.\" manual page [] for pppd 2.4
-.\" $Id: pppd.8,v 1.72 2003/06/11 00:11:11 paulus Exp $
+.\" $Id: pppd.8,v 1.82 2004/11/13 12:04:02 paulus Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
Pppd will ask the peer to send these characters as a 2-byte
escape sequence.
If multiple \fIasyncmap\fR options are given, the values are ORed
-together. If no \fIasyncmap\fR option is given, no async character
-map will be negotiated for the receive direction; the peer should then
-escape \fIall\fR control characters. To escape transmitted
-characters, use the \fIescape\fR option.
+together. If no \fIasyncmap\fR option is given, the default is zero,
+so pppd will ask the peer not to escape any control characters.
+To escape transmitted characters, use the \fIescape\fR option.
.TP
.B auth
Require the peer to authenticate itself before allowing network
\fBether\fR and \fBarp\fR, are not permitted. Generally the filter
expression should be enclosed in single-quotes to prevent whitespace
in the expression from being interpreted by the shell. This option
-is currently only available under NetBSD or Linux, and then only
-if both the kernel and pppd were compiled with PPP_FILTER defined.
+is currently only available under Linux, and requires that the kernel
+was configured to include PPP filtering support (CONFIG_PPP_FILTER).
+Note that it
+is possible to apply different constraints to incoming and outgoing
+packets using the \fBinbound\fR and \fBoutbound\fR qualifiers.
.TP
.B allow-ip \fIaddress(es)
Allow peers to use the given IP address or subnet without
Set the CHAP restart interval (retransmission timeout for challenges)
to \fIn\fR seconds (default 3).
.TP
+.B child-timeout \fIn
+When exiting, wait for up to \fIn\fR seconds for any child processes
+(such as the command specified with the \fBpty\fR command) to exit
+before exiting. At the end of the timeout, pppd will send a SIGTERM
+signal to any remaining child processes and exit. A value of 0 means
+no timeout, that is, pppd will wait until all child processes have
+exited.
+.TP
.B connect-delay \fIn
-Wait for up \fIn\fR milliseconds after the connect script finishes for
+Wait for up to \fIn\fR milliseconds after the connect script finishes for
a valid PPP packet from the peer. At the end of this time, or when a
valid PPP packet is received from the peer, pppd will commence
negotiation by sending its first LCP packet. The default value is
received to determine which packets should be allowed to pass.
Packets which are rejected by the filter are silently discarded. This
option can be used to prevent specific network daemons (such as
-routed) using up link bandwidth, or to provide a basic firewall
+routed) using up link bandwidth, or to provide a very basic firewall
capability.
The \fIfilter-expression\fR syntax is as described for tcpdump(1),
except that qualifiers which are inappropriate for a PPP link, such as
in the expression from being interpreted by the shell. Note that it
is possible to apply different constraints to incoming and outgoing
packets using the \fBinbound\fR and \fBoutbound\fR qualifiers. This
-option is currently only available under NetBSD or Linux, and then
-only if both the kernel and pppd were compiled with PPP_FILTER defined.
+option is currently only available under Linux, and requires that the
+kernel was configured to include PPP filtering support (CONFIG_PPP_FILTER).
.TP
.B password \fIpassword-string
Specifies the password to use for authenticating to the peer. Use
Require the use of MPPE, with 128\-bit encryption.
.TP
.B require-mschap
-Require the peer to authenticate itself using MS-CHAP [Microsft Challenge
+Require the peer to authenticate itself using MS-CHAP [Microsoft Challenge
Handshake Authentication Protocol] authentication.
.TP
.B require-mschap-v2
-Require the peer to authenticate itself using MS-CHAPv2 [Microsft Challenge
+Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge
Handshake Authentication Protocol, Version 2] authentication.
.TP
.B require-eap
.B usepeerdns
Ask the peer for up to 2 DNS server addresses. The addresses supplied
by the peer (if any) are passed to the /etc/ppp/ip-up script in the
-environment variables DNS1 and DNS2. In addition, pppd will create an
+environment variables DNS1 and DNS2, and the environment variable
+USEPEERDNS will be set to 1. In addition, pppd will create an
/etc/ppp/resolv.conf file containing one or two nameserver lines with
the address(es) supplied by the peer.
.TP
discriminator sent to the peer by pppd can be set using the endpoint
option.
.LP
-In circumstances the peer may send no endpoint discriminator or a
-non-unique value. The optional bundle option adds an extra string
-which is added to the peer's endpoint discriminator and authenticated
-identity when matching up links to be joined together in a bundle.
-The bundle option can also be used to allow the establishment of
-multiple bundles between the local system and the peer. Pppd uses a
-TDB database in /var/run/pppd.tdb to match up links.
+In some circumstances the peer may send no endpoint discriminator or a
+non-unique value. The bundle option adds an extra string which is
+added to the peer's endpoint discriminator and authenticated identity
+when matching up links to be joined together in a bundle. The bundle
+option can also be used to allow the establishment of multiple bundles
+between the local system and the peer. Pppd uses a TDB database in
+/var/run/pppd2.tdb to match up links.
.LP
Assuming that multilink is enabled and the peer is willing to
negotiate multilink, then when pppd is invoked to bring up the first
the peer and create a new bundle, that is, another ppp network
interface unit. When another pppd is invoked to bring up another link
to the peer, it will detect the existing bundle and join its link to
-it. Currently, if the first pppd terminates (for example, because of
-a hangup or a received signal) the bundle is destroyed.
+it.
+.LP
+If the first link terminates (for example, because of a hangup or a
+received LCP terminate-request) the bundle is not destroyed unless
+there are no other links remaining in the bundle. Rather than
+exiting, the first pppd keeps running after its link terminates, until
+all the links in the bundle have terminated. If the first pppd
+receives a SIGTERM or SIGINT signal, it will destroy the bundle and
+send a SIGHUP to the pppd processes for each of the links in the
+bundle. If the first pppd receives a SIGHUP signal, it will terminate
+its link but not the bundle.
+.LP
+Note: demand mode is not currently supported with multilink.
.SH EXAMPLES
.LP
The following examples assume that the /etc/ppp/options file contains
.TP
.B LINKNAME
The logical name of the link, set with the \fIlinkname\fR option.
+.TP
+.B DNS1
+If the peer supplies DNS server addresses, this variable is set to the
+first DNS server address supplied.
+.TP
+.B DNS2
+If the peer supplies DNS server addresses, this variable is set to the
+second DNS server address supplied.
.P
Pppd invokes the following scripts, if they exist. It is not an error
if they don't exist.
Process-ID for pppd process for logical link \fIname\fR (see the
\fIlinkname\fR option).
.TP
+.B /var/run/pppd2.tdb
+Database containing information about pppd processes, interfaces and
+links, used for matching links to bundles in multilink operation. May
+be examined by external programs to obtain information about running
+pppd instances, the interfaces and devices they are using, IP address
+assignments, etc.
.B /etc/ppp/pap-secrets
Usernames, passwords and IP addresses for PAP authentication. This
file should be owned by root and not readable or writable by any other
indicate a bug in one or other implementation.)
.SH AUTHORS
-Paul Mackerras (Paul.Mackerras@samba.org), based on earlier work by
+Paul Mackerras (paulus@samba.org), based on earlier work by
Drew Perkins,
Brad Clements,
Karl Fox,
Greg Christy,
and
Brad Parker.
+
+.SH COPYRIGHT
+Pppd is copyrighted and made available under conditions which provide
+that it may be copied and used in source or binary forms provided that
+the conditions listed below are met. Portions of pppd are covered by
+the following copyright notices:
+.LP
+Copyright (c) 1984-2000 Carnegie Mellon University. All rights
+reserved.
+.br
+Copyright (c) 1993-2004 Paul Mackerras. All rights reserved.
+.br
+Copyright (c) 1995 Pedro Roque Marques. All rights reserved.
+.br
+Copyright (c) 1995 Eric Rosenquist. All rights reserved.
+.br
+Copyright (c) 1999 Tommi Komulainen. All rights reserved.
+.br
+Copyright (C) Andrew Tridgell 1999
+.br
+Copyright (c) 2000 by Sun Microsystems, Inc. All rights reserved.
+.br
+Copyright (c) 2001 by Sun Microsystems, Inc. All rights reserved.
+.br
+Copyright (c) 2002 Google, Inc. All rights reserved.
+.LP
+The copyright notices contain the following statements.
+.LP
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+.LP
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+.LP
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+.LP
+3. The name "Carnegie Mellon University" must not be used to
+ endorse or promote products derived from this software without
+ prior written permission. For permission or any legal
+ details, please contact
+.br
+ Office of Technology Transfer
+.br
+ Carnegie Mellon University
+.br
+ 5000 Forbes Avenue
+.br
+ Pittsburgh, PA 15213-3890
+.br
+ (412) 268-4387, fax: (412) 268-7395
+.br
+ tech-transfer@andrew.cmu.edu
+.LP
+3b. The name(s) of the authors of this software must not be used to
+ endorse or promote products derived from this software without
+ prior written permission.
+.LP
+4. Redistributions of any form whatsoever must retain the following
+ acknowledgments:
+.br
+ "This product includes software developed by Computing Services
+ at Carnegie Mellon University (http://www.cmu.edu/computing/)."
+.br
+ "This product includes software developed by Paul Mackerras
+ <paulus@samba.org>".
+.br
+ "This product includes software developed by Pedro Roque Marques
+ <pedro_m@yahoo.com>".
+.br
+ "This product includes software developed by Tommi Komulainen
+ <Tommi.Komulainen@iki.fi>".
+.LP
+CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
+FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.LP
+THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
projects / ppp.git / blobdiff