From: Paul Mackerras <paulus@samba.org>
Date: Mon, 1 Jul 1996 05:28:43 +0000 (+0000)
Subject: updated for 2.3
X-Git-Tag: RELEASE_2_3_6~392
X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=commitdiff_plain;h=4d5401a1de510cdbb89cf10bc5956774c62683be

updated for 2.3
---

diff --git a/README b/README
index 3a6243f..0a571d7 100644
--- a/README
+++ b/README
@@ -1,28 +1,28 @@
-This is the README file for ppp-2.2, a package which implements the
+This is the README file for ppp-2.3, a package which implements the
 Point-to-Point Protocol (PPP) to provide Internet connections over
 serial lines.
 
+In this first beta release, the ports for SunOS, Solaris, NetBSD and
+OSF/1 are believed to be working correctly.  The Linux port mostly
+works, but still has some known bugs.  The remaining ports haven't
+been tested extensively.  For information on the current status of the
+NeXTStep port, see http://www.thoughtport.com:8080/PPP/.
+
 
 Introduction.
 *************
 
-The Point-to-Point Protocol (PPP) provides a standard way to transmit
-datagrams over a serial link, as well as a standard way for the
-machines at either end of the link (the `peers') to negotiate various
-optional characteristics of the link.  Using PPP, a serial link can be
-used to transmit Internet Protocol (IP) datagrams, allowing TCP/IP
-connections between the peers.  PPP is defined in several RFC (Request
-For Comments) documents, in particular RFCs 1661, 1662, 1332 and 1334.
-Other RFCs describe standard ways to transmit datagrams from other
-network protocols (e.g., DECnet, OSI, Appletalk), but this package
-only supports IP.
+The Point-to-Point Protocol (PPP) provides a standard way to establish
+a network connection over a serial link.  At present, this package
+supports IP and the protocols layered above IP, such as TCP and UDP.
+The Linux port of this package also supports IPX.
 
 This software consists of two parts:
 
 - Kernel code, which establishes a network interface and passes
 packets between the serial port, the kernel networking code and the
 PPP daemon (pppd).  This code is implemented using STREAMS modules on
-SunOS 4.x, System V Release 4, AIX 4.1, and OSF/1, Solaris 2, and as a
+SunOS 4.x, Solaris 2.x, System V Release 4, and OSF/1, and as a
 line discipline under Ultrix, NextStep, NetBSD, FreeBSD, and Linux.
 
 - The PPP daemon (pppd), which negotiates with the peer to establish
@@ -45,7 +45,6 @@ files, are:
 	Ultrix 4.x			README.ultrix
 	Linux				README.linux
 	OSF/1				README.osf
-	AIX 4.x				README.aix4
 	NeXTStep			README.next
 	Solaris 2			README.sol2
 	System V Release 4		README.svr4
@@ -62,49 +61,39 @@ kernel using a `modload' facility.  On others, the kernel image has to
 be recompiled and the system rebooted.  See the README.* files for
 details.
 
+(Unfortunately, AIX 4 is no longer supported, since I don't have a
+maintainer for the AIX 4 port.  If you want to volunteer, contact me.)
 
-What is new in ppp-2.2.
-***********************
-
-* More systems are now supported:
-
-  AIX 4, thanks to Charlie Wick,
-  OSF/1 on DEC Alpha, thanks to Steve Tate (srt@zaphod.csci.unt.edu),
-  NextStep 3.2 and 3.3, thanks to Philip-Andrew Prindeville
-	(philipp@res.enst.fr) and Steve Perkins (perkins@cps.msu.edu),
-  Solaris 2,
-  System V Release 4, thanks to Joe Kelsey (joe@zircon.seattle.wa.us)
 
-in addition to NetBSD 1.0, SunOS 4.x, Ultrix 4.x, FreeBSD 2.0, and
-Linux.
+What's new in ppp-2.3.
+**********************
 
-* Packet compression has been implemented.  This version implements
-CCP (Compression Control Protocol) and the BSD-Compress compression
-scheme according to the current draft RFCs.  This means that incoming
-and outgoing packets can be compressed with the LZW scheme (same as
-the `compress' command) using a code size of up to 15 bits.
+* Demand-dialling.  Pppd now has a mode where it will establish the
+network interface immediately when it starts, but not actually bring
+the link up until it sees some data to be sent.
 
-* Some bug fixes to the LCP protocol code.  In particular, pppd now
-correctly replies with a Configure-NAK (instead of a Configure-Reject)
-if the peer asks for CHAP and pppd is willing to do PAP but not CHAP.
+* Idle timeout.  Pppd will optionally terminate the link if no data
+packets are sent or received within a certain time interval.
 
-* The ip-up and ip-down scripts are now run with the real user ID set
-to root, and with an empty environment.  Clearing the environment
-fixes a security hole.
+* Pppd now runs the /etc/ppp/auth-up script, if it exists, when the
+peer successfully authenticates itself, and /etc/ppp/auth-down when
+the connection is subsequently terminated.
 
-* The kernel code on NetBSD, FreeBSD, NextStep and Ultrix has been
-restructured to make it easier to implement PPP over devices other
-than asynchronous tty ports (for example, synchronous serial ports).
+* A new packet compression scheme, Deflate, has been implemented.
+This uses the same compression method as `gzip'.  This method is free
+of patent or copyright restrictions, and it achieves better
+compression than BSD-Compress.  It does consume more CPU cycles for
+compression than BSD-Compress, but this won't be a problem for links
+running at 100kbit/s or less.
 
-* pppd now looks at the list of interfaces in the system to determine
-what the netmask should be.  In most cases, this should eliminate the
-need to use the `netmask' option.
+* There is now no code in this distribution which is covered by Brad
+Clements' restrictive copyright notice.  The STREAMS modules for SunOS
+and OSF/1 have been rewritten, based on the Solaris 2 modules, which
+were written from scratch without any Clements code.
 
-* There is a new `papcrypt' option to pppd, which specifies that
-secrets in /etc/ppp/pap-secrets used for authenticating the peer are
-encrypted, so pppd always encrypts the peer's password before
-comparing it with the secret from /etc/ppp/pap-secrets.  This gives
-better security.
+* Pppstats has been reworked to clean up the output format somewhat.
+It also has a new -d option which displays data rate in kbyte/s for
+those columns which would normally display bytes.
 
 
 Patents.
@@ -124,20 +113,21 @@ removed from the Makefiles.
 Contacts.
 *********
 
-Bugs in the the SunOS, NetBSD and Ultrix ports and bugs in pppd, chat
-or pppstats should be reported to:
+Bugs in the the SunOS, Solaris 2, NetBSD and Ultrix ports, and bugs in
+pppd, chat or pppstats should be reported me at:
 
-	paulus@cs.anu.edu.au
-	Paul Mackerras
-	Dept. of Computer Science
-	Australian National University
-	Canberra  ACT  0200
-	AUSTRALIA
+	email:	Paul.Mackerras@cs.anu.edu.au
+
+	mail:	Dr Paul Mackerras
+		Dept. of Computer Science
+		Australian National University
+		Canberra  ACT  0200
+		AUSTRALIA
+
+	fax:	+61-6-249-0010
 
 Bugs in other ports should be reported to the maintainer for that port
-(see the appropriate README.* file) or to the above.  Unfortunately,
-Charlie Wick is not in a position to provide support for the AIX 4
-port, so if you find bugs in it, send them to me.
+(see the appropriate README.* file) or to me.
 
 Thanks to:
 
@@ -149,31 +139,17 @@ Thanks to:
 
 
 Copyrights:
+***********
 
-Most of the code can be freely used and redistributed.  The STREAMS
-code for SunOS 4.x, OSF/1 and AIX 4 is under a more restrictive
-copyright:
+All of the code can be freely used and redistributed.
 
-	This code is Copyright (C) 1989, 1990 By Brad K. Clements, 
-	All Rights Reserved.
 
-	You may use this code for your personal use, to provide a non-profit
-	service to others, or to use as a test platform for a commercial
-	implementation.
+Distribution:
+*************
 
-	You may NOT use this code in a commercial product, nor to provide a 
-	commercial service, nor may you sell this code without express
-	written permission of the author.
+The primary site for releases of this software is:
 
-	Otherwise, Enjoy!
+	ftp://cs.anu.edu.au/pub/software/ppp/
 
-This copyright applies to (parts of) the following files:
 
-	sunos/ppp_async.c
-	sunos/ppp_if.c
-	aix4/ppp_async.c
-	aix4/ppp_if.c
-	net/ppp_str.h
-	pppd/sys-str.c
-	pppd/sys-osf.c
-	pppd/sys-aix4.c
+($Id: README,v 1.5 1996/07/01 05:27:42 paulus Exp $)
diff --git a/README.MSCHAP80 b/README.MSCHAP80
new file mode 100644
index 0000000..95f01ea
--- /dev/null
+++ b/README.MSCHAP80
@@ -0,0 +1,232 @@
+PPP Client Support for Microsoft's CHAP-80
+==========================================
+
+Eric Rosenquist          rosenqui@strataware.com
+(updated by Paul Mackerras)
+
+INTRODUCTION
+
+Microsoft has introduced an extension to the Challenge/Handshake
+Authentication Protocol (CHAP) which avoids storing cleartext
+passwords on a server.  (Unfortunately, this is not as secure as it
+sounds, because the encrypted password stored on a server can be used
+by a bogus client to gain access to the server just as easily as if
+the password were stored in cleartext.)  The details of the Microsoft
+extensions can be found in the document:
+
+    <ftp://ftp.microsoft.com/developr/rfc/chapexts.txt>
+
+In short, MS-CHAP is identified as <auth chap 80> since the hex value
+of 80 is used to designate Microsoft's scheme.  Standard PPP CHAP uses
+a value of 5.  If you enable PPP debugging with the "debug" option and
+see something like the following in your logs, the remote server is
+requesting MS-CHAP:
+
+  rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <auth chap 80> <magic 0x46a3>]
+                                           ^^^^^^^^^^^^
+
+The standard pppd implementation will indicate its lack of support for
+MS-CHAP by NAKing it:
+
+  sent [LCP ConfNak id=0x2 <auth chap 05>]
+
+Windows NT Server systems are often configured to "Accept only
+Microsoft Authentication" (this is intended to enhance security).  Up
+until now, that meant that you couldn't use this version of PPPD to
+connect to such a system.  I've managed to get a client-only
+implementation of MS-CHAP working; it will authenticate itself to
+another system using MS-CHAP, but if you're using PPPD as a dial-in
+server, you won't be able to use MS-CHAP to authenticate the clients.
+This would not be a lot of extra work given that the framework is in
+place, but I didn't need it myself so I didn't implement it.
+
+
+BUILDING THE PPPD
+
+MS-CHAP uses a combination of MD4 hashing and DES encryption for
+authentication.  You'll need to get Eric Young's libdes library in
+order to use my MS-CHAP extensions.  You can find it in:
+
+ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.psy.uq.oz.au/DES/libdes-3.06.tar.gz
+
+Australian residents can get libdes from Eric Young's site:
+
+ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-3.06.tar.gz
+
+It is also available on many other sites (ask Archie).
+
+I used libdes-3.06, but hopefully anything newer than that will work
+also.  Get the library, build and test it on your system, and install
+it somewhere (typically /usr/local/lib and /usr/local/include).
+
+You should now be ready to (re)compile the PPPD.  Go to the pppd
+subdirectory and make sure the Makefile contains "-DCHAPMS" in the
+CFLAGS or COMPILE_FLAGS macro, and that the LIBS macro (or LDADD for
+BSD systems) contains "-ldes".  Depending on your system and where the
+DES library was installed, you may also need to alter the include and
+library paths used by your compiler.
+
+Do a "make clean" and then a "make" to rebuild pppd.  Assuming all
+goes well, install the new pppd and move on to the CONFIGURATION
+section.
+
+
+CONFIGURATION
+
+If you've never used PPPD with CHAP before, read the man page (type
+"man pppd") and read the description in there.  Basically, you need to
+edit the "chap-secrets" file typically named /etc/ppp/chap-secrets.
+This should contain the following two lines for each system with which
+you use CHAP (with no leading blanks):
+
+    RemoteHost  Account     Secret
+    Account     RemoteHost  Secret
+
+Note that you need both lines and that item 1 and 2 are swapped in the
+second line.  I'm not sure why you need it twice, but it works and I didn't
+have time to look into it further.  The "RemoteHost" is a somewhat
+arbitrary name for the remote Windows NT system you're dialing.  It doesn't
+have to match the NT system's name, but it *does* have to match what you
+use with the "remotename" parameter.  The "Account" is the Windows NT
+account name you have been told to use when dialing, and the "Secret" is
+the password for that account.  For example, if your service provider calls
+their machine "DialupNT" and tells you your account and password are
+"customer47" and "foobar", add the following to your chap-secrets file:
+
+    DialupNT    customer47  foobar
+    customer47  DialupNT    foobar
+
+The only other thing you need to do for MS-CHAP (compared to normal CHAP)
+is to always use the "remotename" option, either on the command line or in
+your "options" file (see the pppd man page for details).  In the case of
+the above example, you would need to use the following command line:
+
+    pppd name customer47 remotename DialupNT <other options>
+
+or add:
+
+    name customer47
+    remotename DialupNT
+
+to your PPPD "options" file.
+
+The "remotename" option is required for MS-CHAP since Microsoft PPP servers
+don't send their system name in the CHAP challenge packet.
+
+
+TROUBLESHOOTING
+
+Assuming that everything else has been configured correctly for PPP and
+CHAP, the MS-CHAP-specific problems you're likely to encounter are mostly
+related to your Windows NT account and its settings.  A Microsoft server
+returns error codes in its CHAP response.  The following are extracted from
+Microsoft's "chapexts.txt" file referenced above:
+
+ 646 ERROR_RESTRICTED_LOGON_HOURS
+ 647 ERROR_ACCT_DISABLED
+ 648 ERROR_PASSWD_EXPIRED
+ 649 ERROR_NO_DIALIN_PERMISSION
+ 691 ERROR_AUTHENTICATION_FAILURE
+ 709 ERROR_CHANGING_PASSWORD
+
+You'll see these in your pppd log as a line similar to:
+
+   Remote message: E=649 R=0
+
+The "E=" is the error number from the table above, and the "R=" flag
+indicates whether the error is transient and the client should retry.  If
+you consistently get error 691, then either you're using the wrong account
+name/password, or the DES library or MD4 hashing (in md4.c) aren't working
+properly.  Verify your account name and password (use a Windows NT or
+Windows 95 system to dial-in if you have one available).  If that checks
+out, test the DES library with the "destest" program included with the DES
+library.  If DES checks out, the md4.c routines are probably failing
+(system byte ordering may be a problem) or my code is screwing up.  I've
+only got access to a Linux system, so you're on your own for anything else.
+
+If everything compiles cleanly, but fails at authentication time, then
+it might be a case of the MD4 or DES code screwing up.  The following
+small program can be used to test the MS-CHAP code to see if it
+produces a known response:
+
+-----------------
+#include <stdio.h>
+
+#include "pppd.h"
+#include "chap.h"
+#include "chap_ms.h"
+
+int main(argc, argv)
+    int     argc;
+    char    *argv[0];
+{
+    u_char          challenge[8];
+    int             challengeInt[sizeof(challenge)];
+    chap_state      cstate;
+    int             i;
+
+    if (argc != 3) {
+        fprintf(stderr, "Usage: %s <16-hexchar challenge> <password>\n",
+        argv[0]); exit(1);
+    }
+
+    sscanf(argv[1], "%2x%2x%2x%2x%2x%2x%2x%2x",
+           challengeInt + 0, challengeInt + 1, challengeInt + 2,
+           challengeInt + 3, challengeInt + 4, challengeInt + 5,
+           challengeInt + 6, challengeInt + 7);
+
+    for (i = 0; i < sizeof(challenge); i++)
+        challenge[i] = (u_char)challengeInt[i];
+
+    ChapMS(&cstate, challenge, sizeof(challenge), argv[2], strlen(argv[2]));
+    printf("Response length is %d, response is:", cstate.resp_length);
+
+    for (i = 0; i < cstate.resp_length; i++) {
+        if (i % 8 == 0)
+            putchar('\n');
+        printf("%02X ", (unsigned int)cstate.response[i]);
+    }
+
+    putchar('\n');
+
+    exit(0);
+}
+-------------
+
+This needs to link against chap_ms.o, md4.o, and the DES library.  When 
+you run it with the command line:
+
+ $ testchap 00000000000000000000000000000000 hello
+
+it should output the following:
+
+ Response length is 49, response is:
+ 00 00 00 00 00 00 00 00
+ 00 00 00 00 00 00 00 00
+ 00 00 00 00 00 00 00 00
+ F4 D9 9D AF 82 64 DC 3C
+ 53 F9 BC 92 14 B5 5D 9E
+ 78 C4 21 48 9D B7 A8 B4
+ 01
+
+if not, then either the DES library is not working, the MD4 code isn't 
+working, or there are some problems with the port of the code in 
+chap_ms.c.
+
+
+STILL TO DO
+
+A site using only MS-CHAP to authenticate has no need to store cleartext
+passwords in the "chap-secrets" file.  A utility that spits out the ASCII
+hex MD4 hash of a given password would be nice, and would allow that hash
+to be used in chap-secrets in place of the password.  The code to do this
+could quite easily be lifted from chap_ms.c (you have to convert the
+password to Unicode before hashing it).  The chap_ms.c file would also have
+to be changed to recognize a password hash (16 binary bytes == 32 ASCII hex
+characters) and skip the hashing stage.
+
+A server implementation would allow MS-CHAP to be used with Windows NT and
+Windows 95 clients for enhanced security.  Some new command-line options
+would be required, as would code to generate the Challenge packet and
+verify the response.  Most of the helper functions are in place, so this
+shouldn't be too hard for someone to add.
diff --git a/README.bsd b/README.bsd
index a45abb3..b5a961a 100644
--- a/README.bsd
+++ b/README.bsd
@@ -1,9 +1,10 @@
-Installation instructions for installing ppp-2.2.1 on FreeBSD and
+Installation instructions for installing ppp-2.3 on FreeBSD and
 NetBSD systems.
 
-This package supports NetBSD-1.1, NetBSD-1.0, FreeBSD-2.0, and
-FreeBSD-1.1.5.1.  It should work on later systems.  Modloading is not
-yet supported.
+This package supports NetBSD-current, NetBSD-1.1, NetBSD-1.0, and
+FreeBSD-2.0.  (The code hasn't been tested under NetBSD-current or
+FreeBSD at this stage.)  Modloading is not supported.  I have code
+which may work on earlier systems; contact me if you need it.
 
 To install PPP, you need to rebuild your kernel to include the latest
 version of the PPP driver, as well as compiling and installing the
@@ -13,14 +14,14 @@ reboot with the new kernel (you'll have to reboot with the new kernel
 before you can run them, of course).
 
 The following commands should compile and install the user-level
-applications (in the ppp-2.2.1 directory):
+applications (in the ppp-2.3b1 directory):
 
 	./configure
 	make
 	make install		(you need to be root for this)
 
 The process of updating the kernel source files is now largely
-automated.  In the ppp-2.2.1 directory, issue the command:
+automated.  In the ppp-2.3b1 directory, issue the command:
 
 	make kernel
 
@@ -39,40 +40,50 @@ You need to update several files in the /sys/net directory, and patch
 some other files under /sys.  The details depend on which operating
 system you're running.
 
-NetBSD-1.1.
-===========
 
-Copy the following files to /sys/net:
-
-	net/ppp-comp.h
-	netbsd-1.1/if_ppp.c
-	netbsd-1.1/ppp_tty.c
-
-
-NetBSD-1.0.
-===========
+NetBSD.
+=======
 
 Copy the following files to /sys/net:
 
 	net/if_ppp.h
 	net/ppp-comp.h
 	net/ppp_defs.h
-	netbsd-1.0/bsd-comp.c
-	netbsd-1.0/if_ppp.c
-	netbsd-1.0/if_pppvar.h
-	netbsd-1.0/netisr.h
-	netbsd-1.0/ppp_tty.c
-	netbsd-1.0/slcompress.c
-	netbsd-1.0/slcompress.h
-
-You then need to patch /sys/conf/files and /sys/conf/files.newconf
-using the commands:
-
-	patch -p -N -d /sys/conf <netbsd-1.0/files.patch
-	patch -p -N -d /sys/conf <netbsd-1.0/files.newconf.patch
-
-The next step is to patch the file containing the code which
-dispatches software interrupts.  Unfortunately, this code is in the
+	netbsd-1.1/bsd-comp.c
+	netbsd-1.1/if_ppp.c
+	netbsd-1.1/if_pppvar.h
+	netbsd-1.1/ppp-deflate.c
+	netbsd-1.1/ppp_tty.c
+	netbsd-1.1/slcompress.c
+	netbsd-1.1/slcompress.h
+	common/zlib.c
+	common/zlib.h
+
+You may need to edit /sys/conf/files to make sure it contains entries
+for if_ppp.c, ppp_tty.c, bsd-comp.c, ppp-deflate.c and zlib.c.
+Depending on whether your port uses the old-style or new-style config
+files, these entries will look like this (new-style):
+
+	file net/if_ppp.c		ppp		needs-count
+	file net/ppp_tty.c		ppp
+	file net/bsd-comp.c		ppp
+	file net/ppp-deflate.c		ppp
+	file net/zlib.c			ppp
+
+or this (old-style):
+
+	net/if_ppp.c		optional ppp device-driver
+	net/ppp_tty.c		optional ppp
+	net/bsd-comp.c		optional ppp
+	net/ppp-deflate.c	optional ppp
+	net/zlib.c		optional ppp
+
+If you use config.old or config.new, you will need to edit
+/sys/conf/files.oldconf or /sys/conf/files.newconf respectively.
+
+For NetBSD-1.0, if you have not previously had ppp-2.2 installed, you
+will need to patch the file containing the code which dispatches
+software interrupts.  Unfortunately, this code is in the
 architecture-dependent files, so the file to patch depends on which
 NetBSD port you are using:
 
@@ -91,6 +102,11 @@ To do the patch, you would use a command something like this:
 
 	patch -p -d /sys/arch/i386/isa <netbsd-1.0/arch/i386/icu.s.patch
 
+You also need to make sure that there is a line like this in
+/sys/net/netisr.h:
+
+#define	NETISR_PPP	26		/* for PPP processing */
+
 
 FreeBSD-2.0.
 ============
@@ -103,42 +119,22 @@ Copy the following files to /sys/net:
 	freebsd-2.0/bsd-comp.c
 	freebsd-2.0/if_ppp.c
 	freebsd-2.0/if_pppvar.h
+	freebsd-2.0/ppp-deflate.c
 	freebsd-2.0/ppp_tty.c
 	freebsd-2.0/pppcompress.c
 	freebsd-2.0/pppcompress.h
+	common/zlib.c
+	common/zlib.h
 
-You then need to patch /sys/conf/files using the command:
-
-	patch -p -N -d /sys/conf <freebsd-2.0/files.patch
-
-
-FreeBSD-1.1.5.1.
-================
-
-Copy the following files to /sys/net:
-
-	net/if_ppp.h
-	net/ppp-comp.h
-	net/ppp_defs.h
-	freebsd-old/bsd-comp.c
-	freebsd-old/if_ppp.c
-	freebsd-old/if_pppvar.h
-	freebsd-old/ppp_tty.c
-	freebsd-old/slcompress.c
-	freebsd-old/slcompress.h
-
-You then need to patch /sys/conf/files using the command:
-
-	patch -p -N -d /sys/conf <freebsd-old/files.patch
-
-Then patch /sys/net/netisr.h with the command:
-
-	patch -p -N -d /sys/net <freebsd-old/netisr.h.patch
-
-The next step is to patch the file containing the code which
-dispatches software interrupts with the following command:
+You then need to edit /sys/conf/files to make sure it contains entries
+for if_ppp.c, ppp_tty.c, bsd-comp.c, ppp-deflate.c and zlib.c.  These
+entries should look like this:
 
-	patch -p -N -d /sys/i386/isa <freebsd-old/icu.s.patch
+	net/if_ppp.c		optional ppp device-driver
+	net/ppp_tty.c		optional ppp
+	net/bsd-comp.c		optional ppp
+	net/ppp-deflate.c	optional ppp
+	net/zlib.c		optional ppp
 
 
 Configuring and making the new kernel.
@@ -153,11 +149,11 @@ If it doesn't, add one.  The `2' is the number of ppp interfaces to
 configure, that is, the maximum number of simultaneous ppp connections
 you will be able to have; change it as required.
 
-Next, run config or config.new in the directory containing the
-configuration file, giving the configuration file name as an argument.
-Then cd to the compilation directory and make the kernel.  For the
-i386 port of NetBSD, with a configuration file called CONF, this
-involves the following commands:
+Next, run config (or config.old or config.new) in the directory
+containing the configuration file, giving the configuration file name
+as an argument.  Then cd to the compilation directory and make the
+kernel.  For the i386 port of NetBSD, with a configuration file called
+CONF, this involves the following commands:
 
 	cd /sys/arch/i386/conf
 	/usr/sbin/config CONF
diff --git a/README.sol2 b/README.sol2
index 7420ee9..bc24f1f 100644
--- a/README.sol2
+++ b/README.sol2
@@ -1,4 +1,4 @@
-This file describes the installation process for ppp-2.2 on systems
+This file describes the installation process for ppp-2.3 on systems
 running Solaris 2.  The Solaris 2 and SVR4 ports share a lot of code
 but are not identical.  The STREAMS kernel modules and driver for
 Solaris 2 are in the svr4 directory (and use some code from the
diff --git a/README.sunos4 b/README.sunos4
index e6d4b20..b388f2d 100644
--- a/README.sunos4
+++ b/README.sunos4
@@ -1,10 +1,10 @@
-This file describes the installation process for ppp-2.2 on systems
-running SunOS 4.x (or the equivalent).
+This file describes the installation process for ppp-2.3 on systems
+running SunOS 4.1.x (or the equivalent).
 
 The STREAMS modules in the sunos4 directory provide kernel support for
-PPP on SunOS 4.x systems.  They have been tested under SunOS 4.1.3 on
-a SparcStation 1+.  They should work under earlier SunOS 4.x systems,
-but no guarantees are given.
+PPP on SunOS 4.1.x systems.  They have been tested under SunOS 4.1.3
+on a SparcStation 1+.  They should work under earlier SunOS 4.1.x
+systems, but no guarantees are given.
 
 These modules are designed to be loaded into the running kernel using
 the `modload' command.
@@ -19,8 +19,8 @@ kernel modules.
 	./configure
 	make
 
-2. Install the pppd, pppstats chat programs and the loadable module
-object files (you need to be root to do this):
+2. Install the pppd, pppstats and chat programs and the loadable
+module object files (you need to be root to do this):
 
 	make install
 
@@ -45,3 +45,7 @@ and then create a /dev/ppp.AUTOLOAD file with the command
 
 	touch /dev/ppp.AUTOLOAD
 
+It is not advisable to unload the "if_ppp" module, because it creates
+network interface units, and SunOS does not provide any way to destroy
+network interfaces once created.  If you do unload it, the system will
+probably crash at some later stage.
diff --git a/README.svr4 b/README.svr4
index b67c14f..0f1dea7 100644
--- a/README.svr4
+++ b/README.svr4
@@ -1,4 +1,4 @@
-This file describes the installation process for ppp-2.2 on systems
+This file describes the installation process for ppp-2.3 on systems
 running standard System V Release 4 and using the Lachman TCP/IP
 protocol code.  The STREAMS kernel modules and driver for SVR4 are in
 the svr4 directory (and use some code from the modules directory).
diff --git a/README.ultrix b/README.ultrix
index 36d2f30..acc92a7 100644
--- a/README.ultrix
+++ b/README.ultrix
@@ -2,8 +2,8 @@
 Installing PPP on an Ultrix system requires rebuilding the kernel and
 rebooting, in addition to making and installing the pppd and chat
 programs.  These instructions apply to RISC (MIPS) systems.  This
-software has been tested under Ultrix 4.4; it should also work under
-Ultrix 4.2 or 4.3.
+software should work under Ultrix 4.2, 4.3 or 4.4 (this release has
+not been tested yet).
 
 
 Kernel installation procedure.
@@ -67,22 +67,18 @@ of your old /vmunix in / under a different name.
 
 ********
 
-If you have ppp-2.1.2 or earlier already installed in your kernel,
-some files will already have been modified as required.  The files
-which still need to be modified are:
+If you have ppp-2.2 already installed in your kernel, most files will
+already have been modified as required.  You will need to add some
+entries to /usr/sys/conf/mips/files.mips.  You can do this with a
+command like this (as root):
 
-	/usr/sys/net/net/netisr.h
-	/usr/sys/net/net/conf_net.c
-	/usr/sys/conf/mips/files.mips
+	patch -p -N <ultrix/upgrade
 
-The file ultrix/upgrade is a patch file to modify these files.  The
-upgrade procedure is much the same as the installation procedure
-described above, except that you use ultrix/upgrade in step 2 instead
-of ultrix/patches, and step 4 should already have been done.
+Alternatively, edit /usr/sys/conf/mips/files.mips according to the
+differences shown in ultrix/upgrade.
 
-Earlier versions of ppp-2.x replaced if.o with a modified version.
-This version does not need the modifications, so you can use either
-the original or the modified version.
+Then, proceed with steps 3, 5, 6, 7 above (step 4 should have been
+done already).
 
 
 Installing pppd and chat.
@@ -114,11 +110,9 @@ and
 	and also RO Komm. & Konsult
 	email: robert@robur.slu.se
 
-It was updated to ppp-2.2 by
+It was updated to ppp-2.3 by
 
 	Paul Mackerras
 	Dept. of Computer Science
 	Australian National University
 	paulus@cs.anu.edu.au
-
-(with some assistance from Per Sundstrom).