.\" manual page [] for pppd 2.3
-.\" $Id: pppd.8,v 1.25 1997/03/04 03:42:25 paulus Exp $
+.\" $Id: pppd.8,v 1.27 1998/03/31 04:31:08 paulus Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
4.4BSD and NetBSD, any speed can be specified. Other systems
(e.g. SunOS) allow only a limited set of speeds.
.TP
+.B active-filter \fIfilter-expression
+Specifies a packet filter to be applied to data packets to determine
+which packets are to be regarded as link activity, and therefore reset
+the idle timer, or cause the link to be brought up in demand-dialling
+mode. This option is useful in conjunction with the
+\fBidle\fR option if there are packets being sent or received
+regularly over the link (for example, routing information packets)
+which would otherwise prevent the link from ever appearing to be idle.
+The \fIfilter-expression\fR syntax is as described for tcpdump(1),
+except that qualifiers which are inappropriate for a PPP link, such as
+\fBether\fR and \fBarp\fR, are not permitted. Generally the filter
+expression should be enclosed in single-quotes to prevent whitespace
+in the expression from being interpreted by the shell. This option
+is currently only available under NetBSD, and then only
+if both the kernel and pppd were compiled with PPP_FILTER defined.
+.TP
.B asyncmap \fI<map>
Set the async character map to <map>. This map describes which
control characters cannot be successfully received over the serial
seconds. The link is idle when no data packets (i.e. IP packets) are
being sent or received. Note: it is not advisable to use this option
with the \fIpersist\fR option without the \fIdemand\fR option.
+If the \fBactive-filter\fR
+option is given, data packets which are rejected by the specified
+activity filter also count as the link being idle.
.TP
.B ipcp-accept-local
With this option, pppd will accept the peer's idea of our local IP
Set the maximum time that pppd will wait for the peer to authenticate
itself with PAP to \fIn\fR seconds (0 means no limit).
.TP
+.B pass-filter \fIfilter-expression
+Specifies a packet filter to applied to data packets being sent or
+received to determine which packets should be allowed to pass.
+Packets which are rejected by the filter are silently discarded. This
+option can be used to prevent specific network daemons (such as
+routed) using up link bandwidth, or to provide a basic firewall
+capability.
+The \fIfilter-expression\fR syntax is as described for tcpdump(1),
+except that qualifiers which are inappropriate for a PPP link, such as
+\fBether\fR and \fBarp\fR, are not permitted. Generally the filter
+expression should be enclosed in single-quotes to prevent whitespace
+in the expression from being interpreted by the shell. Note that it
+is possible to apply different constraints to incoming and outgoing
+packets using the \fBinbound\fR and \fBoutbound\fR qualifiers. This
+option is currently only available under NetBSD, and then only if both
+the kernel and pppd were compiled with PPP_FILTER defined.
+.TP
.B persist
Do not exit after a connection is terminated; instead try to reopen
the connection.
.PP
An options file is parsed into a series of words, delimited by
whitespace. Whitespace can be included in a word by enclosing the
-word in quotes ("). A backslash (\\) quotes the following character.
+word in double-quotes ("). A backslash (\\) quotes the following character.
A hash (#) starts a comment, which continues until the end of the
line. There is no restriction on using the \fIfile\fR or \fIcall\fR
options within an options file.
.LP
Debugging can also be enabled or disabled by sending a SIGUSR1 signal
to the pppd process. This signal acts as a toggle.
-.SH FILES
-.TP
-.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others)
-Process-ID for pppd process on ppp interface unit \fIn\fR.
+.SH SCRIPTS
+Pppd invokes scripts at various stages in its processing which can be
+used to perform site-specific ancillary processing. These scripts are
+usually shell scripts, but could be executable code files instead.
+Pppd does not wait for the scripts to finish. The scripts are
+executed as root (with the real and effective user-id set to 0), so
+that they can do things such as update routing tables or run
+privileged daemons. Be careful that the contents of these scripts do
+not compromise your system's security. Pppd runs the scripts with
+standard input, output and error redirected to /dev/null, and with an
+environment that is empty except for some environment variables that
+give information about the link. The environment variables that pppd
+sets are:
+.TP
+.B DEVICE
+The name of the serial tty device being used.
+.TP
+.B IFNAME
+The name of the network interface being used.
+.TP
+.B IPLOCAL
+The IP address for the local end of the link. This is only set when
+IPCP has come up.
+.TP
+.B IPREMOTE
+The IP address for the remote end of the link. This is only set when
+IPCP has come up.
+.TP
+.B PEERNAME
+The authenticated name of the peer. This is only set if the peer
+authenticates itself.
+.TP
+.B SPEED
+The baud rate of the tty device.
+.TP
+.B UID
+The real user-id of the user who invoked pppd.
+.P
+Pppd invokes the following scripts, if they exist. It is not an error
+if they don't exist.
.TP
.B /etc/ppp/auth-up
A program or script which is executed after the remote system
.IP
\fIinterface-name peer-name user-name tty-device speed\fR
.IP
-and with its standard input, output and error redirected to
-/dev/null. This program or script is executed with the real and
-effective user-IDs set to root, and with an empty environment. (Note
-that this script is not executed if the peer doesn't authenticate
-itself, for example when the \fInoauth\fR option is used.)
+Note that this script is not executed if the peer doesn't authenticate
+itself, for example when the \fInoauth\fR option is used.
.TP
.B /etc/ppp/auth-down
A program or script which is executed when the link goes down, if
.IP
\fIinterface-name tty-device speed local-IP-address
remote-IP-address ipparam\fR
-.IP
-and with its standard input,
-output and error streams redirected to /dev/null.
-.IP
-This program or script is executed with the real and effective
-user-IDs set to root. This is so that it can be used to manipulate
-routes, run privileged daemons (e.g. \fIsendmail\fR), etc. Be
-careful that the contents of the /etc/ppp/ip-up and /etc/ppp/ip-down
-scripts do not compromise your system's security.
-.IP
-This program or script is executed with an empty environment, so you
-must either specify a PATH or use full pathnames.
.TP
.B /etc/ppp/ip-down
A program or script which is executed when the link is no longer
available for sending and receiving IP packets. This script can be
used for undoing the effects of the /etc/ppp/ip-up script. It is
invoked in the same manner and with the same parameters as the ip-up
-script, and the same security considerations apply.
+script.
.TP
.B /etc/ppp/ipx-up
A program or script which is executed when the link is available for
remote-IPX-node-address local-IPX-routing-protocol remote-IPX-routing-protocol
local-IPX-router-name remote-IPX-router-name ipparam pppd-pid\fR
.IP
-and with its standard input,
-output and error streams redirected to /dev/null.
-.br
-.IP
The local-IPX-routing-protocol and remote-IPX-routing-protocol field
may be one of the following:
.IP
NLSP to indicate that Novell NLSP should be used
.br
RIP NLSP to indicate that both RIP/SAP and NLSP should be used
-.br
-.IP
-This program or script is executed with the real and effective
-user-IDs set to root, and with an empty environment. This is so
-that it can be used to manipulate routes, run privileged daemons (e.g.
-\fIripd\fR), etc. Be careful that the contents of the /etc/ppp/ipx-up
-and /etc/ppp/ipx-down scripts do not compromise your system's
-security.
.TP
.B /etc/ppp/ipx-down
A program or script which is executed when the link is no longer
available for sending and receiving IPX packets. This script can be
used for undoing the effects of the /etc/ppp/ipx-up script. It is
invoked in the same manner and with the same parameters as the ipx-up
-script, and the same security considerations apply.
+script.
+.SH FILES
+.TP
+.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others)
+Process-ID for pppd process on ppp interface unit \fIn\fR.
.TP
.B /etc/ppp/pap-secrets
Usernames, passwords and IP addresses for PAP authentication. This