Minor updates coming in 3.2.8

[Alan DeKok]

  I've pushed changes to the v3.2.x branch:

  When there are syntax errors in unlang keywords, it now prints out a URL to the online documentation on freeradius.org <http://freeradius.org/>.  This should help people better understand the correct syntax.

  The reject_delay parameter has been updated.  Previous it always _added_ a delay.  It now enforces a _minimum_ delay.  For most people this change won't be noticeable.  If the server replies in 10 milliseconds, a reject delay of 1s will still result in a ~1s delay.

  The change mainly affects systems which are already slow. i.e. if an SQL database takes 4 seconds to return, then an Access-Reject will be sent out immediately, because 4 seconds have already passed.  If an SQL database takes 0.5s to reply, then the reject will be delayed a further 0.5s, which adds up to the configured "reject_delay = 1"

  I've also added a boolean flag  "delay_proxy_rejects".  This is off by default.  If set, it will apply the reject_delay time to proxy replies, too.

  In most cases, a proxy should just pass packets straight through, as fast as possible.  However, in some cases, the home server doesn't delay rejects (e.g. NPS).  In that situation, it's useful for a proxy to delay the reject.

  Delaying rejects prevents a large class of DoS attacks and problems with misconfigured / broken NAS equipment.

  Alan DeKok.