If the peer re-authenticates (because of option conf_interval) and pwdb
calls auth_result(), we may add the interval timer again to the session
context. This crashes accel-ppp when deleting the session, because the
interval timer is removed only once and the superfluous timers are
still running. Therefore, when removing the context, triton detects
this issue and calls abort().

To fix this, we need to detect if the session is already started and
just send a CHAP Success message in this case.
Signed-off-by: NGuillaume Nault <g.nault@alphalink.fr>

When pwdb returns PWDB_NO_IMPL and chap_recv_response() performs the
authentication itself, it delegates this task to chap_check_response().
This function sends a CHAP Failure message if it can't retrieve the
password, but not in case of password mismatch. Since
chap_recv_response() already sends a CHAP Failure message on error,
the one sent by chap_check_response() is useless.
Signed-off-by: NGuillaume Nault <g.nault@alphalink.fr>

When pwdb returns PWDB_NO_IMPL, then chap_recv_response() tries to
authenticate the peer itself. If this authentication succeeds but the
session is already started (in case of re-authentication, with option
conf_interval), no CHAP Success is sent.

This patch sends the missing CHAP Success message in this case, so that
the peer knows that its response has been received and accepted, and
that no retransmission is required.
Signed-off-by: NGuillaume Nault <g.nault@alphalink.fr>

Compiling fix for 4.15+ kernels

sstp: ipv6/unix sock & proxy protocol support

cppcheck fixes

triton: more general fix of thread wake up crash

The 'username' variable can be freed at the beginning of the function.
We have to use ppp->ses.username instead.
Signed-off-by: NGuillaume Nault <g.nault@alphalink.fr>

after commit 287adbfc gcc
still may reorder alloca() and memset() calls.
fix that with volatile access & memory barrier.

 no need to wait until timeout for non-http data (i.e https)

 almost the same as ipv4/ipv6 is accessible by anyone for
 easier access under multiple proxy effective users.

 following bind option formats are valid:
   bind=x.x.x.x
   bind=2001:db8::1
   bind=unix:/var/run/sstp.socket
   bind=unix:@sstp
 port option is meaningful for ipv4 and ipv6 only

 currently the only ssl value is supported

Let an optional route priority (aka metric) be defined in RADIUS
Framed-Route attributes.
The priority is an integer placed at the end of the route string. This
is backward compatible with the previous format and also conforms with
the recommended format defined by RFC 2865 (although we don't allow
multiple metrics).

Framed-Route format is:
<network> [<gateway> [<priority>]]

For example, 'Framed-Route = "192.0.2.0/24 203.0.113.1 8"' will let
the following route be installed (assuming 203.0.113.1 is routed
through eth0):
$ ip route show
[...]
192.0.2.0/24 via 203.0.113.1 dev eth0 metric 8

It's possible to use the unspecified gateway (0.0.0.0) if one wants to
set a priority without specifying a gateway address.

Finally, route deletion now also takes the priority into account, in
order to avoid removing a different route accidentally.
Signed-off-by: NGuillaume Nault <g.nault@alphalink.fr>

accel-cmd: add -P/--password support