+- Fix "clear counters".
+- Log "Accepted connection to CLI" at 4 when connection is from localhost
+ to reduce noise in logs.
+- Show time since last counter reset in "show counters".
+- Remove "save_state" option. Not maintained anymore; use clustering
+ to retain state across restarts.
+- Ensure that sessionkill is not called on an unopened session (borks
+ the freelist).
+- Bump MAXSESSION to 60K.
+- Fix off-by-one errors in session/tunnel initialisation and
+ sessiont <-> sessionidt functions.
+- Use session[s].opened consistently when checking for in-use sessions
+ (rather than session[s].tunnel).
+- Use <= cluster_highest_sessionid rather than < MAXSESSION in a
+ couple of loops.
+- Don't kill a whole tunnel if we're out of sessions.
+- Change session[s].ip to 0 if set from RADIUS to 255.255.255.254;
+ avoids the possibility that it will be interpreted as a valid IP
+ address.
+- Avoid a possible buffer overflow in processpap.
+- Kill session if authentication was rejected.
+- Simplify AVP unhiding code.
+- Add optional "username" parameter to ungarden control, allowing the
+ username to be reset before going online.
+- Add result/error codes and message to StopCCN when shutting down tunnels.
+- Add result/error codes to CDN when shutting down sessions. Sends 2/7
+ (general error, try another LNS) when out of IP addresses, and 3
+ (adminstrative) for everything else (suggestion from Chris Gates).
+- Only send RADIUS stop record in sessionshutdown when there's an ip address.
+- Reset .die on master takeover (so that dying sessions don't have to
+ hang around until the new master has the same uptime as the old one).
+- Update .last_packet in cluster_handle_bytes only when there have
+ been bytes received from the modem (dead sessions were having the
+ idle timeout reset by stray packets).
+- Use cli_error() for error messages and help.
+- Add a Cisco-Avpair with intercept details to RADIUS Start/Stop
+ records.
+- Don't use LOG() macro in initdata() until the config struct has been
+ allocated (uses config->debug).
+- Initialise log_stream to stderr to catch errors before the config file
+ is read.
+- Fix leak in session freelist when initial RADIUS session allocation
+ fails.
+- Don't process C_LASTSEEN unless we're a master (otherwise a crashed
+ master kills all slaves once restarted).
+- Make "show running-config" a privileged command (contains clear text
+ shared secrets).
+- Add sessionctl plugin to provide drop/kill via nsctl.