X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fpppd.8;h=359403df549f0d1919e4e4086efda47107aa9838;hb=3f2fe49d822135c209e9896f666b748cf2234f2e;hp=be3fcab908cdb46ff5a6866434b567b17b5994d9;hpb=31b4bba68d46b38119fd8620ee09ff7f8831f4b5;p=ppp.git diff --git a/pppd/pppd.8 b/pppd/pppd.8 index be3fcab..359403d 100644 --- a/pppd/pppd.8 +++ b/pppd/pppd.8 @@ -1,5 +1,5 @@ .\" manual page [] for pppd 2.3 -.\" $Id: pppd.8,v 1.45 1999/08/13 13:42:35 johnsonm Exp $ +.\" $Id: pppd.8,v 1.51 1999/12/23 01:29:11 paulus Exp $ .\" SH section heading .\" SS subsection heading .\" LP paragraph @@ -93,17 +93,6 @@ but will be unable to request the modem stop sending to the computer. This mode retains the ability to use DTR as a modem control line. .TP -.B cdtrcts -Use a non-standard hardware flow control (i.e. DTR/CTS) to control -the flow of data on the serial port. If neither the \fIcrtscts\fR, -the \fInocrtscts\fR, the \fIcdtrcts\fR nor the \fInocdtrcts\fR -option is given, the hardware flow control setting for the serial -port is left unchanged. -Some serial ports (such as Macintosh serial ports) lack a true -RTS output. Such serial ports use this mode to implement true -bi-directional flow control. The sacrifice is that this flow -control mode does not permit using DTR as a modem control line. -.TP .B defaultroute Add a default route to the system routing tables, using the peer as the gateway, when IPCP negotiation is successfully completed. @@ -148,13 +137,14 @@ Set the MRU [Maximum Receive Unit] value to \fIn\fR. Pppd will ask the peer to send packets of no more than \fIn\fR bytes. The minimum MRU value is 128. The default MRU value is 1500. A value of 296 is recommended for slow links (40 bytes for TCP/IP header + 256 -bytes of data). +bytes of data). (Note that for IPv6 MRU must be at least 1280) .TP .B mtu \fIn Set the MTU [Maximum Transmit Unit] value to \fIn\fR. Unless the peer requests a smaller value via MRU negotiation, pppd will request that the kernel networking code send data packets of no more -than \fIn\fR bytes through the PPP network interface. +than \fIn\fR bytes through the PPP network interface. (Note that for +IPv6 MTU must be at least 1280) .TP .B passive Enables the "passive" option in the LCP. With this option, pppd will @@ -177,6 +167,17 @@ will not accept a different value from the peer in the IPCP negotiation, unless the \fIipcp-accept-local\fR and/or \fIipcp-accept-remote\fR options are given, respectively. .TP +.B ipv6 \fI\fR,\fI +Set the local and/or remote 64-bit interface identifier. Either one may be +omitted. The identifier must be specified in standard ascii notation of +IPv6 addresses (e.g. ::dead:beef). If the +\fIipv6cp-use-ipaddr\fR +option is given, the local identifier is the local IPv4 address (see above). +On systems which supports a unique persistent id, such as EUI-48 derived +from the Ethernet MAC address, \fIipv6cp-use-persistent\fR option can be +used to replace the \fIipv6 ,\fR option. Otherwise the +identifier is randomized. +.TP .B active-filter \fIfilter-expression Specifies a packet filter to be applied to data packets to determine which packets are to be regarded as link activity, and therefore reset @@ -193,6 +194,12 @@ in the expression from being interpreted by the shell. This option is currently only available under NetBSD, and then only if both the kernel and pppd were compiled with PPP_FILTER defined. .TP +.B allow-ip \fIaddress(es) +Allow peers to use the given IP address or subnet without +authenticating themselves. The parameter is parsed as for each +element of the list of allowed IP addresses in the secrets files (see +the AUTHENTICATION section below). +.TP .B bsdcomp \fInr,nt Request that the peer compress packets that it sends, using the BSD-Compress scheme, with a maximum code size of \fInr\fR bits, and @@ -205,6 +212,17 @@ Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables compression in the corresponding direction. Use \fInobsdcomp\fR or \fIbsdcomp 0\fR to disable BSD-Compress compression entirely. .TP +.B cdtrcts +Use a non-standard hardware flow control (i.e. DTR/CTS) to control +the flow of data on the serial port. If neither the \fIcrtscts\fR, +the \fInocrtscts\fR, the \fIcdtrcts\fR nor the \fInocdtrcts\fR +option is given, the hardware flow control setting for the serial +port is left unchanged. +Some serial ports (such as Macintosh serial ports) lack a true +RTS output. Such serial ports use this mode to implement true +bi-directional flow control. The sacrifice is that this flow +control mode does not permit using DTR as a modem control line. +.TP .B chap-interval \fIn If this option is given, pppd will rechallenge the peer every \fIn\fR seconds. @@ -217,6 +235,14 @@ Set the maximum number of CHAP challenge transmissions to \fIn\fR Set the CHAP restart interval (retransmission timeout for challenges) to \fIn\fR seconds (default 3). .TP +.B connect-delay \fIn +Wait for up \fIn\fR milliseconds after the connect script finishes for +a valid PPP packet from the peer. At the end of this time, or when a +valid PPP packet is received from the peer, pppd will commence +negotiation by sending its first LCP packet. The default value is +1000 (1 second). This wait period only applies if the \fBconnect\fR +or \fBpty\fR option is used. +.TP .B debug Enables connection debugging facilities. If this option is given, pppd will log the contents of all @@ -274,7 +300,7 @@ to the peer. This option is privileged. .TP .B hide-password When logging the contents of PAP packets, this option causes pppd to -exclude the password string from the log. +exclude the password string from the log. This is the default. .TP .B holdoff \fIn Specifies how many seconds to wait before re-initiating the link after @@ -320,6 +346,22 @@ Provides an extra parameter to the ip-up and ip-down scripts. If this option is given, the \fIstring\fR supplied is given as the 6th parameter to those scripts. .TP +.B ipv6cp-max-configure \fIn +Set the maximum number of IPv6CP configure-request transmissions to +\fIn\fR (default 10). +.TP +.B ipv6cp-max-failure \fIn +Set the maximum number of IPv6CP configure-NAKs returned before starting +to send configure-Rejects instead to \fIn\fR (default 10). +.TP +.B ipv6cp-max-terminate \fIn +Set the maximum number of IPv6CP terminate-request transmissions to +\fIn\fR (default 3). +.TP +.B ipv6cp-restart \fIn +Set the IPv6CP restart interval (retransmission timeout) to \fIn\fR +seconds (default 3). +.TP .B ipx Enable the IPXCP and IPX protocols. This option is presently only supported under Linux, and only if your kernel has been configured to @@ -393,6 +435,13 @@ transmitted packets be printed. On most systems, messages printed by the kernel are logged by syslog(1) to a file as directed in the /etc/syslog.conf configuration file. .TP +.B ktune +Enables pppd to alter kernel settings as appropriate. Under Linux, +pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward +to 1) if the \fIproxyarp\fR option is used, and will enable the +dynamic IP address option (i.e. set /proc/sys/net/ipv4/ip_dynaddr to +1) in demand mode if the local address changes. +.TP .B lcp-echo-failure \fIn If this option is given, pppd will presume the peer to be dead if \fIn\fR LCP echo-requests are sent without receiving a valid LCP @@ -557,6 +606,11 @@ Disable IPCP negotiation and IP communication. This option should only be required if the peer is buggy and gets confused by requests from pppd for IPCP negotiation. .TP +.B noipv6 +Disable IPv6CP negotiation and IPv6 communication. This option should +only be required if the peer is buggy and gets confused by requests +from pppd for IPv6CP negotiation. +.TP .B noipdefault Disables the default behaviour when no local IP address is specified, which is to determine (if possible) the local IP address from the @@ -569,6 +623,10 @@ Disable the IPXCP and IPX protocols. This option should only be required if the peer is buggy and gets confused by requests from pppd for IPXCP negotiation. .TP +.B noktune +Opposite of the \fIktune\fR option; disables pppd from changing system +settings. +.TP .B nolog Do not send log messages to a file or file descriptor. This option cancels the \fBlogfd\fR and \fBlogfile\fR options. @@ -656,6 +714,10 @@ the kernel and pppd were compiled with PPP_FILTER defined. Do not exit after a connection is terminated; instead try to reopen the connection. .TP +.B plugin \fIfilename +Load the shared library object file \fIfilename\fR as a plugin. This +is a privileged option. +.TP .B predictor1 Request that the peer compress frames that it sends using Predictor-1 compression, and agree to compress transmitted frames with Predictor-1 @@ -681,7 +743,9 @@ rather than a specific terminal device. Pppd will allocate itself a pseudo-tty master/slave pair and use the slave as its terminal device. The \fIscript\fR will be run in a child process with the pseudo-tty master as its standard input and output. An explicit -device name may not be given if this option is used. +device name may not be given if this option is used. (Note: if the +\fIrecord\fR option is used in conjuction with the \fIpty\fR option, +the child process will have pipes on its standard input and output.) .TP .B receive-all With this option, pppd will accept all control characters from the @@ -719,6 +783,10 @@ Handshake Authentication Protocol] authentication. Require the peer to authenticate itself using PAP [Password Authentication Protocol] authentication. .TP +.B show-password +When logging the contents of PAP packets, this option causes pppd to +show the password string in the log message. +.TP .B silent With this option, pppd will not transmit LCP packets to initiate a connection until a valid LCP packet is received from the peer (as for @@ -745,7 +813,9 @@ the \fIname\fR option). This option is not normally needed since the .B usepeerdns Ask the peer for up to 2 DNS server addresses. The addresses supplied by the peer (if any) are passed to the /etc/ppp/ip-up script in the -environment variables DNS1 and DNS2. +environment variables DNS1 and DNS2. In addition, pppd will create an +/etc/ppp/resolv.conf file containing one or two nameserver lines with +the address(es) supplied by the peer. .TP .B user \fIname Sets the name used for authenticating the local system to the peer to @@ -877,15 +947,7 @@ may use when connecting to the specified server. A secrets file is parsed into words as for a options file, so the client name, server name and secrets fields must each be one word, with any embedded spaces or other special characters quoted or -escaped. Any following words on the same line are taken to be a list -of acceptable IP addresses for that client. If there are only 3 words -on the line, or if the first word is "-", then all IP addresses are -disallowed. To allow any address, use "*". -A word starting with "!" indicates that the -specified address is \fInot\fR acceptable. An address may be followed -by "/" and a number \fIn\fR, to indicate a whole subnet, i.e. all -addresses which have the same value in the most significant \fIn\fR -bits. Note that case is significant in the client and server names +escaped. Note that case is significant in the client and server names and in the secret. .LP If the secret starts with an `@', what follows is assumed to be the @@ -893,6 +955,19 @@ name of a file from which to read the secret. A "*" as the client or server name matches any name. When selecting a secret, pppd takes the best match, i.e. the match with the fewest wildcards. .LP +Any following words on the same line are taken to be a list of +acceptable IP addresses for that client. If there are only 3 words on +the line, or if the first word is "-", then all IP addresses are +disallowed. To allow any address, use "*". A word starting with "!" +indicates that the specified address is \fInot\fR acceptable. An +address may be followed by "/" and a number \fIn\fR, to indicate a +whole subnet, i.e. all addresses which have the same value in the most +significant \fIn\fR bits. In this form, the address may be followed +by a plus sign ("+") to indicate that one address from the subnet is +authorized, based on the ppp network interface unit number in use. +In this case, the host part of the address will be set to the unit +number plus one. +.LP Thus a secrets file contains both secrets for use in authenticating other hosts, plus secrets which we use for authenticating ourselves to others. When pppd is authenticating the peer (checking the peer's @@ -1257,6 +1332,18 @@ used for undoing the effects of the /etc/ppp/ip-up script. It is invoked in the same manner and with the same parameters as the ip-up script. .TP +.B /etc/ppp/ipv6-up +Like /etc/ppp/ip-up, except that it is executed when the link is available +for sending and receiving IPv6 packets. It is executed with the parameters +.IP +\fIinterface-name tty-device speed local-link-local-address +remote-link-local-address ipparam\fR +.TP +.B /etc/ppp/ipv6-down +Similar to /etc/ppp/ip-down, but it is executed when IPv6 packets can no +longer be transmitted on the link. It is executed with the same parameters +as the ipv6-up script. +.TP .B /etc/ppp/ipx-up A program or script which is executed when the link is available for sending and receiving IPX packets (that is, IPXCP has come up). It is @@ -1354,6 +1441,11 @@ July 1994. Simpson, W.A. .I PPP in HDLC-like Framing. July 1994. +.TP +.B RFC2472 +Haskin, D. +.I IP Version 6 over PPP +December 1998. .SH NOTES The following signals have the specified effect when sent to pppd. .TP