X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fpppd.8;h=359403df549f0d1919e4e4086efda47107aa9838;hb=df7501b15fe4ed7f6674acde69dd8f51c5e16b82;hp=67b5d3299378461a390d66daaf1f3038b2bd3e81;hpb=2e53641535da26bf8c3c424172758ed81d908581;p=ppp.git diff --git a/pppd/pppd.8 b/pppd/pppd.8 index 67b5d32..359403d 100644 --- a/pppd/pppd.8 +++ b/pppd/pppd.8 @@ -1,5 +1,5 @@ .\" manual page [] for pppd 2.3 -.\" $Id: pppd.8,v 1.46 1999/08/24 05:31:10 paulus Exp $ +.\" $Id: pppd.8,v 1.51 1999/12/23 01:29:11 paulus Exp $ .\" SH section heading .\" SS subsection heading .\" LP paragraph @@ -93,17 +93,6 @@ but will be unable to request the modem stop sending to the computer. This mode retains the ability to use DTR as a modem control line. .TP -.B cdtrcts -Use a non-standard hardware flow control (i.e. DTR/CTS) to control -the flow of data on the serial port. If neither the \fIcrtscts\fR, -the \fInocrtscts\fR, the \fIcdtrcts\fR nor the \fInocdtrcts\fR -option is given, the hardware flow control setting for the serial -port is left unchanged. -Some serial ports (such as Macintosh serial ports) lack a true -RTS output. Such serial ports use this mode to implement true -bi-directional flow control. The sacrifice is that this flow -control mode does not permit using DTR as a modem control line. -.TP .B defaultroute Add a default route to the system routing tables, using the peer as the gateway, when IPCP negotiation is successfully completed. @@ -184,7 +173,10 @@ omitted. The identifier must be specified in standard ascii notation of IPv6 addresses (e.g. ::dead:beef). If the \fIipv6cp-use-ipaddr\fR option is given, the local identifier is the local IPv4 address (see above). -Otherwise the identifier is randomized. +On systems which supports a unique persistent id, such as EUI-48 derived +from the Ethernet MAC address, \fIipv6cp-use-persistent\fR option can be +used to replace the \fIipv6 ,\fR option. Otherwise the +identifier is randomized. .TP .B active-filter \fIfilter-expression Specifies a packet filter to be applied to data packets to determine @@ -202,6 +194,12 @@ in the expression from being interpreted by the shell. This option is currently only available under NetBSD, and then only if both the kernel and pppd were compiled with PPP_FILTER defined. .TP +.B allow-ip \fIaddress(es) +Allow peers to use the given IP address or subnet without +authenticating themselves. The parameter is parsed as for each +element of the list of allowed IP addresses in the secrets files (see +the AUTHENTICATION section below). +.TP .B bsdcomp \fInr,nt Request that the peer compress packets that it sends, using the BSD-Compress scheme, with a maximum code size of \fInr\fR bits, and @@ -214,6 +212,17 @@ Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables compression in the corresponding direction. Use \fInobsdcomp\fR or \fIbsdcomp 0\fR to disable BSD-Compress compression entirely. .TP +.B cdtrcts +Use a non-standard hardware flow control (i.e. DTR/CTS) to control +the flow of data on the serial port. If neither the \fIcrtscts\fR, +the \fInocrtscts\fR, the \fIcdtrcts\fR nor the \fInocdtrcts\fR +option is given, the hardware flow control setting for the serial +port is left unchanged. +Some serial ports (such as Macintosh serial ports) lack a true +RTS output. Such serial ports use this mode to implement true +bi-directional flow control. The sacrifice is that this flow +control mode does not permit using DTR as a modem control line. +.TP .B chap-interval \fIn If this option is given, pppd will rechallenge the peer every \fIn\fR seconds. @@ -226,6 +235,14 @@ Set the maximum number of CHAP challenge transmissions to \fIn\fR Set the CHAP restart interval (retransmission timeout for challenges) to \fIn\fR seconds (default 3). .TP +.B connect-delay \fIn +Wait for up \fIn\fR milliseconds after the connect script finishes for +a valid PPP packet from the peer. At the end of this time, or when a +valid PPP packet is received from the peer, pppd will commence +negotiation by sending its first LCP packet. The default value is +1000 (1 second). This wait period only applies if the \fBconnect\fR +or \fBpty\fR option is used. +.TP .B debug Enables connection debugging facilities. If this option is given, pppd will log the contents of all @@ -283,7 +300,7 @@ to the peer. This option is privileged. .TP .B hide-password When logging the contents of PAP packets, this option causes pppd to -exclude the password string from the log. +exclude the password string from the log. This is the default. .TP .B holdoff \fIn Specifies how many seconds to wait before re-initiating the link after @@ -418,6 +435,13 @@ transmitted packets be printed. On most systems, messages printed by the kernel are logged by syslog(1) to a file as directed in the /etc/syslog.conf configuration file. .TP +.B ktune +Enables pppd to alter kernel settings as appropriate. Under Linux, +pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward +to 1) if the \fIproxyarp\fR option is used, and will enable the +dynamic IP address option (i.e. set /proc/sys/net/ipv4/ip_dynaddr to +1) in demand mode if the local address changes. +.TP .B lcp-echo-failure \fIn If this option is given, pppd will presume the peer to be dead if \fIn\fR LCP echo-requests are sent without receiving a valid LCP @@ -599,6 +623,10 @@ Disable the IPXCP and IPX protocols. This option should only be required if the peer is buggy and gets confused by requests from pppd for IPXCP negotiation. .TP +.B noktune +Opposite of the \fIktune\fR option; disables pppd from changing system +settings. +.TP .B nolog Do not send log messages to a file or file descriptor. This option cancels the \fBlogfd\fR and \fBlogfile\fR options. @@ -686,6 +714,10 @@ the kernel and pppd were compiled with PPP_FILTER defined. Do not exit after a connection is terminated; instead try to reopen the connection. .TP +.B plugin \fIfilename +Load the shared library object file \fIfilename\fR as a plugin. This +is a privileged option. +.TP .B predictor1 Request that the peer compress frames that it sends using Predictor-1 compression, and agree to compress transmitted frames with Predictor-1 @@ -711,7 +743,9 @@ rather than a specific terminal device. Pppd will allocate itself a pseudo-tty master/slave pair and use the slave as its terminal device. The \fIscript\fR will be run in a child process with the pseudo-tty master as its standard input and output. An explicit -device name may not be given if this option is used. +device name may not be given if this option is used. (Note: if the +\fIrecord\fR option is used in conjuction with the \fIpty\fR option, +the child process will have pipes on its standard input and output.) .TP .B receive-all With this option, pppd will accept all control characters from the @@ -749,6 +783,10 @@ Handshake Authentication Protocol] authentication. Require the peer to authenticate itself using PAP [Password Authentication Protocol] authentication. .TP +.B show-password +When logging the contents of PAP packets, this option causes pppd to +show the password string in the log message. +.TP .B silent With this option, pppd will not transmit LCP packets to initiate a connection until a valid LCP packet is received from the peer (as for @@ -775,7 +813,9 @@ the \fIname\fR option). This option is not normally needed since the .B usepeerdns Ask the peer for up to 2 DNS server addresses. The addresses supplied by the peer (if any) are passed to the /etc/ppp/ip-up script in the -environment variables DNS1 and DNS2. +environment variables DNS1 and DNS2. In addition, pppd will create an +/etc/ppp/resolv.conf file containing one or two nameserver lines with +the address(es) supplied by the peer. .TP .B user \fIname Sets the name used for authenticating the local system to the peer to @@ -907,15 +947,7 @@ may use when connecting to the specified server. A secrets file is parsed into words as for a options file, so the client name, server name and secrets fields must each be one word, with any embedded spaces or other special characters quoted or -escaped. Any following words on the same line are taken to be a list -of acceptable IP addresses for that client. If there are only 3 words -on the line, or if the first word is "-", then all IP addresses are -disallowed. To allow any address, use "*". -A word starting with "!" indicates that the -specified address is \fInot\fR acceptable. An address may be followed -by "/" and a number \fIn\fR, to indicate a whole subnet, i.e. all -addresses which have the same value in the most significant \fIn\fR -bits. Note that case is significant in the client and server names +escaped. Note that case is significant in the client and server names and in the secret. .LP If the secret starts with an `@', what follows is assumed to be the @@ -923,6 +955,19 @@ name of a file from which to read the secret. A "*" as the client or server name matches any name. When selecting a secret, pppd takes the best match, i.e. the match with the fewest wildcards. .LP +Any following words on the same line are taken to be a list of +acceptable IP addresses for that client. If there are only 3 words on +the line, or if the first word is "-", then all IP addresses are +disallowed. To allow any address, use "*". A word starting with "!" +indicates that the specified address is \fInot\fR acceptable. An +address may be followed by "/" and a number \fIn\fR, to indicate a +whole subnet, i.e. all addresses which have the same value in the most +significant \fIn\fR bits. In this form, the address may be followed +by a plus sign ("+") to indicate that one address from the subnet is +authorized, based on the ppp network interface unit number in use. +In this case, the host part of the address will be set to the unit +number plus one. +.LP Thus a secrets file contains both secrets for use in authenticating other hosts, plus secrets which we use for authenticating ourselves to others. When pppd is authenticating the peer (checking the peer's