X-Git-Url: https://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fpppd.8;h=903d69419f8de540531efc75abd06f4b85e3ce74;hp=79b5bea5c4a3fdf3220dfb158cfec8b5ad7051df;hb=HEAD;hpb=b417b79ee6e420bfaace6b987e7856713999337d diff --git a/pppd/pppd.8 b/pppd/pppd.8 index 79b5bea..3765041 100644 --- a/pppd/pppd.8 +++ b/pppd/pppd.8 @@ -1,12 +1,11 @@ -.\" manual page [] for pppd 2.4 -.\" $Id: pppd.8,v 1.90 2008/03/26 12:09:40 paulus Exp $ +.\" manual page [] for pppd 2.5.x .\" SH section heading .\" SS subsection heading .\" LP paragraph .\" IP indented paragraph .\" TP hanging label .\" -.\" Copyright (c) 1993-2003 Paul Mackerras +.\" Copyright (c) 1993-2003 Paul Mackerras .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -637,6 +636,10 @@ Set the maximum number of LCP terminate-request transmissions to Set the LCP restart interval (retransmission timeout) to \fIn\fR seconds (default 3). .TP +.B lcp\-rtt\-file \fIfilename +Sets the file where the round-trip time (RTT) of LCP echo-request frames +will be logged. +.TP .B linkname \fIname\fR Sets the logical name of the link to \fIname\fR. Pppd will create a file named \fBppp\-\fIname\fB.pid\fR in /var/run (or /etc/ppp on some @@ -687,7 +690,7 @@ network control protocol comes up). Terminate after \fIn\fR consecutive failed connection attempts. A value of 0 means no limit. The default value is 10. .TP -.B max-tls-version \fIstring +.B max\-tls-\version \fIstring (EAP-TLS, or PEAP) Configures the max allowed TLS version used during negotiation with a peer. The default value for this is \fI1.2\fR. Values allowed for this option is \fI1.0.\fR, \fI1.1\fR, \fI1.2\fR, \fI1.3\fR. @@ -756,11 +759,18 @@ will be used as the name to send to the peer when authenticating the local system to the peer. (Note that pppd does not append the domain name to \fIname\fR.) .TP +.B netmask \fImask +Set the IPV4 network mask on the PPP interface to the given +\fImask\fR, which can be given in dotted-quad notation or as a single +hexadecimal number preceded by 0x. This option is not normally +needed because the PPP interface is a point-to-point connection, but +in some specialized circumstances it can be useful. +.TP .B noaccomp Disable Address/Control compression in both directions (send and receive). .TP -.B need-peer-eap +.B need\-peer\-eap (EAP-TLS) Require the peer to verify our authentication credentials. .TP .B noauth @@ -1136,13 +1146,13 @@ The device used by pppd with this option must have sync support. Currently supports Microgate SyncLink adapters under Linux and FreeBSD 2.2.8 and later. .TP -.B tls-verify-method \fIstring +.B tls\-verify\-method \fIstring (EAP-TLS, or PEAP) Match the value specified for \fIremotename\fR to that that of the X509 certificates subject name, common name, or suffix of the common name. Respective values allowed for this option is: \fInone\fR, \fIsubject\fR, \fIname\fR, or \fIsuffix\fR. The default value for this option is \fIname\fR. .TP -.B tls-verify-key-usage +.B tls\-verify\-key\-usage (EAP-TLS, or PEAP) Enables examination of peer certificate's purpose, and extended key usage attributes. .TP @@ -1233,36 +1243,36 @@ by specifying ppp'd option \fBnic-eth0\fR. Prefix \fBnic-\fR for this option may be avoided if interface name is unambiguous and does not look like any other pppd's option. .TP -.B pppoe-service \fIname +.B pppoe\-service \fIname Connect to specified PPPoE service name. For backward compatibility also \fBrp_pppoe_service\fP option name is supported. .TP -.B pppoe-ac \fIname +.B pppoe\-ac \fIname Connect to specified PPPoE access concentrator name. For backward compatibility also \fBrp_pppoe_ac\fP option name is supported. .TP -.B pppoe-sess \fIsessid\fP:\fImacaddr +.B pppoe\-sess \fIsessid\fP:\fImacaddr Attach to existing PPPoE session. For backward compatibility also \fBrp_pppoe_sess\fP option name is supported. .TP -.B pppoe-verbose \fIn +.B pppoe\-verbose \fIn Be verbose about discovered access concentrators. When set to 2 or bigger value then dump also discovery packets. For backward compatibility also \fBrp_pppoe_verbose\fP option name is supported. .TP -.B pppoe-mac \fImacaddr +.B pppoe\-mac \fImacaddr Connect to specified MAC address. .TP -.B pppoe-host-uniq \fIstring +.B pppoe\-host\-uniq \fIstring Set the PPPoE Host-Uniq tag to the supplied hex string. By default PPPoE Host-Uniq tag is set to the pppd's process PID. For backward compatibility this option may be specified without \fBpppoe-\fP prefix. .TP -.B pppoe-padi-timeout \fIn +.B pppoe\-padi\-timeout \fIn Initial timeout for discovery packets in seconds (default 5). .TP -.B pppoe-padi-attempts \fIn +.B pppoe\-padi\-attempts \fIn Number of discovery attempts (default 3). .SH OPTIONS FILES Options can be taken from files as well as the command line. Pppd @@ -1729,8 +1739,8 @@ We failed to authenticate ourselves to the peer. Pppd invokes scripts at various stages in its processing which can be used to perform site-specific ancillary processing. These scripts are usually shell scripts, but could be executable code files instead. -Pppd does not wait for the scripts to finish (except for the ip-pre-up -script). The scripts are +Pppd does not wait for the scripts to finish (except for the net\-init, +net\-pre\-up and ip\-pre\-up scripts). The scripts are executed as root (with the real and effective user-id set to 0), so that they can do things such as update routing tables or run privileged daemons. Be careful that the contents of these scripts do @@ -1840,6 +1850,14 @@ IP addresses assigned but is still down. This can be used to add firewall rules before any IP traffic can pass through the interface. Pppd will wait for this script to finish before bringing the interface up, so this script should run quickly. +.PP +WARNING: Please note that on systems where a single interface carries multiple +protocols (Linux) ip-pre-up is NOT actually guaranteed to execute prior to the +interface moving into an up state, although IP information won't be known you +should consider using net-pre-up instead, alternatively, disable other NCPs +such that IPv4 is the only negotiated protocol - which will also result in a +guarantee that ip-pre-up is called prior to the interface going into an UP +state. .TP .B /etc/ppp/ip\-up A program or script which is executed when the link is available for @@ -1869,6 +1887,27 @@ Similar to /etc/ppp/ip\-down, but it is executed when IPv6 packets can no longer be transmitted on the link. It is executed with the same parameters as the ipv6\-up script. .TP +.B /etc/ppp/net\-init +This script will be executed the moment the ppp unit number is known. This +script will be waited for and should not cause significant delays. This can be +used to update book-keeping type systems external to ppp and provides the only +guaranteed point where a script can be executed knowing the ppp unit number +prior to LCP being initiated. It is executed with the parameters +.IP +\fIinterface\-name tty\-device speed ipparam +.TP +.B /etc/ppp/net\-pre\-up +This script will be executed just prior to NCP negotiations initiating, and is +guaranteed to be executed whilst the interface (Linux) and/or sub-interfaces +(Solaris) as the case may be is/are still down. ppp will block waiting for +this script to complete, and the interface may be safely renamed in this script +(using for example "ip li set dev $1 name ppp-foobar". The parameters are the +same as for net\-init. +.TP +.B /etc/ppp/net\-down +This script will be executed just prior to ppp terminating and will not be +waited for. The parameters are the same as for net\-init. +.TP .B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others) Process-ID for pppd process on ppp interface unit \fIn\fR. .TP @@ -2013,7 +2052,7 @@ of a fatal decompression error. (Fatal decompression errors generally indicate a bug in one or other implementation.) .SH AUTHORS -Paul Mackerras (paulus@samba.org), based on earlier work by +Paul Mackerras (paulus@ozlabs.org), based on earlier work by Drew Perkins, Brad Clements, Karl Fox, @@ -2075,7 +2114,7 @@ are met: .br (412) 268-4387, fax: (412) 268-7395 .br - tech-transfer@andrew.cmu.edu + tech\-transfer@andrew.cmu.edu .LP 3b. The name(s) of the authors of this software must not be used to endorse or promote products derived from this software without @@ -2088,7 +2127,7 @@ are met: at Carnegie Mellon University (http://www.cmu.edu/computing/)." .br "This product includes software developed by Paul Mackerras - ". + ". .br "This product includes software developed by Pedro Roque Marques ".