+* Sun May 22 2005 Brendan O'Dea <bod@optusnet.com.au> 2.0.21
+- Cluster changes from Michael, intended to prevent a stray master
+ from trashing a cluster:
+ + Ignore heartbeats from peers claiming to be the master before the
+ timeout on the old master has expired.
+ + A master receiving a stray heartbeat sends a unicast HB back, which
+ should cause the rogue to die due to the tie-breaker code.
+ + Keep probing the master for late heartbeats.
+ + Drop BGP as soon as we become master with peers (TODO: pre-emptively
+ drop routes if the master is late and we are the best candidate).
+ + Any PING seen from a master forces an election (rather than just
+ where basetime is zero).
+ + A slave which receives a LASTSEEN message (presumably a restarted
+ master) sends back a ping, indicating that it's not the master.
+
+* Mon May 16 2005 Brendan O'Dea <bod@optusnet.com.au> 2.0.20
+- Add handling of "throttle=N" RADIUS attributes.
+- Fix RADIUS indexing (should have 16K entries with 64 sockets).
+
+* Sat May 7 2005 Brendan O'Dea <bod@optusnet.com.au> 2.0.19
+- Fix leak in session freelist when initial RADIUS session allocation
+ fails.
+
+* Tue May 3 2005 Brendan O'Dea <bod@optusnet.com.au> 2.0.18
+- Add a Cisco-Avpair with intercept details to RADIUS Start/Stop
+ records.
+
+* Mon May 2 2005 Brendan O'Dea <bod@optusnet.com.au> 2.0.17
+- Only send RADIUS stop record in sessionshutdown when there's an ip address.
+- Reset .die on master takeover (so that dying sessions don't have to
+ hang around until the new master has the same uptime as the old one).
+- Update .last_packet in cluster_handle_bytes only when there have
+ been bytes received from the modem (dead sessions were having the
+ idle timeout reset by stray packets).
+
+* Mon Feb 14 2005 Brendan O'Dea <bod@optusnet.com.au> 2.0.16
+- Ensure that sessionkill is not called on an unopened session (borks
+ the freelist).
+- Bump MAXSESSION to 60K.
+- Fix off-by-one errors in session/tunnel initialisation and
+ sessiont <-> sessionidt functions.
+- Use session[s].opened consistently when checking for in-use sessions
+ (rather than session[s].tunnel).
+- Use <= cluster_highest_sessionid rather than < MAXSESSION in a
+ couple of loops.
+- Don't kill a whole tunnel if we're out of sessions.
+- Change session[s].ip to 0 if set from RADIUS to 255.255.255.254;
+ avoids the possibility that it will be interpreted as a valid IP
+ address.
+- Avoid a possible buffer overflow in processpap.
+- Kill session if authentication was rejected.
+
+* Thu Jan 13 2005 Brendan O'Dea <bod@optusnet.com.au> 2.0.15
+- More DoS prevention: add packet_limit option to apply a hard limit
+ to downstream packets per session.
+- Fix "clear counters".
+- Log "Accepted connection to CLI" at 4 when connection is from localhost
+ to reduce noise in logs.
+- Show time since last counter reset in "show counters".
+