponse(cstate, inp, id, len)
+    chap_state *cstate;
+    u_char *inp;
+    int id;
+    int len;
+{
+    u_char *remmd, remmd_len;
+    int secret_len, old_state;
+    int code;
+    char rhostname[256];
+    u_char buf[256];
+    MD5_CTX mdContext;
+    u_char msg[256];
+    char secret[MAXSECRETLEN];
+
+    CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: Rcvd id %d.", id));
+
+    if (cstate->serverstate == CHAPSS_CLOSED ||
+	cstate->serverstate == CHAPSS_PENDING) {
+	CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: in state %d",
+		   cstate->serverstate));
+	return;
+    }
+
+    if (id != cstate->chal_id)
+	return;			/* doesn't match ID of last challenge */
+
+    /*
+     * If we have received a duplicate or bogus Response,
+     * we have to send the same answer (Success/Failure)
+     * as we did for the first Response we saw.
+     */
+    if (cstate->serverstate == CHAPSS_OPEN) {
+	ChapSendStatus(cstate, CHAP_SUCCESS);
+	return;
+    }
+    if (cstate->serverstate == CHAPSS_BADAUTH) {
+	ChapSendStatus(cstate, CHAP_FAILURE);
+	return;
+    }
+
+    if (len < 2) {
+	CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet."));
+	return;
+    }
+    GETCHAR(remmd_len, inp);		/* get length of MD */
+    remmd = inp;			/* get pointer to MD */
+    INCPTR(remmd_len, inp);
+
+    len -= sizeof (u_char) + remmd_len;
+    if (len < 0) {
+	CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet."));
+	return;
+    }
+
+    UNTIMEOUT(ChapChallengeTimeout, (caddr_t) cstate);
+
+    if (len >= sizeof(rhostname))
+	len = sizeof(rhostname) - 1;
+    BCOPY(inp, rhostname, len);
+    rhostname[len] = '\000';
+
+    CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: received name field: %s",
+	       rhostname));
+
+    /*
+     * Get secret for authenticating them with us,
+     * do the hash ourselves, and compare the result.
+     */
+    code = CHAP_FAILURE;
+    if (!get_secret(cstate->unit, rhostname, cstate->chal_name,
+		   secret, &secret_len, 1)) {
+	syslog(LOG_WARNING, "No CHAP secret found for authenticating %s",
+	       rhostname);
+    } else {
+
+	/*  generate MD based on negotiated type */
+	switch (cstate->chal_type) { 
+
+	case CHAP_DIGEST_MD5:		/* only MD5 is defined for now */
+	    if (remmd_len != MD5_SIGNATURE_SIZE)
+		break;			/* it's not even the right length */
+	    MD5Init(&mdContext);
+	    MD5Update(&mdContext, &cstate->chal_id, 1);
+	    MD5Update(&mdContext, secret, secret_len);
+	    MD5Update(&mdContext, cstate->challenge, cstate->chal_len);
+	    MD5Final(&mdContext); 
+
+	    /* compare local and remote MDs and send the appropriate status */
+	    if (memcmp (mdContext.digest, remmd, MD5_SIGNATURE_SIZE) == 0)
+		code = CHAP_SUCCESS;	/* they are the same! */
+	    break;
+
+	default:
+	    CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->chal_type));
+	}
+    }
+
+    ChapSendStatus(cstate, code);
+
+    if (code == CHAP_SUCCESS) {
+	old_state = cstate->serverstate;
+	cstate->serverstate = CHAPSS_OPEN;
+	if (old_state == CHAPSS_INITIAL_CHAL) {
+	    auth_peer_success(cstate->unit, PPP_CHAP);
+	}
+	if (cstate->chal_interval != 0)
+	    TIMEOUT(ChapRechallenge, (caddr_t) cstate, cstate->chal_interval);
+
+    } else {
+	syslog(LOG_ERR, "CHAP peer authentication failed");
+	cstate->serverstate = CHAPSS_BADAUTH;
+	auth_peer_fail(cstate->unit, PPP_CHAP);
+    }
+}
+
+/*
+ * ChapReceiveSuccess - Receive Success
+ */
+static void
+ChapReceiveSuccess(cstate, inp, id, len)
+    chap_state *cstate;
+    u_char *inp;
+    u_char id;
+    int len;
+{
+
+    CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: Rcvd id %d.", id));
+
+    if (cstate->clientstate == CHAPCS_OPEN)
+	/* presumably an answer to a duplicate response */
+	return;
+
+    if (cstate->clientstate != CHAPCS_RESPONSE) {
+	/* don't know what this is */
+	CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: in state %d\n",
+		   cstate->clientstate));
+	return;
+    }
+
+    UNTIMEOUT(ChapResponseTimeout, (caddr_t) cstate);
+
+    /*
+     * Print message.
+     */
+    if (len > 0)
+	PRINTMSG(inp, len);
+
+    cstate->clientstate = CHAPCS_OPEN;
+
+    auth_withpeer_success(cstate->unit, PPP_CHAP);
+}
+
+
+/*
+ * ChapReceiveFailure - Receive failure.
+ */
+static void
+ChapReceiveFailure(cstate, inp, id, len)
+    chap_state *cstate;
+    u_char *inp;
+    u_char id;
+    int len;
+{
+    u_char msglen;
+    u_char *msg;
+  
+    CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: Rcvd id %d.", id));
+
+    if (cstate->clientstate != CHAPCS_RESPONSE) {
+	/* don't know what this is */
+	CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: in state %d\n",
+		   cstate->clientstate));
+	return;
+    }
+
+    UNTIMEOUT(ChapResponseTimeout, (caddr_t) cstate);
+
+    /*
+     * Print message.
+     */
+    if (len > 0)
+	PRINTMSG(inp, len);
+
+    syslog(LOG_ERR, "CHAP authentication failed");
+    auth_withpeer_fail(cstate->unit, PPP_CHAP);
+}
+
+
+/*
+ * ChapSendChallenge - Send an Authenticate challenge.
+ */
+static void
+ChapSendChallenge(cstate)
+    chap_state *cstate;
+{
+    u_char *outp;
+    int chal_len, name_len;
+    int outlen;
+
+    chal_len = cstate->chal_len;
+    name_len = strlen(cstate->chal_name);
+    outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len;
+    outp = outpacket_buf;
+
+    MAKEHEADER(outp, PPP_CHAP);		/* paste in a CHAP header */
+
+    PUTCHAR(CHAP_CHALLENGE, outp);
+    PUTCHAR(cstate->chal_id, outp);
+    PUTSHORT(outlen, outp);
+
+    PUTCHAR(chal_len, outp);		/* put length of challenge */
+    BCOPY(cstate->challenge, outp, chal_len);
+    INCPTR(chal_len, outp);
+
+    BCOPY(cstate->chal_name, outp, name_len);	/* append hostname */
+
+    output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
+  
+    CHAPDEBUG((LOG_INFO, "ChapSendChallenge: Sent id %d.", cstate->chal_id));
+
+    TIMEOUT(ChapChallengeTimeout, (caddr_t) cstate, cstate->timeouttime);
+    ++cstate->chal_transmits;
+}
+
+
+/*
+ * ChapSendStatus - Send a status response (ack or nak).
+ */
+static void
+ChapSendStatus(cstate, code)
+    chap_state *cstate;
+    int code;
+{
+    u_char *outp;
+    int outlen, msglen;
+    char msg[256];
+
+    if (code == CHAP_SUCCESS)
+	sprintf(msg, "Welcome to %s.", hostname);
+    else
+	sprintf(msg, "I don't like you.  Go 'way.");
+    msglen = strlen(msg);
+
+    outlen = CHAP_HEADERLEN + msglen;
+    outp = outpacket_buf;
+
+    MAKEHEADER(outp, PPP_CHAP);	/* paste in a header */
+  
+    PUTCHAR(code, outp);
+    PUTCHAR(cstate->chal_id, outp);
+    PUTSHORT(outlen, outp);
+    BCOPY(msg, outp, msglen);
+    output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
+  
+    CHAPDEBUG((LOG_INFO, "ChapSendStatus: Sent code %d, id %d.", code,
+	       cstate->chal_id));
+}
+
+/*
+ * ChapGenChallenge is used to generate a pseudo-random challenge string of
+ * a pseudo-random length between min_len and max_len.  The challenge
+ * string and its length are stored in *cstate, and various other fields of
+ * *cstate are initialized.
+ */
+
+static void
+ChapGenChallenge(cstate)
+    chap_state *cstate;
+{
+    int chal_len;
+    u_char *ptr = cstate->challenge;
+    unsigned int i;
+
+    /* pick a random challenge length between MIN_CHALLENGE_LENGTH and 
+       MAX_CHALLENGE_LENGTH */  
+    chal_len =  (unsigned) ((drand48() *
+			     (MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) +
+			    MIN_CHALLENGE_LENGTH);
+    cstate->chal_len = chal_len;
+    cstate->chal_id = ++cstate->id;
+    cstate->chal_transmits = 0;
+
+    /* generate a random string */
+    for (i = 0; i < chal_len; i++ )
+	*ptr++ = (char) (drand48() * 0xff);
+}
+
+/*
+ * ChapSendResponse - send a response packet with values as specified
+ * in *cstate.
+ */
+/* ARGSUSED */
+static void
+ChapSendResponse(cstate)
+    chap_state *cstate;
+{
+    u_char *outp;
+    int outlen, md_len, name_len;
+
+    md_len = cstate->resp_length;
+    name_len = strlen(cstate->resp_name);
+    outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len;
+    outp = outpacket_buf;
+
+    MAKEHEADER(outp, PPP_CHAP);
+
+    PUTCHAR(CHAP_RESPONSE, outp);	/* we are a response */
+    PUTCHAR(cstate->resp_id, outp);	/* copy id from challenge packet */
+    PUTSHORT(outlen, outp);		/* packet length */
+
+    PUTCHAR(md_len, outp);		/* length of MD */
+    BCOPY(cstate->response, outp, md_len);	/* copy MD to buffer */
+    INCPTR(md_len, outp);
+
+    BCOPY(cstate->resp_name, outp, name_len); /* append our name */
+
+    /* send the packet */
+    output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
+
+    cstate->clientstate = CHAPCS_RESPONSE;
+    TIMEOUT(ChapResponseTimeout, (caddr_t) cstate, cstate->timeouttime);
+    ++cstate->resp_transmits;
+}
+
+/*
+ * ChapPrintPkt - print the contents of a CHAP packet.
+ */
+char *ChapCodenames[] = {
+    "Challenge", "Response", "Success", "Failure"
+};
+
+int
+ChapPrintPkt(p, plen, printer, arg)
+    u_char *p;
+    int plen;
+    void (*printer) __P((void *, char *, ...));
+    void *arg;
+{
+    int code, id, len;
+    int clen, nlen;
+    u_char x;
+
+    if (plen < CHAP_HEADERLEN)
+	return 0;
+    GETCHAR(code, p);
+    GETCHAR(id, p);
+    GETSHORT(len, p);
+    if (len < CHAP_HEADERLEN || len > plen)
+	return 0;
+
+    if (code >= 1 && code <= sizeof(ChapCodenames) / sizeof(char *))
+	printer(arg, " %s", ChapCodenames[code-1]);
+    else
+	printer(arg, " code=0x%x", code);
+    printer(arg, " id=0x%x", id);
+    len -= CHAP_HEADERLEN;
+    switch (code) {
+    case CHAP_CHALLENGE:
+    case CHAP_RESPONSE:
+	if (len < 1)
+	    break;
+	clen = p[0];
+	if (len < clen + 1)
+	    break;
+	++p;
+	nlen = len - clen - 1;
+	printer(arg, " <");
+	for (; clen > 0; --clen) {
+	    GETCHAR(x, p);
+	    printer(arg, "%.2x", x);
+	}
+	printer(arg, ">, name = ");
+	print_string((char *)p, nlen, printer, arg);
+	break;
+    case CHAP_FAILURE:
+    case CHAP_SUCCESS:
+	printer(arg, " ");
+	print_string((char *)p, len, printer, arg);
+	break;
+    default:
+	for (clen = len; clen > 0; --clen) {
+	    GETCHAR(x, p);
+	    printer(arg, " %.2x", x);
+	}
+    }
+
+    return len + CHAP_HEADERLEN;
+}
diff --git a/usr.sbin/pppd/chap.h b/usr.sbin/pppd/chap.h
new file mode 100644
index 00000000000..c6c53bd8360
--- /dev/null
+++ b/usr.sbin/pppd/chap.h
@@ -0,0 +1,112 @@
+/*
+ * chap.h - Cryptographic Handshake Authentication Protocol definitions.
+ *
+ * Copyright (c) 1991 Gregory M. Christy
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the author.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * $Id: chap.h,v 1.1 1995/10/18 08:47:58 deraadt Exp $
+ */
+
+#ifndef __CHAP_INCLUDE__
+
+/* Code + ID + length */
+#define CHAP_HEADERLEN		4
+
+/*
+ * CHAP codes.
+ */
+
+#define CHAP_DIGEST_MD5		5	/* use MD5 algorithm */
+#define MD5_SIGNATURE_SIZE	16	/* 16 bytes in a MD5 message digest */
+
+#define CHAP_CHALLENGE		1
+#define CHAP_RESPONSE		2
+#define CHAP_SUCCESS		3
+#define CHAP_FAILURE    	4
+
+/*
+ *  Challenge lengths (for challenges we send) and other limits.
+ */
+#define MIN_CHALLENGE_LENGTH	32
+#define MAX_CHALLENGE_LENGTH	64
+#define MAX_RESPONSE_LENGTH	16	/* sufficient for MD5 */
+
+/*
+ * Each interface is described by a chap structure.
+ */
+
+typedef struct chap_state {
+    int unit;			/* Interface unit number */
+    int clientstate;		/* Client state */
+    int serverstate;		/* Server state */
+    u_char challenge[MAX_CHALLENGE_LENGTH]; /* last challenge string sent */
+    u_char chal_len;		/* challenge length */
+    u_char chal_id;		/* ID of last challenge */
+    u_char chal_type;		/* hash algorithm for challenges */
+    u_char id;			/* Current id */
+    char *chal_name;		/* Our name to use with challenge */
+    int chal_interval;		/* Time until we challenge peer again */
+    int timeouttime;		/* Timeout time in seconds */
+    int max_transmits;		/* Maximum # of challenge transmissions */
+    int chal_transmits;		/* Number of transmissions of challenge */
+    int resp_transmits;		/* Number of transmissions of response */
+    u_char response[MAX_RESPONSE_LENGTH];	/* Response to send */
+    u_char resp_length;		/* length of response */
+    u_char resp_id;		/* ID for response messages */
+    u_char resp_type;		/* hash algorithm for responses */
+    char *resp_name;		/* Our name to send with response */
+} chap_state;
+
+
+/*
+ * Client (peer) states.
+ */
+#define CHAPCS_INITIAL		0	/* Lower layer down, not opened */
+#define CHAPCS_CLOSED		1	/* Lower layer up, not opened */
+#define CHAPCS_PENDING		2	/* Auth us to peer when lower up */
+#define CHAPCS_LISTEN		3	/* Listening for a challenge */
+#define CHAPCS_RESPONSE		4	/* Sent response, waiting for status */
+#define CHAPCS_OPEN		5	/* We've received Success */
+
+/*
+ * Server (authenticator) states.
+ */
+#define CHAPSS_INITIAL		0	/* Lower layer down, not opened */
+#define CHAPSS_CLOSED		1	/* Lower layer up, not opened */
+#define CHAPSS_PENDING		2	/* Auth peer when lower up */
+#define CHAPSS_INITIAL_CHAL	3	/* We've sent the first challenge */
+#define CHAPSS_OPEN		4	/* We've sent a Success msg */
+#define CHAPSS_RECHALLENGE	5	/* We've sent another challenge */
+#define CHAPSS_BADAUTH		6	/* We've sent a Failure msg */
+
+/*
+ * Timeouts.
+ */
+#define CHAP_DEFTIMEOUT		3	/* Timeout time in seconds */
+#define CHAP_DEFTRANSMITS	10	/* max # times to send challenge */
+
+extern chap_state chap[];
+
+void ChapInit __P((int));
+void ChapAuthWithPeer __P((int, char *, int));
+void ChapAuthPeer __P((int, char *, int));
+void ChapLowerUp __P((int));
+void ChapLowerDown __P((int));
+void ChapInput __P((int, u_char *, int));
+void ChapProtocolReject __P((int));
+int  ChapPrintPkt __P((u_char *, int,
+		       void (*) __P((void *, char *, ...)), void *));
+
+#define __CHAP_INCLUDE__
+#endif /* __CHAP_INCLUDE__ */
diff --git a/usr.sbin/pppd/chat/Makefile b/usr.sbin/pppd/chat/Makefile
new file mode 100644
index 00000000000..2e040b6e3ae
--- /dev/null
+++ b/usr.sbin/pppd/chat/Makefile
@@ -0,0 +1,8 @@
+#	$Id: Makefile,v 1.1.1.1 1995/10/18 08:48:00 deraadt Exp $
+
+PROG=	chat
+SRCS=	chat.c
+MAN=	chat.8
+BINDIR=	/usr/sbin
+
+.include <bsd.prog.mk>
diff --git a/usr.sbin/pppd/chat/chat.8 b/usr.sbin/pppd/chat/chat.8
new file mode 100644
index 00000000000..aa42d2cff3b
--- /dev/null
+++ b/usr.sbin/pppd/chat/chat.8
@@ -0,0 +1,309 @@
+.\" -*- nroff -*-
+.\" manual page [] for chat 1.8
+.\" $Id: chat.8,v 1.1 1995/10/18 08:48:00 deraadt Exp $
+.\" SH section heading
+.\" SS subsection heading
+.\" LP paragraph
+.\" IP indented paragraph
+.\" TP hanging label
+.TH CHAT 8 "5 May 1995" "Chat Version 1.9"
+.SH NAME
+chat \- Automated conversational script with a modem
+.SH SYNOPSIS
+.B chat
+[
+.I options
+]
+.I script
+.SH DESCRIPTION
+.LP
+The \fIchat\fR program defines a conversational exchange between the
+computer and the modem. Its primary purpose is to establish the
+connection between the Point-to-Point Protocol Daemon (\fIpppd\fR) and
+the remote's \fIpppd\fR process.
+.SH OPTIONS
+.TP
+.B -f \fI<chat file>
+Read the chat script from the chat \fIfile\fR. The use of this option
+is mutually exclusive with the chat script parameters. The user must
+have read access to the file. Multiple lines are permitted in the
+file. Space or horizontal tab characters should be used to separate
+the strings.
+.TP
+.B -t \fI<timeout>
+Set the timeout for the expected string to be received. If the string
+is not received within the time limit then the reply string is not
+sent. An alternate reply may be sent or the script will fail if there
+is no alternate reply string. A failed script will cause the
+\fIchat\fR program to terminate with a non-zero error code.
+.TP
+.B -r \fI<report file>
+Set the file for output of the report strings. If you use the keyword
+\fIREPORT\fR, the resulting strings are written to this file. If this
+option is not used and you still use \fIREPORT\fR keywords, the
+\fIstderr\fR file is used for the report strings.
+.TP
+.B -v
+Request that the \fIchat\fR script be executed in a verbose mode. The
+\fIchat\fR program will then log all text received from the modem and
+the output strings which it sends to the SYSLOG.
+.TP
+.B script
+If the script is not specified in a file with the \fI-f\fR option then
+the script is included as parameters to the \fIchat\fR program.
+.SH CHAT SCRIPT
+.LP
+The \fIchat\fR script defines the communications.
+.LP
+A script consists of one or more "expect-send" pairs of strings,
+separated by spaces, with an optional "subexpect-subsend" string pair,
+separated by a dash as in the following example:
+.IP
+ogin:-BREAK-ogin: ppp ssword: hello2u2
+.LP
+This line indicates that the \fIchat\fR program should expect the string
+"ogin:". If it fails to receive a login prompt within the time interval
+allotted, it is to send a break sequence to the remote and then expect the
+string "ogin:". If the first "ogin:" is received then the break sequence is
+not generated.
+.LP
+Once it received the login prompt the \fIchat\fR program will send the
+string ppp and then expect the prompt "ssword:". When it receives the
+prompt for the password, it will send the password hello2u2.
+.LP
+A carriage return is normally sent following the reply string. It is not
+expected in the "expect" string unless it is specifically requested by using
+the \\r character sequence.
+.LP
+The expect sequence should contain only what is needed to identify the
+string. Since it is normally stored on a disk file, it should not contain
+variable information. It is generally not acceptable to look for time
+strings, network identification strings, or other variable pieces of data as
+an expect string.
+.LP
+To help correct for characters which may be corrupted during the initial
+sequence, look for the string "ogin:" rather than "login:". It is possible
+that the leading "l" character may be received in error and you may never
+find the string even though it was sent by the system. For this reason,
+scripts look for "ogin:" rather than "login:" and "ssword:" rather than
+"password:".
+.LP
+A very simple script might look like this:
+.IP
+ogin: ppp ssword: hello2u2
+.LP
+In other words, expect ....ogin:, send ppp, expect ...ssword:, send hello2u2.
+.LP
+In actual practice, simple scripts are rare. At the vary least, you
+should include sub-expect sequences should the original string not be
+received. For example, consider the following script:
+.IP
+ogin:--ogin: ppp ssowrd: hello2u2
+.LP
+This would be a better script than the simple one used earlier. This would look
+for the same login: prompt, however, if one was not received, a single
+return sequence is sent and then it will look for login: again. Should line
+noise obscure the first login prompt then sending the empty line will
+usually generate a login prompt again.
+.SH ABORT STRINGS
+Many modems will report the status of the call as a string. These
+strings may be \fBCONNECTED\fR or \fBNO CARRIER\fR or \fBBUSY\fR. It
+is often desirable to terminate the script should the modem fail to
+connect to the remote. The difficulty is that a script would not know
+exactly which modem string it may receive. On one attempt, it may
+receive \fBBUSY\fR while the next time it may receive \fBNO CARRIER\fR.
+.LP
+These "abort" strings may be specified in the script using the \fIABORT\fR
+sequence. It is written in the script as in the following example:
+.IP
+ABORT BUSY ABORT 'NO CARRIER' '' ATZ OK ATDT5551212 CONNECT
+.LP
+This sequence will expect nothing; and then send the string ATZ. The
+expected response to this is the string \fIOK\fR. When it receives \fIOK\fR,
+the string ATDT5551212 to dial the telephone. The expected string is
+\fICONNECT\fR. If the string \fICONNECT\fR is received the remainder of the
+script is executed. However, should the modem find a busy telephone, it will
+send the string \fIBUSY\fR. This will cause the string to match the abort
+character sequence. The script will then fail because it found a match to
+the abort string. If it received the string \fINO CARRIER\fR, it will abort
+for the same reason. Either string may be received. Either string will
+terminate the \fIchat\fR script.
+
+.SH REPORT STRINGS
+A \fBreport\fR string is similar to the ABORT string. The difference
+is that the strings, and all characters to the next control character
+such as a carriage return, are written to the report file.
+.LP
+The report strings may be used to isolate the transmission rate of the
+modem's connect string and return the value to the chat user. The
+analysis of the report string logic occurs in conjunction with the
+other string processing such as looking for the expect string. The use
+of the same string for a report and abort sequence is probably not
+very useful, however, it is possible.
+.LP
+The report strings to no change the completion code of the program.
+.LP
+These "report" strings may be specified in the script using the \fIREPORT\fR
+sequence. It is written in the script as in the following example:
+.IP
+REPORT CONNECT ABORT BUSY '' ATDT5551212 CONNECT '' ogin: account
+.LP
+This sequence will expect nothing; and then send the string
+ATDT5551212 to dial the telephone. The expected string is
+\fICONNECT\fR. If the string \fICONNECT\fR is received the remainder
+of the script is executed. In addition the program will write to the
+expect-file the string "CONNECT" plus any characters which follow it
+such as the connection rate.
+.SH TIMEOUT
+The initial timeout value is 45 seconds. This may be changed using the \fB-t\fR
+parameter.
+.LP
+To change the timeout value for the next expect string, the following
+example may be used:
+.IP
+ATZ OK ATDT5551212 CONNECT TIMEOUT 10 ogin:--ogin: TIMEOUT 5 assowrd: hello2u2
+.LP
+This will change the timeout to 10 seconds when it expects the login:
+prompt. The timeout is then changed to 5 seconds when it looks for the
+password prompt.
+.LP
+The timeout, once changed, remains in effect until it is changed again.
+.SH SENDING EOT
+The special reply string of \fIEOT\fR indicates that the chat program
+should send an EOT character to the remote. This is normally the
+End-of-file character sequence. A return character is not sent
+following the EOT.
+.PR
+The EOT sequence may be embedded into the send string using the
+sequence \fI^D\fR.
+.SH GENERATING BREAK
+The special reply string of \fIBREAK\fR will cause a break condition
+to be sent. The break is a special signal on the transmitter. The
+normal processing on the receiver is to change the transmission rate.
+It may be used to cycle through the available transmission rates on
+the remote until you are able to receive a valid login prompt.
+.PR
+The break sequence may be embedded into the send string using the
+\fI\\K\fR sequence.
+.SH ESCAPE SEQUENCES
+The expect and reply strings may contain escape sequences. All of the
+sequences are legal in the reply string. Many are legal in the expect.
+Those which are not valid in the expect sequence are so indicated.
+.TP
+.B ''
+Expects or sends a null string. If you send a null string then it will still
+send the return character. This sequence may either be a pair of apostrophe
+or quote characters.
+.TP
+.B \\\\b
+represents a backspace character.
+.TP
+.B \\\\c
+Suppresses the newline at the end of the reply string. This is the only
+method to send a string without a trailing return character. It must
+be at the end of the send string. For example,
+the sequence hello\\c will simply send the characters h, e, l, l, o.
+.I (not valid in expect.)
+.TP
+.B \\\\d
+Delay for one second. The program uses sleep(1) which will delay to a
+maximum of one second.
+.I (not valid in expect.)
+.TP
+.B \\\\K
+Insert a BREAK
+.I (not valid in expect.)
+.TP
+.B \\\\n
+Send a newline or linefeed character.
+.TP
+.B \\\\N
+Send a null character. The same sequence may be represented by \\0.
+.I (not valid in expect.)
+.TP
+.B \\\\p
+Pause for a fraction of a second. The delay is 1/10th of a second.
+.I (not valid in expect.)
+.TP
+.B \\\\q
+Suppress writing the string to the SYSLOG file. The string ?????? is
+written to the log in its place.
+.I (not valid in expect.)
+.TP
+.B \\\\r
+Send or expect a carriage return.
+.TP
+.B \\\\s
+Represents a space character in the string. This may be used when it
+is not desirable to quote the strings which contains spaces. The
+sequence 'HI TIM' and HI\\sTIM are the same.
+.TP
+.B \\\\t
+Send or expect a tab character.
+.TP
+.B \\\\\\\\
+Send or expect a backslash character.
+.TP
+.B \\\\ddd
+Collapse the octal digits (ddd) into a single ASCII character and send that
+character.
+.I (some characters are not valid in expect.)
+.TP
+.B \^^C
+Substitute the sequence with the control character represented by C.
+For example, the character DC1 (17) is shown as \^^Q.
+.I (some characters are not valid in expect.)
+.SH TERMINATION CODES
+The \fIchat\fR program will terminate with the following completion
+codes.
+.TP
+.B 0
+The normal termination of the program. This indicates that the script
+was executed without error to the normal conclusion.
+.TP
+.B 1
+One or more of the parameters are invalid or an expect string was too
+large for the internal buffers. This indicates that the program as not
+properly executed.
+.TP
+.B 2
+An error occurred during the execution of the program. This may be due
+to a read or write operation failing for some reason or chat receiving
+a signal such as SIGINT.
+.TP
+.B 3
+A timeout event occurred when there was an \fIexpect\fR string without
+having a "-subsend" string. This may mean that you did not program the
+script correctly for the condition or that some unexpected event has
+occurred and the expected string could not be found.
+.TP
+.B 4
+The first string marked as an \fIABORT\fR condition occurred.
+.TP
+.B 5
+The second string marked as an \fIABORT\fR condition occurred.
+.TP
+.B 6
+The third string marked as an \fIABORT\fR condition occurred.
+.TP
+.B 7
+The fourth string marked as an \fIABORT\fR condition occurred.
+.TP
+.B ...
+The other termination codes are also strings marked as an \fIABORT\fR
+condition.
+.LP
+Using the termination code, it is possible to determine which event
+terminated the script. It is possible to decide if the string "BUSY"
+was received from the modem as opposed to "NO DIAL TONE". While the
+first event may be retried, the second will probably have little
+chance of succeeding during a retry.
+.SH SEE ALSO
+Additional information about \fIchat\fR scripts may be found with UUCP
+documentation. The \fIchat\fR script was taken from the ideas proposed
+by the scripts used by the \fIuucico\fR program.
+.LP
+uucico(1), uucp(1)
+.SH COPYRIGHT
+The \fIchat\fR program is in public domain. This is not the GNU public
+license. If it breaks then you get to keep both pieces.
diff --git a/usr.sbin/pppd/chat/chat.c b/usr.sbin/pppd/chat/chat.c
new file mode 100644
index 00000000000..a53bddcab25
--- /dev/null
+++ b/usr.sbin/pppd/chat/chat.c
@@ -0,0 +1,1349 @@
+/*
+ *	Chat -- a program for automatic session establishment (i.e. dial
+ *		the phone and log in).
+ *
+ * Standard termination codes:
+ *  0 - successful completion of the script
+ *  1 - invalid argument, expect string too large, etc.
+ *  2 - error on an I/O operation or fatal error condtion.
+ *  3 - timeout waiting for a simple string.
+ *  4 - the first string declared as "ABORT"
+ *  5 - the second string declared as "ABORT"
+ *  6 - ... and so on for successive ABORT strings.
+ *
+ *	This software is in the public domain.
+ *
+ *	Please send all bug reports, requests for information, etc. to:
+ *
+ *		Al Longyear (longyear@netcom.com)
+ *		(I was the last person to change this code.)
+ *
+ *      Added -r "report file" switch & REPORT keyword.
+ *              Robert Geer <bgeer@xmission.com>
+ *
+ *	The original author is:
+ *
+ *		Karl Fox <karl@MorningStar.Com>
+ *		Morning Star Technologies, Inc.
+ *		1760 Zollinger Road
+ *		Columbus, OH  43221
+ *		(614)451-1883
+ *
+ */
+
+static char rcsid[] = "$Id: chat.c,v 1.1 1995/10/18 08:48:00 deraadt Exp $";
+
+#include <stdio.h>
+#include <time.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <syslog.h>
+
+#ifndef TERMIO
+#undef	TERMIOS
+#define TERMIOS
+#endif
+
+#ifdef TERMIO
+#include <termio.h>
+#endif
+#ifdef TERMIOS
+#include <termios.h>
+#endif
+
+#define	STR_LEN	1024
+
+#ifndef SIGTYPE
+#define SIGTYPE void
+#endif
+
+#ifdef __STDC__
+#undef __P
+#define __P(x)	x
+#else
+#define __P(x)	()
+#define const
+#endif
+
+#ifndef O_NONBLOCK
+#define O_NONBLOCK	O_NDELAY
+#endif
+
+/*************** Micro getopt() *********************************************/
+#define	OPTION(c,v)	(_O&2&&**v?*(*v)++:!c||_O&4?0:(!(_O&1)&& \
+				(--c,++v),_O=4,c&&**v=='-'&&v[0][1]?*++*v=='-'\
+				&&!v[0][1]?(--c,++v,0):(_O=2,*(*v)++):0))
+#define	OPTARG(c,v)	(_O&2?**v||(++v,--c)?(_O=1,--c,*v++): \
+				(_O=4,(char*)0):(char*)0)
+#define	OPTONLYARG(c,v)	(_O&2&&**v?(_O=1,--c,*v++):(char*)0)
+#define	ARG(c,v)	(c?(--c,*v++):(char*)0)
+
+static int _O = 0;		/* Internal state */
+/*************** Micro getopt() *********************************************/
+
+char *program_name;
+
+#define	MAX_ABORTS		50
+#define	MAX_REPORTS		50
+#define	DEFAULT_CHAT_TIMEOUT	45
+
+int verbose       = 0;
+int quiet         = 0;
+int report        = 0;
+int exit_code     = 0;
+FILE* report_fp   = (FILE *) 0;
+char *report_file = (char *) 0;
+char *chat_file   = (char *) 0;
+int timeout       = DEFAULT_CHAT_TIMEOUT;
+
+int have_tty_parameters = 0;
+
+#ifdef TERMIO
+#define term_parms struct termio
+#define get_term_param(param) ioctl(0, TCGETA, param)
+#define set_term_param(param) ioctl(0, TCSETA, param)
+struct termio saved_tty_parameters;
+#endif
+
+#ifdef TERMIOS
+#define term_parms struct termios
+#define get_term_param(param) tcgetattr(0, param)
+#define set_term_param(param) tcsetattr(0, TCSANOW, param)
+struct termios saved_tty_parameters;
+#endif
+
+char *abort_string[MAX_ABORTS], *fail_reason = (char *)0,
+	fail_buffer[50];
+int n_aborts = 0, abort_next = 0, timeout_next = 0;
+
+char *report_string[MAX_REPORTS] ;
+char  report_buffer[50] ;
+int n_reports = 0, report_next = 0, report_gathering = 0 ; 
+
+void *dup_mem __P((void *b, size_t c));
+void *copy_of __P((char *s));
+void usage __P((void));
+void logf __P((const char *str));
+void logflush __P((void));
+void fatal __P((const char *msg));
+void sysfatal __P((const char *msg));
+SIGTYPE sigalrm __P((int signo));
+SIGTYPE sigint __P((int signo));
+SIGTYPE sigterm __P((int signo));
+SIGTYPE sighup __P((int signo));
+void unalarm __P((void));
+void init __P((void));
+void set_tty_parameters __P((void));
+void break_sequence __P((void));
+void terminate __P((int status));
+void do_file __P((char *chat_file));
+int  get_string __P((register char *string));
+int  put_string __P((register char *s));
+int  write_char __P((int c));
+int  put_char __P((int c));
+int  get_char __P((void));
+void chat_send __P((register char *s));
+char *character __P((int c));
+void chat_expect __P((register char *s));
+char *clean __P((register char *s, int sending));
+void break_sequence __P((void));
+void terminate __P((int status));
+void die __P((void));
+
+void *dup_mem(b, c)
+void *b;
+size_t c;
+    {
+    void *ans = malloc (c);
+    if (!ans)
+        {
+	fatal ("memory error!\n");
+        }
+    memcpy (ans, b, c);
+    return ans;
+    }
+
+void *copy_of (s)
+char *s;
+    {
+    return dup_mem (s, strlen (s) + 1);
+    }
+
+/*
+ *	chat [ -v ] [ -t timeout ] [ -f chat-file ] [ -r report-file ] \
+ *		[...[[expect[-say[-expect...]] say expect[-say[-expect]] ...]]]
+ *
+ *	Perform a UUCP-dialer-like chat script on stdin and stdout.
+ */
+int
+main(argc, argv)
+int argc;
+char **argv;
+    {
+    int option;
+    char *arg;
+
+    program_name = *argv;
+    tzset();
+
+    while (option = OPTION(argc, argv))
+        {
+	switch (option)
+	    {
+	    case 'v':
+		++verbose;
+		break;
+
+	    case 'f':
+		if (arg = OPTARG(argc, argv))
+		    {
+		    chat_file = copy_of(arg);
+		    }
+		else
+		    {
+		    usage();
+		    }
+		break;
+
+	    case 't':
+		if (arg = OPTARG(argc, argv))
+		    {
+		    timeout = atoi(arg);
+		    }
+		else
+		    {
+		    usage();
+		    }
+		break;
+
+	    case 'r':
+		arg = OPTARG (argc, argv);
+		if (arg)
+		    {
+		    if (report_fp != NULL)
+		        {
+			fclose (report_fp);
+		        }
+		    report_file = copy_of (arg);
+		    report_fp   = fopen (report_file, "a");
+		    if (report_fp != NULL)
+		        {
+			if (verbose)
+			    {
+			    fprintf (report_fp, "Opening \"%s\"...\n",
+				     report_file);
+			    }
+			report = 1;
+		        }
+		    }
+		break;
+
+	    default:
+		usage();
+		break;
+	    }
+      }
+/*
+ * Default the report file to the stderr location
+ */
+    if (report_fp == NULL)
+        {
+	report_fp = stderr;
+        }
+
+#ifdef ultrix
+    openlog("chat", LOG_PID);
+#else
+    openlog("chat", LOG_PID | LOG_NDELAY, LOG_LOCAL2);
+
+    if (verbose)
+        {
+	setlogmask(LOG_UPTO(LOG_INFO));
+        }
+    else
+        {
+	setlogmask(LOG_UPTO(LOG_WARNING));
+        }
+#endif
+
+    init();
+    
+    if (chat_file != NULL)
+	{
+	arg = ARG(argc, argv);
+	if (arg != NULL)
+	    {
+	    usage();
+	    }
+	else
+	    {
+	    do_file (chat_file);
+	    }
+	}
+    else
+	{
+	while (arg = ARG(argc, argv))
+	    {
+	    chat_expect(arg);
+
+	    if (arg = ARG(argc, argv))
+	        {
+		chat_send(arg);
+	        }
+	    }
+	}
+
+    terminate(0);
+    }
+
+/*
+ *  Process a chat script when read from a file.
+ */
+
+void do_file (chat_file)
+char *chat_file;
+    {
+    int linect, len, sendflg;
+    char *sp, *arg, quote;
+    char buf [STR_LEN];
+    FILE *cfp;
+
+    cfp = fopen (chat_file, "r");
+    if (cfp == NULL)
+	{
+	syslog (LOG_ERR, "%s -- open failed: %m", chat_file);
+	terminate (1);
+	}
+
+    linect = 0;
+    sendflg = 0;
+
+    while (fgets(buf, STR_LEN, cfp) != NULL)
+	{
+	sp = strchr (buf, '\n');
+	if (sp)
+	    {
+	    *sp = '\0';
+	    }
+
+	linect++;
+	sp = buf;
+	while (*sp != '\0')
+	    {
+	    if (*sp == ' ' || *sp == '\t')
+		{
+		++sp;
+		continue;
+		}
+
+	    if (*sp == '"' || *sp == '\'')
+		{
+		quote = *sp++;
+		arg = sp;
+		while (*sp != quote)
+		    {
+		    if (*sp == '\0')
+			{
+			syslog (LOG_ERR, "unterminated quote (line %d)",
+				linect);
+			terminate (1);
+			}
+		    
+		    if (*sp++ == '\\')
+		        {
+			if (*sp != '\0')
+			    {
+			    ++sp;
+			    }
+		        }
+		    }
+		}
+	    else
+		{
+		arg = sp;
+		while (*sp != '\0' && *sp != ' ' && *sp != '\t')
+		    {
+		    ++sp;
+		    }
+		}
+
+	    if (*sp != '\0')
+	        {
+		*sp++ = '\0';
+	        }
+
+	    if (sendflg)
+		{
+		chat_send (arg);
+		}
+	    else
+		{
+		chat_expect (arg);
+		}
+	    sendflg = !sendflg;
+	    }
+	}
+    fclose (cfp);
+    }
+
+/*
+ *	We got an error parsing the command line.
+ */
+void usage()
+    {
+    fprintf(stderr, "\
+Usage: %s [-v] [-t timeout] [-r report-file] {-f chat-file | chat-script}\n",
+	    program_name);
+    exit(1);
+    }
+
+char line[256];
+char *p;
+
+void logf (str)
+const char *str;
+    {
+    p = line + strlen(line);
+    strcat (p, str);
+
+    if (str[strlen(str)-1] == '\n')
+	{
+	syslog (LOG_INFO, "%s", line);
+	line[0] = 0;
+	}
+    }
+
+void logflush()
+    {
+    if (line[0] != 0)
+	{
+	syslog(LOG_INFO, "%s", line);
+	line[0] = 0;
+        }
+    }
+
+/*
+ *	Terminate with an error.
+ */
+void die()
+    {
+    terminate(1);
+    }
+
+/*
+ *	Print an error message and terminate.
+ */
+
+void fatal (msg)
+const char *msg;
+    {
+    syslog(LOG_ERR, "%s", msg);
+    terminate(2);
+    }
+
+/*
+ *	Print an error message along with the system error message and
+ *	terminate.
+ */
+
+void sysfatal (msg)
+const char *msg;
+    {
+    syslog(LOG_ERR, "%s: %m", msg);
+    terminate(2);
+    }
+
+int alarmed = 0;
+
+SIGTYPE sigalrm(signo)
+int signo;
+    {
+    int flags;
+
+    alarm(1);
+    alarmed = 1;		/* Reset alarm to avoid race window */
+    signal(SIGALRM, sigalrm);	/* that can cause hanging in read() */
+
+    logflush();
+    if ((flags = fcntl(0, F_GETFL, 0)) == -1)
+        {
+	sysfatal("Can't get file mode flags on stdin");
+        }
+    else
+        {
+	if (fcntl(0, F_SETFL, flags | O_NONBLOCK) == -1)
+	    {
+	    sysfatal("Can't set file mode flags on stdin");
+	    }
+        }
+
+    if (verbose)
+	{
+	syslog(LOG_INFO, "alarm");
+	}
+    }
+
+void unalarm()
+    {
+    int flags;
+
+    if ((flags = fcntl(0, F_GETFL, 0)) == -1)
+        {
+	sysfatal("Can't get file mode flags on stdin");
+        }
+    else
+        {
+	if (fcntl(0, F_SETFL, flags & ~O_NONBLOCK) == -1)
+	    {
+	    sysfatal("Can't set file mode flags on stdin");
+	    }
+        }
+    }
+
+SIGTYPE sigint(signo)
+int signo;
+    {
+    fatal("SIGINT");
+    }
+
+SIGTYPE sigterm(signo)
+int signo;
+    {
+    fatal("SIGTERM");
+    }
+
+SIGTYPE sighup(signo)
+int signo;
+    {
+    fatal("SIGHUP");
+    }
+
+void init()
+    {
+    signal(SIGINT, sigint);
+    signal(SIGTERM, sigterm);
+    signal(SIGHUP, sighup);
+
+    set_tty_parameters();
+    signal(SIGALRM, sigalrm);
+    alarm(0);
+    alarmed = 0;
+    }
+
+void set_tty_parameters()
+    {
+#if defined(get_term_param)
+    term_parms t;
+
+    if (get_term_param (&t) < 0)
+        {
+	sysfatal("Can't get terminal parameters");
+        }
+
+    saved_tty_parameters = t;
+    have_tty_parameters  = 1;
+
+    t.c_iflag     |= IGNBRK | ISTRIP | IGNPAR;
+    t.c_oflag      = 0;
+    t.c_lflag      = 0;
+    t.c_cc[VERASE] =
+    t.c_cc[VKILL]  = 0;
+    t.c_cc[VMIN]   = 1;
+    t.c_cc[VTIME]  = 0;
+
+    if (set_term_param (&t) < 0)
+        {
+	sysfatal("Can't set terminal parameters");
+        }
+#endif
+    }
+
+void break_sequence()
+    {
+#ifdef TERMIOS
+    tcsendbreak (0, 0);
+#endif
+    }
+
+void terminate(status)
+int status;
+    {
+    if (report_file != (char *) 0 && report_fp != (FILE *) NULL)
+        {
+	if (verbose)
+	    {
+	    fprintf (report_fp, "Closing \"%s\".\n", report_file);
+	    }
+	fclose (report_fp);
+	report_fp = (FILE*) NULL;
+        }
+
+#if defined(get_term_param)
+    if (have_tty_parameters)
+        {
+	if (set_term_param (&saved_tty_parameters) < 0)
+	    {
+	    syslog(LOG_ERR, "Can't restore terminal parameters: %m");
+	    exit(1);
+	    }
+        }
+#endif
+
+    exit(status);
+    }
+
+/*
+ *	'Clean up' this string.
+ */
+char *clean(s, sending)
+register char *s;
+int sending;
+    {
+    char temp[STR_LEN], cur_chr;
+    register char *s1;
+    int add_return = sending;
+#define isoctal(chr) (((chr) >= '0') && ((chr) <= '7'))
+
+    s1 = temp;
+    while (*s)
+	{
+	cur_chr = *s++;
+	if (cur_chr == '^')
+	    {
+	    cur_chr = *s++;
+	    if (cur_chr == '\0')
+		{
+		*s1++ = '^';
+		break;
+		}
+	    cur_chr &= 0x1F;
+	    if (cur_chr != 0)
+	        {
+		*s1++ = cur_chr;
+	        }
+	    continue;
+	    }
+
+	if (cur_chr != '\\')
+	    {
+	    *s1++ = cur_chr;
+	    continue;
+	    }
+
+	cur_chr = *s++;
+	if (cur_chr == '\0')
+	    {
+	    if (sending)
+		{
+		*s1++ = '\\';
+		*s1++ = '\\';
+		}
+	    break;
+	    }
+
+	switch (cur_chr)
+	    {
+	case 'b':
+	    *s1++ = '\b';
+	    break;
+
+	case 'c':
+	    if (sending && *s == '\0')
+	        {
+		add_return = 0;
+	        }
+	    else
+	        {
+		*s1++ = cur_chr;
+	        }
+	    break;
+
+	case '\\':
+	case 'K':
+	case 'p':
+	case 'd':
+	    if (sending)
+	        {
+		*s1++ = '\\';
+	        }
+
+	    *s1++ = cur_chr;
+	    break;
+
+	case 'q':
+	    quiet = ! quiet;
+	    break;
+
+	case 'r':
+	    *s1++ = '\r';
+	    break;
+
+	case 'n':
+	    *s1++ = '\n';
+	    break;
+
+	case 's':
+	    *s1++ = ' ';
+	    break;
+
+	case 't':
+	    *s1++ = '\t';
+	    break;
+
+	case 'N':
+	    if (sending)
+		{
+		*s1++ = '\\';
+		*s1++ = '\0';
+		}
+	    else
+	        {
+		*s1++ = 'N';
+	        }
+	    break;
+	    
+	default:
+	    if (isoctal (cur_chr))
+		{
+		cur_chr &= 0x07;
+		if (isoctal (*s))
+		    {
+		    cur_chr <<= 3;
+		    cur_chr |= *s++ - '0';
+		    if (isoctal (*s))
+			{
+			cur_chr <<= 3;
+			cur_chr |= *s++ - '0';
+			}
+		    }
+
+		if (cur_chr != 0 || sending)
+		    {
+		    if (sending && (cur_chr == '\\' || cur_chr == 0))
+		        {
+			*s1++ = '\\';
+		        }
+		    *s1++ = cur_chr;
+		    }
+		break;
+		}
+
+	    if (sending)
+	        {
+		*s1++ = '\\';
+	        }
+	    *s1++ = cur_chr;
+	    break;
+	    }
+	}
+
+    if (add_return)
+        {
+	*s1++ = '\r';
+        }
+
+    *s1++ = '\0'; /* guarantee closure */
+    *s1++ = '\0'; /* terminate the string */
+    return dup_mem (temp, (size_t) (s1 - temp)); /* may have embedded nuls */
+    }
+
+/*
+ * Process the expect string
+ */
+void chat_expect(s)
+register char *s;
+    {
+    if (strcmp(s, "ABORT") == 0)
+	{
+	++abort_next;
+	return;
+	}
+
+    if (strcmp(s, "REPORT") == 0)
+	{
+	++report_next;
+	return;
+	}
+
+    if (strcmp(s, "TIMEOUT") == 0)
+	{
+	++timeout_next;
+	return;
+	}
+
+    while (*s)
+	{
+	register char *hyphen;
+
+	for (hyphen = s; *hyphen; ++hyphen)
+	    {
+	    if (*hyphen == '-')
+	        {
+		if (hyphen == s || hyphen[-1] != '\\')
+		    {
+		    break;
+		    }
+	        }
+	    }
+	
+	if (*hyphen == '-')
+	    {
+	    *hyphen = '\0';
+
+	    if (get_string(s))
+	        {
+		return;
+	        }
+	    else
+		{
+		s = hyphen + 1;
+
+		for (hyphen = s; *hyphen; ++hyphen)
+		    {
+		    if (*hyphen == '-')
+		        {
+			if (hyphen == s || hyphen[-1] != '\\')
+			    {
+			    break;
+			    }
+		        }
+		    }
+
+		if (*hyphen == '-')
+		    {
+		    *hyphen = '\0';
+
+		    chat_send(s);
+		    s = hyphen + 1;
+		    }
+		else
+		    {
+		    chat_send(s);
+		    return;
+		    }
+		}
+	    }
+	else
+	    {
+	    if (get_string(s))
+	        {
+		return;
+	        }
+	    else
+		{
+		if (fail_reason)
+		    {
+		    syslog(LOG_INFO, "Failed (%s)", fail_reason);
+		    }
+		else
+		    {
+		    syslog(LOG_INFO, "Failed");
+		    }
+
+		terminate(exit_code);
+		}
+	    }
+	}
+    }
+
+char *character(c)
+int c;
+    {
+    static char string[10];
+    char *meta;
+
+    meta = (c & 0x80) ? "M-" : "";
+    c &= 0x7F;
+
+    if (c < 32)
+        {
+	sprintf(string, "%s^%c", meta, (int)c + '@');
+        }
+    else
+        {
+	if (c == 127)
+	    {
+	    sprintf(string, "%s^?", meta);
+	    }
+	else
+	    {
+	    sprintf(string, "%s%c", meta, c);
+	    }
+        }
+
+    return (string);
+    }
+
+/*
+ *  process the reply string
+ */
+void chat_send (s)
+register char *s;
+    {
+    if (abort_next)
+        {
+	char *s1;
+	
+	abort_next = 0;
+	
+	if (n_aborts >= MAX_ABORTS)
+	    {
+	    fatal("Too many ABORT strings");
+	    }
+	
+	s1 = clean(s, 0);
+	
+	if (strlen(s1) > strlen(s)
+	    || strlen(s1) + 1 > sizeof(fail_buffer))
+	    {
+	    syslog(LOG_WARNING, "Illegal or too-long ABORT string ('%s')", s);
+	    die();
+	    }
+
+	abort_string[n_aborts++] = s1;
+
+	if (verbose)
+	    {
+	    logf("abort on (");
+
+	    for (s1 = s; *s1; ++s1)
+	        {
+		logf(character(*s1));
+	        }
+
+	    logf(")\n");
+	    }
+	return;
+	}
+
+    if (report_next)
+        {
+	char *s1;
+	
+	report_next = 0;
+	if (n_reports >= MAX_REPORTS)
+	    {
+	    fatal("Too many REPORT strings");
+	    }
+	
+	s1 = clean(s, 0);
+	
+	if (strlen(s1) > strlen(s) || strlen(s1) > sizeof fail_buffer - 1)
+	    {
+	    syslog(LOG_WARNING, "Illegal or too-long REPORT string ('%s')", s);
+	    die();
+	    }
+	
+	report_string[n_reports++] = s1;
+	
+	if (verbose)
+	    {
+	    logf("report (");
+	    s1 = s;
+	    while (*s1)
+	        {
+		logf(character(*s1));
+		++s1;
+	        }
+	    logf(")\n");
+	    }
+	return;
+        }
+
+    if (timeout_next)
+        {
+	timeout_next = 0;
+	timeout = atoi(s);
+	
+	if (timeout <= 0)
+	    {
+	    timeout = DEFAULT_CHAT_TIMEOUT;
+	    }
+
+	if (verbose)
+	    {
+	    syslog(LOG_INFO, "timeout set to %d seconds", timeout);
+	    }
+	return;
+        }
+
+    if (strcmp(s, "EOT") == 0)
+        {
+	s = "^D\\c";
+        }
+    else
+        {
+	if (strcmp(s, "BREAK") == 0)
+	    {
+	    s = "\\K\\c";
+	    }
+        }
+
+    if (!put_string(s))
+        {
+	syslog(LOG_INFO, "Failed");
+	terminate(1);
+        }
+    }
+
+int get_char()
+    {
+    int status;
+    char c;
+
+    status = read(0, &c, 1);
+
+    switch (status)
+        {
+    case 1:
+	return ((int)c & 0x7F);
+
+    default:
+	syslog(LOG_WARNING, "warning: read() on stdin returned %d",
+	       status);
+
+    case -1:
+	if ((status = fcntl(0, F_GETFL, 0)) == -1)
+	    {
+	    sysfatal("Can't get file mode flags on stdin");
+	    }
+	else
+	    {
+	    if (fcntl(0, F_SETFL, status & ~O_NONBLOCK) == -1)
+	        {
+		sysfatal("Can't set file mode flags on stdin");
+	        }
+	    }
+	
+	return (-1);
+        }
+    }
+
+int put_char(c)
+int c;
+    {
+    int status;
+    char ch = c;
+
+    usleep(10000);		/* inter-character typing delay (?) */
+
+    status = write(1, &ch, 1);
+
+    switch (status)
+        {
+    case 1:
+	return (0);
+	
+    default:
+	syslog(LOG_WARNING, "warning: write() on stdout returned %d",
+	       status);
+	
+    case -1:
+	if ((status = fcntl(0, F_GETFL, 0)) == -1)
+	    {
+	    sysfatal("Can't get file mode flags on stdin");
+	    }
+	else
+	    {
+	    if (fcntl(0, F_SETFL, status & ~O_NONBLOCK) == -1)
+	        {
+		sysfatal("Can't set file mode flags on stdin");
+	        }
+	    }
+	
+	return (-1);
+        }
+    }
+
+int write_char (c)
+int c;
+    {
+    if (alarmed || put_char(c) < 0)
+	{
+	extern int errno;
+
+	alarm(0);
+	alarmed = 0;
+
+	if (verbose)
+	    {
+	    if (errno == EINTR || errno == EWOULDBLOCK)
+	        {
+		syslog(LOG_INFO, " -- write timed out");
+	        }
+	    else
+	        {
+		syslog(LOG_INFO, " -- write failed: %m");
+	        }
+	    }
+	return (0);
+	}
+    return (1);
+    }
+
+int put_string (s)
+register char *s;
+    {
+    s = clean(s, 1);
+
+    if (verbose)
+	{
+	logf("send (");
+
+	if (quiet)
+	    {
+	    logf("??????");
+	    }
+	else
+	    {
+	    register char *s1 = s;
+
+	    for (s1 = s; *s1; ++s1)
+	        {
+		logf(character(*s1));
+	        }
+	    }
+
+	logf(")\n");
+	}
+
+    alarm(timeout); alarmed = 0;
+
+    while (*s)
+	{
+	register char c = *s++;
+
+	if (c != '\\')
+	    {
+	    if (!write_char (c))
+	        {
+		return 0;
+	        }
+	    continue;
+	    }
+
+	c = *s++;
+	switch (c)
+	    {
+	case 'd':
+	    sleep(1);
+	    break;
+
+	case 'K':
+	    break_sequence();
+	    break;
+
+	case 'p':
+	    usleep(10000); 	/* 1/100th of a second (arg is microseconds) */
+	    break;
+
+	default:
+	    if (!write_char (c))
+		return 0;
+	    break;
+	    }
+	}
+
+    alarm(0);
+    alarmed = 0;
+    return (1);
+    }
+
+/*
+ *	'Wait for' this string to appear on this file descriptor.
+ */
+int get_string(string)
+register char *string;
+    {
+    char temp[STR_LEN];
+    int c, printed = 0, len, minlen;
+    register char *s = temp, *end = s + STR_LEN;
+
+    fail_reason = (char *)0;
+    string = clean(string, 0);
+    len = strlen(string);
+    minlen = (len > sizeof(fail_buffer)? len: sizeof(fail_buffer)) - 1;
+
+    if (verbose)
+	{
+	register char *s1;
+
+	logf("expect (");
+
+	for (s1 = string; *s1; ++s1)
+	    {
+	    logf(character(*s1));
+	    }
+
+	logf(")\n");
+	}
+
+    if (len > STR_LEN)
+	{
+	syslog(LOG_INFO, "expect string is too long");
+	exit_code = 1;
+	return 0;
+	}
+
+    if (len == 0)
+	{
+	if (verbose)
+	    {
+	    syslog(LOG_INFO, "got it");
+	    }
+
+	return (1);
+	}
+
+    alarm(timeout);
+    alarmed = 0;
+
+    while ( ! alarmed && (c = get_char()) >= 0)
+	{
+	int n, abort_len, report_len;
+
+	if (verbose)
+	    {
+	    if (c == '\n')
+	        {
+		logf("\n");
+	        }
+	    else
+	        {
+		logf(character(c));
+	        }
+	    }
+
+	*s++ = c;
+
+	if (s - temp >= len &&
+	    c == string[len - 1] &&
+	    strncmp(s - len, string, len) == 0)
+	    {
+	    if (verbose)
+		{
+		logf(" -- got it\n");
+		}
+
+	    alarm(0);
+	    alarmed = 0;
+	    return (1);
+	    }
+
+	for (n = 0; n < n_aborts; ++n)
+	    {
+	    if (s - temp >= (abort_len = strlen(abort_string[n])) &&
+		strncmp(s - abort_len, abort_string[n], abort_len) == 0)
+	        {
+		if (verbose)
+		    {
+		    logf(" -- failed\n");
+		    }
+		
+		alarm(0);
+		alarmed = 0;
+		exit_code = n + 4;
+		strcpy(fail_reason = fail_buffer, abort_string[n]);
+		return (0);
+	        }
+	    }
+
+	if (!report_gathering)
+	    {
+	    for (n = 0; n < n_reports; ++n)
+	        {
+		if ((report_string[n] != (char*) NULL) &&
+		    s - temp >= (report_len = strlen(report_string[n])) &&
+		    strncmp(s - report_len, report_string[n], report_len) == 0)
+		    {
+		    time_t time_now   = time ((time_t*) NULL);
+		    struct tm* tm_now = localtime (&time_now);
+
+		    strftime (report_buffer, 20, "%b %d %H:%M:%S ", tm_now);
+		    strcat (report_buffer, report_string[n]);
+
+		    report_string[n] = (char *) NULL;
+		    report_gathering = 1;
+		    break;
+		    }
+	        }
+	    }
+	else
+	    {
+	    if (!iscntrl (c))
+	        {
+		int rep_len = strlen (report_buffer);
+		report_buffer[rep_len]     = c;
+		report_buffer[rep_len + 1] = '\0';
+	        }
+	    else
+	        {
+		report_gathering = 0;
+		fprintf (report_fp, "chat:  %s\n", report_buffer);
+	        }
+	    }
+
+	if (s >= end)
+	    {
+	    strncpy (temp, s - minlen, minlen);
+	    s = temp + minlen;
+	    }
+
+	if (alarmed && verbose)
+	    {
+	    syslog(LOG_WARNING, "warning: alarm synchronization problem");
+	    }
+	}
+
+    alarm(0);
+    
+    if (verbose && printed)
+	{
+	if (alarmed)
+	    {
+	    logf(" -- read timed out\n");
+	    }
+	else
+	    {
+	    logflush();
+	    syslog(LOG_INFO, " -- read failed: %m");
+	    }
+	}
+
+    exit_code = 3;
+    alarmed   = 0;
+    return (0);
+    }
+
+#ifdef NO_USLEEP
+#include <sys/types.h>
+#include <sys/time.h>
+
+/*
+  usleep -- support routine for 4.2BSD system call emulations
+  last edit:  29-Oct-1984     D A Gwyn
+  */
+
+extern int	  select();
+
+int
+usleep( usec )				  /* returns 0 if ok, else -1 */
+    long		usec;		/* delay in microseconds */
+{
+    static struct			/* `timeval' */
+        {
+	long	tv_sec;		/* seconds */
+	long	tv_usec;	/* microsecs */
+        } delay;	    /* _select() timeout */
+
+    delay.tv_sec  = usec / 1000000L;
+    delay.tv_usec = usec % 1000000L;
+
+    return select( 0, (long *)0, (long *)0, (long *)0, &delay );
+}
+#endif
diff --git a/usr.sbin/pppd/fsm.c b/usr.sbin/pppd/fsm.c
new file mode 100644
index 00000000000..89a60d81f01
--- /dev/null
+++ b/usr.sbin/pppd/fsm.c
@@ -0,0 +1,780 @@
+/*
+ * fsm.c - {Link, IP} Control Protocol Finite State Machine.
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: fsm.c,v 1.1 1995/10/18 08:47:58 deraadt Exp $";
+#endif
+
+/*
+ * TODO:
+ * Randomize fsm id on link/init.
+ * Deal with variable outgoing MTU.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <syslog.h>
+
+#include "pppd.h"
+#include "fsm.h"
+
+extern char *proto_name();
+
+static void fsm_timeout __P((caddr_t));
+static void fsm_rconfreq __P((fsm *, int, u_char *, int));
+static void fsm_rconfack __P((fsm *, int, u_char *, int));
+static void fsm_rconfnakrej __P((fsm *, int, int, u_char *, int));
+static void fsm_rtermreq __P((fsm *, int));
+static void fsm_rtermack __P((fsm *));
+static void fsm_rcoderej __P((fsm *, u_char *, int));
+static void fsm_sconfreq __P((fsm *, int));
+
+#define PROTO_NAME(f)	((f)->callbacks->proto_name)
+
+int peer_mru[NUM_PPP];
+
+
+/*
+ * fsm_init - Initialize fsm.
+ *
+ * Initialize fsm state.
+ */
+void
+fsm_init(f)
+    fsm *f;
+{
+    f->state = INITIAL;
+    f->flags = 0;
+    f->id = 0;				/* XXX Start with random id? */
+    f->timeouttime = DEFTIMEOUT;
+    f->maxconfreqtransmits = DEFMAXCONFREQS;
+    f->maxtermtransmits = DEFMAXTERMREQS;
+    f->maxnakloops = DEFMAXNAKLOOPS;
+}
+
+
+/*
+ * fsm_lowerup - The lower layer is up.
+ */
+void
+fsm_lowerup(f)
+    fsm *f;
+{
+    switch( f->state ){
+    case INITIAL:
+	f->state = CLOSED;
+	break;
+
+    case STARTING:
+	if( f->flags & OPT_SILENT )
+	    f->state = STOPPED;
+	else {
+	    /* Send an initial configure-request */
+	    fsm_sconfreq(f, 0);
+	    f->state = REQSENT;
+	}
+	break;
+
+    default:
+	FSMDEBUG((LOG_INFO, "%s: Up event in state %d!",
+		  PROTO_NAME(f), f->state));
+    }
+}
+
+
+/*
+ * fsm_lowerdown - The lower layer is down.
+ *
+ * Cancel all timeouts and inform upper layers.
+ */
+void
+fsm_lowerdown(f)
+    fsm *f;
+{
+    switch( f->state ){
+    case CLOSED:
+	f->state = INITIAL;
+	break;
+
+    case STOPPED:
+	f->state = STARTING;
+	if( f->callbacks->starting )
+	    (*f->callbacks->starting)(f);
+	break;
+
+    case CLOSING:
+	f->state = INITIAL;
+	UNTIMEOUT(fsm_timeout, (caddr_t) f);	/* Cancel timeout */
+	break;
+
+    case STOPPING:
+    case REQSENT:
+    case ACKRCVD:
+    case ACKSENT:
+	f->state = STARTING;
+	UNTIMEOUT(fsm_timeout, (caddr_t) f);	/* Cancel timeout */
+	break;
+
+    case OPENED:
+	if( f->callbacks->down )
+	    (*f->callbacks->down)(f);
+	f->state = STARTING;
+	break;
+
+    default:
+	FSMDEBUG((LOG_INFO, "%s: Down event in state %d!",
+		  PROTO_NAME(f), f->state));
+    }
+}
+
+
+/*
+ * fsm_open - Link is allowed to come up.
+ */
+void
+fsm_open(f)
+    fsm *f;
+{
+    switch( f->state ){
+    case INITIAL:
+	f->state = STARTING;
+	if( f->callbacks->starting )
+	    (*f->callbacks->starting)(f);
+	break;
+
+    case CLOSED:
+	if( f->flags & OPT_SILENT )
+	    f->state = STOPPED;
+	else {
+	    /* Send an initial configure-request */
+	    fsm_sconfreq(f, 0);
+	    f->state = REQSENT;
+	}
+	break;
+
+    case CLOSING:
+	f->state = STOPPING;
+	/* fall through */
+    case STOPPED:
+    case OPENED:
+	if( f->flags & OPT_RESTART ){
+	    fsm_lowerdown(f);
+	    fsm_lowerup(f);
+	}
+	break;
+    }
+}
+
+
+/*
+ * fsm_close - Start closing connection.
+ *
+ * Cancel timeouts and either initiate close or possibly go directly to
+ * the CLOSED state.
+ */
+void
+fsm_close(f)
+    fsm *f;
+{
+    switch( f->state ){
+    case STARTING:
+	f->state = INITIAL;
+	break;
+    case STOPPED:
+	f->state = CLOSED;
+	break;
+    case STOPPING:
+	f->state = CLOSING;
+	break;
+
+    case REQSENT:
+    case ACKRCVD:
+    case ACKSENT:
+    case OPENED:
+	if( f->state != OPENED )
+	    UNTIMEOUT(fsm_timeout, (caddr_t) f);	/* Cancel timeout */
+	else if( f->callbacks->down )
+	    (*f->callbacks->down)(f);	/* Inform upper layers we're down */
+
+	/* Init restart counter, send Terminate-Request */
+	f->retransmits = f->maxtermtransmits;
+	fsm_sdata(f, TERMREQ, f->reqid = ++f->id, NULL, 0);
+	TIMEOUT(fsm_timeout, (caddr_t) f, f->timeouttime);
+	--f->retransmits;
+
+	f->state = CLOSING;
+	break;
+    }
+}
+
+
+/*
+ * fsm_timeout - Timeout expired.
+ */
+static void
+fsm_timeout(arg)
+    caddr_t arg;
+{
+    fsm *f = (fsm *) arg;
+
+    switch (f->state) {
+    case CLOSING:
+    case STOPPING:
+	if( f->retransmits <= 0 ){
+	    /*
+	     * We've waited for an ack long enough.  Peer probably heard us.
+	     */
+	    f->state = (f->state == CLOSING)? CLOSED: STOPPED;
+	    if( f->callbacks->finished )
+		(*f->callbacks->finished)(f);
+	} else {
+	    /* Send Terminate-Request */
+	    fsm_sdata(f, TERMREQ, f->reqid = ++f->id, NULL, 0);
+	    TIMEOUT(fsm_timeout, (caddr_t) f, f->timeouttime);
+	    --f->retransmits;
+	}
+	break;
+
+    case REQSENT:
+    case ACKRCVD:
+    case ACKSENT:
+	if (f->retransmits <= 0) {
+	    syslog(LOG_WARNING, "%s: timeout sending Config-Requests",
+		   PROTO_NAME(f));
+	    f->state = STOPPED;
+	    if( (f->flags & OPT_PASSIVE) == 0 && f->callbacks->finished )
+		(*f->callbacks->finished)(f);
+
+	} else {
+	    /* Retransmit the configure-request */
+	    if (f->callbacks->retransmit)
+		(*f->callbacks->retransmit)(f);
+	    fsm_sconfreq(f, 1);		/* Re-send Configure-Request */
+	    if( f->state == ACKRCVD )
+		f->state = REQSENT;
+	}
+	break;
+
+    default:
+	FSMDEBUG((LOG_INFO, "%s: Timeout event in state %d!",
+		  PROTO_NAME(f), f->state));
+    }
+}
+
+
+/*
+ * fsm_input - Input packet.
+ */
+void
+fsm_input(f, inpacket, l)
+    fsm *f;
+    u_char *inpacket;
+    int l;
+{
+    u_char *inp, *outp;
+    u_char code, id;
+    int len;
+
+    /*
+     * Parse header (code, id and length).
+     * If packet too short, drop it.
+     */
+    inp = inpacket;
+    if (l < HEADERLEN) {
+	FSMDEBUG((LOG_WARNING, "fsm_input(%x): Rcvd short header.",
+		  f->protocol));
+	return;
+    }
+    GETCHAR(code, inp);
+    GETCHAR(id, inp);
+    GETSHORT(len, inp);
+    if (len < HEADERLEN) {
+	FSMDEBUG((LOG_INFO, "fsm_input(%x): Rcvd illegal length.",
+		  f->protocol));
+	return;
+    }
+    if (len > l) {
+	FSMDEBUG((LOG_INFO, "fsm_input(%x): Rcvd short packet.",
+		  f->protocol));
+	return;
+    }
+    len -= HEADERLEN;		/* subtract header length */
+
+    if( f->state == INITIAL || f->state == STARTING ){
+	FSMDEBUG((LOG_INFO, "fsm_input(%x): Rcvd packet in state %d.",
+		  f->protocol, f->state));
+	return;
+    }
+
+    /*
+     * Action depends on code.
+     */
+    switch (code) {
+    case CONFREQ:
+	fsm_rconfreq(f, id, inp, len);
+	break;
+    
+    case CONFACK:
+	fsm_rconfack(f, id, inp, len);
+	break;
+    
+    case CONFNAK:
+    case CONFREJ:
+	fsm_rconfnakrej(f, code, id, inp, len);
+	break;
+    
+    case TERMREQ:
+	fsm_rtermreq(f, id);
+	break;
+    
+    case TERMACK:
+	fsm_rtermack(f);
+	break;
+    
+    case CODEREJ:
+	fsm_rcoderej(f, inp, len);
+	break;
+    
+    default:
+	if( !f->callbacks->extcode
+	   || !(*f->callbacks->extcode)(f, code, id, inp, len) )
+	    fsm_sdata(f, CODEREJ, ++f->id, inpacket, len + HEADERLEN);
+	break;
+    }
+}
+
+
+/*
+ * fsm_rconfreq - Receive Configure-Request.
+ */
+static void
+fsm_rconfreq(f, id, inp, len)
+    fsm *f;
+    u_char id;
+    u_char *inp;
+    int len;
+{
+    u_char *outp;
+    int code, reject_if_disagree;
+
+    FSMDEBUG((LOG_INFO, "fsm_rconfreq(%s): Rcvd id %d.", PROTO_NAME(f), id));
+    switch( f->state ){
+    case CLOSED:
+	/* Go away, we're closed */
+	fsm_sdata(f, TERMACK, id, NULL, 0);
+	return;
+    case CLOSING:
+    case STOPPING:
+	return;
+
+    case OPENED:
+	/* Go down and restart negotiation */
+	if( f->callbacks->down )
+	    (*f->callbacks->down)(f);	/* Inform upper layers */
+	fsm_sconfreq(f, 0);		/* Send initial Configure-Request */
+	break;
+
+    case STOPPED:
+	/* Negotiation started by our peer */
+	fsm_sconfreq(f, 0);		/* Send initial Configure-Request */
+	f->state = REQSENT;
+	break;
+    }
+
+    /*
+     * Pass the requested configuration options
+     * to protocol-specific code for checking.
+     */
+    if (f->callbacks->reqci){		/* Check CI */
+	reject_if_disagree = (f->nakloops >= f->maxnakloops);
+	code = (*f->callbacks->reqci)(f, inp, &len, reject_if_disagree);
+    } else if (len)
+	code = CONFREJ;			/* Reject all CI */
+    else
+	code = CONFACK;
+
+    /* send the Ack, Nak or Rej to the peer */
+    fsm_sdata(f, code, id, inp, len);
+
+    if (code == CONFACK) {
+	if (f->state == ACKRCVD) {
+	    UNTIMEOUT(fsm_timeout, (caddr_t) f);	/* Cancel timeout */
+	    f->state = OPENED;
+	    if (f->callbacks->up)
+		(*f->callbacks->up)(f);	/* Inform upper layers */
+	} else
+	    f->state = ACKSENT;
+	f->nakloops = 0;
+
+    } else {
+	/* we sent CONFACK or CONFREJ */
+	if (f->state != ACKRCVD)
+	    f->state = REQSENT;
+	if( code == CONFNAK )
+	    ++f->nakloops;
+    }
+}
+
+
+/*
+ * fsm_rconfack - Receive Configure-Ack.
+ */
+static void
+fsm_rconfack(f, id, inp, len)
+    fsm *f;
+    int id;
+    u_char *inp;
+    int len;
+{
+    FSMDEBUG((LOG_INFO, "fsm_rconfack(%s): Rcvd id %d.",
+	      PROTO_NAME(f), id));
+
+    if (id != f->reqid || f->seen_ack)		/* Expected id? */
+	return;					/* Nope, toss... */
+    if( !(f->callbacks->ackci? (*f->callbacks->ackci)(f, inp, len):
+	  (len == 0)) ){
+	/* Ack is bad - ignore it */
+	FSMDEBUG((LOG_INFO, "%s: received bad Ack (length %d)",
+		  PROTO_NAME(f), len));
+	return;
+    }
+    f->seen_ack = 1;
+
+    switch (f->state) {
+    case CLOSED:
+    case STOPPED:
+	fsm_sdata(f, TERMACK, id, NULL, 0);
+	break;
+
+    case REQSENT:
+	f->state = ACKRCVD;
+	f->retransmits = f->maxconfreqtransmits;
+	break;
+
+    case ACKRCVD:
+	/* Huh? an extra valid Ack? oh well... */
+	UNTIMEOUT(fsm_timeout, (caddr_t) f);	/* Cancel timeout */
+	fsm_sconfreq(f, 0);
+	f->state = REQSENT;
+	break;
+
+    case ACKSENT:
+	UNTIMEOUT(fsm_timeout, (caddr_t) f);	/* Cancel timeout */
+	f->state = OPENED;
+	f->retransmits = f->maxconfreqtransmits;
+	if (f->callbacks->up)
+	    (*f->callbacks->up)(f);	/* Inform upper layers */
+	break;
+
+    case OPENED:
+	/* Go down and restart negotiation */
+	if (f->callbacks->down)
+	    (*f->callbacks->down)(f);	/* Inform upper layers */
+	fsm_sconfreq(f, 0);		/* Send initial Configure-Request */
+	f->state = REQSENT;
+	break;
+    }
+}
+
+
+/*
+ * fsm_rconfnakrej - Receive Configure-Nak or Configure-Reject.
+ */
+static void
+fsm_rconfnakrej(f, code, id, inp, len)
+    fsm *f;
+    int code, id;
+    u_char *inp;
+    int len;
+{
+    int (*proc)();
+
+    FSMDEBUG((LOG_INFO, "fsm_rconfnakrej(%s): Rcvd id %d.",
+	      PROTO_NAME(f), id));
+
+    if (id != f->reqid || f->seen_ack)	/* Expected id? */
+	return;				/* Nope, toss... */
+    proc = (code == CONFNAK)? f->callbacks->nakci: f->callbacks->rejci;
+    if (!proc || !proc(f, inp, len)) {
+	/* Nak/reject is bad - ignore it */
+	FSMDEBUG((LOG_INFO, "%s: received bad %s (length %d)",
+		  PROTO_NAME(f), (code==CONFNAK? "Nak": "reject"), len));
+	return;
+    }
+    f->seen_ack = 1;
+
+    switch (f->state) {
+    case CLOSED:
+    case STOPPED:
+	fsm_sdata(f, TERMACK, id, NULL, 0);
+	break;
+
+    case REQSENT:
+    case ACKSENT:
+	/* They didn't agree to what we wanted - try another request */
+	UNTIMEOUT(fsm_timeout, (caddr_t) f);	/* Cancel timeout */
+	fsm_sconfreq(f, 0);		/* Send Configure-Request */
+	break;
+
+    case ACKRCVD:
+	/* Got a Nak/reject when we had already had an Ack?? oh well... */
+	UNTIMEOUT(fsm_timeout, (caddr_t) f);	/* Cancel timeout */
+	fsm_sconfreq(f, 0);
+	f->state = REQSENT;
+	break;
+
+    case OPENED:
+	/* Go down and restart negotiation */
+	if (f->callbacks->down)
+	    (*f->callbacks->down)(f);	/* Inform upper layers */
+	fsm_sconfreq(f, 0);		/* Send initial Configure-Request */
+	f->state = REQSENT;
+	break;
+    }
+}
+
+
+/*
+ * fsm_rtermreq - Receive Terminate-Req.
+ */
+static void
+fsm_rtermreq(f, id)
+    fsm *f;
+    int id;
+{
+    FSMDEBUG((LOG_INFO, "fsm_rtermreq(%s): Rcvd id %d.",
+	      PROTO_NAME(f), id));
+
+    switch (f->state) {
+    case ACKRCVD:
+    case ACKSENT:
+	f->state = REQSENT;		/* Start over but keep trying */
+	break;
+
+    case OPENED:
+	syslog(LOG_INFO, "%s terminated at peer's request", PROTO_NAME(f));
+	if (f->callbacks->down)
+	    (*f->callbacks->down)(f);	/* Inform upper layers */
+	f->retransmits = 0;
+	f->state = STOPPING;
+	TIMEOUT(fsm_timeout, (caddr_t) f, f->timeouttime);
+	break;
+    }
+
+    fsm_sdata(f, TERMACK, id, NULL, 0);
+}
+
+
+/*
+ * fsm_rtermack - Receive Terminate-Ack.
+ */
+static void
+fsm_rtermack(f)
+    fsm *f;
+{
+    FSMDEBUG((LOG_INFO, "fsm_rtermack(%s).", PROTO_NAME(f)));
+
+    switch (f->state) {
+    case CLOSING:
+	UNTIMEOUT(fsm_timeout, (caddr_t) f);
+	f->state = CLOSED;
+	if( f->callbacks->finished )
+	    (*f->callbacks->finished)(f);
+	break;
+    case STOPPING:
+	UNTIMEOUT(fsm_timeout, (caddr_t) f);
+	f->state = STOPPED;
+	if( f->callbacks->finished )
+	    (*f->callbacks->finished)(f);
+	break;
+
+    case ACKRCVD:
+	f->state = REQSENT;
+	break;
+
+    case OPENED:
+	if (f->callbacks->down)
+	    (*f->callbacks->down)(f);	/* Inform upper layers */
+	fsm_sconfreq(f, 0);
+	break;
+    }
+}
+
+
+/*
+ * fsm_rcoderej - Receive an Code-Reject.
+ */
+static void
+fsm_rcoderej(f, inp, len)
+    fsm *f;
+    u_char *inp;
+    int len;
+{
+    u_char code, id;
+
+    FSMDEBUG((LOG_INFO, "fsm_rcoderej(%s).", PROTO_NAME(f)));
+
+    if (len < HEADERLEN) {
+	FSMDEBUG((LOG_INFO, "fsm_rcoderej: Rcvd short Code-Reject packet!"));
+	return;
+    }
+    GETCHAR(code, inp);
+    GETCHAR(id, inp);
+    syslog(LOG_WARNING, "%s: Rcvd Code-Reject for code %d, id %d",
+	   PROTO_NAME(f), code, id);
+
+    if( f->state == ACKRCVD )
+	f->state = REQSENT;
+}
+
+
+/*
+ * fsm_protreject - Peer doesn't speak this protocol.
+ *
+ * Treat this as a catastrophic error (RXJ-).
+ */
+void
+fsm_protreject(f)
+    fsm *f;
+{
+    switch( f->state ){
+    case CLOSING:
+	UNTIMEOUT(fsm_timeout, (caddr_t) f);	/* Cancel timeout */
+	/* fall through */
+    case CLOSED:
+	f->state = CLOSED;
+	if( f->callbacks->finished )
+	    (*f->callbacks->finished)(f);
+	break;
+
+    case STOPPING:
+    case REQSENT:
+    case ACKRCVD:
+    case ACKSENT:
+	UNTIMEOUT(fsm_timeout, (caddr_t) f);	/* Cancel timeout */
+	/* fall through */
+    case STOPPED:
+	f->state = STOPPED;
+	if( f->callbacks->finished )
+	    (*f->callbacks->finished)(f);
+	break;
+
+    case OPENED:
+	if( f->callbacks->down )
+	    (*f->callbacks->down)(f);
+
+	/* Init restart counter, send Terminate-Request */
+	f->retransmits = f->maxtermtransmits;
+	fsm_sdata(f, TERMREQ, f->reqid = ++f->id, NULL, 0);
+	TIMEOUT(fsm_timeout, (caddr_t) f, f->timeouttime);
+	--f->retransmits;
+
+	f->state = STOPPING;
+	break;
+
+    default:
+	FSMDEBUG((LOG_INFO, "%s: Protocol-reject event in state %d!",
+		  PROTO_NAME(f), f->state));
+    }
+}
+
+
+/*
+ * fsm_sconfreq - Send a Configure-Request.
+ */
+static void
+fsm_sconfreq(f, retransmit)
+    fsm *f;
+    int retransmit;
+{
+    u_char *outp;
+    int outlen, cilen;
+
+    if( f->state != REQSENT && f->state != ACKRCVD && f->state != ACKSENT ){
+	/* Not currently negotiating - reset options */
+	if( f->callbacks->resetci )
+	    (*f->callbacks->resetci)(f);
+	f->nakloops = 0;
+    }
+
+    if( !retransmit ){
+	/* New request - reset retransmission counter, use new ID */
+	f->retransmits = f->maxconfreqtransmits;
+	f->reqid = ++f->id;
+    }
+
+    f->seen_ack = 0;
+
+    /*
+     * Make up the request packet
+     */
+    outp = outpacket_buf + PPP_HDRLEN + HEADERLEN;
+    if( f->callbacks->cilen && f->callbacks->addci ){
+	cilen = (*f->callbacks->cilen)(f);
+	if( cilen > peer_mru[f->unit] - HEADERLEN )
+	    cilen = peer_mru[f->unit] - HEADERLEN;
+	if (f->callbacks->addci)
+	    (*f->callbacks->addci)(f, outp, &cilen);
+    } else
+	cilen = 0;
+
+    /* send the request to our peer */
+    fsm_sdata(f, CONFREQ, f->reqid, outp, cilen);
+
+    /* start the retransmit timer */
+    --f->retransmits;
+    TIMEOUT(fsm_timeout, (caddr_t) f, f->timeouttime);
+
+    FSMDEBUG((LOG_INFO, "%s: sending Configure-Request, id %d",
+	      PROTO_NAME(f), f->reqid));
+}
+
+
+/*
+ * fsm_sdata - Send some data.
+ *
+ * Used for all packets sent to our peer by this module.
+ */
+void
+fsm_sdata(f, code, id, data, datalen)
+    fsm *f;
+    u_char code, id;
+    u_char *data;
+    int datalen;
+{
+    u_char *outp;
+    int outlen;
+
+    /* Adjust length to be smaller than MTU */
+    outp = outpacket_buf;
+    if (datalen > peer_mru[f->unit] - HEADERLEN)
+	datalen = peer_mru[f->unit] - HEADERLEN;
+    if (datalen && data != outp + PPP_HDRLEN + HEADERLEN)
+	BCOPY(data, outp + PPP_HDRLEN + HEADERLEN, datalen);
+    outlen = datalen + HEADERLEN;
+    MAKEHEADER(outp, f->protocol);
+    PUTCHAR(code, outp);
+    PUTCHAR(id, outp);
+    PUTSHORT(outlen, outp);
+    output(f->unit, outpacket_buf, outlen + PPP_HDRLEN);
+
+    FSMDEBUG((LOG_INFO, "fsm_sdata(%s): Sent code %d, id %d.",
+	      PROTO_NAME(f), code, id));
+}
diff --git a/usr.sbin/pppd/fsm.h b/usr.sbin/pppd/fsm.h
new file mode 100644
index 00000000000..d29dba5146a
--- /dev/null
+++ b/usr.sbin/pppd/fsm.h
@@ -0,0 +1,128 @@
+/*
+ * fsm.h - {Link, IP} Control Protocol Finite State Machine definitions.
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * $Id: fsm.h,v 1.1 1995/10/18 08:47:58 deraadt Exp $
+ */
+
+/*
+ * Packet header = Code, id, length.
+ */
+#define HEADERLEN	(sizeof (u_char) + sizeof (u_char) + sizeof (u_short))
+
+
+/*
+ *  CP (LCP, IPCP, etc.) codes.
+ */
+#define CONFREQ		1	/* Configuration Request */
+#define CONFACK		2	/* Configuration Ack */
+#define CONFNAK		3	/* Configuration Nak */
+#define CONFREJ		4	/* Configuration Reject */
+#define TERMREQ		5	/* Termination Request */
+#define TERMACK		6	/* Termination Ack */
+#define CODEREJ		7	/* Code Reject */
+
+
+/*
+ * Each FSM is described by a fsm_callbacks and a fsm structure.
+ */
+typedef struct fsm_callbacks {
+    void (*resetci)();		/* Reset our Configuration Information */
+    int  (*cilen)();		/* Length of our Configuration Information */
+    void (*addci)();		/* Add our Configuration Information */
+    int  (*ackci)();		/* ACK our Configuration Information */
+    int  (*nakci)();		/* NAK our Configuration Information */
+    int  (*rejci)();		/* Reject our Configuration Information */
+    int  (*reqci)();		/* Request peer's Configuration Information */
+    void (*up)();		/* Called when fsm reaches OPENED state */
+    void (*down)();		/* Called when fsm leaves OPENED state */
+    void (*starting)();		/* Called when we want the lower layer */
+    void (*finished)();		/* Called when we don't want the lower layer */
+    void (*protreject)();	/* Called when Protocol-Reject received */
+    void (*retransmit)();	/* Retransmission is necessary */
+    int  (*extcode)();		/* Called when unknown code received */
+    char *proto_name;		/* String name for protocol (for messages) */
+} fsm_callbacks;
+
+
+typedef struct fsm {
+    int unit;			/* Interface unit number */
+    int protocol;		/* Data Link Layer Protocol field value */
+    int state;			/* State */
+    int flags;			/* Contains option bits */
+    u_char id;			/* Current id */
+    u_char reqid;		/* Current request id */
+    u_char seen_ack;		/* Have received valid Ack/Nak/Rej to Req */
+    int timeouttime;		/* Timeout time in milliseconds */
+    int maxconfreqtransmits;	/* Maximum Configure-Request transmissions */
+    int retransmits;		/* Number of retransmissions left */
+    int maxtermtransmits;	/* Maximum Terminate-Request transmissions */
+    int nakloops;		/* Number of nak loops since last ack */
+    int maxnakloops;		/* Maximum number of nak loops tolerated */
+    fsm_callbacks *callbacks;	/* Callback routines */
+} fsm;
+
+
+/*
+ * Link states.
+ */
+#define INITIAL		0	/* Down, hasn't been opened */
+#define STARTING	1	/* Down, been opened */
+#define CLOSED		2	/* Up, hasn't been opened */
+#define STOPPED		3	/* Open, waiting for down event */
+#define CLOSING		4	/* Terminating the connection, not open */
+#define STOPPING	5	/* Terminating, but open */
+#define REQSENT		6	/* We've sent a Config Request */
+#define ACKRCVD		7	/* We've received a Config Ack */
+#define ACKSENT		8	/* We've sent a Config Ack */
+#define OPENED		9	/* Connection available */
+
+
+/*
+ * Flags - indicate options controlling FSM operation
+ */
+#define OPT_PASSIVE	1	/* Don't die if we don't get a response */
+#define OPT_RESTART	2	/* Treat 2nd OPEN as DOWN, UP */
+#define OPT_SILENT	4	/* Wait for peer to speak first */
+
+
+/*
+ * Timeouts.
+ */
+#define DEFTIMEOUT	3	/* Timeout time in seconds */
+#define DEFMAXTERMREQS	2	/* Maximum Terminate-Request transmissions */
+#define DEFMAXCONFREQS	10	/* Maximum Configure-Request transmissions */
+#define DEFMAXNAKLOOPS	5	/* Maximum number of nak loops */
+
+
+/*
+ * Prototypes
+ */
+void fsm_init __P((fsm *));
+void fsm_lowerup __P((fsm *));
+void fsm_lowerdown __P((fsm *));
+void fsm_open __P((fsm *));
+void fsm_close __P((fsm *));
+void fsm_input __P((fsm *, u_char *, int));
+void fsm_protreject __P((fsm *));
+void fsm_sdata __P((fsm *, int, int, u_char *, int));
+
+
+/*
+ * Variables
+ */
+extern int peer_mru[];		/* currently negotiated peer MRU (per unit) */
diff --git a/usr.sbin/pppd/ipcp.c b/usr.sbin/pppd/ipcp.c
new file mode 100644
index 00000000000..9a1b2b26cd4
--- /dev/null
+++ b/usr.sbin/pppd/ipcp.c
@@ -0,0 +1,1213 @@
+/*
+ * ipcp.c - PPP IP Control Protocol.
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: ipcp.c,v 1.1 1995/10/18 08:47:58 deraadt Exp $";
+#endif
+
+/*
+ * TODO:
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <syslog.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+#include "pppd.h"
+#include "fsm.h"
+#include "ipcp.h"
+#include "pathnames.h"
+
+/* global vars */
+ipcp_options ipcp_wantoptions[NUM_PPP];	/* Options that we want to request */
+ipcp_options ipcp_gotoptions[NUM_PPP];	/* Options that peer ack'd */
+ipcp_options ipcp_allowoptions[NUM_PPP];	/* Options we allow peer to request */
+ipcp_options ipcp_hisoptions[NUM_PPP];	/* Options that we ack'd */
+
+/* local vars */
+static int cis_received[NUM_PPP];		/* # Conf-Reqs received */
+
+/*
+ * Callbacks for fsm code.  (CI = Configuration Information)
+ */
+static void ipcp_resetci __P((fsm *));	/* Reset our CI */
+static int  ipcp_cilen __P((fsm *));	        /* Return length of our CI */
+static void ipcp_addci __P((fsm *, u_char *, int *)); /* Add our CI */
+static int  ipcp_ackci __P((fsm *, u_char *, int));	/* Peer ack'd our CI */
+static int  ipcp_nakci __P((fsm *, u_char *, int));	/* Peer nak'd our CI */
+static int  ipcp_rejci __P((fsm *, u_char *, int));	/* Peer rej'd our CI */
+static int  ipcp_reqci __P((fsm *, u_char *, int *, int)); /* Rcv CI */
+static void ipcp_up __P((fsm *));		/* We're UP */
+static void ipcp_down __P((fsm *));		/* We're DOWN */
+static void ipcp_script __P((fsm *, char *)); /* Run an up/down script */
+
+fsm ipcp_fsm[NUM_PPP];		/* IPCP fsm structure */
+
+static fsm_callbacks ipcp_callbacks = { /* IPCP callback routines */
+    ipcp_resetci,		/* Reset our Configuration Information */
+    ipcp_cilen,			/* Length of our Configuration Information */
+    ipcp_addci,			/* Add our Configuration Information */
+    ipcp_ackci,			/* ACK our Configuration Information */
+    ipcp_nakci,			/* NAK our Configuration Information */
+    ipcp_rejci,			/* Reject our Configuration Information */
+    ipcp_reqci,			/* Request peer's Configuration Information */
+    ipcp_up,			/* Called when fsm reaches OPENED state */
+    ipcp_down,			/* Called when fsm leaves OPENED state */
+    NULL,			/* Called when we want the lower layer up */
+    NULL,			/* Called when we want the lower layer down */
+    NULL,			/* Called when Protocol-Reject received */
+    NULL,			/* Retransmission is necessary */
+    NULL,			/* Called to handle protocol-specific codes */
+    "IPCP"			/* String name of protocol */
+};
+
+/*
+ * Lengths of configuration options.
+ */
+#define CILEN_VOID	2
+#define CILEN_COMPRESS	4	/* min length for compression protocol opt. */
+#define CILEN_VJ	6	/* length for RFC1332 Van-Jacobson opt. */
+#define CILEN_ADDR	6	/* new-style single address option */
+#define CILEN_ADDRS	10	/* old-style dual address option */
+
+
+#define CODENAME(x)	((x) == CONFACK ? "ACK" : \
+			 (x) == CONFNAK ? "NAK" : "REJ")
+
+
+/*
+ * Make a string representation of a network IP address.
+ */
+char *
+ip_ntoa(ipaddr)
+u_int32_t ipaddr;
+{
+    static char b[64];
+
+    ipaddr = ntohl(ipaddr);
+
+    sprintf(b, "%d.%d.%d.%d",
+	    (u_char)(ipaddr >> 24),
+	    (u_char)(ipaddr >> 16),
+	    (u_char)(ipaddr >> 8),
+	    (u_char)(ipaddr));
+    return b;
+}
+
+
+/*
+ * ipcp_init - Initialize IPCP.
+ */
+void
+ipcp_init(unit)
+    int unit;
+{
+    fsm *f = &ipcp_fsm[unit];
+    ipcp_options *wo = &ipcp_wantoptions[unit];
+    ipcp_options *ao = &ipcp_allowoptions[unit];
+
+    f->unit = unit;
+    f->protocol = PPP_IPCP;
+    f->callbacks = &ipcp_callbacks;
+    fsm_init(&ipcp_fsm[unit]);
+
+    wo->neg_addr = 1;
+    wo->old_addrs = 0;
+    wo->ouraddr = 0;
+    wo->hisaddr = 0;
+
+    wo->neg_vj = 1;
+    wo->old_vj = 0;
+    wo->vj_protocol = IPCP_VJ_COMP;
+    wo->maxslotindex = MAX_STATES - 1; /* really max index */
+    wo->cflag = 1;
+
+    /* max slots and slot-id compression are currently hardwired in */
+    /* ppp_if.c to 16 and 1, this needs to be changed (among other */
+    /* things) gmc */
+
+    ao->neg_addr = 1;
+    ao->neg_vj = 1;
+    ao->maxslotindex = MAX_STATES - 1;
+    ao->cflag = 1;
+
+    /*
+     * XXX These control whether the user may use the proxyarp
+     * and defaultroute options.
+     */
+    ao->proxy_arp = 1;
+    ao->default_route = 1;
+}
+
+
+/*
+ * ipcp_open - IPCP is allowed to come up.
+ */
+void
+ipcp_open(unit)
+    int unit;
+{
+    fsm_open(&ipcp_fsm[unit]);
+}
+
+
+/*
+ * ipcp_close - Take IPCP down.
+ */
+void
+ipcp_close(unit)
+    int unit;
+{
+    fsm_close(&ipcp_fsm[unit]);
+}
+
+
+/*
+ * ipcp_lowerup - The lower layer is up.
+ */
+void
+ipcp_lowerup(unit)
+    int unit;
+{
+    fsm_lowerup(&ipcp_fsm[unit]);
+}
+
+
+/*
+ * ipcp_lowerdown - The lower layer is down.
+ */
+void
+ipcp_lowerdown(unit)
+    int unit;
+{
+    fsm_lowerdown(&ipcp_fsm[unit]);
+}
+
+
+/*
+ * ipcp_input - Input IPCP packet.
+ */
+void
+ipcp_input(unit, p, len)
+    int unit;
+    u_char *p;
+    int len;
+{
+    fsm_input(&ipcp_fsm[unit], p, len);
+}
+
+
+/*
+ * ipcp_protrej - A Protocol-Reject was received for IPCP.
+ *
+ * Pretend the lower layer went down, so we shut up.
+ */
+void
+ipcp_protrej(unit)
+    int unit;
+{
+    fsm_lowerdown(&ipcp_fsm[unit]);
+}
+
+
+/*
+ * ipcp_resetci - Reset our CI.
+ */
+static void
+ipcp_resetci(f)
+    fsm *f;
+{
+    ipcp_options *wo = &ipcp_wantoptions[f->unit];
+
+    wo->req_addr = wo->neg_addr && ipcp_allowoptions[f->unit].neg_addr;
+    if (wo->ouraddr == 0)
+	wo->accept_local = 1;
+    if (wo->hisaddr == 0)
+	wo->accept_remote = 1;
+    ipcp_gotoptions[f->unit] = *wo;
+    cis_received[f->unit] = 0;
+}
+
+
+/*
+ * ipcp_cilen - Return length of our CI.
+ */
+static int
+ipcp_cilen(f)
+    fsm *f;
+{
+    ipcp_options *go = &ipcp_gotoptions[f->unit];
+
+#define LENCIVJ(neg, old)	(neg ? (old? CILEN_COMPRESS : CILEN_VJ) : 0)
+#define LENCIADDR(neg, old)	(neg ? (old? CILEN_ADDRS : CILEN_ADDR) : 0)
+
+    return (LENCIADDR(go->neg_addr, go->old_addrs) +
+	    LENCIVJ(go->neg_vj, go->old_vj));
+}
+
+
+/*
+ * ipcp_addci - Add our desired CIs to a packet.
+ */
+static void
+ipcp_addci(f, ucp, lenp)
+    fsm *f;
+    u_char *ucp;
+    int *lenp;
+{
+    ipcp_options *wo = &ipcp_wantoptions[f->unit];
+    ipcp_options *go = &ipcp_gotoptions[f->unit];
+    ipcp_options *ho = &ipcp_hisoptions[f->unit];
+    int len = *lenp;
+
+#define ADDCIVJ(opt, neg, val, old, maxslotindex, cflag) \
+    if (neg) { \
+	int vjlen = old? CILEN_COMPRESS : CILEN_VJ; \
+	if (len >= vjlen) { \
+	    PUTCHAR(opt, ucp); \
+	    PUTCHAR(vjlen, ucp); \
+	    PUTSHORT(val, ucp); \
+	    if (!old) { \
+		PUTCHAR(maxslotindex, ucp); \
+		PUTCHAR(cflag, ucp); \
+	    } \
+	    len -= vjlen; \
+	} else \
+	    neg = 0; \
+    }
+
+#define ADDCIADDR(opt, neg, old, val1, val2) \
+    if (neg) { \
+	int addrlen = (old? CILEN_ADDRS: CILEN_ADDR); \
+	if (len >= addrlen) { \
+	    u_int32_t l; \
+	    PUTCHAR(opt, ucp); \
+	    PUTCHAR(addrlen, ucp); \
+	    l = ntohl(val1); \
+	    PUTLONG(l, ucp); \
+	    if (old) { \
+		l = ntohl(val2); \
+		PUTLONG(l, ucp); \
+	    } \
+	    len -= addrlen; \
+	} else \
+	    neg = 0; \
+    }
+
+    /*
+     * First see if we want to change our options to the old
+     * forms because we have received old forms from the peer.
+     */
+    if (wo->neg_addr && !go->neg_addr && !go->old_addrs) {
+	/* use the old style of address negotiation */
+	go->neg_addr = 1;
+	go->old_addrs = 1;
+    }
+    if (wo->neg_vj && !go->neg_vj && !go->old_vj) {
+	/* try an older style of VJ negotiation */
+	if (cis_received[f->unit] == 0) {
+	    /* keep trying the new style until we see some CI from the peer */
+	    go->neg_vj = 1;
+	} else {
+	    /* use the old style only if the peer did */
+	    if (ho->neg_vj && ho->old_vj) {
+		go->neg_vj = 1;
+		go->old_vj = 1;
+		go->vj_protocol = ho->vj_protocol;
+	    }
+	}
+    }
+
+    ADDCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), go->neg_addr,
+	      go->old_addrs, go->ouraddr, go->hisaddr);
+
+    ADDCIVJ(CI_COMPRESSTYPE, go->neg_vj, go->vj_protocol, go->old_vj,
+	    go->maxslotindex, go->cflag);
+
+    *lenp -= len;
+}
+
+
+/*
+ * ipcp_ackci - Ack our CIs.
+ *
+ * Returns:
+ *	0 - Ack was bad.
+ *	1 - Ack was good.
+ */
+static int
+ipcp_ackci(f, p, len)
+    fsm *f;
+    u_char *p;
+    int len;
+{
+    ipcp_options *go = &ipcp_gotoptions[f->unit];
+    u_short cilen, citype, cishort;
+    u_int32_t cilong;
+    u_char cimaxslotindex, cicflag;
+
+    /*
+     * CIs must be in exactly the same order that we sent...
+     * Check packet length and CI length at each step.
+     * If we find any deviations, then this packet is bad.
+     */
+
+#define ACKCIVJ(opt, neg, val, old, maxslotindex, cflag) \
+    if (neg) { \
+	int vjlen = old? CILEN_COMPRESS : CILEN_VJ; \
+	if ((len -= vjlen) < 0) \
+	    goto bad; \
+	GETCHAR(citype, p); \
+	GETCHAR(cilen, p); \
+	if (cilen != vjlen || \
+	    citype != opt)  \
+	    goto bad; \
+	GETSHORT(cishort, p); \
+	if (cishort != val) \
+	    goto bad; \
+	if (!old) { \
+	    GETCHAR(cimaxslotindex, p); \
+	    if (cimaxslotindex != maxslotindex) \
+		goto bad; \
+	    GETCHAR(cicflag, p); \
+	    if (cicflag != cflag) \
+		goto bad; \
+	} \
+    }
+
+#define ACKCIADDR(opt, neg, old, val1, val2) \
+    if (neg) { \
+	int addrlen = (old? CILEN_ADDRS: CILEN_ADDR); \
+	u_int32_t l; \
+	if ((len -= addrlen) < 0) \
+	    goto bad; \
+	GETCHAR(citype, p); \
+	GETCHAR(cilen, p); \
+	if (cilen != addrlen || \
+	    citype != opt) \
+	    goto bad; \
+	GETLONG(l, p); \
+	cilong = htonl(l); \
+	if (val1 != cilong) \
+	    goto bad; \
+	if (old) { \
+	    GETLONG(l, p); \
+	    cilong = htonl(l); \
+	    if (val2 != cilong) \
+		goto bad; \
+	} \
+    }
+
+    ACKCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), go->neg_addr,
+	      go->old_addrs, go->ouraddr, go->hisaddr);
+
+    ACKCIVJ(CI_COMPRESSTYPE, go->neg_vj, go->vj_protocol, go->old_vj,
+	    go->maxslotindex, go->cflag);
+
+    /*
+     * If there are any remaining CIs, then this packet is bad.
+     */
+    if (len != 0)
+	goto bad;
+    return (1);
+
+bad:
+    IPCPDEBUG((LOG_INFO, "ipcp_ackci: received bad Ack!"));
+    return (0);
+}
+
+/*
+ * ipcp_nakci - Peer has sent a NAK for some of our CIs.
+ * This should not modify any state if the Nak is bad
+ * or if IPCP is in the OPENED state.
+ *
+ * Returns:
+ *	0 - Nak was bad.
+ *	1 - Nak was good.
+ */
+static int
+ipcp_nakci(f, p, len)
+    fsm *f;
+    u_char *p;
+    int len;
+{
+    ipcp_options *go = &ipcp_gotoptions[f->unit];
+    u_char cimaxslotindex, cicflag;
+    u_char citype, cilen, *next;
+    u_short cishort;
+    u_int32_t ciaddr1, ciaddr2, l;
+    ipcp_options no;		/* options we've seen Naks for */
+    ipcp_options try;		/* options to request next time */
+
+    BZERO(&no, sizeof(no));
+    try = *go;
+
+    /*
+     * Any Nak'd CIs must be in exactly the same order that we sent.
+     * Check packet length and CI length at each step.
+     * If we find any deviations, then this packet is bad.
+     */
+#define NAKCIADDR(opt, neg, old, code) \
+    if (go->neg && \
+	len >= (cilen = (old? CILEN_ADDRS: CILEN_ADDR)) && \
+	p[1] == cilen && \
+	p[0] == opt) { \
+	len -= cilen; \
+	INCPTR(2, p); \
+	GETLONG(l, p); \
+	ciaddr1 = htonl(l); \
+	if (old) { \
+	    GETLONG(l, p); \
+	    ciaddr2 = htonl(l); \
+	    no.old_addrs = 1; \
+	} else \
+	    ciaddr2 = 0; \
+	no.neg = 1; \
+	code \
+    }
+
+#define NAKCIVJ(opt, neg, code) \
+    if (go->neg && \
+	((cilen = p[1]) == CILEN_COMPRESS || cilen == CILEN_VJ) && \
+	len >= cilen && \
+	p[0] == opt) { \
+	len -= cilen; \
+	INCPTR(2, p); \
+	GETSHORT(cishort, p); \
+	no.neg = 1; \
+        code \
+    }
+
+    /*
+     * Accept the peer's idea of {our,his} address, if different
+     * from our idea, only if the accept_{local,remote} flag is set.
+     */
+    NAKCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), neg_addr, go->old_addrs,
+	      if (go->accept_local && ciaddr1) { /* Do we know our address? */
+		  try.ouraddr = ciaddr1;
+		  IPCPDEBUG((LOG_INFO, "local IP address %s",
+			     ip_ntoa(ciaddr1)));
+	      }
+	      if (go->accept_remote && ciaddr2) { /* Does he know his? */
+		  try.hisaddr = ciaddr2;
+		  IPCPDEBUG((LOG_INFO, "remote IP address %s",
+			     ip_ntoa(ciaddr2)));
+	      }
+	      );
+
+    /*
+     * Accept the peer's value of maxslotindex provided that it
+     * is less than what we asked for.  Turn off slot-ID compression
+     * if the peer wants.  Send old-style compress-type option if
+     * the peer wants.
+     */
+    NAKCIVJ(CI_COMPRESSTYPE, neg_vj,
+	    if (cilen == CILEN_VJ) {
+		GETCHAR(cimaxslotindex, p);
+		GETCHAR(cicflag, p);
+		if (cishort == IPCP_VJ_COMP) {
+		    try.old_vj = 0;
+		    if (cimaxslotindex < go->maxslotindex)
+			try.maxslotindex = cimaxslotindex;
+		    if (!cicflag)
+			try.cflag = 0;
+		} else {
+		    try.neg_vj = 0;
+		}
+	    } else {
+		if (cishort == IPCP_VJ_COMP || cishort == IPCP_VJ_COMP_OLD) {
+		    try.old_vj = 1;
+		    try.vj_protocol = cishort;
+		} else {
+		    try.neg_vj = 0;
+		}
+	    }
+	    );
+
+    /*
+     * There may be remaining CIs, if the peer is requesting negotiation
+     * on an option that we didn't include in our request packet.
+     * If they want to negotiate about IP addresses, we comply.
+     * If they want us to ask for compression, we refuse.
+     */
+    while (len > CILEN_VOID) {
+	GETCHAR(citype, p);
+	GETCHAR(cilen, p);
+	if( (len -= cilen) < 0 )
+	    goto bad;
+	next = p + cilen - 2;
+
+	switch (citype) {
+	case CI_COMPRESSTYPE:
+	    if (go->neg_vj || no.neg_vj ||
+		(cilen != CILEN_VJ && cilen != CILEN_COMPRESS))
+		goto bad;
+	    no.neg_vj = 1;
+	    break;
+	case CI_ADDRS:
+	    if (go->neg_addr && go->old_addrs || no.old_addrs
+		|| cilen != CILEN_ADDRS)
+		goto bad;
+	    try.neg_addr = 1;
+	    try.old_addrs = 1;
+	    GETLONG(l, p);
+	    ciaddr1 = htonl(l);
+	    if (ciaddr1 && go->accept_local)
+		try.ouraddr = ciaddr1;
+	    GETLONG(l, p);
+	    ciaddr2 = htonl(l);
+	    if (ciaddr2 && go->accept_remote)
+		try.hisaddr = ciaddr2;
+	    no.old_addrs = 1;
+	    break;
+	case CI_ADDR:
+	    if (go->neg_addr || no.neg_addr || cilen != CILEN_ADDR)
+		goto bad;
+	    try.old_addrs = 0;
+	    GETLONG(l, p);
+	    ciaddr1 = htonl(l);
+	    if (ciaddr1 && go->accept_local)
+		try.ouraddr = ciaddr1;
+	    if (try.ouraddr != 0)
+		try.neg_addr = 1;
+	    no.neg_addr = 1;
+	    break;
+	}
+	p = next;
+    }
+
+    /* If there is still anything left, this packet is bad. */
+    if (len != 0)
+	goto bad;
+
+    /*
+     * OK, the Nak is good.  Now we can update state.
+     */
+    if (f->state != OPENED)
+	*go = try;
+
+    return 1;
+
+bad:
+    IPCPDEBUG((LOG_INFO, "ipcp_nakci: received bad Nak!"));
+    return 0;
+}
+
+
+/*
+ * ipcp_rejci - Reject some of our CIs.
+ */
+static int
+ipcp_rejci(f, p, len)
+    fsm *f;
+    u_char *p;
+    int len;
+{
+    ipcp_options *go = &ipcp_gotoptions[f->unit];
+    u_char cimaxslotindex, ciflag, cilen;
+    u_short cishort;
+    u_int32_t cilong;
+    ipcp_options try;		/* options to request next time */
+
+    try = *go;
+    /*
+     * Any Rejected CIs must be in exactly the same order that we sent.
+     * Check packet length and CI length at each step.
+     * If we find any deviations, then this packet is bad.
+     */
+#define REJCIADDR(opt, neg, old, val1, val2) \
+    if (go->neg && \
+	len >= (cilen = old? CILEN_ADDRS: CILEN_ADDR) && \
+	p[1] == cilen && \
+	p[0] == opt) { \
+	u_int32_t l; \
+	len -= cilen; \
+	INCPTR(2, p); \
+	GETLONG(l, p); \
+	cilong = htonl(l); \
+	/* Check rejected value. */ \
+	if (cilong != val1) \
+	    goto bad; \
+	if (old) { \
+	    GETLONG(l, p); \
+	    cilong = htonl(l); \
+	    /* Check rejected value. */ \
+	    if (cilong != val2) \
+		goto bad; \
+	} \
+	try.neg = 0; \
+    }
+
+#define REJCIVJ(opt, neg, val, old, maxslot, cflag) \
+    if (go->neg && \
+	p[1] == (old? CILEN_COMPRESS : CILEN_VJ) && \
+	len >= p[1] && \
+	p[0] == opt) { \
+	len -= p[1]; \
+	INCPTR(2, p); \
+	GETSHORT(cishort, p); \
+	/* Check rejected value. */  \
+	if (cishort != val) \
+	    goto bad; \
+	if (!old) { \
+	   GETCHAR(cimaxslotindex, p); \
+	   if (cimaxslotindex != maxslot) \
+	     goto bad; \
+	   GETCHAR(ciflag, p); \
+	   if (ciflag != cflag) \
+	     goto bad; \
+        } \
+	try.neg = 0; \
+     }
+
+    REJCIADDR((go->old_addrs? CI_ADDRS: CI_ADDR), neg_addr,
+	      go->old_addrs, go->ouraddr, go->hisaddr);
+
+    REJCIVJ(CI_COMPRESSTYPE, neg_vj, go->vj_protocol, go->old_vj,
+	    go->maxslotindex, go->cflag);
+
+    /*
+     * If there are any remaining CIs, then this packet is bad.
+     */
+    if (len != 0)
+	goto bad;
+    /*
+     * Now we can update state.
+     */
+    if (f->state != OPENED)
+	*go = try;
+    return 1;
+
+bad:
+    IPCPDEBUG((LOG_INFO, "ipcp_rejci: received bad Reject!"));
+    return 0;
+}
+
+
+/*
+ * ipcp_reqci - Check the peer's requested CIs and send appropriate response.
+ *
+ * Returns: CONFACK, CONFNAK or CONFREJ and input packet modified
+ * appropriately.  If reject_if_disagree is non-zero, doesn't return
+ * CONFNAK; returns CONFREJ if it can't return CONFACK.
+ */
+static int
+ipcp_reqci(f, inp, len, reject_if_disagree)
+    fsm *f;
+    u_char *inp;		/* Requested CIs */
+    int *len;			/* Length of requested CIs */
+    int reject_if_disagree;
+{
+    ipcp_options *wo = &ipcp_wantoptions[f->unit];
+    ipcp_options *ho = &ipcp_hisoptions[f->unit];
+    ipcp_options *ao = &ipcp_allowoptions[f->unit];
+    ipcp_options *go = &ipcp_gotoptions[f->unit];
+    u_char *cip, *next;		/* Pointer to current and next CIs */
+    u_short cilen, citype;	/* Parsed len, type */
+    u_short cishort;		/* Parsed short value */
+    u_int32_t tl, ciaddr1, ciaddr2;/* Parsed address values */
+    int rc = CONFACK;		/* Final packet return code */
+    int orc;			/* Individual option return code */
+    u_char *p;			/* Pointer to next char to parse */
+    u_char *ucp = inp;		/* Pointer to current output char */
+    int l = *len;		/* Length left */
+    u_char maxslotindex, cflag;
+
+    /*
+     * Reset all his options.
+     */
+    BZERO(ho, sizeof(*ho));
+    
+    /*
+     * Process all his options.
+     */
+    next = inp;
+    while (l) {
+	orc = CONFACK;			/* Assume success */
+	cip = p = next;			/* Remember begining of CI */
+	if (l < 2 ||			/* Not enough data for CI header or */
+	    p[1] < 2 ||			/*  CI length too small or */
+	    p[1] > l) {			/*  CI length too big? */
+	    IPCPDEBUG((LOG_INFO, "ipcp_reqci: bad CI length!"));
+	    orc = CONFREJ;		/* Reject bad CI */
+	    cilen = l;			/* Reject till end of packet */
+	    l = 0;			/* Don't loop again */
+	    goto endswitch;
+	}
+	GETCHAR(citype, p);		/* Parse CI type */
+	GETCHAR(cilen, p);		/* Parse CI length */
+	l -= cilen;			/* Adjust remaining length */
+	next += cilen;			/* Step to next CI */
+
+	switch (citype) {		/* Check CI type */
+	case CI_ADDRS:
+	    IPCPDEBUG((LOG_INFO, "ipcp: received ADDRS "));
+	    if (!ao->neg_addr ||
+		cilen != CILEN_ADDRS) {	/* Check CI length */
+		orc = CONFREJ;		/* Reject CI */
+		break;
+	    }
+
+	    /*
+	     * If he has no address, or if we both have his address but
+	     * disagree about it, then NAK it with our idea.
+	     * In particular, if we don't know his address, but he does,
+	     * then accept it.
+	     */
+	    GETLONG(tl, p);		/* Parse source address (his) */
+	    ciaddr1 = htonl(tl);
+	    IPCPDEBUG((LOG_INFO, "(%s:", ip_ntoa(ciaddr1)));
+	    if (ciaddr1 != wo->hisaddr
+		&& (ciaddr1 == 0 || !wo->accept_remote)) {
+		orc = CONFNAK;
+		if (!reject_if_disagree) {
+		    DECPTR(sizeof(u_int32_t), p);
+		    tl = ntohl(wo->hisaddr);
+		    PUTLONG(tl, p);
+		}
+	    } else if (ciaddr1 == 0 && wo->hisaddr == 0) {
+		/*
+		 * If neither we nor he knows his address, reject the option.
+		 */
+		orc = CONFREJ;
+		wo->req_addr = 0;	/* don't NAK with 0.0.0.0 later */
+		break;
+	    }
+
+	    /*
+	     * If he doesn't know our address, or if we both have our address
+	     * but disagree about it, then NAK it with our idea.
+	     */
+	    GETLONG(tl, p);		/* Parse desination address (ours) */
+	    ciaddr2 = htonl(tl);
+	    IPCPDEBUG((LOG_INFO, "%s)", ip_ntoa(ciaddr2)));
+	    if (ciaddr2 != wo->ouraddr) {
+		if (ciaddr2 == 0 || !wo->accept_local) {
+		    orc = CONFNAK;
+		    if (!reject_if_disagree) {
+			DECPTR(sizeof(u_int32_t), p);
+			tl = ntohl(wo->ouraddr);
+			PUTLONG(tl, p);
+		    }
+		} else {
+		    go->ouraddr = ciaddr2;	/* accept peer's idea */
+		}
+	    }
+
+	    ho->neg_addr = 1;
+	    ho->old_addrs = 1;
+	    ho->hisaddr = ciaddr1;
+	    ho->ouraddr = ciaddr2;
+	    break;
+
+	case CI_ADDR:
+	    IPCPDEBUG((LOG_INFO, "ipcp: received ADDR "));
+
+	    if (!ao->neg_addr ||
+		cilen != CILEN_ADDR) {	/* Check CI length */
+		orc = CONFREJ;		/* Reject CI */
+		break;
+	    }
+
+	    /*
+	     * If he has no address, or if we both have his address but
+	     * disagree about it, then NAK it with our idea.
+	     * In particular, if we don't know his address, but he does,
+	     * then accept it.
+	     */
+	    GETLONG(tl, p);	/* Parse source address (his) */
+	    ciaddr1 = htonl(tl);
+	    IPCPDEBUG((LOG_INFO, "(%s)", ip_ntoa(ciaddr1)));
+	    if (ciaddr1 != wo->hisaddr
+		&& (ciaddr1 == 0 || !wo->accept_remote)) {
+		orc = CONFNAK;
+		if (!reject_if_disagree) {
+		    DECPTR(sizeof(u_int32_t), p);
+		    tl = ntohl(wo->hisaddr);
+		    PUTLONG(tl, p);
+		}
+	    } else if (ciaddr1 == 0 && wo->hisaddr == 0) {
+		/*
+		 * Don't ACK an address of 0.0.0.0 - reject it instead.
+		 */
+		orc = CONFREJ;
+		wo->req_addr = 0;	/* don't NAK with 0.0.0.0 later */
+		break;
+	    }
+	
+	    ho->neg_addr = 1;
+	    ho->hisaddr = ciaddr1;
+	    break;
+	
+	case CI_COMPRESSTYPE:
+	    IPCPDEBUG((LOG_INFO, "ipcp: received COMPRESSTYPE "));
+	    if (!ao->neg_vj ||
+		(cilen != CILEN_VJ && cilen != CILEN_COMPRESS)) {
+		orc = CONFREJ;
+		break;
+	    }
+	    GETSHORT(cishort, p);
+	    IPCPDEBUG((LOG_INFO, "(%d)", cishort));
+
+	    if (!(cishort == IPCP_VJ_COMP ||
+		  (cishort == IPCP_VJ_COMP_OLD && cilen == CILEN_COMPRESS))) {
+		orc = CONFREJ;
+		break;
+	    }
+
+	    ho->neg_vj = 1;
+	    ho->vj_protocol = cishort;
+	    if (cilen == CILEN_VJ) {
+		GETCHAR(maxslotindex, p);
+		if (maxslotindex > ao->maxslotindex) { 
+		    orc = CONFNAK;
+		    if (!reject_if_disagree){
+			DECPTR(1, p);
+			PUTCHAR(ao->maxslotindex, p);
+		    }
+		}
+		GETCHAR(cflag, p);
+		if (cflag && !ao->cflag) {
+		    orc = CONFNAK;
+		    if (!reject_if_disagree){
+			DECPTR(1, p);
+			PUTCHAR(wo->cflag, p);
+		    }
+		}
+		ho->maxslotindex = maxslotindex;
+		ho->cflag = cflag;
+	    } else {
+		ho->old_vj = 1;
+		ho->maxslotindex = MAX_STATES - 1;
+		ho->cflag = 1;
+	    }
+	    break;
+
+	default:
+	    orc = CONFREJ;
+	    break;
+	}
+
+endswitch:
+	IPCPDEBUG((LOG_INFO, " (%s)\n", CODENAME(orc)));
+
+	if (orc == CONFACK &&		/* Good CI */
+	    rc != CONFACK)		/*  but prior CI wasnt? */
+	    continue;			/* Don't send this one */
+
+	if (orc == CONFNAK) {		/* Nak this CI? */
+	    if (reject_if_disagree)	/* Getting fed up with sending NAKs? */
+		orc = CONFREJ;		/* Get tough if so */
+	    else {
+		if (rc == CONFREJ)	/* Rejecting prior CI? */
+		    continue;		/* Don't send this one */
+		if (rc == CONFACK) {	/* Ack'd all prior CIs? */
+		    rc = CONFNAK;	/* Not anymore... */
+		    ucp = inp;		/* Backup */
+		}
+	    }
+	}
+
+	if (orc == CONFREJ &&		/* Reject this CI */
+	    rc != CONFREJ) {		/*  but no prior ones? */
+	    rc = CONFREJ;
+	    ucp = inp;			/* Backup */
+	}
+
+	/* Need to move CI? */
+	if (ucp != cip)
+	    BCOPY(cip, ucp, cilen);	/* Move it */
+
+	/* Update output pointer */
+	INCPTR(cilen, ucp);
+    }
+
+    /*
+     * If we aren't rejecting this packet, and we want to negotiate
+     * their address, and they didn't send their address, then we
+     * send a NAK with a CI_ADDR option appended.  We assume the
+     * input buffer is long enough that we can append the extra
+     * option safely.
+     */
+    if (rc != CONFREJ && !ho->neg_addr &&
+	wo->req_addr && !reject_if_disagree) {
+	if (rc == CONFACK) {
+	    rc = CONFNAK;
+	    ucp = inp;			/* reset pointer */
+	    wo->req_addr = 0;		/* don't ask again */
+	}
+	PUTCHAR(CI_ADDR, ucp);
+	PUTCHAR(CILEN_ADDR, ucp);
+	tl = ntohl(wo->hisaddr);
+	PUTLONG(tl, ucp);
+    }
+
+    *len = ucp - inp;			/* Compute output length */
+    IPCPDEBUG((LOG_INFO, "ipcp: returning Configure-%s", CODENAME(rc)));
+    return (rc);			/* Return final code */
+}
+
+
+/*
+ * ipcp_up - IPCP has come UP.
+ *
+ * Configure the IP network interface appropriately and bring it up.
+ */
+static void
+ipcp_up(f)
+    fsm *f;
+{
+    u_int32_t mask;
+    ipcp_options *ho = &ipcp_hisoptions[f->unit];
+    ipcp_options *go = &ipcp_gotoptions[f->unit];
+
+    IPCPDEBUG((LOG_INFO, "ipcp: up"));
+    go->default_route = 0;
+    go->proxy_arp = 0;
+
+    /*
+     * We must have a non-zero IP address for both ends of the link.
+     */
+    if (!ho->neg_addr)
+	ho->hisaddr = ipcp_wantoptions[f->unit].hisaddr;
+
+    if (ho->hisaddr == 0) {
+	syslog(LOG_ERR, "Could not determine remote IP address");
+	ipcp_close(f->unit);
+	return;
+    }
+    if (go->ouraddr == 0) {
+	syslog(LOG_ERR, "Could not determine local IP address");
+	ipcp_close(f->unit);
+	return;
+    }
+
+    /*
+     * Check that the peer is allowed to use the IP address it wants.
+     */
+    if (!auth_ip_addr(f->unit, ho->hisaddr)) {
+	syslog(LOG_ERR, "Peer is not authorized to use remote address %s",
+	       ip_ntoa(ho->hisaddr));
+	ipcp_close(f->unit);
+	return;
+    }
+
+    syslog(LOG_NOTICE, "local  IP address %s", ip_ntoa(go->ouraddr));
+    syslog(LOG_NOTICE, "remote IP address %s", ip_ntoa(ho->hisaddr));
+
+    /*
+     * Set IP addresses and (if specified) netmask.
+     */
+    mask = GetMask(go->ouraddr);
+    if (!sifaddr(f->unit, go->ouraddr, ho->hisaddr, mask)) {
+	IPCPDEBUG((LOG_WARNING, "sifaddr failed"));
+	ipcp_close(f->unit);
+	return;
+    }
+
+    /* set tcp compression */
+    sifvjcomp(f->unit, ho->neg_vj, ho->cflag, ho->maxslotindex);
+
+    /* bring the interface up for IP */
+    if (!sifup(f->unit)) {
+	IPCPDEBUG((LOG_WARNING, "sifup failed"));
+	ipcp_close(f->unit);
+	return;
+    }
+
+    /* assign a default route through the interface if required */
+    if (ipcp_wantoptions[f->unit].default_route) 
+	if (sifdefaultroute(f->unit, ho->hisaddr))
+	    go->default_route = 1;
+
+    /* Make a proxy ARP entry if requested. */
+    if (ipcp_wantoptions[f->unit].proxy_arp)
+	if (sifproxyarp(f->unit, ho->hisaddr))
+	    go->proxy_arp = 1;
+
+    /*
+     * Execute the ip-up script, like this:
+     *	/etc/ppp/ip-up interface tty speed local-IP remote-IP
+     */
+    ipcp_script(f, _PATH_IPUP);
+
+}
+
+
+/*
+ * ipcp_down - IPCP has gone DOWN.
+ *
+ * Take the IP network interface down, clear its addresses
+ * and delete routes through it.
+ */
+static void
+ipcp_down(f)
+    fsm *f;
+{
+    u_int32_t ouraddr, hisaddr;
+
+    IPCPDEBUG((LOG_INFO, "ipcp: down"));
+
+    ouraddr = ipcp_gotoptions[f->unit].ouraddr;
+    hisaddr = ipcp_hisoptions[f->unit].hisaddr;
+    if (ipcp_gotoptions[f->unit].proxy_arp)
+	cifproxyarp(f->unit, hisaddr);
+    if (ipcp_gotoptions[f->unit].default_route) 
+	cifdefaultroute(f->unit, hisaddr);
+    sifdown(f->unit);
+    cifaddr(f->unit, ouraddr, hisaddr);
+
+    /* Execute the ip-down script */
+    ipcp_script(f, _PATH_IPDOWN);
+}
+
+
+/*
+ * ipcp_script - Execute a script with arguments
+ * interface-name tty-name speed local-IP remote-IP.
+ */
+static void
+ipcp_script(f, script)
+    fsm *f;
+    char *script;
+{
+    char strspeed[32], strlocal[32], strremote[32];
+    char *argv[8];
+
+    sprintf(strspeed, "%d", baud_rate);
+    strcpy(strlocal, ip_ntoa(ipcp_gotoptions[f->unit].ouraddr));
+    strcpy(strremote, ip_ntoa(ipcp_hisoptions[f->unit].hisaddr));
+
+    argv[0] = script;
+    argv[1] = ifname;
+    argv[2] = devnam;
+    argv[3] = strspeed;
+    argv[4] = strlocal;
+    argv[5] = strremote;
+    argv[6] = ipparam;
+    argv[7] = NULL;
+    run_program(script, argv, 0);
+}
+
+/*
+ * ipcp_printpkt - print the contents of an IPCP packet.
+ */
+char *ipcp_codenames[] = {
+    "ConfReq", "ConfAck", "ConfNak", "ConfRej",
+    "TermReq", "TermAck", "CodeRej"
+};
+
+int
+ipcp_printpkt(p, plen, printer, arg)
+    u_char *p;
+    int plen;
+    void (*printer)();
+    void *arg;
+{
+    int code, id, len, olen;
+    u_char *pstart, *optend;
+    u_short cishort;
+    u_int32_t cilong;
+
+    if (plen < HEADERLEN)
+	return 0;
+    pstart = p;
+    GETCHAR(code, p);
+    GETCHAR(id, p);
+    GETSHORT(len, p);
+    if (len < HEADERLEN || len > plen)
+	return 0;
+
+    if (code >= 1 && code <= sizeof(ipcp_codenames) / sizeof(char *))
+	printer(arg, " %s", ipcp_codenames[code-1]);
+    else
+	printer(arg, " code=0x%x", code);
+    printer(arg, " id=0x%x", id);
+    len -= HEADERLEN;
+    switch (code) {
+    case CONFREQ:
+    case CONFACK:
+    case CONFNAK:
+    case CONFREJ:
+	/* print option list */
+	while (len >= 2) {
+	    GETCHAR(code, p);
+	    GETCHAR(olen, p);
+	    p -= 2;
+	    if (olen < 2 || olen > len) {
+		break;
+	    }
+	    printer(arg, " <");
+	    len -= olen;
+	    optend = p + olen;
+	    switch (code) {
+	    case CI_ADDRS:
+		if (olen == CILEN_ADDRS) {
+		    p += 2;
+		    GETLONG(cilong, p);
+		    printer(arg, "addrs %s", ip_ntoa(htonl(cilong)));
+		    GETLONG(cilong, p);
+		    printer(arg, " %s", ip_ntoa(htonl(cilong)));
+		}
+		break;
+	    case CI_COMPRESSTYPE:
+		if (olen >= CILEN_COMPRESS) {
+		    p += 2;
+		    GETSHORT(cishort, p);
+		    printer(arg, "compress ");
+		    switch (cishort) {
+		    case IPCP_VJ_COMP:
+			printer(arg, "VJ");
+			break;
+		    case IPCP_VJ_COMP_OLD:
+			printer(arg, "old-VJ");
+			break;
+		    default:
+			printer(arg, "0x%x", cishort);
+		    }
+		}
+		break;
+	    case CI_ADDR:
+		if (olen == CILEN_ADDR) {
+		    p += 2;
+		    GETLONG(cilong, p);
+		    printer(arg, "addr %s", ip_ntoa(htonl(cilong)));
+		}
+		break;
+	    }
+	    while (p < optend) {
+		GETCHAR(code, p);
+		printer(arg, " %.2x", code);
+	    }
+	    printer(arg, ">");
+	}
+	break;
+    }
+
+    /* print the rest of the bytes in the packet */
+    for (; len > 0; --len) {
+	GETCHAR(code, p);
+	printer(arg, " %.2x", code);
+    }
+
+    return p - pstart;
+}
diff --git a/usr.sbin/pppd/ipcp.h b/usr.sbin/pppd/ipcp.h
new file mode 100644
index 00000000000..17eed890375
--- /dev/null
+++ b/usr.sbin/pppd/ipcp.h
@@ -0,0 +1,68 @@
+/*
+ * ipcp.h - IP Control Protocol definitions.
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * $Id: ipcp.h,v 1.1 1995/10/18 08:47:58 deraadt Exp $
+ */
+
+/*
+ * Options.
+ */
+#define CI_ADDRS	1	/* IP Addresses */
+#define CI_COMPRESSTYPE	2	/* Compression Type */
+#define	CI_ADDR		3
+
+#define MAX_STATES 16		/* from slcompress.h */
+
+#define IPCP_VJMODE_OLD 1	/* "old" mode (option # = 0x0037) */
+#define IPCP_VJMODE_RFC1172 2	/* "old-rfc"mode (option # = 0x002d) */
+#define IPCP_VJMODE_RFC1332 3	/* "new-rfc"mode (option # = 0x002d, */
+                                /*  maxslot and slot number compression) */
+
+#define IPCP_VJ_COMP 0x002d	/* current value for VJ compression option*/
+#define IPCP_VJ_COMP_OLD 0x0037	/* "old" (i.e, broken) value for VJ */
+				/* compression option*/ 
+
+typedef struct ipcp_options {
+    int neg_addr : 1;		/* Negotiate IP Address? */
+    int old_addrs : 1;		/* Use old (IP-Addresses) option? */
+    int req_addr : 1;		/* Ask peer to send IP address? */
+    int default_route : 1;	/* Assign default route through interface? */
+    int proxy_arp : 1;		/* Make proxy ARP entry for peer? */
+    int neg_vj : 1;		/* Van Jacobson Compression? */
+    int old_vj : 1;		/* use old (short) form of VJ option? */
+    int accept_local : 1;	/* accept peer's value for ouraddr */
+    int accept_remote : 1;	/* accept peer's value for hisaddr */
+    u_short vj_protocol;	/* protocol value to use in VJ option */
+    u_char maxslotindex, cflag;	/* values for RFC1332 VJ compression neg. */
+    u_int32_t ouraddr, hisaddr;	/* Addresses in NETWORK BYTE ORDER */
+} ipcp_options;
+
+extern fsm ipcp_fsm[];
+extern ipcp_options ipcp_wantoptions[];
+extern ipcp_options ipcp_gotoptions[];
+extern ipcp_options ipcp_allowoptions[];
+extern ipcp_options ipcp_hisoptions[];
+
+void ipcp_init __P((int));
+void ipcp_open __P((int));
+void ipcp_close __P((int));
+void ipcp_lowerup __P((int));
+void ipcp_lowerdown __P((int));
+void ipcp_input __P((int, u_char *, int));
+void ipcp_protrej __P((int));
+int  ipcp_printpkt __P((u_char *, int, void (*)(), void *));
diff --git a/usr.sbin/pppd/lcp.c b/usr.sbin/pppd/lcp.c
new file mode 100644
index 00000000000..e15debae546
--- /dev/null
+++ b/usr.sbin/pppd/lcp.c
@@ -0,0 +1,1822 @@
+/*
+ * lcp.c - PPP Link Control Protocol.
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: lcp.c,v 1.1 1995/10/18 08:47:58 deraadt Exp $";
+#endif
+
+/*
+ * TODO:
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <syslog.h>
+#include <assert.h>
+#include <sys/ioctl.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <netinet/in.h>
+
+#include "pppd.h"
+#include "fsm.h"
+#include "lcp.h"
+#include "magic.h"
+#include "chap.h"
+#include "upap.h"
+#include "ipcp.h"
+
+#ifdef _linux_		/* Needs ppp ioctls */
+#include <net/if.h>
+#include <linux/if_ppp.h>
+#endif
+
+/* global vars */
+fsm lcp_fsm[NUM_PPP];			/* LCP fsm structure (global)*/
+lcp_options lcp_wantoptions[NUM_PPP];	/* Options that we want to request */
+lcp_options lcp_gotoptions[NUM_PPP];	/* Options that peer ack'd */
+lcp_options lcp_allowoptions[NUM_PPP];	/* Options we allow peer to request */
+lcp_options lcp_hisoptions[NUM_PPP];	/* Options that we ack'd */
+u_int32_t xmit_accm[NUM_PPP][8];		/* extended transmit ACCM */
+
+static u_int32_t lcp_echos_pending = 0;	/* Number of outstanding echo msgs */
+static u_int32_t lcp_echo_number   = 0;	/* ID number of next echo frame */
+static u_int32_t lcp_echo_timer_running = 0;  /* TRUE if a timer is running */
+
+static u_char nak_buffer[PPP_MRU];	/* where we construct a nak packet */
+
+#ifdef _linux_
+u_int32_t idle_timer_running = 0;
+extern int idle_time_limit;
+#endif
+
+/*
+ * Callbacks for fsm code.  (CI = Configuration Information)
+ */
+static void lcp_resetci __P((fsm *));	/* Reset our CI */
+static int  lcp_cilen __P((fsm *));		/* Return length of our CI */
+static void lcp_addci __P((fsm *, u_char *, int *)); /* Add our CI to pkt */
+static int  lcp_ackci __P((fsm *, u_char *, int)); /* Peer ack'd our CI */
+static int  lcp_nakci __P((fsm *, u_char *, int)); /* Peer nak'd our CI */
+static int  lcp_rejci __P((fsm *, u_char *, int)); /* Peer rej'd our CI */
+static int  lcp_reqci __P((fsm *, u_char *, int *, int)); /* Rcv peer CI */
+static void lcp_up __P((fsm *));		/* We're UP */
+static void lcp_down __P((fsm *));		/* We're DOWN */
+static void lcp_starting __P((fsm *));	/* We need lower layer up */
+static void lcp_finished __P((fsm *));	/* We need lower layer down */
+static int  lcp_extcode __P((fsm *, int, int, u_char *, int));
+static void lcp_rprotrej __P((fsm *, u_char *, int));
+
+/*
+ * routines to send LCP echos to peer
+ */
+
+static void lcp_echo_lowerup __P((int));
+static void lcp_echo_lowerdown __P((int));
+static void LcpEchoTimeout __P((caddr_t));
+static void lcp_received_echo_reply __P((fsm *, int, u_char *, int));
+static void LcpSendEchoRequest __P((fsm *));
+static void LcpLinkFailure __P((fsm *));
+
+static fsm_callbacks lcp_callbacks = {	/* LCP callback routines */
+    lcp_resetci,		/* Reset our Configuration Information */
+    lcp_cilen,			/* Length of our Configuration Information */
+    lcp_addci,			/* Add our Configuration Information */
+    lcp_ackci,			/* ACK our Configuration Information */
+    lcp_nakci,			/* NAK our Configuration Information */
+    lcp_rejci,			/* Reject our Configuration Information */
+    lcp_reqci,			/* Request peer's Configuration Information */
+    lcp_up,			/* Called when fsm reaches OPENED state */
+    lcp_down,			/* Called when fsm leaves OPENED state */
+    lcp_starting,		/* Called when we want the lower layer up */
+    lcp_finished,		/* Called when we want the lower layer down */
+    NULL,			/* Called when Protocol-Reject received */
+    NULL,			/* Retransmission is necessary */
+    lcp_extcode,		/* Called to handle LCP-specific codes */
+    "LCP"			/* String name of protocol */
+};
+
+int lcp_loopbackfail = DEFLOOPBACKFAIL;
+
+/*
+ * Length of each type of configuration option (in octets)
+ */
+#define CILEN_VOID	2
+#define CILEN_SHORT	4	/* CILEN_VOID + sizeof(short) */
+#define CILEN_CHAP	5	/* CILEN_VOID + sizeof(short) + 1 */
+#define CILEN_LONG	6	/* CILEN_VOID + sizeof(long) */
+#define CILEN_LQR	8	/* CILEN_VOID + sizeof(short) + sizeof(long) */
+
+#define CODENAME(x)	((x) == CONFACK ? "ACK" : \
+			 (x) == CONFNAK ? "NAK" : "REJ")
+
+
+/*
+ * lcp_init - Initialize LCP.
+ */
+void
+lcp_init(unit)
+    int unit;
+{
+    fsm *f = &lcp_fsm[unit];
+    lcp_options *wo = &lcp_wantoptions[unit];
+    lcp_options *ao = &lcp_allowoptions[unit];
+
+    f->unit = unit;
+    f->protocol = PPP_LCP;
+    f->callbacks = &lcp_callbacks;
+
+    fsm_init(f);
+
+    wo->passive = 0;
+    wo->silent = 0;
+    wo->restart = 0;			/* Set to 1 in kernels or multi-line
+					   implementations */
+    wo->neg_mru = 1;
+    wo->mru = DEFMRU;
+    wo->neg_asyncmap = 0;
+    wo->asyncmap = 0;
+    wo->neg_chap = 0;			/* Set to 1 on server */
+    wo->neg_upap = 0;			/* Set to 1 on server */
+    wo->chap_mdtype = CHAP_DIGEST_MD5;
+    wo->neg_magicnumber = 1;
+    wo->neg_pcompression = 1;
+    wo->neg_accompression = 1;
+    wo->neg_lqr = 0;			/* no LQR implementation yet */
+
+    ao->neg_mru = 1;
+    ao->mru = MAXMRU;
+    ao->neg_asyncmap = 1;
+    ao->asyncmap = 0;
+    ao->neg_chap = 1;
+    ao->chap_mdtype = CHAP_DIGEST_MD5;
+    ao->neg_upap = 1;
+    ao->neg_magicnumber = 1;
+    ao->neg_pcompression = 1;
+    ao->neg_accompression = 1;
+    ao->neg_lqr = 0;			/* no LQR implementation yet */
+
+    memset(xmit_accm[unit], 0, sizeof(xmit_accm[0]));
+    xmit_accm[unit][3] = 0x60000000;
+}
+
+
+/*
+ * lcp_open - LCP is allowed to come up.
+ */
+void
+lcp_open(unit)
+    int unit;
+{
+    fsm *f = &lcp_fsm[unit];
+    lcp_options *wo = &lcp_wantoptions[unit];
+
+    f->flags = 0;
+    if (wo->passive)
+	f->flags |= OPT_PASSIVE;
+    if (wo->silent)
+	f->flags |= OPT_SILENT;
+    fsm_open(f);
+}
+
+
+/*
+ * lcp_close - Take LCP down.
+ */
+void
+lcp_close(unit)
+    int unit;
+{
+    fsm *f = &lcp_fsm[unit];
+
+    if (f->state == STOPPED && f->flags & (OPT_PASSIVE|OPT_SILENT)) {
+	/*
+	 * This action is not strictly according to the FSM in RFC1548,
+	 * but it does mean that the program terminates if you do a
+	 * lcp_close(0) in passive/silent mode when a connection hasn't
+	 * been established.
+	 */
+	f->state = CLOSED;
+	lcp_finished(f);
+
+    } else
+	fsm_close(&lcp_fsm[unit]);
+}
+
+#ifdef _linux_
+static void IdleTimeCheck __P((caddr_t));
+
+/*
+ * Timer expired for the LCP echo requests from this process.
+ */
+
+static void
+RestartIdleTimer (f)
+    fsm *f;
+{
+    u_long             delta;
+    struct ppp_idle    ddinfo;
+/*
+ * Read the time since the last packet was received.
+ */
+    if (ioctl (fd, PPPIOCGIDLE, &ddinfo) < 0) {
+        syslog (LOG_ERR, "ioctl(PPPIOCGIDLE): %m");
+        die (1);
+    }
+/*
+ * Compute the time since the last packet was received. If the timer
+ *  has expired then disconnect the line.
+ */
+    delta = idle_time_limit - (u_long) ddinfo.recv_idle;
+    if (((int) delta <= 0L) && (f->state == OPENED)) {
+        syslog (LOG_NOTICE, "No IP frames received within idle time limit");
+	lcp_close(f->unit);		/* Reset connection */
+	phase = PHASE_TERMINATE;	/* Mark it down */
+    } else {
+        if ((int) delta <= 0L)
+	    delta = (u_long) idle_time_limit;
+        assert (idle_timer_running==0);
+        TIMEOUT (IdleTimeCheck, (caddr_t) f, delta);
+        idle_timer_running = 1;
+    }
+}
+
+/*
+ * IdleTimeCheck - Timer expired on the IDLE detection for IP frames
+ */
+
+static void
+IdleTimeCheck (arg)
+    caddr_t arg;
+{
+    if (idle_timer_running != 0) {
+        idle_timer_running = 0;
+        RestartIdleTimer ((fsm *) arg);
+    }
+}
+#endif
+
+/*
+ * lcp_lowerup - The lower layer is up.
+ */
+void
+lcp_lowerup(unit)
+    int unit;
+{
+    sifdown(unit);
+    ppp_set_xaccm(unit, xmit_accm[unit]);
+    ppp_send_config(unit, PPP_MRU, 0xffffffff, 0, 0);
+    ppp_recv_config(unit, PPP_MRU, 0x00000000, 0, 0);
+    peer_mru[unit] = PPP_MRU;
+    lcp_allowoptions[unit].asyncmap = xmit_accm[unit][0];
+
+    fsm_lowerup(&lcp_fsm[unit]);
+}
+
+
+/*
+ * lcp_lowerdown - The lower layer is down.
+ */
+void
+lcp_lowerdown(unit)
+    int unit;
+{
+    fsm_lowerdown(&lcp_fsm[unit]);
+}
+
+
+/*
+ * lcp_input - Input LCP packet.
+ */
+void
+lcp_input(unit, p, len)
+    int unit;
+    u_char *p;
+    int len;
+{
+    int oldstate;
+    fsm *f = &lcp_fsm[unit];
+    lcp_options *go = &lcp_gotoptions[f->unit];
+
+    oldstate = f->state;
+    fsm_input(f, p, len);
+    if (oldstate == REQSENT && f->state == ACKSENT) {
+	/*
+	 * The peer will probably send us an ack soon and then
+	 * immediately start sending packets with the negotiated
+	 * options.  So as to be ready when that happens, we set
+	 * our receive side to accept packets as negotiated now.
+	 */
+	ppp_recv_config(f->unit, PPP_MRU,
+			go->neg_asyncmap? go->asyncmap: 0x00000000,
+			go->neg_pcompression, go->neg_accompression);
+    }
+}
+
+
+/*
+ * lcp_extcode - Handle a LCP-specific code.
+ */
+static int
+lcp_extcode(f, code, id, inp, len)
+    fsm *f;
+    int code, id;
+    u_char *inp;
+    int len;
+{
+    u_char *magp;
+
+    switch( code ){
+    case PROTREJ:
+	lcp_rprotrej(f, inp, len);
+	break;
+    
+    case ECHOREQ:
+	if (f->state != OPENED)
+	    break;
+	LCPDEBUG((LOG_INFO, "lcp: Echo-Request, Rcvd id %d", id));
+	magp = inp;
+	PUTLONG(lcp_gotoptions[f->unit].magicnumber, magp);
+	fsm_sdata(f, ECHOREP, id, inp, len);
+	break;
+    
+    case ECHOREP:
+	lcp_received_echo_reply(f, id, inp, len);
+	break;
+
+    case DISCREQ:
+	break;
+
+    default:
+	return 0;
+    }
+    return 1;
+}
+
+    
+/*
+ * lcp_rprotrej - Receive an Protocol-Reject.
+ *
+ * Figure out which protocol is rejected and inform it.
+ */
+static void
+lcp_rprotrej(f, inp, len)
+    fsm *f;
+    u_char *inp;
+    int len;
+{
+    u_short prot;
+
+    LCPDEBUG((LOG_INFO, "lcp_rprotrej."));
+
+    if (len < sizeof (u_short)) {
+	LCPDEBUG((LOG_INFO,
+		  "lcp_rprotrej: Rcvd short Protocol-Reject packet!"));
+	return;
+    }
+
+    GETSHORT(prot, inp);
+
+    LCPDEBUG((LOG_INFO,
+	      "lcp_rprotrej: Rcvd Protocol-Reject packet for %x!",
+	      prot));
+
+    /*
+     * Protocol-Reject packets received in any state other than the LCP
+     * OPENED state SHOULD be silently discarded.
+     */
+    if( f->state != OPENED ){
+	LCPDEBUG((LOG_INFO, "Protocol-Reject discarded: LCP in state %d",
+		  f->state));
+	return;
+    }
+
+    DEMUXPROTREJ(f->unit, prot);	/* Inform protocol */
+}
+
+
+/*
+ * lcp_protrej - A Protocol-Reject was received.
+ */
+/*ARGSUSED*/
+void
+lcp_protrej(unit)
+    int unit;
+{
+    /*
+     * Can't reject LCP!
+     */
+    LCPDEBUG((LOG_WARNING,
+	      "lcp_protrej: Received Protocol-Reject for LCP!"));
+    fsm_protreject(&lcp_fsm[unit]);
+}
+
+
+/*
+ * lcp_sprotrej - Send a Protocol-Reject for some protocol.
+ */
+void
+lcp_sprotrej(unit, p, len)
+    int unit;
+    u_char *p;
+    int len;
+{
+    /*
+     * Send back the protocol and the information field of the
+     * rejected packet.  We only get here if LCP is in the OPENED state.
+     */
+    p += 2;
+    len -= 2;
+
+    fsm_sdata(&lcp_fsm[unit], PROTREJ, ++lcp_fsm[unit].id,
+	      p, len);
+}
+
+
+/*
+ * lcp_resetci - Reset our CI.
+ */
+static void
+  lcp_resetci(f)
+fsm *f;
+{
+    lcp_wantoptions[f->unit].magicnumber = magic();
+    lcp_wantoptions[f->unit].numloops = 0;
+    lcp_gotoptions[f->unit] = lcp_wantoptions[f->unit];
+    peer_mru[f->unit] = PPP_MRU;
+}
+
+
+/*
+ * lcp_cilen - Return length of our CI.
+ */
+static int
+lcp_cilen(f)
+    fsm *f;
+{
+    lcp_options *go = &lcp_gotoptions[f->unit];
+
+#define LENCIVOID(neg)	(neg ? CILEN_VOID : 0)
+#define LENCICHAP(neg)	(neg ? CILEN_CHAP : 0)
+#define LENCISHORT(neg)	(neg ? CILEN_SHORT : 0)
+#define LENCILONG(neg)	(neg ? CILEN_LONG : 0)
+#define LENCILQR(neg)	(neg ? CILEN_LQR: 0)
+    /*
+     * NB: we only ask for one of CHAP and UPAP, even if we will
+     * accept either.
+     */
+    return (LENCISHORT(go->neg_mru) +
+	    LENCILONG(go->neg_asyncmap) +
+	    LENCICHAP(go->neg_chap) +
+	    LENCISHORT(!go->neg_chap && go->neg_upap) +
+	    LENCILQR(go->neg_lqr) +
+	    LENCILONG(go->neg_magicnumber) +
+	    LENCIVOID(go->neg_pcompression) +
+	    LENCIVOID(go->neg_accompression));
+}
+
+
+/*
+ * lcp_addci - Add our desired CIs to a packet.
+ */
+static void
+lcp_addci(f, ucp, lenp)
+    fsm *f;
+    u_char *ucp;
+    int *lenp;
+{
+    lcp_options *go = &lcp_gotoptions[f->unit];
+    u_char *start_ucp = ucp;
+
+#define ADDCIVOID(opt, neg) \
+    if (neg) { \
+	PUTCHAR(opt, ucp); \
+	PUTCHAR(CILEN_VOID, ucp); \
+    }
+#define ADDCISHORT(opt, neg, val) \
+    if (neg) { \
+	PUTCHAR(opt, ucp); \
+	PUTCHAR(CILEN_SHORT, ucp); \
+	PUTSHORT(val, ucp); \
+    }
+#define ADDCICHAP(opt, neg, val, digest) \
+    if (neg) { \
+	PUTCHAR(opt, ucp); \
+	PUTCHAR(CILEN_CHAP, ucp); \
+	PUTSHORT(val, ucp); \
+	PUTCHAR(digest, ucp); \
+    }
+#define ADDCILONG(opt, neg, val) \
+    if (neg) { \
+	PUTCHAR(opt, ucp); \
+	PUTCHAR(CILEN_LONG, ucp); \
+	PUTLONG(val, ucp); \
+    }
+#define ADDCILQR(opt, neg, val) \
+    if (neg) { \
+	PUTCHAR(opt, ucp); \
+	PUTCHAR(CILEN_LQR, ucp); \
+	PUTSHORT(PPP_LQR, ucp); \
+	PUTLONG(val, ucp); \
+    }
+
+    ADDCISHORT(CI_MRU, go->neg_mru, go->mru);
+    ADDCILONG(CI_ASYNCMAP, go->neg_asyncmap, go->asyncmap);
+    ADDCICHAP(CI_AUTHTYPE, go->neg_chap, PPP_CHAP, go->chap_mdtype);
+    ADDCISHORT(CI_AUTHTYPE, !go->neg_chap && go->neg_upap, PPP_PAP);
+    ADDCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period);
+    ADDCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber);
+    ADDCIVOID(CI_PCOMPRESSION, go->neg_pcompression);
+    ADDCIVOID(CI_ACCOMPRESSION, go->neg_accompression);
+
+    if (ucp - start_ucp != *lenp) {
+	/* this should never happen, because peer_mtu should be 1500 */
+	syslog(LOG_ERR, "Bug in lcp_addci: wrong length");
+    }
+}
+
+
+/*
+ * lcp_ackci - Ack our CIs.
+ * This should not modify any state if the Ack is bad.
+ *
+ * Returns:
+ *	0 - Ack was bad.
+ *	1 - Ack was good.
+ */
+static int
+lcp_ackci(f, p, len)
+    fsm *f;
+    u_char *p;
+    int len;
+{
+    lcp_options *go = &lcp_gotoptions[f->unit];
+    u_char cilen, citype, cichar;
+    u_short cishort;
+    u_int32_t cilong;
+
+    /*
+     * CIs must be in exactly the same order that we sent.
+     * Check packet length and CI length at each step.
+     * If we find any deviations, then this packet is bad.
+     */
+#define ACKCIVOID(opt, neg) \
+    if (neg) { \
+	if ((len -= CILEN_VOID) < 0) \
+	    goto bad; \
+	GETCHAR(citype, p); \
+	GETCHAR(cilen, p); \
+	if (cilen != CILEN_VOID || \
+	    citype != opt) \
+	    goto bad; \
+    }
+#define ACKCISHORT(opt, neg, val) \
+    if (neg) { \
+	if ((len -= CILEN_SHORT) < 0) \
+	    goto bad; \
+	GETCHAR(citype, p); \
+	GETCHAR(cilen, p); \
+	if (cilen != CILEN_SHORT || \
+	    citype != opt) \
+	    goto bad; \
+	GETSHORT(cishort, p); \
+	if (cishort != val) \
+	    goto bad; \
+    }
+#define ACKCICHAP(opt, neg, val, digest) \
+    if (neg) { \
+	if ((len -= CILEN_CHAP) < 0) \
+	    goto bad; \
+	GETCHAR(citype, p); \
+	GETCHAR(cilen, p); \
+	if (cilen != CILEN_CHAP || \
+	    citype != opt) \
+	    goto bad; \
+	GETSHORT(cishort, p); \
+	if (cishort != val) \
+	    goto bad; \
+	GETCHAR(cichar, p); \
+	if (cichar != digest) \
+	  goto bad; \
+    }
+#define ACKCILONG(opt, neg, val) \
+    if (neg) { \
+	if ((len -= CILEN_LONG) < 0) \
+	    goto bad; \
+	GETCHAR(citype, p); \
+	GETCHAR(cilen, p); \
+	if (cilen != CILEN_LONG || \
+	    citype != opt) \
+	    goto bad; \
+	GETLONG(cilong, p); \
+	if (cilong != val) \
+	    goto bad; \
+    }
+#define ACKCILQR(opt, neg, val) \
+    if (neg) { \
+	if ((len -= CILEN_LQR) < 0) \
+	    goto bad; \
+	GETCHAR(citype, p); \
+	GETCHAR(cilen, p); \
+	if (cilen != CILEN_LQR || \
+	    citype != opt) \
+	    goto bad; \
+	GETSHORT(cishort, p); \
+	if (cishort != PPP_LQR) \
+	    goto bad; \
+	GETLONG(cilong, p); \
+	if (cilong != val) \
+	  goto bad; \
+    }
+
+    ACKCISHORT(CI_MRU, go->neg_mru, go->mru);
+    ACKCILONG(CI_ASYNCMAP, go->neg_asyncmap, go->asyncmap);
+    ACKCICHAP(CI_AUTHTYPE, go->neg_chap, PPP_CHAP, go->chap_mdtype);
+    ACKCISHORT(CI_AUTHTYPE, !go->neg_chap && go->neg_upap, PPP_PAP);
+    ACKCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period);
+    ACKCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber);
+    ACKCIVOID(CI_PCOMPRESSION, go->neg_pcompression);
+    ACKCIVOID(CI_ACCOMPRESSION, go->neg_accompression);
+
+    /*
+     * If there are any remaining CIs, then this packet is bad.
+     */
+    if (len != 0)
+	goto bad;
+    return (1);
+bad:
+    LCPDEBUG((LOG_WARNING, "lcp_acki: received bad Ack!"));
+    return (0);
+}
+
+
+/*
+ * lcp_nakci - Peer has sent a NAK for some of our CIs.
+ * This should not modify any state if the Nak is bad
+ * or if LCP is in the OPENED state.
+ *
+ * Returns:
+ *	0 - Nak was bad.
+ *	1 - Nak was good.
+ */
+static int
+lcp_nakci(f, p, len)
+    fsm *f;
+    u_char *p;
+    int len;
+{
+    lcp_options *go = &lcp_gotoptions[f->unit];
+    lcp_options *wo = &lcp_wantoptions[f->unit];
+    u_char citype, cichar, *next;
+    u_short cishort;
+    u_int32_t cilong;
+    lcp_options no;		/* options we've seen Naks for */
+    lcp_options try;		/* options to request next time */
+    int looped_back = 0;
+    int cilen;
+
+    BZERO(&no, sizeof(no));
+    try = *go;
+
+    /*
+     * Any Nak'd CIs must be in exactly the same order that we sent.
+     * Check packet length and CI length at each step.
+     * If we find any deviations, then this packet is bad.
+     */
+#define NAKCIVOID(opt, neg, code) \
+    if (go->neg && \
+	len >= CILEN_VOID && \
+	p[1] == CILEN_VOID && \
+	p[0] == opt) { \
+	len -= CILEN_VOID; \
+	INCPTR(CILEN_VOID, p); \
+	no.neg = 1; \
+	code \
+    }
+#define NAKCICHAP(opt, neg, code) \
+    if (go->neg && \
+	len >= CILEN_CHAP && \
+	p[1] == CILEN_CHAP && \
+	p[0] == opt) { \
+	len -= CILEN_CHAP; \
+	INCPTR(2, p); \
+	GETSHORT(cishort, p); \
+	GETCHAR(cichar, p); \
+	no.neg = 1; \
+	code \
+    }
+#define NAKCISHORT(opt, neg, code) \
+    if (go->neg && \
+	len >= CILEN_SHORT && \
+	p[1] == CILEN_SHORT && \
+	p[0] == opt) { \
+	len -= CILEN_SHORT; \
+	INCPTR(2, p); \
+	GETSHORT(cishort, p); \
+	no.neg = 1; \
+	code \
+    }
+#define NAKCILONG(opt, neg, code) \
+    if (go->neg && \
+	len >= CILEN_LONG && \
+	p[1] == CILEN_LONG && \
+	p[0] == opt) { \
+	len -= CILEN_LONG; \
+	INCPTR(2, p); \
+	GETLONG(cilong, p); \
+	no.neg = 1; \
+	code \
+    }
+#define NAKCILQR(opt, neg, code) \
+    if (go->neg && \
+	len >= CILEN_LQR && \
+	p[1] == CILEN_LQR && \
+	p[0] == opt) { \
+	len -= CILEN_LQR; \
+	INCPTR(2, p); \
+	GETSHORT(cishort, p); \
+	GETLONG(cilong, p); \
+	no.neg = 1; \
+	code \
+    }
+
+    /*
+     * We don't care if they want to send us smaller packets than
+     * we want.  Therefore, accept any MRU less than what we asked for,
+     * but then ignore the new value when setting the MRU in the kernel.
+     * If they send us a bigger MRU than what we asked, accept it, up to
+     * the limit of the default MRU we'd get if we didn't negotiate.
+     */
+    NAKCISHORT(CI_MRU, neg_mru,
+	       if (cishort <= wo->mru || cishort < DEFMRU)
+		   try.mru = cishort;
+	       );
+
+    /*
+     * Add any characters they want to our (receive-side) asyncmap.
+     */
+    NAKCILONG(CI_ASYNCMAP, neg_asyncmap,
+	      try.asyncmap = go->asyncmap | cilong;
+	      );
+
+    /*
+     * If they've nak'd our authentication-protocol, check whether
+     * they are proposing a different protocol, or a different
+     * hash algorithm for CHAP.
+     */
+    if ((go->neg_chap || go->neg_upap)
+	&& len >= CILEN_SHORT
+	&& p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT) {
+	cilen = p[1];
+	INCPTR(2, p);
+        GETSHORT(cishort, p);
+	if (cishort == PPP_PAP && cilen == CILEN_SHORT) {
+	    /*
+	     * If they are asking for PAP, then they don't want to do CHAP.
+	     * If we weren't asking for CHAP, then we were asking for PAP,
+	     * in which case this Nak is bad.
+	     */
+	    if (!go->neg_chap)
+		goto bad;
+	    go->neg_chap = 0;
+
+	} else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) {
+	    GETCHAR(cichar, p);
+	    if (go->neg_chap) {
+		/*
+		 * We were asking for CHAP/MD5; they must want a different
+		 * algorithm.  If they can't do MD5, we'll have to stop
+		 * asking for CHAP.
+		 */
+		if (cichar != go->chap_mdtype)
+		    go->neg_chap = 0;
+	    } else {
+		/*
+		 * Stop asking for PAP if we were asking for it.
+		 */
+		go->neg_upap = 0;
+	    }
+
+	} else {
+	    /*
+	     * We don't recognize what they're suggesting.
+	     * Stop asking for what we were asking for.
+	     */
+	    if (go->neg_chap)
+		go->neg_chap = 0;
+	    else
+		go->neg_upap = 0;
+	    p += cilen - CILEN_SHORT;
+	}
+    }
+
+    /*
+     * Peer shouldn't send Nak for protocol compression or
+     * address/control compression requests; they should send
+     * a Reject instead.  If they send a Nak, treat it as a Reject.
+     */
+    if (!go->neg_chap ){
+	NAKCISHORT(CI_AUTHTYPE, neg_upap,
+		   try.neg_upap = 0;
+		   );
+    }
+
+    /*
+     * If they can't cope with our link quality protocol, we'll have
+     * to stop asking for LQR.  We haven't got any other protocol.
+     * If they Nak the reporting period, take their value XXX ?
+     */
+    NAKCILQR(CI_QUALITY, neg_lqr,
+	     if (cishort != PPP_LQR)
+		 try.neg_lqr = 0;
+	     else
+		 try.lqr_period = cilong;
+	     );
+
+    /*
+     * Check for a looped-back line.
+     */
+    NAKCILONG(CI_MAGICNUMBER, neg_magicnumber,
+	      try.magicnumber = magic();
+	      looped_back = 1;
+	      );
+
+    NAKCIVOID(CI_PCOMPRESSION, neg_pcompression,
+	      try.neg_pcompression = 0;
+	      );
+    NAKCIVOID(CI_ACCOMPRESSION, neg_accompression,
+	      try.neg_accompression = 0;
+	      );
+
+    /*
+     * There may be remaining CIs, if the peer is requesting negotiation
+     * on an option that we didn't include in our request packet.
+     * If we see an option that we requested, or one we've already seen
+     * in this packet, then this packet is bad.
+     * If we wanted to respond by starting to negotiate on the requested
+     * option(s), we could, but we don't, because except for the
+     * authentication type and quality protocol, if we are not negotiating
+     * an option, it is because we were told not to.
+     * For the authentication type, the Nak from the peer means
+     * `let me authenticate myself with you' which is a bit pointless.
+     * For the quality protocol, the Nak means `ask me to send you quality
+     * reports', but if we didn't ask for them, we don't want them.
+     * An option we don't recognize represents the peer asking to
+     * negotiate some option we don't support, so ignore it.
+     */
+    while (len > CILEN_VOID) {
+	GETCHAR(citype, p);
+	GETCHAR(cilen, p);
+	if ((len -= cilen) < 0)
+	    goto bad;
+	next = p + cilen - 2;
+
+	switch (citype) {
+	case CI_MRU:
+	    if (go->neg_mru || no.neg_mru || cilen != CILEN_SHORT)
+		goto bad;
+	    break;
+	case CI_ASYNCMAP:
+	    if (go->neg_asyncmap || no.neg_asyncmap || cilen != CILEN_LONG)
+		goto bad;
+	    break;
+	case CI_AUTHTYPE:
+	    if (go->neg_chap || no.neg_chap || go->neg_upap || no.neg_upap)
+		goto bad;
+	    break;
+	case CI_MAGICNUMBER:
+	    if (go->neg_magicnumber || no.neg_magicnumber ||
+		cilen != CILEN_LONG)
+		goto bad;
+	    break;
+	case CI_PCOMPRESSION:
+	    if (go->neg_pcompression || no.neg_pcompression
+		|| cilen != CILEN_VOID)
+		goto bad;
+	    break;
+	case CI_ACCOMPRESSION:
+	    if (go->neg_accompression || no.neg_accompression
+		|| cilen != CILEN_VOID)
+		goto bad;
+	    break;
+	case CI_QUALITY:
+	    if (go->neg_lqr || no.neg_lqr || cilen != CILEN_LQR)
+		goto bad;
+	    break;
+	}
+	p = next;
+    }
+
+    /* If there is still anything left, this packet is bad. */
+    if (len != 0)
+	goto bad;
+
+    /*
+     * OK, the Nak is good.  Now we can update state.
+     */
+    if (f->state != OPENED) {
+	if (looped_back) {
+	    if (++try.numloops >= lcp_loopbackfail) {
+		syslog(LOG_NOTICE, "Serial line is looped back.");
+		lcp_close(f->unit);
+	    }
+	} else
+	    try.numloops = 0;
+	*go = try;
+    }
+
+    return 1;
+
+bad:
+    LCPDEBUG((LOG_WARNING, "lcp_nakci: received bad Nak!"));
+    return 0;
+}
+
+
+/*
+ * lcp_rejci - Peer has Rejected some of our CIs.
+ * This should not modify any state if the Reject is bad
+ * or if LCP is in the OPENED state.
+ *
+ * Returns:
+ *	0 - Reject was bad.
+ *	1 - Reject was good.
+ */
+static int
+lcp_rejci(f, p, len)
+    fsm *f;
+    u_char *p;
+    int len;
+{
+    lcp_options *go = &lcp_gotoptions[f->unit];
+    u_char cichar;
+    u_short cishort;
+    u_int32_t cilong;
+    u_char *start = p;
+    int plen = len;
+    lcp_options try;		/* options to request next time */
+
+    try = *go;
+
+    /*
+     * Any Rejected CIs must be in exactly the same order that we sent.
+     * Check packet length and CI length at each step.
+     * If we find any deviations, then this packet is bad.
+     */
+#define REJCIVOID(opt, neg) \
+    if (go->neg && \
+	len >= CILEN_VOID && \
+	p[1] == CILEN_VOID && \
+	p[0] == opt) { \
+	len -= CILEN_VOID; \
+	INCPTR(CILEN_VOID, p); \
+	try.neg = 0; \
+	LCPDEBUG((LOG_INFO, "lcp_rejci rejected void opt %d", opt)); \
+    }
+#define REJCISHORT(opt, neg, val) \
+    if (go->neg && \
+	len >= CILEN_SHORT && \
+	p[1] == CILEN_SHORT && \
+	p[0] == opt) { \
+	len -= CILEN_SHORT; \
+	INCPTR(2, p); \
+	GETSHORT(cishort, p); \
+	/* Check rejected value. */ \
+	if (cishort != val) \
+	    goto bad; \
+	try.neg = 0; \
+	LCPDEBUG((LOG_INFO,"lcp_rejci rejected short opt %d", opt)); \
+    }
+#define REJCICHAP(opt, neg, val, digest) \
+    if (go->neg && \
+	len >= CILEN_CHAP && \
+	p[1] == CILEN_CHAP && \
+	p[0] == opt) { \
+	len -= CILEN_CHAP; \
+	INCPTR(2, p); \
+	GETSHORT(cishort, p); \
+	GETCHAR(cichar, p); \
+	/* Check rejected value. */ \
+	if (cishort != val || cichar != digest) \
+	    goto bad; \
+	try.neg = 0; \
+	try.neg_upap = 0; \
+	LCPDEBUG((LOG_INFO,"lcp_rejci rejected chap opt %d", opt)); \
+    }
+#define REJCILONG(opt, neg, val) \
+    if (go->neg && \
+	len >= CILEN_LONG && \
+	p[1] == CILEN_LONG && \
+	p[0] == opt) { \
+	len -= CILEN_LONG; \
+	INCPTR(2, p); \
+	GETLONG(cilong, p); \
+	/* Check rejected value. */ \
+	if (cilong != val) \
+	    goto bad; \
+	try.neg = 0; \
+	LCPDEBUG((LOG_INFO,"lcp_rejci rejected long opt %d", opt)); \
+    }
+#define REJCILQR(opt, neg, val) \
+    if (go->neg && \
+	len >= CILEN_LQR && \
+	p[1] == CILEN_LQR && \
+	p[0] == opt) { \
+	len -= CILEN_LQR; \
+	INCPTR(2, p); \
+	GETSHORT(cishort, p); \
+	GETLONG(cilong, p); \
+	/* Check rejected value. */ \
+	if (cishort != PPP_LQR || cilong != val) \
+	    goto bad; \
+	try.neg = 0; \
+	LCPDEBUG((LOG_INFO,"lcp_rejci rejected LQR opt %d", opt)); \
+    }
+
+    REJCISHORT(CI_MRU, neg_mru, go->mru);
+    REJCILONG(CI_ASYNCMAP, neg_asyncmap, go->asyncmap);
+    REJCICHAP(CI_AUTHTYPE, neg_chap, PPP_CHAP, go->chap_mdtype);
+    if (!go->neg_chap) {
+	REJCISHORT(CI_AUTHTYPE, neg_upap, PPP_PAP);
+    }
+    REJCILQR(CI_QUALITY, neg_lqr, go->lqr_period);
+    REJCILONG(CI_MAGICNUMBER, neg_magicnumber, go->magicnumber);
+    REJCIVOID(CI_PCOMPRESSION, neg_pcompression);
+    REJCIVOID(CI_ACCOMPRESSION, neg_accompression);
+
+    /*
+     * If there are any remaining CIs, then this packet is bad.
+     */
+    if (len != 0)
+	goto bad;
+    /*
+     * Now we can update state.
+     */
+    if (f->state != OPENED)
+	*go = try;
+    return 1;
+
+bad:
+    LCPDEBUG((LOG_WARNING, "lcp_rejci: received bad Reject!"));
+    LCPDEBUG((LOG_WARNING, "lcp_rejci: plen %d len %d off %d",
+	      plen, len, p - start));
+    return 0;
+}
+
+
+/*
+ * lcp_reqci - Check the peer's requested CIs and send appropriate response.
+ *
+ * Returns: CONFACK, CONFNAK or CONFREJ and input packet modified
+ * appropriately.  If reject_if_disagree is non-zero, doesn't return
+ * CONFNAK; returns CONFREJ if it can't return CONFACK.
+ */
+static int
+lcp_reqci(f, inp, lenp, reject_if_disagree)
+    fsm *f;
+    u_char *inp;		/* Requested CIs */
+    int *lenp;			/* Length of requested CIs */
+    int reject_if_disagree;
+{
+    lcp_options *go = &lcp_gotoptions[f->unit];
+    lcp_options *ho = &lcp_hisoptions[f->unit];
+    lcp_options *ao = &lcp_allowoptions[f->unit];
+    u_char *cip, *next;		/* Pointer to current and next CIs */
+    u_char cilen, citype, cichar;/* Parsed len, type, char value */
+    u_short cishort;		/* Parsed short value */
+    u_int32_t cilong;		/* Parse long value */
+    int rc = CONFACK;		/* Final packet return code */
+    int orc;			/* Individual option return code */
+    u_char *p;			/* Pointer to next char to parse */
+    u_char *rejp;		/* Pointer to next char in reject frame */
+    u_char *nakp;		/* Pointer to next char in Nak frame */
+    int l = *lenp;		/* Length left */
+
+    /*
+     * Reset all his options.
+     */
+    BZERO(ho, sizeof(*ho));
+
+    /*
+     * Process all his options.
+     */
+    next = inp;
+    nakp = nak_buffer;
+    rejp = inp;
+    while (l) {
+	orc = CONFACK;			/* Assume success */
+	cip = p = next;			/* Remember begining of CI */
+	if (l < 2 ||			/* Not enough data for CI header or */
+	    p[1] < 2 ||			/*  CI length too small or */
+	    p[1] > l) {			/*  CI length too big? */
+	    LCPDEBUG((LOG_WARNING, "lcp_reqci: bad CI length!"));
+	    orc = CONFREJ;		/* Reject bad CI */
+	    cilen = l;			/* Reject till end of packet */
+	    l = 0;			/* Don't loop again */
+	    goto endswitch;
+	}
+	GETCHAR(citype, p);		/* Parse CI type */
+	GETCHAR(cilen, p);		/* Parse CI length */
+	l -= cilen;			/* Adjust remaining length */
+	next += cilen;			/* Step to next CI */
+
+	switch (citype) {		/* Check CI type */
+	case CI_MRU:
+	    LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd MRU"));
+	    if (!ao->neg_mru ||		/* Allow option? */
+		cilen != CILEN_SHORT) {	/* Check CI length */
+		orc = CONFREJ;		/* Reject CI */
+		break;
+	    }
+	    GETSHORT(cishort, p);	/* Parse MRU */
+	    LCPDEBUG((LOG_INFO, "(%d)", cishort));
+
+	    /*
+	     * He must be able to receive at least our minimum.
+	     * No need to check a maximum.  If he sends a large number,
+	     * we'll just ignore it.
+	     */
+	    if (cishort < MINMRU) {
+		orc = CONFNAK;		/* Nak CI */
+		PUTCHAR(CI_MRU, nakp);
+		PUTCHAR(CILEN_SHORT, nakp);
+		PUTSHORT(MINMRU, nakp);	/* Give him a hint */
+		break;
+	    }
+	    ho->neg_mru = 1;		/* Remember he sent MRU */
+	    ho->mru = cishort;		/* And remember value */
+	    break;
+
+	case CI_ASYNCMAP:
+	    LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd ASYNCMAP"));
+	    if (!ao->neg_asyncmap ||
+		cilen != CILEN_LONG) {
+		orc = CONFREJ;
+		break;
+	    }
+	    GETLONG(cilong, p);
+	    LCPDEBUG((LOG_INFO, "(%x)", (unsigned int) cilong));
+
+	    /*
+	     * Asyncmap must have set at least the bits
+	     * which are set in lcp_allowoptions[unit].asyncmap.
+	     */
+	    if ((ao->asyncmap & ~cilong) != 0) {
+		orc = CONFNAK;
+		PUTCHAR(CI_ASYNCMAP, nakp);
+		PUTCHAR(CILEN_LONG, nakp);
+		PUTLONG(ao->asyncmap | cilong, nakp);
+		break;
+	    }
+	    ho->neg_asyncmap = 1;
+	    ho->asyncmap = cilong;
+	    break;
+
+	case CI_AUTHTYPE:
+	    LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd AUTHTYPE"));
+	    if (cilen < CILEN_SHORT ||
+		!(ao->neg_upap || ao->neg_chap)) {
+		/*
+		 * Reject the option if we're not willing to authenticate.
+		 */
+		orc = CONFREJ;
+		break;
+	    }
+	    GETSHORT(cishort, p);
+	    LCPDEBUG((LOG_INFO, "(%x)", cishort));
+
+	    /*
+	     * Authtype must be UPAP or CHAP.
+	     *
+	     * Note: if both ao->neg_upap and ao->neg_chap are set,
+	     * and the peer sends a Configure-Request with two
+	     * authenticate-protocol requests, one for CHAP and one
+	     * for UPAP, then we will reject the second request.
+	     * Whether we end up doing CHAP or UPAP depends then on
+	     * the ordering of the CIs in the peer's Configure-Request.
+	     */
+
+	    if (cishort == PPP_PAP) {
+		if (ho->neg_chap ||	/* we've already accepted CHAP */
+		    cilen != CILEN_SHORT) {
+		    LCPDEBUG((LOG_WARNING,
+			      "lcp_reqci: rcvd AUTHTYPE PAP, rejecting..."));
+		    orc = CONFREJ;
+		    break;
+		}
+		if (!ao->neg_upap) {	/* we don't want to do PAP */
+		    orc = CONFNAK;	/* NAK it and suggest CHAP */
+		    PUTCHAR(CI_AUTHTYPE, nakp);
+		    PUTCHAR(CILEN_CHAP, nakp);
+		    PUTSHORT(PPP_CHAP, nakp);
+		    PUTCHAR(ao->chap_mdtype, nakp);
+		    break;
+		}
+		ho->neg_upap = 1;
+		break;
+	    }
+	    if (cishort == PPP_CHAP) {
+		if (ho->neg_upap ||	/* we've already accepted PAP */
+		    cilen != CILEN_CHAP) {
+		    LCPDEBUG((LOG_INFO,
+			      "lcp_reqci: rcvd AUTHTYPE CHAP, rejecting..."));
+		    orc = CONFREJ;
+		    break;
+		}
+		if (!ao->neg_chap) {	/* we don't want to do CHAP */
+		    orc = CONFNAK;	/* NAK it and suggest PAP */
+		    PUTCHAR(CI_AUTHTYPE, nakp);
+		    PUTCHAR(CILEN_SHORT, nakp);
+		    PUTSHORT(PPP_PAP, nakp);
+		    break;
+		}
+		GETCHAR(cichar, p);	/* get digest type*/
+		if (cichar != ao->chap_mdtype) {
+		    orc = CONFNAK;
+		    PUTCHAR(CI_AUTHTYPE, nakp);
+		    PUTCHAR(CILEN_CHAP, nakp);
+		    PUTSHORT(PPP_CHAP, nakp);
+		    PUTCHAR(ao->chap_mdtype, nakp);
+		    break;
+		}
+		ho->chap_mdtype = cichar; /* save md type */
+		ho->neg_chap = 1;
+		break;
+	    }
+
+	    /*
+	     * We don't recognize the protocol they're asking for.
+	     * Nak it with something we're willing to do.
+	     * (At this point we know ao->neg_upap || ao->neg_chap.)
+	     */
+	    orc = CONFNAK;
+	    PUTCHAR(CI_AUTHTYPE, nakp);
+	    if (ao->neg_chap) {
+		PUTCHAR(CILEN_CHAP, nakp);
+		PUTSHORT(PPP_CHAP, nakp);
+		PUTCHAR(ao->chap_mdtype, nakp);
+	    } else {
+		PUTCHAR(CILEN_SHORT, nakp);
+		PUTSHORT(PPP_PAP, nakp);
+	    }
+	    break;
+
+	case CI_QUALITY:
+	    LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd QUALITY"));
+	    if (!ao->neg_lqr ||
+		cilen != CILEN_LQR) {
+		orc = CONFREJ;
+		break;
+	    }
+
+	    GETSHORT(cishort, p);
+	    GETLONG(cilong, p);
+	    LCPDEBUG((LOG_INFO, "(%x %x)", cishort, (unsigned int) cilong));
+
+	    /*
+	     * Check the protocol and the reporting period.
+	     * XXX When should we Nak this, and what with?
+	     */
+	    if (cishort != PPP_LQR) {
+		orc = CONFNAK;
+		PUTCHAR(CI_QUALITY, nakp);
+		PUTCHAR(CILEN_LQR, nakp);
+		PUTSHORT(PPP_LQR, nakp);
+		PUTLONG(ao->lqr_period, nakp);
+		break;
+	    }
+	    break;
+
+	case CI_MAGICNUMBER:
+	    LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd MAGICNUMBER"));
+	    if (!(ao->neg_magicnumber || go->neg_magicnumber) ||
+		cilen != CILEN_LONG) {
+		orc = CONFREJ;
+		break;
+	    }
+	    GETLONG(cilong, p);
+	    LCPDEBUG((LOG_INFO, "(%x)", (unsigned int) cilong));
+
+	    /*
+	     * He must have a different magic number.
+	     */
+	    if (go->neg_magicnumber &&
+		cilong == go->magicnumber) {
+		cilong = magic();	/* Don't put magic() inside macro! */
+		orc = CONFNAK;
+		PUTCHAR(CI_MAGICNUMBER, nakp);
+		PUTCHAR(CILEN_LONG, nakp);
+		PUTLONG(cilong, nakp);
+		break;
+	    }
+	    ho->neg_magicnumber = 1;
+	    ho->magicnumber = cilong;
+	    break;
+
+
+	case CI_PCOMPRESSION:
+	    LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd PCOMPRESSION"));
+	    if (!ao->neg_pcompression ||
+		cilen != CILEN_VOID) {
+		orc = CONFREJ;
+		break;
+	    }
+	    ho->neg_pcompression = 1;
+	    break;
+
+	case CI_ACCOMPRESSION:
+	    LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd ACCOMPRESSION"));
+	    if (!ao->neg_accompression ||
+		cilen != CILEN_VOID) {
+		orc = CONFREJ;
+		break;
+	    }
+	    ho->neg_accompression = 1;
+	    break;
+
+	default:
+	    LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd unknown option %d",
+		      citype));
+	    orc = CONFREJ;
+	    break;
+	}
+
+endswitch:
+	LCPDEBUG((LOG_INFO, " (%s)", CODENAME(orc)));
+	if (orc == CONFACK &&		/* Good CI */
+	    rc != CONFACK)		/*  but prior CI wasnt? */
+	    continue;			/* Don't send this one */
+
+	if (orc == CONFNAK) {		/* Nak this CI? */
+	    if (reject_if_disagree	/* Getting fed up with sending NAKs? */
+		&& citype != CI_MAGICNUMBER) {
+		orc = CONFREJ;		/* Get tough if so */
+	    } else {
+		if (rc == CONFREJ)	/* Rejecting prior CI? */
+		    continue;		/* Don't send this one */
+		rc = CONFNAK;
+	    }
+	}
+	if (orc == CONFREJ) {		/* Reject this CI */
+	    rc = CONFREJ;
+	    if (cip != rejp)		/* Need to move rejected CI? */
+		BCOPY(cip, rejp, cilen); /* Move it */
+	    INCPTR(cilen, rejp);	/* Update output pointer */
+	}
+    }
+
+    /*
+     * If we wanted to send additional NAKs (for unsent CIs), the
+     * code would go here.  The extra NAKs would go at *nakp.
+     * At present there are no cases where we want to ask the
+     * peer to negotiate an option.
+     */
+
+    switch (rc) {
+    case CONFACK:
+	*lenp = next - inp;
+	break;
+    case CONFNAK:
+	/*
+	 * Copy the Nak'd options from the nak_buffer to the caller's buffer.
+	 */
+	*lenp = nakp - nak_buffer;
+	BCOPY(nak_buffer, inp, *lenp);
+	break;
+    case CONFREJ:
+	*lenp = rejp - inp;
+	break;
+    }
+
+    LCPDEBUG((LOG_INFO, "lcp_reqci: returning CONF%s.", CODENAME(rc)));
+    return (rc);			/* Return final code */
+}
+
+
+/*
+ * lcp_up - LCP has come UP.
+ *
+ * Start UPAP, IPCP, etc.
+ */
+static void
+lcp_up(f)
+    fsm *f;
+{
+    lcp_options *wo = &lcp_wantoptions[f->unit];
+    lcp_options *ho = &lcp_hisoptions[f->unit];
+    lcp_options *go = &lcp_gotoptions[f->unit];
+    lcp_options *ao = &lcp_allowoptions[f->unit];
+
+    if (!go->neg_magicnumber)
+	go->magicnumber = 0;
+    if (!ho->neg_magicnumber)
+	ho->magicnumber = 0;
+
+    /*
+     * Set our MTU to the smaller of the MTU we wanted and
+     * the MRU our peer wanted.  If we negotiated an MRU,
+     * set our MRU to the larger of value we wanted and
+     * the value we got in the negotiation.
+     */
+    ppp_send_config(f->unit, MIN(ao->mru, (ho->neg_mru? ho->mru: PPP_MRU)),
+		    (ho->neg_asyncmap? ho->asyncmap: 0xffffffff),
+		    ho->neg_pcompression, ho->neg_accompression);
+    /*
+     * If the asyncmap hasn't been negotiated, we really should
+     * set the receive asyncmap to ffffffff, but we set it to 0
+     * for backwards contemptibility.
+     */
+    ppp_recv_config(f->unit, (go->neg_mru? MAX(wo->mru, go->mru): PPP_MRU),
+		    (go->neg_asyncmap? go->asyncmap: 0x00000000),
+		    go->neg_pcompression, go->neg_accompression);
+
+    if (ho->neg_mru)
+	peer_mru[f->unit] = ho->mru;
+
+    ChapLowerUp(f->unit);	/* Enable CHAP */
+    upap_lowerup(f->unit);	/* Enable UPAP */
+    ipcp_lowerup(f->unit);	/* Enable IPCP */
+    ccp_lowerup(f->unit);	/* Enable CCP */
+    lcp_echo_lowerup(f->unit);  /* Enable echo messages */
+
+    link_established(f->unit);
+}
+
+
+/*
+ * lcp_down - LCP has gone DOWN.
+ *
+ * Alert other protocols.
+ */
+static void
+lcp_down(f)
+    fsm *f;
+{
+    lcp_echo_lowerdown(f->unit);
+    ccp_lowerdown(f->unit);
+    ipcp_lowerdown(f->unit);
+    ChapLowerDown(f->unit);
+    upap_lowerdown(f->unit);
+
+    sifdown(f->unit);
+    ppp_send_config(f->unit, PPP_MRU, 0xffffffff, 0, 0);
+    ppp_recv_config(f->unit, PPP_MRU, 0x00000000, 0, 0);
+    peer_mru[f->unit] = PPP_MRU;
+
+    link_down(f->unit);
+}
+
+
+/*
+ * lcp_starting - LCP needs the lower layer up.
+ */
+static void
+lcp_starting(f)
+    fsm *f;
+{
+    link_required(f->unit);
+}
+
+
+/*
+ * lcp_finished - LCP has finished with the lower layer.
+ */
+static void
+lcp_finished(f)
+    fsm *f;
+{
+    link_terminated(f->unit);
+}
+
+
+/*
+ * lcp_printpkt - print the contents of an LCP packet.
+ */
+char *lcp_codenames[] = {
+    "ConfReq", "ConfAck", "ConfNak", "ConfRej",
+    "TermReq", "TermAck", "CodeRej", "ProtRej",
+    "EchoReq", "EchoRep", "DiscReq"
+};
+
+int
+lcp_printpkt(p, plen, printer, arg)
+    u_char *p;
+    int plen;
+    void (*printer) __P((void *, char *, ...));
+    void *arg;
+{
+    int code, id, len, olen;
+    u_char *pstart, *optend;
+    u_short cishort;
+    u_int32_t cilong;
+
+    if (plen < HEADERLEN)
+	return 0;
+    pstart = p;
+    GETCHAR(code, p);
+    GETCHAR(id, p);
+    GETSHORT(len, p);
+    if (len < HEADERLEN || len > plen)
+	return 0;
+
+    if (code >= 1 && code <= sizeof(lcp_codenames) / sizeof(char *))
+	printer(arg, " %s", lcp_codenames[code-1]);
+    else
+	printer(arg, " code=0x%x", code);
+    printer(arg, " id=0x%x", id);
+    len -= HEADERLEN;
+    switch (code) {
+    case CONFREQ:
+    case CONFACK:
+    case CONFNAK:
+    case CONFREJ:
+	/* print option list */
+	while (len >= 2) {
+	    GETCHAR(code, p);
+	    GETCHAR(olen, p);
+	    p -= 2;
+	    if (olen < 2 || olen > len) {
+		break;
+	    }
+	    printer(arg, " <");
+	    len -= olen;
+	    optend = p + olen;
+	    switch (code) {
+	    case CI_MRU:
+		if (olen == CILEN_SHORT) {
+		    p += 2;
+		    GETSHORT(cishort, p);
+		    printer(arg, "mru %d", cishort);
+		}
+		break;
+	    case CI_ASYNCMAP:
+		if (olen == CILEN_LONG) {
+		    p += 2;
+		    GETLONG(cilong, p);
+		    printer(arg, "asyncmap 0x%x", cilong);
+		}
+		break;
+	    case CI_AUTHTYPE:
+		if (olen >= CILEN_SHORT) {
+		    p += 2;
+		    printer(arg, "auth ");
+		    GETSHORT(cishort, p);
+		    switch (cishort) {
+		    case PPP_PAP:
+			printer(arg, "upap");
+			break;
+		    case PPP_CHAP:
+			printer(arg, "chap");
+			break;
+		    default:
+			printer(arg, "0x%x", cishort);
+		    }
+		}
+		break;
+	    case CI_QUALITY:
+		if (olen >= CILEN_SHORT) {
+		    p += 2;
+		    printer(arg, "quality ");
+		    GETSHORT(cishort, p);
+		    switch (cishort) {
+		    case PPP_LQR:
+			printer(arg, "lqr");
+			break;
+		    default:
+			printer(arg, "0x%x", cishort);
+		    }
+		}
+		break;
+	    case CI_MAGICNUMBER:
+		if (olen == CILEN_LONG) {
+		    p += 2;
+		    GETLONG(cilong, p);
+		    printer(arg, "magic 0x%x", cilong);
+		}
+		break;
+	    case CI_PCOMPRESSION:
+		if (olen == CILEN_VOID) {
+		    p += 2;
+		    printer(arg, "pcomp");
+		}
+		break;
+	    case CI_ACCOMPRESSION:
+		if (olen == CILEN_VOID) {
+		    p += 2;
+		    printer(arg, "accomp");
+		}
+		break;
+	    }
+	    while (p < optend) {
+		GETCHAR(code, p);
+		printer(arg, " %.2x", code);
+	    }
+	    printer(arg, ">");
+	}
+	break;
+    }
+
+    /* print the rest of the bytes in the packet */
+    for (; len > 0; --len) {
+	GETCHAR(code, p);
+	printer(arg, " %.2x", code);
+    }
+
+    return p - pstart;
+}
+
+/*
+ * Time to shut down the link because there is nothing out there.
+ */
+
+static
+void LcpLinkFailure (f)
+    fsm *f;
+{
+    if (f->state == OPENED) {
+        syslog (LOG_NOTICE, "Excessive lack of response to LCP echo frames.");
+        lcp_close(f->unit);		/* Reset connection */
+    }
+}
+
+/*
+ * Timer expired for the LCP echo requests from this process.
+ */
+
+static void
+LcpEchoCheck (f)
+    fsm *f;
+{
+    long int delta;
+#ifdef __linux__
+    struct ppp_idle    ddinfo;
+/*
+ * Read the time since the last packet was received.
+ */
+    if (ioctl (fd, PPPIOCGIDLE, &ddinfo) < 0) {
+        syslog (LOG_ERR, "ioctl(PPPIOCGIDLE): %m");
+        die (1);
+    }
+/*
+ * Compute the time since the last packet was received. If the timer
+ *  has expired then send the echo request and reset the timer to maximum.
+ */
+    delta = (long int) lcp_echo_interval - (long int) ddinfo.recv_idle;
+    if (delta < 0L) {
+        LcpSendEchoRequest (f);
+        delta = (int) lcp_echo_interval;
+    }
+
+#else /* Other implementations do not have ability to find delta */
+    LcpSendEchoRequest (f);
+    delta = (int) lcp_echo_interval;
+#endif
+
+/*
+ * Start the timer for the next interval.
+ */
+    assert (lcp_echo_timer_running==0);
+    TIMEOUT (LcpEchoTimeout, (caddr_t) f, (u_int32_t) delta);
+    lcp_echo_timer_running = 1;
+}
+
+/*
+ * LcpEchoTimeout - Timer expired on the LCP echo
+ */
+
+static void
+LcpEchoTimeout (arg)
+    caddr_t arg;
+{
+    if (lcp_echo_timer_running != 0) {
+        lcp_echo_timer_running = 0;
+        LcpEchoCheck ((fsm *) arg);
+    }
+}
+
+/*
+ * LcpEchoReply - LCP has received a reply to the echo
+ */
+
+static void
+lcp_received_echo_reply (f, id, inp, len)
+    fsm *f;
+    int id; u_char *inp; int len;
+{
+    u_int32_t magic;
+
+    /* Check the magic number - don't count replies from ourselves. */
+    if (len < 4) {
+	syslog(LOG_DEBUG, "lcp: received short Echo-Reply, length %d", len);
+	return;
+    }
+    GETLONG(magic, inp);
+    if (lcp_gotoptions[f->unit].neg_magicnumber
+	&& magic == lcp_gotoptions[f->unit].magicnumber) {
+	syslog(LOG_WARNING, "appear to have received our own echo-reply!");
+	return;
+    }
+
+    /* Reset the number of outstanding echo frames */
+    lcp_echos_pending = 0;
+}
+
+/*
+ * LcpSendEchoRequest - Send an echo request frame to the peer
+ */
+
+static void
+LcpSendEchoRequest (f)
+    fsm *f;
+{
+    u_int32_t lcp_magic;
+    u_char pkt[4], *pktp;
+
+/*
+ * Detect the failure of the peer at this point.
+ */
+    if (lcp_echo_fails != 0) {
+        if (lcp_echos_pending++ >= lcp_echo_fails) {
+            LcpLinkFailure(f);
+	    lcp_echos_pending = 0;
+	}
+    }
+/*
+ * Make and send the echo request frame.
+ */
+    if (f->state == OPENED) {
+        lcp_magic = lcp_gotoptions[f->unit].neg_magicnumber
+	            ? lcp_gotoptions[f->unit].magicnumber
+	            : 0L;
+	pktp = pkt;
+	PUTLONG(lcp_magic, pktp);
+      
+        fsm_sdata(f, ECHOREQ,
+		  lcp_echo_number++ & 0xFF, pkt, pktp - pkt);
+    }
+}
+
+/*
+ * lcp_echo_lowerup - Start the timer for the LCP frame
+ */
+
+static void
+lcp_echo_lowerup (unit)
+    int unit;
+{
+    fsm *f = &lcp_fsm[unit];
+
+    /* Clear the parameters for generating echo frames */
+    lcp_echos_pending      = 0;
+    lcp_echo_number        = 0;
+    lcp_echo_timer_running = 0;
+  
+    /* If a timeout interval is specified then start the timer */
+    if (lcp_echo_interval != 0)
+        LcpEchoCheck (f);
+#ifdef _linux_
+    /* If a idle time limit is given then start it */
+    if (idle_time_limit != 0)
+        RestartIdleTimer (f);
+#endif
+}
+
+/*
+ * lcp_echo_lowerdown - Stop the timer for the LCP frame
+ */
+
+static void
+lcp_echo_lowerdown (unit)
+    int unit;
+{
+    fsm *f = &lcp_fsm[unit];
+
+    if (lcp_echo_timer_running != 0) {
+        UNTIMEOUT (LcpEchoTimeout, (caddr_t) f);
+        lcp_echo_timer_running = 0;
+    }
+#ifdef _linux_  
+    /* If a idle time limit is running then stop it */
+    if (idle_timer_running != 0) {
+        UNTIMEOUT (IdleTimeCheck, (caddr_t) f);
+        idle_timer_running = 0;
+    }
+#endif
+}
diff --git a/usr.sbin/pppd/lcp.h b/usr.sbin/pppd/lcp.h
new file mode 100644
index 00000000000..7182223bedb
--- /dev/null
+++ b/usr.sbin/pppd/lcp.h
@@ -0,0 +1,88 @@
+/*
+ * lcp.h - Link Control Protocol definitions.
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * $Id: lcp.h,v 1.1 1995/10/18 08:47:59 deraadt Exp $
+ */
+
+/*
+ * Options.
+ */
+#define CI_MRU		1	/* Maximum Receive Unit */
+#define CI_ASYNCMAP	2	/* Async Control Character Map */
+#define CI_AUTHTYPE	3	/* Authentication Type */
+#define CI_QUALITY	4	/* Quality Protocol */
+#define CI_MAGICNUMBER	5	/* Magic Number */
+#define CI_PCOMPRESSION	7	/* Protocol Field Compression */
+#define CI_ACCOMPRESSION 8	/* Address/Control Field Compression */
+
+/*
+ * LCP-specific packet types.
+ */
+#define PROTREJ		8	/* Protocol Reject */
+#define ECHOREQ		9	/* Echo Request */
+#define ECHOREP		10	/* Echo Reply */
+#define DISCREQ		11	/* Discard Request */
+
+/*
+ * The state of options is described by an lcp_options structure.
+ */
+typedef struct lcp_options {
+    int passive : 1;		/* Don't die if we don't get a response */
+    int silent : 1;		/* Wait for the other end to start first */
+    int restart : 1;		/* Restart vs. exit after close */
+    int neg_mru : 1;		/* Negotiate the MRU? */
+    int neg_asyncmap : 1;	/* Negotiate the async map? */
+    int neg_upap : 1;		/* Ask for UPAP authentication? */
+    int neg_chap : 1;		/* Ask for CHAP authentication? */
+    int neg_magicnumber : 1;	/* Ask for magic number? */
+    int neg_pcompression : 1;	/* HDLC Protocol Field Compression? */
+    int neg_accompression : 1;	/* HDLC Address/Control Field Compression? */
+    int neg_lqr : 1;		/* Negotiate use of Link Quality Reports */
+    u_short mru;		/* Value of MRU */
+    u_char chap_mdtype;		/* which MD type (hashing algorithm) */
+    u_int32_t asyncmap;		/* Value of async map */
+    u_int32_t magicnumber;
+    int numloops;		/* Number of loops during magic number neg. */
+    u_int32_t lqr_period;	/* Reporting period for LQR 1/100ths second */
+} lcp_options;
+
+extern fsm lcp_fsm[];
+extern lcp_options lcp_wantoptions[];
+extern lcp_options lcp_gotoptions[];
+extern lcp_options lcp_allowoptions[];
+extern lcp_options lcp_hisoptions[];
+extern u_int32_t xmit_accm[][8];
+
+#define DEFMRU	1500		/* Try for this */
+#define MINMRU	128		/* No MRUs below this */
+#define MAXMRU	16384		/* Normally limit MRU to this */
+
+void lcp_init __P((int));
+void lcp_open __P((int));
+void lcp_close __P((int));
+void lcp_lowerup __P((int));
+void lcp_lowerdown __P((int));
+void lcp_input __P((int, u_char *, int));
+void lcp_protrej __P((int));
+void lcp_sprotrej __P((int, u_char *, int));
+int  lcp_printpkt __P((u_char *, int,
+		       void (*) __P((void *, char *, ...)), void *));
+
+/* Default number of times we receive our magic number from the peer
+   before deciding the link is looped-back. */
+#define DEFLOOPBACKFAIL	5
diff --git a/usr.sbin/pppd/magic.c b/usr.sbin/pppd/magic.c
new file mode 100644
index 00000000000..e2ff3f38a4f
--- /dev/null
+++ b/usr.sbin/pppd/magic.c
@@ -0,0 +1,90 @@
+/*
+ * magic.c - PPP Magic Number routines.
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: magic.c,v 1.1 1995/10/18 08:47:59 deraadt Exp $";
+#endif
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/time.h>
+
+#include "pppd.h"
+#include "magic.h"
+
+static u_int32_t next;		/* Next value to return */
+
+extern int gethostid __P((void));
+extern long mrand48 __P((void));
+extern void srand48 __P((long));
+
+
+/*
+ * magic_init - Initialize the magic number generator.
+ *
+ * Attempts to compute a random number seed which will not repeat.
+ * The current method uses the current hostid, current process ID
+ * and current time, currently.
+ */
+void
+magic_init()
+{
+    long seed;
+    struct timeval t;
+
+    gettimeofday(&t, NULL);
+    seed = gethostid() ^ t.tv_sec ^ t.tv_usec ^ getpid();
+    srand48(seed);
+}
+
+/*
+ * magic - Returns the next magic number.
+ */
+u_int32_t
+magic()
+{
+    return (u_int32_t) mrand48();
+}
+
+#ifdef NO_DRAND48
+/*
+ * Substitute procedures for those systems which don't have
+ * drand48 et al.
+ */
+
+double
+drand48()
+{
+    return (double)random() / (double)0x7fffffffL; /* 2**31-1 */
+}
+
+long
+mrand48()
+{
+    return random();
+}
+
+void
+srand48(seedval)
+long seedval;
+{
+    srandom((int)seedval);
+}
+
+#endif
diff --git a/usr.sbin/pppd/magic.h b/usr.sbin/pppd/magic.h
new file mode 100644
index 00000000000..68f3a3a1799
--- /dev/null
+++ b/usr.sbin/pppd/magic.h
@@ -0,0 +1,23 @@
+/*
+ * magic.h - PPP Magic Number definitions.
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * $Id: magic.h,v 1.1 1995/10/18 08:47:59 deraadt Exp $
+ */
+
+void magic_init __P((void));	/* Initialize the magic number generator */
+u_int32_t magic __P((void));	/* Returns the next magic number */
diff --git a/usr.sbin/pppd/main.c b/usr.sbin/pppd/main.c
new file mode 100644
index 00000000000..77a643b7173
--- /dev/null
+++ b/usr.sbin/pppd/main.c
@@ -0,0 +1,1087 @@
+/*
+ * main.c - Point-to-Point Protocol main module
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: main.c,v 1.1 1995/10/18 08:47:59 deraadt Exp $";
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <syslog.h>
+#include <netdb.h>
+#include <utmp.h>
+#include <pwd.h>
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <net/if.h>
+
+#include "pppd.h"
+#include "magic.h"
+#include "fsm.h"
+#include "lcp.h"
+#include "ipcp.h"
+#include "upap.h"
+#include "chap.h"
+#include "ccp.h"
+#include "pathnames.h"
+#include "patchlevel.h"
+
+/*
+ * If REQ_SYSOPTIONS is defined to 1, pppd will not run unless
+ * /etc/ppp/options exists.
+ */
+#ifndef	REQ_SYSOPTIONS
+#define REQ_SYSOPTIONS	1
+#endif
+
+/* interface vars */
+char ifname[IFNAMSIZ];		/* Interface name */
+int ifunit;			/* Interface unit number */
+
+char *progname;			/* Name of this program */
+char hostname[MAXNAMELEN];	/* Our hostname */
+static char pidfilename[MAXPATHLEN];	/* name of pid file */
+static char default_devnam[MAXPATHLEN];	/* name of default device */
+static pid_t	pid;		/* Our pid */
+static pid_t	pgrpid;		/* Process Group ID */
+static uid_t uid;		/* Our real user-id */
+
+int fd = -1;			/* Device file descriptor */
+
+int phase;			/* where the link is at */
+int kill_link;
+int open_ccp_flag;
+
+static int initfdflags = -1;	/* Initial file descriptor flags */
+
+u_char outpacket_buf[PPP_MRU+PPP_HDRLEN]; /* buffer for outgoing packet */
+static u_char inpacket_buf[PPP_MRU+PPP_HDRLEN]; /* buffer for incoming packet */
+
+int hungup;			/* terminal has been hung up */
+static int n_children;		/* # child processes still running */
+
+int baud_rate;
+
+char *no_ppp_msg = "Sorry - this system lacks PPP kernel support\n";
+
+/* prototypes */
+static void hup __P((int));
+static void term __P((int));
+static void chld __P((int));
+static void toggle_debug __P((int));
+static void open_ccp __P((int));
+static void bad_signal __P((int));
+
+static void get_input __P((void));
+void establish_ppp __P((void));
+void calltimeout __P((void));
+struct timeval *timeleft __P((struct timeval *));
+void reap_kids __P((void));
+void cleanup __P((int, caddr_t));
+void close_fd __P((void));
+void die __P((int));
+void novm __P((char *));
+
+void log_packet __P((u_char *, int, char *));
+void format_packet __P((u_char *, int,
+			   void (*) (void *, char *, ...), void *));
+void pr_log __P((void *, char *, ...));
+
+extern	char	*ttyname __P((int));
+extern	char	*getlogin __P((void));
+
+#ifdef ultrix
+#undef	O_NONBLOCK
+#define	O_NONBLOCK	O_NDELAY
+#endif
+
+/*
+ * PPP Data Link Layer "protocol" table.
+ * One entry per supported protocol.
+ */
+static struct protent {
+    u_short protocol;
+    void (*init)();
+    void (*input)();
+    void (*protrej)();
+    int  (*printpkt)();
+    void (*datainput)();
+    char *name;
+} prottbl[] = {
+    { PPP_LCP, lcp_init, lcp_input, lcp_protrej,
+	  lcp_printpkt, NULL, "LCP" },
+    { PPP_IPCP, ipcp_init, ipcp_input, ipcp_protrej,
+	  ipcp_printpkt, NULL, "IPCP" },
+    { PPP_PAP, upap_init, upap_input, upap_protrej,
+	  upap_printpkt, NULL, "PAP" },
+    { PPP_CHAP, ChapInit, ChapInput, ChapProtocolReject,
+	  ChapPrintPkt, NULL, "CHAP" },
+    { PPP_CCP, ccp_init, ccp_input, ccp_protrej,
+	  ccp_printpkt, ccp_datainput, "CCP" },
+};
+
+#define N_PROTO		(sizeof(prottbl) / sizeof(prottbl[0]))
+
+main(argc, argv)
+    int argc;
+    char *argv[];
+{
+    int i, nonblock;
+    struct sigaction sa;
+    struct cmd *cmdp;
+    FILE *pidfile;
+    char *p;
+    struct passwd *pw;
+    struct timeval timo;
+    sigset_t mask;
+
+    p = ttyname(0);
+    if (p)
+	strcpy(devnam, p);
+    strcpy(default_devnam, devnam);
+
+    if (gethostname(hostname, MAXNAMELEN) < 0 ) {
+	perror("couldn't get hostname");
+	die(1);
+    }
+    hostname[MAXNAMELEN-1] = 0;
+
+    uid = getuid();
+
+    if (!ppp_available()) {
+	fprintf(stderr, no_ppp_msg);
+	exit(1);
+    }
+
+    /*
+     * Initialize to the standard option set, then parse, in order,
+     * the system options file, the user's options file, and the command
+     * line arguments.
+     */
+    for (i = 0; i < N_PROTO; i++)
+	(*prottbl[i].init)(0);
+  
+    progname = *argv;
+
+    if (!options_from_file(_PATH_SYSOPTIONS, REQ_SYSOPTIONS, 0) ||
+	!options_from_user() ||
+	!parse_args(argc-1, argv+1) ||
+	!options_for_tty())
+	die(1);
+    check_auth_options();
+    setipdefault();
+
+    /*
+     * If the user has specified the default device name explicitly,
+     * pretend they hadn't.
+     */
+    if (!default_device && strcmp(devnam, default_devnam) == 0)
+	default_device = 1;
+
+    /*
+     * Initialize system-dependent stuff and magic number package.
+     */
+    sys_init();
+    magic_init();
+
+    /*
+     * Detach ourselves from the terminal, if required,
+     * and identify who is running us.
+     */
+    if (!default_device && !nodetach && daemon(0, 0) < 0) {
+	perror("Couldn't detach from controlling terminal");
+	exit(1);
+    }
+    pid = getpid();
+    p = getlogin();
+    if (p == NULL) {
+	pw = getpwuid(uid);
+	if (pw != NULL && pw->pw_name != NULL)
+	    p = pw->pw_name;
+	else
+	    p = "(unknown)";
+    }
+    syslog(LOG_NOTICE, "pppd %s.%d started by %s, uid %d",
+	   VERSION, PATCHLEVEL, p, uid);
+  
+    /*
+     * Compute mask of all interesting signals and install signal handlers
+     * for each.  Only one signal handler may be active at a time.  Therefore,
+     * all other signals should be masked when any handler is executing.
+     */
+    sigemptyset(&mask);
+    sigaddset(&mask, SIGHUP);
+    sigaddset(&mask, SIGINT);
+    sigaddset(&mask, SIGTERM);
+    sigaddset(&mask, SIGCHLD);
+
+#define SIGNAL(s, handler)	{ \
+	sa.sa_handler = handler; \
+	if (sigaction(s, &sa, NULL) < 0) { \
+	    syslog(LOG_ERR, "Couldn't establish signal handler (%d): %m", s); \
+	    die(1); \
+	} \
+    }
+
+    sa.sa_mask = mask;
+    sa.sa_flags = 0;
+    SIGNAL(SIGHUP, hup);		/* Hangup */
+    SIGNAL(SIGINT, term);		/* Interrupt */
+    SIGNAL(SIGTERM, term);		/* Terminate */
+    SIGNAL(SIGCHLD, chld);
+
+    SIGNAL(SIGUSR1, toggle_debug);	/* Toggle debug flag */
+    SIGNAL(SIGUSR2, open_ccp);		/* Reopen CCP */
+
+    /*
+     * Install a handler for other signals which would otherwise
+     * cause pppd to exit without cleaning up.
+     */
+    SIGNAL(SIGABRT, bad_signal);
+    SIGNAL(SIGALRM, bad_signal);
+    SIGNAL(SIGFPE, bad_signal);
+    SIGNAL(SIGILL, bad_signal);
+    SIGNAL(SIGPIPE, bad_signal);
+    SIGNAL(SIGQUIT, bad_signal);
+    SIGNAL(SIGSEGV, bad_signal);
+#ifdef SIGBUS
+    SIGNAL(SIGBUS, bad_signal);
+#endif
+#ifdef SIGEMT
+    SIGNAL(SIGEMT, bad_signal);
+#endif
+#ifdef SIGPOLL
+    SIGNAL(SIGPOLL, bad_signal);
+#endif
+#ifdef SIGPROF
+    SIGNAL(SIGPROF, bad_signal);
+#endif
+#ifdef SIGSYS
+    SIGNAL(SIGSYS, bad_signal);
+#endif
+#ifdef SIGTRAP
+    SIGNAL(SIGTRAP, bad_signal);
+#endif
+#ifdef SIGVTALRM
+    SIGNAL(SIGVTALRM, bad_signal);
+#endif
+#ifdef SIGXCPU
+    SIGNAL(SIGXCPU, bad_signal);
+#endif
+#ifdef SIGXFSZ
+    SIGNAL(SIGXFSZ, bad_signal);
+#endif
+
+    /*
+     * Lock the device if we've been asked to.
+     */
+    if (lockflag && !default_device)
+	if (lock(devnam) < 0)
+	    die(1);
+
+    do {
+
+	/*
+	 * Open the serial device and set it up to be the ppp interface.
+	 * If we're dialling out, or we don't want to use the modem lines,
+	 * we open it in non-blocking mode, but then we need to clear
+	 * the non-blocking I/O bit.
+	 */
+	nonblock = (connector || !modem)? O_NONBLOCK: 0;
+	if ((fd = open(devnam, nonblock | O_RDWR, 0)) < 0) {
+	    syslog(LOG_ERR, "Failed to open %s: %m", devnam);
+	    die(1);
+	}
+	if ((initfdflags = fcntl(fd, F_GETFL)) == -1) {
+	    syslog(LOG_ERR, "Couldn't get device fd flags: %m");
+	    die(1);
+	}
+	if (nonblock) {
+	    initfdflags &= ~O_NONBLOCK;
+	    fcntl(fd, F_SETFL, initfdflags);
+	}
+	hungup = 0;
+	kill_link = 0;
+
+	/* run connection script */
+	if (connector && connector[0]) {
+	    MAINDEBUG((LOG_INFO, "Connecting with <%s>", connector));
+
+	    /* set line speed, flow control, etc.; set CLOCAL for now */
+	    set_up_tty(fd, 1);
+
+	    /* drop dtr to hang up in case modem is off hook */
+	    if (!default_device && modem) {
+		setdtr(fd, FALSE);
+		sleep(1);
+		setdtr(fd, TRUE);
+	    }
+
+	    if (device_script(connector, fd, fd) < 0) {
+		syslog(LOG_ERR, "Connect script failed");
+		setdtr(fd, FALSE);
+		die(1);
+	    }
+
+	    syslog(LOG_INFO, "Serial connection established.");
+	    sleep(1);		/* give it time to set up its terminal */
+	}
+
+	/* set line speed, flow control, etc.; clear CLOCAL if modem option */
+	set_up_tty(fd, 0);
+
+	/* set up the serial device as a ppp interface */
+	establish_ppp();
+
+	syslog(LOG_INFO, "Using interface ppp%d", ifunit);
+	(void) sprintf(ifname, "ppp%d", ifunit);
+
+	/* write pid to file */
+	(void) sprintf(pidfilename, "%s%s.pid", _PATH_VARRUN, ifname);
+	if ((pidfile = fopen(pidfilename, "w")) != NULL) {
+	    fprintf(pidfile, "%d\n", pid);
+	    (void) fclose(pidfile);
+	} else {
+	    syslog(LOG_ERR, "Failed to create pid file %s: %m", pidfilename);
+	    pidfilename[0] = 0;
+	}
+
+	/*
+	 * Set device for non-blocking reads.
+	 */
+	if (fcntl(fd, F_SETFL, initfdflags | O_NONBLOCK) == -1) {
+	    syslog(LOG_ERR, "Couldn't set device to non-blocking mode: %m");
+	    die(1);
+	}
+  
+	/*
+	 * Block all signals, start opening the connection, and wait for
+	 * incoming events (reply, timeout, etc.).
+	 */
+	syslog(LOG_NOTICE, "Connect: %s <--> %s", ifname, devnam);
+	lcp_lowerup(0);
+	lcp_open(0);		/* Start protocol */
+	for (phase = PHASE_ESTABLISH; phase != PHASE_DEAD; ) {
+	    wait_input(timeleft(&timo));
+	    calltimeout();
+	    get_input();
+	    if (kill_link) {
+		lcp_close(0);
+		kill_link = 0;
+	    }
+	    if (open_ccp_flag) {
+		if (phase == PHASE_NETWORK) {
+		    ccp_fsm[0].flags = OPT_RESTART; /* clears OPT_SILENT */
+		    ccp_open(0);
+		}
+		open_ccp_flag = 0;
+	    }
+	    reap_kids();	/* Don't leave dead kids lying around */
+	}
+
+	/*
+	 * Run disconnector script, if requested.
+	 * First we need to reset non-blocking mode.
+	 * XXX we may not be able to do this if the line has hung up!
+	 */
+	if (initfdflags != -1 && fcntl(fd, F_SETFL, initfdflags) >= 0)
+	    initfdflags = -1;
+	disestablish_ppp();
+	if (disconnector) {
+	    set_up_tty(fd, 1);
+	    if (device_script(disconnector, fd, fd) < 0) {
+		syslog(LOG_WARNING, "disconnect script failed");
+	    } else {
+		syslog(LOG_INFO, "Serial link disconnected.");
+	    }
+	}
+
+	close_fd();
+	if (unlink(pidfilename) < 0 && errno != ENOENT) 
+	    syslog(LOG_WARNING, "unable to delete pid file: %m");
+	pidfilename[0] = 0;
+
+    } while (persist);
+
+    die(0);
+}
+
+
+/*
+ * get_input - called when incoming data is available.
+ */
+static void
+get_input()
+{
+    int len, i;
+    u_char *p;
+    u_short protocol;
+
+    p = inpacket_buf;	/* point to beginning of packet buffer */
+
+    len = read_packet(inpacket_buf);
+    if (len < 0)
+	return;
+
+    if (len == 0) {
+	syslog(LOG_NOTICE, "Modem hangup");
+	hungup = 1;
+	lcp_lowerdown(0);	/* serial link is no longer available */
+	phase = PHASE_DEAD;
+	return;
+    }
+
+    if (debug /*&& (debugflags & DBG_INPACKET)*/)
+	log_packet(p, len, "rcvd ");
+
+    if (len < PPP_HDRLEN) {
+	MAINDEBUG((LOG_INFO, "io(): Received short packet."));
+	return;
+    }
+
+    p += 2;				/* Skip address and control */
+    GETSHORT(protocol, p);
+    len -= PPP_HDRLEN;
+
+    /*
+     * Toss all non-LCP packets unless LCP is OPEN.
+     */
+    if (protocol != PPP_LCP && lcp_fsm[0].state != OPENED) {
+	MAINDEBUG((LOG_INFO,
+		   "io(): Received non-LCP packet when LCP not open."));
+	return;
+    }
+
+    /*
+     * Upcall the proper protocol input routine.
+     */
+    for (i = 0; i < sizeof (prottbl) / sizeof (struct protent); i++) {
+	if (prottbl[i].protocol == protocol) {
+	    (*prottbl[i].input)(0, p, len);
+	    return;
+	}
+        if (protocol == (prottbl[i].protocol & ~0x8000)
+	    && prottbl[i].datainput != NULL) {
+	    (*prottbl[i].datainput)(0, p, len);
+	    return;
+	}
+    }
+
+    if (debug)
+    	syslog(LOG_WARNING, "Unknown protocol (0x%x) received", protocol);
+    lcp_sprotrej(0, p - PPP_HDRLEN, len + PPP_HDRLEN);
+}
+
+
+/*
+ * demuxprotrej - Demultiplex a Protocol-Reject.
+ */
+void
+demuxprotrej(unit, protocol)
+    int unit;
+    u_short protocol;
+{
+    int i;
+
+    /*
+     * Upcall the proper Protocol-Reject routine.
+     */
+    for (i = 0; i < sizeof (prottbl) / sizeof (struct protent); i++)
+	if (prottbl[i].protocol == protocol) {
+	    (*prottbl[i].protrej)(unit);
+	    return;
+	}
+
+    syslog(LOG_WARNING,
+	   "demuxprotrej: Unrecognized Protocol-Reject for protocol 0x%x",
+	   protocol);
+}
+
+
+/*
+ * bad_signal - We've caught a fatal signal.  Clean up state and exit.
+ */
+static void
+bad_signal(sig)
+    int sig;
+{
+    syslog(LOG_ERR, "Fatal signal %d", sig);
+    die(1);
+}
+
+/*
+ * quit - Clean up state and exit (with an error indication).
+ */
+void 
+quit()
+{
+    die(1);
+}
+
+/*
+ * die - like quit, except we can specify an exit status.
+ */
+void
+die(status)
+    int status;
+{
+    cleanup(0, NULL);
+    syslog(LOG_INFO, "Exit.");
+    exit(status);
+}
+
+/*
+ * cleanup - restore anything which needs to be restored before we exit
+ */
+/* ARGSUSED */
+void
+cleanup(status, arg)
+    int status;
+    caddr_t arg;
+{
+    if (fd >= 0)
+	close_fd();
+
+    if (pidfilename[0] != 0 && unlink(pidfilename) < 0 && errno != ENOENT) 
+	syslog(LOG_WARNING, "unable to delete pid file: %m");
+    pidfilename[0] = 0;
+
+    if (lockflag && !default_device)
+	unlock();
+}
+
+/*
+ * close_fd - restore the terminal device and close it.
+ */
+void
+close_fd()
+{
+    disestablish_ppp();
+
+    /* drop dtr to hang up */
+    if (modem)
+	setdtr(fd, FALSE);
+
+    if (initfdflags != -1 && fcntl(fd, F_SETFL, initfdflags) < 0)
+	syslog(LOG_WARNING, "Couldn't restore device fd flags: %m");
+    initfdflags = -1;
+
+    restore_tty();
+
+    close(fd);
+    fd = -1;
+}
+
+
+struct	callout {
+    struct timeval	c_time;		/* time at which to call routine */
+    caddr_t		c_arg;		/* argument to routine */
+    void		(*c_func)();	/* routine */
+    struct		callout *c_next;
+};
+
+static struct callout *callout = NULL;	/* Callout list */
+static struct timeval timenow;		/* Current time */
+
+/*
+ * timeout - Schedule a timeout.
+ *
+ * Note that this timeout takes the number of seconds, NOT hz (as in
+ * the kernel).
+ */
+void
+timeout(func, arg, time)
+    void (*func)();
+    caddr_t arg;
+    int time;
+{
+    struct callout *newp, *p, **pp;
+  
+    MAINDEBUG((LOG_DEBUG, "Timeout %lx:%lx in %d seconds.",
+	       (long) func, (long) arg, time));
+  
+    /*
+     * Allocate timeout.
+     */
+    if ((newp = (struct callout *) malloc(sizeof(struct callout))) == NULL) {
+	syslog(LOG_ERR, "Out of memory in timeout()!");
+	die(1);
+    }
+    newp->c_arg = arg;
+    newp->c_func = func;
+    gettimeofday(&timenow, NULL);
+    newp->c_time.tv_sec = timenow.tv_sec + time;
+    newp->c_time.tv_usec = timenow.tv_usec;
+  
+    /*
+     * Find correct place and link it in.
+     */
+    for (pp = &callout; (p = *pp); pp = &p->c_next)
+	if (newp->c_time.tv_sec < p->c_time.tv_sec
+	    || (newp->c_time.tv_sec == p->c_time.tv_sec
+		&& newp->c_time.tv_usec < p->c_time.tv_sec))
+	    break;
+    newp->c_next = p;
+    *pp = newp;
+}
+
+
+/*
+ * untimeout - Unschedule a timeout.
+ */
+void
+untimeout(func, arg)
+    void (*func)();
+    caddr_t arg;
+{
+    struct itimerval itv;
+    struct callout **copp, *freep;
+    int reschedule = 0;
+  
+    MAINDEBUG((LOG_DEBUG, "Untimeout %lx:%lx.", (long) func, (long) arg));
+  
+    /*
+     * Find first matching timeout and remove it from the list.
+     */
+    for (copp = &callout; (freep = *copp); copp = &freep->c_next)
+	if (freep->c_func == func && freep->c_arg == arg) {
+	    *copp = freep->c_next;
+	    (void) free((char *) freep);
+	    break;
+	}
+}
+
+
+/*
+ * calltimeout - Call any timeout routines which are now due.
+ */
+void
+calltimeout()
+{
+    struct callout *p;
+
+    while (callout != NULL) {
+	p = callout;
+
+	if (gettimeofday(&timenow, NULL) < 0) {
+	    syslog(LOG_ERR, "Failed to get time of day: %m");
+	    die(1);
+	}
+	if (!(p->c_time.tv_sec < timenow.tv_sec
+	      || (p->c_time.tv_sec == timenow.tv_sec
+		  && p->c_time.tv_usec <= timenow.tv_usec)))
+	    break;		/* no, it's not time yet */
+
+	callout = p->c_next;
+	(*p->c_func)(p->c_arg);
+
+	free((char *) p);
+    }
+}
+
+
+/*
+ * timeleft - return the length of time until the next timeout is due.
+ */
+struct timeval *
+timeleft(tvp)
+    struct timeval *tvp;
+{
+    if (callout == NULL)
+	return NULL;
+
+    gettimeofday(&timenow, NULL);
+    tvp->tv_sec = callout->c_time.tv_sec - timenow.tv_sec;
+    tvp->tv_usec = callout->c_time.tv_usec - timenow.tv_usec;
+    if (tvp->tv_usec < 0) {
+	tvp->tv_usec += 1000000;
+	tvp->tv_sec -= 1;
+    }
+    if (tvp->tv_sec < 0)
+	tvp->tv_sec = tvp->tv_usec = 0;
+
+    return tvp;
+}
+    
+
+/*
+ * hup - Catch SIGHUP signal.
+ *
+ * Indicates that the physical layer has been disconnected.
+ * We don't rely on this indication; if the user has sent this
+ * signal, we just take the link down.
+ */
+static void
+hup(sig)
+    int sig;
+{
+    syslog(LOG_INFO, "Hangup (SIGHUP)");
+    kill_link = 1;
+}
+
+
+/*
+ * term - Catch SIGTERM signal and SIGINT signal (^C/del).
+ *
+ * Indicates that we should initiate a graceful disconnect and exit.
+ */
+/*ARGSUSED*/
+static void
+term(sig)
+    int sig;
+{
+    syslog(LOG_INFO, "Terminating on signal %d.", sig);
+    persist = 0;		/* don't try to restart */
+    kill_link = 1;
+}
+
+
+/*
+ * chld - Catch SIGCHLD signal.
+ * Calls reap_kids to get status for any dead kids.
+ */
+static void
+chld(sig)
+    int sig;
+{
+    reap_kids();
+}
+
+
+/*
+ * toggle_debug - Catch SIGUSR1 signal.
+ *
+ * Toggle debug flag.
+ */
+/*ARGSUSED*/
+static void
+toggle_debug(sig)
+    int sig;
+{
+    debug = !debug;
+    note_debug_level();
+}
+
+
+/*
+ * open_ccp - Catch SIGUSR2 signal.
+ *
+ * Try to (re)negotiate compression.
+ */
+/*ARGSUSED*/
+static void
+open_ccp(sig)
+    int sig;
+{
+    open_ccp_flag = 1;
+}
+
+
+/*
+ * device_script - run a program to connect or disconnect the
+ * serial device.
+ */
+int
+device_script(program, in, out)
+    char *program;
+    int in, out;
+{
+    int pid;
+    int status;
+    int errfd;
+
+    pid = fork();
+
+    if (pid < 0) {
+	syslog(LOG_ERR, "Failed to create child process: %m");
+	die(1);
+    }
+
+    if (pid == 0) {
+	dup2(in, 0);
+	dup2(out, 1);
+	errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
+	if (errfd >= 0)
+	    dup2(errfd, 2);
+	setuid(getuid());
+	setgid(getgid());
+	execl("/bin/sh", "sh", "-c", program, (char *)0);
+	syslog(LOG_ERR, "could not exec /bin/sh: %m");
+	_exit(99);
+	/* NOTREACHED */
+    }
+
+    while (waitpid(pid, &status, 0) < 0) {
+	if (errno == EINTR)
+	    continue;
+	syslog(LOG_ERR, "error waiting for (dis)connection process: %m");
+	die(1);
+    }
+
+    return (status == 0 ? 0 : -1);
+}
+
+
+/*
+ * run-program - execute a program with given arguments,
+ * but don't wait for it.
+ * If the program can't be executed, logs an error unless
+ * must_exist is 0 and the program file doesn't exist.
+ */
+int
+run_program(prog, args, must_exist)
+    char *prog;
+    char **args;
+    int must_exist;
+{
+    int pid;
+    char *nullenv[1];
+
+    pid = fork();
+    if (pid == -1) {
+	syslog(LOG_ERR, "Failed to create child process for %s: %m", prog);
+	return -1;
+    }
+    if (pid == 0) {
+	int new_fd;
+
+	/* Leave the current location */
+	(void) setsid();    /* No controlling tty. */
+	(void) umask (S_IRWXG|S_IRWXO);
+	(void) chdir ("/"); /* no current directory. */
+	setuid(geteuid());
+	setgid(getegid());
+
+	/* Ensure that nothing of our device environment is inherited. */
+	close (0);
+	close (1);
+	close (2);
+	close (fd);  /* tty interface to the ppp device */
+	/* XXX should call sysdep cleanup procedure here */
+
+        /* Don't pass handles to the PPP device, even by accident. */
+	new_fd = open (_PATH_DEVNULL, O_RDWR);
+	if (new_fd >= 0) {
+	    if (new_fd != 0) {
+	        dup2  (new_fd, 0); /* stdin <- /dev/null */
+		close (new_fd);
+	    }
+	    dup2 (0, 1); /* stdout -> /dev/null */
+	    dup2 (0, 2); /* stderr -> /dev/null */
+	}
+
+#ifdef BSD
+	/* Force the priority back to zero if pppd is running higher. */
+	if (setpriority (PRIO_PROCESS, 0, 0) < 0)
+	    syslog (LOG_WARNING, "can't reset priority to 0: %m"); 
+#endif
+
+	/* SysV recommends a second fork at this point. */
+
+	/* run the program; give it a null environment */
+	nullenv[0] = NULL;
+	execve(prog, args, nullenv);
+	if (must_exist || errno != ENOENT)
+	    syslog(LOG_WARNING, "Can't execute %s: %m", prog);
+	_exit(-1);
+    }
+    MAINDEBUG((LOG_DEBUG, "Script %s started; pid = %d", prog, pid));
+    ++n_children;
+    return 0;
+}
+
+
+/*
+ * reap_kids - get status from any dead child processes,
+ * and log a message for abnormal terminations.
+ */
+void
+reap_kids()
+{
+    int pid, status;
+
+    if (n_children == 0)
+	return;
+    if ((pid = waitpid(-1, &status, WNOHANG)) == -1) {
+	if (errno != ECHILD)
+	    syslog(LOG_ERR, "Error waiting for child process: %m");
+	return;
+    }
+    if (pid > 0) {
+	--n_children;
+	if (WIFSIGNALED(status)) {
+	    syslog(LOG_WARNING, "Child process %d terminated with signal %d",
+		   pid, WTERMSIG(status));
+	}
+    }
+}
+
+
+/*
+ * log_packet - format a packet and log it.
+ */
+
+char line[256];			/* line to be logged accumulated here */
+char *linep;
+
+void
+log_packet(p, len, prefix)
+    u_char *p;
+    int len;
+    char *prefix;
+{
+    strcpy(line, prefix);
+    linep = line + strlen(line);
+    format_packet(p, len, pr_log, NULL);
+    if (linep != line)
+	syslog(LOG_DEBUG, "%s", line);
+}
+
+/*
+ * format_packet - make a readable representation of a packet,
+ * calling `printer(arg, format, ...)' to output it.
+ */
+void
+format_packet(p, len, printer, arg)
+    u_char *p;
+    int len;
+    void (*printer) __P((void *, char *, ...));
+    void *arg;
+{
+    int i, n;
+    u_short proto;
+    u_char x;
+
+    if (len >= PPP_HDRLEN && p[0] == PPP_ALLSTATIONS && p[1] == PPP_UI) {
+	p += 2;
+	GETSHORT(proto, p);
+	len -= PPP_HDRLEN;
+	for (i = 0; i < N_PROTO; ++i)
+	    if (proto == prottbl[i].protocol)
+		break;
+	if (i < N_PROTO) {
+	    printer(arg, "[%s", prottbl[i].name);
+	    n = (*prottbl[i].printpkt)(p, len, printer, arg);
+	    printer(arg, "]");
+	    p += n;
+	    len -= n;
+	} else {
+	    printer(arg, "[proto=0x%x]", proto);
+	}
+    }
+
+    for (; len > 0; --len) {
+	GETCHAR(x, p);
+	printer(arg, " %.2x", x);
+    }
+}
+
+#ifdef __STDC__
+#include <stdarg.h>
+
+void
+pr_log(void *arg, char *fmt, ...)
+{
+    int n;
+    va_list pvar;
+    char buf[256];
+
+    va_start(pvar, fmt);
+    vsprintf(buf, fmt, pvar);
+    va_end(pvar);
+
+    n = strlen(buf);
+    if (linep + n + 1 > line + sizeof(line)) {
+	syslog(LOG_DEBUG, "%s", line);
+	linep = line;
+    }
+    strcpy(linep, buf);
+    linep += n;
+}
+
+#else /* __STDC__ */
+#include <varargs.h>
+
+void
+pr_log(arg, fmt, va_alist)
+void *arg;
+char *fmt;
+va_dcl
+{
+    int n;
+    va_list pvar;
+    char buf[256];
+
+    va_start(pvar);
+    vsprintf(buf, fmt, pvar);
+    va_end(pvar);
+
+    n = strlen(buf);
+    if (linep + n + 1 > line + sizeof(line)) {
+	syslog(LOG_DEBUG, "%s", line);
+	linep = line;
+    }
+    strcpy(linep, buf);
+    linep += n;
+}
+#endif
+
+/*
+ * print_string - print a readable representation of a string using
+ * printer.
+ */
+void
+print_string(p, len, printer, arg)
+    char *p;
+    int len;
+    void (*printer) __P((void *, char *, ...));
+    void *arg;
+{
+    int c;
+
+    printer(arg, "\"");
+    for (; len > 0; --len) {
+	c = *p++;
+	if (' ' <= c && c <= '~')
+	    printer(arg, "%c", c);
+	else
+	    printer(arg, "\\%.3o", c);
+    }
+    printer(arg, "\"");
+}
+
+/*
+ * novm - log an error message saying we ran out of memory, and die.
+ */
+void
+novm(msg)
+    char *msg;
+{
+    syslog(LOG_ERR, "Virtual memory exhausted allocating %s\n", msg);
+    die(1);
+}
diff --git a/usr.sbin/pppd/md5.c b/usr.sbin/pppd/md5.c
new file mode 100644
index 00000000000..480c860c0aa
--- /dev/null
+++ b/usr.sbin/pppd/md5.c
@@ -0,0 +1,304 @@
+
+
+/*
+ ***********************************************************************
+ ** md5.c -- the source code for MD5 routines                         **
+ ** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
+ ** Created: 2/17/90 RLR                                              **
+ ** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. **
+ ***********************************************************************
+ */
+
+/*
+ ***********************************************************************
+ ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
+ **                                                                   **
+ ** License to copy and use this software is granted provided that    **
+ ** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
+ ** Digest Algorithm" in all material mentioning or referencing this  **
+ ** software or this function.                                        **
+ **                                                                   **
+ ** License is also granted to make and use derivative works          **
+ ** provided that such works are identified as "derived from the RSA  **
+ ** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
+ ** material mentioning or referencing the derived work.              **
+ **                                                                   **
+ ** RSA Data Security, Inc. makes no representations concerning       **
+ ** either the merchantability of this software or the suitability    **
+ ** of this software for any particular purpose.  It is provided "as  **
+ ** is" without express or implied warranty of any kind.              **
+ **                                                                   **
+ ** These notices must be retained in any copies of any part of this  **
+ ** documentation and/or software.                                    **
+ ***********************************************************************
+ */
+
+#include "md5.h"
+
+/*
+ ***********************************************************************
+ **  Message-digest routines:                                         **
+ **  To form the message digest for a message M                       **
+ **    (1) Initialize a context buffer mdContext using MD5Init        **
+ **    (2) Call MD5Update on mdContext and M                          **
+ **    (3) Call MD5Final on mdContext                                 **
+ **  The message digest is now in mdContext->digest[0...15]           **
+ ***********************************************************************
+ */
+
+/* forward declaration */
+static void Transform ();
+
+static unsigned char PADDING[64] = {
+  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+/* F, G, H and I are basic MD5 functions */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+#define I(x, y, z) ((y) ^ ((x) | (~z)))
+
+/* ROTATE_LEFT rotates x left n bits */
+#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
+
+/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */
+/* Rotation is separate from addition to prevent recomputation */
+#define FF(a, b, c, d, x, s, ac) \
+  {(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
+   (a) = ROTATE_LEFT ((a), (s)); \
+   (a) += (b); \
+  }
+#define GG(a, b, c, d, x, s, ac) \
+  {(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
+   (a) = ROTATE_LEFT ((a), (s)); \
+   (a) += (b); \
+  }
+#define HH(a, b, c, d, x, s, ac) \
+  {(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
+   (a) = ROTATE_LEFT ((a), (s)); \
+   (a) += (b); \
+  }
+#define II(a, b, c, d, x, s, ac) \
+  {(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
+   (a) = ROTATE_LEFT ((a), (s)); \
+   (a) += (b); \
+  }
+
+#ifdef __STDC__
+#define UL(x)	x##U
+#else
+#define UL(x)	x
+#endif
+
+/* The routine MD5Init initializes the message-digest context
+   mdContext. All fields are set to zero.
+ */
+void MD5Init (mdContext)
+MD5_CTX *mdContext;
+{
+  mdContext->i[0] = mdContext->i[1] = (UINT4)0;
+
+  /* Load magic initialization constants.
+   */
+  mdContext->buf[0] = (UINT4)0x67452301;
+  mdContext->buf[1] = (UINT4)0xefcdab89;
+  mdContext->buf[2] = (UINT4)0x98badcfe;
+  mdContext->buf[3] = (UINT4)0x10325476;
+}
+
+/* The routine MD5Update updates the message-digest context to
+   account for the presence of each of the characters inBuf[0..inLen-1]
+   in the message whose digest is being computed.
+ */
+void MD5Update (mdContext, inBuf, inLen)
+MD5_CTX *mdContext;
+unsigned char *inBuf;
+unsigned int inLen;
+{
+  UINT4 in[16];
+  int mdi;
+  unsigned int i, ii;
+
+  /* compute number of bytes mod 64 */
+  mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+  /* update number of bits */
+  if ((mdContext->i[0] + ((UINT4)inLen << 3)) < mdContext->i[0])
+    mdContext->i[1]++;
+  mdContext->i[0] += ((UINT4)inLen << 3);
+  mdContext->i[1] += ((UINT4)inLen >> 29);
+
+  while (inLen--) {
+    /* add new character to buffer, increment mdi */
+    mdContext->in[mdi++] = *inBuf++;
+
+    /* transform if necessary */
+    if (mdi == 0x40) {
+      for (i = 0, ii = 0; i < 16; i++, ii += 4)
+        in[i] = (((UINT4)mdContext->in[ii+3]) << 24) |
+                (((UINT4)mdContext->in[ii+2]) << 16) |
+                (((UINT4)mdContext->in[ii+1]) << 8) |
+                ((UINT4)mdContext->in[ii]);
+      Transform (mdContext->buf, in);
+      mdi = 0;
+    }
+  }
+}
+
+/* The routine MD5Final terminates the message-digest computation and
+   ends with the desired message digest in mdContext->digest[0...15].
+ */
+void MD5Final (mdContext)
+MD5_CTX *mdContext;
+{
+  UINT4 in[16];
+  int mdi;
+  unsigned int i, ii;
+  unsigned int padLen;
+
+  /* save number of bits */
+  in[14] = mdContext->i[0];
+  in[15] = mdContext->i[1];
+
+  /* compute number of bytes mod 64 */
+  mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+  /* pad out to 56 mod 64 */
+  padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
+  MD5Update (mdContext, PADDING, padLen);
+
+  /* append length in bits and transform */
+  for (i = 0, ii = 0; i < 14; i++, ii += 4)
+    in[i] = (((UINT4)mdContext->in[ii+3]) << 24) |
+            (((UINT4)mdContext->in[ii+2]) << 16) |
+            (((UINT4)mdContext->in[ii+1]) << 8) |
+            ((UINT4)mdContext->in[ii]);
+  Transform (mdContext->buf, in);
+
+  /* store buffer in digest */
+  for (i = 0, ii = 0; i < 4; i++, ii += 4) {
+    mdContext->digest[ii] = (unsigned char)(mdContext->buf[i] & 0xFF);
+    mdContext->digest[ii+1] =
+      (unsigned char)((mdContext->buf[i] >> 8) & 0xFF);
+    mdContext->digest[ii+2] =
+      (unsigned char)((mdContext->buf[i] >> 16) & 0xFF);
+    mdContext->digest[ii+3] =
+      (unsigned char)((mdContext->buf[i] >> 24) & 0xFF);
+  }
+}
+
+/* Basic MD5 step. Transforms buf based on in.
+ */
+static void Transform (buf, in)
+UINT4 *buf;
+UINT4 *in;
+{
+  UINT4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
+
+  /* Round 1 */
+#define S11 7
+#define S12 12
+#define S13 17
+#define S14 22
+  FF ( a, b, c, d, in[ 0], S11, UL(3614090360)); /* 1 */
+  FF ( d, a, b, c, in[ 1], S12, UL(3905402710)); /* 2 */
+  FF ( c, d, a, b, in[ 2], S13, UL( 606105819)); /* 3 */
+  FF ( b, c, d, a, in[ 3], S14, UL(3250441966)); /* 4 */
+  FF ( a, b, c, d, in[ 4], S11, UL(4118548399)); /* 5 */
+  FF ( d, a, b, c, in[ 5], S12, UL(1200080426)); /* 6 */
+  FF ( c, d, a, b, in[ 6], S13, UL(2821735955)); /* 7 */
+  FF ( b, c, d, a, in[ 7], S14, UL(4249261313)); /* 8 */
+  FF ( a, b, c, d, in[ 8], S11, UL(1770035416)); /* 9 */
+  FF ( d, a, b, c, in[ 9], S12, UL(2336552879)); /* 10 */
+  FF ( c, d, a, b, in[10], S13, UL(4294925233)); /* 11 */
+  FF ( b, c, d, a, in[11], S14, UL(2304563134)); /* 12 */
+  FF ( a, b, c, d, in[12], S11, UL(1804603682)); /* 13 */
+  FF ( d, a, b, c, in[13], S12, UL(4254626195)); /* 14 */
+  FF ( c, d, a, b, in[14], S13, UL(2792965006)); /* 15 */
+  FF ( b, c, d, a, in[15], S14, UL(1236535329)); /* 16 */
+
+  /* Round 2 */
+#define S21 5
+#define S22 9
+#define S23 14
+#define S24 20
+  GG ( a, b, c, d, in[ 1], S21, UL(4129170786)); /* 17 */
+  GG ( d, a, b, c, in[ 6], S22, UL(3225465664)); /* 18 */
+  GG ( c, d, a, b, in[11], S23, UL( 643717713)); /* 19 */
+  GG ( b, c, d, a, in[ 0], S24, UL(3921069994)); /* 20 */
+  GG ( a, b, c, d, in[ 5], S21, UL(3593408605)); /* 21 */
+  GG ( d, a, b, c, in[10], S22, UL(  38016083)); /* 22 */
+  GG ( c, d, a, b, in[15], S23, UL(3634488961)); /* 23 */
+  GG ( b, c, d, a, in[ 4], S24, UL(3889429448)); /* 24 */
+  GG ( a, b, c, d, in[ 9], S21, UL( 568446438)); /* 25 */
+  GG ( d, a, b, c, in[14], S22, UL(3275163606)); /* 26 */
+  GG ( c, d, a, b, in[ 3], S23, UL(4107603335)); /* 27 */
+  GG ( b, c, d, a, in[ 8], S24, UL(1163531501)); /* 28 */
+  GG ( a, b, c, d, in[13], S21, UL(2850285829)); /* 29 */
+  GG ( d, a, b, c, in[ 2], S22, UL(4243563512)); /* 30 */
+  GG ( c, d, a, b, in[ 7], S23, UL(1735328473)); /* 31 */
+  GG ( b, c, d, a, in[12], S24, UL(2368359562)); /* 32 */
+
+  /* Round 3 */
+#define S31 4
+#define S32 11
+#define S33 16
+#define S34 23
+  HH ( a, b, c, d, in[ 5], S31, UL(4294588738)); /* 33 */
+  HH ( d, a, b, c, in[ 8], S32, UL(2272392833)); /* 34 */
+  HH ( c, d, a, b, in[11], S33, UL(1839030562)); /* 35 */
+  HH ( b, c, d, a, in[14], S34, UL(4259657740)); /* 36 */
+  HH ( a, b, c, d, in[ 1], S31, UL(2763975236)); /* 37 */
+  HH ( d, a, b, c, in[ 4], S32, UL(1272893353)); /* 38 */
+  HH ( c, d, a, b, in[ 7], S33, UL(4139469664)); /* 39 */
+  HH ( b, c, d, a, in[10], S34, UL(3200236656)); /* 40 */
+  HH ( a, b, c, d, in[13], S31, UL( 681279174)); /* 41 */
+  HH ( d, a, b, c, in[ 0], S32, UL(3936430074)); /* 42 */
+  HH ( c, d, a, b, in[ 3], S33, UL(3572445317)); /* 43 */
+  HH ( b, c, d, a, in[ 6], S34, UL(  76029189)); /* 44 */
+  HH ( a, b, c, d, in[ 9], S31, UL(3654602809)); /* 45 */
+  HH ( d, a, b, c, in[12], S32, UL(3873151461)); /* 46 */
+  HH ( c, d, a, b, in[15], S33, UL( 530742520)); /* 47 */
+  HH ( b, c, d, a, in[ 2], S34, UL(3299628645)); /* 48 */
+
+  /* Round 4 */
+#define S41 6
+#define S42 10
+#define S43 15
+#define S44 21
+  II ( a, b, c, d, in[ 0], S41, UL(4096336452)); /* 49 */
+  II ( d, a, b, c, in[ 7], S42, UL(1126891415)); /* 50 */
+  II ( c, d, a, b, in[14], S43, UL(2878612391)); /* 51 */
+  II ( b, c, d, a, in[ 5], S44, UL(4237533241)); /* 52 */
+  II ( a, b, c, d, in[12], S41, UL(1700485571)); /* 53 */
+  II ( d, a, b, c, in[ 3], S42, UL(2399980690)); /* 54 */
+  II ( c, d, a, b, in[10], S43, UL(4293915773)); /* 55 */
+  II ( b, c, d, a, in[ 1], S44, UL(2240044497)); /* 56 */
+  II ( a, b, c, d, in[ 8], S41, UL(1873313359)); /* 57 */
+  II ( d, a, b, c, in[15], S42, UL(4264355552)); /* 58 */
+  II ( c, d, a, b, in[ 6], S43, UL(2734768916)); /* 59 */
+  II ( b, c, d, a, in[13], S44, UL(1309151649)); /* 60 */
+  II ( a, b, c, d, in[ 4], S41, UL(4149444226)); /* 61 */
+  II ( d, a, b, c, in[11], S42, UL(3174756917)); /* 62 */
+  II ( c, d, a, b, in[ 2], S43, UL( 718787259)); /* 63 */
+  II ( b, c, d, a, in[ 9], S44, UL(3951481745)); /* 64 */
+
+  buf[0] += a;
+  buf[1] += b;
+  buf[2] += c;
+  buf[3] += d;
+}
+
+/*
+ ***********************************************************************
+ ** End of md5.c                                                      **
+ ******************************** (cut) ********************************
+ */
diff --git a/usr.sbin/pppd/md5.h b/usr.sbin/pppd/md5.h
new file mode 100644
index 00000000000..7492b2228e2
--- /dev/null
+++ b/usr.sbin/pppd/md5.h
@@ -0,0 +1,58 @@
+/*
+ ***********************************************************************
+ ** md5.h -- header file for implementation of MD5                    **
+ ** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
+ ** Created: 2/17/90 RLR                                              **
+ ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version               **
+ ** Revised (for MD5): RLR 4/27/91                                    **
+ **   -- G modified to have y&~z instead of y&z                       **
+ **   -- FF, GG, HH modified to add in last register done             **
+ **   -- Access pattern: round 2 works mod 5, round 3 works mod 3     **
+ **   -- distinct additive constant for each step                     **
+ **   -- round 4 added, working mod 7                                 **
+ ***********************************************************************
+ */
+
+/*
+ ***********************************************************************
+ ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
+ **                                                                   **
+ ** License to copy and use this software is granted provided that    **
+ ** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
+ ** Digest Algorithm" in all material mentioning or referencing this  **
+ ** software or this function.                                        **
+ **                                                                   **
+ ** License is also granted to make and use derivative works          **
+ ** provided that such works are identified as "derived from the RSA  **
+ ** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
+ ** material mentioning or referencing the derived work.              **
+ **                                                                   **
+ ** RSA Data Security, Inc. makes no representations concerning       **
+ ** either the merchantability of this software or the suitability    **
+ ** of this software for any particular purpose.  It is provided "as  **
+ ** is" without express or implied warranty of any kind.              **
+ **                                                                   **
+ ** These notices must be retained in any copies of any part of this  **
+ ** documentation and/or software.                                    **
+ ***********************************************************************
+ */
+
+#ifndef __MD5_INCLUDE__
+
+/* typedef a 32-bit type */
+typedef unsigned int UINT4;
+
+/* Data structure for MD5 (Message-Digest) computation */
+typedef struct {
+  UINT4 i[2];                   /* number of _bits_ handled mod 2^64 */
+  UINT4 buf[4];                                    /* scratch buffer */
+  unsigned char in[64];                              /* input buffer */
+  unsigned char digest[16];     /* actual digest after MD5Final call */
+} MD5_CTX;
+
+void MD5Init ();
+void MD5Update ();
+void MD5Final ();
+
+#define __MD5_INCLUDE__
+#endif /* __MD5_INCLUDE__ */
diff --git a/usr.sbin/pppd/options.c b/usr.sbin/pppd/options.c
new file mode 100644
index 00000000000..7b125ee8df4
--- /dev/null
+++ b/usr.sbin/pppd/options.c
@@ -0,0 +1,1740 @@
+/*
+ * options.c - handles option processing for PPP.
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: options.c,v 1.1 1995/10/18 08:47:59 deraadt Exp $";
+#endif
+
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <termios.h>
+#include <syslog.h>
+#include <string.h>
+#include <netdb.h>
+#include <pwd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <netinet/in.h>
+
+#include "pppd.h"
+#include "pathnames.h"
+#include "patchlevel.h"
+#include "fsm.h"
+#include "lcp.h"
+#include "ipcp.h"
+#include "upap.h"
+#include "chap.h"
+#include "ccp.h"
+
+#include <net/ppp-comp.h>
+
+#define FALSE	0
+#define TRUE	1
+
+#if defined(ultrix) || defined(NeXT)
+char *strdup __P((char *));
+#endif
+
+#ifndef GIDSET_TYPE
+#define GIDSET_TYPE	gid_t
+#endif
+
+/*
+ * Option variables and default values.
+ */
+int	debug = 0;		/* Debug flag */
+int	kdebugflag = 0;		/* Tell kernel to print debug messages */
+int	default_device = 1;	/* Using /dev/tty or equivalent */
+char	devnam[MAXPATHLEN] = "/dev/tty";	/* Device name */
+int	crtscts = 0;		/* Use hardware flow control */
+int	modem = 1;		/* Use modem control lines */
+int	inspeed = 0;		/* Input/Output speed requested */
+u_int32_t netmask = 0;		/* IP netmask to set on interface */
+int	lockflag = 0;		/* Create lock file to lock the serial dev */
+int	nodetach = 0;		/* Don't detach from controlling tty */
+char	*connector = NULL;	/* Script to establish physical link */
+char	*disconnector = NULL;	/* Script to disestablish physical link */
+char	user[MAXNAMELEN];	/* Username for PAP */
+char	passwd[MAXSECRETLEN];	/* Password for PAP */
+int	auth_required = 0;	/* Peer is required to authenticate */
+int	defaultroute = 0;	/* assign default route through interface */
+int	proxyarp = 0;		/* Set up proxy ARP entry for peer */
+int	persist = 0;		/* Reopen link after it goes down */
+int	uselogin = 0;		/* Use /etc/passwd for checking PAP */
+int	lcp_echo_interval = 0; 	/* Interval between LCP echo-requests */
+int	lcp_echo_fails = 0;	/* Tolerance to unanswered echo-requests */
+char	our_name[MAXNAMELEN];	/* Our name for authentication purposes */
+char	remote_name[MAXNAMELEN]; /* Peer's name for authentication */
+int	usehostname = 0;	/* Use hostname for our_name */
+int	disable_defaultip = 0;	/* Don't use hostname for default IP adrs */
+char	*ipparam = NULL;	/* Extra parameter for ip up/down scripts */
+int	cryptpap;		/* Passwords in pap-secrets are encrypted */
+
+#ifdef _linux_
+int idle_time_limit = 0;
+static int setidle __P((char **));
+#endif
+
+/*
+ * Prototypes
+ */
+static int setdebug __P((void));
+static int setkdebug __P((char **));
+static int setpassive __P((void));
+static int setsilent __P((void));
+static int noopt __P((void));
+static int setnovj __P((void));
+static int setnovjccomp __P((void));
+static int setvjslots __P((char **));
+static int reqpap __P((void));
+static int nopap __P((void));
+static int setupapfile __P((char **));
+static int nochap __P((void));
+static int reqchap __P((void));
+static int setspeed __P((char *));
+static int noaccomp __P((void));
+static int noasyncmap __P((void));
+static int noipaddr __P((void));
+static int nomagicnumber __P((void));
+static int setasyncmap __P((char **));
+static int setescape __P((char **));
+static int setmru __P((char **));
+static int setmtu __P((char **));
+static int nomru __P((void));
+static int nopcomp __P((void));
+static int setconnector __P((char **));
+static int setdisconnector __P((char **));
+static int setdomain __P((char **));
+static int setnetmask __P((char **));
+static int setcrtscts __P((void));
+static int setnocrtscts __P((void));
+static int setxonxoff __P((void));
+static int setnodetach __P((void));
+static int setmodem __P((void));
+static int setlocal __P((void));
+static int setlock __P((void));
+static int setname __P((char **));
+static int setuser __P((char **));
+static int setremote __P((char **));
+static int setauth __P((void));
+static int readfile __P((char **));
+static int setdefaultroute __P((void));
+static int setnodefaultroute __P((void));
+static int setproxyarp __P((void));
+static int setnoproxyarp __P((void));
+static int setpersist __P((void));
+static int setdologin __P((void));
+static int setusehostname __P((void));
+static int setnoipdflt __P((void));
+static int setlcptimeout __P((char **));
+static int setlcpterm __P((char **));
+static int setlcpconf __P((char **));
+static int setlcpfails __P((char **));
+static int setipcptimeout __P((char **));
+static int setipcpterm __P((char **));
+static int setipcpconf __P((char **));
+static int setipcpfails __P((char **));
+static int setpaptimeout __P((char **));
+static int setpapreqs __P((char **));
+static int setpapreqtime __P((char **));
+static int setchaptimeout __P((char **));
+static int setchapchal __P((char **));
+static int setchapintv __P((char **));
+static int setipcpaccl __P((void));
+static int setipcpaccr __P((void));
+static int setlcpechointv __P((char **));
+static int setlcpechofails __P((char **));
+static int setbsdcomp __P((char **));
+static int setnobsdcomp __P((void));
+static int setipparam __P((char **));
+static int setpapcrypt __P((void));
+
+static int number_option __P((char *, u_int32_t *, int));
+static int readable __P((int fd));
+
+void usage();
+
+/*
+ * Valid arguments.
+ */
+static struct cmd {
+    char *cmd_name;
+    int num_args;
+    int (*cmd_func)();
+} cmds[] = {
+    {"-all", 0, noopt},		/* Don't request/allow any options */
+    {"-ac", 0, noaccomp},	/* Disable Address/Control compress */
+    {"-am", 0, noasyncmap},	/* Disable asyncmap negotiation */
+    {"-as", 1, setasyncmap},	/* set the desired async map */
+    {"-d", 0, setdebug},	/* Increase debugging level */
+    {"-detach", 0, setnodetach}, /* don't fork */
+    {"-ip", 0, noipaddr},	/* Disable IP address negotiation */
+    {"-mn", 0, nomagicnumber},	/* Disable magic number negotiation */
+    {"-mru", 0, nomru},		/* Disable mru negotiation */
+    {"-p", 0, setpassive},	/* Set passive mode */
+    {"-pc", 0, nopcomp},	/* Disable protocol field compress */
+    {"+ua", 1, setupapfile},	/* Get PAP user and password from file */
+    {"+pap", 0, reqpap},	/* Require PAP auth from peer */
+    {"-pap", 0, nopap},		/* Don't allow UPAP authentication with peer */
+    {"+chap", 0, reqchap},	/* Require CHAP authentication from peer */
+    {"-chap", 0, nochap},	/* Don't allow CHAP authentication with peer */
+    {"-vj", 0, setnovj},	/* disable VJ compression */
+    {"-vjccomp", 0, setnovjccomp}, /* disable VJ connection-ID compression */
+    {"vj-max-slots", 1, setvjslots}, /* Set maximum VJ header slots */
+    {"asyncmap", 1, setasyncmap}, /* set the desired async map */
+    {"escape", 1, setescape},	/* set chars to escape on transmission */
+    {"connect", 1, setconnector}, /* A program to set up a connection */
+    {"disconnect", 1, setdisconnector},	/* program to disconnect serial dev. */
+    {"crtscts", 0, setcrtscts},	/* set h/w flow control */
+    {"-crtscts", 0, setnocrtscts}, /* clear h/w flow control */
+    {"xonxoff", 0, setxonxoff},	/* set s/w flow control */
+    {"debug", 0, setdebug},	/* Increase debugging level */
+    {"kdebug", 1, setkdebug},	/* Enable kernel-level debugging */
+    {"domain", 1, setdomain},	/* Add given domain name to hostname*/
+    {"mru", 1, setmru},		/* Set MRU value for negotiation */
+    {"mtu", 1, setmtu},		/* Set our MTU */
+    {"netmask", 1, setnetmask},	/* set netmask */
+    {"passive", 0, setpassive},	/* Set passive mode */
+    {"silent", 0, setsilent},	/* Set silent mode */
+    {"modem", 0, setmodem},	/* Use modem control lines */
+    {"local", 0, setlocal},	/* Don't use modem control lines */
+    {"lock", 0, setlock},	/* Lock serial device (with lock file) */
+    {"name", 1, setname},	/* Set local name for authentication */
+    {"user", 1, setuser},	/* Set username for PAP auth with peer */
+    {"usehostname", 0, setusehostname},	/* Must use hostname for auth. */
+    {"remotename", 1, setremote}, /* Set remote name for authentication */
+    {"auth", 0, setauth},	/* Require authentication from peer */
+    {"file", 1, readfile},	/* Take options from a file */
+    {"defaultroute", 0, setdefaultroute}, /* Add default route */
+    {"-defaultroute", 0, setnodefaultroute}, /* disable defaultroute option */
+    {"proxyarp", 0, setproxyarp}, /* Add proxy ARP entry */
+    {"-proxyarp", 0, setnoproxyarp}, /* disable proxyarp option */
+    {"persist", 0, setpersist},	/* Keep on reopening connection after close */
+    {"login", 0, setdologin},	/* Use system password database for UPAP */
+    {"noipdefault", 0, setnoipdflt}, /* Don't use name for default IP adrs */
+    {"lcp-echo-failure", 1, setlcpechofails}, /* consecutive echo failures */
+    {"lcp-echo-interval", 1, setlcpechointv}, /* time for lcp echo events */
+    {"lcp-restart", 1, setlcptimeout}, /* Set timeout for LCP */
+    {"lcp-max-terminate", 1, setlcpterm}, /* Set max #xmits for term-reqs */
+    {"lcp-max-configure", 1, setlcpconf}, /* Set max #xmits for conf-reqs */
+    {"lcp-max-failure", 1, setlcpfails}, /* Set max #conf-naks for LCP */
+    {"ipcp-restart", 1, setipcptimeout}, /* Set timeout for IPCP */
+    {"ipcp-max-terminate", 1, setipcpterm}, /* Set max #xmits for term-reqs */
+    {"ipcp-max-configure", 1, setipcpconf}, /* Set max #xmits for conf-reqs */
+    {"ipcp-max-failure", 1, setipcpfails}, /* Set max #conf-naks for IPCP */
+    {"pap-restart", 1, setpaptimeout},	/* Set retransmit timeout for PAP */
+    {"pap-max-authreq", 1, setpapreqs}, /* Set max #xmits for auth-reqs */
+    {"pap-timeout", 1, setpapreqtime},	/* Set time limit for peer PAP auth. */
+    {"chap-restart", 1, setchaptimeout}, /* Set timeout for CHAP */
+    {"chap-max-challenge", 1, setchapchal}, /* Set max #xmits for challenge */
+    {"chap-interval", 1, setchapintv}, /* Set interval for rechallenge */
+    {"ipcp-accept-local", 0, setipcpaccl}, /* Accept peer's address for us */
+    {"ipcp-accept-remote", 0, setipcpaccr}, /* Accept peer's address for it */
+    {"bsdcomp", 1, setbsdcomp},		/* request BSD-Compress */
+    {"-bsdcomp", 0, setnobsdcomp},	/* don't allow BSD-Compress */
+    {"ipparam", 1, setipparam},		/* set ip script parameter */
+    {"papcrypt", 0, setpapcrypt},	/* PAP passwords encrypted */
+#ifdef _linux_
+    {"idle-disconnect", 1, setidle}, /* seconds for disconnect of idle IP */
+#endif
+    {NULL, 0, NULL}
+};
+
+
+#ifndef IMPLEMENTATION
+#define IMPLEMENTATION ""
+#endif
+
+static char *usage_string = "\
+pppd version %s patch level %d%s\n\
+Usage: %s [ arguments ], where arguments are:\n\
+	<device>	Communicate over the named device\n\
+	<speed>		Set the baud rate to <speed>\n\
+	<loc>:<rem>	Set the local and/or remote interface IP\n\
+			addresses.  Either one may be omitted.\n\
+	asyncmap <n>	Set the desired async map to hex <n>\n\
+	auth		Require authentication from peer\n\
+        connect <p>     Invoke shell command <p> to set up the serial line\n\
+	crtscts		Use hardware RTS/CTS flow control\n\
+	defaultroute	Add default route through interface\n\
+	file <f>	Take options from file <f>\n\
+	modem		Use modem control lines\n\
+	mru <n>		Set MRU value to <n> for negotiation\n\
+	netmask <n>	Set interface netmask to <n>\n\
+See pppd(8) for more options.\n\
+";
+
+
+/*
+ * parse_args - parse a string of arguments, from the command
+ * line or from a file.
+ */
+int
+parse_args(argc, argv)
+    int argc;
+    char **argv;
+{
+    char *arg, *val;
+    struct cmd *cmdp;
+    int ret;
+
+    while (argc > 0) {
+	arg = *argv++;
+	--argc;
+
+	/*
+	 * First see if it's a command.
+	 */
+	for (cmdp = cmds; cmdp->cmd_name; cmdp++)
+	    if (!strcmp(arg, cmdp->cmd_name))
+		break;
+
+	if (cmdp->cmd_name != NULL) {
+	    if (argc < cmdp->num_args) {
+		fprintf(stderr, "Too few parameters for command %s\n", arg);
+		return 0;
+	    }
+	    if (!(*cmdp->cmd_func)(argv))
+		return 0;
+	    argc -= cmdp->num_args;
+	    argv += cmdp->num_args;
+
+	} else {
+	    /*
+	     * Maybe a tty name, speed or IP address?
+	     */
+	    if ((ret = setdevname(arg)) == 0
+		&& (ret = setspeed(arg)) == 0
+		&& (ret = setipaddr(arg)) == 0) {
+		fprintf(stderr, "%s: unrecognized command\n", arg);
+		usage();
+		return 0;
+	    }
+	    if (ret < 0)	/* error */
+		return 0;
+	}
+    }
+    return 1;
+}
+
+/*
+ * usage - print out a message telling how to use the program.
+ */
+void
+usage()
+{
+    fprintf(stderr, usage_string, VERSION, PATCHLEVEL, IMPLEMENTATION,
+	    progname);
+}
+
+/*
+ * options_from_file - Read a string of options from a file,
+ * and interpret them.
+ */
+int
+options_from_file(filename, must_exist, check_prot)
+    char *filename;
+    int must_exist;
+    int check_prot;
+{
+    FILE *f;
+    int i, newline, ret;
+    struct cmd *cmdp;
+    char *argv[MAXARGS];
+    char args[MAXARGS][MAXWORDLEN];
+    char cmd[MAXWORDLEN];
+
+    if ((f = fopen(filename, "r")) == NULL) {
+	if (!must_exist && errno == ENOENT)
+	    return 1;
+	perror(filename);
+	return 0;
+    }
+    if (check_prot && !readable(fileno(f))) {
+	fprintf(stderr, "%s: access denied\n", filename);
+	fclose(f);
+	return 0;
+    }
+
+    while (getword(f, cmd, &newline, filename)) {
+	/*
+	 * First see if it's a command.
+	 */
+	for (cmdp = cmds; cmdp->cmd_name; cmdp++)
+	    if (!strcmp(cmd, cmdp->cmd_name))
+		break;
+
+	if (cmdp->cmd_name != NULL) {
+	    for (i = 0; i < cmdp->num_args; ++i) {
+		if (!getword(f, args[i], &newline, filename)) {
+		    fprintf(stderr,
+			    "In file %s: too few parameters for command %s\n",
+			    filename, cmd);
+		    fclose(f);
+		    return 0;
+		}
+		argv[i] = args[i];
+	    }
+	    if (!(*cmdp->cmd_func)(argv)) {
+		fclose(f);
+		return 0;
+	    }
+
+	} else {
+	    /*
+	     * Maybe a tty name, speed or IP address?
+	     */
+	    if ((ret = setdevname(cmd)) == 0
+		&& (ret = setspeed(cmd)) == 0
+		&& (ret = setipaddr(cmd)) == 0) {
+		fprintf(stderr, "In file %s: unrecognized command %s\n",
+			filename, cmd);
+		fclose(f);
+		return 0;
+	    }
+	    if (ret < 0)	/* error */
+		return 0;
+	}
+    }
+    return 1;
+}
+
+/*
+ * options_from_user - See if the use has a ~/.ppprc file,
+ * and if so, interpret options from it.
+ */
+int
+options_from_user()
+{
+    char *user, *path, *file;
+    int ret;
+    struct passwd *pw;
+
+    pw = getpwuid(getuid());
+    if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0)
+	return 1;
+    file = _PATH_USEROPT;
+    path = malloc(strlen(user) + strlen(file) + 2);
+    if (path == NULL)
+	novm("init file name");
+    strcpy(path, user);
+    strcat(path, "/");
+    strcat(path, file);
+    ret = options_from_file(path, 0, 1);
+    free(path);
+    return ret;
+}
+
+/*
+ * options_for_tty - See if an options file exists for the serial
+ * device, and if so, interpret options from it.
+ */
+int
+options_for_tty()
+{
+    char *dev, *path;
+    int ret;
+
+    dev = strrchr(devnam, '/');
+    if (dev == NULL)
+	dev = devnam;
+    else
+	++dev;
+    if (strcmp(dev, "tty") == 0)
+	return 1;		/* don't look for /etc/ppp/options.tty */
+    path = malloc(strlen(_PATH_TTYOPT) + strlen(dev) + 1);
+    if (path == NULL)
+	novm("tty init file name");
+    strcpy(path, _PATH_TTYOPT);
+    strcat(path, dev);
+    ret = options_from_file(path, 0, 0);
+    free(path);
+    return ret;
+}
+
+/*
+ * readable - check if a file is readable by the real user.
+ */
+static int
+readable(fd)
+    int fd;
+{
+    uid_t uid;
+    int ngroups, i;
+    struct stat sbuf;
+    GIDSET_TYPE groups[NGROUPS_MAX];
+
+    uid = getuid();
+    if (uid == 0)
+	return 1;
+    if (fstat(fd, &sbuf) != 0)
+	return 0;
+    if (sbuf.st_uid == uid)
+	return sbuf.st_mode & S_IRUSR;
+    if (sbuf.st_gid == getgid())
+	return sbuf.st_mode & S_IRGRP;
+    ngroups = getgroups(NGROUPS_MAX, groups);
+    for (i = 0; i < ngroups; ++i)
+	if (sbuf.st_gid == groups[i])
+	    return sbuf.st_mode & S_IRGRP;
+    return sbuf.st_mode & S_IROTH;
+}
+
+/*
+ * Read a word from a file.
+ * Words are delimited by white-space or by quotes (" or ').
+ * Quotes, white-space and \ may be escaped with \.
+ * \<newline> is ignored.
+ */
+
+int
+getword(f, word, newlinep, filename)
+    FILE *f;
+    char *word;
+    int *newlinep;
+    char *filename;
+{
+    int c, len, escape;
+    int quoted, comment;
+    int value, digit, got, n;
+
+#define isoctal(c) ((c) >= '0' && (c) < '8')
+
+    *newlinep = 0;
+    len = 0;
+    escape = 0;
+    comment = 0;
+
+    /*
+     * First skip white-space and comments.
+     */
+    for (;;) {
+	c = getc(f);
+	if (c == EOF)
+	    break;
+
+	/*
+	 * A newline means the end of a comment; backslash-newline
+	 * is ignored.  Note that we cannot have escape && comment.
+	 */
+	if (c == '\n') {
+	    if (!escape) {
+		*newlinep = 1;
+		comment = 0;
+	    } else
+		escape = 0;
+	    continue;
+	}
+
+	/*
+	 * Ignore characters other than newline in a comment.
+	 */
+	if (comment)
+	    continue;
+
+	/*
+	 * If this character is escaped, we have a word start.
+	 */
+	if (escape)
+	    break;
+
+	/*
+	 * If this is the escape character, look at the next character.
+	 */
+	if (c == '\\') {
+	    escape = 1;
+	    continue;
+	}
+
+	/*
+	 * If this is the start of a comment, ignore the rest of the line.
+	 */
+	if (c == '#') {
+	    comment = 1;
+	    continue;
+	}
+
+	/*
+	 * A non-whitespace character is the start of a word.
+	 */
+	if (!isspace(c))
+	    break;
+    }
+
+    /*
+     * Save the delimiter for quoted strings.
+     */
+    if (!escape && (c == '"' || c == '\'')) {
+        quoted = c;
+	c = getc(f);
+    } else
+        quoted = 0;
+
+    /*
+     * Process characters until the end of the word.
+     */
+    while (c != EOF) {
+	if (escape) {
+	    /*
+	     * This character is escaped: backslash-newline is ignored,
+	     * various other characters indicate particular values
+	     * as for C backslash-escapes.
+	     */
+	    escape = 0;
+	    if (c == '\n') {
+	        c = getc(f);
+		continue;
+	    }
+
+	    got = 0;
+	    switch (c) {
+	    case 'a':
+		value = '\a';
+		break;
+	    case 'b':
+		value = '\b';
+		break;
+	    case 'f':
+		value = '\f';
+		break;
+	    case 'n':
+		value = '\n';
+		break;
+	    case 'r':
+		value = '\r';
+		break;
+	    case 's':
+		value = ' ';
+		break;
+	    case 't':
+		value = '\t';
+		break;
+
+	    default:
+		if (isoctal(c)) {
+		    /*
+		     * \ddd octal sequence
+		     */
+		    value = 0;
+		    for (n = 0; n < 3 && isoctal(c); ++n) {
+			value = (value << 3) + (c & 07);
+			c = getc(f);
+		    }
+		    got = 1;
+		    break;
+		}
+
+		if (c == 'x') {
+		    /*
+		     * \x<hex_string> sequence
+		     */
+		    value = 0;
+		    c = getc(f);
+		    for (n = 0; n < 2 && isxdigit(c); ++n) {
+			digit = toupper(c) - '0';
+			if (digit > 10)
+			    digit += '0' + 10 - 'A';
+			value = (value << 4) + digit;
+			c = getc (f);
+		    }
+		    got = 1;
+		    break;
+		}
+
+		/*
+		 * Otherwise the character stands for itself.
+		 */
+		value = c;
+		break;
+	    }
+
+	    /*
+	     * Store the resulting character for the escape sequence.
+	     */
+	    if (len < MAXWORDLEN-1)
+		word[len] = value;
+	    ++len;
+
+	    if (!got)
+		c = getc(f);
+	    continue;
+
+	}
+
+	/*
+	 * Not escaped: see if we've reached the end of the word.
+	 */
+	if (quoted) {
+	    if (c == quoted)
+		break;
+	} else {
+	    if (isspace(c) || c == '#') {
+		ungetc (c, f);
+		break;
+	    }
+	}
+
+	/*
+	 * Backslash starts an escape sequence.
+	 */
+	if (c == '\\') {
+	    escape = 1;
+	    c = getc(f);
+	    continue;
+	}
+
+	/*
+	 * An ordinary character: store it in the word and get another.
+	 */
+	if (len < MAXWORDLEN-1)
+	    word[len] = c;
+	++len;
+
+	c = getc(f);
+    }
+
+    /*
+     * End of the word: check for errors.
+     */
+    if (c == EOF) {
+	if (ferror(f)) {
+	    if (errno == 0)
+		errno = EIO;
+	    perror(filename);
+	    die(1);
+	}
+	/*
+	 * If len is zero, then we didn't find a word before the
+	 * end of the file.
+	 */
+	if (len == 0)
+	    return 0;
+    }
+
+    /*
+     * Warn if the word was too long, and append a terminating null.
+     */
+    if (len >= MAXWORDLEN) {
+	fprintf(stderr, "%s: warning: word in file %s too long (%.20s...)\n",
+		progname, filename, word);
+	len = MAXWORDLEN - 1;
+    }
+    word[len] = 0;
+
+    return 1;
+
+#undef isoctal
+
+}
+
+/*
+ * number_option - parse an unsigned numeric parameter for an option.
+ */
+static int
+number_option(str, valp, base)
+    char *str;
+    u_int32_t *valp;
+    int base;
+{
+    char *ptr;
+
+    *valp = strtoul(str, &ptr, base);
+    if (ptr == str) {
+	fprintf(stderr, "%s: invalid number: %s\n", progname, str);
+	return 0;
+    }
+    return 1;
+}
+
+
+/*
+ * int_option - like number_option, but valp is int *,
+ * the base is assumed to be 0, and *valp is not changed
+ * if there is an error.
+ */
+static int
+int_option(str, valp)
+    char *str;
+    int *valp;
+{
+    u_int32_t v;
+
+    if (!number_option(str, &v, 0))
+	return 0;
+    *valp = (int) v;
+    return 1;
+}
+
+
+/*
+ * The following procedures execute commands.
+ */
+
+/*
+ * readfile - take commands from a file.
+ */
+static int
+readfile(argv)
+    char **argv;
+{
+    return options_from_file(*argv, 1, 1);
+}
+
+/*
+ * setdebug - Set debug (command line argument).
+ */
+static int
+setdebug()
+{
+    debug++;
+    return (1);
+}
+
+/*
+ * setkdebug - Set kernel debugging level.
+ */
+static int
+setkdebug(argv)
+    char **argv;
+{
+    return int_option(*argv, &kdebugflag);
+}
+
+/*
+ * noopt - Disable all options.
+ */
+static int
+noopt()
+{
+    BZERO((char *) &lcp_wantoptions[0], sizeof (struct lcp_options));
+    BZERO((char *) &lcp_allowoptions[0], sizeof (struct lcp_options));
+    BZERO((char *) &ipcp_wantoptions[0], sizeof (struct ipcp_options));
+    BZERO((char *) &ipcp_allowoptions[0], sizeof (struct ipcp_options));
+    return (1);
+}
+
+/*
+ * noaccomp - Disable Address/Control field compression negotiation.
+ */
+static int
+noaccomp()
+{
+    lcp_wantoptions[0].neg_accompression = 0;
+    lcp_allowoptions[0].neg_accompression = 0;
+    return (1);
+}
+
+
+/*
+ * noasyncmap - Disable async map negotiation.
+ */
+static int
+noasyncmap()
+{
+    lcp_wantoptions[0].neg_asyncmap = 0;
+    lcp_allowoptions[0].neg_asyncmap = 0;
+    return (1);
+}
+
+
+/*
+ * noipaddr - Disable IP address negotiation.
+ */
+static int
+noipaddr()
+{
+    ipcp_wantoptions[0].neg_addr = 0;
+    ipcp_allowoptions[0].neg_addr = 0;
+    return (1);
+}
+
+
+/*
+ * nomagicnumber - Disable magic number negotiation.
+ */
+static int
+nomagicnumber()
+{
+    lcp_wantoptions[0].neg_magicnumber = 0;
+    lcp_allowoptions[0].neg_magicnumber = 0;
+    return (1);
+}
+
+
+/*
+ * nomru - Disable mru negotiation.
+ */
+static int
+nomru()
+{
+    lcp_wantoptions[0].neg_mru = 0;
+    lcp_allowoptions[0].neg_mru = 0;
+    return (1);
+}
+
+
+/*
+ * setmru - Set MRU for negotiation.
+ */
+static int
+setmru(argv)
+    char **argv;
+{
+    u_int32_t mru;
+
+    if (!number_option(*argv, &mru, 0))
+	return 0;
+    lcp_wantoptions[0].mru = mru;
+    lcp_wantoptions[0].neg_mru = 1;
+    return (1);
+}
+
+
+/*
+ * setmru - Set the largest MTU we'll use.
+ */
+static int
+setmtu(argv)
+    char **argv;
+{
+    u_int32_t mtu;
+
+    if (!number_option(*argv, &mtu, 0))
+	return 0;
+    if (mtu < MINMRU || mtu > MAXMRU) {
+	fprintf(stderr, "mtu option value of %ld is too %s\n", mtu,
+		(mtu < MINMRU? "small": "large"));
+	return 0;
+    }
+    lcp_allowoptions[0].mru = mtu;
+    return (1);
+}
+
+
+/*
+ * nopcomp - Disable Protocol field compression negotiation.
+ */
+static int
+nopcomp()
+{
+    lcp_wantoptions[0].neg_pcompression = 0;
+    lcp_allowoptions[0].neg_pcompression = 0;
+    return (1);
+}
+
+
+/*
+ * setpassive - Set passive mode (don't give up if we time out sending
+ * LCP configure-requests).
+ */
+static int
+setpassive()
+{
+    lcp_wantoptions[0].passive = 1;
+    return (1);
+}
+
+
+/*
+ * setsilent - Set silent mode (don't start sending LCP configure-requests
+ * until we get one from the peer).
+ */
+static int
+setsilent()
+{
+    lcp_wantoptions[0].silent = 1;
+    return 1;
+}
+
+
+/*
+ * nopap - Disable PAP authentication with peer.
+ */
+static int
+nopap()
+{
+    lcp_allowoptions[0].neg_upap = 0;
+    return (1);
+}
+
+
+/*
+ * reqpap - Require PAP authentication from peer.
+ */
+static int
+reqpap()
+{
+    lcp_wantoptions[0].neg_upap = 1;
+    auth_required = 1;
+    return 1;
+}
+
+
+/*
+ * setupapfile - specifies UPAP info for authenticating with peer.
+ */
+static int
+setupapfile(argv)
+    char **argv;
+{
+    FILE * ufile;
+    int l;
+
+    lcp_allowoptions[0].neg_upap = 1;
+
+    /* open user info file */
+    if ((ufile = fopen(*argv, "r")) == NULL) {
+	fprintf(stderr, "unable to open user login data file %s\n", *argv);
+	return 0;
+    }
+    if (!readable(fileno(ufile))) {
+	fprintf(stderr, "%s: access denied\n", *argv);
+	return 0;
+    }
+    check_access(ufile, *argv);
+
+    /* get username */
+    if (fgets(user, MAXNAMELEN - 1, ufile) == NULL
+	|| fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){
+	fprintf(stderr, "Unable to read user login data file %s.\n", *argv);
+	return 0;
+    }
+    fclose(ufile);
+
+    /* get rid of newlines */
+    l = strlen(user);
+    if (l > 0 && user[l-1] == '\n')
+	user[l-1] = 0;
+    l = strlen(passwd);
+    if (l > 0 && passwd[l-1] == '\n')
+	passwd[l-1] = 0;
+
+    return (1);
+}
+
+
+/*
+ * nochap - Disable CHAP authentication with peer.
+ */
+static int
+nochap()
+{
+    lcp_allowoptions[0].neg_chap = 0;
+    return (1);
+}
+
+
+/*
+ * reqchap - Require CHAP authentication from peer.
+ */
+static int
+reqchap()
+{
+    lcp_wantoptions[0].neg_chap = 1;
+    auth_required = 1;
+    return (1);
+}
+
+
+/*
+ * setnovj - disable vj compression
+ */
+static int
+setnovj()
+{
+    ipcp_wantoptions[0].neg_vj = 0;
+    ipcp_allowoptions[0].neg_vj = 0;
+    return (1);
+}
+
+
+/*
+ * setnovjccomp - disable VJ connection-ID compression
+ */
+static int
+setnovjccomp()
+{
+    ipcp_wantoptions[0].cflag = 0;
+    ipcp_allowoptions[0].cflag = 0;
+    return 1;
+}
+
+
+/*
+ * setvjslots - set maximum number of connection slots for VJ compression
+ */
+static int
+setvjslots(argv)
+    char **argv;
+{
+    int value;
+
+    if (!int_option(*argv, &value))
+	return 0;
+    if (value < 2 || value > 16) {
+	fprintf(stderr, "pppd: vj-max-slots value must be between 2 and 16\n");
+	return 0;
+    }
+    ipcp_wantoptions [0].maxslotindex =
+        ipcp_allowoptions[0].maxslotindex = value - 1;
+    return 1;
+}
+
+
+/*
+ * setconnector - Set a program to connect to a serial line
+ */
+static int
+setconnector(argv)
+    char **argv;
+{
+    connector = strdup(*argv);
+    if (connector == NULL)
+	novm("connector string");
+  
+    return (1);
+}
+
+/*
+ * setdisconnector - Set a program to disconnect from the serial line
+ */
+static int
+setdisconnector(argv)
+    char **argv;
+{
+    disconnector = strdup(*argv);
+    if (disconnector == NULL)
+	novm("disconnector string");
+  
+    return (1);
+}
+
+
+/*
+ * setdomain - Set domain name to append to hostname 
+ */
+static int
+setdomain(argv)
+    char **argv;
+{
+    gethostname(hostname, MAXNAMELEN);
+    if (**argv != 0) {
+	if (**argv != '.')
+	    strncat(hostname, ".", MAXNAMELEN - strlen(hostname));
+	strncat(hostname, *argv, MAXNAMELEN - strlen(hostname));
+    }
+    hostname[MAXNAMELEN-1] = 0;
+    return (1);
+}
+
+
+/*
+ * setasyncmap - add bits to asyncmap (what we request peer to escape).
+ */
+static int
+setasyncmap(argv)
+    char **argv;
+{
+    u_int32_t asyncmap;
+
+    if (!number_option(*argv, &asyncmap, 16))
+	return 0;
+    lcp_wantoptions[0].asyncmap |= asyncmap;
+    lcp_wantoptions[0].neg_asyncmap = 1;
+    return(1);
+}
+
+
+/*
+ * setescape - add chars to the set we escape on transmission.
+ */
+static int
+setescape(argv)
+    char **argv;
+{
+    int n, ret;
+    char *p, *endp;
+
+    p = *argv;
+    ret = 1;
+    while (*p) {
+	n = strtol(p, &endp, 16);
+	if (p == endp) {
+	    fprintf(stderr, "%s: invalid hex number: %s\n", progname, p);
+	    return 0;
+	}
+	p = endp;
+	if (n < 0 || 0x20 <= n && n <= 0x3F || n == 0x5E || n > 0xFF) {
+	    fprintf(stderr, "%s: can't escape character 0x%x\n", progname, n);
+	    ret = 0;
+	} else
+	    xmit_accm[0][n >> 5] |= 1 << (n & 0x1F);
+	while (*p == ',' || *p == ' ')
+	    ++p;
+    }
+    return ret;
+}
+
+
+/*
+ * setspeed - Set the speed.
+ */
+static int
+setspeed(arg)
+    char *arg;
+{
+    char *ptr;
+    int spd;
+
+    spd = strtol(arg, &ptr, 0);
+    if (ptr == arg || *ptr != 0 || spd == 0)
+	return 0;
+    inspeed = spd;
+    return 1;
+}
+
+
+/*
+ * setdevname - Set the device name.
+ */
+int
+setdevname(cp)
+    char *cp;
+{
+    struct stat statbuf;
+    char *tty, *ttyname();
+    char dev[MAXPATHLEN];
+  
+    if (strncmp("/dev/", cp, 5) != 0) {
+	strcpy(dev, "/dev/");
+	strncat(dev, cp, MAXPATHLEN - 5);
+	dev[MAXPATHLEN-1] = 0;
+	cp = dev;
+    }
+
+    /*
+     * Check if there is a device by this name.
+     */
+    if (stat(cp, &statbuf) < 0) {
+	if (errno == ENOENT)
+	    return 0;
+	syslog(LOG_ERR, cp);
+	return -1;
+    }
+  
+    (void) strncpy(devnam, cp, MAXPATHLEN);
+    devnam[MAXPATHLEN-1] = 0;
+    default_device = FALSE;
+  
+    return 1;
+}
+
+
+/*
+ * setipaddr - Set the IP address
+ */
+int
+setipaddr(arg)
+    char *arg;
+{
+    struct hostent *hp;
+    char *colon;
+    u_int32_t local, remote;
+    ipcp_options *wo = &ipcp_wantoptions[0];
+  
+    /*
+     * IP address pair separated by ":".
+     */
+    if ((colon = strchr(arg, ':')) == NULL)
+	return 0;
+  
+    /*
+     * If colon first character, then no local addr.
+     */
+    if (colon != arg) {
+	*colon = '\0';
+	if ((local = inet_addr(arg)) == -1) {
+	    if ((hp = gethostbyname(arg)) == NULL) {
+		fprintf(stderr, "unknown host: %s\n", arg);
+		return -1;
+	    } else {
+		local = *(u_int32_t *)hp->h_addr;
+		if (our_name[0] == 0) {
+		    strncpy(our_name, arg, MAXNAMELEN);
+		    our_name[MAXNAMELEN-1] = 0;
+		}
+	    }
+	}
+	if (bad_ip_adrs(local)) {
+	    fprintf(stderr, "bad local IP address %s\n", ip_ntoa(local));
+	    return -1;
+	}
+	if (local != 0)
+	    wo->ouraddr = local;
+	*colon = ':';
+    }
+  
+    /*
+     * If colon last character, then no remote addr.
+     */
+    if (*++colon != '\0') {
+	if ((remote = inet_addr(colon)) == -1) {
+	    if ((hp = gethostbyname(colon)) == NULL) {
+		fprintf(stderr, "unknown host: %s\n", colon);
+		return -1;
+	    } else {
+		remote = *(u_int32_t *)hp->h_addr;
+		if (remote_name[0] == 0) {
+		    strncpy(remote_name, colon, MAXNAMELEN);
+		    remote_name[MAXNAMELEN-1] = 0;
+		}
+	    }
+	}
+	if (bad_ip_adrs(remote)) {
+	    fprintf(stderr, "bad remote IP address %s\n", ip_ntoa(remote));
+	    return -1;
+	}
+	if (remote != 0)
+	    wo->hisaddr = remote;
+    }
+
+    return 1;
+}
+
+
+/*
+ * setnoipdflt - disable setipdefault()
+ */
+static int
+setnoipdflt()
+{
+    disable_defaultip = 1;
+    return 1;
+}
+
+
+/*
+ * setipcpaccl - accept peer's idea of our address
+ */
+static int
+setipcpaccl()
+{
+    ipcp_wantoptions[0].accept_local = 1;
+    return 1;
+}
+
+
+/*
+ * setipcpaccr - accept peer's idea of its address
+ */
+static int
+setipcpaccr()
+{
+    ipcp_wantoptions[0].accept_remote = 1;
+    return 1;
+}
+
+
+/*
+ * setipdefault - default our local IP address based on our hostname.
+ */
+void
+setipdefault()
+{
+    struct hostent *hp;
+    u_int32_t local;
+    ipcp_options *wo = &ipcp_wantoptions[0];
+
+    /*
+     * If local IP address already given, don't bother.
+     */
+    if (wo->ouraddr != 0 || disable_defaultip)
+	return;
+
+    /*
+     * Look up our hostname (possibly with domain name appended)
+     * and take the first IP address as our local IP address.
+     * If there isn't an IP address for our hostname, too bad.
+     */
+    wo->accept_local = 1;	/* don't insist on this default value */
+    if ((hp = gethostbyname(hostname)) == NULL)
+	return;
+    local = *(u_int32_t *)hp->h_addr;
+    if (local != 0 && !bad_ip_adrs(local))
+	wo->ouraddr = local;
+}
+
+
+/*
+ * setnetmask - set the netmask to be used on the interface.
+ */
+static int
+setnetmask(argv)
+    char **argv;
+{
+    u_int32_t mask;
+
+    if ((mask = inet_addr(*argv)) == -1 || (netmask & ~mask) != 0) {
+	fprintf(stderr, "Invalid netmask %s\n", *argv);
+	return 0;
+    }
+
+    netmask = mask;
+    return (1);
+}
+
+static int
+setcrtscts()
+{
+    crtscts = 1;
+    return (1);
+}
+
+static int
+setnocrtscts()
+{
+    crtscts = -1;
+    return (1);
+}
+
+static int
+setxonxoff()
+{
+    lcp_wantoptions[0].asyncmap |= 0x000A0000;	/* escape ^S and ^Q */
+    lcp_wantoptions[0].neg_asyncmap = 1;
+
+    crtscts = 2;
+    return (1);
+}
+
+static int
+setnodetach()
+{
+    nodetach = 1;
+    return (1);
+}
+
+static int
+setmodem()
+{
+    modem = 1;
+    return 1;
+}
+
+static int
+setlocal()
+{
+    modem = 0;
+    return 1;
+}
+
+static int
+setlock()
+{
+    lockflag = 1;
+    return 1;
+}
+
+static int
+setusehostname()
+{
+    usehostname = 1;
+    return 1;
+}
+
+static int
+setname(argv)
+    char **argv;
+{
+    if (our_name[0] == 0) {
+	strncpy(our_name, argv[0], MAXNAMELEN);
+	our_name[MAXNAMELEN-1] = 0;
+    }
+    return 1;
+}
+
+static int
+setuser(argv)
+    char **argv;
+{
+    strncpy(user, argv[0], MAXNAMELEN);
+    user[MAXNAMELEN-1] = 0;
+    return 1;
+}
+
+static int
+setremote(argv)
+    char **argv;
+{
+    strncpy(remote_name, argv[0], MAXNAMELEN);
+    remote_name[MAXNAMELEN-1] = 0;
+    return 1;
+}
+
+static int
+setauth()
+{
+    auth_required = 1;
+    return 1;
+}
+
+static int
+setdefaultroute()
+{
+    if (!ipcp_allowoptions[0].default_route) {
+	fprintf(stderr, "%s: defaultroute option is disabled\n", progname);
+	return 0;
+    }
+    ipcp_wantoptions[0].default_route = 1;
+    return 1;
+}
+
+static int
+setnodefaultroute()
+{
+    ipcp_allowoptions[0].default_route = 0;
+    ipcp_wantoptions[0].default_route = 0;
+    return 1;
+}
+
+static int
+setproxyarp()
+{
+    if (!ipcp_allowoptions[0].proxy_arp) {
+	fprintf(stderr, "%s: proxyarp option is disabled\n", progname);
+	return 0;
+    }
+    ipcp_wantoptions[0].proxy_arp = 1;
+    return 1;
+}
+
+static int
+setnoproxyarp()
+{
+    ipcp_wantoptions[0].proxy_arp = 0;
+    ipcp_allowoptions[0].proxy_arp = 0;
+    return 1;
+}
+
+static int
+setpersist()
+{
+    persist = 1;
+    return 1;
+}
+
+static int
+setdologin()
+{
+    uselogin = 1;
+    return 1;
+}
+
+/*
+ * Functions to set the echo interval for modem-less monitors
+ */
+
+static int
+setlcpechointv(argv)
+    char **argv;
+{
+    return int_option(*argv, &lcp_echo_interval);
+}
+
+static int
+setlcpechofails(argv)
+    char **argv;
+{
+    return int_option(*argv, &lcp_echo_fails);
+}
+
+/*
+ * Functions to set timeouts, max transmits, etc.
+ */
+static int
+setlcptimeout(argv)
+    char **argv;
+{
+    return int_option(*argv, &lcp_fsm[0].timeouttime);
+}
+
+static int
+setlcpterm(argv)
+    char **argv;
+{
+    return int_option(*argv, &lcp_fsm[0].maxtermtransmits);
+}
+
+static int
+setlcpconf(argv)
+    char **argv;
+{
+    return int_option(*argv, &lcp_fsm[0].maxconfreqtransmits);
+}
+
+static int
+setlcpfails(argv)
+    char **argv;
+{
+    return int_option(*argv, &lcp_fsm[0].maxnakloops);
+}
+
+static int
+setipcptimeout(argv)
+    char **argv;
+{
+    return int_option(*argv, &ipcp_fsm[0].timeouttime);
+}
+
+static int
+setipcpterm(argv)
+    char **argv;
+{
+    return int_option(*argv, &ipcp_fsm[0].maxtermtransmits);
+}
+
+static int
+setipcpconf(argv)
+    char **argv;
+{
+    return int_option(*argv, &ipcp_fsm[0].maxconfreqtransmits);
+}
+
+static int
+setipcpfails(argv)
+    char **argv;
+{
+    return int_option(*argv, &lcp_fsm[0].maxnakloops);
+}
+
+static int
+setpaptimeout(argv)
+    char **argv;
+{
+    return int_option(*argv, &upap[0].us_timeouttime);
+}
+
+static int
+setpapreqtime(argv)
+    char **argv;
+{
+    return int_option(*argv, &upap[0].us_reqtimeout);
+}
+
+static int
+setpapreqs(argv)
+    char **argv;
+{
+    return int_option(*argv, &upap[0].us_maxtransmits);
+}
+
+static int
+setchaptimeout(argv)
+    char **argv;
+{
+    return int_option(*argv, &chap[0].timeouttime);
+}
+
+static int
+setchapchal(argv)
+    char **argv;
+{
+    return int_option(*argv, &chap[0].max_transmits);
+}
+
+static int
+setchapintv(argv)
+    char **argv;
+{
+    return int_option(*argv, &chap[0].chal_interval);
+}
+
+static int
+setbsdcomp(argv)
+    char **argv;
+{
+    int rbits, abits;
+    char *str, *endp;
+
+    str = *argv;
+    abits = rbits = strtol(str, &endp, 0);
+    if (endp != str && *endp == ',') {
+	str = endp + 1;
+	abits = strtol(str, &endp, 0);
+    }
+    if (*endp != 0 || endp == str) {
+	fprintf(stderr, "%s: invalid argument format for bsdcomp option\n",
+		progname);
+	return 0;
+    }
+    if (rbits != 0 && (rbits < BSD_MIN_BITS || rbits > BSD_MAX_BITS)
+	|| abits != 0 && (abits < BSD_MIN_BITS || abits > BSD_MAX_BITS)) {
+	fprintf(stderr, "%s: bsdcomp option values must be 0 or %d .. %d\n",
+		progname, BSD_MIN_BITS, BSD_MAX_BITS);
+	return 0;
+    }
+    if (rbits > 0) {
+	ccp_wantoptions[0].bsd_compress = 1;
+	ccp_wantoptions[0].bsd_bits = rbits;
+    } else
+	ccp_wantoptions[0].bsd_compress = 0;
+    if (abits > 0) {
+	ccp_allowoptions[0].bsd_compress = 1;
+	ccp_allowoptions[0].bsd_bits = abits;
+    } else
+	ccp_allowoptions[0].bsd_compress = 0;
+    return 1;
+}
+
+static int
+setnobsdcomp()
+{
+    ccp_wantoptions[0].bsd_compress = 0;
+    ccp_allowoptions[0].bsd_compress = 0;
+    return 1;
+}
+
+static int
+setipparam(argv)
+    char **argv;
+{
+    ipparam = strdup(*argv);
+    if (ipparam == NULL)
+	novm("ipparam string");
+
+    return 1;
+}
+
+static int
+setpapcrypt()
+{
+    cryptpap = 1;
+    return 1;
+}
+
+#ifdef _linux_
+static int setidle (argv)
+    char **argv;
+{
+    return int_option(*argv, &idle_time_limit);
+}
+#endif
diff --git a/usr.sbin/pppd/patchlevel.h b/usr.sbin/pppd/patchlevel.h
new file mode 100644
index 00000000000..0686877433f
--- /dev/null
+++ b/usr.sbin/pppd/patchlevel.h
@@ -0,0 +1,6 @@
+/* $Id: patchlevel.h,v 1.1 1995/10/18 08:47:59 deraadt Exp $ */
+#define	PATCHLEVEL	0
+
+#define VERSION		"2.2"
+#define IMPLEMENTATION	""
+#define DATE		"17 August 95"
diff --git a/usr.sbin/pppd/pathnames.h b/usr.sbin/pppd/pathnames.h
new file mode 100644
index 00000000000..a660915b1c8
--- /dev/null
+++ b/usr.sbin/pppd/pathnames.h
@@ -0,0 +1,22 @@
+/*
+ * define path names
+ *
+ * $Id: pathnames.h,v 1.1 1995/10/18 08:47:59 deraadt Exp $
+ */
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+
+#else
+#define _PATH_VARRUN 	"/etc/ppp/"
+#define _PATH_DEVNULL	"/dev/null"
+#endif
+
+#define _PATH_UPAPFILE 	"/etc/ppp/pap-secrets"
+#define _PATH_CHAPFILE 	"/etc/ppp/chap-secrets"
+#define _PATH_SYSOPTIONS "/etc/ppp/options"
+#define _PATH_IPUP	"/etc/ppp/ip-up"
+#define _PATH_IPDOWN	"/etc/ppp/ip-down"
+#define _PATH_TTYOPT	"/etc/ppp/options."
+#define _PATH_CONNERRS	"/etc/ppp/connect-errors"
+#define _PATH_USEROPT	".ppprc"
diff --git a/usr.sbin/pppd/pppd.8 b/usr.sbin/pppd/pppd.8
new file mode 100644
index 00000000000..070468d07d9
--- /dev/null
+++ b/usr.sbin/pppd/pppd.8
@@ -0,0 +1,795 @@
+.\" manual page [] for pppd 2.0
+.\" $Id: pppd.8,v 1.1 1995/10/18 08:47:59 deraadt Exp $
+.\" SH section heading
+.\" SS subsection heading
+.\" LP paragraph
+.\" IP indented paragraph
+.\" TP hanging label
+.TH PPPD 8
+.SH NAME
+pppd \- Point to Point Protocol daemon
+.SH SYNOPSIS
+.B pppd
+[
+.I tty_name
+] [
+.I speed
+] [
+.I options
+]
+.SH DESCRIPTION
+.LP
+The Point-to-Point Protocol (PPP) provides a method for transmitting
+datagrams over serial point-to-point links.  PPP
+is composed of three parts: a method for encapsulating datagrams over
+serial links, an extensible Link Control Protocol (LCP), and
+a family of Network Control Protocols (NCP) for establishing
+and configuring different network-layer protocols.
+.LP
+The encapsulation scheme is provided by driver code in the kernel.
+.B pppd
+provides the basic LCP, authentication support, and an
+NCP for establishing and configuring the Internet Protocol (IP)
+(called the IP Control Protocol, IPCP).
+.SH FREQUENTLY USED OPTIONS
+.TP
+.I <tty_name>
+Communicate over the named device.  The string "/dev/"
+is prepended if necessary.  If no device name is given,
+or if the name of the controlling terminal is given,
+.I pppd
+will use the controlling terminal, and will not fork to put itself in
+the background.
+.TP
+.I <speed>
+Set the baud rate to <speed> (a decimal number).  On systems such as
+4.4BSD and NetBSD, any speed can be specified.  Other systems
+(e.g. SunOS) allow only a limited set of speeds.
+.TP
+.B asyncmap \fI<map>
+Set the async character map to <map>.
+This map describes which control characters cannot be successfully
+received over the serial line.
+.I pppd
+will ask the peer to send these characters as a 2-byte escape sequence.
+The argument is a 32 bit hex number
+with each bit representing a character to escape. 
+Bit 0 (00000001) represents the character 0x00;
+bit 31 (80000000) represents the character 0x1f or ^_.
+If multiple \fBasyncmap\fR options are
+given, the values are ORed together.
+If no \fBasyncmap\fR option is given, no async character map will be
+negotiated for the receive direction; the peer should then escape
+\fIall\fR control characters.
+.TP
+.B auth
+Require the peer to authenticate itself before allowing network
+packets to be sent or received.
+.TP
+.B connect \fI<p>
+Use the executable or shell command specified by \fI<p>\fR to set up the
+serial line.  This script would typically use the chat(8) program to
+dial the modem and start the remote ppp session.
+.TP
+.B crtscts
+Use hardware flow control (i.e. RTS/CTS) to control the flow of data
+on the serial port.  If neither the \fBcrtscts\fR nor the
+\fB\-crtscts\fR option is given, the hardware flow control setting for
+the serial port is left unchanged.
+.TP
+.B defaultroute
+Add a default route to the system routing tables, using the peer as
+the gateway, when IPCP negotiation is successfully completed.
+This entry is removed when the PPP connection is broken.
+.TP
+.B disconnect \fI<p>
+Run the executable or shell command specified by \fI<p>\fR after
+\fIpppd\fR has terminated the link.  This script could, for example,
+issue commands to the modem to cause it to hang up if hardware modem
+control signals were not available.
+.TP
+.B escape \fIxx,yy,...
+Specifies that certain characters should be escaped on transmission
+(regardless of whether the peer requests them to be escaped with its
+async control character map).  The characters to be escaped are
+specified as a list of hex numbers separated by commas.  Note that
+almost any character can be specified for the \fBescape\fR option,
+unlike the \fBasyncmap\fR option which only allows control characters
+to be specified.  The characters which may not be escaped are those
+with hex values 0x20 - 0x3f or 0x5e.
+.TP
+.B file \fI<f>
+Read options from file <f> (the format is described below).
+.TP
+.B lock
+Specifies that \fIpppd\fR should create a UUCP-style lock file for the
+serial device to ensure exclusive access to the device.
+.TP
+.B mru \fI<n>
+Set the MRU [Maximum Receive Unit] value to <n> for negotiation.
+.I pppd
+will ask the peer to send packets of no more than <n> bytes.  The
+minimum MRU value is 128.  The default MRU value is 1500.  A value of
+296 is recommended for slow links (40 bytes for TCP/IP header + 256
+bytes of data).
+.TP
+.B mtu \fI<n>
+Set the MTU [Maximum Transmit Unit] value to \fI<n>\fR.  Unless the
+peer requests a smaller value via MRU negotiation, \fIpppd\fR will
+request that the kernel networking code send data packets of no more
+than \fIn\fR bytes through the PPP network interface. 
+.TP
+.B netmask \fI<n>
+Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
+notation (e.g. 255.255.255.0).  If this option is given, the value
+specified is ORed with the default netmask.  The default netmask is
+chosen based on the negotiated remote IP address; it is the
+appropriate network mask for the class of the remote IP address, ORed
+with the netmasks for any non point-to-point network interfaces in the
+system which are on the same network.
+.TP
+.B passive
+Enables the "passive" option in the LCP.  With this option,
+.I pppd
+will attempt to initiate a connection; if no reply is received from
+the peer,
+.I pppd
+will then just wait passively for a valid LCP packet from the peer
+(instead of exiting, as it does without this option).
+.TP
+.B silent
+With this option,
+.I pppd
+will not transmit LCP packets to initiate a connection until a valid
+LCP packet is received from the peer (as for the `passive' option with
+ancient versions of \fIpppd\fR).
+.SH OPTIONS
+.TP
+.I <local_IP_address>\fB:\fI<remote_IP_address>
+Set the local and/or remote interface IP addresses.  Either one may be
+omitted.  The IP addresses can be specified with a host name or in
+decimal dot notation (e.g. 150.234.56.78).  The default local
+address is the (first) IP address of the system (unless the
+.B noipdefault
+option is given).  The remote address will be obtained from the peer
+if not specified in any option.  Thus, in simple cases, this option is
+not required.  If a local and/or remote IP address is specified with
+this option,
+.I pppd
+will not accept a different value from the peer in the IPCP
+negotiation, unless the
+.B ipcp-accept-local
+and/or
+.B ipcp-accept-remote
+options are given, respectively.
+.TP
+.B -ac
+Disable Address/Control compression negotiation (use default, i.e.
+address/control field compression disabled).
+.TP
+.B -all
+Don't request or allow negotiation of any options for LCP and IPCP (use
+default values).
+.TP
+.B -am
+Disable asyncmap negotiation (use the default asyncmap, i.e. escape
+all control characters).
+.TP
+.B -as \fI<n>
+Same as
+.B asyncmap \fI<n>
+.TP
+.B bsdcomp \fInr,nt
+Request that the peer compress packets that it sends, using the
+BSD-Compress scheme, with a maximum code size of \fInr\fR bits, and
+agree to compress packets sent to the peer with a maximum code size of
+\fInt\fR bits.  If \fInt\fR is not specified, it defaults to the value
+given for \fInr\fR.  Values in the range 9 to 15 may be used for
+\fInr\fR and \fInt\fR; larger values give better compression but
+consume more kernel memory for compression dictionaries.
+Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables
+compression in the corresponding direction.
+.TP
+.B \-bsdcomp
+Disables compression; \fBpppd\fR will not request or agree to compress
+packets using the BSD-Compress scheme.
+.TP
+.B +chap
+Require the peer to authenticate itself using CHAP [Cryptographic
+Handshake Authentication Protocol] authentication.
+.TP
+.B -chap
+Don't agree to authenticate using CHAP.
+.TP
+.B chap-interval \fI<n>
+If this option is given,
+.I pppd
+will rechallenge the peer every <n> seconds.
+.TP
+.B chap-max-challenge \fI<n>
+Set the maximum number of CHAP challenge transmissions to <n> (default
+10).
+.TP
+.B chap-restart \fI<n>
+Set the CHAP restart interval (retransmission timeout for challenges)
+to <n> seconds (default 3).
+.TP
+.B -crtscts
+Disable hardware flow control (i.e. RTS/CTS) on the serial port.  If
+neither the \fBcrtscts\fR nor the \fB\-crtscts\fR option is given,
+the hardware flow control setting for the serial port is left
+unchanged.
+.TP
+.B -d
+Increase debugging level (same as the \fBdebug\fR option).
+.TP
+.B debug
+Increase debugging level (same as \fB\-d\fR).
+If this
+option is given, \fIpppd\fR will log the contents of all control
+packets sent or received in a readable form.  The packets are logged
+through syslog with facility \fIdaemon\fR and level \fIdebug\fR.  This
+information can be directed to a file by setting up /etc/syslog.conf
+appropriately (see syslog.conf(5)).
+.TP
+.B \-defaultroute
+Disable the \fBdefaultroute\fR option.  The system administrator who
+wishes to prevent users from creating default routes with \fIpppd\fR
+can do so by placing this option in the /etc/ppp/options file.
+.TP
+.B -detach
+Don't fork to become a background process (otherwise
+.I pppd
+will do so if a serial device other than its controlling terminal is
+specified).
+.TP
+.B domain \fI<d>
+Append the domain name <d> to the local host name for authentication
+purposes.  For example, if gethostname() returns the name porsche, but the
+fully qualified domain name is porsche.Quotron.COM, you would use the
+domain option to set the domain name to Quotron.COM.
+.TP
+.B -ip
+Disable IP address negotiation.  If this option is used, the remote IP
+address must be specified with an option on the command line or in an
+options file.
+.TP
+.B ipcp-accept-local
+With this option,
+.I pppd
+will accept the peer's idea of our local IP address, even if the
+local IP address was specified in an option.
+.TP
+.B ipcp-accept-remote
+With this option,
+.I pppd
+will accept the peer's idea of its (remote) IP address, even if the
+remote IP address was specified in an option.
+.TP
+.B ipcp-max-configure \fI<n>
+Set the maximum number of IPCP configure-request transmissions to <n>
+(default 10).
+.TP
+.B ipcp-max-failure \fI<n>
+Set the maximum number of IPCP configure-NAKs returned before starting
+to send configure-Rejects instead to <n> (default 10).
+.TP
+.B ipcp-max-terminate \fI<n>
+Set the maximum number of IPCP terminate-request transmissions to <n>
+(default 3).
+.TP
+.B ipcp-restart \fI<n>
+Set the IPCP restart interval (retransmission timeout) to <n> seconds
+(default 3).
+.TP
+.B ipparam \fIstring
+Provides an extra parameter to the ip-up and ip-down scripts.  If this
+option is given, the \fIstring\fR supplied is given as the 6th
+parameter to those scripts.
+.TP
+.B kdebug \fIn
+Enable debugging code in the kernel-level PPP driver.  The argument
+\fIn\fR is a number which is the sum of the following values: 1 to
+enable general debug messages, 2 to request that the contents of
+received packets be printed, and 4 to request that the contents of
+transmitted packets be printed.
+.TP
+.B lcp-echo-failure \fI<n>
+If this option is given, \fIpppd\fR will presume the peer to be dead
+if \fIn\fR LCP echo-requests are sent without receiving a valid LCP
+echo-reply.  If this happens, \fIpppd\fR will terminate the
+connection.  Use of this option requires a non-zero value for the
+\fIlcp-echo-interval\fR parameter.  This option can be used to enable
+\fIpppd\fR to terminate after the physical connection has been broken
+(e.g., the modem has hung up) in situations where no hardware modem
+control lines are available.
+.TP
+.B lcp-echo-interval \fI<n>
+If this option is given, \fIpppd\fR will send an LCP echo-request
+frame to the peer every \fIn\fR seconds.  Under Linux, the
+echo-request is sent when no packets have been received from the peer
+for \fIn\fR seconds.  Normally the peer should respond to the
+echo-request by sending an echo-reply.  This option can be used with
+the \fIlcp-echo-failure\fR option to detect that the peer is no longer
+connected.
+.TP
+.B lcp-max-configure \fI<n>
+Set the maximum number of LCP configure-request transmissions to <n>
+(default 10).
+.TP
+.B lcp-max-failure \fI<n>
+Set the maximum number of LCP configure-NAKs returned before starting
+to send configure-Rejects instead to <n> (default 10).
+.TP
+.B lcp-max-terminate \fI<n>
+Set the maximum number of LCP terminate-request transmissions to <n>
+(default 3).
+.TP
+.B lcp-restart \fI<n>
+Set the LCP restart interval (retransmission timeout) to <n> seconds
+(default 3).
+.TP
+.B local
+Don't use the modem control lines.  With this option,
+.B pppd
+will ignore the state of the CD (Carrier Detect) signal from the modem and
+will not change the state of the DTR (Data Terminal Ready) signal.
+.TP
+.B login
+Use the system password database for authenticating the peer using
+PAP, and record the user in the system wtmp file.
+.TP
+.B modem
+Use the modem control lines.  This option is the default.  With this
+option,
+.B pppd
+will wait for the CD (Carrier Detect) signal from the modem to be asserted
+when opening the serial device
+(unless a connect script is specified), and it will drop the DTR (Data
+Terminal Ready) signal briefly when the connection is terminated and before
+executing the connect script.
+On Ultrix, this option implies hardware
+flow control, as for the \fBcrtscts\fR option.  
+.TP
+.B -mn
+Disable magic number negotiation.  With this option,
+.I pppd
+cannot detect a looped-back line.
+.TP
+.B -mru
+Disable MRU [Maximum Receive Unit] negotiation.  With this option,
+\fIpppd\fR will use the default MRU value of 1500 bytes.
+.TP
+.B name \fI<n>
+Set the name of the local system for authentication purposes to <n>.
+.TP
+.B noipdefault
+Disables the default behaviour when no local IP address is specified,
+which is to determine (if possible) the local IP address from the
+hostname.  With this option, the peer will have to supply the local IP
+address during IPCP negotiation (unless it specified explicitly on the
+command line or in an options file).
+.TP
+.B -p
+Same as the
+.B passive
+option.
+.TP
+.B +pap
+Require the peer to authenticate itself using PAP.
+.TP
+.B -pap
+Don't agree to authenticate using PAP.
+.TP
+.B papcrypt
+Indicates that all secrets in the /etc/ppp/pap-secrets file which
+are used for checking the identity of the peer are encrypted, and thus
+pppd should not accept a password which (before encryption) is
+identical to the secret from the /etc/ppp/pap-secrets file.
+.TP
+.B pap-max-authreq \fI<n>
+Set the maximum number of PAP authenticate-request transmissions to
+<n> (default 10).
+.TP
+.B pap-restart \fI<n>
+Set the PAP restart interval (retransmission timeout) to <n> seconds
+(default 3).
+.TP
+.B pap-timeout \fI<n>
+Set the maximum time that
+.I pppd
+will wait for the peer to authenticate itself with PAP to
+<n> seconds (0 means no limit).
+.TP
+.B -pc
+Disable protocol field compression negotiation (use default, i.e.
+protocol field compression disabled).
+.TP
+.B persist
+Do not exit after a connection is terminated; instead try to reopen
+the connection.
+.TP
+.B proxyarp
+Add an entry to this system's ARP [Address Resolution Protocol] table
+with the IP address of the peer and the Ethernet address of this
+system.
+.TP
+.B \-proxyarp
+Disable the \fBproxyarp\fR option.  The system administrator who
+wishes to prevent users from creating proxy ARP entries with
+\fIpppd\fR can do so by placing this option in the /etc/ppp/options
+file.
+.TP
+.B remotename \fI<n>
+Set the assumed name of the remote system for authentication purposes
+to <n>.
+.TP
+.B +ua \fI<p>
+Agree to authenticate using PAP [Password Authentication Protocol] if
+requested by the peer, and
+use the data in file <p> for the user and password to send to the
+peer. The file contains the remote user name, followed by a newline,
+followed by the remote password, followed by a newline.  This option
+is obsolescent.
+.TP
+.B usehostname
+Enforce the use of the hostname as the name of the local system for
+authentication purposes (overrides the
+.B name
+option).
+.TP
+.B user \fI<u>
+Set the user name to use for authenticating this machine with the peer
+using PAP to <u>.
+.TP
+.B -vj
+Disable negotiation of Van Jacobson style TCP/IP header compression (use
+default, i.e. no compression).
+.TP
+.B -vjccomp
+Disable the connection-ID compression option in Van Jacobson style
+TCP/IP header compression.  With this option, \fIpppd\fR will not omit
+the connection-ID byte from Van Jacobson compressed TCP/IP headers,
+nor ask the peer to do so.
+.TP
+.B vj-max-slots \fIn
+Sets the number of connection slots to be used by the Van Jacobson
+TCP/IP header compression and decompression code to \fIn\fR, which
+must be between 2 and 16 (inclusive).
+.TP
+.B xonxoff
+Use software flow control (i.e. XON/XOFF) to control the flow of data on
+the serial port.  This option is only implemented on Linux systems
+at present.
+.SH OPTIONS FILES
+Options can be taken from files as well as the command line.  
+.I pppd
+reads options from the files /etc/ppp/options and ~/.ppprc before
+looking at the command line.  An options file is parsed into a series
+of words, delimited by whitespace.  Whitespace can be included in a
+word by enclosing the word in quotes (").  A backslash (\\) quotes the
+following character.  A hash (#) starts a comment, which continues
+until the end of the line.
+.SH AUTHENTICATION
+.I pppd
+provides system administrators with sufficient access control that PPP
+access to a server machine can be provided to legitimate users without
+fear of compromising the security of the server or the network it's
+on.  In part this is provided by the /etc/ppp/options file, where the
+administrator can place options to require authentication whenever
+.I pppd
+is run, and in part by the PAP and CHAP secrets files, where the
+administrator can restrict the set of IP addresses which individual
+users may use.
+.LP
+The default behaviour of
+.I pppd
+is to agree to authenticate if requested, and to not
+require authentication from the peer.  However, 
+.I pppd
+will not agree to
+authenticate itself with a particular protocol if it has no secrets
+which could be used to do so.
+.LP
+Authentication is based on secrets, which are selected from secrets
+files (/etc/ppp/pap-secrets for PAP, /etc/ppp/chap-secrets for CHAP).
+Both secrets files have the same format, and both can store secrets
+for several combinations of server (authenticating peer) and client
+(peer being authenticated).  Note that
+.I pppd
+can be both a server
+and client, and that different protocols can be used in the two
+directions if desired.
+.LP
+A secrets file is parsed into words as for a options file.  A secret
+is specified by a line containing at least 3 words, in the order
+client name, server name, secret.  Any following words on the same line are
+taken to be a list of acceptable IP addresses for that client.  If
+there are only 3 words on the line, it is assumed that any IP address
+is OK; to disallow all IP addresses, use "-".  If the secret starts
+with an `@', what follows is assumed to be the name of a file from
+which to read the secret.  A "*" as the client or server name matches
+any name.  When selecting a secret, \fIpppd\fR takes the best match, i.e.
+the match with the fewest wildcards.
+.LP
+Thus a secrets file contains both secrets for use in authenticating
+other hosts, plus secrets which we use for authenticating ourselves to
+others.  Which secret to use is chosen based on the names of the host
+(the `local name') and its peer (the `remote name').  The local name
+is set as follows:
+.TP 3
+if the \fBusehostname\fR option is given,
+then the local name is the hostname of this machine
+(with the domain appended, if given)
+.TP 3
+else if the \fBname\fR option is given,
+then use the argument of the first \fBname\fR option seen
+.TP 3
+else if the local IP address is specified with a hostname,
+then use that name
+.TP 3
+else use the hostname of this machine (with the domain appended, if given)
+.LP
+When authenticating ourselves using PAP, there is also a `username'
+which is the local name by default, but can be set with the \fBuser\fR
+option or the \fB+ua\fR option.
+.LP
+The remote name is set as follows:
+.TP 3
+if the \fBremotename\fR option is given,
+then use the argument of the last \fBremotename\fR option seen
+.TP 3
+else if the remote IP address is specified with a hostname,
+then use that host name
+.TP 3
+else the remote name is the null string "".
+.LP
+Secrets are selected from the PAP secrets file as follows:
+.TP 2
+*
+For authenticating the peer, look for a secret with client ==
+username specified in the PAP authenticate-request, and server ==
+local name.
+.TP 2
+*
+For authenticating ourselves to the peer, look for a secret with
+client == our username, server == remote name.
+.LP
+When authenticating the peer with PAP, a secret of "" matches any
+password supplied by the peer.  If the password doesn't match the
+secret, the password is encrypted using crypt() and checked against
+the secret again; thus secrets for authenticating the peer can be
+stored in encrypted form.  If the \fBpapcrypt\fR option is given, the
+first (unencrypted) comparison is omitted, for better security.
+.LP
+If the \fBlogin\fR option was specified, the
+username and password are also checked against the system password
+database.  Thus, the system administrator can set up the pap-secrets
+file to allow PPP access only to certain users, and to restrict the
+set of IP addresses that each user can use.  Typically, when using the
+\fBlogin\fR option, the secret in /etc/ppp/pap-secrets would be "", to
+avoid the need to have the same secret in two places.
+.LP
+Secrets are selected from the CHAP secrets file as follows:
+.TP 2
+*
+For authenticating the peer, look for a secret with client == name
+specified in the CHAP-Response message, and server == local name.
+.TP 2
+*
+For authenticating ourselves to the peer, look for a secret with
+client == local name, and server == name specified in the
+CHAP-Challenge message.
+.LP
+Authentication must be satisfactorily completed before IPCP (or any
+other Network Control Protocol) can be started.  If authentication
+fails, \fIpppd\fR will terminated the link (by closing LCP).  If IPCP
+negotiates an unacceptable IP address for the remote host, IPCP will
+be closed.  IP packets can only be sent or received when IPCP is open.
+.LP
+In some cases it is desirable to allow some hosts which can't
+authenticate themselves to connect and use one of a restricted set of
+IP addresses, even when the local host generally requires
+authentication.  If the peer refuses to authenticate itself when
+requested, \fIpppd\fR takes that as equivalent to authenticating with
+PAP using the empty string for the username and password.  Thus, by
+adding a line to the pap-secrets file which specifies the empty string
+for the client and password, it is possible to allow restricted access
+to hosts which refuse to authenticate themselves.
+.SH ROUTING
+.LP
+When IPCP negotiation is completed successfully,
+.I pppd
+will inform the kernel of the local and remote IP addresses for the
+ppp interface.  This is sufficient to create a
+host route to the remote end of the link, which will enable the peers
+to exchange IP packets.  Communication with other machines generally
+requires further modification to routing tables and/or ARP (Address
+Resolution Protocol) tables.  In some cases this will be done
+automatically through the actions of the \fIrouted\fR or \fIgated\fR
+daemons, but in most cases some further intervention is required.
+.LP
+Sometimes it is desirable
+to add a default route through the remote host, as in the case of a
+machine whose only connection to the Internet is through the ppp
+interface.  The \fBdefaultroute\fR option causes \fIpppd\fR to create such a
+default route when IPCP comes up, and delete it when the link is
+terminated.
+.LP
+In some cases it is desirable to use proxy ARP, for example on a
+server machine connected to a LAN, in order to allow other hosts to
+communicate with the remote host.  The \fBproxyarp\fR option causes \fIpppd\fR
+to look for a network interface on the same subnet as the remote host
+(an interface supporting broadcast and ARP, which is up and not a
+point-to-point or loopback interface).  If found, \fIpppd\fR creates a
+permanent, published ARP entry with the IP address of the remote host
+and the hardware address of the network interface found.
+.SH EXAMPLES
+.LP
+In the simplest case, you can connect the serial ports of two machines
+and issue a command like
+.IP
+pppd /dev/ttya 9600 passive
+.LP
+to each machine, assuming there is no \fIgetty\fR running on the
+serial ports.  If one machine has a \fIgetty\fR running, you can use
+\fIkermit\fR or \fItip\fR on the other machine to log in to the first
+machine and issue a command like
+.IP
+pppd passive
+.LP
+Then exit from the communications program (making sure the connection
+isn't dropped), and issue a command like
+.IP
+pppd /dev/ttya 9600
+.LP
+The process of logging in to the other machine and starting \fIpppd\fR
+can be automated by using the \fBconnect\fR option to run \fIchat\fR,
+for example:
+.IP
+pppd /dev/ttya 38400 connect 'chat "" "" "login:" "username"
+"Password:" "password" "% " "exec pppd passive"'
+.LP
+(Note however that running chat like this will leave the password
+visible in the parameter list of pppd and chat.)
+.LP
+If your serial connection is any more complicated than a piece of
+wire, you may need to arrange for some control characters to be
+escaped.  In particular, it is often useful to escape XON (^Q) and
+XOFF (^S), using \fBasyncmap a0000\fR.  If the path includes a telnet,
+you probably should escape ^] as well (\fBasyncmap 200a0000\fR).
+If the path includes an rlogin, you will need to use the \fBescape
+ff\fR option on the end which is running the rlogin client, since many
+rlogin implementations are not
+transparent; they will remove the sequence [0xff, 0xff, 0x73, 0x73,
+followed by any 8 bytes] from the stream.
+.SH DIAGNOSTICS
+.LP
+Messages are sent to the syslog daemon using facility LOG_DAEMON.
+(This can be overriden by recompiling \fIpppd\fR with the macro
+LOG_PPP defined as the desired facility.)  In order to see the error
+and debug messages, you will need to edit your /etc/syslog.conf file
+to direct the messages to the desired output device or file.
+.LP
+The \fBdebug\fR option causes the contents of all control packets sent
+or received to be logged, that is, all LCP, PAP, CHAP or IPCP packets.
+This can be useful if the PPP negotiation does not succeed.
+If debugging is enabled at compile time, the \fBdebug\fR option also
+causes other debugging messages to be logged.
+.LP
+Debugging can also be enabled or disabled by sending a
+SIGUSR1 to the
+.I pppd
+process.  This signal acts as a toggle.
+.SH FILES
+.TP
+.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others)
+Process-ID for \fIpppd\fR process on ppp interface unit \fIn\fR.
+.TP
+.B /etc/ppp/ip-up
+A program or script which is executed when the link is available for
+sending and receiving IP packets (that is, IPCP has come up).  It is
+executed with the parameters
+.IP
+\fIinterface-name tty-device speed local-IP-address
+remote-IP-address\fR
+.IP
+and with its standard input,
+output and error streams redirected to \fB/dev/null\fR.
+.IP
+This program or script is executed with the same real and effective
+user-ID as \fIpppd\fR, that is, at least the effective user-ID and
+possibly the real user-ID will be \fBroot\fR.  This is so that it can
+be used to manipulate routes, run privileged daemons (e.g.
+\fBsendmail\fR), etc.  Be careful that the contents of the
+/etc/ppp/ip-up and /etc/ppp/ip-down scripts do not compromise your
+system's security.
+.TP
+.B /etc/ppp/ip-down
+A program or script which is executed when the link is no longer
+available for sending and receiving IP packets.  This script can be
+used for undoing the effects of the /etc/ppp/ip-up script.  It is
+invoked with the same parameters as the ip-up script, and the same
+security considerations apply, since it is executed with the same
+effective and real user-IDs as \fIpppd\fR.
+.TP
+.B /etc/ppp/pap-secrets
+Usernames, passwords and IP addresses for PAP authentication.
+.TP
+.B /etc/ppp/chap-secrets
+Names, secrets and IP addresses for CHAP authentication.
+.TP
+.B /etc/ppp/options
+System default options for
+.I pppd,
+read before user default options or command-line options.
+.TP
+.B ~/.ppprc
+User default options, read before command-line options.
+.TP
+.B /etc/ppp/options.\fIttyname
+System default options for the serial port being used, read after
+command-line options.
+.SH SEE ALSO
+.TP
+.B RFC1144
+Jacobson, V.
+.I Compressing TCP/IP headers for low-speed serial links.
+1990 February.
+.TP
+.B RFC1321
+Rivest, R.
+.I The MD5 Message-Digest Algorithm.
+1992 April.
+.TP
+.B RFC1332
+McGregor, G.
+.I PPP Internet Protocol Control Protocol (IPCP).
+1992 May.
+.TP
+.B RFC1334
+Lloyd, B.; Simpson, W.A.
+.I PPP authentication protocols.
+1992 October.
+.TP
+.B RFC1548
+Simpson, W.A.
+.I The Point\-to\-Point Protocol (PPP).
+1993 December.
+.TP
+.B RFC1549
+Simpson, W.A.
+.I PPP in HDLC Framing.
+1993 December
+.SH NOTES
+The following signals have the specified effect when sent to the
+.I pppd
+process.
+.TP
+.B SIGINT, SIGTERM
+These signals cause \fBpppd\fR to terminate the link (by closing LCP),
+restore the serial device settings, and exit.
+.TP
+.B SIGHUP
+This signal causes \fBpppd\fR to terminate the link, restore the
+serial device settings, and close the serial device.  If the
+\fBpersist\fR option has been specified, \fBpppd\fR will try to reopen
+the serial device and start another connection.  Otherwise \fBpppd\fR
+will exit.
+.TP
+.B SIGUSR2
+This signal causes
+.B pppd
+to renegotiate compression.  This can be useful to re-enable
+compression after it has been disabled as a result of a fatal
+decompression error.  With the BSD Compress scheme, fatal
+decompression errors generally indicate a bug in one or other
+implementation.
+
+.SH AUTHORS
+Drew Perkins,
+Brad Clements,
+Karl Fox,
+Greg Christy,
+Brad Parker,
+Paul Mackerras (paulus@cs.anu.edu.au).
diff --git a/usr.sbin/pppd/pppd.h b/usr.sbin/pppd/pppd.h
new file mode 100644
index 00000000000..12c7a038dd4
--- /dev/null
+++ b/usr.sbin/pppd/pppd.h
@@ -0,0 +1,255 @@
+/*
+ * pppd.h - PPP daemon global declarations.
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * $Id: pppd.h,v 1.1 1995/10/18 08:48:00 deraadt Exp $
+ */
+
+/*
+ * TODO:
+ */
+
+#ifndef __PPPD_H__
+#define __PPPD_H__
+
+#include <sys/param.h>		/* for MAXPATHLEN and BSD4_4, if defined */
+#include <sys/types.h>		/* for u_int32_t, if defined */
+#include <net/ppp_defs.h>
+
+#define NUM_PPP	1		/* One PPP interface supported (per process) */
+
+/*
+ * Limits.
+ */
+
+#define MAXWORDLEN	1024	/* max length of word in file (incl null) */
+#define MAXARGS		1	/* max # args to a command */
+#define MAXNAMELEN	256	/* max length of hostname or name for auth */
+#define MAXSECRETLEN	256	/* max length of password or secret */
+
+/*
+ * Global variables.
+ */
+
+extern int	hungup;		/* Physical layer has disconnected */
+extern int	ifunit;		/* Interface unit number */
+extern char	ifname[];	/* Interface name */
+extern int	fd;		/* Serial device file descriptor */
+extern char	hostname[];	/* Our hostname */
+extern u_char	outpacket_buf[]; /* Buffer for outgoing packets */
+extern int	phase;		/* Current state of link - see values below */
+extern int	baud_rate;	/* Current link speed in bits/sec */
+extern char	*progname;	/* Name of this program */
+
+/*
+ * Variables set by command-line options.
+ */
+
+extern int	debug;		/* Debug flag */
+extern int	kdebugflag;	/* Tell kernel to print debug messages */
+extern int	default_device;	/* Using /dev/tty or equivalent */
+extern char	devnam[];	/* Device name */
+extern int	crtscts;	/* Use hardware flow control */
+extern int	modem;		/* Use modem control lines */
+extern int	inspeed;	/* Input/Output speed requested */
+extern u_int32_t netmask;	/* IP netmask to set on interface */
+extern int	lockflag;	/* Create lock file to lock the serial dev */
+extern int	nodetach;	/* Don't detach from controlling tty */
+extern char	*connector;	/* Script to establish physical link */
+extern char	*disconnector;	/* Script to disestablish physical link */
+extern char	user[];		/* Username for PAP */
+extern char	passwd[];	/* Password for PAP */
+extern int	auth_required;	/* Peer is required to authenticate */
+extern int	proxyarp;	/* Set up proxy ARP entry for peer */
+extern int	persist;	/* Reopen link after it goes down */
+extern int	uselogin;	/* Use /etc/passwd for checking PAP */
+extern int	lcp_echo_interval; /* Interval between LCP echo-requests */
+extern int	lcp_echo_fails;	/* Tolerance to unanswered echo-requests */
+extern char	our_name[];	/* Our name for authentication purposes */
+extern char	remote_name[];	/* Peer's name for authentication */
+extern int	usehostname;	/* Use hostname for our_name */
+extern int	disable_defaultip; /* Don't use hostname for default IP adrs */
+extern char	*ipparam;	/* Extra parameter for ip up/down scripts */
+extern int	cryptpap;	/* Others' PAP passwords are encrypted */
+
+/*
+ * Values for phase.
+ */
+#define PHASE_DEAD		0
+#define PHASE_ESTABLISH		1
+#define PHASE_AUTHENTICATE	2
+#define PHASE_NETWORK		3
+#define PHASE_TERMINATE		4
+
+/*
+ * Prototypes.
+ */
+void quit __P((void));	/* Cleanup and exit */
+void timeout __P((void (*)(), caddr_t, int));
+				/* Look-alike of kernel's timeout() */
+void untimeout __P((void (*)(), caddr_t));
+				/* Look-alike of kernel's untimeout() */
+void output __P((int, u_char *, int));
+				/* Output a PPP packet */
+void demuxprotrej __P((int, int));
+				/* Demultiplex a Protocol-Reject */
+int  check_passwd __P((int, char *, int, char *, int, char **, int *));
+				/* Check peer-supplied username/password */
+int  get_secret __P((int, char *, char *, char *, int *, int));
+				/* get "secret" for chap */
+u_int32_t GetMask __P((u_int32_t)); /* get netmask for address */
+void die __P((int));
+
+/*
+ * Inline versions of get/put char/short/long.
+ * Pointer is advanced; we assume that both arguments
+ * are lvalues and will already be in registers.
+ * cp MUST be u_char *.
+ */
+#define GETCHAR(c, cp) { \
+	(c) = *(cp)++; \
+}
+#define PUTCHAR(c, cp) { \
+	*(cp)++ = (u_char) (c); \
+}
+
+
+#define GETSHORT(s, cp) { \
+	(s) = *(cp)++ << 8; \
+	(s) |= *(cp)++; \
+}
+#define PUTSHORT(s, cp) { \
+	*(cp)++ = (u_char) ((s) >> 8); \
+	*(cp)++ = (u_char) (s); \
+}
+
+#define GETLONG(l, cp) { \
+	(l) = *(cp)++ << 8; \
+	(l) |= *(cp)++; (l) <<= 8; \
+	(l) |= *(cp)++; (l) <<= 8; \
+	(l) |= *(cp)++; \
+}
+#define PUTLONG(l, cp) { \
+	*(cp)++ = (u_char) ((l) >> 24); \
+	*(cp)++ = (u_char) ((l) >> 16); \
+	*(cp)++ = (u_char) ((l) >> 8); \
+	*(cp)++ = (u_char) (l); \
+}
+
+#define INCPTR(n, cp)	((cp) += (n))
+#define DECPTR(n, cp)	((cp) -= (n))
+
+#undef  FALSE
+#define FALSE	0
+#undef  TRUE
+#define TRUE	1
+
+/*
+ * System dependent definitions for user-level 4.3BSD UNIX implementation.
+ */
+
+#define DEMUXPROTREJ(u, p)	demuxprotrej(u, p)
+
+#define TIMEOUT(r, f, t)	timeout((r), (f), (t))
+#define UNTIMEOUT(r, f)		untimeout((r), (f))
+
+#define BCOPY(s, d, l)		memcpy(d, s, l)
+#define BZERO(s, n)		memset(s, 0, n)
+#define EXIT(u)			quit()
+
+#define PRINTMSG(m, l)	{ m[l] = '\0'; syslog(LOG_INFO, "Remote message: %s", m); }
+
+/*
+ * MAKEHEADER - Add Header fields to a packet.
+ */
+#define MAKEHEADER(p, t) { \
+    PUTCHAR(PPP_ALLSTATIONS, p); \
+    PUTCHAR(PPP_UI, p); \
+    PUTSHORT(t, p); }
+
+
+#ifdef DEBUGALL
+#define DEBUGMAIN	1
+#define DEBUGFSM	1
+#define DEBUGLCP	1
+#define DEBUGIPCP	1
+#define DEBUGUPAP	1
+#define DEBUGCHAP	1
+#endif
+
+#ifndef LOG_PPP			/* we use LOG_LOCAL2 for syslog by default */
+#if defined(DEBUGMAIN) || defined(DEBUGFSM) || defined(DEBUG) \
+  || defined(DEBUGLCP) || defined(DEBUGIPCP) || defined(DEBUGUPAP) \
+  || defined(DEBUGCHAP) 
+#define LOG_PPP LOG_LOCAL2
+#else
+#define LOG_PPP LOG_DAEMON
+#endif
+#endif /* LOG_PPP */
+
+#ifdef DEBUGMAIN
+#define MAINDEBUG(x)	if (debug) syslog x
+#else
+#define MAINDEBUG(x)
+#endif
+
+#ifdef DEBUGFSM
+#define FSMDEBUG(x)	if (debug) syslog x
+#else
+#define FSMDEBUG(x)
+#endif
+
+#ifdef DEBUGLCP
+#define LCPDEBUG(x)	if (debug) syslog x
+#else
+#define LCPDEBUG(x)
+#endif
+
+#ifdef DEBUGIPCP
+#define IPCPDEBUG(x)	if (debug) syslog x
+#else
+#define IPCPDEBUG(x)
+#endif
+
+#ifdef DEBUGUPAP
+#define UPAPDEBUG(x)	if (debug) syslog x
+#else
+#define UPAPDEBUG(x)
+#endif
+
+#ifdef DEBUGCHAP
+#define CHAPDEBUG(x)	if (debug) syslog x
+#else
+#define CHAPDEBUG(x)
+#endif
+
+#ifndef SIGTYPE
+#if defined(sun) || defined(SYSV) || defined(POSIX_SOURCE)
+#define SIGTYPE void
+#else
+#define SIGTYPE int
+#endif /* defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) */
+#endif /* SIGTYPE */
+
+#ifndef MIN
+#define MIN(a, b)	((a) < (b)? (a): (b))
+#endif
+#ifndef MAX
+#define MAX(a, b)	((a) > (b)? (a): (b))
+#endif
+
+#endif /* __PPP_H__ */
diff --git a/usr.sbin/pppd/pppstats/Makefile b/usr.sbin/pppd/pppstats/Makefile
new file mode 100644
index 00000000000..eef4e826b94
--- /dev/null
+++ b/usr.sbin/pppd/pppstats/Makefile
@@ -0,0 +1,9 @@
+#	$Id: Makefile,v 1.1 1995/10/18 08:48:00 deraadt Exp $
+
+PROG=	pppstats
+SRCS=	pppstats.c
+MAN=	pppstats.8
+MLINKS= pppstats.8 slstats.8
+BINDIR=	/usr/sbin
+
+.include <bsd.prog.mk>
diff --git a/usr.sbin/pppd/pppstats/pppstats.8 b/usr.sbin/pppd/pppstats/pppstats.8
new file mode 100644
index 00000000000..ab4b44d56dd
--- /dev/null
+++ b/usr.sbin/pppd/pppstats/pppstats.8
@@ -0,0 +1,179 @@
+.\"	@(#) $Header: /cvs/OpenBSD/src/usr.sbin/pppd/pppstats/pppstats.8,v 1.1 1995/10/18 08:48:01 deraadt Exp $ (LBL)
+.Dd November 15, 1994
+.Dt PPPSTATS 8
+.Sh NAME
+.Nm pppstats
+.Nd report statistics for the specified PPP interface
+.Sh SYNOPSIS
+.Nm pppstats
+.Op Fl v
+.Op Fl r
+.Op Fl z
+.Op Fl c Ar count
+.Op Fl w Ar wait
+.Op Ar interface
+.Sh DESCRIPTION
+.Pp
+The 
+.Nm pppstats
+utility reports PPP-related statistics at regular intervals for the
+specified PPP
+.Ar interface .
+If the
+.Ar interface
+is unspecified, it will default to ppp0.
+The display is split horizontally
+into input and output sections containing columns of statistics
+describing the properties and volume of packets received and
+transmitted by the interface.
+.Pp
+The first report will consist of a snapshot of the interface's
+statistics.  Further output, if any, will describe activity between
+report intervals.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl c Ar count
+Repeat the display
+.Ar count
+times. The first display is for the time since a reboot and each
+subsequent report is for the time period since the last display.
+If this option is not specified, the default repeat
+.Ar count
+is 1 if the
+.Fl w
+option is not specified, otherwise infinity.
+.It Fl r
+Display additional statistics summarizing the compression ratio
+achieved by the packet compression algorithm in use.
+.It Fl v
+Display additional statistics demonstrating the efficacy of VJ header
+compression and providing more explicit information on the operation
+of the algorithm.
+.It Fl w Ar wait
+Pause
+.Ar wait
+seconds between each display. If no
+.Ar wait
+interval is specified, the default is 5 seconds.
+.It Fl z
+Instead of the standard display, show statistics indicating the
+performance of the packet compression algorithm in use.
+.El
+.Pp
+The following fields are printed on the input side when the
+.Fl z
+option is not used:
+.Bl -tag -width search
+.It Li IN
+The total number of bytes received by this interface.
+.It Li PACK
+The total number of packets received by this interface.
+.It Li VJCOMP
+The number of compressed TCP packets received by this interface.
+.It Li VJUNC
+The number of uncompressed TCP packets received by this interface.
+.It Li VJERR
+The number of corrupted or bogus packets received by this interface.
+.It Li VJTOSS
+The number of VJ header-compressed TCP packets dropped on reception by
+this interface.  Only reported when the
+.Fl v
+option is specified.
+.It Li NON-VJ
+The total number of non-TCP packets received by this interface. Only
+reported when the
+.Fl v
+option is specified.
+.It Li RATIO
+The overall compression ratio achieved for received packets by the
+packet compression scheme in use, as a number between 0.0 and 1.0,
+representing the average proportionate reduction in the size of the
+packets achieved by the use of packet compression (thus 0.0 indicates
+that the data is incompressible).  Only reported when the
+.Fl r
+option is specified.
+.It Li UBYTE
+The total number of bytes received, after decompression of compressed
+packets.  Only reported when the
+.Fl r
+option is specified.
+.El
+.Pp
+The following fields are printed on the output side:
+.Bl -tag -width search
+.It Li OUT
+The total number of bytes transmitted from this interface.
+.It Li PACK
+The total number of packets transmitted from this interface.
+.It Li VJCOMP
+The number of TCP packets transmitted from this interface with
+VJ-compressed TCP headers.
+.It Li VJUNC
+The number of TCP packets transmitted from this interface with
+VJ-uncompressed TCP headers.
+.It Li NON-VJ
+The total number of non-TCP packets transmitted from this interface.
+.It Li VJSRCH
+The number of searches for the cached header entry for a VJ header
+compressed TCP packet.  Only reported when the
+.Fl v
+option is specified.
+.It Li VJMISS
+The number of failed searches for the cached header entry for a
+VJ header compressed TCP packet.  Only reported when the
+.Fl v
+option is specified.
+.It Li RATIO
+The overall compression ratio achieved for transmitted packets by the
+packet compression scheme in use, as a number between 0.0 and 1.0.
+Only reported when the
+.Fl r
+option is specified.
+.It Li UBYTE
+The total number of bytes to be transmitted, before packet compression
+is applied.  Only reported when the
+.Fl v
+option is specified.
+.El
+.Pp
+When the
+.Fl z
+option is specified,
+.Nm pppstats
+instead displays the following fields, relating to the packet
+compression algorithm currently in use.  If packet compression is not
+in use, these fields will all display zeroes.  The fields displayed on
+the input side are:
+.Bl -tag -width search
+.It Li COMPRESSED BYTE
+The number of bytes of compressed packets received.
+.It Li COMPRESSED PACK
+The number of compressed packets received.
+.It Li INCOMPRESSIBLE BYTE
+The number of bytes of incompressible packets (that is, those which
+were transmitted in uncompressed form) received.
+.It Li INCOMPRESSIBLE PACK
+The number of incompressible packets received.
+.It Li COMP RATIO
+The recent compression ratio for incoming packets, as a number between
+0.0 and 1.0.
+.El
+.Pp
+The fields displayed on the output side are:
+.Bl -tag -width search
+.It Li COMPRESSED BYTE
+The number of bytes of compressed packets transmitted.
+.It Li COMPRESSED PACK
+The number of compressed packets transmitted.
+.It Li INCOMPRESSIBLE BYTE
+The number of bytes of incompressible packets transmitted (that is,
+those which were transmitted in uncompressed form).
+.It Li INCOMPRESSIBLE PACK
+The number of incompressible packets transmitted.
+.It Li COMP RATIO
+The recent compression ratio for outgoing packets, as a number between
+0.0 and 1.0.
+.El
+.Sh SEE ALSO
+.Xr pppd 8
diff --git a/usr.sbin/pppd/pppstats/pppstats.c b/usr.sbin/pppd/pppstats/pppstats.c
new file mode 100644
index 00000000000..69e57ee25c5
--- /dev/null
+++ b/usr.sbin/pppd/pppstats/pppstats.c
@@ -0,0 +1,310 @@
+/*
+ * print PPP statistics:
+ * 	pppstats [-v] [-r] [-z] [-c count] [-w wait] [interface]
+ *
+ *   -v Verbose mode for default display
+ *   -r Show compression ratio in default display
+ *   -z Show compression statistics instead of default display
+ *
+ * from the original "slstats" by Van Jacobson
+ *
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the University of California, Berkeley.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ *	Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989:
+ *	- Initial distribution.
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: pppstats.c,v 1.1 1995/10/18 08:48:01 deraadt Exp $";
+#endif
+
+#include <stdio.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <net/ppp_defs.h>
+#include <net/if.h>
+#include <net/if_ppp.h>
+
+int	vflag, rflag, zflag;	/* select type of display */
+int	interval, count;
+int	infinite;
+int	unit;
+int	s;			/* socket file descriptor */
+int	signalled;		/* set if alarm goes off "early" */
+char	*progname;
+char	interface[IFNAMSIZ];
+
+void
+usage()
+{
+	fprintf(stderr, "Usage: %s [-v|-r|-z] [-c count] [-w wait] [interface]\n",
+		progname);
+	exit(1);
+}
+
+/*
+ * Called if an interval expires before intpr has completed a loop.
+ * Sets a flag to not wait for the alarm.
+ */
+void
+catchalarm(arg)
+    int arg;
+{
+	signalled = 1;
+}
+
+void
+get_ppp_stats(curp)
+    struct ppp_stats *curp;
+{
+	struct ifpppstatsreq req;
+
+	strncpy(req.ifr_name, interface, sizeof(req.ifr_name));
+	if (ioctl(s, SIOCGPPPSTATS, &req) == 0) {
+		*curp = req.stats;
+		return;
+	}
+	fprintf(stderr, "%s: ", progname);
+	if (errno == ENOTTY)
+		errx(1, "kernel support missing");
+	else
+		err(1, "couldn't get PPP statistics");
+}
+
+get_ppp_cstats(csp)
+    struct ppp_comp_stats *csp;
+{
+	struct ifpppcstatsreq creq;
+
+	strncpy(creq.ifr_name, interface, sizeof(creq.ifr_name));
+	if (ioctl(s, SIOCGPPPCSTATS, &creq) == 0) {
+		*csp = creq.stats;
+		return;
+	}
+	if (errno == ENOTTY) {
+		if (zflag)
+			errx(1, "no kernel compression support\n");
+		warnx("no kernel compression support\n");
+		rflag = 0;
+	} else
+		err(1, "couldn't get PPP compression stats");
+}
+
+
+#define V(offset)	(cur.offset - old.offset)
+#define W(offset)	(ccs.offset - ocs.offset)
+
+#define CRATE(x)	((x).unc_bytes == 0? 0.0: \
+			 1.0 - ((double)((x).comp_bytes + (x).inc_bytes) \
+				/ (x).unc_bytes))
+
+/*
+ * Print a running summary of interface statistics.
+ * Repeat display every interval seconds, showing statistics
+ * collected over that interval.  Assumes that interval is non-zero.
+ * First line printed is cumulative.
+ */
+void
+intpr()
+{
+	register int line = 0;
+	sigset_t oldmask, mask;
+	struct ppp_stats cur, old;
+	struct ppp_comp_stats ccs, ocs;
+
+	memset(&old, 0, sizeof(old));
+	memset(&ocs, 0, sizeof(ocs));
+
+	while (1) {
+		get_ppp_stats(&cur);
+		if (zflag || rflag)
+			get_ppp_cstats(&ccs);
+
+		(void)signal(SIGALRM, catchalarm);
+		signalled = 0;
+		(void)alarm(interval);
+    
+		if ((line % 20) == 0) {
+			if (zflag) {
+				printf("IN:  COMPRESSED  INCOMPRESSIBLE   COMP | ");
+				printf("OUT: COMPRESSED  INCOMPRESSIBLE   COMP\n");
+				printf("    BYTE   PACK     BYTE   PACK  RATIO | ");
+				printf("    BYTE   PACK     BYTE   PACK  RATIO");
+			} else {
+				printf("%8.8s %6.6s %6.6s %6.6s %6.6s",
+					"IN", "PACK", "VJCOMP", "VJUNC", "VJERR");
+				if (vflag)
+					printf(" %6.6s %6.6s", "VJTOSS", "NON-VJ");
+				if (rflag)
+					printf(" %6.6s %6.6s", "RATIO", "UBYTE");
+				printf("  | %8.8s %6.6s %6.6s %6.6s %6.6s",
+					"OUT", "PACK", "VJCOMP", "VJUNC", "NON-VJ");
+				if (vflag)
+					printf(" %6.6s %6.6s", "VJSRCH", "VJMISS");
+				if(rflag)
+					printf(" %6.6s %6.6s", "RATIO", "UBYTE");
+			}
+			putchar('\n');
+		}
+	
+		if (zflag) {
+			printf("%8u %6u %8u %6u %6.2f",
+			       W(d.comp_bytes),
+			       W(d.comp_packets),
+			       W(d.inc_bytes),
+			       W(d.inc_packets),
+			       ccs.d.ratio == 0? 0.0:
+			        1 - 1.0 / ccs.d.ratio * 256.0);
+
+			printf(" | %8u %6u %8u %6u %6.2f",
+			       W(c.comp_bytes),
+			       W(c.comp_packets),
+			       W(c.inc_bytes),
+			       W(c.inc_packets),
+			       ccs.c.ratio == 0? 0.0:
+			        1 - 1.0 / ccs.c.ratio * 256.0);
+	
+		} else {
+
+			printf("%8u %6u %6u %6u %6u",
+			       V(p.ppp_ibytes),
+			       V(p.ppp_ipackets),
+			       V(vj.vjs_compressedin),
+			       V(vj.vjs_uncompressedin),
+			       V(vj.vjs_errorin));
+			if (vflag)
+				printf(" %6u %6u",
+				       V(vj.vjs_tossed),
+				       V(p.ppp_ipackets) -
+				       V(vj.vjs_compressedin) -
+				       V(vj.vjs_uncompressedin) -
+				       V(vj.vjs_errorin));
+			if (rflag)
+				printf(" %6.2f %6u",
+				       CRATE(ccs.d),
+				       W(d.unc_bytes));
+			printf("  | %8u %6u %6u %6u %6u",
+			       V(p.ppp_obytes),
+			       V(p.ppp_opackets),
+			       V(vj.vjs_compressed),
+			       V(vj.vjs_packets) - V(vj.vjs_compressed),
+			       V(p.ppp_opackets) - V(vj.vjs_packets));
+			if (vflag)
+				printf(" %6u %6u",
+				       V(vj.vjs_searches),
+				       V(vj.vjs_misses));
+
+			if (rflag)
+				printf(" %6.2f %6u",
+				       CRATE(ccs.c),
+				       W(c.unc_bytes));
+	    
+		}
+
+		putchar('\n');
+		fflush(stdout);
+		line++;
+
+		count--;
+		if (!infinite && !count)
+			break;
+
+		oldmask = sigblock(sigmask(SIGALRM));
+		if (signalled == 0)
+			sigpause(0);
+		sigsetmask(oldmask);
+		signalled = 0;
+		(void)alarm(interval);
+		old = cur;
+		ocs = ccs;
+	}
+}
+
+int
+main(argc, argv)
+	int argc;
+	char *argv[];
+{
+	int c;
+	struct ifreq ifr;
+
+	strcpy(interface, "ppp0");
+	if ((progname = strrchr(argv[0], '/')) == NULL)
+		progname = argv[0];
+	else
+		++progname;
+
+	while ((c = getopt(argc, argv, "vrzc:w:")) != -1) {
+		switch (c) {
+		case 'v':
+			++vflag;
+			break;
+		case 'r':
+			++rflag;
+			break;
+		case 'z':
+			++zflag;
+			break;
+		case 'c':
+			count = atoi(optarg);
+			if (count <= 0)
+				usage();
+			break;
+		case 'w':
+			interval = atoi(optarg);
+			if (interval <= 0)
+				usage();
+			break;
+		default:
+			usage();
+		}
+	}
+	argc -= optind;
+	argv += optind;
+
+	if (!interval && count)
+		interval = 5;
+	if (interval && !count)
+		infinite = 1;
+	if (!interval && !count)
+		count = 1;
+
+	if (argc > 1)
+		usage();
+	if (argc > 0)
+		strncpy(interface, argv[0], sizeof(interface));
+
+	if (sscanf(interface, "ppp%d", &unit) != 1)
+		errx(1, "invalid interface '%s' specified\n", interface);
+	s = socket(AF_INET, SOCK_DGRAM, 0);
+	if (s < 0)
+		err(1, "couldn't create IP socket");
+	strcpy(ifr.ifr_name, interface);
+	if (ioctl(s, SIOCGIFFLAGS, (caddr_t)&ifr) < 0)
+		errx(1, "nonexistent interface '%s' specified\n", interface);
+
+	intpr();
+	exit(0);
+}
diff --git a/usr.sbin/pppd/sys-bsd.c b/usr.sbin/pppd/sys-bsd.c
new file mode 100644
index 00000000000..5dad339b2b8
--- /dev/null
+++ b/usr.sbin/pppd/sys-bsd.c
@@ -0,0 +1,1135 @@
+/*
+ * sys-bsd.c - System-dependent procedures for setting up
+ * PPP interfaces on bsd-4.4-ish systems (including 386BSD, NetBSD, etc.)
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: sys-bsd.c,v 1.1 1995/10/18 08:48:00 deraadt Exp $";
+#endif
+
+/*
+ * TODO:
+ */
+
+#include <stdio.h>
+#include <syslog.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <termios.h>
+#include <sys/ioctl.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+
+#include <net/if.h>
+#include <net/ppp_defs.h>
+#include <net/if_ppp.h>
+#include <net/route.h>
+#include <net/if_dl.h>
+#include <netinet/in.h>
+
+#if RTM_VERSION >= 3
+#include <netinet/if_ether.h>
+#endif
+
+#include "pppd.h"
+
+static int initdisc = -1;	/* Initial TTY discipline */
+static int rtm_seq;
+
+static int	restore_term;	/* 1 => we've munged the terminal */
+static struct termios inittermios; /* Initial TTY termios */
+static struct winsize wsinfo;	/* Initial window size info */
+
+static char *lock_file;		/* name of lock file created */
+
+int sockfd;			/* socket for doing interface ioctls */
+
+/*
+ * sys_init - System-dependent initialization.
+ */
+void
+sys_init()
+{
+    openlog("pppd", LOG_PID | LOG_NDELAY, LOG_PPP);
+    setlogmask(LOG_UPTO(LOG_INFO));
+    if (debug)
+	setlogmask(LOG_UPTO(LOG_DEBUG));
+
+    /* Get an internet socket for doing socket ioctl's on. */
+    if ((sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+	syslog(LOG_ERR, "Couldn't create IP socket: %m");
+	die(1);
+    }
+}
+
+/*
+ * note_debug_level - note a change in the debug level.
+ */
+void
+note_debug_level()
+{
+    if (debug) {
+	syslog(LOG_INFO, "Debug turned ON, Level %d", debug);
+	setlogmask(LOG_UPTO(LOG_DEBUG));
+    } else {
+	setlogmask(LOG_UPTO(LOG_WARNING));
+    }
+}
+
+/*
+ * ppp_available - check whether the system has any ppp interfaces
+ * (in fact we check whether we can do an ioctl on ppp0).
+ */
+int
+ppp_available()
+{
+    int s, ok;
+    struct ifreq ifr;
+    extern char *no_ppp_msg;
+
+    if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+	return 1;		/* can't tell */
+
+    strncpy(ifr.ifr_name, "ppp0", sizeof (ifr.ifr_name));
+    ok = ioctl(s, SIOCGIFFLAGS, (caddr_t) &ifr) >= 0;
+    close(s);
+
+    no_ppp_msg = "\
+This system lacks kernel support for PPP.  To include PPP support\n\
+in the kernel, please follow the steps detailed in the README.bsd\n\
+file in the ppp-2.2 distribution.\n";
+    return ok;
+}
+
+/*
+ * establish_ppp - Turn the serial port into a ppp interface.
+ */
+void
+establish_ppp()
+{
+    int pppdisc = PPPDISC;
+    int x;
+
+    if (ioctl(fd, TIOCGETD, &initdisc) < 0) {
+	syslog(LOG_ERR, "ioctl(TIOCGETD): %m");
+	die(1);
+    }
+    if (ioctl(fd, TIOCSETD, &pppdisc) < 0) {
+	syslog(LOG_ERR, "ioctl(TIOCSETD): %m");
+	die(1);
+    }
+
+    /*
+     * Find out which interface we were given.
+     */
+    if (ioctl(fd, PPPIOCGUNIT, &ifunit) < 0) {	
+	syslog(LOG_ERR, "ioctl(PPPIOCGUNIT): %m");
+	die(1);
+    }
+
+    /*
+     * Enable debug in the driver if requested.
+     */
+    if (kdebugflag) {
+	if (ioctl(fd, PPPIOCGFLAGS, (caddr_t) &x) < 0) {
+	    syslog(LOG_WARNING, "ioctl (PPPIOCGFLAGS): %m");
+	} else {
+	    x |= (kdebugflag & 0xFF) * SC_DEBUG;
+	    if (ioctl(fd, PPPIOCSFLAGS, (caddr_t) &x) < 0)
+		syslog(LOG_WARNING, "ioctl(PPPIOCSFLAGS): %m");
+	}
+    }
+}
+
+
+/*
+ * disestablish_ppp - Restore the serial port to normal operation.
+ * This shouldn't call die() because it's called from die().
+ */
+void
+disestablish_ppp()
+{
+    int x;
+    char *s;
+
+    if (initdisc >= 0) {
+	/*
+	 * Check whether the link seems not to be 8-bit clean.
+	 */
+	if (ioctl(fd, PPPIOCGFLAGS, (caddr_t) &x) == 0) {
+	    s = NULL;
+	    switch (~x & (SC_RCV_B7_0|SC_RCV_B7_1|SC_RCV_EVNP|SC_RCV_ODDP)) {
+	    case SC_RCV_B7_0:
+		s = "bit 7 set to 1";
+		break;
+	    case SC_RCV_B7_1:
+		s = "bit 7 set to 0";
+		break;
+	    case SC_RCV_EVNP:
+		s = "odd parity";
+		break;
+	    case SC_RCV_ODDP:
+		s = "even parity";
+		break;
+	    }
+	    if (s != NULL) {
+		syslog(LOG_WARNING, "Serial link is not 8-bit clean:");
+		syslog(LOG_WARNING, "All received characters had %s", s);
+	    }
+	}
+	if (ioctl(fd, TIOCSETD, &initdisc) < 0)
+	    syslog(LOG_ERR, "ioctl(TIOCSETD): %m");
+    }
+}
+
+
+/*
+ * set_up_tty: Set up the serial port on `fd' for 8 bits, no parity,
+ * at the requested speed, etc.  If `local' is true, set CLOCAL
+ * regardless of whether the modem option was specified.
+ *
+ * For *BSD, we assume that speed_t values numerically equal bits/second.
+ */
+set_up_tty(fd, local)
+    int fd, local;
+{
+    struct termios tios;
+
+    if (tcgetattr(fd, &tios) < 0) {
+	syslog(LOG_ERR, "tcgetattr: %m");
+	die(1);
+    }
+
+    if (!restore_term) {
+	inittermios = tios;
+	ioctl(fd, TIOCGWINSZ, &wsinfo);
+    }
+
+    tios.c_cflag &= ~(CSIZE | CSTOPB | PARENB | CLOCAL);
+    if (crtscts > 0)
+	tios.c_cflag |= CRTSCTS;
+    else if (crtscts < 0)
+	tios.c_cflag &= ~CRTSCTS;
+
+    tios.c_cflag |= CS8 | CREAD | HUPCL;
+    if (local || !modem)
+	tios.c_cflag |= CLOCAL;
+    tios.c_iflag = IGNBRK | IGNPAR;
+    tios.c_oflag = 0;
+    tios.c_lflag = 0;
+    tios.c_cc[VMIN] = 1;
+    tios.c_cc[VTIME] = 0;
+
+    if (crtscts == 2) {
+	tios.c_iflag |= IXOFF;
+	tios.c_cc[VSTOP] = 0x13;	/* DC3 = XOFF = ^S */
+	tios.c_cc[VSTART] = 0x11;	/* DC1 = XON  = ^Q */
+    }
+
+    if (inspeed) {
+	cfsetospeed(&tios, inspeed);
+	cfsetispeed(&tios, inspeed);
+    } else {
+	inspeed = cfgetospeed(&tios);
+	/*
+	 * We can't proceed if the serial port speed is 0,
+	 * since that implies that the serial port is disabled.
+	 */
+	if (inspeed == 0) {
+	    syslog(LOG_ERR, "Baud rate for %s is 0; need explicit baud rate",
+		   devnam);
+	    die(1);
+	}
+    }
+    baud_rate = inspeed;
+
+    if (tcsetattr(fd, TCSAFLUSH, &tios) < 0) {
+	syslog(LOG_ERR, "tcsetattr: %m");
+	die(1);
+    }
+
+    restore_term = 1;
+}
+
+/*
+ * restore_tty - restore the terminal to the saved settings.
+ */
+void
+restore_tty()
+{
+    if (restore_term) {
+	if (!default_device) {
+	    /*
+	     * Turn off echoing, because otherwise we can get into
+	     * a loop with the tty and the modem echoing to each other.
+	     * We presume we are the sole user of this tty device, so
+	     * when we close it, it will revert to its defaults anyway.
+	     */
+	    inittermios.c_lflag &= ~(ECHO | ECHONL);
+	}
+	if (tcsetattr(fd, TCSAFLUSH, &inittermios) < 0)
+	    if (errno != ENXIO)
+		syslog(LOG_WARNING, "tcsetattr: %m");
+	ioctl(fd, TIOCSWINSZ, &wsinfo);
+	restore_term = 0;
+    }
+}
+
+/*
+ * setdtr - control the DTR line on the serial port.
+ * This is called from die(), so it shouldn't call die().
+ */
+setdtr(fd, on)
+int fd, on;
+{
+    int modembits = TIOCM_DTR;
+
+    ioctl(fd, (on? TIOCMBIS: TIOCMBIC), &modembits);
+}
+
+
+/*
+ * output - Output PPP packet.
+ */
+void
+output(unit, p, len)
+    int unit;
+    u_char *p;
+    int len;
+{
+    if (unit != 0)
+	MAINDEBUG((LOG_WARNING, "output: unit != 0!"));
+    if (debug)
+	log_packet(p, len, "sent ");
+
+    if (write(fd, p, len) < 0) {
+	syslog(LOG_ERR, "write: %m");
+	die(1);
+    }
+}
+
+
+/*
+ * wait_input - wait until there is data available on fd,
+ * for the length of time specified by *timo (indefinite
+ * if timo is NULL).
+ */
+wait_input(timo)
+    struct timeval *timo;
+{
+    fd_set ready;
+    int n;
+
+    FD_ZERO(&ready);
+    FD_SET(fd, &ready);
+    n = select(fd+1, &ready, NULL, &ready, timo);
+    if (n < 0 && errno != EINTR) {
+	syslog(LOG_ERR, "select: %m");
+	die(1);
+    }
+}
+
+
+/*
+ * read_packet - get a PPP packet from the serial device.
+ */
+int
+read_packet(buf)
+    u_char *buf;
+{
+    int len;
+
+    if ((len = read(fd, buf, PPP_MTU + PPP_HDRLEN)) < 0) {
+	if (errno == EWOULDBLOCK || errno == EINTR)
+	    return -1;
+	syslog(LOG_ERR, "read(fd): %m");
+	die(1);
+    }
+    return len;
+}
+
+
+/*
+ * ppp_send_config - configure the transmit characteristics of
+ * the ppp interface.
+ */
+void
+ppp_send_config(unit, mtu, asyncmap, pcomp, accomp)
+    int unit, mtu;
+    u_int32_t asyncmap;
+    int pcomp, accomp;
+{
+    u_int x;
+    struct ifreq ifr;
+
+    strncpy(ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
+    ifr.ifr_mtu = mtu;
+    if (ioctl(sockfd, SIOCSIFMTU, (caddr_t) &ifr) < 0) {
+	syslog(LOG_ERR, "ioctl(SIOCSIFMTU): %m");
+	quit();
+    }
+
+    if (ioctl(fd, PPPIOCSASYNCMAP, (caddr_t) &asyncmap) < 0) {
+	syslog(LOG_ERR, "ioctl(PPPIOCSASYNCMAP): %m");
+	quit();
+    }
+
+    if (ioctl(fd, PPPIOCGFLAGS, (caddr_t) &x) < 0) {
+	syslog(LOG_ERR, "ioctl (PPPIOCGFLAGS): %m");
+	quit();
+    }
+    x = pcomp? x | SC_COMP_PROT: x &~ SC_COMP_PROT;
+    x = accomp? x | SC_COMP_AC: x &~ SC_COMP_AC;
+    if (ioctl(fd, PPPIOCSFLAGS, (caddr_t) &x) < 0) {
+	syslog(LOG_ERR, "ioctl(PPPIOCSFLAGS): %m");
+	quit();
+    }
+}
+
+
+/*
+ * ppp_set_xaccm - set the extended transmit ACCM for the interface.
+ */
+void
+ppp_set_xaccm(unit, accm)
+    int unit;
+    ext_accm accm;
+{
+    if (ioctl(fd, PPPIOCSXASYNCMAP, accm) < 0 && errno != ENOTTY)
+	syslog(LOG_WARNING, "ioctl(set extended ACCM): %m");
+}
+
+
+/*
+ * ppp_recv_config - configure the receive-side characteristics of
+ * the ppp interface.
+ */
+void
+ppp_recv_config(unit, mru, asyncmap, pcomp, accomp)
+    int unit, mru;
+    u_int32_t asyncmap;
+    int pcomp, accomp;
+{
+    int x;
+
+    if (ioctl(fd, PPPIOCSMRU, (caddr_t) &mru) < 0) {
+	syslog(LOG_ERR, "ioctl(PPPIOCSMRU): %m");
+	quit();
+    }
+    if (ioctl(fd, PPPIOCSRASYNCMAP, (caddr_t) &asyncmap) < 0) {
+	syslog(LOG_ERR, "ioctl(PPPIOCSRASYNCMAP): %m");
+	quit();
+    }
+    if (ioctl(fd, PPPIOCGFLAGS, (caddr_t) &x) < 0) {
+	syslog(LOG_ERR, "ioctl (PPPIOCGFLAGS): %m");
+	quit();
+    }
+    x = !accomp? x | SC_REJ_COMP_AC: x &~ SC_REJ_COMP_AC;
+    if (ioctl(fd, PPPIOCSFLAGS, (caddr_t) &x) < 0) {
+	syslog(LOG_ERR, "ioctl(PPPIOCSFLAGS): %m");
+	quit();
+    }
+}
+
+/*
+ * ccp_test - ask kernel whether a given compression method
+ * is acceptable for use.
+ */
+ccp_test(unit, opt_ptr, opt_len, for_transmit)
+    int unit, opt_len, for_transmit;
+    u_char *opt_ptr;
+{
+    struct ppp_option_data data;
+
+    data.ptr = opt_ptr;
+    data.length = opt_len;
+    data.transmit = for_transmit;
+    return ioctl(fd, PPPIOCSCOMPRESS, (caddr_t) &data) >= 0;
+}
+
+/*
+ * ccp_flags_set - inform kernel about the current state of CCP.
+ */
+void
+ccp_flags_set(unit, isopen, isup)
+    int unit, isopen, isup;
+{
+    int x;
+
+    if (ioctl(fd, PPPIOCGFLAGS, (caddr_t) &x) < 0) {
+	syslog(LOG_ERR, "ioctl (PPPIOCGFLAGS): %m");
+	return;
+    }
+    x = isopen? x | SC_CCP_OPEN: x &~ SC_CCP_OPEN;
+    x = isup? x | SC_CCP_UP: x &~ SC_CCP_UP;
+    if (ioctl(fd, PPPIOCSFLAGS, (caddr_t) &x) < 0)
+	syslog(LOG_ERR, "ioctl(PPPIOCSFLAGS): %m");
+}
+
+/*
+ * ccp_fatal_error - returns 1 if decompression was disabled as a
+ * result of an error detected after decompression of a packet,
+ * 0 otherwise.  This is necessary because of patent nonsense.
+ */
+int
+ccp_fatal_error(unit)
+    int unit;
+{
+    int x;
+
+    if (ioctl(fd, PPPIOCGFLAGS, (caddr_t) &x) < 0) {
+	syslog(LOG_ERR, "ioctl(PPPIOCGFLAGS): %m");
+	return 0;
+    }
+    return x & SC_DC_FERROR;
+}
+
+/*
+ * sifvjcomp - config tcp header compression
+ */
+int
+sifvjcomp(u, vjcomp, cidcomp, maxcid)
+    int u, vjcomp, cidcomp, maxcid;
+{
+    u_int x;
+
+    if (ioctl(fd, PPPIOCGFLAGS, (caddr_t) &x) < 0) {
+	syslog(LOG_ERR, "ioctl (PPPIOCGFLAGS): %m");
+	return 0;
+    }
+    x = vjcomp ? x | SC_COMP_TCP: x &~ SC_COMP_TCP;
+    x = cidcomp? x & ~SC_NO_TCP_CCID: x | SC_NO_TCP_CCID;
+    if (ioctl(fd, PPPIOCSFLAGS, (caddr_t) &x) < 0) {
+	syslog(LOG_ERR, "ioctl(PPPIOCSFLAGS): %m");
+	return 0;
+    }
+    if (ioctl(fd, PPPIOCSMAXCID, (caddr_t) &maxcid) < 0) {
+	syslog(LOG_ERR, "ioctl(PPPIOCSFLAGS): %m");
+	return 0;
+    }
+    return 1;
+}
+
+/*
+ * sifup - Config the interface up and enable IP packets to pass.
+ */
+#ifndef SC_ENABLE_IP
+#define SC_ENABLE_IP	0x100	/* compat for old versions of kernel code */
+#endif
+
+int
+sifup(u)
+    int u;
+{
+    struct ifreq ifr;
+    u_int x;
+    struct npioctl npi;
+
+    strncpy(ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
+    if (ioctl(sockfd, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
+	syslog(LOG_ERR, "ioctl (SIOCGIFFLAGS): %m");
+	return 0;
+    }
+    ifr.ifr_flags |= IFF_UP;
+    if (ioctl(sockfd, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
+	syslog(LOG_ERR, "ioctl(SIOCSIFFLAGS): %m");
+	return 0;
+    }
+    npi.protocol = PPP_IP;
+    npi.mode = NPMODE_PASS;
+    if (ioctl(fd, PPPIOCSNPMODE, &npi) < 0) {
+	if (errno != ENOTTY) {
+	    syslog(LOG_ERR, "ioctl(PPPIOCSNPMODE): %m");
+	    return 0;
+	}
+	/* for backwards compatibility */
+	if (ioctl(fd, PPPIOCGFLAGS, (caddr_t) &x) < 0) {
+	    syslog(LOG_ERR, "ioctl (PPPIOCGFLAGS): %m");
+	    return 0;
+	}
+	x |= SC_ENABLE_IP;
+	if (ioctl(fd, PPPIOCSFLAGS, (caddr_t) &x) < 0) {
+	    syslog(LOG_ERR, "ioctl(PPPIOCSFLAGS): %m");
+	    return 0;
+	}
+    }
+    return 1;
+}
+
+/*
+ * sifdown - Config the interface down and disable IP.
+ */
+int
+sifdown(u)
+    int u;
+{
+    struct ifreq ifr;
+    u_int x;
+    int rv;
+    struct npioctl npi;
+
+    rv = 1;
+    npi.protocol = PPP_IP;
+    npi.mode = NPMODE_ERROR;
+    if (ioctl(fd, PPPIOCSNPMODE, (caddr_t) &npi) < 0) {
+	if (errno != ENOTTY) {
+	    syslog(LOG_ERR, "ioctl(PPPIOCSNPMODE): %m");
+	    rv = 0;
+	} else {
+	    /* backwards compatibility */
+	    if (ioctl(fd, PPPIOCGFLAGS, (caddr_t) &x) < 0) {
+		syslog(LOG_ERR, "ioctl (PPPIOCGFLAGS): %m");
+		rv = 0;
+	    } else {
+		x &= ~SC_ENABLE_IP;
+		if (ioctl(fd, PPPIOCSFLAGS, (caddr_t) &x) < 0) {
+		    syslog(LOG_ERR, "ioctl(PPPIOCSFLAGS): %m");
+		    rv = 0;
+		}
+	    }
+	}
+    }
+
+    strncpy(ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
+    if (ioctl(sockfd, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
+	syslog(LOG_ERR, "ioctl (SIOCGIFFLAGS): %m");
+	rv = 0;
+    } else {
+	ifr.ifr_flags &= ~IFF_UP;
+	if (ioctl(sockfd, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
+	    syslog(LOG_ERR, "ioctl(SIOCSIFFLAGS): %m");
+	    rv = 0;
+	}
+    }
+    return rv;
+}
+
+/*
+ * SET_SA_FAMILY - set the sa_family field of a struct sockaddr,
+ * if it exists.
+ */
+#define SET_SA_FAMILY(addr, family)		\
+    BZERO((char *) &(addr), sizeof(addr));	\
+    addr.sa_family = (family); 			\
+    addr.sa_len = sizeof(addr);
+
+/*
+ * sifaddr - Config the interface IP addresses and netmask.
+ */
+int
+sifaddr(u, o, h, m)
+    int u;
+    u_int32_t o, h, m;
+{
+    struct ifaliasreq ifra;
+
+    strncpy(ifra.ifra_name, ifname, sizeof(ifra.ifra_name));
+    SET_SA_FAMILY(ifra.ifra_addr, AF_INET);
+    ((struct sockaddr_in *) &ifra.ifra_addr)->sin_addr.s_addr = o;
+    SET_SA_FAMILY(ifra.ifra_broadaddr, AF_INET);
+    ((struct sockaddr_in *) &ifra.ifra_broadaddr)->sin_addr.s_addr = h;
+    if (m != 0) {
+	SET_SA_FAMILY(ifra.ifra_mask, AF_INET);
+	((struct sockaddr_in *) &ifra.ifra_mask)->sin_addr.s_addr = m;
+    } else
+	BZERO(&ifra.ifra_mask, sizeof(ifra.ifra_mask));
+    if (ioctl(sockfd, SIOCAIFADDR, (caddr_t) &ifra) < 0) {
+	if (errno != EEXIST) {
+	    syslog(LOG_ERR, "ioctl(SIOCAIFADDR): %m");
+	    return 0;
+	}
+	syslog(LOG_WARNING, "ioctl(SIOCAIFADDR): Address already exists");
+    }
+    return 1;
+}
+
+/*
+ * cifaddr - Clear the interface IP addresses, and delete routes
+ * through the interface if possible.
+ */
+int
+cifaddr(u, o, h)
+    int u;
+    u_int32_t o, h;
+{
+    struct ifaliasreq ifra;
+
+    strncpy(ifra.ifra_name, ifname, sizeof(ifra.ifra_name));
+    SET_SA_FAMILY(ifra.ifra_addr, AF_INET);
+    ((struct sockaddr_in *) &ifra.ifra_addr)->sin_addr.s_addr = o;
+    SET_SA_FAMILY(ifra.ifra_broadaddr, AF_INET);
+    ((struct sockaddr_in *) &ifra.ifra_broadaddr)->sin_addr.s_addr = h;
+    BZERO(&ifra.ifra_mask, sizeof(ifra.ifra_mask));
+    if (ioctl(sockfd, SIOCDIFADDR, (caddr_t) &ifra) < 0) {
+	syslog(LOG_WARNING, "ioctl(SIOCDIFADDR): %m");
+	return 0;
+    }
+    return 1;
+}
+
+/*
+ * sifdefaultroute - assign a default route through the address given.
+ */
+int
+sifdefaultroute(u, g)
+    int u;
+    u_int32_t g;
+{
+    return dodefaultroute(g, 's');
+}
+
+/*
+ * cifdefaultroute - delete a default route through the address given.
+ */
+int
+cifdefaultroute(u, g)
+    int u;
+    u_int32_t g;
+{
+    return dodefaultroute(g, 'c');
+}
+
+/*
+ * dodefaultroute - talk to a routing socket to add/delete a default route.
+ */
+int
+dodefaultroute(g, cmd)
+    u_int32_t g;
+    int cmd;
+{
+    int routes;
+    struct {
+	struct rt_msghdr	hdr;
+	struct sockaddr_in	dst;
+	struct sockaddr_in	gway;
+	struct sockaddr_in	mask;
+    } rtmsg;
+
+    if ((routes = socket(PF_ROUTE, SOCK_RAW, AF_INET)) < 0) {
+	syslog(LOG_ERR, "%cifdefaultroute: opening routing socket: %m", cmd);
+	return 0;
+    }
+
+    memset(&rtmsg, 0, sizeof(rtmsg));
+    rtmsg.hdr.rtm_type = cmd == 's'? RTM_ADD: RTM_DELETE;
+    rtmsg.hdr.rtm_flags = RTF_UP | RTF_GATEWAY;
+    rtmsg.hdr.rtm_version = RTM_VERSION;
+    rtmsg.hdr.rtm_seq = ++rtm_seq;
+    rtmsg.hdr.rtm_addrs = RTA_DST | RTA_GATEWAY | RTA_NETMASK;
+    rtmsg.dst.sin_len = sizeof(rtmsg.dst);
+    rtmsg.dst.sin_family = AF_INET;
+    rtmsg.gway.sin_len = sizeof(rtmsg.gway);
+    rtmsg.gway.sin_family = AF_INET;
+    rtmsg.gway.sin_addr.s_addr = g;
+    rtmsg.mask.sin_len = sizeof(rtmsg.dst);
+    rtmsg.mask.sin_family = AF_INET;
+
+    rtmsg.hdr.rtm_msglen = sizeof(rtmsg);
+    if (write(routes, &rtmsg, sizeof(rtmsg)) < 0) {
+	syslog(LOG_ERR, "%s default route: %m", cmd=='s'? "add": "delete");
+	close(routes);
+	return 0;
+    }
+
+    close(routes);
+    return 1;
+}
+
+#if RTM_VERSION >= 3
+
+/*
+ * sifproxyarp - Make a proxy ARP entry for the peer.
+ */
+static struct {
+    struct rt_msghdr		hdr;
+    struct sockaddr_inarp	dst;
+    struct sockaddr_dl		hwa;
+    char			extra[128];
+} arpmsg;
+
+static int arpmsg_valid;
+
+int
+sifproxyarp(unit, hisaddr)
+    int unit;
+    u_int32_t hisaddr;
+{
+    int routes;
+    int l;
+
+    /*
+     * Get the hardware address of an interface on the same subnet
+     * as our local address.
+     */
+    memset(&arpmsg, 0, sizeof(arpmsg));
+    if (!get_ether_addr(hisaddr, &arpmsg.hwa)) {
+	syslog(LOG_ERR, "Cannot determine ethernet address for proxy ARP");
+	return 0;
+    }
+
+    if ((routes = socket(PF_ROUTE, SOCK_RAW, AF_INET)) < 0) {
+	syslog(LOG_ERR, "sifproxyarp: opening routing socket: %m");
+	return 0;
+    }
+
+    arpmsg.hdr.rtm_type = RTM_ADD;
+    arpmsg.hdr.rtm_flags = RTF_ANNOUNCE | RTF_HOST | RTF_STATIC;
+    arpmsg.hdr.rtm_version = RTM_VERSION;
+    arpmsg.hdr.rtm_seq = ++rtm_seq;
+    arpmsg.hdr.rtm_addrs = RTA_DST | RTA_GATEWAY;
+    arpmsg.hdr.rtm_inits = RTV_EXPIRE;
+    arpmsg.dst.sin_len = sizeof(struct sockaddr_inarp);
+    arpmsg.dst.sin_family = AF_INET;
+    arpmsg.dst.sin_addr.s_addr = hisaddr;
+    arpmsg.dst.sin_other = SIN_PROXY;
+
+    arpmsg.hdr.rtm_msglen = (char *) &arpmsg.hwa - (char *) &arpmsg
+	+ arpmsg.hwa.sdl_len;
+    if (write(routes, &arpmsg, arpmsg.hdr.rtm_msglen) < 0) {
+	syslog(LOG_ERR, "add proxy arp entry: %m");
+	close(routes);
+	return 0;
+    }
+
+    close(routes);
+    arpmsg_valid = 1;
+    return 1;
+}
+
+/*
+ * cifproxyarp - Delete the proxy ARP entry for the peer.
+ */
+int
+cifproxyarp(unit, hisaddr)
+    int unit;
+    u_int32_t hisaddr;
+{
+    int routes;
+
+    if (!arpmsg_valid)
+	return 0;
+    arpmsg_valid = 0;
+
+    arpmsg.hdr.rtm_type = RTM_DELETE;
+    arpmsg.hdr.rtm_seq = ++rtm_seq;
+
+    if ((routes = socket(PF_ROUTE, SOCK_RAW, AF_INET)) < 0) {
+	syslog(LOG_ERR, "sifproxyarp: opening routing socket: %m");
+	return 0;
+    }
+
+    if (write(routes, &arpmsg, arpmsg.hdr.rtm_msglen) < 0) {
+	syslog(LOG_ERR, "delete proxy arp entry: %m");
+	close(routes);
+	return 0;
+    }
+
+    close(routes);
+    return 1;
+}
+
+#else	/* RTM_VERSION */
+
+/*
+ * sifproxyarp - Make a proxy ARP entry for the peer.
+ */
+int
+sifproxyarp(unit, hisaddr)
+    int unit;
+    u_int32_t hisaddr;
+{
+    struct arpreq arpreq;
+    struct {
+	struct sockaddr_dl	sdl;
+	char			space[128];
+    } dls;
+
+    BZERO(&arpreq, sizeof(arpreq));
+
+    /*
+     * Get the hardware address of an interface on the same subnet
+     * as our local address.
+     */
+    if (!get_ether_addr(hisaddr, &dls.sdl)) {
+	syslog(LOG_ERR, "Cannot determine ethernet address for proxy ARP");
+	return 0;
+    }
+
+    arpreq.arp_ha.sa_len = sizeof(struct sockaddr);
+    arpreq.arp_ha.sa_family = AF_UNSPEC;
+    BCOPY(LLADDR(&dls.sdl), arpreq.arp_ha.sa_data, dls.sdl.sdl_alen);
+    SET_SA_FAMILY(arpreq.arp_pa, AF_INET);
+    ((struct sockaddr_in *) &arpreq.arp_pa)->sin_addr.s_addr = hisaddr;
+    arpreq.arp_flags = ATF_PERM | ATF_PUBL;
+    if (ioctl(sockfd, SIOCSARP, (caddr_t)&arpreq) < 0) {
+	syslog(LOG_ERR, "ioctl(SIOCSARP): %m");
+	return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * cifproxyarp - Delete the proxy ARP entry for the peer.
+ */
+int
+cifproxyarp(unit, hisaddr)
+    int unit;
+    u_int32_t hisaddr;
+{
+    struct arpreq arpreq;
+
+    BZERO(&arpreq, sizeof(arpreq));
+    SET_SA_FAMILY(arpreq.arp_pa, AF_INET);
+    ((struct sockaddr_in *) &arpreq.arp_pa)->sin_addr.s_addr = hisaddr;
+    if (ioctl(sockfd, SIOCDARP, (caddr_t)&arpreq) < 0) {
+	syslog(LOG_WARNING, "ioctl(SIOCDARP): %m");
+	return 0;
+    }
+    return 1;
+}
+#endif	/* RTM_VERSION */
+
+
+/*
+ * get_ether_addr - get the hardware address of an interface on the
+ * the same subnet as ipaddr.
+ */
+#define MAX_IFS		32
+
+int
+get_ether_addr(ipaddr, hwaddr)
+    u_int32_t ipaddr;
+    struct sockaddr_dl *hwaddr;
+{
+    struct ifreq *ifr, *ifend, *ifp;
+    u_int32_t ina, mask;
+    struct sockaddr_dl *dla;
+    struct ifreq ifreq;
+    struct ifconf ifc;
+    struct ifreq ifs[MAX_IFS];
+
+    ifc.ifc_len = sizeof(ifs);
+    ifc.ifc_req = ifs;
+    if (ioctl(sockfd, SIOCGIFCONF, &ifc) < 0) {
+	syslog(LOG_ERR, "ioctl(SIOCGIFCONF): %m");
+	return 0;
+    }
+
+    /*
+     * Scan through looking for an interface with an Internet
+     * address on the same subnet as `ipaddr'.
+     */
+    ifend = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len);
+    for (ifr = ifc.ifc_req; ifr < ifend; ifr = (struct ifreq *)
+	 	((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len)) {
+	if (ifr->ifr_addr.sa_family == AF_INET) {
+	    ina = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr.s_addr;
+	    strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name));
+	    /*
+	     * Check that the interface is up, and not point-to-point
+	     * or loopback.
+	     */
+	    if (ioctl(sockfd, SIOCGIFFLAGS, &ifreq) < 0)
+		continue;
+	    if ((ifreq.ifr_flags &
+		 (IFF_UP|IFF_BROADCAST|IFF_POINTOPOINT|IFF_LOOPBACK|IFF_NOARP))
+		 != (IFF_UP|IFF_BROADCAST))
+		continue;
+	    /*
+	     * Get its netmask and check that it's on the right subnet.
+	     */
+	    if (ioctl(sockfd, SIOCGIFNETMASK, &ifreq) < 0)
+		continue;
+	    mask = ((struct sockaddr_in *) &ifreq.ifr_addr)->sin_addr.s_addr;
+	    if ((ipaddr & mask) != (ina & mask))
+		continue;
+
+	    break;
+	}
+    }
+
+    if (ifr >= ifend)
+	return 0;
+    syslog(LOG_INFO, "found interface %s for proxy arp", ifr->ifr_name);
+
+    /*
+     * Now scan through again looking for a link-level address
+     * for this interface.
+     */
+    ifp = ifr;
+    for (ifr = ifc.ifc_req; ifr < ifend; ) {
+	if (strcmp(ifp->ifr_name, ifr->ifr_name) == 0
+	    && ifr->ifr_addr.sa_family == AF_LINK) {
+	    /*
+	     * Found the link-level address - copy it out
+	     */
+	    dla = (struct sockaddr_dl *) &ifr->ifr_addr;
+	    BCOPY(dla, hwaddr, dla->sdl_len);
+	    return 1;
+	}
+	ifr = (struct ifreq *) ((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len);
+    }
+
+    return 0;
+}
+
+/*
+ * Return user specified netmask, modified by any mask we might determine
+ * for address `addr' (in network byte order).
+ * Here we scan through the system's list of interfaces, looking for
+ * any non-point-to-point interfaces which might appear to be on the same
+ * network as `addr'.  If we find any, we OR in their netmask to the
+ * user-specified netmask.
+ */
+u_int32_t
+GetMask(addr)
+    u_int32_t addr;
+{
+    u_int32_t mask, nmask, ina;
+    struct ifreq *ifr, *ifend, ifreq;
+    struct ifconf ifc;
+    struct ifreq ifs[MAX_IFS];
+
+    addr = ntohl(addr);
+    if (IN_CLASSA(addr))	/* determine network mask for address class */
+	nmask = IN_CLASSA_NET;
+    else if (IN_CLASSB(addr))
+	nmask = IN_CLASSB_NET;
+    else
+	nmask = IN_CLASSC_NET;
+    /* class D nets are disallowed by bad_ip_adrs */
+    mask = netmask | htonl(nmask);
+
+    /*
+     * Scan through the system's network interfaces.
+     */
+    ifc.ifc_len = sizeof(ifs);
+    ifc.ifc_req = ifs;
+    if (ioctl(sockfd, SIOCGIFCONF, &ifc) < 0) {
+	syslog(LOG_WARNING, "ioctl(SIOCGIFCONF): %m");
+	return mask;
+    }
+    ifend = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len);
+    for (ifr = ifc.ifc_req; ifr < ifend; ifr = (struct ifreq *)
+	 	((char *)&ifr->ifr_addr + ifr->ifr_addr.sa_len)) {
+	/*
+	 * Check the interface's internet address.
+	 */
+	if (ifr->ifr_addr.sa_family != AF_INET)
+	    continue;
+	ina = ((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr.s_addr;
+	if ((ntohl(ina) & nmask) != (addr & nmask))
+	    continue;
+	/*
+	 * Check that the interface is up, and not point-to-point or loopback.
+	 */
+	strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name));
+	if (ioctl(sockfd, SIOCGIFFLAGS, &ifreq) < 0)
+	    continue;
+	if ((ifreq.ifr_flags & (IFF_UP|IFF_POINTOPOINT|IFF_LOOPBACK))
+	    != IFF_UP)
+	    continue;
+	/*
+	 * Get its netmask and OR it into our mask.
+	 */
+	if (ioctl(sockfd, SIOCGIFNETMASK, &ifreq) < 0)
+	    continue;
+	mask |= ((struct sockaddr_in *)&ifreq.ifr_addr)->sin_addr.s_addr;
+    }
+
+    return mask;
+}
+
+/*
+ * lock - create a lock file for the named lock device
+ */
+#define	LOCK_PREFIX	"/var/spool/lock/LCK.."
+
+int
+lock(dev)
+    char *dev;
+{
+    char hdb_lock_buffer[12];
+    int fd, pid, n;
+    char *p;
+
+    if ((p = strrchr(dev, '/')) != NULL)
+	dev = p + 1;
+    lock_file = malloc(strlen(LOCK_PREFIX) + strlen(dev) + 1);
+    if (lock_file == NULL)
+	novm("lock file name");
+    strcat(strcpy(lock_file, LOCK_PREFIX), dev);
+
+    while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
+	if (errno == EEXIST
+	    && (fd = open(lock_file, O_RDONLY, 0)) >= 0) {
+	    /* Read the lock file to find out who has the device locked */
+	    n = read(fd, hdb_lock_buffer, 11);
+	    if (n > 0) {
+		hdb_lock_buffer[n] = 0;
+		pid = atoi(hdb_lock_buffer);
+	    }
+	    if (n <= 0) {
+		syslog(LOG_ERR, "Can't read pid from lock file %s", lock_file);
+		close(fd);
+	    } else {
+		if (kill(pid, 0) == -1 && errno == ESRCH) {
+		    /* pid no longer exists - remove the lock file */
+		    if (unlink(lock_file) == 0) {
+			close(fd);
+			syslog(LOG_NOTICE, "Removed stale lock on %s (pid %d)",
+			       dev, pid);
+			continue;
+		    } else
+			syslog(LOG_WARNING, "Couldn't remove stale lock on %s",
+			       dev);
+		} else
+		    syslog(LOG_NOTICE, "Device %s is locked by pid %d",
+			   dev, pid);
+	    }
+	    close(fd);
+	} else
+	    syslog(LOG_ERR, "Can't create lock file %s: %m", lock_file);
+	free(lock_file);
+	lock_file = NULL;
+	return -1;
+    }
+
+    sprintf(hdb_lock_buffer, "%10d\n", getpid());
+    write(fd, hdb_lock_buffer, 11);
+
+    close(fd);
+    return 0;
+}
+
+/*
+ * unlock - remove our lockfile
+ */
+unlock()
+{
+    if (lock_file) {
+	unlink(lock_file);
+	free(lock_file);
+	lock_file = NULL;
+    }
+}
diff --git a/usr.sbin/pppd/upap.c b/usr.sbin/pppd/upap.c
new file mode 100644
index 00000000000..45187125779
--- /dev/null
+++ b/usr.sbin/pppd/upap.c
@@ -0,0 +1,590 @@
+/*
+ * upap.c - User/Password Authentication Protocol.
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: upap.c,v 1.1 1995/10/18 08:48:00 deraadt Exp $";
+#endif
+
+/*
+ * TODO:
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <syslog.h>
+
+#include "pppd.h"
+#include "upap.h"
+
+
+upap_state upap[NUM_PPP];		/* UPAP state; one for each unit */
+
+
+static void upap_timeout __P((caddr_t));
+static void upap_reqtimeout __P((caddr_t));
+static void upap_rauthreq __P((upap_state *, u_char *, int, int));
+static void upap_rauthack __P((upap_state *, u_char *, int, int));
+static void upap_rauthnak __P((upap_state *, u_char *, int, int));
+static void upap_sauthreq __P((upap_state *));
+static void upap_sresp __P((upap_state *, int, int, char *, int));
+
+
+/*
+ * upap_init - Initialize a UPAP unit.
+ */
+void
+upap_init(unit)
+    int unit;
+{
+    upap_state *u = &upap[unit];
+
+    u->us_unit = unit;
+    u->us_user = NULL;
+    u->us_userlen = 0;
+    u->us_passwd = NULL;
+    u->us_passwdlen = 0;
+    u->us_clientstate = UPAPCS_INITIAL;
+    u->us_serverstate = UPAPSS_INITIAL;
+    u->us_id = 0;
+    u->us_timeouttime = UPAP_DEFTIMEOUT;
+    u->us_maxtransmits = 10;
+    u->us_reqtimeout = UPAP_DEFREQTIME;
+}
+
+
+/*
+ * upap_authwithpeer - Authenticate us with our peer (start client).
+ *
+ * Set new state and send authenticate's.
+ */
+void
+upap_authwithpeer(unit, user, password)
+    int unit;
+    char *user, *password;
+{
+    upap_state *u = &upap[unit];
+
+    /* Save the username and password we're given */
+    u->us_user = user;
+    u->us_userlen = strlen(user);
+    u->us_passwd = password;
+    u->us_passwdlen = strlen(password);
+    u->us_transmits = 0;
+
+    /* Lower layer up yet? */
+    if (u->us_clientstate == UPAPCS_INITIAL ||
+	u->us_clientstate == UPAPCS_PENDING) {
+	u->us_clientstate = UPAPCS_PENDING;
+	return;
+    }
+
+    upap_sauthreq(u);			/* Start protocol */
+}
+
+
+/*
+ * upap_authpeer - Authenticate our peer (start server).
+ *
+ * Set new state.
+ */
+void
+upap_authpeer(unit)
+    int unit;
+{
+    upap_state *u = &upap[unit];
+
+    /* Lower layer up yet? */
+    if (u->us_serverstate == UPAPSS_INITIAL ||
+	u->us_serverstate == UPAPSS_PENDING) {
+	u->us_serverstate = UPAPSS_PENDING;
+	return;
+    }
+
+    u->us_serverstate = UPAPSS_LISTEN;
+    if (u->us_reqtimeout > 0)
+	TIMEOUT(upap_reqtimeout, (caddr_t) u, u->us_reqtimeout);
+}
+
+
+/*
+ * upap_timeout - Retransmission timer for sending auth-reqs expired.
+ */
+static void
+upap_timeout(arg)
+    caddr_t arg;
+{
+    upap_state *u = (upap_state *) arg;
+
+    if (u->us_clientstate != UPAPCS_AUTHREQ)
+	return;
+
+    if (u->us_transmits >= u->us_maxtransmits) {
+	/* give up in disgust */
+	syslog(LOG_ERR, "No response to PAP authenticate-requests");
+	u->us_clientstate = UPAPCS_BADAUTH;
+	auth_withpeer_fail(u->us_unit, PPP_PAP);
+	return;
+    }
+
+    upap_sauthreq(u);		/* Send Authenticate-Request */
+}
+
+
+/*
+ * upap_reqtimeout - Give up waiting for the peer to send an auth-req.
+ */
+static void
+upap_reqtimeout(arg)
+    caddr_t arg;
+{
+    upap_state *u = (upap_state *) arg;
+
+    if (u->us_serverstate != UPAPSS_LISTEN)
+	return;			/* huh?? */
+
+    auth_peer_fail(u->us_unit, PPP_PAP);
+    u->us_serverstate = UPAPSS_BADAUTH;
+}
+
+
+/*
+ * upap_lowerup - The lower layer is up.
+ *
+ * Start authenticating if pending.
+ */
+void
+upap_lowerup(unit)
+    int unit;
+{
+    upap_state *u = &upap[unit];
+
+    if (u->us_clientstate == UPAPCS_INITIAL)
+	u->us_clientstate = UPAPCS_CLOSED;
+    else if (u->us_clientstate == UPAPCS_PENDING) {
+	upap_sauthreq(u);	/* send an auth-request */
+    }
+
+    if (u->us_serverstate == UPAPSS_INITIAL)
+	u->us_serverstate = UPAPSS_CLOSED;
+    else if (u->us_serverstate == UPAPSS_PENDING) {
+	u->us_serverstate = UPAPSS_LISTEN;
+	if (u->us_reqtimeout > 0)
+	    TIMEOUT(upap_reqtimeout, (caddr_t) u, u->us_reqtimeout);
+    }
+}
+
+
+/*
+ * upap_lowerdown - The lower layer is down.
+ *
+ * Cancel all timeouts.
+ */
+void
+upap_lowerdown(unit)
+    int unit;
+{
+    upap_state *u = &upap[unit];
+
+    if (u->us_clientstate == UPAPCS_AUTHREQ)	/* Timeout pending? */
+	UNTIMEOUT(upap_timeout, (caddr_t) u);	/* Cancel timeout */
+    if (u->us_serverstate == UPAPSS_LISTEN && u->us_reqtimeout > 0)
+	UNTIMEOUT(upap_reqtimeout, (caddr_t) u);
+
+    u->us_clientstate = UPAPCS_INITIAL;
+    u->us_serverstate = UPAPSS_INITIAL;
+}
+
+
+/*
+ * upap_protrej - Peer doesn't speak this protocol.
+ *
+ * This shouldn't happen.  In any case, pretend lower layer went down.
+ */
+void
+upap_protrej(unit)
+    int unit;
+{
+    upap_state *u = &upap[unit];
+
+    if (u->us_clientstate == UPAPCS_AUTHREQ) {
+	syslog(LOG_ERR, "PAP authentication failed due to protocol-reject");
+	auth_withpeer_fail(unit, PPP_PAP);
+    }
+    if (u->us_serverstate == UPAPSS_LISTEN) {
+	syslog(LOG_ERR, "PAP authentication of peer failed (protocol-reject)");
+	auth_peer_fail(unit, PPP_PAP);
+    }
+    upap_lowerdown(unit);
+}
+
+
+/*
+ * upap_input - Input UPAP packet.
+ */
+void
+upap_input(unit, inpacket, l)
+    int unit;
+    u_char *inpacket;
+    int l;
+{
+    upap_state *u = &upap[unit];
+    u_char *inp;
+    u_char code, id;
+    int len;
+
+    /*
+     * Parse header (code, id and length).
+     * If packet too short, drop it.
+     */
+    inp = inpacket;
+    if (l < UPAP_HEADERLEN) {
+	UPAPDEBUG((LOG_INFO, "upap_input: rcvd short header."));
+	return;
+    }
+    GETCHAR(code, inp);
+    GETCHAR(id, inp);
+    GETSHORT(len, inp);
+    if (len < UPAP_HEADERLEN) {
+	UPAPDEBUG((LOG_INFO, "upap_input: rcvd illegal length."));
+	return;
+    }
+    if (len > l) {
+	UPAPDEBUG((LOG_INFO, "upap_input: rcvd short packet."));
+	return;
+    }
+    len -= UPAP_HEADERLEN;
+
+    /*
+     * Action depends on code.
+     */
+    switch (code) {
+    case UPAP_AUTHREQ:
+	upap_rauthreq(u, inp, id, len);
+	break;
+
+    case UPAP_AUTHACK:
+	upap_rauthack(u, inp, id, len);
+	break;
+
+    case UPAP_AUTHNAK:
+	upap_rauthnak(u, inp, id, len);
+	break;
+
+    default:				/* XXX Need code reject */
+	break;
+    }
+}
+
+
+/*
+ * upap_rauth - Receive Authenticate.
+ */
+static void
+upap_rauthreq(u, inp, id, len)
+    upap_state *u;
+    u_char *inp;
+    int id;
+    int len;
+{
+    u_char ruserlen, rpasswdlen;
+    char *ruser, *rpasswd;
+    int retcode;
+    char *msg;
+    int msglen;
+
+    UPAPDEBUG((LOG_INFO, "upap_rauth: Rcvd id %d.", id));
+
+    if (u->us_serverstate < UPAPSS_LISTEN)
+	return;
+
+    /*
+     * If we receive a duplicate authenticate-request, we are
+     * supposed to return the same status as for the first request.
+     */
+    if (u->us_serverstate == UPAPSS_OPEN) {
+	upap_sresp(u, UPAP_AUTHACK, id, "", 0);	/* return auth-ack */
+	return;
+    }
+    if (u->us_serverstate == UPAPSS_BADAUTH) {
+	upap_sresp(u, UPAP_AUTHNAK, id, "", 0);	/* return auth-nak */
+	return;
+    }
+
+    /*
+     * Parse user/passwd.
+     */
+    if (len < sizeof (u_char)) {
+	UPAPDEBUG((LOG_INFO, "upap_rauth: rcvd short packet."));
+	return;
+    }
+    GETCHAR(ruserlen, inp);
+    len -= sizeof (u_char) + ruserlen + sizeof (u_char);
+    if (len < 0) {
+	UPAPDEBUG((LOG_INFO, "upap_rauth: rcvd short packet."));
+	return;
+    }
+    ruser = (char *) inp;
+    INCPTR(ruserlen, inp);
+    GETCHAR(rpasswdlen, inp);
+    if (len < rpasswdlen) {
+	UPAPDEBUG((LOG_INFO, "upap_rauth: rcvd short packet."));
+	return;
+    }
+    rpasswd = (char *) inp;
+
+    /*
+     * Check the username and password given.
+     */
+    retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd,
+			   rpasswdlen, &msg, &msglen);
+
+    upap_sresp(u, retcode, id, msg, msglen);
+
+    if (retcode == UPAP_AUTHACK) {
+	u->us_serverstate = UPAPSS_OPEN;
+	auth_peer_success(u->us_unit, PPP_PAP);
+    } else {
+	u->us_serverstate = UPAPSS_BADAUTH;
+	auth_peer_fail(u->us_unit, PPP_PAP);
+    }
+
+    if (u->us_reqtimeout > 0)
+	UNTIMEOUT(upap_reqtimeout, (caddr_t) u);
+}
+
+
+/*
+ * upap_rauthack - Receive Authenticate-Ack.
+ */
+static void
+upap_rauthack(u, inp, id, len)
+    upap_state *u;
+    u_char *inp;
+    int id;
+    int len;
+{
+    u_char msglen;
+    char *msg;
+
+    UPAPDEBUG((LOG_INFO, "upap_rauthack: Rcvd id %d.", id));
+    if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */
+	return;
+
+    /*
+     * Parse message.
+     */
+    if (len < sizeof (u_char)) {
+	UPAPDEBUG((LOG_INFO, "upap_rauthack: rcvd short packet."));
+	return;
+    }
+    GETCHAR(msglen, inp);
+    len -= sizeof (u_char);
+    if (len < msglen) {
+	UPAPDEBUG((LOG_INFO, "upap_rauthack: rcvd short packet."));
+	return;
+    }
+    msg = (char *) inp;
+    PRINTMSG(msg, msglen);
+
+    u->us_clientstate = UPAPCS_OPEN;
+
+    auth_withpeer_success(u->us_unit, PPP_PAP);
+}
+
+
+/*
+ * upap_rauthnak - Receive Authenticate-Nakk.
+ */
+static void
+upap_rauthnak(u, inp, id, len)
+    upap_state *u;
+    u_char *inp;
+    int id;
+    int len;
+{
+    u_char msglen;
+    char *msg;
+
+    UPAPDEBUG((LOG_INFO, "upap_rauthnak: Rcvd id %d.", id));
+    if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */
+	return;
+
+    /*
+     * Parse message.
+     */
+    if (len < sizeof (u_char)) {
+	UPAPDEBUG((LOG_INFO, "upap_rauthnak: rcvd short packet."));
+	return;
+    }
+    GETCHAR(msglen, inp);
+    len -= sizeof (u_char);
+    if (len < msglen) {
+	UPAPDEBUG((LOG_INFO, "upap_rauthnak: rcvd short packet."));
+	return;
+    }
+    msg = (char *) inp;
+    PRINTMSG(msg, msglen);
+
+    u->us_clientstate = UPAPCS_BADAUTH;
+
+    syslog(LOG_ERR, "PAP authentication failed");
+    auth_withpeer_fail(u->us_unit, PPP_PAP);
+}
+
+
+/*
+ * upap_sauthreq - Send an Authenticate-Request.
+ */
+static void
+upap_sauthreq(u)
+    upap_state *u;
+{
+    u_char *outp;
+    int outlen;
+
+    outlen = UPAP_HEADERLEN + 2 * sizeof (u_char) +
+	u->us_userlen + u->us_passwdlen;
+    outp = outpacket_buf;
+    
+    MAKEHEADER(outp, PPP_PAP);
+
+    PUTCHAR(UPAP_AUTHREQ, outp);
+    PUTCHAR(++u->us_id, outp);
+    PUTSHORT(outlen, outp);
+    PUTCHAR(u->us_userlen, outp);
+    BCOPY(u->us_user, outp, u->us_userlen);
+    INCPTR(u->us_userlen, outp);
+    PUTCHAR(u->us_passwdlen, outp);
+    BCOPY(u->us_passwd, outp, u->us_passwdlen);
+
+    output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
+
+    UPAPDEBUG((LOG_INFO, "upap_sauth: Sent id %d.", u->us_id));
+
+    TIMEOUT(upap_timeout, (caddr_t) u, u->us_timeouttime);
+    ++u->us_transmits;
+    u->us_clientstate = UPAPCS_AUTHREQ;
+}
+
+
+/*
+ * upap_sresp - Send a response (ack or nak).
+ */
+static void
+upap_sresp(u, code, id, msg, msglen)
+    upap_state *u;
+    u_char code, id;
+    char *msg;
+    int msglen;
+{
+    u_char *outp;
+    int outlen;
+
+    outlen = UPAP_HEADERLEN + sizeof (u_char) + msglen;
+    outp = outpacket_buf;
+    MAKEHEADER(outp, PPP_PAP);
+
+    PUTCHAR(code, outp);
+    PUTCHAR(id, outp);
+    PUTSHORT(outlen, outp);
+    PUTCHAR(msglen, outp);
+    BCOPY(msg, outp, msglen);
+    output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
+
+    UPAPDEBUG((LOG_INFO, "upap_sresp: Sent code %d, id %d.", code, id));
+}
+
+/*
+ * upap_printpkt - print the contents of a PAP packet.
+ */
+char *upap_codenames[] = {
+    "AuthReq", "AuthAck", "AuthNak"
+};
+
+int
+upap_printpkt(p, plen, printer, arg)
+    u_char *p;
+    int plen;
+    void (*printer) __P((void *, char *, ...));
+    void *arg;
+{
+    int code, id, len;
+    int mlen, ulen, wlen;
+    char *user, *pwd, *msg;
+    u_char *pstart;
+
+    if (plen < UPAP_HEADERLEN)
+	return 0;
+    pstart = p;
+    GETCHAR(code, p);
+    GETCHAR(id, p);
+    GETSHORT(len, p);
+    if (len < UPAP_HEADERLEN || len > plen)
+	return 0;
+
+    if (code >= 1 && code <= sizeof(upap_codenames) / sizeof(char *))
+	printer(arg, " %s", upap_codenames[code-1]);
+    else
+	printer(arg, " code=0x%x", code);
+    printer(arg, " id=0x%x", id);
+    len -= UPAP_HEADERLEN;
+    switch (code) {
+    case UPAP_AUTHREQ:
+	if (len < 1)
+	    break;
+	ulen = p[0];
+	if (len < ulen + 2)
+	    break;
+	wlen = p[ulen + 1];
+	if (len < ulen + wlen + 2)
+	    break;
+	user = (char *) (p + 1);
+	pwd = (char *) (p + ulen + 2);
+	p += ulen + wlen + 2;
+	len -= ulen + wlen + 2;
+	printer(arg, " user=");
+	print_string(user, ulen, printer, arg);
+	printer(arg, " password=");
+	print_string(pwd, wlen, printer, arg);
+	break;
+    case UPAP_AUTHACK:
+    case UPAP_AUTHNAK:
+	if (len < 1)
+	    break;
+	mlen = p[0];
+	if (len < mlen + 1)
+	    break;
+	msg = (char *) (p + 1);
+	p += mlen + 1;
+	len -= mlen + 1;
+	printer(arg, "msg=");
+	print_string(msg, mlen, printer, arg);
+	break;
+    }
+
+    /* print the rest of the bytes in the packet */
+    for (; len > 0; --len) {
+	GETCHAR(code, p);
+	printer(arg, " %.2x", code);
+    }
+
+    return p - pstart;
+}
diff --git a/usr.sbin/pppd/upap.h b/usr.sbin/pppd/upap.h
new file mode 100644
index 00000000000..9659d4dc199
--- /dev/null
+++ b/usr.sbin/pppd/upap.h
@@ -0,0 +1,93 @@
+/*
+ * upap.h - User/Password Authentication Protocol definitions.
+ *
+ * Copyright (c) 1989 Carnegie Mellon University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by Carnegie Mellon University.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * $Id: upap.h,v 1.1 1995/10/18 08:48:00 deraadt Exp $
+ */
+
+/*
+ * Packet header = Code, id, length.
+ */
+#define UPAP_HEADERLEN	(sizeof (u_char) + sizeof (u_char) + sizeof (u_short))
+
+
+/*
+ * UPAP codes.
+ */
+#define UPAP_AUTHREQ	1	/* Authenticate-Request */
+#define UPAP_AUTHACK	2	/* Authenticate-Ack */
+#define UPAP_AUTHNAK	3	/* Authenticate-Nak */
+
+
+/*
+ * Each interface is described by upap structure.
+ */
+typedef struct upap_state {
+    int us_unit;		/* Interface unit number */
+    char *us_user;		/* User */
+    int us_userlen;		/* User length */
+    char *us_passwd;		/* Password */
+    int us_passwdlen;		/* Password length */
+    int us_clientstate;		/* Client state */
+    int us_serverstate;		/* Server state */
+    u_char us_id;		/* Current id */
+    int us_timeouttime;		/* Timeout (seconds) for auth-req retrans. */
+    int us_transmits;		/* Number of auth-reqs sent */
+    int us_maxtransmits;	/* Maximum number of auth-reqs to send */
+    int us_reqtimeout;		/* Time to wait for auth-req from peer */
+} upap_state;
+
+
+/*
+ * Client states.
+ */
+#define UPAPCS_INITIAL	0	/* Connection down */
+#define UPAPCS_CLOSED	1	/* Connection up, haven't requested auth */
+#define UPAPCS_PENDING	2	/* Connection down, have requested auth */
+#define UPAPCS_AUTHREQ	3	/* We've sent an Authenticate-Request */
+#define UPAPCS_OPEN	4	/* We've received an Ack */
+#define UPAPCS_BADAUTH	5	/* We've received a Nak */
+
+/*
+ * Server states.
+ */
+#define UPAPSS_INITIAL	0	/* Connection down */
+#define UPAPSS_CLOSED	1	/* Connection up, haven't requested auth */
+#define UPAPSS_PENDING	2	/* Connection down, have requested auth */
+#define UPAPSS_LISTEN	3	/* Listening for an Authenticate */
+#define UPAPSS_OPEN	4	/* We've sent an Ack */
+#define UPAPSS_BADAUTH	5	/* We've sent a Nak */
+
+
+/*
+ * Timeouts.
+ */
+#define UPAP_DEFTIMEOUT	3	/* Timeout (seconds) for retransmitting req */
+#define UPAP_DEFREQTIME	30	/* Time to wait for auth-req from peer */
+
+
+extern upap_state upap[];
+
+void upap_init __P((int));
+void upap_authwithpeer __P((int, char *, char *));
+void upap_authpeer __P((int));
+void upap_lowerup __P((int));
+void upap_lowerdown __P((int));
+void upap_input __P((int, u_char *, int));
+void upap_protrej __P((int));
+int  upap_printpkt __P((u_char *, int,
+			void (*) __P((void *, char *, ...)), void *));